Monday, July 26, 2010

How to change MAC address | All about Linux

How to change MAC address | All about Linux

Saturday, July 24, 2010

Parallel Computing

Parallel Computing

parallel computing is the way of using two or more processes (with other underling infrastructure) for a computation.
These elements contains:
  1. Multiple Processors
  2. multiple Memories
  3. Interconnection Network
The operation of above elements are subject to the control by parallel Operating System Which contains special parallel algorithms for process handling.

The ultimate goal of parallel computing is to reduce the time for a computation and to facilitate computing, which requires high memory usage:
  • Achieve speed: Tp=Ts/p
  • Solve problems requiring a large amount of memory

Logical Organization:
Logical organization is referred to the way the parallel platform is viewed to application level.

Logical organization contains many control mechanisms
  • SISD-Single Instruction Single data
  • SIMD-Single Instruction Multiple data
  • MIMD- Multiple Instruction Multiple data
  • MISD- Multiple Instruction Single data


Communication model for Parallel Computing:
Its clear that when using multiple data processing units to compute a single problem, there need to be communication between the sum computations. Communication can be achieved by mainly two methods.
  • Using a shared memory
  • message passing

Friday, July 23, 2010

chandpriyankara in Launchpad

chandpriyankara in Launchpad

Social Engineering Fundamentals

Social Engineering Fundamentals,

Hacker Tactics

A True Story

One morning a few years back, a group of strangers walked into a large shipping firm and walked out with access to the firm’s entire corporate network. How did they do it? By obtaining small amounts of access, bit by bit, from a number of different employees in that firm. First, they did research about the company for two days before even attempting to set foot on the premises. For example, they learned key employees’ names by calling HR. Next, they pretended to lose their key to the front door, and a man let them in. Then they "lost" their identity badges when entering the third floor secured area, smiled, and a friendly employee opened the door for them.

The strangers knew the CFO was out of town, so they were able to enter his office and obtain financial data off his unlocked computer. They dug through the corporate trash, finding all kinds of useful documents. They asked a janitor for a garbage pail in which to place their contents and carried all of this data out of the building in their hands. The strangers had studied the CFO's voice, so they were able to phone, pretending to be the CFO, in a rush, desperately in need of his network password. From there, they used regular technical hacking tools to gain super-user access into the system.

In this case, the strangers were network consultants performing a security audit for the CFO without any other employees' knowledge. They were never given any privileged information from the CFO but were able to obtain all the access they wanted through social engineering. (This story was recounted by Kapil Raina, currently a security expert at Verisign and co-author of mCommerce Security: A Beginner's Guide, based on an actual workplace experience with a previous employer.)


Most articles I’ve read on the topic of social engineering begin with some sort of definition like “the art and science of getting people to comply to your wishes” ( >Bernz 2), “an outside hacker’s use of psychological tricks on legitimate users of a computer system, in order to obtain information he needs to gain access to the system” (Palumbo), or “getting needed information (for example, a password) from a person rather than breaking into a system” (Berg). In reality, social engineering can be any and all of these things, depending upon where you sit. The one thing that everyone seems to agree upon is that social engineering is generally a hacker’s clever manipulation of the natural human tendency to trust. The hacker’s goal is to obtain information that will allow him/her to gain unauthorized access to a valued system and the information that resides on that system.

Security is all about trust. Trust in protection and authenticity. Generally agreed upon as the weakest link in the security chain, the natural human willingness to accept someone at his or her word leaves many of us vulnerable to attack. Many experienced security experts emphasize this fact. No matter how many articles are published about network holes, patches, and firewalls, we can only reduce the threat so much... and then it’s up to Maggie in accounting or her friend, Will, dialing in from a remote site, to keep the corporate network secured.

Target and Attack

The basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud, network intrusion, industrial espionage, identity theft, or simply to disrupt the system or network. Typical targets include telephone companies and answering services, big-name corporations and financial institutions, military and government agencies, and hospitals. The Internet boom had its share of industrial engineering attacks in start-ups as well, but attacks generally focus on larger entities.

Finding good, real-life examples of social engineering attacks is difficult. Target organizations either do not want to admit that they have been victimized (after all, to admit a fundamental security breach is not only embarrassing, it may damaging to the organization’s reputation) and/or the attack was not well documented so that nobody is really sure whether there was a social engineering attack or not.

As for why organizations are targeted through social engineering – well, it’s often an easier way to gain illicit access than are many forms of technical hacking. Even for technical people, it’s often much simpler to just pick up the phone and ask someone for his password. And most often, that’s just what a hacker will do.

