WinCDEmu Integrates Disk Image Mounting in Windows Explorer

WinCDEmu - Right-click We’ve written before about Virtual CloneDrive, software that can mount and run disk images as if they are physical disks. A similar free program is WinCDEmu.

WinCDEmu – Main site

WinCDEmu – SourceForge page

WinCDEmu is free and open-source, and makes mounting a disk image (*.ISO, *.CUE, *.BIN, *.RAW, and *.IMG) as easy as double-clicking.

In case you are not familiar with disk images, here’s what you need to know: an image is the re-creation of the contents of a CD or DVD saved into a single file. That file will have an extension such as *.ISO, the most-common type.

These disk images are typically burned back onto a CD or DVD using disk-burning software such as InfraRecorder (free). For instance, if you want to download and use a Linux distro, you typically download the ISO and then burn it to a CD, thus allowing you to boot and run from that physical disk.

Software such as WinCDEmu allows you to skip the actual burn and instead use the ISO as a virtual disk. When you mount an ISO (or other image) as a virtual disk, your computer treats it just like a physical one with the benefit that virtual drives operate much faster than physical drives.

Installation and Usage

WinCDEmu - Verify Installing WinCDEmu seems almost too easy. There’s no notification that the install was successful, nor will you find anything new in the Start Menu. The only hurdle at all is telling Windows that yes, you want to install an unverified driver.

It will show up as part of Add/Remove Programs, so you can uninstall it from there if necessary.

Using WinCDEmu is brain-dead simple. For any disk image on your system, just double-click it to mount, and it will show up in Windows Explorer just as if you popped a CD/DVD in the drive. Yes, it works just like Mac OS X, which is a good thing.

To un-mount (or eject) the virtual disk, simply double-click that same disk image (such as the original ISO file, not the mounted image in Explorer).

You can also right-click the virtual drive and Eject. Piece of cake.

WinCDEmu supports an unlimited number of simultaneously mounted virtual drives. It also supports SMB network shares, but be sure to look up the workaround for a Windows cache bug.

Disable the “Install Updates and Shut Down” Option in Windows

install-updates-and-shutdownHave you ever been annoyed at the Install Updates and Shut Down message that displays after Windows Update runs in the background?

It’s easy to avoid this message entirely and force any pending updates to stay associated with the yellow shield in the system tray. This is one setting that I always configure for any machine under my control, mainly to inspect any pending updates before I choose to install them. It’s also handy for avoiding the dreaded WGA notification tool.

On to business: this tip works on XP, Vista, and Windows 7.

First, launch the Group Policy editor by going to Start – Run, and typing:

gpedit.msc

Note: if you don’t see the Start → Run button, just press the Windows key + R.

Once the Group Policy editor opens, expand Computer Configuration, then Administrative Templates, then Windows Components.

group-policy-editor-windows-components

Select the Windows Update component to view a list of settings. Double-click the setting for Do not display ‘Install Updates and Shut Down’ option in Shut Down Windows dialog box.

group-policy-editor-windows-update

In the window that spawns, set it to Enabled and click OK. I agree that this is somewhat unintuitive to enable it, but remember that you are affirming a negative, if that makes sense.

group-policy-editor-windows-update-enable

That’s it! You should no longer see the Install Updates and Shut Down message.

Securing a Linux Server: SSH and Brute-Force Attacks

If you have a web server, then you are the target of many possible attacks. *ANY* port you have open on that server can be exploited, so you if you value your uptime and your data, you need to secure it. This article focuses on locking down your SSH configuration and user permissions.

If you’ve had your server online for a while without locking down your SSH configuration, have a look at this file: /var/log/secure and see if you’ve got a lot of connection attempts.

This is what a brute-force attack looks like:

[prompt]$ sudo less /var/log/secure
May 31 22:42:12 yourdomain sshd[25711]: Failed password for invalid user alberto from 190.2.35.25
port 32976 ssh2
May 31 22:42:12 yourdomain sshd[25712]: Connection closed by 190.2.35.25
May 31 22:46:11 yourdomain sshd[25714]: Connection closed by 190.2.35.25
May 31 22:56:46 yourdomain sshd[25717]: Invalid user neil from 190.2.35.25
May 31 22:57:10 yourdomain sshd[25717]: reverse mapping checking getaddrinfo for customer-static.someisp.com failed - POSSIBLE BREAK-IN ATTEMPT!

