Glossary

All entries marked with ^FOLDOC are based on definitions in the Free Online Dictionary of Computing (www.foldoc.org), Denis Howe, editor. Used with permission.

10.0.0.0: See private address space on page 1049.

172.16.0.0: See private address space on page 1049.

192.168.0.0: See private address space on page 1049.

802.11: A family of specifications developed by IEEE for wireless LAN technology, including 802.11 (12 megabits per second), 802.11a (54 megabits per second), 802.11b (11 megabits per second), and 802.11g (54 megabits per second).

absolute pathname: A pathname that starts with the root directory (/). An absolute pathname locates a file without regard to the working directory.

access: In computer jargon, a verb meaning to use, read from, or write to. To access a file means to read from or write to the file.

Access Control List: See ACL.

access permission: Permission to read from, write to, or execute a file. If you have write access permission to a file, you can write to the file. Also access privilege.

ACL: Access Control List. A system that performs a function similar to file permissions but with much finer-grain control.

active window: On a desktop, the window that receives the characters you type on the keyboard. Same as focus, desktop (page 1032).

address mask: See subnet mask on page 1058.

alias: A mechanism of a shell that enables you to define new commands.

alphanumeric character: One of the characters, either uppercase or lowercase, from A to Z and 0 to 9, inclusive.

ambiguous file reference: A reference to a file that does not necessarily specify any one file but can be used to specify a group of files. The shell expands an ambiguous file reference into a list of filenames. Special characters represent single characters (?), strings of zero or more characters (*), and character classes ([]) within ambiguous file references. An ambiguous file reference is a type of regular expression (page 1052).

angle bracket: A left angle bracket (<) and a right angle bracket (>). The shell uses < to redirect a command's standard input to come from a file and > to redirect the standard output. The shell uses the characters << to signify the start of a Here document and >> to append output to a file.

animate: When referring to a window action, means that the action is slowed down so the user can view it. For example, when you minimize a window, it can disappear all at once (not animated) or it can slowly telescope into the panel so you can get a visual feel for what is happening (animated).

anti-aliasing: Adding gray pixels at the edge of a diagonal line to get rid of the jagged appearance and thereby make the line look smoother. Anti-aliasing sometimes makes type on a screen look better and sometimes worse; it works best on small and large fonts and is less effective on fonts from 8 to 15 points. See also subpixel hinting (page 1058).

API: Application program interface. The interface (calling conventions) by which an application program accesses an operating system and other services. An API is defined at the source code level and provides a level of abstraction between the application and the kernel (or other privileged utilities) to ensure the portability of the code.^FOLDOC

append: To add something to the end of something else. To append text to a file means to add the text to the end of the file. The shell uses >> to append a command's output to a file.

applet: A small program that runs within a larger program. Examples are Java applets that run in a browser and panel applets that run from a desktop panel.

archive: A file that contains a group of smaller, typically related, files. Also, to create such a file. The tar and cpio utilities can create and read archives.

argument: A number, letter, filename, or another string that gives some information to a command and is passed to the command when it is called. A command line argument is anything on a command line following the command name that is passed to the command. An option is a kind of argument.

arithmetic expression: A group of numbers, operators, and parentheses that can be evaluated. When you evaluate an arithmetic expression, you end up with a number. The Bourne Again Shell uses the expr command to evaluate arithmetic expressions; the TC Shell uses @, and the Z Shell uses let.

array: An arrangement of elements (numbers or strings of characters) in one or more dimensions. The Bourne Again, TC, and Z Shells and gawk can store and process arrays.

ASCII

American Standard Code for Information Interchange. A code that uses seven bits to represent both graphic (letters, numbers, and punctuation) and CONTROL characters. You can represent textual information, including program source code and English text, in ASCII code. Because ASCII is a standard, it is frequently used when exchanging information between computers. See the file /usr/pub/ascii or give the command man ascii to see a list of ASCII codes.

Extensions of the ASCII character set use eight bits. The seven-bit set is common; the eight-bit extensions are still coming into popular use. The eighth bit is sometimes referred to as the metabit.

ASCII terminal: A textual terminal. Contrast with graphical display (page 1033).

ASP: Application service provider. A company that provides applications over the Internet.

asynchronous event: An event that does not occur regularly or synchronously with another event. Linux system signals are asynchronous; they can occur at any time because they can be initiated by any number of nonregular events.

attachment: A file that is attached to, but is not part of, a piece of email. Attachments are frequently opened by programs (including your Internet browser) that are called by your mail program so you may not be aware that they are not an integral part of an email message.

authentication: The verification of the identity of a person or process. In a communication system, authentication verifies that a message comes from its stated source. Methods of authentication on a Linux system include the /etc/passwd and /etc/shadow files, LDAP, Kerberos 5, and SMB authentication.^FOLDOC

automatic mounting: A way of demand mounting directories from remote hosts without having them hard configured into /etc/fstab. Also called automounting.

avoided: An object, such as a panel, that should not normally be covered by another object, such as a window.

back door

A security hole deliberately left in place by the designers or maintainers of a system. The motivation for creating such holes is not always sinister; some operating systems, for example, come out of the box with privileged accounts intended for use by field service technicians or the vendor's maintenance programmers.

Ken Thompson's 1983 Turing Award lecture to the ACM revealed the existence, in early UNIX versions, of a back door that may be the most fiendishly clever security hack of all time. The C compiler contained code that would recognize when the login command was being recompiled and would insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him.

Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to use the compiler, so Thompson arranged that the compiler would recognize when it was compiling a version of itself. It would insert into the recompiled compiler the code to insert into the recompiled login the code to allow Thompson entry, and, of course, the code to recognize itself and do the whole thing again the next time around. Having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources.

Sometimes called a wormhole. Also trap door.^FOLDOC

background process: A process that is not run in the foreground. Also called a detached process, a background process is initiated by a command line that ends with an ampersand (&). You do not have to wait for a background process to run to completion before giving the shell additional commands. If you have job control, you can move background processes to the foreground, and vice versa.

basename: The name of a file that, in contrast with a pathname, does not mention any of the directories containing the file (and therefore does not contain any slashes [/]). For example, hosts is the basename of /etc/hosts.^FOLDOC

baud

The maximum information-carrying capacity of a communication channel in symbols (state transitions or level transitions) per second. It coincides with bits per second only for two-level modulation with no framing or stop bits. A symbol is a unique state of the communication channel, distinguishable by the receiver from all other possible states. For example, it may be one of two voltage levels on a wire for a direct digital connection, or it might be the phase or frequency of a carrier.^FOLDOC

Baud is often mistakenly used as a synonym for bits per second.

baud rate: Transmission speed. Usually used to measure terminal or modem speed. Common baud rates range from 110 to 38,400 baud. See baud.

Berkeley UNIX: One of the two major versions of the UNIX operating system. Berkeley UNIX was developed at the University of California at Berkeley by the Computer Systems Research Group and is often referred to as BSD (Berkeley Software Distribution).

BIND: Berkeley Internet Name Domain. An implementation of a DNS (page 1029) server developed and distributed by the University of California at Berkeley

BIOS: Basic Input/Output System. On PCs, EEPROM-based (page 1030) system software that provides the lowest-level interface to peripheral devices and controls the first stage of the bootstrap (page 1022) process, which loads the operating system. The BIOS can be stored in different types of memory. The memory must be nonvolatile so that it remembers the system settings even when the system is turned off. Also BIOS ROM. Refer to page 26 for instructions on how to open the BIOS screens for maintenance.

bit: The smallest piece of information a computer can handle. A bit is a binary digit: either 1 or 0 (on or off).

bit depth: Same as color depth (page 1025).

bit-mapped display: A graphical display device in which each pixel on the screen is controlled by an underlying representation of zeros and ones.

blank character: Either a SPACE or a TAB character, also called whitespace (page 1063). In some contexts, NEWLINEs are considered blank characters.

block: A section of a disk or tape (usually 1,024 bytes long but shorter or longer on some systems) that is written at one time.

block device: A disk or tape drive. A block device stores information in blocks of characters. A block device is represented by a block device (block special) file. Contrast with character device (page 1024).

block number: Disk and tape blocks are numbered so that Linux can keep track of the data on the device.

blocking factor: The number of logical blocks that make up a physical block on a tape or disk. When you write 1K logical blocks to a tape with a physical block size of 30K, the blocking factor is 30.

Boolean: The type of an expression with two possible values: true and false. Also, a variable of Boolean type or a function with Boolean arguments or result. The most common Boolean functions are AND, OR, and NOT.^FOLDOC

boot: See bootstrap.

boot loader: A very small program that takes its place in the bootstrap process that brings a computer from off or reset to a fully functional state. See "Boot Loader" on page 533.

bootstrap: Derived from "Pull oneself up by one's own bootstraps," the incremental process of loading an operating system kernel into memory and starting it running without any outside assistance. Frequently shortened to boot.

Bourne Again Shell: bash. GNU's command interpreter for UNIX, bash is a POSIX-compliant shell with full Bourne Shell syntax and some C Shell commands built in. The Bourne Again Shell supports emacs-style command line editing, job control, functions, and online help.^FOLDOC

Bourne Shell: sh. This UNIX command processor was developed by Steve Bourne at AT&T Bell Laboratories.

brace: A left brace ({) and a right brace (}). Braces have special meanings to the shell.

bracket: A square bracket (page 1057) or an angle bracket (page 1018).

branch: In a tree structure, a branch connects nodes, leaves, and the root. The Linux filesystem hierarchy is often conceptualized as an upside-down tree. The branches connect files and directories. In a source code control system, such as SCCS or RCS, a branch occurs when a revision is made to a file and is not included in subsequent revisions to the file.

bridge: Typically a two-port device originally used for extending networks at layer 2 (data link) of the Internet Protocol model.

broadcast: A transmission to multiple, unspecified recipients. On Ethernet a broadcast packet is a special type of multicast packet that has a special address indicating that all devices that receive it should process it. Broadcast traffic exists at several layers of the network stack, including Ethernet and IP. Broadcast traffic has one source but indeterminate destinations (all hosts on the local network).

broadcast address: The last address on a subnet (usually 255), reserved as shorthand to mean all hosts.

broadcast network: A type of network, such as Ethernet, in which any system can transmit information at any time, and all systems receive every message.

BSD: See Berkeley UNIX on page 1021.

buffer: An area of memory that stores data until it can be used. When you write information to a file on a disk, Linux stores the information in a disk buffer until there is enough to write to the disk or until the disk is ready to receive the information.

bug: An unwanted and unintended program property, especially one that causes the program to malfunction.^FOLDOC

builtin (command): A command that is built into a shell. Each of the three major shellsthe Bourne Again, TC, and Z Shellshas its own set of builtins. Refer to "Builtins" on page 225.

byte: A component in the machine data hierarchy, usually larger than a bit and smaller than a word; now most often eight bits and the smallest addressable unit of storage. A byte typically holds one character.^FOLDOC

C programming language: A modern systems language that has high-level features for efficient, modular programming as well as lower-level features that make it suitable for use as a systems programming language. It is machine independent so that carefully written C programs can be easily transported to run on different machines. Most of the Linux operating system is written in C, and Linux provides an ideal environment for programming in C.

