Auto-generate Flow Chart from Java/C++ Codes:

Raptor Flowchart Tutorial For Beginners

Monday, October 29, 2012

Simple Way To... Uninstall Smart HDD Virus/Malware

Cara Mudah Untuk... Membuang Virus/Malware Smart HDD

Semasa memuatturun dokumen dari multiply akibat penutupan servisnya, laptop saya tiba-tiba berkelakuan ganjil. Muncul Tingkap Dialog Amaran mengatakan ada masalah dengan Hard Disk. Cuak juga rasanya. Laptop ini baru lima bulan dibeli. Takkanlah kualiti perkakasannya seteruk ini. Kemudiannya, Pak Cik Google memberithu ia adalah Smart HDD. Lega, at least I know that laptop is physically OK.

Virus ini menukarkan atribut bagi setiap fail direktori kepada hidden hingga akhirnya saya tak dapat lagi melihat nama-namanya di dalam Tingkap Windows Explorer. Lebih buruk lagi ia memadam kandungan Start Button. Lalu kosong dan tak dapat hendak mencapai apa-apa perisian ataupun fail.

Saya tahu fail/direktori sebenarnya tidak hilang tetapi cuma tersorok sahaja. Maka saya gunakan Perisian Portable 7Zip untuk meninjau fail/direktori ini (Saya hidupkan Windows melalui Safe Mode). Melalui tinjaun ini, semuanya didapati masih wujud. Dengan menggunakan 7Zip saya tukarkan buang atribut  hidden. Tapi simptom tidak akan selesai hinggalah Smart HDD dibuang sepenuhnya.

Saya dapati http://malwaretips.com/blogs/smart-hdd-removal-steps/ menyediakan panduan yang agak menyeluruh juga. Walaubagaimanapun, saya malas nak spend masa buat kerja-kerja ini. Saya pindahkan semua fail/direktori penting keluar, dan saya gunakan Recovery Software laptop saya untuk kembalikan laptop ke status asal ketika keluar dari kilang (Ini lagi mudah, tinggalkan aje buat sejam dua dan pergi diner dulu, balik nanti laptop dah ready :-P).

----------


Smart HDD Uninstall Instructions


Smart HDD is a malicious software that will display fake alerts, claiming that several hard drive errors were detected on your computer.The alerts are professional looking pop-ups and when you click on them, you’re advised to buy Smart HDD in order to fix this errors.
In reality, none of the reported issues are real, and are only used to scare you into buying Smart HDD and stealing your personal financial information.
If you’ve got a Smart HDD infection , you’ll be seeing this screens :
[Image: Smart-HDD.png]
Smart HDD will generate the following error messages:
Hard drive boot sector reading error
During I/O system initialization, the boot device driver might have failed to initialize the boot device. File system initialization might have failed because it did not recognize the data on the boot device.
System blocks were not found
This has most likely occurred because of hard disk failure.
This may also lead to a potential loss of data.
Error 0×00000024 – NTFS_FILE_SYSTEM
The Stop 0×24 message indicates that a problems occurred within Ntfs.sys, the driver file that allows the system to read and write to NTFS file system drives. It is most often related to hard drive errors.
Error 0×00000078 – INACCESSIBLE_BOOT_DEVICE
The Stop 0×78 message indicates that Windows has lost access to the system partition or boot volume during the startup process. During I/O system initialization, the boot device driver might have failed to initialize the boot device (typically a hard disk). Repartitioning the system partition or installing a new SATA/RAID adapter or disk controller might also induce this error.
The DRM attribute value is too small before disk scan
Drive Reliability Monitor (a system or monitoring the reliability of disc drive functioning). The malfunction counter built into the disk drive shows excessive number of malfunctions. The storage device needs to be replaced.
Error 0×00000050 – PAGE_FAULT_IN_NONPAGED_AREA
The Stop 0×50 message indicates that requested data was not in memory. The system generates an exception error when using a reference to an invalid system memory address.
Error 0x0000002E – DATA_BUS_ERROR
The Stop 0x2E message is typically caused by failed or defective RAM (including motherboard, Level 2 cache, or video memory), incompatible or mismatched memory hardware, or when a device driver attempts to access an address in the 0x8xxxxxxx range that does not exist (does not map to a physical address).

Registration codes for Smart HDD

As an optional step,you can use the following license key to register Smart HDD and stop the fake alerts.
15801587234612645205224631045976
Please keep in mind that entering the above registration code will NOT remove Smart HDD from your computer , instead it will just stop the fake alerts so that you’ll be able to complete our removal guide more easily.
We strongly advise you to follow our Smart HDD removal guide and ignore any alerts that this malicious software might generate.Under no circumstance should you buy this rogue security software as this could lead to identity theft.

Removal guide for Smart HDD

STEP 1 : Start your computer in Safe Mode with Networking

  1. Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
  2. Press and hold the F8 key as your computer restarts.Please keep in mind that you need to press the F8 key before the Windows  start-up logo appears.
  3. On the Advanced Boot Options screen, use the arrow keys to highlight Safe Mode with Networking , and then press ENTER.
    [Image: Safemode.jpg]
  4. Log on to your computer with a user account that has administrator rights

STEP 2: Remove Smart HDD malicious proxy server

Smart HDD may add a proxy server which prevents the user from accessing the internet,follow the below instructions to remove the proxy.
  1. Start Internet Explorer [Image: Smart HDD- IE] and if you are using Internet Explorer 9 ,click on the gear icon   [Image: IE gear icon] (Tools for Internet Explorer 8 users) ,then select Internet Options.
    [Image: Internet-options-IE.png]
  2. Go to the tab Connections.At the bottom, click on LAN settings.
    [Image: Remove-proxy-server2.png]
  3. Uncheck the option Use a proxy server for your LAN. This should remove the malicious proxy server and allow you to use the internet again.
    [Image: Remove-proxy-server3.png]
If you are a Firefox users, go to Firefox(upper left corner) → Options → Advanced tab → Network → Settings → Select No Proxy

STEP 3: Run RKill to terminate known malware processes associated with Smart HDD.

RKill is a program that attempts to terminate any malicious processes associated with Smart HDD ,so that your normal security software can then run and clean your computer of infections.
As RKill only terminates a program’s running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again.
  1. While your computer is in Safe Mode with Networking ,please download the latest official version of RKill.
    [Image: download-rkill.png
  2. Double-click on the RKill iconin order to automatically attempt to stop any processes associated with Smart HDD.
    [Image: run-rkill-1.png]
  3. RKill will now start working in the background, please be patient while the program looks for various malware programs and tries to terminate them.
    [Image: run-rkill-2.png]
    IF you receive a message that RKill is an infection, that is a fake warning given by the rogue. As a possible solution we advise you to leave the warning on the screen and then try to run RKill again.Run RKill until the fake program is not visible but not more than ten times.
    IF you continue having problems running RKill, you can download the other renamed versions of RKill from here.
  4. When Rkill has completed its task, it will generate a log. You can thenproceed with the rest of the guide.
    [Image: Smart HDD rkill3.jpg]
WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.

STEP 4: Remove Smart HDD malicious files withMalwarebytes Anti-Malware FREE

  1. Please download the latest official version of Malwarebytes Anti-Malware FREE.
    download Malwarebytes
  2. Install Malwarebytes’ Anti-Malware by double clicking on mbam-setup.
    [Image: malwarebytes-installer.png]
  3. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware checked. Then click on the Finishbutton. If Malwarebytes’ prompts you to reboot, please do not do so.
    [Image: install-malwarebytes.png]
  4. Malwarebytes Anti-Malware will now start and you’ll be prompted to start a trial period , please select ‘Decline‘ as we just want to use the on-demand scanner.
    [Image: decline-trial-malwarebytes.png]
  5. On the Scanner tab,please select Perform full scan and then click on theScan button to start scanning your computer for any possible infections.
    [Image: malwarebytes-full-system-scan.png]
  6. Malwarebytes’ Anti-Malware will now start scanning your computer for Smart HDD malicious files as shown below.
    [Image: malwarebytes-scanning.png]
  7. When the scan is finished a message box will appear, click OK to continue.
    [Image: malwarebytes-scan-finish.png]
  8. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image.Make sure that everything is Checked (ticked) and click on the Remove Selected button.
    [Image: malwarebytes-scan-results.png]
  9. Malwarebytes’ Anti-Malware will now start removing the malicious files.If during the removal process Malwarebytes will display a message stating that it needs to reboot, please allow this request.
    [Image: malwarebytes-reboot-prompt.png]

STEP 5: Double check your system for any left over infections with HitmanPro

  1. This step can be performed in Normal Mode ,so please download the latest official version of HitmanPro.
    [Image: Download Hitman Pro]
  2. Double click on the previously downloaded file to start the HitmanPro installation.
    [Image: hitmanpro-icon.png]
    NOTE : If you have problems starting HitmanPro, use the “Force Breach” mode. Hold down the left CTRL-key when you start HitmanPro and all non-essential processes are terminated, including the malware process. (How to start HitmanPro in Force Breach mode – Video)
  3. Click on Next to install HitmanPro on your system.
    [Image: installing-hitmanpro.png]
  4. The setup screen is displayed, from which you can decide whether you wish to install HitmanPro on your machine or just perform a one-time scan, select a option then click on Next to start a system scan.
    [Image: hitmanpro-setup-options.png]
  5. HitmanPro will start scanning your system for malicious files. Depending on the the size of your hard drive, and the performance of your computer, this step will take several minutes.
    [Image: hitmanpro-scanning.png]
  6. Once the scan is complete,a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click Next.
    [Image: hitmanpro-scan-results.png]
  7. Click Activate free license to start the free 30 days trial and remove the malicious files.
    [Image: hitmanpro-activation.png]
  8. HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.

STEP 6: Unhide your files and folders

Smart HDD modifies your file system in such a way that all files and folders become hidden, to restore the default settings , you’ll need to run the below program.
  1. Please download Tweaking.com-UnhideNonSystemFiles.exe to unhide your files and folders.
    [Image: download-unhide.png]
  2. Double click on Tweaking.com-UnhideNonSystemFiles.exe and when the utility starts click on the ‘Start’ button to unhide your files.
    [Image: unhide-icon.png]

STEP 7 : Restore your shortcuts and remove any left over malicious registry keys

Smart HDD has moved your shortcuts files in the Temporary Internet folder and added some malicious registry keys to your Windows installation , to restore your files we will need to perform a scan with RogueKiller.
  1. Please download the latest official version of RogueKiller.
    download RogueKiller
  2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you canclick the Start button to perform a system scan.
    [Image: roguekiller-1.png]
  3. After the scan has completed, press the Delete button to remove any malicious registry keys.
    [Image: roguekiller-2.png]
  4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
    [Image: roguekiller-1.png]

STEP 8: Get your desktop look back!

Smart HDD changes your desktop background to a solid black color,to change it back to default one follow the below instruction.
    • Windows XP : Click on the Start button and then select Control Panel. When the Control Panel opens, please click on the Display icon. From this screen you can now change your Theme and desktop background.
    • Windows 7 and Vista : Click on the Start button and then select Control Panel. When the Control Panel opens, please click on the Appearance and Personalization category. Then select Change the Theme or Change Desktop Background to revert back to your original Theme and colors.

STEP 9: Restore your pinned task bar shortcuts , star menu items and other missing icons.

Smart HDD has moved your saved pinned task bar items and other shortcuts into the temporary internet folder, so now we will have to copy them back to their original location.
1. Enable on your system the ‘Show hidden files, folders, and drives’ option.
  • If you are using Windows 7 or Vista,go to Computer → Click on theOrganize tab → select Folder and search options.
  • If you are using Windows XP,go to My Computer → Tools tab → selectFolder Options.
    [Image: viewhiddenfiles.png]
In the new window that appeared select the View tab and choose the option Show hidden files, folders, and drives then click Apply and OK.
[Image: Show hidden files, folders, and drives.png]
2.This rogue software has moved your shorcuts in a folder in the Temporary Internet files called smtmp, so now we will need to copy them back to their original locations.
  • Windows 7 and Vista users can find the smtmp folder in C:\Users\[Your Username]\AppData\Local\Temp
  • Windows XP users can find smtmp folder the in : C:\DOCUMENTS AND SETTINGS\[Your Username]\LOCAL SETTINGS\Temp
[Image: Show hidden files, folders, and drives.png]
The smtmp folder will contain 4 folders and you’ll need to copy the content of this folders back to their original locations.
  • Copy the content from %Temp%\smtmp\1\ to:
    Windows XP: C:\Documents and Settings\All Users\Start Menu
    Windows Vista and Windows 7: C:\ProgramData\Microsoft\Windows\Start Menu
  • Copy the content from %Temp%\smtmp\2\ to:
    Windows XP: C:\Documents and Settings\[your username]\Application Data\Microsoft\Internet Explorer\Quick Launch\
    Windows Vista and Windows 7: C:\Users\[your username]\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
  • Copy the content from %Temp%\smtmp\3\ to:
    Windows XP: It does not exist on Windows  XP.
    Windows Vista and Windows 7 C:\Users\[your username]\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
  • Copy the content from %Temp%\smtmp\4\ to:
    Windows XP : C:\Documents and Settings\All Users\Desktop
    Windows Vista and Windows 7: C:\Users\Public\Desktop
If you are still experiencing problems while trying to remove Smart HDD from your machine, please start a new thread in our Malware Removal Assistance forum.

Apakah itu Perisian Alpha Five



What is Alpha Five Software?

Alpha Five adalah Sistem Pengurusan Pangkalan Data Relational (Relational Database Management System) dan Sistem Pembangun Perisian Pantas (Rapid Application Development) untuk membina Aplikasi Windows dan Web (termasuk teknologi AJAX). Ia adalah saingan kepada Microsoft Access tetapi ia menyokong pembangunan Web yang lebih mudah berbanding Microsoft Access.

Alpha Five V8





Versi terkini adalah Alpha Five V11 yang dikeluarkan pada Oktober 2011.

Pada tahun 2010, Alpha Five dinobatkan di tangga pertama dalam kategori Pembangun Pantas Untuk Aplikasi Web oleh InfoWorld.

Alpha Five dibangunkan oleh Alpha Software semenjak tahun 1982. Ia mula menjadi perhatian apabila Alpha Five Version 8 mendapat anugerah Dr. Dobb's Jolt Award bagi kategori Persekitaran Pembangun Perisian Terbaik.

Aplikasi menggunakan enjin DBF-terbina (built-in DBF) dan dapat dihubungkan kepada MySQL, Oracle, MS SQL Server, DB2, EnterpriseDB, PostGreSQL dan Perisian Database SQL yang lain melalui sumber ODBC. Versi terbaru memuatkan Portable SQL, satu ciri yang membolehkan pengguna menukar database tanpa perlu menulis query semula.


Alpha Five menyediakan panduan Getting Started pada pautan http://wiki.alphasoftware.com/tiki-index.php. Di samping itu Alpha Five turut mempunyai komuniti pembangun perisian seperti http://www.alphadevnet.com/whyalphafive.a5w yang menyediakan sumber rujukan bagi ahli komunitinya.

Simple Way To... Understand Differences Between Visual Studio Express and SharpDevelop

Cara Mudah Untuk... Memahami Perbezaan Antara Visual Studio Express dan SharpDevelop

Tidak dinafikan, perisian pembangun keluaran Microsoft selalunya lebih ramah pengguna berbanding keluaran syarikat lain. Cuma faktor harganya sahaja yang mungkin menyebabkan timbulnya perisian alternatif  lain seperti SharpDevelop. Sebelum berpindah kepada alternatif percuma, perhatian perlu diberikan kepada perbandingan ciri-ciri setiap perisian supaya pengaturcara cara tahu kelebihan dan kekurangan setiap perisian yang mahu digunakannya,

FeatureSharpDevelop 4.1SharpDevelop 4.0Visual Studio 2010 Express Editions
Code Auto-CompletionYesYesYes
Code Syntax HighlightingYesYesYes
Windows Forms DesignerYesYesYes
Web Forms DesignerNoNoProvided with Visual Web Developer
WPF DesignerYesYesYes
Code CoverageYesYesNo
Unit TestingYesYesNo
Languages SupportedC#, C++, VB.NET, Boo, F#, IronPython, IronRubyC#, C++, VB.NET, Boo, F#, IronPython, IronRubyC#, C++, VB.NET, JavaScript (IronPython and IronRuby support is available with Visual Studio 2010 Shell)
Window Phone Development SupportNoNoYes
Cloud Application Development (Windows Azure)NoNoYes
ProfilingYesYesNo
Help DocumentationNoNoYes
Plug-in SupportYesYesNo
Insert PInvoke SignaturesYesYesNo
Testing Regular ExpressionsYesYesNo
Class ViewYesYesYes
Solution ExplorerYesYesYes
Project and Solution File FormatMSBuildMSBuildMSBuild
Web ReferencesYesYesYes
RefactoringsRename, Extract Method, Remove unused importsRename, Extract Method, Remove unused importsRename, Extract Method
Go To DefinitionYesYesYes
Find ReferencesYesYesYes
Code GenerationYes. Not as powerful as Visual Studio's Code Snippet Manager.Yes. Not as powerful as Visual Studio's Code Snippet Manager.Yes
Object BrowserNoNoYes
Database ExplorerYesYesYes
PublishingNoNoYes
Data Sources ViewNoNoYes
Add Data Source WizardNoNoYes
Document Outline ViewNoNoYes
ResourcesLocal and projectLocal and projectLocal and project
ActiveX Toolbox ItemsPartial - need to generate .NET interop libraryPartial - need to generate .NET interop libraryYes
Integrated DebuggerYesYesYes
Targeting Different .NET FrameworksYesYesYes
ReportingYesYesNo
Task ListYesYesYes
Error ListYesYesYes
Database Designer ToolsNoNoYes
Code ConversionYesYesNo
Integrated WiX SupportYesYesNo
Integrated FxCop SupportYesYesNo
Integrated StyleCop SupportYesYesNo
Navigation HistoryYesYesYes
XPath QueriesYesYesNo
Incremental SearchYesYesYes
Attach to ProcessYesYesNo
Navigate ToYes (called Go To in SharpDevelop)Yes (called Go To in SharpDevelop)No
Version Control SupportGit, SubversionGit, SubversionNo
XML Documentation Preview and GenerationNo preview supportNo preview supportNo
NuGetYesNoAvailable in Visual Web Developer Express
T4 TemplatesYesNo preview supportYes

Sunday, October 28, 2012

Multiply will no longer support the social networking features beyond December 1, 2012

Saya dah agak Multiply akan berhenti beroperasi. Saya berhenti menggunakan Multiply semenjak 2006 lagi.
Kenyataan rasmi saya bahawa Multiply tidak ramah-blogger


Hello.

This is Stefan Magdalinski, CEO of Multiply.
Over the past year and a half, Multiply has shifted its business focus on expanding its e-Commerce presence in Southeast Asia, concentrating primarily on the Philippine & Indonesian markets. It is for this reason that we have moved the Multiply Headquarters from Florida, USA to Jakarta, Indonesia.
You know from my last update that as part of this shift in strategic focus to online shopping & selling, we will no longer support the social networking features beyond December 1, 2012. We know this decision is an unpopular one, but rest assured it was carefully considered, and we feel that it is only through single-minded focus that we will achieve our goal to be Asia's most loved online marketplace.
For our users who utilize our social network features (blog, video, photo, etc), we realize that this is painful, and we are launching some tools to help you preserve your content or move it to another platform.
The export tools are now available below your headshot on your Multiply site and enable you to do the following:
  1. Download your content to your computer
  2. Export to Blogger (a blogging platform owned by Google)
There are efforts to offer ways to migrate your content to other platforms such as Tumblr and Wordpress but these are still in the works and we will keep you updated as things progress.
Using the export tool:
  1. Visit your Multiply page (example: multiplyid.multiply.com)
  2. Click one of the options available on your Multiply page (below your headshot):
    1. Download Media: to download all media files
    2. Export to Blogger: to transfer your blogs to your Blogger page
      1. Choose file you would like to download
      2. You will receive an email (via the email address registered to your Multiply account) containing a link to download all your Multiply files along with instructions on how to import them to Blogger.
Sample Email(Sample Email)
These tools will be available until December 1, 2012 for you to migrate your content. There are efforts underway to offer ways to migrate your content to other platforms such as Tumblr and Wordpress, and we will keep you posted as these options materialize.
For more information, please read this list of Frequently Asked Questions on this process.
Should you have any questions regarding the export tool, please let us know by dropping an email to support@multiply.com.
Thank you for your kind attention. It has been a joy to have been your trusted partner in the storage and sharing of your lives online and we look forward to remain a part of your lives as we complete our transition into SEA’s leading online marketplace.

Warm Regards,
Stefan
Note:
If you are using custom CSS the links to the export tools may not be visible under your headshot. In this case you can use the following urls to access them directly
http://(INSERT USER ID).multiply.com/download-media
http://(INSERT USER ID).multiply.com/export-to-blogger
http://(INSERT USER ID).multiply.com/export-to-tumblr

Saturday, October 27, 2012

Simple Way To ... Learn Linux Kernel

Cara Mudah Untuk ... Mempelajari Linux Kernel

Saya cuba mencari artikel di Internet yang dapat memberikan maklumat pengenalan yang mudah tentang Linux Kernel. Antara yang termudah untuk difahami adalah http://www.tuxradar.com/content/how-linux-kernel-works (kandungannya dipaparkan di bawah).



------------------------------------------------------------------------------------------------------------

How the Linux kernel works

Linux
In depth: My trusty Oxford Dictionary defines a kernel as "a softer, usually edible part of a nut" but offers as a second meaning: "The central or most important part of something." (Incidentally, it's this first definition that gives rise to the contrasting name 'shell', meaning, in Linux-speak, a command interpreter.) In case you're a bit hazy on what a kernel actually does, we'll start with a bit of theory.
The kernel is a piece of software that, roughly speaking, provides a layer between the hardware and the application programs running on a computer. In a strict, computer-science sense, the term 'Linux' refers only to the kernel - the bit that Linus Torvalds wrote in the early 90s.
All the other pieces you find in a Linux distribution - the Bash shell, the KDE window manager, web browsers, the X server, Tux Racer and everything else - are just applications that happen to run on Linux and are emphatically not part of the operating system itself. To give some sense of scale, a fresh installation of RHEL5 occupies about 2.5GB of disk space (depending, obviously, on what you choose to include). Of this, the kernel, including all of its modules, occupies 47MB, or about 2%.

INSIDE THE KERNEL

But what does the kernel actually do? The diagram below shows the big picture. The kernel makes its services available to the application programs that run on it through a large collection of entry points, known technically as system calls.
The kernel uses system calls such as 'read' and 'write' to provide an abstraction of your hardware.
The kernel uses system calls such as 'read' and 'write' to provide an abstraction of your hardware.
From a programmer's viewpoint, these look just like ordinary function calls, although in reality a system call involves a distinct switch in the operating mode of the processor from user space to kernel space. Together, the repertoire of system calls provides a 'Linux virtual machine', which can be thought of as an abstraction of the underlying hardware.
One of the more obvious abstractions provided by the kernel is the filesystem. By way of example, here's a short program (written in C) that opens a file and copies its contents to standard output:
#include 
int main()
{
    int fd, count; char buf[1000];
    fd=open("mydata", O_RDONLY);
    count = read(fd, buf, 1000);
    write(1, buf, count);
    close(fd);
}
Here, you see examples of four system calls - open, read, write and close. Don't fret over the details of the syntax; that's not important right now. The point is this: through these system calls (and a few others) the Linux kernel provides the illusion of a 'file' - a sequence of bytes of data that has a name - and protects you from the underlying details of tracks and sectors and heads and free block lists that you'd have to get into if you wanted to talk to the hardware directly. That's what we mean by an abstraction.
As you'll see from the picture above, the kernel has to work hard to maintain this same abstraction when the filesystem itself might be stored in any of several formats, on local storage devices such as hard disks, CDs or USB memory sticks - or might even be on a remote system and accessed through a network protocol such as NFS or CIFS.
There may even be an additional device mapper layer to support logical volumes or RAID. The virtual filesystem layer within the kernel enables it to present these underlying forms of storage as a collection of files within a single hierarchical filesystem.

BEHIND THE SCENES

The filesystem is one of the more obvious abstractions provided by the kernel. Some features are not so directly visible. For example, the kernel is responsible for process scheduling. At any one time, there are likely to be several processes (programs) waiting to run.
The kernel's scheduler allocates CPU time to each one, so that if you look over a longer timescale (a few seconds) you have the illusion that the computer is running several programs at the same time. Here's another little C program:
#include 
main()
{
  if (fork()) {
    write(1, "Parent\n", 7);
    wait(0);
    exit(0);
  }
  else {
    write(1, "Child\n", 6);
    exit(0);
  }
}
This program creates a new process; the original process (the parent) and the new process (the child) each write a message to standard output, then terminate. Again, don't stress about the syntax. Just notice that the system calls fork(), exit() and wait() perform process creation, termination and synchronisation respectively. These are elegantly simple calls that hide the underlying compexities of process management and scheduling.
An even less visible function of the kernel, even to programmers, is memory management. Each process runs under the illusion that it has an address space (a valid range of memory addresses) to call its own. In reality, it's sharing the physical memory of the computer with many other processes, and if the system is running low on memory, some of its address space may even be parked out on the disk in the swap area.
Another aspect of memory management is that it prevents one process from accessing the address space of another - a necessary precaution to preserve the integrity of a multi-processing operating system.
The kernel also implements networking protocols such as IP, TCP and UDP that provide machine-to-machine and process-to-process communication over a network. Again, this is all about illusions. TCP provides the illusion of a permanent connection between two processes - like a piece of copper wire connecting two telephones - but in reality no permanent connection exists. Note that specific application protocols such as FTP, DNS or HTTP are implemented by user-level programs and aren't part of the kernel.
Linux (like Unix before it) has a good reputation for security. It's the kernel that tracks the user ID and group ID of each running process and uses these to provide a yes/no decision each time an application attempts to access a resource (such as opening a file for writing), by checking the access permissions on the file. This access control model is ultimately responsible for the security of Linux systems as a whole.
Finally (apologies to the many programmers who've written pieces of the kernel that do things that aren't on this brief list), the kernel provides a large collection of modules that know how to handle the low-level details of talking to hardware devices - how to read a sector from a disk, how to retrieve a packet from a network interface card and so on. These are sometimes called device drivers.

THE MODULAR KERNEL

Now we have some idea of what the kernel does, let's look briefly at its physical organisation. Early versions of the Linux kernel were monolithic - that is, all the bits and pieces were statically linked into one (rather large) executable file.
In contrast, modern Linux kernels are modular: a lot of the functionality is contained in modules that are loaded into the kernel dynamically. This keeps the core of the kernel small and makes it possible to load or replace modules in a running kernel without rebooting.
The core of the kernel is loaded into memory at boot time from a file in the /boot directory called something like vmlinuz-KERNELVERSION, where KERNELVERSION is, of course, the kernel version. (To find out what kernel version you have, run the command uname -r.) The kernel's modules are under the directory /lib/modules/KERNELVERSION. All of these pieces were copied into place when the kernel was installed.

