Plaintext
50% OF OUR PROFITS GO BACK TO FREE SOFTWARE
FR
EE
DV
D!
115 PAGES November 2014
OF LINUX PASSWORD CRACKING CYRUS ANDROID
LEARNING SECURITY EMAIL TELEVISION
Keep your data even Set up email on your Control your telly from
safer than iCloud own secure server your smartphone
BUILD
YOUR OWN
LINUX
DISTRO
Take ultimate control with
your own tailor-made
Linux operating system
32+ PAGES OF TUTORIALS
RASPBERRY PI Operating system group test
ANIMATION Create a stop-motion movie masterpiece
November 2014 £5.99 Printed in the UK
DIASPORA The social network that’s not trying to sell your soul
CAPITALISM HISTORY
INDIE TECH LINUX GAMES
The rise of the How gaming on Linux
(open) machines got to where it is today
�� WELCOME
Join us now and share the software
The November issue
Linux Voice is different.
Linux Voice is special.
Here’s why… GRAHAM MORRISON
A free software advocate
At the end of each financial and writer since the late
1
year we’ll give 50% of our 1990s, Graham is a lapsed
profits to a selection of KDE contributor and author
organisations that support free of the Meeq MIDI step
software, decided by a vote among sequencer.
our readers (that’s you).
M
any technical people have always argued that ‘The Cloud’
No later than nine months is no different to lots and lots of servers connected to lots
2
after first publication, we will of storage. This is true, but what’s becoming more evident
relicense all of our content under is that it’s not the physical infrastructure that defines what the cloud
the Creative Commons CC-BY-SA is, but its seamless ubiquity. And that’s where the real danger lies.
licence, so that old content can How many iPhone and Android users, for example, really understand
still be useful, and can live on even what it means when their images and videos are ‘backed up’ to the
after the magazine has come off cloud and what the implications may be for their security, or how
the shelves. their rights may be affected by where that data is stored?
Education is obviously crucial. But we also need an alternative
We’re a small company, so to show that the ubiquity and convenience of cloud services
3
we don’t have a board of don’t need to go hand-in-hand with a loss of privacy. The only
directors or a bunch of possible source for such an alternative that I can see is Linux SUBSCRIBE
shareholders in the City of London
to keep happy. The only people
and Free Software, and there are projects doing exactly that
(we look at two this issue; Diaspora on p40 and Indie/phone ON PAGE 62
that matter to us are the readers. on p28). Richard Stallman’s famous song may have been
written in a pre-cloud 1993, but it’s just as true today: “Join us
now and share the software; You’ll be free, hackers, you’ll be free.”
THE LINUX VOICE TEAM
Graham Morrison
Editor Graham Morrison Editor, Linux Voice
graham@linuxvoice.com
Deputy editor Andrew Gregory
What’s hot in LV#008
andrew@linuxvoice.com
Technical editor Ben Everard
ben@linuxvoice.com
Editor at large Mike Saunders
mike@linuxvoice.com
Games editor Liam Dawe
liam@linuxvoice.com
Creative director Stacey Black
stacey@linuxvoice.com
Malign puppetmaster Nick Veitch
nick@linuxvoice.com
Editorial contributors:
Chris Brown, Mark Crutch, Liam Dawe,
Juliet Kemp, John Lane, Vincent ANDREW GREGORY BEN EVERARD MIKE SAUNDERS
Mealing, Travis Mooney, Simon Just like Bruce Willis in Become the next Nick Park with Learn how easy passwords are to
Phipps, Les Pounder, Mayank Sharma, Armageddon, Linux is being nothing more than some LEGO crack, and how to best protect
Valentine Sinitsyn, Richard Smedley. launched into space to help save and a Raspberry Pi with our yours, with Ben’s fantastic guide
the entire human race p32 animation studio p78 to breaking their encryption p86
www.linuxvoice.com 3
� CONTENTS
Novemberr LV008
Season of mists and mellow apt-get dist-updates.
20 REGULARS
SUBSCRIBE News
06
ON PAGE 62 China is launching the
People’s Linux, plus reports
from Munich, XBMC & more.
08 Distrohopper
Tanglu, Elementary OS and
Build a Linux Qubes are our new favourite
distro and share it Linux distributions.
Gaming
with the world. 10
Our Downloads file runneth
over with ways to waste time
and kill things.
12 Speak your brains
What we’re doing right, what
we’re doing wrong, and a win
for Lubuntu.
16 LV on tour
Information security in Dublin
and a coder Dojo in West
28 Londonshire.
18 LinuxCon
What the organisations behind
Linux are planning to do next.
42 Interview
Red Hat’s Jan Wildeboer will
have you reaching for your tin
foil hat. Be afraid.
56 Group test
Rejuvenate your Raspbery Pi
with one of these tasty new
Indie Tech: because we don’t just operating systems.
need Free Software; we need a 62 Subscribe!
Never miss an issue, save
new business model. money and get us delivered
to your door.
64 Core Technologies
Find out from a programmer’s
point of view what’s really
going on in your filesystem.
68 Fosspicks
A huge treasure trove of free
software awaits the bold
adventurer.
110 Masterclass
Secure your website (and
32
LINUX IN SPACE 40 FAQ: DIASPORA 36
LINUX GAMING understand the theory) with
the SSL security protocol.
Find out why there Share photos, From the days before
My Linux Desktop
are 100 satellites messages and Frozen Bubble to 114
Scholar, gentleman and
running Ubuntu updates without today’s wonderland – community guy at XPrize,
currently in low orbit turning into the history of games Jono Bacon.
around the Earth. advertising fodder. on Linux.
4 www.linuxvoice.com
�TUTORIALS REVIEWS
76 78
Wacom Intuos Pro
HDR: Create awesome Raspberry Pi:
48
Release your inner Hockney
photographs Let’s get animated with this fantastically
supported graphics tablet.
Combine images to achieve Craft a movie masterpiece with
stunning visual effects. Python and the Pi.
82 86
50 Mediagoblin 0.7
A free, distributed alternative
to YouTube? That’s what
Linux 101: John The Ripper: Mediagoblin aims to be.
Back up your data Crack passwords 51 Calibre 2.0
One day you’ll wish you used … then create new ones that are Writing that novel you’ve always
encrypted backups. more secure. wanted to? Have a look at this
editor’s tool first.
90 94
52 Energenie sockets
Hook your Pi’s GPIO pins up
to the mains (safely!) with this
death avoidance device.
53 Android x86
The world’s favourite mobile OS
lands on the PC. But how does
it perform on proper hardware?
Cyrus: Build your own URWID: Create text-
email server mode interfaces
54 Books A host of learning in
Take control of your The interface of the 90s is alive paper and digital forms for our
communications. on low-bandwidth systems. eager eyes to devour.
98
XBMC: Create a 102
Code ninja: 104
Sophie Wilson
remote control Lambda functions and ARM
Take the effort out Simplicity and The chip that took
of watching TV. elegance for code. over the world.
www.linuxvoice.com 5
� ANALYSIS
NEWSANALYSIS
The Linux Voice view on what’s going on in the world of Free Software.
Opinion
The erosion of software patents
Reform is coming in the form of evolution, not revolution. Praise be for that…
Simon Phipps not to do so. US law permits much greater Previously this court struggled to
is president of the penalties if patent infringement is found to understand what it took to invalidate a
Open Source Initiative
be wilful. Many people regard looking at software patent, but in decisions delivered
and a board member
of the Open Rights patents as good a proof of wilfulness as you recently the Supreme Court’s clarifications in
Group and of Open can get. Every company I’ve ever visited has Alice vs CLS showed up several times. In a
Source for America. told its programmers to stay well clear of significant case, they helpfully clarified the
reading patents. decision making process in a case involving
prolific patent plaintiff Digitech Image
Safety in numbers Technologies. The case related to a core
While corporations can usually find a way to part of digital imaging – colour profiles.
I
’ve long been a critic of patents on defend themselves – in the extreme via It had appealed a finding by the District
software, even if the boundary between patent licensing – open source communities Court for the Central District of California
them and other patents is hazy. Patents would probably not be able to do so. There’s that the patents it was using to attack a
may work in other industries, where the cost often no legal entity to protect open source veritable Who’s-Who of the digital imaging
of innovation is so high that a temporary, programmers. When there is an entity, it’s market were invalid. Legal scholar Mark
state-sanctioned monopoly provides just likely to be a non-profit with few resources. Lemley led a team representing camera
enough time to gain a return on the Anything that stands in the way of software manufacturers including Mamiya, Leica,
investment. That’s the big justification of patents is good news for open source. Pentax and Hasselblad, computer makers
patents in pharmaceuticals, for example. Given that the market for technology is such as Toshiba and Asus and major US
But that investment–return ratio has a global, like the internet, what happens in the retailers B&H, Newegg and Buy.Com.
completely different value for software. It USA is very significant in setting trends for The most important use of the Alice vs
turns out that software patents have little all of us. So it’s good to pay attention to US CLS decision came when the CAFC decided
bearing on encouraging innovation. legal decisions, even if we live in Europe against accepting “a device which…” as a
No programmer I’ve ever met refers to where we think the situation is different. way to make an abstract idea patentable:
software patents, for two reasons. First, they At last there’s some good news. Recently,
aren’t written for programmers to learn from the US Supreme Court made a landmark A change in interpretation
-- they’re written for patent lawyers to sue decision when it declared software patents This is a good sign for the software industry.
against. You’ll find software patent filings belonging to Alice Corporation to be invalid Previously, CAFC had a tendency to accept
that contain no sample code and few – the Alice Corporation vs CLS Bank the validity of such patents, but it seems the
technically-oriented descriptions. When I decision. It looks like that decision is already SCOTUS finding could reverse that tendency
worked at IBM, I asked a patent lawyer at the making a difference in reversing the tide of and in time discourage use of software
company what was needed to file a patent. I software patents. It has now showed up patents. Let’s hope they can resist the
was told “a rough idea – we can fill in the several times in the US Court of Appeals for temptation to act on their slightly curious
details for you – and then all the ways you the Federal Circuit (CAFC), most notably in a interpretation of the SCOTUS explanation of
can think of how we could tell if someone major software patent troll case but also in what it would take for a software patent to
else was using the idea.” individual cases. That’s the court that remain valid.
The second reason programmers never usually handles appeals of patent cases in This is not the major reform some of us
refer to software patents is that they’re told the USA. have hoped for – which may yet appear –
but the steady drip drip drip of the Alice vs
CLS decision on the existing mountain of
“Software patents aren’t written for programmers bad software patents looks like it will level
to learn from – they’re written for patent lawyers.” the landscape much sooner than would
otherwise have been the case.
6 www.linuxvoice.com
� ANALYSIS
Desktop Linux • Munich migration • Gnome Foundation • Firefox • XBMC = Kodi
CATCHUP Summarised: the biggest news
stories from the last month
Linus Torvalds: “I still Don’t panic: Munich Gnome Foundation
1 want the desktop” 2 isn’t switching back to 3 publishes its Annual
Although Linux’s market share Windows. Yet… Report for 2013
on the desktop has hovered around Over the last decade, Munich City You’ve got to hand it to Gnome, even if
a few percent for many years, it’s no Council has moved 15,000 PCs to you disagreed with the design choices
reason to give up. The kernel head Linux. Recently the new mayor claimed for Gnome 3. The Foundation does a
honcho has said he still wants Linux to that the transition was a mistake and great deal to bring developers together
conquer home machines, stressing that should be reverted, leading so-called with hackfests and conferences. Read
the problems come from infrastructure “news” sites on the web to say the the full report (in PDF format) at
and packaging. It should be easier for whole thing was a disaster. Not true: http://tinyurl.com/gnome2013
application developers to build binaries the Council has dismissed the mayor’s
that run across all distributions, instead remarks as “irrelevant personal
TM
of needing separate packages for every opinions”, and while alternatives will be
distro and release, Torvalds believes. considered, there’s currently no plan to
And we agree with the man. move away from Linux.
Firefox to get sponsored China to launch new OS Freshmeat (aka Freecode)
4 tiles in upcoming release 5 in September, probably 6 reborn as Freshcode
The Mozilla Foundation has based on Linux For many years, Freecode
received a lot of flak for this, but funding The government of the world’s most (formerly known as Freshmeat) was
for Firefox development doesn’t grow on populous country is still largely running the number one source for tracking free
trees. Future versions of the browser Windows XP, and has banned upgrades software releases. Unfortunately it died
will have sponsored tiles on the new tab to Windows 8. Now the Communist a few months ago, and we were stuck
page – that is, tiles from Mozilla Party has started work on its own without a replacement… until now. A
partners that “may be of interest” to OS, likely based on Linux, to move the new website at www.freshcode.club
users. As you visit more and more sites, country away from dependence on provides the spiritual successor to the
however, the sponsored tiles will Western companies. It will have its own old sites, with a very similar look and
gradually be replaced by your most app store, and eventually run on tablets feel. Currently it’s at version 0.7.0 and
visited pages, so this is generally and smartphones. We can’t help but lacking some features, but plenty of
something that will only affect brand feel that the whole NSA spying antics developers are submitting their wares
new Firefox installations. may have played a part in this… and it’s getting busier with each day.
XBMC gets new name: Kernel git repository gets
7 say hello to “Kodi” 8 two-factor authentication
It’s probably the most Previously, any developer
popular media centre software for committing code to the main Linux
Linux, but its name was getting a bit kernel tree used their SSH private
dated: the Xbox Media Centre barely key as a means of identification. This
runs on the original console, and works OK until the key is stolen – so
doesn’t have ports for the successor a new system has been put in place.
machines. It also does more than just All hackers with access to the main
playing media – it has games too. tree now have USB gizmos (YubiKeys),
So the team behind it has decided to which provides an extra level of security.
give it a shiny new name, Kodi, along For us end users, it’s another safeguard
with a new logo. Kodi 14 is undergoing against crackers masquerading as real
development as we speak, with alpha kernel developers and sneaking dodgy
releases coming thick and fast. code into the source tree.
www.linuxvoice.com 7
� DISTROHOPPER
DISTROHOPPER
Our pick of the latest releases will slake your thirst for new distros.
Elementary OS
2014’s most anticipated distro.
E
lementary is such a famous distro
that it’s hard to believe that we’re only
just testing out the beta of the third
release (named Freya). For those of you who
don’t know, Elementary is built on top of
Ubuntu with the addition of the Pantheon
desktop environment, which is known for its
focus on styling and simplicity.
Freya comes with an unusual set of
applications. For example, Midori is the
standard web browser and Geary fulfils
email duties. Some of the software is written
from scratch to fit in with the Elementary
look. For example, it has its own music
player, calendar, text editor and terminal.
Most of these use GTK 3 top bars that let you Elementary gets top marks for style, but power users may be better served elsewhere.
pack in icons and widgets where most
desktop environments place the application’s features of the software. A little too often, course, there is loads more software in the
menus. This works well for providing easy the answer is that the software doesn’t have repositories, but the further you venture from
access to the key functions, but can leave any advanced features. The default software the standard apps, the more you’re likely to
you wondering where to find the advanced all has a very consistent look and feel. Of lose this consistent feel.
Tanglu
Debian for desktops.
T
anglu is a project designed to polish available, but downloads come in flavours
up Debian to make it a little easier for for Gnome and KDE. Both of which are in
end users. This doesn’t mean adding their vanilla states without any
a few packages and making the desktop customisation. Outside of the desktop
environment a little prettier; it means locking environments, you shouldn’t expect any
the distro into a predictable release cycle, surprises. The first Alpha version of Tanglu 2
and making sure that the latest software is comes with Libre Office 4.3 as a productivity Tanglu: a Debian-based system with a fixed
always available. suite and Firefox 30 as a web browser (as release cycle and unadulterated components.
This isn’t the first time an organisation well as the native tools for the desktop
has tried to provide a tamed Debian for environment). more firmware will be included on the install
desktop users – it’s exactly how Ubuntu got It’s a new distro (the first version came out DVD. This is another sign of Tanglu’s focus
started. However, unlike Canonical’s distro, in February 2014, and version two is due in on home users rather than servers.
Tanglu is committed to working with Debian October 2014), so it’s too early to say if this Overall, there’s a lot to like about Tanglu,
and upstream sources rather than pushing approach will gain it the popularity of but we’d be tempted to wait a little while and
home-grown software and its own agenda. Ubuntu. Tanglu does have a slightly weaker see how well it’s supported before switching
Most common desktop environments are policy on non-free software than Debain, so any important machines over.
8 www.linuxvoice.com
� DISTROHOPPER
Qubes
The ultimate secure distro.
Q
ubes works on the principal of
security by isolation. It’s based on
the Xen hypervisor with a series of
virtual machines running on top of it. One
runs the desktop environment, whereas
others are AppVMs that run the applications.
By default, there are AppVMs for work,
banking, personal use and untrusted use,
though this setup could be adjusted for
other uses. The principal is that if an
attacker compromises any individual VM,
they still can’t access applications running in
the others. So, if you accidentally install
some malware in the untrusted VM, it can’t
penetrate the banking VM.
Despite applications running on different
virtual machines, they all appear on the In this screenshot the web browser is running in the Personal AppVM (in the window with the
same desktop, and the colour of the window yellow border), while Solitaire is running in Untrusted (red).
border lets you know which AppVM it’s
running in. In version 2, you can now run machines are there to handle hardware, next, an attacker has to break through the
Windows AppVMs inside Qubes in the same networking, etc. Others are there to run Linux kernel. In Linux containers, all
way you run Linux VMs. applications. However, they all run on top of applications are running in sandboxes on
You may have read all this and thought the Xen hypervisor. This means that in order top of a single Linux kernel, so again, and
that the security offered by Qubes is just the to break out of one virtual machine and get attacker has to break through the kernel.
same as running various virtual machines in into another, an attacker has to break The Linux kernel is quite secure. However,
VirtualBox or Qemu in a regular desktop through the Xen hypervisor. it’s also massive. It’s somewhere around a
Linux. This isn’t the case. Qubes is, in theory Using a more common desktop hundred times as many lines of code as the
at least, more secure because of its visualisation method, one Linux kernel is Xen hypervisor. That means that in order to
architecture. It runs the Xen Hypervisor on running on the bare metal, and then other have the same number of bugs overall, the
bare metal, then on top of this it runs various Linux (or other OS) kernels run on top of this. Linux kernel would have to have 100 times
virtual machines. Some of these virtual To break from one virtual machine to the fewer bugs per line as Xen.
Symphony A new approach to user-friendliness
Symphony is built around the Mezzo desktop environment,
which is designed to simplify the graphical user experience.
This simplification is built around the principal that
hierarchical menus are confusing, but users find it easy to
put the mouse in the corners of the screen. As a result, there
are buttons in each corner of the desktop (clockwise from
top-left: Settings, Places, Logout, Applications). Clicking on
any of these brings up a screen that’s a bit like a simplified
version of Gnome’s Dash.
There are also restrictions on how you can move windows,
supposedly to stop users moving them in such a way that
important information disappears off screen. The end result
of this is a desktop environment that feels like a cross
between Gnome Shell and Android.
It’s always good to see experiments that hope to make
computers more user-friendly, and Mezzo has some
interesting ideas. However, at this stage, it seems like it’s
only ready as a proof-of-concept for people interested in
user-interface design. It’s still quite rough around the edges,
and there isn’t any specialised software; instead, it uses
mostly GTK programs from LXDE and Gnome, so the
applications follow a completely different design philosophy. The Apps menu (from the bottom-left button) brings up a full screen selection menu.
www.linuxvoice.com 9
� GAMING ON LINUX
GAMING ON LINUX
The tastiest brain candy to relax those tired neurons
MISTY AND MELLOW
Borderlands: The Pre-sequel
Get ready to shoot ’n’ Loot!
D
o not adjust your
reading glasses – you One of the many
random guns!
did read that correctly.
A Borderlands game is really
coming to Linux and promises
to excite the many fans of the
franchise as it lights up the first
Liam Dawe is our Games Editor and
the founder of gamingonlinux.com, person shooter genre on Linux.
the home of Tux gaming on the web. Previously the CEO of
Gearbox Software (the
S
omething of a hot topic recently developer) told Linux gamers
in the world of Linux is OpenGL. to not get their hopes up about
The reason behind this is that
Borderlands 2, but a recent
seemingly out of nowhere a number
of developers have started doing big public financial document
blog posts on the poor state of the from the publisher and later frantic action that mixes first There isn’t currently any
OpenGL graphics API. confirmation thanks to IGN person shooting with random word on when it will be
For those who don’t know, OpenGL showed that Borderlands: The loot generation, and some fun available to buy, but we do
is an API that enables developers to
Pre-sequel has plans for a Linux graphics added into the mix know that it will retail for
hook into your graphics chips, and it’s
comparable to DirectX from Microsoft version. make it something that serious around the £30 mark.
platforms. OpenGL is of course an The Borderlands series is well Linux gamers are going to go http://store.steampowered.
open system where a consortium of known for the excellent and nuts over. com/app/261640/
people and companies have come
together for a common goal.
A lot of complaints about OpenGL
Cities Skylines
are based on the way it performs
across different graphics chips from
Nvidia, AMD and Intel, and quite
rightly so as they differ massively
from one vendor to the next.
We don’t need no Sim City!
C
There is also the fact that OpenGL
support across different platforms is ities Skylines has been
patchy, with Linux, Mac and Windows announced by publisher That’s an actual bridge
all supporting different versions, and Paradox Interactive and you can build...
more so in the case of Windows as it developer Colossal Order,
doesn’t come with it as standard.
promising an excellent city
AMD came out with its own API,
named Mantle, aimed at increased builder experience for Linux
performance, but the problem with gamers. Since we don’t have a
Mantle is that currently it’s pretty well game like Sim City this should
closed off, and AMD still hasn’t given help fill a rather big gap left
a clear indication of whether it will
wide open for Linux gamers. It
come to Linux or not.
The question we pose to you is can be played offline as
this: Do we need a brand new opposed to the horribly will have support modding it, services. There’s no word yet
graphics API to compete with DirectX DRM-crippled Sim City fiasco so you can expect many weird on pricing or a release date, but
and alleviate developers’ woes Cities will be full of the usual and wonderful buildings to we will be sure to update you
surrounding OpenGL? A new API with
features you would expect like download from the community. on its progress closer to the
a new name could offer a fresh start.
Let us know what you think: building roads and different Cities will also have water flow release.
http://forums.linuxvoice.com zones for buildings. One of the simulation to bring some more www.paradoxplaza.com/
best features of Cities is that it strategy in for water-based cities-skylines
10 www.linuxvoice.com
� GAMING ON LINUX
AI War: Fleet Command ALSO RELEASED…
Breaking the RTS mould wide open.
W
hat’s that? Another from Arcen in AI War really matter, as you aren’t just
Games? You read that right fighting in one battleground, but across
folks: AI War: Fleet Command many. You can, for example, bring a
is another excellent game from the back couple of hundred spaceships from one
catalogue of developer Arcen Games, and system to another, so your early game can
it brings some real time strategy to the matter just as much as the late game.
table this time around. It has become quite the favourite here
AI War: Fleet Command is a very different due to its massive amount of gameplay. Football Manager 2015
kind of real time strategy and it seems to You can grab it from Steam for £6.99. Big news sports fans! Football Manager is the
be inspired by some of the classics of the http://store.steampowered.com/ highly popular simulation game that first
genre with certain features. The choices app/40400 arrived on Linux last year, and now we will be
graced with another!
Probably not one to pick if you don’t like
AI War: Fleet Command football, though it must have quite a few fans
has a staggering six on Linux for the developer and publisher to
expansion packs. bring FM15 for us too.
www.footballmanager.com
Sanctum 2 Darksiders 2
A blend of FPS & Tower Defence. From War to Death
Dungeons 2
Do you feel like doing a bit of digging? Do
you dream of being an evil overlord? If those
boxes are ticked then you’ll love Dungeons 2!
Kalypso Media is starting to push out more
Linux game announcements and Dungeons 2
is among them!
It promises a very Dungeon Keeper-like
experience for Linux gamers, and that’s not a
bad thing.
www.dungeons-game.com/en/index.php
Ryan “Icculus” Gordon, formerly of Loki Hot on the heels of last issue’s
Software, sure is a busy man – and his announcement that Darksiders will come
most recent work is a new Linux port of to Linux, Darksiders 2 is also planned for
Sanctum 2! Sanctum 2 is a hybrid of the Linux to complete the series!
tower defence game genre combined with We haven’t even seen the release of the
first person shooting, and it’s really rather first instalment of the series yet, but the
good. It’s the sequel to the world’s first developer has enough confidence in Linux
tower defence/FPS hybrid game which to announce that the second is on its way.
sadly we don’t have on Linux, but a sequel This crazy hack and slash RPG will Unvanquished
is the next best thing. have you embark on a quest to restore Unvanquished continues to push for a beautiful
You don’t have to go it alone either, as mankind even though your name is Death. and fun open source first person shooter with
the game offers up to four players to play An odd name for a hero don’t you think? the latest alpha release. The new release has
new building models, optimisations, weapon
together in co-op mode. There’s even an As if being one of the legendary Four
inertia to be more realistic and much more!
in-game visual novel to keep you busy too. Horsemen and having a brother named It is not without bugs as it’s still early days,
You can grab it for £10.99 from Steam War wasn’t odd enough. It usually retails so you have been warned, and it’s free under
right now and join the fun. for around £24.99 on Steam. the GPL v3 licence.
http://store.steampowered.com/ http://store.steampowered.com/ www.unvanquished.net
app/210770/ app/50650
www.linuxvoice.com 11
� MAIL
YOUR LETTERS
Got something to say? An idea for a new magazine feature?
Or a great discovery? Email us: letters@linuxvoice.com
LINUX VOICE STAR LETTER
WE’RE DOING SOMETHING RIGHT
I have been an Ubuntu Two’s KDE article came to
user since 2009, but earlier the rescue. KDE is very user
this year when I heard that friendly and I enjoy it, but I
UbuntuOne was dropped I have sited the system tray
decided to change distros as vertically on the left-hand
nothing was keeping me loyal edge.
to Ubuntu anymore. What I am continually dipping
distro? Well in Issue One of in to Linux Voice and I am
Linux Voice I found your Arch glad I backed it last winter
tutorial; it took a full weekend for six months. I have found
of tinkering, but I have not the articles on subjects such Arch Linux is one of our favourites for its blend of speed and features.
looked back since. I wanted as Vim and sockets both
to try the mystical world of useful and informative. My to our ears Dom, thanks for It sounds like you’ve made
UEFI rather than BIOS and so six months is now complete, writing. You weren’t the only the right choice in Arch Linux.
your tutorial in Issue Two was but I have resubscribed for a one taken by surprise when Once you’re over the hump of
required reading. further year (make sure you Ubuntu dropped its Ubuntu installing it it’s fast, it lends
Ubuntu had been using put your subscription number One cloud service – we didn’t itself to being customised,
Gnome when I started using it, on the order!). Keep up the see it coming either, but and it forces you to learn more
but it subsequently switched great work and I look forward Canonical has many fish to fry about Linux. Plus, it won
to Unity, which I grew to to more outstanding articles. and many pies in which to dip the Best Linux Distro 2014
know and love. I thought this Dom Walden fingers, so there’s bound to be accolade in last issue’s epic
would be the hardest thing something else in the pipeline distro battle. Congratulations
to part with, but again Issue Andrew says: That’s music from them soon. on being ahead of the curve!
YOU’VE GOT MAIL
I love the magazine and what it now have a replacement disk and question and one we hope to
stands for, and also quite timely a replacement spare on the way. be able to answer more fully as
as I read the article about SMART My question is : how can I get we expand upon our mailserver
disks health checking, having mdadm (and SMART and other tutorial series starting this issue
literally just logged out of my raid5 tools) to mail me somewhere more (p90). However, after a little
NAS and seen the ominous ‘You useful than /var/mail/root? research it appears that the default
have mail’ message. Here’s what system I’m using: email account for mdadm can be
I checked /mail/var/root and Ubuntu 12.04.5 LTS (GNU/Linux changed by editing or adding the
found a bunch of mails which 3.2.0-67-generic x86_64); mdadm MAILADDR field in /etc/mdadm.
made it apparent that mdadm - v3.2.5 - 18th May 2012; Heirloom conf. Other services are likely
had been mailing me for the last mailx version 12.5 6/20/10. to have a similar option in their
two months trying to tell me that Thanks! configuration files, or you make
I had a drive failure. Luckily I had John, London want to look into filtering your root
a spare in place which seems to email automatically, depending on
have silently taken its place, and I Graham says: This is a good the sender, for example.
12 www.linuxvoice.com
� MAIL
THE DVD SOMEBODY’S
Just a quick note to say that I
WATCHING ME
appreciate your policy of only The iCloud leak got me thinking.
including a DVD when there’s For years I’ve had a vague mistrust
something worth having on it. of the cloud; giving your data for
Broadband is getting better, so someone else to look after feels
even out here in the sticks I get like asking for trouble. I don’t think
decent connectivity. It’s still not the internet would be interested
blazing fast, but unless you’re in my private photographs, but if
downloading a 4GB ISO image anyone did want to splash them
every couple of hours, how fast do over the web, they’d have to break
you really need your internet to be into my house, find my external
anyway? I’ve got plenty of books to hard drive (good luck to them – it
read, a river to fish and countryside the appeal somewhat. was in the cupboard under the
to explore, so Netflix doesn’t David Kelly, Australia stairs the last time I saw it) and
Those unlucky enough
appeal too much to me. A distro physically take it away. At least
not to have riparian
takes about an hour to download, Mike says: The plan with the DVDs pleasures can instead with an open source cloud solution
which I find perfectly acceptable is to only have them when there’s spend time playing with you know what security processes
for a task I only perform about something really special. Readers Manjaro Linux. are in place – with iCloud it seems
once or twice a year. And they do – let us know if we’ve got the right like the hackers were able to keep
tend to get a little bashed on their idea. Do you get a lot of use from guessing passwords multiple
way to the colonies, which lessens the DVD? times. I can’t see an open system
being so lax with its security. The
moral here then, is to trust no-one
with your data, but if you do have
MONEY to trust someone, trust Free and
Thanks for sponsoring OggCamp Graham says: Aw, shucks. We Open source software.
– I note with interest that ‘other’ want to get involved with events Rob Smith, Guildford
publications don’t seem to be like OggCamp (and PiWars, and
offering the same level of support SpanConf) because we want Free Andrew says: Well, quite. When you
to this fantastic event (I plan to go, Software to win, and because hand over data to a company they
though I haven’t booked my ticket we’d be there anyway having a will spend only as much effort on
yet) despite having been around nice time. It’s as simple as that. security as they think is worth it
for longer and having the benefit It’s nice to get good karma, but it’s – and if they can plausibly blame
of a big parent company to fund more important to us that as many someone else for a leak, they will.
community involvement. people as possible get to see the Accountability is key – that and a
Laura, Workington huge benefits that Linux can bring. decent password.
www.linuxvoice.com 13
� MAIL
TWO POINTS FOR A CONVERSION
Thought I’d tell you about a to upgrade, but once he gets over Ben says: Fantastic work John,
recent (small) win for Linux. My that I’m convinced hat he’s a Linux saving the planet one lump of
father in law is brilliant at fixing user for the long haul. It’s still an copper at a time. Helping out a
broken fan belts, but rubbish with old machine – the DVD drive won’t relative using Windows 8 feels
computers, so asked my advice last for ever and the battery lasts like such a massive waste of time
when choosing a new laptop, under an hour – but if it stays out when you know that Linux us so
as he wanted to try out one of of the landfill site for a year of two I easy to use. And don’t forget to
the new touchscreen ones that think I’ve done a good deed. And I’ll remind him of the money you’ve
are advertised on the television . be there when he buys a new one saved him on antivurus software
Apparently the old one had got so ready with my Ubuntu disc! the next time you’re in the pub
slow it was unusable. John, Kilmarnock with him!
Thinking I could save him a few
quid (and myself a few hours of
unpaid tech support explaining
how to use Windows 8 – no
thanks!) I asked to see the old one,
backed up the hard drive, then
installed Lubuntu.
Result: massive success,
brownie points and £400 saved.
He can email, browse the web,
open spreadsheets to do his
accounts, and he’s perfectly happy.
He’s even started to explore the
joys of apt-get. He’s still baffled
by the concept of Free Software.
He’s always looking for the catch,
or expecting an advert to start Lubuntu is perfect for resurrecting old machines, as it’s light, user-friendly and
flashing and prompt him to pay has all of Ubuntu/Debian’s software repositories to plunder.
14
� MAIL
GNU’S NOT LINUX Gnu stands for Gnu’s
Not Unix, which is both
Are you aware that when you talk entirely accurate and
about Linux on the desktop, or give uninformative.
advice on the best Linux distro for
a certain use case, or even in the
naming of your magazine ‘Linux
Voice’, you’re doing the GNU/Linux
community a great disservice?
Yes, that’s right: I wrote GNU/
Linux, not just Linux. You may not
know or care, but the Linux kernel
is only a tiny part of the average
user’s system. The tools that make
Debian GNU/Linux or Red Hat
GNU/Linux possible were created
long before the Linux kernel was
even thought of. You could replace giving proper credit to the people a system that used one of its tools
Linux with another kernel and the who made it happen is wildly impractical. If it were
end user wouldn’t notice anything David Walker, London carried to its logical conclusion,
different – the same can’t be said we’d have to say something like
about the GNU tools. Andrew says: Thanks for writing GNU/X/Apache/MySQL/KDE/
The GNU project is developing David. I think there are two issues Linux. This would be silly.
its own kernel to do just this, here that have been conflated The idea that we’re not
and offer a technically superior – the GNU/Linux name and the promoting Free Software because
alternative to Linux. There is promotion of Free Software. we don’t use an approved
already a Debian GNU/HURD First, the name: GNU/Linux Voice nomenclature doesn’t really stand
distribution, which has nothing to is longer than ‘Linux Voice’, so if up either. Every month we produce
do with Linux, and yet you ignore it. we printed it on the masthead it a huge amount of content aimed
With the GNU project, the Free would have to go smaller. It looks at helping users get more out of
Software Foundation and his silly – English orthography is a Free Software (and sometimes
tireless advocacy work Richard mess, but it has not yet reached Open Source too – we prefer Free,
Stallman has done more for Free the point where a forward slash in but if Open gets the job done,
Software (NB – not ‘open source’) the middle of a word is readable. there’s nothing wrong with it).
than Linux, yes his efforts go The Hurd kernel is so far away We agree with the FSF’s aims.
unappreciated by the wider public. from being usable that there is We want to see a world where
I’d expect that from the BBC (the no ambiguity then we talk about no money is wasted on software
Biased Broadcasting Corporation), Linux distros, because there is no licence fees; where innovation
but as purported experts you workable alternative kernel. So, is open and fluid; and where
should really be doing a better job it’s clumsy, it’s harder to say, and everyone has the freedom to use
of spreading the truth about Free imparts no information. their computer as they see fit.
Software and the ethical points The logic that GNU has to be We’re just working towards it from
that it entails – and that includes given credit every time we mention a different angle.
CALLING ALL LINUX USERS
There may be lots of Linux users in even have an agenda, just an
West Lancashire and nearby areas invite to come along and chat. If
who would welcome a regular you’re interested, just email me at
meet-up with fellow-enthusiasts. mauricegeorge71 AT gmail.com
And there must be many people Maurice George
who would simply like to know a
bit more about Linux. Graham says: Simple, direct, to the
I’m suggesting that we could point – we like your style, Maurice!
easily arrange a monthly date in This is how to start a LUG. It
a local pub in Ormskirk, without doesn’t have to be anything fancy,
the formality of calling ourselves and the most important thing you Most Linux User Groups in Britain (such as Bristol and Bath LUG)
a Linux Users’ Group. We needn’t can bring is an open mind. meet in one of our lovely public houses.
www.linuxvoice.com 15
� LUGS ON TOUR
LUGS ON TOUR
ISACA: Government, risk and compliance
Neil Curran president of the ISACA Ireland chapter, writes:
C
roke Park will play host conference, which will build upon
to an impressive line the success of previous years’
up of thought leaders events as we aim to provide value
and practitioners in the fields to our members and our fellow
of governance risk compliance industry professionals.
(GRC), information systems audit, After receiving an overwhelming
assurance, privacy and cyber response to our call for papers,
security from Ireland and across we have produced a fantastic
the globe. programme from speakers all
Keynote speeches will be given over the world covering risk, GRC
by renowned cyber security expert and the new COSO framework,
and CTO of Cytelligence, Professor detecting malware, harmonising
John Walker, Patrick Curry, Director privacy compliance, measuring
of MACCSA (Multinational Alliance control effectiveness, application
for Collaborative Cyber Situational security, securing the supply chain,
Awareness), the chair of ISACA insider threats and much, much
London’s Security Advisory Group, more. We are excited to bring
Amar Singh, John O’Dwyer, Deputy the Irish information systems
Data Protection Commissioner, community together for this
as well as independent computer educational and great networking If you ever get the chance to watch some hurling at Croke Park, do
security analyst and prolific blogger, event. so. It’s baffling, but brilliant.
Graham Cluley. The one-day event is open to
We are extremely pleased to ISACA members as well as non- conference will be under six themes
announce the launch of our annual members and talks given at the including: Audit Management,
Cybersecurity, Risk Management,
Privacy Management, Application
Security and Enterprise
Governance.
To find out more and to register
for the event, please visit the
registration page
(www.eventbrite.co.uk/e/
annual-conference-grc-20-
breaking-down-the-silos-tickets-
11611613649?aff=eorg). To
receive €50 off a non-member
registration, please use the code
GRCDublin2014.
A nonprofit, independent
membership TELL US ABOUT YOUR LUG!
association, ISACA
We want to know more about your
helps business and IT
LUG or hackspace, so please write
leaders maximise value to us at lugs@linuxvoice.com and
and manage risk related we might send one of our roving
to information and reporters to your next LUG meeting
technology.
16 www.linuxvoice.com
� LUGS NEWS
Coder Dojo Ham
Andrés Muñiz Piniella, writes:
Y
ou will have probably heard A parent or carer must
about Coder Dojo: https:// accompany their child/children
zen.coderdojo.com. well, throughout the session and take
there is a new one starting in Ham, responsibility for them and for
Richmond Upon Thames: their belongings while on Ham &
http://www.coderdojoham.org/ Petersham Youth Centre premises.
This is the local CoderDojo Being cool means no bullying, lying
for kids aged 8 to 14 in Ham, or wasting people’s time. Please
Richmond, North Kingston and show respect for the Centre’s
surrounding areas. We aim to run equipment and building; and have
our Dojo at least monthly from consideration for others at all times.
September 2014, so join our mailing If you’re interested in becoming
list by emailing hamrichmond.uk@ a mentor, get in contact with
coderdojo.com and follow us on the team to join the mailing list:
Twitter @CoderDojoHam. hamrichmond.uk@coderdojo.
The sessions are free but com. If you want to do one-to-one
numbers are limited so reserve sessions with children you will
places to avoid disappointment! probably need to have Disclosure
Our inaugural session was on 20 and Barring Service (DBS) checks
September. Bring a laptop if you (previously known as CRB checks)
have one. If not, there are Windows but you shouldn’t let that stop you if
PCs available – please make sure you don’t have this: there are other
you select the correct ticket type. things you can help with – such as Coder Dojo Ham grew out of the Kings of Hack hacker group in
Be cool! lending us your Arduino! Kingston Upon Thames.
LISTEN TO THE PODCAST
WWW.LINUXVOICE.COM
www.linuxvoice.com 17
� SHOW REPORT LINUXCON AND CLOUDOPEN
The conference, held in Chicago, was within
walking distance of three kinds of pizza, one
jazz and two blues clubs and a 120-tap beer bar.
LinuxCon and
CloudOpen
Travis Mooney stalks Linus Torvalds all the way to Chicago to
report on the Linux Foundation’s flagship conference
T
he last time I saw Linus Torvalds, we were LinuxCon (and CloudOpen) 2014 is my first
eating chilli dogs in San Jose. I was a bit Linux-focused conference since. This time, instead of
star-struck, and I’m sure he doesn’t remember eating a chilli dog near Linus, I was drinking a beer
me. It was probably 1998, but many years and glasses near Linus. Again, I was a bit star-struck, and there is
of single malt have passed since those days. We were no chance he remembers me. And again, there were
(both, separately together) at LinuxWorld, and three three interesting -- some might say recurring -- themes
interesting things came out of the show keynotes: that came out of the show keynotes:
Linus wanted a great Linux desktop. Linus wants a great Linux desktop.
Linux was looking at getting into smaller devices. Linux is moving into smaller devices.
IBM announced a major move to get Linux on IBM is making a major move to get Linux on
open-reference Power systems (Longtrail CHRP open-reference Power systems (OpenPower).
PowerPC). As one of my friends says: the more things change,
18 www.linuxvoice.com
� LINUXCON AND CLOUDOPEN SHOW REPORT
the more they stay the same. Another one says: The convention also took a
everything old is new, again. They both abuse break from being too
aphorisms terribly. But the truth is, a lot of us have serious with Superhero
Costume Day, and the
been waiting for nearly two decades for a proper Linux
Linux Trivia Quiz.
desktop (even though we thought we had it at least
twice), Linux is going into smaller devices (soon to
power all the untrendy but reliable bacteria), and IBM
really wants to sell Power systems to people who
don’t run AIX (really, they don’t care if you just keep
them as a large-ish paperweight, as long as the
cheque clears).
Unlike LinuxWorld of old, LinuxCon is a travelling To try to address the
show, and this year’s North American edition settled in gender imbalance in FOSS,
workshops were offered
Chicago, Illinois. One of the themes this year was the
both to help women
push towards standardised and accessible training improve their CVs and to
and certification. This centres around two things: a help men support women
Massive Online Open Course, ‘Introduction to Linux’, in FOSS roles.
offered through edX, an online learning destination
founded by Harvard and MIT; and a new pair of Linux
Foundation Certifications (Certified SysAdmin and of horizontal redundancy, along with OpenStack setup,
Certified Engineer), which are both available online, storage backends, and a number of cloud security
and are backed with optional training programmes. issues. Detailed sessions on the way that Google uses
Introduction to Linux, launched this Summer, has containers -- everywhere -- and container security --
already had more than 200,000 student registrations. current best practice is to run your containers on a
The Linux Foundation certifications are the first online hypervisor -- were particularly salient. Clearly, the
multi-distribution -- SUSE, Ubuntu, or CentOS -- FOSS industry is currently betting on OpenStack and
certifications available.. Docker as the big thing when it comes to virtualisation
Driving Linux into smaller devices led to discussions and deployment.
of the Internet of Things (IoT) and whether it calls for a Data storage, retention, timed deletion, and security
completely new kind of application to data ‘Fog in the cloud was another topic that ran through
Computing’, or whether it is all a marketing ploy, as we multiple sessions. Encryption as an end-user tool,
have always had a bunch of computer and other legal requirements for data retention -- and timely
‘things’ attached to the Internet, and hence there has deletion once they have been met -- as well as
always been an ‘Internet of Things’. Represented in practical ways to deal with mobile data, were all
one keynote by Cisco, and another by Intel, both sides hot topics.
came out swinging, and it is fair to say that maybe Many events were co-located with LinuxCon,
they’re both right. including the Annual Linux Kernel Summit, the Linux
Security Summit, the Xen Project Developer Summit,
Linux is everywhere! #MesosCon, the OpenDaylight Mini Summit and the
We all know that Linux is no longer a hobbyist OS, and UEFI Mini-Summit. Attendee events included the
Linux as underlying technology was the point of many First-Time Attendee meet-up, the Attendee Welcome
of the keynotes, including those by Jay Rogers of Event @ Museum of Science and Industry, and the
Local Motors, who is using 3D printing technology and LinuxCon + CloudOpen Onsite Attendee Reception &
crowd-sourced design to make next-generation cars. Booth Crawl. The convention also took a break from
Anthony Moschella of MakerBot Linux also talked being too serious with Superhero Costume Day, and
about the power of Linux as a platform and the the Linux Trivia Quiz.
creation of an iterative free open-source thingiverse For those who couldn’t make it to Chicago, there are
that will change design and manufacturing. Linux is videos of each of the keynotes, and many of the
now the platform that powers automobiles, 3D session slide shows, available at the LinuxCon
printers, mobile phones and servers. website (http://events.linuxfoundation.org/events/
Contrary to what you might think, the star of linuxcon-north-america). The next LinuxCon event is
LinuxCon wasn’t Linus Torvalds. It was 13 year-old LinuxCon Europe in Düsseldorf, Germany, 13–15
Zachary DuPont, who proclaimed Linus his hero in a October (http://events.linuxfoundation.org/events/
6th-grade class assignment. Since Linus (wisely) linuxcon-europe). LinuxCon Europe will also include
doesn’t disclose his home address, Zachary sent the CloudOpen, the Embedded Linux Conference Europe,
letter to the Linux Foundation, which arranged for the and the KVM Forum.
two to meet at LinuxCon.