C Shell: csh. The C Shell command processor was developed by Bill Joy for BSD UNIX. It was named for the C programming language because its programming constructs are similar to those of C. See shell on page 1055.

cable modem: A type of modem that allows you to access the Internet by using your cable television connection.

cache: Holding recently accessed data, a small, fast memory designed to speed up subsequent access to the same data. Most often applied to processor-memory access but also used for a local copy of data accessible over a network, from a hard disk, and so on.^FOLDOC

calling environment: A list of variables and their values that is made available to a called program. Refer to "Executing a Command" on page 302.

cascading stylesheet: See CSS on page 1027.

cascading windows: An arrangement of windows such that they overlap, generally with at least part of the title bar visible. Opposite of tiled windows (page 1060).

case sensitive: Able to distinguish between uppercase and lowercase characters. Unless you set the ignorecase parameter, vim performs case-sensitive searches. The grep utility performs case-sensitive searches unless you use the i option.

catenate: To join sequentially, or end to end. The Linux cat utility catenates files: It displays them one after the other. Also concatenate.

chain loading: The technique used by a boot loader to load unsupported operating systems. Used for loading such operating systems as DOS or Windows, it works by loading another boot loader.

character-based: A program, utility, or interface that works only with ASCII (page 1019) characters. This set of characters includes some simple graphics, such as lines and corners, and can display colored characters. It cannot display true graphics. Contrast with GUI (page 1034).

character-based terminal: A terminal that displays only characters and very limited graphics. See character-based.

character class

In a regular expression, a group of characters that defines which characters can occupy a single character position. A character-class definition is usually surrounded by square brackets. The character class defined by [abcr] represents a character position that can be occupied by a, b, c, or r. Also list operator.

In POSIX, used to refer to sets of characters with a common characteristic, denoted by the notation [:class:]; for example, [:upper:] denotes the set of uppercase letters.

This book uses the term character class as explained under "Brackets" on page 969.

character device: A terminal, printer, or modem. A character device stores or displays characters one at a time. A character device is represented by a character device (character special) file. Contrast with block device (page 1021).

checksum

A computed value that depends on the contents of a block of data and is transmitted or stored along with the data to detect corruption of the data. The receiving system recomputes the checksum based on the received data and compares this value with the one sent with the data. If the two values are the same, the receiver has some confidence that the data was received correctly.

The checksum may be 8, 16, or 32 bits, or some other size. It is computed by summing the bytes or words of the data block, ignoring overflow. The checksum may be negated so that the total of the data words plus the checksum is zero.

Internet packets use a 32-bit checksum.^FOLDOC

child process: A process that is created by another process, the parent process. Every process is a child process except for the first process, which is started when Linux begins execution. When you run a command from the shell, the shell spawns a child process to run the command. See process on page 1049.

CIDR: Classless Inter-Domain Routing. A scheme that allocates blocks of Internet addresses in a way that allows summarization into a smaller number of routing table entries. A CIDR block is a block of Internet addresses assigned to an ISP by the Internic. Refer to "CIDR: Classless Inter-Domain Routing" on page 357.^FOLDOC

CIFS: Common Internet File System. An Internet filesystem protocol based on SMB (page 1055). CIFS runs on top of TCP/IP, uses DNS, and is optimized to support slower dial-up Internet connections. SMB and CIFS are used interchangeably.^FOLDOC

CIPE: Crypto IP Encapsulation (page 1031). This protocol (page 1050) tunnels (page 1061) IP packets within encrypted UDP (page 1061) packets, is lightweight and simple, and works over dynamic addresses, NAT (page 1044), and SOCKS (page 1056) proxies (page 1050).

cipher (cypher): A cryptographic system that uses a key to transpose/substitute characters within a message, the key itself, or the message.

ciphertext: Text that is encrypted. Contrast with plaintext (page 1048). See also "Encryption" on page 988.

Classless Inter-Domain Routing: See CIDR on page 1024.

cleartext: Text that is not encrypted. Also plaintext. Contrast with ciphertext. See also "Encryption" on page 988.

CLI: Command line interface. See also character-based (page 1024).

client: A computer or program that requests one or more services from a server.

CODEC: Coder/decoder or compressor/decompressor. A hardware and/or software technology that codes and decodes data. MPEG is a popular CODEC for computer video.

color depth: The number of bits used to generate a pixelusually 8, 16, 24, or 32. The color depth is directly related to the number of colors that can be generated. The number of colors that can be generated is 2 raised to the color-depth power. Thus a 24-bit video adapter can generate about 16.7 million colors.

color quality: See color depth.

combo box: A combination of a list and text entry box. A user can either select an option from a provided list or enter his own option.

command: What you give the shell in response to a prompt. When you give the shell a command, it executes a utility, another program, a builtin command, or a shell script. Utilities are often referred to as commands. When you are using an interactive utility, such as vim or mail, you use commands that are appropriate to that utility.

command line: A line containing instructions and arguments that executes a command. This term usually refers to a line that you enter in response to a shell prompt on a character-based terminal or terminal emulator (page 93).

command substitution: Replacing a command with its output. The shells perform command substitution when you enclose a command between $( and ) or between a pair of back ticks (' '), also called grave accent marks.

component architecture: A notion in object-oriented programming where "components" of a program are completely generic. Instead of having a specialized set of methods and fields, they have generic methods through which the component can advertise the functionality it supports to the system into which it is loaded. This strategy enables completely dynamic loading of objects. JavaBeans is an example of a component architecture.^FOLDOC

concatenate: See catenate on page 1023.

condition code: See exit status on page 1031.

connection-oriented protocol

A type of transport layer data communication service that allows a host to send data in a continuous stream to another host. The transport service guarantees that all data will be delivered to the other end in the same order as sent and without duplication. Communication proceeds through three well-defined phases: connection establishment, data transfer, and connection release. The most common example is TCP (page 1059).

Also called connection-based protocol and stream-oriented protocol. Contrast with connectionless protocol and datagram (page 1028).^FOLDOC

connectionless protocol: The data communication method in which communication occurs between hosts with no previous setup. Packets sent between two hosts may take different routes. There is no guarantee that packets will arrive as transmitted or even that they will arrive at the destination at all. UDP (page 1061) is a connectionless protocol. Also called packet switching. Contrast with circuit switching and connection-oriented protocol.^FOLDOC

console: See system console on page 1059.

console terminal: See system console on page 1059.

control character

A character that is not a graphic character, such as a letter, number, or punctuation mark. Such characters are called control characters because they frequently act to control a peripheral device. RETURN and FORMFEED are control characters that control a terminal or printer.

The word CONTROL is shown in this book in THIS FONT because it is a key that appears on most terminal keyboards. Control characters are represented by ASCII codes less than 32 (decimal). See also nonprinting character on page 1046.

control structure: A statement used to change the order of execution of commands in a shell script or other program. Each shell provides control structures (for example, if and while) as well as other commands that alter the order of execution (for example, exec). Also control flow commands.

cookie: Data stored on a client system by a server. The client system browser sends the cookie back to the server each time it accesses that server. For example, a catalog shopping service may store a cookie on your system when you place your first order. When you return to the site, it knows who you are and can supply your name and address for subsequent orders. You may consider cookies to be an invasion of privacy.

CPU: Central processing unit. The part of a computer that controls all the other parts. The CPU includes the control unit and the arithmetic and logic unit (ALU). The control unit fetches instructions from memory and decodes them to produce signals that control the other parts of the computer. These signals can cause data to be transferred between memory and ALU or peripherals to perform input or output. A CPU that is housed on a single chip is called a microprocessor. Also processor and central processor.

cracker: An individual who attempts to gain unauthorized access to a computer system. These individuals are often malicious and have many means at their disposal for breaking into a system. Contrast with hacker (page 1034).^FOLDOC

crash: The system suddenly and unexpectedly stops or fails. Derived from the action of the hard disk heads on the surface of the disk when the air gap between the two collapses.

cryptography

The practice and study of encryption and decryptionencoding data so that only a specific individual or machine can decode it. A system for encrypting and decrypting data is a cryptosystem. Such systems usually rely on an algorithm for combining the original data (plaintext) with one or more keysnumbers or strings of characters known only to the sender and/or recipient. The resulting output is called ciphertext (page 1025).

The security of a cryptosystem usually depends on the secrecy of keys rather than on the supposed secrecy of an algorithm. Because a strong cryptosystem has a large range of keys, it is not possible to try all of them. Ciphertext appears random to standard statistical tests and resists known methods for breaking codes.^FOLDOC

.cshrc file: In your home directory, a file that the TC Shell executes each time you invoke a new TC Shell. You can use this file to establish variables and aliases.

CSS: Cascading stylesheet. Describes how documents are presented on screen and in print. Attaching a stylesheet to a structured document can affect the way it looks without adding new HTML (or other) tags and without giving up device independence. Also stylesheet.

current (process, line, character, directory, event, and so on): The item that is immediately available, working, or being used. The current process is the program you are running, the current line or character is the one the cursor is on, and the current directory is the working directory.

cursor: A small lighted rectangle, underscore, or vertical bar that appears on the terminal screen and indicates where the next character will appear. Differs from the mouse pointer (page 1043).

daemon: A program that is not invoked explicitly but lies dormant, waiting for some condition(s) to occur. The perpetrator of the condition need not be aware that a daemon is lurking (although often a program will commit an action only because it knows that it will implicitly invoke a daemon). From the mythological meaning, later rationalized as the acronym Disk And Execution MONitor. See Table 10-4 on page 374 for a list of daemons.^FOLDOC

data structure: A particular format for storing, organizing, working with, and retrieving data. Frequently, data structures are designed to work with specific algorithms that facilitate these tasks. Common data structures include trees, files, records, tables, arrays, and so on.

datagram: A self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network. UDP (page 1061) uses datagrams; IP (page 1038) uses packets (page 1047). Packets are indivisible at the network layer; datagrams are not.^FOLDOC See also frame (page 1033).

dataless: A computer, usually a workstation, that uses a local disk to boot a copy of the operating system and access system files but does not use a local disk to store user files.

dbm: A standard, simple database manager. Implemented as gdbm (GNU database manager), it uses hashes to speed searching. The most common versions of the dbm database are dbm, ndbm, and gdbm.

DDoS attack: Distributed denial of service attack. A DoS attack (page 1030) from many systems that do not belong to the perpetrator of the attack.

debug: To correct a program by removing its bugs (that is, errors).

default: Something that is selected without being explicitly specified. For example, when used without an argument, ls displays a list of the files in the working directory by default.

delta: A set of changes made to a file that has been encoded by the Source Code Control System (SCCS).

denial of service: See DoS attack on page 1030.

dereference: When speaking of symbolic links, follow the link rather than working with the reference to the link. For example, the L or dereference option causes ls to list the entry that a symbolic link points to rather than the symbolic link (the reference) itself.

desktop: A collection of windows, toolbars, icons, and buttons, some or all of which appear on your display. A desktop comprises one or more workspaces (page 1064). Refer to "Getting the Most from the Desktop" on page 85.

desktop manager: An icon- and menu-based user interface to system services that allows you to run applications and use the filesystem without using the system's command line interface.

detached process: See background process on page 1020.

device: A disk drive, printer, terminal, plotter, or other input/output unit that can be attached to the computer. Short for peripheral device.

device driver: Part of the Linux kernel that controls a device, such as a terminal, disk drive, or printer.

device file: A file that represents a device. Also special file.

device filename: The pathname of a device file. All Linux systems have two kinds of device files: block and character device files. Linux also has FIFOs (named pipes) and sockets. Device files are traditionally located in the /dev directory.

device number: See major device number (page 1042) and minor device number (page 1043).

DHCP: Dynamic Host Configuration Protocol. A protocol that dynamically allocates IP addresses to computers on a LAN. Refer to "DHCP: Configures Hosts" on page 431.^FOLDOC

directory: Short for directory file. A file that contains a list of other files.

directory hierarchy: A directory, called the root of the directory hierarchy, and all the directory and ordinary files below it (its children).

directory service: A structured repository of information on people and resources within an organization, facilitating management and communication.^FOLDOC

disk partition: See partition on page 1047.

diskless: A computer, usually a workstation, that has no disk and must contact another computer (a server) to boot a copy of the operating system and access the necessary system files.

distributed computing: A style of computing in which tasks or services are performed by a network of cooperating systems, some of which may be specialized.

DMZ: Demilitarized zone. A host or small network that is a neutral zone between a LAN and the Internet. It can serve Web pages and other data to the Internet and allow local systems access to the Internet while preventing LAN access to unauthorized Internet users. Even if a DMZ is compromised, it holds no data that is private and none that cannot be easily reproduced.