Using Geobytes (or a similar IP address locator), I can see that some hacker-bot in Argentina was guessing both usernames (e.g. alberto, neil) and passwords every few seconds. F*#K!!

The Solution

Here’s what the solution to this problem entails:

  1. Add users for each person accessing the server.
  2. Create a password for those users.
  3. Fly to Argentina and show Sancho I got something for his punk-ass. Just kidding… are you still paying attention?
  4. Add the necessary user(s) to the sudoers file. You don’t want anyone to have direct root access, so this file defines who gets sudo privileges.
  5. Create a public/private ssh key to use in logins.
  6. Install the public key(s) on the server. This will enable the server to recognize the owner of the private key (i.e. you).
  7. Turn off Password Authentication
  8. Disable Root Access

Creating an SSH Key on your Desktop Machine

Keys come in pairs: a public key and a private key. You’ll keep your private key on your machine (in a secure place), the public key you upload to the servers you want to connect to.

You can use different algorithms to generate the key; this shows you how to do it using the DSA algorithm, which is considered more secure (as of this writing).

Open your Terminal and type the following, then just press enter for the default file location. (OS X users can just open their Terminal. Windows users will have to use Cygwin or Putty).

* Do a man ssh-keygen on your machine to see if you require different options to create a dsa key.


[prompt]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/Users/youruser/.ssh/id_dsa):

Type a passphrase (twice).


Enter passphrase (empty for no passphrase):
Enter same passphrase again:

And now you get something like this output:


Your identification has been saved in /Users/youruser/.ssh/test.
Your public key has been saved in /Users/youruser/.ssh/test.pub.
The key fingerprint is:
12:34:56:78:01:23:ab:a7:42:2b:46:5a:3f:fc:4c:ca youruser@ComputerName
The key's randomart image is:


+--[ DSA 1024]----+
| o o++o |
| o+ . oo.. |
|++.o .. |
|*o. + . . |
|+. . * S |
| E o . |
| |
| |
| |
+-----------------+

The ASCII art thing is a new feature, allowing folks to visually identify different keys.

For more information about SSH on OS X, please refer to Dave Dribin’s excellent blog:
ssh-agent on Mac OS X 10.5 (Leopard)

Back on your Web Server

Now that you’ve created your public and private key on your desktop machine, you need to head over to your web server and make some changes.

1. Log into your web server and create users

If you are still logging in as the root user, you need to create other users:

Create a user:
adduser your_username
Create a password for the user:
passwd your_username

Test logging in as this user now. From your desktop machine, try
ssh your_username@your_webserver.com

2. Give One User Sudo Privileges

Now that you have a user other than the root user, you should lock down the root user and push root privileges to the sudo command. The goal here will to disable root logins entirely.

You will need to switch to the root account to perform the following. You can either login as the root account from your desktop machine, or switch to the root account by using the Switch User command (su):
[prompt]$su - root

You grant sudo privileges to your users by editing the sudoers file… but you can’t simply edit that file. You must use the visudo command. This is a very special variant of the VI text editor which is designed for a single purpose: to edit the sudoers file. The security of your entire server can be compromised by this single file, so the visudo command ensures that any editing of this file never allows it to be in a state where its permissions could be compromised.

Other than that, the visudo program works like the VI program — it’s a text editor, but you should familiarize yourself with the editor before messing with your sudoers file.

WARNING: You can lockout ALL users from your machine if your fat fingers or VI ignorance corrupt this file!!! If you are at all unsure of your VI abilities, please review our article: VI Overview.

The goal in editing this file is the addition of a single line of text:
your_poweruser_name ALL=(ALL) ALL

There are a lot of other custom modifications you can make to this file to allow certain users access to individual functions, but that’s a more advanced topic.

Save the file, but DO NOT CLOSE THIS WINDOW. If you made a mistake, you need access to this file in order to fix it. I recommend leaving this window open until you’ve got EVERYTHING locked down and you’ve verified that it works.

Again, go back to your desktop machine and test that you can still login using a password. Once you’re in, try using the sudo command and make sure that you an use it to execute commands.

Add Your Public Key to the Web Server

In a new window, login to your web server from your desktop machine. You should still be prompted for your password.