CloudOpen sessions included a strong series of Travis ‘TT’ Mooney is COO of Talia Limited, a telecoms and
presentations on the various ways that Docker is technology company specialising in bringing FOSS solutions
and cloud services to the developing world.
being used to push the ‘cattle instead of pets’ method
www.linuxvoice.com 19
� FEATURE BUILD YOUR OWN DISTRO
BUILD
YOUR OWN
LINUX
DISTRO
Do you have a favourite distro that you’ve spent hours customising?
Mayank Sharma shows you how you can spin it into a live distro
that you can pass to friends, family, or even on to DistroWatch!
T
here are hundreds of actively maintained Besides satisfying your personal itch, there are
Linux distributions. They come in all shapes, several other uses for a custom distro. You can spin
sizes and configurations. Yet there’s none like one with apps that you use in school and pass it
the one you’re currently running on your computer. around to everyone in class, stuffed with class notes
That’s because you’ve and other study aids.
probably customised
it to the hilt – you’ve “Wouldn’t it be great if you could You can do something
similar within a
spent numerous convert your perfectly set up professional
hours adding and
removing apps and system into a live Linux distro?” organisation as well
that uses a defined set
tweaking aspects of of apps.
the distro to suit your workflow. There are various tools for creating a custom
Wouldn’t it be great if you could convert your distro. We’ll start with the ones that are simple to use
perfectly set up system into a live distro? You could but offer limited customisation options and move on
carry it with you on a flash drive or even install it on to more complex ones that enable you to customise
other computers you use. every aspect of your distro.
20 www.linuxvoice.com
� BUILD YOUR OWN DISTRO FEATURE
Quickly create your own Ubuntu
Perfect for mumbuntu and dadbuntu too.
Difficulty: Easy
Level of Customisation: Basic
O
ver the years there have been many
tools that help you create a
customised version of Ubuntu,
which is one reason why there are so many
Ubuntu respins out there. While most have
fallen through the cracks, the Ubuntu
Customisation Kit (UCK) lives on.
You can install UCK on top of Ubuntu or a
derivative distro such as Linux Mint. The tool
is in the official repositories and you can
install it from the package manager.
Additionally, you’ll also need the ISO image
of the Ubuntu flavour you wish to customise. UCK lets you customise your distro to the hilt if you know your way around the Ubuntu filesystem.
To simplify the build process, make sure you
use the ISO image of the Ubuntu flavour image that you can burn onto a CD or copy picture-uri parameter to point to the image
which includes the desktop you want in your to a USB. Once it’s run through these steps, you wish to use as the background, such as:
customised distro. For example, if you wish UCK will unpack the ISO and then download picture-uri=’file:///usr/share/backgrounds/Partitura_
to include a localised Gnome desktop in your the selected language packs. You’ll then get by_Vincijun.jpg’ /
custom distro, use the Ubuntu Gnome spin the option to manually customise the distro, Similarly, you can change the theme and
instead of the default Ubuntu image. If if you selected this option earlier. The Run icons by editing the respective parameters in
you’re on a 32-bit machine, you’ll need the Console Application option will launch a this file. For example, if you wish to change
i386 image and not the x86-64 one. terminal window and drop you to the root the Ambiance theme to Radiance and use
However, users of 64-bit OSes can also shell of the mounted image. the HighContrast icon set, make sure the file
customise a 32-bit image. reads as below:
When you launch UCK, the app will take Advanced configurations [org.gnome.desktop.interface]
you through a wizard after displaying a From this window you can use the apt-get gtk-theme=”Radiance”
welcome message with information about package manager to remove default icone-theme=”HighContrast”
its space requirements. In the first couple of packages and add new ones. For example, ...
steps you’ll be asked to select the language you can use apt-get install ubuntu- [org.gnome.desktop.wm.preferences]
packs that you want in your distro along restricted-extras to install plugins to handle theme=”Ambiance”
with the boot language. (Make sure the multimedia in various formats. If you’re Once you’ve edited this file, make sure you
Ubuntu flavour you’re customising supports creating a distro for low-end machines you compile the modified schemas with
the languages you are building in.) can uninstall LibreOffice with glib-compile-schemas /usr/share/glib-2.0/schemas
After you’ve selected a default language apt-get remove --purge libreoffice* / You can also copy files into the live CD
for the distro from the languages you’re and replace it with AbiWord using you are customising. To do this, launch
building in, you’ll need to select the desktop apt-get install abiword another terminal and cd to ~/tmp/remaster-
environment for your distro. UCK will If you want to put application shortcuts on root/, which is the root of the customised
download the localised strings for the the desktop, first create the Desktop live CD. You can copy files into their
desktop in your distro based on the option directory under your custom distro with appropriate folders under the remaster-root
you select on this screen. You’ll then be mkdir -p /etc/skel/Desktop and UCK will include them in the live CD. For
asked to point to the ISO image of the You can now copy the application example, you can copy custom shortcuts
Ubuntu distro you wish to customise. shortcuts for any installed apps, such as and folders to Desktop with
UCK will then prompt you for a name for cp /usr/share/applications/firefox.desktop /etc/skel/ sudo cp -r ~/Documents/README.txt ~/remaster-
your distro before asking if you wish to Desktop root/etc/skel/Desktop
manually customise the distro. If you choose and make them executable with Once you’re done, close the chroot
to do so, UCK will launch a terminal window chmod +x firefox.desktop terminal window and select the Continue
chrooted into the build environment. In the If you want to change the default Building option in the UCK wizard. The tool
final stages of the wizard UCK gives you the wallpaper, open the /usr/share/glib-2.0/ will now build your new localised Ubuntu
option to delete all Windows-related files schemas/10_ubuntu-settings.gschema. distro and point you to the freshly baked
from your distro and generate a hybrid ISO override file in a text editor and change the customised ISO image.
www.linuxvoice.com 21
� FEATURE BUILD YOUR OWN DISTRO
Point-and-click distros
Use SUSE Studio to assemble a distro using the web browser.
Difficulty: Straightforward
Level of Customisation: Moderate
S
USE Studio is perhaps the easiest tool
for creating custom distros. The app
is graphical and works inside a web
browser. It needs only a web browser and an
internet connection, and while it creates
OpenSUSE-based images you can operate
SUSE Studio from any distro. With SUSE
Studio you can create full-fledged desktop
distros, minimal dedicated servers, and
targeted virtual appliances. You can use the
web interface to add users, customise the
list of apps and even add files and
customise the artwork. You can test your images in SUSE Studio’s web-based TestDrive before downloading them.
Point your web browser to the SUSE
Studio website at www.susestudio.com and Click on the Create Appliance button to build option. This brings up a page that’s similar
create an account. Alternatively, you can the base image, on which you can build your to the one for adding software. Once the
sign into the service using any OpenID customised Linux distro. repositories have been added, SUSE Studio
provider, such as Google, Yahoo, Twitter, will list them under the Software tab and
Facebook, etc. Once you’ve signed in, click Rolling start allow you to search for packages inside
on Create New Appliance on the Dashboard. You’re now at the at the main screen of your them as well.
SUSE Studio refers to the custom distros as appliance, which has a set of tabs to help
an appliance irrespective of whether it’s you customise different aspects of your Make it your own
designed for physical hardware or a virtual distro. The first tab, labelled Software, is The bulk of the configuration is handled
machine. where you choose software packages. from under the Configuration tab. This tab is
Before you can begin building your distro, Under this tab, you’ve got a list of the further divided into seven different sections
you need to select a base template from one enabled repositories and the list of software for configuring different aspects if your
of the predefined ones. The templates help that’s already installed in your distro. Both of distro. From the General section you can
infuse the custom distro with essential these are based on the template you localise the distro and select the default
packages for your distro. There are selected earlier. language and keyboard layout along with
templates for the latest and the previous To install additional software, use the Find the time zone. You can also select how you
OpenSUSE release, OpenSUSE 13.1, box on the page to look for packages in the want your distro to configure the network
OpenSUSE 12.3, as well as for the SUSE repositories. When you find what you’re (DHCP is usually a safe bet) and enable the
Linux Enterprise distro. Unless you have a looking for, just hit the corresponding +add firewall and open ports for remote access.
This is also where you add any users and
groups. The Personalise section is where
“SUSE Studio can be used by virtually anyone, you choose the custom artwork for your
regardless of their level of Linux expertise.” distro. You can either select one of the listed
ones or upload your own.
You can avoid visiting the Server tab,
licence for SLES, you’ll want to base your button to include it in your distro. SUSE which only has options to add data to either
distro on one of the OpenSUSE templates. studio will automatically check for and add a PostgreSQL or a MySQL server. Similarly, if
The Just enough OS (JeOS) template is any dependencies. If the package you’ve just you’re setting up your distro for a virtual
ideal for building a minimalistic system. added conflicts with an existing one, you’ll machine, head to the Appliance tab to
Then there’s the Server template, which get options to resolve the issue by removing configure related settings. However, most
helps you build text-only server distros. one of the two conflicting packages. If you desktop users should just head to the
Finally there are templates that help have some custom apps you can also add Desktop tab, from where you can
customise a Gnome 3 or KDE 4-based their RPMs from this page. automatically log in any added user and
desktop distro. Once you’ve selected a base In case the software you wish to add isn’t define any apps that you want to autostart.
template, scroll down the page and select in the default repositories, you can also add If you consider yourself an advanced user,
the processor architecture for the distro. additional repos with the Add Repositories you can take a look at the Scripts sections,
22 www.linuxvoice.com
� BUILD YOUR OWN DISTRO FEATURE
Other online distro builders
SUSE Studio isn’t the only web-based service for
creating Linux distros. The Debian Builder
(http://live-build-cgi.debian.net/cgi-bin/live-
build) is hosted by the Live Systems project, which
produces the tools that are used for producing
official Debian live images. The service can create
basic netboot images without the X server as well
as hybrid ISO images that boot from USB disks.
You can create a basic distro by selecting a
handful of options including the Debian branch you
want the image to be based on (Wheezy, Jessie,
Sid) and the predefined group of packages (Gnome
Desktop, KDE Desktop, Mate Desktop, Rescue, etc).
Advanced users can also tweak additional
advanced options. You get options to choose the
architecture of the build, the filesystem of the
chroot environment, the bootloader, whether it
should include the Debian installer, and a lot more.
The service will email you once your customised
Debian Live system is ready to be downloaded.
Then there’s the Porteus Wizard (http://
build.porteus.org). Porteus is a small portable
distro that’s based on Slackware. Using its Go to http://live.debian.net/manual/stable/html/live-manual.en.html for more information.
straightforward but feature-rich web interface you
can build a customised version of Porteus with your browsers (Firefox, Chrome, Opera), word processors can also customise advanced boot parameters such
choice of desktop environment (KDE4, Mate, LXDE, (LibreOffice, AbiWord), VoIP client (Skype), graphics as setting a custom size for a tmpfs partition and
Xfce) and a host of popular software including web drivers for Nvidia and AMD Radeon, and more. You enabling the zram kernel module.
from where you can run custom scripts. Now that you’ve customised your distro only take a few minutes. If you’ve selected
This section lets you define scripts that run it’s time to ask SUSE Studio to convert it into additional formats as well, click on the Build
at the end of the build as well as those that a usable distro. Head to the Build tab, which Additional button to get images in the other
run every time you boot the custom distro. lists options to transform the distro into formats. SUSE Studio also assigns a version
Once you’re done with the sections under various formats. You can, for example, number to your distro. Every time you
the Configuration tab, move on to the Files create a Live ISO image of your distro meant modify the distro, it will increment the
section to add either single files or an for optical drives as well as live images for version number and automatically generate
archive of files to the custom distro. All files USB and images for virtually every a changelog that’ll list all the changes since
are added to the / directory. However, once virtualisation software available, including the last version.
they have been uploaded you can select the KVM, VirtualBox, VMware, Xen and more. In
files and move them into other locations. order to create a traditional installation Take it for a spin
For example, if you wish to include a file on image, select the Preload ISO (.iso) option. After the image has been built, you can test
the Desktop it should be placed under /etc/ When you’ve select the format, hit the it from within your browser with the
skel/Desktop. Build button to create your distro, which will Testdrive option. Once you’re satisfied, use
the Download option to grab the image of
Create a customised Ubuntu install image your custom distro. You can also share your
distro with other SUSE Studio users by
If you want to roll out Ubuntu on a bunch of heading to the Share tab, where you get
identical machines with similar configurations textboxes to describe your distro. Once you
and the same software, like in a lab or office, have the image you can use it as you would
you can save yourself some time by creating
any other distro image.
automated installer images. The
www.instalinux.com service is an online service SUSE Studio has a very low threshold of
like SUSE Studio, but instead of full-fledged entry and can be used by virtually anyone
OpenSUSE-based distros, it churns out small regardless of their level of Linux expertise.
ISOs that are designed to prepare ready-to- Most of the time-consuming and heavy-duty
use Linux machines by automatically fetching
tasks, like fetching packages and
packages and installing them.
The web service is powered by the assembling the distro, happen at the remote
SystemDesigner CGI scripts from the Linux In addition to software bundles, Instalinux can SUSE servers. You can also test the images
Common Operating Environment project (http:// also install individual applications. remotely and only grab them once you’re
linuxcoe.sourceforge.net). The interface takes satisfied with your creation. The system also
you through the steps involved in installing a selection and the disk partitioning scheme. Once preserves your build system, and you can
distro, such as selecting a keyboard layout, you’ve answered the questions, it creates a preseed
timezone, password for the root user, package installer and puts it on a small (about 30MB) CD.
tweak it and make changes without much
fuss. It’s a great place to start.
www.linuxvoice.com 23
� FEATURE BUILD YOUR OWN DISTRO
Wear a different hat
Create distros based on Fedora Linux.
Difficulty: High
Level of Customisation: Moderate
I
f you live in RPM-land and are more
adept with Fedora, you can put together
a customised distro using its livecd-
creator tool. This is a set of scripts that are
available in the official Fedora repositories.
Unlike UCK, livecd-creator works solely on the
command line, and instead of an ISO image
of a Fedora release, you can grab all the
packages you need in your custom Fedora
distro from the internet.
The scripts use the powerful Kickstart
files to set up your customised Fedora-
based distro. If you haven’t heard of them New users will be well advised to use the graphical Kickstart Configuration tool (found in the system
before, a Kickstart file is a simple text file tools) for selecting software for their custom Fedora-based distro.
containing a list of actions such as package
names. The livecd-creator tool compiles your specifying its name and location with the The $LIVE_ROOT is a variable that points
distro as per the instructions in this file. %include paramete, such as to the live environment. You can similarly
To help you get started, you can download %include /usr/share/spin-kickfedora-live-base.ks copy any file from the host system to the live
the Kickstart files for several Fedora spins environment, for example:
by grabbing the spin-kickstarts package Post installation cp -r /home/bodhi/Music $LIVE_ROOT/
from the repositories. Once this is installed, If you need to run commands after the live The one important line you’ll have to add
you’ll have a bunch of Kickstart files under environment is up and running, such as for manually to the Kickstart file if you use the
the /usr/share/spin-kickstarts directory. configuring the network, you need to specify graphical tool is the repository definition.
You can customise any of these Kickstart them under the %post section. So if you This line points to the list of mirrors for the
files by editing them in any text editor. wish to automatically launch Firefox you can Fedora repository (along with the version
and architecture information) from where
the tool will pull in packages. So if you wish
“Unlike Ubuntu Customisation Kit, Fedora’s to grab packages from Fedora 21’s
livecd-creator works solely on the command line.” repository for the 64-bit architecture, enter
repo --name=fedora --mirrorlist=http://mirrors.
fedoraproject.org/mirrorlist?repo=fedora-
Although they are fairly straightforward and place a shortcut to the app in the ~/.config/ 21&arch=x86_64
well documented, you can browse the autostart folder, and your %post section Once your Kickstart file is all set up you
Fedora wiki (http://fedoraproject.org/wiki/ should have the following lines: can feed it to the livecd-creator tool for
Anaconda/Kickstart) to get a hang of the %post creating the custom distro. Assuming it’s
various options. # autolaunch Firefox saved as ~/custom-kickstarts/Custom-
You’ll also save yourself some time by mkdir -p /etc/skel/.config/autostart Fedora.ks, you can create your custom
grabbing the Kickstart Configurator tool with cp /usr/share/applications/firefox.desktop /etc/skel/. distro with the command:
yum install system-config-kickstart config/autostart/ sudo livecd-creator
This tool has an easy-to-navigate graphical %end --config=/home/bodhi/custom-kickstarts/
interface for creating a Kickstart file. Make sure that the %packages and %post Custom-Fedora.ks
sections are closed with %end. If you wish to --fslabel=FedoraUltimate
Kick the tires run any commands outside the build --cache=/var/cache/live
You can specify the packages you want environment, such as to copy files from the --verbose
inside your custom distro by listing them host distro to the custom distro, you can add The --fslabel switch specifies the name for
under the %packages section. Here, in the --nochroot parameter to %post like so: your custom distro. When the tool has run
addition to individual packages, you can also %post --nochroot through all the instructions in the Kickstart
specify groups of packages such as #copy resolv.conf from host to the custom distro file, it’ll assemble the ISO image for your
gnome-desktop. You can also pull in cp /etc/resolv.conf $LIVE_ROOT/etc/ distro and place it in your home directory
packages from another Kickstart file by %end ready for you to dd it to a USB stick.
24 www.linuxvoice.com
� BUILD YOUR OWN DISTRO FEATURE
Bake your own pie
Create your own Raspberry Pi distro.
Difficulty: Average
Level of Customisation: High
T
he New Out Of the Box Software, or
NOOBS is the Raspberry Pi’s official
installer. It has simplified and
standardised the procedure for installing a
distro on the Raspberry Pi. While the main
purpose of NOOBS is to simplify the
installation of an operating system on to the
Pi, the tool can also be used to create a
custom distro.
To get started, grab the NOOBS installer
from the website and install any of the
supported distributions that you want to
customise. We’d advise you to use the
Raspbian distribution, which is also
recommended by the NOOBS installer.
After you’ve installed Raspbian, boot the
distro and make whatever changes you
want. You can change the default wallpaper
and also switch themes by running the
obconf command from the command line,
We made a custom version of Raspbian for LV006’s cover DVD – with NOOBS, you can too.
and you can install additional themes with:
sudo apt-get install openbox-themes
You can also install and remove apps sudo tar -cvpf root.tar /* --exclude=proc/* with their compressed versions, namely
either directly via apt-get or by first installing --exclude=sys/* --exclude=dev/pts/* boot.tar.xz and root.tar.xz.
the graphical Synaptic package manager. This command can take up to half an Now format the SD card and extract a
You can copy over any files into this hour to complete depending on the number fresh copy of NOOBS into it. Use the file
Raspbian installation. NOOBS lets you create of changes you’ve made to Raspbian. manager to navigate to the os directory
a 512MB partition that you can use to store When it’s done, you’ll have a file called under the newly extracted files. This
files. Or, you can use the root.tar in the root directory. Similarly now directory further contains a number of
raspi-config roll up the boot files. First, move into the directories, each of which containing the
command to expand the root partition to fill boot directory with files for a supported distro including Arch,
the SD card. Also make sure you set up the cd /boot Pidora, Raspbian and others. Since our
distro to work with your network hardware and then create the archive with the custom distro is based on Raspbian, we can
straight out of the box. So for example, you tar -cvpf boot.tar remove all the other directories from under
the os folder. Rename the Raspbian folder to
the name for your custom distribution.
“The main purpose of NOOBS is to simplify the Head inside this folder and open the file
installation of an operating system.” named os.json in a text editor. In the file,
replace the text beside the name and
description fields from that of the original
can configure the wireless adapter to command. This will not take much time, and Raspbian distribution to your custom one.
connect to your Wi-Fi access point and when it’s done you’ll have a file called boot. Also, make sure you remove the file named
access network services such as the tar in the boot directory. flavours.json. You can also optionally
directory server, or change the default NOOBS requires compressed versions change the artwork of the distribution.
browser page to point to your intranet of these files. But the Raspberry Pi doesn’t Finally, remove the existing root.tar.xz and
landing page. have the resources to squeeze these files. boot.tar.xz files from under this folder and
When you’re done setting up the distro, it’s So you’ll have to move them out to a regular replace them with the ones you’ve just
time to package it into an archive. Change to desktop PC where you can compress them created. That’s it! Now boot the Pi with this
the root directory with cd / and enter the with the xz -9 -e boot.tar and xz -9 -e root. card. The NOOBS menu will now list your
following command: tar commands. This will replace the files unique, customised Linux distro.
www.linuxvoice.com 25
� FEATURE BUILD YOUR OWN DISTRO
Made-to-order distros
Build your Arch-based custom distro from the ground up.
Difficulty: Extreme
Level of Customisation: High
I
f you have the patience to hand craft a
custom distro from scratch, you should
build one on top of Arch Linux. The
distro’s approach to allow the user to craft
their installation from the ground up makes
it an ideal platform for cultivating a custom
distro without the code bloat and package
proliferation that afflicts so many other
popular distros.
You can create a custom Arch-based
distro with the command-line Archiso utility.
The utility is a collection of Bash scripts, and
although it has a steep learning curve it Arch Linux is already pretty snappy, but once you’ve mastered Archiso you can use the tool to
gives you a lot of control over the final result. create streamlined distros that can outperform all others.
Setup the build ~/archiso directory. Next, we’ll create a architecture and include them packaged in
The first thing you need before you can use directory where we’ll tweak the files for our the final ISO, which will be a dual-boot ISO
Archiso is an Arch Linux installation. If you custom distro with that’ll work on both 32-bit and 64-bit
don’t already use Arch, follow Graham’s mkdir ~/archlive machines. However, for consistency we
tutorial in LV001 and also available on the LV Make sure you have enough free disc space recommend you add the app names to the
website (www.linuxvoice.com/arch-linux) to accommodate all the apps you wish to packages.both file so that they are available
to setup a working Arch Linux system. install, along with any files you want to copy on both the architectures.
Once you’ve installed Arch on your over to the custom distro. The packages.both file already lists a
computer, the next step is to customise it to Now you need to copy over one of the two bunch of packages. You should leave them
your liking. That includes installing more Archiso profiles. The baseline profile is in there and append your own at the end of
packages, swapping out the default themes useful for creating a basic live system with the file. Use the
and artwork of your desktop environment no pre-installed packages. However, we’ll pacman -Qqe
and configuring other aspects of the use the releng profile, which lets you create command to list all the packages installed
systems such as the network. Later on, we’ll a fully customised Arch Linux with pre- on your machine, and then copy the ones
you need. You can create a barebones
system with the Mate desktop, the Simple
“Once you’ve installed Arch on your computer, the Login manager and the Firefox web browser
next step is to customise it to your liking.” by adding the following packages in the
packages.both file:
xorg-server
copy these customisations and installed apps. To use these scripts, simply xorg-xinit
configurations from the installed instance of copy them over to the ~/archlive directory, xorg-server-utils
Arch over to the custom distro we’re building. like so: xf86-video-vesa
When you’re done customising the Arch cp r /usr/share/archiso/configs/releng/ ~/archlive/ slim
installation, fire up a terminal and install the mate
dependencies for Archiso with: Add packages firefox
pacman -S make squashfs-tools libisoburn Telling Archiso which packages to put on the If you’re feeling adventurous you can copy
dosfstools patch lynx devtools git custom ISO is as simple as adding them to a all the packages installed on your machine
Now fetch the latest version of the archiso text file, one package name per line. Under over to the packages.both file with
package from its Git repository with the ~/archlive directory you’ll have three pacman -Qqe >> ~/archlive/packages.both
git clone git://projects.archlinux.org/archiso.git files: packages.i686, packages.x86_64, and
This will fetch the files inside the packages.both. You can open these files in Configure root
~/archiso directory. Move into the directory a text editor and include the names of the The airootfs directory inside ~/archlive/
and install the tool with make install. Once packages you want in your distro. Archiso acts as an overlay for what will be the /
it’s installed, you can safely remove the will read the files for the respective directory of your new distribution. Any files
26 www.linuxvoice.com
� BUILD YOUR OWN DISTRO FEATURE
you add to this directory will be added to Then copy the contents of the skel any of the other files that you’ve manually
your distro’s filesystem, so if you’re using the directory into your user’s home directory copied into the distro.
Slim login manager, copy over its with To do so, head to the ~/archlive/work
configuration file with cp -aT /etc/skel/ /home/bodhi/ directory. The i686 and x86_64 directories
cp /etc/slim.conf ~/archlive/airootfs/etc/ and set proper ownership with under the work folder house the filesystems
Similarly you should also copy the chown bodhi:users /home/bodhi -R for the corresponding architecture. You can
/etc/systemd/system/display-manager. In both these commands, replace bodhi chroot into either of them with
service file from the host machine to its with the name of your user. arch-chroot ~/archlive/work/x86_64/root-image
corresponding location under ~/archlive/ Finally, scroll down to the end of the file or
airootfs/, along with directories that house and comment out all the systemctl arch-chroot ~/archlive/work/i686/root-image
custom artwork, namely /usr/share/ commands by appending a # symbol before Once inside, you can perform any updates
backgrounds, /usr/share/icons, and /usr/ them. To boot into the graphical desktop, or changes to the system. If you wish to
share/themes. make sure the correct services are started update the apps, first update the package
If you want your custom distro to have the by adding the following: manager’s key database and package list:
same users as your host machine, copy over systemctl enable pacman-init.service choose-mirror. pacman-key --init
the relevant files with service followed by
cp /etc/{shadow,passwd,group} ~/archlive/airootfs/ systemctl set-default graphical.target pacman-key --populate
etc/ systemctl enable graphical.target . Once that’s done, you can update the system with
Before you can copy over any files that That’s it. You’re now all set to build the ISO pacman -Syu
you want within the user’s /home directory, for your custom distro. Enter the ~/archlive After you’ve made the changes, type
you need to create the skel directory with directory and run exit
mkdir ~/archlive/airootfs/etc/skel ./build.sh -v -N EduArch -V 1.0 -L EduArch_1.0 to get out of the chroot environment.
This directory represents the home directory to initiate the build process. The -v switch Remember to make the changes for both
of the user inside the system under enables the verbose mode, the -N switch the architectures. You’re now all set to
development. You can now copy files inside sets the name of the ISO image, -V sets the recreate the ISO image. However, the
the user’s home directory, such as version number and -L appends a label to build.sh script will fail to execute, as there’s
cp ~/.bashrc ~/archlive/airootfs/etc/skel/ the generated ISO image. already a work folder. To force it to generate
Similarly you can copy over any files and Note that the build process is slow and a new ISO file, open the build.sh file in a text
directories from under your home directory can take several hours depending on the editor. Scroll down to the very bottom of the
to the skel directory, including ~/.xinitrc and available resources of your computer. When file and remove the run_once parameter
~/.config. it’s done it’ll place the ISO under the from the beginning of the make_prepare
To log in automatically as your user ~/archlive/out directory. and make_iso commands, so that it reads:
instead of the default root user, open the for arch in i686 x86_64; do
~/archlive/airootfs/etc/systemd/system/ Generate updated images make_prepare
getty@tty1.service.d/autologin.conf file in You can now copy the ISO out of the build done
a text editor and modify the following line to system and share it with anyone. After a make_iso
swap the auto login user: while though, you’ll want to update the Save the file and run the script with
ExecStart=-/sbin/agetty --autologin bodhi --noclear system. Maybe the included apps have had ./build.sh -v -N EduArch -V 2.0 -L EduArch_2.0
%I 38400 linux a newer release since you last created the to generate the updated iteration of your
Replace bodhi with the name of your user. ISO image, or maybe you need to change custom distro.
Final configurations Build an embedded Linux distro
Inside root’s home folder (~/archlive/
airootfs/root) there’s a file named Linux is a popular choice in the embedded
customize-root-image.sh. Any space. However the field is saturated with
administrative task that you would normally different embedded Linux distributions. To
curb this proliferation, the Linux Foundation
do after an Arch install can be scripted into
along with industry leaders such as Intel, AMD,
this file. Remember that the instructions Freescale, Texas Instruments, Wind River and
within the file have to be written from the others have created the Yocto Project.
perspective of the new environment, which The main aim of the project is to create
is to say that / in the script represents the and make available the build environment and
tools for creating an embedded Linux distro.
root of the distro that’s being assembled.
The project supports various 32- and 64-bit Unless you are a math geek you wouldn’t know
Open the file in a text editor, find the line embedded architectures such as ARM, PPC, and that Yocto is the smallest SI prefix.
that sets /etc/localtime and change it to MIPS. Using these tools developers can build a
your timezone, eg: complete Linux system for an embedded device. bootable images. You can install it on all the popular
ln -sf /usr/share/zoneinfo/Europe/London /etc/ To aid developers the project offers the Linux distros including Fedora 20, Ubuntu 14.04,
Hob tool, which is a graphical front-end for the Debian 7.4, OpenSUSE 13.1 and CentOS 6.5.
localtime
project’s build engine called BitBake. Hob reads To get started download the build system from the
Also make sure that the shell is set to recipes and follows them by fetching packages, project’s website using git with
Bash by changing the usermod line to read building them, and incorporating the results into git clone -b daisy git://git.yoctoproject.org/poky.git
usermod -s /usr/bin/bash root
www.linuxvoice.com 27
�FEATURE INDEPENDENT TECHNOLOGY
INDEPENDENT
TECHNOLOGY
WHEN FREE AND OPEN ISN’T ENOUGH
TO PROTECT YOUR PRIVACY.
Richard Smedley reports on a new way of building the
world that should respect your privacy.
E
ven in the technology world, events have put this trust at risk and governments
can take time to filter into actions. need to help restore it.”
It’s now more than a year since While this concern for citizens’ data
Edward Snowden, a private intelligence privacy from Silicon Valley isn’t the final
contractor for the US National Security nail in the coffin of irony, it would be hard to
Agency (NSA), disclosed thousands of find any collection of companies holding
classified documents to the media more data on the activities of people than
showing the extraordinary reach of global these eight. To a greater or lesser extent it
surveillance programs run by governments is at the centre of their business. And we
- in particular the UK, USA, New Zealand, have handed it over fairly willingly, as the
Canada and Australia. price of using ‘free’ internet services.
In December an unusual co-operation Usually not thinking too deeply about the
between the largest tech companies – cumulative power moving from citizens to
Apple, Google, Microsoft, Yahoo, LinkedIn, large internet corporations. “They trust me
Facebook, Twitter and AOL, which normally — dumb f***s,” said Mark Zuckerberg of
only co-operate on technical issues – early Facebook users handing over so
produced a joint letter to governments, much information.
principally Washington, outlining a series
of principles to limit surveillance on the Unequal equity
internet. One Microsoft VP, Brad Smith, Perhaps you try to avoid behemoths like
said at the time: “People won’t use Facebook, and use social media and
technology they don’t trust. Governments services from smaller internet start-ups,
www.linuxvoice.com
� INDEPENDENT TECHNOLOGY FEATURE
particularly in the Free Software world. The problem
here is that software freedom and open data – the
place in the stack where geeks look to fix the problem
– are still no guarantee of data privacy, as Indie
Foundation founder Aral Balkan told Linux Voice: “The
problem is a societal problem. And the problem is
outside of the stack. The problem starts at the
business model.”
Idealistic young startup companies are trying to
grow quickly, and their greatest asset as they grow, is
their data. “Regardless of what kind of company you
have,” says Balkan, “if you’re taking equity investment,
if you have venture capital, then you have to have an
exit. Either that’s being bought by some other
company, or you exit to the public with an IPO. Those
are the only two possible routes if you take venture
capital, or equity.” And all of that data ends up with
those tech companies with billions in the bank, and
petabytes of data on all of us.
To successfully offer a service that respects your
privacy and data ownership, Aral Balkan set up the
Fittingly for an
Indie Foundation (which they style as ind.ie/ Tranberg to OpenStreetMap’s Tom Morris and Global
organisation that
foundation) social enterprise, proposed the Indie Head of Brand Design at Philips, Thomas Marzano, wants to pronounce an
Phone (see below), and co-authored the Indie Tech speakers included not just those concerned with independence day for
Manifesto to support the creation of organisations privacy and software freedom but there was also a the web, the Indie Tech
that are “independent, sustainable, design-led, and strong emphasis on good design. Summit was held on
diverse” (https://ind.ie/manifesto). Independent Good design and software freedom, sad to say, do 4 July.
because organisations that respect ownership of data not often coincide, which is something of a bugbear to
must reject equity investment - choosing Balkan: “With Free and Open Software… we have
“bootstrapping, non-equity-based crowdfunding, mostly terrible experiences, in the short term, and we
revenue-based investment.” And these organisations say ‘Don’t worry about that; work around that – have
will “create a new category of consumer products that the terrible experience now, because we’re protecting
are beautiful, free, social, accessible, secure, and you in the long term. We’re protecting your
distributed.” fundamental freedoms.’ We can’t do that: that’s
Sounds head-in-the-clouds idealistic? Not to the arrogant. People deserve great experiences in the here
organisations and individuals from all over Europe and and now. They also need to have the tools in order to
beyond gathered this summer in Brighton, on protect themselves long-term. So we need to design
England’s south coast, to discuss practical solutions not just for the short-term, not just for the long-term,
at the Indie Tech Summit. From Dutch MEP Marietje but both. I call this whole-term design. [This is] what
Schaake and Danish privacy campaigner Pernille Indie Tech is about: designing for the whole term.”
OpenStreetMap
It’s not easy to leave behind the proprietary silos that we rely on, with plug-
and-play Indie Tech replacements for services like Gmail not yet ready for the
mainstream. But some “free” services, like Google Maps, do have free and open
source replacements. OpenStreetMap was set up as the “Wikipedia of mapping”,
being built entirely from user-contributed data over a bare layer of public domain
mapping information.
Like Wikipedia, this makes it better in many cases than single-source,
proprietary rivals, as enthusiastic users add new streets as quickly as they
appear. Some locations – notably the Netherlands and Cameroon, for example –
are more densely mapped than others, but contribution is easy.
With Google tracking the correlation between map searches and where you go
through opt-in location services in potentially half a billion Android phones, and
FourSquare gamifying its large-scale location data collection, there are privacy
concerns with any location or mapping service from corporations. Beyond that,
though, is a more fundamental question of ownership of such important data:
Google and others decide what businesses and services to show up in searches
on their maps – decisions not open to outside governance. OpenStreetMaps
gives transparency to the process of mapping, and puts ownership and control of Many people have some sort of GPS device, and local information
the data in the hands of the commons. can easily be added to OpenStreetMap though the web interface.
www.linuxvoice.com 29
� FEATURE INDEPENDENT TECHNOLOGY
and Google: how do you compete with that? You do
the same thing. If you do not have control over
hardware, software, the services – at a minimum
– you can’t compete. That’s what we’re doing… we
don’t need a carrier, we have full control over the end
user experience. We go to the public, we say: ‘You
know what, if you believe in our vision, that’s what
we’re going to do, at the end of this year...’ that’s what
we’re going to announce at the summit. We say ‘Hey,
if you trust what we’re trying to do. If you want an
actual alternative: support us.’”
That whole experience means developing indieOS
to make it “as invisible as possible. Because when
something just works, you can simply forget about it,”
and getting Indie Cloud to integrate seamlessly, but
leave you in ownership and control of all of your data.
There have been many starts at Independent
Technology in cloud services, but this is the first to
GNU and FSF founder
Lots of us will have accessibility problems on a look at the whole user experience - and thus perhaps
Richard Stallman
addressed the faithful. The temporary basis long before old age – through the first to stand a chance at take-up beyond the
Indie Foundation shares accidents or illness. And usability goals make it easy privacy-concerned, tech community.
many of the FSF’s goals. for everyone to see, read and focus on content. The Even in that community, we all use the products of
passion to make technology for everyone explains these behemoths – because they are, as Indie’s Aral
how Indie brought such a broad range of speakers to Balkan reminded us, consumer essentials: “When we
the Summit. Lena Reinhard, a writer and community talk about Facebook, when we talk about Google…
manager involved with Hood.ie and Apache CouchDB, we’re talking about products that are essential to
was there to speak on diversity: “For the future of the modern life. If we were to take ourselves off of Google,
web, diversity is non-negotiable.” and Facebook, and Yahoo, and LinkedIn, we’d be
Diversity, Balkan told us, is “a cornerstone for what removing ourselves from modern life.”
we’re doing… if we don’t have that we can’t design the As the manifesto puts it: “We do not cut people off
right systems.” People design first and foremost for from their existing networks, we wean them off by
themselves, with designers and developers “a very making the canonical location of their data a place
small and too uniform crowd. In comparison,” that they own.” The Indie Tech Summit hosted many
Reinhard told us, “the organisations building solutions to return control of
“If we were to take ourselves off
world population is a data to the user, including decentralised cloud
highly diverse group of services like Cloudfleet and Cozycloud, and Linux-
Google et al we’d be removing people. When we want based self-hosting cloud OS, arkOS. MailPile gives you
ourselves from modern life.”
to build the future of the a webmail client and service as flexible and simple as
web, we’ll have to build Gmail, with speedy search and powerful tagging, yet
it not only for us, but for entirely Free and Open – and you can run your own
everyone. This is an act of representation. And it server anywhere you wish. It makes PGP-signed email
means: we’ll have to build it with the highly diverse easy for non-tech users on all platforms, and is getting
group of people in mind. And we have to be a diverse better with each alpha release (get to www.mailpile.is
crowd ourselves. Without diversity, it won’t be able to and try for yourself).
build the future of the web. …This is why diversity is The Indie Foundation’s own proposal for seamless
essential to good design and engineering on a very services to host your data, Indie Cloud, is – like
fundamental level.” With the next billion people to MailPile – not tied to the organisation. As the ind.ie
connect to the Web predicted to do so through mobile
devices, and to be in very different circumstances
from the first billion, this is good advice.
FOSS for all
Indeed, Balkan sees diversity and accessibility as
essential to get around one of the main problems with
Open Source: “You just learn this really hard-to-learn
thing, and then everything else is simple… it’s an
accessibility problem that we’re facing, really. It really
is. How do we make free and open accessible to
people, and that’s where design comes in.” It also Aral Balkan opens up your letters in a parody of what
involves control of the whole experience: “So, Apple Google and Facebook do with your private emails.
30 www.linuxvoice.com
� INDEPENDENT TECHNOLOGY FEATURE
site says: “You can install and run Indie Cloud on your
own machine if you want to and we will work hard to A fairer phone
make migrating your data from one machine to
another as easy as possible. All this means that we
could not become another Google even if we wanted
to (and it’s really the last thing we want to do).”
Unveiling ind.ie/phone
Putting all of these compelling services, with great
design, into a single package to give everyone a device
that respects their freedom and privacy is the
forthcoming Indie Phone, which aims to make
“freedom accessible to all”, and to empower everyone
to control their own data. “What’s an OS? Why should
you care? Our thoughts exactly,” proclaims the ind.ie/
phone website. Yes, the phone will be totally Free and
Open Source. And yes, Linux enthusiasts will be able
to get to a terminal, and write software to the
well-documented APIs. But the point is that most The Fairphone project started in 2010, to raise awareness about conflict minerals in
electronics funding wars in the Democratic Republic of Congo (DRC). In 2013, an independent
users won’t have to worry about that. The defaults will
social enterprise was set up to design and produce a smartphone which would “open up
be great. Indie has the team together and has started supply chains, solve problems and use transparency to start a debate about what’s truly fair.”
on this, despite the scale of the task. For example, instead of avoiding conflict zones like DRC, Fairphone sources conflict-free
“Working on something that hasn’t been done minerals from within the conflict zone, to ensure an income for people there. They work
before, where you are going up against not just closely with manufacturers who want to invest in employee wellbeing, and consider the whole
life-cycle of the phone.
conventional wisdom in one of the most successful
industries of our age (if you measure success by
revenue or profit — which I don’t) is definitely not a
walk in the park.” admitted Balkan. “It has its ups and bank can do to you in today’s world if you piss them
downs. As much as we’re making lots of amazing off a bit too much. Of course, that’s not stopping us
new friends and getting an increasing amount of and if we thought that way we’d probably not be doing
support from people who are fed up with the status this in the first place.”
quo, we are also pissing some people off. I like to think
we’re pissing the right people off but it just so Follow the crowd(fund)
happens that those are some powerful people. And it’s In order to get there it will need success in
scary to think what someone with lots of billions in the crowdfunding: ind.ie will be running a Thunderclap
(ind.ie/phone/thunderclap) – starting on 24 October
and ending on 8 November (birthday of the late Aaron
Swartz, coder, writer, political organiser and internet
Hacktivist), when crowdfunding starts – trying to get
people signed up for the newsletter, and pledging
support for the Thunderclap and crowdfunding. A
Thunderclap, for those who avoid social media trends,
is a crowdspeaking platform, helping amplify a
message by getting users to sign up and agree to
share a key message on Twitter, Facebook or Tumblr
– in this case, crowdfunding for the first Indie Phone.
Balkan believes they will get support because “there
isn’t a true alternative right now. And I believe that the
world deserves better than this business model that
treats people as natural resources to be mined, and to
be farmed, and to be surveilled.” Like all successful
people, Balkan is undaunted by the prospect of failure:
“We are going to be working on Indie 20 years from
now and others are going to be working on it in 40
years time. The crowdfunding is just the beginning. It’s
not about ‘Hey, fund this phone’ … it’s about ‘Hey, help
us create an organisation that can meet the
Aral Balkan: “We’re going to ask people on 8 November to challenges of our time. Oh, and you’ll get an awesome
give us the push we need to gain the momentum to make phone that’s the first example of this need breed of
a meaningful dent in the world.” technology as an amazing bonus!’”
www.linuxvoice.com 31
� FEATURE LINUX IN SPACE
PLANET LABS:
PUTTING LINUX IN SPACE
Graham Morrison reports on a pioneer at the
heart of a revolution on the final frontier.
S
pace. It’s big. And the costs associated with International Space Station switched, with the United
getting large chunks of human engineered Space Alliance being quoted as saying, “We migrated
debris accelerated to escape velocity are on a key functions from Windows to Linux because we
similar scale. The 2010-adjusted costs of the Apollo needed an operating system that was stable and
programme, between 1959 to 1973, for example, reliable” in the original article on ExtremeTech (bit.
come to approximately $109 billion dollars. And it’s ly/1bD0UWD), and it’s why Linux is such a common
astronomical costs like these that have undoubtedly component at institutions such as CERN.
helped push investment in space exploration back in
various political manifestos. Our current age of Planet Labs
austerity must surely be the final nail in the coffin for But the most recent space-bound use for which we’ve
the kind of governmental sponsorship that helped get seen Linux mentioned is as the operating system
mankind to the moon. within an unbelievably small satellite that’s (almost)
This has had a perhaps unsurprising side-effect – launched by astronauts throwing boxes out of the
the democratisation of space, whereby individuals back of the International Space Station. Yes, as it
and companies have been able to take up some of the hurtles across the planet some 330km above us. The
slack and send create their own space-bound project is being run by a private company called
projects, or help space Planet Labs. It’s still not
agencies deliver far better clear how this company is
value for their more limited “Choosing Linux isn’t about going to monetise its
money. This is something
that would have been
cost. It’s about choosing the assets or its innovation
but there’s obviously a well
unimaginable without the best solution for the job.” thought-out business case
great technological leaps for all of this. It’s still too
we’ve made over the last 50 early to tell. But with that
years. To commemorate 40 years since the Apollo 11 caveat out of the way, what we’ve seen so far from
mission in 2009, for instance, Google published the Planet Labs does genuinely get us excited because
original code for the command module and the lunar not only is Linux and open source at the heart of its
module for the Apollo Guidance Computer. It’s less technology, it’s also attempting to change the world
than 2,000 lines of assembly language. for the better.
Choosing Linux isn’t about cost. It’s about choosing The idea is simple enough to visualise; create a
the best solution for the job and not re-inventing the large ring of satellites that stay fixed in respect to the
wheel. And this is why Linux is having a profound sun while the Earth rotates beneath them. Each
effect on science and space – it’s why the satellite then takes a picture of every position on the
32 www.linuxvoice.com
� LINUX IN SPACE FEATURE
Image Gallery Imagine what might be possible with an API that allows any of us to access daily images of any location
1 2 3
4 5
1 With a resolution capable of seeing ships, how coal mine in Turkey, there’s often a demonstrable 4 This wildfire in Sabina, California, was imaged
about an API that attempts to track their progress change. just 10 minutes after being reported.
around the globe? 3 The system promises to do things like track crop 5 Or how about tracking the insane amount of
2 Even with daily images, such as this one of a yield for every single field every single day. development currently in progress in China?
(Images credit: Planet Labs. https://www.planet.com. CC-BY-SA)
Earth every 24 hours a day. It’s a procedure that Planet “Yes, absolutely,” he replied, “I don’t know if they take
Labs CEO, Will Marshall, likens to a line scanner for the equal precedents – I would say our overriding goal is
planet. The satellites then beam back those images, to help humanity with the data, but it’s great to have a
which are processed and made accessible to solid business case to help to boost that.”
everyone through an API, and the resolution is so Planet Labs is perhaps not dissimilar to Canonical
good that you can make out individual trees. With in trying to create a commercial business with an
access to data like this you can easily imagine altruistic side, and Will started to tell us how the ideas
monitoring deforestation or the shrinking ice caps, the behind Planet Labs began to take shape. He told us
crop yield for different forms of agriculture, or even the that while he’d been working at NASA, they’d been
size and scale of opencast mining output. experimenting with what they now call ‘PhoneSats’.
