jonen/notes/notes_2003-02.twingle

<hr/>

  - Unix-Systems
    o learn howto move/maintain /etc of servers at cvs !!
    Debian:
      x search if new packages available, do 'apt-get --dry-run upgrade'! 
       x build small systool script 'apt-get_remote.pl' which do a cronly 'apt-get --dry-run upgrade' and send output via mail
       o review 'apt-get_remote.pl'
         o what's about parsing some response for comand like installing some marked packages
    FreeBSD(stable):
      o read more about BSD package systems (pkg, cvsup)
        x for simple package installation/de-installation use pkg
          x install downloaded package:
              :# pkg_add {package}-{version}.tgz
          x install package via remote server(only if package is available as *latest*): 
                pkg_add -r {package}.tgz
        x using cvsup
          x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
          x newbies could use cvsupit:
              :# pkg_add -r cvsupit.tgz
            - cvsupit will proberly ask you for the default values it
              place at /etc/cvsupfile, which is used by cvsup
            - after that it will start cvsup to update your system
          x if /etc/cvsupfile already exists and you know what you do,
             this command will update your system (maybe run it via cron...):
              :# /usr/local/bin/cvsup -g -L 2 /etc/cvsupfile
             where '-g' tells cvsup not to use a GUI, '-L 2' sets default output level to 2
          x for available cvs tags, look at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html
      o whats about daemon start-stop scripts (like at linux: /etc/init.d/) ?
       x some daemons (only installed ports?) start-stop-scripts are placed at '/usr/local/etc/rc.d/'
       o how at '/etc/rc.conf' toogled start-up scripts can be run manually(e.g. /etc/rc.firewall)?
      x configure and compile custom kernel:
        x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html
        x create custom kernel conf-file
          - cd usr/src/sys/i386/conf/
          - copy default kenrnel GENERIC to eg MYKERNEL
          - edit/modify MYKERNEL
        x configure sources(really?)
          - run /usr/sbin/config MYKERNEL
        x build kernel
          - cd ../../MYKERNEL
          - make depend
          - make
          - make install
      x use packet fiters (firewall):
        x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
        x some options at the kernel have to be enabled:
          - options IPFIREWALL
           Compiles into the kernel the code for packet filtering.
          - options IPFIREWALL_VERBOSE
           Enables code to allow logging of packets through syslogd.
           Without this option, even if you specify that packets should be logged in the filter rules, 
           nothing will happen.
          - options IPFIREWALL_VERBOSE_LIMIT=10
           Limits the number of packets logged through syslogd on a per entry basis.
           You may wish to use this option in hostile environments in which you want to log firewall activity,
           but do not want to be open to a denial of service attack via syslog flooding.
           When a chain entry reaches the packet limit specified, logging is turned off for that particular entry.
           To resume logging, you will need to reset the associated counter using the ipfw(8) utility:
                  :# ipfw zero 4500
           Where 4500 is the chain entry you wish to continue logging.
          - options IPFIREWALL_DEFAULT_TO_ACCEPT
           This changes the default rule action from ``deny'' to ``allow''.
           This avoids the possibility of locking yourself out if you happen to boot a kernel with IPFIREWALL support but have not configured your firewall yet.
           It is also very useful if you often use ipfw(8) as a filter for specific problems as they arise.
           Use with care though, as this opens up the firewall and changes the way it works.
        x firewall is enabled at /etc/rc.conf (or /etc/rc.conf.local)
             firewall_enabled = "YES"
             firewall_type = "{firewall_type}"
          x where {firewall_type} is either a case at /etc/rc.firewall (/etc/rc.firewall6 for ipv6)
             or some custom file to read rules from.
          x  Use firewall_type = "OPEN" for default policy 'OPEN' (allow all)


  - Linux & Wireless Lan:
    x install modules:
      x prims2 chipset based:
        - if debian kernel-image is used
           :#apt-get install linux-wlan-ng-modules-{your_arch}
        - if not, cd to some temp dir and
           :#apt-get source linux-wlan-ng   or wget sources manually if other dist is used
           :#cd linux-wlan-ng-{version}
           :#./Configure
           :#make all install
    x configure at debian:
      x add SSID to dev at /etc/wlan/wlan.conf e.g.:
         SSID_wlan0="WGATEWAY"
         ENABLE_wlan0=y
      x create and edit cutom config related to SSID
        :#cp /etc/wlan/wlancfg-DEFAULT /etc/wlan/wlancfg-WGATEWAY
        :#nano /etc/wlan/wlancfg-WGATEWAY
    x notes!:
       - prism2-based USB devices mostly needs hardware reset to get changes work!
         this is caused of the firmware and could only be solved by a firmware-upgrade
         of the vendor responsible for these devices.
    o get WEP really work at heterogen enviroments(eg. between Win and Linux)
    o WEP is unsecure! (see http://wepcrack.sourceforge.net/)
      o use IPSEC
      o or some other ideas?