See if you’ve already got a .ssh directory in your user’s home directory:
[prompt]$ ls -Gal

If you don’t have it, create it:
[prompt]$ mkdir .ssh

Now, move into that directory:
[prompt]$ cd .ssh

If you don’t already have a file named authorized_keys, you need to create it (again, you can use the VI text editor)

You need to paste your entire public key from your desktop machine into this file on the web server. IT MUST FIT ON ONE LINE. SSH expects each key to occupy a single line.

*In VI, you can hit ESC then type :set nu to see line numbers.

Once you’ve pasted in your key, save the file and adjust the permissions:

[prompt]$ chmod 644 ~/.ssh/authorized_keys
[prompt]$ chmod 755 ~/.ssh

Remember:
1. Each public key occupies ONE LINE in the authorized_keys file.
2. The authorized_keys file must be read-only for the group and others: 644.
3. The .ssh directory can’t be group writable: 755

Disable Password Logins

The goal here is to disallow random hackers guessing at passwords by disabling password logins entirely. Logins will be verified via keys, and we change how SSH behaves by editing the /etc/ssh/sshd_config file.

Make the following edits to the /etc/ssh/sshd_confg file e.g. by typing sudo vi /etc/ssh/sshd_config

Uncomment the PasswordAuthentication line to
PasswordAuthentication no

And change the line for PermitRootLogin to:
PermitRootLogin no

Then reload the conf:
[prompt]$ sudo /etc/init.d/sshd condrestart

WARNING: KEEP THAT WINDOW OPEN. Open a new window, then try to login as your user once again. You shouldn’t be prompted for your password… you should be prompted for your passphrase — this is the passphrase you created when you created your key.

Try switching to the root account after logging in:
[prompt]$ su - root

And finally, attempt to login as the root user from your desktop. It should fail.

Summary

Congratulations! If you’ve gotten this far, you’ve taken some big steps in securing your server.

Once you’ve verified that all of this stuff works, you can close the login windows. If something did not work, LEAVE THOSE WINDOWS OPEN and call a friend — find someone who knows Linux system administration to help you out. This is even more important if you don’t have physical access to your server.

Links

Here’s an article I referenced while writing this:
http://www.webmasterworld.com/linux/3285421.htm

Create a Bootable Linux USB Flash Drive with UNetbootin

With the rise of the Netbook, optical media (CDs/DVDs) may be marching toward eventual obsolescence. Even if optical media doesn’t disappear anytime soon, certain tasks such as creating a Linux-based boot disc are faster and more convenient when using a USB flash disk rather than a CD.

Let’s work on creating a Linux-based bootable flash disk. To do this, we will use the UNetbootin software.

UNetbootin – Main site

UNetbootin – Download (Windows)

You will also need an empty USB flash drive, preferably 1 GB or larger. I’m using a 1 GB Lexar drive formatted as FAT32.

Boot Disk Creation

UNetbootin is available for Windows and Linux. We’ll use Windows for the purposes of this tutorial. First, you need to download and launch the program (it’s portable – no installation necessary).

UNetbootin - Main

Once it’s launched, you can either provide it with a Linux ISO that you have already downloaded, or pick a distribution from the list and let UNetbootin download the necessary files for you. Most popular distros are supported, including Ubuntu, Fedora, OpenSUSE, and Mandriva. You can also choose various system utilities such as FreeDOS, SystemRescueCD, Parted Magic, and the Dr. Web Antivirus Live CD.

I chose to use an ISO of Ubuntu 9.04 that I had already downloaded. All that’s left to do is make sure your flash disk is plugged in, choose it from the list, and click OK.

UNetbootin - Extracting

Away it goes! UNetbootin will gather the appropriate files, copy them to the flash disk, then automatically install a bootloader. This process may take several minutes to complete depending on the size of the distro. Ubuntu took about 7 minutes or so to complete on my machine, but I’m still using a single-core processor. Hey, it may be slow, but it does everything I need it to do.

When the process finishes, it will prompt you to reboot, which is entirely optional.

UNetbootin - Complete

Hit Reboot Now if you want to go ahead and test your new boot disk on the machine you’re currently using. Otherwise, just exit.

Activate the Partition

Chances are high that your new boot disk will just work, but if you get any strange boot errors, you may need to activate the partition. We can do that with the diskpart utility.

I’m using Server 2008 for this demonstration, but Vista should look and act the same way.

