August 13 meeting - Drupal


Our very own Allen Freeman will be discussing Drupal, a very popular content management system (and if you're reading this notice, then you're seeing an example of it in action).

Find out how to set it up, what it can do, why you'd want to use it.

(1) Design a web page using Drupal. (2) ??? (3) Profit!

July 9 meeting - The Semantic Web


Please join us as Phillip Rhodes gives us a glimpse into the future of the internet - the Semantic Web.

The Semantic Web is the name given to Sir Tim Berners-Lee's vision for the next generation of the World Wide Web. On today's web, most data is provided in a format which is easy for humans to understand, but which computer programs have trouble understanding. This makes it difficult for us to program computers to perform useful, time-consuming tasks for us, using data retrieved over the Web.

As the Semantic Web vision unfolds and more data is provided in "structured data" form, it will become increasingly easy to develop programs which can appear to act much more intelligent in terms of how they interact with the web and with each other. This will provide the potential for a huge surge in productivity as we enable computers to perform lower-value tasks for us, freeing people to focus on tasks which require human creativity.

We are still a long way from the kind of "Artificial Intelligence" that we have seen in science-fiction programmes and movies, but the Semantic Web moves us forward in our evolution of adapting technology to simplify our lives.

June 11 meeting - Unbreaking Linux Audio


Daniel Chen is a Master of the Universe. No, not like "He-Man". He contributes significant time to the Ubuntu project, helping make audio applications and infrastructure "just work". This is a huge undertaking, since there are so many sound card drivers and so many audio frameworks that have come and gone over the years. This work has earned him the title of MotU from the Ubuntu team.

Dan will give us an idea of how audio works in Linux (visualize: spaghetti). And he'll share tips and tricks on making audio applications work seamlessly... or, at least with less frustration than before.

Dan is part of the TriLUG diaspora, who frequently graced our presence in years past, but who now only return when bribed with free pizza and the chance to speak in front of the crowd. Let's give Dan a big homecoming welcome.

May 14th meeting - LinuxDNA


Tyler McAdams has been researching ways to fine-tune systems to run extremely fast. He is involved with a global project called "LinuxDNA", which aims to optimize the binaries which run on a machine, with special emphasis on the kernel. His team employs a compiler from Intel that is very good at producing optimized code for the x86 family of processors.

Bonus points if you can tell which distro Tyler likes to run (see below).

Come hear Tyler tell his secrets and his war stories about making Linux run FAST.

You guessed it... it's Gentoo.

March 12th meeting - Geographic Information Systems


WHAT: March TriLUG meeting WHEN: Thursday, March 12th, 7:00pm WHERE: Red Hat HQ, NCSU Centennial Campus MAP:

This month, our very own Doug Newcomb will give us an introduction to the fascinating world of Geographic Information Systems. It's the ultimate form of representing the world around us using computers. Literally, we're mapping out our entire planet for use online.

We've all used Google Maps and Mapquest. But have you heard of the collaborative effort at [1] to produce a complete map of the world, entirely from user-contributed data?

Closer to home, we might use the local land records web sites: Wake County IMAPS [2], Durham GIS web [3] or the Chatham County GIS [4]. See how open source software and free-license data fit into these systems (or not).

And now, consumers with TomTom GPS's can share map updates with other users using TomTom Home "map share" [5]. Again, people helping people, correcting the data that they know about best, close to their homes.

On Thursday night, Doug will tell us about a variety of GIS projects, both commercial and open source, with proprietary and open sources of map data.

See you all there.


[1] [2] [3] [4] [5]

April 9th meeting - Lightning Talks


The April meeting will be a chance for members to share tips and tools with each other, in the form of "Lightning Talks". Each speaker will be given 10 minutes to discuss an indispensable tool to the group, including time for questions. Bring your ideas, and be ready to "share and enjoy".

So you think you've been rooted...


Since we had a break-in on pilot recently, I thought I would bring up a couple of points.


First of all, it appears that what happened to pilot was that a vulnerability in "RoundCube", a fancy web mail package, was exploited by a script that installs a "bot" (part of a botnet).

As far as I can tell, no files or emails were damaged. Everything appeared to be intact. It looks to me like it was just talking to a lot of other machines via an IRC channel (and that's how we noticed it).

The bot was running as user 'www-data'. So technically, we were not 'rooted'... we were 'apache-ed'.


But since we have had a break-in, it makes me think of what damage could have been done.

Personally, I was thinking about my SSH keys. On any semi-public machine like pilot, I encrypt my SSH keys with a passphrase (see "ssh-keygen -p"). So if someone were able to read my private key in ~porter/.ssh/id_rsa, all they would get was a load of DES-encrypted bits. In this case, it's doubtful that they could have read the file, since it has 700 perms.

But if an attacker had read these files, and if my key were not encrypted, then now would be a good time to go onto all my other accounts and make sure that my TriLUG SSH key was not listed in the ~/.ssh/authorized_keys files. This would keep one break-in from leading to a series of break-ins. This is left as an exercise for the paranoid reader.

As it stands, it looks like your SSH keys were never at risk. At least not from the bot... remember that myself and the other sysadmins can read these files. So the extreme paranoid users (you know who you are) might want to look into SSH key passphrases.


I also wanted to make a note here that our unofficial policy on backups is that users are responsible for backing up their home directories (and now that your mail is stored in ~/Maildir, that means email, too). We currently do not back up /home. Remember, we're a group of volunteers, and we're doing "best effort" service. We try, but we're not guaranteeing anything.

I am VERY happy that we did not lose anything in this latest incident.

In the meantime, I am making daily backups of everything EXCEPT /home. And I am also entertaining the idea of putting a larger disk on dargo so we can back up /home, too. Donations are gladly accepted.


February 12th meeting - CA Cert

2009-01-13 is a community-driven certificate authority that issues free public key certificates to the public (unlike other certificate authorities which are commercial and sell certificates).

At the February TriLUG meeting, we will learn about certificates and certificate authorities, and we will have a chance to become "certified" to issue our own certificates through CA Cert. These certificates can be used to enable SSL on a web server or a mail server.

If you would like to be certified, bring 2 forms of government-issued ID. You might also want to do some homework on the CA Cert web site beforehand.

Time: Thursday, 12 February, 7:00pm Place: Red Hat HQ, NCSU Centennial Campus Directions:

(UPDATE - 2009-02-04 - How you should prepare)

The February TriLUG meeting is rapidly approaching (next week), and I wanted to send out a quick note that might help you get the most out of the talk.

First of all, some background. What is "CAcert"?

It is a certificate authority, just like Verisign or Thawte or GoDaddy. You can generate certificates to use on your web server or mail server, and they will sign it.

Many people use self-signed certificates on their web servers and mail servers. This provides HTTPS/IMAPS (SSL) encryption, but it is trivial to spoof. An attacker just sits in between you and your server, providing you with his own self-signed certificate.

YOU <---encrypted---> SPOOFER <---encrypted---> WEBSERVER

For this reason, on Firefox 3, you get the screen with the yellow passport man icon saying "Secure Connection Failed". And then they make you jump through several hoops before you can accept the certificate and see the page. In theory, you're supposed to verify fingerprints and what-not, but who does?

If you want to avoid this problem, you can get your certificate signed by somebody: Verisign, Thawte, GoDaddy, or CAcert.

There are two main differences between these CA's:

(1) price... CAcert is free, the others are not

(2) ease-of use... most browsers already know who the other guys are, but you have to tell it who CAcert is (by downloading their root certificate and importing it into your browser).

We'll talk a lot about these points at the meeting.

BUT... if you follow these steps, you will be able to generate your own certificates, and then have your certs signed by CAcert.

I did it today, and it was very easy.


0) See the detailed instructions here:

If you have a concern or spot a conflict between those instructions and these in this email, contact Cristóbal Palmer,

1) SIGN UP with CAcert here:

2) PRINT out a CAP form. See here: Click on item #4.

3) BRING two forms appropriate government-issued ID.

Examples: passport, id-card, driver's license

The names should match on both. One must have a photo, but both is ideal.

4) COME to the meeting! Enjoy the show! Get assured!

Alan and Cristóbal


The Linux Users Group of the Triangle. Serving Raleigh, Durham, Chapel Hill, and RTP.


Our monthly meetings are hosted by:

Dr. Warren Jasper

Hosting Sponsor

Hosting for TriLUG's infrastructure is provided by:


3D Printed "TriTuxes" provided by:
Brian Henning