Linux-Misc Digest #243, Volume #27 Tue, 27 Feb 01 05:13:04 EST
Contents:
Re: Linux partitioning question (Robert Heller)
Re: ipchains (Manfred Bartz)
Re: [Q] How do I boot without a keyboard connected? (steve)
Re: HELP on /etc/passwd (Bill Unruh)
Re: stupid mistake ("sandy")
AHA2940 and CDROM Tower (Didier CASSEREAU)
Re: Works like this in Sol2.8 ("Ian P. Springer")
Re: Xfree86 problems (Thaddeus L Olczyk)
Re: HOW TO make a user an administrator of a group or single user ("David E. Smith")
Re: passwd error in RH7 upgrade? (Silviu Minut)
Re: Setting global environment variables ("Nils O. Selåsdal")
Re: identd processes -- what for? ("Nils O. Selåsdal")
Re: LyX and missing layouts ([EMAIL PROTECTED])
Re: Scanners under Linux ([EMAIL PROTECTED])
Re: HOW TO make a user an administrator of a group or single user
([EMAIL PROTECTED])
Re: TDFX framebuffer driver with 2.4.2 (Fabrice Colin)
I can't restart my adsl-connection of rp-pppoe (Carfield Yim)
Re: LyX and missing layouts (Andres Kuusk)
Re: Is my CDRW detected correctly? (Thomas Harsch)
Help for Jakarta Tomcat(JSP) ("Jason L")
----------------------------------------------------------------------------
From: Robert Heller <[EMAIL PROTECTED]>
Subject: Re: Linux partitioning question
Date: 26 Feb 2001 23:18:15 -0600
"Greg H." <[EMAIL PROTECTED]>,
In a message on Tue, 27 Feb 2001 04:12:42 GMT, wrote :
"H> In comp.os.linux.hardware Peter T. Breuer <[EMAIL PROTECTED]> wrote:
"H>
"H> > (ignorance is NOT a good reason for doing something ..=)
"H>
"H> > If you don't know, then plainly you should go and find out. Check the
"H> > HOWTO.
"H>
"H> There's nothing wrong with what he said and most will agree. Besides,
"H> that HOWTO is intended for servers and multi-user systems, not casual
"H> home users.
"H>
"H> With all the distros and their races to pump out whatever is not bleeding
"H> edge (and even then that's not out of the question), plus the incredibly
"H> fast and easy installs, it's not worth the time or effort to lay out several
"H> partitions. With the exception of /home and /boot (if you suffer from the
"H> 1024 cylinder problem), / and swap can get you by just fine. In 6+ years
"H> of use, this was all I ever needed. I've screwed around with different
"H> partitioning schemes and found it to be a waste when I am the only user.
"H>
"H> Unless you actually take the time to perform backups and carry out true
"H> administrative measures regarding your box and several partitions, then it's
"H> all for naught. I am willing to bet that less than half of those who actually
"H> feel compelled to use any of the partitioning schemes described in the HOWTO
"H> never back up anything except their personal user files. If you're going to
"H> apply the concepts of the Partitioning HOWTO, then make damn sure you take
"H> heed of the Backup HOWTO and the SAG so you truly understand why you're
"H> doing what you're doing and if you really, truly need it.
There are some *good* reasons to use multiple partitions, *even for a
single user* system and even if there are never any systematic backups.
Recently, a neighbor of mine running Linux (happily, at my suggestion)
ran into a problem: first her print jobs stopped working and then on
re-boot, the Gnome desktop failed to start (runlevel 5). She did a
fresh reinstall (out of frustration and ignorance), so I don't know
*exactly* what happened, but I have a good idea. Since the machine was
not being run 24/7, it never was running at 4am on Sunday mornings --
logrotate never was run -- its various log files never got rotated.
After about a year or so of being on for 1 to several hours a day, the
file system where /var/log lived (and /var/spool and /tmp ...)
(separate from /usr and /usr/home) got full. Since her printer is a
color inkjet it was using a gs filter (to a raster file on /tmp) the
printer stopped working (either because /var/spool was full or /tmp was
full -- same difference). On re-boot, gdm (gnome xdm) was failing
because there was no room for the error log... Nothing was really
seriously wrong, but there were various cascade error effects. We have
since re-partitioned the system so print jobs won't block log files and
log files won't block the printer. And /home is on its own file system
and even if she goes on a binge downloading stuff, important, unrelated
things won't 'randomly' fail -- the system will boot, Gnome will start
up, etc. Yes, using one big file system allows for maximum disk space
utilization, but there is a down side to this... Big disks are
relatively cheap -- 'wasting' a few hundred meg out of a 10 or 20 gig
disk is chump change.
"H>
"H> I'm not trying to slam anyone, but I think it's pretty unfair to call
"H> someone ignorant about an issue when there's no supporting reason behind
"H> it, especially when there are quite a few posts here countering it.
"H>
"H> Greg
"H>
--
\/
Robert Heller ||InterNet: [EMAIL PROTECTED]
http://vis-www.cs.umass.edu/~heller || [EMAIL PROTECTED]
http://www.deepsoft.com /\FidoNet: 1:321/153
Posted Via Nuthinbutnews Premium Usenet Newsgroup Services
==========================================================
** SPEED ** RETENTION ** COMPLETION **
==========================================================
http://www.nuthinbutnews.com
------------------------------
Crossposted-To: comp.os.linux.admin,comp.os.linux.networking,comp.os.linux.help
Subject: Re: ipchains
From: Manfred Bartz <[EMAIL PROTECTED]>
Date: Tue, 27 Feb 2001 06:03:15 GMT
Murphy Wong <[EMAIL PROTECTED]> writes:
> Well, everytime the print/mail request is coming from different
> ports. So, if I open the upper ports, say from 1025 to 6000, does
> it means that I lost the purpose of secure my pc from others'
> access?
Most servers listen on ports below 1024. The ones which listen on
higher ports need to be individually protected. For TCP you also
block new, incoming connections by using a rule with the --syn flag.
Once that is implemented, you can open up ports 1024:65535 without
any problems.
Remember to use ftp in passive mode.
--
Manfred
===============================================================
ipchainsLogAnalyzer, NetCalc, whois at: <http://logi.cc/linux/>
------------------------------
From: [EMAIL PROTECTED] (steve)
Subject: Re: [Q] How do I boot without a keyboard connected?
Date: Tue, 27 Feb 2001 06:04:32 -0000
Reply-To: [EMAIL PROTECTED]
On 26 Feb 2001 22:09:09 GMT, Rudy Taraschi <[EMAIL PROTECTED]>
wrote:
>Steve S. wrote:
>
>> I'm assuming your BIOS won't allow you to turn off the keyboard
>> check? I have a P150 does this no problem, sorry if I missed it and
>> you already posted ...
>
>My original request was due to the fact that my BIOS did not support
>the option of disabling or ignoring the keyboard check. Thanks for the
>reply.
>
>--
>Rudy Taraschi
>
><rudy at see aye ee dot see aye> is my correct email address
I wonder what is actually checked, and if you started with a keyboard, and
started ripping parts off, at what point would you not be able to boot? Seems
you could get a discarded keyboard for less than the adapter (to fool your
bios into thinking the keyboard was attached). I also wonder if you couldn't
get a BIOS upgrade that might allow the no keyboard check? I guess I was
lucky, I didn't really consider this when I bought my mail server, no keyboard,
and no monitor.
--
Steve S.
yubdub
[EMAIL PROTECTED]
remove CLOTHES before replying
------------------------------
From: [EMAIL PROTECTED] (Bill Unruh)
Crossposted-To:
alt.os.linux,alt.comp.linux,be.comp.os.linux,easynet.be.support,comp.os.linux.security
Subject: Re: HELP on /etc/passwd
Date: 27 Feb 2001 06:24:12 GMT
In <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Frederic ) writes:
]On Sun, 25 Feb 2001 14:34:35 +0100, ob1 <[EMAIL PROTECTED]> wrote:
]>Hello all
]>
]>I have a LARGE LARGE pbrl, you know this small file which gathers
]>"user" under linux, and well I have modify the first word of " root "
]>in " ROOt ", wonder not how I made... Is somebody would have a remedy
This is fine. The system does not care what the name of userid 0 is.
Just log on as ROOt if that is what you called it. If that does not work
then you porbably changed the password as well.
]>has this kind of prbl???
]>
]>I have tried to log me as "ROOt " or to change the config via
]>Webmin... etc NADA. It is on a small production server and this is
]>really tedious to reinstall it...
Try on the cosole doing
linux 1
at the LILO prompt.
------------------------------
From: "sandy" <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux
Subject: Re: stupid mistake
Date: Tue, 27 Feb 2001 06:27:22 GMT
"Antonomasia" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> > I'm running RH 7.0 and stupidly overlayed my libc with garbage this
> > morning locking up everything. When I boot in rescue mode I have no
> > hd's in /dev so I can't mount my drive to fix it. When I do a regular
<snip>
Um .... I think that when you boot in rescue mode you are booting
into a RAM image of a filesystem. Do a "df" to see where
your real root partition is mounted. If the real root partition is
mounted at like "/mnt/systemroot/" then the device files are in;
/mnt/systemroot/dev
Tada ... not in "/dev"
Keith
------------------------------
From: Didier CASSEREAU <[EMAIL PROTECTED]>
Crossposted-To: comp.os.linux.setup
Subject: AHA2940 and CDROM Tower
Date: Tue, 27 Feb 2001 07:29:01 +0100
Hello everybody,
I try to connect a CDROM tower to the SCSI connector of my Linux box
(Redhat 7.0).
The 6 CDs are correctly identified by the Adaptec bios.
The SCSI card is AHA2940 and I try to use the driver aic7xxx.o
Running 'insmod aic7xxx.o', the SCSI adapter is found, then Linux tries
to identify the different CDs connected to the bus.
Then I enter an infinite loop with the following error message:
(scsi1:-1:-1:-1) Referenced SCB 1 not valid during SELTO.
SCSISEQ = 0x5& SEQADDR = 0x8 SSTAT0 = 0x10 SSTAT1 = 0x8a
Then I cannot stop the 'insmod aic7xxx.o' command, nor kill the
corresponding process.
I would appreciate any kind of suggestion.
Thanks in advance
--
===========================================================
Didier CASSEREAU
Laboratoire Ondes et Acoustique
Universite Paris VII, CNRS UMR 7587
10 rue Vauquelin, 75231 PARIS Cedex 05, FRANCE
Tel: +33 (0)1.40.79.44.69
Fax: +33 (0)1.40.79.44.68
E-mail: [EMAIL PROTECTED] / [EMAIL PROTECTED]
http://www.loa.espci.fr
------------------------------
From: "Ian P. Springer" <[EMAIL PROTECTED]>
Crossposted-To:
alt.os.linux,alt.solaris.x86,comp.unix.admin,comp.unix.aix,comp.unix.misc,comp.unix.shell
Subject: Re: Works like this in Sol2.8
Date: Tue, 27 Feb 2001 06:40:39 GMT
That script doesn't really demonstrate the behavior. test.sh also needs to send
some output to stderr. After all, the problem in this thread directly concerns
stderr.
test.sh should be:
#!/bin/ksh
echo OUTPUT
echo ERROR >&2
$ chmod 700 test.sh
$ ./test.sh 2>&1 | tee test.txt
cat test.txt should be:
OUTPUT
ERROR
If it's not, the AIX ksh may have a bug.
-Ian
"CH" <[EMAIL PROTECTED]> wrote in message
news:fNDm6.31364$[EMAIL PROTECTED]...
> Works for me in Solaris 2.8
> $ cat test.sh
> #!/usr/bin/ksh
> let a=1
> echo "test"
> $ ksh -x test.sh
> + let a=1
> + echo test
> test
> $ ksh -x test.sh 2>&1 | tee test.txt
> + let a=1
> + echo test
> test
> $ cat test.txt
> + let a=1
> + echo test
> test
>
> "J.Smith" <[EMAIL PROTECTED]> wrote in message
> news:1Rvm6.5860$43.28610@zonnet-reader-1...
> > >
> > > This does not satisfy the reqirement if I read it literally
> > > because it also redirect the the stdout to the logfile.
> > >
> >
> > Sorry if my english is a little rough around the edges, but...
> >
> > BOTH stdout AND stderr had to go to the logfile AND to the screen, yes.
> >
> > Sorry if my previous post was unclear about that.
> >
> > But when I try this on AIX 4.x, using ksh, like:
> >
> > cat thisfiledoesnotexist 2>&1 | tee -a logfile
> >
> > stderr still goes to the screen (the cat error message, complaining it
> cant
> > find the file), but *not* to the logfile...
> >
> > huh ?
> >
> > Does this mean ive found a bug... errr feature ? Or am I screwing up in
> > there somehow?
> >
> >
> >
> >
>
>
------------------------------
From: [EMAIL PROTECTED] (Thaddeus L Olczyk)
Subject: Re: Xfree86 problems
Date: Tue, 27 Feb 2001 06:53:01 GMT
Reply-To: [EMAIL PROTECTED]
On Mon, 26 Feb 2001 22:01:48 -0500, in comp.os.linux.misc you wrote:
>Thaddeus L Olczyk wrote:
>
>> I just converted my whole system to Reiserfs ( except for /boot).
>> The way I accomplished this was to tar gzip each partition and
>> then reformat that partition, and untar ungzip the partition back.
>> The problem is that everything seems to work. I manage to boot
>> runlevel 3 fine. The one problem that I have is when I try to start X.
>> At which point the system hangs and I have to reboot.
>> Is there some way I can start configuring the system from scratch
>> ( which would be the simplest way to fix things )?
>>
>> The way the system hangs is this.
>> The screen goes blank, nothing comes up, and I can still telnet into
>> the system.
>> I wonder if what is happening is that a window manager is not being
>> started.
>> Any idea?
>> TIA
>
>switch back to the console u started X from (using CTL+ALT+Fx) to see if
>any error messages are reported that u woudlnt normally see b/c u would
>be seeing X related stuff on screen.
I can't.
------------------------------
From: "David E. Smith" <[EMAIL PROTECTED]>
Subject: Re: HOW TO make a user an administrator of a group or single user
Crossposted-To:
alt.os.linux,comp.os.linux,comp.os.linux.admin,comp.os.linux.networking,comp.os.linux.security
Date: Tue, 27 Feb 2001 06:38:47 +0000
In our last shocking episode of comp.os.linux.admin,
[EMAIL PROTECTED] revealed a dark secret:
> You don't have to write a suid program, just an ordinary program.
> Then let sudo exec it (whenever it fills sudo's rules)
> This way your mistakes in the additional program is less security
> hazardeous.
But then we're back to having to maintain a reasonably complex `sudoers'
file, which I perceive as problematic, and potentially even more
dangerous.
The original problem was: How to let user A change the password of other
user accounts, but not all user accounts?
Humans being the lazy creatures they tend to be, over time the rules in
sudoers will likely evolve to be more permissive than intended. (AFAIK
sudo isn't smart enough to handle things like "is user A a member of group
B" in this context.)
A small program/shell script/whatever can validate that the username is on
the "okay" list, then exec passwd. This will still need root privs, but
should be even smaller/safer than my original notion.
...dave
------------------------------
From: Silviu Minut <[EMAIL PROTECTED]>
Subject: Re: passwd error in RH7 upgrade?
Date: Tue, 27 Feb 2001 02:30:20 -0500
It is a bug that I too (like everybody else) had when I first installed
7.0. Check the RH updates and errata. I don't know exactly what package
fixed it. At any rate you definitely need to update glibc, gcc (if you
program), xinetd, and whatever else you find useful. You might also want to
take a look at the RH bug tracking page.
Drew Krause wrote:
> We just upgraded from Redhat 6.0 to 7.0 and can't change passwords -- it
> always comes back with
>
> "Authentication token manipulation error"
>
> No accounts can be changed (not even root). Any ideas why?
------------------------------
Reply-To: "Nils O. Selåsdal" <[EMAIL PROTECTED]>
From: "Nils O. Selåsdal" <[EMAIL PROTECTED]>
Subject: Re: Setting global environment variables
Date: Tue, 27 Feb 2001 09:21:42 +0100
"Mladen Gavrilovic" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> >
> > not at runtime AFAIK, but if you add that command to /etc/profile then
it
> > will work for every new shell.
> >
> yeah, I added it to profile already... I was just wondering if there was
> a way to test it without rebooting... oh well, here I go again <click>
you dont reboot, switch back and forth in some runlevels will do, type:
init 3 ; init 5
you reboot a linux box when:
1. You add or remove hardware
2. You upgrade the kernel
3. power failure.
------------------------------
Reply-To: "Nils O. Selåsdal" <[EMAIL PROTECTED]>
From: "Nils O. Selåsdal" <[EMAIL PROTECTED]>
Subject: Re: identd processes -- what for?
Date: Tue, 27 Feb 2001 09:24:17 +0100
"Jean-David Beyer" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> Stearns28 wrote:
> >
> > Hi all,
> >
> > There are six or seven "identd -e -o" processes showed up on the output
of "ps
> > -ax". What are those processes for? "man identd" says identd is for
> > identifications purpose. Is it an essential service? Is it a security
risk?
> >
> Bizarre.
>
> It is useful for sendmail, though not usually vital. It is probably
> not a security risk, but mine is setup so that only a few systems
> (in /etc/hosts.allow) can use it, just in case (my other machine on
> my LAN, and my ISP).
>
> Mine is not started as a daemon (I see no use to do that). It is run
> only as needed, and since my machine is really mostly a desktop,
> that is only a few times per day (when I am sending e-mail through
> my ISP to someone on the Internet).
Many other servers can be set up to use it, e.g. Apache.
It is used (among other things) to get information about the user(owner) of
a process that did a tcp
connection.
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: LyX and missing layouts
Date: Tue, 27 Feb 2001 08:27:08 +0000
> Have a look at the file Customization.lyx, there is a section called
> "Installing a new LaTeX package".
I have seen that. The classes I want to use (Broadway and Hollywood) came
with the distribution, and seem to be in the directories where they are
supposed to be.
A search on DejaNews gave me several messages from people who have had the
same problem, but noone seems to know how to make these layouts work.
(Makes me wonder how they made it into the distribution...)
frank
------------------------------
From: [EMAIL PROTECTED]
Subject: Re: Scanners under Linux
Date: Tue, 27 Feb 2001 08:30:29 +0000
On Mon, 26 Feb 2001 10:02:52 +0100, Michael Heiming <[EMAIL PROTECTED]>
wrote:
> I have a really very cheap Mustek SCSI scanner:
> Host: scsi0 Channel: 00 Id: 06 Lun: 00
> Vendor: SCANNER Model: Rev: 2.02
> Type: Scanner ANSI SCSI revision: 01 CCS
Uh... that was informative!
frank
------------------------------
From: [EMAIL PROTECTED]
Crossposted-To:
alt.os.linux,comp.os.linux,comp.os.linux.admin,comp.os.linux.networking,comp.os.linux.security
Subject: Re: HOW TO make a user an administrator of a group or single user
Date: 27 Feb 2001 09:09:18 GMT
In comp.os.linux.admin David E. Smith <[EMAIL PROTECTED]> wrote:
> In our last shocking episode of comp.os.linux.admin,
> [EMAIL PROTECTED] revealed a dark secret:
>> You don't have to write a suid program, just an ordinary program.
>> Then let sudo exec it (whenever it fills sudo's rules)
>> This way your mistakes in the additional program is less security
>> hazardeous.
> But then we're back to having to maintain a reasonably complex `sudoers'
> file, which I perceive as problematic, and potentially even more
> dangerous.
You are missing my point. Make the program that does the validation, but
don't do it setuid. Leave that to sudo.
Sudoers will only have rules for who is allowed to run the "program", the
inner complexity of the "program" is done there.
This way you will not be affected with buffer overflows etc in the "program"
since only selected users will be allowed to run it setuid.
peter h
> The original problem was: How to let user A change the password of other
> user accounts, but not all user accounts?
> Humans being the lazy creatures they tend to be, over time the rules in
> sudoers will likely evolve to be more permissive than intended. (AFAIK
> sudo isn't smart enough to handle things like "is user A a member of group
> B" in this context.)
> A small program/shell script/whatever can validate that the username is on
> the "okay" list, then exec passwd. This will still need root privs, but
> should be even smaller/safer than my original notion.
> ...dave
--
Peter Håkanson Phone +46707328101 Fax +4631223190
IPSec sverige Email [EMAIL PROTECTED]
"Safe by design" Address Bror Nilssons gata 16 Lundbystrand
S-417 55 Gothenburg Sweden
------------------------------
From: Fabrice Colin <[EMAIL PROTECTED]>
Subject: Re: TDFX framebuffer driver with 2.4.2
Date: Tue, 27 Feb 2001 09:13:16 +0000
> Second, I have experimented a bit with the "vga" parameter to change the
> resolution. Again, this works OK until the kernel switches to fbdev and
> resets to, hmmm, 640x480-something. Is this the normal behaviour ?
>
Oops... It appears I hadn't read the fb documentation that comes with
the
kernel source. I have added a "video=" parameter to the kernel and it
now
starts up with the resolution I wanted.
I am still looking for information on the other items though.
------------------------------
Date: Tue, 27 Feb 2001 17:25:27 +0800
From: Carfield Yim <[EMAIL PROTECTED]>
Subject: I can't restart my adsl-connection of rp-pppoe
I am using rp-pppoe to connect to internet from my adsl-modem at home.
I encounter a problem that when I telnet to my home computer from
outside for a long time, the connection will freeze. Besides, sometimes
if my home online for a long time, the connection will also freeze.
I don't think it is the problem of rp-pppoe but I think that it is the
problem of my adsl modem, as similar thing will happen when I use
windows. So I would like to write a script to restart my connection if
it detect the connection is die. Then I encounter a problem, I find that
after I use "adsl-stop" to kill my connection, I can't use "adsl-start"
to bring up the connection, I must restart my computer in order to bring
up the connection. I think that I can restart the connection if I can
reset eth0, but how can I do?
------------------------------
From: [EMAIL PROTECTED] (Andres Kuusk)
Subject: Re: LyX and missing layouts
Date: 27 Feb 2001 09:25:14 GMT
[EMAIL PROTECTED] wrote:
>
>> Have a look at the file Customization.lyx, there is a section called
>> "Installing a new LaTeX package".
>
> I have seen that. The classes I want to use (Broadway and Hollywood) came
> with the distribution, and seem to be in the directories where they are
> supposed to be.
You have to install these classes in latex:
copy classfiles broadway.cls and hollywood.cls to
/usr/share/texmf/tex/latex/base/, there are other classfiles.
As root run texconfig and look the menus there.
Andres Kuusk
Tartu Observatory, Estonia.
------------------------------
From: Thomas Harsch <[EMAIL PROTECTED]>
Subject: Re: Is my CDRW detected correctly?
Date: Tue, 27 Feb 2001 10:52:20 +0100
fafaforza wrote:
> but when I run cdrecord -scanbus:
>
> ringa:/opt/schily/bin# ./cdrecord -scanbus
> Cdrecord 1.9 (i686-pc-linux-gnu) Copyright (C) 1995-2000 Jörg Schilling
> ../cdrecord: Permission denied. Cannot open '/dev/sg0'. Cannot open SCSI driver.
> ../cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root.
Try a 'chmod 4111 cdrecord' (you have to be loged in as root), then
retry. This worked for me on several PC's.
Or try the cdrecord -scanbus when you logged in as root, this should
work, too.
CYA
Thomas
------------------------------
From: "Jason L" <[EMAIL PROTECTED]>
Subject: Help for Jakarta Tomcat(JSP)
Date: Tue, 27 Feb 2001 18:06:53 +0800
Hi,
I am using Redhat Linux 7.0, installed Java SDK 1.3, Jakarta Tomcat
3.2.1-1(all using rpm to install), and it work fine for
http://localhost/examples/jsp/ and http://localhost/examples/servlet/
But I want to try to use it in other directory like http://localhost/jsp .
Can anyone tell me how to do it?
Thanks
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list by posting to comp.os.linux.misc.
Linux may be obtained via one of these FTP sites:
ftp.funet.fi pub/Linux
tsx-11.mit.edu pub/linux
sunsite.unc.edu pub/Linux
End of Linux-Misc Digest
******************************
