June 11 meeting - Unbreaking Linux Audio


Daniel Chen is a Master of the Universe. No, not like "He-Man". He contributes significant time to the Ubuntu project, helping make audio applications and infrastructure "just work". This is a huge undertaking, since there are so many sound card drivers and so many audio frameworks that have come and gone over the years. This work has earned him the title of MotU from the Ubuntu team.

Dan will give us an idea of how audio works in Linux (visualize: spaghetti). And he'll share tips and tricks on making audio applications work seamlessly... or, at least with less frustration than before.

Dan is part of the TriLUG diaspora, who frequently graced our presence in years past, but who now only return when bribed with free pizza and the chance to speak in front of the crowd. Let's give Dan a big homecoming welcome.

May 14th meeting - LinuxDNA


Tyler McAdams has been researching ways to fine-tune systems to run extremely fast. He is involved with a global project called "LinuxDNA", which aims to optimize the binaries which run on a machine, with special emphasis on the kernel. His team employs a compiler from Intel that is very good at producing optimized code for the x86 family of processors.

Bonus points if you can tell which distro Tyler likes to run (see below).

Come hear Tyler tell his secrets and his war stories about making Linux run FAST.

You guessed it... it's Gentoo.

March 12th meeting - Geographic Information Systems


WHAT: March TriLUG meeting WHEN: Thursday, March 12th, 7:00pm WHERE: Red Hat HQ, NCSU Centennial Campus MAP: http://www.redhat.com/about/contact/ww/americas/raleigh.html

This month, our very own Doug Newcomb will give us an introduction to the fascinating world of Geographic Information Systems. It's the ultimate form of representing the world around us using computers. Literally, we're mapping out our entire planet for use online.

We've all used Google Maps and Mapquest. But have you heard of the collaborative effort at OpenStreetMap.org [1] to produce a complete map of the world, entirely from user-contributed data?

Closer to home, we might use the local land records web sites: Wake County IMAPS [2], Durham GIS web [3] or the Chatham County GIS [4]. See how open source software and free-license data fit into these systems (or not).

And now, consumers with TomTom GPS's can share map updates with other users using TomTom Home "map share" [5]. Again, people helping people, correcting the data that they know about best, close to their homes.

On Thursday night, Doug will tell us about a variety of GIS projects, both commercial and open source, with proprietary and open sources of map data.

See you all there.


[1] http://openstreetmap.org/ [2] http://imaps.co.wake.nc.us/imaps [3] http://gisweb2.ci.durham.nc.us/sdx/ [4] http://www.chathamgis.com/ [5] http://www.tomtom.com/page/mapshare/

April 9th meeting - Lightning Talks


The April meeting will be a chance for members to share tips and tools with each other, in the form of "Lightning Talks". Each speaker will be given 10 minutes to discuss an indispensable tool to the group, including time for questions. Bring your ideas, and be ready to "share and enjoy".

So you think you've been rooted...


Since we had a break-in on pilot recently, I thought I would bring up a couple of points.


First of all, it appears that what happened to pilot was that a vulnerability in "RoundCube", a fancy web mail package, was exploited by a script that installs a "bot" (part of a botnet).

As far as I can tell, no files or emails were damaged. Everything appeared to be intact. It looks to me like it was just talking to a lot of other machines via an IRC channel (and that's how we noticed it).

The bot was running as user 'www-data'. So technically, we were not 'rooted'... we were 'apache-ed'.


But since we have had a break-in, it makes me think of what damage could have been done.

Personally, I was thinking about my SSH keys. On any semi-public machine like pilot, I encrypt my SSH keys with a passphrase (see "ssh-keygen -p"). So if someone were able to read my private key in ~porter/.ssh/id_rsa, all they would get was a load of DES-encrypted bits. In this case, it's doubtful that they could have read the file, since it has 700 perms.

But if an attacker had read these files, and if my key were not encrypted, then now would be a good time to go onto all my other accounts and make sure that my TriLUG SSH key was not listed in the ~/.ssh/authorized_keys files. This would keep one break-in from leading to a series of break-ins. This is left as an exercise for the paranoid reader.

As it stands, it looks like your SSH keys were never at risk. At least not from the bot... remember that myself and the other sysadmins can read these files. So the extreme paranoid users (you know who you are) might want to look into SSH key passphrases.


