Various tips about the configuration of my machines
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; without any Invariant Sections, without any Front-Cover Texts, and without any Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License" (see Appendix A, GNU Free Documentation License).
dyndns.org use
auto-reconnect pptp script
describe pptp configuration using two network cards on the gateway (3 if considering the wireless lan), and associated firewall rules.
ext3
Webcam - camE, webcam
I'm using a wireless 802.11 network at home. The topology of the network is as follows :
INTERNET < - - ADSL - - > GATEWAY < - - 802.11 - - > notebook
My gateway (desktop P100 runing Debian GNU/Linux) is using a 802.11 PCMCIA Card with PCI adapter (it's a kit sold as D-Link DRC-500, which contains both PCMCIA card (a DLINK DRC-650) and PCI adapter), with the HostAP prism2 driver. This way, my gateway acts as a 802.11 Access Point (AP).
The standard driver for that card in the 2.4.17 kernel (orinoco_cs) does not provide such an Access Point emulation. This prism2 driver has to be compiled and loaded in the kernel. Since it's not present in the standard pcmcia-cs distribution, you have to add it to the /etc/pcmcia/config file.
The wireless configuration on the wireless gateway must be in Master mode, which is configured in the /etc/pcmcia/wireless.opts file. I've not tested if it's really compatible with every clients, but it seems to work.
Since the HostAp prism2 driver does not support WEP encryption, we have to setup some sort of higher level encryption on the link if we don't want the link to be exposed to external wireless sniffers. I'm using OpenSSH + vtun to provide an encrypted tunnel between the gateway and the client and establish a VPN over this SSH tunnel with vtun. That could also be done using OpenSSH+ppp.
The gateway runs a DHCP server to provide IP addresses to the wireless clients. These addresses are just used to allow the SSH tunnel to work between the gateway and the clients.
The gateway runs an IP masquerade to allow communication to the internet from the wireless clients. The masquerade is only activated on a client by client base, for the VPN, only, to prevent untrusted clients to access the network. If one cannot connect via SSH to the gateway, it won't establish the VPN and thus won't be able to route to the internet through the masquerade of the gateway.
My laptop is using the DLink DRC-650 PCMCIA card too, and connects to the gateway via the VPN.
We're setting up a kind of VPN over the unencrypted insecure wireless network. There are two easy ways to do so : using SSH + PPP or using SSH + VTUN.
Using PPP is fairly simple as long as you install the secvpn package on the debian system, as support for ppp is almost standard on most systems.
Using VTUN is a bit more tricky since options need to be enabled in the kernel that may not be really standard.
I choosed to use VTUN since it allows me to differentiate more easily the network interfaces : my gateway uses a ppp link to the ISP (ADSL via pptp), and it complicates a bit when two different kind of interfaces (VPN to the Internet and VPN to my wireless clients) are used over ppp links (especially in the firewall configuration).
On my system, the current version of the pcmcia-cs tools (cardmgr) don't recognize the card. Upon insertion, the following message is send to the syslog :
Feb 20 19:44:00 gnou cardmgr[26663]: unsupported card in socket 1 Feb 20 19:44:01 gnou cardmgr[26663]: product info: "D", "Link DRC-650 11Mbps WLAN Card", "Version 01.02", "" Feb 20 19:44:01 gnou cardmgr[26663]: manfid: 0x028a, 0x0002 function: 6 (network)
However, this card seems to work exactly like the D-Link DWL-650.
To have it recognized, you need to change the /etc/pcmcia/config or /etc/pcmcia/config-2.4 file. In this file, I had to configure the DRC-650's manufacturer's ID to have it recognised by the cardmgr package.
cardctl ident displays this :
Socket 0: product info: "D", "Link DRC-650 11Mbps WLAN Card", "Version 01.02", "" manfid: 0x028a, 0x0002 function: 6 (network)
Thus you have to declare it using this in /etc/pcmcia/config:
card "D-Link DRC-650 11 Mbps Wireless Adapter" manfid 0x028a, 0x0002 bind [...]
There are 3 files which control the way a PCMCIA Wireless network card works on my Debian testing machine running a 2.4 kernel : /etc/pcmcia/config-2.4 which must declare the driver module, and the card's reference, /etc/pcmcia/network.opts which determines the standard TCP/IP network parameters, and /etc/pcmcia/wireless.opts which determines the appropriate wireless options.
Note that configuration may be necessary in /etc/pcmcia/config instead of /etc/pcmcia/config-2.4 on your system.
In addition to adding the card's identification informations, if necessary (see above), you have to declare the right driver : prism2 in the case of the gateway which will have to act as an Access Point :
device "prism2" class "network" module "prism2" card "D-Link DRC-650 11 Mbps Wireless Adapter" manfid 0x028a, 0x0002 bind "prism2"
On the client's side, you may use either prism2 (same configuration as on the gateway) or orinoco_cs driver :
card "D-Link DRC-650 11 Mbps Wireless Adapter" manfid 0x028a, 0x0002 bind "orinoco_cs"
On the gateway, the IP address associated to the wireless card will be fixed. On the clients, it will be defined thru DHCP requests.