Social engineering attacks take place on two levels: the physical and the psychological. First, we'll focus on the physical setting for these attacks: the workplace, the phone, your trash, and even on-line. In the workplace, the hacker can simply walk in the door, like in the movies, and pretend to be a maintenance worker or consultant who has access to the organization. Then the intruder struts through the office until he or she finds a few passwords lying around and emerges from the building with ample information to exploit the network from home later that night. Another technique to gain authentication information is to just stand there and watch an oblivious employee type in his password.

Social Engineering by Phone

The most prevalent type of social engineering attack is conducted by phone. A hacker will call up and imitate someone in a position of authority or relevance and gradually pull information out of the user. Help desks are particularly prone to this type of attack. Hackers are able to pretend they are calling from inside the corporation by playing tricks on the PBX or the company operator, so caller-ID is not always the best defense. Here’s a classic PBX trick, care of the >Computer Security Institute: “’Hi, I’m your AT&T rep, I’m stuck on a pole. I need you to punch a bunch of buttons for me.’”

And here’s an even better one: “They’ll call you in the middle of the night: ‘Have you been calling Egypt for the last six hours?’ ‘No.’ And they’ll say, ‘well, we have a call that’s actually active right now, it’s on your calling card and it’s to Egypt and as a matter of fact, you’ve got about $2,000 worth of charges from somebody using your card. You’re responsible for the $2,000, you have to pay that...’ They’ll say, ‘I’m putting my job on the line by getting rid of this $2,000 charge for you. But you need to read off that AT&T card number and PIN and then I’ll get rid of the charge for you.’ People fall for it.” ( >Computer Security Institute).

Help desks are particularly vulnerable because they are in place specifically to help, a fact that may be exploited by people who are trying to gain illicit information. Help desk employees are trained to be friendly and give out information, so this is a gold mine for social engineering. Most help desk employees are minimally educated in the area of security and get paid peanuts, so they tend to just answer questions and go on to the next phone call. This can create a huge security hole.

The facilitator of a live Computer Security Institute demonstration, neatly illustrated the vulnerability of help desks when he “dialed up a phone company, got transferred around, and reached the help desk. ‘Who’s the supervisor on duty tonight?’ ‘Oh, it’s Betty.’ ‘Let me talk to Betty.’ [He’s transferred.] ‘Hi Betty, having a bad day?’ ‘No, why?...Your systems are down.’ She said, ‘my systems aren’t down, we’re running fine.’ He said, ‘you better sign off.’ She signed off. He said, ‘now sign on again.’ She signed on again. He said, ‘we didn’t even show a blip, we show no change.’ He said, ‘sign off again.’ She did. ‘Betty, I’m going to have to sign on as you here to figure out what’s happening with your ID. Let me have your user ID and password.’ So this senior supervisor at the Help Desk tells him her user ID and password.” Brilliant.

A variation on the phone theme is the pay phone or ATM. Hackers really do shoulder surf and obtain credit card numbers and PINs this way. (It happened to a friend of mine in a large US airport.) People always stand around phone booths at airports, so this is a place to be extra cautious.

Dumpster Diving

Dumpster diving, also known as trashing, is another popular method of social engineering. A huge amount of information can be collected through company

dumpsters. The LAN Times listed the following items as potential security leaks in our trash: “company phone books, organizational charts, memos, company policy manuals, calendars of meetings, events and vacations, system manuals, printouts of sensitive data or login names and passwords, printouts of source code, disks and tapes, company letterhead and memo forms, and outdated hardware.”

These sources can provide a rich vein of information for the hacker. Phone books can give the hackers names and numbers of people to target and impersonate. Organizational charts contain information about people who are in positions of authority within the organization. Memos provide small tidbits of useful information for creating authenticity. Policy manuals show hackers how secure (or insecure) the company really is. Calendars are great – they may tell attackers which employees are out of town at a particular time. System manuals, sensitive data, and other sources of technical information may give hackers the exact keys they need to unlock the network. Finally, outdated hardware, particularly hard drives, can be restored to provide all sorts of useful information. (We’ll discuss how to dispose of all of this in the second installment in this series; suffice it to say, the shredder is a good place to start.)

On-Line Social Engineering

The Internet is fertile ground for social engineers looking to harvest passwords. The primary weakness is that many users often repeat the use of one simple password on every account: Yahoo, Travelocity,, whatever. So once the hacker has one password, he or she can probably get into multiple accounts. One way in which hackers have been known to obtain this kind of password is through an on-line form: they can send out some sort of sweepstakes information and ask the user to put in a name (including e-mail address – that way, she might even get that person’s corporate account password as well) and password. These forms can be sent by e-mail or through US Mail. US Mail provides a better appearance that the sweepstakes might be a legitimate enterprise.

