Ubuntu "Hardy Heron" Reloaded

The first maintenance update of Ubuntu 8.04 LTS has been released. Ubuntu 8.04.1 LTS has over 200 updates that include major bug fixes and security updates while maintaining the stability and compatibility with the initial Ubuntu 8.04 LTS release.

This is the first maintenance release of Ubuntu 8.04 Hardy Heron that will continuously be supported with maintenance updates and security fixes until April 2011 on desktops and April 2013 on servers.

Here's a list of some of the updates and fixes as listed on Ubuntu 8.04.1 LTS release announcement:



Desktop Updates

* Remove a workaround which caused performance issues for evolution and
should no longer be required;

* Disable window manager compositing for i815 chips due to garbled
display output;

* Fix a hang when using the desktop panel clock together with evolution
calendaring;

* Don't show mounts on the desktop that the user cannot access;

* Fix problem with Remote Desktop Viewer connecting to some servers;

* Fix hangs with gksu and update-manager when the hostname cannot be
resolved;

* Restore frequency scaling on Intel Core 2 Duo systems after
suspend/resume;

* Fix display on multiple systems with the intel video driver;

* Fix display on Geode GX2 hardware;

* Update to GNOME 2.22.2, fixing numerous bugs;

General Updates

* Fix a problem with excess logging when libpam-smbpass is not installed;

* Update apparmor profile to allow access to /var/lib/samba/*.tdb;
fixing an authentication-related CUPS crash;

* Fix duplex printing to Ricoh printers;

* Require password on root account when set and using recovery mode;

* Restore support for dmraid raid45 arrays;

* Return an error immediately instead of hanging when an NFS server
returns permission denied;

* sudo no longer errors out if the hostname cannot be resolved;

You can read the complete release announcement HERE.

Other members of the Ubuntu family of distributions have also been updated; this includes Kubuntu and Kubuntu-KDE4, Xubuntu, Ubuntu Studio and Mythbuntu. I'm currently using Xubuntu Hardy Heron, and have noticed significant improvements in overall performance after receiving those listed updates and fixes.

10 Best Hacking and Security Software Tools for Linux

Linux is a hacker’s dream computer operating system. It supports tons of tools and utilities for cracking passwords, scanning network vulnerabilities, and detecting possible intrusions. I have here a collection of 10 of the best hacking and security software tools for Linux. Please always keep in mind that these tools are not meant to harm, but to protect.

1. John the Ripper

John the Ripper is a free password cracking software tool initially developed for the UNIX operating system. It is one of the most popular password testing/breaking programs as it combines a number of password crackers into one package, autodetects password hash types, and includes a customizable cracker. It can be run against various encrypted password formats including several crypt password hash types most commonly found on various Unix flavors (based on DES, MD5, or Blowfish), Kerberos AFS, and Windows NT/2000/XP/2003 LM hash. Additional modules have extended its ability to include MD4-based password hashes and passwords stored in LDAP, MySQL and others.

2. Nmap

Nmap is my favorite network security scanner. It is used to discover computers and services on a computer network, thus creating a "map" of the network. Just like many simple port scanners, Nmap is capable of discovering passive services on a network despite the fact that such services aren't advertising themselves with a service discovery protocol. In addition Nmap may be able to determine various details about the remote computers. These include operating system, device type, uptime, software product used to run a service, exact version number of that product, presence of some firewall techniques and, on a local area network, even vendor of the remote network card.

Nmap runs on Linux, Microsoft Windows, Solaris, and BSD (including Mac OS X), and also on AmigaOS. Linux is the most popular nmap platform and Windows the second most popular.


3. Nessus

Nessus is a comprehensive vulnerability scanning software. Its goal is to detect potential vulnerabilities on the tested systems such as:

-Vulnerabilities that allow a remote cracker to control or access sensitive data on a system.
-Misconfiguration (e.g. open mail relay, missing patches, etc).
-Default passwords, a few common passwords, and blank/absent passwords on some system accounts. Nessus can also call Hydra (an external tool) to launch a dictionary attack.
-Denials of service against the TCP/IP stack by using mangled packets

Nessus is the world's most popular vulnerability scanner, estimated to be used by over 75,000 organizations worldwide. It took first place in the 2000, 2003, and 2006 security tools survey from SecTools.Org.


