Mailbag
This month's answers created by:
[ Amit Saha, Ben Okopnik, Dave Richardson, Kapil Hari Paranjape, Lew Pitcher, Neil Youngman, Rick Moen, Samuel Kotel Bisbee-vonKaufmann, Steve Brown, Thomas Adam ]...and you, our readers!
Gazette Matters
A couple of small suggestions
Neil Youngman [ny at youngman.org.uk]
Mon, 19 Feb 2007 17:01:52 +0000
First off, TWDT is no longer TWDT. If you click on TWDT you find that the mailbag has "Thread continues here" links. Could we make TWDT be TWDT?
Secondly, we have the answers to last month's geekword. It would be nice to have the questions with it, so anyone that wants to admire the subtlety of the clues, or pick nits, don't have to flick between windows.
Neil
[ Thread continues here (3 messages/2.39kB) ]
Still Searching
Schema for nmap XML Output
Amit Kumar Saha [amitsaha.in at gmail.com]
Tue, 20 Feb 2007 09:31:10 -0800
hi list Attached is the XML output for a Nmap scan
[[[ I have actually included it below. - Kat ]]]
The goal is to move Nmap XML files into a database, with a well-thought out DB schema. Ideally, this should work with PostgreSQL, MySQL, and other popular databases.
Please suggest a possible database schema for the same
Please point out any similar works
<?xml version="1.0"?> <!-- Nmap 4.00 scan initiated Sat Feb 17 08:39:44 2007 as: nmap -oX scan.xml www.yahoo.com --> <nmaprun scanner="nmap" args="nmap -oX scan.xml www.yahoo.com" start="1171681784" startstr="Sat Feb 17 08:39:44 2007" version="4.00" xmloutputversion="1.01"> <scaninfo type="syn" protocol="tcp" numservices="1672" services="1-1027,1029-1033,1040,1043,1050,1058-1059,1067-1068,1076,1080,1083-1084,1103,1109-1110,1112,1127,1139,1155,1158,1178,1212,1214,1220,1222,1234,1241,1248,1337,1346-1381,1383-1552,1600,1650-1652,1661-1672,1680,1720,1723,1755,1761-1764,1827,1900,1935,1984,1986-2028,2030,2032-2035,2038,2040-2049,2053,2064-2065,2067-2068,2105-2106,2108,2111-2112,2120-2121,2201,2232,2241,2301,2307,2401,2430-2433,2500-2501,2564,2600-2605,2627-2628,2638,2766,2784,2809,2903,2998,3000-3001,3005-3006,3049,3052,3064,3086,3128,3141,3264,3268-3269,3292,3306,3333,3372,3389,3421,3455-3457,3462,3531,3632,3689,3900,3984-3986,3999-4000,4008,4045,4125,4132-4133,4144,4224,4321,4333,4343,4444,4480,4500,4557,4559,4660,4672,4899,4987,4998,5000-5003,5010-5011,5050,5060,5100-5102,5145,5190-5193,5232,5236,5300-5305,5308,5400,5405,5432,5490,5510,5520,5530,5540,5550,5555,5560,5631-5632,5679-5680,5713-5717,5800-5803,5900-5903,5977-5979,5997-6009,6017,6050,6101,6103,6105-6106,6110-6112,6141-6148,6346,6400-6401,6502,6543-6544,6547-6548,6558,6588,6666-6668,6699,6969,7000-7010,7070,7100,7200-7201,7273,7326,7464,7597,7937-7938,8000,8007,8009,8021,8080-8082,8443,8888,8892,9090,9100,9111,9152,9535,9876,9991-9992,9999-10000,10005,10082-10083,11371,12000,12345-12346,13701-13702,13705-13706,13708-13718,13720-13722,13782-13783,15126,16959,17007,17300,18000,18181-18185,18187,19150,20005,22273,22289,22305,22321,22370,26208,27000-27010,27374,27665,31337,32770-32780,32786-32787,38037,38292,43188,44334,44442-44443,47557,49400,54320,61439-61441,65301" /> <verbose level="0" /> <debugging level="0" /> <runstats> <finished time="1171681798" timestr="Sat Feb 17 08:39:58 2007" /> <hosts up="0" down="1" total="1" /> <!-- Nmap run completed at Sat Feb 17 08:39:58 2007; 1 IP address (0 hosts up) scanned in 15.003 seconds --> </runstats> </nmaprun>
-- Amit Kumar Saha GSM :+91 9903140286 http://amitsaha.in.googlepages.com
Our Mailbag
please do this, for a free ipod nano
amitsaha.in at gmail.com.using.fakeaddress.invalid [(amitsaha.in at gmail.com.using.fakeaddress.invalid)]
Sat, 24 Feb 2007 23:40:10 -0800
[[[ I've cleaned up a bunch of html, as well as munging the address of the spammer. - Kat ]]]
hey, go here and we both get a free ipod nano
pretty pretty please
http://www.fakeaddress.invalid/xbgxedmeoa http://www.fakeaddress.invalid/xbgxedmeoa
This was sent by amitsaha.in at gmail.com via AStupidSpammerSite, Box xxxx, San Jose CA xxxx Visit this page http://www.fakeaddress.invalid/ to unsubscribe from all future fakeaddress.invalid email
[ Thread continues here (4 messages/3.29kB) ]
how 2 delete large num of files
Ramachandran Iyer [riyer at kodiaknetworks.com]
Thu, 22 Feb 2007 12:26:39 +0530
Hi, I have some 40,000 entries/files in a directory I know there is some combinations or rm & xargs to delete this long list,, I am not getting the exact syntax. Can u pl pass it on,, Rama
[ Thread continues here (3 messages/1.49kB) ]
Silly question but...
Ben Okopnik [ben at linuxgazette.net]
Sun, 18 Feb 2007 21:56:00 -0500
Hi, Don -
On Sat, Feb 17, 2007 at 09:24:58PM -0600, Don Crowder wrote:
> I've become very fond of Debian (Sarge) Linux even though it can be a tough > row for a beginner to hoe. I noticed that the Linux Gazette was in the > repository so I downloaded the whole set thinking that reading them all would > be a good learning experience only now I can't find them. Synaptic says > they're on my computer but it doesn't tell me "where they live" nor, for that > matter, is it clear what application will be needed to read them (though I'd > expect them to be HTML files, readable by a browser but that's an assumption, > thus suspect.). At any rate, I'd be grateful for a clue Sure, I could have > found a Debian forum and asked there but they wouldn't have a vested interest > in the answer to my question, like you do grin.
[laugh] You're a smart fellow, Don - just what I'd do in a similar situation, including the expository.
> I've often lamented the fact that I'm not able to become a Linux developer but > I promote Linux as best I can by writing about it in my email and in the > twice-monthly ezine my wife and I write. We also "talk it up" at every > opportunity. I
Well, there's all kinds of stuff you could do with 'apt-cache' to tell you where the files are, but in short, they're all under '/usr/share/doc/lg*'. In fact, '/usr/share/doc' should be the first place you look for anything on your system that doesn't have built-in help or a manpage.
For future reference, the editor@ address at LG is used for article submissions and publication-related issues. If you have more general questions like the one above, please send them to The Answer Gang (tag at lists.linuxgazette.net) - that way, the answers get shared with the rest of our readers and benefit the entire community. I've CCd TAG on this exchange.
Best,
-- * Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
Purpose of some spam messages?
Kapil Hari Paranjape [kapil at imsc.res.in]
Thu, 1 Feb 2007 17:58:37 -0800
Hello,
I was just wondering if someone has thought about what is the purpose of SPAM messages which only contain some mish-mash text. The qualifying criteria are:
1. Only text without attachments. 2. Text that contains incoherent sentences or disconnected sentences. [*] 3. Definitely messages from addresses not known to the recipient.(The last is to exclude e-mail messages written by friends who are not quite sober at the time of writing ).
Here are some possiblities that occured to me.