MANAGING MODULES

For the most part, Linux manages its modules without your help, but there are commands to examine and manage the modules manually, should the need arise. For example, to find out which modules are currently loaded into the kernel, use lsmod. Here's a sample of the output:
# lsmod
pcspkr              4224  0 
hci_usb            18204  2 
psmouse            38920  0 
bluetooth          55908  7 rfcomm,l2cap,hci_usb
yenta_socket       27532  5 
rsrc_nonstatic     14080  1 yenta_socket
isofs              36284  0 
The fields in this output are the module's name, its size, its usage count and a list of the modules that are dependent on it. The usage count is important to prevent unloading a module that's currently active. Linux will only enable a module to be removed if its usage count is zero.
You can manually load and unload modules using modprobe. (There are two lower-level commands called insmod and rmmod that do the job, but modprobe is easier to use because it automatically resolves module dependencies.) For example, the output of lsmod on our machine shows a loaded module called isofs, which has a usage count of zero and no dependent modules. (isofs is the module that supports the ISO filesystem format used on CDs.) The kernel is happy to let us unload the module, like this:
# modprobe -r isofs
Now isofs doesn't show up on the output of lsmod and, for what it's worth, the kernel is using 36,284 bytes less memory. If you put in a CD and let it automount, the kernel will automatically reload the isofs module and its usage count will rise to 1. If you try to remove the module now, you won't succeed because it's in use:
# modprobe -r isofs 
FATAL: Module isofs is in use.
Whereas lsmod just lists the modules that are currently loaded, modprobe -l will list all the available modules. The output essentially shows all the modules living under /lib/modules/KERNELVERSION; be prepared for a long list!
In reality, it would be unusual to load a module manually with modprobe, but if you did you could pass parameters to the module via the modprobe command line. Here's an example:
# modprobe usbcore blinkenlights=1
No, we haven't just invented blinkenlights - it's a real parameter for the usbcore module.
The tricky bit is knowing what parameters a module accepts. You could phone a friend or even ask the audience, but a better approach is to use the modinfo command, which lists a variety of information about the module.
Here's an example for the module snd-hda-intel. We've pruned the output somewhat in the interests of brevity:
# modinfo snd-hda-intel 
filename:       /lib/modules/2.6.20-16-generic/kernel/sound/pci/hda/snd-hda-intel.ko
description:    Intel HDA driver
license:        GPL
srcversion:     A3552B2DF3A932D88FFC00C
alias:          pci:v000010DEd0000055Dsv*sd*bc*sc*i*
alias:          pci:v000010DEd0000055Csv*sd*bc*sc*i*
depends:        snd-pcm,snd-page-alloc,snd-hda-codec,snd
vermagic:       2.6.20-16-generic SMP mod_unload 586 
parm:           index:Index value for Intel HD audio interface. (int)
parm:           id:ID string for Intel HD audio interface. (charp)
parm:           model:Use the given board model. (charp)
parm:           position_fix:Fix DMA pointer (0 = auto, 1 = none, 2 = POSBUF, 3 = FIFO size). (int)
parm:           probe_mask:Bitmask to probe codecs (default = -1). (int)
parm:           single_cmd:Use single command to communicate with codecs (for debugging only). (bool)
parm:           enable_msi:Enable Message Signaled Interrupt (MSI) (int)
parm:           enable:bool
The lines of interest to us here are those starting with parm: - these show the parameters accepted by that module. These descriptions are terse, to say the least. To go hunting for further documentation, install the kernel source code. Then you'll find a directory called something like /usr/src/KERNELVERSION/Documentation.
There's some interesting stuff under here; for example, the file /usr/src/KERNELVERSION/Documentation/sound/alsa/ALSA-Configuration.txt describes the parameters recognised by many of the ALSA sound modules. The file /usr/src/KERNELVERSION/Documentation/kernel-parameters.txt is also helpful.
An example of needing to pass parameters to a module came up quite recently on one of the Ubuntu forums (see https://help.ubuntu.com/community/HdaIntelSoundHowto). Essentially the point was that the snd-hda-intel module needed a little help in driving the sound hardware correctly and would sometimes hang when it loaded at boot time. Part of the fix was to supply the option probe_mask=1 to the module. So, if you were loading the module manually, you'd type:
# modprobe snd-hda-intel probe_mask=1
More likely, you'd place a line in the file /etc/modprobe.conf like this:
options snd-hda-intel probe_mask=1
This tells modprobe to include the probe_mask=1 option every time it loads the snd-hda-intel module. Some recent Linux distrubutions split this information up into multiple files under /etc/modprobe.d rather than putting it all in modprobe.conf.

THE /PROC FILESYSTEM

The Linux kernel also exposes a great deal of information via the /proc filesystem. To make sense of /proc we need to broaden our concept of what a file is.
Instead of thinking of a file as permanent information stored on a hard drive or a CD or a memory stick, we need to think of it as any information that can be accessed via traditional system calls such as the open/read/write/close calls we saw earlier, and which can, therefore, be accessed by ordinary programs such as cat or less.
The 'files' under /proc are entirely a figment of the kernel's imagination and provide a view into many of the kernel's internal data structures.
In fact, many Linux reporting tools present nicely formatted versions of the information they find in the files under /proc. As an example, a listing of /proc/modules will show you a list of currently loaded modules that's strangely reminiscent of the output from lsmod.
In a similar vein, the contents of /proc/meminfo provides more detail about the current status of the virtual memory system than you could shake a stick at, whereas tools such as vmstat and top provide some of this information in a (marginally) more accessible format. As another example, /proc/net/arp shows the current contents of the system's ARP cache; from the command line, arp -a shows the same information.
Of particular interest are the 'files' under /proc/sys. As an example, the setting under /proc/sys/net/ipv4/ip_forward says whether the kernel will forward IP datagrams - that is, whether it will function as a gateway. Right now, the kernel is telling us that this is turned off:
# cat /proc/sys/net/ipv4/ip_forward 
0
It gets much more interesting when you discover that you can write to these files, too. Continuing our example:
# echo 1 > /proc/sys/net/ipv4/ip_forward
...will turn on IP forwarding in the running kernel.
Instead of using cat and echo to examine and modify the settings under /proc/sys, you can also use the sysctl command:
# sysctl net.ipv4.ip_forward 
net.ipv4.ip_forward = 0
Which is equivalent to:
# cat /proc/sys/net/ipv4/ip_forward 
0
And:
# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
...is the same as
# echo 1 > /proc/sys/net/ipv4/ip_forward
Notice that the pathnames you supply to sysctl use a full stop (.) to separate the components instead of the usual forward slash (/), and that the paths are all relative to /proc/sys.
Be aware that settings you change in this way only affect the current running kernel - they will not survive a reboot. To make settings permanent, put them into the file /etc/sysctl.conf. At boot time, sysctl will automatically re-establish any settings it finds in this file.
A line in /etc/sysctl.conf might look like this:
net.ipv4.ip_forward=1

PERFORMANCE TUNING

The writeable parameters under /proc/sys have spawned a whole sub-culture of Linux performance tuning. Personally, I think this is overrated, but here are a few examples should you wish to try it.
The installation instructions for Oracle 10g (www.oracle.com/technology/obe/obe10gdb/install/linuxpreinst/linuxpreinst.htm) ask you to set a number of parameters, including:
kernel.shmmax=2147483648
...which sets the maximum shared memory segment size to 2GB. (Shared memory is an inter-process communication mechanism that enables a memory segment to be visible within the address space of multiple processes.)
The IBM 'Redpaper' on Linux performance and tuning guidelines (www.redbooks.ibm.com/abstracts/redp4285.html) makes many suggestions for adjusting parameters under /proc/sys, including this:
vm.swappiness=100
This parameter controls how aggressively memory pages are swapped to disk.
Some parameters may be adjusted to improve security. Bob Cromwell's website (http://cromwell-intl.com/security/security-stack-hardening.html) has some good examples, including this:
net.ipv4.icmp_echo_ignore_broadcasts=1
...which tells the kernel not to respond to broadcast ICMP ping requests, making your network less vulnerable to a type of denial-of-service attack known as a Smurf attack.
Here's another example:
net.ipv4.conf.all.rp_filter=1
That tells the kernel to enforce sanity checking, also called ingress filtering or egress filtering. The point is to drop a packet if the source and destination IP addresses in the IP header don't make sense when considered in light of the physical interface on which it arrived.
So, is there any documentation on all these parameters? Well, the command
# sysctl -a
will show you all their names and current values. It's a long list, but it gives you no clue what any of them actually do. So what else is there? As it turns out, O'Reilly has published a book, written by Olivier Daudel and called /proc et /sys. Oui, mes amis, it's in French, and we're not aware of an English translation.
Another useful reference is the Red Hat Enterprise Linux Reference Guide, which devotes an entire chapter to the subject. You can download it from www.redhat.com/docs/manuals/enterprise. The definitive book about the Linux kernel is Understanding the Linux Kernel by Bovet and Cesati (O'Reilly), but be aware that this is mainly about kernel internals and is probably more of interest to wannabe kernel developers and computer science students rather than system administrators.
It's also possible to configure and build your own kernel. For this, you might try Greg Kroah-Hartman's Linux Kernel in a Nutshell, an O'Reilly title that makes a delightful but presumably unintended play on words. But, of course, you have to be nuts to make a kernel.

IS PERFORMANCE TUNING WORTH IT?

My father's first car was a Wolseley 1500, registration 49 RNU, though how I come to remember such an obscure and ancient detail is beyond me. Anyway, he loved tinkering, and spent hours making minute adjustments to things like the ignition timing and mixture setting.
Occasionally he'd remove the spark plugs and adjust the gaps. While the plugs were out, he'd pour redex into the cylinders as part of some mysterious process of colonic irrigation. After this, the car would produce satisfyingly robust clouds of black smoke out the back as the redex burned off.
The trouble was that he had no objective way of measuring what improvements his efforts had made. He kept meticulous records of petrol purchases and mileages and calculated fuel consumption to several decimal places, and there was a specific hill he'd drive up in third gear to "see how it went", but it wasn't what you'd call scientific.
Many Linux system administrators find themselves in a similar position. They know there are all kinds of parameters they can tweak that might improve performance, but have little idea of what most of them do and no good way to measure performance. So, our advice is: unless you know what you're doing, and/or have a way to measure performance, leave these settings alone!
First published in Linux Format
First published in Linux Format magazine