news@UK

The newsletter of the UK Unix Users Group
Volume 11, Number 2
May 2002


UKUUG Secretariat Jane Morrison
UKUUG's Linux Developers' Conference comes to Bristol UKUUG Secretariat
Call for Participation: LISA/WINTER CONFERENCE - February 2003
LPI Certification at the Bristol Conference Roger Whittaker
BSD News Sam Smith
FreeBSD 4.6 DVD Offer Sam Smith
Book review: "Web Design in a Nutshell 2nd Edition" reviewed by Lindsay Marshall
Book review: "Web Database Applications with PHP and MySQL" reviewed by Mike Smith
Book review: "Building Wireless Community Networks" reviewed by Lindsay Marshall
Book review: "Hardening Cisco Routers" reviewed by Raza Rizvi
Book review: "System Performance Tuning 2nd Edition" reviewed by Mike Smith
Book review: "Perl for Web Site Management" reviewed by Mike Smith
Book review: "Solaris 8 Administrator's Guide" reviewed by Joel Smith
Book review: "Palm OS Programming - 2nd Edition" reviewed by Richard Ibbotson
Book review: "Programming C#, 2nd Edition" reviewed by Peter Waller
Book review: "Using SANs and NAS" reviewed by Virantha Mendes
Book review: "Malicious Mobile Code: virus protection for Windows" reviewed by Lindsay Marshall
The Single UNIX Specification, Version 3 Andrew Josey
Contacts

UKUUG Secretariat

Jane Morrison

Another busy time for UKUUG. Since March we have been concentrating on bringing the details together for the Linux 2002 Developers' Conference (Bristol, 4th - 7th July).

The speakers are now in place and delegate bookings are arriving each day. Don't forget if you wish to take advantage of the special early booking Conference fee you must book by 31st May.

The next event for your diaries is the UKUUG Annual General Meeting which will be held this year on Thursday 26th September at the Institute of Education, London at 6.00 p.m. Further details, Agendas etc. will be sent to you automatically.

The next Winter Conference is planned for February 2003 at a venue within 50 miles of central London. Do you have proposals for a suitable venue? Please email the Secretariat with any suggestions you may have.

UKUUG Secretariat
PO Box 37
Buntingford
Herts SG9 9UQ
Tel: 01763 273475
Fax: 01763 273255
office@ukuug.org www.ukuug.org


UKUUG's Linux Developers' Conference comes to Bristol

UKUUG Secretariat

4th July - 7th July 2002

Once again, a wide cross-section of the Linux development community will gather at the start of July for the UK Unix User Group's summer technical conference.

The conference moves about the UK from year to year: in 2002 we're visiting Bristol; in 2003, Edinburgh.

Speakers from nine countries will present their work, forming our largest programme to-date.

We begin on Thursday 4th July with tutorials on Shared Libraries, given by Ulrich Drepper, the glibc maintainer, and the Linux Terminal Server Project, given by the project's founder, Jim McQuillan.

After a Linux printing workshop on Friday morning (CUPS/KDEPrint), the conference proper begins at lunchtime and runs through to Sunday lunchtime.

Highlights of the programme include: The Linux Kernel (Marcelo Tosatti, 2.4 maintainer)
glibc2.3 (Ulrich Drepper)
The Hurd (Marcus Brinkmann)
Valgrind (Julian Seward)
Linux on AMD's Hammer architecture (Bo Thorsen)
Zope 3.0 (Stephan Richter)
Linux-ABI (Christoph Hellwig)
MySQL (David Axmark)
Dynamic Binary Translation (Mark Probst)
Free Telephony (David Sugar)
FreeDCE (Luke Leighton)
Bugzilla (Gerv Markham)
Emdebsys (Wookey)
RT (Simon Myers)
Gnome 2.0 (Michael Meeks)
Subversion (Sander Striker)
DotGNU (David Sugar)
MathMap (Mark Probst)
Exim 4 (Phil Hazel)
WorldForge (Alistair Riddoch)
Lego programming (Stephen Coast)
There will also be talks on: Securing Linux Servers; Wireless Networking; Grid Computing; LTSP; PHP; Linux in Undergraduate Teaching; Reliability, Availability and Serviceability

PLUS: a chance to examine IBM's Linux Wristwatch and maybe even Sony's PlayStation 2 Linux!

http://www.ukuug.org/events/linux2002/ - for up-to-date information

NOTE: EARLY BIRD RATE OF JUST 47.00 including VAT if you book before 31st MAY!

Sponsors: IBM, AMD and Linux User

Media Sponsor: OSDN


Call for Participation: LISA/WINTER CONFERENCE - February 2003

UKUUG will hold its next Winter Conference in February 2003. The UKUUG Winter Conference is historically an event where not only prominent topics are discussed within the Conference presentations but also where members and friends meet, learn, and enjoy lively debate on a host of subjects.

As always, the UKUUG wishes to encourage work-in-progress presentations, and student project posters; proposals for these should be submitted in the same way as for full papers.

The event will take the form of a series of presentations, each followed by a discussion on issues raised. To this end, papers are invited from interested parties on the general themes, and related topics.

The UKUUG wishes to encourage discussion on all aspects of systems and their administration and is especially interested in papers covering theory and practice, high-availability, performance, network management, novel solutions to practical problems, integration, interoperability, and security (including the business, legal and moral issues).

You do not have to be a member of UKUUG to submit a paper. Submissions from speakers from outside of the UK are welcome.

Last year's Winter Conference included talks by:

Paul Anderson "Large-scale Linux Configuration with LCFG"
Jim Davies "A Web-based Administration System"
Andrew Findlay "LDAP and Security"
Matt Holgate "The Arusha Project"
Stuart McRobert "Applied Ethernet 10GB and an update on Sun SITE"
Wayne Pascoe "A business case for FreeBSD"
Peter Polkinghorne "Containing Windows"
Alain Williams "Configuration: Making it Easy, Getting it Right"
Mike Wyer "Lexis Exam Invigilation System"
Simon Cozens also gave a tutorial on Perl

Significant Dates

Initial abstracts submitted: 26 September 2002
Closing date for abstracts: 11 November 2002
Authors notified: 18 November 2002
Programme published: end November 2002
Final papers due: 13 January 2003

Method of Submission

Potential authors may request further information by sending e-mail to winterconf@ukuug.org

Initial abstracts should be sent as e-mail to winterconf@ukuug.org

Abstracts should be accompanied by a short biography, and, ideally, should be about 250-500 words long. Final papers should normally last 30-40 minutes. If you need more time for your presentation, please tell us when you submit your abstract.

Submissions are welcome from members and non-members of UKUUG and particularly submissions by students. Student's sponsorship may be available on a discretionary basis.

Please send any queries to the UKUUG Secretariat.


LPI Certification at the Bristol Conference

Roger Whittaker

Thanks to the generosity of IBM, on Friday 5th and Saturday 6th, participants in the UKUUG Linux Developers Conference at Bristol will be able to take LPI (Linux Professional Institute) certification examinations at no cost.

A test centre will be established in a room adjacent to the conference lecture rooms with space for about 20 people concurrently to sit the examinations.

The Linux Professional Institute is a community body with wide support which offers a distribution-neutral certification in Linux. There are currently two examinations available at each of two levels.

See http://www.lpi.org for more details.


BSD News

Sam Smith

Things that happened this issue in the BSD world:

OpenDarwin appeared to the world to provide a binary compatible open development environment for Mac OS X. http://www.opendarwin.org

OpenBSD 3.1 was released on May 19th, and includes, amongst many enhancements, authpf for user based access to services, rather than IP based. Allowing for firewall rules to be automatically changed for the IP a user logs in from for the duration of that login only. The latest OpenBSD release also will do wireless WaveLan bridging. Other enhancements include improved Sparc64 support, with more hardware and X now supported (3.0 was frozen when the Sparc64 port was less than 3 months old).

The songs that are both in 3.1 and 3.0 are available from ftp://ftp.uk.openbsd.org/pub/OpenBSD/songs http://www.openbsd.org/

FreeBSD/sparc64 added SMP support on Ultra and Enterprise class machines. The first FreeBSD release with Sparc64 as a supported platform will be the 5.0 release later this year. Although support is available on the Development Preview 1 release for those who wish to take an early look http://www.freebsd.org/

FreeBSD 4.6, the latest release from the stable branch, should be available in early June (see DVD news elsewhere in this issue).

BSDCon Europe 2002 was announced -- the conference will be in Amsterdam, November 15th-17th. The first European conference was a roaring success. A shortened Call For Papers is below, and the full CFP is available on this issue's CD or on their website. Presentations are being solicited for two days of technical sessions, following a single day tutorial. Areas of interest include: - Embedded BSD
- High Performance Networking
- System and performance tuning
- Innovative BSD system administration tools and techniques
- Running BSD on your toaster
More information at the website: http://www.eurobsdcon2002.org/

Jordan Hubbard stepped down from being a core member of the FreeBSD project after 9 years, and has become a core member of the OpenDarwin project. His involvement in FreeBSD will continue.

Rotor, the Microsoft Shared Source implementation of the ECMA CLI runtime environment was released for FreeBSD. This gives FreeBSD a C# and Jscript compiler. http://www.microsoft.com/

It was announced that Solaris 9 will ship with OpenSSH as part of a number of security enhancements.


FreeBSD 4.6 DVD Offer

Sam Smith

FreeBSD 4.6 is due to be released on the 1st of June, and DVDs should be available a short while later. FreeBSD 4.6 is the latest release of the -STABLE branch of FreeBSD.

FreeBSD Services Limited are offering UKUUG members a 5 pound discount on the price of the FreeBSD 4.6 two disc DVD set. To claim your discount, visit the FreeBSD Services ordering page at http://www.freebsd-services.com/ and your UKUUG membership details when prompted.

The two disc set includes two DVD images (one of rescue/install sets and packages and a second of port distfiles). The second DVD is double sided with the back being a CD image for installation/rescue on machines without a DVD drive.


Web Design in a Nutshell 2nd Edition

Jennifer Niederst
Published by O'Reilly
ISBN:0596001967
640 pages
£ 20.95
reviewed by Lindsay Marshall

I was going to dig out my review of the first edition of this book and just edit that, but it is archived on a CD somewhere so I'll have to do it all over again. The advantage of doing it all over again is that the material doesn't have to grow, otherwise, as with this book, there is a tendency for it to creep up in size. This volume weighs in at 613 pages which is more like a bag of nuts than a nutshell. This is not to say that the content is in anyway inferior - as with the first edition the material is first class - just that there is just too much of it. Do we need a 4 page list of deprecated and proprietary HTML tags? Don't tell people about them and they won't use them! (Should they come across them they can look in a proper HTML reference book to find out what they do.)

The trouble with a book like this is that so much of what it covers is done elsewhere in more detail, so, for me anyway, I would prefer to see a much shorter book that points me to the best sources where I can find the nasty detail. However, don't ask me to suggest what to leave out - every time I look at something that looks unnecessary I find a tip that I didn't know and that I can probably use. (To be scrupulously fair, I should point out that the book is full of pointers and suggestions for other sources of information.)

The biggest annoyance in the book is the inconsistent use of case - examples use upper case tags and attributes, but specifications use lower case. Now that we are moving, albeit slowly, towards an xhtml future we really ought to be using lower case all the time, and I hope that this gets cleaned up in the third edition. Also I am not sure what the author means by the "street price" of various programs she refers to. She seems to mean the catalogue price - the street price of most expensive software is approaching zero!

Anyway, I am being picky: this is, inevitably, an excellent web design resource and everyone will learn something from it. You'll probably need to buy all the other O'Reilly full scale reference books as well of course.....


Web Database Applications with PHP and MySQL

Hugh E Williams and David Lane
Published by O'Reilly
ISBN:0596000413
582 pages
£ 31.95
reviewed by Mike Smith

The goals of this book appear to cover: PHP scripting, SQL, tiered application architectures, database design, security, TCP/IP, HTTP, HTML, templating systems and (it seems) how the Internet works. You're right - it doesn't say all that on the back cover, but that's the ground covered, and in doing so, it's covered pretty thinly.

Despite the title, there are also diversions into Oracle, ODBC and connectivity to other databases. We cover a myriad of topics, ranging from performing field validation and using PHP sessions to authentication and security. Then we spend four long chapters (100 pages) dissecting the case study (which we've dipped in and out of all the way along too.)

First, the bad news

The first time we see a piece of PHP doing some MySQL functions is on Page 162. Excluding the Appendices, that's over a third of the way through the book - it therefore takes a long time to get into what I regarded as the core requirement of the text.