4. chkrootkit

chkrootkit (Check Rootkit) is a common Unix-based program intended to help system administrators check their system for known rootkits. It is a shell script using common UNIX/Linux tools like the strings and grep commands to search core system programs for signatures and for comparing a traversal of the /proc filesystem with the output of the ps (process status) command to look for discrepancies.

It can be used from a "rescue disc" (typically a Live CD) or it can optionally use an alternative directory from which to run all of its own commands. These techniques allow chkrootkit to trust the commands upon which it depend a bit more.

There are inherent limitations to the reliability of any program that attempts to detect compromises (such as rootkits and computer viruses). Newer rootkits may specifically attempt to detect and compromise copies of the chkrootkit programs or take other measures to evade detection by them.


5. Wireshark

Wireshark is a free packet sniffer computer application used for network troubleshooting, analysis, software and communications protocol development, and education. In June 2006, the project was renamed from Ethereal due to trademark issues.

The functionality Wireshark provides is very similar to tcpdump, but it has a GUI front-end, and many more information sorting and filtering options. It allows the user to see all traffic being passed over the network (usually an Ethernet network but support is being added for others) by putting the network interface into promiscuous mode.

Wireshark uses the cross-platform GTK+ widget toolkit, and is cross-platform, running on various computer operating systems including Linux, Mac OS X, and Microsoft Windows. Released under the terms of the GNU General Public License, Wireshark is free software.


6. netcat

netcat is a computer networking utility for reading from and writing to network connections on either TCP or UDP.

Netcat was voted the second most useful network security tool in a 2000 poll conducted by insecure.org on the nmap users mailing list. In 2003, it gained fourth place, a position it also held in the 2006 poll.

The original version of netcat is a UNIX program. Its author is known as *Hobbit*. He released version 1.1 in March of 1996.

Netcat is fully POSIX compatible and there exist several implementations, including a rewrite from scratch known as GNU netcat.


7. Kismet

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b and 802.11g traffic.

Kismet is unlike most other wireless network detectors in that it works passively. This means that without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients, and associate them with each other.

Kismet also includes basic wireless IDS features such as detecting active wireless sniffing programs including NetStumbler, as well as a number of wireless network attacks.


8. hping

hping is a free packet generator and analyzer for the TCP/IP protocol. Hping is one of the de facto tools for security auditing and testing of firewalls and networks, and was used to exploit the idle scan scanning technique (also invented by the hping author), and now implemented in the Nmap Security Scanner. The new version of hping, hping3, is scriptable using the Tcl language and implements an engine for string based, human readable description of TCP/IP packets, so that the programmer can write scripts related to low level TCP/IP packet manipulation and analysis in very short time.

Like most tools used in computer security, hping is useful to both system administrators and crackers (or script kiddies).


9. Snort

Snort is a free and open source Network Intrusion prevention system (NIPS) and network intrusion detection (NIDS) capable of performing packet logging and real-time traffic analysis on IP networks.

Snort performs protocol analysis, content searching/matching, and is commonly used to actively block or passively detect a variety of attacks and probes, such as buffer overflows, stealth port scans, web application attacks, SMB probes, and OS fingerprinting attempts, amongst other features. The software is mostly used for intrusion prevention purposes, by dropping attacks as they are taking place. Snort can be combined with other software such as SnortSnarf, sguil, OSSIM, and the Basic Analysis and Security Engine (BASE) to provide a visual representation of intrusion data. With patches for the Snort source from Bleeding Edge Threats, support for packet stream antivirus scanning with ClamAV and network abnormality with SPADE in network layers 3 and 4 is possible with historical observation.


10. tcpdump

tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.

The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.


Do you have a favorite security software tool for Linux? Feel free to comment and tell us about it.

8 Most Useful Commands and Keyboard Shortcuts Linux Newbies Should Know

To use Linux nowadays, you don't have to touch the command line to get going. This may be true. However, I still find it important that newbies and those who are still planning to use Linux should know some of the basic commands and keyboard shortcuts to make the most out of their Linux desktop and to start having a good time.