These were literally smartphones that they were
Eyes in the sky putting in orbit to see if they could work. And they
To get the kind of ubiquitous coverage needed to worked just fine.
complete a photo cycle every 24 hours, Planet Labs is
going to need more than 100 satellites in orbit. Money makes the satellites go round
Fortunately, it’s well on its way. With the first launch of “I worked on a couple of what NASA considered small
28 satellites from the International Space Station in satellites with 10–200 million dollars of cost, roughly.”
February 2014, it became the largest constellation of Will told us. “They’re not necessarily physically small,
earth orbiting satellites in human history, and this was but they’re small in cost because normal satellites
followed by more launches from the ISS and even the cost half a billion or billions of dollars.”
Russian Dnepr rocket. With the PhoneSat, the aim was to “break down
We spoke to one of the founders of Planet Labs psychological barriers. It’s not as hard all that. Now
(and its CEO), Will Marshall, after he gave an excellent there’s a lot of systems complexity into putting
presentation on this very subject at this year’s OSCON satellites together and working with all of the ground
in Portland. Considering the huge potential for both stations and stuff, so it’s not trivial. But nevertheless, it
business and humanitarian efforts, our first question doesn’t need to be a billion dollars.”
was whether both aspects to the image data would Like computers in the 1950s and 1960s, satellites
take equal precedents. are traditionally huge and heavy. A typical payload is
www.linuxvoice.com 33
� FEATURE LINUX IN SPACE
Labs because we realised that we wanted to explore
the humanitarian and commercial uses of taking
imagery of the earth’s surface.”
The satellites being built at Planet Labs are tiny by
comparison (only 10 x 10 x 30cm, and weighing a
mere 4kg), like ants beneath the feet of elephants,
which is perhaps why they could build them from the
garage. The main section is an elongated rectangle
containing a small telescope pointing down to a
camera at the back. What’s even better is that it’s
stuffed full of the latest technology, and amazingly, an
x86 PC running Ubuntu. Marshall says that they
chose Linux and open source because Planet Labs
wanted to be able to rapidly reconfigure its OS to do
the things it needed to do. We’re left guessing as to
whether it’s a long-term release, but the lifespan of
The International Space
6,000kg, and that kind of weight needs the entire one of these satellites is only 1–2 years, depending on
Station using its nanoracks
deployer to launch Planet fairing of a rocket to make it into orbit. Not only is that their altitude, so it might not even matter.
Labs satellites, shown here expensive, it adds many different layers of complexity But what’s just as impressive is that alongside its
from 11 February 2014 and organisation, which is why you find countries x86 Linux PC, Planet Labs is also using copious
(Photo: NASA). rather than companies sponsoring and managing amounts of open source both for its onboard
their deployment. Part of the solution for Planet Labs processing and for its image processing closer to
is to borrow from the home. “Most of the image
philosophy of agile processing stack is on
development, – that’s “The satellites are stuffed full of the ground,” Will told us,
releasing early and
releasing often, taking
the latest technology, including “but there is some
processing on board.
advantage of the latest an x86 PC running Ubuntu.” Most of the image
consumer technology. processing stack on the
So why hasn’t this ground uses open source
methodology been adopted before? “Because software built in libraries like GRASS and GDAL and
technology wasn’t ready and because if was a things like this – open source libraries that our
different philosophical approach to satellites and a employees are helping to develop.”
higher risk one in a way,” Marshall says. “We hadn’t So does that mean that any of Planet Labs’
guaranteed that the technology was going to work. It changes are making their way back upstream?
was a radically different approach. We started Planet “Absolutely. That’s our goal.”
Get a job building satellites Fancy studying something that can take you to space?
Until relatively recently, none of us might have So it’s probably too late to get into the field by
thought about the viability of a career building the time you’re 16 or 17!
satellites. But with the advent of companies like MW: It depends on which education system
Planet Labs building cool things from a garage you’re in! Study computer science. Study
and hanging out in the Californian sunshine, it aerospace engineering. Study physics or
looks like we’re on the cusp of a revolution in the astrophysics. These are the kinds of things that
space industry revolution. And if that sounds like would be useful in this area. I would alway
your thing, the bad news is that it’s probably too encourage people to start on the most abstract
late. You need to make sure you study the best mathematical end, because you can always go
possible subjects from the very start, which is why more engineering. So if you’re not sure whether to
we asked Will Marshall exactly what it takes to go into physics or into engineering, or maths or
build a career launching satellites. And yes, Planet physics, stick towards the left of that axis of
Labs is hiring! abstraction because if you study mathematics you
can always go to physics, if you study physics you
How did you become the CEO of PlanetLabs? can always do more engineering, but the reverse is
Will Marshall: I’ve been interested in space less simple. If you want to get into space, you
since I was yea high. I built a telescope when I was could start with aerospace engineering but you
a kid, and got interested in astronomy. Then I could also start with physics and maths.
found myself looking for ways in which I could use
science to help people, basically. I did a degree in
astrophysics and a PhD in quantum physics and
then went to work at NASA building small “Firstly, I would say study hardcore science
satellites for planetary science purposes, or engineering.” Will Marshall and Graham
primarily. Morrison discuss career prospects.
34 www.linuxvoice.com
� LINUX IN SPACE FEATURE
“We want to push out whatever useful things that
we do to process imagery in a massive way… [we
have] a compositor that takes deep stacks of imagery,
looks for ones with cloud, rejects those, takes some of
the images and pulls them into something that is a
coherent composite image that is the highest quality
from that stack. So that’s the kind of thing that will be
useful for lots of other people, that gets stuff out there
and enable other people to work on it too.”
Agile aerospace
This software is the Pixel Lapse Compositor, and its
lead developer, Frank Warmerdam, is already
maintaining the project on GitHub (https://github.
com/planetlabs/plcompositor). Frank developed and
is still one of the lead maintainers of the
Unlike the predatory
aforementioned GDAL – the Geospatial Data the product when we get ready to launch it, but we
naming convention used
Abstraction Library, a major project used by many intend it to be in that spirit.” That’s great news, and it by many other satellites,
different projects to read and write to lots of different means that hackers will be able to get their hands on these are called ‘Doves’
kinds of raster geospatial data formats typically used some dramatically up-to-date earth imagery. (Photo: NASA).
in tracking data. If you’ve ever tracked yourself with a On 19 August 19 2014, Planet Labs licensed its
GPS and put the file on your Linux box, you’ll have early imagery under Creative Commons Attribution
come across one of the formats and realised that Share Alike 4.0, and while this only includes the
despite them all being called ‘GIS’, it’s never simple to images that can currently be found within the
make sense of the data that these files contain. Other company’s hosted gallery, it would be wonderful if a
open source projects used by the team include licence like this could eventually used for the image
PostGIS, NGINX and OpenVC, and another team data obtained through the eventual API. It’s obvious
member, Jesse Andrews, is one of the lead developers that there are hundreds of applications for this data
of OpenStack. and even with the inclusion of commercial interest,
This is just the beginning of the deployment and there will always far more potential with an open
testing phase, and the crux of the project’s success, at interface. The thought of an open source project being
least from our perspective, depends on how the team able to run its own algorithms against the data set –
licence their data and how freely projects will be able whether it’s someone tracking queueing traffic on the
to access that data. Suez canal or the water levels in reservoirs, or
“We will enable anyone to access the data via the anything else that the collective imagination can
developer API, says Marshall. “We’ll talk more about come up with, is a wonderful one.
Planet Labs even has an
artist in residence who
designs the artwork for
both the satellites and for
the outside of the ground
stations.
www.linuxvoice.com 35
� FEATURE A HISTORY OF LINUX GAMING
A HISTORY
OF LINUX GAMING
Liam Dawe peeks into the belly of an unstoppable beast.
I
n the first ever issue of Linux Voice we briefly developer possible, to having major publishers on
touched down on the colourful history of Linux board. Let that just sink in for a moment, as two years
gaming. Now we’re here again to give you a better ago we didn’t have anything looking as bright as it is
picture of how we went from being an operating now. That’s an insanely short amount of time for such
system that was mostly ignored by every major a big turnaround.
The dark ages
We start our look in the early 90s, before most popular Linux distro even existed.
B
ack in the 90s, people would most
likely laugh at you for telling them
you used Linux on the desktop. It
was around this time that Id Software was
creating the game Doom, which actually
helped push Windows as a gaming
platform. Ironically it was Id that threw us
our first bone. A man named Dave Taylor
ported Doom to Linux the year after the
original release, and he only did it because
he loved Linux.
In the README.Linux file Dave gave his
reasons for the port:
“I did this ‘cause Linux gives me a woody.
It doesn’t generate revenue. Please don’t call
or write us with bug reports. They cost us
money, and I get sorta ragged on for wasting One of the first big name games to ever grace our platform, Doom has left quite a legacy.
my time on Unix ports anyway.”
Doom wasn’t quite the polished 3D FPS and Doom 3, which you could download after “Improving Wine for Linux gaming seems like
that we have now, but it blew away most purchasing the Windows version to run a better plan than lobbying individual game
other games that came before it, and was them natively on Linux. developers for native ports. Why the hate?”
fantastic for Linux. Doom, then, has the Sadly though, Id Software no longer Luckily Timothée Besset – the chap
honour of being the origin myth in our supports Linux with unofficial binaries to run responsible for a number of those
history of gaming on Linux. their games like it did in the past, and unsupported Id Software Linux ports – was
There were unsupported executables of a comments like this from John Carmack more positive towards Linux-native affairs: “I
number of later Id games , such as Quake 4 (formerly of Id Software) don’t help: don’t think running games on Wine is going
36 www.linuxvoice.com
� A HISTORY OF LINUX GAMING FEATURE
to get much easier… it’s pretty much as good Open Source picked up some of the slack, Freeciv even gained computer-controlled
as it’s going to be. It’s such a complex piece as it always does on Linux when we’re opposition players, so you were stuck
of engineering that it’ll always remain a missing something. finding people to play with. It’s a great game
rather frustrating barrier. Native is where Some of our older readers may remember though, and if you haven’t checked it out yet
it’s at.” Freeciv, which is a clone of the original you really should, as it’s still actively
After the release of Doom we didn’t exactly Civilization turn-based strategy game, but it developed today. You can even play Freeciv
have much else going for us, but luckily wasn’t until near the end of the 90s that in your browser: http://play.freeciv.org.
Neither Gnome nor KDE came with a
Wine decent set of games until the end of the 90s
either, so things were looking a bit drab.
Wine and CodeWeavers CrossOver seemed like they itself – there are many different technical aspects We had none of the really excellent open
may have been the only hope for Linux gamers. to Wine due to its replicating Windows.
source games that we have now, as even
Wine enables us to run Windows games on Linux Wine can be a bit hit and miss, as for some
without needing any kind of Windows install, and games it may give you an almost native feel, but well known time-wasting games like
that’s pretty enticing. with others it may flat-out not work. Frozen Bubble and the wonderfully crafted
The problem with Wine is that it comes with a Some actually feel that Wine disincentivises Battle for Wesnoth didn’t come out until the
whole host of drawbacks such as performance developers from bringing out native ports, and 2000s. It was a dark time, but it was early
loss, and bugs that we may never be able to be seeing things like “We’ve been told you can try
days. The day would come – we just didn;t
solve due to Wine being a layer on top of the game Wine” can be very disheartening to Linux gamers.
know it yet.
The light at the end of the tunnel
At the end of the 90’s there was a spark – Loki Software.
L
oki Software came up with what
seemed like a great idea – it
approached major game developers
and offered to port their games to Linux.
Loki was responsible for giving Linux
Civilization: Call to Power; getting a game like
that at the time was almost unheard of for
Linux. A Loki Software employee named
Sam Lantinga (who now works for Valve)
created the extremely useful library Simple
Direct Media Layer (SDL), which is used by
many games and companies today. Even
Freeciv, mentioned earlier, has a version that
uses SDL.
Luckily for us a man named Ryan Gordon,
who worked for Loki Software, carried on
porting a number of games and quickly rose Xxxxx xx xxxxx xxx xx xxxxx xxxx xx xxxxx xxx
to fame as a name in Linux gaming (he still xx xxxxx xxxx xx xxxxx xxx xx xxxxx
works on ports today). Ryan has been
responsible for some high-profile games as Civilisation: Call to Power was one of the early Linux ports courtesy of Loki Software.
well as a number of indie games such as
Serious Sam, Psychonauts, Aquaria, Goat Publishing was originally run by Michael Sadly LGP suffered a different kind of
Simulator (that game is utterly hilarious) and Simms, and was based on the same idea as problem, as its CEO at the time stepped
many more. Loki Software. LGP seemed to be a good down due to what seemed like a burnout.
A little sore spot for Linux gamers is Unreal deal for Linux gamers, as not only would you After no new ports were done for some time
Tournament 3, which Ryan ported to Linux, be supporting Linux, but you’d get your he handed the reins to a new CEO who
but it never saw the light of day for unknown games in a shiny box. made a small push into digital stores before
reasons (most likely middleware licensing LGP based its business on the same the company finally fell silent.
issues). Luckily that hasn’t stopped Ryan model, as it spoke to developers to port their If companies like LGP and Loki Software
from working with the Epic Games games to Linux, and offer high-priced boxed came about nowadays they would probably
community with Linux-related Unreal Engine versions of games that had already hit the have a lot more success. The porting house
tasks. Then along came Linux Game bargain bin for other platforms. This was a gap has seemingly been filled by Aspyr
Publishing (LGP) near the end of 2001 – common complaint among gamers – Media and Feral Interactive, which are
another porting house that rose from the having to pay $40 for a game that was $5 on currently porting some pretty high-profile
ashes of Loki Software. Linux Game Windows. games to Linux.
www.linuxvoice.com 37
� FEATURE A HISTORY OF LINUX GAMING
The indie revolution
2008 and beyond saw an ever so ’umble development.
A
fter the demise of Loki & LGP, Linux
gaming seemed hit a bit of a sore
spot, but from 2008 onwards
everything changed, and the change was
fast. In 2008 a real time strategy title named
0 A.D. popped up on the Linux radar. The
developers noted on their forum that they
had planned to release the game as open
source and it was a matter of months away.
This turned out to be true, as in 2009 it did
release the source code, and two months
later they had released the first Alpha
version of the now open source RTS game.
This is another big project using SDL (which
was created at Loki Software, remember), so
six years after Loki closed its doors its
software was still in use. Thanks to the second Humble Bundle we were graced with the award-winning puzzler Braid.
This was huge news, as 0 A.D. was the
first open source and completely free RTS than just game bundles – although much to Average payment $5.83
game on Linux that was being built to a our dismay not all bundles feature Linux Linux average $9.36
commercial standard, and now at Alpha 16 games now, as they have started to add Mac OS average $7.46
it looks incredible. DRM-filled bundles. Windows average $5.56
Around this time a number of slightly Linux gamers came out in force for the As you can see, Windows gamers pay the
higher-profile indie games started to release Humble Bundle, and have repeatedly least, but it’s not actually that surprising
Linux versions of their games. We had the smashed the average buying price when you think that many of the games
highly anticipated Amnesia: The Dark Descent, compared with Windows and Mac gamers, that Humble Bundle put out have probably
which was released in 2010 and promised proving that Linux gamers do in fact pay for been on Windows for some time, so their
Linux gamers their first proper experience of games. If we look at the history of the value is less.
a horror game in first person. Then in May of Humble Bundles we can see just how far The obstacle that Linux gaming faced at
2010 came the Humble Bundle, which Linux gamers go for games now, thanks to this moment in time was the lack of a
promised DRM-free, pay-what-you-want the Humble Bundle Visualisations website decent web store. Most big stores ignored
games. The beauty of the Humble Bundle (http://cheesetalks.twolofbees.com/ Linux until Desura came along. Desura is a
was the fact that all games in it had to be humble) created by Josh Bush. small (in comparison to Steam) online store
cross-platform. The first bundle was such a When you look into the above you can see that has its own Steam-like client that keeps
runaway success that it has been repeated (at the time of writing) the overall averages games up to date for you.
over and over and now does much more for purchases of bundles: Desura decided not only to support Linux
games on its store, but also to ported its
Desura client to the Linux desktop. The
client, though buggy, was functional enough,
and it was even open sourced down the line
to appease the Linux community in the hope
of gaining more community developers.
The big buzz around Desura was
short-lived however, as it hasn’t pushed out
an officially updated Linux client in quite a
long time. This is partly due to the newer
owners of Desura coming in and forcing a
restrictive contributor agreement for anyone
who wanted to write code for the open
source client.
By this time we’d proved that there was no
technical reason that games couldn’t exist
on Linux, and more importantly, that there
Osmos may not be the biggest or most innovative game around, but it came at the start of the was plenty of money to made. The scene
Linux indie craze, and had an awesomely mellow soundtrack. was set for Valve!
38 www.linuxvoice.com
� A HISTORY OF LINUX GAMING FEATURE
The rise of Steam for Linux
If people are making money out of us, we’re doing something right.
W
hen the news came that Valve
was bringing its Steam games
client to Linux, it caused some
controversy. Some gamers feeling that the
Steam client is merely a storefront that
allows the use of DRM; but considering you
need to have the store installed to download
and play the games, some see that as DRM.
It’s a fair argument, and one best not to get
involved in as it can get a little heated.
Even Richard Stallman himself had a good
point to make about Steam coming to Linux
with this comment:
“If you’re going to use these games, you’re
better off using them on GNU/Linux rather
than on Microsoft Windows. At least you
avoid the harm to your freedom that
Windows would do.” I know what you’re thinking: “Ahhh, sports!”, but Football Manager deserves all the acclaim it gets.
Even for users who shun services like It’s a massively popular title, and one of the first from SEGA to support Linux.
Steam it’s hard to deny all the good that it
does to boost Linux’s popularity. It’s not just “After this work, Left 4 Dead 2 is running at (which is quite the opposite to Steam), but it
about increasing popularity, but Steam 315 FPS on Linux. That the Linux version seemed originally quite against bringing its
announcing lots of Linux-related projects runs faster than the Windows version store to Linux.
increases the overall awareness of Linux (270.6) seems a little counter-intuitive, given We will also get support from GOG’s
too. Steam coming to Linux by itself the greater amount of time we have spent soon-to-be-released desktop client named
wouldn’t have been as big a deal as it was on the Windows version. However, it does GOG Galaxy, which can be seen as being
without Valve pushing its own games onto speak to the underlying efficiency of the Steam-like for its ability to auto-update your
Linux as well, and even stating in blog posts kernel and OpenGL.” games for you along with adding in extras
how well they ran with OpenGL on Linux. One other store that’s quite the favourite like online matchmaking. It will be useful, but
When talking about their work with Left 4 among gamers is GOG.com, formerly Good GOG being as gracefully as ever has noted
Dead 2 and talking with driver developers Old Games. This is thanks to its stance that the client will be 100% optional and that
directly the Valve devs actually talked up against DRM, and offering good policies like its standalone downloads will exist
how good OpenGL and Linux are: refunds if you cannot get a game working alongside the new client.
The future
The future’s bright. The future’s steamy.
I
n the past two years the Linux gaming as any other USB device would. This
scene has exploded. We’ve gone from controller ditches the traditional controller
people outright laughing at our platform sticks in favour of touchpads, and it looks
to regularly seeing Linux users make set to change the way we think of
statement like “I have too many games, gamepads. As amazing as Linux gaming is
what do I play?!”. right now it’s pretty safe to say we would
We have an insane number of games to have never gotten as far as we have without
look forward to this year alone, and who Valve and Steam. To think one company has
knows what 2015 and beyond will bring us? changed things so dramatically for us in
We still have SteamOS, which is Valve’s such a short space of time is crazy, but
Linux gaming isn’t just a sideshow: it’s where
custom Linux distribution aimed at gaming, that’s what happens when a major player in the innovation is happening.
and primarily meant to help the company the gaming space moves into our territory.
push its Steam Machine consoles. Who knows – maybe even Electronic Arts than it has ever been, and we are witnessing
Then we’ll get to see the famed Steam and its Origin client will announce Linux a change in the PC gaming sphere with
Controller, which will work natively on Linux support next. The future for Linux is stronger front-row tickets to the show.
www.linuxvoice.com 39
� FAQ DIASPORA*
DIASPORA*
The one social media system to bring them all, and in the openness, bind them.
Google+ and Twitter. Why on earth that connect to each other. Each pod
BEN EVERARD do I want another social network can handle many users (depending on
sucking up my free time? the hardware hosting it), so you don’t
OK, let’s start simple. What is Well, I wouldn’t quite call it a have to host your own; you can join a
Diaspora*? mashup, but it certainly appears pre-existing pod.
It’s a source social network. From to have taken some inspiration from The pods are independently operated,
a user’s perspective, it’s quite those other social networks, and some and anyone can set one up and connect
similar to Facebook or Google+ in that of those other social networks may it to the Diaspora network. Pods can be
you add people you want to be in have borrowed ideas from Diaspora. private to a particular group, or open
contact with, then it brings all their For example, Google+’s circles seem and allow anyone to join.
updates into a stream for you to view. remarkably similar to Diaspora’s
You can assign people to different aspects (which appeared first). So, since it’s open source and
groups depending on how you know The real advantage of Diaspora isn’t federated, does that mean
them and tailor with whom you share the software features though, it’s the Diaspora is more secure than
information. You can follow hashtags, philosophy behind it. Diaspora is open commercial social networks?
and posts that mention these hashtags source and federated, so it’s not under That depends on how you set it
get added to your activity stream. the control of any one organisation. up. Whenever you upload
something to a website – any website
I’ve checked the bottom of the Federation? What does that – you’re giving up control of that data.
page, and I can’t see any mean, and how does it benefit Whether it’s a 140-character tweet that
footnotes that reference that a social network? you want to share with the world, or a
asterisk. Why do you keep using it? Federation means that the picture that you only want your
The software’s called Diaspora*. network is open and anyone can Facebook friends to see.
The asterisk is part of the name, create a new server. For example, All social networks specify with
not a reference to a footnote. In fact, it’s anyone can set up a new email server. whom they will share the data, but it’s
silly, so let’s get rid of it. All you need is a computer connected up to them to make sure they follow
to the internet with an externally these rules. There’s no technical reason
Oh, OK. So Diaspora is a kind route-able IP address. This means that to stop Facebook sharing all your
of a mashup of Facebook, no company can monopolise the private data with the world. This is also
medium, and no one can be banned. the case with Diaspora. When you
You can use whichever email provider upload data, it’s stored on the pod, and
“The real advantage of best suits your needs, or run your own
server if you want to keep control.
you have to trust the pod’s admins to
respect the terms under which you
Diaspora isn’t the software The same is true of Diaspora. The uploaded it. What’s more, if you share it
features, it’s the philosophy.” network is decentralised, and consists
of a number of servers (known as pods)
with a member on another pod, the
data will be transmitted to that pod, so
40 www.linuxvoice.com
� DIASPORA* FAQ
you’ll have to trust that pod’s
administrators as well.
The thing that makes Diaspora
different is that you choose what pod
you use. If you’re worried about security,
you can set up your own pod, and invite
people to join you on it. Then, anything
that you only share with people on your
pod will only be shared with that group.
There won’t be any other admins that
could poke around in your data.
Are you saying that unless I
run my own pod, Diaspora is
not necessarily any more secure
than the commercial networks? You can find out more about the project at https://diasporafoundation.org, but this isn’t
To a certain extent, the answer to a pod, so to join the network, you’ll need to head to http://podupti.me to find one.
that question depends on from
whom you wish to keep your data alpha) went live on 23 November 2010. control of the network. For the most
secure. If you wish to keep it more However, before the software reached a part, this is a good thing. However, there
secure from rogue sysadmins or stable state, tragedy struck and Ilya are cases when this means that there is
hackers, then there’s a risk with any Zhitomirskiy killed himself. no one there to enforce good policies.
social network. On the other hand, if you Two years after receiving the funding For example, IS (the organisation
want to keep your data away from – with the software still in beta – the formerly known as ISIS) has been
advertisers who are trying to build a main developers shifted their focus to a banned from Facebook and Twitter, and
profile of you, then there’s a slight risk new project, and announced that they’d has now moved to Diaspora. Since no
that a malicious Diaspora pod may do let the community take ownership of one is in overall charge of the network, it
this, but we know that Google and the project. The project is now run becomes the responsibility of individual
Facebook do this – after all, they’re both under the umbrella of the Free Software podmins to remove the accounts of
advertising companies that run social Support Network. people sending messages of hate or
networks to get more people to look at Of course, this is just the using the network to organise malicious
their adverts. development of the software. Because activity. The core team have worked
What’s more, since Diaspora is run by of the federation, the actual hosting of with podmins to remove inappropriate
the community, the security decisions the pods is done by other organisations accounts, and the situation is ongoing
taken are the ones in the best interests and individuals around the world. at the time of writing.
of the community, not what’s in the best
interests of the advertising company Wow, it sounds like there’s no OK, I’m convinced. Where do I
running the website. This means that downside. Should I close down sign up?
we don’t expect to see sudden changes all my other social media accounts There’s a list of existing pods at
to privacy settings that lead to once- and switch to Diaspora? http://podupti.me. You can only
private data being shared with the There is a sort of chicken-and-egg join ones that have open signups. It’s
world. You can also download all of the problem with new social also a good idea to look for a pod with
information Diaspora holds about you, networks. No one wants to join until high uptime, and a recent software
or delete it at any time. there are enough of their friends on to version. Hashtags aren’t federated, so
make it worth while. At the moment, the you’ll only receive the public posts for
If it’s all open source, who’s Diaspora community is tiny in the pod that you’re a member of (you
running it? comparison to the big social networks, can get posts from friends on any pod).
The project was started by a and so it’s unlikely that you’re going to So, it’s a good idea to join a pod with a
group of four students (Dan be able to connect with all your old large community in an area of interest
Grippi, Maxwell Salzberg, Raphael school friends. to you. This could be people from a
Sofaer and Ilya Zhitomirskiy) at Courant There is a slight mitigation for this in particular locality, or who follow a
Institute of Mathematical Sciences in the way Diaspora can link to the other particular technology.
New York, and they turned to networks. That means that you can Alternatively, you could set up your
Kickstarter to crowdfund the push your posts from Diaspora to own pod. To do this, you’ll need a
development. On 24 April 2010, they Facebook, Twitter, Tumblr and computer with an IP address that’s
launched a campaign aiming to raise Wordpress. However, this doesn’t solve routeable from the internet, and ideally
$10,000, they received just over 20 the problem, as you still have to log into you should have an SSL certificate (not
times that much, making it the most these services to interact with them. self-signed). Once this is set up, you can
successful Kickstarter project at that The federated nature of Dispora also follow the install guide at https://wiki.
point. The first pod (an invitation-only means that there is no one in overall diasporafoundation.org/Installation.
www.linuxvoice.com 41
� INTERVIEW JAN WILDEBOER
THE MAN IN THE RED HAT:
FREEDOM BEYOND FOSS
Jan Wildeboer, Red Hat’s EMEA open source evangelist, has some
big ideas about freedom in our everyday lives...
Y
ou probably know Red Hat as importance of freedom and identity One thing we wanted to start
the company that makes a in the digital world. Jan is responsible with, even though it’s not
Linux distribution targeted at for open source evangelism at Red Linuxy per se: when we met at
enterprises, and also backs the Fedora Hat, visiting large enterprises and FOSDEM you were talking about
project. But Red Hat has its fingers in espousing the benefits that free how you microwaved your passport.
many pies, contributing code back to a software can bring. We met up with Could you tell that story again
large number of free software projects, him again for a proper chat at Red because that was awesome?
and many of its developers and Hat’s offices in Munich, and learned Jan Wildeboer: Well it’s quite simple.
managers are passionate advocates more about his intriguing ideas. This The new European passport has this
of FOSS and freedom. interview isn’t so much about Red embedded RFID chip, which hands out
Back at the FOSDEM conference Hat and Linux; we also talked about data on two levels. There’s a sort of
earlier this year, we bumped into Jan CentOS and its relationship to the public access that everyone can read,
Wildeboer when doing the rounds, company, so we’ll have more on that it which gives you some unique identifier
and he had a lot to say about the in a future issue of Linux Voice. but no real information. And there’s a
42 www.linuxvoice.com
� JAN WILDEBOER INTERVIEW
“When you buy stuff in high-price fashion
stores they have RFID chips and they track
you when you walk through the shop.”
Oh! I didn’t realise that. I was What – when you pick
being so cynical. something up in the shop?
JW: I always have online check-ins to JW: Yeah, and then you are carrying it
be careful, but they’re tracking me in the around and they have readers and can
airport anyway with the passport. So I quite exactly divine where the people
have this risk of data leakage, which I are going, so they use this stuff, which is
don’t like. So I went to the Dutch marketing. So they see, for example,
Embassy to get a new passport and that somebody takes a dress and walks
asked this guy what happens if the chip over to the jeans department, and that
isn’t working anymore? Is the passport happens quite often, so they put them
is still valid? He said yes, because there closer together. All this is cool stuff,
is the document of the passport and the don’t get me wrong. But the moment I
chip stuff is an additional feature. If the buy the dress, each of the RFID chips
chip doesn’t work anymore, that doesn’t has a unique identifier, so the moment I
render the passport invalid. buy the dress, then it becomes
Now, the way an RFID chip works is something that identifies me.
quite simple: it’s an antenna that But when I go into the shop the next
collects data. The chip is completely time and I haven’t removed it (it’s often
without any power source. It gets on a sticker they put on it but
“Why can’t we take powered from the electromagnetic field
that is used to read it; that’s a coil, and
sometimes it’s also woven into the
object itself)… there is a very simple rule
what we’ve learned from this coil collects energy and sends the within the EU about data protection and
machines and transport that data out etc. privacy etc. You can ask them to
to human relationships?”
Once you have a coil, and you put too remove it and effectively they should do
much power on it, it’s overloaded. So it voluntarily anyway. You can ask them
what you do is you put it in the to destroy the chip the moment the
microwave for two or three seconds, transaction is closed. I mean, I’ve paid
because a microwave is very for this stuff and it’s mine, now we have
second level, where you have to concentrated electromagnetic fields, an ownership transfer, and at that
authenticate against the RFID chip and and then the chip goes ‘poof’ moment I can destroy the chip myself
then it will spit out more information, immediately. So the chip doesn’t work of course, but I can also ask them to
going up to your fingerprints, biological anymore but the passport is still valid. remove the chip because the official
data, picture and that kind of stuff. And if you do it in the right timing, you purpose of the chip is now gone, I have
I don’t like this first level of access on won’t even see it – there will be no paid for it.
the passport, because it has been used black spot or something like that.
in shopping malls etc to collect tracking Are they under any obligation
data. You can’t identify the people There was talk that people to tell you about the chip?
behind it, but you can at least see the have them to scan things next JW: No. Well, yeah, sortish, but who
flow of people – who is standing where to you. So say you’re on the London really cares, it’s a symbol. It’s one of
for how long. Underground or something with your these standard questions that are just
passport in your pocket and asked at the checkout, “Can you please
In a lot of airports, they ask someone wants this information and destroy whatever chips are in there?”
you to show your boarding card they have a reader there. I think the Typically, the reply you will get is “Uh?
when you buy something. I tried to American version of these chips What chip? ”. They also have these
buy a packet of chewing gum in actually have lead-lined covers. special stickers where it’s already
Manchester airport and they asked JW: I don’t know how the American prepared and written through because
to see my passport, so I said “I just passports work, and honestly, I don’t the coil has an antenna.
won’t have the chewing gum then”. I want to know. But with this whole RFID
don’t want to be tracked all the time. stuff here, it’s quite fascinating. When I think I remember stickers like
I guess it’s for marketing purposes. you buy stuff in stores like high-price that on CDs and DVDs back in
JW: No, it’s tax reasons mainly. If they fashion stores, they also have RFID the day. It does get invasive.
sell it to you at the airport and you’re chips and they use that to track you JW: But it’s also cool just to – this is
flying out of your tax zone. when you walk through the shop. one of my hobbies, which I call social
www.linuxvoice.com 43
� INTERVIEW JAN WILDEBOER
kind of shit. So I don’t trust anything in
that regard.
Tell me about the other thing
you were talking about –
United Transnational Republics …
JW: It’s a political idea of a better way
to identity yourself. If you think about
identity, really the fundamental concept
of identity, of me being able to identify
myself to you, so you know who I am.
Identity is, in daily practice, quite easy to
us. You don’t need the Dutch state to
understand that I’m Jan Wildeboer, even
Jan travels a lot in the EMEA
though I’m a Dutch citizen and I have a
region, convincing businesses
Dutch passport. But this level of identity
that open source and standards
are vitally important. is very centralised and there are lots of
authorities involved. As a Dutch citizen, I
have a Dutch passport, which is given to
hacking or social engineering, to collect anyway, every little thing we do. Using me by the Dutch government, effectively
these, take them out of the stuff and put these little methods, it’s not so much I by the Dutch state, but there’s no
them in pockets to confuse people. don’t care about being tracked – I can’t obligation for them to give me a
do anything to avoid it anyway. What I passport. They can take it away at any
Yeah, give spurious data. So do care about is, however, pissing in time. They can renounce my citizenship.
when Facebook asks for your their pool of data to make the quality Ask Edward Snowden about that.
SMS contacts and you can get these bad. Because the moment the quality of
hacks for Android that just feed my profile gets bad, I get filtered away But isn’t it a UN human right
back random data. immediately because I’m not relevant. that everyone has the right to
JW: Yes, there are a lot of fun things I think that’s a fair way to take citizenship?
you can do with your online identity. One revenge, but it’s also a way of saying JW: Interestingly not. That’s exactly the
of my favourites is to set up the cookie that I understand what’s happening in point of the whole concept behind the
exchange network. So with just a little the background, and because I Transnational Republics: we want to
bit of shell scripting and stuff, we can understand and I’m allowed to tinker have that as a fundamental human
swap cookies. So at a given moment in with it, you cannot stop me from right. The right to own your identity, and
time, it starts swapping cookies, so I get tinkering with stuff. Deleting cookies is the right to define your own identity. The
your cookies and you get my cookies, what some people do all the time. reason we came to that idea was quite
and it travels around, which totally kills That’s not enough. Nowadays, you have simple. The contract of Geneva about
my online profile because all of a lots of methods of tracking stuff. It’s the fundamental human rights say very
sudden the advertisement would look cookies, it’s browser identifiers, it’s clearly that the fundamental human
totally weird. I mean, I would get an persistent flash cookies, and all that rights are granted to every citizen of a
insight into what you might be
interested in. And if you do that a bit
randomly, if this were between a
network of friends, then you could really
destroy this data.
I’ve been getting Indonesian
car adverts on YouTube before
videos, because I realise that
adverts help to fund a lot of
websites in general so I don’t block
them. But I don’t like the obsessive
tracking, so I turn on ‘Do not track
me’ and stuff like that. I’m not in the
market for a car, I don’t speak
Indonesian, and these adverts are
coming up so I think yes, I’ve
Fact: the original creator of Red
confused Google enough, it simply
Hat Linux, Marc Ewing, used to
has no idea about me. wear a red hat at university.
JW: You know it’s being tracked
44 www.linuxvoice.com
� JAN WILDEBOER INTERVIEW
member state of the United Nations.
Which means, the other way around, if
you’re not a citizen of a member state of
the United Nations, you do not have
access to fundamental human rights.
But pretty much every country
is in the UN now isn’t it, apart
from North Korea…
JW: But some are not citizens.
Refugees, who officially give up their
citizenship because they want to
escape the country. In the UK it’s, like,
when they have British citizens who are
from, let’s say, originally from Pakistan
and they go back to Pakistan to
whatever, so-called terror camps and
the US finds a drone to deliver an
explosive package, then there is a
problem because when the US drones
kill, technically, a UK citizen, that would
be an act of war. So what you have to
do, to be able to kill them, is to take their
UK citizenship away. And that’s exactly
what’s happening. There’s a whole
process behind it where the US, or the
“We think the United Nations
sucks at democracy, and we
can do better.” Red Hat’s EMEA headquarters
is located in Grassbrunn, on
the outskirts of Munich.
NSA or CIA or whoever, calls the UK
authorities and says “So we’re going to
send a drone to this and that place, and that everybody who votes is allowed to have TCP/ID? That’s a sort of way to
that or that people, and there might be vote, and that’s why you need identity. look at it. And that’s at the core of the
UK citizens, can you check?”. And then Now, with machines we have this Transnational Republics and
within hours they take their citizenships level of assurance and de-centralised transnational identity. Decentralised,
away, and then there is no violation of checks and balances. You know, with self-owned and self-regulated system of
human rights. TCP/IP, we have a relatively anarchistic identity where everybody technically
self-organising network that is de- becomes his own identity. That’s the
So they’re just killing someone centralised at its core. With TLS and theory, that’s a bold plan. A crazy
that barely exists in their eyes. SSL we have certificate authorities etc, ridiculous plan, but it’s interesting to
JW: Very over simplified. The whole so that with these certificates that offer think about identity in that way.
legal stuff is extremely complex. And validity, we have quite a high level of Once you start looking at this
this sort of shows you how identity that assurance when machines talk to each decentralised way, then you’re looking at
you don’t own yourself is a privilege and other that they really are the intended open source communities and how
not a right. So we think it’s better to machines. That’s why you need they organise themselves. Who’s
have a right to identity. And the reason man-in-the middle attacks to allowed to commit to open source
for that is because we want to build a compromise a system, but then with repositories. Again, all about identity. It’s
global democracy. We think the United certificate pinning you can make that all about trust, relationships and
Nations sucks at democracy, and we secure again, so these problems are somehow making those relationships
can do better, so we created this idea of solved now. I think, for philosophical work on a global level without being able
the United Transnational Republics to reasons, I find it very interesting that to physically interact with each other. It’s
give a better system for global machines enjoy more security than an interesting thought, especially now
democracy. You know, don’t take it all human beings. So why can’t we take that we have all of these privacy
too seriously, it’s just a way of thinking. what we’ve learnt from machines and discussions, and all of this security and
And to have democratic votes, you need transport that into human relationships? snooping… At the core of any kind of
to be sure that nobody double votes and So instead of TCP/IP, why can’t we not democracy lies identity.
www.linuxvoice.com 45
� Back issues are now available at
http://shop.linuxvoice.com/products/single-issues
� INTRO REVIEWS
REVIEWS
The latest software and hardware for your Linux box, reviewed
and rated by the most experienced writers in the business
On test this issue...
48 50
Andrew Gregory
Keeps his special photos on Ubuntu One, where
they’ll be safe forever…
T
his month I’ve treated myself to
a new guitar amplifier. It uses Wacom Intuos Pro Mediagoblin 0.7
valves instead of microchips Graham Morrison always wanted to be an This Gnu project aims to become a free
– the same sort of valves that were artist, expressing himself through the alternative to YouTube. Ben ‘cat videos’
used in the first computers of the medium of colour and shape. Now he is! Everard isn’t convinced.
1940s. I read a magazine on paper, first
mashed out of dead trees thousands of 52 53
51
years ago. And I used a distro installer
that used a text-mode front-end, which
seem to have been around forever but
really hit their peak in the 80s.
It may seem like the march of
technology has left me behind, but it
really hasn’t. Technology lives on after
its original uses have become obsolete.
Calibre 2.0 Energine sockets Android x86
In the 80s, a text UI was the easiest One day Mike Saunders is Ben Everard uses 240V to It’s great on phones, but will
way available for the user to interact going to write the Great control his projects, so he the touch-friendly version
with the machine. That’s not true any Cumbrian Novel. He’ll needs something to sit of Linux work as a desktop
more, but it does have certain probably use this brilliant between the Raspberry Pi OS? Mike Saunders finds
advantages – low system requirements piece of editing software to and the mains power out, and leaves finger marks
being top of the list. Paper is still useful help him organise it. supply. Like this! all over the screen.
for its low glare and unlimited battery
life, factors that weren’t relevant in Han
dynasty China. BOOKS AND GROUP TEST
We dearly love Raspbian. It’s optimised for the
Babies and bathwater Raspberry Pi, is based on the fantastic Debian Linux
Even if you run a constantly updating distro, and has tons of documentation. But it’s not
Arch system, there are components of the only fruit. The standard Noobs installer offers
distro that are decades old. Mike five other choices, all of which are brilliant in their
mentions the tar command elsewhere own way, and you owe it to yourself to try them.
In books, there’s a range of Linuxy and non-Linuxy
in the magazine, and there are loads of
titles to get your teeth into, the pick of which is an
others that date back from the 1970s, oldie but still a goodie – The Cathedral and the
80s and 90s. We should embrace the Bazaar, a founding tome of the Free Software ethos.
new, but not reject the old. Cosy up with a copy as the nights draw in…
andrew@linuxvoice.com
www.linuxvoice.com 47
� REVIEWS WACOM INTUOS PRO
Wacom Intuos Pro
Graham Morrison continues his journey to becoming an old master
by getting his hands on a tasty graphics tablet.
W
e’ve become smitten by drawing things on
DATA our Linux desktops, and we’ve had quite a
Web
few emails from readers to say they feel
wacom.com the same. We could probably form some kind of
Developer clandestine art club for geeks held in the candlelit
Wacom/Community cellar of The White Hart every other Thursday. But
drivers until now, we’ve only really been dabbling with
Price
£299
applications like Gimp and Krita while clicking around
with a regular mouse.
This isn’t bad. It’s how lots of great digital artists
have created lots of great art. But mice feel neither
especially creative nor particularly precise. Which is Along with the stylus stand you get 10 nibs – five
perhaps why nearly every designer we’ve ever met standard, one flex, one stroke nib, and three felt.
favours the graphics tablet. These things have been
around for a long time, and come in two parts. The than Wacom, which is an important distinction. But
first is the stylus, which acts as your virtual pen. It these devices have been in development for over 10
feels and weighs the same as one, only it’s made of years and the developers are able to keep up with
plastic and doesn’t leave a mark on paper. any major development in tablets. They’re considered
The second part is the tablet itself, which acts as some of the best tablets with the best compatibility
your writing surface. you can get. Wacom was also more than happy to
“Nearly every designer we’ve For artist, this surface
is important, because
send us a device for review, knowing we were only
going to consider the Linux compatibility, so it sounds
met favours the graphics they want to duplicate like there’s a good relationship between the two. But
tablet over the mouse.” the feel of the surfaces
they’d typically draw
it’s probably worth remembering that Linux support
is always going to be limited to the community, rather
upon, so they need to than the official channels (who do at least link to the
offer just the right amount of friction to give the artist Linux drivers).
enough control and feedback over their movement.
Esoteric hardware like this is exactly the kind Rococoagogo
that doesn’t normally have good support for Linux, We’ve been sent the medium model in the range
especially when Apple’s OS X is the traditional domain – there’s one smaller and one larger, but they all
for those artistic types. But the primary reason for perform identically. The tablet itself is relatively large,
The Intuos Pro can work this review is that we’re happy to report that there are occupying about the same footprint as a 15-inch
both wired and wirelessly some excellent drivers for many of the devices from laptop (it’s 380 x 251 x 12mm) and weighs just under
with the bundled battery, the market leader, Wacom. The drivers themselves a kilogram, making it relatively travel friendly. We don’t
expansion and USB dongle. are developed by the Linux users themselves, rather think a larger one would be a benefit. Size is
important, because you need the space to place the
tablet almost directly in front of your screen, and it’s
far less likely to give you RSI than a mouse. There are
buttons and a touch-sensitive dial on the left,and a
USB connector on the right, although you can change
the orientation to suit whatever works for you. You
can also operate this model wirelessly by adding the
bundled rechargeable battery and wireless extension
with the tiny wireless dongle plugged into your PC. We
had no problem getting this to work, but neither did
the USB cable bother us too much.
If you’ve not used a tablet before, they take a little
getting used to – the main difference being that
movement is now absolute rather than relative. Place
the stylus in the same place and the cursor will appear
in the same place, although this can be changed. You
can move the cursor around the screen by hovering
48 www.linuxvoice.com
� WACOM INTUOS PRO REVIEWS
Tablet apps
We used the Intuos with as many Linux desktop applications
as we could find, and they generally all worked well. Our
favourite was Krita, purely because it was the only application
to really make the most of all the tablet’s features, and its
brush and pencil models can trick the mind into think you’re
really drawing. Gimp is also great to use with the tablet
and doesn’t tax your CPU in the same way. You do need to
customise how it interprets the tablet though, which can be
done from the Edit > Input Devices menu option by enabling
‘Screen’ control for the pen, pad, eraser and stylus input.
Inkscape is the same and also has some great drawing modes,
plus the advantage that you’re creating vectors rather than
bitmap images. We also had very little problem using the
tablet as our default input for a desktop, although we couldn’t
find a way to enable the touchpad feature which works on Look out for our Autumn/Winter collection coming to
other operating systems. an online store near you.
the stylus a few millimetres above the touch surface, the quick brush and colour palette to appear when
just as you when sketching with a pencil. The package you press the first button on the stylus, and the
includes a variety of other nibs, removed using a Canvas Move mode for the second button. The eraser
chrome tweezer, which attempt to emulate the wasn’t set to erase by default, but this can easily be
characteristics of a flexible brush, or a softer pencil, changed, and some people prefer to use a keyboard
although they have no effect on the data. Prodding shortcut anyway.
the surface with the stylus is the equivalent to a left We wanted to experiment more with the options
click of the mouse and two further buttons on the provided by the drivers to the operating system, and
stylus have a default configuration of right and middle to access those we installed a package called kcm-
mouse clicks. wacomtablet. This is a setting panel for KDE and
there’s an equivalent for Gnome, but you can equally
Prometheus unbound perform all the same options using the xsetwacom
Our next step was to try the tablet with some drawing command installed with the driver. The KDE settings
software, and given our recent experience, the first we panel lets you adjust all the various options and
wanted to try was Krita. However, we were surprised apply them to profiles, which can be easily switched.
to discover it crashes immediately, spitting out an This lets you create a
error; “Rel Vert Wheel 11 -> 6“ to the standard output. configuration for Krita, for
What our system was missing was the all essential
xf86-input-wacom for the windowing system, which
example, and switch easily
to a different profile for
“We’d seriously consider
is a standard package installation for every working with Gimp. You buying a Wacom tablet for the
distribution we looked at. With that installed, Krita
launched without any issue and we were immediately
can adjust the pressure
threshold curves, re-
joy of just doodling with it.”
able to start drawing. assign any of the buttons
The texture of both the nib on the stylus and the surrounding the surface and change the functions of
tablet itself contrive to create a feeling akin to a pencil both the buttons on the side of the stylus and the nib
on paper. The more you increase the pressure, the and eraser, which is useful as you may want to use
darker the impression on the virtual canvas (although the eraser as a different kind of brush, for example.
this is entirely governed by your software), and the All of this worked without any problems, and you can
defaults have you pressing quite hard to get the easily see how a tablet like this could maximise your
darkest lines. productivity when you’ve got everything configured
Krita has a tablet configuration setting that enables to your liking. In fact, we loved the whole experience
you to adjust the curve of the pressure you apply, so so much that even without really having that much
you could make more of a mark by pressing lightly, interest in art, we’d seriously consider buying a
for example, or less of a mark by pressing harder. Wacom tablet for the joy of just doodling with it.
The resolution of the tablet means you can create
incredibly fine lines, smaller even than a cross-
LINUX VOICE VERDICT
hatched Escher drawn in Indian ink. The tilt function
It’s expensive but it’s professional. And
also worked perfectly within Krita by changing the for once, the Linux drivers are a joy to
shape of the brushes that support the feature. Using use. Highly recommended if you have
the 2B pencil brush gave results almost identical to any artistic leanings.
sketching with a pencil, and we wasted a long time
playing with this. By default, Krita has also configured
www.linuxvoice.com 49
� REVIEWS GNU MEDIAGOBLIN 0.7
Gnu MediaGoblin 0.7
Ben Everard investigates Gnu’s ambitious project to conquer the
world of web-based media sharing.
M
ediaGoblin aims to provide a free software
DATA alternative to media hosting sites like
Web
YouTube, Flickr and SoundCloud. Instead
www.mediagoblin.org of focussing on a single media type, it allows users to
Developer upload and share many different types of media
Gnu through a plugin system. To achieve this, the project
Price launched a crowdfunding campaign that’s raised over
AGPL
$60,000 to fund development (the campaign is
ongoing – visit http://mediagoblin.org/pages/
campaign.html to see the current status).
The team have come a long way towards realising MediaGoblin enables you to tag media with a licence from
their goal. You can now upload images, videos, sound all rights reserved to public domain.
files, documents and 3D models, which that should
be enough to cover most people’s media needs. To us, the biggest problem with the current version
MediaGoblin will re-encode them to the appropriate is the layout. The web pages look good, but they
format, and make them available on the web page. don’t always show what you might want them to. For
You can also group them together into collections example, the home page shows a feed of what’s been
of various types, and viewers can add comments. uploaded, but not popular collections, or particular
Blogs are now supported as an users, and there’s no way to search or browse by
“For now, Mediagoblin is additional media type, but it’s currently
considered experimental, so use it
tag. Once you’ve found the particular user you’re
interested in, you can look through their collections,
a strong foundation for at your own risk. Throughout the but you can’t just click through from the front page
a useful project.” application, markdown is supported
for adding formatting to comments
unless they’ve recently uploaded media. It makes it
quite hard to find things when you know where they
and descriptions. are, and almost impossible to browse for media.
The Pump API allows users to share their content Discoverability is absolutely critical to media servers,
with (and upload content from) other applications. and for MediaGoblin to become a viable alternative to
This means that MediaGoblin doesn’t have to live in commercial services, it needs to get a lot better.
isolation, but can become part of an ecosystem. This
There are a few public
MediaGoblin, servers like
feature is new in 0.7, so as yet, not much supports Limited wardrobe
this one provided by the it, but hopefully that will start to change soon. In MediaGoblin is themeable, but it’s new and theme
Roaming Initiative future releases, the developers hope to include full developers haven’t yet caught up. Other than the two
(www.roaming-initiative. federation, which will enable users to seamlessly themes that come pre-installed, we couldn’t find
com/mediagoblin). move across different MediaGoblin sites. another one that worked with the latest version.
Hopefully this will start to change as MediaGoblin gets
more popular. Another important feature that’s not yet
available is the ability to embed media in other web
pages. The popularity of YouTube videos around the
web is a testament to just how effective this can be in
spreading content. This is currently being worked on,
so should be available soon.
For now, MediaGoblin is a strong foundation for a
useful project. However, there is still quite a bit of work
to do before the project offers a real alternative to
closed-source media hosting. Given the current pace
of development, we don’t expect it to take too long.
LINUX VOICE VERDICT
A good basis, but there’s a long way
to go before it starts to worry the
incumbents.
50 www.linuxvoice.com
� CALIBRE REVIEWS
Calibre 2.0
Ben Everard saves the trees and casts his paper books aside in favour of
environmentally friendly electronic ones.
C
alibre is one of the top ebook utilities on Linux.
In its basic use, you can use it to download
and (if necessary) manipulate ebooks to
create your own book shelf, then upload particular
books to your e-reader devices (a wide variety are
supported, including Android MTP phones and
tablets). It can also display ebooks, but desktop and
laptop screens are rarely good for reading from.
Perhaps, as tablets get more powerful, Calibre will see
more installs on reader hardware (Calibre supports
touchscreen controls for Windows tablets, but not yet
for Linux ones).
The biggest change in version 2.0 is that it’s shifted
from the Qt 4 toolkit for its graphical interface to Qt 5.
This has cleared a lot of problems that were the result
of Qt 4. However, it does mean that the project no
All subscribers can now
longer supports Windows XP. We won’t take any a great way to quickly find the cheapest store for a
get ePub copies of Linux
marks off for that though – Calibre has supported XP particular book, and it highlights which sources Voice, which work well with
later than Microsoft, and it’s high time you switched include DRM. In addition to grabbing ebooks, Calibre Calibre and e-readers.
any remaining XP machines to Linux anyway. can also be configured to download RSS feeds
If you’ve got enough books to make managing allowing you to create a sort of eNewspaper to be
them difficult, Calibre lets you sort and filter them by read offline. The RSS is automatically converted to
author, tag, language and various other parameters. ePub for upload to an e-reader.
You can also convert between most popular ebook
formats, so you can manage books across a range of Ebook editor
devices. This all works well, but the interface is a little Calibre isn’t just for reading and managing books. It
lacklusture. The icon theme is inconsistent (some are also includes quite a capable ebook editor (for ePub
flat, some aren’t, one’s animated and the save icon is and Kindle formats). This includes a side-by-side DATA
like nothing we’ve seen before), the window feels HTML editor and preview, CSS tools, inspector and an
Web
cluttered even though it’s actually quite a simple ePub validator. Of course, all these tools are available
www.calibre-ebook.com
layout, and it’s not always obvious where particular separately, but Calibre brings them together into a sort Developer
options are. None of this is bad enough to put us off of ebook integrated development environment. Kovid Goyal
using it, but the software would really benefit from a Although editing ebooks isn’t Calibre’s main Licence
little more attention to design. function, it’s one it performs very well. Options like GPLv3
Calibre can get books from a wide range of sources pretty-printing the HTML, removing unused CSS and
including free (both as in beer and speech) and smartening the punctuation are useful for working
paid-for stores. The list of sources is exhaustive, so it’s with automatically generated HTML files, which can
be something of a mess.
It is, perhaps, let down a little by the lack of a
WYSISYG editor, so all changes have to be made
directly to the raw HTML. This means it isn’t great for
writers (especially non-technical ones) looking to
create a book, but it is the best open source tool we
know of for editors compiling and tidying up the book.
With version 2, Calibre continues its domination of the
open-source ebook scene.
LINUX VOICE VERDICT
Essential software for everyone using
e-readers. Calibre is only let down by
an untidy interface.
The side-by-side HTML editor and preview make it easy to
sort out any display problems with an ebook.
www.linuxvoice.com 51
� REVIEWS ENERGENIE SOCKETS AND RASPBERRY PI TRANSMITTER
Energenie Radio controlled sockets
Ben Everard decided against powering his latest project from a lightning rod
attached to the clock tower; instead he’s using one of these.
I
t’s easy to use the GPIO pins on the Raspberry pi
DATA to switch low voltage devices on and off. Even
Web
components that need more current than the pins
https://energenie4u.co.uk can provide can be handled using a motor driver,
Developer optical isolator or relay. This is easy to set up and not
Energenie likely to damage your Pi. However, switching mains
Price voltage is a different case entirely.
£19.99
When you’re dealing with mains voltage at 240V
(OK, fine, 230V with a tolerance of +10% or -6%.
Thanks EU!), things begin to get a little more tricky.
Not only do you need more capable components to
switch this level of voltage, they need to be driven
by the low voltages that the Pi can supply. It also The example code is well commented, so it’s easy to see
becomes more dangerous, as any mis-wiring could what all the GPIO operations are for.
lead to hardware damage or worse.
These radio controlled sockets are a great solution energenie4u.co.uk/index.php/catalogue/product/
to the problem. There’s no wiring, so it’s no more ENER002-2PI). It doesn’t require any specialist
dangerous to use than using electrical appliances software other than what’s needed for controlling the
normally, and the GPIO pins. There is some example code in Python
“When you’re dealing with Pi is air-gapped so
there’s no risk to
using the RPi.GPIO module, but it should be trivial
to port this to any other language. For that matter,
mains voltage at 240V, things that hardware. The we wouldn’t envisage any problems controlling the
begin to get a little more tricky.” manufacturer claims
they can handle 13A,
expansion board from any 3.3V controller, but we
haven’t tried it with anything other than the Pi.
and while we had no
problem switching high wattage devices, we weren’t Programmers only need apply
able to test them at the top of that range. There isn’t any specific software (either graphical or
The boxed set is a single Pi expansion board command line) provided other than a simple example,
controller, and two radio controlled sockets (additional so it’s only suitable for programmers. That said, you
sockets are sold separately, and it’s possible to use up could simply copy and paste bits from the example
to four sockets with a single expansion board). The program, so you don’t need much programming
The board and sockets expansion board works with every current model of experience to make it work. Setting the hardware up
are also sold separately the Pi (A, B and B+). was simply a case of pressing a button (the only
for £9.99 and £12.99 The protocol for controlling the expansion board button) on the socket before sending a command.
respectively. is explained on the project’s website (https:// The listed range is 30m in open space. Some
people have reported being able to extend the range
by soldering an additional antenna on, but this is not
officially supported.
These sockets really couldn’t be easier to use for
programmers, and while it would be nice to have a
graphical application to make it really simple to get
started, it’s hard to see how this would be useful
beyond demonstrating the capabilities. The hardware
is really designed for letting you control things with
scripts. At the simplest level, this could be turning
lamps on or off, but really, it could be anything.
LINUX VOICE VERDICT
The easiest way of switching mains
voltage from a computer, but only for
those of us in the UK.
52 www.linuxvoice.com
� ANDROID X86 REVIEWS
Android x86 4.4
Can a mobile OS work well on the desktop, or is this just the first step on
the path to madness? Mike Saunders pops in a USB key and finds out…
I
t’s a funny old world. The Linux kernel was born
because its creator wanted to run a Unix-like OS
on his home PC. And while Linux hasn’t yet
conquered the desktop, it has made big inroads into
the server market over the last decade or so. More
recently, Linux has been gigantically popular in the
mobile space thanks to Google’s Android, and now
we’ve come full circle: running Android on your
desktop. Back in issue 2’s FOSSpicks section we had
a brief look at the 4.4 release candidate from a
“curious dabbler” perspective, and now we want to see
if it’s really usable as a day-to-day OS.
Android x86 is available as an ISO image, but you
can easily convert it to run from a USB key with
UNetbootin. Both formats let you install it to your
hard drive. We dug out our trusty old ASUS K52F
laptop, which served as a reliable workhorse for many
years, to see how well Android supports common
PC hardware. The ASUS machine has never had any
major problems running normal Linux distributions –
but we didn’t know what to expect from a significantly A host of apps is included,
different platform. emulator is installed – but don’t expect much in the including the usual
Well, the results were good. Video performance way of a typical GNU/Linux userland. It’s essentially suspects from Google.
was great, sound and the webcam worked out of the BusyBox with a smattering of tools such as OpenSSH.
box, and the Fn keys for controlling audio levels and So, what’s Android x86 like as a desktop OS? If
screen brightness also did their job without manual you’re familiar with it on a mobile phone or tablet, DATA
intervention. The touchpad responded well to multi- you’ll pick it up in seconds: it’s almost exactly the
Web
touch gestures, and in terms of power management, same. (Indeed, many of the dialogs refer to “your www.android-x86.org
Android didn’t use significantly more battery juice than tablet” during configuration.) Clicking and swiping Developer
the previous Xubuntu 13.04 installation. to bring up the System and Action bars feels a bit Google and community
strange at first, as does switching applications, but Price
Free under OSS licences
Familiar territory fortunately Alt+Tab is still available for those of us
Although Android x86 isn’t an official product from who prefer a more traditional approach. The biggest
Google, and is developed and maintained as an potential obstacle is the inability to resize windows –
unofficial port, it comes with the usual host of Google or show anything side-by-side. It’s not a huge deal on
programs: Maps, YouTube, Drive, Gmail, Play Music/ smaller screens, but it doesn’t make much sense if
Games/Newsstand and so forth. Handily, a terminal you have a 27” monitor.
Ultimately, Android x86 is too limiting for regular
desktop Linux users, but it’s a great Windows
alternative for non-technical types. If you’ve got
friends or relatives desperately trying to get off XP, and
all they do is some light browsing, email and watching
YouTube videos, this is exactly what they need. It
doesn’t have the richness of a full Linux installation,
but it has fewer moving parts to break, and almost
anyone can pick it up quickly.
LINUX VOICE VERDICT
Surprisingly good, and a great “my
first” Linux distro for non-savvy users
who do everything on the web.
It’s no replacement for Arch Linux, but Android x86 does a
decent job for light browsing and communication tasks.
www.linuxvoice.com 53
� REVIEWS BOOKS
Program or Be Programmed: Ten
Commandments for the Digital Age
Ben Everard finds out how to ensure computers are shaping our lives for the better.
P
rogram or Be Programmed is a book worst fact about the book. It felt good to be
about how the internet is shaping able to read it all in a few hours, but at the
our society, and what we need to do same time the rush of information meant we
in order to make sure the changes that it’s couldn’t fully digest it in a single sitting.
bringing are beneficial. It’s split up into 10 While we don’t completely agree with the
chapters, each of which deals with one proposed 10 commandments, the thorough
commandment that is supposed to help reasoning he provides for each one make
ease one factor of technology. Program or thought-provoking reading, which, we
Be Programmed is the title of the final suspect, is really the point of the book.
chapter, and it’s the only one about Maybe we should start our own book club so
programming. The rest deal with how we we can all discuss our thoughts on IRC?
interact with our machines, other people on
line and new forms of media.
Rushkoff doesn’t dive into the LINUX VOICE VERDICT
technicalities of how to follow his advice (he Author Douglas Rushkoff
leaves that up to the reader). It’s quite a Publisher OR Books
ISBN 978-1935928157
jargon-heavy book, so non-geeks may
Price £11
struggle to follow parts of it.
Even if you don’t fully agree with Rushkoff, this
It’s quite a short book – just 144 small book provokes a debate we should be having.
form-factor pages – but the information is Will we sleepwalk into dystopia, or harness
quite dense. This is probably the best and technology for the benefit of humanity?
Riding Rockets: The Outrageous
Tales of a Space Shuttle Astronaut
Ben Everard learns about the good, the bad and… er… monkey faeces.
T
he space shuttle era was the between military aviators and scientists. As
golden era for astronauts. The large the shuttle program goes on, Mullane
capacity of the craft meant that becomes more and more disenfranchised by
many more people went up in each mission hubris and mismanagement at NASA, which
than do in the smaller and often unmanned he says led to the tragic deaths of the crews
rockets that make most missions today. of Challenger and Columbia, but he never
The reader is introduced a world where loses his infectious enthusiasm for all things
applicants lie and cheat to get onto the related to space travel. Riding Rockets is
astronaut program, then compete against laugh-out-loud funny, exciting and sad.
each other for that greatest of prizes: a trip
into space. If you’re used to seeing
astronauts as staid professionals, Riding LINUX VOICE VERDICT
Rockets could be quite a shock for you. Author Mike Mullane
This slightly sordid version of events Publisher Simon & Schuster Ltd
ISBN 978-0743276832
comes first hand from Mike Mullane, one of
Price £10.99
“The F.....g New Guys” brought into NASA at
It’s equal parts cautionary tale, exposé and
the start of the shuttle era. Mullane takes us hilarious memoir.
through the edge-of-your-seat excitement of The book that proves that astronauts are mere
going into space, the sexism and the clashes humans like the rest of us.
54 www.linuxvoice.com
� REVIEWS BOOKS
The Cathedral and the Bazaar ALSO RELEASED…
Ben Everard revisits the work of an accidental revolutionary.
P
rior to Linux, software (even free
software) tended to be developed
in a closed space with a trusted
team of developers, then pushed out
into the world as a completed product.
The Cathedral and
This was the best practise of the time.
the Bazaar has
According to most theories of software Brian Ward
inspired many
development prior to about 2000, the is the author
people, including
Linux kernel shouldn’t work. Hundreds of of The Linux
Jimmy Wales,
people just wouldn’t be able to collaborate Kernel HOWTO.
co-founder of
on code in active development – or so it Wikipedia. How Linux Works
was thought. At the time, the dominant We all need at least one book that covers
theories said that the complexity of Linus developed, and Eric S Raymond broadly how Linux works. Ours has always
managing people on that scale would encapsulated. The Cathedral and the Bazaar been Linux in a Nutshell, but that is perhaps
getting a little dated now. This new edition
be overwhelming and the project would remains a must read.
covers similar territory – there’s no desktops
languish in a bug-ridden stupor. However, – but it has a different, less formal style.
there’s no denying that – from a software LINUX VOICE VERDICT
development perspective – the Linux Author Eric S Raymond
kernel has been an overwhelming success. Publisher O’Reilly Media
The book is a little dated now, but just ISBN 978-0596001087
Price £10.99
about the only thing that’s changed in the
The Cathedral and the Bazaar is the definitive
past decade is that the author’s views book on Linux-style open software.
have become mainstream. Projects
like GitHub are based on the principals
Blender’s
capabilities
are getting so
impressive, it’s
The Hacker Crackdown slightly scary.
Blender 3D Basics Beginner’s Guide
Even tech history repeats itself, discovers Graham Morrison The open source 3D rendering engine, Blender,
has become an industry changing application.
T
But it is difficult to get into, so we’re very
his is a book from 1992 about happy to see more books trying to ease people
the subversion of a technology into the Blender way of doing things. They’re
that dominated the previous all helping to strengthen a great system.
decade – dial-up bulletin board systems
and the misuse of old telephone systems.
Subsequently, it’s also about the rise of
Originally published
a hacker culture in a pre-internet world. in 1992, The Hacker
It’s the first instance we can think of Crackdown has been
where geek culture clashes with authority in the public domain Unlike the
after techniques that start as cool hacks since 1994. many beginner
becomes exploited by wider communities, titles, this is
eventually leading to Operation Sundevil, divide and the hacker subculture remains, a book that
possibly the first crackdown on hackers by naturally adapted to life on the internet and promises
a governmental institution. the web. schematics
Operation Sundevil and similar initiatives and details.
led to the creation of the Electronic LINUX VOICE VERDICT Mastering the Raspberry Pi
Frontier Foundation in an attempt to Author Brice Sterling There are many Raspberry Pi books to choose
bridge the misunderstanding between law Publisher Bantam Books from, but this is a title pitched at ‘experienced
ISBN 0-553-56370-X electronics engineers, Linux admins and users’
enforcement agencies and the technology
Price Free ePub or second hand on paper which should put it on the more technical side.
they believed was being misused. What’s
A fascinating slice of history and antiquated That’s an area that hasn’t been covered
most fascinating about reading this book tech systems that remains relevant today. adequately, so this could be a good fit for
over 20 years later (it’s free), is that so little people looking for more advanced projects.
has essentially changed. There’s still this
www.linuxvoice.com 55
� GROUP TEST RASPBERRY PI DISTROS
RASPBERRY PI
DISTROS
GROUP TEST
Graham Morrison burns a hole in his SD card after installing every
raspberry flavoured distro he can get his hands on.
On Test Raspberry Pi distros
T
he Raspberry Pi needs no install the media software you need
Raspbian introduction. It’s a credit onto a new installation, or use a
URL www.raspbian.org card sized Linux computer distro created for a single purpose?
VERSION 20/06/2014 that can be used for everything We’ve looked at the six different
LICENCE Mostly GPL from brewing beer to playing arcade distributions you can install through
Most consider this the official operating games. And it’s usually found the Noobs installer, which means
system of the Pi, and the one to beat.
running its default Raspbian you can avoid the dd roulette of
distribution. But this being Linux, copying a distribution image across
Pidora Raspbian isn’t the only fruit for your from your Linux machine and onto
URL http://pidora.ca Pi. And because your Pi is the SD card. It’s also important to
VERSION 20 supposed to be played with, remember that these distributions
LICENCE Open source subverted, coerced and aren’t really competing directly
Love the Pi? Love Fedora? See what occasionally broken, you owe it to against one another. Two are
they’ve done here with the name? yourself to try something else. designed specifically for media
Not only will a different playback, for example, which is why
OpenElec distribution give you a different
perspective on such familiar
we pit them against one another,
and while RISC OS is fun to use,
URL http://openelec.tv
hardware, you may well find a it’s not a realistic replacement for
VERSION 4.07
LICENCE GPLv2 different distribution suits your something like Raspbian.
An ultra-minimal distro built from the requirements better than the We should give the same caveat
kernel up to play your media. default options, or learn something for the table of statistics we present
about what you need or don’t need. at the end. A value like free memory
Raspbian is a great all-rounder, can be pernicious because the
OSMC/Raspbmc for example, but how does it kernel uses memory in strange and
URL www.raspbmc.com perform if you require only a dynamic ways, and in the case of
VERSION June 2014 minimal installation, or you want the distributions running XBMC, the
LICENCE Open Source
your Pi to stick to the back of your amount of free memory fluctuated
Unlike OpenElec, this is a media distro
television and be used purely for from one second to another
paired down from Debian.
media playback? Is it better to without us performing any actions.
RISC OS
URL https://www.riscosopen.org “Raspbian is a great all-rounder, but what
VERSION RC12a
LICENCE Non Open Source
if you require only a minimal installation?”
An ARM operating system from the
1990s can’t still be any good can it? HARDWARE
For our testing, we used an old more than one thing at the same time
Arch Linux Raspberry Pi model B with a 4GB class 4 (this has improved with the B+). We left
SD card connected to wired networking the amount of RAM assigned to the GPU
URL http://archlinuxarm.org
rather than using a wireless dongle. As at its default value and didn’t overclock
VERSION June 2014
ever, the most important hardware any installation other than with
LICENCE Open Source requirement is a decent powered USB OpenELEC and Raspbmc, but this is
This is the same Arch you know and hub, as the early models are renowned something you should look into if you’re
love, only built for ARM. for their lack of USB power while doing using your Pi as a regular desktop.
56 www.linuxvoice.com
� RASPBERRY PI DISTROS GROUP TEST
Installing distros
Don’t take any risks with dd – Noobs packages all the distros in into an easy to use installer.
M
any users will simply copy the valuable data. A better alternative is the booting your Pi with it after safely
raw image of their downloaded Noobs installer. This can be either a 20MB unmounting the device. When the Pi boots,
distribution using the dd network install download, or 1.5GB file that you’ll see menu pop up inviting you to install
command or one of its GUI equivalents. But doesn’t require network access. When either all the distros on test here plus a tool to add
this is potentially dangerous, as it requires is downloaded, installation is as simple as a 512MB data partition. Depending on
you to enter the device ID of your SD card. copying the contents of the unarchived Zip space, you’ll also be able to install more than
Get this wrong, and you may overwrite folder into the root of your SD card and one at the same time!
Raspbian
Ra Ra Raspbian, the Foundation’s greatest tech machine.
T
his is the distribution to beat.
Raspbian is the distro recommended
by the Raspberry Pi Foundation. It’s
the distribution used by nearly all tutorials
and much of the official documentation. It’s
a distribution that’s funded by the
Foundation and it’s the first to take
advantage of much of its investment. There
are Wayland and Weston patches funded
and built specifically for the Raspberry Pi, for
example, that came to Raspbian first. It’s
also the only distribution that will work
perfectly with the Foundation’s expansions
and peripherals from day one. And it’s
probably got the best name. When
combined Raspian’s Debian foundations
and its huge software repository, it’s almost The desktop is packed with dozens of points from which you can launch your Pi Adventure.
unbeatable. We say almost because there
are still four pages to go. packages from the very first boot, and the Both are incredibly powerful, but the former
This experience starts with its ease of pre-installed build environment, making this runs its loading off a Sinclair ZX Microdrive,
configuration, although we spare a thought a perfect distribution for just getting on with so we’re not quite sure how useful it’s going
for those new to Linux. The grey, blue and what you want to do. to be. Far more successful is the Pi edition
black of the Curses configuration tool has all The Raspberry Pi’s limited performance of Minecraft, which need to be installed
the charm of a 1993 MS-DOS game’s audio and memory does restrict the desktop, manually but runs perfectly and will help the
configuration panel, untouched by the making Raspbian’s default LXDE a perfect Pi win teenage kudos whenever it’s installed.
touchscreen revolution. But it is functional choice. It’s quick, functional and low on We experienced an update hitch with the
and fast. From this simple menu, you can resources. The default configuration looks a 233MB wolfram-engine package stalling at
expand the filesystem to use your entire SD little like Windows 98 running with a dark 98%. The only options are to remove the
Card, overclock the hardware, enable the theme, but at least it’s a nine-year advance package beforehand or remove it from the
camera module and tell Raspbian you want on the MS-DOS configuration panel, and update (aptitude hold wolfram-engine), and
the desktop booted by default. LXDE does everything you need. The we wonder why things like Qjackctl are
desktop is littered with links to great starting included when there’s no instantly workable
startx points, such as a Python games launcher or Jack configuration, but these are both tiny
Postponing this choice, rather than booting the Scratch launcher – perfect for classes blemishes on an excellent Linux distribution.
to the desktop first, is a particularly good and tutorials, although we missed a more
idea, as many Pi users are going to want to obvious link to package installation. There’s VERDICT
stick with the command line, and if not, the also some proprietary software in the shape Some weird proprietary
choices, but an unrivalled
desktop is only an option away. So too is the of Pi versions of Mathematica 10 and its foundation for all other Pi
SSH server that’s already running, meaning associated Wolfram language (see our experimentation
you can remotely configure and install review of the £195 latest release in LV007).
www.linuxvoice.com 57
� GROUP TEST RASPBERRY PI DISTROS
Pidora
The closest you’ll get to a full distro experience on your Pi.
F
edora is the cutting-edge RPM boot to a graphical desktop. This all
based distribution that’s a direct means your passwords and accounts
descendant to the old Red Hat are unique from the first boot, unlike
releases, and it’s brilliant to see a nearly every other Pi distro, which is
version that’s been built for the good for the SSH server that’s already
Raspberry Pi. Like Debian, its creators running. We also liked the way you’re It’s a great desktop, but it’s slow. The white square in the
are fortunate in that the root asked about overscan, as most of us middle of the screen is the frame update lag when we ran
distribution is available for many connecting the Pi to a monitor don’t the screenshot utility.
different platforms and has been have to worry about this (and Raspbian
around long enough that the diminutive defaults to overscan being enabled). well for the all the regular desktop
ARM chip of the Pi shouldn’t pose too As a desktop distro, Pidora looks applications that have been installed
much of a challenge. Pidora also wins fantastic. The Fedora theme is the alongside. For this reason, it’s easier
with its boot visuals as it smoothly most polished of all the distributions to consider Pidora as a CLI-based
scrolls and flips a large logo across we’ve looked at, and Xfce helps make it distribution that can take advantage
where other distributions present the all feel like a modern computer. of Fedora’s huge package repository
boot log – we half expected some Performance is an issue, however. alongside the same excellent
chiptunes to be played alongside! Even opening the Thunar file manager package management and system
This is also the only distro we looked takes seconds, which doesn’t bode configuration.
at that had anything like an installer.
When you first boot Pidora, you are
asked to accept a licence, choose a
“The Fedora theme is the VERDICT
We love the way this is
keyboard, create a user and a root most polished of all the unadulterated Fedora, but
the desktop is going to
account, set the time (the default is
31/12/1969!) and whether or not to
distros we’ve looked at.” frustrate some people.
Risc OS
Oh the horror. This isn’t Linux!
O
nce upon a time, there was a Running RISC OS in 2014 is part
furious debate about which nostalgia, because it still looks and
kind of CPU architecture was behaves in a way that will feel familiar to
superior; RISC versus CISC. It doesn’t Archimedes veterans, and part practical.
really matter now, but there’s some Even the Pi’s ARM6 is way faster than
history here. Acorn, the creators of the the old ARM3, the chip for which Risc We never did find out how to close the windows on the
BBC and whose naming convention OS was first written. This makes it applications we were opening.
inspired the Raspberry Pi, was rather lightning fast for things like text editing
fond of RISC and developed the first and file management, as long as you’re because there’s a refreshing world of
commercial RISC processor which they happy using applications that feel like modal window constraints, dynamic
promptly put into the first RISC-based they’re from the mid 90s. The web resizing, saving files, filenames and file
home computer, the Archimedes. And browser, for example, is very quick, but it management to learn about. And while
the Archimedes begat the first version also feels like you’re running iBrowse on there are too few Linux/open source
of RISC OS (see page 104 for more of an Amiga from the 20th century. apps, there are plenty of other things to
this back story). discover, and you’ll find yourself
The relevant part is that various Back to the future rebooting to Linux and wondering
departments of Acorn became ARM There are modern concessions – you where all that performance has gone.
Holdings, the company now can mount MS-DOS formatted drives
responsible for creating the most and USB sticks, and networking works VERDICT
widely used CPU architecture ever, and out of the box, and there’s even an app By far the fastest OS, but
ultimately more a
the one used by the Raspberry Pi. store. But for most of us, RISC OS feels curiosity than an
Which is why porting RISC OS to the Pi like landing on an alien planet. Which is alternative to Linux.
has a certain karmic symmetry to it. an excellent learning experience,
58 www.linuxvoice.com
� RASPBERRY PI DISTROS GROUP TEST
Arch Linux Arm More obscure
Who needs audio, graphics or a configuration tool?
alternatives
I
n this group test, we’ve looked at the six
distributions you can easily install from the
Noobs installer. These are the same distros
you can download from the main site and
install manually. But by our reckoning, there
are over 40 to choose from. Arch is a great
minimal distribution, for example, but it still
weighs in at around 500MB, and that’s before
you install any of the further packages you’re
likely to need. If you want to stick with
Raspbian, one alternative is Minibian. It’s close
to being a 200MB download and uses the
same servers and packages as Raspbian so it
can easily be augmented with whatever
additional software you need.
By far the smallest we’ve found is PiCore,
a version of Tiny Core Linux built for ARM.
The download image with SSH running for
headless installations is a mere 18.6 MB,
It would be nice to have a working desktop out of the box, but that’s not the Arch way. and adding a graphical environment only
adds 14.6MB – just less than 40MB when
D
espite its reputation for being creating packages for the the ARM uncompressed. It also leaves you with an
difficult (and the Arch chattering architecture) is the best way to install and impressive 114MB of RAM, but you’ll need
classes will hate us for saying keep up to date with the latest package to install everything else, as the default
that), when someone else has gone to the developments for any of the distributions installation doesn’t even include a web
trouble of tidily packaging the operating we looked at. The way you can pull browser (although it does include a package
system up for your specific hardware, it’s packages out of the build system, make manager of sorts).
almost as easy to use Arch as it is to use your own modifications or patches, and You may also want to keep an eye on
Raspbian. Which is exactly what’s then run the binaries without worrying the Kano OS project, which promises an
happened with Arch for the Pi. With about dependencies is a significant time Elementary OS-style makeover to the
nothing more than a simple copy to your saver, especially when the whole system Raspberry Pi desktop. But our favourite,
SD card, you’ve got a fully functional Arch boots so quickly. though sadly a touch impractical, is the
installation ready and waiting for anything This makes Arch perhaps perfect for Commodore Pi Project. This turns your Pi into
you want to throw at it. those developing their own embedded a Commodore 64 by using the Comeback64
Arch is a blank slate for your own projects, or who need the greatest emulator as its kernel, albeit a Commodore 64
projects or for building your own perfect possible breadth of potential packages with Ethernet and access to more RAM, USB
environment, and you’ll need to install to install from. Most of this is covered and the GPIO pins. At the time of writing, the
everything else yourself. It’s good and in Arch’s wiki page for the Pi. Reading only video output working is the composite,
proper that the Pi version takes the same the wiki and making these changes which makes it truly old school (and already
principle. yourself forces you to learn about the out of date if you’ve got a Model B+).
system you’re creating. Doing that from a
The font of learning Raspberry Pi is a natural progression from
One concession to usability we were the open nature of the hardware, just at
pleasantly surprised to find was the SSH a lower level. You end up understanding
server up and running, which means you exactly how the system is running, and
can continue to configure your Raspberry that’s something you can’t easily achieve
Pi remotely. This being Arch, the amount from any other distribution.
of stuff that can be installed via the
pacman -S command is colossal, VERDICT
although it can’t compete with Raspbian This is the perfect way to
get started with Arch, and
unless you add the Arch User Repository. a great way to learn about PiCore doesn’t have much functionality, but it’s
We’ve also found that installing the AUR the Linux OS. perfect if you’ve only got a small SD card.
build environment (which is required when
www.linuxvoice.com 59
� GROUP TEST RASPBERRY PI DISTROS
OpenELEC vs OSMC/Raspbmc
Video may have killed the radio star, but it’s the making of these two great systems.
A
lmost by complete surprise, restarting the system while an update
one area of great success for is being applied.
the Raspberry Pi has been in Raspbmc/OSMC is quite different.
the realm of media playback. Its CPU You have a choice of installing from
isn’t powerful, but it is optimised for either a minimal network image or
audio and video, making it punch far a fatter (1.2GB) image that requires
above its weight when it comes to less to be downloaded. Because we’re
playback. It comes with HDMI by professionals, we tried them both, and
default and includes the audio within as a result we’d recommend going with
the HDMI connection. And it’s also the network install (unless your Pi is
cheap and almost completely open. connected to a 28.8 baud modem). The OpenELEC is a wonderfully polished media centre that’s a
All of which perhaps explains why package download that’s part of the great choice for friends and family.
there are two excellent distributions for installation takes only 5–10 minutes,
the Raspberry Pi designed to make it but the entire installation takes a lot there’s a web browser too. By default,
work as a media centre – OpenELEC longer. Both versions still download, XBMC 13.2 Git was installed, which
and Raspbmc. Because XBMC is unpack and install new kernels, resize perhaps explains the slightly smoother
changing its name, so too is Raspbmc, partition tables, extract updates and performance in Raspmc.
with its new project name being OSMC. post chirpy updates to the blue and When connected to local storage,
But because nearly all references within grey display. playback from both systems is
the distribution and online still use excellent. The system info pages report
Raspbmc, we’re going to use this too.
We installed OpenELEC first and were “When connected to local that OpenELEC ran 1–2 frames per
second slower, which we wouldn’t
impressed by the way it automatically storage, playback from both worry about, but Raspmc had the edge
systems is excellent.”
expanded the filesystem when first when it came to accessing media,
booted to take advantage of as much starting playback and screen updates.
space on your SD card as possible. It This surprised us, considering the more
then reboots and launches XBMC 13.1 Raspmc also has its own settings bespoke and minimal strategy taken
with the OpenELEC setup wizard. This add-on, and while not as polished by the OpenELEC team. However, both
asks you a few simple questions, such in appearance, it offers much more had problems when we connected
as for a hostname, sets up networking detailed control over your system XBMC to our TVheadend back-end and
and enables both SSH and Samba, than the default in OpenELEC. You attempted to watch live or recorded
which is incredibly useful. can overclock various parts of your Pi, television. The answer for both is to
We were able to test the update for example, or enable the Pi camera enable overclocking, which we ran
between versions 4.05 and 4.07, which module to take intermittent photos. without adding any instability, and
downloaded, extracted and applied You can also configure a GPIO infrared keeping things up to date.
itself perfectly, although we’d appreciate receiver for a remote control, allow OpenELEC is proudly built from
a little more feedback to stop us updates (even from a nightly build) and the kernel up to only include what is
required, unlike Raspbmc, which is a
minimal build on top of Debian. But a
Debian foundation could also be an
advantage, as it enables you to apt-get
install anything else. These two are
so very close otherwise. OpenELEC
is more polished, and would be our
choice for an installation where you’re
not perhaps local to fix things. But for
us, Raspbmc wins the comparison
thanks to its geeky settings add-on and
marginally better performance.
VERDICT
Raspbmc/OSMC: A OpenELEC: Without
little rough around the doubt our media player
edges, but the hacker’s setup of choice for
choice. non-Linux users.
Raspbmc, now called OSMC, enables you to overclock your Pi from within XBMC,
which we’d recommend as it vastly improved performance.
60 www.linuxvoice.com
� RASPBERRY PI DISTROS GROUP TEST
OUR VERDICT
Raspberry Pi distributions
T
he task of choosing a to Raspbian being built on Debian,
winner in a group test they’re acquiring some excellent
where many of the general Linux knowledge at the
distributions are trying to do same time.
different things is a tough one. We’d For the sake of media playback,
rather recommend that you install we chose the closely related Raspbian’s two killer features are its support (it’s the Pi
them all, because that’s what the OSMC/Raspbmc, but it could just Foundation’s official distro) and Debian’s software repositories.
Raspberry Pi is about. And because have easily been OpenELEC, and
SD cards are becoming increasingly we’re going to switch between the
affordable, there’s no reason why
you can’t have more than one
two over the next few months to
see how they both progress. Arch’s
1st Raspbian
Licence Mostly GPL Version 20/06/2014
installed and switch between them Pi incarnation also surprised us,
for whatever task is at hand – use and it’s our chosen platform for any www.raspbian.org
one distribution for watching a film new projects we embark upon. It’s It’s the sensible choice, and also the easiest to use and the best
or listening to music and another also the distribution we’d choose for any potential project.
for building your next hardware if you want to use low-latency
project, for example. audio, for example, or run an 2nd OSMC/Raspbmc
“Raspbian provides the broadest range
Licence Open Source Version June 2014
of possibilities and starting points.”
www.raspbmc.com
The Pi is perfect for media playback, and OSMC is the best
distro we’re found for media.
But the distribution we’ve chosen emulator. This is followed by Pidora,
is perhaps no surprise. It’s the best another excellent choice and worth 3rd Arch Linux
at providing the broadest range of trying purely because it’s Fedora, Licence Open Source Version June 2014
possibilities and starting points and and RISC OS, which is itself a
it’s as close to being a standard fascinating operating system. And http://archlinuxarm.org
Everyone should give Arch Linux a go at least once, and this is
operating system for the Pi as you there are many, many more to try.
the best way to get started with it.
can get. And that’s Raspbian. In So really, even though we’ve
this case, we think it’s important chosen one winner, this should just
that there’s a standard because it be the beginning of the adventure. 4th OpenElec
enables new users in particular to Go forth, and make the most of Licence GPLv2 Version 4.07
get the most from the widest range your SD card’s spare capacity to
http://openelec.tv
of tutorials and support, and thanks broaden your Pi horizons.
It’s only going to take one update, and OpenELEC could easily
leapfrog into position two.
5th Pidora
Distro Name Boot time (s) Root size (GB) Free memory (MB) Packages
Arch CLI (no AUR) 11 0.456 105 11000
Licence Open Source Version 20
OpenELEC 43 0.995 24 0
http://pidora.ca
Pidora CLI 16 2.3 72 31706
It’s a little unfair this comes fifth, as it’s still an excellent option,
and the only one if you love RPMs.
Pidora XFCE 63 2.3 53 31706
Raspbian CLI 30 2.4 137 37246
6th RISC OS
Licence Non Open Source Version RC12a
Raspbian LXDE 56 2.4 64 37246
www.riscosopen.org
Raspbmc/OSMC 56 0.890 10 37294 The fastest OS in last position? This is mainly because of the
licence and the lack of free software.
RISC OS 17 0.277 205 150
www.linuxvoice.com 61
� SUBSCRIBE
SUBSCRIBE shop.linuxvoice.com
Introducing Linux Voice,
the magazine that:
Gives 50% of its profits
back to Free Software
Licenses its content
CC-BY-SA within 9 months
12-month subs prices
UK – £55
Europe – £85
US/Canada – £95
ROW – £99
7-month subs prices DIGITAL
UK – £38 SUBSCRIPTION
Europe – £53
US/Canada – £57
ONLY £38
ROW – £60
Get 114 pages Access our Save money on
of tutorials, rapidly growing the shop price
features, interviews back-issues archive and get each issue
and reviews – all DRM-free and delivered to
every month ready to download your door
Payment is in Pounds Sterling. 12-month subscribers will receive 12 issues of Linux Voice a year. 7-month
subscribers will receive 7 issue of Linux Voice. If you are dissatisfied in any way you can write to us to cancel your
subscription at subscriptions@linuxvoice.com and we will refund you for all unmailed issues.
62 www.linuxvoice.com
� NEXT MONTH
NEXT MONTH IN
ON SALE EVEN MORE AWESOME!
THURSDAY Latex
23 OCTOBER The layout tool of
choice for scientists,
THE BEST boffins and other
FREE
brainy characters,
Latex used to be
dauntingly difficult
– until we got hold
SOFTWARE
of it!
Get your hack on
Be inspired by the
clever, creative
KNOWN TO HUMANITY things that people
just like you are
doing right now with
free software,
exactly like we
promised last issue.
Tune your kernel
KILLER APPS Delve into the
workings of your
Linux kernel to
If you only ever use the standard software in unlock features and
your distro’s menus, you’re missing out big performance known
only to the elite. And
time – join us on a journey through the finest us, obviously.
free software known to humanity.
LINUX VOICE IS BROUGHT TO YOU BY
Editor Graham Morrison Editorial consultant Nick Veitch through the use of advice in this magazine. Copyright Linux is a trademark of Linus
graham@linuxvoice.com nick@linuxvoice.com Experiment with Linux at your own risk! Torvalds, and is used with permission.
Deputy editor Andrew Gregory Distributed by Marketforce (UK) Ltd, Blue Anything in this magazine may not be
andrew@linuxvoice.com All code printed in this magazine is licensed Fin Building, 110 Southwark Street, London, reproduced without permission of the editor,
Technical editor Ben Everard under the GNU GPLv3 SE1 0SU until June 2015 when all content (including
ben@linuxvoice.com Tel: +44 (0) 20 3148 3300 images) is re-licensed CC-BY-SA.
Editor at large Mike Saunders Printed in the UK by ©Linux Voice Ltd 2014
mike@linuxvoice.com Acorn Web Offset Ltd Circulation Marketing by Intermedia Brand ISSN 2054-3778
Creative director Stacey Black Marketing Ltd, registered office North Quay
stacey@linuxvoice.com Disclaimer We accept no liability for any House, Sutton Harbour, Plymouth PL4 0RA Subscribe: shop.linuxvoice.com
loss of data or damage to your hardware Tel: 01737 852166 subscriptions@linuxvoice.com
www.linuxvoice.com
� CORETECHNOLOGY
CORE
A veteran Unix and Linux
enthusiast, Chris Brown has
written and delivered open
source training from New Delhi
to San Francisco, though not on
TECHNOLOGY
the same day. Dive under the skin of your Linux system to find out what really makes it tick.
Filesystem: what’s going on?
Take a programmer’s-eye view of the Linux filesystem.