Another way hackers may obtain information on-line is by pretending to be the network administrator, sending e-mail through the network and asking for a user’s password. This type of social engineering attack doesn’t generally work, because users are generally more aware of hackers when online, but it is something of which to take note. Furthermore, pop-up windows can be installed by hackers to look like part of the network and request that the user reenter his username and password to fix some sort of problem. At this point in time, most users should know not to send passwords in clear text (if at all), but it never hurts to have an occasional reminder of this simple security measure from the System Administrator. Even better, sys admins might want to warn their users against disclosing their passwords in any fashion other than a face-to-face conversation with a staff member who is known to be authorized and trusted.

E-mail can also be used for more direct means of gaining access to a system. For instance, mail attachments sent from someone of authenticity can carry viruses, worms and Trojan horses. A good example of this was an AOL hack, documented by VIGILANTe: “In that case, the hacker called AOL’s tech support and spoke with the support person for an hour. During the conversation, the hacker mentioned that his car was for sale cheaply. The tech supporter was interested, so the hacker sent an e-mail attachment ‘with a picture of the car’. Instead of a car photo, the mail executed a backdoor exploit that opened a connection out from AOL through the firewall.”


The hackers themselves teach social engineering from a psychological point-of-view, emphasizing how to create the perfect psychological environment for the attack. Basic methods of persuasion include: impersonation, ingratiation, conformity, diffusion of responsibility, and plain old friendliness. Regardless of the method used, the main objective is to convince the person disclosing the information that the social engineer is in fact a person that they can trust with that sensitive information. The other important key is to never ask for too much information at a time, but to ask for a little from each person in order to maintain the appearance of a comfortable relationship.

Impersonation generally means creating some sort of character and playing out the role. The simpler the role, the better. Sometimes this could mean just calling up, saying: “Hi, I’m Joe in MIS and I need your password,” but that doesn’t always work. Other times, the hacker will study a real individual in an organization and wait until that person is out of town to impersonate him over the phone. According to >Bernz, a hacker who has written extensively on the subject, they use little boxes to disguise their voices and study speech patterns and org charts. I’d say it’s the least likely type of impersonation attack because it takes the most preparation, but it does happen.

Some common roles that may be played in impersonation attacks include: a repairman, IT support, a manager, a trusted third party (for example, the President’s executive assistant who is calling to say that the President okayed her requesting certain information), or a fellow employee. In a huge company, this is not that hard to do. There is no way to know everyone - IDs can be faked. Most of these roles fall under the category of someone with authority, which leads us to ingratiation. Most employees want to impress the boss, so they will bend over backwards to provide required information to anyone in power.

Conformity is a group-based behavior, but can be used occasionally in the individual setting by convincing the user that everyone else has been giving the hacker the same information now requested, such as if the hacker is impersonating an IT manager. When hackers attack in such a way as to diffuse the responsibility of the employee giving the password away, that alleviates the stress on the employee.

When in doubt, the best way to obtain information in a social engineering attack is just to be friendly. The idea here is that the average user wants to believe the colleague on the phone and wants to help, so the hacker really only needs to be basically believable. Beyond that, most employees respond in kind, especially to women. Slight flattery or flirtation might even help soften up the target employee to co-operate further, but the smart hacker knows when to stop pulling out information, just before the employee suspects anything odd. A smile, if in person, or a simple “thank you” clenches the deal. And if that’s not enough, the new user routine often works too: “I’m confused, (batting eyelashes) can you help me?”

Reverse Social Engineering

A final, more advanced method of gaining illicit information is known as “reverse social engineering”. This is when the hacker creates a persona that appears to be in a position of authority so that employees will ask him for information, rather than the other way around. If researched, planned and executed well, reverse social engineering attacks may offer the hacker an even better chance of obtaining valuable data from the employees; however, this requires a great deal of preparation, research, and pre-hacking to pull off.

According to Methods of Hacking: Social Engineering, a paper by Rick Nelson, the three parts of reverse social engineering attacks are sabotage, advertising, and assisting. The hacker sabotages a network, causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy.


Of course, no social engineering article is complete without mention of Kevin Mitnick, so I’ll conclude with a quote from him from an article in Security Focus: “You could spend a fortune purchasing technology and services...and your network infrastructure could still remain vulnerable to old-fashioned manipulation.” Stay tuned for Part II: Combat Strategies, which will look at ways of combatting attacks by identifying attacks, and by using preventative technology, training, and policies.

To read Social Engineering, Part Two: Combat Strategies, click here.


Ameritech Consumer Information “Social Engineering Fraud,”,3086,92,00.html

Anonymous “Social engineering: examples and countermeasures from the real-world,” Computer Security Institute >

Arthurs, Wendy: “A Proactive Defence to Social Engineering,” SANS Institute, August 2, 2001.

