Sampling Is Simple

Tulisan ini merupakan sebuah prosedur ringkas cara menginstalasi FreeBSD. Tetapi disini ditambahkan fungsi portupgrade -ai (mengganti semua port, dengan konfirmasi), yang memerlukan beberapa konfigurasi lokal dalam file pkgtools.conf. Tujuan uraian ini adalah memakai cvsup.sh && build-world-kernel.sh, dan terbangunnnya sistem yang dapat memberitahu anda apa yang harus dikerjakan kemudian agar instalasi lengkap dengan sedikit usaha. Bagi pemula, sebaiknya pada waktu praktek mengikuti langkah langkah berikut didampingi rekan yang telah terbiasa dengan instalasi FreeBSD. Penjelasan tentang perintah dalam FreeBSD silahkan lihat FreeBSD Handbook. Setelah anda sukses melakukan instalasi FreeBSD, gantilah kernel anda, dan instalasi beberapa port-nya.

Anda perlu perhatikan perintah instant-server dan instant-workstation meta-ports, yang menyatukan layanan yang diperlukan dan aplikasi dekstop. Terutama jika anda mengetik

cd /usr/ports/misc/instant-workstation && make

sistem anda akan menginstalasi berbagai macam software yang bermanfaat secara otomatis.

Dalam uraian ini tidak dijelaskan bagaimana mengubah script yang ada, anda mungkin harus memutuskan mengedit script dalam sistem anda nantinya dan disesuaikan dengan data teknis jaringan komputer anda. Pengeditan script bisa dilakukan dengan mengetik perintah vi namafilenya, setelah muncul filenya barulah anda edit atau isi dengan data teknis jaringan anda seperti nama host, IP address, netmask dll.

Catatan: Perintah $myself dan $hostname, yang dipakai dibawah ini tidak ditujukan sebagai variabel shell sebenarnya. Ketika anda melihat mereka, langsung masukan saja data yang sesuai dengan jaringan komputer anda. Postfix akan memakai variable yang ada didalam file main.cf, ingat -- nama variabel dalam posfix (tidak ditulis italic) dan dapat diakses langsung, jadi Postfix dapat melakukan substitusi variabel secara sendiri.

Catatan: File file yang dipakai dalam prosedur ini ditujukan untuk pemakaian umum, dan meliputi berbagai saran. Namun ini belum tentu sesuai atau optimal bagi kebutuhan sistem anda. Akan tetapi cara berikut ini dapat merupakan awal yang baik bagi instalasi sistem anda. Disarankan untuk mendownload file resource bari uraian ini dari http://www.reppep.com/~pepper/freebsd/install/reppep.tgz, kemudian lihat dan sesuaikan dengan kebutuhan anda lalu copikan ke direktori /root/reppep untuk melanjutkan prosedur berikut nya.

Dasar Instalasi (sysinstall)

1. Instalasi semua file distribusinya ("Semua source sistem, binari dan sistem X Window").
2. Instalasi koleksi port.
3. Konfigurasi network.
4. Tambahkan :
   • bash
   • cvsup
   • ispell
   • kde
   • mozilla-gtk
   • portupgrade
   • rsync
   • samba
   • screen
   • sudo
5. Catatan: Jika anda ingin setiap user mempunyai group personal-nya (seperti yang ada pada Linux & Panther), buatlah group group baru pertama kali pada saat melakukan sysinstall. pastikan setiap langkah pembuatan account user, tiap user mempunyai group 0 (wheel) member-- sebab dengan cara su akan mengalami kurang cocok.