Launch a new Command Prompt (Vista – right-click and choose to Run as Administrator). Type:

diskpart

Now you should have a DISKPART prompt. We need to figure our the drive number for your flash disk. Type:

list disk

If you have several drives, just look at the size to determine which one is the USB flash drive. Mine is obviously Disk 3.

select disk 3

select partition 1

active

That’s it. You’re finished. By typing the active command, you have specified the current disk and partition as active. You can type exit to quit.

Command-Prompt-DISKPART

Booting From the Disk

With the USB flash disk plugged in, go ahead and reboot the computer. This next step is different on many machines, but right as the computer first boots, look for a keystroke to choose a boot device. The key for my motherboard is F8, but it may be F11, F12, or some other key entirely on yours.

Once you find the right key, you should get a menu that allows you to choose a disk or drive from which to boot.

First-Boot-Device

Here I have chosen my Lexar USB flash disk from the boot menu. Provided it boots normally, you should get a UNetbootin bootloader like this:

UNetbootin-Booting

Choose the Default option to start booting, and the rest should function just like a typical live CD. Here’s Ubuntu booting from my USB drive:

Ubuntu-Booting

Once nice part about using flash media as a live environment is that individual programs are far more snappy than when running from a CD. For instance, OpenOffice loads from my flash drive in under 10 seconds. Launching OpenOffice from a live CD might take minutes!

One last thing: remember that the distros that UNetbootin creates are substitutes for CD boot discs, not fully installed Linux operating systems. In other words, they are not persistent – any data that you create or modify will be lost the next time you reboot (just like when working with a normal live CD). Keep that in mind as a limitation. There ARE exceptions, like Puppy Linux, which lets you save your data directly to the USB flash drive.

Happy booting!

Install Warcraft 3 on Ubuntu Linux – A Visual Guide

warcraft3-lichWarcraft 3 may be far from the hottest new game out there, but it’s still one of the most fun games I’ve ever played. And thanks to advancements in the WINE project, it’s also easy to install and run on the Linux operating system. Plus, it doesn’t require massive hardware just to run decently.

I remember trying to get my Warcraft 3 Battle Chest running in Linux a few years ago and ran into several problems. Now, it’s practically a point-and-click experience.

While these directions are specific to Ubuntu, most any other Linux variant should be similar. I tested these instructions on both Ubuntu 8.04 LTS and the current version 9.04. All the screenshots are from Ubuntu 9.04 Jaunty,

The main system specifications I used are quite modest ancient indeed, but Warcraft 3 ran fine anyway.

  • Processor – AMD Athlon XP 2400+ (2.0 GHz)
  • RAM – 1 GB PC2100 (266 MHz)
  • Video Card – Nvidia GeForce 7600 GS (512 MB)

1. Video Drivers

ubuntu-hardware-driversIt goes without saying that in order to play most video games, you need video acceleration. Fortunately, the last few releases of Ubuntu have all offered a convenient way to install proprietary video drivers.

To install most common video drivers, go to System → Administration → Hardware Drivers. You can see if you already have a proprietary video driver in use, or if there is one available to install.

Ubuntu found and installed a driver for my Nvidia card just fine. I don’t own any ATI video cards, so I cannot offer any help there. If you run into any trouble, take a look at the Ubuntu Guide.

To see if you have video acceleration enabled, fire up a Terminal and type:

glxinfo | grep direct

If the direct rendering response is Yes, then you’re in business.

2.  Install WINE

WINE is a translation layer with a somewhat-humorous full name of Wine Is Not (an) Emulator. No matter what you call it, WINE provides an easy way to run a growing number of Windows applications on Linux and other POSIX-compatible operating systems.

Installing WINE on Ubuntu is as simple as launching a Terminal and typing:

sudo apt-get install wine

synaptic-wineAlternatively, you can launch the Synaptic Package Manager (System → Administration) and search for wine. Just add a check next to the wine package, then click the Apply button to download and install.

Following these instructions will install the latest stable release of WINE. On Ubuntu 9.04, the current stable WINE release is version 1.01. To find out which version you have installed, launch a Terminal and type:

wine --version

I found that both version 1.0 and 1.0.1 worked well for running Warcraft 3. If you want to install a more-recent Beta version, follow the instructions on the WineHQ site.

wine-configuration-alsaOnce WINE is installed, go ahead and launch it (Applications → Wine → Configure Wine). The default settings should be fine, but I do suggest that you take a look at the Audio settings and ensure that a suitable sound driver is selected.