T
ver the last three months our look at Down at the system call level, file times, returning count values of 1024, 1024,
core Linux technology has focussed descriptors (or file handles – call them what 452 and 0. The zero means we’ve reached
mostly on inter-process you will) are plain integers. We declare two the end of the file. This ‘perform an action,
communications – pipes and sockets. This of them (one for input, one for output) at line capture the result, and test it’ is a common
month we’re going to turn our attention to 6. We allocate a modest buffer at line 7; this idiom in C; indeed, any C programmer worth
the filesystem. My interest here is not about will be used to store the data as it is being his salt hides all the really important parts of
how to access and manage files from the copied across. At lines 10 and 11 we open his programs inside the test predicates for
command line (ls, mv, rm, cp, chmod… that our input and output files. In each case we if() and while() loops in this way.
kind of thing). I’m assuming you know all get back descriptors that refer to the open After we fall out of the loop (line 15) we
that. Rather, I want to take you behind the files. For simplicity we’ve just hard-coded the are careful to close both file descriptors.
scenes of the filesystem and view it through filenames here; more realistically, you’d take This will ensure that any data buffered by
the eyes of a programmer. them from the command line. The the kernel is actually written to the disk. In
The lowest level at which you can read parameters passed at line 11 say that we this example the progam terminates
and write files is by using the four system want to write to the file and that we want to immediately afterwards and any open
calls open(), read(), write() and close(). Let’s create it if it doesn’t exist. The mysterious descriptors will be implicitly closed. But if the
dive straight in with an example. This simple octal value 0644 specifies the permissions program went on to process lots of other
file copy program is written in C: that will be assigned to the file as it is files we would eventually run out of file
1. #include <fcntl.h> created. You may recognise them more descriptors if we failed to close the ones
2. #define BSIZE 1024 easily written as rw-r--r--. Notice that you we’d finished with.
3. don’t get to specify the owner of the file – it Now I realise that some of you may think
4. void main() will be owned by whoever runs the program. that this system-level code looks like awfully
5. { You don’t get a choice. hard work. Well, maybe it’s because I was
6. int fin, fout; weaned on a diet of assembly languages as
7. char buf[BSIZE]; Coding back to front a youngster, but I actually quite enjoy
8. int count; All the real work happens in the loop at lines programming at this level. Short of micro-
9. 13 and 14, and there’s a lot packed into miniaturising yourself and crawling out over
10. fin = open(“foo”, O_RDONLY); these two lines of code. Line 13 needs
11. fout = open(“bar”, O_WRONLY | O_CREAT, 0644); reading ‘inside-out’; it goes something like
12. this: Read the next BSIZE bytes from the A Ken Thompson quote
13. while ((count = read(fin, buf, BSIZE)) > 0) input file into the buffer. Record the number
There was originally a system call named creat()
14. write(fout, buf, count); of bytes you read in the variable count. Test that created a new file. Indeed there still is, but
15. the value of count: if it’s greater than zero, it’s seldom used since you don’t usually want
16. close(fin); write however many bytes you got back out to create a file unless you’re about to write to it,
17. close(fout); to the output file (line 14). To illustrate how and files can be created by the open() call, as
our file copy example shows. But there’s a nice
18. } this works, suppose the input file was 2500
story about creat. Apparently Ken Thompson
bytes long. Then line 13 would execute 4 was once asked what he would do differently
if he were redesigning the Unix system. His
reply: “I’d spell creat with an e”. (See The Unix
“Short of crawling over the disk with a tiny magnet, programming environment by Kernighan and
this is as close as you can get to the metal.” Pike, p204). The implication being, of course,
that he’d got everything else right.
64 www.linuxvoice.com
� CORETECHNOLOGY
the disk’s surface with a tiny magnet, this is
the closest you can get to the metal when it Portability and the standard I/O library
comes to file I/O.
Moving up a level
Linux-specific
Let’s move up a level and re-write the Portable application
application
program using the standard I/O library using standard
using direct
instead of direct system calls: library
system calls
#include <stdio.h>
#define BSIZE 1024
fopen( )
fread( )
void main()
fseek( )
{
fprintf( ), etc
FILE *fin, *fout; /* Input and output handles */
char buf[BSIZE];
Standard
int count;
I/O library
fin = fopen(“foo”, “r”);
open( ) open( )
fout = fopen(“bar”, “w”);
read( ) read( )
lseek( ), etc lseek( ), etc
while ((count = fread(buf, 1, BSIZE, fin)) > 0)
fwrite(buf, 1, count, fout);
Kernel
fclose(fin);
fclose(fout);
} Applications can choose to access files through the Standard I/O library, or use
It doesn’t look too much different, does it? direct system calls .
File descriptors are now of type FILE *
instead of just integers, and the calls are
renamed – open() becomes fopen() and so ‘random’ here has always struck me as 17.
on. But there’s an important distinction. The rather odd. It shows up again in the 18. /* Replace the first line */
first program used Unix-specific calls; the common abbreviation RAM – Random 19. fseek($f, 0, SEEK_SET);
second uses routines from the standard I/O Access Memory – and seems to suggest 20. fwrite($f, $omega, $n);
library, so it should run anywhere that C is that we have no control over which piece of 21.
supported. the data we actually get. But I digress.)Here’s 22. /* Replace the last line */
The I/O calls we’ve just seen – read(), an example that swaps the first and last 23. fseek($f, -$n, SEEK_END);
write(), fread() and fwrite() – just do binary lines in a text file. I confess it’s slightly 24. fwrite($f, $alpha, $n);
I/O. There’s no sort of format conversion; contrived; in particular it assumes that the 25. fclose($f);
they just shovel bytes between a file and an first and last lines are the same length. But it 26. ?>
in-memory buffer. In contrast, fprintf() does illustrates random access quite well. This Here’s the scoop. We open the file at line
formatted output of strings and numeric example is in PHP, though since PHP is just 3. The parameter r+ is important – it says
data, something like this: providing its own language binding to the that we want to both read and write the file.
fprintf(fout, “Answer is %f\n”, 22.0/7.0); same standard I/O library, the code would The loop at line 5 (with an empty body) just
not look that much different in C: walks along the file a byte at a time until we
Random access 1. #!/usr/bin/php reach the first newline character. We are
By default, the contents of a file are read 2. <?php trying to figure out how long the line is. The
sequentially. There’s a “file position pointer” 3. $f = fopen(“foo”, “r+”); ftell() call at line 8 gets the current file
maintained for each open file, which points 4. /* walk to the first newline */ pointer position; this gives us the line length.
to a specific byte offset within the file and 5. while (fread($f, 1) != “\n”) ; Line 11 resets the file position pointer to the
determines where the next read or write will 6. beginning. The call
start. If I read 1024 bytes, the pointer 7. /* get current file position */ fseek($f, 0, SEEK_SET)
advances by that much so that the next read 8. $n = ftell($f); would do the same. Then at line 12 we
continues where the last left off. Our file 9. re-read that first line all in one go, saving it
copy program relies on this behaviour for 10. /* Read and save the first line */ for later. Line 15 is interesting. It positions
both the input and output files. 11. rewind($f); the file pointer one line before the end of the
However, it’s possible to explicitly manage 12. $alpha = fread($f, $n); file. (This is where our assumption that the
this file position pointer, moving it to any 13. first and last lines are the same length kicks
desired position within the file. This gives us 14. /* Read and save the last line */ in.) At line 16 we read in that last line. At line
‘random access’, as opposed to ‘sequential 15. fseek($f, -$n, SEEK_END); 19 we rewind to the beginning of the file
access’, into the data. (The use of the word 16. $omega = fread($f, $n); again then overwrite the first line of text.
www.linuxvoice.com 65
� CORETECHNOLOGY
the user provided a command-line look like a file, and can be accessed by the
mmap argument, printing an error message and usual command line tools like cat or cp. This
The mmap() system call provides a very bailing out if not. Lines 8–11 change into the perhaps makes a little more sense of the
different approach to random access into directory specified on the command line ‘files’ in the procfs and sysfs virtual
a file’s data. It allows a file’s contents to be
(equivalent to cd in a shell script), printing an filesystems, usually mounted onto /proc
mapped into the address space of a process
and accessed like an array. Random access is error if this fails. Line 13 opens the directory; and /sys. These files are purely a figment of
achieved simply by indexing into the array. The the handle is returned in $d. Line 15 is the the kernel’s imagination, providing a view
mmap call itself is a little complicated, but if start of a loop, calling readdir() repeatedly to from userspace into internal kernel data. For
you’re looking for an efficient way to dive into a enumerate the files in the directory. There is example, the following command:
file, mmap may be worth a look.
an explicit check at line 16 to ignore the $ cat /proc/cpuinfo
entries . and ..; otherwise the file is deleted will provide details of the kernel’s view of the
Finally, at lines 23 and 24 we scoot along to (unlinked) at line 18. Notice that the program processor on which it’s running. Most parts
the start of the last line of the file and will fail ungracefully if there’s a subdirectory of these filesystems are read-only – you
overwrite that, too. in the directory you’re emptying. Do be can’t upgrade your processor by writing to
Well, that’s a little tricky to follow, so I’ve careful if you run this example – it really will /proc/cpuinfo or get more memory by
drawn a diagram that might help (see remove all the files in the directory you writing to /proc/meminfo. But some
below). And if you want to explore this in specify, so beware! parameters can be tweaked by writing to the
more detail, the man page for fseek will My reason for providing examples in appropriate ‘file’. A classic example is /proc/
show you the C language bindings for these different languages is not just to add variety, sys/net/ipv4/ip_forward, which determines
functions, or browse to http://php.net/ but to make the point that although different whether the Linux kernel will forward (route)
manual/en/function.fseek.php to see the languages have different syntax, they are all IP traffic. By default this is disabled, (zero) as
PHP bindings. providing language bindings to the same you’ll see if you examine the file:
library routines – in this case chdir(), $ cat /proc/sys/net/ipv4/ip_forward
Listing directories, deleting files opendir(), readdir() and unlink(). 0
So far we’ve concentrated on accessing the but you can enable it by writing to the ‘file’
data within a file, with code that does things Everything looks like a file (you’ll need to do this as root):
broadly equivalent to commands like cat As we reach the end of this discussion we’re # echo 1 > /proc/sys/net/ipv4/ip_forward
and cp. Let’s shift focus a little and look at in a good position to answer the question There are lots more parameters you can
the management of the filesystem itself; “what is a file?” Well, the traditional answer is interrogate and adjust in this way; my
something more analogous to commands that it’s information stored on a disk, purpose here is not to survey them all
like cd, ls, and rm. Here’s a program that will referenced by a name. But there’s a broader but simply to point out that we are able to
delete all the files in a directory (passed as a view… anything that responds to the classic treat these things like files because they
command line argument). To add variety, system calls such as open(), read() and respond to the file I/O system calls in the
this one’s in Perl; it even has some error write() in the appropriate way is going to the usual way.
checking built in!
1. #!/usr/bin/perl
Swapping records in a file
2.
3. if (@ARGV != 1) {
4. warn “usage: empty dirname\n”; fread() fread()
5. exit(1); 12 16
6. }
7. alpha omega
File “foo” (before)
8. if (!chdir($ARGV[0])) {
9. warn “$ARGV[0]: $!\n”;
rewind() 8 ftell() $n
10. exit(1);
11 15 rseek()
11. }
12.
13. opendir($d, “.”);
14. fwrite() fwrite()
15. foreach $info (readdir($d)) { 20 24
16. if ($info ne “.” && $info ne “..”) {
17. print “removing $info\n”;
omega File “foo” (after) alpha
18. if (unlink($info) != 1) {
19. warn “$info: $!\n”;
20. exit(2);
21. }
19 fseek() 23 fseek()
22. }
23. } Linux supports random access into a file’s data. Numbered circles correspond to numbered
code lines within the main text.
Let’s talk through this. Lines 3–6 verify that
66 www.linuxvoice.com
� CORETECHNOLOGY
How to become invisible
Would you like to learn how to write to a file that the output file in the usual way: files like this:
has no name from a program that doesn’t exist? $ ./secret & $ sudo lsof +L1
Here’s how! There’s a well-known (but slightly $ ls -l /tmp/topsecret secret 8632 chris 3w REG 8,1 16 0
weird) feature of Linux that if a program opens a -rw------- 1 chris chris 16 Aug 6 15:06 /tmp/topsecret 1573121 /tmp/topsecret (deleted)
file then deletes it (keeping it open) the file will $ cat /tmp/topsecret The option +L1 tells lsof to only show files
continue to exist. It will have a valid inode but no attack at dawn that have a link count less than 1. If you run this
entry in the filesystem. Here’s a program that does But if we re-run it with line 8 in place, things command you will almost certainly see lines of
exactly that (this one’s in C again): get more interesting. There will be no entry in the output in addition to the one shown here from
1. #include <fcntl.h> filesystem for /tmp/topsecret. It won’t show up on programs like init (among others).
2. the output of ls and you certainly can’t examine it OK, so we have some evidence that the file still
3. main() with cat. exists. From this output we know its size (16 bytes)
4. { $ ls -l /tmp/topsecret and we know the PID of the process that has it
5. int fout; ls: cannot access /tmp/topsecret: No such file or open (8632). But given that it has no name, can
6. char buf[10]; directory we see its contents? It turns out we can! You may
7. fout = open(“/tmp/topsecret”, O_WRONLY | O_ We can even delete the executable: be aware that /proc contains directories named
CREAT, 0600); $ rm secret after each process ID, and within each of these is
8. unlink(“/tmp/topsecret”); Now, neither the file we’re writing nor the a subdirectory called fd. Here you’ll find symbolic
9. write(fout, “attack at dawn\n”, 16); program that’s writing it has an entry in the links (named after the file descriptor) to each
10. pause(); filesystem. Is this weird or what? And why do file that the process has open. In this case, file
11. } we care? Well, let’s pin on our “Paranoid About descriptor 3 is the one we’re interested in:
The pause() at line 10 is there simply to keep the Security” badges and imagine that a hacker of $ cd /proc/8632/fd
process alive. evil intent has managed to plant a program on our $ ls
To compile this program, place the code into a machine that is collecting important information 0 1 2 3
file called secret.c and compile it with: in a file that it later intends to transmit back to the $ cat 3
$ gcc -o secret secret.c bad guy. Using this trick, our villain remains pretty attack at dawn
If we run this program with the unlink() call at line 8 well hidden. But not entirely. We can ask lsof (my and – hey presto! – we see the contents of our
commented out, we can of course list and examine command of the month in LV005) to show unlinked invisible file.
Similarly, most of the things in /dev $ echo “Kilroy was here” > /dev/sda3 things that aren’t part of this world (for
present a file-like view to userspace. is perfectly legal, though probably not at all a reasons I have never really understood) are
Pseudo-devices like /dev/null, /dev/random, good idea if there is a filesystem on sda3. the network interfaces. There’s no /dev/eth0
and /dev/zero deliver data streams (or not, This “everything looks like a file” view of for example.
in the case of /dev/null). Disk partitions have things, which is such a fundamental part of Next month I’m planning to look at the
names like /dev/sda3 (these are linked to Linux, provides a very consistent picture of system calls that examine and modify a
more complex names in modern linux the world, with disk partitions having file’s attributes, and to examine the inotify()
kernels) and can be written to like a file, so owners, timestamps and access API, which lets you monitor the filesystem
that a command like: permissions just like regular files. The only for changes. See you then!
Command of the month: dd
My command of the month is dd. It’s chunks. For example: way may not be the most efficient approach,
basically a file copy program. A simple $ dd if=/dev/zero of=zeros bs=1MB count=10 because dd will blindly copy the partition
invocation is: copies the pseudo-device /dev/zero (an byte by byte, whereas tools like Partimage
$ dd if=foo of=bar endless source of zeros) into the file zeros, and Clonezilla, which understand the
which copies the file foo to bar. Of course copying 1MB (1 million bytes) at a time, and filesystem structure, will only copy the
you could do it more easily with cp. continuing for 10 records. So we end up with blocks that are actually in use. This can
But dd supports various conversions a file exactly 10,000,000 bytes long. result in a much smaller image if the file
that will be applied to the file as it is copied. Occasionally dd is used to image disk system isn’t very full.
For example, partitions. For example, The name dd, and to some extent its
$ dd if=foo of=bar conv=ucase # dd if=/dev/sda3 of=sda3copy command syntax (which is decidedly not
will convert the file to upper case. Or: will make a direct bit-for-bit copy of a Unix-like) are a reference to an old job
$ dd if=foo of=bar conv=swab complete disk partition into the file control language used on IBM mainframes.
will swap each pair of bytes in the file sda3copy. Or you can restore a partition by Nowadays we take the ease and elegance of
(historically useful if you were moving data doing it the other way round: the Unix command line for granted. If you
between “little-endian” and “big-endian” # dd if=sda3copy of=/dev/sda3 think it’s arcane, please believe an old-timer:
machines). though please don’t try this at home, folks, the job control language needed to persuade
The dd command also lets you control unless you know what you are doing! Also an IBM mainframe to to anything at all was
how much data is copied, and in what size beware that copying disk partitions in this breathtaking in its obscurity.
www.linuxvoice.com 67
� FOSSPICKS
FOSSpicks Sparkling gems and new
releases from the world of
Free and Open Source Software
Mike Saunders has spent a decade mining the internet for free
software treasures. Here’s the result of his latest haul…
Programming language
nuBASIC 1.18
W
e’re spoilt for choice with 13.10 test box. Source code is also
programming languages available of course – the main
on Linux, with every dependency when you’re building it
paradigm under the sun is SDL v2. Annoyingly, the packaged
represented, and returning to the version doesn’t come with a
clumsy spaghetti code of 80s manual page, nor with any
home computers seems bonkers. examples, so you have to grab
So we’re not advocating that people those via examples_1.13.tar.bz2
write large-scale programs in BASIC from the project’s website. And then
today. But nuBASIC still fills a niche: you might get stuck when trying to
for those who fancy a trip down run a program; it turns out that you
memory lane, for programmers need to use the -e flag, otherwise
who want to see how a language is you’re dropped into an interactive
implemented (the interpreter is session. So, run a program like so:
You can write simple 3D games, as the raytracing demo shows.
written in C++), and for children nubasic -e breakout3.bas
looking for an easy path into the But! There’s another hitch: the see what the language can do. The
world of programming. You could default window size is too small for examples bundle includes three
argue that kids are better off many of the supplied examples, so versions of the classic block-
learning Python, but the BASIC you’ll have to resize it before you bashing Breakout game; the first
implementation here actually has use the programs. uses the hideous GOTO-laden
elements of structured Take a look at the examples to line-numbered programming
programming, and it makes it easy approach of Speccy-era machines,
to handle keyboard input, graphics
and so forth.
“The BASIC implementation here while breakout2.bas and
breakout3.bas demonstrate the
nuBASIC is provided in RPM and makes it easy to handle keyboard interpreter’s ability to use more
Deb formats, the latter of which
worked perfectly on our Ubuntu
input, graphics and so forth.” advanced programming methods.
Other examples include ray.bas,
an impressive (albeit slow)
3D-esque raytracing demo, along
with minehunter.bas, a clone of the
classic Minesweeper. The examples
show many aspects of the
language, from reading keyboard
and mouse input to plotting pixels
and working with files. nuBASIC is
well documented, with an extensive
programming guide and language
reference explaining the
interpreter’s capabilities using
copious examples.
Here’s Minehunter in
action, along with one
of the more complicated PROJECT WEBSITE
https://sites.google.com/site/
snippets from its
nubasiclanguageinterpreter
source code.
68 www.linuxvoice.com
� FOSSPICKS
Operating system
Haiku OS 2014-08-31
L
inux on the desktop is a haiku-os.org for more details.)
curious beast: there’s no Haiku boots impressively quickly,
single team in charge of it all. even inside a virtual machine, and
We have the kernel hackers working displays a bare desktop that harks
in one group, X being developed by back to the days of Windows 98.
another, the Gnome and KDE There’s little visual glitz here, as the
coders busy elsewhere, and so Haiku team is focused on usability
forth. Distribution vendors fit it all and performance. Click on the leaf
together, and the end result is a icon in the top-right to open the
hugely versatile desktop OS. main menu; this includes a number
Now, imagine an OS created from of submenus, such as Applications
the ground up that focuses entirely and Demos, where you can play
on the desktop. Unlike Linux, it around with the included software.
Haiku doesn’t sport
doesn’t have an interest in also until now – and that version of the
wobbly windows or
working on big-iron mainframes or What’s in the box? fancy drop shadows, but compiler is 13 years old. GCC 4 is
postage stamp-sized embedded If you’re running in VirtualBox, it runs at a blistering available though, for those not
devices. Everything is developed in networking should be enabled pace. interested in backward
unison – the kernel, the graphical automatically. WebPositive is a compatibility. The API is well
layer, the toolkit, the desktop and WebKit-based browser that runs at documented, and if you’re a dab
the core applications. This is Haiku a decent lick, while additional apps hand at C++, it doesn’t take much
OS, an open source implementation are included for accessing mail effort to knock together a quick
of BeOS, a scorchingly fast (IMAP and POP3) and playing Hello World app. Various third-party
multimedia OS that gained some media files. You’ll even find a applications are available at
small scale popularity in the late terminal running Bash, but note that www.haikuware.com, although
90s (and became defunct in 2001). this is not a Unix-like system. the selection is very small when
It’s been a while since the last Switch into the /boot/system compared to the big-name distros.
alpha release, so we fired up a directory and run ls, for instance, Haiku’s progress has been slow
nightly development snapshot, and you’ll see that the filesystem in recent years, but we still cheer it
which is available as a .vmdk virtual layout is completely different. on as an alternative to Linux,
hard drive file, ready to use in Haiku aims to be compatible with especially on older PCs. There’s
VirtualBox or VMware. Download the the last release of BeOS, although room in the market for a svelte
Zip file, extract it and in VirtualBox, this has meant sticking with GCC 2 low-latency OS with a razor-sharp
go to Settings > Storage and focus on desktop computing –
choose it as the drive image for
your virtual SATA controller. (It’s
“Haiku is a svelte low-latency especially if it can bring new
features to the table.
also available in other formats, eg operating system with a razor-
for writing to a USB key – see the
bottom of http://download.
sharp focus on desktop computing.” PROJECT WEBSITE
www.haiku-os.org
How it works: The Haiku desktop
1 Boot 2 Run programs 3 Install
Boot the hard drive image in VirtualBox (or the When you start each program, it will be added You can perform a native hard drive
alternative image from a USB key on a real PC) and underneath the leaf button and system tray in the installation under Applications > Installer. Note that
you’ll arrive at the desktop. Click on the leaf icon to top-right. This is like a taskbar – click on buttons to this is still alpha software, so back up important data
explore software. close apps (or use the buttons in their titlebars). and don’t install it on a production machine!
www.linuxvoice.com 69
� FOSSPICKS
Video downloader
youtube-dl 2014.08.29
Y
ouTube might go down in home directory like so:
history as the biggest ./youtube-dl “<URL>”
time-waster ever created. Replace <URL> here with the full
Sure, there are some genuinely address of the YouTube video, as
useful videos on there, but in all displayed in your browser. As you
honesty we spend 99% of our time can see in the screenshot, youtube-
there watching cat videos and dl grabs the page and parses it for
people playing games that we used the video content, before
to play (but can’t be bothered downloading the media. In many
loading up now). It’s possible to cases this will be a Flash (.flv) file
download videos from YouTube, – but some videos are provided in
Store videos locally
but some of the browser extensions MP4 format. A decent media player and password, and even download
(and avoid dodgy
that do this are rather dodgy, like MPlayer or VLC should be able browser plugins) with adverts, if you feel guilty about not
possibly sending your browsing to handle both formats. this handy script. giving enough money to Google.
history to unknown third parties. But youtube-dl can do a lot more: The program also works with
We Linux users have a better it can extract the audio from a video video sites such as Vimeo, Vine and
solution in the form of youtube-dl. and convert it into a different LiveLeak, and because these sites
This is a (large!) single Python script format (providing you have the right often change their underlying HTML
that takes a URL and spits out a tools installed), which is great if (causing youtube-dl to break), you
video file. It’s remarkably easy to you’ve found a music video and can always upgrade to the latest
install; just grab the file from the want to keep the song on your version in-place with the -U flag.
Downloads section of the website, MP3/Ogg player. You can ask it to
make it executable (eg chmod +x embed subtitles into video files, log PROJECT WEBSITE
http://rg3.github.io/youtube-dl
youtube-dl”) and run it from your in to YouTube using a username
Lightweight static content web server
Filed 1.8
P
icture the scene: you’ve editor and change the MIMETYPES
resurrected an old PC to see line to point to /etc/mime.types
what it’s still capable of. You instead of the default location. Run
want to share some files over your make again, followed by sudo make
home network from it via HTTP, so install, and you’re ready to go.
you install Apache and… it crawls. By default, Filed should be run as
You try another web server from the root user, and it serves up your
the repositories, but it’s equally root (/) directory. Obviously this isn’t
sluggish on such limited hardware. very useful, and potentially
You try yet another, and this time dangerous; to change the user (via
you end up getting bamboozled by chroot) and directory that’s served
its configuration files. up, run it like so:
Filed’s all-caps log format (background terminal) is a bit painful on
In these cases, you want the filed --user nobody --root /var/www the eyes, but at least there’s plenty of info.
simplest, fastest, no-nonsensest Filed doesn’t generate directory
HTTP server possible, and Filed is listings and instead attempts to serving a single concurrent client.
just that. It’s a single 64k binary, with serve up index.html by default. To Various extra options are available
no configuration file – everything is boost performance, Filed is to bind to a different address or
set at the command line. multithreaded with every thread operate on another port, and
To build it, you’ll need Tcl installed, instead of logging to the terminal
and when you run make you might
see an error message about a
“Filed is the simplest, fastest you can redirect the output to a file.
missing mime.types file. In this HTTP server possible.” PROJECT WEBSITE
http://filed.rkeene.org/fossil/index
case, open the Makefile in a text
70 www.linuxvoice.com
� FOSSPICKS
Book writing assistant
Plume Creator 0.67
T
hey say that everyone has a (eg a short novel), and you can
book in them, but have you choose how many chapters and
ever tried writing one? It’s all scenes it should contain here – but
fun and games at the start, when don’t worry if you’re not sure, as you
you’re concocting plots, scenes and can modify them later. From here
characters, but as the story onwards, Plume works a lot like a
progresses, managing everything regular editor, except it helps you to
can become a nightmare. You can manage different scenes and
try to structure things in a word chapters. A tree list down the
processor, but a better solution is to left-hand side lets you quickly
use a dedicated novel writing tool switch between different parts of
Plume’s interface could
like Plume Creator. the book, while additional tools are what items he/she had, to avoid
do with some
Plume’s website is pretty rubbish, available such as a note-taking refinement, but after 10 continuity errors. Once you’re happy
with little documentation on using panel and a timer. minutes of exploring with your work, you can export it in
the program. But it does show you The mise-en-scène panel is you’ll get the hang of it. a variety of formats, including ODT
how to install it: 32-bit and 64-bit especially useful, letting you keep (as used by LibreOffice), HTML and
packages for Ubuntu and Mageia track of characters, items and plain text. There are still plenty of
are available, along with the source places. You can note here where a unfinished bits in Plume, but by
code. You’ll need version 4 of the Qt character was at a certain time, and version 1.0 it should be a great app
libraries to install it, as the interface for aspiring writers.
is built with that toolkit.
Start Plume and you’ll be “Plume helps you manage different PROJECT WEBSITE
prompted to create a new project.
You’re asked for the type of book
scenes and chapters of your book.” http://www.plume-creator.eu/site/
index.php/en
Convert ANSI codes to readable text
Ansifilter 1.9
H
ere’s something interesting Now, say you have an important
to try: in a terminal window, file containing these codes, eg from
in a directory with various a log, and you want to make the
files and folders, enter ls --color > information human-readable.
list.txt. This redirects the output of Ansifilter is a godsend here: it
the ls command (with all its colour converts the file into a better
goodness) to the file list.txt. Now format, such as plain text, HTML,
open that file in a text editor, or view Latex, RTF or even BBCode (very
it with less list.txt. Notice useful if you want to paste the
something strange? The colours output of a command into a forum
aren’t there – just some weird post). It’s supplied as two
ANSI codes in their raw
characters like: programs, the first of which runs at change the text encoding, along
format, and how
ESC[01;34mfolderESC[0m the command line, and the second Ansifilter interprets with the line wrap settings and font
Ugh. What’s happening here? of which uses Qt to produce a them. that should be used.
Well, colours and effects (like bold simple but pleasant little GUI app. Ansifilter isn’t a tool you’ll use on a
text) are created in the terminal via To convert file.log into a HTML daily basis, but it can save your life
ANSI codes, which involve the version called file.html, you’d run: if you have a log file peppered with
escape character and numbers. ansifilter -T file.log > file.html control codes and you desperately
Any good terminal can interpret Alternatively, run ansifilter-gui need to get information out of it.
these in command output and file.log to get a preview of the
display them properly, but when you output, then click Save As to PROJECT WEBSITE
redirect the output to a file, it just choose one of the formats www.andre-simon.de/doku/ansifilter/
en/ansifilter.php
becomes plain text. mentioned previously. You can even
www.linuxvoice.com 71
� FOSSPICKS
Spreadsheet app
mtCellEdit 2.4
T
he flagship spreadsheet Start the program and you’ll see
program for Linux and other that mtCellEdit’s interface is as bare
FOSSy systems is as they come: you have a grid for
LibreOffice Calc. We already have a entering data, a drop-down list to
lighter alternative in the form of switch between different sheets,
Gnumeric, which is darn good by the and a handy list in the top-right
way – but mtCellEdit is even showing values for selected cells
smaller. It’s a very basic (eg sum, maximum, average).
spreadsheet program, lacking many mtCellEdit refers to individual cells
of the features and frills you’ll find in by their row and column numbers,
the bigger tools, but for basic so if you want to display the sum of
There are plenty of
calculation jobs it’s great. columns 1 and 2 in row 1, you’ll use we found this cumbersome,
options to tweak, but
What’s not so great, though, is this command: they’re not presented in requiring copying and pasting
the compilation process. When you =r1c1+r1c2 the most human- chunks of data into a text file, and
extract the tarball you’re faced with That’s rather different to the A1, friendly fashion. having to do a lot of manual fiddling
a bunch of directories containing B2 etc system used by other to get it right. mtCellEdit can open
different parts of the program spreadsheets, and takes a while to and save CSV and TSV (comma
– and a README.txt that doesn’t get used to. It’s possible to generate and tab separated value) files,
provide much info. It does, however, bar charts in the program, although though, so it’s easy to share data
point you at the project’s HTML with other apps.
documentation, which explains the
order in which you need to compile “For basic calculation jobs,
the components. The GTK 2 toolkit
is the main dependency.
mtCellEdit is great.” PROJECT WEBSITE
http://code.google.com/p/mtcelledit/
Scripting language
PHP 5.6.0
P
HP gets a lot of flak from now do this:
many developers; they const ONE = 1;
regard it as a toy language const TWO = ONE * 2;
that has become ugly and bloated You can use them in other places
over the years, lacking logical like default function arguments too
design and consistency. Even – the idea is to make code easier to
Rasmus Lerdorf, the creator of PHP, read and more expressive. Then
said that he had “absolutely no idea there’s better handling of variable
how to write a programming length argument lists for functions,
language” at the beginning. On the so instead of messing around with
As usual, PHP’s new
other hand, it’s useful for cooking func_num_args() and the like, you Many other improvements and
features are well
up quick websites on a LAMP stack, can start a function like so: documented, with tweaks have been made around the
and many well-known web apps function sum(...$numbers) { examples showing how codebase too: the phpdbg
such as WordPress are built with it. Thanks to the … token, this you can incorporate debugger has been integrated into
Anyway: PHP 5.6.0 was released places all the arguments into an them into your own the core function and constant
at the end of August, and it brings a array called $numbers, over which code. importing is now possible with the
bunch of improvements, many of you can iterate using foreach. use keyword; and file uploads of
which have been in discussion for a Exponation using the ** operator larger than 2GB are now supported.
while. High up on the list is support is now supported in PHP 5.6.0, This release might not win over all
for constant scalar expressions, which means you can do this: the naysayers, but it’s a solid job.
where you can use expressions in $c = $a ** $b;
PROJECT WEBSITE
which PHP previously expected Where $c contains the result of
www.php.net
static values. For instance, you can raising $a to the $b’th power.
72 www.linuxvoice.com
� FOSSPICKS
FOSSPICKS Brain Relaxers
https://launchpad.net/pybik/
Space trading/combat game
Oolite 1.80
W
e at Linux Voice HQ all ./oolite-1.80.linux-x86_64.run
have misspent youths We asked for the game to be
thanks to David installed in our home directory, and
Braben and Ian Bell. While other a menu icon was created under
kids were being cool, playing Games. (The installer also tells you
sports and chasing girls, we were how to run it manually.)
perfecting docking sequences There are three main modes to
and selling robots on the black Oolite: Normal is the full game,
market in Sol. Yes, we loved Elite taking the core gameplay of Elite
(and its sequel Frontier), and as and adding lots of extra goodies.
Elite: Dangerous is getting There’s a tutorial mode for new
tantalisingly close to release, players, along with a Strict mode, The HUD is almost identical to Elite’s, but the planets and
we’ve been playing some open which aims to ape the original as spacecraft look a jillion times better.
source Elite-ish games too. closely as possible.
Oolite is the arguably the best, Version 1.80 brings about more your way. It’s also now easier to
and recently received a major variety in the galaxy maps, and install expansion packs – a darn
update, bringing it to version 1.80. more combinations of non-player good thing, given that there are
You can grab it in 32-bit or 64-bit characters, such as packs of over 500 of them…
versions from the game’s website pirates working together. You, as
– we did the latter, and installed it the player, now have a reputation,
PROJECT WEBSITE
like so: so if you’re a skilled bounty hunter www.oolite.org
tar xfv oolite-1.80.linux-x86_64.tgz then many pirates will stay out of
Board/puzzle game
Pentobi 8.1
L
ooking at the screenshot, replace CPU players with real-life
you might be tempted to human ones.)
think that Pentobi is yet The rules are like so: each colour
another Tetris rip-off, and fair takes it in turns to place a piece on
enough - the formula has been the board, starting with the blue
done to death. But although player. On the right-hand side is a
Pentobi uses similar shaped palette of pieces from which you
pieces, it’s a very different game. can choose – ranging from
For starters, it’s based on a board single-block pieces to five-block
game called Blokus that was ones – and you can only use each
invented in 2000, and it’s great piece once. You place your first
It’s early days, but blue
fun in multi-player mode. piece in your designated starting many of your pieces as possible.
is getting trapped here,
Pentobi’s main dependency is corner, and subsequent pieces have thanks to sneaky CPU The game ends when nobody
Qt; usefully, it can be built with to touch the same colour on the opponents… can place anything else, and a
version 4.x or 5.x of the toolkit. corners, but not directly on the score is totalled based on how
When you start the game, you’re edges. So you end up building a many pieces you didn’t place. It’s
presented with a blank board, and construction out of your corner. challenging, addictive, and gets
by default it’s you vs three However – as the other players the brain ticking over...
CPU-controlled opponents. (Click build their constructions, there’s
on the Computer Colours button less and less space on the board. PROJECT WEBSITE
http://pentobi.sourceforge.net
at the top of the window to You have to plan ahead to place as
www.linuxvoice.com 73
�� TUTORIALS INTRO
TUTORIALS
Dip your toe into a pool full of Linux knowledge with eight
tutorials lovingly crafted to expand your Linux consciousness
In this issue…
76 78 82
Ben Everard
is glad there’s no IT department to stop him
poking about the internals of his PC.
HDR images Python films Backups 101
A
ll of us at Linux Voice would like Impress your friends with Follow Les Pounder and Mike Saunders shows you
to send our congratulations to pretty pictures despite poor take on Hollywood by how to keep your backups
Limor Fried and the team at photography skills. Don’t building your own film current with just Bash, the
Adafruit for their inc.com ranking as the tell anyone, but that’s what studio with a Raspberry Pi, standard utilities and a little
11th fastest growing manufacturing Graham Morrison does. a camera and a Pibrella. bit of scripting.
company in the USA. In case you’ve
never heard of Adafruit, it designs and
builds electronics stuff for hobbyists
86 90 94
(we’d like to be more precise than ‘stuff’,
but it really does sell everything that an
amateur circuit builder might need).
What’s more, all of the things it designs
are released open source under creative
commons licences.
While most of the things they make
are fairly straightforward (at least when
Crack passwords Mailserver Text interfaces
compared to computer components), it Ben Everard becomes a Don’t let an advertising Who needs GTK or Qt?
shows that you can build a company cracker to find out how company run your email Follow Valentine Sinitsyn’s
that respects people’s freedoms. This, passwords get broken, and account. John Lane guide and create text
of course, isn’t news in the software in the process, learns how teaches you how to set up interfaces for your
world, where companies have been to defend his data. your own mail server. programs using Urwid.
working with free software for quite a
long time. However, it is quite new in the
manufacturing world. PROGRAMMING
There’s a real energy and buzz
around the hobby electronic scene XBMC Lambda functions Sophie Wilson
that’s driving open source hardware at 98 This media centre software 102 These anonymous 104 ARM chips run 95% of all
the moment. If physical computing is really is one of the great functions enable you to smartphones (and 100% of
open source projects. It’s popular, write simple, clean code when you Raspberry Pis), but what is this
something that interests you, now’s a
easy to use, and (in our view) need to use a function, but only dimuntive architecture? Where did
really good time to get into it. If you’re better than its commercial need to use it once. You can also it come from, and why is it so
looking for some hardware to help you equivalents. It’s also open in take them to the extreme and use popular? To answer these
get started, well, I know a place that design, which means it’s easy to lambda fuctions to prove that you questions, we peek back in time at
stocks some great stuff and respects control from other software. We can perform any computation the woman who started it all.
build a web app that controls using just the Magic: The WARNING: This article contains
your freedoms.
XBMC’s music from a smartphone. Gathering card game. extreme nostalgia.
ben@linuxvoice.com
www.linuxvoice.com 75
� TUTORIAL HDR
HDR: CREATE AWESOME
TUTORIAL
PHOTOGRAPHS
Harness the power of open source to capture light and shade in
GRAHAM MORRISON
stunning photo composites.
P
hotos with a high dynamic range (HDR) have a
WHY DO THIS? quality and detail that can’t be matched by
• Use open source ordinary photos. This is because an HDR
firmware on your
camera. image is a combination of both the underexposed and
• Turn photography into a overexposed details within more than one photo – the
geeky hour of parameter parts that are usually lost when your camera attempts
tweaking. to set a single exposure value for a single shot. The
• Impress your friends most popular solution, and the one commonly
and relatives.
referred to as HDR, involves taking the same photo at
different exposure settings and then combining the
various images with a clever piece of software that
Turn an old French château into a
can then export the final HDR image. And that’s vibrant explosion of colour and detail.
exactly what we’re going to show you to do now.
Image composition with Magic Lantern and Luminance
1
Steady as she goes 2
Use a camera with bracketing
You’ll need a camera that enables you to control the Some cameras can now do this automatically with a
exposure settings, because you’ll need to adjust these function called ‘bracketing’ – ramping up the exposure
between each of the shots we’re going to take. And in a scene from underexposed (dark) to overexposed
because the final generated image is going to be a (light). Canon’s DSLRs are our option purely because
clever composite of all these shots, it’s absolutely they can run the Magic Lantern open source firmware.
essential that your camera remains in exactly the This brilliant third-party firmware is worth a tutorial in
same position between each shot. If not, the hassle of itself, as it adds a host of excellent features not
aligning your images or compensating for even a enabled by Canon.
small movement can take much of the enjoyment out With the firmware installed, for example, HDR
of creating the images. Bracketing is the first option in the custom menu,
For this reason, you should try to use a tripod, or at and when this is enabled you simply press the
the very least, find a stable place to put your camera shutter. Magic Lantern calculates how many different
and use its timer delay function. This will help to exposures are needed and takes the shots as
remove any wobble added by your finger prodding the required. If you need to do this manually, make
shutter button. In the below image you can see that sure your camera is in its aperture value mode,
HDR would be able to bring out the details in the dark set manual focus, use the timer and change the
parts of the image without overexposing the bright aperture/exposure values – typically six times – -3,-2,-
part shining through the window. 1,+1,+2,+3.
76 www.linuxvoice.com
� HDR TUTORIAL
3
Luminance HDR 4
Tonemapping
The software that’s going to perform most of the You can click Next to skip through the creation profile
magic is called Luminance HDR, and we used version wizard. After a little more processing, you should be
2.4.0. You should be able to find it from your dropped back to Luminance HDR’s main window with a
distribution’s package manager. You should also single tabbed image showing the results of your
install the beta version of hugin. This is the awesome composition. It will probably look dark and terrible, but
panorama stitching tool, and its align-image-stack this is because we have yet to map the depth of
command is used by Luminance HDR to ensure each image data to the screen. This is done by configuring
image is perfectly aligned. With that out of the way, a tonemap, and there are variety on offer. The quickest
launch Luminance HDR and click on the ‘New HDR and easiest to use is called ‘Mantiuk ‘06’, and this
Image’ button. This will open a requester where you should be selected from the drop-down menu in the
should add your set of images with the + icon. Your tonemap panel. Below this, expand the result’s size
camera should include the exposure metadata, which resolution so you can get a better feel for the result –
will be listed to the right of the images, and you should size will affect the processing, but not as much as the
check that these correspond with the preview. Unless tonemap algorithm. We suggest saving the Luminance
you’ve ensured your images are aligned, check the HDR project here, as we experienced a few stability
Autoalign Images option and click Next. This can take problems. Now click on the ‘Tonemap’ button. This will
a while with autoalign enabled. generate a new tab with your first HDR image.
5
Playing with the options 6
Final output
It takes a bit of time between each preview, so you When you’ve got a result you like, we’d suggest
now need to make small changes to the tonemap opening the levels window and dragging the black
parameters until you get the HDR look you want. With arrow on the left and the white arrow on the right
‘Mantiuk ’06’, we’d suggest ramping up the contrast inward slightly to improve the contrast. You can turn
and saturation factors and only sparingly adding to on a real-time preview for this from the Tools menu to
the detail factor. You’ll see what’s happening much make your adjustments easier. You might also want
easier than us possibly trying to explain it, but the to click on the White Balance button. Finally, save your
detail slider adds that crazy haunting look that lots of creation just as you did the settings, only this time
HDR images use. If you find a combination you like, it’s make sure the extension is .jpg.
worth saving it as a preset before moving on to Before sharing the file, we’d highly recommend
another tonemapping algorithm. Each has a different making a few final changes using something
style; ‘Mantiuk ’08’ is a more subtle version of the one like Gimp. This is because there are usually a few
we’ve been playing with, for example, whereas ‘Fattal’ artefacts, and you can adjust the hues and contrast
really does add lots of noise and colour to an image a little more intuitively in Gimp than you can within
– especially if you disable the ‘Version 2.3.0’ checkbox. Luminance HDR. We also use The Gimp for a adding a
The best thing to do is experiment and find a result slight blur and noise removal, before a final alignment
you like before moving on to the final step. and crop of the image before saving it.
www.linuxvoice.com 77
� TUTORIAL STOP MOTION ANIMATION
RASPBERRY PI:
TUTORIAL
LET'S GET ANIMATED!
Start your own rival to Aardman Studios with a bit of stop motion
LES POUNDER
animation, a tiny Linux machine and the magic of Python.
W
allace and Gromit, the classic British
WHY DO THIS?
animated characters, started life as a very
• Create your own mini simple, but effective project using
movies using Lego and
toys. modelling clay. To create the illusion of animation a
• Learn about the official technique called stop motion photography was used.
Raspberry Pi camera Stop motion is nothing new, but it is an effective tool
and its Python Library. and has been used in films such as The Terminator
• Expand the possibilities and Aliens. Stop motion photography is where a
of the Pibrella add-on
board. picture is taken of a model, and then the modeller will
make a tiny adjustment to the model and take another
picture; this is repeated many times to create a
sequence of individual frames. Once these pictures Ghostbusters meets Return of the Jedi's Admiral Ackbar in
TOOLS REQUIRED
are stitched together it looks as though the model is our cinematic opus. Still better than Attack of the Clones.
• A Raspberry Pi.
moving. Stop motion is a very labour intensive task,
• Raspbian operating
system. with twenty four frames making just one second of off, locate the CSI connector on your Pi. It is placed
• Pibrella £10 from video (to create just one minute of video would take between the HDMI and the Ethernet port. At either end
pimoroni.com. 1,440 frames!). of the connector there are small lips that you need to
• Official Raspberry With the advancement of technology the animation gently lift from the Raspberry Pi. They're quite fragile
Pi camera £15 from process has become easier, and with the cost of so be careful, and once they are fully extended the CSI
pimoroni.com.
hardware also dropping, anyone can enjoy making connector will be open and ready for you to insert the
• A light source.
their own animation. The Raspberry Pi has become camera. The official camera has a very thin ribbon
• A white background.
the go-to board for many projects and this month we cable, another fragile component to be careful with.
