If you have servers, embedded systems or high end routers (or old PC’s doing those jobs) chances are that they will have a console on a serial port instead of being equipped with a display and keyboard. Even when normally you use ssh(1) or similar to log in to those machines, in debugging and rescue sessions you often want to see console messages, pull down the network interface or maybe play with the boot loader (like launching alternate kernels from within grub). You then need a null modem cable (often supplied by vendors when they use RJ45 plugs for the serial console instead of RS232) to connect the serial port of your computer to the serial console of the device.

Now you also need a program, often called a “serial communications” program, that can connect to your serial port and allow you to use your terminal as the console of the attached device. Most serial communication programs however where actually made in an era when most networking happened by using a modem —attached to the serial port— to dial up other systems. As a result of this they tend to have very heavy and bloated interfaces, giving you all sort of modem-specific functionality via a complicated interactive interface. This is where cu comes in! It is a very simple version of it: a simple command line program doing the bare minimum needed.

In it’s simplest scenario, described above, invocation is trivial:

$ cu -l /dev/ttyS0

For example this is how I connect to my home router (normally I’d use apt-get over ssh though):

flub@laurie:~$ cu -l /dev/ttyS1
Connected.

Debian GNU/Linux 4.0 balder ttyS0

balder login: root
Password:
Last login: Sun Apr 13 19:58:46 2008 on ttyS0
balder:~# apt-get update
...
balder:~# apt-get upgrade
...
balder:~# logout

Debian GNU/Linux 4.0 balder ttyS0

balder login: ~.
Disconnected.
flub@laurie:~$ 

As you can see here I used the seconds serial port (ttyS1) of my local machine (laurie) to connect to the first serial port (ttyS0) of the router (balder), which is configured to run a getty on it. This allows me to log in and do any task I want just like from any other terminal. Disconnecting is done just as in ssh by default: by typing `~.‘ just after you have typed a newline.

The above will connect you to the serial line configured as 9600, 8n1 (9600 baud rate, 8 data bits, no parity, 1 stop bit). This is most likely the default setting on the device. However as this is sometimes a little slow you might want to configure your server (or whatever the device is) to use a faster baud rate, or maybe your vendor did that already and told you in their documentation what speed to use. The speed is easily changed by another command line switch:

$ cu -l /dev/ttyS0 -s 150000

If you need to change the parity this can be achieved by using -e for even and -o for odd parity. The stop bits and data bits can’t be changed by command line switches unfortunately, but needing them seems very rare.

cu does have a fair few more options and some more commands starting with the `~‘ escape character. Most of these have to do with using modems to dial other systems however and are not applicable for null modem use. The manual page, cu(1), gives a detailed description of more advanced features.

(1) If you’re unlucky enough to not have a serial port anymore, like many modern laptops, a USB-dongle with a serial port is usually assigned to /dev/ttyUSB0.

A few weeks ago, I wrote a call for help as we were lacking material for keeping the site alive. I’m very happy to say that it was a success! We received many great articles that we’re currently drafting for publication (you have already seen some), and lots of support. You people rock!

We will be keeping the weekly schedule for now, just to be on the safe side. If the contributions keep flowing, we might be able to do twice a week posts again.

So thanks to all of you: silent readers, commenters and writers. You’re great and you are the reason and life of this site!

Sonata is a GTK+ music player, written in Python. Actually, it is an MPD client, which is it’s most important advantage. MPD is a daemon that plays your music at background (maybe on a different computer). It can use different front ends, you can use it even from command-line and it continues playing even if your client or X is crashes. Sonata takes advantage of MPD and serves it in a clean and user-friendly interface.

Sonata offers a clean interface to your music. You can choose a collapsed or expanded view. You can browse around tabs to reach your queue, play lists, library, song info or streams. The interface is customizable; you can remove unwanted tabs, playback buttons, progress bar, status bar and album cover. You can hide the main window by clicking the tray icon or by entering sonata -t into the command line —which you can bind to a keyboard shortcut to make it easier. And you can see the song changes from the notification pop-ups.

Sonata has lots of features you’d want from it. It can fetch song lyrics from Lyricwiki.org and saves them to the ~/.lyrics folder. It can “scrobble” your songs to Last.fm (you can use a daemon for that too, but it’s your choice.) You can view and search your music database from the library tab. You can edit your ID3 tags, one by one or batch. It can show album covers —both local or remote, depends on your decision—. If you click on the cover art; you’ll go to the song info where you can enlarge the image, see the lyrics and other song-related information. It also has support for listening to on-line streams.

You may think these features are just ordinary for an advanced music player, but there’s one more thing. Sonata’s interface is simple and user-friendly. Forget about the music players which you can’t use unless it’s full-screen. Sonata doesn’t cover more place than a sidebar. Think about music players with lots of features that makes it complicated. Sonata has what’s necessary. It makes listening to music enjoyable, not confusing.

You can install Sonata if you’re using Debian testing or unstable; or Ubuntu on all repositories. Sonata is currently being developed and pretty stable. Ready to make you enjoy your music!

Like many people nowadays, I use many different computers. You use your computer at work, home, school and in public places. Maybe you also got several computers at home? One thing that easy comes to annoyance is bookmarking. With different bookmarks on every computer, I’ve long searched for a good way to sync my bookmarks between browsers and operating systems. Maybe you’ve used Google bookmarks, del.icio.us or similar social bookmarking. I’ve been using Google bookmarks, and my problem arrived when I wanted a good way to view my bookmarks in the Opera web browser. The solution was to add a speed dial to http://google.com/bookmarks, which to me wasn’t very appealing to me.

Sitebar is an easy way store your bookmarks in one place. It has support for many browsers and platforms. It comes both as a service, or self installed software. The latter is my preference. The great news is that sitebar comes as a package in Debian. All you need is apache, mysql and php. Installing is as easy as apt-get install sitebar, set up a mysql database through the install wizard and then browse over to http://yourserver/sitebar/ and set up your preferences.

To get started, sitebar includes ways to import and export your bookmarks in many formats. It’s as simple as right clicking inside the bookmark area and choose Import Bookmarks. Sitebar can import the following input formats: Atom, OPML Link Type, OPML RSS Type, Opera Hotlist, Netscape Bookmark File, RDF/RSS, and XBEL. You can also select Auto, which is the easiest way.

The use of Sitebar may vary some between different browsers. For example, in Firefox several add-ons are available, and in Opera the side panel is used. That’s why the sitebar-menu will show up when right clicking the bookmarks under Firefox, but in Opera you will need to use CTRL left-click to get the same menu. As for use in Opera, I prefer getting Opera’s menu when right-clicking, which means you can open bookmarks in new tabs and such.

Adding bookmarks is simple too. You can make yourself a short cut to adding bookmarks in your browser. You could also right-click/CTRL-left-click where you want your new bookmark and then choose “Add Link”. And here comes the beauty, under “Add Link” you’ve got a button called “Retrieve Link Information” which gets title, description and icon from the web page you are adding.

After a link is added, you can email, copy, delete or edit it. There is also security features that lets you choose rights for trees and folders. User management and groups are available too. All of these functions are easy understandable.

Screenshots

Full screen shot of Sitebar in Firefox/Iceweasel

Sitebar menu

Importing bookmarks

Adding a bookmark

Creating a folder

Conclusion

Pros:

• Easy installed
• Integrated into many browsers
• Your own private bookmarks, no need for signing up some service
• No need to synchronize between browsers

Cons:

• Use vary between browsers

Sitebar has been available in Debian since at least Sarge, and in Ubuntu since Dapper.

The free software community makes games, too. Among the more well-known ones is the Battle for Wesnoth — a turn-based strategy game with a fantasy setting. It doesn’t have shiny 3D graphics or cut-scenes, but it is an interesting and original game and is fun to play.

This game is often simply called “Wesnoth”, and the package name is “wesnoth”.

A typical Wesnoth action.

Wesnoth is played on a map divided into small hexagons. Each player controls a number of units which move over the map and attack enemy units. Different units possess different abilities and weapons. An important tactical element in Wesnoth is terrain: it determines the defensive ability of the units. For example, an Elvish Fighter can defend himself better in the forest than on open grassland, so enemies are less likely to harm him in the forest. As you kill more and more of your foes, your followers advance to higher levels, improving their skills and other characteristics. Careful positioning, movement and advancement of units is the key to victory.

The game’s interface is quite nice and usable. Among other things, Wesnoth ships with a complete in-game help reference where you can find detailed information as well as general overviews.

The in-game help, complete with pictures and hyperlinks.

The game ships with a number of campaigns that pit you against an artificial intelligence (AI). Of course, you can also play against other people. There is a dedicated multiplayer server where you can compete with your friends or strangers (note that direct connectivity with your opponent is not necessary, so you can play even from behind a NAT router or similar obstructions). For users of the stable Debian distribution, there is a server at wesnoth.debian.net — it lets you play with the Debian’s version of the game even after the developers release a newer one.

The virtual “lobby” of the multiplayer server.

Wesnoth can also be expanded: you may create your own campaigns, maps, units and all other sorts of things. A special add-on service has been developed to make it easy for players to find and install such enhancements. Just connect to it, pick what you like, click a button, and you are ready to go.

The add-on installation dialog.

The game is actively developed, has a well-maintained web site and a thriving community on the forums. Wesnoth has been available in Debian since release 3.1 “sarge”, and in Ubuntu since release 6.06 “Dapper Drake”.

Once again, we urge you to help us keep this site up and running. Since February we only had three posts, far from the twice a week intended publishing rate (the one article per day idea was dropped long time ago). We desesperately need new articles to publish, remember that this site is made from the material our readers contribute, so it’s up to you to keep it running! We also need help editing articles, but that’s void if we don’t get articles to edit.

Now, we have a only couple of articles to publish, on Sunday you’ll be able to enjoy one and for now we’ll switch to a weekly rate. If things go better, we could go back to twice a week. If things don’t go better, it will be time to end the project.

Thanks for your attention, Tincho.

Article submitted by David Newgas. Guess what? We still need you to submit good articles about software you like!

I’ve always been interested in astronomy. But it was only after moving out of the city that I discovered merely by tilting my head up I could see some of the amazing things I had seen pictures of and learned about. Unfortunately, I knew very little about how to find interesting things in the sky.

This is where Stellarium comes in! Stellarium is a free/open source planetarium for your PC. It offers a splendid interface:

Many "Sky Cultures":

And beautiful graphics:

To install, just apt-get install stellarium. The user interface is easy — left-click and drag to move around, and mouse wheel to zoom in and out. Alternatively arrow keys can be used to move, and Ctrl-Up/Down to zoom. Usually Stellarium shows the stars rotating at the same speed as in reality (which is only obviously visible at high zoom). However, the controls in the bottom right corner allow time to be sped up or reversed. This is important for figuring out where objects will be in the sky.

Time shifting means that Stellarium can be used to simulate solar eclipses, comet passes and meteor showers (all of which have something which can be seen in the simulation).

The magnifying glass icon or Ctrl-F allows you to find objects. I recommend finding the especially beautiful Dumbbell Nebula, or the recently famous Comet McNaught (Hint, it is recognised as C/2006 P1).

Stellarium is beautiful to use to look at constellations. Turning on the first three toolbar options displays the constellations, their names and artwork of what they represent. In the language tab of the settings window (the spanner or "1" key) the “sky culture” can be changed, showing the constellations of the Chinese or Inuits, to name just two.

One fun thing to do is find a solar system object and press Ctrl-G. This takes you to a view from that planet, with positions and phase of other solar system objects calculated correctly.

After having a little play around with Stellarium, it#8217;s down to business. Find a little free time after dark, and before you go out, jump onto Stellarium. Set the time, date and place in the configuration window to when and where you will go out. Then find a few objects (maybe a dimmer planet like Saturn or Jupiter) with magnitude less than five (Magnitude is a negative logarithmic scale, lower numbers are brighter), and note down their positions relative to the cardinal points and nearby stars.
when you go out, try and find them! Many objects such as Orion’s Nebula or the planets can be seen with the naked eye. Charles Messier catalogued over 100 objects that can be made out with the naked eye. Try searching for M1 - M110 to find these. Binoculars or a small telescope make these more visible.

For those of you who feel like shelling out a bit of cash, Stellarium can be used to control telescopes, or even be projected onto a dome.

Have fun stargazing, both real and virtual!

Article submitted by Stevem. Guess what? We still need you to submit good articles about software you like!

On a recent vacation my laptop boot time (>4 min.) started getting on my nerves. I resolved to enjoy the vacation but fix things on my return. At home a few minutes with Google brought bootchart to my attention.

Boothchart won’t cure lengthy boot times but it will provide details about how the time is spent. Bootchart is actually two packages, bootchart, the profiler daemon to gather resource data from /proc during boot, and bootchart-view to create an image from the collected data.

bootchartd starts measuring as soon as /proc is mounted. From /proc it collects a sizeable amount of data about processes, including (in 2.6 kernels) disk utilization and throughput.

The documentation suggests to use BSD process accounting to exactly reconstruct the process tree. The CONFIG_BSD_PROCESS_ACCT_V3 feature is enabled in stock Debian kernels, so to use this, you just need to install the acct package.

I expected profiling the system boot would be complicated and I was prepared for some serious hacking to measure the process. In fact, it couldn’t be much easier.

The boot profiler is started as an option to the boot/loader kernel command line.

It works with LILO but Grub’s interactive boot makes it very simple:

1. Select your image entry from the boot menu
2. Type ‘e‘ to edit the entry
3. Append ‘init=/sbin/bootchartd‘ to the command line
4. Type ‘b‘ and you’ll be booting with bootchart profiling in effect

bootchartd starts itself and then launches /sbin/init. There’s no indication that logging is in effect, console output appears as usual. Once you login you’ll find all the boot data stored in a compressed tar, /var/log/bootchartd.tgz.