  - Linux & Bluetooth
  
    With some tweaking bluetooth works as expected.
    You will need the above mentioned patch patch-2.4.20-mh6 to have full functionality with 2.4.20. Then add

      deb http://bluez.sourceforge.net/download/debian/woody/ ./
      deb-src http://bluez.sourceforge.net/download/debian/woody/ ./

    to your /etc/apt/sources.list for woody and install at least the packages "bluez-bluefw" 
    for loading the firmware into the usb bluetooth device. You will need "bluez-utils" for hci and rfcomm communications.
    You need to add this line

      bluefw 0x0003 0x044e 0x3001 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000

    to your /etc/hotplug/usb/bluefw.usermap to let the bluefw automatically load the appropriate firmware
    into your dongle once it shows up.

    I am using bluetooth with a Siemens S55, but e.g. Nokia 6310i goeas the same way.
    For an initial pairing you will need a pin in /etc/bluetooth/pin which at least needs to have 5 digits which is documented near nowhere.
    Once you do the pairing (Entered pin on the X requester popping up and on the cellphone) you can set your phone to not "Ask on connection".
    Afterwards i put the rfcomm config into the /etc/bluetooth/rfcomm.conf

    rfcomm0 {
            device 00:02:EE:B8:50:C5;
            channel 1;
            comment "S55 Dialup connection";
    }

    rfcomm1 {
            device 00:02:EE:B8:50:C5;
            channel 9;
            comment "S55 OBEX";
    }

    For dialing out via ppp you now can use /dev/rfcomm0 which should lead to your phone asking you to accept the connection.
    For debugging you can use these commands:

    :~$ sudo hcitool scan
    Scanning ...
        00:02:EE:B8:50:C5       6310i.rfc822
    :~$ sudo hcitool info 00:02:EE:B8:50:C5
    Requesting information ...
        BD Address:  00:02:EE:B8:50:C5
        Device Name: 6310i.rfc822
        LMP Version: 1.1 (0x1) LMP Subversion: 0x22c
        Manufacturer: Nokia Mobile Phones (1)
        Features: 0xbf 0x28 0x21 0x00
                <3-slot packets> <5-slot packets> <encryption> <slot offset>
                <timing accuracy> <role switch> <sniff mode> <SCO link>
                <HV3 packets> <CVSD>
    :~$ sudo sdptool browse
    Inquiring ...
    Browsing 00:02:EE:B8:50:C5 ...
    Service Name: Fax
    Service RecHandle: 0x10000
    Service Class ID List:
      "Fax" (0x1111)
      "Generic Telephony" (0x1204)
    Protocol Descriptor List:
      "L2CAP" (0x0100)
      "RFCOMM" (0x0003)
        Channel: 2
    Language Base Attr List:
      code_ISO639: 0x656e
      encoding:    0x6a
      base_offset: 0x100
    Profile Descriptor List:
      "Fax" (0x1111)
        Version: 0x0100

Service Name: OBEX Object Push
Service RecHandle: 0x10001
Service Class ID List:
  "OBEX Object Push" (0x1105)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 9
  "OBEX" (0x0008)
Language Base Attr List:
  code_ISO639: 0x656e
  encoding:    0x6a
  base_offset: 0x100
Profile Descriptor List:
  "OBEX Object Push" (0x1105)
    Version: 0x0100

Service Name: Audio Gateway
Service RecHandle: 0x10002
Service Class ID List:
  "Headset Audio Gateway" (0x1112)
  "Generic Audio" (0x1203)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 12
Language Base Attr List:
  code_ISO639: 0x656e
  encoding:    0x6a
  base_offset: 0x100
Profile Descriptor List:
  "Headset" (0x1108)
    Version: 0x0100

Service Name: COM 1
Service RecHandle: 0x10003
Service Class ID List:
  "Serial Port" (0x1101)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 3
Language Base Attr List:
  code_ISO639: 0x656e
  encoding:    0x6a
  base_offset: 0x100

Service Name: Voice Gateway
Service RecHandle: 0x10004
Service Class ID List:
  "" (0x111f)
  "Generic Audio" (0x1203)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 13
Language Base Attr List:
  code_ISO639: 0x656e
  encoding:    0x6a
  base_offset: 0x100
Profile Descriptor List:
  "" (0x111e)
    Version: 0x0100

Service Name: Dial-up networking
Service RecHandle: 0x10009
Service Class ID List:
  "Dialup Networking" (0x1103)
  "Generic Networking" (0x1201)
Protocol Descriptor List:
  "L2CAP" (0x0100)
  "RFCOMM" (0x0003)
    Channel: 1
Language Base Attr List:
  code_ISO639: 0x656e
  encoding:    0x6a
  base_offset: 0x100
Profile Descriptor List:
  "Dialup Networking" (0x1103)
    Version: 0x0100