• Modelling clay or Lego
figures. will use it to create our own animation studio – Insert the camera ribbon cable with the silver tips
• Lego, Meccano, Blu Tack though you could follow these steps on any Linux box. facing the HDMI port. With the ribbon cable in place
and anything that can Using a combination of Python code and a Bash press the lips down until the ribbon cable is locked in
be used to build a rig for
script we will have all the software that we need to place. Installation of the camera hardware is
the camera.
create animations. We're going to use two pieces of complete, but we will need to make a few adjustments
hardware in this project: the official Raspberry Pi to the software later in this guide.
camera and the fantastic Pibrella board, which we're To install the Pibrella you just have to push the
You don't need to spend a
fortune to build a studio going to use as a simple interface device thanks to its board down onto the GPIO pins. If you're lucky enough
– some white paper, Blu- rather lovely big red button. to own the new Raspberry Pi B+ board the Pibrella
Tack and Lego figures can The Raspberry Pi Camera is the first component to board works exactly the same, and should be
produce a simple film. be attached to our Raspberry Pi. With your Pi turned connected to the first 26 pins of the GPIO. One little
snag is that the board will be a little loose on the B+,
as a capacitor that used to balance the Pibrella on
previous models has been removed on the B+. The
best remedy for this is to use something non-
conductive between the Pibrella and B+ – Lego would
work well.
Now set up the software
For this tutorial we used the latest version of the
NOOBS installer to install an up-to-date version of
Raspbian, as it comes with all the latest software and
firmware for use with the camera. To download
NOOBS and for instructions on how to set up your SD
card head over to www.raspberrypi.org/downloads.
With NOOBS successfully installed on your SD
card, now is the time to plug in all of the various
78 www.linuxvoice.com
� STOP MOTION ANIMATION TUTORIAL
peripherals such as keyboard, screen and Ethernet/
wireless dongle. With that done, power up your
Raspberry Pi and on first boot it will launch into the
raspi-config setup tool. Using this tool we will expand
the filesystem to ensure that we have the maximum
amount of space that we need (option 1 in the list),
and then enable the Pi Camera (option 5).
With that complete, exit raspi-config and reboot your
Raspberry Pi, then when the Pi has fully rebooted, log
back in and type:
startx
to start a new desktop session.
Install Pibrella & Pygame
Pibrella from Cyntech and Pimoroni is a £10 add on
board that enables anyone to quickly use electronics
Pibrella simply slots on to
in their project. It comes with many different inputs helpful. Because we will be using the Raspberry Pi
the Raspberry Pi GPIO and
and outputs for use in class and in LV005 we used it GPIO (General Purpose Input Output) pins we need to
works with all models of
to control traffic lights and a dice game using Scratch open Idle as root, as only the root user can use the the Raspberry Pi.
and Python. For this tutorial we will use the lovely big GPIO. To do that, double-click on the LXTerminal icon
red button to control taking a picture with the camera. to open a terminal window, and type
To install Pibrella, double-click on the LXTerminal sudo idle
desktop icon. In the terminal, type the following, Idle will open with a shell window, which is an
remembering to press Enter at the end of each line. interactive session where you can test our code before
sudo apt-get update writing a full program. To create a new project use File
sudo apt-get upgrade > New to open a blank document ready for our code.
sudo apt-get install python-pip We first tell Python what libraries we would like to use,
sudo pip install pibrella and we do that using the import command.
sudo apt-get install vlc import pibrella
sudo apt-get install mencoder import picamera
These commands will update the software installed import time
and use the Python package manager pip to install import datetime
the software needed for Pibrella to work. It will also import pygame
install the VLC video player so that we can later view We have imported five Python libraries:
our completed project. To encode our pictures into a pibrella to work with the Pibrella add-on board.
video we install the Mencoder tool– more on this later. picamera to work with the Raspberry Pi camera.
time to enable us to delay and control the speed of
Coding the animation studio the project.
We're going to use the Idle development environment datetime enables our code to work with dates and
running Python 2.7, both of which come already times.
installed in Raspbian. Idle is the ideal development pygame brings the pygame library of functions for
environment for Python on the Pi. It's light, simple and audio, video and gaming to our code.
With the imports complete we now move to
Boilerplate starting up pygame using
pygame.init()
Starting anything from scratch can be hard, and Without doing this pygame will not work, and will
programming is no different. Python code is quite free and
easy with how things are done, but a little structure can
create a lot of errors in the Python shell.
help you get started quicker. The term boilerplate comes Our focus now moves to two variables, w and h, and
from the web development community and it translates as a tuple that stores the values of both w and h.
a structured template to start from. I like to use comments Variables can store individual values, but a tuple can
to create sections in my Python code: store many more values, all separated by commas.
#Import any libraries
#Create any variables
Tuples can be used to create a readily updated set of
#Create any functions values, such as GPS co-ordinates, or in our case the
#Main body of code size of the window used by pygame.
In these sections I create the structure of my code, and w = 640
by setting a formal structure I can easily locate and debug h = 480
any issues that may occur. By using comments we also
size = (w,h)
clearly show the order and logic of our code so that others
can use and learn from the code in the future. The next stage of the project is a function that will
be called when the big red button on the Pibrella is
www.linuxvoice.com 79
� TUTORIAL STOP MOTION ANIMATION
a = a[0:19]
produces the following output
2014-08-09 22:56:36
The second chunk of the function looks like
camera.rotation = 180
camera.resolution = (640,480)
camera.start_preview()
img = camera.capture((a)+".jpg")
camera.stop_preview()
pibrella.light.red.off()
In this second chunk of code, the first line controls
the rotation of the Pi camera. I rotated the camera
180 degrees, effectively turning the image upside
down. Why do this, you might ask? Well I have a
mount to protect the camera but it makes it a little
The Python code for this unwieldy to position, and I found flipping the image
project will save a series of pressed. When the function is called it will run through provided me with the best position.
image files into the same its code line by line. The second line:
directory as the location of As this function is rather large, let's break it down camera.resolution = (640,480)
the code.
into chunks. sets the resolution of the picture taken, in this case to
def takepic(pin): a rather small 640 pixels wide by 480 pixels high. This
with picamera.PiCamera() as camera: resolution is a compromise, as the camera is capable
pibrella.light.red.blink(0.1, 0.1) of creating pictures with a resolution of 2592px by
a = str(datetime.datetime.now()) 1944px. I chose 640 x 480 as it is a small file for the Pi
a = a[0:19] to render into a video, which we will do later in this
First we define the name of our function; in this tutorial.
case, that's takepic. You will also see from the (pin) The third line:
part of the function name this is a function takes an camera.start_preview()
argument, or an extra bit of information. In this case instructs the camera to turn on and show a preview of
the argument is a reference to the button present on the intended shot.
the Pibrella board. For the fourth line:
The second line is a handy method of renaming the img = camera.capture((a)+".jpg")
rather long picamera.PiCamera() library as camera, we capture the picture and then create a new variable
making it much easier to work with. called img; in this variable we store the filename
The third line uses a function in the pibrella library created for the picture. Remember the variable a that
to blink the red light on and off every 0.1 of a second. we created earlier using datetime? Well, here we will
This blink is optional, but we added it to indicate that use the contents of a and use a concept called
the button has been successfully pressed, and concatenation to join the contents of a to the string “.
everyone loves a blinking LED. jpg”, effectively creating a complete filename.
The fourth line is a variable that we only create The fourth line stops the camera preview window
when the button is pressed. The variable a contains and quits the active window.
the output of datetime.datetime.now(), which is the For the fifth and last line in this chunk the Pibrella
current date and time. The sharp-eyed among you will red LED is reset by turning it off ready for the next shot
have noticed the str() function also on this line. This to be taken.
rather helpful function converts any numerical data in Here is the last section of code that makes up the
to a string, in other words, text. We need to do this so function.
that we can create the filename for the image later in screen = pygame.display.set_mode(size)
the code.
The fifth and final line for this chunk of code is
another variable… called a. But this time we are using
a tool called string slicing to remove any unwanted
text from the variable.
The code
a = str(datetime.datetime.now())
produces the following output
2014-08-09 22:56:36.577712
datetime very helpfully gives us the exact time, but
it's rather long, so using string slicing we can chop Raspbian, the Raspberry Pi's default distro, has a built-in
that down to a more manageable time to the second. image viewer that can be used to review your images.
80 www.linuxvoice.com
� STOP MOTION ANIMATION TUTORIAL
img = pygame.image.load((a)+".jpg")
screen.blit(img,(0,0))
pygame.display.flip()
time.sleep(3)
pygame.quit()
First in this chunk of code is a new variable called
screen, which stores the values of setting the pygame
display and uses the values stored in the tuple we
created earlier.
The second line of code is another variable, which
we use to call the function pygame.image.load and
load the image that we have just taken, ready for
display.
To display the image on the screen we use line
three and something called blit (short for blitter). A
The Raspberry Pi camera is
blitter is a portion of memory dedicated to holding a a consistent light source and a bare background
enabled using the
bitmap image and is commonly used for sprites in colour such as white. Arrange your Lego figures or raspi-config command in a
video games – think Mario or Sonic running around in modelling clay actors for the shot that you want. terminal window.
a game. We tell the blitter to open the picture, img, When you're ready, press the red button on the Pibrella
that we have just taken and position it at 0,0 on the to activate the code. You should see the red light flash,
screen. That means dead centre of the screen, using x a preview picture appear on the screen, then a few
and y co-ordinates. seconds later the actual picture will appear.
To ensure that the display has been updated All you need to do now is move your actors a little,
correctly the fourth line, pygame.display.flip(), is used take another picture and then repeat the process until
to ensure that the correct image is displayed. complete. To make it a little easier on yourself aim for
To give the user just enough time to see the picture 6 pictures per second, so for a 10 second clip you will
we use line five to stop the code for three seconds by need 60 pictures. A top tip from Simon Walters (on
using the sleep function from the time library. The last Twitter know as @cymplecy, the eager maintainer of
line of code for the function closes the pygame Scratch GPIO and its compatibility with many different
window and cleans up ready to be used again. add-on boards) is to record two seconds worth of
With the function created our focus now shifts to images before and after the sequence that you wish to
the last two lines of code that make up the main body. film, so the viewer settles in with the video.
pibrella.button.pressed(takepic)
time.sleep(0.2) Encoding the video
Rather than use a while True loop to constantly Earlier we installed the Mencoder tool, which is a
check the status of the Pibrella button, we use an handy media converter. To make it even easier to use I
event. Events are commonly used in video games have written a quick Bash script that will:
– for example, when a player presses the jump button, List all the images in the same folder as the script.
this instructs the game to make the sprite jump. So Save the list as a text file, which Mencoder will use to
when the big red button is pressed, an event is find the source files.
triggered and this calls the function that we created Run the Mencoder tool to stitch the pictures
earlier. The last line of code in this project is another together at six pictures per second, and save the
sleep to delay the code by 0.2 seconds; this reduces video as timelapse.avi.
the chance of the button being accidentally triggered When you are ready to encode, open LXTerminal via
twice, commonly known as a debounce. the desktop icon and navigate to where you extracted
With everything in place we are now ready to use the Animation Station code. In the terminal, type
the code for our studio. Go to the Run menu and ./encode.sh
select Run Module. The code will take a few seconds The script will launch and depending on the number
to load, you can use this time to arrange your shot. of pictures in your movie, it will take a few minutes to
Lego and Blu Tack are great tools to help build a encode the video. Once the encoding is complete, the
camera rig and studio. For your pictures you will need script will launch VLC and your new movie.
Videos created using this technique can be
imported into video editing applications such as
Where can I find the completed code?
OpenShot or Kdenlive on your main computer, mixed
I've made the code for this project publicly available via with audio and other videos to create the next Toy
GitHub. For those who are familiar with GitHub you can Story and amaze your friends.
clone the repository at https://github.com/lesp/LinuxVoice_
Animation, of you can download the archive as a Zip file
Les Pounder is a maker and hacker specialising in the
from https://github.com/lesp/LinuxVoice_Animation/
Raspberry Pi and Arduino. Les travels the UK training
archive/master.zip. teachers in the new computing curriculum and Raspberry Pi.
www.linuxvoice.com 81
� TUTORIAL BETTER BACKUPS
LINUX 101:
TUTORIAL
BACK UP YOUR DATA
Data loss can be agonising, whether it involves business
MIKE SAUNDERS
documents or family photos. Never lose a file again with our guide!
L
inus Torvalds has made some classic quips about your music collection, letters, financial
WHY DO THIS? over the years. Back in 1996, when announcing documents, family snaps and so forth?
• Understand common the release of Linux kernel 2.0.8, he noted that You can upload them onto a cloud storage service
Linux/Unix archiving
tools. his hard drive was close to buying the farm, and such as Dropbox, but there’s no guarantee that the
• Save time with added: “Only wimps use tape backup; real men just service will be around in the future, nor that
incremental backups. upload their important stuff on FTP, and let the rest of government spooks aren’t poking around inside your
• Encrypt your data for the world mirror it.” data. Ultimately, the best way to keep your data safe
maximum security. And it’s a good point, especially today. If you’re an and secure is to make your own backups and maintain
open source software developer, you probably don’t full control – and that’s what we’ll focus on now. We’ll
keep backups of your code, as it’ll already be on start off looking at the basic archiving tools included
SourceForge, or GitHub, or a million other repositories with every Linux distro, then examine more advanced
and mirror sites. But what about personal files? What options for incremental backups and encryption.
1 ROLLING UP A TARBALL
Many Linux and Unix commands have intriguing You see, the Unix philosophy is all about small and
names that hark back to the early days of computing. distinct tools doing individual jobs, so that users can
For instance, the tool that’s used to join a bunch of plug them together. (In contrast to giant megalithic
files together into a single file is called tar, which is a applications that do a million things ineptly.) So when
contraction of “tape archiver”. Yes, it’s a program that you create a compressed archive of some files in
was originally designed for data tapes (we last used Linux, you actually end up using two programs. Take
one in 2004), which aren’t so much in common use this command, for instance:
today, but its job is still important. tar cfvz mybackup.tar.gz folder1/ folder2/
Have a peek inside a
tarball without extracting it
using the tar tfv command.
82 www.linuxvoice.com
� BETTER BACKUPS TUTORIAL
This creates a single, compressed file (a tarball)
called mybackup.tar.gz, containing folder1 and
folder2 – you can add as many files or directories as
you want onto the end. Now, we’re using tar here to
create the tar archive (a single file), hence the .tar part
of the filename. But the z option to the command
says that we want to run it through the gzip
compression program as well, so we end up with .tar.
gz. (The c option means create an archive, f means to
create a file (instead of spitting the output to the
terminal), and v means verbose, so it shows each file
as it’s being added.)
You can change the compression program that’s
used. For instance:
tar cfvj mybackup.tar.bz2 folder1/ folder2/
tar cfvJ mybackup.tar.xz folder1/ folder2/
Here we’ve replaced the z (gzip) option with j and J,
which means bzip2 and xz respectively. These
programs use different algorithms to compress data,
and the results can vary widely. The table below
shows the time required to compress a 700MB folder
containing a mixture of executable files, along with the media has plenty of space and you want to archive If you’re not overly familiar
with the command line,
resulting file size: files quickly, gzip is the way to go. If you need to be
the Grsync GUI front-end
more economical with space but can leave the to rsync (www.opbyte.it/
archiving process running overnight, xz is better.
Compression performance Extracting a compressed file is easy:
grsync/) can make life
easier.
Program Time Size
tar xfv mybackup.tar.gz
gzip 48.9s 231MB
bzip2 2m34s 208MB The same command works for files compressed
xz 10m1s 164MB with bzip2 and xz. If you want to peek inside an
archive to see what files are contained therein, without
So you can see that xz is much, much slower than actually expanding it, use:
gzip, but it’s also considerably better at compression. tar tfv mybackup.tar.gz
Different compression tools work better with different Again, this works for the other formats too. And if
file types (eg some are more suited to audio data), so you have an archive without a useful filename PRO TIP
for your own backups, it’s worth trying them all and extension – so you don’t know what format it’s in – You can open .tar.gz, .tar.
seeing what results you get. You also need to consider just run the ever-useful file tool on it, eg file bz2 and .tar.xz files on
the trade-off between speed and size: if your backup mybackup.xxx. almost any Linux system,
but what about backups
that need to be opened
on Windows machines?
2 THE MIGHTY POWER OF RSYNC You can get third-party
software to handle these
formats, but it’s often
So we’ve seen how to make simple compressed with the total amount of data that was transferred. simpler to just use the
backups of data, but it’s time to delve a bit deeper with Now, you’re probably thinking: “Big wow! I can do that de-facto standard Zip
format. To create an
the hugely versatile rsync tool. As its core, rsync helps with a normal cp operation, right?” That’s true, but try archive: zip -ry file.zip
you to synchronise data between a source and a running the same command again – and notice the folder/, and to extract use
destination directory, but various features make it amount of data that’s copied. Just a few bytes. unzip file.zip. When
creating, you can also add
especially useful for backup purposes. Another plus Helpfully, rsync is cleverer than cp and checks to see if the -1 option for the
point is that it’s ubiquitous – you can find it in virtually files already exist before copying them. And here’s fastest compression (but
every Linux distribution, and it’s also installed by where it’s great for backup purposes: it makes larger resulting files), or
-9 for slower compression
default in Mac OS X and available for Windows. incremental backups, and doesn’t shift data around (but smaller files).
Let’s say you have a folder called myfiles with a few unnecessarily.
items in it, and an empty folder called backup. To copy For example: say you’ve been using a USB key to
the files from the former to the latter: back up important files each month. The last backup
rsync -avh myfiles/ backup/ of /home/you was 10GB. Since the last backup,
The -a option here means archive mode, so that you’ve only created a few extra files and your home
metadata such as timestamps and permissions are directory contains 11GB. If you use rsync to perform
preserved, while -v means verbose (providing extra the backup, it will only transfer the 1GB that has
information) and -h presents the information in a changed in the meantime, and not copy the whole
more human-readable form. When you execute the 11GB over mindlessly. This saves a lot of time (and
command, you’ll see a list of files being copied, along makes flash media last longer!).
www.linuxvoice.com 83
� TUTORIAL BETTER BACKUPS
Media and location
Once you have the perfect backup system in place, you’ll need Imagine using three hard drives from the same vendor for your
to choose the right kind of media to store your data. On the backups, only to find that a design defect makes them all
low end, recordable DVDs are cheap and cheerful, and decent break after six months…
brands have guarantees for longevity (providing you keep the Then there’s the question of where to store your backup
discs in the right environment). Blu-ray is becoming media. Where possible, it’s a good idea to use different
increasingly affordable as well – an external USB writer costs physical locations, to prevent everything from being lost in the
around £65, and for a spindle of 50 TDK discs (holding 25GB case of robbery, fire or natural disaster. If you use Linux at
each) you’ll pay a smidgen under £30. home, you could always tightly encrypt your data using the
Then there are external USB hard drives, which are reaching guides in this article and ask a friend or neighbour to put a
impressive capacities (2TB for around the £75 mark), along DVD or USB hard drive in a safe place. Most banks in the UK
with tape drives that many businesses still swear by. In any have stopped offering safety deposit box services now,
PRO TIP case, if your data is incredibly important and you’re making although you can find independent companies that claim to
multiple backups, it’s a good idea to use a variety of media. store physical items securely.
Somtimes you’ll see .tar.
gz and .tar.bz2 filenames
written in a slightly
shorter form: .tgz and By default, rsync won’t delete files from the instance, and you want to back up your desktop or
.tbz2. This can help when destination directory if they have been removed from laptop files to it. The simplest way to do this is via
files are being
transmitted to older the source, but you can change that with: SSH, so if you have an SSH server running on the
versions of certain rsync -avh --delete myfiles/ backup/ remote machine, you can do:
operating systems that This is useful if you want your backups to be simple rsync -avhze ssh myfiles/ user@remote.box:backups/
could get confused by
multiple full-stop snapshots from certain points in time, and you don’t The two options we’ve added here are z (to
characters (naming no want old and unwanted files lingering around forever. compress the data going across the network), and e
names…). Another great feature of rsync is the ability to followed by ssh to tell rsync which protocol we’re
narrow down the range of files to be stored. Try this: using. Then we specify the local folder as usual,
rsync -avh --include=”*.jpg” --exclude=”*” myfiles/ backup/ followed by a user and hostname combination, and
In this case, we’re using wildcards to tell rsync to copy then the folder in that user’s home directory where the
all files that end in .jpg, and exclude everything else backup should be created.
(the asterisk means “all text” – ie any filename). This is Oh, and a last bit of efficiency awesomeness:
handy when your home directory is a jumble of stuff, when large files have been modified, rsync can detect
and you just want to back up your MP3, Ogg or FLAC which bits have changed, so it doesn’t have to
files. (Use multiple --include options if you want to transmit entire files each time. If you take a large file
copy several types of file.) and tack an extra byte on the end (eg echo x >> file),
Finally in this section, rsync also works a treat when and then run rsync again, you’ll see that it only sends
copying files to remote servers. This helps if you have the chunk that has changed. This really cuts down on
a NAS box somewhere on your home network, for bandwidth usage.
EncFS in action: the first
directory shows the
regular files, while the
second is the encrypted
versions with funny
filenames.
84 www.linuxvoice.com
� BETTER BACKUPS TUTORIAL
3 ENCRYPTING YOUR DATA
And here we come to arguably the most important
step in a backup procedure: encrypting your data.
Obviously, this is essential if you’re going to store your
files in a cloud-based service such as Dropbox, but it’s
also well worth considering for locally stored backups
as well. If someone gets physical access to your
machines and nabs the drives, at least they won’t get
their mitts on your critical data.
If you’ve looked online for encryption tutorials
before, you might’ve been overwhelmed by all of the
options available. That’s not a bad thing per se – it’s
good that there are so many methods and algorithms
in widespread usage. Monocultures are normally bad,
and if everyone were using the same encryption
system and a fatal flaw in it were discovered, we’d all
be doomed. So here are a couple of possibilities.
The simplest method is to use GnuPG like so:
gpg -c --cipher-algo AES256 filename
You’ll be asked to enter a password (twice, to
prevent typos from encrypting your file with the wrong this, install EncFS; it’s a userspace filesystem that’s Back In Time clones some
password). The file will then be encrypted using a available in most distros, and in Debian/Ubuntu it’s features of Apple’s Time
symmetric cypher, AES-256, which is strong enough just an apt-get install encfs away. Machine, and has both
for general usage, and the resulting file will be given a Firstly, create two directories in your home directory Gnome and KDE-based
.gpg extension. To decrypt it, simply enter: like so: front-ends.
gpg filename.gpg mkdir ~/encrypted ~/decrypted
And that’s it. It’s also possible to encrypt using (If you’re not too familiar with the shell, ~ is a shortcut
public/private key combinations, although that’s a for your home directory.)
more complicated process and beyond the scope of Now, the first directory here will be used as a
this tutorial. But if you’re interested, see permanent store for your data (in encrypted format),
http://serverfault.com/a/489148. while the latter will be used on a temporary basis
when you want to access the files. Enter this:
Extra security with EncFS encfs ~/encrypted ~/decrypted PRO TIP
Instead of encrypting individual files or tarballs, you When prompted, hit p for ‘paranoid’ mode, and then Complex rsync operations
can also add a layer of encryption onto your enter a password (preferably long) that will be used to can do potential damage,
such as overriding
filesystem. So you can work with files normally, but secure your data. The encrypted directory will now be important data, so it’s
when you shut down your machine, they’re mounted in decrypted, so try copying some files into often worth adding the
automatically stored in an encrypted format. To do the latter. Everything looks normal at this stage – you --dry-run option when
you first run the
can work with your files just like in any other directory. command. This will show
Alternative tools Switch into the encrypted directory, however, and run you exactly what rsync
ls – you’ll see that there is the same number of files intends to do, without
We’ve focused on a core set of Linux tools in this article, actually doing it. Once
as in decrypted, but they all have bizarre names like you’re satisfied that
but you can find more specialised open source backup XEfn2,34CC-Bu3hs. everything is in order,
solutions as well. Bacula (www.bacula.org) is a notable re-run the command
example that focuses on enterprises and backing up data
These are the encrypted versions, in which the data
without it.
over the network. To give you an example of its target permanently lives. So once you’re finished doing your
users, it lets you print out special barcodes to stick on work in the decrypted directory, enter:
data tapes that can be then chosen in a tape drive cd ~
auto-changer. fusermount -u ~/decrypted
BackupPC (http://backuppc.sf.net), meanwhile, uses a
client/server model, where the server organises backup
This unmounts the encrypted drive from decrypted,
schedules for multiple clients on the network. It’s a so the latter is now empty; as mentioned, it’s just a
complicated program, but thanks to its web-based temporary place for working with the readable data.
administration panel, you don’t have to faff around too The permanent store is in encrypted, and you can
much at the command line to set it up. access it at any point by repeating the previous
For home desktop users, Areca Backup
(www.areca-backup.org) is a mature and well-designed app
encfs ~/encrypted ~/decrypted command and
written in Java, while Back In Time (http://backintime. entering your password.
le-web.org) strives to provide a snapshot-based alternative
to Apple’s Time Machine system. Mike Saunders stores his data by printing out hex dumps and
laminating the sheets. His cellar holds a whopping 30MB!
www.linuxvoice.com 85
� TUTORIAL PASSWORD CRACKING
JOHN THE RIPPER:
TUTORIAL
CRACK PASSWORDS
How secure are your passwords? Find out (and learn to stay safer
BEN EVERARD
online) by trying to crack them.
M
ost people use passwords many times a
WHY DO THIS? day. They’re the keys that unlock digital
• Check the strength of doors and give us access to our computers,
password hashes. our email, our data and sometimes even our money.
• Understand the options As more and more things move online, passwords
when creating a secure secure an ever growing part of our lives. We’re told to
system.
add capital letters, numbers and punctuation to these
• Learn how password
crackers work so you passwords to make them more secure, but just what
can create secure difference do these have? What does a really secure
passwords. password look like?
In order to answer these questions, we’re going to
turn attacker and look at the methods used to crack
passwords. There are a few password-cracking tools
available for Linux, but we’re going to use John The There are online services (like www.cloudcracker.com)
Ripper, because it’s open source and is in most distros’ that will try to crack passwords for a small fee.
repositories (usually, the package is just called john).
In order to use it, we need something to try to crack. After downloading that file, you can try and crack
We’ve created a file with a set of MD5-hashed the passwords with:
passwords. They’re all real passwords that were john md5s-short
stolen from a website and posted on the internet. The passwords in this file are all quite simple, and you
MD5 is quite an old hashing method, and we’re using should crack them all very quickly. Not all password
The speed at which John it because it should be relatively quick to crack on hashes will surrender their secrets this easily.
can crack hashes varies
most hardware. To make matters easier, all the When you run john like this, it tries increasingly
dramatically depending
hashes use the same salt (see boxout for details). more complex sequences until it finds the password.
on the hashing algorithm.
Slow algorithms (such Although we’ve chosen a setup that’s quick to crack, If there are complex passwords, it may continue
as bcrypt) can be tens of this same setup is quite common in organisations running for months or years unless you press Ctrl+C
thousands of times slower that don’t focus on security. You can download the to terminate it.
than quick ones like DES. files from www.linuxvoice.com/passwords. Once this has finished running you can see what
passwords it found with:
john --show md5s-short
That’s the simplest way of cracking passwords
– and you’ve just seen that it can be quite effective
– now lets take a closer look at what just happened.
John The Ripper works by taking words from a
dictionary, hashing them, and comparing these
hashes with the ones you’re trying to crack. If the two
hashes match, that’s the password you’re looking for.
A crucial point in password cracking is how quickly
you can perform these checks. You can see how fast
john can run on your computer by entering:
john --test
This will benchmark a few different hashing algorithms
and give their speeds in checks per second (c/s).
By default, John will run in single-threaded mode,
but if you want to take full advantage of a multi-
threaded approach, you can add the --fork=N option
to the command where N is the number of processes.
Typically, this is best where N is the number of CPU
cores you want to dedicate to the task.
86 www.linuxvoice.com
� PASSWORD CRACKING TUTORIAL
Processing power
The faster your computer can hash passwords, the more
you can try in a given amount of time, and therefore the
better chance you have of cracking the password. In this
article, we’ve used John The Ripper because it’s an open
source tool that’s available on almost all Linux platforms.
However, it’s not always the best option. John runs on the
CPU, but password hashing can be run really efficiently on
graphics cards.
Hashcat is password cracking program that runs on
graphics cards, and on the right hardware can perform
much better than John. Specialised password cracking
computers usually have several high-performance GPUs
and rely on these for their speed.
You probably won’t find Hashcat in your distro’s
repositories, but you can download it from www.hashcat.
net (it’s free as in zero cost, but not free as in free
software). It comes in two flavours: ocl-Hashcat for
OpenCL cards (AMD), and cuda-Hashcat for Nvidia cards.
Raw performance, of course, means very little without
finesse, so fancy hardware with GPU crackers means very
little if you don’t have a good set of words and rules.
In the previous example, you probably found John
cracked most of the passwords very quickly. This is
Hydra can be used to try
because they were all common passwords. Since it won’t bother trying to crack anything, as it already
and guess passwords on
John works by checking a dictionary of words, has all the passwords. The regular dictionary isn’t as
network services, although
common passwords are very easy to find. good as John The Ripper’s dictionary, so this won’t get this is much slower than
John comes with a word list that it uses by default. all the passwords. cracking hashes locally.
This is quite good, but to crack more and more secure
passwords, you then need a word list with more Mangling words
words. People who crack passwords regularly often Secure services often place rules on what passwords
build their own word lists over years, and they can are allowed. For example, they might insist on upper
come from many sources. General dictionaries are and lower case letters as well as numbers or
good places to start (which languages you pick will punctuation. In general, people won’t add these
depend on your target demographic), but these don’t randomly, but put them in words in specific ways. For
usually contain names, slang or other terms. example, they might add a number to the end of a
Crackers regularly steal passwords from word, or replace letters in a word with punctuation
organisations (often websites) and post them online. that looks similar (such as a with @).
These password leaks may contain thousands or even John The Ripper provides the tools to mangle words
millions of passwords, so these are a great source of in this way, so that we can check these combinations
extra words. To search out even more elusive words, from a normal word list.
crackers turn to web scrapers and other tools to find For this example, we’ll use the password file from
sequences of characters that are used. There are www.linuxvoice.com/passwords, which contains the
some good sources of words at https://wiki. passwords: password, Password, PASSWORD,
skullsecurity.org/Passwords, while good word lists password1, p@ssword, P@ssword, Pa55w0rd,
are often sold (such as https://crackstation.net/ p@55w0rd. First, create a new text file called
buy-crackstation-wordlist-password-cracking- passwordlist containing just:
dictionary.htm, which is pay-what-you-want). The password
latter has about 1.5 billion words. Larger word lists are This will be the dictionary, and we’ll create rules that
available, but often for a fee. crack all the passwords based of this one root word.
With John, you can use a custom word list with the Rules are specified in the john.conf file. By default,
--wordlist=<filename> option. For example, to check john uses the configuration files in ~/.john, so you’ll
passwords using your system’s dictionary, use: need to create that file in a text editor. We’ll start by
rm ~/.john/john.pot adding the lines:
john --wordlist=/usr/share/dict/words md5s-short [List.Rules:Wordlist]
This should work on most Debian-based systems, :
but on other distros, the words file may be in a c
different place. The first line deletes the file that The first line tells john what mode you want to use
contains the cracked passwords. If you don’t run this, the rules for, end every line below that is a rule (we’ll
www.linuxvoice.com 87
� TUTORIAL PASSWORD CRACKING
On the second line, the $ symbol means append the
following character to the password. In this case, it’s
not a single character, but a class of characters
(digits), so it tries ten different words (password0,
password1… password9).
To get the remaining passwords, you need to add
the following rules to the config file:
csa@
sa@so0ss5
css5so0
The rule s<character1><character2> replaces all
occurrences of character1 with character2. In the
above rules, this is used to switch a for @ (sa@), o for
0 (so0) and s for 5 (ss5). All of these are combination
rules that build up the final word through more than
one alteration.
Limitations of cracking rules
The language for creating rules isn’t very expressive.
For example, you can’t say: ‘try every combination of
A text-menu driven tool for creating John The Ripper config files is available from
the following rules’. The reason for that is speed. The
https://sites.google.com/site/reusablesec2/jtrconfiggenerator.
rules engine has to be able to run thousands or even
millions of times per second while not significantly
add more in a minute). The : just tells John to try the slowing down the hashing.
word as it is, no alterations, while c stands for You’ve probably guessed by now that creating a
capitalise, which makes the first character of the word good set of rules is quite a time-consuming process. It
upper case. You can try this out with: involves a detailed knowledge of what patterns are
john passwords.md5 --wordlist=passwordlist --rules commonly used to create passwords, and an
You should now crack two of the passwords despite understanding of the archaic syntax used in the rules
there only being one word in the dictionary. Let’s try engines. It’s good to have an understanding of how
and get a few more now. Add the following to the they work, but unless you’re a professional penetration
config file: tester, it’s usually best to use a pre-created rule list.
u The default rules with John are quite good, but there
$[0-9] are some more complex ones available. One of the
The first line here makes the whole word upper case. best public ones comes from a DefCon contest in
2010. You can grab the ruleset from the website:
How passwords work http://contest-2010.korelogic.com/rules.html.
You’ll get a file called rules.txt, which is a John The
Passwords present something of a impossible to reverse (otherwise it’s not a Ripper configuration file, and there are some usage
computing conundrum. When people enter hashing algorithm), but other than this, it examples on the above website. However, it’s not
their password, the computer has to be able should minimise the number of collisions. designed to work with the default version of John The
to check that they’ve entered the right This is where two different things produce
password. At the same time though, it’s a the same hash, and the computer would
Ripper, but a patched version (sometimes called
bad idea to store passwords anywhere on the therefore accept both as valid. It was a -jumbo). This isn’t usually available in distro
computer, since that would mean that any collision in the MD5 hashing algorithm that repositories, but it can be worth compiling it because it
hacker or malware might be able to get the allowed the Flame malware to infiltrate the has more features than the default build. To get it,
passwords file and then compromise every Iranian Oil Ministry and many other you’ll need to clone it from GitHub with:
user account. government organisations in the Middle East.
git clone https://github.com/magnumripper/JohnTheRipper
Hashing (AKA one-way encryption) is Another important thing about good
the solution to this problem. Hashing is hashing algorithms is that they’re slow. That cd JohnTheRipper/
a mathematical process that scrambles might sound a little odd, since generally There are a few options in the install procedure, and
the password so that it’s impossible to algorithms are designed to be fast, but the these are documented in JohnTheRipper/doc/Install.
unscramble it (hence one-way encryption). slower a hash is, the harder it is to crack. For We compiled it on an Ubuntu 14.04 system with:
When you set the password, the computer normal use, it doesn’t make much difference
cd JohnTheRipper/src
hashes it and stores the hash (but not the if the hash takes 0.000001 seconds or 0.001
password). When you enter the password, seconds, but the latter takes 1,000 times ./configure && make -s clean && make -sj4
the computer then hashes it and compares longer to crack. This will leave the binary JohnTheRipper/run/john
this hash to the stored hash. If they’re the You can get a reasonable idea of how fast that you can execute. It will expect the john.conf file
same, then the computer assumes that the or slow an algorithm is by running john --test (which can be the file downloaded from KoreLogic) in
passwords are the same and therefore lets to benchmark the different algorithms on
you log in. your computer. The fewer checks per second,
the same directory.
There are a few things make a good the slower it will be for an attacker to break If you don’t want to compile the -jumbo version of
hashing algorithm. Obviously, it should be any hashes using that algorithm. John, you can still use the rules from KoreLogic, you’ll
just have to integrate them into a john.conf file by
88 www.linuxvoice.com
� PASSWORD CRACKING TUTORIAL
Salting
For hashing to work, every time a password is hashed, it has to thousand password hashes, it will be at least a thousand times
produce the same result. This plays into the hands of crackers slower to crack them if they are salted (though it could be less
because it means that if they have a list of password hashes if they can use rainbow tables to speed up the crack).
they’ve stolen, they can check every word from their word list To be secure, salts have to be randomly generated. In WPA
against all of them at the same time. It also means that they Wi-Fi security, the network name (SSID) is used as a salt for
could create lookup tables with the hashed value of common the password. This is useful because it’s automatically known
words to speed up the process of cracking passwords (these to both parties. However, SSIDs aren’t unique, and many are
are sometimes known as rainbow tables). quite common. It’s possible to download lookup tables for
To stop this, salts are sometimes used. Salts are small many of the most common SSIDs against many passwords.
amounts of additional data that are added to the plain text A traditional crack against the hashing in WPA is quite slow,
before hashing. They’re stored alongside the hash so that the because WPA uses 4,096 rounds of SHA1. The lookup tables
same salt is used on the same password. Crackers who get sidestep this because the hashing has already been done.
access to the hashes will also usually get access to the salts, It’s important to use a random salt to stop this sort of
but it means they have to crack every password individually attack, and it’s important to use an obscure SSID on your Wi-Fi
rather than working against the whole lot simultaneously. network to avoid falling victim.
At the very least, salting will slow an attacker down by the You can download the lookup tables and a list of SSIDs
factor of the number of hashes they have. If a cracker steals a from www.renderlab.net/projects/WPA-tables.
hand first. There are a lot of rules, so you’ll probably creating new users in your Linux system and giving
want to pick out a few, and copy them into the john. them a password; then you can copy the /etc/shadow
conf file in the same way you did when creating the file to your home directory and change the owner with:
rules earlier, and omit the lines with square brackets. sudo cp /etc/shadow ~
As you’ve seen, cracking passwords is part art and sudo chown <username> ~/shadow
part science. Although it’s often thought of as a Where <username> is your username. You can then
malicious practice, there are some real positive run John on the shadow file. If you’ve got a friend
benefits of it. For example, if you run an organisation, who’s interested in cracking as well, you could create
you can use cracking tools like John to audit the challenges for each other (remember to delete the
passwords people have chosen. If they can be lines for real users from the shadow file though!).
cracked, then it’s time to talk to people about computer Alternatively, you can try our shadow file for the latest
security. Some companies run periodic checks and in our illustrious series of competitions.
offer a small reward for any employee whose So, what does a secure password look like? Well, it
password isn’t cracked. Obviously, all of these should shouldn’t be based on a dictionary word. As you’ve
be done with appropriate authorisation, and you seen, word mangling rules can find these even if
should never use a password cracker to attack you’ve obscured it with numbers or punctuation. It
someone else’s password except when you have should also be long enough to make brute force
explicit permission. attacks impossible (at least 10 characters). Beyond
John The Ripper is an incredibly powerful tool whose that, it’s best to use your own method, because any
functionality we’ve only just touched on. method that becomes popular can be exploited by
Unfortunately, its more powerful features (such as its attackers to create better word lists and rules.
rule engine) aren’t well documented. If you’re
interested in learning more about it, the best way of Ben Everard is the co-author of the best-selling Learn Python
doing this is by generating hashes and seeing how to With Raspberry Pi, and is working on a best-selling follow-up
called Learning Computer Architecture With Raspberry Pi.
crack them. It’s easy to generate hashes by simply
COMPETITION
Put your skills to the test with the Linux Voice password cracking competition
We’ve created 100 users on our Linux box using Your task is to crack as many passwords as sends in their entry first.
a range of passwords. Linux distros store the possible. They’re in the standard SHA512 format To enter, just send a plain
password hashes in the /etc/shadow file, and you (John The Ripper – and most other password text file with a list of
can get ours from www.linuxvoice.com/passwords. crackers – will detect this automatically). This is unhashed passwords that
Some are easy, some are hard. Some are real quite a slow algorithm, and some of the passwords you’ve cracked from the
passwords we’ve extracted from dumps, some are quite complex, so we don’t expect anyone to competition-shadow file to
we’ve generated using password generators, others guess all of them. The prize will go to the person ben@linuxvoice.com. The deadline for entries is
we created by hand (that might be a clue). Oh, and who manages to crack the most. If two people 25 October 2014.
incidentally, we like the XKCD web comic. crack the same number, the prize will go to whoever Happy cracking!
www.linuxvoice.com 89
� TUTORIAL MAILSERVER
CYRUS: BUILD YOUR
TUTORIAL
OWN EMAIL SERVER
Don’t trust Google? We’ll help you navigate the sea of
JOHN LANE
acronyms to build your own mailserver.
Y
ou can’t beat the convenience and ease of use access their mail by connecting to the server using
WHY DO THIS? offered by Gmail. But unfortunately, all that any IMAP-capable email client application.
• Take control of your free storage comes at a price: your privacy. You will need a, preferably new, server for this
email provision. Spam, intrusive adverts and snooping from unnamed project and you’ll need root access to it. Our examples
• Stop outside agencies government agencies are the inevitable downside of use Arch Linux, and we created a new virtual server.
from scanning the using someone else’s service for free. So why not Begin by installing Cyrus (build the Arch User
content of your emails.
build your own email server including anti-spam, Repository package first – see the boxout below-right):
• Get webmail without
advertising. anti-virus and webmail? $ pacman -U ~build/cyrus-imapd/cyrus-imapd-2.4.17-5-x86_64.
You can use your own server to retrieve messages pkg.tar.xz
from other mailservers, such as those provided by The default configuration writes data to /var/imap
internet service providers, or other services like those and user mailboxes to /var/spool/imap. You can
from Google and Yahoo. But you don’t need to rely on change this if you prefer another location; we’ll
others if you have your own server. If you have a configure our server to use /srv/mail/cyrus to
domain name that you control, and if you can give your illustrate this. If you follow suit, you can also delete the
server a static public IP address then you can receive default locations:
email directly. rm -r /var/spool/imap /var/imap
We’re going to implement a sealed server, which Some command line tools are installed to /usr/lib/
means that users cannot cyrus/bin so it’s worth extending your PATH (do it in
log in to it. They have /etc/profile to make this permanent):
“Why not build your own email email accounts that are export PATH=”$PATH”:/usr/lib/cyrus/bin
server, including anti-spam, only accessible using
client applications that
There are two configuration files, and the first of
these is /etc/cyrus/cyrus.conf. It defines the services
anti-virus and webmail?” connect to the server that the server will offer, and the default file is generally
using IMAP, the Internet acceptable unless, like us, you want to change the data
Message Access path. This requires one entry in the file to be altered:
Protocol (we could, but won’t, also use the older Post lmtpunix cmd=”lmtpd” listen=”/srv/mail/cyrus/socket/lmtp”
Office Protocol, POP). prefork=0
You can give your test
account a meaningful At the heart of the system is the IMAP server, Cyrus. The listen argument points to the Unix domain
name and enter your This accepts messages using a protocol called the socket where the server accepts LMTP protocol
own name in the identity Local Mail Transfer Protocol, or LMTP, and stores them connections. We change this to be in a subdirectory of
section. in mailboxes – it’s a mail delivery agent. Users can our chosen data path. You can also take this
opportunity to disable unwanted services; we
commented out pop3 and pop3s because we plan to
offer IMAP-only access.
The second file, /etc/cyrus/imapd.conf, configures
the IMAP server and needs to be written from scratch.
The following example will get you started, but you
may want to read the documentation and configure it
to meet your needs.
configdirectory: /srv/mail/cyrus
partition-default: /srv/mail/cyrus/mail
admins: cyrus
sasl_pwcheck_method: saslauthd
sasl_saslauthd_path: /var/run/saslauthd/mux
sasl_mech_list: PLAIN
allowplaintext: yes
altnamespace: yes
unixhierarchysep: yes
virtdomains: userid
90 www.linuxvoice.com
� MAILSERVER TUTORIAL
defaultdomain: mydomain.com
hashimapspool: true
sieve_admins: cyrus
sievedir: /srv/mail/cyrus/sieve
This tells Cyrus to use /srv/mail/cyrus for its
configuration and, within that, a mail subdirectory
where it should store mail. Virtual domains allows
domain-specific mailboxes – you can have accounts
for alice@example-one.com and alice@example-
two.com. The defaultdomain is the domain that
unqualified user accounts, like “alice”, belong to.
To improve the end-user experience, we set
altnamespace so that users’ email folders appear
alongside, rather than within, their inbox, and
unixhierarchysep delimits mail folders with slashes
instead of the default, which is to use a period.
SASL
Our configuration uses SASL for authentication. This . logout You can specify the server
is the Simple Authentication and Security Layer, and If everything went well, the server responses will by its host name or IP
was automatically installed as a dependency of the begin with * OK. You can now set up your email client address. The username
is the IMAP “testuser”
IMAP server. We just use the default configuration to connect to the IMAP account, but it doesn’t have
account that we set up on
here, which passes plain-text passwords to the any folders yet. The cyradm tool is used to create
the server.
saslauthd daemon that, in the default configuration mailboxes, and the minimum is an inbox:
on Arch Linux, uses PAM for authentication. This is $ su cyrus -c ‘cyradm -u cyrus -w cyrus localhost
acceptable for a test system, but you should consider localhost.localdomain> cm user/testuser
configuring SASL to use more secure methods that You can then use your email client to create
satisfy your own security requirements. subfolders, or you can use cyradm – cm creates
So, create a test account for testing and verify that mailboxes (folders) and lm lists them:
SASL can authenticate it. The default SASL localhost.localdomain> cm user/testuser/Sent PRO TIP
configuration authenticates system users so we use a localhost.localdomain> lm Cyrus documentation is
nobody account that can be authenticated but cannot user/testuser (\HasChildren) available at
http://cyrusimap.org/
be used to log in to the server. user/testuser/Sent (\HasNoChildren)
docs/cyrus-imapd.