There is no coverage of database transactions (commit, rollback etc). This is commented on, and the reason cited is that it is of less interest in the stateless HTTP environment. True, maybe (and indeed if you are using a third party hoster, this is most likely to be the case). However I think it is important, as any reasonably sophisticated application - even a web application - is going to be updating multiple tables at some point. As soon as this happens there is the possibility of data integrity problems.

I also noticed some trivial PHP scripting and output formatting errors (eg missing semi-colon etc).

Try as I might, I couldn't get the online case study to work. Whether this was because the server was overloaded, the application was broken or the database had become so full of data that its performance had deteriorated to a halt (an application design issue in itself), I don't know. (Post Script: I've also had table locking errors now - definitely a poor advertisement for the book; and the code and techniques developed therein.)

Gems

Okay enough criticisms - what did I find, which I found useful ?

This is the first O'Reilly book (that I have read, anyway) which covers PHP. (I'm excluding the PHP reference, which you don't need these days - just go to www.php.net !) It has an overview of multi-dimensional arrays and array functions, which I liked. It also explains automatic type conversion, the implications and pitfalls.

I've wondered how to integrate browser authentication with MySQL for a while, and was mistakenly under the impression that I'd need Mod Auth MySQL - not so, and its easy too.

Another tip - prefixing a php function with @ as in $db=3D@mysql_connect(parms) ) suppresses the normal PHP error messages. Then you can handle errors yourself. Could be useful and/or tidier.

The explanation of "The Reload Problem" (what happens when a user clicks on reload, and the effect of repeating SQL statements you've already run) was useful, and thought provoking. I had already come across issues where users (including myself) clicked multiple times on a form submission button, and had to deal with that.

PHP sessions are covered. Good job too; Very important and useful these days.

Rounding Up

I think the authors didn't seem to know what level to aim for. It ranges from installation of software and creation of SSL certificates to entity relationship models and an explanation of tiered application architectures (and, shall I mention it again ? How the Internet works.) Much of the content is covered elsewhere more thoroughly (I'm thinking of several other O'Reilly titles - like "MySQL and mSQL", the imminent "Programming PHP" and obviously Apache: TDG.) If I were being more critical (over critical, maybe), I'd say that the authors had written the example application, exhausted the explanation of it, and were looking for a collection of other things with which to fill the book up.

I had hoped for more of a cookbook of techniques to use when developing further web applications ... (as I have just finished a php/mysql/apache implementation, and written some postnuke modules) ... but the emphasis has not been in this area. For instance some examples of the use of mysql_select_object, and when best to use mysql_fetch_array as opposed to mysql_fetch_row might have have been appropriate. Examples of processing SQL GROUP BY statements using php, different ways to count rows, and things of that ilk would have been good too.

The bottom line

In summary, if you have the other O'Reilly titles mentioned above, keep away from the Platypus. I think the limited additional information you'll get won't be worth the shelf space (I'm having to relegate my Borland Turbo Pascal v5.0 Reference guide to accommodate this one) - and you already know how the Internet works, right ?

Conversely, I'm not convinced that there's enough information within this text to give the reader a full understanding of all the issues required to produce a web accessible database application. It covers a lot of ground (and, yes, it probably has to), but just spending a page or two on a subject is inadequate. (Database tuning is covered in three !) Its not my favourite O'Reilly book, as you may already appreciate (actually the MySQL one isn't great either), but its probably fine if you only want a quick overview of the plethora of topics covered.


Building Wireless Community Networks

Rob Flickenger
Published by O'Reilly
ISBN:0-596-00204-1
125 pages
£ 17.50
reviewed by Lindsay Marshall

At last, a slim volume, and one that contains all you need to know about its subject without padding, waffle, blank space and all the other rubbish that generates the 1000 page plus books that seem to be so popular at the moment. If you want to build yourself a wireless network round your house, office, street or town this is the book you need. (And if you haven't been thinking about it you certainly should - it's the zeitgeisty thing to do!) The writing is snappy and it's full of real experience.

Here you will find the meaning of all those acronyms that you nod sagely about when you hear them but never do get round to finding out about. Here you will find out about cards and aerials, access points, protocols, firewalling and useful sites to go and read. There are even instructions on how to build the famous Pringles can antenna. Two downsides though, the first is that the information is all US-centric so you will have to do some finding out about local regulations. The second is that I think the price is a little high for a book this thin -- looking through the pile of (non-technical) paperbacks beside me, most of them are twice as long and a third of the price. I know that technical books don't have the sales of other books, but I think that this is a book that will have a wide audience and so could be priced correspondingly. (All the information is on the net if you can be bothered to look for it of course.)


Hardening Cisco Routers

Thomas Akin
Published by O'Reilly
ISBN:0-596-00166-5
173 pages
£ 17.50
reviewed by Raza Rizvi

This slim tome is a veritable gem of a book. It is written in a logical and clear style that permits reading from start to finish, but each specific section is complete in it's own right and as such it allows the reader to pick up the book and dip read satisfactorily. In fact I found this so easy to do that I had to discipline myself to read it the conventional way!

For many, the router is a device to which little real attention is paid. Yes some effort may be made to apply access lists to protect devices behind the router, but the actual router itself is largely ignored. Those of us who work for ISPs however, realise that attacks on a router often bring easy rewards, and this book should certainly act as a wakeup call to the network administrators who are naive enough to think that the router is an invisible cloak shielding them from harm.

The importance of the router and the need for its security is argued well in chapter 1, followed by a review of the naming scheme applied to Cisco IOS releases, since to know what vulnerabilities are present in the router operating system requires one to be able to translate the sometimes cryptic version nomenclature used by Cisco.

Chapter three sets the style for the rest of the book. The chapter covers basic access control all the way through to dialup, SSH, HTTP, and finally the use of IPSEC. It is crowded with excellent and well marked tips and warnings. The chapter is rounded off with a checklist, again a theme carried through the rest of the book.

Sensible recommendations for password implementation and security in chapter four, leads to a practical chapter on the more in-depth access and authentication controls of TACACS, RADIUS and even that academic stalwart, Kerberos.

After covering the banners one might choose to frighten off would-be attackers, the author methodically uses the following chapters to show how to tighten the services that are all too often left as default on the router and shows how to implement the other services that can assist in administration (SNMP and dynamic routing) or security (logging). I was pleased to see that the need for consistent timestamping was emphasised with a whole chapter on Network Time Protocol (NTP).