    - Hardware Notes:
      x Broadcom 2033 chipset (tested with an ALLNET 7031 Class1 USB Adapter)
        - Make sure you have bluefw and hotplug installed, then everything works fine right out of the box.
         x on debian using default or for newer packages above sources:
           :#apt-get install bluez-bluefw
        - DO NOT enable the bluetooth.o module to avoid it being loaded by hotplug!!
         x this can be done by adding  'bluetooth' to '/etc/hotplug/blacklist'

           The Bluetooth device in this laptop is a USB Bluetooth device.
           By default, Linux provides two different device drivers for USB Bluetooth devices: bluetooth.o and hci_usb.o.
           The hci_usb.o is the correct driver for this device. Both drivers are loaded when the Bluetooth button is pushed
           but unfortunately bluetooth.o obtains the device first, not allowing hci_usb.o to use the device.
           In order for the Bluetooth device to be function, the bluetooth.o driver must not load. 
           One way to stop the bluetooth.o driver from loading is to remove the driver from the system. This is accomplished by doing:

           :#rm /lib/modules/2.4.18-14/kernel/drivers/usb/bluetooth.o
           :#depmod -a 

           Now, if inserting th usb device only the hci_usb.o should be loaded.

  - ACPI
    x get suspend work
      - compile kernel with 'Software Suspend Support'
      - some interesting post:
       from http://lists.debian.org/debian-laptop/2002/debian-laptop-200208/msg00349.html 
      #------- begin post -----------------------
      From: "Bem Ajani Jones-Bey" <ajani@OCF.Berkeley.EDU>
      > On Fri, Aug 23, 2002 at 01:14:06PM +0200, Erich Schubert wrote:
      > > Well, S1 is sleep mode, so your BIOS claims to not support sleep mode!
      > > Try getting a bios update, that might help.
      > > S5 is poweroff... S3 or S4 are suspend levels i think... one might be
      > > power-off, maybe that was S3...
      S4 is suspend-to-disk, S3 is suspend-to-RAM.
      > So, last I checked, Linux ACPI didn't support suspend to memory or
      > suspend to disk; the software suspend patch is the only way to get an
      > ACPI laptop to do anything resembling sleeping. I was also under the
      > impression that this wasn't going to work for awhile; at least until
      > 2.6. I admit I haven't looked at ACPI in a couple months, but last time
      > I looked, they were projecting that suspend./sleep wouldn't happen any
      > time soon.
      Last I checked, ACPI does suspend to memory or disk, using swsusp.  It's
      even all integrated into the 2.5 kernels (though the CONFIG_SWSUSP option is
      buried in the kernel hacking section rather than ACPI). If you don't want to
      run an experimental kernel, then you can patch 2.4.x from the acpi.sf.net site.
      #-------- end post -------------------------------


  - Backup:
    x bacula (http://www.bacula.org)
       Bacula is a set of computer programs that permit you (or the system administrator) to manage backup, 
       recovery, and verification of computer data across a network of computers of different kinds. 
       In technical terms, it is a network client/server based backup program. 
       Bacula is relatively easy to use and efficient, while offering many advanced storage management features 
       that make it easy to find and recover lost or damaged files.
       Bacula source code has been released under the GPL version 2 license.
      x created debian package, cause we can't found any other
        x wrote some notes about how to build an debian binary package
            http://www.netfrag.org/~jonen/computing/docs/build_bacula_deb.html
        o create 'postinst' and 'prerm' scripts for saving configs on update, etc.
      x tested network backup with Director, Storage Daemon and File Daemon(Client)
         at different hosts, works great!
      x tested backup to FileStorage, instead of using tapes drives
         (if someone would like to sponsor some tape drive, you're more than welcome!)
       notes:
        x remember to use different 'LabelFormat' filename at each pool !
        x use compression at 'FileSet' definition, where GZIP is equal to GZIP6, means compression-level 6 (1-9)
         example:
           # ====== snip FileSet ============
           FileSet {
             Name = "Full Set"
             Include = signature=MD5 compression=GZIP { 
             /home
             }
            Exclude = { *.o }
          }
           # ====== snip FileSet ============
         

  - QoS (Quality of Services)
    o check it out !

  - Apache/php:
    - apache aliases - redirect '/' to index.php (used for url catching/rewriting)

