Knoppix is a version of Linux that can be run straight from the CD without interfering with the Windows or other operating system stored on the hard disk. However, the hard disk partitions can be mounted for reading, backup, or modification, making Knoppix a great way to repair the damage that Windows can do to itself.
I give away copies of Knoppix, usually downloaded from Oregon State University, and add a hand-editable Postscript label to them with some usage and advertising info. This image is designed to work with the CD Stomper Pro CD labelling system.
About Security: So you have a Knoppix disk that claims to be from me. Chances are, I probably was the one that copied it, but a few people have copied my copies with my label and are passing them out. How do you know you can trust me, or them?
Good question! You are thinking about security, and you will be pleased to know that there are good security tools for Linux. The main tools you have are the worldwide web, and the md5 checksum. Parts of the web may be corrupt, but it is impossible for a virus writer to crack the entire web, consistently. So even if they crack this site, and your site, and even Microsoft, there will still be places you can go for accurate information. If your sources disagree, that may not tell you which is right, but it will make the existence of a problem obvious!
For security, we rely on a process called MD5 checksums. MD5 is a complicated mathematical formula that is applied to a chunk of data to produce a 128 bit (32 character) "checksum". Change one bit anywhere in the original data, and you will get a different checksum, probably changing 64 of those bits or about 30 of the characters in the checksum. The chances of a piece of original data and of the modified data having matching checksums is one in 340,000,000,000,000,000,000,000,000,000,000,000,000 . For engineering purposes, the chances are zero. There is no known way to jigger the results. This is as safe as anything we know how to make safe.
On your disk is a file of md5 checksums for the contents of the disk, located in /mnt/cdrom/KNOPPIX/md5sums, also located here. This can be used to test the integrity of the disk and look for bad or degraded copies - you can test with this file by typing "knoppix testcd" at the boot prompt at startup.
You can check with the program md5sum, and you can check this on an entirely different machine, uncorrupted by any programs or malware that might be on an illegitimate copy of this disk. If md5sum is not on your testing machine, you can find out about downloading a copy here.
Again, it is healthy and good citizenship to maintain an active skepticism about the data you use and share. Trust no single person, not me, not Bill Gates, not even yourself. There may be deceptive or clueless people spreading lies about what works and what doesn't, but if there are conflicting claims you can compare them, all the way down into the original software. Put your trust in the web of individuals out there that check each other's work and freely share the results. If you are religious, trust that God will let somebody connected to the web know about a problem, and make sure the web stays open and free so you can find out about it.
At the end of the day, the web of trust is the open source movement's most powerful asset. Ultimately, open source software allows you to actively protect yourself from threats, instead of depending on Microsoft or the government to do it for you.
About labels: I have had problems with the Stomper label sheets jamming my HP laserjet 4 if fed from the paper tray. I have been able to completely eliminate the jams by preparing the Stomper sheets before putting them in the tray. I put the label sheets image-side-down on a flat table, and using a ruler edge as a "curler" I pull the label up past the ruler edge and put about a half inch curve to the sheet. The curve is not much, and the sheet is held flat in the paper tray. This apparently makes the sheet more flexible and easier to get around the rollers in the printer.
Some folks use other labelling systems then the Stomper; near the end of the postscript for the label are the lines:
% Stomper edge definitions
%----------------------------------------------------------------------
% change these to recenter the disk images
% numbers are the X, Y target centers from the
% bottom left corner (in picas, 72 picas/inch)
% these numbers work for the Stomper CD disk labeller
/CenterOne { 203 580 } def
/CenterTwo { 410 207 } def
/EdgeOne { 20 390 } def
/EdgeTwo { 308 390 } def
These coordinates can be changed to match the position of the labels on your own labelling system. You can even add CenterThree for 3-up labels if you have them. Postscript is weird but very programmable!
Making and testing Knoppix copies: It is counterproductive to hand out Knoppix disks that don't work. Knoppix disks can be tested by typing "knoppix testcd" at the boot prompt. However, this test must be watched; if the test fails, there is a screen message, but Knoppix still boots, leaving no indication if one of the tested files in the distro isn't written correctly.
I wrote a burn script that sits in $HOME/bin; when I make Knoppix disks I use that to build and test the disk. The problem is that the iso image on the CD is of variable length; it has a suffix of random garbage (usually zeros, but not always) that pads the image. However, as long as the CD image is longer than the hard disk image, the two can be compared. Here is a script that does the burn and then a verify:
#!/bin/bash # write a Knoppix CD , KLIC version # first drive 2004-Sept-9 SOURCE=/spare/iso/KNOPPIX_V3.6_KLIC.iso CDDEV=1,0,0 CDDRIVE=/dev/cdrom VERIFYCD=/home/keithl/bin/verifycd # because of padding, the resulting CDROM image will be a bit longer /usr/bin/cdrecord -v padsize=64s gracetime=2 dev=$CDDEV $SOURCE /bin/sleep 2 /bin/echo "Verify CDROM - readback" # my own kludge program; compares the longer iso file on $CDDRIVE # to the shorter $SOURCE file $VERIFYCD $CDDRIVE $SOURCE /bin/sleep 2 /usr/bin/eject $CDDRIVE
The verifycd program is a quick hack that compares the CD data to the disk data. Here is the source file, verifycd.c. That probably isn't necessary, but there isn't anything I know about in the Linux toolkit that does bit-level image verification of CDs to the iso files they were made from. Since that is an obvious need, I assume a better program is out there and am counting on you to tell me about it.
last revision September 12, 2004