DNS: Domain Name Service. A distributed service that manages the correspondence of full hostnames (those that include a domain name) to IP addresses and other system characteristics.

DNS domain name: See domain name.

document object model: See DOM.

DOM: Document Object Model. A platform-/language-independent interface that enables a program to update the content, structure, and style of a document dynamically. The changes can then be made part of the displayed document. Go to www.w3.org/DOM for more information.

domain name: A name associated with an organization, or part of an organization, to help identify systems uniquely. Technically, the part of the FQDN (page 1032) to the right of the leftmost period. Domain names are assigned hierarchically. The domain berkeley.edu refers to the University of California at Berkeley, for example; it is part of the top-level edu (education) domain. Also DNS domain name. Different than NIS domain name (page 1046).

Domain Name Service: See DNS.

door: An evolving filesystem-based RPC (page 1053) mechanism.

DoS attack: Denial of service attack. An attack that attempts to make the target host or network unusable by flooding it with spurious traffic.

DPMS: Display Power Management Signaling. A standard that can extend the life of CRT monitors and conserve energy. DPMS supports four modes for a monitor: Normal, Standby (power supply on, monitor ready to come to display images almost instantly), Suspend (power supply off, monitor takes up to ten seconds to display an image), and Off.

drag: To move an icon from one position or application to another, usually in the context of a window manager. The motion part of drag-and-drop.

druid: In role-playing games, a character that represents a magical user. Red Hat uses the term druid at the ends of names of programs that guide you through a task-driven chain of steps. Other operating systems call these types of programs wizards.

DSA: Digital Signature Algorithm. A public key cipher used to generate digital signatures.

DSL: Digital Subscriber Line/Loop. Provides high-speed digital communication over a specialized, conditioned telephone line. See also xDSL (page 1064).

Dynamic Host Configuration Protocol: See DHCP on page 1029.

editor: A utility, such as vim or emacs, that creates and modifies text files.

EEPROM: Electrically erasable, programmable, readonly memory. A PROM (page 1049) that can be written to.

effective user ID: The user ID that a process appears to have; usually the same as the user ID. For example, while you are running a setuid program, the effective user ID of the process running the program is that of the owner of the program.

element: One thing; usually a basic part of a group of things. An element of a numeric array is one of the numbers stored in the array.

emoticon: See smiley on page 1055.

encapsulation: See tunneling on page 1061.

environment: See calling environment on page 1023.

EOF: End of file.

EPROM: Erasable programmable readonly memory. A PROM (page 1049) that can be written to by applying a higher than normal voltage.

escape: See quote on page 1050.

Ethernet: A type of LAN (page 1040) capable of transfer rates as high as 1,000 megabits per second. Refer to "Ethernet" on page 347.

event: An occurrence, or happening, of significance to a task or programfor example, the completion of an asynchronous input/output operation, such as a keypress or mouse click.^FOLDOC

exabyte: 2⁶⁰ bytes or about 10¹⁸ bytes. See also large number (page 1040).

exit status: The status returned by a process; either successful (usually 0) or unsuccessful (usually 1).

exploit: A security hole or an instance of taking advantage of a security hole.^FOLDOC

expression: See logical expression (page 1041) and arithmetic expression (page 1019).

extranet: A network extension for a subset of users (such as students at a particular school or engineers working for the same company). An extranet limits access to private information even though it travels on the public Internet.

failsafe session: A session that allows you to log in on a minimal desktop in case your standard login does not work well enough to allow you to log in to fix a login problem.

FDDI: Fiber Distributed Data Interface. A type of LAN (page 1040) designed to transport data at the rate of 100 million bits per second over fiberoptic cable.

file: A collection of related information referred to with a filename and frequently stored on a disk. Text files typically contain memos, reports, messages, program source code, lists, or manuscripts. Binary or executable files contain utilities or programs that you can run. Refer to "Directory Files and Ordinary Files" on page 166.

filename: The name of a file. A filename refers to a file.

filename completion: Automatic completion of a filename after you specify a unique prefix.

filename extension: The part of a filename following a period.

filename generation: What occurs when the shell expands ambiguous file references. See ambiguous file reference on page 1018.

filesystem: A data structure (page 1028) that usually resides on part of a disk. All Linux systems have a root filesystem, and many have other filesystems. Each filesystem is composed of some number of blocks, depending on the size of the disk partition that has been assigned to the filesystem. Each filesystem has a control block, named the superblock, that contains information about the filesystem. The other blocks in a filesystem are inodes, which contain control information about individual files, and data blocks, which contain the information in the files.

filling: A variant of maximizing in which window edges are pushed out as far as they can go without overlapping another window.

filter: A command that can take its input from standard input and send its output to standard output. A filter transforms the input stream of data and sends it to standard output. A pipe usually connects a filter's input to standard output of one command, and a second pipe connects the filter's output to standard input of another command. The grep and sort utilities are commonly used as filters.

firewall

A device for policy-based traffic management used to keep a network secure. A firewall can be implemented in a single router that filters out unwanted packets, or it can rely on a combination of routers, proxy servers, and other devices. Firewalls are widely used to give users access to the Internet in a secure fashion and to separate a company's public WWW server from its internal network. They are also employed to keep internal network segments more secure.

Recently the term has come to be defined more loosely to include a simple packet filter running on an endpoint machine.

See also proxy server on page 1050.

firmware: Software built into a computer, often in ROM (page 1053). May be used as part of the bootstrap (page 1022) procedure.

focus, desktop: On a desktop, the window that is active. The window with the desktop focus receives the characters you type on the keyboard. Same as active window (page 1018).

footer: The part of a format that goes at the bottom (or foot) of a page. Contrast with header (page 1034).

foreground process: When you run a command in the foreground, the shell waits for the command to finish before giving you another prompt. You must wait for a foreground process to run to completion before you can give the shell another command. If you have job control, you can move background processes to the foreground, and vice versa. See job control on page 1039. Contrast with background process (page 1020).

fork: To create a process. When one process creates another process, it forks a process. Also spawn.

FQDN: Fully qualified domain name. The full name of a system, consisting of its hostname and its domain name, including the top-level domain. Technically the name that gethostbyname(2) returns for the host named by gethostname(2). For example, speedy is a hostname and speedy.example.com is an FQDN. An FQDN is sufficient to determine a unique Internet address for a machine on the Internet.^FOLDOC

frame: A data link layer packet that contains, in addition to data, the header and trailer information required by the physical medium. Network layer packets are encapsulated to become frames.^FOLDOC See also datagram (page 1028) and packet (page 1047).

free list: In a filesystem, the list of blocks that are available for use. Information about the free list is kept in the superblock of the filesystem.

free software: Refer to Appendix D, "The Free Software Definition."

free space: The portion of a hard disk that is not within a partition. A new hard disk has no partitions and contains all free space.

full duplex: The ability to receive and transmit data simultaneously. A network switch (page 1045) is typically a full-duplex device. Contrast with half-duplex (page 1034).

fully qualified domain name: See FQDN on page 1032.

function: See shell function on page 1055.

gateway: A generic term for a computer or a special device connected to more than one dissimilar type of network to pass data between them. Unlike a router, a gateway often must convert the information into a different format before passing it on. The historical usage of gateway to designate a router is deprecated.

GCOS: See GECOS.

GECOS: General Electric Comprehensive Operating System. For historical reasons, the user information field in the /etc/passwd file is called the GECOS field. Also GCOS.

giga-: In the binary system, the prefix giga- multiplies by 2³⁰ (i.e., 1,073,741,824). Gigabit and gigabyte are common uses of this prefix. Abbreviated as G. See also large number on page 1040.

glyph: A symbol that communicates a specific piece of information nonverbally. A smiley (page 1055) is a glyph.

GMT: Greenwich Mean Time. See UTC on page 1062.

graphical display: A bitmapped monitor that can display graphical images. Contrast with ASCII terminal (page 1019).

graphical user interface: See GUI on page 1034.

group (of users): A collection of users. Groups are used as a basis for determining file access permissions. If you are not the owner of a file and you belong to the group the file is assigned to, you are subject to the group access permissions for the file. A user can simultaneously belong to several groups.

group (of windows): A way to identify similar windows so they can be displayed and acted on similarly. Typically windows started by a given application belong to the same group.

group ID: A unique number that identifies a set of users. It is stored in the password and group databases (/etc/passwd and /etc/group files or their NIS equivalents). The group database associates group IDs with group names.

GUI: Graphical user interface. A GUI provides a way to interact with a computer system by choosing items from menus or manipulating pictures drawn on a display screen instead of by typing command lines. Under Linux, the X Window System provides a graphical display and mouse/keyboard input. GNOME and KDE are two popular desktop managers that run under X. Contrast with character-based (page 1024).

hacker: A person who enjoys exploring the details of programmable systems and learning how to stretch their capabilities, as opposed to users, who prefer to learn only the minimum necessary. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming.^FOLDOC Contrast with cracker (page 1027).

half-duplex: A half-duplex device can only receive or transmit at a given moment; it cannot do both. A hub (page 1036) is typically a half-duplex device. Contrast with full duplex (page 1033).

hard link: A directory entry that contains the filename and inode number for a file. The inode number identifies the location of control information for the file on the disk, which in turn identifies the location of the file's contents on the disk. Every file has at least one hard link, which locates the file in a directory. When you remove the last hard link to a file, you can no longer access the file. See link (page 1040) and symbolic link (page 1058).

hash: A string that is generated from another string. See one-way hash function on page 1046. When used for security, a hash can prove, almost to a certainty, that a message has not been tampered with during transmission: The sender generates a hash of a message, encrypts the message and hash, and sends the encrypted message and hash to the recipient. The recipient decrypts the message and hash, generates a second hash from the message, and compares the hash that the sender generated to the new hash. When they are the same, the message has probably not been tampered with. A hash can also be used to create an index called a hash table. Also hash value.

hash table: An index created from hashes of the items to be indexed. The hash function makes it highly unlikely that two items will create the same hash. To look up an item in the index, create a hash of the item and search for the hash. Because the hash is typically shorter than the item, the search is more efficient.

header: When you are formatting a document, the header goes at the top, or head, of a page. In electronic mail the header identifies who sent the message, when it was sent, what the subject of the message is, and so forth.

Here document: A shell script that takes its input from the file that contains the script.

hesiod: The nameserver of project Athena. Hesiod is a name service library that is derived from BIND (page 1021) and leverages a DNS infrastructure.

heterogeneous: Consisting of different parts. A heterogeneous network includes systems produced by different manufacturers and/or running different operating systems.

hexadecimal number

A base 16 number. Hexadecimal (or hex) numbers are composed of the hexadecimal digits 09 and AF. See Table G-1.

Table G-1. Decimal, octal, and hexadecimal numbers
Decimal	Octal	Hex	Decimal	Octal	Hex
1	1	1	17	21	11
2	2	2	18	22	12
3	3	3	19	23	13
4	4	4	20	24	14
5	5	5	21	25	15
6	6	6	31	37	1F
7	7	7	32	40	20
8	10	8	33	41	21
9	11	9	64	100	40
10	12	A	96	140	60
11	13	B	100	144	64
12	14	C	128	200	80
13	15	D	254	376	FE
14	16	E	255	377	FF
15	17	F	256	400	100
16	20	10	257	401	101

hidden file: A file whose filename starts with a period. These files are called hidden because the ls utility does not normally list them. Use the a option of ls to list all files, including hidden ones. The shell does not expand a leading asterisk (*) in an ambiguous file reference to match the filename of a hidden file. Also invisible file.

hierarchy: An organization with a few things, or thingone at the topand with several things below each other thing. An inverted tree structure. Examples in computing include a file tree where each directory may contain files or other directories, a hierarchical network, and a class hierarchy in object-oriented programming.^FOLDOC Refer to "The Hierarchical Filesystem" on page 166.

history: A shell mechanism that enables you to modify and reexecute recent commands.

home directory: The directory that is your working directory when you first log in. The pathname of this directory is stored in the HOME shell variable.

hover: To leave the mouse pointer stationary for a moment over an object. In many cases hovering displays a tooltip (page 1060).

HTML: Hypertext Markup Language. A hypertext document format used on the World Wide Web. Tags, which are embedded in the text, consist of a less than sign (<), a directive, zero or more parameters, and a greater than sign (>). Matched pairs of directives, such as <TITLE> and </TITLE>, delimit text that is to appear in a special place or style.^FOLDOC For more information on HTML, go to www.htmlhelp.com/faq/html/all.html.

HTTP: Hypertext Transfer Protocol. The client/server TCP/IP protocol used on the World Wide Web for the exchange of HTML documents.

hub: A multiport repeater. A hub rebroadcasts all packets it receives on all ports. This term is frequently used to refer to small hubs and switches, regardless of the device's intelligence. It is a generic term for a layer 2 shared-media networking device. Today the term hub is sometimes used to refer to small intelligent devices, although that was not its original meaning. Contrast with network switch (page 1045).

hypertext: A collection of documents/nodes containing (usually highlighted or underlined) cross-references or links, which, with the aid of an interactive browser program, allow the reader to move easily from one document to another.^FOLDOC

Hypertext Markup Language: See HTML.

Hypertext Transfer Protocol: See HTTP.

i/o device: Input/output device. See device on page 1028.

IANA: Internet Assigned Numbers Authority. A group that maintains a database of all permanent, registered system services (www.iana.org).

ICMP: Internet Control Message Protocol. A type of network packet that carries only messages, no data.

icon: In a GUI, a small picture representing a file, directory, action, program, and so on. When you click an icon, an action, such as opening a window and starting a program or displaying a directory or Web site, takes place. From miniature religious statues.^FOLDOC

iconify: The process of changing a window into an icon. Contrast with restore (page 1052).

ignored window: A state in which a window has no decoration and therefore no buttons or titlebar to control it with.

indentation: See indention.

indention: The blank space between the margin and the beginning of a line that is set in from the margin.

inode: A data structure (page 1028) that contains information about a file. An inode for a file contains the file's length, the times the file was last accessed and modified, the time the inode was last modified, owner and group IDs, access privileges, number of links, and pointers to the data blocks that contain the file itself. Each directory entry associates a filename with an inode. Although a single file may have several filenames (one for each link), it has only one inode.

input: Information that is fed to a program from a terminal or other file. See standard input on page 1057.

installation: A computer at a specific location. Some aspects of the Linux system are installation dependent. Also site.

interactive: A program that allows ongoing dialog with the user. When you give commands in response to shell prompts, you are using the shell interactively. Also, when you give commands to utilities, such as vim and mail, you are using the utilities interactively.

interface: The meeting point of two subsystems. When two programs work together, their interface includes every aspect of either program that the other deals with. The user interface (page 1062) of a program includes every program aspect the user comes into contact with: the syntax and semantics involved in invoking the program, the input and output of the program, and its error and informational messages. The shell and each of the utilities and built-in commands have a user interface.

International Organization for Standardization: See ISO on page 1038.

internet: A large network that encompasses other, smaller networks.

Internet: The largest internet in the world. The Internet (uppercase "I") is a multilevel hierarchy composed of backbone networks (ARPANET, NSFNET, MILNET, and others), midlevel networks, and stub networks. These include commercial (.com or .co), university (.ac or .edu), research (.org or .net), and military (.mil) networks and span many different physical networks around the world with various protocols, including the Internet Protocol (IP). Outside the United States, country code domains are popular (.us, .es, .mx, .de, and so forth), although you will see them used within the United States as well.

Internet Protocol: See IP.

Internet service provider: See ISP.

intranet: An inhouse network designed to serve a group of people such as a corporation or school. The general public on the Internet does not have access to the intranet. See page 344.

invisible file: See hidden file on page 1035.

IP: Internet Protocol. The network layer for TCP/IP. IP is a best-effort, packet-switching, connectionless protocol (page 1026) that provides packet routing, fragmentation, and reassembly through the data link layer. IPv4 is slowly giving way to IPv6.^FOLDOC

IP address: Internet Protocol address. A four-part address associated with a particular network connection for a system using the Internet Protocol (IP). A system that is attached to multiple networks that use the IP will have a different IP address for each network interface.

IP multicast: See multicast on page 1044.

IP spoofing: A technique used to gain unauthorized access to a computer. The would-be intruder sends messages to the target machine. These messages contain an IP address indicating that the messages are coming from a trusted host (page 362). The target machine responds to the messages, giving the intruder (privileged) access to the target.

IPC: Interprocess communication. A method to communicate specific information between programs.

IPv4: IP version 4. See IP and IPv6.

IPv6: IP version 6. The next generation of Internet Protocol, which provides a much larger address space (2¹²⁸ bits versus 2³² bits for IPv4) that is designed to accommodate the rapidly growing number of Internet addressable devices. IPv6 also has built-in autoconfiguration, enhanced security, better multicast support, and many other features.

ISDN: Integrated Services Digital Network. A set of communications standards that allows a single pair of digital or standard telephone wires to carry voice, data, and video at a rate of 64 kilobits per second.

ISO: International Organization for Standardization. A voluntary, nontreaty organization founded in 1946. It is responsible for creating international standards in many areas, including computers and communications. Its members are the national standards organizations of 89 countries, including the American National Standards Institute.^FOLDOC

ISO9660: The ISO standard defining a filesystem for CD-ROMs.

ISP: Internet service provider. Provides Internet access to its customers.

job control: A facility that enables you to move commands from the foreground to the background and vice versa. Job control enables you to stop commands temporarily.

journaling filesystem

A filesystem that maintains a noncached log file, or journal, which records all transactions involving the filesystem. When a transaction is complete, it is marked as complete in the log file.

The log file results in greatly reduced time spent recovering a filesystem after a crash, making it particularly valuable in systems where high availability is an issue.

JPEG: Joint Photographic Experts Group. This committee designed the standard image-compression algorithm. JPEG is intended for compressing either full-color or gray-scale digital images of natural, real-world scenes and does not work as well on nonrealistic images, such as cartoons or line drawings. Filename extensions: .jpg, .jpeg.^FOLDOC

justify: To expand a line of type in the process of formatting text. A justified line has even margins. A line is justified by increasing the space between words and sometimes between letters on the line.

Kerberos: An MIT-developed security system that authenticates users and machines. It does not provide authorization to services or databases; it establishes identity at logon, which is used throughout the session. Once you are authenticated, you can open as many terminals, windows, services, or other network accesses as you like until your session expires.

kernel: The part of the operating system that allocates machine resources, including memory, disk space, and CPU (page 1026) cycles, to all other programs that run on a computer. The kernel includes the low-level hardware interfaces (drivers) and manages processes (page 1049), the means by which Linux executes programs. The kernel is the part of the Linux system that Linus Torvalds originally wrote (see the beginning of Chapter 1).

kernelspace: The part of memory (RAM) where the kernel resides. Code running in kernel-space has full access to hardware and all other processes in memory. See the KernelAnalysis-HOWTO.

key binding: A keyboard key is said to be bound to the action that results from pressing it. Typically keys are bound to the letters that appear on the keycaps: When you press A, an A appears on the screen. Key binding usually refers to what happens when you press a combination of keys, one of which is CONTROL, ALT, META, or SHIFT, or when you press a series of keys, the first of which is typically ESCAPE.

keyboard: A hardware input device consisting of a number of mechanical buttons (keys) that the user presses to input characters to a computer. By default a keyboard is connected to standard input of a shell.^FOLDOC

kilo-: In the binary system, the prefix kilo- multiplies by 2¹⁰ (i.e., 1,024). Kilobit and kilobyte are common uses of this prefix. Abbreviated as k.

Korn Shell: ksh. A command processor, developed by David Korn at AT&T Bell Laboratories, that is compatible with the Bourne Shell but includes many extensions. See also shell on page 1055.

LAN: Local area network. A network that connects computers within a localized area (such as a single site, building, or department).

large number: Go to mathworld.wolfram.com/LargeNumber.html for a comprehensive list.

LDAP: Lightweight Directory Access Protocol. A simple protocol for accessing online directory services. LDAP is a lightweight alternative to the X.500 Directory Access Protocol (DAP). It can be used to access information about people, system users, network devices, email directories, and systems. In some cases, it can be used as an alternative for services such as NIS. Given a name, many mail clients can use LDAP to discover the corresponding email address. See directory service on page 1029.

leaf: In a tree structure, the end of a branch that cannot support other branches. When the Linux filesystem hierarchy is conceptualized as a tree, files that are not directories are leaves. See node on page 1046.

least privilege, concept of

Mistakes that Superuser makes can be much more devastating than those made by an ordinary user. When you are working on the computer, especially when you are working as the system administrator, always perform any task using the least privilege possible. If you can perform a task logged in as an ordinary user, do so. If you must be logged in as Superuser, do as much as you can as an ordinary user, log in as root or give an su or sudo command so that you have Superuser privileges, do as much of the task that has to be done as Superuser, and revert to being an ordinary user as soon as you can.

Because you are more likely to make a mistake when you are rushing, this concept becomes more important when you have less time to apply it.

Lightweight Directory Access Protocol: See LDAP.

link: A pointer to a file. Two kinds of links exist: hard links and symbolic (soft) links. A hard link associates a filename with a place on the disk where the contents of the file is located. A symbolic link associates a filename with the pathname of a hard link to a file. See hard link (page 1034) and symbolic link (page 1058).

Linux-PAM: See PAM on page 1047.

Linux-Pluggable Authentication Modules: See PAM on page 1047.

loadable kernel module: See loadable module.

loadable module: A portion of the operating system that controls a special device and that can be loaded automatically into a running kernel as needed to access that device. See "Using Loadable Kernel Modules" on page 531.

local area network: See LAN on page 1040.

locale: The language; date, time, and currency formats; character sets; and so forth that pertain to a geopolitical place or area. For example, en_US specifies English as spoken in the United States and dollars; en_UK specifies English as spoken in the United Kingdom and pounds. See the locale man page in section 5 of the system manual for more information. Also the locale utility.

log in: To gain access to a computer system by responding correctly to the login: and Password: prompts. Also log on, login.

log out: To end your session by exiting from your login shell. Also log off.

logical expression: A collection of strings separated by logical operators (>, >=, =, !=, <=, and <) that can be evaluated as true or false. Also Boolean (page 1022) expression.

.login file: A file in a user's home directory that the TC Shell executes when you log in. You can use this file to set environment variables and to run commands that you want executed at the beginning of each session.

login name: See username on page 1062.

login shell: The shell that you are using when you log in. The login shell can fork other processes that can run other shells, utilities, and programs.

.logout file: A file in a user's home directory that the TC Shell executes when you log out, assuming that the TC Shell is your login shell. You can put in the .logout file commands that you want run each time you log out.

MAC address

Media Access Control address. The unique hardware address of a device connected to a shared network medium. Each Ethernet adapter has a globally unique MAC address in ROM. MAC addresses are 6 bytes long, enabling 256⁶ (about 300 trillion) possible addresses or 65,536 addresses for each possible IPv4 address.

A MAC address performs the same role for Ethernet that an IP address performs for TCP/IP: It provides a unique way to identify a host.

machine collating sequence: The sequence in which the computer orders characters. The machine collating sequence affects the outcome of sorts and other procedures that put lists in alphabetical order. Many computers use ASCII codes so their machine collating sequences correspond to the ordering of the ASCII codes for characters.

macro: A single instruction that a program replaces by several (usually more complex) instructions. The C compiler recognizes macros, which are defined using a #define instruction to the preprocessor.

magic number: A magic number, which occurs in the first 512 bytes of a binary file, is a 1-, 2-, or 4-byte numeric value or character string that uniquely identifies the type of file (much like a DOS 3-character filename extension). See /usr/share/magic and the magic man page for more information.

main memory: Random access memory (RAM), an integral part of the computer. Although disk storage is sometimes referred to as memory, it is never referred to as main memory.

major device number: A number assigned to a class of devices, such as terminals, printers, or disk drives. Using the ls utility with the l option to list the contents of the /dev directory displays the major and minor device numbers of many devices (as major, minor).

MAN: Metropolitan area network. A network that connects computers and LANs (page 1040) at multiple sites in a small regional area, such as a city.

masquerade: To appear to come from one domain or IP address when actually coming from another. Said of a packet (iptables) or message (sendmail). See also NAT on page 1044.

MD5: Message Digest 5. A one-way hash function (page 1046). The SHA1 (page 1054) algorithm has supplanted MD5 in many applications.

MDA: Mail delivery agent. One of the three components of a mail system; the other two are the MTA (page 1043) and MUA (page 1044). An MDA accepts inbound mail from an MTA and delivers it to a local user.

mega-: In the binary system, the prefix mega- multiplies by 2²⁰ (i.e., 1,048,576). Megabit and megabyte are common uses of this prefix. Abbreviated as M.

menu: A list from which the user may select an operation to be performed. This selection is often made with a mouse or other pointing device under a GUI but may also be controlled from the keyboard. Very convenient for beginners, menus show which commands are available and facilitate experimenting with a new program, often reducing the need for user documentation. Experienced users usually prefer keyboard commands, especially for frequently used operations, because they are faster to use.^FOLDOC

merge: To combine two ordered lists so that the resulting list is still in order. The sort utility can merge files.

META key: On the keyboard, a key that is labeled META or ALT. Use this key as you would the SHIFT key. While holding it down, press another key. The emacs editor makes extensive use of the META key.

metacharacter: A character that has a special meaning to the shell or another program in a particular context. Metacharacters are used in the ambiguous file references recognized by the shell and in the regular expressions recognized by several utilities. You must quote a metacharacter if you want to use it without invoking its special meaning. See regular character (page 1052) and special character (page 1056).

metadata

Data about data. In data processing, metadata is definitional data that provides information about, or documentation of, other data managed within an application or environment.

For example, metadata can document data about data elements or attributes (name, size, data type, and so on), records or data structures (page 1028) (length, fields, columns, and so on), and data itself (where it is located, how it is associated, who owns it, and so on). Metadata can include descriptive information about the context, quality and condition, or characteristics of the data.^FOLDOC

metropolitan area network: See MAN on page 1042.

MIME: Multipurpose Internet Mail Extension. Originally used to describe how specific types of files that were attached to email were to be handled. Today MIME types describe how a file is to be opened or worked with, based on its filename extension.

minimize: See iconify on page 1036.

minor device number: A number assigned to a specific device within a class of devices. See major device number on page 1042.

modem: Modulator/demodulator. A peripheral device that modulates digital data into analog data for transmission over a voice-grade telephone line. Another modem demodulates the data at the other end.

module: See loadable module on page 1041.

mount: To make a filesystem accessible to system users. When a filesystem is not mounted, you cannot read from or write to files it contains.

mount point: A directory that you mount a local or remote filesystem (page 466) on.

mouse: A device you use to point to a particular location on a display screen, typically so you can choose a menu item, draw a line, or highlight some text. You control a pointer on the screen by sliding a mouse around on a flat surface; the position of the pointer moves relative to the movement of the mouse. You select items by pressing one or more buttons on the mouse.

mouse pointer: In a GUI, a marker that moves in correspondence with the mouse. It is usually a small black X with a white border or an arrow. Differs from the cursor (page 1027).

mouseover: The action of passing the mouse pointer over an icon or other object on the screen.

MTA: Mail transfer agent. One of the three components of a mail system; the other two are the MDA (page 1042) and MUA (page 1044). An MTA accepts mail from users and MTAs.

MUA: Mail user agent. One of the three components of a mail system; the other two are the MDA (page 1042) and MTA (page 1043). An MUA is an end-user mail program such as KMail, mutt, or Outlook.

multiboot specification: Specifies an interface between a boot loader and an operating system. With compliant boot loaders and operating systems, any boot loader should be able to load any operating system. The object of this specification is to ensure that different operating systems will work on a single machine. For more information, go to odin-os.sourceforge.net/guides/multiboot.html.

multicast: A multicast packet has one source and multiple destinations. In multicast, source hosts register at a special address to transmit data. Destination hosts register at the same address to receive data. In contrast to broadcast (page 1022), which is LAN-based, multicast traffic is designed to work across routed networks on a subscription basis. Multicast reduces network traffic by transmitting a packet one time, with the router at the end of the path breaking it apart as needed for multiple recipients.

multitasking: A computer system that allows a user to run more than one job at a time. A multi-tasking system, such as Linux, allows you to run a job in the background while running a job in the foreground.

multiuser system: A computer system that can be used by more than one person at a time. Linux is a multiuser operating system. Contrast with single-user system (page 1055).

namespace: A set of names in which all names are unique.^FOLDOC

NAT: Network Address Translation. A scheme that enables a LAN to use one set of IP addresses internally and a different set externally. The internal set is for LAN (private) use. The external set is typically used on the Internet and is Internet unique. NAT provides some privacy by hiding internal IP addresses and allows multiple internal addresses to connect to the Internet through a single external IP address. See also masquerade on page 1042.

NBT: NetBIOS over TCP/IP. A protocol that supports NetBIOS services in a TCP/IP environment. Also NetBT.

NetBIOS: Network Basic Input/Output System. An API (page 1019) for writing network-aware applications.

netboot: To boot a computer over the network (as opposed to booting from a local disk).

netiquette

The conventions of etiquettethat is, polite behaviorrecognized on Usenet and in mailing lists, such as not (cross-) posting to inappropriate groups and refraining from commercial advertising outside the business groups.

The most important rule of netiquette is "Think before you post." If what you intend to post will not make a positive contribution to the newsgroup and be of interest to several readers, do not post it. Personal messages to one or two individuals should not be posted to newsgroups; use private email instead.^FOLDOC

netmask: A 32-bit mask (for IPv4), that shows how an Internet address is to be divided into network, subnet, and host parts. The netmask has ones in the bit positions in the 32-bit address that are to be used for the network and subnet parts and zeros for the host part. The mask should contain at least the standard network portion (as determined by the address class). The subnet field should be contiguous with the network portion.^FOLDOC

network address: The network portion (netid) of an IP address. For a class A network, it is the first byte, or segment, of the IP address; for a class B network, it is the first two bytes; and for a class C network, it is the first three bytes. In each case the balance of the IP address is the host address (hostid). Assigned network addresses are globally unique within the Internet. Also network number. See also "Host Address" on page 353.

Network Filesystem: See NFS.

Network Information Service: See NIS.

network number: See network address.

network segment: A part of an Ethernet or other network on which all message traffic is common to all nodes; that is, it is broadcast from one node on the segment and received by all others. This commonality normally occurs because the segment is a single continuous conductor. Communication between nodes on different segments is via one or more routers.^FOLDOC

network switch: A connecting device in networks. Switches are increasingly replacing shared media hubs in an effort to increase bandwidth. For example, a 16-port 10BaseT hub shares the total 10 megabits per second bandwidth with all 16 attached nodes. By replacing the hub with a switch, both sender and receiver can take advantage of the full 10 megabits per second capacity. Each port on the switch can give full bandwidth to a single server or client station or to a hub with several stations. Network switch refers to a device with intelligence. Contrast with hub (page 1036).

Network Time Protocol: See NTP on page 1046.

NFS: Network Filesystem. A remote filesystem designed by Sun Microsystems, available on computers from most UNIX system vendors.

NIC: Network interface card (or controller). An adapter circuit board installed in a computer to provide a physical connection to a network.^FOLDOC

NIS: Network Information Service. A distributed service built on a shared database to manage system-independent information (such as usernames and passwords).

NIS domain name: A name that describes a group of systems that share a set of NIS files. Different from domain name (page 1030).

NNTP: Network News Transfer Protocol. Refer to "Usenet" on page 378.

node: In a tree structure, the end of a branch that can support other branches. When the Linux filesystem hierarchy is conceptualized as a tree, directories are nodes. See leaf on page 1040.

nonprinting character: See control character on page 1026. Also nonprintable character.

nonvolatile storage: A storage device whose contents are preserved when its power is off. Also NVS and persistent storage. Some examples are CD-ROM, paper punch tape, hard disk, ROM (page 1053), PROM (page 1049), EPROM (page 1031), and EEPROM (page 1030). Contrast with RAM (page 1051).

NTP: Network Time Protocol. Built on top of TCP/IP, NTP maintains accurate local time by referring to known accurate clocks on the Internet.

null string: A string that could contain characters but does not. A string of zero length.

octal number: A base 8 number. Octal numbers are composed of the digits 07, inclusive. Refer to Table G-1 on page 1035.

one-way hash function: A one-way function that takes a variable-length message and produces a fixed-length hash. Given the hash, it is computationally infeasible to find a message with that hash; in fact, you cannot determine any usable information about a message with that hash. Also message digest function. See also hash (page 1034).

OpenSSH: A free version of the SSH (secure shell) protocol suite that replaces TELNET, rlogin, and more with secure programs that encrypt all communicationeven pass-wordsover a network. Refer to "OpenSSH: Secure Network Communication" on page 579.

operating system: A control program for a computer that allocates computer resources, schedules tasks, and provides the user with a way to access resources.

option: A command line argument that modifies the effects of a command. Options are usually preceded by hyphens on the command line and traditionally have single-character names (such as h or n). Some commands allow you to group options following a single hyphen (for example, hn). GNU utilities frequently have two arguments that do the same thing: a single-character argument and a longer, more descriptive argument that is preceded by two hyphens (such as show-all and invert-match).

ordinary file: A file that is used to store a program, text, or other user data. See directory (page 1029) and device file (page 1029).

output: Information that a program sends to the terminal or another file. See standard output on page 1057.

P2P: Peer-to-Peer. A network that does not divide nodes into clients and servers. Each computer on a P2P network can fulfill the roles of client and server. In the context of a file-sharing network, this ability means that once a node has downloaded (part of) a file, it can act as a server. BitTorrent implements a P2P network.

packet: A unit of data sent across a network. Packet is a generic term used to describe a unit of data at any layer of the OSI protocol stack, but it is most correctly used to describe network or application layer (page 352) data units ("application protocol data unit," APDU).^FOLDOC See also frame (page 1033) and datagram (page 1028).

packet filtering: A technique used to block network traffic based on specified criteria, such as the origin, destination, or type of each packet. See also firewall (page 1032).

packet sniffer: A program or device that monitors packets on a network. See sniff on page 1056.

pager: A utility that allows you to view a file one screen at a time (for example, less and more).

paging: The process by which virtual memory is maintained by the operating system. The contents of process memory is moved (paged out) to the swap space (page 1058) as needed to make room for other processes.

PAM: Linux-PAM or Linux-Pluggable Authentication Modules. These modules allow a system administrator to determine how various applications authenticate users. Refer to "PAM" on page 438.

parent process: A process that forks other processes. See process (page 1049) and child process (page 1024).

partition: A section of a (hard) disk that has a name so you can address it separately from other sections. A disk partition can hold a filesystem or another structure, such as the swap area. Under DOS and Windows, partitions (and sometimes whole disks) are labeled C:, D:, and so on. Also disk partition and slice.

passive FTP: Allows FTP to work through a firewall by allowing the flow of data to be initiated and controlled by the client FTP program instead of the server. Also called PASV FTP because it uses the FTP PASV command.

passphrase: A string of words and characters that you type in to authenticate yourself. A pass-phrase differs from a password only in length. A password is usually short6 to 10 characters. A passphrase is usually much longerup to 100 characters or more. The greater length makes a passphrase harder to guess or reproduce than a password and therefore more secure.^FOLDOC

password: To prevent unauthorized access to a user's account, an arbitrary string of characters chosen by the user or system administrator and used to authenticate the user when attempting to log in.^FOLDOC See also passphrase.

PASV FTP: See passive FTP.

pathname: A list of directories separated by slashes (/) and ending with the name of a file, which can be a directory. A pathname is used to trace a path through the file structure to locate or identify a file.

pathname, last element of a: The part of a pathname following the final /, or the whole filename if there is no /. A simple filename. Also basename.

pathname element: One of the filenames that forms a pathname.

peripheral device: See device on page 1028.

persistent: Data that is stored on nonvolatile media, such as a hard disk.

phish: An attempt to trick users into revealing or sharing private information, especially passwords or financial information. The most common form is email purporting to be from a bank or vendor that requests that a user fill out a form to "update" an account on a phoney Web site disguised to appear legitimate. Generally sent as spam (page 1056).

physical device: A tangible device, such as a disk drive, that is physically separate from other, similar devices.

PID: Process identification, usually followed by the word number. Linux assigns a unique PID number as each process is initiated.

pipe: A connection between programs such that standard output of one program is connected to standard input of the next. Also pipeline.

pixel: The smallest element of a picture, typically a single dot on a display screen.

plaintext: Text that is not encrypted. Also cleartext. Contrast with ciphertext (page 1025). See also "Encryption" on page 988.

Pluggable Authentication Modules: See PAM on page 1047.

point-to-point link: A connection limited to two endpoints, such as the connection between a pair of modems.

port

A logical channel or channel endpoint in a communications system. The TCP (page 1059) and UDP (page 1061) transport layer protocols used on Ethernet use port numbers to distinguish between different logical channels on the same network interface on the same computer.

The /etc/services file (see the beginning of this file for more information) or the NIS (page 1045) services database specifies a unique port number for each application program. The number links incoming data to the correct service (program). Standard, well-known ports are used by everyone: Port 80 is used for HTTP (Web) traffic. Some protocols, such as TELNET and HTTP (which is a special form of TELNET), have default ports specified as mentioned earlier but can use other ports as well.^FOLDOC

port forwarding: The process by which a network port on one computer is transparently connected to a port on another computer. If port X is forwarded from system A to system B, any data sent to port X on system A is sent to system B automatically. The connection can be between different ports on the two systems. See also tunneling (page 1061).

portmapper: A server that converts TCP/IP port numbers into RPC (page 1053) program numbers. See "RPC Network Services" on page 377.

printable character: One of the graphic characters: a letter, number, or punctuation mark. Contrast with a nonprintable, or CONTROL, character. Also printing character.

private address space

IANA (page 1036) has reserved three blocks of IP addresses for private internets or LANs:

10.0.0.0 - 10.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255

You can use these addresses without coordinating with anyone outside of your LAN (you do not have to register the system name or address). Systems using these IP addresses cannot communicate directly with hosts using the global address space but must go through a gateway. Because private addresses have no global meaning, routing information is not stored by DNSs and most ISPs reject privately addressed packets. Make sure that your router is set up not to forward these packets onto the Internet.

privileged port: A port (page 1048) with a number less than 1024. On Linux and other UNIX-like systems, only root can bind to a privileged port. Any user on Windows 98 and earlier Windows systems can bind to any port. Also reserved port.

procedure: A sequence of instructions for performing a particular task. Most programming languages, including machine languages, enable a programmer to define procedures that allow the procedure code to be called from multiple places. Also subroutine.^FOLDOC

process: The execution of a command by Linux. See "Processes" on page 300.

.profile file: A startup file in a user's home directory that the Bourne Again or Z Shell executes when you log in. The TC Shell executes .login instead. You can use the .profile file to run commands, set variables, and define functions.

program: A sequence of executable computer instructions contained in a file. Linux utilities, applications, and shell scripts are all programs. Whenever you run a command that is not built into a shell, you are executing a program.

PROM: Programmable readonly memory. A kind of nonvolatile storage. ROM (page 1053) that can be written to using a PROM programmer.

prompt: A cue from a program, usually displayed on the screen, indicating that it is waiting for input. The shell displays a prompt, as do some of the interactive utilities, such as mail. By default the Bourne Again and Z Shells use a dollar sign ($) as a prompt, and the TC Shell uses a percent sign (%).

protocol: A set of formal rules describing how to transmit data, especially across a network. Low-level protocols define the electrical and physical standards, bit and byte ordering, and transmission, error detection, and correction of the bit stream. High-level protocols deal with data formatting, including message syntax, terminal-to-computer dialog, character sets, and sequencing of messages.^FOLDOC

proxy: A service that is authorized to act for a system while not being part of that system. See also proxy gateway and proxy server.

proxy gateway

A computer that separates clients (such as browsers) from the Internet, working as a trusted agent that accesses the Internet on their behalf. A proxy gateway passes a request for data from an Internet service, such as HTTP from a browser/client, to a remote server. The data that the server returns goes back through the proxy gateway to the requesting service. A proxy gateway should be transparent to the user.

A proxy gateway often runs on a firewall (page 1032) system and acts as a barrier to malicious users. It hides the IP addresses of the local computers inside the firewall from Internet users outside the firewall.

You can configure browsers, such as Mozilla/Firefox and Netscape, to use a different proxy gateway or to use no proxy for each URL access method including FTP, netnews, SNMP, HTTPS, and HTTP. See also proxy.

proxy server: A proxy gateway that usually includes a cache (page 1023) that holds frequently used Web pages so that the next request for that page is available locally (and therefore more quickly). The terms proxy server and proxy gateway are frequently interchanged so that the use of cache does not rest exclusively with the proxy server. See also proxy.

Python: A simple, high-level, interpreted, object-oriented, interactive language that bridges the gap between C and shell programming. Suitable for rapid prototyping or as an extension language for C applications, Python supports packages, modules, classes, user-defined exceptions, a good C interface, and dynamic loading of C modules. It has no arbitrary restrictions. For more information, see www.python.org^FOLDOC

quote: When you quote a character, you take away any special meaning that it has in the current context. You can quote a character by preceding it with a backslash. When you are interacting with the shell, you can also quote a character by surrounding it with single quotation marks. For example, the command echo \* or echo '*' dis-plays *. The command echo* displays a list of the files in the working directory. See ambiguous file reference (page 1018), metacharacter (page 1042), regular character (page 1052), regular expression (page 1052), and special character (page 1056). See also escape on page 1031.

radio button: One of a group of buttons similar to those used to select the station on a radio. Only one button can be selected at a time.

RAID: Redundant array of inexpensive/independent disks. Two or more (hard) disk drives used in combination to improve fault tolerance and performance. RAID can be implemented in hardware or software.

RAM: Random access memory. A kind of volatile storage. A data storage device for which the order of access to different locations does not affect the speed of access. Contrast with a hard disk or tape drive, which provides quicker access to sequential data because accessing a nonsequential location requires physical movement of the storage medium and/or read/write head rather than just electronic switching. Contrast with nonvolatile storage (page 1046).^FOLDOC

RAM disk: RAM that is made to look like a floppy diskette or hard disk. A RAM disk is frequently used as part of the boot (page 1022) process.

RAS: Remote access server. In a network, a computer that provides access to remote users via analog modem or ISDN connections. RAS includes the dial-up protocols and access control (authentication). It may be a regular fileserver with remote access software or a proprietary system, such as Shiva's LANRover. The modems may be internal or external to the device.

RDF: Resource Description Framework. Being developed by W3C (the main standards body for the World Wide Web), a standard that specifies a mechanism for encoding and transferring metadata (page 1043). RDF does not specify what the metadata should or can be. It can integrate many kinds of applications and data, using XML as an interchange syntax. Examples of the data that can be integrated include library catalogs and worldwide directories; syndication and aggregation of news, software, and content; and collections of music and photographs. Go to www.w3.org/RDF for more information.

redirection: The process of directing standard input for a program to come from a file rather than from the keyboard. Also, directing standard output or standard error to go to a file rather than to the screen.

reentrant

Code that can have multiple simultaneous, interleaved, or nested invocations that do not interfere with one another. Noninterference is important for parallel processing, recursive programming, and interrupt handling.

It is usually easy to arrange for multiple invocations (that is, calls to a subroutine) to share one copy of the code and any readonly data. For the code to be reentrant, however, each invocation must use its own copy of any modifiable data (or synchronized access to shared data). This goal is most often achieved by using a stack and allocating local variables in a new stack frame for each invocation. Alternatively, the caller may pass in a pointer to a block of memory that that invocation can use (usually for output), or the code may allocate some memory on a heap, especially if the data must survive after the routine returns.

Reentrant code is often found in system software, such as operating systems and teleprocessing monitors. It is also a crucial component of multithreaded programs, where the term thread-safe is often used instead of reentrant.^FOLDOC

regular character: A character that always represents itself in an ambiguous file reference or another type of regular expression. Contrast with special character.

regular expression: A stringcomposed of letters, numbers, and special symbolsthat defines one or more strings. See Appendix A.

relative pathname: A pathname that starts from the working directory. Contrast with absolute pathname (page 1018).

remote access server: See RAS on page 1051.

remote filesystem: A filesystem on a remote computer that has been set up so that you can access (usually over a network) its files as though they were stored on your local computer's disks. An example of a remote filesystem is NFS.

remote procedure call: See RPC on page 1053.

resolver: The TCP/IP library software that formats requests to be sent to the DNS (page 1029) for hostname-to-Internet address conversion.^FOLDOC

Resource Description Framework: See RDF on page 1051.

restore: The process of turning an icon into a window. Contrast with iconify (page 1036)

return code: See exit status on page 1031.

RFC

Request for comments. Begun in 1969, one of a series of numbered Internet informational documents and standards widely followed by commercial software and freeware in the Internet and UNIX/Linux communities. Few RFCs are standards but all Internet standards are recorded in RFCs. Perhaps the single most influential RFC has been RFC 822, the Internet electronic mail format standard.

The RFCs are unusual in that they are floated by technical experts acting on their own initiative and reviewed by the Internet at large rather than being formally promulgated through an institution such as ANSI. For this reason they remain known as RFCs, even after they are adopted as standards. The RFC tradition of pragmatic, experience-driven, after-the-fact standard writing done by individuals or small working groups has important advantages over the more formal, committee-driven process typical of ANSI or ISO. For a complete list of RFCs, go to www.rfc-editor.org.^FOLDOC

roam: To move a computer between wireless access points (page 1063) on a wireless network without the user or applications being aware of the transition. Moving between access points typically results in some packet loss, although this loss is transparent to programs that use TCP.

ROM

Readonly memory. A kind of nonvolatile storage. A data storage device that is manufactured with fixed contents. In general, ROM describes any storage system whose contents cannot be altered, such as a phonograph record or printed book. When used in reference to electronics and computers, ROM describes semiconductor integrated circuit memories, of which several types exist, and CD-ROM.

ROM is nonvolatile storageit retains its contents even after power has been removed. ROM is often used to hold programs for embedded systems, as these usually have a fixed purpose. ROM is also used for storage of the BIOS (page 1021) in a computer. Contrast with RAM (page 1051).^FOLDOC

root directory: The ancestor of all directories and the start of all absolute pathnames. The name of the root directory is /.

root filesystem: The filesystem that is available when the system is brought up in single-user mode. The name of this filesystem is always /. You cannot unmount or mount the root filesystem. You can remount root to change its mount options.

root login: Usually the username of Superuser (page 1058).

root (user): Another name for Superuser (page 1058).

rotate: When a file, such as a log file, gets indefinitely larger, you must keep it from taking up too much space on the disk. Because you may need to refer to the information in the log files in the near future, it is generally not a good idea to delete the contents of the file until it has aged. Instead you can periodically save the current log file under a new name and create a new, empty file as the current log file. You can keep a series of these files, renaming each as a new one is saved. You will then rotate the files. For example, you might remove xyzlog.4, xyzlog.3 xyzlog.4, xyzlog.2 xyzlog.3, xyzlog.1 xyzlog.2, xyzlog xyzlog.1, and create a new xyzlog.4, it will not contain any information more recent than you want to remove.

router: A device (often a computer) that is connected to more than one similar type of network to pass data between them. See gateway on page 1033.

RPC: Remote procedure call. A call to a procedure (page 1049) that acts transparently across a network. The procedure itself is responsible for accessing and using the network. The RPC libraries make sure that network access is transparent to the application. RPC runs on top of TCP/IP or UDP/IP.

RSA: A public key encryption (page 989) technology that is based on the lack of an efficient way to factor very large numbers. Because of this lack, it takes an extraordinary amount of computer processing time and power to deduce an RSA key. The RSA algorithm is the de facto standard for data sent over the Internet.

run: To execute a program.

runlevel: The mode that Linux is running in. Runlevels include single-user and multiuser. See Table 11-1 on page 404 for a complete list of runlevels.

Samba: A free suite of programs that implement the Server Message Block (SMB) protocol. See SMB (page 1055).

schema: Within a GUI, a pattern that helps you see and interpret the information that is presented in a window, making it easier to understand new information that is presented using the same schema.

scroll: To move lines on a terminal or window up and down or left and right.

scrollbar: A widget found in graphical user interfaces that controls (scrolls) which part of a document is visible in the window. A window can have a horizontal scrollbar, a vertical scrollbar (more common), or both.^FOLDOC

server: A powerful centralized computer (or program) designed to provide information to clients (smaller computers or programs) on request.

session: The lifetime of a process. For a desktop, it is the desktop session manager. For a character-based terminal, it is the user's login shell process. In KDE, it is launched by kdeinit. A session may also be the sequence of events between when you start using a program, such as an editor, and when you finish.

setgid: When you execute a file that has setgid (set group ID) permission, the process executing the file takes on the privileges of the group the file belongs to. The ls utility shows setgid permission as an s in the group's executable position. See also setuid.

setuid: When you execute a file that has setuid (set user ID) permission, the process executing the file takes on the privileges of the owner of the file. As an example, if you run a setuid program that removes all the files in a directory, you can remove files in any of the file owner's directories, even if you do not normally have permission to do so. When the program is owned by root, you can remove files in any directory that root can remove files from. The ls utility shows setuid permission as an s in the owner's executable position. See also setgid.

sexillion: In the British system, 10³⁶. In the American system, this number is named undecil-lion. See also large number (page 1040).

SHA1: Secure Hash Algorithm 1. The SHA family is a set of cryptographic hash (page 1034) algorithms that were designed by the National Security Agency (NSA). The second member of this family is SHA1, a successor to MD5 (page 1042). See also cryptography on page 1027.

share: A filesystem hierarchy that is shared with another system using SMB (page 1055). Also Windows share (page 1063).

shared network topology: A network, such as Ethernet, in which each packet may be seen by systems other than its destination system. Shared means that the network bandwidth is shared by all users.

shell: A Linux system command processor. The three major shells are the Bourne Again Shell (page 1022), the TC Shell (page 1059), and the Z Shell (page 1064).

shell function: A series of commands that the shell stores for execution at a later time. Shell functions are like shell scripts but run more quickly because they are stored in the computer's main memory rather than in files. Also, a shell function is run in the environment of the shell that calls it (unlike a shell script, which is typically run in a subshell).

shell script: An ASCII file containing shell commands. Also shell program.

signal: A very brief message that the UNIX system can send to a process, apart from the process's standard input. Refer to "trap: Catches a Signal" on page 933.

simple filename: A single filename containing no slashes (/). A simple filename is the simplest form of pathname. Also the last element of a pathname. Also basename (page 1021).

single-user system: A computer system that only one person can use at a time. Contrast with multiuser system (page 1044).

SMB: Server Message Block. Developed in the early 1980s by Intel, Microsoft, and IBM, SMB is a client/server protocol that is the native method of file and printer sharing for Windows. In addition, SMB can share serial ports and communications abstractions, such as named pipes and mail slots. SMB is similar to a remote procedure call (RPC, page 1053) that has been customized for filesystem access. Also Microsoft Networking.^FOLDOC

smiley: A character-based glyph (page 1033), typically used in email, that conveys an emotion. The characters :-) in a message portray a smiley face (look at it sideways). Because it can be difficult to tell when the writer of an electronic message is saying something in jest or in seriousness, email users often use :-) to indicate humor. The two original smileys, designed by Scott Fahlman, were :-) and :-(. Also emoticon, smileys, and smilies. For more information search on smiley on the Internet.

smilies: See smiley.

SMTP: Simple Mail Transfer Protocol. A protocol used to transfer electronic mail between computers. It is a server-to-server protocol, so other protocols are used to access the messages. The SMTP dialog usually happens in the background under the control of a message transport system such as sendmail.^FOLDOC

snap (windows): As you drag a window toward another window or edge of the workspace, it can move suddenly so that it is adjacent to the other window/edge. Thus the window snaps into position.

sneakernet: Using hand-carried magnetic media to transfer files between machines.

sniff: To monitor packets on a network. A system administrator can legitimately sniff packets and a malicious user can sniff packets to obtain information such as user-names and passwords. See also packet sniffer (page 1047).

SOCKS

A networking proxy protocol embodied in a SOCKS server, which performs the same functions as a proxy gateway (page 1050) or proxy server (page 1050). SOCKS works at the application level, requiring that an application be modified to work with the SOCKS protocol, whereas a proxy (page 1050) makes no demands on the application.

SOCKSv4 does not support authentication or UDP proxy. SOCKSv5 supports a variety of authentication methods and UDP proxy.

sort: To put in a specified order, usually alphabetic or numeric.

SPACE character: A character that appears as the absence of a visible character. Even though you cannot see it, a SPACE is a printable character. It is represented by the ASCII code 32 (decimal). A SPACE character is considered a blank or whitespace (page 1063).

spam: Posting irrelevant or inappropriate messages to one or more Usenet newsgroups or mailing lists in deliberate or accidental violation of netiquette (page 1044). Also, sending large amounts of unsolicited email indiscriminately. This email usually promotes a product or service. Another common purpose of spam is to phish (page 1048). Spam is the electronic equivalent of junk mail. From the Monty Python "Spam" song.^FOLDOC

sparse file: A file that is large but takes up little disk space. The data in a sparse file is not dense (thus its name). Examples of sparse files are core files and dbm files.

spawn: See fork on page 1032.

special character: A character that has a special meaning when it occurs in an ambiguous file reference or another type of regular expression, unless it is quoted. The special characters most commonly used with the shell are * and ?. Also metacharacter (page 1042) and wildcard.

special file: See device file on page 1029.

spinner: In a GUI, a type of text box (page 1059) that holds a number you can change by typing over it or using the up and down arrows at the end of the box.

spoofing: See IP spoofing on page 1038.

spool: To place items in a queue, each waiting its turn for some action. Often used when speaking about printers. Also used to describe the queue.

SQL: Structured Query Language. A language that provides a user interface to relational database management systems (RDBMS). SQL, the de facto standard, is also an ISO and ANSI standard and is often embedded in other programming languages.^FOLDOC

square bracket: A left square bracket ([) or a right square bracket (]). These special characters define character classes in ambiguous file references and other regular expressions.

SSH Communications Security: The company that created the original SSH (secure shell) protocol suite (www.ssh.com). Linux uses OpenSSH (page 1046).

standard error: A file to which a program can send output. Usually only error messages are sent to this file. Unless you instruct the shell otherwise, it directs this output to the screen (that is, to the device file that represents the screen).

standard input: A file from which a program can receive input. Unless you instruct the shell otherwise, it directs this input so that it comes from the keyboard (that is, from the device file that represents the keyboard).

standard output: A file to which a program can send output. Unless you instruct the shell otherwise, it directs this output to the screen (that is, to the device file that represents the screen).

startup file: A file that the login shell runs when you log in. The Bourne Again and Z Shells run .profile, and the TC Shell runs .login. The TC Shell also runs .cshrc whenever a new TC Shell or a subshell is invoked. The Z Shell runs an analogous file whose name is identified by the ENV variable.

status line: The bottom (usually the twenty-fourth) line of the terminal. The vim editor uses the status line to display information about what is happening during an editing session.

sticky bit: An access permission bit that causes an executable program to remain on the swap area of the disk. It takes less time to load a program that has its sticky bit set than one that does not. Only Superuser can set the sticky bit. If the sticky bit is set on a directory that is publicly writable, only the owner of a file in that directory can remove the file.

streaming tape: A tape that moves at a constant speed past the read/write heads rather than speeding up and slowing down, which can slow the process of writing to or reading from the tape. A proper blocking factor helps ensure that the tape device will be kept streaming.

streams: See connection-oriented protocol on page 1026.

string: A sequence of characters.

stylesheet: See CSS on page 1027.

subdirectory: A directory that is located within another directory. Every directory except the root directory is a subdirectory.

subnet: Subnetwork. A portion of a network, which may be a physically independent network segment, that shares a network address with other portions of the network and is distinguished by a subnet number. A subnet is to a network as a network is to an internet.^FOLDOC

subnet address: The subnet portion of an IP address. In a subnetted network, the host portion of an IP address is split into a subnet portion and a host portion using a subnet mask (also address mask). See also subnet number.

subnet mask: A bit mask used to identify which bits in an IP address correspond to the network address and subnet portions of the address. Called a subnet mask because the network portion of the address is determined by the number of bits that are set in the mask. The subnet mask has ones in positions corresponding to the network and subnet numbers and zeros in the host number positions. Also address mask.

subnet number: The subnet portion of an IP address. In a subnetted network, the host portion of an IP address is split into a subnet portion and a host portion using a subnet mask. Also address mask. See also subnet address.

subpixel hinting: Similar to anti-aliasing (page 1019) but takes advantage of colors to do the anti-aliasing. Particularly useful on LCD screens.

subroutine: See procedure on page 1049.

subshell: A shell that is forked as a duplicate of its parent shell. When you run an executable file that contains a shell script by using its filename on the command line, the shell forks a subshell to run the script. Also, commands surrounded with parentheses are run in a subshell.

superblock: A block that contains control information for a filesystem. The superblock contains housekeeping information, such as the number of inodes in the filesystem and free list information.

superserver: The extended Internet services daemon. Refer to xinetd on page 376.

Superuser: A privileged user having access to anything any other system user has access to and more. The system administrator must be able to become Superuser to establish new accounts, change passwords, and perform other administrative tasks. The username of Superuser is usually root. Also root or root user.

swap: The operating system moving a process from main memory to a disk, or vice versa. Swapping a process to the disk allows another process to begin or continue execution. Refer to "swap" on page 458.

swap space: An area of a disk (that is, a swap file) used to store the portion of a process's memory that has been paged out. Under a virtual memory system, the amount of swap spacerather than the amount of physical memorydetermines the maximum size of a single process and the maximum total size of all active processes. Also swap area or swapping area.^FOLDOC

switch: See network switch on page 1045.

symbolic link: A directory entry that points to the pathname of another file. In most cases a symbolic link to a file can be used in the same ways a hard link can be used. Unlike a hard link, a symbolic link can span filesystems and can connect to a directory.

system administrator: The person responsible for the upkeep of the system. The system administrator has the ability to log in as Superuser. See also Superuser.

system console: The main system terminal, usually directly connected to the computer and the one that receives system error messages. Also console and console terminal.

system mode: The designation for the state of the system while it is doing system work. Some examples are making system calls, running NFS and autofs, processing network traffic, and performing kernel operations on behalf of the system. Contrast with user mode (page 1062).

System V: One of the two major versions of the UNIX system.

TC Shell: tcsh. An enhanced but completely compatible version of the BSD UNIX C shell, csh.

TCP: Transmission Control Protocol. The most common transport layer protocol used on the Internet. This connection-oriented protocol is built on top of IP (page 1038) and is nearly always seen in the combination TCP/IP (TCP over IP). TCP adds reliable communication, sequencing, and flow control and provides full-duplex, process-to-process connections. UDP (page 1061), although connectionless, is the other protocol that runs on top of IP.^FOLDOC

tera-: In the binary system, the prefix tera- multiplies by 2⁴⁰ (1,099,511,627,776). Terabyte is a common use of this prefix. Abbreviated as T. See also large number on page 1040.

termcap: Terminal capability. The /etc/termcap file contains a list of various types of terminals and their characteristics. System V replaced the function of this file with the terminfo system.

terminal: Differentiated from a workstation (page 1064) by its lack of intelligence, a terminal connects to a computer that runs Linux. A workstation runs Linux on itself.

terminfo: Terminal information. The /usr/lib/terminfo directory contains many subdirectories, each containing several files. Each of those files is named for and holds a summary of the functional characteristics of a particular terminal. Visually oriented textual programs, such as vim, use these files. An alternative to the termcap file.

text box: In a GUI, a box you can type in.

theme: Defined as an implicit or recurrent idea, theme is used in a GUI to describe a look that is consistent for all elements of a desktop. Go to themes.freshmeat.net for examples.

thicknet: A type of coaxial cable (thick) used for an Ethernet network. Devices are attached to thicknet by tapping the cable at fixed points.

thinnet: A type of coaxial cable (thin) used for an Ethernet network. Thinnet cable is smaller in diameter and more flexible than thicknet cable. Each device is typically attached to two separate cable segments by using a T-shaped connector; one segment leads to the device ahead of it on the network and one to the device that follows it.

thread-safe: See reentrant on page 1051.

thumb: The movable button in the scrollbar that positions the image in the window. The size of the thumb reflects the amount of information in the buffer. Also bubble.

TIFF: Tagged Image File Format. A file format used for still-image bitmaps, stored in tagged fields. Application programs can use the tags to accept or ignore fields, depending on their capabilities.^FOLDOC

tiled windows: An arrangement of windows such that no window overlaps another. The opposite of cascading windows (page 1023).

time to live: See TTL.

toggle: To switch between one of two positions. For example, the ftp glob command toggles the glob feature: Give the command once, and it turns the feature on or off; give the command again, and it sets the feature back to its original state.

token: A basic, grammatically indivisible unit of a language, such as a keyword, operator, or identifier.^FOLDOC

token ring: A type of LAN (page 1040) in which computers are attached to a ring of cable. A token packet circulates continuously around the ring. A computer can transmit information only when it holds the token.

tooltip: A minicontext help system that you activate by allowing your mouse pointer to hover (page 1036) over a button, icon, or applet (such as those on a panel).

transient window: A dialog or other window that is displayed for only a short time.

Transmission Control Protocol: See TCP on page 1059.

Trojan horse

A program that does something destructive or disruptive to your system. Its action is not documented, and the system administrator would not approve of it if she were aware of it. See "Avoiding a Trojan Horse" on page 398.

The term Trojan horse was coined by MIT-hacker-turned-NSA-spook Dan Edwards. It refers to a malicious security-breaking program that is disguised as something benign, such as a directory lister, archive utility, game, or (in one notorious 1990 case on the Mac) a program to find and destroy viruses. Similar to back door (page 1020).^FOLDOC

TTL

Time to live.

All DNS records specify how long they are good forusually up to a week at most. This time is called the record's time to live. When a DNS server or an application stores this record in cache (page 1023), it decrements the TTL value and removes the record from cache when the value reaches zero. A DNS server passes a cached record to another server with the current (decremented) TTL guaranteeing the proper TTL, no matter how many servers the record passes through.
In the IP header, a field that indicates how many more hops the packet should be allowed to make before being discarded or returned.

TTY: Teletypewriter. The terminal device that UNIX was first run from. Today TTY refers to the screen (or window, in the case of a terminal emulator), keyboard, and mouse that are connected to a computer. This term appears in UNIX, and Linux has kept the term for the sake of consistency and tradition.

tunneling: Encapsulation of protocol A within packets carried by protocol B, such that A treats B as though it were a data link layer. Tunneling is used to transfer data between administrative domains that use a protocol not supported by the internet connecting those domains. It can also be used to encrypt data sent over a public internet, as when you use ssh to tunnel a protocol over the Internet.^FOLDOC See also VPN (page 1062) and port forwarding (page 1049).

UDP

User Datagram Protocol. The Internet standard transport layer protocol that provides simple but unreliable datagram services. UDP is a connectionless protocol (page 1026) that, like TCP (page 1059), is layered on top of IP (page 1038).

Unlike TCP, UDP neither guarantees delivery nor requires a connection. As a result it is lightweight and efficient, but the application program must handle all error processing and retransmission. UDP is often used for sending time-sensitive data that is not particularly sensitive to minor loss, such as audio and video data.^FOLDOC

UID: User ID. A number that the passwd database associates with a username.

undecillion: In the American system, 10³⁶. In the British system, this number is named sexillion. See also large number (page 1040).

unicast: A packet sent from one host to another host. Unicast means one source and one destination.

Unicode: A character encoding standard that was designed to cover all major modern written languages with each character having exactly one encoding and being represented by a fixed number of bits.

unmanaged window: See ignored window on page 1036.

URI: Universal Resource Identifier. The generic set of all names and addresses that are short strings referring to objects (typically on the Internet). The most common kinds of URIs are URLs.^FOLDOC

URL: Uniform (was Universal) Resource Locator. A standard way of specifying the location of an object, typically a Web page, on the Internet. URLs are a subset of URIs.

usage message: A message displayed by a command when you call the command using incorrect command line arguments.

User Datagram Protocol: See UDP.

User ID: See UID.

user interface: See interface on page 1037.

user mode: The designation for the state of the system while it is doing user work, such as running a user program (but not the system calls made by the program). Contrast with system mode (page 1059).

username: The name you enter in response to the login: prompt. Other users use your username when they send you mail or write to you. Each username has a corresponding user ID, which is the numeric identifier for the user. Both the username and the user ID are stored in the passwd database (/etc/passwd or the NIS equivalent). Also login name.

userspace: The part of memory (RAM) where applications reside. Code running in userspace cannot access hardware directly and cannot access memory allocated to other applications. Also userland. See the KernelAnalysis-HOWTO.

UTC: Coordinated Universal Time. UTC is the equivalent to the mean solar time at the prime meridian (0 degrees longitude). Also called Zulu time (Z stands for longitude zero) and GMT (Greenwich Mean Time).

UTF-8: An encoding that allows Unicode (page 1061) characters to be represented using sequences of 8-bit bytes.

utility: A program included as a standard part of Linux. You typically invoke a utility either by giving a command in response to a shell prompt or by calling it from within a shell script. Utilities are often referred to as commands. Contrast with builtin (command) (page 1023).

variable: A name and an associated value. The shell allows you to create variables and use them in shell scripts. Also, the shell inherits several variables when it is invoked, and it maintains those and other variables while it is running. Some shell variables establish characteristics of the shell environment; others have values that reflect different aspects of your ongoing interaction with the shell.

viewport: Same as workspace (page 1064).

virtual console: Additional consoles, or displays, that you can view on the system, or physical, console. See page 113 for more information.

virus: A cracker (page 1027) program that searches out other programs and "infects" them by embedding a copy of itself in them, so that they become Trojan horses (page 1060). When these programs are executed, the embedded virus is executed as well, propagating the "infection," usually without the user's knowledge. By analogy with biological viruses.^FOLDOC

VLAN: Virtual LAN. A logical grouping of two or more nodes that are not necessarily on the same physical network segment but that share the same network number. A VLAN is often associated with switched Ethernet.^FOLDOC

VPN: Virtual private network. A private network that exists on a public network, such as the Internet. A VPN is a less expensive substitute for company-owned/leased lines and uses encryption (page 988) to ensure privacy. A nice side effect is that you can send non-Internet protocols, such as AppleTalk, IPX, or NetBIOS (page 1044), over the VPN connection by tunneling (page 1061) them through the VPN IP stream.

W2K: Windows 2000 Professional or Server.

W3C: World Wide Web Consortium (www.w3.org).

WAN: Wide area network. A network that interconnects LANs (page 1040) and MANs (page 1042), spanning a large geographic area (typically states or countries).

WAP: Wireless access point. A bridge or router between wired and wireless networks. WAPs typically support some form of access control to prevent unauthorized clients from connecting to the network.

Web ring: A collection of Web sites that provide information on a single topic or group of related topics. Each home page that is part of the Web ring has a series of links that let you go from site to site.

whitespace: A collective name for SPACEs and/or TABs and occasionally NEWLINEs. Also white space.

wide area network: See WAN.

widget: The basic objects of a graphical user interface. Buttons, text fields, and scrollbars are examples of widgets.

wildcard: See metacharacter on page 1042.

Wi-Fi: Wireless Fidelity. A generic term that refers to any type of 802.11 (page 1018) wireless network.

window: On a display screen, a region that runs or is controlled by a particular program.

window manager: A program that controls how windows appear on a display screen and how you manipulate them.

Windows share: See share on page 1054.

WINS: Windows Internet Naming Service. The service responsible for mapping NetBIOS names to IP addresses. WINS has the same relationship to NetBIOS names that DNS has to Internet domain names.

WINS server: The program responsible for handling WINS requests. This program caches name information about hosts on a local network and resolves them to IP addresses.

wireless access point: See WAP.

word: A sequence of one or more nonblank characters separated from other words by TABs, SPACEs, or NEWLINEs. Used to refer to individual command line arguments. In vim, a word is similar to a word in the English languagea string of one or more characters bounded by a punctuation mark, a numeral, a TAB, a SPACE, or a NEWLINE.

Work buffer: A location where vim stores text while it is being edited. The information in the Work buffer is not written to the file on the disk until you give the editor a command to write it.

working directory: The directory that you are associated with at any given time. The relative pathnames you use are relative to the working directory. Also current directory.

workspace: A subdivision of a desktop (page 1028) that occupies the entire display. Refer to "Getting the Most from the Desktop" on page 85.

workstation: A small computer, typically designed to fit in an office and be used by one person and usually equipped with a bit-mapped graphical display, keyboard, and mouse. Differentiated from a terminal (page 1059) by its intelligence. A workstation runs Linux on itself while a terminal connects to a computer that runs Linux.

worm: A program that propagates itself over a network, reproducing itself as it goes. Today the term has negative connotations, as it is assumed that only crackers (page 1027) write worms. Compare to virus (page 1062) and Trojan horse (page 1060). From Tapeworm in John Brunner's novel, The Shockwave Rider, Ballantine Books, 1990 (via XEROX PARC).^FOLDOC

WYSIWYG: What You See Is What You Get. A graphical application, such as a word processor, whose display is similar to its printed output.

X server: The X server is the part of the X Window System that runs the mouse, keyboard, and display. (The application program is the client.)

X terminal: A graphics terminal designed to run the X Window System.

X Window System: A design and set of tools for writing flexible, portable windowing applications, created jointly by researchers at MIT and several leading computer manufacturers.

XDMCP: X Display Manager Control Protocol. XDMCP allows the login server to accept requests from network displays. XDMCP is built into many X terminals.

x DSL: Different types of DSL (page 1030) are identified by a prefix, for example, ADSL, HDSL, SDSL, and VDSL.

Xinerama: An extension to X.org. Xinerama allows window managers and applications to use the two or more physical displays as one large virtual display. Refer to the Xinerama-HOWTO.

XML: Extensible Markup Language. A universal format for structured documents and data on the Web. Developed by W3C (page 1063), XML is a pared-down version of SGML. See www.w3.org/XML and www.w3.org/XML/1999/XML-in-10-points.

XSM: X Session Manager. This program allows you to create a session that includes certain applications. While the session is running, you can perform a checkpoint (saves the application state) or a shutdown (saves the state and exits from the session). When you log back in, you can load your session so that everything in your session is running just as it was when you logged off.

Z Shell: zsh. A shell (page 1055) that incorporates many of the features of the Bourne Again Shell (page 1022), Korn Shell (page 1040), and TC Shell (page 1059), as well as many original features.

Zulu time: See UTC on page 1062.

Table G-1. Decimal, octal, and hexadecimal numbers