  - PHP:
    x search for php widget lib
     x APL (http://apl.sourceforge.net) 
       - huge lib in pure C
     x phphtmllib (http://phphtmllib.newsblob.com)
         a mainly widget/render lib, written in php, complete OO-based
         and with nice DataList rendering (abstract source API)
       x integrated with flib
       x wrote some classes to browse data-objects via class DataList (new classes flibRPCDataSource, ObjectList, TsBackend)
         o rename flibRPCDataSource (maybe rework to get more abstract)
         o review ObjectList amd move it to phphhtmllib
       x semi-integraded with class FormBuilder from binarycloud via interface class FormElementsInterface
         x new class DataItem, which render one data object for viewing/editing
       x integrated new FormProcessing classes from phphtmllib (released one day after interface to binaryclouds Formbuilder was written ;)
         x refactored DataItem to use now phphtmllib form processing instead of interface to binarycload
           o review code and move to phphtmllib
     o XOOPS (http://xoops.org)
         XOOPS is a dynamic OO (Object Oriented) based open source portal script written in PHP.
         It is the ideal tool for developing small to large dynamic community websites, intra company portals, 
         corporate portals, weblogs and much more.
     o binarycloud (http://binarycloud.com)
         binarycloud is an enterprise class web application platform. binarycloud shares many of the capabilities of products 
         like Oracle 9i AS (Application Server) and IBM's WebSphere:
         Proper definition of a framework: "A framework supplies the infrastructure and mechanisms that execute a policy for 
         interaction between abstract components with open implementations" 
        - benefits:
            x much code done yet!
        - drawbacks: 
             o not-really 100% clean code
             o complex app which gives you only limited possibilities to use only some classes, so not very modular
   

  - OpenLDAP:
    - Contacts:
      o Evolution: modify/create schema (map Attribute) so the field 'Note' and others can be used

    - PAM + SASL
      o seems pam will only works(will only be activated) if plain passwords are used
      o read more about PAM special in co-operate with SASL !! 

    - Kerberos V
      x use GQ LdapBrowser with SASL to authenticate against ldap
         - this requires a 'kinit <username>' at the shell to get the kerberos ticket
         - ldap will check your ticket pricipial against its acl's !
      o 'libpam-ldap' from Turbo is bad, don't use it !! (remember at 'apt-get upgrade' !!)
      o write this down in some (existing e.g. sendmail?) howto

    - Sendmail
      o research some about sendmail-cluster, 2 mx records, howto to set up second mx/cluster?
       x backup mx:
          - set up second mx at dns
          - add at backup mx place some like this at /etx/mail/mailtertable:
               domain.com     esmtp:[123.123.123.123]
             where the ip points to the system the real user accounts
            and add every domain to /etc/mail/relay-domains:
               domain.com
             o whats about these *open* relaying rules(security ?!?)
       x simple load balancing:
          - set up two(or more) mx records with same priority at dns
          - add at every mx place some like this at /etx/mail/mailtertable:
               domain.com     esmtp:[123.123.123.123]
             where the ip points to the system the real user accounts are
          note: this will do load balancing between eg 2 mail server, but if one fails,
                   there is only a 50% chance that sent messages would arrive
      o change '/etc/init.d/amavisd' to '/etc/init.d/amavis-milter' in howto
      o migrationtools:
        o patch migrationtools for sendmail aliases support (/usr/share/migrationtools/migrate_aliases.pl)
        o create, or search web for, migrationtool for sendmail virtusertable (/usr/share/migrationtools/migrate_virtuser.pl)
        o review patched kerberosV support at /usr/share/migrationtools/migrate_user.pl?
  

  - MySQL:
    o move this to mysql-common-tasks howto
       - Create Database
         :# mysqladmin create <database>
       - Set Privileges on databases(creates user too, if not exists...):
           mysql>grant all on {database}.* to {user} identified by "{pass}";
           mysql>grant all on {database}.* to {user}@{domain} identified by "{pass}";


  - Document saving:
    o remember *.doc is a non-standard, bloated Mircosoft format, use HTML instead !!
       see http://www.fsf.org/philosophy/no-word-attachments.html

  - my documents:
    o convert all howto's to SDF format ( look at 'nfo/doc/computing/sysadmin/linux/example_sdf_howto.sdf' )
    o learn more about Lyx/LaTex
      o convert all howto's to LaTex format ( look at 'nfo/doc/computing/sysadmin/linux/example_latex_howto.lyx' )


  - news.netfrag.org:
    o create remote functions to implement e.g.:
      o a mozilla button for creating new newsgroups


future:
  o build 'black box' to trace for 'spys' at a isdn/internet connection ;)

<hr/>
$Id: notes_2003-02.twingle,v 1.7 2003/03/13 22:42:31 jonen Exp $
     
1	<hr/>
2
3	- Unix-Systems
4	o learn howto move/maintain /etc of servers at cvs !!
5	Debian:
6	x search if new packages available, do 'apt-get --dry-run upgrade'!
7	x build small systool script 'apt-get_remote.pl' which do a cronly 'apt-get --dry-run upgrade' and send output via mail
8	o review 'apt-get_remote.pl'
9	o what's about parsing some response for comand like installing some marked packages
10	FreeBSD(stable):
11	o read more about BSD package systems (pkg, cvsup)
12	x for simple package installation/de-installation use pkg
13	x install downloaded package:
14	:# pkg_add {package}-{version}.tgz
15	x install package via remote server(only if package is available as latest):
16	pkg_add -r {package}.tgz
17	x using cvsup
18	x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
19	x newbies could use cvsupit:
20	:# pkg_add -r cvsupit.tgz
21	- cvsupit will proberly ask you for the default values it
22	place at /etc/cvsupfile, which is used by cvsup
23	- after that it will start cvsup to update your system
24	x if /etc/cvsupfile already exists and you know what you do,
25	this command will update your system (maybe run it via cron...):
26	:# /usr/local/bin/cvsup -g -L 2 /etc/cvsupfile
27	where '-g' tells cvsup not to use a GUI, '-L 2' sets default output level to 2
28	x for available cvs tags, look at http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvs-tags.html
29	o whats about daemon start-stop scripts (like at linux: /etc/init.d/) ?
30	x some daemons (only installed ports?) start-stop-scripts are placed at '/usr/local/etc/rc.d/'
31	o how at '/etc/rc.conf' toogled start-up scripts can be run manually(e.g. /etc/rc.firewall)?
32	x configure and compile custom kernel:
33	x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html
34	x create custom kernel conf-file
35	- cd usr/src/sys/i386/conf/
36	- copy default kenrnel GENERIC to eg MYKERNEL
37	- edit/modify MYKERNEL
38	x configure sources(really?)
39	- run /usr/sbin/config MYKERNEL
40	x build kernel
41	- cd ../../MYKERNEL
42	- make depend
43	- make
44	- make install
45	x use packet fiters (firewall):
46	x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html
47	x some options at the kernel have to be enabled:
48	- options IPFIREWALL
49	Compiles into the kernel the code for packet filtering.
50	- options IPFIREWALL_VERBOSE
51	Enables code to allow logging of packets through syslogd.
52	Without this option, even if you specify that packets should be logged in the filter rules,
53	nothing will happen.
54	- options IPFIREWALL_VERBOSE_LIMIT=10
55	Limits the number of packets logged through syslogd on a per entry basis.
56	You may wish to use this option in hostile environments in which you want to log firewall activity,
57	but do not want to be open to a denial of service attack via syslog flooding.
58	When a chain entry reaches the packet limit specified, logging is turned off for that particular entry.
59	To resume logging, you will need to reset the associated counter using the ipfw(8) utility:
60	:# ipfw zero 4500
61	Where 4500 is the chain entry you wish to continue logging.
62	- options IPFIREWALL_DEFAULT_TO_ACCEPT
63	This changes the default rule action from ``deny'' to ``allow''.
64	This avoids the possibility of locking yourself out if you happen to boot a kernel with IPFIREWALL support but have not configured your firewall yet.
65	It is also very useful if you often use ipfw(8) as a filter for specific problems as they arise.
66	Use with care though, as this opens up the firewall and changes the way it works.
67	x firewall is enabled at /etc/rc.conf (or /etc/rc.conf.local)
68	firewall_enabled = "YES"
69	firewall_type = "{firewall_type}"
70	x where {firewall_type} is either a case at /etc/rc.firewall (/etc/rc.firewall6 for ipv6)
71	or some custom file to read rules from.
72	x Use firewall_type = "OPEN" for default policy 'OPEN' (allow all)
73
74
75	- Linux & Wireless Lan:
76	x install modules:
77	x prims2 chipset based:
78	- if debian kernel-image is used
79	:#apt-get install linux-wlan-ng-modules-{your_arch}
80	- if not, cd to some temp dir and
81	:#apt-get source linux-wlan-ng or wget sources manually if other dist is used
82	:#cd linux-wlan-ng-{version}
83	:#./Configure
84	:#make all install
85	x configure at debian:
86	x add SSID to dev at /etc/wlan/wlan.conf e.g.:
87	SSID_wlan0="WGATEWAY"
88	ENABLE_wlan0=y
89	x create and edit cutom config related to SSID
90	:#cp /etc/wlan/wlancfg-DEFAULT /etc/wlan/wlancfg-WGATEWAY
91	:#nano /etc/wlan/wlancfg-WGATEWAY
92	x notes!:
93	- prism2-based USB devices mostly needs hardware reset to get changes work!
94	this is caused of the firmware and could only be solved by a firmware-upgrade
95	of the vendor responsible for these devices.
96	o get WEP really work at heterogen enviroments(eg. between Win and Linux)
97	o WEP is unsecure! (see http://wepcrack.sourceforge.net/)
98	o use IPSEC
99	o or some other ideas?
100
101	- Linux & Bluetooth
102
103	With some tweaking bluetooth works as expected.
104	You will need the above mentioned patch patch-2.4.20-mh6 to have full functionality with 2.4.20. Then add
105
106	deb http://bluez.sourceforge.net/download/debian/woody/ ./
107	deb-src http://bluez.sourceforge.net/download/debian/woody/ ./
108
109	to your /etc/apt/sources.list for woody and install at least the packages "bluez-bluefw"
110	for loading the firmware into the usb bluetooth device. You will need "bluez-utils" for hci and rfcomm communications.
111	You need to add this line
112
113	bluefw 0x0003 0x044e 0x3001 0x0000 0x0000 0x00 0x00 0x00 0x00 0x00 0x00 0x00000000
114
115	to your /etc/hotplug/usb/bluefw.usermap to let the bluefw automatically load the appropriate firmware
116	into your dongle once it shows up.
117
118	I am using bluetooth with a Siemens S55, but e.g. Nokia 6310i goeas the same way.
119	For an initial pairing you will need a pin in /etc/bluetooth/pin which at least needs to have 5 digits which is documented near nowhere.
120	Once you do the pairing (Entered pin on the X requester popping up and on the cellphone) you can set your phone to not "Ask on connection".
121	Afterwards i put the rfcomm config into the /etc/bluetooth/rfcomm.conf
122
123	rfcomm0 {
124	device 00:02:EE:B8:50:C5;
125	channel 1;
126	comment "S55 Dialup connection";
127	}
128
129	rfcomm1 {
130	device 00:02:EE:B8:50:C5;
131	channel 9;
132	comment "S55 OBEX";
133	}
134
135	For dialing out via ppp you now can use /dev/rfcomm0 which should lead to your phone asking you to accept the connection.
136	For debugging you can use these commands:
137
138	:~$ sudo hcitool scan
139	Scanning ...
140	00:02:EE:B8:50:C5 6310i.rfc822
141	:~$ sudo hcitool info 00:02:EE:B8:50:C5
142	Requesting information ...
143	BD Address: 00:02:EE:B8:50:C5
144	Device Name: 6310i.rfc822
145	LMP Version: 1.1 (0x1) LMP Subversion: 0x22c
146	Manufacturer: Nokia Mobile Phones (1)
147	Features: 0xbf 0x28 0x21 0x00
148	<3-slot packets> <5-slot packets> <encryption> <slot offset>
149	<timing accuracy> <role switch> <sniff mode> <SCO link>
150	<HV3 packets> <CVSD>
151	:~$ sudo sdptool browse
152	Inquiring ...
153	Browsing 00:02:EE:B8:50:C5 ...
154	Service Name: Fax
155	Service RecHandle: 0x10000
156	Service Class ID List:
157	"Fax" (0x1111)
158	"Generic Telephony" (0x1204)
159	Protocol Descriptor List:
160	"L2CAP" (0x0100)
161	"RFCOMM" (0x0003)
162	Channel: 2
163	Language Base Attr List:
164	code_ISO639: 0x656e
165	encoding: 0x6a
166	base_offset: 0x100
167	Profile Descriptor List:
168	"Fax" (0x1111)
169	Version: 0x0100
170
171	Service Name: OBEX Object Push
172	Service RecHandle: 0x10001
173	Service Class ID List:
174	"OBEX Object Push" (0x1105)
175	Protocol Descriptor List:
176	"L2CAP" (0x0100)
177	"RFCOMM" (0x0003)
178	Channel: 9
179	"OBEX" (0x0008)
180	Language Base Attr List:
181	code_ISO639: 0x656e
182	encoding: 0x6a
183	base_offset: 0x100
184	Profile Descriptor List:
185	"OBEX Object Push" (0x1105)
186	Version: 0x0100
187
188	Service Name: Audio Gateway
189	Service RecHandle: 0x10002
190	Service Class ID List:
191	"Headset Audio Gateway" (0x1112)
192	"Generic Audio" (0x1203)
193	Protocol Descriptor List:
194	"L2CAP" (0x0100)
195	"RFCOMM" (0x0003)
196	Channel: 12
197	Language Base Attr List:
198	code_ISO639: 0x656e
199	encoding: 0x6a
200	base_offset: 0x100
201	Profile Descriptor List:
202	"Headset" (0x1108)
203	Version: 0x0100
204
205	Service Name: COM 1
206	Service RecHandle: 0x10003
207	Service Class ID List:
208	"Serial Port" (0x1101)
209	Protocol Descriptor List:
210	"L2CAP" (0x0100)
211	"RFCOMM" (0x0003)
212	Channel: 3
213	Language Base Attr List:
214	code_ISO639: 0x656e
215	encoding: 0x6a
216	base_offset: 0x100
217
218	Service Name: Voice Gateway
219	Service RecHandle: 0x10004
220	Service Class ID List:
221	"" (0x111f)
222	"Generic Audio" (0x1203)
223	Protocol Descriptor List:
224	"L2CAP" (0x0100)
225	"RFCOMM" (0x0003)
226	Channel: 13
227	Language Base Attr List:
228	code_ISO639: 0x656e
229	encoding: 0x6a
230	base_offset: 0x100
231	Profile Descriptor List:
232	"" (0x111e)
233	Version: 0x0100
234
235	Service Name: Dial-up networking
236	Service RecHandle: 0x10009
237	Service Class ID List:
238	"Dialup Networking" (0x1103)
239	"Generic Networking" (0x1201)
240	Protocol Descriptor List:
241	"L2CAP" (0x0100)
242	"RFCOMM" (0x0003)
243	Channel: 1
244	Language Base Attr List:
245	code_ISO639: 0x656e
246	encoding: 0x6a
247	base_offset: 0x100
248	Profile Descriptor List:
249	"Dialup Networking" (0x1103)
250	Version: 0x0100
