[Ilugc] Minutes of the meeting
- From: linuxmani@xxxxxxxxxxxxx (Mani)
- Date: Mon, 16 Sep 2002 00:28:07 -0600
u really did a great job.it was me who gave the small talk on Halted firewall
and there is a small correction in ur minutes,
u had written
"Therefore we effectively have the daemons
FTP/SQUID/? running at runlevel 0/6."
this is not possible in that state as all the filesystems are unmounted.FTP ,
SQUID are userpace apps .In that state the box will act as a forwarder and u
can do all sorts of firewalling
Thanx once again
From: "Natarajan" <natarajv@xxxxxxxxxxxxxx>
Date: Sat, 14 Sep 2002 20:11:32 +0530
Subject: [Ilugc] Minutes of the meeting
I am trying to get some kind of minutes for the Linux Users? Group Meeting held
on 14th Sept, 2002, at Aero Space Dept, IIT Chennai. Any inconsistencies/errors
may please be corrected.
Today?s meet was very punctual. When I walked into the room, finally, at 3:05,
Prabhu was giving an introduction of himself. Today?s meeting was attended by
roughly around 20 people, with many ?freshers?. Of course, there were a few
late comers. This includes an exchange student at IIT, from Sweden (a Mac user,
who failed in his repeated attempts to install Linux on his Mac.), and a
gentleman distributing a small brochure on kalCulate (an accounting package for
exclusive Linux) and a few others.
->Mr Bharath gave a beautiful extempore speech on his project of Linux in
->Then someone gave a small talk or information sharing on securing Linux
Firewalls making as good as hardware firewalls.
->It was Prabhu?s turn to introduce us to a beautiful utility for firewalls,
->Finally Prabhu is offering to step-down.
->There was this discussion on promoting iLUGc to the greater masses.
SUSTAINABLE INTERNET ACCESS FOR RURAL AREAS (SIARA???).
Bharath is in a very innovative and noble project of bringing computers and
internet to the reach of rural India. Basically, we are looking at a computer,
running on a local Indian Language, and at rock bottom price. The typical
target is a second hand old motherboard with a TV out, and a regular TV acting
as a monitor, amounting to a price of around Rs 4000/-.
Having squared onto G/Linux, as the operating system, for obvious reasons,
there was this problem of delivering it in Indian languages. It had two major
Making it for the text console, and
Making it for the X Windows System.
Note: Those who have used iLeap by CDAC-GIST might get a feel of what Mr.
Bharat and his team are trying to achieve. But the difference, is they are
trying to make it universal (for the OS) instead of being particular
program/application. A similar project is underway (in terms of Indianization),
at IIT itself, but at application level (refer http://acharya.iitm.ac.in for
The grater challenge was to make it encoding independent and font independent.
This is done by using suitable maps. Initially, this done using the ISCII codes
as developed by CDAC. It can be extended easily for any code TSCII/Unicode, by
suitably changing the map.
Making it for the console is done at the kernel level, so that all applications
will work on Indian languages, without changing the applications (or with
little changes to the text strings). This is done at three stages in the
kernel. The input, the console (output) and the third one I forgot which.
When we speak of giving access in Indian languages, we are talking about a
minimum of 15 languages, and more often, these should be transliterate-able
without any difficulty. The greater challenge is that in Indian languages, a
consonant and a vowel may lead to either half or one or two or three glyphs.
Glyphs are just images/pictures of the text, as being rendered on the screen. A
classic example as given by the speaker was the example of the Tamil letter KO,
which is formed with the consonant KA along with O, but translates to three
glyphs. Similarly in Telugu, we have 5 different glyphs for KA alone. In Hindi
and Sanskrit, we may have two or three letters combining to form a single glyph.
What these people are doing is, they are trying to store each and every
character as a combination of two bytes. The first part being the ASCII part
and the second part is the ISCII part. The letters are stored phonetically, and
are changed into the particular language only during the display. This gives us
the flexibility of transliteration without any difficulty.
At the input level, whenever a key is pressed, the code is parsed by
finite-state-automata, and the corresponding glyph is displayed/stored.
For example, pressing K might display KA in Tamil first, and then if we press
O, it may change to KO (three glyphs). All this is done using the finite state
Whenever the backspace or delete keys are pressed, the glyph being displayed
under the cursor is read from the video memory, and the character being
displayed is recogonized, and suitable action is taken.
For example, if KO (in Tamil ) is displayed and backspace is pressed, we should
get KA. (which means deletion of two glyphs, before and after KA. This is done
by using reverse finite state automata. There was a small debate on why there
should be two different automate. But the funda is that while keying in, key
codes are being translated (using a map), to glyphs, and in the later case,
different glyphs are translated back to keys, and the cycle goes on.
Thus these people have succeeded in making this thing work on the console. They
have even made small changes to the text strings inside PINE ( a popular email
program), and have given it in Indian language. There are ofcourse some
problems of refreshing, which is minor.
As of the X Windows thing is concerned, there are three major parts in the
The X Server
Here we are trying to modify the Libraries, so that the applications can work
without any modifications. The difficulty here is that, we cannot read the
cursor position at all, and hence, we can not know what character is being
displayed under the cursor. At the library level, the cursor is just a LINE
DRAW function, and we will never know if it is being called for drawing the
cursor or for something else. More over, only the X Server knows to which
window the text is being written into (using a display structure). Thus we have
this huge problem of backspace and delete as explained earlier. They are now
trying to get on to something known as XIM and XOM (X input Method and X Output
Method). The process is yet to start off. Since they have a deadline to give a
demo by next week, they are using a different approach for now.