Berg, Al: “Al Berg Cracking a Social Engineer,” by, LAN Times Nov. 6, 1995.

Bernz 1: “Bernz’s Social Engineering Intro Page”

Bernz 2: “The complete Social Engineering FAQ!”

Harl “People Hacking: The Psychology of Social Engineering” Text of Harl’s Talk at Access All Areas III, March 7, 1997.

Mitnick, Kevin: “My first RSA Conference,” SecurityFocus, April 30, 2001

Orr, Chris “Social Engineering: A Backdoor to the Vault,”, SANS Institute, September 5, 2000

Palumbo, John “Social Engineering: What is it, why is so little said about it and what can be done?”, SANS Institute, July 26, 2000

Stevens, George: “Enhancing Defenses Against Social Engineering” SANS Institute, March 26, 2001

Tims, Rick “Social Engineering: Policies and Education a Must” SANS Institute, February 16, 2001

Verizon “PBX Social Engineering Scam” 2000

VIGILANTe “Social Engineering” 2001

Thursday, July 22, 2010

Linux shell scripts : change picture size and resolution

The following code is an easy to  use script to convert pictures to smaller size, specially before uploading to internet.
copy this script to the photo folder and cd to the directory from console; then execute (remember to chmode -a+rx) by ./scriptname

for x in $(ls)
convert -size 500 $x new-$x

Update a Linux kernel

How to Compile and Install a new Linux kernel

Compiling custom kernel has its own advantages and disadvantages. However, new Linux user / admin find it difficult to compile Linux kernel. Compiling kernel needs to understand few things and then just type couple of commands. This step by step howto covers compiling Linux kernel version 2.6.xx under Debian GNU Linux. However, instructions remains the same for any other distribution except for apt-get command.

Step # 1 Get Latest Linux kernel code

Visit and download the latest source code. File name would be linux-x.y.z.tar.bz2, where x.y.z is actual version number. For example file inux-2.6.25.tar.bz2 represents 2.6.25 kernel version. Use wget command to download kernel source code:
$ cd /tmp
$ wget

Note: Replace x.y.z with actual version number.

Step # 2 Extract tar (.tar.bz3) file

Type the following command:
# tar -xjvf linux-2.6.25.tar.bz2 -C /usr/src
# cd /usr/src

Step # 3 Configure kernel

Before you configure kernel make sure you have development tools (gcc compilers and related tools) are installed on your system. If gcc compiler and tools are not installed then use apt-get command under Debian Linux to install development tools.
# apt-get install gcc

Now you can start kernel configuration by typing any one of the command:

  • $ make menuconfig - Text based color menus, radiolists & dialogs. This option also useful on remote server if you wanna compile kernel remotely.
  • $ make xconfig - X windows (Qt) based configuration tool, works best under KDE desktop
  • $ make gconfig - X windows (Gtk) based configuration tool, works best under Gnome Dekstop.

For example make menuconfig command launches following screen:
$ make menuconfig

You have to select different options as per your need. Each configuration option has HELP button associated with it so select help button to get help.

Step # 4 Compile kernel

Start compiling to create a compressed kernel image, enter:
$ make
Start compiling to kernel modules:
$ make modules

Install kernel modules (become a root user, use su command):
$ su -
# make modules_install

Step # 5 Install kernel

So far we have compiled kernel and installed kernel modules. It is time to install kernel itself.
# make install

It will install three files into /boot directory as well as modification to your kernel grub configuration file:

  • config-2.6.25
  • vmlinuz-2.6.25

Step # 6: Create an initrd image

Type the following command at a shell prompt:
# cd /boot
# mkinitrd -o initrd.img-2.6.25 2.6.25

initrd images contains device driver which needed to load rest of the operating system later on. Not all computer requires initrd, but it is safe to create one.

Step # 7 Modify Grub configuration file - /boot/grub/menu.lst

Open file using vi:
# vi /boot/grub/menu.lst

title           Debian GNU/Linux, kernel 2.6.25 Default root            (hd0,0) kernel          /boot/vmlinuz root=/dev/hdb1 ro initrd          /boot/initrd.img-2.6.25 savedefault boot

Remember to setup correct root=/dev/hdXX device. Save and close the file. If you think editing and writing all lines by hand is too much for you, try out update-grub command to update the lines for each kernel in /boot/grub/menu.lst file. Just type the command:
# update-grub
Neat. Huh?