So here I made a list of 8 most useful Linux terminal commands and keyboard shortcuts that I think newbies should know:

1. ls

With this command, you can view the content of your current working directory. ls is often paired with options -l (to view a detailed list of files) and -a (to view the hidden files).

Use it like this:

$ ls -al

2. sudo

Allow users to run programs with the security privileges of another user (normally the superuser). By default, sudo will prompt for a user password but it may be configured to require the root password.

Use it like this:

$ sudo gedit

3. Ctrl-Alt-Esc

When an application hangs or fails to close, never worry. Pressing this keyboard shortcut and then clicking on the troubled application will kill or end its process.

4. find

This is probably the most efficient command to use when you are looking for some files. find searches through one or more directory trees of a filesystem, locating files based on some user-specified criteria. By default, find returns all files below the current working directory.

To recursively search for files that starts with letter j starting from the /home directory use:

$ find /home -name j*

5. apt-get

Since most Linux newbies are probably using Ubuntu, they should know how to use this command.

To install a package:
$ sudo apt-get install package-name

To remove:
$ sudo apt-get remove package-name

6. Ctrl-Alt-Backspace

This keyboard shortcut will kill the X server. Use this if X crashes and you can't exit it normally. This restarts the server and throws you back immediately to the graphical login screen.

7. mv, cp, rm

I know that it is a lot easier to move, copy, and delete files using the mouse. But, I find it important that newbies should also know how to do it from the command line just in case of emergency.

Use them like these:
move
$ mv oldfilename.txt newfilename.txt
copy
$ cp oldfilename.txt newfilename.txt
delete
$ rm oldfilename.txt

8. man

Most Linux commands and applications have manual pages, so man is really handy if you you want to learn more about a particular command or programs.

Use it like this:
man bash

openSUSE 11 is Here, My openSUSE 11 Review is Gone

openSUSE 11 has been released today as promised. It is said that this new version includes more than 200 new features specific to openSUSE such as a redesigned installer for a much easier installation, updated ZYpp stack for faster package management, KDE and GNOME desktop improvements, Compiz Fusion enhancements, and a whole lot more.

For more details, you can read the release announcement HERE, and the release notes HERE.

While openSUSE 11 has officially arrived, my openSUSE 11 review link is gone in Distrowatch’s openSUSE review section. I wonder why? It may just be an oversight since another review from ZDNET has also disappeared. I hope it will all be back soon.

Anyway, you can still read my openSUSE 11 review HERE. There is a lively discussion going on right now and you are always free to share to us your views.


To those who want to get openSUSE 11, you can go directly to the download page HERE.

Update: According to Anonymous, "when the final comes out, Ladislav removes all the developmental reviews." -- Now I know why my review is gone.

50 Most Eye-catching Linux Distro Logos of All Time

I took some time to look at several Linux distribution logos, and then decided to collect 50 of them that caught my eyes. I not only picked those that are well-known and good-looking, but also those that looked weird and ugly. Without any more delay, here they are in no particular order:

1.

2.

3.
4.

5.

6.

7.

8.

9.

10.

11.

12.

13.

14.

15.

16.

17.

18.

19.

20.

21.

22.

23.

24.

25.

26.

27.

28.

29.

30.

31.

32.

33.

34.

35.

36.

37.

38.

39.

40.

41.

42.

43.

44.

45.

46.

47.

48.

49.

50.

It's up to you to decide which logos are beautiful, and which ones are plain ugly :-)

Distro Rankings According to Alexa and Compete

A website's popularity is often measured by its web traffic or the amount of data sent and received by its visitors. Alexa and Compete are two of the most widely accepted services in measuring a website's traffic data. What if we will use these two web traffic analysis services to measure a Linux distribution’s popularity?

To make this possible, I gathered the homepage address of the current Top 5 most popular distros according to Distrowatch’s ‘Page Hit Ranking’, and then utilized them to gather the web traffic information with the aid of course of Alexa and Compete.

Here are the results:
(click on the graph to enlarge the images)



Here is a chart to clearly see the outcome:

Notice the differences between the current Distrowatch (distro) ranking when compared to the rankings based on the traffic data from Alexa and Compete.