Here, the input is taken by the X Server, and the key code is converted into
different glyphs by the library, and sent to the application using
simulated/mock inputs (not very clear about the terminology). But when the user
presses back space/ delete, only particular glyphs will be deleted, which won?t
look very nice, but for time being, works fine.
The input options available are inscript, typewriting and phonetic, the typing
sequence has to be chosen earlier itself.
Thatz all I remember about the first talk. It was an excellent one, and more
interesting as it was extempore. The knowledge of the subject by the speaker
RUNNING PROGRAMS IN RUN LEVEL 0/6
Then came a small talk for a few minutes, on running applications at run level
0 and run level 6.
What happens when we change to run level 0/6 is that all the scripts with the
first letter as K in the /etc/initd directory (not very sure about the exact
directory), are executed. So we have something like kinitd, kipchains etc?
These scripts are responsible for shutting down the specific services.
Therefore, if we rename these scripts, these services wont be shutdown. But
there wont be any more userspaces/disk access. Therefore we effectively have
the demons FTP/SQUID/? running at runlevel 0/6. which makes the firewall as
good as a hardware firewall. As there are no user accesses, (not even PPP), the
system becomes highly secure. Well there was this debate of having a diskless
system/ booting of a CD/? There was also a debate on compatability of the said
procedure on kernel 2.2 and 2.4.
Then Prabhu gave a talk on LIDS for linux. LIDS stand for Linux Intrusion
Detection System. He had previously installed LIDS in the IIT network. The need
for LIDS came when he installed a firewall on the mostly locally mis-configured
IIT network. He installed a firewall at his department, which connected to rest
of the IIT, the internet and the department within. Thus the firewall was open
to three networks, and so had to be made secure.
LIDS is a highly secure, and badly documented, system, which is installed as a
wrapper over the kernel. Installing LIDS may be a pain, but that is the kind of
price you pay for getting such a secure system.
The G/Linux kernel basically gives around 32 capabilities for the user (root in
particular). The capabilities of root are the main source of convenience for
hackers. (administrators headache). LIDS basically denies most of the
capabilities, and says, only specific programs have specific capabilities, and
A brief account on installing LIDS includes getting the LIDS tar-ball, the
patches, and patches for the patches, (search the internet/user groups as much
as possible), then the kernel has to be patched, and compiled. Before rebooting
into the new kernel, LIDS should be configured. If you fail to do this, LIDS
will never allow you to do anything, including logging in.
Installing LIDS creates a directory /etc/lids
It has the following files
The lids.conf file is created automatically, and if you are not insane, do not
touch this file.
The lids.pw file is the password file, and stores the lids password using some
MD180 RIPE or something like that. The password is first entered while
compiling LIDS, and without this, you cannot do anything. Even if a hacker
manages to get root access, and get to this part of the kernel, he needs to
have the LIDS password for hacking further.
After this, each program should be given restrictions and exceptions, telling
which programs should do what, and nothing else. The default is none is allowed
to access nothing else. For example we can say that only LOGIN can do SU, and
SSHD can use BIND, which in turn can use port 22 only, and so on? The
permissions specified may also specify up to which level (number of child
process) that inherit the privileges. All these options are done using lidsconf
command. The command is well documented, and more help may be provided by
Prabhu, provided he is free.
What if, you need to use the system without the restrictions of LIDS? For this
we have the LFS ? LIDS Free Zone. This is entered by using lidsadmin (with some
options), and entering the LIDS password. The beauty is that, the programs that
you run in the LFS have all root access. But the child processes wont have any
We can hide particular directories/ users/services etc? using LIDS. The LIDS
directory itself becomes invisible.
For this reason, some modifications should be made to all startup scripts to
stop using the /etc directory to write logs, and change link /etc/mtab to /proc
filesystem, and so on? Else u r doomed :P. More info on this may be accessed
from LIDS.ORG, and also from Prabhu (if he is free).
PRABHU WANTS TO STEP DOWN:
Finally Prabhu declared that he wants to step down as the coordinator of LUGC.
(How sad?) He is too tired of being the coordinator and keeping things going
and arranging things for the past four years. He finds it difficult as other
priorities such as completion of his PhD have greater priority. He welcomes
people, young blood, to take up the position. Of course he will be in the
mailing list and will be attending the meetings, but not so regularly. He will
surely help us in getting some room for the meeting in IIT. Any takers???
There were these new comers to the meeting, who had come to know about ilugc,
only within a week earlier. They were given a brief history of iLUGc, and they
were actually here for that scheduled talk that got cancelled.
There was this new gentleman (sorry don?t remember the name) who was wondering
if iLUGc could be made more active, by focusing on more ?practical? stuff, and
more commercial interest being included.. and so on. He said, he is not very
clear, and he will give his suggestions in due course. He also wanted to have a
system, an accounting system, on the same lines of the railway booking
terminals. Dumb terminals, running Linux at the server, and having no fear of
viruses. He is open for all modes of getting it done. commercial /
personalized/ GNU software (if any, already).
There was also a small discussion on the capabilities of DEB and RPM and the
powers of the same. The discussion was mooted by Debian fans Prahu, Karra and
Mr. Bharath wanted to know if there are any lightweight office
applications/word processor that would run on FVWM/TWM, without KDE/GNOME. He
wants to add the same to his ?rural computer?. Any suggestions?
This is all that I remember. If any
modifications/omissions/inconsistencies/changes/? are there, please intimate
Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
Change the way you talk. Indiatimes presents "Valufon", Your PC to Phone
service with clear voice at rates far less than the normal ISD rates. Go to
http://www.valufon.indiatimes.com. Choose your plan. BUY NOW
Other related posts: