xml, split bc factor sudo etc.

Author: cirosantilli

README.md

@@ -46,6 +46,12 @@ Media video, games, etc.) file types, viewers, editors, capture, synthesizers:
 - [markup](markup/):                Markdown, RST. Focus on command line interface and extensions.
 - [video.md](video.md):             videos, films, subtitles.
 
+Generic data formats:
+
+- [json.md](json.md)
+- [unicode.md](unicode.md)
+- [xml/](xml/)
+
 [virtual-machine.md/](virtual-machine): Vagrant, Docker.
 
 Related subjects in other repositories:

bc.md

@@ -0,0 +1,15 @@
+POSIX
+
+Simple interpreted language, calculator focus.
+
+Cute toy language that only exists because it is POSIX =),
+but is completely superseded by any modern interpreted language,
+and only golfs very slightly better than Python.
+
+C like syntax.
+
+Features: variable definition, function definition, arrays, strings
+
+Non features: string concatenation:
+
+    [ `echo '1+1' | bc` = 2 ] || exit 1

desktop/README.md

@@ -329,7 +329,7 @@ Get info:
 - `-d`: desktop info
 - `-m`: window manager info
 
-###window choice
+###Window choice
 
 In order to act on a window, one must first select it. The ways to do it are:
 
@@ -801,7 +801,17 @@ GNOME and KDE rivalry started when KDE chose to use QT in 1998 which was not GPL
 
 As of Qt 4, LGPL versions of Qt exist on all platforms, but the damage has been done: the open source community is divided and maintain duplicate versions for many desktop software, thus using up resources.
 
-###applications
+###KDE command line options
+
+KDE has a great level of uniformity across its programs, and all of them get standard KDE command line options.
+
+Some useful options are:
+
+-   `--caption asdfqwer`: set the caption for the window.
+
+    E.g., if without this option you would get: `filename.pdf - Okular` on the window title, with the option it becomes `filename.pdf - asdfqwer`. This is useful to reference the application from another program like `wmctrl -a asdfqwer`.
+
+###Applications
 
 KDE offers both basic building blocks, and full applications.
 
@@ -811,7 +821,7 @@ KDESC applications release at the same time as new KDE versions. For example, Ok
 
 There are also projects which use KDE, but which are not part of the KDESC.
 
-###libs
+###Libraries
 
 A typical KDE application relies on the following shared libraries:
 
@@ -1492,7 +1502,7 @@ Icons are needed at several places to help identify the application:
 - when showing a program suggestion list
 - when switching windows
 
-The icon is identified by the `Icon` field, which corresponds to a file under `XDG_DATA_DIRS/icons`.
+The icon is identified by the `Icon` field, which corresponds to a file under `$XDG_DATA_DIRS/icons`.
 
 That directory may contain multiple versions of each icon, at various resolutions, color depths and styles, since icon themes can also change with DE settings. `hicolor/48x48` should contains lots of standard icons.
 

factor.md

@@ -0,0 +1,7 @@
+#factor
+
+Coreutils.
+
+Factor a number into prime constituents.
+
+    [ "`factor 30`" = "30: 2 3 5" ] || exit 1

file-permissions.md

@@ -59,7 +59,7 @@ In Linux, the file type is also stored in the same `struct` as it's permissions.
 
 This also suggests why the symbolic notation also incorporates this information in a single word: because all that data is in the same place.
 
-TODO: why the leading `0`?
+The leading `0` denotes octal notation.
 
 ##Symbolic
 

image/README.md

@@ -44,7 +44,9 @@ Algorithm: removes high frequencies of the image's 2D Fourier transform.
 
 ##SVG
 
-Vector, XML based, non compressed.
+Vector, XML based, non-compressed.
+
+Standard developed by W3C, so the format is closely linked to the web and browsers. Latest version: <http://www.w3.org/TR/SVG/>. Can be styled by separate CSS style sheets.
 
 Image is described by mathematical formulas, not bits, therefore it is potentially tiny if the image is mathematically simple and the description is perfect (to floating point precision), which allows for example for infinite zoom.
 

image/svg.svg

@@ -1,6 +1,14 @@
+Very popular plain text data exchange format.
+
+Currently specified in by two competing standards:
+
+- IETF RFC4627: <http://www.ietf.org/rfc/rfc4627.txt> (2006)
+- ECMA-404: <http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-404.pdf>
+
 JSON is based on EcmaScript 3 literal notation.
+For this reason it is specially popular amongst the Javascript community.
 
-It is however not a strict subset of Javascript object only because it can 
+It is however *not* a strict subset of Javascript object only because it can 
 contain two characters that Javascript cannot: <http://timelessrepo.com/json-isnt-a-javascript-subset>
 and JSON creator [said](https://mail.mozilla.org/pipermail/es-discuss/2009-June/009451.html):
 

json.md

@@ -81,7 +81,7 @@ Most function definitions or declarations don't contain any comments, so you rea
 
 ##Payed sources
 
-###Books on general operating systems
+###Books on operating systems in general
 
 -   [stallings11][]
 
@@ -129,10 +129,14 @@ The kernel does the most fundamental operations such as:
 
     The kernel schedules programs one after another quite quickly and in a smart way, so that even users with a single processor can have the impression that they are running multiple applications at the same time, while in reality all they are doing is switching very quickly between applications.
 
+-   **virtualization**
+
+    The kernel can make a single system look like multiple systems, e.g. to allow code to be run in a well determined environment. The subsystem that does this is called LXC: `Linux Containers`, and is exploited in applications such as Docker.
+
 Therefore it reaches general goals such as:
 
 - increasing code portability across different hardware and architectures
-- creating useful and simple abstractions which programs can rely on (contiguous RAM memory, files, processes, user permissions, etc)
+- creating useful and simple abstractions which programs can rely on (contiguous RAM memory, files, processes, user permissions, etc.)
 