Setup Dasar dan Account

1. Serial console dibuat enable dengan mengetikan : echo "-hD" > /boot.config tekan enter.
2. Bila anda tidak melakukan itu pada terminal serial didalam sysinstall, lakukan sekarang dengan cara mengetikan : echo 'ttyd0 "/usr/libexec/getty std.9600" dialup on secure' >> /etc/ttys lalu tekan enter.
3. Ketikan: visudo # uncomment full access for %wheel lalu tekan enter.
4. Ketikan: cd /root && ftp http://www.reppep.com/~pepper/freebsd/install/reppep.tgz && tar xzf reppep.tgz && ls -lt reppep kemudian anda tekan tombol enter, ambilah file file tambahan yang disarankan berikut patch-nya, dan bukalah pada untuk direktori /root/reppep -- bila anda punya patch local, buka jugalah file file itu untuk patch lokal anda.
5. Jika anda punya pacth lokal, bukalah file file itu dengan cara mengetikan. tar xzf local.tgz && ls -lt reppep tekan enter.
6. Ketikan: patch /etc/ssh/sshd_config /root/reppep/sshd_config.diff tekan enter.
7. Instalasilah file kernel anda dan tetapkan konfigurasinya dalam direktori /usr/src/sys/i386/conf.
8. Ketikan: cd /etc && cp /root/reppep/make.conf . && cat /root/reppep/rc.conf* >> rc.conf && vi resolv.conf rc.conf make.conf && egrep -v '(^$|^#)' rc.conf | sort | more # tuliskan semua konfigurasi jaringan komputer anda pada file rc.conf.local; pastikan tidak ada variabel yang anda tuliskan dua kali didalam file rc.conf.
9. Ketikan: mkdir -p /home/ports/distfiles && cd /usr/ports && rmdir distfiles && ln -s /home/ports/distfiles # preserves ports across rebuilds
10. Ketikan: mkdir -p /usr/sup && cp /root/reppep/cvsupfile /root/reppep/periodic.conf /root/reppep/ntp.conf /etc && cp /root/reppep/refuse /usr/sup && vi /etc/cvsupfile /etc/ntp.conf /usr/sup/refuse
11. Ketikan: mkdir -p ~root/bin ~root/log
12. Ketikan: cd /root/reppep && cp build-world-kernel.sh cvsup.sh /root/bin && chmod u+x /root/bin/*.sh && rehash
13. Ketikan: patch /usr/local/etc/pkgtools.conf /root/reppep/pkgtools.conf.diff

Mengubah Source, Kernel dan World (dengan tipe terbaru, lakukan secara periodik)

Catatan: Rekomendasi dari FreeBSD ada di http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, walau agak susah tetapi secara teori cukup aman. Jika anda masih kurang jelas dg apa yang anda lakukan disini ataupun dengan mengikuti langkah dari situs tadi, bacalah prosedur yang tertulis didalam Handbook FreeBSD.

Peringatan: Langkah ini muda merusak sistem anda, atau mengunci anda sendiri, ketika melakukan perubahan kernel atau world. pastikan anda memiliki akses console (PS/2-style atau serial) sebelum melakukan perubahan.

1. cvsup.sh # mengubah dasar FreeBSD yaitu source (kernel & world), dan pohon port; tidak akan berpengaruh terhadap port yang telah terinstall
2. cd /usr/src && mergemaster -p # mergemaster akan membutuhkan banyak waktu, sehinga akan lebih b aik melakukannya sebelum sistem down.
3. build-world-kernel.sh
4. make installkernel
5. shutdown -r now
6. Pembuatan kernel baru.
7. shutdown now # single-user
8. cd /usr/src && make installworld
9. mergemaster
10. shutdown -r now
11. Editlah tiap file konfigurasi tambahan ang ada dalam direktori /etc or /usr/local/etc.
12. Ujilah sambungan komputer anda ke jaringan dan firewal-nya (mungkin memakai perintah ipfw list).

Catatan: Jika anda memakai bagian ini sebagai panduan dalam pengubahan sistem yang sedang beroperasi, dan bukan sistem yang baru anda buat, jangan lupa lakukan perintah portupgrade -ai pada saat kernel & world yang baru anda buat sudah selesai dikerjakan..

Mengkonfigurasi BIND

1. cd /etc/namedb && sh make-localhost && mv named.root named.root.old && dig @m.root-servers.net. ns . > named.root && vi named.conf && grep named /etc/rc.conf # konfigurasikan domain promer dan domain slave & instalasilah file file zona; bisa dilihat dengan menyetel opsi named_enable="YES"
2. Catatan: Konfigurasi BIND disini dioperasikan sebagai root tanpa partisi pengamanan khusus. Situs http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html memberikan instruksi untuk menjalankan BIND dalam sebuah kondisi chroot, dan BIND mungkin juga dioperasikan dalam kondisi jail. Kedua opsi tersebut cukup melindungi BIND dari serangan, dan bisa anda pertimbangkan, tetapi tidak akan dijelaskan dalam uraian ini.

Instalasi Port

1. cd /usr/ports/lang/perl5.8 && make install && rehash && use.perl port && perl --version
2. portupgrade -a && portversion |grep -v = # mencoba mengubah apa saja.
3. portinstall analog cronolog curl docproj-nojadetex htmldoc lsof lynx-ssl minicom netatalk nmap nut procmail webmin apache2 squirrelmail p5-Mail-SpamAssassin drac imap-uw postfix && rehash # customized or perl-based
4. cd /usr/local/etc && cp smb.conf.default smb.conf && vi smb.conf # disini pasword enkripsi diset enable, lalu melakukan disable terhadap local master, dan disable printer; Disini juga dituliskan pembatasan akses dari IP seperti yang dituliskan dalam firewall yang ada dalam file smb.conf, sehingga semua program terkontrol melalui file yang sama.
5. echo "- -noddp -passwdminlen 6 -loginmaxfail 6 -uamlist uams_dhx.so" >> /usr/local/etc/afpd.conf
6. cd /usr/local/etc/rc.d && patch netatalk.sh /root/reppep/netatalk.sh.diff # disable atalk, pap, & nbp
7. mkdir -p /var/log/samba && cd /usr/local/etc/rc.d && cp netatalk.sh.sample netatalk.sh && cp samba.sh.sample samba.sh
8. Konfigurasikan XFree86 (disini tidak akan dijelaskan lebih rinci) lihatlah situs http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-config.html.
9. Sekali XFree86 bekerja, pasti anda ingin menginstalasi KDE secara otomatis pada saat boot, coba lakukan perintah berikut : echo 'ttyv9 "/usr/local/bin/kdm" xterm on secure' >> /etc/ttys, or use KDE with startx: echo exec startkde > ~/.xinitrc

Mengkonfigurasi Mail

1. cd /etc/mail && mv mailer.conf mailer.conf.sendmail && cp /root/reppep/mailer.conf .
2. cd /usr/local/etc && cp /root/reppep/procmailrc . && vi procmailrc
3. patch /etc/inetd.conf /root/reppep/inetd.conf.diff && patch /etc/pam.conf /root/reppep/pam.conf.diff # for imap-uw
4. vi /usr/local/etc/mail/spamassassin/local.cf # customize SpamAssassin
5. echo localhost > /usr/local/etc/dracd.host && /usr/local/etc/rc.d/dracd.sh start
6. vi /etc/aliases && newaliases # forward for $myself & root
7. Jika memakai Postfix Virtual Host, editlah dengan cara ketikan: vi /etc/mail/virtual && postmap /etc/mail/virtual
8. cd /usr/local/etc/postfix && cat /root/reppep/main.cf.* >> main.cf && vi + /usr/local/etc/postfix/main.cf && postfix stop ; killall sendmail ; postfix check && postfix start && sleep 1 && tail /var/log/maillog
9. cd /usr/ports/mail/imap-uw && make cert && chmod -x /usr/local/certs/imapd.pem # follow prompts
10. Bila diinginkan port terpasang lakukan: portinstall -f mysql-server # -f to get around the hold in pkgtools.conf

Mengkonfigurasi Apache & SquirrelMail

1. mkdir -p /var/log/httpd /home/httpd && mv /usr/local/www/data /home/httpd/htdocs && mv /usr/local/www/cgi-bin /home/httpd && cd /usr/local/etc/apache2 && patch httpd.conf /root/reppep/httpd.conf.diff && touch vhost.conf
2. Either apply a local patch (patch httpd.conf /root/reppep/httpd.conf.diff.local), or vi httpd.conf (set ServerAdmin & ServerName dan lihatlah securitynya)
3. apachectl configtest && apachectl graceful
4. mkdir -p ssl.crt ssl.key && cp /usr/local/certs/imapd.pem ssl.key/server.key && cp /usr/local/certs/imapd.pem ssl.crt/server.crt && vi ssl.???/* vhost.conf && apachectl stop && apachectl configtest && apachectl startssl && apachectl fullstatus # remove cert from server.key & key from server.crt
5. cp /usr/local/etc/php.ini-recommended /usr/local/etc/php.ini
6. cd /usr/local/www/squirrelmail && ./configure
7. Test https://$hostname/mail/.
8. Menguji Squirell Mail (dg cara mengunencryp IMAP ke localhost) & telnet $hostname imap akan gagal, jika diblok oleh firewall.
9. Tambahkan plugin tambahan yang anda inginkan untuk SquirrelMail .

webmin

1. cd /usr/local/lib/webmin/ && ./setup.sh
2. Visit https://$hostname:10000/
3. Konfogurasi Webmin: IP Access Control: aturlah "Only allow from listed addresses" to 127.0.0.1 & trusted IPs.
4. User Webmin: Buanglah semua modul yang tidak diperlukan.
5. Bila mysql-server terinstalasi didalam server anda, Konfigurasi webmin dilakukan dibawah: Servers.
6. /usr/local/etc/rc.d/webmin.sh-dist stop # pakailah argumen start nanti, untuk mengoperasikan webmin bila diperlukan.

Setelah semua selesai, lakukan pengujian atas hasil kerja anda. Apabila ternyata ada kegagalan, ulangi langkah langkah diatas. Kegagalan adalah kesuksesan anda yang tertunda.

Reff : http://www.reppep.com/~pepper/freebsd/install/

The PREROUTING chain is pretty much what it says, it does network address translation on packets before they actually hit the routing decision that sends them onward to the INPUT or FORWARD chains in the filter table. The only reason that we talk about this chain in this script is that we once again feel obliged to point out that you should not do any filtering in it. The PREROUTING chain is only traversed by the first packet in a stream, which means that all subsequent packets will go totally unchecked in this chain. As it is with this script, we do not use the PREROUTING chain at all, however, this is the place we would be working in right now if we wanted to do DNAT on any specific packets, for example if you want to host your web server within your local network. For more information about the PREROUTING chain, read the Traversing of tables and chains chapter.

The PREROUTING chain should not be used for any filtering since, among other things, this chain is only traversed by the first packet in a stream. The PREROUTING chain should be used for network address translation only, unless you really know what you are doing.

Description
The cache replacement policy parameter decides which objects will remain in cache and which objects are evicted (replaced) to create space for the new objects.

• LRU : Squid's original list based LRU policy
• heap GDSF : Greedy-Dual Size Frequency
• heap LFUDA : Least Frequently Used with Dynamic Aging
• heap LRU : LRU policy implemented using a heap

This applies to any cache_dir lines listed below this.
The LRU policies keep recently referenced objects. i.e., it replaces the object that has not been accessed for the longest time.

The heap GDSF policy optimizes object-hit rate by keeping smaller popular objects in cache. So it has a better chance of getting a hit. It achieves a lower byte hit rate than LFUDA though, since it evicts larger (possibly popular) objects.

The heap LFUDA ( Least Frequently Used with Dynamic Aging ) policy keeps popular objects in cache regardless of their size and thus optimizes byte hit rate at the expense of hit rate since one large, popular object will prevent many smaller, slightly less popular objects from being cached.

Both policies utilize a dynamic aging mechanism that prevents cache pollution that can otherwise occur with frequency-based replacement policies.

For more information about the GDSF and LFUDA cache replacement policies see http://www.hpl.hp.com/techreports/1999/HPL-1999-69.html and http://fog.hpl.external.hp.com/techreports/98/HPL-98-173.html .

Example
cache_replacement_policy heap LFUDA
To use this policy, Squid should be built with configure option --enable-removal-policies=heap or simply --enable-removal-policies.

Caution
If using the LFUDA replacement policy, the value of maximum_object_size should be increased above its default of 4096 KB to maximize the potential byte hit rate improvement of LFUDA. If needed to use other policies than default, squid should be built with configure option --enable-removal-policies.

dummynet is a flexible tool for bandwidth management and for testing networking protocols. It is implemented in FreeBSD but is easily portable to other protocol stacks. There is also a one-floppy version of FreeBSD which includes dummynet and a lot of other goodies, see below. It works by intercepting packets in their way through the protocol stack, and passing them through one or more pipes which simulate the effects of bandwidth limitations, propagation delays, bounded-size queues, packet losses, etc.

Each pipe can be configured separately, and packets are forwarded to the appropriate pipe using the ipfw packet filter. Thus you can apply different limitations/delays to different traffic according to the ipfw rules (e.g. selecting on protocols, addresses and ports ranges, interfaces, etc.).

How to use it

There are several ways to run dummynet:

· in the machine where you are running your applications, by intercepting incoming or outgoing traffic;

· you can run dummynet on a machine acting as a router between two or more networks, intercepting traffic going through the router;

· finally, you can run dummynet on a machine acting as a bridge, without even the need to configure a router or changing addresses. You just need to split your cable and put a box in the middle!

You have the option to run dummynet on a full FreeBSD install, or (for the last two cases at least) to use a one-floppy version of FreeBSD, called PicoBSD.

Use

Dummynet is heavily based on the ipfw package for packet selection. ipfw allows the selection of IP packets (and only them) based on a combination of source and destination addresses and ports, protocol types (e.g. UDP, TCP, ICMP, ...), interface, and direction (in or out). The packet filter can be programmed through a sequence of rules, which are applied in sequence to packets until a match is found. The rule specify the action to be taken, one of them being forward the packet to a dummynet pipe. Multiple rules can point to the same pipe.

A pipe simulates the presence of a communication path, with bandwidth limitations, propagation delays, and bounded-size queues. You can define all these parameters independently for each pipe, e.g.

ipfw pipe 1 config bw 256Kbit/s delay 300ms queue 10
ipfw pipe 2 config bw 128KByte/s
ipfw pipe 3 config bw 80Kbit/s delay 100ms
ipfw pipe 4 config plr 0.001

you define four pipes with different features (each pipe is identified by a unique, non-zero number). In particular the second one has no delay and unlimited buffers (virtually; in practice there is a configurable hard limit of 100 to avoid consuming all of your memory for packets queued on a pipe). The third one has no bandwidth and buffer limitations, but introduces a delay on packet forwarding. The fourth pipe simulates a lossy path with a packet loss rate (plr) of 0.1% This feature can be useful for testing purposes.

You can omit parameters that are not needed, and issue a command multiple time to reconfigure the features of a pipe on the fly. The usual suffixes of K (1000 bits/s), KB (1000 Bytes/s), M (1000000 bit/s), MB (1000000 Bytes/s) can be used to specify the bandwidth, whereas the "ms" after the delay is just ignored. Queue size is in buffers.

The routing of packets to pipes is done by specifying the action pipe NN to send the packet to a pipe. E.g.:

ipfw add pipe 2 tcp from my_ip port 80 to any
ipfw add pipe 3 icmp from any to any
ipfw add pipe 1 ip from any to 224.0.0.0/4 out
ipfw add pipe 4 ip from any to any via lo0

the first rule limits outgoing Web traffic, the second one acts on ICMP requests making your machine appear very badly connected, the third one acts on all outgoing multicast traffic, and the fourth one passes loopback traffic through the lossy pipe defined above. You can of course intermix these with other ipfw rules (including SKIPTO actions).

Once a packet has matched a rule with ``pipe'' action, it is forwarded to the appropriate pipe (where it can be just delayed, or even dropped if the queue is already full). On exit from the pipe, the packet is passed again to ip_input() or ip_output(), depending on its direction, and checked against ipfw rules starting from the next one after the matching rule. The presence of the SKIPTO rule makes it possible to construct arbitrary distribution graphs.

Operation

The ipfw code is used to select packets that must be subject to band­ width/queue/delay/losses, and returns the identifier of the ``pipe'' de­ scribing such limitations. Selected packets are first queued in a bounded size queue, from which they are extracted at the programmed rate and passed to a second queue where delay is simulated. At the output from the second queue packets are reinjected into the protocol stack at the same point they came from (i.e. ip_input(), ip_output(), bdg_forward() ). Depending on the setting of the sysctl variable sys.net.inet.ipfw.one_pass Packets coming from a pipe can be either forwarded to their destination, or passed again through the ipfw rules, starting from the one after the matching rule. dummynet performs its task once per timer tick. The granularity of opera­ tion is thus controlled by the kernel option options HZ whose default value (100) means a granularity of 10ms. For an accurate simulation of high data rates it might be necessary to reduce the timer granularity to 1ms or less. Consider, however, that some interfaces using programmed I/O may require a considerable time to output packets. So, re­ ducing the granularity too much might actually cause ticks to be missed thus reducing the accuracy of operation.

Kernel Options

The following options in the kernel configuration file are related to dummynet operation: IPFIREWALL - enable ipfirewall (required for dummynet). IPFIREWALL_VERBOSE - enable firewall output. IPFIREWALL_VERBOSE_LIMIT - limit firewall output. DUMMYNET - enable dummynet operation. NMBCLUSTER - set the amount of network packet buffers HZ - sets the timer granularity Generally, the following options are required: options IPFIREWALL options DUMMYNET additionally, one may want to increase the number of mbuf clusters (used to store network packets) according to the sum of the bandwidth-delay products and queue sizes of all configured pipes.

SYSCTL Variables

net.inet.ip.fw.one_pass is set to 1 if we want packets to pass through the firewall code only once. net.link.ether.bridge_ipfw is set if we want bridged packets to pass through the firewall code.

Commands

The following socket options are used to manage pipes: IP_DUMMYNET_CONFIGURE updates a pipe configuration (or creates a new one. IP_DUMMYNET_DEL deletes all pipes having the matching rule number. IP_DUMMYNET_GET returns the pipes matching the number. IP_FW_FLUSH flushes the pipes matching the number. When the kernel security level is greater than 2, only IP_DUMMYNET_GET is allowed.