To view the data run bootchart-view. It defaults to creating a SVG image but EPS and PNG outputs are possible with the --format option.

Here’s an example of the output:

By default the chart renderer doesn’t display most child processes. If you think that level of detail will be helpful, bootchart-view has a --no-prune option. Be warned, it will create a fairly large image.

Conclusion: I still haven’t significantly decreased my boot time, many before me have tried and failed, but I discovered a clever, easy-to-use profiling tool to diagnose boot problems.

Rkhunter and chkrootkit are tools to check for signs of a rootkit. They will inspect the system they’re running on and report anomalies either through the shell or via email.

Although an attacker able to install a rootkit is likely also able to easily escape or delete these tools, not every attacker is a skilful one. Not every script kiddie knows about these tools or the way to cover its tracks. Since every single error can make the difference, on either sides, an effortless passive protection can do no harm and adds one more (maybe thin) layer of security.

Both rkhunter and chkrootkit, indeed, can be deployed quickly and require little management effort.

Installation

Thanks to apt-get, aptitude and their super cow powers, we can just go for a

$ sudo aptitude install chkrootkit rkhunter

Or go root if you’re not a sudoer. Once installed, both packages will add a cron entry and automatically execute every day.

What they do

Both chkrootkit and rkhunter use a signature-rule/filter based system: they can detect the presence of known rootkits &emdash;via files or similar indicators&emdash; and flag anomalous conditions, like interfaces entering promiscuos mode or hidden files. In fact, not unlike anti-virus programs, rkhunter and chkrootkit indeed need periodical updates.

The signature based approach is a quite simple one, something like a big grep and strings combo: it is strongly suggested to have an alternate copy of some binary (egrep and strings, just to name a couple) so that &emdash;at the very least&emdash; the aggressor has to patch them too. Obviously, mounting the disk via another machine is far more reliable, even if it won’t allow you to find modified rootkits.

Both softwares provide MD5 signature verification on known binaries, with sort of a white list approach, thus trying to ensure that none of the most important binaries were tampered with. Among others, checks performed include searching for hidden directories and scanning for promiscuous interfaces and suspicious file permissions.

So, what are the differences?

Rkhunter pros

The autoupdate feature is a very nice feature to have. You just have to run rkhunter –update and the software will update the rootkit definitions. You can control the autoupdate behaviour via the /etc/default/rkhunter file, using the CRON_DB_UPDATE parameter, which is enabled by default. This will upgrade the system binaries MD5 database and the good/bad/black list of applications and program versions.

Other features of note include the ability to use WebJob to run rkhunter in a centralized manner, thus simplyfying administration, and the colorful interactive mode you can run with rkhunter -c.

Chkrootkit pros

Chkrootkit provides a differential mode where it reports only what changed between the latest scan and the previous one. While this is a very nice feature to limit the impact of false postives, one single missed mail can make the difference, so choosing whether it should be enabled or not is an important decision.

If the whole “grep and look for signatures” stuff is not enough for you, you can root chkrootkit in expert mode, with

# chkrootkit -x

This will give you a greatly improved control on what’s going on and more verbose output, but make sure to redirect the output somehow.

Chkrootkit has a nice modular design, with subcomponents taking care of differenct aspects, like lastlog and wtmp deletions. Last but not least, chkrootkit can run without installation and from a read only media.

The big decision

Maybe now you’re wondering “which one should I use?”. My answer is simply “both of them”. There is no reason not to do that, so go for it. Chkrootkit has been available since, at least, Sarge and Dapper. Rkhunter, being newer, has been available since Etch.

Dillo is a extremely stable, fast and light web browser. Based on GTK+, you can install Dillo from apt-get or snyaptic for just about any hardware platform and window manager supported by Debian or Ubuntu. Dillo is written entirely in C for speed and compatibility and is best for tasks where being fast and frugal on memory are the highest priorities. Perfect for large image archive displays!

Dillo does not support several web protocols which helps it run faster. For example, standards compliant HTML content will be rendered correctly but do not expect the CSS, DHTML or Javascript to work correctly or at all.

Nevertheless, the version found in Debian already includes some patches that improve Dillo giving it support for: different encodings, anti-aliased fonts, frames, tabs, SSL and miscellaneous improvements. See this page for details.

A recent addition to the package, bugmeter displays the amount of HTML errors of the web page being viewed.

The project is currently looking for new developers, if interested please review the contact information at dillo.org.

Dillo has been available in both Debian and Ubuntu for many years