Step # 8 : Reboot computer and boot into your new kernel

Just issue reboot command:
# reboot

Wednesday, July 14, 2010

WebLogic Suite 11g | Oracle

The Foundation for Application Server Consolidation and Application Grid
Oracle WebLogic Suite 11g brings together unmatched performance, scalability, efficiency, and manageability in a single, unified application server offering. It is the cornerstone Java EE platform in support of application grid computing. With Oracle Real Operations Insight and Oracle Real Operations Automation, Oracle WebLogic Suite 11g dramatically reduces cost associated with diagnostics, configuration, and deployment on production servers. The Suite integrates effortlessly with other Oracle products through Oracle GridLink for RAC, Oracle Enterprise Grid Messaging, and other connection technologies to form a foundation for your entire Oracle portfolio. Oracle WebLogic Suite 11g is optimized for modern IT systems to deliver more processing on fewer servers.

Tuesday, July 13, 2010

Why Linux don't store its Password on /etc/passwd file itself....?

Well, the fact is, that actual passwords were never stored in the passwd file. At one time though, when Linux was in its infancy, you could have opened the passwd file and seen a string of gibberish in the password field. This gibberish would have been the encrypted--or more accurately--the "hashed" version of the actual password. (The difference is that an encrypted password can be unencrypted back to its original form, but a hashed password can't be unhashed.) When users create a password for themselves, the system will choose a random "salt" value to perform the hash. If two users choose the same password, the hashes will be different, since the system will use a different "salt" value for each. Since the system knows the salt values for each password, it can tell when a user enters the proper password. There were a few weaknesses to this approach, though.

First, the /etc/passwd file needs to be world-readable, so that non-root users will be able to access it when logging on to the system. If you look at the permissions settings, you'll see that it's only writable by the user, who is "root" in this case. But, since the "passwd" utility has the SUID bit set, this file is effectively world-writable, as well. That's so that non-root users can set passwords for themselves. Keeping password hashes in a file that's both readable and writable by the world just makes things too easy for intruders who would either want to run a password crack program, or who would want to surreptitiously add root accounts for themselves.

The other problem with this approach is that it uses a rather outdated, weak hash algorithm. The "3DES" algorithm is relatively easy to crack with modern computers, and it limits passwords to a length of only eight characters. (Having to use shorter passwords also makes system more susceptible to "brute force" attacks.)

Nowadays, just about every Linux
distro you come across will use not only the /etc/passwd file, but also the /etc/shadow file. This approach solves both of the above problems.

Unlike the passwd file, the shadow file is only readable and writable by root. So, storing the password hash in shadow, instead of in passwd, makes an intruder's job somewhat harder. (When a user logs on to the system or creates a password for himself, he'll still need non-root access to the passwd file. However, the Linux system acting as a proxy for the root user, will access the shadow file.)

Also, by using the shadow file method, the system is no longer limited to using the 3DES hash algorithm. Most systems now use the MD5 algorithm by default. MD5 makes for a stronger hash, and it doesn't limit passwords to any certain length. So, you have both an algorithm that's harder to crack, and a longer password that's less likely to be cracked by brute-force.

Here's another benefit of using the shadow file. . .

Security experts recommend that users change their passwords on a regular basis. Most users won't do that on their own, but you can force them to by setting expiration dates. The shadow file contains a field to hold expiration date information, but the passwd file doesn't.