A. These are messages that are designed to test/mar the efficiency of the spam detection systems currently employed by servers.
B. These messages contain coded messages that are flooded across the internet in an attempt to disguise their true origin/destination. The real message could be short one such as "the machine from which this has been sent has serious security holes".
C. This is generated for someone's research project.
D. This is the result of some spam generating software/virus which has bugs.
I don't know if this is worth wondering about ... except ... why is someone going to some trouble to make (a program which is making) life difficult for everyone?
Pointers to prior discussion welcome.
Thanks and regards,
Kapil. [*] Clearly (2) is subjective which makes such spam hard to detect automatically. --
[ Thread continues here (7 messages/12.19kB) ]
how did it(the webzine) all start?
MNZ [mnzaki at gmail.com]
Wed, 21 Feb 2007 23:49:52 +0400
Dear TAG, I am a regular reader and wanted to first thank you for the great zine. I'll probably be starting my own site/zine (long story short: 'tis all to keep in touch with my friends, who I have known for all my life but will have to leave them soon). The zine part won't be linux related(except maybe for one column every now and then).
I know I talk too much but, my question(s): When LG first started out, how did you get the readers? How was it publicized? How did you get your very first reader? Also any tips (Kat? Ben? team?) ?
One more thing: Write more POLOTMs or else I'll have to resort to violent methods!
-- //MNZ\\
[ Thread continues here (4 messages/11.14kB) ]
Paypal spam
Benjamin A. Okopnik [ben at linuxgazette.net]
Thu, 15 Feb 2007 20:51:48 -0800
On Mon, Feb 12, 2007 at 08:39:20PM -0800, Mike Orr wrote:
> Another twist on the Paypal phishing scam. > > http://sluggo.scrapping.cc/tmp/cartoon-paypal-fraud-part1.png > http://sluggo.scrapping.cc/tmp/cartoon-paypal-fraud-part2.png
Love that URL in part 2. Freakin' "0xc8.0x2b.0x50.0x74"? You'd think that anyone dumb enough to just click on URLs in these "bank" emails has already been stripped to the bone by sharks, but a) it doesn't kill them off, and 2) There's One Born Every Minute. I guess the spammers and the scammers will never run out of "soft targets".
Just for fun:
ben at Fenrir:~$ perl -wle'print join ".", map hex, "0xc8.0x2b.0x50.0x74" =~ /0x(..)/g' 200.43.80.116 ben at Fenrir:~$ whois 200.43.80.116|egrep '^[a-z-]+:' inetnum: 200.43.80.112/28 status: reallocated owner: Coop.Telef?ica de Villa del Totoral Ltda. ownerid: AR-CVTL-LACNIC responsible: Carlos Sanchez address: Pte.Per?, 551, address: 5236 - Villa del Totoral (Cordoba) - country: AR phone: +54 3524 647574 [] owner-c: CRS3 tech-c: CRS3 created: 20040420 changed: 20040420 inetnum-up: 200.43/16 nic-hdl: CRS3 person: Carlos R. Sanchez e-mail: csanchez24 at COOPTOTORAL.COM.AR address: Pte Peron 551, 0054, 3524470900 address: 5236 - Villa del Totoral - country: AR phone: +0054 3524 470900 [470000] created: 20040213 changed: 20040213Ah, a default install of RHEL that got cracked. I'm feeling a bit too lazy to ping the admin myself... it would be like sweeping back the tide.
-- * Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
[ Thread continues here (4 messages/7.84kB) ]
Followup: please recommend books about Linux
JOHN INGRESS [ingress at sbcglobal.net]
Fri, 2 Feb 2007 21:57:22 -0800 (PST)
[[[ This is a followup to http://linuxgazette.net/134/misc/lg/please_recommend_books_about_linux.html - Kat ]]]
Thanks. I have to admit I have not yet taken your advice, though they sound like good suggestions. I did, however, find Marcel Gagne's book Moving to Linux at the library. He mentioned Mandrake. I went to their site, now Mandriva, and downloaded Mandriva One, a free release (I'm willing to pay, but my needs are light...no gaming, just music, video, word processing.) However, when I try to open it, Microsoft says it can't find the file to open it, and I get lost after that. I've had MS Windows for 5 years, which I installed, and I have downloaded a dozen or two programs, but I'm still a newbie, I need specific instructions in some cases. Like this one. Any help would be most appreciated. The "Blue screen of Death" is killing me! Thanks. John
[ Thread continues here (2 messages/4.28kB) ]
wifi
guido dom [guido.dom at telenet.be]
Mon, 05 Feb 2007 12:29:15 +0100
Hello
My wireless - unsupported - card is inprocomm 2020 in an Acer Aspire Laptop.
I managed to get it working (with ndiswrapper - wifi radar and so in) in UBUNTU 5.04 en 5.10 but not in UBUNTU 6.04 and 6.10.
It simply is not recognised.
Cab you help, please?
[ Thread continues here (2 messages/1.22kB) ]
Mandriva 2007 - WiFi cards cannot find network
Savill, Owen [Owen.Savill at analog.com]
Mon, 5 Feb 2007 13:03:31 -0000
Hello Answer Gang,
This is my first time posting to you so I hope I get it right.
I am having big issues with my WiFi connectivity. Basically everything seems to be okay but attempting to ping an address results in a network unreachable message. I've used drakconnect to setup the wireless setup. The router itself is reporting the card as attached ! And ifconfig shows a continuous stream of traffic to the card but nothing from it.
The contents of /var/messages looks fine, apart from perhaps the last line:
Jan 5 08:49:10 localhost kernel: pccard: CardBus card inserted into slot 0 Jan 5 08:49:10 localhost kernel: PCI: Enabling device 0000:03:00.0 (0000 -> 0002) Jan 5 08:49:10 localhost kernel: ACPI: PCI Interrupt 0000:03:00.0[A] -> Link [LNKA] -> GSI 11 (level, low) -> IRQ 11 Jan 5 08:49:10 localhost kernel: Build date: Jan 4 2007 Jan 5 08:49:10 localhost kernel: Debugging version (IEEE80211) Jan 5 08:49:10 localhost kernel: ath0: 11a rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps Jan 5 08:49:10 localhost kernel: ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps Jan 5 08:49:10 localhost kernel: ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps Jan 5 08:49:10 localhost kernel: ath0: turboG rates: 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps Jan 5 08:49:10 localhost kernel: ath0: H/W encryption support: WEP AES AES_CCM TKIP Jan 5 08:49:10 localhost kernel: ath0: mac 5.9 phy 4.3 radio 3.6 Jan 5 08:49:10 localhost kernel: ath0: Use hw queue 1 for WME_AC_BE traffic Jan 5 08:49:10 localhost kernel: ath0: Use hw queue 0 for WME_AC_BK traffic Jan 5 08:49:10 localhost kernel: ath0: Use hw queue 2 for WME_AC_VI traffic Jan 5 08:49:10 localhost kernel: ath0: Use hw queue 3 for WME_AC_VO traffic Jan 5 08:49:10 localhost kernel: ath0: Use hw queue 8 for CAB traffic Jan 5 08:49:10 localhost kernel: ath0: Use hw queue 9 for beacons Jan 5 08:49:10 localhost kernel: Debugging version (ATH) Jan 5 08:49:10 localhost kernel: ath0: Atheros 5212: mem=0xd2000000, irq=11 Jan 5 08:49:12 localhost dhclient: DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 3 Jan 5 08:49:15 localhost dhclient: DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 3 Jan 5 08:49:18 localhost dhclient: DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 8 Jan 5 08:49:26 localhost dhclient: DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 8 Jan 5 08:49:28 localhost snmpd[3498]: netsnmp_assert index == tmp failed if-mib/data_access/interface.c:467 _access_interface_entry_save_name()Kernel logs are at the end of this message...
[ ... ]
[ Thread continues here (15 messages/37.53kB) ]