Is a site’s traffic stat a better measurement of a Linux distribution’s popularity? Share to us your thoughts.

PS: You might also want to check out this post -- Distro Rankings and Popularity Ratings through the Years
---

Ubuntu/Xubuntu 8.04 Macbook Pro Sound and Keyboard Fixes

After getting the wireless card (Wi-Fi) working in Xubuntu Hardy Heron on my Macbook Pro (Penryn), I went on by fixing the keyboard (special keys) and the sound.

The keyboard fix is actually very simple. I haven't seen a detailed tutorial on fixing the special keys for the MBP (Penryn) anywhere, so I'm writing this as a guide to others that might also need help.

A package called "pommed" is all that is needed to get the special keys (like brightness and volume controls and eject button) to work. However, the pommed version 1.15 that is currently available from Ubuntu repo doesn't work at all on the Penryn Macbook Pro. You will need the version 1.17. Where to get it? Thanks to Debian for already including pommed 1.17.deb binary installer from their repo, so you don't have to compile it from source. All you have to do is this:

1. Open Synaptic Package Manager.

2. Go to "Settings", and then "Repositories".

3. Click on the "Third-party software" tab, then click add...

4. Copy and paste this:

deb http://ftp.de.debian.org/debian lenny main

5. After adding, you have to "Reload".

6. Search for pommed 1.17 and install it.

7. You are done.

Fixing the audio problem is a lot easier. In fact, sound is supported in Macbook Pro, but it has detection glitch. You can resolve this by simply adding:

options snd_hda_intel model=mbp3 to /etc/modprobe.d/options.

Here's how:

1. open /etc/modprobe.d/options in a text editor, or just use this command in Xubuntu:

sudo mousepad /etc/modprobe.d/options

2. Simply paste this at the bottom:

options snd_hda_intel model=mbp3

3. Save and reboot.

4. Open the "volume control" and make sure to put the volume level up when testing the sound.

5. You are done.

My Macbook Pro and Xubuntu Hardy Heron are getting along quite well now. However, I'm still in the process of tweaking because there are still some minor issues that need to be addressed. Like the CPU temperature is several degrees hotter when running extensively in Xubuntu than when in OS X. Any suggestions?

That's all for now. See you later.

The Anatomy of a Crappy Linux Distro

All Linux distributions are not created equal. Some are superior in quality while others are so full of crap. I hate to sound grumpy like Béranger, but I have tried plenty of distros my entire life and have experienced using those that made my blood boil. I'm naturally a patient man, however, I have to be honest and share to you (based on my own experience) some of the things that can make me think of a distro as a piece of rubbish.

For me, a Linux distro is crappy when:

1. Installation takes hours to completely finish despite using a high-end machine.

2. It fails to install even after using every given boot parameter.

3. The installer fails to configure the boot loader properly.

4. The size of the system installer is more than 1GB but its included or out-of-the-box applications are mostly not what I wanted.

5. Its package manager can mess up the installed applications after a software update.

6. It sacrifices performance for beauty.

7. It tries to look like Mac OS X or Windows Vista.

8. It has a lightweight window manager but it's slower than a walking turtle.

9. Its project website and help forums treat you like s#!%.

10. It fails to give you necessary updates and security fixes.

11. Its latest distribution version is way buggier than the previous version.

12. Its stability is equal to that of Windows 2000 Me.

13. Have you used a crappy Linux distro? Feel free to add your annoyances here.


I hate those crappy distros, but I still love Linux :)

Dual-booting Fedora 9 and Xubuntu 8.04 on Macbook Pro

I wrote a preview of Fedora 9 "Sulphur" during its release day and said that I'm going to post an update soon. Now that I have tried and tested F-9 on my 4th gen. Macbook Pro (Penryn), it's time for me to give you a concise summary of the Sulphur experience and how it compares to that of Hardy Heron.

As most of you may know, Linux distros and Apple hardware are not meant for each other. Running Linux on a Mac will almost always give you headaches, as wireless card, audio, and keyboard among others will usually not function as normal. I have personally encountered this while using Ubuntu/Xubuntu on Macbook Pro. Because Fedora 9 is more recent than Ubuntu 8.04, I was hoping against all hope that I would get better hardware support for my MBP. So, I dived into dual booting Xubuntu and Fedora on my Mac.

Since I've already installed Xubuntu, setting up Fedora for dual boot was pretty straightforward. It was my first time installing Fedora via Live CD, and I must say that it was a breeze compared to the old and standard installation method that utilizes Anaconda. The Fedora Live CD installation was Ubuntu-like in terms of newbie-friendliness. The only difficult part was the partitioning. I resized my Xubuntu partition to make way for Fedora. After that, it was smooth sailing until the system installation was completed. And then there were the headaches that I have mentioned above.

Fedora 9 and Ubuntu/Xubuntu Hardy Heron are almost the same in terms of hardware support for the Macbook Pro (Penryn) -- no Wi-Fi, no audio, no keyboard special keys, and no backlight functions. However, I find it interesting that the "eject" button is working out-of-the-box in Fedora while in Ubuntu it did not.

In terms of desktop features and ease-of-use, Fedora still can't beat Ubuntu. If you are used to using Synaptic, then you will be easily frustrated with Fedora's slow and slightly buggy package manager. Like after updating the installed packages, I was informed that there were dependency issues that need to be resolved. Also, I was not given an option to install the essential proprietary driver for my NVIDIA graphics card unlike in Ubuntu.

Despite the difficulties that I have encountered in Fedora 9, I'm still impressed about several things. One is its speed -- its Gnome desktop is at par with the lighter XFCE in Xubuntu in terms of quickness and responsiveness. The speedy boot/start-up process in Fedora is also worth mentioning. Another thing that I love about Fedora is its excellent font and HTML rendering in Firefox. I didn't have to tweak or install anything to get it right.

Although I must admit that I still need more time to fully explore this latest version of Fedora and to fix the hardware issues that I've talked about, I am relatively at peace. Wondering why? Because it feels good to have the best of both worlds inside my MBP -- the stable and secure Fedora and the light and hassle free Xubuntu.

25 Coolest and Funniest Tux Wallpapers

People just can't get enough of Tux, the world-renowned penguin mascot of Linux. I'm saying this because my collection of "30 Coolest and Funniest Tux Icons" has already received a mind-blowing number of hits in just a short period of time. Because of that, I decided to give Tux lovers another treat by handing out my list of twenty-five coolest, funniest, and maybe cutest Tux wallpapers. So without any more delay, here they are:

Note: click on the images to see full size

1. Tux Pirate


2. Black Tux


3. Stone Age Tux


4. Tiny Tux


5. Star Wars Tux


6. Rocket Tux


7. Prisoner Tux


8. Homer Tux


9. Evil Tux


10. Grammatically Incorrect Tux Pirate


11. iPhone Tux


12. Tux Art


13. Gambler Tux


14. Techie Tux


15. Apple-eating Tux


16. Tux of Zorro


17. Sky Tux-apple


18. Tux Guevara


19. South Park Tux


20. Tux Graffiti


21. Glowing Tux


22. Silver Tux


23. Killer Tux


24. Tux World


25. Giant Tux



You may also want to checkout my other wallpaper collections:
*20 Coolest Linux Distro-themed Wallpapers
*25 Coolest Linux Wallpapers

Fedora 9 "Sulphur": Less Hype, All Business

Things went as scheduled. Fedora 9, code-named "Sulphur" has just been released. Fedora 9 promises some significant improvements over its "Werewolf" predecessor. Though this is a major release version of this Red Hat-sponsored distribution, the excitement is less compared to the flight of the "Heron". But should we care about this so-called publicity more than anything?

Though I didn't notice a lot of sites and blogs that displayed a release countdown image, I didn't care because I'm still pretty much excited about Fedora 9. Counting on some rave reviews of Fedora 9 "Preview" HERE and HERE, I expect this new version to be the best release ever. To really know why I'm so thrilled about it, here is a list of new features that are included in Fedora 9:

*This release features GNOME 2.22. GNOME now includes a webcam photo and video creation utility called Cheese, improved network filesystem support, a new international clock applet, Google Calendar support and custom email labels in Evolution, a new Remote Desktop Viewer, improved accessibility features, and PolicyKit integration.