251
252	- Hardware Notes:
253	x Broadcom 2033 chipset (tested with an ALLNET 7031 Class1 USB Adapter)
254	- Make sure you have bluefw and hotplug installed, then everything works fine right out of the box.
255	x on debian using default or for newer packages above sources:
256	:#apt-get install bluez-bluefw
257	- DO NOT enable the bluetooth.o module to avoid it being loaded by hotplug!!
258	x this can be done by adding 'bluetooth' to '/etc/hotplug/blacklist'
259
260	The Bluetooth device in this laptop is a USB Bluetooth device.
261	By default, Linux provides two different device drivers for USB Bluetooth devices: bluetooth.o and hci_usb.o.
262	The hci_usb.o is the correct driver for this device. Both drivers are loaded when the Bluetooth button is pushed
263	but unfortunately bluetooth.o obtains the device first, not allowing hci_usb.o to use the device.
264	In order for the Bluetooth device to be function, the bluetooth.o driver must not load.
265	One way to stop the bluetooth.o driver from loading is to remove the driver from the system. This is accomplished by doing:
266
267	:#rm /lib/modules/2.4.18-14/kernel/drivers/usb/bluetooth.o
268	:#depmod -a
269
270	Now, if inserting th usb device only the hci_usb.o should be loaded.
271
272	- ACPI
273	x get suspend work
274	- compile kernel with 'Software Suspend Support'
275	- some interesting post:
276	from http://lists.debian.org/debian-laptop/2002/debian-laptop-200208/msg00349.html
277	#------- begin post -----------------------
278	From: "Bem Ajani Jones-Bey" <ajani@OCF.Berkeley.EDU>
279	> On Fri, Aug 23, 2002 at 01:14:06PM +0200, Erich Schubert wrote:
280	> > Well, S1 is sleep mode, so your BIOS claims to not support sleep mode!
281	> > Try getting a bios update, that might help.
282	> > S5 is poweroff... S3 or S4 are suspend levels i think... one might be
283	> > power-off, maybe that was S3...
284	S4 is suspend-to-disk, S3 is suspend-to-RAM.
285	> So, last I checked, Linux ACPI didn't support suspend to memory or
286	> suspend to disk; the software suspend patch is the only way to get an
287	> ACPI laptop to do anything resembling sleeping. I was also under the
288	> impression that this wasn't going to work for awhile; at least until
289	> 2.6. I admit I haven't looked at ACPI in a couple months, but last time
290	> I looked, they were projecting that suspend./sleep wouldn't happen any
291	> time soon.
292	Last I checked, ACPI does suspend to memory or disk, using swsusp. It's
293	even all integrated into the 2.5 kernels (though the CONFIG_SWSUSP option is
294	buried in the kernel hacking section rather than ACPI). If you don't want to
295	run an experimental kernel, then you can patch 2.4.x from the acpi.sf.net site.
296	#-------- end post -------------------------------
297
298
299	- Backup:
300	x bacula (http://www.bacula.org)
301	Bacula is a set of computer programs that permit you (or the system administrator) to manage backup,
302	recovery, and verification of computer data across a network of computers of different kinds.
303	In technical terms, it is a network client/server based backup program.
304	Bacula is relatively easy to use and efficient, while offering many advanced storage management features
305	that make it easy to find and recover lost or damaged files.
306	Bacula source code has been released under the GPL version 2 license.
307	x created debian package, cause we can't found any other
308	x wrote some notes about how to build an debian binary package
309	http://www.netfrag.org/~jonen/computing/docs/build_bacula_deb.html
310	o create 'postinst' and 'prerm' scripts for saving configs on update, etc.
311	x tested network backup with Director, Storage Daemon and File Daemon(Client)
312	at different hosts, works great!
313	x tested backup to FileStorage, instead of using tapes drives
314	(if someone would like to sponsor some tape drive, you're more than welcome!)
315	notes:
316	x remember to use different 'LabelFormat' filename at each pool !
317	x use compression at 'FileSet' definition, where GZIP is equal to GZIP6, means compression-level 6 (1-9)
318	example:
319	# ====== snip FileSet ============
320	FileSet {
321	Name = "Full Set"
322	Include = signature=MD5 compression=GZIP {
323	/home
324	}
325	Exclude = { *.o }
326	}
327	# ====== snip FileSet ============
328
329
330	- QoS (Quality of Services)
331	o check it out !
332
333	- Apache/php:
334	- apache aliases - redirect '/' to index.php (used for url catching/rewriting)
335
336	- PHP:
337	x search for php widget lib
338	x APL (http://apl.sourceforge.net)
339	- huge lib in pure C
340	x phphtmllib (http://phphtmllib.newsblob.com)
341	a mainly widget/render lib, written in php, complete OO-based
342	and with nice DataList rendering (abstract source API)