The book is completed with 5 appendices, the first sensibly collecting all the chapter recommendations, and the third dealing with incident response.

So is this book perfect? Well whilst ALL the recommendations were sensible I found only one niggling omission. It would perhaps have aided readers if the features in the book were cross-referenced against the IOS version in which they appeared. The author does recommend staying with the latest General Deployment releases but often there may be memory or licensing reasons why a site will choose not to do a major release upgrade.

I learnt things from this book, and for me that is the best recommendation I can give.


System Performance Tuning 2nd Edition

Gian-Paolo D Musumeci and Mike Loukides
Published by O'Reilly
ISBN:0-596-00284-X
336 pages
£ 28.50
reviewed by Mike Smith

Amazing. Did you realise that the original SPT is now 12 years old ?! I must have had my copy for around a decade too - with the "New Lay-flat Binding"! As I had the original, I didn't consider reading the new edition ... until now.

First Impressions

The first observation is that the book is a quarter of an inch thicker. Fine, I thought, just an axtra chapter or two. However there are more fundamental differences inside.

[It is also noticeable how O'Reilly's production quality has improved - and at some point they must have dropped their use of 50% recycled paper policy too. I hadn't noticed that previously.]

Musumeci joins the author credits, and in fact it quickly becomes apparent that the book is a complete rewrite by him, Loukides being relegated to editor ;-) The preface includes an admission from Loukides that his original book was actually a compilation of other people's knowledge - he had just pulled it all together. Now that explains a lot!

The gory details

SPT2 covers Solaris and Linux (mainly the former), which is an expected shift from the previous primary focus of SunOS and BSD generally.

The usual suspects are covered - CPU, Memory, Swapping, Network etc. There's an explanation of NUMA and UMA architectures, and there are useful tables throughout, reminding us of CPU/Memory bandwidth figures. The discussion on Network infrastructure includes the physical options available today, including Fibre, but I would also have been interested in more discussion on DWDM, QoS, and the performance implications of using VLANs and IPSEC etc.

Tuning (yes, that's right, Tuning) NFS is covered, and there's even a quick look at Samba.

On storage, Direct I/O is talked about, but there is now Concurrent Direct I/O in Solaris 8. That's even better (and you might be able to do without Veritas Filesystem and QuickIO these days.) There's a welcome new chapter on disk arrays. If you're in a large environment you may find the HDS (9960, which is also OEM'd by HP, and resold by Sun), EMC (Symmetrix) or IBM (ESS, aka Shark) enterprise storage solutions give you more flexibility (and tuning considerations) but these aren't covered.

There's now a chapter on tuning code. I think this is a little out of place in this book, which is obviously aimed at the sysadmin space, and unless you are a developer and/or have access to source code it may not be useful to you. As it rightly states, a whole book could cover this area too. Nevertheless, it's an interesting insight.

The old Appendix B (Performance Tuning Strategy) has been replaced with a much improved Chapter 9 "Instant Tuning". You know those diagnostic fault tables you get at the back of a Television Installation Guide (No picture: Plug the television in etc.) ? Well this goes some way towards that type of quick remedy approach. Its good for a quick hit on a machine.

Tools covered

This isn't a full list, and not in any particular order, but Solaris administrators will recognise many of the following. There were a few commands I didn't know about - interesting to know those areas can be tweaked, but not sure if I will ever need to.

psradm
psrset
psrinfo
dispadmin
priocntl
netstat
ndd
busstat
iostat
sar
vmstat
memstat
prex
pmap
cpustat
cputrack
mpstat
nfsstat
gprof
tunefs
fstyp
kstat
adb
hdparm
metadb
lockstat
cfsadmin
cachefsstat
format (the cache subcommand)
  

Some of the Linux specific tools include elvtune, tune2fs and probably many others before I started to compile the list.

Summary

SPT2 brings the subject up-to-date and is therefore an interesting read. It is also a huge improvement over the original text. Architectures are obviously a moving target, and I suspect that Sun's new fireplane interconnect (mentioned in passing) brings new challenges and tuning requirements. We'll be tuning workloads on Grids next too. Alas neither of these subject areas are covered.

There may have been some benefit in producing a cross reference of the performance reporting and tuning tools available on other platforms too; notably those running AIX and HP of course. In a few years time we are likely to see Linux abound, but the three main Unix flavours are going to be with us for some time to come.

If you previously looked at edition one and decided (like many) it's more about monitoring and not actively tuning, it is now worth another look. If you already have edition one, O'Reilly really ought to do a trade-in scheme !

I like it.


Perl for Web Site Management

John Callender
Published by O'Reilly
ISBN:1565926471
528 pages
£ 24.95
reviewed by Mike Smith

From the title I was under the impression that this book would offer some Perl scripts for managing websites (!) You know - tidying apache logs, er, tidying apache logs and possibly tidying apache logs. Okay, perhaps there isn't much you really need to do in this area so its no surprise that rather more ground is covered - not on the server management side, as I was considering, but more on the construction of sites to facilitate easier management of the content, and to provide features on your sites.

Also, to be clear, the emphasis of this book is on learning Perl; not learning website management techniques alone (using your already proficient Perl skills). I really got the wrong end of the stick initially.

Overview

This book is particularly good at defining what its scope is - and specifically the areas which are not covered (eg html, web design etc). I can see that it would have been easy to stray into related subjects, but the focus is kept.

The author provides some good advice on a wide variety of subjects. Things like Evaluating a Hosting Provider (so that you get the features you need) and scripting techniques. It's the sort of stuff you tend to take for granted once you know it, but he's done well to capture and communicate this type of information.

There's a whistle-stop tour of UNIX - all the important stuff: man, shell, permissions, vi vs emacs etc. Then we have the obligatory introduction to Perl. This moves very quickly, which is refreshing. As anyone who's written a cgi script knows, missing out a Content-type: header can cause all sorts of head scratching, permissions checking, path checking etc. That sort of thing is covered too. I passed through my Perl phase several years ago and now only tend to use it when necessary. (These days I mainly use PHP for web scripting and database connectivity.) So the reminders were useful for me.