$ useradd -c ‘Test email account’ -u 99 -o -g nobody -d /dev/null user/testuser/Trash (\HasNoChildren)
-s /bin/false testuser You can now send a message to the test user.
$ echo testuser:testpass | chpasswd Create a test message in a file (call it testmessage)
Start saslauthd (also enable it so that it starts on with the following contents (the empty line is required
boot) and test that SASL authentication works for the – it marks the beginning of the message body).
new test user: From: Test Message <test@example.com>
$ systemctl enable saslauthd Subject: This is a test message
$ systemctl start saslauthd This is a basic test e-mail message
$ testsaslauthd -u testuser -p testpass To send the message into Cyrus, use the deliver tool
0: OK “Success.”
The installation also created a cyrus user, and the
server’s processes run as this user. We can also use it A virtual mailserver
for administrative tasks if we set its home directory,
We used Linux Containers to create a virtual $ pacman -S base-devel devtools
shell and password:
server to implement our mailserver on. Here’s $ useradd -c ‘Build Account’ -m -g users -d /
$ usermod -s /bin/bash -d /srv/mail/cyrus cyrus what we did. As root, on any host machine home/build -s /bin/bash build
$ echo cyrus:cyrus | chpasswd (ours runs Arch Linux): $ echo build:build | chpasswd
To complete the configuration, make the required lxc-create -n mailserver -t archlinux -- -P $ echo ‘build ALL=(ALL) NOPASSWD: ALL’ >> /
directories and build the IMAP folders: dhcpcd,openssh,wget --ewnable_units etc/sudoers
dhcpcd,sshd.socket -r mysecret To build a package, log on as the “build”
$ mkdir -p -m 750 /srv/mail/cyrus/mail
lxc-start -n mailserver user, download and extract the package’s
$ chown -R cyrus:mail /srv/mail/cyrus You can then log in with ssh AUR tarball and use makepkg to build it.
$ su cyrus -c ‘mkimap /etc/cyrus/imapd.conf’ root@mailserver using mysecret as Further instructions are available on the Arch
Now start the server the password. Linux website. Here is an example:
$ systemctl enable cyrus-master Some of the packages that we will use $ wget https://aur.archlinux.org/packages/cy/
aren’t in the repositories, but they can be cyrus-imapd/cyrus-imapd.tar.gz
$ systemctl start cyrus-master
built from the Arch User Repository, AUR. We $ tar xf cyrus-imapd.tar.gz
Test IMAP access for the test user created a build account on our new server for $ cd cyrus-imapd
$ telnet localhost imap building these packages. $ makepkg -s
. login testuser testpass
www.linuxvoice.com 91
� TUTORIAL MAILSERVER
MXToolbox.com can test from Gmail:
your server from outside… poll poll imap.gmail.com protocol imap
user alice@gmail.com there pass abc123 is alice here
user alice_other@gmail.com there pass secretword is alice here
user jane.doe@gmail.com there pass secretword is jane here
and similar examples for Yahoo and Microsoft mail
accounts:
poll pop.mail.yahoo.com protocol pop3
user johndoe there pass mypassword is john here ssl
poll pop3.live.com protocol pop3
user bob@hotmail.com there pass 123abc is bob here ssl
You can fetch mail on demand (the optional -v
makes it verbose):
$ fetchmail -v -f /etc/fetchmailrc
Or, what you will most likely want to do is start it as a
daemon that regularly polls for available messages.
The daemon on Arch Linux runs as the fetchmail user
and requires that it owns the /etc/fetchmail file. We
can start the daemon:
$ chown fetchmail /etc/fetchmailrc
$ systemctl enable fetchmail
$ systemctl start fetchmail
Fetchmail will poll at an interval defined by its
systemd unit. On Arch Linux this is 900 seconds (15
minutes). You can use the SIGHUP signal to instruct
the daemon to poll on demand.
$ pkill -USR1 fetchmail
We now have a working email server that fetches
email from other external mailservers. We can improve
upon that by having mail sent to us.
Join the Postal Union
and then check your email client for the message. Email is sent across the internet by Mail Transfer
deliver testuser < testmessage Agents. These aren’t trench-coated sleuths but
That completes the configuration of the IMAP network services that converse using the Simple Mail
PRO TIP server. It’s ready to receive mail and can serve it to Transfer Protocol, or SMTP. We need to join in this
All mail users created users’ email clients, but nothing is yet being sent to it. conversation so that we can receive email – we need
with useradd can have
the same UID. The simplest way to get mail into your server is to our own Mail Transfer Agent, and we’ll use Postfix; it’s a
fetch it from another one. A daemon known as a Mail straightforward installation from the repository:
Retrieval Agent (MRA) can fetch mail from remote $ pacman -S postfix
IMAP or POP mailboxes such as your Gmail account. Postfix is controlled by a configuration file called
The MRA that we’ll use is called Fetchmail: main.cf, and you’ll find it in /etc/postfix. It contains a
$ pacman -S fetchmail large number of options but most of the defaults are
Fetchmail takes instructions from /etc/fetchmailrc, acceptable for our needs.
which must be set with 0700 permissions. The file Our mailserver supports mail accounts for multiple
begins with global settings and defaults and it’s here domains, so we’ll configure Postfix to recognise these
that we tell Fetchmail to deliver all mail to our server’s Virtual Mailbox Domains and deliver any mail received
LMTP socket. for them into our mailserver’s LMTP interface.
defaults virtual_mailbox_domains = mydomain.com myotherdomain.
smtphost “/srv/mail/cyrus/socket/lmtp” co.uk
smtpaddress mydomain.com virtual_transport = lmtp:unix:/srv/mail/cyrus/socket/lmtp
Specify the same domain here as the Start the Postfix server and tail its journal so that you
defaultdomain in /etc/cyrus/imapd.conf. Without this, can see what it does:
any unqualified usernames will have localhost $ systemctl enable postfix
appended and the mailserver won’t recognise them. $ systemctl start postfix
With the defaults configured, what remains is to $ journalctl -f -u postfix &
provide blocks for each remote server that we wish to You can use Telnet to send a test message. You
fetch from. You can fetch messages from many should be able to see it in your email client as soon as
remote accounts and deliver them to any configured you’ve sent it.
local email account. Here is an example that fetches $ telnet localhost smtp
92 www.linuxvoice.com
� MAILSERVER TUTORIAL
EHLO example.com
MAIL FROM:bob@example.com The right protocol
RCPT TO:testuser@mydomain.com
There are quite a few protocols involved in in favour of STARTTLS because this allows
DATA the transmission of email. both insecure and secure connections over
From: Bob <bob@example.com> SMTP is what drives email. The the same port.
Subject: This is a test message mailserver’s MTA makes connections using Mail User Agents use POP, the Post Office
SMTP: it listens on port 25 for incoming Protocol (RFC1939) and IMAP, the Internet
messages and sends messages to port 25 Message Access Protocol (RFC3501). They
This is a test SMTP message
on other MTAs. SMTP was originally send email, ideally to the MSA on port 587,
. specified by RFC821 back in 1982. but more often to the MTA on port 25.
QUIT LMTP is the Local Mail Transfer Protocol You can read the RFC specifications
The test confirms that our server can deliver emails defined by RFC2033 used for local mail at http://tools.ietf.org if you want to
received for our domains over SMTP but, before delivery within the same network. Our understand more about these protocols.
MDA, Cyrus-IMAP, accepts mail using
anything can be sent to it, it needs a static public IP LMTP through a Unix domain socket. Common Ports
address and the domains’ DNS records need to be ESMTP, Extended or Enhanced SMTP, 25 is for message transfer (SMTP-MTA).
updated with that address so that other Mail Transfer defined by RFC5321, is a set of extensions 110 is for POP.
Agents can find it. to SMTP. They include STARTTLS, which is 143 is for IMAP.
used to establish transport layer security. 465 was for SMTP-Secured (deprecated).
Because of this, it’s common to see 587 is for message submission
Speak to me ESMTP used to describe SMTP over TLS. (SMTP-MSA).
Your internet service provider allocates you a public IP Next month we will add a Message 993 is for IMAP over SSL.
address for your connection. You will need to ensure Submission Agent to our system that These assignments are specified by the
this is static. If in any doubt, contact your ISP. We’ll use listens on port 587 for ESMTP connections. Internet Assigned Numbers Authority (IANA).
the public address of example.com in our examples, Message submission to this port is known as Although some MUAs and MTAs support
SMTP-MSA. the deprecated SMTP-Secured on port 465,
which is 93.184.216.119. There used to be a secured form of SMTP this port has been reassigned to the URL
You’ll need to open the SMTP port (25) on your called SMTPS or SMTP-Secured, that MTAs Rendezvous Directory for SSM, which has
perimeter firewall and configure a NAT translation to supported on port 465 but it was deprecated nothing to do with email whatsoever.
connect that port to your mailserver. How you do this
will depend on what networking hardware you have.
The following examples assume that You could use multiple MX records to have mail
93.184.216.119:25 reaches your Postfix SMTP delivered to a mailbox at your ISP if your own server is
interface. Once you have a static IP address that offline. Your server’s Mail Retrieval Agent, Fetchmail,
connects to your server, you should configure your could then retrieve any such mail when it comes back
domains’ DNS records. How you do this depends on online.
the tools provided by your DNS provider, usually the You can perform various tests to ensure that your
registrar of your domains. server can accept mail. You can probe your port
PRO TIP
You need to configure two records: an address (https://www.grc.com/x/portprobe=25) and test your
You’ll need an SASL back-
record (A record) that points to your static public IP MX records, either online with http://mxtoolbox.com end that can support
address, and a mail exchange record (MX record) that or on the command line with dig: fully qualified user names
points to the A record. DNS records have four fields $ dig +short MX mydomain.com like bob@example.com
to host accounts for
but each record only uses three of them. Configure the 5 mail.mydomain.com. domains other than the
A record like this: $ dig +short A mail.mydomain.com “defaultdomain”.
Left field: mail 93.184.216.119
Type: A Now that your SMTP server is on the internet you
Priority: <blank> need to make sure it’s properly configured, otherwise it
Right field: 93.184.216.119 won’t be long before spammers find it and start using
and the MX record like this: it to distribute their wares. You can use
Left field: <blank> http://mxtoolbox.com/SuperTool.aspx to check how
Type: MX your server responds to the outside world and confirm
Priority: 5 that you aren’t offering an open relay to spammers;
Right field: mail https://www.wormly.com/test_smtp_server lets you
The MX record references the A record by name (we send test emails into your server.
imaginatively chose to call ours “mail”). The A record We’ve configured enough to receive, store and serve
gives the IP address of the server. Both records are email to multiple users over IMAP. Next time, we’ll start
required – the MX record cannot contain an IP filtering out unwanted messages, like anything
address. Remember that DNS updates can take up to containing spam or viruses or even just mails from
48 hours to take effect. people we just don’t like. We’ll also let our users send
You can define multiple MX records and use the email, because it’s good to talk.
priority field to order them. If you do this then delivery
is attempted using each MX record in ascending John Lane is a technology consultant with a penchant for
priority order until one succeeds. If delivery fails then Linux. He helps new businesses and start-ups make the most
of open source software.
the message is returned to the sender (it’s bounced).
www.linuxvoice.com 93
� TUTORIAL URWID
URWID: CREATE TEXT MODE
TUTORIAL
INTERFACES
VALENTINE SINITSYN
Text-mode user interfaces do not belong to museums
yet – find out why and craft one yourself.
T
oday, one can hardly imagine the PC without third-party IO loop integration and other services that
WHY DO THIS? a graphical desktop. Even the smallest you might expect from a mature toolkit – but it’s a
• Create easy to use, computers such as the Raspberry Pi have an peculiarity to keep in mind when you program with it.
lightweight interfaces.
HDMI port and a CPU powerful enough for a graphical
• Rewrite dialog(1)-based
shell scripts in Python. environment. Text (or console) user interfaces (TUI) Widget types
• Learn Linux beyond the may feel like a weird artefact from ye olden days that One task that a widget toolkit performs is calculating
desktop. fit a museum stand better than your monitor. Sure, positions and screen space for widgets. This is not as
you are unlikely to use a terminal to chat on Facebook simple as it may sound, and there’s no one-size-fits-all
(although you can surf the web with the Links browser recipe either. Some older libraries tended to avoid this
if you wish), or write a report (Latex can award you job altogether, so if a label was too long to display, it
with state-of-the-art documents). Nevertheless, was simply cut off.
console-based programs come in handy where you Urwid’s approach is to introduce three types of
don’t have graphics configured (in installers or setup widgets. The first one, “box”, takes as much space
tools) or work on slow connections (say, you SSH as its container allocates; a top-level widget in Urwid
into your Raspberry Pi-based sensor somewhere in application is always a box one. Flow widgets are
countryside available over a 2.75G cellular network given a number of columns to occupy, and are
only). Text interfaces are also often preferable for responsible for calculating the number of screen
specialised applications, like point-of-sale terminals. rows they need (as we are working in text mode,
This tutorial is about making console interfaces units are characters, and widget size is measured in
in Python with the Urwid library. If you’ve ever done rows and columns, not pixels). Fixed widgets are, er,
any programming with Qt, GTK or any other toolkit, fixed: they always occupy the same screen space
you will find many concepts similar, but not the regardless what is available, and they decide on their
same. That’s because Urwid is, strictly speaking, not size themselves. A typical example of a flow widget
a widget toolkit. It’s a widget construction toolkit, and is Text; common boxed widget is SolidFill, which fills
this subtle difference sometimes matters. It provides an area with the given character and is useful for
the elements of a user interface that you’d expect, backgrounds. Fixed widgets are rare, and we won’t
like buttons or text input boxes. But many advanced discuss them.
widgets, say dialogs or drop-down menus, are missing There are also “decoration widgets” that wrap other
(you do them yourself, and we’ll show you how in a widgets and alter their appearance or behaviour.
minute). There is also no straightforward way to set In this way, flow widgets can be made boxed (for
the “tab order” (ie how the focus moves with Tab key).
This doesn’t mean that Urwid is limited or primitive In a timely manner
– it’s a full-fledged library with mouse support,
The main loop is not only the dispatcher of events, but also
a timer. These two roles may seem distant, but they are
closely related if you descend to the system calls level.
We won’t go that deep here, but instead will see how to
use timers in Urwid. Actually, it’s quite simple, and the API
resembles JavaScript’s window.setTimeout():
def callback(main_loop, user_data):
# I’m to be called in 10 seconds
handle = main_loop.set_alarm_in(10,
callback, user_data=[])
user_data is for passing arbitrary values to your callback;
if you don’t need it, simply omit the argument. There is
also set_alarm_at(), which schedules an alarm at the given
moment. If you don’t need an alarm anymore, you can
remove it with:
main_loop.remove_alarm(handle)
Alarms in Urwid are not periodic, so there is no need to
remove the alarm that was already triggered.
There are TUI eqiuvalents for many graphical programs, including browsers.
94 www.linuxvoice.com
� URWID TUTORIAL
instance, with Filler, which fills rows left unused by
its child) or vice versa (see BoxAdapter). All of these
types are visually summarised in the “Included
Widgets” section of the Urwid manual (http://urwid.
org/manual).
Sometimes you misuse widgets and put a box one
where a flow widget is expected, or whatever. Urwid
is not very friendly in this case, and all you get is a
cryptic ValueError exception:
... Few other calls here ...
File “/path/to/urwid/widget.py”, line 1004, in
render
(maxcol,) = size
ValueError: too many values to unpack
It originates from the way widgets are rendered.
You don’t need to dig into details of this backtrace, just
remember that if you see it, you’ve probably missed a
decoration widget.
Our first Urwid program:
Hello, Urwid world! The palette = keyword argument installs the palette
basic, but fully functional.
It’s time to write some code. Like many other (if not for your application, but the AttrMap decoration
all) UI frameworks, Urwid is built around the main loop, widget is where the colour is actually applied. ‘basic’
represented by the MainLoop class. This loop serves as an identifier, and can be anything you want.
dispatches events such as key presses or mouse
clicks to the widget hierarchy rooted at the topmost Let’s open windows
box widget, passed as the first argument to the Programs usually interface with users via some dialog
MainLoop constructor (and available later as a windows. In text mode, they look like framed
‘widget’ attribute on the main loop object). In this way, rectangular areas, so let’s create one. To make things
a simplest Urwid program might look like this: more interesting, we’ll also include a few basic
from urwid import MainLoop, SolidFill widgets. A blue background can be created with
mainloop = MainLoop(SolidFill(‘#’)) SolidFill(‘ ‘) the usual way (let’s creatively call this
mainloop.run() widget ‘background’). To create a framed area, we can
This will fill the screen with hashmarks. The run() use the LineBox() decoration widget (don’t forget to
method is where the main loop starts. To terminate it, import widgets from the urwid package as they The Urwid manual has a
raise the ExitMainLoop exception: appear in the text): neat refresher for widget
def callback(key): types and more.
raise ExitMainLoop()
mainloop = MainLoop(SolidFill(‘#’),
unhandled_input=callback)
unhandled_input callback is executed for any
event that is not handled by the topmost widget (or
its descendants). Since SolidFill() doesn’t respond
to keypresses, any key will stop the program. You
can check this yourself – just make sure you have
installed Urwid with your package manager (it’s called
python-urwid or similar).
Add some colour
Black and white text is boring. Urwid can paint colours,
but it needs a palette first:
single_color = [(‘basic’, ‘yellow’, ‘dark blue’)]
mainloop = MainLoop(AttrMap(SolidFill(‘#’),
‘basic’), palette=single_color)
Here, the palette contains a single colour: yellow
text on a blue background. You can define a palette
with as many colours as you want, but keep in mind
that not all colours (and attributes) are supported by
all terminals. If you don’t target a specific environment,
it is better to stick to “safe” colours, as defined in the
“Display Attributes” section of the Urwid manual.
www.linuxvoice.com 95
� TUTORIAL URWID
By default, Pile stretches scratchpad, button_wrap])
widgets to the whole Here, we see two new ways to apply attributes
parent’s width. (colours). The Text widget can accept a markup (a
tuple or a list of tuples), and AttrMap can assign
different attributes to focused and unfocused widgets.
As we create widgets, we store them in variables for
further reference.
If you try to run this code now, you’ll see it fails
with the ValueError we’ve already discussed. This is
because the Pile widget’s type is determined by its
children, and Text, Edit and Button are flow widgets.
LineBox works the same way, so finally ‘window’ is
a flow widget in our program. However, the way we
use Overlay implies that the top widget is a box one
(since we allocated both the width and height for it
window = LineBox(interior) ourselves), and this is the problem. We need to wrap
By default, LineBox draws a single line around the ‘interior’ into something to make it boxed. The natural
supplied widget; however, you can configure every choice is Filler: we’ll let flowed interior widget decide
aspect of the frame using Unicode box drawing how many rows it needs, and Filler will take the rest.
characters (http://unicode-table.com/en/#box- By default, Filler centres its contents vertically, and
drawing). Forget about the ‘interior’ widget for now this is also what we want:
– we’ll get to it shortly. But for now, how do we put interior = Filler(Pile([...]))
the dialog over the background? Urwid provides the Now the program runs; however, the button is wider
Overlay() widget for that: than needed. That’s because Pile makes all children
topw = Overlay(window, background, equal width, so the button needs some padding:
‘center’, 30, ‘middle’, 10) button_wrap = Padding(AttrMap(...),
main_loop = MainLoop(topw, align=’center’, width=15)
palette=some_palette) By default, Padding makes contents left-aligned, so
main_loop.run() we explicitly tell it we need them centred. Width can
This lays out a 30x10 window centred on the be an integer (the exact number of columns for the
background and starts the main loop. Note that we’ve contents), ‘pack’ (try to find optimal width, which may
used Overlay as the topmost widget. Should we need not work out), or (‘relative’, percentage) if you want the
to change the view, the main_loop.widget is to be set contents to scale with the container.
to something different. Now, the interface looks as needed, however, it still
Now, back to the ‘interior’. We want some labels does nothing. Let’s change the scratchpad’s contents
(Text), an input (Edit), and a push button (Button) when the button is clicked (either with the Enter key or
stacked vertically one over another. The way to do it in with the mouse):
Urwid is to use a Pile container: from urwid import connect_signal
caption = Text((‘caption’, ‘Enter some words:’), def button_clicked(button, user_data):
align=’center’) input, scratchpad = user_data
input = Edit(multiline=False) scratchpad.set_text(‘You entered: %s’ %\
# Will be set from the code input.edit_text)
scratchpad = Text(‘’) connect_signal(button, ‘click’, button_clicked,
button = Button(‘Push me’) [input, scratchpad])
button_wrap = Padding(AttrMap(button, We pass references to input and scratchpad in
‘button.normal’, ‘button.focus’), user_data; in real-world code they will likely be some
align=’center’, width=15) object’s attributes. If you no longer want the button
interior = Filler(Pile([caption, input, to work, you can disconnect the signal with the
disconnect_signal() function. For Button, you can
achieve the same results with the on_press= and
Walking through the lists
user_data= constructor arguments, however the
approach we just saw works for any event and widget
ListBox doesn’t dictate how the contents (including focused widgets) are stored: it simply
(for example, Edit emits a ‘change’ signal when the
manages them using the ListWalker interface. The latter is quite simple, and there are some
stock Urwid classes that already implement it (like the SimpleFocusListWalker we saw), but text is changed).
you can always create your own. This is reasonable when ListBox contents are unsuitable to Our simple program is now fully functional, except
store in a Python list as a whole: they are large, take a long time to receive or whatever else. that there’s no way to exit from it. We can reuse the
ListWalker solves the problem by providing the way to get (or set) the current (focused) item, unhandled_input trick, but this time, let’s exit only if
and to retrieve siblings for any position in the list. This is enough to display the currently
the user presses the F10 key:
visible part of the contents. For more details, look at the fib.py and edit.py examples that ship
with Urwid. def unhandled_input(key):
if key == ‘f10’:
96 www.linuxvoice.com
� URWID TUTORIAL
raise ExitMainLoop()
If you want to, you can also add another button to
close the application.
A secret weapon
As we’ve already learned, Urwid is missing many
advanced widgets. However, it includes one very
powerful one: ListBox. You might imagine a box with
a few lines of text and a highlighting bar, but Urwid’s
ListBox is different (although it can look and behave
this way as well). It’s a scrollable list (or even tree) of
arbitrary widgets that’s generated dynamically, and it
can serve various purposes, including creating menus,
sequence editors and almost anything else (except
coffee makers, you know).
ListBox is a bit like Pile in that it takes a list of
widgets and stacks them vertically. However, there
ListBox is a natural choice
are many discrepancies, and they are quite important. AttrMap the same way we did it for the button earlier:
for, er, a list box widget.
First, passing ListBox a list of widgets is the most def exit_app():
simple, limited and somewhat discouraged way to set raise ExitMainLoop()
its contents. Second, ListBox is always a box widget contents = []
that contains flow widgets; in other words, it decides for caption in [‘Item 1’, ‘Item 2’, ‘Item 3’]:
what part of the contents will be shown at given time. item = MenuItem(caption)
To make this decision, ListBox manages focus: if, connect_signal(item, ‘activate’, exit_app)
for instance, you press the Down key, the focus will contents.append(AttrMap(item,
be shifted to the next child, and its contents will be ‘item.normal’, ‘item.focus’))
scrolled accordingly. interior = ListBox(SimpleFocusListWalker(contents))
While ListBox is a real Swiss Army knife, we’ll This assumes that the overall program layout
use it to create a simple menu. Let’s start with is the same as in the previous example; however,
the MenuItem class. A simple menu item is just a since ListBox is box widget, there is no need to wrap
text label that’s highlighted when it has focus and ‘interior’ with Filler. We connect the ‘activate’ signal
responds in some way to activation (like pressing the to the exit_app() function that simply terminates the
Enter key). This means the Text widget is a perfect program.
base class for it. We need to register a signal (let’s The SimpleFocusListWorker class is a basic
call it ‘activate’), intercept the Enter key and make adapter to make ListBox work on top of a static
the widget selectable (that’s a basic property of all widget list. It derives from ListWalker, and you can
widgets in Urwid; only selectable widgets receive use its other subclasses here, including the ones
focus from the ListBox container). you create yourself, as well. The primary reason to
from urwid import register_signal, emit_signal do this is to make the contents of ListBox dynamic,
class MenuItem(Text): for example, read lines from a file only when the user
def __init__(self, caption): scrolls down to them. This is where ListBox comes to
Text.__init__(self, caption) its full powers.
register_signal(self.__class__, [‘activate’])
def keypress(self, size, key): Where to go next?
if key == ‘enter’: That’s basically all for the introduction. There are
emit_signal(self, ‘activate’) some concepts, like text layout or canvas cache,
else: that we haven’t discussed, and there are others
return key we’ve touched only briefly. However what you’ve
def selectable(self): learned today will hopefully help you to master more
return True advanced concepts quickly. Should you need to
Signals are registered per-class with register_ create a sophisticated Urwid UI, bundled examples
signal() and emitted with emit_signal() later. The and existing applications (http://excess.org/urwid/
keypress() method is defined in the base Widget wiki/ApplicationList) are great resources for Urwid
class and overridden by all widgets that want to programming ideas and techniques. Just don’t forget
respond to the keyboard (its size is the current to post your Urwid toolbox to some code hosting site
widget’s size). If the widget successfully handled the for community’s benefit, too!
key it returns none, or key otherwise. There is a similar
mouse_event() method, but we won’t discuss it here. Dr Valentine Sinitsyn has committer rights in KDE but prefers
Next, we need to pack MenuItem objects into to spend his time mastering virtualisation and doing clever
things with Python.
ListBox. To make current focus visible, we’ll use an
www.linuxvoice.com 97
� CODING XBMC REMOTE
XBMC: BUILD A
TUTORIAL
REMOTE CONTROL
Take control of your home media player with a custom remote
BEN EVERARD
control running on your Android phone.
X
BMC is a great piece of software, and can turn and we want to be accessible to guests without them
WHY DO THIS? almost can computer into a media centre. It having to install anything. The obvious solution is to
• Learn to use the can play music and videos, display pictures, make a web interface. XBMC does have a built-in web
Bottle framework for and even fetch a weather forecast. To make it easy to server, but to give us more control, we decided to use
quickly developing web use in a home theatre setup, you can control it via a separate web framework. There’s no problem
applications.
mobile phone apps that access a server running on running more than one web server on a computer at a
• Design a remote control
for your media centre the XBMC machine via Wi-Fi. There are loads of these time, but they can’t run on the same port.
that fits with your ways available for almost all smartphone systems. There are quite a few web frameworks available.
of working. We’ve recently set up an XBMC system for playing We’ve used Bottle because it’s a simple, fast
• Show off to friends and music, and none of the XBMC remotes we found really framework, and we don’t need any complex functions.
family with a music
player that’s better than excel at this task, especially when the TV attached to Bottle is a Python module, so that’s the language in
theirs. the media centre is turned off. They were all a bit too which we’ll write the server.
complex, as they packed too much functionality into You’ll probably find Bottle in your package manager.
small screens. We wanted a system designed from In Debian-based systems (including Raspbmc), you
the ground up to just access a music library and a can grab it with:
radio addon, so we decided to build one ourselves. It sudo apt-get install python-bottle
didn’t need to be able to access the full capabilities of A remote control is really just a layer that connects
XBMC, because for tasks other than music, we’d the user to a system. Bottle provides what we need to
simply switch back to a general-purpose XBMC interact with the user, and we’ll interact with XBMC
remote control. Our test system was a Raspberry Pi using its JSON API. This enables us to control the
running the RaspBMC distribution, but nothing here is media player by sending JSON-encoded information.
specific to either the Pi or that distro, and it should We’re going to use a simple wrapper around the
work on any Linux-based XBMC system provided the XBMC JSON API called xbmcjson. It’s just enough to
appropriate packages are available. allow you send requests without having to worry
The first thing a remote control needs is a user about the actual JSON formatting or any of the
interface. Many XBMC remote controls are written as banalities of communicating with a server. It’s not
standalone apps. However, this is just for our music, included in the PIP package manager, so you need to
install it straight from GitHub:
git clone https://github.com/jcsaaddupuy/python-xbmc.git
cd python-xbmc
sudo python setup.py install
This is everything you need, so let’s get coding.
Get started with Bottle
The basic structure of our program is:
from xbmcjson import XBMC
from bottle import route, run, template, redirect, static_file,
request
Setting up
Once you’ve developed your remote control, you’ll need a
way of ensuring that it starts every time you turn on your
media centre. There are a few ways of doing this, but the
easiest is just to add a command launching it to /etc/
rc.local. We installed our file to /opt/xbmc-remote/remote.
py with all the other files alongside it. We then added the
The UI still needs a bit of following line to /etc/rc.local before the final exit 0 line.
attention, but at least it’s cd /opt/xbmc-remote && python remote.py &
working.
98 www.linuxvoice.com
� XBMC REMOTE CODING
import os
xbmc = XBMC(“http://192.168.0.5/jsonrpc”, “xbmc”, “xbmc”)
Logging
@route(‘/hello/<name>’)
It’s not always clear how to do something System > Debugging, and turn on Enable
def index(name): using the XBMC JSON API, and the Debug Logging. With logging turned on, you
return template(‘<h1>Hello {{name}}!</h1>’, documentation is sometimes a little opaque. need to access the XBMC machine (eg via
name=name) One way of finding out how to do something SSH), then you can view the log. Its location
run(host=”0.0.0.0”, port=8000) is seeing how other remote controls do it. If should be displayed in the top-left corner of
you turn on logging, you can see what API the XBMC display. In RaspBMC, it’s at /home/
This connects to XBMC (though doesn’t actually use
calls are being performed as you use another pi/.xbmc/temp/xbmc.log. You can then keep
it); then Bottle starts serving up the website. In this remote control, then incorporate these into an eye on what API calls are being performed
case, it listens on host 0.0.0.0 (which is every your code. in real time using:
hostname), and port 8000. It only has one site, which To turn on logging, hook your XBMC media cd /home/pi/.xbmc/temp
is /hello/XXXX where XXXX can be anything. centre up to a display and go to Settings > tail -f xbmc.log | grep “JSON”
Whatever XXXX is gets passed to index() as the
parameter name. This then passes it to the template, The API is documented
which substitutes it into the HTML. at http://wiki.xbmc.
You can try this out by entering the above into a file org/?title=JSON-RPC_API/
(we’ve called it remote.py), and starting it with: v6. It lists all the available
python remote.py functions, but it a little
You can then point your browser to localhost:8000/ short on details of how to
hello/world to see the template in action. use them.
@route() sets up a path in the web server, and the
function index() returns the data for that path. Usually,
this means returning HTML that’s generated via a
template, but it doesn’t have to be (as we’ll see later).
As we go on, we’ll add more routes to the def get_playlistid():
application to make it a fully-featured XBMC remote player = xbmc.Player.GetActivePlayers()
control, but it will still be structured in the same way. if len(player[‘result’]) > 0:
The XBMC JSON API can be accessed by any playlist_data = xbmc.Player.
computer on the same network as the XBMC GetProperties({“playerid”:0, “properties”:[“playlistid”]})
machine. This means that you can develop it on your if len(playlist_data[‘result’]) > 0 and “playlistid” in
desktop, then deploy it to your media centre rather playlist_data[‘result’].keys():
than fiddle round uploading every change to your return playlist_data[‘result’][‘playlistid’]
home theatre PC. return -1
Templates – like the simple one in the previous If there isn’t a currently active player (that is, if the
example – are a way of combining Python and HTML length of the results section in the returned data is 0),
to control the output. In principal, they can do quite a or if the current player has no playlist, this will return
bit of processing, but they can get messy. We’ll use -1. Otherwise, it will return the numeric ID of the
them just to format the data correctly. Before we can current playlist.
do that, though, we have to have some data. Once we’ve got the ID of the current playlist, we can
get the details of it. For our purposes, two things are
Getting data from XBMC important: the list of items in the playlist, and the
The XBMC JSON API is split up into 14 namespaces: position we are in the playlist (items aren’t removed
JSONRPC, Player, Playlist, Files, AudioLibrary, from the playlist after they’ve been played; the current
VideoLibrary, Input, Application, System, Favourites, position just marches on).
Profiles, Settings, Textures and XBMC. Each of these def get_playlist():
is available from an XBMC object in Python (apart playlistid = get_playlistid()
from Favourites, in an apparent oversight). In each of if playlistid >= 0:
these namespaces there are methods that you can data = xbmc.Playlist.GetItems({“playlisti
use to control the application. For example, Playlist. d”:playlistid, “properties”: [“title”, “album”, “artist”, “file”]})
GetItems() can be used to get the items on a position_data = xbmc.Player.
particular playlist. The server returns data to us in GetProperties({“playerid”:0, ‘properties’:[“position”]})
JSON, but the xbmcjson module converts it to a
Python dictionary for us. Kodi
There are two items in XBMC that we need to use to
control playback: players and playlists. Players hold a By the time you read this, XBMC may be nothing has changed. Or at least nothing
playlist and move through it item by item as each song no more. The project team have decided other than the usual raft of improvements
finishes. In order to see what’s currently playing, we to rename it Kodi for legal reasons (and you’d expect from a new release. This
because XBMC, or X-Box Media Centre, shouldn’t affect the remote software though,
need to get the ID of the active player, and through refers to older hardware that is no longer and it should work on both existing XBMC
that find out the ID of the current playlist. We’ve done supported). Other than the name, though, systems, and newer Kodi systems.
this with the following function:
www.linuxvoice.com 99
� CODING XBMC REMOTE
The official Android This only has to grab the playlist (using the function
remote can still control we defined above), and pass it to a template that
our media player when handles the display.
we need more complex The main part of the template that handles the
functions. display of this data is:
<h2>Currently Playing:</h2>
% if playlist is not None:
% position = offset
% for song in playlist:
<strong> {{song[‘title’]}} </strong>
% if song[‘type’] == ‘unknown’:
Radio
% else:
{{song[‘artist’][0]}}
% end
% if position != offset:
<a href=”/remove/{{position}}”>remove</a>
% else:
<a href=”/skip/{{position}}”>skip</a>
% end
<br>
% position += 1
% end
As you can see, templates are mostly written in
HTML, but with a few extra bits to control output.
Variables enclosed by double parenthesise are output
in place (as we saw in the first ‘hello world’ example).
You can also include Python code on lines starting
with a percentage sign. Since indents aren’t used, you
need a % end to close any code block (such as a loop
position = int(position_data[‘result’][‘position’]) or if statement).
return data[‘result’][‘items’][position:], position This template first checks that the playlist isn’t
return [], -1 empty, then loops through every item on the playlist.
This returns the current playlist starting with the Each item is displayed as the song title in bold, then
item that’s currently playing (since we don’t care about the name of the artist, then a link to either skip it (if it’s
stuff that’s finished), and it also includes the position the currently playing song), or remove it from the
as this is needed for removing items from the playlist. playlist. All songs have a type of ‘song’, so if the type is
‘unknown’, then it isn’t a song, but a radio station.
Bringing them together The /remove/ and /skip/ routes are simple
The code to link the previous functions to a HTML wrappers around XBMC controls that reload /juke
page is simply: after the change has taken effect:
@route(‘/juke’) @route(‘/skip/<position>’)
def index(): def index(position):
current_playlist, position = get_playlist() print xbmc.Player.GoTo({‘playerid’:0, ‘to’:’next’})
return template(‘list’, playlist=current_playlist, redirect(“/juke”)
offset = position) @route(‘/remove/<position>’)
def index(position):
playlistid = get_playlistid()
JSON
if playlistid >= 0:
JSON stands for JavaScript Object Notation, As with dictionaries, the value can itself xbmc.Playlist.Remove({‘playlistid’:int(pla
and was originally designed as a way of be another JSON object, or a list, so the ylistid), ‘position’:int(position)})
serialising JavaScript Objects. It still is following is perfectly valid: redirect(“/juke”)
used for that, but it’s also a useful way of {“name”:“Ben”, “jobs”:[“cook”, “bottle-washer”], Of course, it’s no good being able to manage your
encoding all sorts of data. “appearance”: {“height”:195, “skin”:“fair”}}
playlist if you can’t add music to it.
JSON objects always have the form: JSON is often used in web services to
{property1:value1, property2:value2, send data back and fourth, and it’s well This is complicated slightly by the fact that once a
property3:value3} supported by most programming languages, playlist finishes, it disappears, so you need to create a
For an arbitrary number of property/value so if Python’s not your thing, you should new one. Rather confusingly, playlists are created by
pairs. To Python programmers, this all looks easily be able to use the same functions to calling the Playlist.Clear() method. This can also be
suspiciously similar to dictionaries, and the control XBMC from software written in the
used to kill a playlist that is currently playing a radio
two are very similar. language of your choice.
station (where the type is unknown). The other
100 www.linuxvoice.com
� XBMC REMOTE CODING
complication is that radio streams sit in the playlist
and never leave, so if there’s currently a radio station Paste
playing, we need to clear the playlist as well.
Bottle includes its own web server, which well. In order to use this, just install it (in
These pages include a link to play the songs, which is what we’ve been using for testing the the package python-paste on Debian), and
points to /play/<songid>. This page is handled by: remote control. However, we found that it change the run call to:
@route(‘/play/<id>’) didn’t always perform well. When we put the run(host=hostname, port=hostport,
def index(id): remote into action, we wanted something server=”paste”)
playlistid = get_playlistid() that could deliver pages a bit quicker. Bottle You can see details of how to use other
can work with quite a few different web servers at http://bottlepy.org/docs/dev/
playlist, not_needed= get_playlist()
servers, and we found Paste worked quite deployment.html.
if playlistid < 0 or playlist[0][‘type’] == ‘unknown’:
xbmc.Playlist.Clear({“playlistid”:0})
By editing the settings in
xbmc.Playlist.Add({“playlistid”:0,
System > Music Library,
“item”:{“songid”:int(id)}}) you can set XBMC to scan
xbmc.Player.open({“item”:{“playlistid”:0}}) for new music on startup,
playlistid = 0 so the most current music
else: gets added without manual
xbmc.Playlist.Add({“playlistid”:playlistid, intervention.
“item”:{“songid”:int(id)}})
remove_duplicates(playlistid)
redirect(“/juke”)
The final thing here is a call to remove_duplicates.
This isn’t essential – and some people may not like it return template(‘radio’, stations=my_
– but it makes sure that no song appears in the stations[‘result’][‘files’])
playlist more than once. else:
We also have pages that list all the artists in the return template(‘error’, error=’radio’)
collection, and list the songs and albums by particular This includes a file that can be added to a playlist
artists. These are quite straightforward, and work in just as any song can be. However, these files never
the same basic way as /juke. finish playing, so (as we saw before) you need to
recreate the playlist before adding any songs to it.
Adding functionality
The above code all works with songs in the XBMC Sharing songs
library, but we also wanted to be able to play radio As well as serving up templates, Bottle can serve
stations. Addons each have their own plugin URL that static files. These are useful whenever you need
can be used to pull information out of them using the things that don’t change based on the user input. That
usual XBMC JSON commands. For example, to get could be a CSS file, an image or an MP3. In our simple
the selected stations from the radio plugin, we use: controller there’s not (yet) any CSS or images to make
@route(‘/radio/’) things look pretty, but we have added a way to
def index(): download the songs. This lets the media centre act as
my_stations = xbmc.Files.GetDirectory({“directory”:” a sort of NAS box for songs. If you’re transferring large
plugin://plugin.audio.radio_de/stations/my/”, “properties”: amounts of data, it’s probably best to use something
[“title”,”thumbnail”,”playcount”,”artist”,”album”,”episode”,”season” like Samba, but serving static files is a good way of
,”showtitle”]}) grabbing a couple of tunes on your phone.
The Bottle code to download a song by its ID is :
if ‘result’ in my_stations.keys(): @route(‘/download/<id>’)
def index(id):
data = xbmc.AudioLibrary.GetSongDetails({“songid”:i
GitHub
nt(id), “properties”:[“file”]})
This project is quite bare-bones at the moment, but – the full_filename = data[‘result’][‘songdetails’][‘file’]
business of running a magazine means we don’t have as path, filename = os.path.split(full_filename)
much time as we’d like to program. However, we’ve set up
return static_file(filename, root=path,
a GitHub project where we hope to keep working on it, and
if you think you’d benefit from the project as well, we’d love download=True)
your input. To use this, we just put a link to the appropriate ID in
To see what’s going on, head over to https://github.com/ the /songsby/ page.
ben-ev/xbmc-remote and take a look at what state it’s in. We’ve gone through all the mechanics of the code,
You can get a copy of the latest code from that web page,
but there are a few more bits that just tie it all together.
or clone it from the command line.
If you want to improve it, you can fork the project to You can see for yourself at the GitHub page:
develop in your own branch, and then send a pull request https://github.com/ben-ev/xbmc-remote.
when your features are working. For more information on
working with GitHub, head to https://github.com/features. For fun, Ben Everard hacks hardware projects held together
with a big dollop of Linux and Free Software glue.
www.linuxvoice.com 101
� CODING NINJA
CODE NINJA:
TUTORIAL
LAMBDA FUNCTIONS
Anonymous functions aren’t just 4Chan meetups – they’re also
BEN EVERARD
a way to create cleaner code.
I
f we were trying to come up with a name to make
WHY DO THIS? something sound excessively mathematical, we
• Write cleaner code. couldn’t do better than lambda calculus. The
• Understand one of the phrase conjures up a picture of a stern-faced maths
formal underpinnings of
computation. teacher peering over his glasses while wearing a
• Sound clever in tweed jacket with leather-patched elbows.
conversations with other The reason it sounds so confusing is because it
programmers. hails from a time when computing was little more
than an obscure branch of maths that only interested
academics and the military.
Lambda calculus was created as mathematicians
were struggling to understand computation, and what
its limits were. It’s a very simple way of specifying
programs, and because it’s simple, it’s easy to reason
about mathematically.
Basically, lambda calculus is a way of forming
computer programs out of functions with two
restrictions. Firstly, the functions don’t have a name, The badge of the Knights of the Lambda Calculus – a
and secondly they can only take one argument. band of Lisp programmers who wait for the day when a
Functions that follow these rules are known as well-placed anonymous function will save the world.
Lambda functions. Let’s take a look at this in Python,
which supports lambda functions with the lambda Because they only contain one statement, they don’t
statement: need the return keyword to specify what they return.
>>> add2 = lambda x: x+2 Whatever is after the colon is the statement, and the
This creates a function that takes one argument (x) function will return whatever it evaluates to.
and returns the number x+2. Python imposes In this case, we’ve assigned the function to a
additional restrictions on lambda functions: they can variable called add2. You don’t have to assign the
only contain one statement and that statement must function to a variable and most of the time it’s more
return a value (which not all statements do in Python). useful not to (remember that we said functions don’t
Church-Turing thesis
We’ve looked at lambda functions in Python where another program as input and works out whether or also Turing complete, such as HTML5 + CSS3
they’re a convenient shorthand for creating not it will finish running, or not (eg whether it will (https://github.com/elitheeli/stupid-machines) and
functions to be used only once. However, the basic get stuck in an infinite loop). C++ templates (http://ubietylab.net/ubigraph/
purpose of Lambda calculus wasn’t to add The Church-Turing thesis states that anything content/Papers/pdf/CppTuring.pdf).
syntactical simplicity to high level languages. It that can be computed by a computer can be The creativity of geeks knows no bounds, and it’s
was to help understand computation. computed using lambda calculus or a Turing become a challenge to prove ever more obscure
One of the big problems in early computer Machine. However, this problem remains stubbornly things are Turing complete. Minecraft is Turing
science was working out what could be computed a thesis and has never been formally proven. Since complete (www.youtube.com/
and what couldn’t. Alonzo Church worked with lambda calculus can implement anything that a watch?v=1X21HQphy6I) and so is an infinite
lambda calculus as Alan Turing worked with Turing Turing machine can, lambda calculus is known as version of Minesweeper (http://web.mat.bham.ac.
machines. Turing-complete. If the Church-Turing thesis is uk/R.W.Kaye/minesw/infmsw.pdf), but the most
It’s possible to show that anything computable correct, any language that is Turing complete can bizarre thing we could find that is Turing complete
using a Turing Machine is computable using lambda compute anything that is computable. All is the Magic: The Gathering card game
calculus and vice versa. It’s also possible to prove general-purpose languages are Turing complete (www.toothycat.net/~hologram/Turing/
that some things can’t be computed using Turing – as you would expect – but so are some languages HowItWorks.html). If the Church-Turing thesis is
Machines or lambda calculus. For example, the that are quite restrictive. For example, sed is Turing correct, this means that it’s possible to port any
halting problem can’t be computed. This means complete (see www.robertkotcher.com/sed.html for computer program to run on the Magic: The
that it’s impossible to write a program that takes proof). Some more powerful markup languages are Gathering card game. Weird, huh?