 #POSIX
 
@@ -332,7 +336,7 @@ You cannot use floating point operations on kernel code because that would incur
 
 #Rings
 
-x86 implemented concept
+x86 implemented concept.
 
 Programs can run in different rings.
 
@@ -414,11 +418,11 @@ TODO how to go back to the old kernel image by default at startup? Going again i
 
 TODO how to install the `/usr/src/linux-headers- headers`?
 
-#test
+#Test the kernel
 
 Tips on how to test with the kernel.
 
-##kernel module
+##Kernel module
 
 A kernel module can be inserted and removed while the kernel is running, so it may prevent a time costly rebooting.
 
@@ -525,9 +529,9 @@ Each process has a representation on the file system under `/proc/\d+` which all
 
 #Interruptions
 
-- user space process can be interrupted by anything, including other user space processes.
+-   user space process can be interrupted by anything, including other user space processes.
 
-- kernel space processes can be interrupted by other kernel processes or interrupts handlers, but not by user space processes.
+-   kernel space processes can be interrupted by other kernel processes or interrupts handlers, but not by user space processes.
 
     Examples of things that generate kernel space processes:
 
@@ -732,8 +736,14 @@ Never changes between processes.
 
 Note that this is *virtual* memory, so it is independent of the actual size of the memory as the hardware and the kernel can give processes the illusion that they actually have amounts of memory larger than the hardware for instance.
 
+##ASLR
+
+##Address space layout randomization
+
 ##Random offset segments
 
+<http://en.wikipedia.org/wiki/Address_space_layout_randomization#Linux>
+
 Randomly generated for each process to avoid attacks.
 
 Must be small not to take too much space.
@@ -1009,12 +1019,19 @@ It is managed by schedulers, and is a central part of how the scheduler chooses
 
 There is one run queue per processor.
 
+#LXC
+
+##cgroups
+
+##Namespaces
+
+It seems that cgroups and namespaces are parts of the LXC subsystem. TODO confirm.
+
 [bovet05]:        http://www.amazon.com/books/dp/0596005652
 [corbet05]:       http://www.amazon.com/books/dp/0596005903
 [free-electrons]: http://lxr.free-electrons.com/ident
 [kernel-mail]:    http://vger.kernel.org/vger-lists.html
 [kernel-org]:     https://www.kernel.org/doc/
-[kernel-org]:     https://www.kernel.org/doc/
 [kernelnewbies]:  http://kernelnewbies.org/
 [love06]:         http://www.amazon.com/books/dp/0596005652
 [stallings11]:    http://www.amazon.com/Operating-Systems-Internals-Principles-Edition/dp/013230998X

kernel/README.md

@@ -0,0 +1,55 @@
+This section discusses how to run untrusted code in a sandboxed environment.
+
+It appears that safe and low overhead virtualization is not yet a well achieved goal, and there is a log of work being put into it today. 
+
+Every option has potential risks, even traditional Virtual Machines like VirtualBox have had vulnerabilities found.
+
+Sample application: online C compiler service.
+
+The following aspects must be either denied or give a quota to:
+
+- disallow editing server files. Either lock user into a subdirectory, or create an entire virtual filesystem.
+- hard disk usage
+- RAM usage
+- network usage
+- CPU usage
+- other devices and associated system resources: file descriptors (hard disk device availability), 
+
+# Process limits
+
+Linux and POSIX offer several per process limits. POSIX ones are documented with the `getrlimit` interface at <http://pubs.opengroup.org/onlinepubs/9699919799/functions/getrlimit.html>
+
+For those limits to be useful, you need limit the maximum number of processes an user can run, possibly to 1. It seems that this can be done through PAM limits.
+
+# Per user limits
+
+##PAM
+
+##/etc/security/limits.conf
+
+TODO confirm this section.
+
+Module that sets per user resoruce quotas.
+
+<http://www.cyberciti.biz/tips/linux-limiting-user-process.html>
+
+Allows for several useful limits, e.g. `nproc` for the number or processes.
+
+    man limits.conf
+    man pam_limits
+
+# Docker
+
+TODO
+
+# Sources
+
+There are tons of SO questions about this subject, each with a different requirement set:
+
+- <http://stackoverflow.com/questions/437433/limit-in-the-memory-and-cpu-available-for-a-user-in-linux>
+- <http://stackoverflow.com/questions/9506596/what-harm-can-a-c-asm-program-do-to-linux-when-run-by-an-unprivileged-user>
+- <http://stackoverflow.com/questions/792764/secure-way-to-run-other-people-code-sandbox-on-my-server>
+- <http://stackoverflow.com/questions/3859710/what-is-the-safest-way-to-run-an-executable-on-linux>
+- <http://unix.stackexchange.com/questions/34334/how-to-create-a-user-with-limited-ram-usage>
+- <http://unix.stackexchange.com/questions/85411/how-to-prevent-fork-bomb>
+- <http://stackoverflow.com/questions/4249063/run-an-untrusted-c-program-in-a-sandbox-in-linux-that-prevents-it-from-opening-f>

sandbox.md

@@ -0,0 +1,15 @@
+#simple-scan
+
+GUI scanner interface.
+
+Very simple to scan once you manage to install the scanner driver.
+
+Usage:
+
+    simple-scan
+
+Then click scan button. The image updates as the scan is made,
+and you can stop it when you are done before the scanner reached the bottom.
+
+Make sure your scanner supports the definition preferences you set
+or you will get a connexion error.