History

dummynet was initially implemented as a testing tool for TCP congestion control by Luigi Rizzo, as described on ACM Computer Communication Review, Jan.97 issue. Later it has been then modified to work at the ip and bridging level, and integrated with the IPFW packet filter.

When a client on the internal network contacts a machine on the Internet, it sends out IP packets destined for that machine. These packets contain all the addressing information necessary to get them to their destination. NAT is concerned with these pieces of information:

• Source IP address (for example, 192.168.1.35)
• Source TCP or UDP port (for example, 2132)

When the packets pass through the NAT gateway they will be modified so that they appear to be coming from the NAT gateway itself. The NAT gateway will record the changes it makes in its state table so that it can a) reverse the changes on return packets and b) ensure that return packets are passed through the firewall and are not blocked. For example, the following changes might be made:

• Source IP: replaced with the external address of the gateway (for example, 24.5.0.5)
• Source port: replaced with a randomly chosen, unused port on the gateway (for example, 53136)

Neither the internal machine nor the Internet host is aware of these translation steps. To the internal machine, the NAT system is simply an Internet gateway. To the Internet host, the packets appear to come directly from the NAT system; it is completely unaware that the internal workstation even exists.

When the Internet host replies to the internal machine's packets, they will be addressed to the NAT gateway's external IP (24.5.0.5) at the translation port (53136). The NAT gateway will then search the state table to determine if the reply packets match an already established connection. A unique match will be found based on the IP/port combination which tells PF the packets belong to a connection initiated by the internal machine 192.168.1.35. PF will then make the opposite changes it made to the outgoing packets and forward the reply packets on to the internal machine.

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Qemu is an alternative to VMWare.

QEMU has two operating modes:

• Full system emulation. In this mode, QEMU emulates a full system (for example a PC), including a processor and various peripherials. It can be used to launch different Operating Systems without rebooting the PC or to debug system code.

• User mode emulation (Linux host only). In this mode, QEMU can launch Linux processes compiled for one CPU on another CPU. It can be used to launch the Wine Windows API emulator or to ease cross-compilation and cross-debugging.

OpenBSD is a secure, free computer operating system. It can run on many types of computers, including Intel PCs and Apple Computer's PowerPCs.

Like the other open source BSDs and unlike with most Linux operating systems, the whole operating system is developed by the same group of people with OpenBSD. Programmes from other sources are available as binary packages or may be built from source using the ports tree.

OpenBSD is often the first to add new security tools to make it harder to break, developers have also carefully read through the programming code to check for mistakes more than once. The project is led by Theo de Raadt from Calgary, Alberta, Canada and is released under conditions which put few rerestrictions on people that use the source code, the BSD licence.

OpenBSD releases new versions every six months, each version is supported for one year after release. OpenBSD 3.9 was released May 1, 2006, and OpenBSD 4.0 is being developed for release in November 1, 2006.

AdSense is an ad serving program run by Google. Website owners can enroll in this program to enable text, image and, more recently, video advertisements on their sites. These ads are administered by Google and generate revenue on either a per-click or per-thousand-impressions basis. Google is also currently beta-testing a cost-per-action based service.

Google utilizes its search technology to serve ads based on website content, the user's geographical location, and other factors. Those wanting to advertise with Google's targeted ad system may sign up through AdWords. AdSense has become a popular method of placing advertising on a website because the ads are less intrusive than most banners, and the content of the ads is often relevant to the website.

It currently uses JavaScript code to incorporate the advertisements into a participating site. If it is included on a site which has not yet been crawled by the Mediabot, it will temporarily display advertisements for charitable causes known as public service announcements (PSAs). (Note that the Mediabot is a separate crawler from the Googlebot that maintains Google's search index.)

Many sites use AdSense to monetize their content and some webmasters work hard to maximize their own AdSense income. They do this in three ways:

1. They use a wide range of traffic generating techniques including but not limited to online advertising.
2. They build valuable content on their sites; content which attracts AdSense ads and which pay out the most when they get clicked.
3. They use copy on their websites that encourage clicks on ads. Note that Google prohibits people from using phrases like "Click on my AdSense ads" to increase click rates. Phrases accepted are "Sponsored Links" and "Advertisements".

The source of all AdSense income is the AdWords program which in turn has a complex pricing model based on a Vickrey second price auction, in that it commands an advertiser to submit a sealed bid (not observable by competitors). Additionally, for any given click received, advertisers only pay one bid increment above the second-highest bid.