343	x integrated with flib
344	x wrote some classes to browse data-objects via class DataList (new classes flibRPCDataSource, ObjectList, TsBackend)
345	o rename flibRPCDataSource (maybe rework to get more abstract)
346	o review ObjectList amd move it to phphhtmllib
347	x semi-integraded with class FormBuilder from binarycloud via interface class FormElementsInterface
348	x new class DataItem, which render one data object for viewing/editing
349	x integrated new FormProcessing classes from phphtmllib (released one day after interface to binaryclouds Formbuilder was written ;)
350	x refactored DataItem to use now phphtmllib form processing instead of interface to binarycload
351	o review code and move to phphtmllib
352	o XOOPS (http://xoops.org)
353	XOOPS is a dynamic OO (Object Oriented) based open source portal script written in PHP.
354	It is the ideal tool for developing small to large dynamic community websites, intra company portals,
355	corporate portals, weblogs and much more.
356	o binarycloud (http://binarycloud.com)
357	binarycloud is an enterprise class web application platform. binarycloud shares many of the capabilities of products
358	like Oracle 9i AS (Application Server) and IBM's WebSphere:
359	Proper definition of a framework: "A framework supplies the infrastructure and mechanisms that execute a policy for
360	interaction between abstract components with open implementations"
361	- benefits:
362	x much code done yet!
363	- drawbacks:
364	o not-really 100% clean code
365	o complex app which gives you only limited possibilities to use only some classes, so not very modular
366
367
368	- OpenLDAP:
369	- Contacts:
370	o Evolution: modify/create schema (map Attribute) so the field 'Note' and others can be used
371
372	- PAM + SASL
373	o seems pam will only works(will only be activated) if plain passwords are used
374	o read more about PAM special in co-operate with SASL !!
375
376	- Kerberos V
377	x use GQ LdapBrowser with SASL to authenticate against ldap
378	- this requires a 'kinit <username>' at the shell to get the kerberos ticket
379	- ldap will check your ticket pricipial against its acl's !
380	o 'libpam-ldap' from Turbo is bad, don't use it !! (remember at 'apt-get upgrade' !!)
381	o write this down in some (existing e.g. sendmail?) howto
382
383	- Sendmail
384	o research some about sendmail-cluster, 2 mx records, howto to set up second mx/cluster?
385	x backup mx:
386	- set up second mx at dns
387	- add at backup mx place some like this at /etx/mail/mailtertable:
388	domain.com esmtp:[123.123.123.123]
389	where the ip points to the system the real user accounts
390	and add every domain to /etc/mail/relay-domains:
391	domain.com
392	o whats about these open relaying rules(security ?!?)
393	x simple load balancing:
394	- set up two(or more) mx records with same priority at dns
395	- add at every mx place some like this at /etx/mail/mailtertable:
396	domain.com esmtp:[123.123.123.123]
397	where the ip points to the system the real user accounts are
398	note: this will do load balancing between eg 2 mail server, but if one fails,
399	there is only a 50% chance that sent messages would arrive
400	o change '/etc/init.d/amavisd' to '/etc/init.d/amavis-milter' in howto
401	o migrationtools:
402	o patch migrationtools for sendmail aliases support (/usr/share/migrationtools/migrate_aliases.pl)
403	o create, or search web for, migrationtool for sendmail virtusertable (/usr/share/migrationtools/migrate_virtuser.pl)
404	o review patched kerberosV support at /usr/share/migrationtools/migrate_user.pl?
405
406
407	- MySQL:
408	o move this to mysql-common-tasks howto
409	- Create Database
410	:# mysqladmin create <database>
411	- Set Privileges on databases(creates user too, if not exists...):
412	mysql>grant all on {database}.* to {user} identified by "{pass}";
413	mysql>grant all on {database}.* to {user}@{domain} identified by "{pass}";
414
415
416	- Document saving:
417	o remember *.doc is a non-standard, bloated Mircosoft format, use HTML instead !!
418	see http://www.fsf.org/philosophy/no-word-attachments.html
419
420	- my documents:
421	o convert all howto's to SDF format ( look at 'nfo/doc/computing/sysadmin/linux/example_sdf_howto.sdf' )
422	o learn more about Lyx/LaTex
423	o convert all howto's to LaTex format ( look at 'nfo/doc/computing/sysadmin/linux/example_latex_howto.lyx' )
424
425
426	- news.netfrag.org:
427	o create remote functions to implement e.g.:
428	o a mozilla button for creating new newsgroups
429
430
431	future:
432	o build 'black box' to trace for 'spys' at a isdn/internet connection ;)
433
434	<hr/>
435	$Id: notes_2003-02.twingle,v 1.7 2003/03/13 22:42:31 jonen Exp $
436
MailToCvsAdmin">MailToCvsAdmin	ViewVC Help
Powered by ViewVC 1.1.26