On the client I use pump to query the DHCP server on the gateway :
*,*,*,*) # Transceiver selection, for some cards -- see 'man ifport' IF_PORT="auto" # Use /sbin/pump for BOOTP/DHCP? [y/n] PUMP="y" ;;
On the gateway, you configure the network parameters as for any network card (using standard IPADDR, NETMASK, NETWORK, BROADCAST, etc. parameters). As we'll start DHCP on that interface, we can specify the following parameter :
start_fn () { /usr/sbin/dhcpd wlan0; return; }
The WEP will be shut down as it is not supported by prism2 driver in HostAP mode and because we use ssh tunelling. The gateway will use Master mode and the clients Managed mode.
On the Gateway :
*,*,*,*)
#INFO="Fill with your own settings..."
INFO="My own Settings"
# ESSID (extended network name) : My Network, any
ESSID="My Network"
# NWID/Domain (cell identifier) : 89AB, 100, off
NWID=""
# Operation mode : Ad-Hoc, Managed, Master, Repeater, Secondary, auto
MODE="Master"
# Frequency or channel : 1, 2, 3 (channel) ; 2.422G, 2.46G (frequency)
FREQ=""
CHANNEL=""
# Sensitivity (cell size + roaming speed) : 1, 2, 3 ; -70 (dBm)
SENS=""
# Bit rate : auto, 1M, 11M
RATE="auto"
# Encryption key : 4567-89AB-CD, s:password
KEY=""
# RTS threshold : off, 500
RTS=""
# Fragmentation threshold : off, 1000
FRAG=""
# Other iwconfig parameters : power off, ap 01:23:45:67:89:AB
IWCONFIG=""
# iwspy parameters : + 01:23:45:67:89:AB
IWSPY=""
# iwpriv parameters : set_port 2, set_histo 50 60
IWPRIV=""
;;
On the clients :
*,*,*,*)
#INFO="Fill with your own settings..."
INFO="My own Settings"
# ESSID (extended network name) : My Network, any
ESSID="My Network"
# NWID/Domain (cell identifier) : 89AB, 100, off
NWID=""
# Operation mode : Ad-Hoc, Managed, Master, Repeater, Secondary, auto
MODE="Managed"
# Frequency or channel : 1, 2, 3 (channel) ; 2.422G, 2.46G (frequency)
FREQ=""
CHANNEL=""
# Sensitivity (cell size + roaming speed) : 1, 2, 3 ; -70 (dBm)
SENS=""
# Bit rate : auto, 1M, 11M
RATE="auto"
# Encryption key : 4567-89AB-CD, s:password
KEY=""
# RTS threshold : off, 500
RTS=""
# Fragmentation threshold : off, 1000
FRAG=""
# Other iwconfig parameters : power off, ap 01:23:45:67:89:AB
IWCONFIG=""
# iwspy parameters : + 01:23:45:67:89:AB
IWSPY=""
# iwpriv parameters : set_port 2, set_histo 50 60
IWPRIV=""
;;
Apart from the wireless card specific configuration described above, we need to setup the DHCP and vtun (or PPP) servers on the gateway.
This example file shows the configuration on my network. The 192.168.3.0 network if the wireless network. The gateway itself is 192.168.3.1. The 192.168.3.128 to 192.168.3.254 address space is for clients of the wireless network connecting via DHCP. Note that the DNS servers in option domain-name-servers should be adapted to you local configuration.
subnet 192.168.3.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.3.1;
option subnet-mask 255.255.255.0;
# option domain-name "domain.foo"; # replace this with the domain name of your internal net, if any
option domain-name-servers 194.117.200.10, 194.117.200.15; # replace this with the IP of your Domain Name Server
range dynamic-bootp 192.168.3.128 192.168.3.254;
default-lease-time 21600; # 6 hrs
max-lease-time 43200; # 12 hrs
}
The client should run vtun (See Section 2.7, “vtun configuration”) and ssh (See Section 2.6, “SSH tunnel configuration”).
Principle of ssh tunnelling : SSH allows to establish a tunnel which routes every information sent on a local port to a distant machine (on another port), and back, thru an encrypted way.
Here, the client will route any connection on a local port 5000 to the gateway port 5000. vtun can then use this tunnel to securely transport every network traffic between the client and the gateway (and the rest of the world).
The gateway must allow connection via ssh to some user account. I use the public keys as a way to authenticate. The mechanism uses the following scheme :
-
creating a pair of ssh keys on the client with a passphrase
-
copying the public keys in the ~/.ssh/authorized_keys file on the gateway
-
launching ssh-agent on the clients when connecting in the gnome session which is the default behaviour
-
launching ssh-add during gnome session initialisation avoiding to have to restart typing the passphrase at every ssh tunnel initialisation (used for vtun or pop) (TODO)
Using these ssh keys allows to connect the ssh tunnel to the gateway without having to know any password on the server. I do not use a ssh key without any passphrase, which would allow to launch the ssh tunnel in the boot scripts, cause I don't want to allow anybody hijacking the private key file. So the tunnel will have to be launched by a user when he has connected on the client and wants to use the network.
For some reason, I'm unable to activate the use of ssh-agent at the present time and have to use the gateway account password when starting the tunnel.
The ssh tunnel is started by vtun, "on demand". See below.
The configuration sets up a point-to-point network between each client (192.168.0.x) and the gateway (192.168.0.1). The network is not encrypted via vtun since it uses the tunnel setup via ssh between the client and the gateway.
The kernel must be adapted to support "Universal TUN/TAP device driver support" (in Kernel 2.4). The device /dev/misc/net/tun must be created using :
mknod /dev/misc/net/tun c 10 200
The network is started via launching the standard vtun initialisation script /etc/init.d/vtun, only manually by the user. So no /etc/rc*.d/*vtun link should exist.
The user should be allowed to start vtun by declaring him/her in the /etc/sudoers file :
user_id ALL=NOPASSWD: /etc/init.d/vtun
Thus the user can launch the vtun with the sudo /etc/init.d/vtun start command.
The /etc/init.d/vtun script should launch the ssh tunnel before launching vtun :
case "$1" in
start)
ssh -f -L 5000:gateway:5000 -l root gateway sleep 20 </dev/null >/dev/null
/usr/sbin/vtund-start start
;;
This starts the tunnel to the client connecting local and distant 5000 ports via user root on the gateway (which the user should be able to connect to thanks to the ssh public key export.
The vtund-start script requires its configuration in /etc/vtund-start.conf:
gateway-client localhost -f /etc/vtund.conf -p
This tells vtun, on the client, to use localhost:5000 port to connect to the other end, thus using the ssh tunnel established juste before. gateway-client is the name of the vtund.conf configuration section it will use.
The /etc/vtund.conf file should define this configuration :
options {
ifconfig /sbin/ifconfig;
route /sbin/route;
}
gateway-client {
pass yourpassword;
type tun;
proto tcp;
encr no;
keepalive yes;
up {
ifconfig "%% 192.168.0.x pointopoint 192.168.0.1";
route "add default gw 192.168.0.1";
route "del default gw gateway";
};
down {
ifconfig "%% down";
route "del default gw 192.168.0.1";
route "add default gw gateway";
};
}
This configuration is the following :
-
proto tcp since ssh will only tunelize tcp, not udp
-
encr no since no encryption is required from vtun because ssh tunnel handles this aspect.
-
the 192.168.0.x should be different on each client
-
the route directives reconfigure the default routing from standard unencrypted network which was used for the ssh tunnel, to the newly created vtun interface.
The vtund server is started automatically from the init scripts.
The configuration should be as follows:
-
In /etc/vtund-start.conf:
--server-- 5000 -f /etc/vtund.conf
It will then listen on tunneled request arriving on the 500 port
-
In /etc/vtund.conf file should define several configurations (depending on the number of clients allowed on the gateway :
options { ifconfig /sbin/ifconfig; route /sbin/route; firewall /sbin/ipchains; } gateway-clientx { pass yourpassword; type tun; proto tcp; encr no; keepalive yes; up { ifconfig "%% 192.168.0.1 pointopoint 192.168.0.x"; firewall "-A forward -s 192.168.0.x/32 -j MASQ"; };Each client should have its own section.
The "firewall" rule allows network masquerading to allow the tunelled network to be routed to the rest of the networks of the gateway.
I'll describe the contents of my .emacs file listing the various topics addressed. The complete file can be found in the dot_emacs file, although I've tried to split it in logical sections in this document.
In the following paragraphs the CUSTOM mention refers to a configuration that can be set with adding it to the
(custom-set-variables ;; custom-set-variables was added by Custom -- don't edit or cut/paste it! ;; Your init file should contain only one such instance. )
section of the .emacs file.
A lot of Gnus configuration is done via the
.gnus.el file.
I'll describe the contents of my .gnus.el file listing the various topics addressed. The complete file can be found in the dot_gnus_dot_el file, although I've tried to split it in logical sections in this document.
In the following paragraphs the GNUS.EL mention refers to a configuration that can be found in the .gnus.el file. This differentiates from elements tagged CUSTOM set in the .emacs file using the customisation functions of emacs.
GNUS.EL ;; ;; Add debug messages into the "mc buffer" when using mailcrypt ;; (setq mc-gpg-debug-buffer (get-buffer-create "mc debug")) ;; ;; Mailcrypt configuration : using GnuPG ;; (setq mc-default-scheme 'mc-scheme-gpg) CUSTOM '(message-setup-hook (quote (mc-install-write-mode)) t)
;; ;; BBDB handles the the address book ;; (require 'bbdb) (bbdb-initialize) CUSTOM '(gnus-startup-hook (quote (bbdb-insinuate-gnus)))
Gnus splits mail in various groups. It's interesting to be able to check where new mail has been split to after fetching your new mail. There are two methods that can be used : nnmail-filter-history of gnus-filterhist.
CUSTOM '(gnus-after-getting-new-news-hook (quote (display-time-event-handler nnmail-split-history))) or GNUS.EL (add-hook 'gnus-after-getting-new-news-hook 'nnmail-split-history)
gnus-filterhist is an add-on which allows to get more detailed reports about mail splits that occured on fetching new mail.
For some obscure reason it stopped working on my machine. Anyway here is the configuration I used.
GNUS.EL ;; ;; Using Gnus Filter History to get reminder of the mail split that occured ;; ;; if necessary (add-to-list 'load-path (expand-file-name "~/emacs-lisp")) (require 'gnus-filterhist) ;;(setq gnus-filter-history-popup 't) CUSTOM '(gnus-after-getting-new-news-hook (quote (display-time-event-handler gnus-filter-history))) '(gnus-group-mode-hook (quote (gnus-topic-mode gnus-filter-history))) or GNUS.EL (add-hook 'gnus-after-getting-new-news-hook 'gnus-filter-history) (add-hook 'gnus-group-mode-hook 'gnus-filter-history)
Guns-Personalities allows you to define different personalities for sending e-mail with gnus.
The gnus-pers.el package can be found at http://www.comsecmilnavpac.net/elisp/
GNUS.EL
;;
;; Using Gnus Personalities to post using different mail addresses and other headers
;;
;; if necessary
(add-to-list 'load-path (expand-file-name "~/emacs-lisp"))
(require 'gnus-pers)
(gnus-personality-init)
CUSTOM
'(gnus-personalities (quote (("default" "Your Name
<whatever_1st@mail_address>" "" "~/.signature") ("alternate" "Your
Name <whatever_2nd@mail_address>" "Sender: whatever_2nd@mail_address
Organization: Your Organisation - http://your.organisation.org" "~/.signature.2nd"))))
'(gnus-personality-electric-headers (quote ((any ".*organisation\\.org" "alternate") (any ".*@special\\.other_org\\.org" "alternate"))))
Note that this configuration not only changes From header value, but it also defines the Sender value for the second personnality, to comply with problems with mailing-lists (See Section 4, “Posting with different identities”).
If you want to add such supplemental headers with gnus-personalities, you need to insert a carriage-return in the field. To do so, you may need to use C-q + C-j.
GNUS.EL
;;
;; Defining x-face file containing the picture in x-face format
;;
(defvar gnus-x-face-file (expand-file-name "~/.x-face"))
;;
;; Custom function inserting the appropriate content in the sent mail headers
;;
(defun message-insert-x-face ()
(save-excursion
(goto-char (point-min))
(search-forward mail-header-separator)
(beginning-of-line nil)
(insert "X-Face: ")
(insert-file gnus-x-face-file)))
;;
;; Inserting the function in every mail sent process termination
;;
(add-hook 'message-send-hook 'message-insert-x-face)
CUSTOM
'(gnus-treat-display-xface (quote head))
CUSTOM
'(nnmail-split-methods (quote gnus-group-split))
GNUS.EL
;;
;; Rules to determine the way mailing-lists got splitted in various groups
;;
(setq nnmail-split-methods
'(
("info-cvs" "^\\(From:\\|To:\\|Cc:\\|CC:\\|Resent\\).*info-cvs@\\(gnu\\.org\\|prep\\.ai\\.mit\\.edu\\)")
("savannah-hackers" "^\\(From:\\|To:\\|Cc:\\|CC:\\|Resent\\|List-Archive\\).*savannah-hackers")
("fsfe-discussion" "^\\(From:\\|To:\\|Cc:\\|CC:\\|Resent\\).*discussion@fsfeurope\\.org")
("gnu-info" "^\\(From:\\|To:\\|Cc:\\|CC:\\|Resent\\|X-BeenThere:\\).*\\(info-gnu\\|gnu-announce\\|info-gnu-events\\)@gnu.org")
("linux-dell-laptops" "^\\(From:\\|To:\\|Cc:\\|CC:\\|Resent\\).*linux-dell-laptops@yahoogroups\\.com")
("evolution" "^\\(From:\\|To:\\|Cc:\\|CC:\\|Resent\\).*evolution@\\(ximian\\|helixcode\\)\\.\\(com\\|org\\)")
("traduc" "^\\(From:\\|To:\\|Cc:\\|CC:\\|Resent\\).*traduc@traduc\\.org")
("spam" "^\\(X-Spam-Status: Yes\\|X-Bogosity: Yes\\)")
("mail.misc" "")
)
)
Note the spam rule that detects spam messages as tagged by spamassassin and bogofilter(See Section 5, “Using bogofilter and spamassassin to detect spam messages”).
These macros are used to process mails that need to be piped to bogofilter in cases of wrong handling of spam messages. These macros are defined in the Using bogofilter with gnus article (see Section 5.2, “Handling false positives or negatives”).
;; Enable my spam bindings
(add-hook 'gnus-summary-mode-hook
(lambda ()
(local-set-key [(control c)(s)] 'mybogo-send-marked-spam)
(local-set-key [(control c)(n)] 'mybogo-send-marked-notspam)))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; bogofilter ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
(defun mybogo-exec-on-all-processable (shell-command lisp-command)
"Execute a command on all marked-processable messages, or the one under the cursor"
(labels ((do-exec (n g shell-command lisp-command)
(with-temp-buffer
(gnus-request-article-this-buffer n g)
(funcall lisp-command)
(gnus-request-replace-article n g (current-buffer))
(shell-command-on-region (point-min) (point-max)
shell-command
(current-buffer)))))
(let ((g gnus-newsgroup-name))
(let ((list gnus-newsgroup-processable))
(if (>= (length list) 1)
(while list
(let ((n (car list)))
(do-exec n g shell-command lisp-command))
(setq list (cdr list)))
(let ((n (gnus-summary-article-number)))
(do-exec n g shell-command lisp-command)))))))
(defun mybogo-insert-spam-header ()
"Insert the 'X-Bogosity: Yes' header"
(beginning-of-buffer)
(re-search-forward "^$")
(insert "X-Bogosity: Yes\n"))
(defun mybogo-remove-spam-header ()
"Remove the 'X-Bogosity' header"
(save-restriction
(message-narrow-to-head)
(message-remove-header "X-Bogosity" nil)))
(defun mybogo-send-marked-spam ()
"Mark all process-marked messages as spam with bogofilter and respool them"
(interactive)
(mybogo-exec-on-all-processable "bogofilter -Ns" 'mybogo-insert-spam-header)
(gnus-summary-respool-article nil (gnus-group-method gnus-newsgroup-name)))
(defun mybogo-send-marked-notspam ()
"Mark all process-marked messages as NOT spam with bogofilter and respool them"
(interactive)
(mybogo-exec-on-all-processable "bogofilter -Sn" 'mybogo-remove-spam-header)
(gnus-summary-respool-article nil (gnus-group-method gnus-newsgroup-name)))
In the above macros, these -Ns and
-Snoptions are used to report messages to
bogofilter when false understanding where made. Note that in the
original macros, other set of commands were used. These are based
on my version of bogofilter (0.11.1.3, reported by
bogofilter -V).
Requires the message-x.el file
GNUS.EL ;; ;; Completion of BBDB addresses in the message header fields ;; ;; if necessary (add-to-list 'load-path (expand-file-name "~/emacs-lisp")) (require 'message-x)
GNUS.EL ;; specifique to some organisation : (defun specialmyorg-resend-message () (interactive) (gnus-summary-resend-message "special-in@myorg.org" nil)) (defun specialmyorg-mail-bcc () "Move point to end of BCC-field. Create a BCC field if none." (interactive) (expand-abbrev) (progn (mail-position-on-field "to") (insert "\nBCC: special-out@myorg.org"))) ;;(global-set-key "\C-xn" "BCC: special-out@myorg.org") (global-set-key "\C-xn" 'specialmyorg-mail-bcc) (global-set-key "\C-xp" 'specialmyorg-resend-message)
.gnus.el
CUSTOM
'(gnus-article-sort-functions (quote (gnus-article-sort-by-date)))
'(gnus-ignored-from-addresses ".*your_name.*")
'(gnus-message-archive-group "archive")
'(gnus-permanently-visible-groups "^nnml\\\\|^nnfolder")
'(gnus-pers-cc-fix nil)
'(gnus-secondary-select-methods (quote ((nnml ""))))
'(gnus-select-method (quote (nntp "news_server")))
'(gnus-summary-ignore-duplicates t)
'(gnus-summary-line-format "%U%R%z%26,26D %I%(%[%4L: %-20,20n%]%) %s
")
'(gnus-thread-sort-functions (quote (gnus-thread-sort-by-date)))
'(gnus-treat-display-picons nil)
'(gnus-visible-headers (quote ("^From:" "^Newsgroups:" "^Subject:"
"^Date:" "^Followup-To:" "^Reply-To:" "^Organization:" "^Summary:"
"^Keywords:" "^To:" "^[BGF]?Cc:" "^Posted-To:" "^Mail-Copies-To:"
"^Apparently-To:" "^Gnus-Warning:" "^Resent-From:" "^X-Sent:"
"^X-Loop:" "^X-Spam-Status:")))
'(mail-sources (quote ((file :path "/var/spool/mail/your_uid"))))
'(message-kill-buffer-on-exit t)
'(message-mode-hook (quote (turn-on-auto-fill)))
'(message-syntax-checks (quote ((sender . disabled))))
'(nnmail-post-get-new-mail-hook nil)
'(query-user-mail-address nil)
'(user-mail-address "whatever@mail_address")
Selecting the appropriate version if the one of the distribution is not up to date :
;; ;; Make user version of psgml loaded in priority over the system installed version ;; (add-to-list 'load-path (expand-file-name "~/emacs-lisp/psgml-1.2.4"))
I prefer to have some specific font faces configuration to display XML tags. Here is the .emacs configuration about PSGML (attention, order is important in the file) :
;;
;; Creating new font faces for PSGML (SGML/XML editing)
;; done by copying existing font faces that can later be configured
;;
(copy-face 'default 'sgml-start-tag-face)
(copy-face 'default 'sgml-end-tag-face)
(copy-face 'italic 'sgml-comment-face)
(copy-face 'bold 'sgml-pi-face)
(copy-face 'bold 'sgml-sgml-face)
(copy-face 'bold 'sgml-doctype-face)
(copy-face 'default 'sgml-entity-face)
(copy-face 'bold 'sgml-shortref-face)
(copy-face 'default 'sgml-ignored-face)
(copy-face 'default 'sgml-ms-start-face)
(copy-face 'default 'sgml-ms-end-face)
;; automatically display sgml font faces
(setq-default sgml-set-face t)
;; tell psgml to use the fonts we just created
(setq sgml-markup-faces '((start-tag . sgml-start-tag-face)
(end-tag . sgml-end-tag-face)
(comment . sgml-comment-face)
(pi . sgml-pi-face)
(sgml . sgml-sgml-face)
(doctype . sgml-doctype-face)
(entity . sgml-entity-face)
(shortref . sgml-shortref-face)
(ignored . sgml-ignored-face)
(ms-start . sgml-ms-start-face)
(ms-end . sgml-ms-end-face)))
;;
;; customise the PSGML specific fonts
;;
(custom-set-faces
;; custom-set-faces was added by Custom -- don't edit or cut/paste it!
;; Your init file should contain only one such instance.
'(sgml-comment-face ((t (:foreground "turquoise4" :slant italic))))
'(sgml-end-tag-face ((t (:foreground "steelblue1"))))
'(sgml-entity-face ((t (:foreground "gray50"))))
'(sgml-start-tag-face ((t (:foreground "blue")))))
CUSTOM
'(ispell-skip-sgml t)
'(sgml-auto-activate-dtd t t)
'(sgml-set-face t t)
'(sgml-trace-entity-lookup t t)
Attention : other custom-set-faces sections may appear in .emacs file, so you may have to add this configuration to another existing custom-set-faces section of other font faces have been configured for different emacs modes.
Shift + right mouse button to popup the contextual menu of elements.
CUSTOM
'(file-coding-system-alist (quote (("\\.g?z\\(~\\|\\.~[0-9]+~\\)?\\'"
no-conversion . no-conversion) ("\\.tgz\\'" no-conversion
. no-conversion) ("\\.bz2\\'" no-conversion . no-conversion)
("\\.Z\\(~\\|\\.~[0-9]+~\\)?\\'" no-conversion . no-conversion)
("\\.elc\\'" emacs-mule . emacs-mule) ("\\(\\`\\|/\\)loaddefs.el\\'"
raw-text . raw-text-unix) ("\\.tar\\'" no-conversion . no-conversion)
("\\.html\\'" no-conversion . iso-8859-1) ("" undecided))))
;; don't know what's that about (require 'tex-site) CUSTOM '(font-lock-mode t t (font-lock)) '(font-lock-mode-enable-list (quote (latex-mode python-mode))) '(global-font-lock-mode t nil (font-lock))
;; ;; Automatically load VC for version control of CVS managed files ;; (load "vc-hooks")
CUSTOM '(font-lock-mode t t (font-lock)) '(font-lock-mode-enable-list (quote (latex-mode python-mode))) '(global-font-lock-mode t nil (font-lock))
CUSTOM '(ps-landscape-mode nil) '(ps-number-of-columns 1) '(ps-paper-type (quote a4) t)
Not more documented elements
;; ;; Allow minibuffer to be larger than default ;; (setq minibuffer-max-depth nil) ;; ;; support for mouse wheel ;; (mwheel-install) ;; ;; display the battery status in the emacs buffer separator lines ;; (display-battery) ;; ;; display the time and other various stuff in the buffer separator lines ;; (display-time) CUSTOM '(display-time-24hr-format t) '(display-time-day-and-date t) '(display-time-use-mail-icon t) ;; ;; display different background color than the default one ;; (set-background-color "AntiqueWhite1") CUSTOM '(auto-compression-mode t nil (jka-compr)) CUSTOM '(case-fold-search t) CUSTOM '(current-language-environment "Latin-1") '(default-input-method "latin-1-prefix") CUSTOM '(gnuserv-program (concat exec-directory "/gnuserv")) '(show-paren-mode t nil (paren)) '(text-mode-hook (quote (turn-on-auto-fill text-mode-hook-identify))) '(transient-mark-mode t) '(uniquify-buffer-name-style (quote forward) nil (uniquify)) ;; Map a key to goto-line (global-set-key "\C-c\C-g" 'goto-line)
Sometimes you need to use several identities posting on the internet. For instance, you subscribed to mailing-lists with different e-mail addresses
With the default configuration, if you change your From value when sending a mail, exim compares it to your default e-mail address (read in /etc/email-addresses, and if both differ, it inserts a Sender header with that value (to be verified).
But some mailing-list managers require that mail be sent with same From and Sender fields. With the default configuration on my system, when I configured a different From value than the one on the system configuration, the local MTA added a Sender value containing the old mail.
Now, the following steps I used allow me to change identity without any problem :
-
Gnus personalities (with configuration of the Sender field in addition of the From field) (See Section 3.1.2.4, “Personalities”).
-
Changed exim configuration to become a trusted user who's allowed to change the value of the Sender field.
This requires setting :
trusted_users = mail:your_user_id:another_uid
in /etc/exim/exim.conf
I used to use only Spamassassin to detect spam. It worked very well for quite some time, but it seems that spammers have learned how to circumvene such tools detection methods.
So I thought about using both bogofilter and spamassassin to try and identify better all the spam messages.
I found the following article that gives an overview on how
to do so : Frying
spam, by Paul Adams. The technique described in this
article seems to work quite well, but I adapted it to my
particular configuration. One small thing, still, where I don't
agree with the option used to report spam to bogofilter : on my
system, it need the -s option instead of the
-S option, in the procmail rules.
Here is the configuration I use to process mails via spamassassin and bogofilter
-
$HOME/.forward:|/usr/bin/procmail
-
exim (something to change to allow processing via procmail) and setting
smtp_accept_queue_per_connection = 10
so that too many instances of procmail (then spamassassin) won't be launched in parallel, which would almost overload the machine.
-
.procmailrc:VERBOSE=off MAILDIR=$HOME/Procmail PMDIR=$HOME/.procmail LOGFILE=$PMDIR/log INCLUDERC=$PMDIR/rc.testing INCLUDERC=$PMDIR/rc.mail
and
.procmail/rc.mail::0c: backup # Catching spam with bogofilter :0fw | bogofilter -uepl :0e { EXITCODE=75 HOST } # Catching non spam (based on bogofilter's opinion) through spamassassin :0fwE * ! ^X-Bogosity: Yes * ! ^X-Beenthere:.*spamassassin-talk@lists.sourceforge.net | spamc :0e { # EXITCODE=$? EXITCODE=0 } # Catched spam (by spamassassin) gets sent to bogofilter to learn from it :0c * ^X-Spam-Status: Yes { :0w | bogofilter -s }
So, first I make a backup of every mail received in the case one of the rules or filters would crash any mail.
Next, the first spam filter launched is bogofilter. Since
bogofilter may be a bit naive in the begining, it won't catch
spams very well, so every "good" mail is then passed to
spamassassin. Every other messages (spam, tagged with
X-Bogosity: yes) aren't passed to
spamassassin. We trust bogofilter.
Now, if spamassassin finds a "new" spam
(X-Spam-Status: Yes) in what bogofilter first let
go through, we will declare these mails as spam to bogofilter
(bogofilter -s).
In any case, every mail will be passed through and delivered. Gnus will the do the classification in the different mail folders, based on the tagging of the mails (see Section 3.1.2.6, “Mail splitting - automatic mailing-list storing”).
Note that this -s option is used to report
a spam to bogofilter on my version of bogofilter (0.11.1.3,
reported by bogofilter -V). It's strange, I
think, that the document "Frying spam" (see above) specifies the
-S option there... the -S option
on my version is used to unregistered false positives.
Note also that spamassassin is used in client/server mode (spamd running as a daemon, and spamc used to report spams... using directly spamassassin -P would work the same way).
Either spamassassin or bogofilter may make mistakes on analysing spam or good messages.
Several cases may occur :
-
bogofilter misinterpreted a message as spam (it was tagged with
X-Bogosity: yes) whereas it's a legitimate e-mail. The message should be directed to the right folder, and also be taught manually to bogofilter as being a good message (using bogofilter -Sn) -
bogofilter may not see a mail as being spam. Then two possible situations may occur :
-
either spamassassin picked the mail as spam, in which case the mail will be notified as spam to bogofilter
-
either it is not detected as spam by spamassassin either, so the mail will have to be handled manually to report it to bogofilter as spam (using bogofilter -Ns).
-
-
when spamassassin (above) has picked one of the mails as spam whereas it is not, it should then also be notified as spam to bogofilter (using bogofilter -Ns).
I'm using Gnus as mail reader (see Section 3.1.2, “Gnus (reading mail and news)”), so I'm using macros to pipe mails to bogofilter, using the method explained in the Using bogofilter with gnus. The macros are detailed in Section 3.1.2.7, “Macros to handle erronous spam messages handling”.
When mails are tagged as spam by either spamassassin or bogofilter whereas it shouldn't, C-c n will send the mail to bogofilter for deregistering from the spam word list.
And when mails that constitute spam should be sent to bogofilter for it to learn from their content, C-c s will send the mail to bogofilter and respool it (which will classify it as spam).
Note that the above options of bogofilter may not correspond to your version. There seems to be some kind of change that may have happened in the options of bogofilter, since the different articles that I read all used different set of options... or it's me who didn't understand something... :-/
When travelling around, my laptop is exposed to insecure networks.
When at home, my network tends to be rather securely configured, and I connect rather directly with my ISP, which holds my mail (which can be retrieved through POP or IMAP).
Unfortunately, my ISP doesn't provide secure mail retrieval protocols.
The consequence of this situation is that retrieving mail from my laptop when not at home is far more dangerous than when connected to my ISP, even if it's not perfect though.
There are two solutions to this issue :
-
the first solution I implemented was using a "mail proxy", by having a pop server on my gateway
-
the second one, which I finally use, since it's much more simple, is using a rerouted tunneled connection to my ISP via SSH
![[Note]](../graphics/note.gif) | Note |
|---|---|
|
I'm not using any longer this configuration |
I've setup a "mail proxy" on my gateway to try to allow the best possible situation :
-
my gateway fetches my mail out of my ISP thru the most direct link, so less exposed to other's eyes
-
my laptop connects to the gateway thru a secure protocol to in turn fetch the mails
This is achieved by running :
-
fetchmail on the gateway
-
a pop server on the gateway
-
a firewall on the server disableing any pop connection from other hosts
-
fetchmail on the laptop which launched a ssh tunnel as needed, to the pop server of the gateway
-
the gateway being known of the outside world thru a dynamic dns service.
The fetchmail configuration on the laptop is achieved throuh such preconnect configuration :
poll localhost with proto POP3 port 11110 and options no dns:
user 'your_pop_uid_on_gateway' there with password 'your_pop_password_on_gateway' is 'your_uid_on_localhost' here
preconnect "ssh -f -L 11110:gateway.dynamicdnsservice.org:110 -l uid_on_gateway gateway.dynamicdnsservice.org sleep 20 </dev/null >/dev/null";
| Note |
|---|---|
|
I prefer to use this solution, since it's simpler to have a "direct" tunneled connection instead of a POP server on a proxy... The mail is retrieved faster, and there is less risk of blocking my mail on the gateway if it gets disconnected while having retrieved mail from the ISP. |
I'm using SSH to establish a tunnel to my ISP, thru the gateway. Thus, a local port of my laptop is forwarded to the ISP's POP port via the gateway, wich is connected directly to it. For the POP server at my ISP's, the connection seems to be coming from my gateway.
Here is the fetchmail configuration I use :
poll localhost with proto POP3 port 11110 and options no dns:
user 'your_pop_uid_on_gateway' there with password 'your_pop_password_on_gateway' is 'your_uid_on_localhost' here
preconnect "ssh -f -L 11110:pop.myISP.com:110 -l uid_on_gateway gateway.dynamicdnsservice.org sleep 20 </dev/null >/dev/null";
The ssh command's arguments mean that the local 11110 port is forwarded to the port 110 (standard POP port) on my ISP's machine, by the way of a connection comming from gateway.dynamicdnsservice.org (my gateway's name on the internet) on which I log in as uid_on_gateway.
I own a Philips ToUcam Fun (PCVC 730K) USB webcam. This webcam works quite well with GNU/Linux. It uses the pwc driver (included in the 2.4.18 kernel on my Debian). I use camE or webcam (from xawtv, packaged as a separate program on Debian) to take snapshots and upload them via ssh on my webpage. The camE program is less convenient to use, but captures in higher resolution than webcam.
Most usefull information found at http://kreucher.net/clie/.
Apart from the information described in this page, I use usbmgr to automatically load the usb_storage module when MS Import is executed on the Clié.
http://milnber.gotadsl.co.uk/clie/cliehowto.htmlhttp://members.1012surfnet.at/ralf.schlatterbeck/netsync.html http://home.earthlink.net/~cleryd/ http://www.coling.uni-freiburg.de/~schauer/resources/docs/visor-howto/palmos-pda-howto.html : /usr/sbin/pppd "/dev/ttyUSB0" 230400 10.0.0.1:10.0.0.2 passive local noauth debug nodeflate nobsdcomp noccp nopcomp proxyarp nodetach ms-dns 10.0.0.1
I've bough a phone equipped with a bluetooth adapter (Philips Fisio 820), and began to use the bluetooth connectivity to connect several of my devices : laptop, Sony Clié PDA, and the phone.
You may read another document I wrote dedicated to this very issue : Using GPRS over BlueTooth on a Philips Fisio 820 with Orange (France)
As for the connection of my laptop, I've managed to use the Sony Clié PDA (T625C), with the Bluetooth MemoryStick adapter with the Clié too. See also the Using GPRS over BlueTooth on a Philips Fisio 820 with Orange (France) Howto.
Things that work :
-
sending a phone number from the fisio's memory (not the SIM) to the clié's address-book.
Here is an excellent document about that issue : Palm and Linux Bluetooth HOWTO.
I configured the APM scripts in a way my Debian lacked resuming the keyboard repeat rate after APM resume (courtesy from the linux-dell-laptops@yahoogroups.com mailing-list) :
#! /bin/sh
case "$1" in
resume)
#xset r rate 500 30
kbdrate -s -r 30 -d 500
;;
*)
;;
esac
logger -t "/etc/events.d/kb" -p "user.info" "Power '$1'."
Table of Contents
Version 1.1, March 2000
Copyright (C) 2000 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
The purpose of this License is to make a manual, textbook, or other written document "free" in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others.
This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software.
We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.
This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you".
A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language.
A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (For example, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them.
The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License.
The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License.
A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, whose contents can be viewed and edited directly and straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup has been designed to thwart or discourage subsequent modification by readers is not Transparent. A copy that is not "Transparent" is called "Opaque".
Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML designed for human modification. Opaque formats include PostScript, PDF, proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML produced by some word processors for output purposes only.
The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text.
You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3.
You may also lend copies, under the same conditions stated above, and you may publicly display copies.
If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects.
If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.
If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a publicly-accessible computer-network location containing a complete Transparent copy of the Document, free of added material, which the general network-using public has access to download anonymously at no charge using public-standard network protocols. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public.
It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document.
You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version:
Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission.
List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has less than five).
State on the Title page the name of the publisher of the Modified Version, as the publisher.
Preserve all the copyright notices of the Document.
Add an appropriate copyright notice for your modifications adjacent to the other copyright notices.
Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below.
Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice.
Include an unaltered copy of this License.
Preserve the section entitled "History", and its title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence.
Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission.
In any section entitled "Acknowledgements" or "Dedications", preserve the section's title, and preserve in the section all the substance and tone of each of the contributor acknowledgements and/or dedications given therein.
Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles.
Delete any section entitled "Endorsements". Such a section may not be included in the Modified Version.
Do not retitle any existing section as "Endorsements" or to conflict in title with any Invariant Section.
If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles.
You may add a section entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard.
You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one.
The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.
You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice.
The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.
In the combination, you must combine any sections entitled "History" in the various original documents, forming one section entitled "History"; likewise combine any sections entitled "Acknowledgements", and any sections entitled "Dedications". You must delete all sections entitled "Endorsements."
You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects.
You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document.
A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, does not as a whole count as a Modified Version of the Document, provided no compilation copyright is claimed for the compilation. Such a compilation is called an "aggregate", and this License does not apply to the other self-contained works thus compiled with the Document, on account of their being thus compiled, if they are not themselves derivative works of the Document.
If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one quarter of the entire aggregate, the Document's Cover Texts may be placed on covers that surround only the Document within the aggregate. Otherwise they must appear on covers around the whole aggregate.
Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License provided that you also include the original English version of this License. In case of a disagreement between the translation and the original English version of this License, the original English version will prevail.
You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/.
Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation.
To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page:
Copyright (c) YEAR YOUR NAME. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being LIST THEIR TITLES, with the Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST. A copy of the license is included in the section entitled "GNU Free Documentation License".
If you have no Invariant Sections, write "with no Invariant Sections" instead of saying which ones are invariant. If you have no Front-Cover Texts, write "no Front-Cover Texts" instead of "Front-Cover Texts being LIST"; likewise for Back-Cover Texts.
If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software.