I also wanted to make a note here that our unofficial policy on backups is that users are responsible for backing up their home directories (and now that your mail is stored in ~/Maildir, that means email, too). We currently do not back up /home. Remember, we're a group of volunteers, and we're doing "best effort" service. We try, but we're not guaranteeing anything.

I am VERY happy that we did not lose anything in this latest incident.

In the meantime, I am making daily backups of everything EXCEPT /home. And I am also entertaining the idea of putting a larger disk on dargo so we can back up /home, too. Donations are gladly accepted.


February 12th meeting - CA Cert


CAcert.org is a community-driven certificate authority that issues free public key certificates to the public (unlike other certificate authorities which are commercial and sell certificates).

At the February TriLUG meeting, we will learn about certificates and certificate authorities, and we will have a chance to become "certified" to issue our own certificates through CA Cert. These certificates can be used to enable SSL on a web server or a mail server.

If you would like to be certified, bring 2 forms of government-issued ID. You might also want to do some homework on the CA Cert web site beforehand.

Time: Thursday, 12 February, 7:00pm Place: Red Hat HQ, NCSU Centennial Campus Directions: http://www.redhat.com/about/contact/ww/americas/raleigh.html

(UPDATE - 2009-02-04 - How you should prepare)

The February TriLUG meeting is rapidly approaching (next week), and I wanted to send out a quick note that might help you get the most out of the talk.

First of all, some background. What is "CAcert"?

It is a certificate authority, just like Verisign or Thawte or GoDaddy. You can generate certificates to use on your web server or mail server, and they will sign it.

Many people use self-signed certificates on their web servers and mail servers. This provides HTTPS/IMAPS (SSL) encryption, but it is trivial to spoof. An attacker just sits in between you and your server, providing you with his own self-signed certificate.

YOU <---encrypted---> SPOOFER <---encrypted---> WEBSERVER

For this reason, on Firefox 3, you get the screen with the yellow passport man icon saying "Secure Connection Failed". And then they make you jump through several hoops before you can accept the certificate and see the page. In theory, you're supposed to verify fingerprints and what-not, but who does?

If you want to avoid this problem, you can get your certificate signed by somebody: Verisign, Thawte, GoDaddy, or CAcert.

There are two main differences between these CA's:

(1) price... CAcert is free, the others are not

(2) ease-of use... most browsers already know who the other guys are, but you have to tell it who CAcert is (by downloading their root certificate and importing it into your browser).

We'll talk a lot about these points at the meeting.

BUT... if you follow these steps, you will be able to generate your own certificates, and then have your certs signed by CAcert.

I did it today, and it was very easy.


0) See the detailed instructions here:


If you have a concern or spot a conflict between those instructions and these in this email, contact Cristóbal Palmer, cmp@cmpalmer.org

1) SIGN UP with CAcert here:


2) PRINT out a CAP form. See here:

http://wiki.cacert.org/wiki/FAQ/AssuranceByCAP Click on item #4.

3) BRING two forms appropriate government-issued ID.

Examples: passport, id-card, driver's license

The names should match on both. One must have a photo, but both is ideal.

4) COME to the meeting! Enjoy the show! Get assured!

Alan and Cristóbal

January 8th Meeting - VMware


In January, we will welcome Justin Parker into the LUG in the harshest way we know how... by inviting him to be a speaker.

Justin recently moved to the Triangle. His previous job was with VMware, one of the pioneers of virtualization. He will give us an overview of virtualization, and the features of the various VMware products. And he will guide us through setting up a virtual server. All of this, he says, without trying to sound too much like a "fanboy".

Slides available here (OpenOffice ODP format).

December 11th Meeting - Holiday Social


Following the TriLUG tradition, the December meeting will be a social event, with no formal program. Members and friends are invited to gather, eat, and blow each other to bits (in bzflag or any other game of your choice).

Dinner will be potluck. Bring a dish to share. Sign up on the wiki.


The Linux Users Group of the Triangle. Serving Raleigh, Durham, Chapel Hill, and RTP.


Our monthly meetings are hosted by:

Dr. Warren Jasper

Hosting Sponsor

Hosting for TriLUG's infrastructure is provided by:


3D Printed "TriTuxes" provided by:
Brian Henning