Monday, July 12, 2010

Partition mounting in Linux

Permissions and Ownership on NTFS Partitions

The NTFS filesystem does not support Linux permissions or ownership per se. You can't successfully change ownership with the Linux command chown and you can't successfully change permissions with the Linux command chmod. Ownership and permissions are set only in the mount command.
The permissions and ownership properties that are available for NTFS under Linux are not written into the individual files to be retained when the filesystem is unmounted or the computer is turned off. Permissions and ownership obtained under Linux are temporary artifices imposed via the mount command and maintained temporarily by the operating system. They are transient properties that last only until the NTFS partition is unmounted.
Fnd and examine your NTFS partitions
You use commands in a console/terminal window to see the NTFS partitions that are sensed by the kernel and to show which (if any) of those partitions are mounted
The fdisk command can list partitions, like so:
sudo /sbin/fdisk -l
Look for the lines contining "NTFS" in the output, like this one from my computer:
/dev/sdb1 * 1 1306 10490413+ 7 HPFS/NTFS
That identifies an NTFS partition on device sdb1, the first partition on the second internal drive.
If it's mounted, you'll see it in the response to the console command df -Th which shows the usage and locations of all mounted partitions. Look for lines containing the Type fuseblk:
chand@chand-Laptop:~> df -Th
Filesystem Type Size Used Avail Use% Mounted on
/dev/sdb1 fuseblk 80G 27G 53G 34% /media/disk
That shows my NTFS partition at sdb1 has a size of 80Gb of which 27Gb are used and 53Gb are free/unused and that my NTFS partition is mounted in the folder "disk" at /media/disk.
You can also see your NTFS partitions in the GUI viewers. KDE users look in the "My Computer" link on the Desktop. Gnome users look in Gnome's Nautilus under the Computer --> Filesystem icon. Partitions are also viewable in Yast --> System --> Partitioner.
Treatment of NTFS partitions during installation of openSUSE
The openSUSE installer program detects all internal NTFS partitions and suggests to you that they be mounted in directory /windows, with sub-directories labelled C, D, E and so on, one for each NTFS partition. Thus the first will be mounted in directory /windows/C, the second in /windows/D and so on. If you accept the defaults, you will later find your NTFS partitions (and any FAT partitions) mounted in those directories.
Any internal NTFS partitions that you create or add after installation of openSUSE will not be mounted for you and you'll have to mount them yourself as shown below.
These default mounts in openSUSE are controlled by entries in the filesystem table, a text file called fstab located at /etc/fstab. Here's an example of an entry from my fstab file for an NTFS partition on partition 1 of the first drive (all on one line):
/dev/disk/by-id/ata-WDC_WD5000BEVT-60ZAT1_WD-WXN509S27952-part1     /windows/C     ntfs-3g users,gid=users,fmask=133,dmask=022,locale=en_US.UTF-8 0 0
The first string /dev/disk/by-id/ata-WDC_WD5000BEVT-60ZAT1_WD-WXN509S27952-part1 specifies the partition to be mounted by its ID code. You have the option to specify it by device (in this case sdb1) instead of by the ID code. The second string /windows/C is the path to the mount directory. The third string specifies the driver to be used: ntfs-3g. The fourth string users,gid=users,fmask=133,dmask=022,locale=en_US.UTF-8 lists the options to apply to the mount. In short, these options (selected by the openSUSE developers) give read-only access for normal users and read-write access for the root user. Note: option users doesn't work; it's a developers mistake; ignore it. The final string 0 0 is an admin string; ignore it.
Many users, if not most, prefer to have write access to the NTFS partitions. That simple adjustment is covered in the next paragraph.

Allowing write access to the read-only mounts created during installation
I mentioned above that the default installation leaves normal users with read-only access to their partitions. It's a simple adjustment to make the drives writeable. You change the options string to it's simplest form, from this:
to this
The file fstab is a text file and the easiest way to alter a text file is with a text editor. Open a console window and enter one of the following commands to open the file for editing:
Gnome users: gnomesu gedit /etc/fstab
KDE users: kdesu kwrite /etc/fstab
And replace the long options with these: defaults,locale=en_US.UTF-8. If you find a locale option that differs from locale=en_US.UTF-8, keep your locale option.
That was the quick fix for giving write permissions to partitions mounted read-only by the openSUSE installation program. There are other options for mounting NTFS partitions and these are covered below.
Mounting NTFS partitions permanently (with a line in fstab)
This section is for NTFS partitions that aren't already permanently mounted. If your partition was already automatically mounted during installation of openSUSE and all you want is to allow write access to it, read the sections above to make it writeable.

Tip #1: in most cases we don't have to use the locale= option. I'm going to leave it out from now on.
Suppose that you want to mount a partition permanently in a folder you create for it (e.g. mount_point), located anywhere you like in your filesystem, say at /path_to/mount_point.
To mount your NTFS partition permanently, add your version of the following line into the file system table, fstab. [and leave the last line in the file as a blank line.] Recommended option for world-writeable mount:
/dev/sdb1    /path_to/mount_point    ntfs-3g    defaults    0 0
When you reboot, the partion will mount into the folder /path_to/mount_point with permissions drwxrwxrwx, i.e with read/write access for everybody, in the style of Microsoft's insecure filesystems.
Here's an alternate option for fstab: If you want the permissions to be linux-like, you can specify a particular owner for the mount folder and its contents with this sort of line in fstab:
/dev/sdb1    /path_to/mount_point    ntfs-3g    uid=1000,gid=100,umask=0022    0 0

Tip #2: The numerical form above appears all over the net, but I've found that names work just as well so I recommend using names for openSUSE versions 11.x because it's much simpler:
/dev/sdb1    /path_to/mount_point    ntfs-3g    uid=chand,gid=users,umask=0022    0 0
In this example the "umask" with octal value 0022 produces permissions drwxr-xr-x on folder mount_point, for the owner=chand (1000) group=users (100), just like normal openSUSE user permissions. If you change the umask option to umask=0027, the permissions become drwxr-x--- and only suzette can read the mount's contents.

[Tip #3: If you want to find a user's UID & GID, run the terminal command: id chand]
Mounting NTFS partitions temporarily (using the command line)
 First you must create a directory where the partition will be mounted. This is called the mount point. For example, we'll use the directory "mount_point" located at /path_to/mount_point. It doesn't matter who owns the directory or what the permissions on it are before the mount is created, because these are automagically replaced (in the moment of mounting) by ownerships and permissions contained in (or implied in) the mount command.