I suggest sticking with the ALSA driver by default. If the sound is garbled or doesn’t work well, try switching to the older OSS driver.

Click OK to save your settings. Now it’s time to install Warcraft 3.

3. Game Installation

This may come as a shock, but installing Warcraft 3 on Linux is practically no different from installing it on Windows. You will need a copy of the game and valid serial numbers. If you don’t have it, the Battle Chest is pretty cheap.

warcraft3-discPop in the CD for Reign of Chaos. You should see an icon for the disc load on your desktop. Double-click that disc icon to view the contents. Find the file called install.exe and open it. It should open automatically with WINE and start the installation process.

From there, install the game just as you would on a Windows system, including choosing an installation path of C:\Program File\Warcraft III. Yes, WINE handles that for you automatically.

warcraft3-install-directoryAllow the game to install as usual. If you have The Frozen Throne expansion pack, install it as well. Do not play the game yet!

Update Patch

Recent Warcraft 3 game updates have removed the requirement to run with the original disc in the drive. Therefore, unless you’re just a glutton for punishment, I suggest downloading and installing the latest game patch instead of hunting for a No-CD crack.

Here’s a direct link to the patch page. The current game update (as of this writing) is 1.23a. Once it downloads, just double-click to install. It should open with WINE and install just like on a Windows machine.

blizzard-updater

Note: once the Blizzard Updater finishes patching the game, it will try to launch Warcraft III automatically. If the game crashes or freezes, don’t worry. We’ll fix that in the post-installation below.

4. Post-Installation

On my system, the game froze upon first launch. The reason is that it tries (and fails) to play the opening cinematic video. We can easily work around this issue by renaming the Movies folder.

wine-browse-cGo to Applications → Wine → Browse C:\ Drive. Pretend that you’re on Windows now and continue to Program Files → Warcraft III. Rename the Movies folder to something else, such as _Movies.

As you might suspect, this is only a workaround and not a true fix. It prevents any in-game cinematic videos from playing, but does not affect game-play in any way. You can still watch those videos at any time by opening them in something like Totem or VLC.

Try launching the game now. You’ll find it under Applications → Wine → Warcraft III.

Visual Effects

Here’s another minor issue you might run into. When you launch the game, it runs fine, but you still see the horizontal Ubuntu panels across the top and bottom. Annoying, huh?

ubuntu-visual-effectsIt’s easy enough to fix. On my system, I found that they were caused by having some visual effects enabled in Ubuntu. As nice as the eye candy may be, try disabling it before launching Warcraft III.

Navigate to System → Preferences → Appearance and switch to the Visual Effects tab. Set the level to None. When you launch the game again, the panels should be gone.

Create Launcher

Now that the game is installed and working, let’s create a launcher for it.

Right-click on your desktop and Create Launcher. Here are some parameters:

  • Type – Application
  • Name – Whatever you want
  • Command – “/home/your-username/.wine/drive_c/Program Files/Warcraft III/Frozen Throne.exe”

The command is simply the full path to the Warcraft III executable file (in quotes). You can also add some options at the end of the command, after the quotes. For instance, you may get better performance by adding an opengl option, like this:

"/home/your-username/.wine/drive_c/Program Files/Warcraft III/Frozen Throne.exe" -opengl

You can stack the options. For instance, if you want to require opengl AND make the game run in its own window, try this:

"/home/habibbijan/.wine/drive_c/Program Files/Warcraft III/Frozen Throne.exe" -opengl -window

Icons

If you’re looking for a couple of good icons to use with your launcher, feast your eyes on these.

Warcraft 3 icons.zip

Game Screenshots

For your viewing pleasure, here’s are a few screenshots of Warcraft III running on Ubuntu. I ran the game in window mode instead of full-screen to prove that it does work on Linux. Yeah, I enjoy Skibi’s Castle a lot.

Image 1:

Image 2:

Image 3:

Image 4:

Image 5:

Have fun! If you have any additional tips for running Warcraft III on Linux, let us know in the comments.

Enabling SEO Friendly URLs in MODx (part VI in the series)

Apache .htaccess Rewrites are Powerful
Apache .htaccess Rewrites are Powerful

Many content management systems rely on URL parameters like ?page=3 to determine which page is displayed to the user. MODx (like many other CMS’s) can use Apache’s .htaccess file to rewrite URLs so they are easier to read, e.g. www.mydomain.com/modx/tutorial, and this usually results in higher SEO scores. This article and its video walk you through how to accomplish this for MODx running on an Apache web server. Windows servers have something similar, they just charge more for it (haha).

Here’s the video. I was going to re-do this in high-def, but this was one of those lightning-strike rants that I was on… I just know it wouldn’t be as good if I attempted to remake it.

* I mispronounced MODx in the video (sorry). It should be “mod” as is “modular”.

The Quickie Text Version of the Video

  1. Make sure MODx is installed and your site works.
  2. Go to the root of your site, verify that you have an .htaccess file (MODx often includes a dummy file named “ht.access” which needs to be renamed before it is parsed). Be sure to keep a backup copy of the original!
  3. Edit the .htaccess file and type some junk at the very top of the file. For example, type in “asdpfasdfj” at the top of the file, then save it. Now try to visit any page on your site. You should get an server error, and this is GOOD! This means that the .htaccess file is being parsed, so go back and delete that junk from the file. If you don’t get an error, it means that the .htaccess file is NOT being parsed, and you may need to contact your ISP to see how to enable it. You can’t get friendly URLs working without this!
  4. Once you’ve confirmed that your .htaccess file is being parsed, you can make the appropriate edits (see below). The dummy file included with your MODx install is very well annotated. I’ve listed the most important bits below (please change yourdomain to the appropriate domain). Note that in some of the lines, you must precede periods with a backslash (i.e. you must escape them). Any line starting with “#” is a comment.
    # Vital components of your .htaccess file
    RewriteEngine On
    RewriteBase /

    # Force “www.yourdomain.com” instead of just “yourdomain.com”
    RewriteCond %{HTTP_HOST} .
    RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com [NC]
    RewriteRule (.*) http://www.yourdomain.com/$1 [R=301,L]

    # The Friendly URLs part
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

  5. Make sure your site is still working… you can still use the same un-friendly URLs after making these edits; you just want to make sure you didn’t misspell something in your .htaccess file and cause it to parse incorrectly.
  6. Login to the MODx manager (www.yoursite.com/manager) and go to Tools→Configuration→Friendly URLs and change the following settings:
    * Use friendly URLs: YES
    * Use friendly aliases: YES
    * Use friendly alias path: YES

You should now be able to navigate to pages by using their alias!

More Information

Friendly URLs Guide — From the MODx Wiki.

Technical Details about .htaccess

What exactly is happening? Well, the .htaccess file can control a lot of server settings, and you can think of it almost like a style sheet: the server has global settings, but the .htaccess file provides a way to override some of those settings locally for a particular directory or site. It really merits its own article (stay tuned), but let’s look at the the friendly URLs part of the .htaccess file.

The core of this functionality is Apache’s mod_rewrite module. My snarky description is this: it lets the server lie to your address bar! Your browser window may SAY that you are visiting www.mydomain.com/modx/tutorial, but really, the page you are viewing (on a MODx site) is:
www.mydomain.com/index.php?q=modx/tutorial
Try this on your own MODx site! You should see the same page as you did when you visited the friendly URL.

Here’s what the .htaccess file is doing. The first RewriteCond is checking the file system for a file of the name you are requesting. In the example, it’d look for a file named “tutorial” in the “modx” directory. The “!-f” at the end of the line is basically saying “IF there isn’t a file of this name”… then the next line’s “!-d” says “OR there’s not a directory of this name”, THEN perform the rewrite defined by the RewriteRule.

Here you see a good example of a regular expression, and if you haven’t heard that term before, I can sum up quickly: if you’ve ever done a “search” or a “find and replace” in a document, you’ve utilized a simple type of regular expression. A regular expression searches for a pattern. The $1 is a common shorthand notation that back-references what exactly was found, in this case, it’s the argument that’s being passed to the server for the REQUEST_FILENAME, i.e. “modx/tutorial”. The contents of the $1 variable is then added onto “index.php?q=” and you end up with the REAL URL being:
www.mydomain.com/index.php?q=modx/tutorial

Tricky tricky! I skipped over a lot of details for this brief overview, but hopefully you can see some of the process here. This is how most CMS’s handle this sort of thing. The .htaccess parsing requires more overhead from Apache, but it offers a lot of flexibility in how you access your files, and for most sites, this is a very worthy tradeoff.