102 www.linuxvoice.com
� NINJA CODING
have names?), but we’ll get onto that in a bit. You can
run the function with:
>>> add2(1)
3
So far, this just looks like a slightly awkward way of
creating functions. You could be forgiven for
wondering why Python includes this slightly odd
theoretical concept. One of the advantages of lambda
functions in Python is that they can be a very
convenient way of specifying a function that will only
be used once. Typically, this when a function is
needed as a parameter.
For example, take a look at the following function
from the XBMC remote elsewhere in this issue’s
coding section:
def get_artists():
data = xbmc.AudioLibrary.GetArtists()
return sorted(data[‘result’][‘artists’], key=lambda k:
k[‘label’]) Lambda calculus gets its name from the lower-case Greek letter lambda, which is used
Here, the Python function sorted() can take an to denote anonymous functions. It’s shown here calculating the Church numerals.
argument called key which specifies a function that is
called on each element to be sorted that returns the This chaining – also known as currying – enables
value that the items should be sorted on. In this case, you to build up functions of arbitrary complexity. It
key is a lambda function that takes a dictionary as its also enables you to build functions by fixing particular
parameter and outputs the particular item from that parameters in other lambda functions. For example
dictionary that we want to sort on. We could define a (following on from the previous session):
function in the usual Python way (by using def and >>> add10 = add(10)
giving it a name). However the lambda notation is >>> add10(1)
clearer and simpler. 11
This is rarely used in Python, but it can be used in a
Hello again, Mr Turing! few ways. For example, we could use it to create
Lambda calculus wasn’t created as a convenient logging functions for system and application errors in
shorthand. It was created as a method of defining Python 3:
computation. Like Turing machines, lambda calculus >>> p_log = lambda er: lambda msg: print(er, msg)
is a computationally complete language. That means >>> p_sys_err = p_log(“System error:”)
that anything that can be computed, can be defined >>> p_app_err = p_log(“Application error:”)
using lambda calculus (not necessarily in Python’s >>> p_sys_err(“operating system problem”)
restricted version of it though). System error: operating system problem
Obviously this isn’t possible if each function can >>> p_app_err(“the application has crashed”)
only operate on a single value. Lambda calculus also Application error: the application has crashed
allows chaining of functions to build up more complex You need to use Python3 because in previous
operations. For example, you could create a function versions of Python, print() didn’t return a value, and so
to add two values together with: couldn’t be used as a lambda statement (in Python3,
>>> add = lambda x: lambda y: y+x print() is a function that returns None).
>>> add(3)(2) In Python, the restriction to only one statement
5 means you can’t loop through data, since there can’t
be any code blocks. However, you can still use if
statements using a slightly different format:
Beyond Python
x if <conditions> else y
Most programming languages allow anonymous functions For example, you could use this to return the lowest
(you can argue about whether an anonymous function with number in a pair using:
more than one argument is really a lambda function). The
>>> min = lambda x: x[0] if x[0]<x[1] else x[1]
only commonly used general purpose languages without
them are C (though they are supported in Clang) and >>> min([3,5])
Fortran. No other common language has the single >>> 3
statement restriction of Python. Python doesn’t need lambda functions. Everything
The syntax and terminology varies from language to you do with them could also be achieved without
language, but they’re usually used for cases similar to
them. However, there are several places where they
those we’ve looked at here when functions need passing as
arguments in other functions, particularly in callbacks can be used to make your code more readable. This is
(which we looked at in LV007). usually in places where a function object is passed
(like in the sort example above).
www.linuxvoice.com 103
� CODING SOPHIE WILSON AND ARM
SOPHIE WILSON, ACORN AND
TUTORIAL
THE DEVELOPMENT OF ARM
JULIET KEMP
ARM chips – via Android and smartphones – are taking Linux to
the masses. Here’s what makes them so special.
B
y 2014, over 50 billion ARM processor cores that they would have a machine to demonstrate
had been shipped since the first ARM chip was within the week. They made it – just.
created by Sophie Wilson in the mid-1980s. Wilson ported the OS across to the Proton’s raw
Ten billion of those were produced in 2013, so by the hardware, and installed BASIC, in the two hours
time you read this, the figure is probably coming up on between the hardware working and the BBC arriving
60 billion. This meteoric rise from a mere 10 billion for the demo.
ever shipped in 2008 mirrors the rise of mobile However, what we’re looking at in this article is ARM,
computing. Nearly 60% of mobile devices, and 95% of the Acorn RISC Machine, one of the first RISC
smartphones, contain an ARM-based chip. You’ve processors, which later became one of the most
probably got one in your pocket right now. I certainly successful IP cores of the 1990s and 2000s, in
have. So where did they start out? particular for use in mobile devices.
Sophie Wilson was born in Leeds in 1957, and
studied maths at Cambridge. In 1978, during the Creating ARM
big microprocessor boom (see the BASIC article in The ARM chip was a specific instance of a RISC
LV005), she was working with Hermann Hauser to processor. Reduced Instruction Set Computing (RISC)
solve a problem for a fruit machine manufacturer. originated at IBM. It meant that instead of the
Someone had developed a hack which used a increasingly complex instructions that processors
cigarette lighter to shock (literally!) the new electronic were using in the early 1980s, a RISC processor would
machines into disgorging cash. Wilson created a use a limited set of simple instructions. However, IBM
radio receiver to detect the cigarette lighter spark, hadn’t really got anywhere with the idea – they’d
solving that problem; whereupon Hauser challenged created a RISC processor after months of work
her to create a working PC by the end of the summer. simulating instructions on a mainframe, but it was a
Wilson succeeded, and six months later, Hauser’s commercial flop. Meanwhile, working on the BBC
company, now relaunched as Acorn Computers, machines, Acorn were becoming frustrated by the
started offering the Acorn System One, with a princely limitations of the BBC’s microprocessor. The main
512B of RAM, for £70. Everything was built in-house: problem was the memory interface: how fast a chip
logic circuits, assemblers, BASIC interpreters – the lot. could fetch, and thus execute, transactions. Wilson
By mid-1981, the UK PC market was dominated by found it frustratingly slow, and it was restricting what
the ZX81 (by Clive Sinclair, and available in WHSmith they could do with their secondary processors.
shops) and the Acorn Atom (more expensive, and only After reading one of the first papers about RISC,
available as a kit from Acorn).
In 1981, Wilson improved and extended the Acorn’s
IP cores
version of BASIC into the Acorn Proton, which then
became the BBC Micro and had its BASIC developed A semiconductor IP (intellectual property) core is a chunk
into BBC BASIC. The Proton was built in a week after of chip or logic design that is the intellectual property of
Chris Curry, co-founder of Acorn, promised the BBC a particular party, usually a company. The chunks can be
used as building blocks for larger chip or logic designs.
They may be used only by that company or may be
licensed out. The ability to license designs like this means
that chip makers can use a standard set of processors
and internal functions, and then focus on specific features
or innovations of their particular chip. This has sped up
development significantly since it became common in the
1990s. IP cores can be soft cores, described in a ‘high
level’ hardware description language (and thus modifiable
The first ARMv1 in an
by the chip maker), or hard cores, described as a physical
evaluation system. ARM description (and thus not modifiable). ARM architectures
chips have begun to show are soft designs and are licensed and used in a huge
up in servers for the first range of systems. A major advantage of being an IP
time, though they’ll have a core company is that you don’t have to pay for the (very
long way to go to challenge expensive) kit to fabricate your own chips.
Intel’s dominance.
104 www.linuxvoice.com
� SOPHIE WILSON AND ARM CODING
Wilson and Acorn started investigating their options. A
visit to the huge facilities at National Semiconductors
RISC
in Israel was depressing; Acorn couldn’t afford
The basic idea behind Reduced Instruction RISC is inherently more power-efficient
anything like that. Then they visited the much smaller
Set Computing (RISC) is that you can than, say, x86, because a RISC instruction is
but very successful Western Design Centre in Arizona, get better performance (compared to a always four bytes long. That means that the
which consisted of only a couple of bungalows and a complex, specialised instruction set) out chip doesn’t have to expend any processor
small team of engineers and students. Reassured that of a simplified instruction set running on power in parsing the length of the instruction
you didn’t need a huge operation to design processors, a microprocessor which needs as few as and separating instructions. So (put very
possible cycles per instruction. The ‘reduced’ simply) a RISC instruction takes less energy
Wilson got stuck into designing the ARM instruction
refers not necessarily to the number of to handle, and can be understood by a
set back at her desk at Acorn (and in the local pub over instructions, but to the amount of work that smaller chip.
lunches with colleagues!). Steve Furber was then an instruction does – each instruction should The two projects most associated with
responsible for turning Wilson’s instruction set into use a single clock cycle (often achieved RISC are Stanford’s, which emerged into the
something that could be produced at a factory. by using a technique called pipelining). A commercial world as the MIPS architecture,
precise definition is hard to pin down, but and Berkeley’s RISC, which eventually
Eighteen months later, they had the first working ARM.
two common RISC traits are a small, highly became SPARC. IBM’s efforts (after their
It’s odd that what is now the major selling point of optimised set of instructions; and load/ initial commercial flop) eventually led to the
ARM processors, their low power consumption, was store architecture, where memory must be Power Architecture. And of course ARM has
only a side effect. What Acorn were interested in was accessed through specific instructions, rather been incredibly successful, as have other
low cost, and low cost meant plastic. Plastic is a good than as part of other instructions. RISC architectures.
insulator, which is bad news on a high-power chip as
the heat takes longer to dissipate and your chances of
frying the chip increase. So that in turn meant keeping especially on embedded hardware with limited
the ARM power consumption under 1W. memory bandwidth. If you’re interested in the details
However, when they got the first test chips back and of the registers (37 of them), processor modes,
plugged them into a development board, the chip exception handling, and so on of current ARM chips,
worked – but seemed to be consuming no power at there’s a great lecture online at http://www.ee.ncu.
all. It turned out that there was a fault in the board, edu.tw/~jfli/soc/lecture/ARM_Instr_Set.pdf from
and the power supply line wasn’t working. The chip Jin-Fu Li, National Central University, Taiwan. You can
was, as Wilson explains, “running on leakage from the also get extensive documentation for various chips
logic circuits”. The chip consumed an incredibly low from the ARM website.
0.1 watts. Wilson’s ARM, it turned out, was a I wasn’t able to find an instruction set for ARM v1,
particularly efficient version of RISC. but 1987 documentation for ARM v3 should have
Wilson rewrote BBC BASIC in ARM assembler very largely the same instructions (with a larger address
efficiently, but the first complete ARM computer was space). They divide into five basic groups:
the Acorn Archimedes in 1987. It and its successors Data manipulation (ADD, AND, MOV, SUB, CMP
were among the most powerful home computers at etc).
the time. Of more long-term importance, Apple had Load and store (LDR to load a register and STR to
realised that the ARM processor needed only a small save one).
amount of chip real estate – making it possible to Multiple load and store (LDM, STM).
squeeze further processing power onto the same Branch – conveniently jump between instructions.
chip. Apple invested heavily in ARM for the Newton Software interrupt (SWI, but there are many
(the first ever tablet, which flopped); but the different expressions that can be passed to it to
investment paid off later in the iPhone, iPod, and iPad. determine what it does, including keyboard output
and input).
ARM architecture and instruction set Let’s take a look at some ARM assembler code.
When Wilson and the other Acorn folk were designing This example from an ARM handbook multiplies a
ARM, they weren’t dedicated to sticking exactly to the
model set by Berkeley RISC. They kept the load/store
architecture, the fixed length instructions, and the
three-address instruction format (destination,
operator 1, operator 2). They rejected register
windows, branch delay slots, and universal single-
cycle instructions (most ARM instructions are
single-cycle, but not all of them). ARM also initially
lacked multiply and co-processor support. It had a
32-bit data bus, 26-bit (later 32 bit) address space, and
27 32-bit registers.
Since ARMv4T, ARMs have a second instruction
set: the 16-bit Thumb set. This increases compiled
code density by reducing the available functionality. Acorn Archimedes
The shorter opcodes also improve performance, setup in 1987
www.linuxvoice.com 105
� CODING SOPHIE WILSON AND ARM
Sophie Wilson was made a transferred into the Ra register. So this line just
Fellow of the Royal Society multiplies Ra by 2. Since the previous line multiplied
in 2013, for having made “a Ra by 3, the total effect is to multiply the contents of
substantial contribution to Ra by 6 and store the result back in the Ra register.
the improvement of natural You may have noticed that multiplying by 8 would
knowledge”. have been rather easier:
MOV Ra,Ra,LSL #3
And, of course, there are many ways to achieve the
same result. The left-hand operand must always be a
single register, but the right-hand operand can, as
here, contain other operations. This versatility is
helpful when maximising code efficiency.
Here’s a slightly more complicated example. I’ll use
the code from the Grace Hopper article from LV002,
which instructed UNIVAC to add a series of numbers
stored in memory addresses 100–999. Memory in
UNIVAC was a series of registers from 0-999, whereas
memory in ARMv1 used a 26-bit address value, with a
4 byte (32 bit) word length. This means that ARM
word addresses start at 0 and go up in 4s: 0, 4, 8, ...
64M. I’ve translated UNIVAC addresses 100-999 as
ARM memory addresses &1000-&1E0C (in
hexadecimal). A semi colon denotes that the rest of
the line is a comment. This is theoretical code, not
tested, but should give you an idea of how ARM
assembler works.
value by 6: MOV R0,#0 ; Zero the running total
ADD Ra,Ra,Ra,LSL #1 ; multiply by 3 MOV R1,#0 ; Zero the number that holds the next value
MOV Ra,Ra,LSL #1 ; and then by 2. MOV R2,#1000 ; Store memory address 1000 into R2
ADD .LOOP ADD R0,R0,R1 ; Label loop, and R0 := R0 + R1
takes three arguments: one destination and two LDR R1,[R2],#4 ; Load the contents of R2 address and
operands. So increment it
ADD Ra,Rb,Rc TEQ R2,#1E10 ; test which address we’re at
means BNE LOOP ; carry on unless we’re done
Ra := Rb + Rc SWI WriteI+R0 ; output the running total with SWI (pseudo-
(where Rn is register n). However, the line here code)
seems to have a third operand, LS#1.In fact, the Let’s look at that in more detail:
second operand isn’t Ra, but MOV R0,#0 this loads the literal value 0 into R0.
Ra,LSL #1 The next two lines work similarly, initialising R1 and
LSL #n means Logical Shift Left n places, which R2.
effectively multiplies the number stored in Ra by 2n. LOOP this is a label for the first line of the loop.
(Similarly, if using logical shift right (LSR), ADD R0,R0,R1 as above, R0 := R0 + R1. Note that
Ra,LSR#n the first time around, this translates as R0 := 0 + 0,
divides Ra by 2n.) So here, Ra,LSR#1 multiplies Ra ie nothing happens.
by 21 = 2. Thus, LDR R1,[R2], #4 Load contents of address held in
ADD Ra,Ra,Ra,LSL #1 R2 into R1, then increment R2 by 1 word. Note that
means this requires the numbers you’re adding to be single-
Ra := Ra + (Ra * 2) word length. The first time through the loop, this will
ie load the contents of memory address 1000 into R1
Ra := Ra * 3. (so the next time through the loop, the ADD line will
To add an absolute value, you could write it like this: add it to R0), and increment the memory address
ADD Ra, Ra, #1 stored in R2 ready for the next time through the
This would add 1 (the absolute value 1) to Ra, and loop.
store the result back into Ra – acting as an increment TEQ R2,#1E10 – TEQ compares its two operands,
line. MOV transfers its operand to the destination here the value of R1, and the address 1E0C (the
register: address after the final memory address we want.
MOV destination, operand The Z result flag is set to 1 if they are equal, 0 if not.
So here: BNE LOOP – B is the simple branch instruction,
MOV Ra,Ra,LSL #1 and send us back to the LOOP label. The conditional
means that Ra,LSL#1, that is, Ra * 21 = Ra is suffix NE stands for Not Equal. If Z is not set, then a
106 www.linuxvoice.com
� SOPHIE WILSON AND ARM CODING
BNE instruction will run. If it is set, then BNE is not
true, and will not run. The opposite of this is EQ.
BEQ would run if Z is set, and not if not. This
instruction stops the loop if we’ve passed the final
memory address, ie we have run out of numbers to
add.
SWI WriteI+R0 – SWI offers a call-out to other
instructions, and the instructions available will
depend on the details of the architecture. Input/
output are usually available, and this pseudocode
outputs R0.
If you want to delve further into ARM Assembly
language programming, I strongly recommend the
web-based version of Pete Cockerell’s 1987 book,
ARM Assembly Language Programming, at
www.peter-cockerell.net/aalp/html/frames.html.
This covers specifically ARMv3, but I found it to be a
useful reference for the basics of ARM programming
(and an interesting document!). An ARM quick
reference card is available from ARM at http://
infocenter.arm.com/help/topic/com.arm.doc. RISC OS 3 – an OS that
qrc0001m/QRC0001_UAL.pdf. improvement. (For comparison, Apple’s colour UI OS, lives on in a version for the
System 7, was released in 1991.) Further Raspberry Pi.
RISC OS developments were made in RISC 3.x versions,
Acorn’s other big achievement was RISC OS. After including a bunch of useful built-in applications and
some financial problems, in 1985 Olivetti took a improved font support.
controlling stake in Acorn, but the company continued Acorn released the new RiscPC in 1994, with 16
to operate independently. During this time, Acorn was million colour display and the ability to handle up to
developing RISC OS for the Archimedes, and released 256MB of memory (rather than the 16MB of previous
it in 1987 as Arthur 1.20. The original aim was to machines). RISC OS 3.5 was released to handle these
develop something similar to the functionality of the improvements but otherwise was pretty similar to
BBC Micro/Master OS, while waiting for the more previous releases. Further updates were similarly
complicated ARX system to be ready for release. hardware driven.
However, Arthur’s small size, constant delays of the In 1999, following further financial problems, Acorn
ARX project, and the realisation that Arthur could be was renamed as Element 14 Ltd, after which it was
extended to provide a window manager and desktop bought out. ARM Ltd had been spun off in 1990, and
environment, meant that ARX was eventually dropped was doing very well, so this move allowed Acorn
and Arthur/RISC became Acorn’s main OS. It had a shareholders to cash out their much more lucrative
primitive GUI, but could only run one application at a ARM stock. Element 14 carried on with DSL
time, and most work was done via the command line. technology, and a new company, RISCOS Ltd, licensed
Arthur 2 became RISC OS 2 and was released in RISC OS from its eventual new owners. RISC OS 4
1989. The GUI was now the main way of interacting was released shortly after, and RISC OS 6 in 2006.
with the OS, and it had added some co-operative RISC OS remains under development. (RISC OS 5 is a
multitasking. Graphics and sound were also a big separate fork by Castle Technology.) If you fancy
giving it a go, you can buy a RISC OS emulator USB
stick for Windows, Mac, or Linux, from
www.riscosopen.org, or RISC OS is also available for
the Raspberry Pi.
Meanwhile, Sophie Wilson is still working for
Broadcom (who bought out Element 14) and was the
chief architect of their Firepath processor. She was
awarded the Fellow Award by the Computer History
Museum, California, in 2012, was elected as a Fellow
of the Royal Society in 2013, and is considered one of
the most important women in tech history. Think of
her the next time you check your phone.
Juliet Kemp is a scary polymath, and is the author of
Arthur 1 was tiny – you could run it on a 512K machine
O’Reilly’s Linux System Administration Recipes.
with a floppy disk – but full of functionality.
www.linuxvoice.com 107
� MASTERCLASS OPENSSL
MASTERCLASS
Essential Linux tools explained – this month, SSL, the tech
BEN EVERARD that enables secure connections over the web.
SECURE YOUR WEBSITE WITH
SSL ENCRYPTION
SSL Secures the web. Understand what that means with a practical example.
S
SL is the Secure Sockets Layer. It’s the SSL is a cryptographic protocol that enables two
JOHN LANE technology that secures the web, and just parties such as a web server and a browser to
about everyone who has used a web browser exchange information securely by encrypting it before
will have heard of it and (especially after the recent sending and decrypting it upon receipt.
Heartbleed incident) its widely-used open source Encrypting and decrypting requires a secret, like a
implementation: OpenSSL. password, which is known as a key. A symmetric key
SSL provides a secure communications channel can both encrypt and decrypt, whereas an
over an insecure network. Its best-known use is to asymmetric key can only do one or the other and
secure the connection between a web server and therefore requires a key-pair; one for encryption, which
browser but it also has other uses, such as securing can be given to anyone (a public key), and another for
the transmission of email. decryption that must be kept secret (a private key).
OpenSSL is both a toolkit and library that Asymmetric ciphers are more complex than
implements SSL. The library is also used by other symmetric ones, and therefore have a higher
tools that use cryptography such as SSH. Most computational overhead. This makes a symmetric
distros will install OpenSSL by default or as a cipher preferable for data transmission, but presents
dependency of another application like your web the challenge of sharing a symmetric key between
browser. Check that you have it: two parties previously unknown to each other.
$ openssl version SSL solves this key exchange problem by using an
OpenSSL 1.0.1h 5 Jun 2014 asymmetric cypher to encrypt the symmetric key.
You should expect to see at least version 1.0.1g, Here’s what happens when you access a website
because this is the one that fixed the Heartbleed bug. secured with SSL.
If you need to install or update, you should find it in The client (web browser) connects to the server
your distro’s repository. (website) using a URL that begins with https:.
The Server sends its SSL Certificate to the client.
The client validates the certificate.
Protocol variations
The client generates a random symmetric key and
There are several versions of the SSL TLS added the ability for a client to encrypts it using the public key contained in the
protocol, the latest being 3.0, after which connect to a server’s standard port and then certificate.
it was renamed Transport Layer Security negotiate a secure connection. Prior to this, The client sends the encrypted symmetric key to
(TLS) and has since seen several revisions. SSL required a dedicated secure port. To be
the server.
The current TLS version is 1.2. The terms used this way, TLS uses a protocol-specific
SSL and TLS are often used interchangeably method to negotiate the switch, and not The server uses its private key to decrypt the
despite their differences (for example, TLS all protocols include one. StartTLS is the symmetric key.
1.0 is also known as SSL 3.1) and SSL has protocol-specific method supported by email The server and client encrypt all further
now become a generic term for describing protocols. There is an HTTP Upgrade header communication sent in either direction using the
secure websites. that allows an HTTP connection to negotiate
symmetric key.
When a connection is established between TLS as specified by RFC2817 but
a client and server, the protocol negotiates it isn’t widely implemented. HTTP continues At the end of the session, the symmetric key is
and uses the latest version that they both to use separate ports: 80 for unsecured discarded.
support. HTTP and 443 for HTTP over SSL/TLS. The process is repeated for further sessions.
An SSL certificate is like an envelope with the public
108 www.linuxvoice.com
� OPENSSL MASTERCLASS
Is that really you?
As well as transporting the public key, the company accounts. EV certificates can only
certificate also permits identity validation, be issued by CAs who pass an independent
which enables a web browser to confirm audit as required by the CA/Browser Forum
that the web server that it is communicating (see www.cabforum.org), making them
with is the one that it thinks it should be expensive and difficult to obtain. Domain
communicating with. validated certification may suffice for
This works because a signed certificate some applications – low-cost and fee-free
cannot be modified, and the certificate certificates are offered by cacert.org, startssl.
authority (CA) is trusted to perform identity com and comodo.com.
validation before issuing a certificate. There is no technical difference between a
It is, however, up to the CA to decide how it normal and an EV certificate – both offer the
verifies an entity’s identity, and this can vary same level of encryption. The EV certificate
from basic domain validation using whois carries a Certificate Policy Object Identifier
data to extended validation that mandates and browsers are hard-coded to recognise
specific checks that require submission them (the latest browsers add a green
Firefox and the other major web browsers enable you to of physical documents like passports or highlight to the address bar).
look inside a server’s certificate.
key inside. It is signed so that the recipient can be encrypted key whenever it is used, making them less
confident that the contents have not been altered and useful on servers. A passphrase can be removed:
can be trusted. This is done by a certificate authority $ openssl pkey -in private-env.key -out private.key
(CA) using its own certificate that is also signed, either You can use PEM format keys with X.509, and you
by another CA or self-signed. can use OpenSSL to create the certificate signing
A CA’s certificate that is self-signed is a root request (CSR):
certificate and those that are pre-installed in web $ openssl req -new -key private.key -out request.csr
browsers are trusted implicitly. Web browsers include This will request some data from you, but the most
the root certificates for the major certificate authorities important field is the Common Name. This must
that provide the certificates used by most websites. match the domain that the certificate is for. The
A certificate is trusted if its signings can be traced remaining fields can be completed as desired, or as
back to a trusted root certificate. This Public Key mandated by the CA. Enter a period . for a blank field.
Infrastructure underpins SSL and is defined by a Once you have the certificate signing request, you’ll
standard called X.509. need to submit it to a certificate authority using their
own procedures.
Get the key
OpenSSL supports the X.509 standard, and you can Be your own certificate authority
use it to prepare a certificate signing request that you For testing or internal use, a self-signed certificate
need to send to a CA to get a new certificate. If you may be all you need, and creating one is similar:
have a certificate, you can use it to sign other $ openssl req -new -key private.key -x509 -out mycert.crt
certificates. You can even create your own self-signed The -x509 option is what causes a certificate to be
certificate and be your own certificate authority. But, written instead of a CSR. The information required for
before you begin, you need your own private key: a CSR applies here too, and you will be prompted to PRO TIP
$ openssl genpkey -algorithm rsa -out private.key enter it. You can add further parameters such as You can see the root
$ chmod 400 private.key -days, which changes the certificate’s validity from the certificates included
in Firefox at
You can choose the key generation algorithm, but 30 day default. mzl.la/1mpp0cV.
the usual choice for SSL is “RSA”, because it can Self-signed certificates are useful for development
generate larger keys (up to 4,096) bits. Remember to and testing and other internal purposes but have
change the access permissions of the key file to keep otherwise limited use because they lack trust. To get a
it secret. You can then extract the corresponding trusted certificate, you will need to send a certificate
public key: signing request to a trusted certificate authority.
$ openssl pkey -in private.key -pubout -out public.pem You can use your own certificate (whether signed
pem means Privacy Enhanced Mail, and is a file by a trusted CA or self-signed) to sign new certificates.
format that uses base64 encoding. You can specify $ openssl x509 -req -in request.csr -CA mycert.crt -CAkey
other formats, such as der, which is a binary private.key -out cert.crt
equivalent of pem. You’ll need to add -CAcreateserial the first time you
You can further secure a private key by encrypting it do this so that OpenSSL creates a serial number file
with a triple-DES symmetric key. Add -des3 when (it’s then used automatically for subsequent
generating the private key or encrypt an existing certificates). Alternatively, you can use -set_serial to
private key with supply a specific serial number.
$ openssl pkey -in private.key -des3 -out private-enc.key We’ve explained how SSL works and how you can
You will need to enter the passphrase for an use OpenSSL to create certificates. Next, we’ll use a
www.linuxvoice.com 109
� MASTERCLASS OPENSSL
real certificate authority to get a certificate and use it
to set up a secure SSL website. SSL gives visitors to a
website confidence that it is genuine and that the
information supplied to it is safe. If you run a website,
you can increase your users’ confidence by
supporting SSL and you can do this without costing
the earth. In fact, you can do it for free.
StartSSL is a certificate authority with trusted root
certificates in most major web browsers that offers
free one-year domain-verified SSL certificates.
All you need is a domain that you can receive
administrative email for – they send a verification
email to either the ‘postmaster’, ‘hostmaster’ or
‘webmaster’ address for the domain. There are no
additional checks (such as verifying domain
ownership) made for these free certificates, but you
can pay a fee for extended validation.
We’ll use StartSSL to create a basic, fee-free The beginnings of a typical SSL conversation.
domain-validated certificate. These are good for one
domain (eg example.com) and one subdomain (eg Install to install it into in your browser, which should
shop.example.com) which means that one certificate respond with a pop-up confirming the certificate
could theoretically be used for two sites. However, installation. The web page then displays links
given that you can create as many certificates as you explaining how to back up the key that was just
wish, there isn’t really any limitation on what you can installed. Do that, then click the Finish button.
do (you can also get wild-card multiple domain With your client certificate installed, you can click on
certificates, but they are not free). the Control Panel button. The Authenticate button
The first thing to do is to sign up for an account at there uses your client certificate to authenticate you,
www.startssl.com. You have to enter your personal and is how you log in to the StartSSL website on
details including address and phone number, and return visits.
these may be used depending on the level of Once authenticated, you can use the control panel’s
validation that you require. tool box, certificates wizard or validations wizard.
You will be sent a verification email containing a
code that you need to enter into the website. It then Domain Validation
sends a second email containing a link and another Before you can create a certificate, you must perform
verification code. Clicking that link and entering the the domain validation, and you can validate as many
code takes you to a Generate Private Key page. domains as you want using the Validations wizard.
The private key is for a new client certificate that will You enter a domain and it sends an email to an
be installed in your browser and will be used to administrative address for the domain (your choice of
authenticate you with StartSSL instead of a username either ‘postmaster’, ‘hostmaster’ or ‘webmaster’)
and password (using an SSL certificate to containing a validation code that needs to be entered
authenticate onesself is a little-used capability of web on the website to complete the validation.
browsers that few people are aware of). The validation lasts for 30 days, but you can
Leave the drop-down with ‘High Grade’ selected and re-validate whenever you need to.
click on Continue to generate the key. Next, press You use the Certificates wizard to create certificates
for validated domains. You can supply a Certificate
Signing Request (CSR) or have StartSSL generate one,
including a private key for you. While this convenience
might sound nice, and StartSSL states that no copies
of generated private keys are kept at any stage, it’s a
really bad idea for anyone but you to have access to
your private key. For this reason we recommend that
you use a CSR! It’s easy to create a CSR using
OpenSSL on your own machine:
StartSSL offers SSL $ openssl req -new -key private.key -out request.csr
certificates ranging from
The -key option specifies the private key to use. If it’s
fee-free domain-validated
omitted, a new private key will be generated and you
certificates through to
the extended validation will be prompted to supply the required information.
certificates necessary StartSSL only uses the public key embedded in the
to turn your browser’s CSR and ignores any applicant data so, when creating
address bar green. the CSR, you can just accept the defaults or enter
110 www.linuxvoice.com
� OPENSSL MASTERCLASS
meaningful detail; it doesn’t matter.
In the StartSSL Certificates wizard, choose ‘Web
Server SSL/TLS Certificate’ and, to use a CSR, press
the skip button to bypass the private key generation.
Gather the text of the CSR (eg ‘cat request.csr’) and
paste it into the box in the Wizard. The response within the <VirtualHost _default_:443> block: StartSSL installs a client
indicates success and reminds you that all content of Set DocumentRoot to the directory where this certificate into your
the certificate signing request is ignored except its virtual host’s files will reside (eg /srv/https) browser to authenticate
public key. Press ‘Continue’. Set ServerName to the domain covered by the you.
You are then presented with your validated server certificate and the https port (443) (eg
domains; select the relevant one. You are then mydomain.com:443).
presented with a box to enter one subdomain (you’ll Set SSLCertificateFile to the path of the server
need to pay if you need a certificate for multiple certificate (eg /etc/httpd/conf/server.crt)
domains or sub-domains). Enter a subdomain (like Set SSLCertificateKeyFile to the path of the private
‘www’) and press Continue. key (eg /etc/httpd/conf/private.key).
PRO TIP
After a final confirmation of the domain and If your certificate has intermediate certificate
sub-domain, press Continue once more. The authoritity certificates, concatenate them into a single You can access your
certificates at Toolbox >
certificate is displayed on the screen. Copy and paste file and set SSLCertificateChainFile to its path (you Retrieve Certificate on the
it into a local file. It’s customary to use a .crt file don’t need to do this for StartSSL but may need to if StartSSL website.
extension, like server.crt. Once the certificate has you get your certificate elsewhere). If you have set
been obtained, the CSR can be discarded. You now DocumentRoot to a new directory path, a <Directory>
need to install the certificate and associated private entry may be required to make it accessible:
key on your web server. <Directory “/srv/https”>
Order allow,deny
Webserver configuration Allow from all
Assuming that you have an Apache webserver already </Directory>
installed and working without SSL, we’ll now configure Now, edit the main Apache configuration file, httpd.
a new SSL virtual host, and afterwards another one conf, to uncomment the line that includes the SSL
for the subdomain. configuration:
Now we need the private key and the new site # Secure (SSL/TLS) connections
certificate file from StartSSL. The exact location for Include conf/extra/httpd-ssl.conf
the Apache configuration depends on your Linux And, finally, restart Apache, in the appropriate
distribution. On Arch Linux it’s at /etc/httpd/conf. manner for your system. Systemd users can use
Copy the private.key and server.crt, for example: $ systemctl restart httpd
$ scp private.key server.crt root@webserver:/etc/httpd/conf Assuming there is content at the document root,
Then edit the default Apache SSL configuration, pointing a browser to the new site should work with
which may be found in the extra subdirectory and no security warnings and the browser should display
called httpd-ssl.conf. Make the following changes, all its padlock icon to show that the connection is secure.
Apache’s Name-based virtual hosts support enables
you to configure further SSL virtual hosts in a similar
SSL, virtual hosts and SNI way. Find the Listen 443 stanza in httpd.conf and add
another to enable it on port 443:
Historically, it wasn’t possible to host multiple SSL hosts on
NameVirtualHost *:443
a single IP address and port because the web server needs
to know the host name to choose the correct certificate, but This relies on Server Name Indication (SNI) to
this information is wrapped up in the encrypted content and, resolve hosts by name, as described in the boxout,
therefore, can’t be accessed until the encryption is left. With name-based virtual hosts configured, you
established. This has been solved by Server Name Indication can add further blocks for additional virtual hosts:
(SNI), an extension to the https protocol that presents the
<VirtualHost *:443>
host name during the pre-encryption handshake.
Support isn’t universal, however, and it’s likely that a DocumentRoot “/srv/https/subdomain.mydomain.com”
browser that doesn’t support it will be offered the incorrect ServerName servername.mydomain.com:443
certificate, because the SNI is missing. If a web server SSLCertificateFile /etc/httpd/conf/private.key
receives a request without SNI, it will fall back to a default SSLCertificateKeyFile /etc/httpd/conf/server.crt
certificate. Apache uses the first virtual SSL host’s
</VirtualHost>
certificate when this happens. This may result in an
unexpected certificate being returned to the browser, which A server re-start is required for the configuration
may trigger a security warning. You can change this changes to take effect. Restart the server and point
behaviour by enabling SSLStrictSNIVHostCheck so it your browser to the virtual host’s URL.
returns a 403 error page instead.
This won’t be an issue if all the virtual hosts share the John Lane is a technology consultant with a penchant for
same certificate (perhaps they are subdomains or you have Linux. He helps new business start-ups make the most of
a certificate that covers multiple domains). open source.
www.linuxvoice.com 111
� DVDPAGES
Distros, videos, podcasts – get the latest Linux goodness today!
DVD 008
SOMETHING FOR EVERYONE
Welcome to the DVD! We spent Hat for supporting the CentOS more accessible. Arch won our
a lot of time umming and ahhing community, and effectively giving distro group test last issue, so
about which distro should take away its flagship product for free. if you’ve been dying to try it but
centre stage this month, and (Of course, many CentOS dabblers a bit daunted by the installation
ultimately we went for CentOS. It’s will go on to buy RHEL support process, here’s your chance.
true that it’s not the most cutting- subscriptions, so the company Then there’s the snazzy
edge distro out there, but in its Red benefits in the end.) Elementary OS, videos and
Hat Enterprise Linux form it has But that’s just the start: we also pocasts. Enjoy exploring!
brought Linux and open source to have the latest release of Manjaro,
tens of thousands of businesses one of the hottest up-and-coming Mike Saunders, Disc Editor
around the world. Kudos to Red distros, which makes Arch Linux mike@linuxvoice.com
Ultra-reliable desktop and server distro
CentOS 7 (64-bit)
Red Hat Enterprise Linux, rebuilt for the community.
W
e love playing with bleeding-edge distro, built from the sources of Red Hat
software at Linux Voice HQ. Enterprise Linux. It will be supported until at
Trying the latest apps, poking least 2020, so if you install it now, you can
around in new window managers, fixing still be rocking CentOS 7 at the end of the
breakage when init systems change – it’s all decade. It’ll just keep chugging on and on, so
part and parcel of being an ever-inquisitive it’s perfect for production machines where
Linux user who loves to explore under the reliability is paramount, and you just want
surface. We know you love tweaking and things to keep working day-in, day-out.
customising too, which is why Arch has
become so popular. Booting it up
But sometimes you need more stability On the Linux Voice DVD you’ll find the 64-bit
and consistency – especially on servers, or version of CentOS 7, including the Gnome CentOS sports the “classic” version of Gnome 3,
in businesses. You want your distro to be desktop and various productivity apps, so it’s more like the previous desktop release.
supported for years, to be well tested, and directly bootable from the disc. Just pop it in
to not suddenly break with the next round your drive and reboot, and you should be
of updates. CentOS is exactly one such able to select it from the menu. (If you need
to change the boot order in your BIOS,
consult your PC’s documentation.) You’ll
arrive at the desktop in live mode, where you
can double-click the installer icon on the
desktop to copy the distro to your hard drive.
System requirements are 512MB RAM
and 10GB hard drive space, but that’s
mainly for server usage, where you don’t
need graphics – on the desktop, it’s better
to have at least 1GB of RAM. If you need
any help with CentOS, or just want to learn
CentOS isn’t officially supported by Red Hat, more, there are heaps of resources on the
but RHEL docs are still applicable. distribution’s website at www.centos.org.
112 www.linuxvoice.com
� DVDPAGES
User-friendly installer for Arch
Manjaro 0.8.10 (32-bit)
The raw power of Arch Linux, with a slick front-end.
I
f you read our distro grout test in the flavour of Arch Linux designed to get you up
previous issue of Linux Voice, you’ll have and running as quickly as possible, providing
seen that Arch Linux won in various you with an attractive desktop environment
categories, including packages and and all of the usual goodness of Arch
documentation. Thanks to the Arch User (such as the mighty Pacman package
Repository, almost every piece of free and management system). Even if you’re a
open source software under the sun is long-time Arch user, Manjaro is still great for
available in Arch – and often in a much those times when you want to set up a new Manjaro has KDE and Openbox editions, but
more up-to-date form than in other distros. box with Arch and don’t have much time to we’ve gone for the speedy Xfce on the DVD.
The documentation on the wiki, meanwhile, spare. It sports a graphical installer based
is second to none, and it’s often supremely on Ubuntu’s, so getting it onto your hard we recommend that most users go with
useful even if you run an entirely different drive is a familiar process. the graphical one, as it’s based on Ubuntu’s
version of Linux. installer and is therefore well tested, but
So what’s the catch? Why isn’t the whole Pretty as a picture a text-mode alternative is also available
world running Arch? Well, there are a few The 32-bit version of Manjaro 0.8.10 is should you prefer it. The graphical installer
reasons, but perhaps the most notable is directly bootable from the Linux Voice DVD, gets you set up with just a few mouse
its learning curve. Arch Linux doesn’t hold so you don’t need to burn anything to a disc clicks, and you can of course install the
your hand, and it’s certainly not targeted or use a USB key. Just select it from the boot distro alongside another operating system
at completely new Linux users. It expects menu and you’re ready to go. After it loads, if you want a multi-boot machine. When the
you to read the documentation thoroughly, you’ll land at a neatly polished Xfce desktop, installation is done, shut down the live distro
and keep track of major changes to the which is accompanied by a bunch of familiar and remove the disc from your drive. You
underlying system. Because Arch is a rolling desktop applications. can now boot Manjaro directly from your
release distro, which means you get the This is running in live mode – ie straight hard drive. Enjoy!
latest software all the time (yay!), there are from the DVD – so it won’t touch anything If this is your first time in an Arch-based
occasional breakages as well (not so yay). on your hard drive until you tell it to. Live distro, we strongly recommend spending
But if you follow the right mailing lists, you distros are always useful for testing a some time on the wiki at https://wiki.
should be able to fix any glitches that occur machine’s Linux compatibility before archlinux.org. In particular, it’s worth reading
pretty swiftly. committing to an install, or for those times the Arch Way, FAQ and Pacman pages. It
Anyway, if you’ve been using Linux for when you’re forced to use a machine that might seem like a lot to go through, but
a while, you’re familiar with the command only has Windows installed, but you need a you’ll really grasp the design decisions
line and you’re tempted to try Arch, but quick Linux fix. behind Arch, and once you’ve mastered
you’ve always been put off by the lengthy If you like what you see and you’re Pacman, you’ll find it difficult to ever go back
beginner’s installation guide (see ready to install Manjaro to your hard drive, to another package management system.
http://tinyurl.com/archnewbs), Manjaro double-click the appropriate installer icon Arch can be a demanding beast, but it’s
is exactly what you need. It’s essentially a on the desktop. There are two installers: totally worth it in the end.
Elementary OS (32-bit)
Freya Beta 1 is here for your testing pleasure.
We’ve been following the progress of and selecting it from the menu. After a few
Elementary OS for a while: it’s one of the most moments you’ll arrive at the desktop, where
attractive and well presented distros we’ve you can explore the included software range
ever seen, with a special focus on usability (see especially the dock at the bottom of the
and having a core set of software for day-to- screen). Elementary showcases some of the
day computing. Many have argued that it apes best FOSS programs out there, but has some
Mac OS X too closely – but then, whether you home-brewed tools too.
like Apple or not, it’s hard to deny that the It’s important to note that this release is for
company doesn’t have a knack for spit-shine. testing and curious onlookers, and shouldn’t
You can try the Beta 1 snapshot of Freya, be installed on production machines. It
the upcoming Elementary OS release, by will have bugs and glitches – but it’s still Visit www.elementaryos.org for the full
booting your PC from the Linux Voice DVD fascinating to see in action. lowdown on this frill-laden distro.
www.linuxvoice.com 113
� /DEV/RANDOM/
Final thoughts, musings and reflections
Nick Veitch
was the original editor
of Linux Format, a
role he played until he Mac where I produce
got bored and went Ubuntu in dual-screen music and the Bad
to work at Canonical mode where I do much Voltage podcast.
instead. Splitter! of my work.
D
eveloping software can be hazardous. I
don’t mean the risks of RSI or health
problems associated with over-
caffeination. I mean receiving death threats. PS4 for some downtime
There has been a lot of media attention with Battlefield 4.
focussed on the threats to various people
My friends buy me lots of
involved in the games scene recently. From the I shuffle Bacon related gifts. This
coverage it would be easy to deduce that the playing cards in is my fave: Dave Bacon
internet is full of unpleasant teenage boys with meeting when I (I named him).
am thinking.
disturbing attitudes towards women.
However, the problem isn’t limited to games or
boys. There has been a growing incidence of this
sort of threatening behaviour, or at least of
people who have decided they are not going to
My Linux setup Jono Bacon
put up with it. Most recently, Seth Vargo, who
worked at cloud enabling software company
Chef (www.getchef.com) has quit, citing
unwanted death threats from the community as
The man at the helm of the Bad Voltage podcast, Xprize
one of the motivators. You can read his blog Foundation community chap and formerly Ubuntu person.
here: (https://sethvargo.com/leaving-chef).
In my day things were more personal – I got What version of Linux are you Red Hat, then Mandrake, a quick flirt with
death threats in the mail. These days threats can using at the moment? Corel Linux, then to Debian, and finally
be delivered in moments by hastily opened On my laptop I am running Ubuntu Ubuntu. I have never considered anything
dummy accounts. One problem with such and on the desktop machine, which else since Ubuntu.
behaviour is that it shuts down any reasonable I use for producing Bad Voltage as well as
discussion. An agent provocateur need only lob a recording music, I’m running What Free Software/open source
molotov of threats from within an otherwise Mac OS X. I also run Ubuntu on my can’t you live without?
sensible protest and everything becomes all CS servers. A few things; Firefox, Chromium,
gas and water cannon. When everyone is Gimp, Inkscape, and XChat on my
shouting, nobody is listening. What desktop do you prefer (as if laptop. On my servers I couldn’t live
Either people are going to need to grow up and we can’t guess)? without Wordpress and Discourse (and
realise that threatening behaviour never does My desktop of choice is Unity. I like their associated servers/databases).
their cause any good (unlikely) or at the very how it just gets out of my way
least, communities are going to need to be and lets me focus on my work. What do other people love but
managed better to make this sort of thing have you can’t get on with?
consequences. It seems impossible to do that What was the first Linux setup A bunch of people use KDE, and I
without some restrictions on web anonymity, you ever used? have tried, but it just doesn’t work
which seems like a high price to pay, but we also I started out with Slackware 96 back with my brain. This isn’t KDE’s fault, my
can’t expect developers to put up with threats. in 1998. I then moved over to using brain is stupid.
114 www.linuxvoice.com
�October 2014
��