Second you must know the details of your NTFS partition. Use the sudo /sbin/fdisk -learlier example we got this result revealing sdb1: command to look at your disks. In our
/dev/sdb1 * 1 1306 10490413+ 7 HPFS/NTFS
Then you can use this mount command to make the partition writeable for all users:
mount -t ntfs-3g   /dev/sdb1   /path_to/mount_point
When you execute the mount, the mount point automagically assumes these properties: user = root, group = root and permissions = drwxrwxrwx. This give write access to everyone.
If you prefer the partition to belong to a particular user, e.g. chand with UID=1000 and GID=100, then use this version:
mount -t ntfs-3g   -o uid=1000,gid=100,umask=0022   /dev/sdb1   /path_to/mount_point
Tip #2: The numerical form above appears all over the net, but I've found that names work just as well so I recommend using names for openSUSE versions 11.x because it's much simpler:
mount -t ntfs-3g   -o uid=chand,gid=users,umask=0022   /dev/sdb1   /path_to/mount_point
In this example the "umask" with octal value 0022 produces permissions drwxr-xr-x on folder mount_point, for the owner=chand, group=users, just like normal openSUSE user permissions. If you change the umask option to umask=0027, the permissions become drwxr-x--- and only suzette can read the mount's contents.

[Tip #3: If you want to find a user's UID & GID, run the terminal command: id chand]
 External (USB) NTFS partitions now automount with read-write access

OpenSUSE from version 11.1 inclusive:
The openSUSE devs arranged for external (USB) NTFS partitions to automount read-write with permissions drwxrwxrwx beginning version 11.1. Prior to that the automount was read-only. See the next paragraph for earlier releases.
OpenSUSE pre version 11.1: When you plug a USB NTFS drive into openSUSE it automounts read-only by design of the openSUSE developers. If you want it mounted read-write, you can either unmount it and then remount it using one of the CLI commands I've outlined above or you can change the system default way of automounting NTFS drives so they will always automount read-write. To do that you essentially put a link into the directory /sbin that redirects the automount process to the ntfs-3g driver. The following command will create the permanent adjustment:
sudo ln -s /sbin/mount.ntfs-3g /sbin/mount.ntfs
If at some later stage you want to revert back to the default of automounting USB drives read-only, simply delete the link mount.ntfs (located at /sbin/mount.ntfs).

Appendix: Bits and Pieces
The locale option: If the partition contains files with a national character set that has not been set (by the operating system) before the partition is mounted, those files can be invisible and appear to have vanished; very disconcerting. Setting the locale option can render them visible again; e.g. add locale=en_US.UTF-8 for us English, utf8 or locale=cs_CZ.utf8 for Czech, etc. To see them all on openSUSE enter this command in a console: locale -a. Most people do not need to include the locale option.

Failed mounts -- The "force" option (obsolete from openSUSE 11.2 onwards): If the partition is unmounted in a disorderly fashion, e.g. power failure, unmounted improperly by a user, etc, then the so-called "dirty" bit remains set and a consistency check (e.g. by booting to Windows and running chkdsk) is needed before the drive can be mounted again. You can bypass this requirement by including the force option. Just add the word force into the comma-separated list of options in your mount instructions.

Commencing openSUSE 11.2 the force option was superceded in the ntfs-3g driver by the recover and norecover options. The default is the recover option, so you don't have to explicitly include it. The option causes an attempt to recover and repair a corrupted or inconsistent NTFS volume if possible. See the man pages.

Failed Mounts -- Resetting the "dirty" bit in windows: Sometimes you get a message like this one beginning "$LogFile indicates unclean shutdown. Mount is denied because NTFS is marked to be in use.......". These are symptomatic of disorderly processes previously interrupting a clean dismount or shutdown. If you have Windows (2000 or higher) installed or handy, boot the drive in that and allow Windows to right the situation either automatically by running a consistency check on booting or by running chkdsk /f yourself from the command prompt. Alternatively you can run chkdsk /p from the repair facility after you boot from the Windows install CD and run to the end where you select to repair the installed system.

The GUI application ntfs-config:
openSUSE comes with the RPM ntfs-config, although it's not installed by default. You have to start it with this command in a console issued as root (enter su first): ntfs-config. It brings up a GUI that shows all your NTFS partitions and allows you to mount them as read-only or as read-write filesystems with simple one-click actions. You should not use this application on external drives because ntfs-config writes an entry to fstab for a permanent mount. If you reboot with that entry still remaining in fstab, you will have an error situation that will prevent booting to a Desktop Manager if the USB drive is not powered on when next you reboot. I recommend against installing or using this application for external drives because it's obsolete IMO.

Table for umask, dmask, fmask:With regard to the Linux-like permissions you get when you use the umask=xxxx option, you may adjust adjust the folder, document or user permissions quite widely. You should read the man pages. Check out the umask, dmask and fmask options. Here's a handy little table of octal permissions to use for directory permissions:
  • owner=rwx group=rwx other=rwx; i.e for drwxrwxrwx use umask=0000
  • owner=rwx group=rwx other=r-x; i.e for drwxrwxr-x use umask=0002
  • owner=rwx group=rwx other=---; i.e for drwxrwx--- use umask=0007
  • owner=rwx group=r-x other=r-x; i.e for drwxr-xr-x use umask=0022
  • owner=rwx group=--- other=---; i.e for drwx------ use umask=0077

Thursday, July 8, 2010

Route Summarization

Some people get really confused when it comes to route summarization, probably more so with the different names given to it:

Route Summarization
Aggregate Address
Summary Address

What is summarization?

The process of taking a range of IP addresses and advertising them in one address block. The most well-known summarization/supernet is the RFC1918 Class B Range. More commonly we know the range to be -, however the supernet is You see what has happened there? We've taken a range of addresses and squashed it into one advertisement.

What are the benefits of summarization?

Quite clearly, if we have just one address instead of lots of individual addresses then the routing table is going to be smaller. This in turn means that memory requirements are reduced.

The less obvious benefit is that summarization means you're tracking whether or not you're connected to some subnets of a summary, not the up/down state of every link. Thus when the link goes up or down, you don't have a flurry of traffic announcing the state change.*

How to summarize/supernet?

This is what you really want to know isn't it? Well it's dead simple.

The first method shows you the long way.

1. Starting from the left of the IP address, identify the first octet that has a change of address in it. For example, the Class B RFC1918 range, the IP address first changes in the second octet (i.e. 172.16.x.x - 172.31.x.x).

2. Write out the binary equivalent of the address up to and including the changing octet. So for example the range above is:

10101100.00010000 = 172.16
10101100.00010001 = 172.17
10101100.00010010 = 172.18
10101100.00010011 = 172.19
10101100.00010100 = 172.20
10101100.00010101 = 172.21
10101100.00010110 = 172.22
10101100.00010111 = 172.23
10101100.00011000 = 172.24
10101100.00011001 = 172.25
10101100.00011010 = 172.26
10101100.00011011 = 172.27
10101100.00011100 = 172.28
10101100.00011101 = 172.29
10101100.00011110 = 172.30
10101100.00011111 = 172.31

3. From this list, count from the left how many bits are the same in each address. If we look at it we see that the first 12 bits for each address is the same so that gives us our mask in slash notation. We therefore start at our first address and append our mask so the summary address is

Well that was quite simple. But can we be quicker? Yes we can is the good news, after all, you don't want to eat up time in the exam by writing out addresses in binary. So here goes:

1. How many subnets are in the range? The RFC1918 Class B range is 16 subnets.

2. What power of 2 equals our range? 16 subnets = 24 so the answer is four.

3. Subtract the figure from step 2 from the default mask of our address range. In this example our default mask is 16 so the mask after subtracting 4 is /12.

4. Add this mask to the first address in the range - in this example

Quick, eh? This is how it works in my head, "mmmm, 16 addresses, 2 to the 4 is 16, mask is 16, minus 4 is 12, so summary address must be first address with /12 mask."

One last example:

Summarise the following:

There are 4 subnets. 2 to the power of 2 gives us 4 so default mask of 24, minus 2, gives us /22. Address is therefore

More difficult supernetting question

There are, however, a few pitfalls with supernetting/summarization. Sometimes you may not be able to get all of the addresses into a supernet without wasting addresses. Experience with supernetting questions will help you to identify this. An example below shows you how this could happen:

You need to summarize the following range:

What summary address should you use? Well there's 10 subnets. 2 to the power of 3 only gives us 8 subnets which is too small so we need to look at 2 to the power of 4 which is 16. The problem is that if we count in 16s our addresses straddle two subnets: to and to We have the same problem if we use the power of 5 giving us a range of 32 addresses ( is in a different subnet than the other addresses in the range). We therefore have to go out to 2 to the power of 6 = 64 in order to get all of our addresses in the range (i.e. to What a waste of address space!!

The best answer is the following:

Break the space down into three ranges. We can summarize to with 3 bits (i.e. there are 8 subnets and 2 to the power of 3 is 8). We simply leave the other two address as they are. We have therefore avoided any wasted address space.

If you are unsure that you have the correct answers why not download a subnet calculator to double-check your answers? There is a great one by 3Com and can be downloaded from here.