Getting down to business

There are a lot of code fragments, which is great. Not too over the top (full scripts are saved for later), but enough to get the point across. The early chapters provide quite a range of good techniques. Beware though that there are quite a number of errors - I noticed a couple, but checkout the O'Reilly website for the full list. Despite this, we're producing useful little routines very early on. Great stuff.

Then we start hitting the major web management topics, like making a template system - how many of these have you seen already ?! If you don't use webalizer or something similar, Chapters 8 to 10 cover the parsing and analysis of access logs. This is also useful if you want to do something specific with the logs which is not covered by your standard analyser, of course.

An important part of Perl today is using modules, where much of the hard work and debugging has already been done. Downloading, installing and using such modules from CPAN is covered, and this is a good introduction to more sophisticated programming techniques. Of course there are many other O'Reilly titles which would expand on this once you've mastered the basics here.

There is also an example of how a simple document management system can be implemented, a bit like a primitive slashcode or postnuke system. We also have: Implementing a Search facility; Testing weblinks, ... well you might as well look at the contents on the web. Anyway, they're all interesting and potentially useful, and they are not there just for their own sake - they are there to introduce new Perl concepts all the way along.

Near the end of the text, DBM files are covered. This is a useful halfway house when you're using hosting services that don't have mysql facilities, for instance. However I find such techniques (for instance, using the tie command) a bit clunky. You might be tempted to look at MLDBM module, although why not go the whole hog and start using DBI - there's another whole book on that though !

The very last chapter looks at the next stages - whether to go deeper into Perl, or perhaps look at other programming languages. There is also the inevitable recommendation to look at relational databases; although the reservations regarding MySQL are a little out of date I think (ie lack of transactions).

Summary

It's a good book, and a good read. No doubt about it. Whether its worth having in your kitbag is a tricky question. It probably is right for non-programmers who are pushing the boundaries of their web development (which is of course precisely the target audience). Using Perl for cgi scripts complements the use of PHP for embedded code (or indeed Embperl), and of course with Perl you can do many other things too. I think it's a good introduction, and if you haven't got the camel book this is certainly another option for you if you work (or play) in this type of environment. ... Then you can go and get the camel book anyway !

I couldn't find anything on tidying apache logs. Ah well.


Solaris 8 Administrator's Guide

Paul Watters
Published by O'Reilly
ISBN:0-596-00073-1
400 pages
£ 28.50
reviewed by Joel Smith

According to the blurb, "This book is for experienced Solaris administrators, as well as those interested in learning about Solaris" and "It's written for experienced network administrators who want an objective guide to networking with Solaris."

I must confess that I do not see how it achieves these aims.

The book starts off with a brief overview of the Sun ONE (Open Network Environment) specification and the Solaris operating system. Chapter 2 starts with fundamental principles of networking and routing covering network classes, TCP/IP routing, the OSI model etc. It then covers inetd, /etc/services, telnet and ftp (but not with any real discussion of the issues surrounding running such services). Considering the remit of the book as stated above, we have two wasted chapters.

Chapter 3, Installing Solaris, is supposed to cover "the step-by-step installation and selection of basic network configuration parameters". According to this first paragraph, "Solaris has three methods of installation: command-line (text based), interactive (menu based), and Web Start (Java-based)". Yet in the final section of this chapter, we find that "Solaris provides two ways to perform an installation: interactively or by using the Web Start Wizard". Paul Watters is unable to be consistent within the same chapter. And what about Jumpstart, or Web Start Flash Installation? These are not even mentioned.

There is the usual mention of preparing various configuration worksheets, and then the book moves on to selecting what parts of Solaris to install. This is an opportunity where you could investigate what packages can be removed when trying to set up different types of server. Unfortunately, there is no mention of this or the complex web of dependencies, and all that you are given is the fact that there are four basic configurations: End User, Developer, Entire Distribution without OEM support and Entire Distribution with OEM support. This is the information you get when you do an interactive installation, but without the benefit of the help text.

The walk through is also lacking in useful information. For a start, the assumption is that the system has a CD-ROM drive and a graphical interface. This is not necessarily the case, particularly when dealing with rack-mounted servers. There is no discussion of the options for network installation. This is more complicated in Solaris 8, since the OS no longer fits upon a single CD. In the actual walk through, there is a fair amount of space devoted to responding to the initial questions (Time Zones etc), yet other issues, such as disk layouts are dashed off in a throwaway half line.

Alas the book continues in this vein, spending too much time on basic information, and omitting or skating over areas that are far more complex, and could do with covering in more depth. For example, in the networking section, there is no mention of logical interfaces (multiple IP addresses for a single NIC), or IP network multipathing which is a Solaris 8 feature allowing failover between two different interfaces, which is useful for resilience. In the Naming Services chapter, LDAP is introduced and covered in three pages, two of which are a verbatim account of what the installation program asks you (assuming you choose Express Installation, and so do not modify anything - what is the point of putting this in? You would find it anyway if you run the installer, and it gives you no additional information). No attempt is made to explain how to actually configure or use the service.

Sendmail is covered in 11 pages, which attempts to explain the intricacies of the sendmail.cf file, without even mentioning the M4 macros which are the preferred way of configuring sendmail. Obviously Costales and Allman were wasting their time when they produced the 1000+ page sendmail "Bat" book. Samba is covered in 10 pages. Now sendmail I can understand, as it is shipped by default with Solaris, but the logic of including Samba in a book on Solaris eludes me. This is not to say that I think it is a mistake to run Samba, but more that a book on Solaris Administration should deal with issues to do with Solaris.

I do not recommend buying this book. I think that it is poorly written, and totally fails to meet the needs of the readers it professes to serve. There are some nuggets of useful information, but they are rather few and far between. When Sun's documentation is available to all at http://docs.sun.com, I cannot see any point in spending the time to read this book, let alone the money to buy it. It is an opportunity missed.


Palm OS Programming - 2nd Edition

Neil Rhodes and Julie McKeehan
Published by O'Reilly
ISBN:1-56592-856-3
683 pages
£ 28.50
reviewed by Richard Ibbotson

Why would someone who normally only deals in GPL'd software suddenly show an interest in Palm OS and write a review of a book about its programming methods ? The truth is that there's more GPL'd software out there for the Palm OS than you might think. There are many thousands of people out there using the ubiquitous pocket Palm computers and day by day the number grows and grows. You can do just about anything with them. This includes the production of MS Word or Open Office documents which can be used on cross platform environment desktops or you can send and receive e-mail and if you like to travel you can even use them as GPS electronic compasses complete with street maps or a guide to your local sub tropical forest food supply for survival purposes. I like to read classical literature on my own Handspring and I can do that at 30 000 feet on a 747 or on top of a hill in Derbyshire or the Lake District.

The first part of the book goes into how the Palm platform came about and why it became a success in spite of the fact that it's based on slow processors in a day and age when speed and large amounts of memory are seen more as a way of doing things rather than the political statement that Intel and AMD represent. The words "Works great and is simple to use" are used at page twelve and this admirably sums up the Palm design philosophy . Part two or the second chapter goes into a technical overview and explains some simple ideas about conduits. This is probably very helpful to someone like myself who knows nothing about Palm programming methods or ideals. Designing a solution at page forty-one goes into Palm GUI design at the most basic level. Black and White text based GUIs of the sort that command line system administrators find to be the most useful. In fact, you can run your Solaris or GNU/Linux or BSD system remotely using a Palm machine. It can save a lot of travel. At page 103 the meat of the book begins with how to design a Palm application. Chapter four is quite simply called "Tutorial" and it's not really much more than that. The Palm OS Emulator is discussed and how to get hold of it and install it into your GNU/Linux workstation or notebook. Code Warrior is introduced which is essential because most Palm OS development takes place with Code Warrior. Maybe someone out there should start something with Emacs for Palm OS ? Chapter five comes around and the structure of an application is introduced and explained so that even I can understand it. PilotMain would seem to the the function that we have to begin to understand before we start with anything else. Other basic routines of the main event loop are explained and then some more advanced examples are given so that the reader can try them out for themselves. The memory manager is discussed at some length at chapter six. Debugging applications is at chapter seven. This is where you begin to get that all too familiar feeling that perhaps the programming language that you have decided to learn isn't as good as you at first thought it was. Resources and forms are discussed at chapter eight. Form objects at chapter nine gives some more useful programming examples that are not otherwise available unless you pay for them. Remember, this isn't GNU/Linux that we are talking about here and so you do have to pay for everything. Chapter nine drags on quite a bit and so you do get some helpful info. Databases are an important part of the world of information technology and the discussion of how these are a part of Palm OS begins at page 320. Plenty of help for someone who wants to program Palm. That all important part of the present day operating system - the menu interface - is introduced at chapter eleven. Some nice graphics and a pleasant change from all those opened and closed braces and event handlers. How to program the extras is explained at chapter twelve. Things like the find application for example. Communications are discussed at chapter thirteen. Such as GPS and TCP/IP which are more or less essential rather than a luxury. Getting started with conduits is at chapter fourteen. This is a mix of graphical help and more examples of where to put your braces. Moving data to and from your handheld with a conduit is the subject of the next to last chapter and the final chapter explains two way syncing. Appendix A gives you sources of info on the net which are not always as easy to find with a search engine as some people might try to suggest. The other appendices are just as useful. If you are someone who knows nothing about programming Palm and you would like a simple introduction then this book is probably for you.

To finish off I'll quote the colophon which can be found at the back of every O'Reilly book.

"The bird on the cover of Palm OS Programming is a rock dove. There are 14 sub species of rock dove, including the domestic pigeon. These birds are widely distributed throughout the world. In their native environment, rock doves live on rocky cliffs, building their nests in crevices and caves." O'Reilly like to produce distinctive covers for their books which complement their distinctive approach to technical subjects thus breathing new life and and personality into potentially dry subjects.


Programming C#, 2nd Edition

Jesse Liberty
Published by O'Reilly
ISBN:0-596-00309-9
648 pages
£ 28.50
reviewed by Peter Waller

Another review, another C# book, and yes, another 2nd edition! It's certainly been an interesting couple of weeks reviewing the C# books that landed through my letter-box, especially this one. Programming C# consists of 600 pages, presented as a tutorial. It's aimed at intermediate developers wishing to learn C# in depth but also in the .NET environment.

Jesse is quick to introduce the framework before diving into C# concepts as most of the book is dedicated to the .NET platform. A brief tour of objects follows, and then a few pages on debugging. Personally I would have liked to see a whole chapter dedicated to debugging but you can't always get what you want!

This book does a good job at teaching C#, and the platform material is excellent for those wishing to learn how to build powerful .NET applications. Windows Apps, ADO.NET, Web Services, all get the 4-star treatment. Personally I found the CLR chapters invaluable. The book finishes off with a chapter about mixing .NET with ActiveX/COM, as they're quite popular components.

I can say this book is a worthy addition to the pile of books building on your desktop, but I must also say this book has its problems. Throughout reading I found a lot of inconsistencies between explanations and example source code. Naturally these issues have been addressed on the book support site so it's worth a peek if you decide to purchase this book.


Using SANs and NAS

W Curtis Preston
Published by O'Reilly
ISBN:0-596-00153-3
218 pages
£ 20.95
reviewed by Virantha Mendes

The emerging trend of using SAN/NAS for storage requirements is evident everywhere. Large companies that have to deal with mounting amount of data are increasingly looking into SAN and NAS technologies as a solution. But, what are SAN (Storage Area Networks) and NAS (Network Attached Storage)? The answer can be easily summed up by looking at the two animals used on the cover of the book.

O'Reilly has used two very similar looking animals (hyrax and pika) but genetically vastly different to each other. SAN and NAS are the same in the sense that they are deployed in very similar circumstances but have very different technologies behind them and are also managed differently. SANs are primarily based on fibre channel architecture wheres NAS is based on NFS or CIFS (Common Internet File System from our friends at Redmond).

The author of the book, Curtis Preston is trying to demystify the aura behind these two solutions. For each of the solutions he has devoted three chapters: Architecture, Management and Backup Recovery. Each chapter is packed with diagrams and easy to read wealth of information. The style of writing makes the understanding of complex issues, especially surrounding SANs, very easy.

My only criticism is the lack of any vendor specific solutions in the SANs section. Had the author included a few examples of SANs he has designed in the past with vendor specific information, it would have given the reader a much greater perspective of the subject.

The focus of the book are new comers into this arena and the practising professionals who will find this a valuable reference book. I can say this book is a must for any person engaged in storage administration.


Malicious Mobile Code: virus protection for Windows

Roger A Grimes
Published by O'Reilly
ISBN:156592682X
544 pages
£ 28.60
reviewed by Lindsay Marshall

When I first heard about this book, I assumed that it had to be a reference manual for Outlook on a pocket PC, but it is rather more than that (though Outlook certainly features!). It is in fact a rather comprehensive horror story. Why would anyone want to use a system that requires a 522 page book to tell you how to protect yourself from attack? The existence of this book has to be the one of the best adverts for using Linux ever.

The author has also managed to pull off the trick of writing a sizeable book about malicious code without actually writing a complete "how to" manual for its authors (though there are some complete examples of IRC scripts). Unfortunately, reading through series of descriptions of what various viruses, worms etc. do is pretty dull after a while - let's face it, most virus writers have lots of ingenuity but not much imagination. It does leave you wondering about what the designers of the software that they are attacking were thinking about when they were working on it.

If, for your sins, you have to use or manage Windows systems there is undoubtedly much useful information in this book, but you will have to plough through lots of description to extract it. If you live in a Linux world, then there is no conceivable need for you to even think about buying it, apart from schadenfreude of course, and it is probably too expensive for that.


The Single UNIX Specification, Version 3

Andrew Josey

Work commenced in late 1998 on the Single UNIX Specification, Version 3. The core of the Single UNIX Specification, Version 3, collectively known as the Base Specifications, was developed, and is maintained, by a joint working group of members of the IEEE Portable Applications Standards Committee (PASC), members of The Open Group, and members of ISO/IEC Joint Technical Committee 1. This joint working group is known as the Austin Group.1

The Austin Group arose out of discussions amongst the parties that started in early 1998, leading to an initial meeting and formation of the group in September 1998. This represented a sea change in attitude regarding development of two related specifications by three development organizations, which to date had been developed separately, often with the same standards developers involved.

The purpose of the Austin Group has been to revise, combine, and update the following standards: ISO/IEC 9945-1, ISO/IEC 9945-2, IEEE Std 1003.1, IEEE Std 1003.2, and the Base Specifications of The Open Group Single UNIX Specification.

After two initial meetings, an agreement was signed in July 1999 between The Open Group and the Institute of Electrical and Electronics Engineers (IEEE), Inc. to formalize the project, with the first draft of the revised specifications being made available at the same time. Under this agreement, The Open Group and IEEE agreed to share joint copyright of the resulting work. The Open Group has provided the chair and secretariat for the Austin Group.

This unique development has combined both the industry-led efforts and the formal standardization activities into a single initiative, and included a wide spectrum of participants including commercial, academia, government, and the open source communities.

The approach to specification development was one of "write once, adopt everywhere", with the resulting set of specifications being approved as IEEE Std 1003.1-2001 (POSIX) and The Open Group Base Specifications, Issue 6. At the time of writing, the specifications are in the final stage of gaining ISO/IEC approval. This set of specifications forms the core of the Single UNIX Specification, Version 3.

The Base Specifications, Issue 6 consist of the following Technical Standards: Base Definitions, Issue 6 (XBD)
Shell and Utilities, Issue 6 (XCU)
System Interfaces, Issue 6 (XSH)
Rationale (Informative)

The revision of the Base Specifications has tried to minimize the number of changes required to implementations that conform to the earlier versions of the approved standards to bring them into conformance with the current standard. Specifically, the scope of this work excluded doing any "new" work, but rather collecting into a single document what had been spread across a number of documents, and presenting it in what had been proven in practice to be a more effective way. Some changes to prior conforming implementations were unavoidable, primarily as a consequence of resolving conflicts found in prior revisions, or which became apparent when bringing the various pieces together.

However, since the revision now references the 1999 version of the ISO C standard, there are a number of unavoidable changes that have been made which will affect applications portability.

In addition to the Base Specifications, the Single UNIX Specification, Version 3 includes the X/Open Curses, Issue 4, Version 2 specification. Updates to X/Open Curses, Issue 4, Version 2 have been limited to production of a Corrigendum to allow it to exist in a Base Specifications, Issue 6 environment.

The Single UNIX Specification, Version 3 -- Contents

This section gives an overview of the documents that comprise the different parts of the Single UNIX Specification, Version 3 and how they are organized. The Single UNIX Specification, Version 3 is made up of the Base Specifications, Issue 6 and X/Open Curses, Issue 4, Version 2. The Base Specifications, Issue 6 comprise Base Definitions, System Interfaces, Shell and Utilities, and Rationale.

Base Definitions (XBD)

The XBD document is part of the Base Specifications, Issue 6. XBD provides common definitions for the Base Specifications of the Single UNIX Specification; therefore, readers should be familiar with it before using the other parts of the Single UNIX Specification. The presence of this document reduces duplication in the other related parts of the Single UNIX Specification and ensures consistent use of terminology.

This document is structured as follows:

Chapter 1 is an introduction, which includes the scope of the Base Specifications, and the scope of the changes made in this revision. Normative references, terminology, and portability codes used throughout the Base Specifications are included in this chapter.

Chapter 2 defines the conformance requirements, both for implementation and application conformance. For implementation conformance, this includes documentation requirements, conformance definitions for the core POSIX subset, conformance definitions for systems conforming to the Single UNIX Specification (denoted as the XSI extension), and option groups (previously known as feature groups).

Chapter 3 contains the general terms and definitions that apply throughout the Base Specifications.

Chapter 4 describes general concepts that apply throughout the Base Specifications.

Chapter 5 describes the notation used to specify file input and output formats in XBD and XCU.

Chapter 6 describes the portable character set and the process of character set definition.

Chapter 7 describes the syntax for defining internationalization locales as well as the POSIX locale provided on all systems.

Chapter 8 describes the use of environment variables for internationalization and other purposes.

Chapter 9 describes the syntax of pattern matching using regular expressions employed by many utilities and matched by the regcomp() and regexec() functions. Both Basic Regular Expressions (BREs) and Extended Regular Expressions (EREs) are described in this chapter.

Chapter 10 describes files and devices found on all systems and their semantics. For example, the device /dev/null is an infinite data source and data sink.

Chapter 11 describes the asynchronous terminal interface for many of the functions in XSH and the stty utility in XCU.

Chapter 12 describes the policies for command line argument construction and parsing. It contains the utility argument syntax used throughout XCU, and utility syntax guidelines for naming of utilities and the specification of their arguments and option-arguments and operands.

Chapter 13 defines the contents of headers that declare constants, macros, and data structures that are needed by programs using the services provided by the system interfaces defined in XSH. These are in the form of reference pages and are organized alphabetically.

Shell and Utilities (XCU)

The XCU2 document is part of the Base Specifications, Issue 6. XCU describes the shell and utilities that are available to application programs on systems conformant to this part of the Single UNIX Specification. Readers are expected to be familiar with the XBD document.

This document is structured as follows:

Chapter 1 explains the status of this document and its relationship to other formal standards, including the ISO C standard and the XSH document. It also describes the utility limits, grammar conventions, defaults used by the utility descriptions, considerations for utilities in support of large files, and the list of required built-in utilities. The scope, conformance, and definitions sections are pointers to the XBD document; the sections are here to meet ISO/IEC rules regarding required sections. The terminology and portability codes are identical to the section in XBD and repeated here for ease of reference.

Chapter 2 describes the command language-that is, the shell command language interpreter-used in systems conformant to the Single UNIX Specification.

Chapter 3 describes a set of services and utilities that are implemented on systems supporting the Batch Environment option.

Chapter 4 consists of reference pages for all utilities available on systems conforming to the Single UNIX Specification. These are in the form of reference pages and are organized alphabetically.

System Interfaces (XSH)

The XSH document is part of the Base Specifications, Issue 6. XSH describes a set of system interfaces offered to application programs by systems conformant to this part of the Single UNIX Specification. Readers are expected to be experienced C language programmers, and to be familiar with the XBD document.

This document is structured as follows:

Chapter 1 explains the status of this document and its relationship to other formal standards. The scope, conformance, and definitions sections are pointers to the XBD document; the sections are here to meet ISO/IEC rules regarding required sections. The terminology and portability codes are identical to the section in XBD and repeated here for ease of reference.

Chapter 2 contains important concepts, terms, and caveats relating to the rest of this document. This includes information on the compilation environment, the name space, definitions of error numbers, signal concepts, standard I/O streams, STREAMS, XSI IPC, realtime, threads, sockets, tracing, and data types.

Chapter 3 defines the functional interfaces to systems conformant to this part of the Single UNIX Specification. These are in the form of reference pages and are organized alphabetically.

Rationale (XRAT)

The XRAT document is part of the Base Specifications, Issue 6. The XRAT document has been published to assist in the process of review and understanding of the main text. It contains historical information concerning the contents of the Base Specifications, Issue 6 and why features were included or discarded by the standard developers. It also contains notes of interest to application programmers on recommended programming practices, emphasizing the consequences of some aspects that may not be immediately apparent.

This document is organized in parallel to the normative documents of the Base Specification, with a separate part (Parts A, B, and C) for each of the three normative documents. In addition, two additional parts are included: Part D Portability Considerations, and Part E Subprofiling Considerations. The Portability Considerations chapter includes a report on the perceived user requirements for the Base Specification and how the facilities provided satisfy those requirements, together with guidance to writers of profiles on how to use the configurable options, limits, and optional behavior. The Subprofiling Considerations chapter satisfies the requirement that the document address subprofiling. This contains an example set of subprofiling options.

X/Open Curses (XCURSES)

XCURSES is not part of the Base Specifications, Issue 6. XCURSES describes a set of interfaces providing a terminal-independent method of updating character screens that are available to application programs on systems conformant to this part of the Single UNIX Specification. This document should be read in conjunction with The Open Group Corrigendum U056.

This document is structured as follows:

Chapter 1 introduces Curses, gives an overview of enhancements that have been made to this version, and lists specific interfaces marked TO BE WITHDRAWN. This chapter also defines the requirements for conformance to this document and shows the generic format followed by interface definitions in Chapter 4.

Chapter 2 describes the relationship between Curses and the C language, the compilation environment, and the X/Open System Interface (XSI) operating system requirements. It also defines the effect of the interface on the name space for identifiers and introduces the major data types that the interfaces use.

Chapter 3 gives an overview of Curses. It discusses the use of some of the key data types and gives general rules for important common concepts such as characters, renditions, and window properties. It contains general rules for the common Curses operations and operating modes. This information is implicitly referenced by the interface definitions in Chapter 4. The chapter explains the system of naming the Curses functions and presents a table of function families. Finally, the chapter contains notes regarding use of macros and restrictions on block-mode terminals.

Chapter 4 defines the Curses functional interfaces.

Chapter 5 defines the contents of headers that declare constants, macros, and data structures that are needed by programs using the services provided by Chapter 4.

Chapter 6 discusses the terminfo database, which Curses uses to describe terminals. The chapter specifies the source format of a terminfo entry using a formal grammar, an informal discussion, and an example. Boolean, numeric, and string capabilities are presented in tabular form.

Appendix A discusses the use of these capabilities by the writer of a terminfo entry to describe the characteristics of the terminal in use.

The chapters are followed by a glossary, which contains normative definitions of terms used in the document.

IEEE Std 1003.1-2001

The core of the Single UNIX Specification, Version 3 (the Base Specifications) is also IEEE Std 1003.1-2001. IEEE Std 1003.1-2001 is a major revision and incorporates IEEE Std 1003.1-1990 (POSIX.1) and its subsequent amendments, and IEEE Std 1003.2-1992 (POSIX.2) and its subsequent amendments, combined with the core volumes of the Single UNIX Specification, Version 2. It is technically identical to The Open Group, Base Specifications, Issue 6; they are the same document, the front cover having both designations. The final draft achieved 98% approval by the IEEE ballot group and was officially approved by the IEEE-SA Standards Board on December 6, 2001.


Contacts

Charles Curran
Council Chairman; Events; Newsletter
Oxford
07973 231 870
charles.curran@ukuug.org

James Youngman
UKUUG Treasurer
Manchester
james.youngman@ukuug.org

David Hallowell
Website
Tyne and Wear
david.hallowell@ukuug.org

Alasdair Kergon
Events
Reading
alasdair.kergon@ukuug.org

Dr A V LeBlanc
Newsletter
Manchester
owen.leblanc@ukuug.org

Roger Whittaker
Schools; Newsletter
Borehamwood
roger.whittaker@ukuug.org

Jane Morrison
UKUUG Secretariat
PO Box 37
Buntingford
Herts
SG9 9UQ
01763 273 475
01763 273 255
office@ukuug.org