*KDE 4.0.3 is available in the KDE Live image as well as the regular DVD.

*Xfce 4.4.2 is available as part of this release.

*NetworkManager 0.7 provides improved mobile broadband support, including GSM and CDMA devices, and now supports multiple devices and ad-hoc networking for sharing connections. It is now enabled by default on installations from DVD, CD, the network, and Live images.

*The Fedora installer, Anaconda, now supports partition resizing for ext2/3, NTFS filesystems, creating and installing to encrypted file systems, improved Rescue Mode with FirstAidKit, independent locations for the second stage installer and the software packages. A redesigned, larger netboot.iso image now features a second stage installer partly for this reason.

*Live USB images now support persistence, so your data and setting changes will be preserved even after rebooting.

*PackageKit, a new set of graphical and console tools, with a framework for cross-distribution software management, has replaced Pirut in this release of Fedora. The PackageKit graphical updater is available instead of Pup. Behind PackageKit, the performance of yum has been significantly improved.

*FreeIPA makes managing auditing, identity and policy processes easier by providing web-based and command line provisioning, and administration tools to ease system administration. FreeIPA combines the power of the Fedora Directory Server with FreeRADIUS, MIT Kerberos, NTP and DNS to provide an easy, out of the box solution.

*Ext4, the next version of the mature and stable ext3 filesystem is available as a option in this release. Ext4 features better performance, higher storage capacity and several other new features.

*This release of Fedora uses Upstart, an event-based replacement for the /sbin/init daemon.

*Firefox 3 brings a number of major improvements including a native look and feel, desktop integration, the new Places replacement for bookmarks, and a re-worked address bar.

*The completely free and open source Java environment OpenJDK 6 is installed by default. IcedTea 7, derived from OpenJDK 1.7, is no longer the default. IcedTea includes a browser plug-in based on GCJ, and is available for both x86 and x86_64 architectures. GCJ is still the default on PPC architecture.

*OpenOffice.org 2.4, with many new features, is available as part of Fedora 9.

*Fedora now includes Perl 5.10.0, which features a smaller memory footprint and other improvements.

*Fedora now includes TeXLive to replace the older, unmaintained TeX distribution.

*Fedora 9 features a 2.6.25 based kernel.

*Kernel crashes can be more automatically reported to http://www.kerneloops.org/ and diagnosed in a friendly way via the kerneloops package installed by default. Crash signatures are commonly referred to as oopses in Linux.

*Work on the start-up and shutdown in X has yielded noticeable improvements.

See release notes HERE for the complete list of features and important announcements.



Plenty of hardcore Linux enthusiasts are probably on standby right now and are waiting for their download to finish. By the way, you can get Fedora 9 from HERE. At the moment, I'm downloading Fedora-9-i686-Live.iso. I will see you all later for updates.

How about? Do you care about the Fedora 9 release?

Is BSD Better Than Linux?

In my quest to find the most stable, secure, feature-rich, and lightweight desktop operating system for my main workstation, I tried and tested almost all major Linux distributions available. I'm making an effort to settle for Xubuntu right now as I really value its speed and efficiency. However, after reading some of the comments on one of my older articles, I'm having second thoughts.

A comment by "Anonymous Coward" found on my blog post entitled Why Mac OS X Sucks and Linux Rocks said:

"I find that FreeBSD is the most sane operating system of all. Instead of using some weird conventions like some Linux distro, FreeBSD is fast, secure and sane.

Not only the configurations are consistent and intuitive but also all BSDs are consistent with each other. Furthermore, the FBSD7 kernel is faster than Linux kernels out of the box (not to mention u can optimize it manually). All the development tools can easily be installed via the ports (from haskell compilers, Java, IDEs to code analyzers). And of course, if you like your UI, you can install compiz-fusion. And guess what! it all works great.

In terms of MacOS X. It is indeed a pile of eye candy (regardless of its phylogeny with FreeBSD). I find using it's UI slow and inefficient and that's why I stopped using the MacMini I got.

Linux, is just a pile of c**p. The best thing is: It's c**p undercover. U can't really see its crap because: