Plaintext
HARDWARE: BUILD A PROXIMITY DETECTOR
116 PAGES February 2015
OF LINUX WEB DEVELOPMENT SOCIAL ENGINEERING SUPERCOMPUTING
LEARNING FIREFOX HACKING! GPU CODING
Write your own plugins How to trick people into Unleash the power of
for the #1 web browser giving up their passwords your graphics card
THE
FIGHT
FOR
FREEDOM
How Free Software began, where it’s
going and why it’s still important.
GEEKS LIKE TO THINK THAT THEY CAN IGNORE
POLITICS; YOU CAN LEAVE POLITICS ALONE,
BUT POLITICS WON’T LEAVE YOU ALONE.
34+ PAGES OF TUTORIALS
PREY Track your stolen laptop across the internet
THE LV PUB QUIZ Put your expanded neurons to the test
Februar y 2015 £5.99 Printed in the UK
WEB BROWSERS Find the swishest way to interact with the web
OUTLAWS’ LAST STAND EDUCATIONERISING
PODCASTS PICADEMY
Weep, for the Linux Teachers, welcome
Outlaws are no more to the world of geek
�� WELCOME
Everything is awesome
The February issue
Linux Voice is different.
Linux Voice is special.
Here’s why… GRAHAM MORRISON
A free software advocate
At the end of each financial and writer since the late
1
year we’ll give 50% of our 1990s, Graham is a lapsed
profits to a selection of KDE contributor and author
organisations that support free of the Meeq MIDI step
software, decided by a vote among sequencer.
our readers (that’s you).
L SUBSCRIBE
inux, open source and Free Software have all become hugely
No later than nine months successful. By and large, the coercive era of proprietary
2
after first publication, we will
relicense all of our content under
software is over. Many companies now look at open source
as a distinct advantage, because they easily understand the
ON PAGE 62
the Creative Commons CC-BY-SA freedoms it provides: hire a developer and build atop the shoulders
licence, so that old content can of giants. It also helps that the industry is brimming with incredible
still be useful, and can live on even talent (like you!), all of whom have cut their teeth on open source
after the magazine has come off and made it part of their DNA.
the shelves. But it’s important not to become complacent. In particular, the
technology industry of 2015 has very little in common with the
We’re a small company, so 1970s, when Richard Stallman was at MIT and formulating his
3
we don’t have a board of ideas. It reminds me of the famous George Santayana quote,
directors or a bunch of “Those who cannot remember the past are condemned to repeat
shareholders in the City of London it.” However, this is the best kind of challenge. Linux is in a
to keep happy. The only people dominant position because, I believe, it represents a simple truth:
that matter to us are the readers. sharing and building things is a lot of fun. As long as we keep
having fun doing what we love, its dominance will only grow.
THE LINUX VOICE TEAM Graham Morrison
Editor Graham Morrison Editor, Linux Voice
graham@linuxvoice.com
Deputy editor Andrew Gregory
What’s hot in LV#011
andrew@linuxvoice.com
Technical editor Ben Everard
ben@linuxvoice.com
Editor at large Mike Saunders
mike@linuxvoice.com
Games editor Liam Dawe
liam@linuxvoice.com
Creative director Stacey Black
stacey@linuxvoice.com
Malign puppetmaster Nick Veitch
nick@linuxvoice.com
Editorial contributors:
Chris Brown, Mark Crutch, Liam Dawe,
Josette Garcia, Juliet Kemp, John MAYANK SHARMA BEN EVERARD MIKE SAUNDERS
Lane, Vincent Mealing, Sharon Juliet continues to open up the Test out your Linux and open We cast some much-needed light
Mitchell, Simon Phipps, Les Pounder, fascinating world of early source knowledge with our epic on how the dark side of the
Mayank Sharma, Valentine Sinitsyn computing. This month she’s 80-question pub quiz, and send internet is harnessed with the
looking at mythical Cray. p96 us your scores! p28 Social-Engineer Toolkit p84
www.linuxvoice.com 3
� CONTENTS
February LV011
Happy Christmas/Burns Night/St David’s Day!
20 REGULARS
SUBSCRIBE News
06
ON PAGE 62 Debian has forked. FreeBSD
is $1m richer, and the Jolla
tablet is doing rather well.
08 Distrohopper
ReactOS, RebeccaBlackOS
and AV Linux, plus a look
back at Linux Mint 1.
10 Gaming
War, zombies and space, all
fictionalised, gamerised, and
brought to your Linux box.
12 Speak your brains
The fight for freedom Some kind words for our
creative commons efforts,
plus a note of disquiet.
Free Software isn’t just convenient and 16 LV on tour
Brought to you by SWAMPFest
cheap – here’s why it matters to everyone. (Swansea) and the Internet Of
Things (everywhere).
18 CloudStack
Brave Sir Graham bravely rides
42 to Budapest to meet vastly
important cloud people.
40 FAQ… ASM.JS
It’s JavaScript Jim, but not
as we know it – it’s a faster
Brian Behlendorf
embedded subset, aye!
56 Group test
Mozilla, the EFF, Barack Obama’s We spend so much time on
the web that we should really
election campaign and the find a decent browser.
Burning Man festival all owe a 62 Subscribe!
Will Tiny Tim have goose for
debt to this man. Say hello! Christmas? You decide! Also,
get a brilliant magazine!
64 Core technologies
Dr Brown interprets the
signals that processes send
to each other.
68 FOSSpicks
Freer than the bird that
Lynyrd Skynyrd sang about in
that song with the guitar solo.
110 Masterclass
Whether you’re a guru or a
28
PUB QUIZ 32 LINUX OUTLAWS 36
PICADEMY newbie, here’s how to encrypt
There are no material For years the Inside the Raspberry your files with Linux.
prizes – only the best airwaves were ruled Pi Foundation’s 114 My Linux desktop
prize of all, which by outlaws. Here’s a project to teach Linux Voice’s editor
Graham Morrison invites
is geeky pride. Your swearword-free recap teachers how to us into his synth paradise.
starter for 10… of their glory days. teach computing.
4 www.linuxvoice.com
�TUTORIALS REVIEWS
76 84
Social-Engineer Toolkit:
Steal data
Understand how the criminals Entroware Proteus
Déjà Dup: Backup
48
are trying to trick you. It’s lovely when companies
for everyone support Linux. It’s even better
88 when their wares are this good.
Protect yourself from data loss
apocalypse the easy way.
78
Linux 101: Emulate
Windows with Wine
Bring your old applications with
you when you move to Linux.
50 The Tor Browser
92 Anonymise your web traffic
the easy way with this US State
Arduino: Build a Department-endorsed browser.
proximity detector 51 Digikam 4.5.0
Use nearby objects to activate Manage large photo collections
many, many blinkenlights. Samba 4: Use Windows without Facebook, and add
filters without Instagram.
shares from Linux
82
Admins, rejoice: Samba now 52 Mastering Vim
works with Active Directory. Jedi master Damian Conway
will turn you into a master Vim
user. He’s scary, in a good way.
96
53 Firefox Developer Edition
Developer: are you frustrated
with the ever-moving target
that is Firefox? Yes? Try this!
Prey: Track down Olde Code: Seymour Cray Books Now with infinite battery
stolen hardware
54
and supercomputers life, high resolution and no
Keep tabs of your devices in the screen glare – books!
Emulate cutting-edge hardware
event of their purloinment. from the time of glam rock.
100
Firefox: 104
Code Ninja: 106
Program with
Code addons NoSQL databases your GPU
Add functions to Enhance your big Unleash your
the #1 browser. data project. graphics card.
www.linuxvoice.com 5
� ANALYSIS
NEWSANALYSIS
The Linux Voice view on what’s going on in the world of Free Software.
Opinion
Free or open?
Which is more important? The ethics of Free Software, or the pragmatism of open source?
Simon Phipps concrete set of criteria so that businesses stops delivering the pragmatic values. That’s
is president of the could know if they had permission in why “open core” software fails, for example.
Open Source Initiative
advance to collaborate, plus a term that Its focus on making the source available
and a board member
of the Open Rights could be used with business people that omits granting permission in advance to
Group and of Open did not instantly distract people from the collaborate on the whole software solution.
Source for America. real point. It fails to guarantee software freedom, and
For those with English as a first language, without it the pragmatic benefits of open
“free” invokes a narrative frame relating to source don’t materialise either. There are
price, and the concept of liberty can only plenty of other failure modes for Free and
T
here’s a decades-old discussion
hidden behind the terms “free “It’s important for every member of the community
software” and “open source” which
surprisingly still divides people even today. to realise that we’re part of a single movement.”
What’s at the root of the division? Should we
still be divided? be introduced by way of explanation. As Open Source Software – the argumentative
The Free Software Foundation was linguistic theorist George Lakoff explains, collective that insists on ideology; the
created by Richard Stallman to promote the once the narrative frame is set it’s nearly company-dominated project that denies
ethical imperative of Free Software. In the impossible to change it, so it’s better to start liberty to collaborators; the single-copyright-
late 1990s a group of experienced people a conversation with a term that invokes holder who changes the licence – and so on.
concluded that the term “free software” the correct frame – I prefer to speak of The dual imperative of adhering to the
was a problem in communicating the ideals “flexibility” – and then introduce other terms concept of software freedom as a reference
of software freedom, because the word later – I speak of “software freedom”. model while articulating and securing
“free” was too often associated with getting pragmatic benefits of a collaborative
something for nothing. We need flexibility development model is the only successful
To better promote the idea that the At first, Richard Stallman accepted the approach. In every case of failure, part of
benefits of software freedom relate to new term, but sadly a set of personality that dual imperative has been ignored.
flexibility and community, they decided to conflicts led to him rejecting it strongly,
coin a new term – “open source” – and start eventually even condemning use of the Open can also be free
a new organisation, OSI (the Open Source term “open source” as ethically bankrupt. I may be president of the OSI, but I am a
Initiative), to act as the steward of the OSD But the answer to my original question strong and persistent advocate of software
(Open Source Definition) and rule on which is that both terms matter, and neither is freedom. I don’t believe there’s any conflict in
copyright licences truly delivered software effective without the other. A focus on that, and neither do most of my good friends
freedom. ethics without pragmatics alienates many at the FSF. I believe it’s important for every
The people who coined this term were people by sounding “preachy”, while a focus member of the community, whether they
almost all advocates of software freedom on pragmatics without ethics drifts astray use the term “Free Software” or the term
as an ethical concept as well as of its over time and in the process of becoming “Open Source”, to realise we are all part of
pragmatic benefits. They just wanted a ethically bankrupt as Stallman asserts also a single movement, the software freedom
movement.
Neither ethics without pragmatics
“A focus on ethics without pragmatics alienates nor pragmatics without ethics actually
many people by sounding preachy.” deliver the software we need. Software
freedom does.
6 www.linuxvoice.com
� ANALYSIS
Gnome • FirefoxOS • Google • Debian forks! • Jolla • Money for FreeBSD
CATCHUP Summarised: the biggest news
stories from the last month
Groupon tries to nab Mozilla says adieu to Firefox OS comes to
1 Gnome trademark, fails 2 Google, Firefox to use 3 the Raspberry Pi
spectacularly Yahoo Search in future In other Mozilla news,
Online voucher seller Groupon decided Google and Mozilla have had a long FirefoxOS is being ported to everyone’s
to launch a new point-of-sale OS called running partnership, with much of favourite single-board computer. The
Gnome, and applied for trademarks, Firefox’s development funded by the developers would like to see the OS
thereby causing serious hassle for the search giant. But from December, reach “parity with Raspbian” in 2015.
desktop environment. So the Gnome Firefox will use Yahoo as its default http://tinyurl.com/ojde3yg
Foundation asked the community search engine, thanks to a new deal.
for financial help, raised $102,000 in It’s all about “promoting choice and
legal fees, and Groupon backed down. innovation” according to a bland
The moral of the story? Don’t let your buzzword-satured statement from
marketing department mess with Free Mozilla; more realistically, the company
Software communities – they can simply needs money to fund its
mobilise the troops damn quickly. browser, mobile OS and other projects.
Debian is forked: say FreeBSD receives $1m Microsoft open sources
4 hello to “Devuan” 5 donation from WhatsApp 6 .NET, go cross-platform
This happened just a few founder Jan Koum We’ve come a long way from
hours before we went to press, so it’s Happy days for the FreeBSD Steve Ballmer’s “Linux is a cancer”
too soon to tell whether it’s a serious Foundation: the CEO and co-founder of slurs from the last decade. Microsoft
effort or an elaborate troll, but a new the WhatsApp messaging service has has announced that it’s open sourcing
website has been set up at donated $1m to the project. “FreeBSD the full server-side .NET stack, and
http://devuan.org which aims to create helped to lift me out of poverty”, “expanding it to run on the Linux and
a spin-off of Debian without Systemd. explained Koum, describing how access Mac OS platforms”. This could help
Devuan aims to “protect the freedom of to a no-cost and robust Unix flavour developers who’ve had headaches
its community of developers and users”, helped him to get a job at Yahoo and using Mono in the past, and the source
and also “preserve Init freedom”. This is build a career. “We’ll all benefit if code will be uploaded to https://github.
a mammoth undertaking, but if it’s real, FreeBSD can continue to give people com/Microsoft/dotnet. We’re still
it’s good to see some proper work and the same opportunity it gave me, and cautious about the company, but it’s a
not just flame wars on forums. help more startups”, he added. welcome move nonetheless.
Huge success for Jolla’s Debian Systemd dev quits
7 crowdfunded tablet 8 after flamewar burnout
Smartphone maker This is rather sad. Tollef
Jolla, founded in 2011 by ex-Nokia Food Heen, a Debian developer who
employees, has decided to take on the maintained Systemd in the distro,
tablet market. The company went to has stepped back from his role after
Indiegogo to ask for $380,000 – but receiving a huge amount of flak for
at the time of writing, with still 12 days his work. “The load of the continued
left to go in the campaign, almost attacks is just becoming too much”, he
$1.3m had been raised. The tablet will said on a Debian mailing list, and later
run the Linux kernel-based Sailfish OS, remarked that conspiracy theories (that
and be equipped with a 1.8GHz quad- Red Hat was forcing every distro to use
core Intel chip, 2GB of RAM and 32GB Systemd) were also making him glum.
storage. The expected retail price is Hopefully someone else will step up
$249, and it goes on-sale in May 2015. and not get flamed at every turn.
www.linuxvoice.com 7
� DISTROHOPPER
DISTROHOPPER
Our pick of the latest releases will whet your appetite for new Linux distributions.
ReactOS
Like Windows, but open.
O
K, this isn’t Linux – it’s not even
based on Unix – but it is a free
operating system that you can try
out. ReactOS is a clone of the Windows NT
kernel used in Windows XP, and some of the
API. This means that in theory, you should
be able to use ReactOS just like a Windows
system: install the same drivers, run the
same software, etc. However, in practice, the
implementation is not complete enough to
allow you to do this. You can run the simple
tools that come with the OS, but not much
else. Wine offers a much better chance of
being able to run Windows software without
a full Windows install. Even though Wine and
ReactOS share code, Wine has a much Don’t tell Linus we said this, but some games just don’t look right when running on Linux.
better success rate.
This is a shame, because if the team had Just because a project isn’t mainstream, Minesweeper, the game that killed millions of
been able to create a fully working system that doesn’t mean it’s not interesting. man-hours worth of office-worker time in
by the time Microsoft stopped support for Booting up ReactOS feels like taking a trip the last years of the previous millennium.
Windows XP, they may have found many back in time – its visual style probably has Perhaps it’s not the best reason to get a new
new users. As it is, the project might have more in common with Windows 95 and 98 OS, but for us, this dose of nostalgia made it
missed its chance to become mainstream. than XP. ReactOS does, of course, have worth booting up a virtual machine.
AV Linux
The distro of choice for media creators.
A
V stands for Audio Video, and this is This distro is probably better known for
a distro built for creating music and audio production than video editing.
videos. It’s jam-packed with However, it is probably the best distribution
software to help you do this – both free and of Linux for either task. There are also some
commercial, but this isn’t simply a distro useful tools for image editing, but it doesn’t
created by installing particular packages on stand out as significantly better than other
a base system. AV Linux not only curates distros in this area. Fear not the configuration of PulseAudio, for it
the software, but also the configuration of If you’re fed up of struggling to get a has been done already.
the underlying Debian build. Much of the decent audio setup on Linux, AV Linux is for
software – including the kernel itself – is you. It’s also great if you want to discover AV Linux also stands out because of its
built specially for AV Linux, and this is what the best audio or video software without excellent documentation. You’ll find several
makes the distro special. The result is a having the hassle of configuring the sound manuals as PDF files on the desktop to
system that’s less flexible than raw Debian, setup to make it work, and it uses the guide you through most things, and help you
but far more suited to content creation. intuitive, smart Xfce desktop. understand how AV Linux works.
8 www.linuxvoice.com
� DISTROHOPPER
RebeccaBlackOS
Friday, Friday … we’ll stop there.
Y
es, this distro really is about the teen
popstar who was briefly famous for
the song ‘Friday’. No, that doesn’t
mean you can discount it as an
uninteresting distro. Despite its (let’s be
polite and say) unusual inspiration,
RebeccaBlackOS (RBOS) has been
pioneering Wayland on desktop Linux.
Wayland – the next-generation graphics
server that should replace X Windows on
almost every Linux distribution other than
Ubuntu – has been around for quite some
time, and is already in use on Jolla phones
and some smart TVs. However, there are
currently very few ways of trying it out on
desktop Linux, and the RBOS live CD is by far
the easiest (the second easiest is through
Maynard on a Raspberry Pi: https://github.
com/raspberrypi/maynard/wiki). If you can look past the artwork, RebeccaBlackOS is the best way of trying out Wayland.
If you’re anything like us, you’ll have heard
so much about how Wayland is the future of
Linux that you’ll be itching to try it and find get a good idea about how each of them are display server running. Although it lacks
out what the fuss is about. RBOS is the working. Perhaps the most impressive thing much polish, it does seem to handle basic
solution to this problem. It’s got quite a about RebeccaBlackOS is just how normal it computing tasks without any problems,
range of software using the Qt, GTK and EDL is. OK, the graphics are a little odd, but that’s and this bodes well for the future of Linux
(Enlightenment) widget toolkits, so you can a small issue compared to getting the on the desktop.
Linux Mint 1 (Ada) Linux Mint has changed the nature of desktop Linux, but how did it start?
We’re starting a new historical section to Distrohopper, where we
look back at major releases of yesteryear. The first one to get dug
up and dusted off is Linux Mint 1, aka Ada. Technically, this version
never made it out of Beta (2.0 was the first stable version of Mint).
However, it was with this unstable version that the journey began.
KDE version 3.5 greeted us after we booted Linux Mint 1. This
came as a bit of a surprise, because Mint is most famous for its
Gnome versions (and later Mate and Cinnamon). However, Mint
made the switch to GTK with version 2.
For the most part, it’s a fairly standard KDE desktop for the time.
KOffice took up office duties, Konqueror served as a file manager,
and all the other usual tools that begin with K are in their usual
place. Outside of the KDE suite, Firefox 1.5 serves as web browser,
and Gimp 2.2 takes up image editing duties.
On the whole, it doesn’t feel too dated, despite being eight
years old. The biggest things that stand out graphically are the lack
of anti-aliased fonts and the inability of the ancient version of
Firefox to render any modern web page. The use of floppy disk
images on the install icon is another clue that this isn’t from the
current decade.
Linux Mint became known as one of the best-looking distros, so
it’s surprising to see such a graphical faux pas as an RSS reader
along the full width of the screen under the taskbar. It’s quite
impressive though that the two RSS feeds picked back in 2006 still
work (OSNews and Distrowatch).
Clem (the founder of Linux Mint) talks about the early releases
in a blog post at: http://segfault.linuxmint.com/2014/01/
ada-barbara-bea-bianca-and-cassandra. Why oh why is that RSS feed there?
www.linuxvoice.com 9
� GAMING ON LINUX
GAMING ON LINUX
The tastiest brain candy to relax those tired neurons
ALEA JACTA EST
War Thunder
Linux finally has another good quality MMO.
W
ar Thunder is a completely free-to-play
massively multiplayer online (MMO)
game, which is one of its main draws.
However, free-to-play games often turn into what
people call “pay 2 win”, meaning people who put
real money into it for extras gain the upper hand.
Thankfully that’s not quite the case here.
Liam Dawe is our Games Editor and
the founder of gamingonlinux.com, War Thunder is a mixture of intense aeroplane
the home of Tux gaming on the web. and land-based tank battles. You don’t have to
spend a penny to get any enjoyment out of it
L
inux Gaming seems to be based on our testing. If you enjoy flying around as the aeroplanes are very easy to control and it
stronger than ever, but a smashing other human players out of the sky, makes flying a real pleasure.
question that has been
then this is the game you have been waiting for. There are masses of planes and tanks to
plaguing us recently is; will we ever
hit over 2% market share for gamers? There’s no launcher just yet, so if you choose from and, as you play more games, you
We have all genres of games now download it directly from Gaijin Entertainment’s unlock different nations each with their own set
gracing our platform, but the uptake website, it’s advisable to run it in your terminal to of units for you to try out.
doesn’t seem to be going anywhere watch the progress. The download is actually an The game can be quite overwhelming at the
just yet.
updater you need to run, which downloads the start, due to the underwhelming tutorial, which
We have Valve singing our praises
to developers, and GOG supporting us rest of the game. The game is also on Steam, so only really teaches you the basics of flight and
with some classic games to help getting it there does make it easier. combat, and doesn’t explain much about the
build up our back catalogue as well, Even with the excellent graphics, the research and unlocking of new vehicles.
and many other smaller stores are performance of the game is stellar too, so overall
also now supporting Linux.
the Linux port does seem very well done. The Developer Gaijin Entertainment Release Date
Until the day your average Joe 6 November 2014 Website http://warthunder.com
(sorry Joe, but you’re not very tech control system is one of the best things about it
smart!) can walk into their local PC
store and have Linux thrust in their
face the same way Windows is, it’s Don’t blame us if you get
possible our day will never come. addicted – War Thunder is quite
We’ve had a few small the time sink.
breakthroughs recently, with games
like Football Manager having a Linux
icon directly on the games box, and
even on their big posters at game
stores around the world. It may be
small, but getting the Linux icon out
there in major stores may cause more
people to find out what it is. Never
underestimate the small things.
We also need people to make sure
they only buy Linux games once the
Linux version is available; all too
often we see people getting burned
by developers who promise a Linux
version, and then it never comes. This
is a repeating problem, and one we
should avoid creating for ourselves.
What are your thoughts? Do you
agree with us, or do you think we are
“If you enjoy flying around smashing other players out
completely off the mark here? of the sky, this is the game you have been waiting for.”
10 www.linuxvoice.com
� GAMING ON LINUX
Icewind Dale: Enhanced Edition ALSO RELEASED…
A crime for RPG fans to pass up.
I
cewind Dale is probably a name a One of the best features of the new
lot of our older readers remember edition is the ability to play co-operative
as it originally came out in 2000. with your friends across Linux, Mac &
Thankfully some developers do go back Windows online. One thing that hasn’t
to older games and bring them to newer changed is the graphics; they’re still low
game engines to support not just newer resolution compared to today’s games,
computers, but better operating systems and it looks a little dated. Luckily though,
like Linux too. part of the upgrade included making it fit Interstellar Marines
It’s a role playing game from a top- nicely on high screen resolutions. Interstellar Marines, the great looking first
down perspective, so it doesn’t change Fans of games like Baldur’s Gate and person shooter, has been updated a few times
any of the main features of the original other 2D RPG’s will fall in love with it. recently and it now includes some excellent
release, but merely cleans it up for modern co-op action against evil robots.
One of the new game modes sees you
gaming. It does however include new frantically trying to turn the power back on in
content, like new spells, items, armour Developer Beamdog Release Date 30 October different sections of the map, but those pesky
2014 Website http://icewinddale.com
and weapons. robots are waiting for you in the dark, and it
gets a bit jumpy.
http://store.steampowered.com/app/236370
A party-based RPG,
no lone wolves here.
Double Action
Have you ever wanted to shoot someone while
smashing through a skyscraper window?
Dead Island Double Action has you covered! It’s an
over-the-top, points-based shooter than can be
played in first or third person, and it’s hilarious.
Get ready for the zombie apocalypse. It’s completely free, with zero features to
D
pay for, now that’s what we like to see!
o you love zombies? Good, as http://store.steampowered.com/app/317360
Dead Island has them in spades.
This highly popular zombie
smashing RPG isn’t your conventional
zombie game either, as the main focus of
it is the melee combat.
It’s aimed at a mature audience, so
we wouldn’t go putting it on while you
have any younger members of your
family running around as it’s pretty much easy. If you’re getting stuck, then why not
guaranteed to give them nightmares. team up with another friendly penguin
Unlike Left 4 Dead from Valve, Dead gamer? Dead Island also includes co-op
Transistor
Island is an “open world” zombie game, so play for up to four people at a time. If you’re in the market for a beautiful and fun
you don’t have defined paths to follow; you The Linux port isn’t without issues action RPG in a sci-fi world then you should
can go wherever you see fit to find gear, though, if you find the graphics look like stop here. Transistor is the next game from the
smash zombies and complete quests. they are in a very low colour mode, try creators of Bastion, and with “overwhelmingly
The game gets quite intense at turning down the gamma. positive” reviews on Steam, you can’t pass it
up. Encouragingly, the graphics are just as
times, especially if you manage to get stylish as Bastion. Enjoy!
surrounded, and, as ammunition is a tight Developer Techland Release Date 24 October http://store.steampowered.com/app/237930
resource, a lot of the time you really do 2014 Website http://store.steampowered.com/
app/91310
need to use a melee weapon, which is not
www.linuxvoice.com 11
� MAIL
YOUR LETTERS
Got something to say? An idea for a new magazine feature?
Or a great discovery? Email us: letters@linuxvoice.com
LINUX VOICE STAR LETTER
THAT’S NUMBERWANG
Mathematica [reviewed in beginner’s guide to using it.
LV007] is nice, but there are Sage is very good and the
several FOSS alternatives. plotting worked better than
Octave was recently reviewed GNU Plot on my machine, but
in another publication, which I know I am going to need
got me interested as I’ve geometry, which led to another
succeeded in getting my search and the discovery of
mentee enrolled in computer GeoGebra [www.geogebra.org].
engineering at university and GeoGebra is relatively new
now find myself helping with and absolutely wonderful.
homework, prompting me to Perhaps you could do a
review my college math books comparison of the leading
and note that we’ve moved on FOSS computer-aided math
a bit from the days of hand- applications in a future edition
cranked desk calculators, slide of Linux Voice. Whatever the relative merits of Mathematica, a basic version of it now
rules, and books of tables. Andrew Shead. comes free of charge as part of Raspbian.
Octave is powerful, but not
the best choice for analytical Ben says: As I said in the review, have their own shortcomings. modules), although this also has
or symbolic math. I tried the idea of coding in a proprietary Personally, my language of its limitations. This does sound
Maxima, which is in the Mint environment deeply troubles choice for mathematical like an area ripe for comparison.
repository, but changed me. The software you mention computation is Python (with We’ll look into it for a future issue
to Sage because I found a are all good choices, but they all NumPy, SciPy and other of Linux Voice.
RELENTLESS CHEERINESS
Still loving the magazine, thanks wife is obsessed with line-drying
for the i3 tutorial – it was just what clothes in the depths of winter so I
I need at the moment. I have two would get major brownie points if I
suggestions for the magazine. could build something that let her
Firstly, although the gaming know if it rained. Maybe you could
section is welcome and a good even cover serving requests on a
read I wonder if it’s time for it web server so others nearby could
to become a bit more critical? access the same information?
As the gaming on Linux scene Take the British obsession with the
matures we are being asked to weather and Linux-ify it.
pay upwards of £30 for some of Keep up the great work.
If ever we come across
the games and it would be nice to Chris Beeley, Nottingham in-depth review, and as such we don’t
a big name title that’s
know more about whether they will feel there’s any point including stuff robbing people blind,
repay the investment. Andrew says: The gaming section that’s rubbish. As for a Pi weather we’ll let you know.
Secondly, a plea for a rain- is really there to provide a snapshot station, I want one too. Clothes dried
detection Raspberry Pi tutorial. My of what’s going on, rather than an outside always feel much fresher.
12 www.linuxvoice.com
� MAIL
TOO EASY? TOO HARD?
Whatever the subject, be on KDE desktops; they do not
it computers, astronomy, appear to work on Ubuntu’s Unity
mathematics etc, there is a desktop). Whilst I have no doubt
tendency for those who know the that your instructions are far
subject well to forget how easy it more comprehensive and cover
is to confuse or ‘scare off’ those more situations, not all of us are
of us who are new to the subject, yet ready for your ‘Masterclass’
and in this case, your excellent approach. Please do not forget
magazine. If someone asked that we ‘refugees from Windows’
me, as a novice, how to copy a need to start at the easy end of the
DVD, I would tell them that I used Linux subject.
Kubuntu 12.04, which contains
There are many ways
the K3b burning software as Andrew says: Hmmm. The point B. That said, the balance has
to skin a cat in Linux;
standard , and installed K9Copy masterclass section, by definition, tipped away from new users in recent sometimes the most
from the software store. This is meant to provide an exhaustive issues, and we’ll have an opportunity reliable way isn’t the
allowed a 7.9GB protected DVD examination of a particular to address that soon. Out of interest, easiest.
to be shrunk down to 4.2GB application, and so it’s never going to is there anything that you’d like a
and burned onto a blank DVD. be aimed at anyone who just wants beginners’ guide to? Let us know and
(K9Copy & K3b only work together to get from metaphorical point A to we’ll do our best to provide one.
PANIC AND FREAK OUT!
So, Symantec has discovered a computers?
new computer virus thing called David Watson, Melbournes
Regin, and it’s going to kill us all in
our beds, or something. I looked on Mike says: You’re absolutely right
the BBC, Sydney Morning Herald David, and I tried to get in touch with
and Symantec’s own website and the BBC’s Rory Cellan-Jones to let
apparently this latest doomsday him know about this oft-repeated
virus affects “computers”. I have error. At least, I hope it’s an error: the
a computer! Should I be worried? cynic might suggest that the BBC et
Or is it actually more likely that al are afraid of angering Microsoft
this, like all them seem to be, is by suggesting that it bears any
just a Windows virus and the culpability for the holes in its security,
media either doesn’t know or is and instead is hedging its bets by
too craven to make the distinction using the vague (but still accurate) Far be it from us to illustrate the concept of a computer windows
that Windows computers ≠ all term “computer virus”. virus with a lazy stock photo search for the term ‘computer virus’.
www.linuxvoice.com 13
� MAIL
CALM DOWN DEAR!
As a long time listener to your a bullying culture about it now that
podcast (and as a listener to I don’t like.
TuxRadar before then) I’ve laughed
along with you on many occasions Andrew says: Two things: yes, you’re
about the dafteries that free right. Technical criticism is one thing;
software throws up. But I’m a personal abuse is quite another, and
bit concerned over the Systemd (apart from anything else) must be
argument that’s raging on and pretty alienating for anyone looking
that you’ve touched on recently at free software from the outside in.
in the podcast. I must admit that But the other thing is that the pond
I don’t understand the technical life who are harassing the Systemd
arguments (though I trust the developers are representative only of
Debian people, so if they’re happy themselves.
with it, I’m happy with it). But the There are many, many people who
level of personal invective that’s contribute to free software, so the
been levelled at Lennart Poettering law of averages suggests that some
[the developer of Systemd] is of those people will be idiots. But
on another level entirely, and is they are only a minority. Actually,
making me rethink the reasons they’re more than that; they’re a vocal
that I got involved in the first minority, and like all vocal minorities,
place. I thought free software was they shout louder than the rest.
supposed to be about inclusivity; Everyone has a different opinion, but
instead it seems that there’s a as far as I can see the best thing to do This man does not deserve the hate he gets online. Trolls, stop it!
nasty element taking over. There’s is ignore them. Image: Ramkrsna CC BY-SA 2.0.
FREEEEEEEDOM!
I just wanted to get in touch to say a big
well done on releasing issue 1 as Creative
Commons CC-BY-SA. I subscribed when
you launched before Christmas 2013 partly
because I trusted your reputation from your old
magazine, but what really grabbed me was your
commitment to release your content free to the
community. I’ve been looking forward to the
day when you relicensed issue 1, and now you
have I’m so happy I subscribed. You’ve done
everything I wanted you to, and I’m really glad I
backed you. Well done!
Marco Pahl
Graham Says: Modesty forbids me from bragging,
but I do think we’ve done a brilliant job in such
a short time. I’m especially proud of our giving
content away under CC-BY-SA as well; it means
that, as well as feeding our families, Linux Voice is
producing something of value to society, and that’s
a really lovely feeling. Thanks a million for your
warm wishes.
Issue 1 of Linux Voice is now free as in beer and
speech from www.linuxvoice.com/download-
linux-voice-issue-1-with-audio. Take it, share it,
download it, change it, remix it, do whatever as
long as you credit us, and we really do hope that it’s
useful to you.
14
� MAIL
Email andrew@linuxvoice.com to advertise here
www.linuxvoice.com 15
� LUGS ON TOUR
LUGS ON TOUR
Perl and the Internet of Things at the
London Perl Workshop (LPW)
Josette Garcia treads London’s gold-paved streets to touch the internet of things.
S
urprise! LPW took place on knowledge from a wide variety
8 November – a few weeks of sources. If you use another
earlier than previous years. programming language or system
Otherwise it followed the same to connect physical and virtual
pattern – Westminster University devices together and want to
during the day and pub in the submit or attend the event then we
evening. 250 Perl mongers made it would be honoured to welcome
to London on a very damp morning you. If you are connected to a UK
to listen to the latest news and Hackspace and wish to attend
projects in Perl. The attendees had and display then please approach
to make very quick choices as the the organisers with ideas of your
day was split into four tracks plus requirements.”
two workshops – 54 talks or 28 This year the theme for the
hours’ worth! London Perl Workshop was Perl
Tickets to LPW are pay what you and the Internet of Things, focusing
want, so nobody is barred from on using Perl to control a wide
attending, and the workshops variety of connected devices or the The Perl mongers to use Perl and some inexpensive
came from all over the
are completely free. In his call web. This theme brought a variety sensors to track your house’s
world, including the
for papers Mark Keating from of very talks and workshops: USA, Germany, Japan, power consumption (and
Shadowcat Systems shows how Hakim Cassimaly (aka Ukraine and Romania. generation, if you have solar
unrestricted the conference is: Osfameron) – Arduino and Perl panels).
“We welcome the submission of (4hr workshop). Matt S Trout announced that
talks, discussions, presentations Dave Cross (aka Daveorg) – Perl DX, his logic programming system
and workshops using other in the Internet of things (2hr for configuration and deployment
languages, or that have separate workshop). management appears to work
technical or engineering objectives. Mike Whitaker (Penfold) – Perl well enough to try and use for
The strength in developing is and the green Mill House or how something, and that in the name
of maximising dogfooding the first
something will be a CPAN client.
I overheard that Larry Wall will
give a big presentation at FOSDEM
about Perl 6; maybe he’ll even
mention a date on which the whole
team will aim to have Perl 6.0.0.
ready for release. Prepare to be
delightfully surprised!
TELL US ABOUT YOUR LUG!
We want to know more about your
LUG or hackspace, so please write
to us at lugs@linuxvoice.com and
we might send one of our roving
reporters to your next LUG meeting
16 www.linuxvoice.com
� LUGS NEWS
SWAMPFest 2014
Sharon Mitchell reports from Swansea Hackspace’s event in honour of EU code week.
W
e were delighted to play levels; around a third of the
host to 108 ticket attendees were under 16 years old.
holders, who attended The event itself was spread over
for the first ever SWAMPFest held three floors of the TechHub, with Pi
on Saturday 11 October 2014. Cymru, Digital Volunteers, and
The event was conceived to mark Carmarthen Coder Dojo sharing a
the start of EU Code Week, and large room on the first floor for their
forge a strong partnership between all-day drop-in workshops; Pi
Swansea Hackspace, SWLUG, Pi Cymru’s DIY banana piano project
Cymru, and Carmarthen Coder Dojo was a huge crowd pleaser, and of the Hackspace for members to As part of SWAMPFest,
Carmarthen Coder Dojo
– the fact that the event coincided course the Minecraft and Lego review/workshop. In keeping with
ran Raspberry Pi based
with the Hackspace’s First helped entertain the little ones. the Event’s ‘maker’ theme, The
Scratch workshops and
Anniversary is purely coincidental ;) The second floor featured the Lurcher Gallery from Carmarthen featured Raspberry Pi-
Later in the planning process, main staging area for the speakers/ were in attendance, showcasing and Arduino-controlled
digital volunteers were recruited to talks together with a retail/ their “Recycling creativity with a robotics.
provide Minecraft and Lego exhibition area. Swansea Steampunk theme”. You can find
workshops on the day. Hackspace had a table featuring their Steampunk’d Nerf guns on
The day was well attended by member-made projects; Colin Etsy shop “Spart1cus”.
male and female, young and old. It Deady (Ethical Websites/The Mag Floor 4 is the current permanent
was great to see wheelchair and Pi) had a stall and gave a talk; home of Swansea Hackspace,
pushchair users being able to Representing Code Club was Wales whose members provided a
access the venue (TechHub Regional Coordinator Craig Thomas day-long programme of short taster
Swansea) and to see parents and Maplin’s Swansea branch were workshops. These were really
feeling it was something they could in attendance. Those lads didn’t popular with the attendees and
bring their young children along to arrive empty handed to the party massively over-subscribed.
with plenty of workshops catering either – Maplin has very generously Now to have a break before we
for all ages, tastes and aptitude loaned some fantastic new kit to plan the next – see you in 2015!
www.linuxvoice.com 17
� SHOW REPORT CLOUDSTACK COLLABORATION CONFERENCE EUROPE
The Apache Software Foundation celebrated its
fifteenth anniversary while we were in attendance.
CloudStack
Collaboration
Conference Europe
The Linux Foundation and the Apache Software
Foundation join forces in Budapest.
D
espite containing the word ‘cloud’, CloudStack ‘top-level’ projects, alongside its famous HTTP web
has much more in common with a typical server, OpenOffice, Hadoop, SpamAssassin,
open source project than the world of big Subversion and many others.
budget cloud hyperbole. It’s a collection of software CloudStack offers ‘infrastructure as a service’. That
and a management interface that was at one time means it manages and deploys the virtual machines
commercial and then become known as Cloud.com. that run yours or your customer’s operating systems,
Cloud.com began a transition to GPLv3 in May 2010 and eventually, services and software. It also
which was completed later in 2011 after Cloud.com manages and dynamically deploys the resources
was bought by Citrix, the large US-based server/ needed by those machines such as storage and
networking company. The entire project was then virtual networking. Cloud vendors like to call this
donated to the Apache Software Foundation and ‘orchestration’, and CloudStack does all of this by
successfully progressed through its incubator harnessing lots of different open source tools, such as
program before becoming a fully fledged part of the Hadoop Distributed File System, the Mesos
Apache project. CloudStack is now one of Apache’s distributed systems kernel, the Cassandra database
18 www.linuxvoice.com
� CLOUDSTACK COLLABORATION CONFERENCE EUROPE SHOW REPORT
and the Spark cluster computing engine. It’s no A subscription to our magazine
coincidence that all of these projects happen to fall was won by Michael Ducy, Global
under the auspices of the Apache Software Partner Evangelist at Chef. Let us
know what you think, Michael!
Foundation, so it’s a natural fit.
It’s also a stack of components that’s often
compared to OpenStack, the dominant platform for
open source clouds. Both projects are IaaS solutions
and both are used by a wide variety of companies. But
they’re quite different in implementation, community
and marketing budgets. CloudStack suffers from the Giles Sirett is both the CEO of
latter in particular, especially as the Apache Software ShapeBlue, the largest independent
Foundation is mostly run by volunteers. OpenStack, integrator of Cloudstack, and a member
by comparison, famously had both NASA and of the Project Management Committee
at Apache CloudStack
Rackspace as initial investors.
“Certainly, it has ramifications,” we were told by
David Nalley, when we asked about marketing
budgets. “In some ways, it’s letting the market decide,
it’s letting the project decide, but not necessarily with
the Apache Foundation’s financial strength behind
any given project.”
David is both a CloudStack committer and a Budapest: home of the
member of the Apache Software Foundation, as are CloudStack Collaboration
many of the attendees here. His honest appraisal on Conference and thousands
the differences between how both projects are of protesters fighting against
marketed is a great indicator for what this conference, an insane internet tax.
and this community, is like.
“If you want to have a voice in where a project’s
going, you have to be doing something,” he later said,
”And the only people who have a voice are the people
who have earned the seat at the table.”
As we were told in the keynotes, “it’s about users Apache Foundation, and respect for its governance
being developers,” and this must have been why the model, is seen as a badge of honour for the many of
conference was a relatively informal, collaborative, the CloudStack people we spoke to and that has
developer-centric gathering of geeks and geek-related resulted in a project that isn’t run by a limited number
enterprises, where the of vendors, and
“People don’t know that a good
hotel’s corridors are offers far greater
considered a central diversity.
track and where its percentage of the world’s public Throughout 2014,
people care more about
clouds are delivered by CloudStack.”
there were
providing a genuine 32,000+ unique
open alternative than downloads from
whether there was a marketing budget. 140 different countries. The historically Citrix-oriented
Xen hypervisor shares dominance with KVM (34% to
Community meets enterprise 31%), with CentOS being the most popular host (58%),
Remarkably, and completely in contrast to our followed by Ubuntu/Debian (26%) and Red Hat
experience, that seemed to be the prevailing attitude Enterprise (11%). OpenStack, by comparison, is
from companies in attendance too. When we spoke to apparently 95% KVM running on Ubuntu.
Giles Sirett, for example, CEO of ShapeBlue, the largest CloudStack is also being used by companies as
independent integrator of Cloudstack, his earnestness varied as Farmville’s Zynga, BT and ‘a very large
sounded familiar. satellite broadcaster,’ with the biggest deployments
“People don’t know that 75% of the world’s websites remaining private. There’s a smaller range in the size of
are delivered by Apache’s web server and people don’t deployment, though, with the a third of private cloud’s
really know that a good percentage of the world’s running small 1–50 instances and another third
public clouds are delivered by CloudStack – because running 100–500. But there are still some 3% with
it’s boring plumbing and it should be boring plumbing,” more than 10,000 instances, so CloudStack can scale.
he told us. In CloudStack, we’ve found a genuine open source
It’s obvious that a lot of Apache philosophy project and that realisation has surprising
has gone into CloudStack since its migration from consequences; not since Eucalyptus was bundled with
Cloud.com, and that’s something you can’t easily Ubuntu server have we wanted to start playing with
learn without being here. The custodianship of The cloud installations and wanting to write about it.
www.linuxvoice.com 19
� THE FIGHT
FREEDOM
FOR
Free Software isn’t just
about getting shiny new
programs for no cash –
it’s part of a much larger
social movement.
Mike Saunders and
Graham Morrison
explore the history
and future of FOSS.
T
here’s a problem with the word ‘free’. Software didn’t just pop up as an idea one day, as a
Specifically, it can refer to something that “wouldn’t it be cool” notion from some hackers in a
costs no money, or something that isn’t held pub. The principles behind Free Software go back to
down by restrictions – in other words, something the early days of computing, and many people have
that has liberty. This difference is crucial when we fought long and hard to protect freedom in
talk about software, because free (as in cost) computing, even when all hope looked lost.
software doesn’t necessarily give you freedom. So this issue we want to delve deep into the world
There are plenty of no-cost applications out there of Free Software: where exactly did it come from,
that spy on you, steal your data, and try to lock you why is it important, and what challenges are ahead.
in to specific file formats. And you certainly can’t get We also look at the differences in licences, one of
the source code to them. the thorniest issues in FOSS, especially when people
To make the distinction clearer, many people refer have different definitions of “free”. But let’s start by
to free (as in liberty) software as a proper noun: Free going back to the early days of computing, when the
Software. But it’s important to note that Free world was a simpler, happier place...
20 www.linuxvoice.com
� THE FIGHT FOR FREEDOM
FREEDOMFREEDOM
FOSS before there was FOSS
Free Software goes back to the 1950s – it just didn’t have a name back then.
T
he idea of releasing software as
binary-only executables, without
FREEDOM access to the source code that
generated them, is relatively new. Yes,
FREEDOM
commercial software has existed for several
decades, but back in the 50s and 60s, as
mainframe computers started finding their
way into businesses and universities, it was
FREEDOM
completely normal to get source code with a
machine or software package.
Take the UNIVAC 1, the second
commercial computer produced in the US:
FREEDOM
its A-2 compiler was supplied with source
code, and customers were encouraged to
FREEDOM
send their modifications back to UNIVAC.
This is FOSS just as we know it, but back in
1953! And it made absolute sense, because
improved code was better for users, for
the computer makers, and for everyone
FREEDOM
FREEDOM
else who needed data generated by those
enormous machines. Richard Stallman started the Free Software movement not just to make low-cost programs, but to
So this was the norm at the time, and encourage sharing and benefit the world. (Image: Richard Stallman CC-BY-ND, https://stallman.org/photos)
there are plenty of other examples, such as
IBM distributing operating system source in order to access the source code, he had other attempts by companies to eliminate
code with its mainframes. When Richard to sign a non-disclosure agreement, which collaboration and sharing. In 1983, Stallman
Stallman joined the AI Lab of MIT (the essentially prohibited him from sharing his created GNU (GNU’s Not Unix), a new
Massachusetts Institute of Technology) in improvements with his co-workers. What operating system with a Unix-like design,
1971, source code was everywhere: “Sharing kind of a world was this becoming, where for everyone to share. The announcement
of software was not limited to our particular companies deliberately try to stop you from is one of the most famous Usenet posts in
community; it is as old as computers, just as helping your fellow man? Why set hackers internet history: www.gnu.org/gnu/initial-
FREEDOM
sharing of recipes is as old as cooking. But announcement.html.
we did it more than most.”
But the times were changing. Companies FREEDOM
“Why set hackers against each GNU alone wouldn’t save the
software community, though.
other, when they could work
FREEDOM
started to see software as commercially Stallman also founded the
viable products, and not just handy things
to bundle with hardware. Stallman saw
together to make a better world?” Free Software Foundation,
and created the GNU General
this happening at MIT, where more and
FREEDOM Publish Licence, which
FREEDOM
more computers were being supplied with against each other, when they could work described software freedom in legal terms
proprietary (closed) operating systems. He together to make a better world? and prevented anyone from taking his work
saw his beloved community of hackers, So a deeply despondent Stallman had a and locking it up in proprietary software.
engineers and sharers being destroyed. choice. He could either choose to leave the By 1991, much of the GNU system was
The straw that broke the camel’s back computing world altogether, or create a new complete, although the kernel (HURD) hadn’t
was a printer driver: Stallman needed the project comprised entirely of software that’s seen much work. However, a non-GNU
source code to add some vital features. But free from non-disclosure agreements and kernel project called Linux was becoming
usable, and paired with the GNU software, a
FREEDOM
FREEDOM
complete operating system could be made.
The BSD alternative Stallman, and many others from the GNU
project, prefer to call the operating system
Even while companies were trying to monetise and NetBSD. They share a lot of similarities with
software, code sharing remained common in GNU/Linux, but the licensing is different (more
GNU/Linux for this reason, and to emphasise
FREEDOM FREED
academic circles. BSD, the Berkeley Software over the page) and the developers tend to focus on that GNU is a project for computing freedom,
Distribution, was a Unix flavour that started life in the practical aspects of source code availability, and not just some useful bits and bobs that
1977. Its source code ended up in legal tangles in rather than societal implications of freedom and run on “Linux”. For brevity we use “Linux” to
the early 1990s, as GNU/Linux was beginning to sharing. Some BSD fans regard BSD as the original describe the OS in this magazine, but we
take off, but the situation was resolved and today Free Software, and GNU just happened to pick up
we have three major spin-offs: FreeBSD, OpenBSD on it later.
appreciate the argument that it should be
called “GNU/Linux”.
www.linuxvoice.com 21
� THE FIGHT FOR FREEDOM
So many licences... FREEDOM
GPL, LGPL, Affero GPL, BSD… there are many ways to make code free (as in liberty).
F FREEDOM
ree Software, according to Richard
Stallman, should grant users four
FREEDOM
FREEDOM essential freedoms:
Freedom to run the program for any
FREEDOM
purpose.
Freedom to study how the program works
(ie look at the source code).
Freedom to distribute copies to help your
FREEDOM
neighbour.
Freedom to distribute your changes in
source format.
Now, you could easily knock together
FREEDOM
a quick 100-word licence based on these
preconditions, but to make it last over
FREEDOM
the years and have a significant legal
foundation, you need something longer.
This is why Stallman created the GPL, the
General Public Licence, which is quite long
but makes it very hard for malicious types to
FREEDOM
subvert it.
Consider, for instance, source code.
FREEDOM
The GNU project takes its licences seriously – the FAQ for the GPL is over 22,000 words long!
assembly language listings, generated by developers who want to incorporate
REEDOM
A dodgy company using GPLed code a disassembler. This is, strictly speaking, modifications back into the main tree. So the
could release its modifications as “source code”, but it’s of little use to GPL describes source code as the “preferred
A quick chat with: Richard Stallman FREEDOM
The creator of GNU, the Free Software Foundation and the GPL
FREEDOM
What do you see as the biggest From a wider perspective: tens of
challenges facing Free Software
right now?
FREEDOM FREEDOM
millions (if not more) of people now
benefit from Free Software, and a free
FREEDOM
Richard Stallman: Computers designed to platform in the form of GNU/Linux. It’s
make it impossible to run free software. perfectly possible to do almost every
These include Apple and Microsoft phones mainstream computing task without
and tablets, the modem processors of all being restricted by proprietary software.
FREEDOM
FREEDOM
new portable phones, computers in cars, Obviously there are still some battles to
and so on. Many of them check for fight, but are you satisfied on the whole?
manufacturers’ signatures to make it Is there anything else outside of
impossible for users to change the software software that you’d like to tackle?
in their own computers. RMS: The idea of the free software
Also, services that refuse to function movement is that users should have control
except through nonfree apps or nonfree over their computing, so also over software cyberspace, and that is mostly limited to the
code sent to the browser in a web page. they use. (See www.gnu.org/philosophy/ field of PCs.
FREEDOM
Many of these are nasty in other ways too free-software-even-more-important.html)
– for instance, they track people and collect Given that nonfree software is nowadays Finally, are you still using the
dossiers, thus endangering democracy. See typically also malware (see www.gnu.org/ Lemote netbook you had for a
FREEDOM
www.gnu.org/philosophy/surveillance-vs- philosophy/proprietary for examples), a free while, or have you moved on to the Free
democracy.html. society calls for replacing all nonfree Software Foundation-approved
software with free software. refurbished Thinkpad?
Are there any problems We have advanced a long way starting RMS: It’s called the Gluglug, and yes I have
FREEDOM
approaching that could make a GPL from near zero in 1983, but we have a long switched. In practical terms it is a lot better.
v4 necessary? way left to go. As of yet, we have freed only a (www.fsf.org/news/gluglug-x60-laptop-
RMS: Not that I know of. small fraction of the inhabitants of now-certified-to-respect-your-freedom).
22 www.linuxvoice.com
� THE FIGHT FOR FREEDOM
FREEDOMFREEDOM
form for making modifications” – in other
words, code in the original language.
The GPL uses copyright law to make sure
that the rights to distribute and modify Free
Software remain in the code, and nobody
can suddenly lock it down under a different
communicate with it (like a web app),
users should also have the right to access
the source code.
There are other GNU licences, such as
for documentation, with the full list at
www.gnu.org/licenses. Interestingly, Linux
licences. The most notable is the BSD
licence, used by FreeBSD among other
projects, at just 233 words. This basically
says: do what you want with the code, but
credit the original source, and don’t sue us
for anything that goes wrong.
license. This strategy is known as “copyleft” (the kernel) hasn’t upgraded to the GPL Now, this leads to an involved
FREEDOM
in the FOSS world. But there are various
versions of the GPL:
v3 due to objections from Linus Torvalds.
He doesn’t think it’s wrong if hardware
philosophical debate about which licence
is more free. From one side, FreeBSD fans
FREEDOM
GPL v2 Provides the rights given above, would argue that their licence is
and is used in Linux (the kernel). the freest, as it enforces fewer
GPL v3 As above, but with extra clauses “Why set hackers against each restrictions on its users. You
relating to software patents, DRM (you
other, when they could work really can do what you want
M FREEDOM
can freely break DRM that’s implemented with the code, including folding
in Free Software) and the right to replace together to make a better world?” it into proprietary software,
GPLed software on locked-down just like Sony did with its PS4
hardware such as TV set-top boxes. manufacturers want to restrict users from operating system (which was based on the
FREEDOM
LGPL The “lesser” GPL, which allows
linking with proprietary applications. The
modifying software, noting that he installs
Linux on his children’s computers, and has
FreeBSD kernel).
GPL fans counter with: yes, the GPL
FREEDOM
GNU C Library (glibc) uses this. But why the right to stop them from upgrading it. has more restrictions, but these are put in
does it exist, when the FSF is against The GPL v3 is “overreaching” accordingly to place to maintain the user’s freedom down
proprietary software? Basically, it’s better Torvalds, and isn’t “morally” where he wants the road. The GPL is the freer licence as it
to have non-free programs using free to be. (See his full explanation at actively fights for freedom.
libraries rather than proprietary http://tinyurl.com/npmfwvz). Who’s right? The arguments will go on for
FREEDOM
FREEDOM
equivalents – as it gives users slightly years, no doubt. But the general consensus
more freedom. Free, or even freer? tends to be that the BSD licence provides
Affero GPL Like the GPL, but if you run While the GPL v3 is over 5,600 words long, more freedom for developers, while the GPL
GPLed software on a server and users run there are alternative and much simpler is better for end users.
A quick chat with: Microsoft!
Gianugo Rabellino, senior director of open source communities at MS Open Tech.
FREEDOM
Microsoft today is heavily involved Microsoft Azure, and that Linux and various
in various open source projects and
releases a lot of code under OSS
packages of Linux comprise 20% of Azure’s
workloads. But those who follow our LinuxFREEDOM
FREEDOM
licences. What brought about the change work more closely will know that we’ve had
in attitude since the early 2000s? Is it a Microsoft engineers actively contributing to
grass-roots campaign in Microsoft, or a the Linux kernel for over five years.
bigger corporate strategy?
FREEDOM
Openness is increasingly becoming part
FREEDOM
Gianugo Rabellino: Microsoft sees of the company’s DNA – multiple teams
openness as a way to satisfy our customers across Microsoft are involved in open
and grow our business. This involves source, standards and interoperability
enabling open source applications to run efforts. It’s both a top-down and bottom-up
better on and with our Microsoft platforms, approach – with customers and developers
but also to deliver great Microsoft at the centre.
experiences to other device platforms. application interoperability with our
Our open source strategy has evolved How is open source being used in products, and using an open source
FREEDOM
FREEDOM
based on conversation with our customers, Microsoft now? What would you development approach when it makes
many of whom operate heterogeneous IT describe as the company’s biggest open sense for specific products and solutions.
environments with traditional commercial source projects? One of our most significant open source
software, commercial open source software GR: Microsoft currently participates in over projects was our recent announcement that
FREEDOM FREED
and community-based open source 800 open source projects on GitHub, and Microsoft is open sourcing the full server-
software working side-by-side. that number is growing. We work with many side .NET stack and expanding .NET to run
So just how far we have come? Our CEO open source communities to identify on the Linux and Mac OS platforms. A large
Satya Nadella recently said “Microsoft loves valuable opportunities, projects and chunk of .NET was already open in the ASP.
Linux,” and described how there are 1,000 initiatives in which we want to participate, NET family of technologies, and this change
Linux virtual machines to choose from for often focusing on improving open source builds from that successful initiative.
www.linuxvoice.com 23
� THE FIGHT FOR FREEDOM
Real GNU/Linux distributionsFREEDOM
Our recommendations for maximum freedom.
W FREEDOM FREEDOM
e know there are hundreds of
distributions to choose between.
FREEDOM But there are far fewer choices
and some compromises to make if you
FREEDOM
want to use a GNU/Linux distribution that’s
endorsed by The Free Software Foundation
for adhering to Richard Stallman’s guiding
principles. Choice is reduced because the
FREEDOM
Linux kernel can’t contain any of the
proprietary blobs of firmware that are
tolerated by most other distributions. These
kernels are given the name ‘libre’, and they
FREEDOM
can have an impact on hardware
compatibility and performance.
FREEDOM
If there’s no open source driver, you’ll
also need to invest in different hardware.
This used to be a much bigger problem
10 years ago, with many modems,
wireless dongles, printers, touchpads and
FREEDOM
graphics cards rendered useless without
their manufacturer’s proprietary blobs.
FREEDOM
REEDOM
Fortunately, the Linux kernel is in much
better shape, and most modern hardware The biggest difference between these distributions and the ones we usually cover is their emphasis
we use will ‘just work’, which means there’s on freedom – that sometimes means sacrificing features, but it’s in a noble cause.
a good chance a free distribution won’t
require new hardware unless you’re using enabled by default and speaking many of the version numbers of packages stretch
FREEDOM
something esoteric. The main decision is the options you make and see on-screen, we back from that point – hence Gnome 2.x.
which distribution to try, and while there couldn’t an easy way to disable it (it’s Like Trisquel’s Ubuntu repositories, it Debian
are quite a few, not many receive the same Alt+Super+S). And that’s all there is to that many packages can be installed very
number of updates you’d expect from an installation. Within minutes, we had our new easily, and because the non-free repositories
FREEDOM
active distribution, which is why we’re only system up and running. are disabled automatically, you don’t have to
going to look at four. FREEDOM FREEDOM
Trisquel defaults to running Gnome in its
classic mode, and like the installer, we really
worry about. Despite its age, installation is
straightforward although slightly more
Trisquel 7.0 LTS
FREEDOM
like the appearance of the default theme. intimidating than Trisquel. You’re asked for
It used to be the case that ‘free’ GNU/Linux Most of the default applications are identical your network’s DNS address and manual
distributions weren’t as usable as their to a standard Ubuntu release. There’s confirmation of how your partition table is
non-free counterparts. That could make
FREEDOM
LibreOffice, Rhythmbox, Gimp and Evolution. going to be generated, for example.
FREEDOM
switching difficult for non-technical users. The web browser is based on version 33 of Using this old version of Gnome is a
That things have changed is partly thanks to Firefox and it’s called Abrowser. It worked reminder of how much has changed. It’s
what we’d consider the most popular well for us, defaulting to DuckDuckGo for quick and functional, but doesn’t have any
GNU-centric distribution, Trisquel. Trisquel searches as well as offering clear options for of the bells and whistles of newer versions
has been downloaded 344,786 times since disabling JavaScript or installing the more
its 2.0 release, and now uses Ubuntu as its privacy focussed GNU/IceCat.
foundation, making it an easy migration for http://trisquel.info
millions of Ubuntu users. The latest release
FREEDOM
is a re-working of the 14.04 Long Term gNewSense 3.1
Support version of Ubuntu, which means Second to Trisquel in popularity, gNewSense
you’ll get updates until 2019. There’s a wide is a little more austere in the appearance
FREEDOM
variety of download choices, from a 3 GB category. This is primarily because it’s using
ISO that includes source code to a 25MB a little-themed version of Gnome 2.x and
ISO that needs a network installation. We older packages than most distributions, and
opted for the 1.5GB DVD image, which can this is because of its choice of base
FREEDOM
also operate as a live desktop. Its Gnome- distribution. After a few years of using Based on an older version of Debian,
based installer looks amazing, and while it’s Ubuntu as its base, version 3 switched to gNewSense looks a little dated and may not
great that the Orca screen reader was Debian 6, first released in 2011, and many of work on the latest hardware.
24 www.linuxvoice.com
� THE FIGHT FOR FREEDOM
FREEDOMFREEDOM
– we still find OpenOffice here rather than
LibreOffice, for instance, and the desktop
doesn’t look anything like as good as
Trisquel. The older kernel, 2.6.32, is a little
more worrying. Trisquel sports version 3.13,
complete with low latency patches and bfq
scheduling, but more importantly, many
FREEDOM
more hardware drivers and updates, making
gNewSense less likely to work with modern
FREEDOM
hardware, at least until it catches up with the
latest Debian release.
www.gnewsense.org
M FREEDOM
Parabola
Parabola is a relatively recent addition to the It’s quite a shock how little a 500MB actually gets you these days. Judging from the text, maybe
Linux Foundation’s list of free distributions, not even a network connection.
being ordained in 2011, and it’s a little
FREEDOM
different to both gNewSense and Trisquel.
This is something you find out within 30
found networking already up and running,
putting off our Herculean struggle with
Musix v3.0.1
The three distributions we’ve looked at so far
FREEDOM
seconds of booting the 500MB Live ISO Systemd for another day. And while you’ll have been functional and modifiable just like
because you’re dropped as root into the need to configure and install everything any other distribution. Musix is a reminder
command line and curtly told that if you else you want to use, including a graphical that not all ‘libre’ distributions need to focus
want to install Parabola, you’d better have a on sober functionality, and it
working networking connection, and that to does this by being a Debian-
FREEDOM “There are some compromises to
FREEDOM
work out how this is done, open network. based distribution designed for
html into Lynx. Things could be worse. They
could have insisted on loading the html file
make if you want to use a distro music and media creation,
which we think is a great idea.
into Emacs. that’s endorsed by the FSF.” There’s not too much choice on
If this sounds familiar, it’s because the download medium, and the
Parabola is built atop Arch, a distribution environment, and carefully follow the 2GB download can take a while from the
that’s spawned a couple of ‘libre’ kernel installation instructions, this is still a limited server capacity, and unlike the other
distributions. You can even migrate from wonderful distribution. In some ways, three distributions we’ve looked at here,
a regular Arch installation if you’d rather building your own installation with an Arch there’s no torrent we could fine. Installation
rid yourself of those pesky proprietary distribution is a great way of appreciating is easy though. The Live DVD defaults to
bits. We like Arch a lot here at LV Towers, the amount of work that goes into creating a Spanish, but there’s English, French and
FREEDOM
but it’s not for the uninitiated. Fortunately, working system, especially when you know Portuguese too, and they’re all selectable
the barking words thrown onto the screen
at login are worse than their bite, and we
that every package is untarnished.
https://www.parabola.nu FREEDOM from the boot menu, which is an excellent
idea. This is also the only distribution we’ve
FREEDOM
looked at that boots to an augmented KDE
desktop (username: live password: user).
There’s pretty much every audio
FREEDOM application and effect you’ve ever heard
FREEDOM
of installed, along with some lots of other
multimedia tools like Kdenlive for video
editing and Blender for 3D generation. The
most important feature is that the Jack
audio system is already running, and you
can control it’s parameters and connections
with the QJackCTL application that’s also
included.
FREEDOM
FREEDOM
One tool we’d not seen before is GNU
Solfage. This is music educational and
training tool. It can play intervals and
rhythms, for example, and ask you to identify
FREEDOM FREED
them, you can create and train yourself
about scaled, and chords and keep on top of
your progress. The user interface is simple,
but it’s crammed full of essential content
that can really help.
Forget about proprietary plugins and formats with a music-making distro focussed on freedom. https://musixdistro.wordpress.com
www.linuxvoice.com 25
� THE FIGHT FOR FREEDOM
LibreOffice vs OpenOffice.orgFREEDOM
Our essential office suite proves that Free Software licences are important.
T FREEDOM
he recent history of both the
OpenOffice.org and LibreOffice
FREEDOM
FREEDOM projects encapsulates a lot of what
is good in open source philosophy, and what
FREEDOM
wider good can be achieved. We think it’s
also a great example that exposes many of
the issues brought about when these kinds
of projects are large and successful, and
FREEDOM
how they interact with both their community
and their corporate sponsors.
Having an ‘office’ suite of applications
for Linux has always been absolutely vital.
FREEDOM
At work, we all know that text documents
and spreadsheets spend their lives in
FREEDOM
perpetual motion between colleagues’ email
accounts, and nearly of these documents
will have been created by Microsoft Word or
Microsoft Excel. These two applications are
a cornerstone of Microsoft’s still unrivalled
FREEDOM
business strategy and unapproachable
influence, and they have been dominant
FREEDOM
REEDOM
LibreOffice has supplanted OpenOffice in nearly all Linux distributions, but it still faces a battle for
for over 20 years. As such, they’ve been recognition outside of the open source community.
fiercely guarded jewels in Microsoft’s crown.
Microsoft famously blocked its rival, IBM, another rival, Sun Microsystems, acquired Office, eventually releasing version 1.0 of
from selling Windows 95 in an attempt to a commercial office suite called StarOffice OpenOffice.org in May 2002.
undermine IBM’s own office suite, Lotus and open sourced the code in an attempt OpenOffice.org has always had a strong
FREEDOM
SmartSuite. Late in the same decade, to subvert the influence of Microsoft’s focus on embedding excellent import and
The open source licence spectrum
FREEDOM
Not all licences are the same. Some enable you This is great in certain circumstances, especially permissive and are stronger ‘copyleft’. Finally, we
to do more things than others. With a BSD-
style licence, for example, you can often create
FREEDOM FREEDOM
when a developer just wants to get their idea out
there, but the Free Software movement is built
have the Affero General Public Licence, which is
recommended by the Free Software Foundation
proprietary code without having to release your upon the users of that software having the same when code is running across a network.
FREEDOM
own changes. This is what allowed Apple to take access to the new developments, and that means
parts of FreeBSD and NetBSD for its own Mach having access to the code and being able to make Based on a 2007 illustration by David A Wheeler
kernel without having to provide its own changes. their own modifications. These licences are less (CC BY-SA 3)
FREEDOM
FREEDOM
PERMISSIVE WEAK COPYLEFT STRONG COPYLEFT NETWORK PROTECTION
PUBLIC DOMAIN LGPL 2.1
SQLITE Shotwell Qt
MIT/XII LGPL 2.1+
Node.js, Wayland XII,
FFmpge, VLC GPL 2
FREEDOM
Ruby on Rails
Linux Kernel
BSD (revised) LGPL 3 or 3+
FREEDOM
LibreOffice,
OpenLDAP, libssh2 GPL 3 or 3+ AGPL 3
OxygenIcons
GCC MangoDB, Launchpad, Diaspora
APACHE 2.0 MPL
FREEDOM
Apache, OpenOffice, Firefox, Thunderbird,
HTTP Server, Android Adobe FLEX
26 www.linuxvoice.com
� THE FIGHT FOR FREEDOM
FREEDOMFREEDOM
export compatibility with Microsoft’s own
formats, which meant that not only did
Linux inherit a fully fledged office suite, it
also gained vital compatibility with the file
formats everyone was emailing between
themselves. This has subsequently helped
Linux become a real viable alternative to
FREEDOM
Windows, as shown in many places such
as Munich city council’s LiMux project.
FREEDOM
But more importantly, it has also been
instrumental in making its OpenDocument
Format (ODF) an ISO standard, and it could
be argued that OpenOffice.org’s viability
M FREEDOM
for document editing and interoperability
has paved the way for a change in attitude
for many institutions who previously saw
Microsoft’s applications and formats as the
FREEDOM
only possible options.
FREEDOM
Oracle
We’d argue that none of this would have
been possible without OpenOffice.org being
an open source project (LGPL v3 has been OpenOffice is in the very capable hands of The Apache Software Foundation, but a merge with
used since version 2), and the project is LibreOffice now seems almost impossible.
FREEDOM
FREEDOM
significant because the licence has both
ensured its openness and its survival. Oracle with something of a quandary. On the one differences in their licensing begin to have
acquired Sun Microsystems in 2010 and hand, the Apache Software Foundation now an effect. Apache OpenOffice uses the
muddied the future of many of Sun’s open had an important piece in the free software generally more liberal Apache Licence, as
source projects like OpenOffice.org, MySQL, puzzle under its control, a gateway suite for you might expect. LibreOffice, by contrast,
VirtualBox and of course, Java. people migrating from proprietary systems. has inherited LGPLv3 and the MPL 2.0
Oracle also reduced the number of On the other hand, OpenOffice.org had been (Mozilla Public Licence). This makes moving
developers working on what was now called morally supplanted by LibreOffice in the code from one project to other the much
Oracle Open Office, and this apparent lack of hearts of many open source users. The easier in one direction – from the more
progress led to what’s best described as a liberally licensed code to the
‘fork’, in a similar way that Xfree86 became less liberally licensed code, and
FREEDOM “As users and advocates, we still
X.org, and both forks were only possible that means from Apache
have LibreOffice, whichFREEDOM
because of the licences used to host and OpenOffice to LibreOffice.
share the source code. is by far It’s a shame that we have
the most important thing.”
FREEDOM
Names, such as OpenOffice.org, are two such similar projects, but
trademarked and not typically part of it’s difficult to see how it could
the open source side of a project. The have happened any other way
Document Foundation (TDF) was created Document Foundation also made it clear
FREEDOMwithout Oracle donating the code to The
FREEDOM
to take control over the project, after initially that it had no intention of shifting direction Document Foundation at an early stage.
hoping that Oracle would rather hand over when it made its own statement shortly That this didn’t happen could have simply
OpenOffice.org to TDF than run it itself. When after Oracle’s relicensing, “The Document been a lack of understanding at Oracle,
this didn’t happen, The Foundation created Foundation and LibreOffice represent or the subtle machinations of a large
its own fork of the source code and voted already a future path of development for corporation with its wide and convoluted
to rename the liberated version LibreOffice, the OpenOffice.org community and the approach towards the open source
which has since gone on to replace OpenOffice.org code base, as was originally projects it curates. Either way, as users and
OpenOffice.org in all of the major Linux announced on September 28, 2010.” advocates, we still have the project and the
FREEDOM
FREEDOM
distributions. software, which is by far the most important
However, the story doesn’t end there. OpenOffice rides again thing, and something that would never have
OpenOffice.org still has some powerful brand The Apache Software Foundation has since happened with a similar proprietary piece
recognition and is still downloaded and developed the suite on its own, which has of software.
FREEDOM FREED
used in many places, despite LibreOffice’s revealed another final twist to the saga. Despite all this manoeuvring and strategy,
superiority, and Oracle did eventually decide Without the same resources, OpenOffice and despite the long history of the software,
to give the project away, OpenOffice.org was development has been slower; both projects it’s open source that has ensured its survival
given to The Apache Software Foundation, have worked on their own aspects to the and continued growth. And we don’t think
a bona fide repository for open source code, but there’s also some sharing. there’s any other system that could have
projects, and this donation must have left it Unfortunately, this is always where subtle produced the same result.
www.linuxvoice.com 27
� LINUX PUB QUIZ
THE LINUX VOICE
PUB QUIZ
Get a few friends together, settle down by the fire and pour
yourselves an ale. It’s time to test your Linux knowledge
with a little help from our Quiz Master, Gnomish Armorar.
The Linux kernel of the kernel?
00 Andrew S Tanenbaum and Linus Torvalds A) 91,023 B) 23,910 C) 39,102 D) 10,239
famously argued about the size of their kernels. 06 Which of these is a real kernel error?
What was the subject of Professor Tanenbaum’s A) “Here’s a nickel kid. Go buy yourself a real
1992 email rebuttal?
A) You are insane B) Linux is monolithic C) Linux is a
microkernel D) Linux is obsolete
01 Which company did Linus colourfully describe as
being the “single worst we’ve had to deal with” back
in 2012?
A) Intel B) Nvidia C) The Linux Foundation D) AMD
02 How did Linus Torvalds describe Systemd
developer Kay Sievers?
A) Drooling moron B) Pathetic moron C) F*cking
moron D) Needing a little constructive help
03 Linus Torvalds has said “I’m an egotistical
bastard, and I name all my projects after myself, ”
but which of the following isn’t one of his projects?
A) Scrot B) Subsurface C) Linux D) Git
04 In what month of 1991 did Linus announce his
kernel with the words “Just a hobby, won’t be big and
professional like GNU.” Andrew S Tanenbaum originally thought Linus was onto a
A) August B) September C) October D) November losing gambit with his newfangled operating system.
05 How many lines of code were in the 0.01 release Photo credit: GerardM (CC BY-SA)
28 www.linuxvoice.com
� LINUX PUB QUIZ
D) Acorn Atom
21 Which company did Paul Beech, the winning
designer behind the Pi’s logo, co-found?
A) Pimoroni B) Adafruit C) Ryanteck D) Ragworm
22 What is really beneath the two leaves in the
Raspberry Pi logo?
A) A delicious raspberry B) A disco light ball thing
C) A buckyball D) The meddling monk
23 Which famous British games designer is a
co-founder of the Raspberry Pi Foundation?
A) Andy Braybrook B) Geoff Crammond
C) David Braben D) Jeff Minter
24 When could you first order a Raspberry Pi?
Will 2015 be your year of Linux on the desktop? A) 29 February 2012 B) 29 March 2012
C) 29 April 2012 D) 29 May 2012
computer.” B) ”So long and thanks for all the fish” C) 25 How much RAM did the original Model Bs
”Game Over” D) “I came, I tried, I crashed”? ship with?
07 In which order were the following Linux sound A) 32k B) 256MB C) 512MB D) 1024MB
architectures developed: ALSA, OSS, PulseAudio 26 How many Raspberry Pis have been sold
and Jack? (as of late 2014)?
A) AOPJ B) OPAJ C) OAJP D) OAPJ A) 1 million B) 2 million C) 3 million D) 4 million
08 In The Linux Foundation’s 2013 report on kernel 27 Which of the following hasn’t been attempted with
development, who signed off the largest percentage a Raspberry Pi (yet!!)?
of patches? A) Brewing beer B) Raspberry Pi submarine C) An
A) David S Miller B) Linus Torvalds C) Greg Kroah- autonomous Atlantic crossing D) Sent to near space
Hartman D) Andrew Morton 28 What’s the name of the Pi’s easy to use operating
09 According to the same report, which group had system installer?
the largest number of patches signed off? A) Noobs B) ezboot C) AcornDFS D) ddrescue
A) Intel B) Red Hat C) The Linux Foundation D) Google 29 Which software isn’t available for the Raspberry Pi
for free?
Desktops A) Scratch B) Mathematica C) Minecraft
10 What did the K in KDE probably stand for? D) Microsoft Office
A) Koncept B) Kool C) KDE D) Kitchen
11 What does the M represent in Gnome? Ubuntu
A) Model B) Matthew C) MIME D) MOSAIC 30 What was the code name for the first release
12 What does the X represent in Xfce? of Ubuntu?
A) X11 B) X.org C) XForms D) XWindow A) Hoary Hedgehog B) Warty Warthog We’re still waiting for a
13 How do most Gnome developers pronounce it? C) Breezy Badger D) Dapper Drake Pi that can fit into an
A) Nome B) Gunome C) Nomay D) Gunume 31 How much did Mark Shuttleworth reportedly sell Altoids tin.
14 And how should you say ‘Qt’ to Lars Knoll?
A) Cut B) Cutes C) Cutey D) Cute
15 Which of these isn’t a KDE application?
A) Konqueror B) Konversation C) Kanada D) Belle
16 Which of these doesn’t use GTK+?
A) Mozilla Firefox B) Google Earth C) The Gimp
D) Xfce
17 When was Qt finally released under an FSF
approved licence?
A) 1997 B) 1998 C) 1999 D) 2000
18 Miguel de Icaza is the co-creator of Gnome. What
does he now help develop?
A) Mono B) Swift C) Python D) BlitzBasic
19 Which desktop environment is Linus Torvalds
currently using?
A) KDE B) Gnome 2.x C) Gnome 3 D) Mate
Raspberry Pi
20 Which 80s computer does the Pi partly take its
inspiration from?
A) Acorn Electron B) Acorn BBC C) Acorn Archimedes
www.linuxvoice.com 29
� LINUX PUB QUIZ
his security startup, Thawte, to VeriSign?
A) $574 million B) $57.4 million C) $5.74 million
D) $5.74
32 Mark Shuttleworth was which numbered
space tourist?
A) First B) Second C) Third D) Fourth
33 What does Ubuntu mean?
A) I’m loving it B) I am what I am C) Do no evil
D) Humanity to others
34 Where did Mark Shuttleworth go to strategise
before launching Canonical?
A) Antartica B) North Pole C) Isle of Man
D) Cape Town
35 What is Mark Shuttleworth’s latest project?
Ubuntu is still perhaps the worlds’ most popular
A) A South African astronauts fund B) The Ubuntu GNU/Linux distribution.
Watch C) Botanic gardens D) Solar balloons
36 In 2011, how many Ubuntu users did Mark
Shuttleworth say there’d be in 2015? Bash Commands
A) 200 million B) 100 million C) 50 million 50 What are the target file’s permissions after the
D) 25 million following command: chmod 765 filename?
37 What percentage of the Ubuntu Edge super A) -rwxrw-r-x B) --rw-r--r-- C) -rwxrw-r--- D) -rwxrwxrwx
smartphone was funded through Indiegogo? 51 Which of these vim :help arguments is not an
A) 30 B) 40 C) 50 D) 60 easter egg?
38 When did Canonical announce the Ubuntu TV? A) holy-grail B) 42 C) ! D) me
A) 2011 B) 2012 C) 2013 D) 2014 52 What does the ‘rev’ command do?
39 Which is going to be the first Ubuntu release with A) Increments a version number B) Reverses input
Mir as default? C) Reverts to a backup D) Makes a car sound
A) 15.04 B) 15.10 C) 16.04 D) 16.10 53 What’s the systemd equivalent to
‘tail -f /var/log/messages’?
Picture Round - see inside back cover A) journalctl -f B) tail -f /var/log/systemd
40 Which command produces this output? C) systemd —viewlog D) cat /dev/sda2
A) fortune | echo B) cowsay | fortune C) fortune | 54 Which character in Bash is used to redirect output
cowsay D) cowsay to a file?
41 Where on earth is Damian Conway? A) < B) << C) > D) >>
A) Bath Abbey B) Westminster Abbey C) Princess 55 Which character redirects a file’s contents to the
Theatre, Melbourne D) Buckingham Palace standard input of a command?
42 Who is this? A) < B) << C) > D) >>
A) Richard Stallman B) Fred Durst 56 What’s the Bash keyboard shortcut for searching
C) Mark Shuttleworth D) Jono Bacon backwards through your history?
43 Which Raspberry Pi is this?
A) Model A B) Model B C) Model A+ D) Model B+
44 Which open source celebrity have we unleashed
our Gimp skills upon?
A) Tim O’Reilly B) Tim Bray C) James Bottomley
D) Julian Assange
45 Which ancient Linux distro is this?
A) Red Hat 5.1 B) Mandrake 5.1 C) Slackware 7
D) Debian 2.0
46 Which desktop is Knoppix using in this release?
A) GNOME B) KDE C) LXDE 7.2 D) XFCE
47 Which ancient version of Ubuntu is depicted
here?
A) 4.10 B) 5.10 C) 6.06 D) 6.10
48 What music application are we using in this
screenshot?
A) Rhythmbox B) XMMS C) Cementine D) Amarok
49 Who is this?
A) Richard Stallman B) Fred Durst
C) Mark Shuttleworth D) Jono Bacon Debian is the largest community supported Linux distro.
30 www.linuxvoice.com
� LINUX PUB QUIZ
A) Alt S B) Alt H C) Ctrl S D) Ctrl R
57 What command would you use to perform simple
arithmetic?
A) $((56 - 14)) B) echo ’56 -14’| bc C) bc ’56 - 14’
D) calc ’56 - 14’
58 If you wanted to process audio on the command
line, what would you use?
A) shoez B) spex C) soundz D) sox
59 Which command would you use to change
your password?
A) pwd B) pwnd C) passwd D) password
Debian
60 Who was Ian Murdock’s girlfriend when he
started Debian?
A) Debra B) Debbie C) Deborah D) Deidre
61 When was Debian first announced?
A) 1992 B) 1993 C) 1994 D) 1995
62 Which distribution isn’t derived from Debian?
A) Knoppix B) Linux Mint C) Mageia D) Ubuntu
63 Which film series characters are Debian releases
often named after?
A) Toy Story B) Back to the Future C) Stargate
D) Krzysztof Kieślowski’s Three Colours
64 How many CPU architectures does Debian 7.0/
Linux support
Robots distract our attention by hosting themselves within things we enjoy.
A) 11 B) 3 C) 9 D) 15
65 Which boot system does Debian use?
A) System V B) Upstart C) Systemd
D) Don’t even go there T42 D) Rhino E6540
66 Which other kernel doesn’t have a Debian 71 Which of the following has never suffered a Linux
version? installation?
A) GNU/Hurd B) FreeBSD C) Minix D) Linux A) a Mars Rover B) International Space Station
67 Which of the following is not in Debian’s Social C) a toaster D) a sniper rifle
Contract? 72 Which kernel version re-integrated the changes
A) Community politeness B) User focus made by Android?
C) non-free compatibility D) Problems aren’t hidden A) 2.6.35 B) 3.0 C) 3.3 D) 3.5
68 Who is the longest running project leader of 73 Which Bruce created BusyBox, as used by many
Debian? set-top-boxes, NASs and routers?
A) Ian Murdock B) Stefano Zacchiroli A) Wayne B) Forsyth C) Lee D) Perens
C) Bruce Perens D) Bdale Garbee 74 Which hacker co-created both Samba
69 When was Debian 1.0 released? and rsync?
A) June 1996 B) December 1995 C) It wasn’t, due to a A) Ted Ts’o B) Andrew Tridgell C) Jeremy Allison
CD creation fault D) January 1997 D) Linus Torvalds
75 Which is the best source of entropy in a standard
Hardware Linux installation?
70 What was the first laptop top be awarded the A) /dev/random B) /dev/urandom C) /dev/null
FSF’s Respects Your Freedom award? D) /dev/zero
A) Dell XPS 13 B) Gluglug X60 C) Lenovo ThinkPad 76 How many of TOP500’s top ten supercomputers
(Nov 2014) run Linux?
A) 7 B) 9 C) 8 D) 10
Answers Let us know how you get on! 77 Which laptop hasn’t Linus Torvalds used for
70) B 71) A 72) C 73) D 74) B 75) A 76) D 77) A 78 C) 79) A
travelling (as far as we know)?
A) Macbook Pro B) Pixel Chromebook C) Macbook Air
60) A 61) B 62) C 63) A 64) A 65) C 66) C 67) A 68) B 69) C
50) A 51) D 52) B 53) A 54) C 55) A 56) D 57) B 58) D 59) A
40) C 41) B 42) D 43) C 44) A 45) B 46) A 47) A 48) D 49) A D) 11-inch Sony Vaio Pro
30) B 31) A 32) B 33) D 34) C 35) C 36) A 37) B 38) B 39) C 78 What is the coreboot project?
20) B 21) A 22) C 23) C 24) A 25) B 26) D 27) B 28) A 29) D A) A clothing alliance B) An SSD cache C) A BIOS
10) B 11) A 12) C 13) B 14) D 15) C 16) B 17) D 18) A 19) C
replacement D) A systemd replacement
79 Which of the following is not a boot manager?
00) D 01) B 02) C 03) A 04) A 05) D 06) A 07) C 08) C 09) B
A) UEFI B) Lilo C) Grub D) Refind
www.linuxvoice.com 31
� FEATURE RIP LINUX OUTLAWS
LINUX
OUTLAWS
Les Pounder looks back on the glory days of a
Linux podcast that took no prisoners.
So farewell then, Linux Outlaws…
I
n 2007 there was a new Linux podcast on the From the community, may we say thank-you to
scene, hosted by two regular Linux users who Linux Outlaws for seven years of great shows and
loved talking. Dan Lynch and Fabian Scherschel wish them good luck in their future projects.
rose to become two of the most loved podcast [Editor’s note – although we intended these pages to
presenters in the Linux community. Their podcast, provide a look at the best Free Software podcasts around
Linux Outlaws, became to fill the void left by the
a much loved and
cherished show that
“Linux Outlaws informed and departure of Linux Outlaws,
we somehow neglected
both informed and entertained its listeners with a to mention the Linux
entertained its listeners
with a mix of news,
mix of news, reviews and rants.” Voice podcast. Rising
phoenix-like from the
reviews, interviews and ashes of the once-popular
several rants. Just recently the team behind Linux TuxRadar podcast, Linux Voice fills the airwaves once a
Outlaws announced that the show would be ending in fortnight with a mélange of new-ish news, opinions and
December 2014 and we were privileged to have the contributions from our insightful, intelligent and beautiful
chance to interview the outlaws for their last stand. listeners. Right, carry on…]
32 www.linuxvoice.com
� RIP LINUX OUTLAWS FEATURE
Interview: Dan Lynch & Fab Scherschel
We speak to the men behind Linux Outlaws to find out how their long-distance
project started, what they plan to do next and why they have to drive so fast.
Dan, Fab great to chat with you both. So
first question: how did you guys meet?
Dan Lynch: We met on a social network called Jaiku
back in early 2007. It was a Finnish project that
became popular when Leo Laporte (of TWIT fame)
joined. I heard about it on one of Leo’s shows and
decided to give it a try. I’d never really bothered with
social networks at all before. Jaiku was like Twitter in
that initial posts were limited to 140 characters but it
also had comments on each post, which were not
limited. What came out of that were these really
in-depth long discussion threads.
I met Fab and a whole bunch of great people on
there. Many of them are still among my closest
friends. I began podcasting with my Jaiku friends in
early 2007 and we had a great time. Fab was a guest
host or panel member on those shows sometimes.
We both used Linux and were enthusiastic about it. It
was his idea to start a podcast about Linux and he
asked me if I wanted to join him. The rest as they say
is history. Jaiku was bought by Google and ultimately
shut down by the way. Some of the technology
became Google+ and the staff were mostly absorbed
into Google’s team.
Fabian Scherschel: Pretty much what Dan said, and eventually I gave it a listen and became a fan. I Dan Lynch is based in
although I don’t think Jaiku was my first social think I pretty much must have listened to the whole Liverpool and records from
network. I still have fond memories of the community back catalogue, too. As for podcasts who helped us his home studio.
there. I got on that early podcast by imitating an angry out along the way, we must also mention Linux
John C Dvorak, by the way. Fun times! Reality. I wrote an email to Chess [Griffin] when that
show ended and he mentioned LO subsequently. We
Linux Outlaws rose to popularity at a time got a pretty big influx of new listeners from that.
when LUG Radio was winding down. As we
understand it the LUGRadio hosts gave Linux From all of the shows what has been your
Outlaws quite a recommendation? favourite moment?
DL: They did encourage people to give us a try and DL: Just one? That’s very hard to answer. Possibly
that was really helpful. I began listening to LUGRadio recording our 100th episode in a car speeding down
around the end of 2006, so it had been going years the Autobahn as we headed to Linux Tag in 2009. Fab
before I heard it. When we started Linux Outlaws in was driving! I don’t recommend podcasting and
Sept 2007 they were a big influence. Initially I’m sure driving, unless you have a decent hands free of
they had no idea who we were – I mean, why would course. In this case I held the recorder as he drove so
they? But at some point one of the hosts heard our it was ok. We had a really fun discussion and people
show and mentioned it. That was great. We also seemed to like that episode a lot.
came 2nd to LUGRadio in a podcast roundup in Linux FS: The recording on the Autobahn at 200km/h in my
Format magazine pretty early on, it must have been dad’s Renault was definitely a high point. That was
2008 I think. I believe it may even have been Linux really fun! Other than that, I also immensely enjoyed
Voice’s own Mike Saunders who wrote it, I forget now the live show we did in Liverpool for episode 300 as
though [It was Mayank Sharma]. That boosted our well as taking the stage at the first OggCamp. Back
popularity massively and we reached a big audience then, I would still feel pretty nervous when facing
quite quickly. When LUGRadio decided to call it a day down a crowd of hundreds.
about a year after we began they were really kind in
directing people our way, which we really appreciated. What legacy will Linux Outlaws leave
FS: I must confess that I didn’t listen to LUGRadio behind?
when we started. Dan would go on and on about it DL: God I don’t know. I’d like to think we showed
www.linuxvoice.com 33
� FEATURE RIP LINUX OUTLAWS
of course we began the event with the good folks at
Ubuntu UK. It’s grown way beyond the show, but LO
played a crucial part in starting the event. I want to see
that continue long after we hang up the microphones.
FS: I hope that there will be more podcasts to come
for Dan and myself. Maybe not Linux or software-
specific ones, but hopefully they will be fun and
entertaining. I’m not ready to give up podcasting just
yet. As for the Linux podcasting scene, I hope there
will be always a show or two that includes presenters
that say what they believe, no matter how unpopular it
might be. That’s the one thing that was always most
important for me and it’s the one unique aspect that
independent podcasts add to the media landscape.
If you could have done one thing differently
Fabian Scherschel (L) and
people that anyone can do this and you really don’t with Linux Outlaws, what would it be?
Dan Lynch ( R ) have been
the hosts of Linux Outlaws need to be clever or talented. I know LO listeners have DL: That’s hard to say. I definitely don’t regret much to
for seven years. started a lot of podcasts and gone off to do their own do with the show. This may be a rubbish answer but I
things down the years. I like to think we inspired that don’t think there is anything obvious I’d want to go
in some way. We never claimed to be experts in Linux back and change really.
or anything else really. As the show grew popular FS: Actually, one of the things I’ve always been proud
people began to expect some level of expertise from of with LO is that we’ve adapted throughout the
us but they missed the point. It was always meant to show’s run. We’ve tried not to cling to predefined
be just two average guys who use Linux talking about templates and segments. We tried to change with the
things they think are cool and sharing experiences. If times. In that way, I think, we actually did things
others went out and did that too because of our differently whenever we saw the need. This did get us
example then great. Also OggCamp is a legacy I’m in conflict with some of the listeners several times, but
very proud of personally. It’s not an LO invention and I do think we generally did a good job.
Top Fabian Scherschel
is based in Germany and
also records from a home
studio that has grown
along with the podcast.
Bottom left The Linux
Outlaws album art has
changed many times in the
course of the podcast.
Bottom right Linux
Outlaws were part of
the team that created
the popular Oggcamp
unconference.
PHOTO CREDIT: Tris Linnell
34 www.linuxvoice.com
� RIP LINUX OUTLAWS FEATURE
EVEN MORE
PODCASTS
FLOSS Weekly Ubuntu UK Podcast Raspi.today
Hosted by Randal Schwartz and his rotating Well known as the Radio 4 of Linux Podcasts, A relative new kid on the block hosted by
panel of presenters which includes Linux the Ubuntu UK podcast has a long tradition Russell Barnes, who used to be the editor of
Outlaws’ very own Dan Lynch. FLOSS Weekly of quality and insightful content. Hosted by Linux User and Developer magazine. Russell’s
is part of the larger TwiT (The Week in Tech) Alan Pope, Tony Whitmore, Laura Cowen and site is dedicated to the Raspberry Pi and his
network that covers everything from Open Mark Johnson, the Ubuntu UK podcast, as you enthusiasm and passion is plain to see with
Source technologies to other proprietary may have already guessed, provides news and lots of great content in his podcast. He has
platforms. This podcast is of exceptional content from the Ubuntu community, but their interviewed many different people from the
quality and by that we mean the content and scope is not just limited to Ubuntu and they Raspberry Pi community including 4tronix,
knowledge of the hosts and the production feature content from the wider Open Source PiBorg and Ben Everard, author of the best-
quality of the finished product. The show often community. This podcast is well produced with selling Learning Python with Raspberry Pi. If you
has special guests from the tech scene and a snappy (the team try to keep episodes to are into your Raspberry Pi, then this podcast is
they provide great insights into their projects. under 40 minutes) and well tested format. the one for you.
http://twit.tv/show/floss-weekly http://podcast.ubuntu-uk.org www.raspi.today
Linux Luddites The Linux Link Tech Show
Linux Luddites is a podcast presented by TLLTS is a weekly podcast with a myriad of
Joe, Paddy and Jesse, who twice a month dip a presenters that each delve into the latest
toe into the Free Software waters, try new Linux news and issues in the Linux and Open Source
software, then decide that they liked the old communities. Presented in a laid back and
stuff better. The format of the show is similar relaxed manner TLLTS is a refined yet casual
to Linux Outlaws with a dash of LUG Radio. The show that seeks to entertain and inform the
news, reviews and feedback sections denote listener. A great podcast to listen to on your
the pace and content of the show. If you like commute to work. The Linux Link Tech Show is
your Linux news with a dash of humour then released under a Creative Commons Attribution,
the Luddites are happy to oblige, just don’t be Share-Alike Non-Commerical licence, so you’re
too bashful when the odd profanity pops out. free to mix it up, copy it and use it as you see fit
http://linuxluddites.com as long as you fulfil the terms of the licence.
www.tllts.org
MintCast Going Linux Everyday Linux
In a similar manner to the Ubuntu UK podcast, Going Linux is currently hosted by Larry Bushey, The community that surrounds Linux is what
the MintCast is a podcast created by and for the creator of the podcast, and technology sustains and nurtures Linux and this podcast
the many Linux Mint users, of whom there advocate Bill Smith, and has in the past been is there to help illustrate this facet of the Linux
are a growing number. Weighing in at around presented by Tom Chaudoir and Serge Rey. eco-system.
two hours long this is an informative show This is a quality podcast that provides great http://elementopie.com/everyday-linux-
presented by Rob, Scott and James who are all content to suit all levels of Linux users, along episodes
keen Mint users, along with guest hosts from with reviews on all the latest free software and
the Mint community. general news from Linux communities. The
http://mintcast.org show provides a fresh and innovative approach
to delivering the latest news thanks to their
extended team of presenters and diverse
content.
http://goinglinux.com
www.linuxvoice.com 35
� FEATURE PICADEMY
LEARN TO TEACH
Les Pounder travels to Pi Towers to find out more
about what the Raspberry Pi Foundation is doing
to educate the educators.
C
omputing in schools has become a hot topic development event provided by the Raspberry Pi
in the last few years, and teachers are keen to Foundation, and the team that make it happen. We
learn new skills to expand their knowledge of asked them all about the genesis of Picademy and the
the subject. Typically this is achieved via self-learning, future of CPD training for UK teachers.
but when teachers need quick results they reach for
training via established training providers. Continual Genesis
Professional Development (CPD) is not new to the When Michael Gove, the former Secretary of State for
teaching world, and providers are looking to meet the Education, announced that there were to be changes
needs of teachers who are eager to learn what the to the ICT curriculum many teachers around the UK
Raspberry Pi can do. felt that they were ill-prepared to teach the new
The Raspberry Pi Foundation has its own education computing curriculum and searched for specialist
team, and its champion CPD training to help
of CPD is Carrie Anne
Philbin, an ex teacher,
“Teachers are keen to learn bridge their skills gap.
Around the time of this
author of Adventures in new skills and to expand their announcement the
Raspberry Pi, and creator
of a popular series of
knowledge of the Raspberry Pi.” Raspberry Pi was on sale
with a mission to help
YouTube videos under children learn more about
the title “Geek Girl Diaries”. Computing via creative means. What was missing
Linux Voice was privileged to be given behind-the- was a support system of lessons and ideas for
scenes access to Picademy, the free professional teachers to work with, and so the Raspberry Pi
36 www.linuxvoice.com
� PICADEMY FEATURE
Foundation created its education team with the goal
of providing support material for teachers to use with
their Pis. With the hiring of Carrie Anne Philbin, the
Foundation education team created their own CPD
under the name of “The Raspberry Pi Academy for
Teachers” informally known as Picademy. The first
Picademy took place at the Raspberry Pi HQ in April
2014 and 24 teachers from around the UK took their
place as Raspberry Pi Certified Educators (RCE). Since
April, there have been four more PiCademies, each
training 24 more teachers who are spreading their
knowledge to other schools around the UK.
Structure of Picademy
Typically, CPD is structured around a single day and is
lead by a single trainer who is an expert in the subject.
Picademy is a little different in that it is split over two
days and is lead by a team of specialists from across Using Pibrella with a little Python 3 we all made our Picademy gives teachers
the Raspberry Pi community. own version of the old quiz show game “Wheel of the time and resources
On day one, the 24 teachers from around the UK Fortune”, which uses a wheel to randomly select a to try out their Pi-based
arrived at Pi Towers in Cambridge for an early start question or prize. projects in a supportive
network.
to a full day of Pi-based training. Each of the teachers Session two, led by Clive Beale, introduced the class
had previously gone through a rigorous selection to the excellent Scratch GPIO application maintained
process that involves a written application to find out by Simon Walters. Using Scratch GPIO, the class
about their skills and aspirations for the Pi, which is quickly built their own traffic lights using breadboards,
then followed up with a video application. From the LEDs and wires.
hundreds of applications the chosen 24 make it to
Cambridge and are put into teams that encapsulate Hacking the camera module
the essence of Pi, with team names such as GPIO, Session three was an introduction to the Raspberry Pi Below left At the end of
Scratch, Python and Minecraft becoming precursors camera unit and the corresponding Python module, day 1 the teachers added
their projects to a large
to the content of the next two days. led by Ben Nuttall. This session was a swift yet
wall of projects from
The four teams were then introduced to the succinct introduction to the camera and how to use it
previous Picademies.
Picademy team, consisting of Carrie Anne Philbin, with Python 3. Ben instructed the class on how to Centre Robots are a great
Sam Aaron, Ben Nuttall and Dave Honess, and to the install and use the hardware using the raspistill way to demonstrate coding
community members, which on this occasion command and the Python library using a hardware concepts in an exciting
included James Robinson, Martin O’Hanlon, James button to trigger the camera. manner. Why show off a
Hughes and your humble narrator. Over the course of Session five was led by Martin O’Hanlon, and boring loop with “Hello
the two days these people were on hand to guide demonstrated how Minecraft can be used to teach World” when you can have
each of the teams through their learning. Python in a fun and inventive manner, starting with a robot drive around?
Below right Constantly
The first training session was with James Hughes, teleporting and the x y z positioning system, and
changing the location
who led a quick guide to Linux and the command line, ending with the creation of diamond walkways that
and trainer for sessions
both of which are essential skills to learn when enable the player to walk in thin air. Martin, along with helps the class to retain
hacking the Raspberry Pi. David Whale, has written a book in a similar fashion to their focus along with a
The second training session is with me, making my Carrie Anne’s successful Adventures in Raspberry Pi, notebook full of notes and
début with my favourite Pi add-on board, the Pibrella. wonderfully called Adventures in Minecraft. sketches.
www.linuxvoice.com 37
� FEATURE PICADEMY
to think of a project and complete it in the second day
of Picademy.
Day two starts bright and early with a few
presentations from key members of the Raspberry Pi
team and community. Our first speaker was Rachel
Rayns, an artist who works for the Raspberry Pi
Foundation to further the use of the Raspberry Pi in
creative and artistic projects. Rachel talked about her
journey from being a traditional artist to using digital
media and tools from the maker community. Our next
speaker was Sam Aaron, the main developer of Sonic
Pi, who works at a supersonic pace to improve the
project, which is clearly visible in the changes made
between version 1 and 2 of the application. Sam
talks about how coding and music are interlinked
with similar concepts that complement each other.
Sam also demonstrated how live coding with Sonic
Pi can be used for creative DJ sessions, something
that will add an extra incentive for musically minded
programmers. The last speaker is Matthew Manning
aka Raspberry Pi IV Beginners, and his talk focused
on the various communities that are present in the
Raspberry Pi world.
Hands-on
With the talks over and the teams eager to get
hacking on their projects, they set to work creating
their Pi-powered inventions.
The Raspberry Pi Foundation provide lots of
equipment and access to the engineers behind the
Raspberry Pi, so each of the teams get all of the toys
that they need to build any type of project. At the
October Picademy the theme was quite clearly
Halloween, and with projects such as a robotic mobile
Top Picademy uses Motorola lapdocks to enable teachers to be fully mobile with disco that danced to Michael Jackson’s Thriller and a
their Raspberry Pi projects. Above At the start of day 2 there were speakers from the Tweeting “Ghost Catcher” this is clearly evident.
Foundation and the Community. Here we see the Foundation’s artist in residence, Rachel During the course of the day, the teachers hacked
Rayns talking about art and the Raspberry Pi. their projects into life ready for a show and tell at the
end of the day, where they met Lance Howarth, the
Sonic Pi, led by Sam Aaron, was session six, and CEO of the Raspberry Pi Foundation’s charitable
this proved to be the most popular session of the day. activities, who was on hand to issue the certification
Sonic Pi, the popular music composition/ for each of the team members who are now
programming suite, is an exceptionally powerful tool Raspberry Pi Certified Educators.
in the hands of practitioners such as Sam. After The class graduate and network amongst
demonstrating a series of ambitious projects, Sam let themselves, forging new branches to the education
the class compose their own network via social media and traditional networking
“The teams at Picademy get tunes using samples and
programming logic.
channels. The ideas created and friendships made
here will go on to help others around the UK to work
all of the toys they need to The last session of the day with the Raspberry Pi.
build any type of project.” was a double feature, first led
by James Robinson, who
How can you apply for Picademy?
talked about integrating the
Raspberry Pi into the classroom. In the second half of Teachers from around the UK are welcome to apply for
the session Dave Honess demonstrated a classroom Picademy. Over the course of two days you will learn more
about the Raspberry Pi and how it can be integrated into all
solution know as LTSP created by Andrew Mulholland aspects of your classes. You don’t need to be an expert in
that enables the Raspberry Pi to be used in a similar the Raspberry Pi, as full guidance is provided; just arrive
fashion to a thin client. with an open mind ready for lots of fun and inventions. To
With all of the sessions complete for day one, the apply for Picademy, head over to www.raspberrypi.org/
Picademy teachers were issued a challenge – in order Picademy where full application details can be found along
with a short video introducing the Picademy training.
to complete their Picademy training they were asked
38 www.linuxvoice.com
� PICADEMY FEATURE
Interview: Carrie Anne Philbin
During Picademy Linux Voice had the chance to talk to Carrie Anne Philbin, the lead
for CPD training in the Raspberry Pi Foundation.
Hi Carrie Anne, thanks for talking platform for teachers to talk. They have also
to us. What is Picademy all about? developed CAS Master Teachers in order to
Carrie Ann Philbin: The Raspberry Pi train other teachers and share their best
Academy for Teachers, or Picademy, is a classroom practice.
continued professional development
programme for any practising teacher So how is Picademy different to
around the world, from any subject traditional CPD?
specialism. The two-day course leads to CAP: What we are doing at Raspberry Pi is
certification as attendees become different in that we are not training teachers
Raspberry Pi Certified Educators and join an to teach the new curriculum, but instead to
online community to share knowledge and see computing as cross curricular and a
good practice. The course is completely free subject that underpins many others like
to attend and takes place at our Music, Art, Science, and Design Technology.
headquarters in Cambridge, UK. Every Only 44.9% of secondary school ICT
cohort includes a mix of primary and teachers have a post A-level qualification ‘on the road’ event at the Sony factory in
secondary school teachers in equal relevant to ICT and the overwhelming Pencoed where Raspberry Pis are
measures, as well as experienced majority of primary school teachers do not manufactured. It’s not out of the realms of
computing teachers and those new to the have a computing background. A recent possibility that we might visit other places in
subject, to share ideas. survey found that 60% of teachers did not the UK and across the globe moving
feel confident delivering the new curriculum. forward, but let’s see how Wales goes first!
There are many different providers So far, the government has provided £3.5 There is something special about coming to
for CPD but not many that million for CPD, which is equivalent to £175 Pi Towers for two days that I don’t want to
specialise in the Raspberry Pi. How did per school. By comparison, Jersey is lose from Picademy.
the idea for Picademy come about? investing around £5,750 per school to make
CAP: With the introduction of the new a similar step change to computing. The What has been the response to
computing curriculum in England and with sum also compares poorly to recent Picademy from the Pi community?
many of the Google Raspberry Pis being provision for CPD for teachers in maths, CAP: The community has been hugely
distributed to schools through the Hour of physics and global issues. supportive. The MagPi magazine wrote an
Code Competition in 2013, we found that article about the CPD early on and offered us
Raspberry Pi was being used in more formal Education is an important part of free printed issues of their magazines for
learning settings than it had been previously. the Foundation’s mission. How can swag bags. The Pi Hut, Pimoroni, Cyntech
In January 2014 I attended BETT, the largest Picademy be expanded to take it to more and ModMyPi have all donated swag for the
educational technology show in the UK, with people across the United Kingdom, and teachers and the infamous prize box.
the education team and found that teachers possibly the world? Individuals like Les Pounder, Martin
were no longer asking “Why should I use CAP: That’s the million dollar question! We O’Hanlon, Sam Aaron, Alex Eames, Matthew
Raspberry Pi in my classroom?” but instead have a very small education team at the Manning, Alan O’Donohoe, James Hughes,
asking “When will you be running training foundation and have lots of projects going James Robinson and many more have
courses?” I returned to work determined to on that take up a lot of our time. We are very helped to support the event through
create a training programme for teachers lucky to have members of our community workshops, talks or videos.
that would be inspiring, fun, creative and like Sam Aaron, Martin O’Hanlon, James
worth every second. So Picademy was born. Hughes, Matthew Manning and Les Pounder If there were any changes that you
to give up their time to come and help us could make, what would they be?
Why is CPD so important for with Picademy currently. CAP: I’d like to be able to reach more
teachers and the future of our new I’m looking to create more documentation teachers who lack confidence right now or
computing education system? for our current RCEs (Raspberry Pi Certified who feel unsupported in their school. I’d like
CAP: The changes to the curriculum are Educators) so that they can train others in to show them that there is a great
often misrepresented by the media as a their area, perhaps with the support of their community out there ready, willing and able
“coding” curriculum, which has lead to local Raspberry Jam, to spread knowledge. to help them. I’d also like to see our RCEs
confusion and a lack of confidence from run more of their own training events in their
some teachers. There is also a skills gap for Is Picademy branching out and region, and sharing resources with us to
many teachers. The Computing At School heading on tour? publish on our website. But it is early days
organisation is doing a fantastic job in CAP: In January 2015 we are moving for Picademy having only just completed our
dispelling these myths and providing a Picademy to Wales, and having our first ever 5th event. There’s loads more to come.
www.linuxvoice.com 39
� FAQ ASM.JS
ASM.JS
Bringing near-native performance to cross-platform web apps.
BEN EVERARD Any JavaScript code that only uses this browsers support JavaScript out of the
subset can be said to use asm.js. box without the need for plugins. This
However, since it’s valid JavaScript, it means that you don’t need to ask users
ASM usually means assembly, will run on any JavaScript engine. As to download anything in order to
and .js usually means a there are JavaScript engines for almost access your site.
JavaScript library, but what on earth every computing platform built in the
are those two things doing together? past decade, compiling code to asm.js Why bother using a subset
The idea behind asm.js is to means it should be very cross-plaform. of JavaScript, when the full
remove everything from language is already supported on
JavaScript that doesn’t run quickly. The Wait a minute: compiling code multiple browsers on most modern
result is a very strict subset of to an intermediate language so operating systems?
JavaScript that isn’t as nice to program it can run on web browsers… this The advantage of limiting the
in, but does run much faster. sounds a lot like Java! Do we really available options is speed. Using
Although asm.js is an interpreted need another option for this? Firefox (which is the browser that
language that you could program in, There is a certain similarity in handles asm.js best), the JavaScript
programmers will usually write code in the concepts behind Java and engine is able to detect when a
another language, and then compile asm.js. However, they’re solutions particular script is written in asm.js, and
that language to asm.js. In other words, designed for different ages. Java will optimise itself accordingly. This
asm.js is designed to be a little like applets are placed on a page and given gives it the advantage of running
assembly language, but it’s actually a certain area that they are allowed to everywhere (because it is a subset of
JavaScript. interact with. In other words, they were JavaScript), yet being able to run very
a single item on a larger page. This quickly when the JavaScript engine
So it’s just another means that, while they have some uses, supports it.
JavaScript engine? they have never really been suitable for
No. In essence, asm.js isn’t full-on web apps. So it already works
anything other than a JavaScript (and by extension asm.js) everywhere? Does that mean I
specification of a subset of JavaScript. can interact with the entire web page. It don’t need to change my browser?
can add, remove and manipulate items It’s not essential, but like we said
in the HTML in an almost endless before, Firefox optimises itself
“The idea of asm.js is to series of ways. In other words,
JavaScript can be used to control the
when it detects asm.js code. This
means that it will run much faster on
minimise performance entire web page. This makes it a much recent versions of Firefox than it will on
concerns as much as possible.” better option for modern web apps.
What’s more, almost all modern web
other browsers. Obviously, speed isn’t
always essential, but when it is, you’re
40 www.linuxvoice.com
� ASM.JS FAQ
better off using Firefox for asm.js web
apps. Chrome, after a slow start, is
catching up. Other browsers are likely
to perform worse at the moment, but
may well see improvements in time.
You mentioned earlier that
programmers write in other
languages, and then compile to
JavaScript. What languages can you
program asm.js in?
So far, most of the work has
focused on C and C++. The
support for both of these is provided
through the Emscripten source-to-
source compiler. Since a large
proportion of computer games are If something as computationally intense as an FPS game can run in asm.js, then most
written in these languages, ams.js has other software should have no problem.
been used to port games to the web
(using WebGL for graphics). Perhaps devices, but on the other hand, there are This all sounds wonderful.
the most famous asm.js project is the privacy and security concerns, and How can I compile my C and
port of the Unity games engine (for performance can be a problem. The C++ programs to asm.js?
example, Dead Trigger 2 – http://beta. idea of asm.js is to minimise the Software can be compiled to asm.js
unity3d.com/jonas/DT2 and AngryBots performance concerns as much as using Emscripten. Use this in exactly the
– http://beta.unity3d.com/jonas/ possible. In fact, benchmarks show that same way you would any other
AngryBots). code compiled to asm.js can run at compiler. Asm.js is used when you set
However, support for other languages about twice the speed of the same the optimisation flag to -01 or higher.
is coming. Python has some support code compiled natively. This might This can output pure JavaScript or an
(via pypy.js), and the Lua VM can be sound like quite a big slowdown, but it HTML file that includes the JavaScript.
built through Emscripten, but neither of doesn’t mean that programs will run at See the tutorial at http://kripken.
these are really at the level of the C and half the speed, because only a small github.io/emscripten-site/docs/
C++ versions yet. proportion of most software is actually getting_started/Tutorial.html for a
waiting for a bit of code to run. Most of useful look at how to get started.
Why not just skip this step and the time the computer’s waiting for user
write in JavaScript? input, or for some data to be retrieved What about stuff that
There are a few reasons! There’s from the disk, or (in the case of games) JavaScript in the browser just
obviously a lot of legacy code a 3D scene to render on the graphics can’t do, like access the filesystem,
that exists already in C and C++, so why card. This means that plenty of and link to libraries.
bother re-writing it in JavaScript if you software will appear to run at the same There’s no way that asm.js can
can just compile it? You might want a speed when using asm.js as when access the filesystem of a
single codebase that can compile to compiled to native code. This doesn’t machine when running on a website –
both native and browser. Also, compiled change the trade-off between access JavaScript is deliberately kept separate
asm.js code tends to be quite a bit on multiple devices and security, which from the machine it’s running on for
faster than hand-writen JavaScript will be highly dependent on the security reasons. However, asm.js
because it takes advantage of a whole application and who’s hosting it. programs can access a virtual file
host of optimisations. We should also point out here that system. This enables the developer to
although JavaScript is usually used for use the same C and C++ code that
It looks to me a little like most web apps, you don’t have to use it this accesses files, but at the same time,
of the advantages of asm.js way. There’s nothing to stop you using still protect the host machine from any
happen when you take something asm.js to create software that doesn’t malicious asm.js code.
that is normally a native app and rely on the network, and just uses the Libraries are another matter. By
convert it into a web app. Isn’t this a JavaScript engine to provide portability. default, asm.js includes libc, libc++ and
bad idea? I mean, wouldn’t it be If asm.js takes off, we’re likely to see SDL. If you want to work with other
better just to compile the C or C++ more and more software doing this. In libraries, you could try compiling those
to native code? fact, it’s already possible to compile libraries to asm.js, or re-implementing
Whether or not it’s a good idea some Qt software to asm.js. There are the features you need. There’s some
depends on many things, but some examples at http://vps2. more details on this on the Emscripten
basically it’s always a trade-off. Putting etotheipiplusone.com:30176/ FAQ: http://kripken.github.io/
software in web apps can make them redmine/projects/emscripten-qt/wiki/ emscripten-site/docs/getting_started/
easier to access across a range of Demos. FAQ.html
www.linuxvoice.com 41
� INTERVIEW BRIAN BEHLENDORF
BRIAN
BEHLENDORF
Graham Morrison geeks out about synthesizers with a kindred spirit, then
remembers to ask some questions about free software.
W
hat do the Apache web founder of Collabnet, the company and helped the Department of Health
server, the EFF, Mozilla, the responsible for Subversion. He’s been and Human Services develop open
World Economic Forum on the board at the Mozilla Foundation source solutions for electronic health
and Obama’s 2008 campaign have for over a decade, and joined the board records. He’s served as CTO to the
in common? The answer is Brian at the Electronic Freedom Foundation World Economic Forum, he’s an
Behlendorf. He is one of the founding in February 2013. He was a technology entrepreneur, a fan of electronic music,
developers of httpd. He was the co- advisor to the 2008 Obama campaign, and a true open source polymath.
Larry Page said Google could together a contractual network for But where does the trust come
save a 100,000 lives with sharing data that binds the participants into de-anonymisation?
access to big data, but is Google the into covenants with the end user. When BB: We shouldn’t pretend that you can
right company to do this data you give data to a member of the take data about somebody’s very
mining? Can you see a way of doing Respect Network, you can grant them intimate details, like places they’re been,
this that respects people privacy, the right to share that with other groups especially transit data. There’s a study
while still saving 100,000 lives? that you talk to also within that network, that showed you can uniquely identify
Brian Behlendorf: I think what but you also have the ability to ask individuals by having just four data
disturbs people is not the sense of data them to remove that data, or to update points of their daily route.
being shared, but data being shared in it and have that update shared once
ways they either can’t quantify or can’t with the rest of the members. So it’s a Wow.
control. And control of data is an way of starting to claw back a little bit BB: When you think about it, the
awkward thing, because there’s no on the consumer side, an places that you work and the place that
physical law that allows me to take understanding of how that data you live, how many other people take
away something you know about me, propagates. And then you can’t share it the same route to work within a couple
nor should there be. Because you have outside of the Respect Network, right. of hundred feet to a couple of hundred
as much right to data you’ve collected That contractual relationship stops feet? It’s probably a very small number.
about me in a mutual transaction. someone from being able to do things If you gave me, here’s anonymised
When it comes your rights to sharing nefariously with your data, like share transit data showing every trip inside
that data with others, that’s where I your credit card information with your London, I’d probably be able to go from
think we can talk about appropriate health insurance provider so they know here and here, who are the two people
rules or not. And so finding ways to about all those trips to McDonalds. that live here, and then with one or two
actually get their consent, to share that more points, discretely just get it down.
kind of data or make people active <laughter/> So that’s scary, right?
participants in understanding where BB: That actually happens! It’s
they can feed that… not a hypothetical thing. We’re right to be worried about
it being in the wrong hands.
It’s trust, isn’t it? Maybe we’re too cynical, but BB: We’re right to be cynical or question
BB: It is, certainly. There’s a that’s the kind of thing we anyone who says “don’t worry, we
project out there called the Respect worry about. Even in anonymised anonymise it first before we hand it on”.
Network, which is a coalition of a bunch data, there’s still a shadow of At the same time, I do absolutely agree
of different companies (I think yourself, and of the population. that better data informatics can lead to
Swisscom is a part of this and a whole BB: De-anonymisation is getting better better health outcomes. But I think that
bunch of startups), to basically put and better all the time. only works if you’ve got the active
42 www.linuxvoice.com
� BRIAN BEHLENDORF INTERVIEW
“I’m constantly looking for folks doing
interesting things who we could help put
thruster rockets on and go into orbit with.”
participation of the end users and they When we see that a friend told us about people’s lives and we could do that
understand what they’re doing. I think a disease they had, if you search on right now?
this is what drove a lot of people Google and suddenly you’re seeing ads BB: I think we’re going to find upper
nuclear with the Facebook timeline for creams and lotions on other limits to what it means to be human.
thing, is the sense that there was no websites. Maybe it doesn’t happen with We could get so precise with the data
consent around that, no awareness of Google, maybe it’s other places, they’re that we could tell you that for every
it. Even if we know that our timeline kind of re-targeting in that kind of data Oreo that you eat, statistically speaking,
gets played with, OK I can understand utopia. What could happen with that? that’s six minutes off your life. You
being played with to click on an ad, I’d I think that’s going to drive a demand could even come up with a wristband
be more likely to click on something, for different technologies. In the same that would monitor everything you do
but played with to be more depressed way that Apple stepped in at two and go ‘You’re going to walk out in this
or happier about the world around me, different times, once in the 80s and sun? Well that increases your risk of
that’s pretty F’d up. once 10 years ago, and said there’s a getting skin cancer and that’s another
need for better design when it comes to 10 minutes off your life’.
Or sicker or healthier… how we use computers, I think there’s And pretty soon, if you have that
BB: Right. So I think we have a an opportunity for another company to perfect picture, insurance is no longer
few more iterations of this where we step in and say we’re going to provide about creating a pool of roughly equal
are going to discover I think what ways technology that addresses this gap, this people to help balance out the
to quantify that deeper need we have. thing that’s in the zeitgeist that the extremes, instead it becomes about
existing leaders are saying no-one prepaying for medical expenses. And
cares about, which is the desired form that’s the danger here, is that it’s not
“What disturbs people is data of trustworthy technology. necessarily in the individual’s interest to
preserve their life at all costs.
being shared in ways that they Surely the most important
can’t quantify or can’t control.” thing is implementing the
system that could save 100,000
As a society, we can’t afford to
go down that route.
www.linuxvoice.com 43
� INTERVIEW BRIAN BEHLENDORF
BB: There’s so much more basic Can you tell us about your role issues, we try to shift legislation here
information needed that it’s almost not on the board of the EFF, and there, and make people understand
even worth thinking about right now. Mozilla and Benetech? when there’s a vote going up on an
Like, the challenges people have just BB: Sure. They’re three non-profits that issue they care about. A lot of it though
getting their medical histories are pretty different in terms of how they is also education, helping people
transported from one place to another go about implementing change in the understand what these issues are, or
to another, especially people with world. It’s largely about oversight, helping train journalists and people
chronic issues [such as] diabetes. I direction-setting and trying to bring in fighting for different particular points of
mean imagine, it would be so much other individuals with interesting view in different countries. Like,
better if you could create consistent, viewpoints. But trying to understand explaining to them what the laws are in
high-quality, longitudinal data pictures. what’s at the core of these three – as these areas or what are the tools you
well as making sure that we tackle can use to communicate securely as
Google’s got the data. issues like a CEO not working out or well. So it’s a pretty diverse
BB: Once they have those contact should we shift the mission to tackle organisation, the EFF.
lenses, they may have perfect data. But that – that’s what we do. Mozilla is very different. Mozilla’s
I think we should help individuals with The EFF’s background is as an
managing their health stream
information, and through that, helping
activist organisation. They just did a
major release of something called
“The fight for the open web
everything else. When I was at the Privacy Badger, which is for blocking used to mean fighting for
Department of Health and Human
Services, there was this recurring
cookies and things like that. It has seen
a major expansion in the public
HTML 5, JavaScript and CSS.”
theme, which not everyone was a fan attention being focused on the EFF
of, but it was individuals at the centre of because of the Snowden leaks. And main thrust is the fight for the open
their health information exchange, and there’s recognition that things feel web, and they do it by building
there had been very few attempts at broken in a space at a much deeper consumer products that people love.
doing a really good personal health level than just policy. That it’s And we’ve had challenges as you would
record system. [Microsoft’s] HealthVault something about how we relate to expect any 14–15 year-old-organisation
has probably been the best funded of governments and other organisations to have. The organisation is about 11
them, Google gave up on it with Google with the privacy of our data and the years old, but the project started even
Health; now it looks like they might get systems that we use. Part of the feeling four years before that in ’98 as the
back into it, them and Apple, with this is in tools, but part of it might also be in open sourcing of the Netscape browser.
health metrics thing. But I think those the way we relate to these There’s now about 750 people working
will eventually come back around to organisations and the liberties we’ve for Mozilla. We have one major revenue
helping the people who are trying to allowed organisations like the NSA to stream, and we’re looking for others.
maintain their health, a mix of the take. And so in addition to writing
exercise, doctors’ reports and labs and software, we sue the government. We By ‘one major revenue stream’,
that sort of thing. rally public attention around certain key do you mean Google?
Brian Behlendorf is potential
father of the term ‘Intelligent
Dance Music’ as he ran the
famous early 90s mailing list.
44 www.linuxvoice.com
� BRIAN BEHLENDORF INTERVIEW
BB: Well it’s not even that it’s just one
vendor, it’s that we’re dependent on one
particular way of doing things. I have to
be clear here, I’m on the board of the
foundation, the foundation owns the
corporation, the corporation is the one
that builds the products and gets them
out. The foundation licenses the
trademark to the corporation, so it
brings some money in that way, and we
have some other investments and
things. So the foundation does a lot of
public benefit kinds of projects; the
Webmaker project, Popcorn, that sort of
thing, and fund a lot of open web,
education projects. The corporation is
the one that builds the product and we
have to maintain this distinction
because the [tax authorities in the USA]
look very differently at non-profits and
for-profits. So I can’t tell the corporation
what to build, but we can talk about this
fight for the open web. It used to mean
fighting for HTML 5, JavaScript and “Enterprises are spending a lot of money
CSS, and we won that war. We were not on cyber security mitigation but no-one’s
only a faster browser, we’ve shown the talking about cyber security insurance.”
world that these technologies are a
better way to build web apps and
websites, and why building a site for These are all things that are But thinking about fighting for the
one browser or the other is lame. becoming core parts of the operating open web, it’s funny how the Snowden
And then the world took a system. So the web standards needed stuff comes up again. It’s almost like
tremendous step backwards and got to be updated to be able to do things the battleground has shifted to talking
app crazy. We as technologists out like trigger the camera on your device to about helping people and how their
there wondered why would you want to take a photo, which wasn’t in HTML communications can be secured, and
build platform-specific apps when you before, so rightfully that’s one thing that not entrenched with any one vendor.
have the web, and what we kind of got apps had on us, so we had to come up
schooled on by Apple and others was with standards for that. But then we And you could argue that’s
this idea of local applications that could needed to look at not just getting Firefox something you’ve done your
deal with local data that could deal in to run on Android or getting it to run on whole career.
disconnected environments, that one iPhone, which Apple wouldn’t let us do BB: It’s a fight that I’ve helped with at
could procure in an app store and pay because it’s a closed platform. different times and I’m still very happy
real money for, generating a revenue to be working on that at Mozilla. And at
stream for people, was interesting. It’s a great app on Android. Mithril too, hopefully. I mean, if a
BB: So on Android we’re able to company comes along that is able to
Apple stumbled on that idea do it, but even there it’s not enough. be an interesting part of this fight, that’d
though. Their original idea on Even there it’s clear that we need to be be a huge thing. The opportunity here is
the iPhone was to have web apps. so much more deeply integrated with really big for companies, and let me be
BB: It’s funny how, for many of us, our the rest of what people expect from plural about that, to step in and look at
biggest money makers come from their phones. So that was the genesis providing an extra layer of security or an
happy accidents. But they took a step of boot to Gecko and now Firefox OS. extra guarantee, or maybe even
back, and now we do have platforms (Firefox OS phones are now available capturing this moment in the zeitgeist,
like Apache Cordova, which allow for for sale in 15 different countries, by the where there is an unfulfilled demand by
some degree of portable development. way). The majority of R&D software consumers, sometimes even not
But I think what really became clear, development effort at the corporation is expressed directly by consumers, to
even five years ago, was the sense that now focused on Firefox OS and making understand how to trust technology.
the fight for the open web was no that work, on mobile in general I’d say, Even enterprises have this challenge
longer about a browser and about the but Firefox OS is a huge part of that. It’s too. So I’m constantly out there looking
presentation language, it was also a huge deal for us and I think it’s not for folks doing interesting things here
about payments and also about where just phones, it’ll be tablets and other who we could help put thruster rockets
you store your metadata. things you’ll see. on and go to orbit with.
www.linuxvoice.com 45
�BUY MUGS AND T-SHIRTS!
shop.linuxvoice.com
� INTRO REVIEWS
REVIEWS
The latest software and hardware for your Linux box, reviewed
and rated by the most experienced writers in the business
On test this issue...
48 50
Andrew Gregory
An internet of things toaster would be just the
ticket, says our hungry deputy editor.
S
oftware freedom is important;
we know that. But to most Entroware Proteus The Tor Browser
people that’s only an abstract Mike Saunders wants decent battery life, Our friends in Cheltenham don’t have a
statement. Yes, we can study, modify a 13-inch screen and a nice keyboard. Oh, clue what Ben Everard is viewing now
and share the source code to Emacs or and Linux pre-installed would also be nice. he’s using the Tor Browser. Well here’s
GCC, but as far as most people are That’s why he liked this laptop so much. the secret – it’s Ed Sheeran videos.
concerned these may be hieroglyphics.
Who cares? That stuff is for weirdos.
When the internet of things arrives 51 52 53
though, all this will change. If your door
lock or central heating software
upgrades to a new version and breaks,
all hell will break loose. If there’s an
iOS-style built in obsolescence that
means your central heating will only get
security updates if you buy new
Digikam 4.5.0 Mastering Vim Firefox DE
radiators, there’s going to be a Our senior vice president in Vim user Graham Morrison Fresh from writing an
breakdown in how the world works. charge of taking pictures didn’t even know how little addon for Firefox on page
Graham Morrison examines he knew until this 100, Ben Everard needs a
Free is cheaper Linux’s leading photo instructional video version of the popular
The main reason an internet-of-things album. Better than Kalbum! expanded his powers. browser for developers.
company should use it is price. If you
can make the source code open you
cut your maintenance costs at a BOOKS AND GROUP TEST
stroke, while at the same time reducing
Many people spend most of their time at a computer
your liability if your smart car decides to
staring straight into the web browser – whether
drive you into a concrete pillar that isn’t that’s Twitter, web mail, Facebook or the latest
in its sat nav. If closed software does Ed Sheeran videos on YouTube. So it makes sense to
that, there’s an obvious chain of liability, pick the right tool for the job. You can probably
if free software had the same bug, it guess the two leading contenders, but there’s
something for everyone, and each application we
would have been fixed last week.
tested has something unique going for it. Meanwhile
Consumers expect their computers to in books, there’s the usual mix of subjects –
be rubbish; when software gets to the including Data Science for Business, which makes us
real world, they’ll demand a lot more. wish that we’d stuck with that maths A-level.
andrew@linuxvoice.com
www.linuxvoice.com 47
� REVIEWS LINUX LAPTOP
Entroware Proteus
A new-ish company sources ideas from the web to make this Linux-bundled laptop.
Mike Saunders checks it out.
L
inux and laptops don’t always make for the
DATA happiest of bedfellows. Custom hardware,
Web
coupled with the reluctance of manufacturers
www.entroware.com to share driver information, means that Linux support
Manufacturer ranges from pretty good (for example, on older
Entroware/Clevo Thinkpads) to utterly terrible. If you’re running Linux on
Price your laptop, you’ve probably encountered some kind
From £649 (for below
specs: £754)
of issue, whether it’s to do with battery life, suspend/
hibernate or the webcam. A few machines work
perfectly – but they’re rare.
So when Entroware arrived on the scene as a
SPECIFICATIONS
vendor selling PCs and laptops with Linux pre-
CPU Intel i5-4210M @ installed, we were naturally curious. And doubly so,
2.60GHz because the small UK-based company didn’t just
RAM 8GB DDR3
throw out some generic machines and try to grab
1600 MHz
Storage 120GB Samsung cash from desperate Linux users, but actually went
840 EVO SSD out to the community to ask what people wanted.
Graphics Nvidia Entroware asked /r/linux on Reddit: What would you
GeForce GTX 860M like to see from Linux computer retailers? There were
Display 13.3-inch Matte
almost 200 responses, and Entroware has taken them This image shows the US keyboard layout; the UK model
IPS LED, 1920x1080
Webcam 2.0MP into account with its new flagship laptop, the Proteus. has satisfyingly large Enter and Backspace keys.
Battery 5600 mAh, We were lent a review unit for a couple of weeks,
62.16Wh so have spent quite a bit of time with it. It’s a boxy, review unit was supplied with Windows logo keys,
Size (MM): 32H x 330W angular machine, with black plastic on the underside, but Entroware aims to change those.) The keyboard
x 228D
silvery plastic around the keyboard, and a slightly is backlit, the keys themselves have a decent amount
Weight 2.04kg
rubberised black top. The machine’s original design of travel, and there’s barely any flex behind them – it
manufacturer is Clevo (model W230SS), and it’s sold feels very well made. The screen exhibits a little more
by resellers in some markets as a gaming laptop. flexing under pressure, but not to any scary degree.
We love the keyboard. It’s a chiclet design, quiet But here we come to our first minor gripe: the
and with chunky Enter and Backspace keys. (Our trackpad. It’s not bad, but it’s just small. Sure, this
The origins of Entroware
We caught up with Anthony Pich, co-founder of Entroware, to find out how his
company came into being and what challenges it faces.
We caught up with Anthony Pich, co- were Linux compatible out of the box, we research and testing, we like to involve the
founder of Entroware, to find out how his found that the UK’s offerings were whole team. We will be taking on more staff
company came into being and what expensive and not customisable. Even in the coming weeks to coincide with the
challenges it faces. manufacturers overseas seem to be price launch of EU shipping.
gouging, so we decided to source the parts
How did Entroware get started? ourselves. What’s the biggest challenge in
Anthony Pich: The idea to start the selling Linux-compatible laptops?
company was made after I bought a new How many people work there, and AP: Our biggest challenges so far have
laptop preloaded with Windows. After what do you do? stemmed from hardware compatibility.
immediately formatting it and installing AP: As we are still very much in our infancy, With each product launch, we thoroughly
Ubuntu, due to poor hardware support, I we have two highly trained employees, research and stress test every individual
had to mess around with drivers and whose responsibilities vary from component. This includes graphics cards
configuration files with most updates. manufacturing and quality control to and SSDs to less obvious components
When we looked at buying machines that marketing and accounting. For hardware such as Bluetooth and card readers.
48 www.linuxvoice.com
� LINUX LAPTOP REVIEWS
is only a 13–inch laptop, but we’ve seen bigger on
other similarly sized machines, and when you’ve tried
the giant football-field-esque trackpads on Apple’s
laptops, it’s hard to go back.
You’re hot then you’re cold
The front of the machine contains power/activity
LEDs and SD card slot, while the right provides access
to three USB 3.0 ports, HDMI, VGA, Ethernet, power
and a Kensington lock. On the left is an extra USB 2
port, headphone and mic ports, and a grille for the fan.
And this is the second of our gripes: the fan
positioning. The cooling system sucks in air from
underneath the laptop, and blows it out of the The top has a slightly
left-hand side. This means you always need to use it rubberised feel, which looks
on a flat surface (so not directly on your lap or a bed, great but needs the occasional
in case you block the vent underneath). And if you’re a wipe to remove fingerprints.
left-hander, with a mouse plugged in, you’ll feel a
steady stream of warm air on your hand.
On the upside, the machine stayed cool in our slot, and even the heatsink and fan. As Linux users we
testing, even when stressing both CPU cores with like to tinker with things, so we don’t want sealed-up,
maximum load, and the fans weren’t especially noisy locked-down machines that can’t be opened without
unless at absolute peak. Most importantly, the fans all sorts of hassle (cough, Apple). So plus points for
are barely audible when playing HD video – so you Entroware here.
can enjoy movies without being distracted. The laptop is bundled with Ubuntu 14.10; that’s
Onto the screen: it’s a 13.3-inch IPS LED panel with the OS that Entroware officially supports, but the
1920x1080 resolution. (An ultra high-res 3200x1800 company told us that it will try to assist users if
display is available for an extra £50, but as HiDPI they have problems on a different distro. Even if
support on Linux is a mixed bag right now, we you don’t want to run Ubuntu, at least you know
wouldn’t recommend it unless you absolutely need it.) that the hardware
The contrast and horizontal viewing angles are good, has been checked for
although we noticed a tiny amount of light bleed from Linux compatibility “The Proteus packs plenty of
the bottom of the display when showing a full black
screen – it’s not annoying though.
and everything should
work, given the right power for the price, is well built
Performance will depend on the chip you choose configuration. and has a lovely keyboard.”
when configuring the machine: the £649 unit is In all, the Proteus is a
equipped with a dual-core Intel i3 at 2.5GHz, but you good all-round portable
can ramp it up to a quad-core i7 at 2.5GHz for an workstation. It packs plenty of power for the price –
extra £95, or go full whack for a 2.9-GHz i7 for an extra especially if you bump it up to 8GB of RAM and add
£374. Similarly, the base unit is supplied with 4GB of an SSD – and it’s also well built with a lovely keyboard.
RAM, but you can bump it up to 8GB for £30 or 16GB The dinky trackpad and underside fan vent fan are
for £90. All models ship with Nvidia GeForce GTX slight downers, but they won’t be an problem for
860M graphics with 2GB RAM. everyone. And even if those issues are making you
But what’s the battery life like? On our Core i5 review think twice, there’s still the matter of supporting Linux-
machine, with middle-level screen brightness and friendly companies.
low keyboard backlight, we did some web browsing, Would you rather buy a laptop with a slightly better
played half an hour of Minecraft, and had an internet cooling layout from a giant faceless company that
radio station running all the time (Flash, using around doesn’t give a hoot about Linux, and that forces you
7% CPU). With this setup we eked out just over four to pay the Windows tax? Or would you rather support
hours from the battery. If you’re doing light browsing a new Linux-focused company that’s easy to talk to?
and typing work, you can expect to get over five hours. We’d say the latter makes more sense.
Suspend worked out of the box, taking five seconds to
suspend and the same amount of time to resume.
LINUX VOICE VERDICT
A solid workhorse with decent specs
Upgrade-friendly and battery life, and a smashing
Excellently, the Proteus is easy to upgrade and keyboard, from an accessible, Linux-
maintain: just remove four cross-head screws from friendly company. A good purchase.
the panel on the underside of the machine, and you
get access to the hard drive, RAM slots, Wi-Fi card
www.linuxvoice.com 49
� REVIEWS BROWSER
Tor Browser 4.0.1
Now Theresa May can’t discover Ben Everard’s rampant online
cat-video viewing habits. Your move, GCHQ.
T
he Tor Browser was originally funded by the US
DATA State Department as a way for non-technical
Web
people living in countries with few internet
www.torproject.org freedoms to access their online material, such as the
Developer Voice of America news site. The goal was simple: take
The Tor Project the best censorship-resisting online anonymity
Price software and democratise it so that it becomes
Free under various free
software licences
accessible to everyone, not just geeks. That was nine
years and four version numbers ago. Few people at
the time realised just how popular it would become.
The Tor Browser comes as a Zip file that contains
the executable. You just extract it and run. It will
automatically connect to the Tor network, and start The new transports dramatically increase the difficulty for
Firefox (now version 31 ESR). Firefox is customised to anyone trying to stopping people accessing Tor.
improve security. It defaults to the StartPage privacy-
protecting search engine, and includes the NoScript to see what data is being sent (which could well be
addon. By default, the NoScript settings are quite lax, used to identify who’s sending it).
so you may want to investigate these if you’re worried The challenges faced by the Tor Browser today
about attacks on your anonymity. are very different from when it launched. Originally, it
In future versions, Tor Browser will have a security was a way to access content that was blocked; now
slider that will enable you to easily change the security the actual Tor network itself is blocked in some
vs convenience settings (such as NoScript). There’s countries. This has meant that the Tor developers
a beta version of Tor Browser 4.5 available now that have had to find ways to access the network even
includes this, but it’s not yet considered stable. when all the IP addresses of computers on the
network are blocked.
Problems change Rather than try to come up with a single solution to
The Free Software Foundation’s HTTPS Everywhere this, Tor uses plugable transport modules. These are
addon is also installed. This forces the browser to use methods of obfuscating the Tor communication so it’s
HTTPS whenever it’s available even when following harder to block. The more pluggable transports there
links that point to the non-SSL version of the page. are, the more challenges for anyone trying to prevent
So, for example, if you enter www.wikipedia.org into people connecting to the network. These transports
a normal version of Firefox, you’ll go to the non- have been around for a while, but Tor Browser 4 both
secure site, whereas if you enter it in the Tor Browser, makes them easier to use, and introduces some
When the Tor Browser
starts, it will verify that Tor you’ll go to the SSL-secured version of the site. This powerful options. The Meek pluggable transport (new
is working properly. If you is important because even through the Tor Browser in the Tor Browser 4) is believed to work out-of-the
don’t see this page, then stops people being able to link who you are to what box in China, one of the countries that has had most
there’s a problem you’re browsing, unless you use SSL, it’s still possible success in blocking access to Tor. This transport
diverts traffic through popular content delivery
networks (CDNs) which means that if a government
wants to block Meek, they have to block every site that
uses these CDNs, and that includes a large proportion
of the web. The idea is to make the level of collateral
damage of blocking Tor too high for it to be feasible.
Regardless of whether you’re trying to
bypass censorship, or keep your private internet
communication private, the Tor Browser Bundle should
find a place in your network toolkit.
LINUX VOICE VERDICT
Preventing snooping and bypassing
censorship has never been easier.
50 www.linuxvoice.com
� DIGIKAM 4.5.0 REVIEWS
Digikam 4.5.0
Once a rival developer [of Kalbum, if you’re interested], Graham Morrison
imports the LV photo collection into the latest release.
P
hotos are becoming like dust. They gather and
accumulate without anyone noticing. Over the
course of a year, a collection can become
unmanageable and often best left forgotten. Unless,
that is, you lose some. Which is why applications that
make your collection easy to store, easy to process
and easy to share are more important now than ever
before. And as social networks continue to dominate,
the austerity of a desktop application makes a
refreshing change, even when the export options let
you share your creations as instantly as a Polaroid.
Digikam has been around for a long time. It predates
iPhoto and Flickr. But it has also moved with the
times and it’s currently moving very quickly. Version
4 was released last May, and this major update
follows exactly six months later. For the first time
with Digikam, we had enough confidence to attempt
importing RAW files directly from the Linux Voice
We prefer a darker theme
Canon 600D. This worked excellently. The preview duplicate image recognition using fingerprints, face
when working with photos,
window appeared quickly and drew thumbnails within detection, location mapping, over- and under-exposure and like Krita, Digikam lets
a few moments. It’s a pity these aren’t pre-cached for marking and a great side-by-side light table view. you change colours on
the files out of view, but we like the way you can click Unlike many photo management apps, there’s also a the fly.
on a single image and skip through larger previews. brilliant image editor that lets you do far more than
The use of a Marble map view before importing tinker with colour balance and contrast, although we
images is also novel, but we’d like the ability to add do miss the exposure, noise reduction, white/black DATA
keywords to images before import. adjustments and lens profiles of AfterShot Pro (a
commercial alternative). The user is expected to Web
www.digikam.org
Lazer Tag out-source these functions to an image developer
Developer
Tags, colours, ratings and captions can be added applications, but Digikam already does so much, we’d KDE
when you get to the main application window, and it’s love to see them integrated into Digikam. There are 39 Licence
these facilities that make management so plugins, for example – we used Exoblend to create GPLv2
straightforward. The main view is centred around pseudo HDR images – so Digikam is already way
another thumbnail view and two strips of panels that more than a management tool.
can be opened and closed to its left and right. These There’s been lots of bug fixing since the 4.0.0
panels hide Digikam’s powerhouse of features, from release, and we didn’t experience any stability
problems with 4.5.0. The user interface suffers from
over functionality, in the KDE sense, because there
are too many windows, panels and options. And
despite our having used Digikam on and off for
almost 10 years, we still couldn’t find a good way
of seeing what each release brings. The link to
bugs.kde.org doesn’t help. But this is still a wonderful
application. Remarkably powerful, flexible and capable
of managing very complex collection. It could just do
with a little pruning and rationalisation in its imminent
transition to KDE 5.
LINUX VOICE VERDICT
One of the best photo management
applications for Linux, and even
(shhh)… Windows.
If you include the plugins, there are probably more filters,
effects and editing options in Digikam than Gimp.
www.linuxvoice.com 51
� REVIEWS VIM
Damian Conway’s Mastering Vim
After many years knowing only ‘i’ and ‘:wq’ in Vim,
Graham Morrison feels it’s time to get some video learning.
D
amian Conway is a natural teacher. Actually,
DATA that’s not true. We know he appears natural
Web
and relaxed and full of fragile wisdom. But this
http://shop.oreilly.com doesn’t come naturally. It’s the result of hard work. His
Developer 30-minute keynote presentation at QCon took over
O’Reilly/Damian Conway 100 hours of preparation. Likewise, we can’t even
Licence begin to guess how long Mastering Vim, a video of
Proprietary
three hours and 25 minutes, took to produce. We’re
tempted to say decades, as we’ve seen his dexterity
with this humble text editor first hand. We’ve seen him
meld presentations with live code demos, hack away
at Perl and tell jokes, all with just a few chordal
keystrokes, all at the same time. If there was going to
be anyone to push us through the pain barrier of only
remembering three Vim commands, it was going to be Each chapter is organised and explained brilliantly, and
Damien Conway. there’s a downloadable file for the code, examples and
We’ve never tried ‘Video Training’ before, and we’re Vim configurations mentioned.
rather distrustful of leaving books and words behind,
especially with the costs involved. But we genuinely We stuck with streaming as it was more
like the idea of an expert trainer using their experience convenient. The video quality is on a par with Netflix,
to show us, personally, how to do cool stuff. You need albeit with a maximum resolution of 720p. The entire
an account at O’Reilly, and their training videos are course is split into 22 chapters with some variations
purchased just like anything else they sell. All your in duration, from just a few minutes up to closer to 20.
purchases, whether they’re ebooks, books or videos We watched the entire video over the course of about
are tied to your account, and you access the content six weeks. This is very much going to depend on your
from the ‘Your Products’ page of the web portal. experience level. In the third chapter, for example,
Damian recommends going through each key on the
Blockbuster video keyboard and trying to learn what their functions are,
The video interface has changed considerably over with and without Shift and with the Control keys! This
the last couple of months. It works in Firefox, but if you is a tough proposition for our limited brain capacity,
use Chrome you also get control over playback speed. but we set an hour aside and tried our best. We
This helps in some of the more complex moments. didn’t remember that many new keys straight away,
Brilliantly, you can choose to either stream or but forcing ourselves to concentrate made a huge
download the video, with the end format being m4a. difference and did help us get the most from the
We only downloaded the 3:34 minute introduction, remainder of the course.
which is around 30MB, so extrapolating that to the full The sub-heading for this video is ‘lesser known
duration, you should expect the entire video to take features for more effective editing’, and each
up around 2GB of storage. In common with O’Reilly’s chapter feels like a collection of Damian’s hard-won
ebooks policy, these files are completely free of DRM, productivity hacks, whether that’s post processing
and played back perfectly in VLC (H264 MPEG-4 video your search results or using code completion. This is
with MPEG AAC audio). a course crammed full of practical examples, some
live demos and lots of advice. It doesn’t touch on the
really advanced stuff, but we think it does more than
enough to pull the average Vim flirt into a more steady,
long term relationship, requiring neither the discipline
of a book, or huge amounts of coffee.
LINUX VOICE VERDICT
Beg your boss to take this from your
Being able to watch entertainment budget. It’s far cheaper
Damian put examples than an afternoon at the Celtic Manor.
into practice is another
advantage of video.
52 www.linuxvoice.com
� BROWSER REVIEWS
Firefox Developer Edition
Ben Everard gets a new web browser, but will it make him
a better web developer?
F
irefox is best known as a web browser, but it
also has an integrated set of development
tools. These have been in place to help web
developers see what’s going on on their pages. The
include tools to inspect particular elements,
understand styles, interact with the JavaScript and
more. In short, Firefox has become one of the most
powerful desktop development environments
available. All this power is included in the normal
desktop version of the browser under Tools > Web
Developer menu.
This is useful for anyone creating websites, but
now the same web technologies (HTML, CSS and
JavaScript) are being used in far more environments
The WebIDE controlling a
than just regular web pages. Thanks to Cordova and In fact, the WebIDE environment is one of these
FirefoxOS simulator is a
PhoneGap, many mobile apps are built in this way, advanced features. It is coming to mainline Firefox great for any developers
and Firefox OS is an entire ecosystem based around (though perhaps not installed by default), but FDE who haven’t been able
these technologies. Firefox Developer Edition (FDE) is includes the very latest build, and will continue to to get hold of the real
a new version of Firefox designed to make it easier be ahead of mainline Firefox even after it’s released. hardware.
for people developing on web technologies outside Additionally, FDE comes with a different theme than
of the browser to get the full advantage of the Firefox regular Firefox, which also gives easier access to
developer’s toolkit. the developer tools (for anyone who doesn’t use
DATA
Most of this is done through the WebIDE, which Ctrl+Shift+I to bring them up anyway). In reality, this
enables you to connect to mobile devices (and doesn’t add much though. Web
simulators), and control them from your desktop. This https://developer.
mozilla.org/en-US/
gives developers a unified interface for all classes of Developers: the ball’s in your court Firefox/Developer_
device, and even other browsers on other devices (for Overall, FDE definitely shows some promise. Firefox is Edition
example, you can control Chrome on Android through moving at a pace that can make it hard for developers Developer
Firefox on your desktop). to keep up. This gives a three-month head start on the Mozilla
There is a second area of advantage to Firefox main edition for anyone working on cutting-edge web Licence
MPL
Developer Edition: it includes features that haven’t yet software. The developers’ tools are also advancing,
made it to the main stable build of Firefox. In Mozilla so having the latest build can make your life easier.
parlance, FDE takes the place of Aurora, which is However, we’d be a little concerned about basing our
the stage before Beta. In simple terms, it will get development environment on software that’s not yet
features 12 weeks before they’re released in the main considered stable enough for general use.
version of Firefox. Whether or not this is a good thing Although there are certainly some developers
remains to be seen. After all, not everyone wants their who will appreciate FDE, it may appeal more to
development environment to include features not yet early adopters who like to always have the latest
considered fully stable. technology. In recent years, the performance of
JavaScript engines – particularly Firefox’s – have been
increasing rapidly. Although Firefox Developer Edition
isn’t designed specifically for speed, it does have more
recent optimisations. When we tested the latest FDE
against the latest stable version of Firefox, we found
the former to be about 10% faster on JavaScript
benchmarks.
LINUX VOICE VERDICT
New developer tools, but these come
with some concerns over stability.
The dark blue theme is, presumably, designed to make the
interface more leet, and make us developers stand out
from the crowd.
www.linuxvoice.com 53
� REVIEWS BOOKS
Data Science For Business
Ben Everard is now applying data-driven decision making to Linux Voice.
T
he information age, it seems, has the theory links up with real-world benefits to
given way to the data age. Whereas the business.
once the internet was seen as some The target reader is someone looking to
magic way of us getting information via arrange a data science approach in an
machines, it’s now increasingly becoming a organisation, not the person actually doing
way of businesses getting data on us via the implementation. That said, the book is
machines. This process of gathering and sufficiently broad and well written that it will
analysing vast quantities of data has sired be of interest to anyone interested in the area
an industry: data science. in general as long as they don’t expect a
Data Science for Business isn’t a handbook detailed guide to implementing the
for aspiring data scientists looking to break approaches.
into this industry (although it could fulfill that
role). Instead, it’s a book for people in
business wondering how they can make use
LINUX VOICE VERDICT
of data science in their decision making. It is, Author Foster Provost and Tom Fawcett
the authors claim, inspired by a course on Publisher O’Reilly
ISBN 987-1-449-36132-7
data science targeted at MBA students. Price £25.99
This gives away its level: it’s non-technical
Everything you need to know about data
from a programming perspective, but also science, except how to program it. The numbers don’t lie. Businesses that base
unafraid to get into the maths of the their decision-making on data science are more
problems. It’s also heavily focused on how productive than those that don’t.
Bulletproof SSL and TLS
In HTTPS we trust. But it wasn’t until now that Graham Morrison understood why.
S
SL isn’t that difficult to get up and We’re reviewing the digital edition, which is
running. But because it deals with available through the publisher’s portal as
some powerful magic and requires a PDF, EPUB and for Kindle with a single
very specific balance of ingredients, it can be purchase. There’s no DRM, but your name
both intimidating and easy to get wrong. And and email address are used as a watermark.
when you get it wrong, the consequences The PDF worked great on the desktop, and
can be catastrophic. Encryption and the we used the EPUB to catch up from a tablet.
subtle requirements of certificate exchange Since its release in September, the digital
are difficult subjects, and as the author of versions have been updated by the author,
this incredible book explains, it would take a which is another huge advantage with digital,
couple of your Earth years to really get your and he actually considers the title a ‘living
head around the subject. This is what he’s book’ that he wants to keep updating. As a
done on your behalf. result, this is an essential read, not just for
Despite its scary title (for us) and the sysadmins, but for anyone who puts their
subject matter, we found Bulletproof SSL and trust in HTTPS.
TLS incredibly accessible. Anyone reading
this magazine should feel at home with the
level and terminology, from its foundations LINUX VOICE VERDICT
describing network layers through to Author Ivan Ristić
eventual deployment. That’s not to say Publisher Feisty Duck Ltd
ISBN 978-1907117046
things don’t get technical in the end – they
Price (Ebook) £24 (Print + Ebook) £34
do, but SSL starts to make sense way before
An exhaustive and practical guide to an
then. In particular, we really liked the way the essential part of the internet. Over the last couple of months we’ve enabled
author goes into a lot of detail about how SSL on almost our entire web presence, with
SSL can be compromised. LinuxVoice.com being the last stop.
54 www.linuxvoice.com
� REVIEWS BOOKS
Beginning Drupal 7 ALSO RELEASED…
Ben Everard gets his monthly dose of web frameworks
B
eginning Drupal 7 is quite a modest
name. In fact, this book contains
easily enough information for a
beginner to create a site from scratch and
keep it running. Todd Tomlinson goes
Beginning
through everything you need to know in The second
Drupal 7’s
an orderly fashion. It’s well explained, and edition should
appendices take
there are plenty of pictures to guide you be out buy the
the user through
along the way. time you read
eCommerce, social
The book gives an extremely thorough this.
media and more.
introduction to Drupal 7; however, it is also Raspberry Pi for Dummies
a little unexciting. While no book we’ve ever short of greatness by not drawing the This is the second edition of a title that has
read on a web development framework reader into the subject. It relies on the proven very popular. Surprisingly, the varied
has been a real page-turner, Beginning reader having some external motivation and eclectic nature of the Pi makes it a good
fit for the ‘Dummies’ brand, which may entice
Drupal 7 does feel as though it’s lacking for reading.
complete beginners into trying something new.
sparkle. The examples are all very We’re looking forward to taking a look.
functional, and the prose is clean, but LINUX VOICE VERDICT
unremarkable. Some people will think this Author Todd Tomlinson
a good thing, but this reviewer is easily Publisher Apress
distracted when reading technical books ISBN 978-1-4302-2859-2
Price £39.49
and finds that a little character can make it
A good, if unexciting, introduction to the
easier to learn. Drupal web development framework.
Overall, Beginning Drupal 7 is a perfectly
good book for learning Drupal, but it falls
Put all your Lego
into a single box
Interactive Data Visualisation for the Web and get inventing.
Ben Everard is now busy drawing pretty pictures in JavaScript. Steampunk Lego
Forget the instructions and leave this lounging
D
on your coffee table. Soon, your living room
3 is one of the most powerful will be full of floating Edwardian palaces,
JavaScript graphing libraries, and Victorian warships and weird brass goggles.
with that power comes quite a bit The pages we’ve seen look gorgeous and
of complexity. Creating D3 graphics is not should be a real inspiration.
for the faint-hearted, but the reward for the
complexity is the ability to create custom,
Alas, this book
interactive graphics that work smoothly contains no useful
across all modern browsers. information on how
Interactive Data Visualization for the Web to get birds to perch
aims to give a gentle introduction to D3. In on your titles.
fact, it starts at the most basic level, and
doesn’t even assume the reader If you want to build custom
understands HTML. However, the whole of visualisations, D3 is probably the best The Battle of
HTML, CSS and JavaScript is covered in option, and this book is probably the best the Five Armies
just 44 pages, so it’s alright for a refresher, option to get started with D3. should be out
but someone new to the subject would by now.
probably struggle to follow it. LINUX VOICE VERDICT Black Hat Python
None of the book requires detailed Author Scott Murray We absolutely love the idea of this book. Use
knowledge of these areas, but you do need Publisher O’Reilly Python to sniff and manipulate network
ISBN 978-1-449-33973-9 packets, create your own trojans and Windows
a good understanding of the basics. Once
Price £25.99 COM automation, plus all kinds of other dark
the book reaches D3, the pace slows
Interactive Visualization for the Web an easy super powers. Python is accessible enough to
down, and Scott Murray takes the reader introduction to the complex world of D3 make it fun, and vitally informative when it
gently through the basics of how to use comes to your own defences.
the library.
www.linuxvoice.com 55
� GROUP TEST WEB BROWSERS
WEB
BROWSERS
GROUP TEST
The web browser is the most indispensable software in your
distro. Mayank Sharma looks at six of the most popular options.
On Test Web browsers
W
eb browsers shape the A web browser is a complex
Firefox way we view and piece of software, though it might
URL www.firefox.com interact with the not look it. You want it to be secure
VERSION 33.0.3 internet. They have grown along while you use it to pass your credit
LICENCE MPL 2.0 with the internet as it evolved from card information to an online
Can the default browser for most Linux primarily a read-only medium to a retailer. Furthermore, you want it to
distros stand up to the competition?
content-creation platform. As be reliable when you’re using a web-
content producers explore new based email service or an online
Chromium avenues of pushing more content office suite or updating project
URL www.chromium.org and creation avenues to us users, specs on the corporate intranet.
VERSION 38.0.2125 web browsers must keep pace with Finally, you want it to be able to
LICENCE Various open source licences. the new and upcoming protocols handle all sorts of multimedia
Is the browser from Google just an open and web technologies that while being zippy enough so as
source hogwash? piggyback the content. not to sap the resources on your
It’s fair to say that the web computer. And you want all of this
Epiphany browser has become the most
widely used piece of software. With
in a well-integrated package that
offers a great user experience.
URL https://wiki.gnome.org/Apps/Web
the rising number of web-based In the good old days, the choice
VERSION 3.12.0
LICENCE GPL v2 apps and cloud services, the web was simple as there were few
Can Gnome’s default web browser hold browser is probably the first app options. For a long time, Firefox was
the fort? you call upon after logging into the the default web browser for virtually
desktop. In fact, for some people every Linux distro. However, over
it wouldn’t be unfair to say that the years it’s given users a lot of
Konqueror the performance of the browser reasons to demand alternatives and
URL www.konqueror.org dictates their whole desktop the community and the larger Linux
VERSION 4.14 experience. This is why you need to ecosystem hasn’t disappointed. We
LICENCE GPL v2
make sure you pick the correct web evaluate some of the best options
Can this multifaceted option from KDE
browser for you. that are also easily accessible.
take on purpose-built web browsers?
Midori “The web browser has become the most
URL www.midori-browser.org
VERSION 0.5.8
widely used piece of software.”
LICENCE LGPL v2.1
Will this minion be able to hold a Testing the browsers
candle to the giants?
We’ve tested the browsers on a variety Document Object Model (DOM) and
of parameters. Some parameters, such JavaScript. In addition to the browser,
Opera as the availability of add-ons and
extensions, get more weight than, say,
we also look at their ancillary services
such as bookmarks, users and download
URL www.opera.com the availability of a feature like private management. While all of the browsers
VERSION 12.16 mode. To test their adherence to web on test should be available on virtually
LICENCE Proprietary standards we also subjected them to every Linux desktop distro, we’ve
Do we really need proprietary software popular tests such as Acid 3, which assessed them from inside the
in this field? checks compliance with elements of Arch-based Manjaro Linux as well as on
various web standards including Fedora 20.
56 www.linuxvoice.com
� WEB BROWSERS GROUP TEST
Plugins and add-ons
Customise your web experience with extra bits and bobs.
W
hile all browsers are usable Firefox has a dedicated add-ons website addons.opera.com/en/), but its collection
straight out of the box, you’ll need (https://addons.mozilla.org) and, while isn’t as diverse as Firefox’s and Chromium’s.
to extend them with add-ons and Chromium doesn’t have a dedicated The minuscule Midori browser ships
plugins for a truly customised user extensions site of its own, its users can flesh with over two dozen extensions that you
experience. In that respect all web browsers it with add-ons from Chrome’s web store can enable and configure from within the
give you access to add-ons for you to tailor (https://chrome.google.com/webstore/ browser itself. Epiphany doesn’t have a
the app to your needs. category/extensions). Both websites traditional extensions model that allows
The most popular browsers usually list hundreds of add-ons in well laid-out plugging in external add-ons. Instead the
have the largest community of users and categories and allow you to find and install extensions for Epiphany are shipped along
developers and as a result have the largest extensions in a matter of clicks. Opera has a with the browser itself. Similarly, Konqueror
and most varied selection of extensions. dedicated add-ons website as well (https:// also ships with extensions.
Opera 12.16
Can it conduct the choir?
O
pera is one of the oldest browsers,
having come into being as a
research project in 1994. Its first
version was released in 1995 but it wasn’t
until 2000 that Opera was available for Linux,
and it took another five years for the
software to become ad-free freeware.
Opera on Linux includes all of the features
you’d expect from a web browser, including
support for multiple tabs, a search-
engine toolbar, bookmark management,
a password manager, per-site security
configuration, download manager, auto- The Opera Mini browser for Android is still one of the popular mobile browsers, particularly for the
updater, and optional add-ons. Turbo feature which is known to reduces pages by up to 80% of their original size.
One of its best privacy-focused features
is the option to delete private data, such as ignore any traffic passing on secure HTTPS an improved Turbo mode. There’s also a
cookies, browsing history, items in cache channels. Opera Link is the browser’s new Discover feature that shows news and
and passwords with the click of a button. synchronisation feature, which can sync other articles much like StumbleUpon. This
The browser also likes to flaunt its security- bookmarks, history, searches and more. If beta version also lets you share individual
related features. When visiting a site, Opera you want to extend Opera, you can download bookmarks or entire bookmark folders with
displays a security badge in the address extensions and themes from the dedicated anyone on the web by creating a special
bar that shows details about the website, website (https://addons.opera.com). share.opera.com URL with your shared
including its security certificates. Opera also In terms of performance, Opera is bookmarks that’s valid for 14 days.
checks visits against blacklists for phishing comparable to Firefox and Chromium. But As expected, the beta version scores
and malware websites, and displays a while it passed the Acid 3 test, Opera scored higher on the HTML 5 test than the stable
warning page if you visit a known offender. lower in the HTML 5 test. That’s primarily version. Although we didn’t run into any
because Opera’s current stable Linux version unexpected problems, the software is beta
Resting on its laurels was released back in July 2013 and still for a reason and it must be pretty serious.
The status bar at the bottom includes uses the Presto layout engine. This has been What else would explain the lack of a stable
buttons to turn on the Turbo mode and replaced by Google’s Blink layout engine Linux release for more than a year?
Opera Link. The Turbo mode shrinks the which is used in the current stable builds for
pages before sending them to the user. This Windows and Mac OS X. On Linux, the Blink-
helps keep costs down on networks where based Opera 26 is only available in beta. VERDICT
A proprietary solution that
you are charged for the amount of data The beta version is available as a binary runs well but doesn’t offer
transferred. The feature is turned off by download for popular Linux distros. It anything spectacular.
default and even after you enable it, it’ll features an updated simplified interface and
www.linuxvoice.com 57
� GROUP TEST WEB BROWSERS
Epiphany 3.12
A profound experience.
E
piphany, now rechristened To tweak more advanced options
simply as Web, is the default you need the external GSettings
browser of the Gnome desktop configurators such as dconf or the
environment. As part of the Gnome graphical dconf-editor. The 3.12 version
desktop, the browser adheres to the is a major release of the browser
Gnome Human Interface Guidelines that includes performance and user
(HIG) and maintains a simple user interface enhancements such as the
interface with only a required minimum new address bar design, which replaces
number of features exposed to users. the traditional URL bar with the page
Epiphany has all the core web title once the page has finished loading.
browser features such as tabbed The recently released 3.14 version is Epiphany is now the default browser in the Raspberry Pi’s
browsing, bookmark management, just a minor update that adds support official Raspbian distro.
and an incognito mode. Since version for blocking invalid SSL certificates, and
3.2 the browser can also be used as improved security by warning users can’t customise the websites displayed
launchers for web apps. The launchers visiting pages with mixed content. in the speed dial, and there is no add-
are standalone instances of the However, we aren’t impressed by the ons management infrastructure. We
browsers that are listed along with the browser’s usability. For starters, you also feel that the redesigned address
offline apps in the Applications menu can’t switch tabs by using the popular bar might confuse new users who
of the desktop. You can access and Ctrl+Tab key combination. Also, you won’t expect to find it there.
manage the launchers with the special
about:applications URI from within
Epiphany itself. “As part of Gnome, Epiphany VERDICT
If you’re a Gnome user,
adheres to the Gnome Human
use this default browser
Epiphany’s built-in preference for creating nifty little
Interface Guidelines.”
manager is designed to present user- web apps.
only basic browser-specific settings.
Konqueror 4.14
Too many kooks?
W
hat Epiphany is to Gnome, Konqueror is well integrated within
Konqueror is to KDE. The KDE and uses the KParts object
browser is part of the KDE model to let you view various types
Software Compilation and up until the of files from with Konqueror itself. So
release of KDE 4 was one of the best in essence it provides you with a PDF
things about KDE -- a fully functional viewer, an FTP client, a text editor, a One of the good things about Konqueror is that it can be
web-browser and a very capable file spreadsheet editor, a word document controlled entirely from the keyboard.
manager. In fact it was pitched as an editor, an SVN client and more, all within
advanced file manager that can display the browser window itself. use type and you can also view multiple
web pages. With the release of KDE4, websites in a single window with its
Konqueror was replaced as the default A many-stringed bow split view functionality. However, one of
file manager by Dolphin. However As a web browser, Konqueror includes a the things that’s missing from
Konqueror can still display a web page bookmark manager, password Konqueror’s repertoire is an incognito
just as easily as it can display a Samba manager and a tabbed interface, and private browsing mode. You also won’t
share or a remote FTP site. lets you define web shortcuts for quick find any privacy options in its long list of
By default, Konqueror uses the access to popular web services. The settings, nor will you find a long list of
KHTML rendering engine. Although browser comes with a nice set of add-ons.
this supports the latest web standards plugins such as a custom ad blocker,
such as HTML 5, JavaScript, CSS 3 and automatic web page translation tool, a VERDICT
others, you should use the browser’s user agent switcher, shell command As far as default browsers
go, Konqueror is ace.
ability to change rendering engine and panel, and more.
switch to WebKit which enhances the Konqueror also ships with multiple
user experience manyfold. profiles each designed for a particular
58 www.linuxvoice.com
� WEB BROWSERS GROUP TEST
Midori 0.5.8 Variants and
Not as green as you might expect.
other options
Look beyond the obvious.
I
n this test we’ve only looked at some of
the most popular web browsers available
and there’s no dearth of alternatives. If
you’re looking for more than just a browser,
there’s SeaMonkey, which is the continuation of
the Mozilla Application Suite and uses the
same code as Firefox but is developed outside
the control of the Mozilla Foundation. In fact,
Firefox has spawned several browsers each
with its own distinct purpose. There’s the ESR
version (Extended Support Release) for users
who don’t want a new version every few weeks
(or for organisations that just can’t handle the
In Midori, private sessions run as a separate process, so if your private browsing crashes, it hassle of constand upgrades).
won’t affect the normal browser session. If you are a Debian user, your distro ships
with the Iceweasel browser, which is a
D
evelopment on the Midori browser cookie manager, external download rebranded Firefox release stripped of all the
started in 2003 and the browser manager, feed panel, mouse gestures, Mozilla trademarks. Then there’s PaleMoon,
was designed with the idea to custom keyboard shortcuts and more, also from Firefox, that has stopped support
make most of the available resources. along with support for Netscape-style plug- for older hardware and optimised it for
Quick launch speeds and minimal ins for supporting different media through performance on newer devices.
resource usage are the hallmarks of the external players such as Totem and VLC. Similarly, Chromium fuels a bunch of
browser. No wonder then that Midori is The latest release of the browser browsers as well, most notably the proprietary
popular with lightweight distros and the features several notable improvements Chrome browser. The SRWare Iron browser
default browsers on distros such as to its WebKit 2 rendering engine including is another proprietary freeware browser
SliTaz, Trisquel Mini and Elementary OS. improved text selection behaviour, that aims to eliminate usage tracking and
It uses the WebKit rendering engine favicons and more. The AdBlock other privacy-compromising functionality in
and performs just as well as the other extension has been rewritten in Vala and Chrome. KDE users should also check out the
browsers using this engine. Yet despite features a new status bar entry to toggle lightweight WebKit-based Rekonq browser,
its lightweight nature and design, Midori the add-on for individual sites and also which is also pretty well integrated in KDE.
has all the features you’d expect from show a list of items that were blocked There’s also Dillo for resource-conscious users
a web browser including a speed dial, on the respective site. The release also and some text-based browsers such as Lynx,
tabbed interface, bookmark management, features two new extensions. One lets which is still in active development 22 years
configurable web search as well as an you use the Ctrl+Enter key combination to after its initial release.
incognito mode. autocomplete URLs and the other adds a
The browser can show you DOM little notes panel that saves any selected
storage items and can create multiple text as your browse the web.
browser profiles. Like Epiphany, Midori can Midori was remarkably stable and
also create desktop launcher shortcuts properly rendered every popular social
for websites. These launchers run simple network we pointed it to including
single-instance windows of the browser Facebook, Twitter, Youtube, Linkedin,
that have no address bar. and Spotify. However it doesn’t have a
Midori can clear private data with a synchronisation feature, nor a mobile
single click and you can also set it to clear client and while its collection of add-ons is
data while quitting. You’ll also find some useful it’s no where as comprehensive as
privacy-related control in the browser’s the web stores of Firefox and Chrome.
settings section. And there’s a trash icon
next to the address bar that lists recently VERDICT
closed tabs and windows along with a An impressive browser
QupZilla is a zippy browser that’s designed to
that’s light only in size
button to clear this list. and not features. provide a native feel on all supported platforms
The browser also ships with a bunch and across Linux desktops.
of useful add-ons. There’s an ad-blocker,
www.linuxvoice.com 59
� GROUP TEST WEB BROWSERS
Firefox 33.0.3 vs Chromium 38.0.2125
The battle of the alpha behemoths.
F
irefox and Chromium are by far is highly customisable. In fact you can
the biggest and most rearrange the entire interface as per
comprehensive web browser your needs. The browser now ships
projects of the lot and the only real with a new view for customisation
challengers to each other. that lets you rearrange the various
Firefox has long been considered components of the browser window.
the de-facto browser for the open Another strength of the browser is
source community. It was fast, it the plethora of add-ons freely available
was innovative and it championed on a dedicated website of their own.
standards compliance while other There’s also the Firefox Sync service,
browsers of the time (we’re looking at which helps users synchronise Firefox is available for all major operating systems and
you, Internet Explorer) were trying to passwords, history, bookmarks and also works on Android smartphones.
maneuvre the web as per their whims open tabs by storing encrypted copies
and wishes. on Mozilla servers. includes a PDF reader. Like Firefox,
Firefox proudly continues its tradition Firefox is also a wonderful platform it’s hot on new and upcoming open
and is still known for its technical for web developers and includes tools protocols, and supports Vorbis, Theora
innovations and customisations. If such as the Error Console and the and WebM codecs among others.
there’s something you can do with DOM Inspector as well as extensions Chromium’s snapshots are built
a web browser – tabbed browsing, such as Firebug. Furthermore, Mozilla automatically several times a
location-aware browsing, incremental has recently announced a new release day and made available as binary
find, smart bookmarking, managing dubbed Firefox Developer Edition built releases. These are then taken by
downloads, browsing privately – you especially for web developers. distro packagers and included in the
can do it with Firefox . The browser respective software repositories.
also strives to support the new and All that glitters ain’t gold While the browser is available for
upcoming open technologies such as The Chromium project impressed users multiple platforms, there is no mobile
WebM and HTML 5. right from its initial release in 2008. The client, although you can compile one
Firefox is also the most localised open source project lends code to yourself. You can extend Chromium by
web browser, with support for over Google’s proprietary Chrome browser,
“Like Firefox, Chromium is hot
70 languages. The browser has an which only adds some Google
excellent security record and is known trademarked and proprietary code on
for offering bug bounties to developers top of Chromium.
on upcoming open protocols,
and supports Vorbis.”
who discover a security hole. It also Chromium impressed users with its
implements Google’s Safe Browsing minimalist user interface. The browser
API to safeguard its users from won accolades and users for being
phishing and malware. faster than Firefox and for making fetching extensions from Chrome’s web
There was a time when other judicious use of computer resources store, which is as diverse as Firefox’s.
browsers scored over Firefox just for despite matching the latter for features. Chromium also sports a sync feature
their looks and customisation potential. Chromium can do all the usual things similar to Firefox.
However, the latest version of Firefox you can do with Firefox and also Chromium has more privacy-related
controls than Firefox, but that’s primarily
because the browser uses more
privacy-invasive services than Firefox.
For example, Chromium uses a web
service to resolve navigation errors
along with a prediction service to
complete searches and URLs. The one
area that Chromium scores over Firefox
is user management, which is more
intuitive in Chromium than in Firefox.
VERDICT
FIREFOX: The open CHROMIUM: It won
source champion does users with its speed
well to keep up with but it has to pay heed
the competition. to Google’s whims.
Chromium uses multiple processes to isolate websites in different tabs from each other.
60 www.linuxvoice.com
� WEB BROWSERS GROUP TEST
OUR VERDICT
Web browsers
T
his was always going to be from Chromium is its process
between Firefox and model, which handles unresponsive
Chromium. That’s not to say web pages more gracefully than
that the other browsers didn’t stand Firefox, but is also responsible for its
a chance. In fact, we were tempted high resource usage.
to give the top honours to Midori. But Firefox is more than just a This group test wasn’t lost by any browser (there’s some fantastic
Midori is an impressive piece of browser and has been fighting the software for Linux) as much as it was won by Firefox.
software that’s not only fast and good fight for quite some time.
lightweight but is also full of useful Its commitment to promote open
features and has enough room for
extensibility. It easily obliterates the
standards, privacy and the open
web are as important and worthy
1st Firefox 33.0.3
Licence MPL 2.0 Version 33.0.3
other contenders in this group test of support as the software itself.
but lacks the advanced power user Also, unlike some projects, Firefox www.firefox.com
features that you get with Firefox doesn’t rest on its laurels and If it keeps up the good work, it’ll be hard for anyone to displace
and Chromium, such as a strives to innovate and adapt to the Firefox from the top step.
synchronisation feature. dynamic space in which it operates.
There’s not much to choose The project has just celebrated the 2nd Chromium 38.0.2125
“Firefox strives to innovate and adapt to
Licence Various open source licenses. Version 38.0.2125
the dynamic space in which it operates.”
www.chromium.org
The only real competition to Firefox; loses for its focus on
powering proprietary solutions instead of catering to its users.
from between Firefox and 10th anniversary of Firefox 1.0 with
Chromium. As browsers they are a special anniversary release that 3rd Midori 0.5.8
almost equally matched. We like comes with a Forget button that Licence GPL v2 Version 3.12.0
Firefox’s implementation of a few helps you erase recent activity if
features, most notably Firefox you accidentally fall down a rabbit www.midori-browser.org
The go-to browser for anyone concerned about resource
Sync, which encrypts all synced hole on the web.
consumption.
data and also lets you use a Mozilla’s official mission
custom server instead of Mozilla’s. statement is to build a better
Over the years Firefox has also internet. The team also just happen 4th Konqueror 4.14
been able to streamline itself and to produce a wonderful browser Licence GPL v2 Version 4.14
match Chromium for speed and that outperforms the competition
www.konqueror.org
performance. The one feature on merit. We’re glad to see it back
Like most things KDE, Konqueror loses out for trying too hard.
Firefox hasn’t been able to adapt at the top of the tree. As part of an integrated desktop though, it’s well worth trying.
5th Epiphany 3.12
Licence LGPL v2.1 Version 0.5.8
https://wiki.gnome.org/Apps/Webe
Gnome’s default browser is good for creating web apps, but
falls behind in daily usage.
6th Opera 12.16
Licence Proprietary Version 12.16
www.opera.com
The ugly proprietary duckling pales in front of the white open
source swans.
Midori ships with several useful plugins, and is fantastic for older machines.
www.linuxvoice.com 61
� SUBSCRIBE
SUBSCRIBE shop.linuxvoice.com
Introducing Linux Voice,
the magazine that:
Gives 50% of its profits
back to Free Software
Licenses its content
CC-BY-SA within 9 months
12-month subs prices
UK – £55
Europe – £85
US/Canada – £95
ROW – £99
7-month subs prices DIGITAL
UK – £38 SUBSCRIPTION
Europe – £53
US/Canada – £57
ONLY £38
ROW – £60
Get 114 pages Access our Save money on
of tutorials, rapidly growing the shop price
features, interviews back-issues archive and get each issue
and reviews – all DRM-free and delivered to
every month ready to download your door
Payment is in Pounds Sterling. 12-month subscribers will receive 12 issues of Linux Voice a year. 7-month
subscribers will receive 7 issue of Linux Voice. If you are dissatisfied in any way you can write to us to cancel your
subscription at subscriptions@linuxvoice.com and we will refund you for all unmailed issues.
62 www.linuxvoice.com
� NEXT MONTH
NEXT MONTH IN
ON SALE EVEN MORE AWESOME!
THURSDAY
Lennart Poettering
29 JANUARY
Image credit: Ramkrsna CC BY-SA 2.0
Why is Systemd
necessary? Can you
fix my broken audio
setup? What’s it like
being an internet
celebrity? Hear the
answers from the
horse’s mouth.
Scribus (again)!
We promise, this
time we’ll give
ourselves plenty of
time to look at how
well this superb
design software
integrates with a
proprietary workflow.
Assembly language
WHAT NOW FOR LINUX? If you’re as cool
as Mike Saunders
(and you want to get
We asked a bunch of movers and shakers in as close as possible
to bare-metal
Free Software what’s coming in 2015 – their programming), you’ll
answers will inform, surprise and delight you. love Assembly
language.
LINUX VOICE IS BROUGHT TO YOU BY
Editor Graham Morrison Editorial consultant Nick Veitch through the use of advice in this magazine. Copyright Linux is a trademark of Linus
graham@linuxvoice.com nick@linuxvoice.com Experiment with Linux at your own risk! Torvalds, and is used with permission.
Deputy editor Andrew Gregory Distributed by Marketforce (UK) Ltd, Blue Anything in this magazine may not be
andrew@linuxvoice.com All code printed in this magazine is licensed Fin Building, 110 Southwark Street, London, reproduced without permission of the editor,
Technical editor Ben Everard under the GNU GPLv3 SE1 0SU until July 2015 when all content (including
ben@linuxvoice.com Tel: +44 (0) 20 3148 3300 our images) is re-licensed CC-BY-SA.
Editor at large Mike Saunders Printed in the UK by ©Linux Voice Ltd 2014
mike@linuxvoice.com Acorn Web Offset Ltd Circulation Marketing by Intermedia Brand ISSN 2054-3778
Creative director Stacey Black Marketing Ltd, registered office North Quay
stacey@linuxvoice.com Disclaimer We accept no liability for any House, Sutton Harbour, Plymouth PL4 0RA Subscribe: shop.linuxvoice.com
loss of data or damage to your hardware Tel: 01737 852166 subscriptions@linuxvoice.com
www.linuxvoice.com
� CORETECHNOLOGY
CORE
A veteran Unix and Linux
enthusiast, Chris Brown has
written and delivered open
source training from New Delhi
to San Francisco, though not on
TECHNOLOGY
the same day. Prise the back off Linux and find out what really makes it tick.
Signals
Get the attention of running processes by sending them signals.
I
n the world of Linux system device driver for the modem would detect process cannot choose to catch or ignore it.
programming, a signal is an event that’s the loss of carrier when Dennis hung up and A process receiving SIGKILL is instantly
delivered to a process by the kernel. A deliver a SIGHUP signal to terminate the terminated. Best practice suggests that as a
signal says to the process “something has shell session. way of killing a process it should be a last
happened that you might want to respond Well, dial-up logins are history now, and resort, when more polite requests such as
to”. A few signals are generated as a result SIGHUP was looking forward to a peaceful SIGTERM have failed. This is particularly
of something that the program itself is doing retirement when it was offered a new job. true for services that maintain lock files or
(usually something bad), but most of them Nowadays, SIGHUP is interpreted by some other temporary data files, because they
originate from sources external to the daemons to mean “your configuration file won’t have opportunity to clean them up and
program itself. has been changed, please go and re-read it”. you may end up having to manually remove
Why do you need to know about signals? One example is the system logging daemon them before the service will restart.
Well, they’re important to a system (syslog or rsyslog) which re-reads the config
administrator because they provide a way to file /etc/syslog.conf (or /etc/rsyslog.conf) SIGALRM
interact with running processes (in on startup and on receipt of a SIGHUP. In This signal is “self-inflicted” – it’s generated
particular, to kill them). And the most some cases the daemon simply stops and as a result of an alarm clock timing out.
important single reason that a developer restarts when it receives this signal. Typically a C program might request an
needs to be aware of signals is so that he alarm call 10 seconds from now with:
knows how to write programs that ignore SIGINT alarm(10);
them. But there are more useful things you This is the signal that is sent to a foreground and use it to implement a timeout on a
can do with signals, as we’ll see. process by the terminal driver when you potentially blocking operation.
There are several different types of signal. enter ^C on the terminal. By default,
If you’re running a Bash shell, the built-in programs will terminate when they receive
command kill -l will show you a list of them. this signal. Some programs, especially ones Setting your interrupt character
It’s a slightly scary list but you don’t need to that operate interactively, choose to ignore
know about most of them, and here we’re this signal. The terminal driver (the code inside the kernel
that’s reading characters from your keyboard)
going to focus on the 10 or so you’re most
recognises a number of characters that are
likely to use. SIGTERM handled specially. Well-known examples include
This is conventionally used as a polite the “interrupt” character (usually ^C) which
SIGHUP “please tidy up and terminate” request. For sends a SIGINT to any foreground processes
This signal has an interesting history. The example, when you shut down a Linux running on that terminal, and the “end-of-file”
character (usually ^D) which tells a program
“HUP” stands for “hang up” and it harks back system with the shutdown command, it
that’s reading its standard input from the
to the days when telephones hung on a begins by sending SIGTERM to all the keyboard that there is no more data. You can
hook on the wall and you would terminate a running processes in the hope that they will see all of these settings with:
call by hanging up the phone. The scenario do the decent thing and go away. If this $ stty -a
Although most of what you’ll see here harks
went like this: Dennis was logged into his doesn’t work, shutdown waits for a few
back to the days of terminals that plugged into
PDP11 computer via a dial-up line and a seconds then sends a SIGKILL. SIGTERM is serial ports and is not relevant now, you can
modem. Without logging off, he simply the default signal type sent when you use also change them. For example, to set your
“hung up” the connection. Later, Ken dialled programs like kill and pkill. interrupt character to ^X:
$ stty intr ‘^X’
in to the same modem, thus finding himself
The control character is entered here as two
connected to Dennis’s abandoned shell. To SIGKILL characters, a caret (^) then the X.
prevent this undesirable state of affairs, the This is the most brutal signal because a
64 www.linuxvoice.com
� CORETECHNOLOGY
SIGSEGV
1
This signal is generated by the kernel when
a process tries to access a memory address
that’s outside its address space. Of course
2
this should never happen in a correctly
written program; typically it occurs in C code
that makes a reference through a pointer 3
5
that hasn’t been initialised, as this two-liner Signal
demonstrates: Main
Handler
void main() Program 4 6
{
int *p;
*p = 0; 7
1 Program begins
} 2 Signal handler is installed
Assuming the code’s in the file 3 Execution continues
segvdemo.c, compile and run it like this:
4 Signal is raised
$ gcc -o segvdemo segvdemo.c
$ ./segvdemo
5 Handler executes
Segmentation fault (core dumped) 6 Handler returns
$ echo $? 7 Program execution continues
139
SIGILL Arrival of a signal interrupts the execution of the main program and runs the handler.
Another signal that arises directly from the
execution of the process. It indicates an $ ./fpedemo own, unless you’re running as root in which
illegal instruction, and should never occur Floating point exception (core dumped) case you can deliver signals to any process.
unless your compiler is buggy or the $ echo $? Sending SIGHUP manually like this is
executable has become corrupt, or maybe 136 commonly used to signal a service after
because it calls a function through an Again, notice the exit status (136). changing its config file. Manually generated
unitialised pointer. Subtracting 128 gives 8, the signal number signals are also often used to terminate a
of SIGFPE. “hung” process (or just one that seems to
SIGBUS and SIGFPE have been running for far too long), typically
These indicate an incorrectly aligned SIGABRT like this:
memory access, and a floating point A self-generated signal raised when a $ kill -TERM 12345
exception (or other arithmetic error) program calls the abort() library function. By or more brutally:
respectively. It’s easy to deliberately default it will cause immediate termination $ kill -KILL 12345
generate a SIGFPE – just divide by zero: of the program. If you don’t specify a signal type, the default
void main() is SIGTERM.
{ Sending signals As you’ll see from these example you
int a, b, c; OK, we’ve discussed some of the signal need to know the process ID to send a
a = 1; b = 0; types. We’ve seen that some, such as signal. If you’re trying to kill a program called
c = a / b; SIGSEGV and SIGFPE, are raised foobar you might get this by running:
} automatically by the kernel as the result of $ ps -ef | grep foobar
If you compile and run this program, you’ll some misdemeanour committed by the chris 4923 2586 0 18:07 pts/0 00:00:00 ./
see something like this: program. These are sometimes referred to foobar
as “synchronous” signals. But others need to chris 4968 4924 0 18:07 pts/6 00:00:00 grep
Signals are not exception handling be explicitly generated from outside the foobar
program (sometimes called “asynchronous” from which we see that the PID is 4923.
Some languages support exception handling, signals). How do we do that? (Ignore the “false positive” generated from
typically with keywords like “try”, “catch” and
One way is to use the command kill. It’s the grep command.)
“throw”. For example, if you try to open a file
for writing and don’t have write permission, in not a good name really; raise or sendsignal
some environments the runtime will throw an might be better. For example, we can send a Sending signals from a program
exception that you can choose to catch in order SIGHUP signal to process 12345 like this: So much for sending signals from the
to handle the error. We mention this because $ kill -SIGHUP 12345 command line. You can also send signals
this is NOT what signals do. You can (to a very
Or you can use the short signal name, or from within a program. Here’s a little C
limited extent) install exception handling of a
sort by catching signals like SIGFPE, but failed the signal number, like this: program I wrote called “terminate”; the idea
system calls and library routine calls do not $ kill -HUP 12345 is that you give it a PID as an argument and
throw exceptions; they return -1 (or sometimes $ kill -1 12345 it begins by sending a polite SIGTERM signal
a null pointer) to indicate failure and you need This is a good time to point out that you to ask the process to terminate. If this
to explicitly test the return value to detect this.
can only send signals to processes that you doesn’t work it just pulls out a gun and
www.linuxvoice.com 65
� CORETECHNOLOGY
SIGTERM to the process, hoping it will oblige
Signal sources and go away. Then the loop starting at line
31 repeatedly probes (sending the dummy
signal 0 again) to see if the process has
Terminal terminated. If it has, then fine, our job is
driver done, and we exit at line 34. We continue for
Memory five seconds, probing at one-second
Shell SIGINT management intervals. Finally, if we reach line 39, we
command SIGQUIT forcefully terminate the process with
SIGKILL. This approach (SIGTERM followed
SIGSEGV
SIGTERM if necessary by SIGKILL) is essentially what
SIGHUP happens to all running processes during a
SIGPIPE
SIGKILL system shutdown.
Kernel
A process Catching signals
SIGALRM
So now we know how to send signals. Let’s
SIGWINCH
look at the other side of the story – how
does a process respond when it receives a
Window SIGUSR1 signal? Well, each signal has a default
Another use
manager process disposition (“disposition” is just a posh word
meaning “what will happen when a signal
arrives”). The three dispositions shown in the
The kernel delivers all signals, but different signal types typically originate from different places. table are:
1 Term The process is terminated (this is
the most common behaviour).
shoots the process in the head with 31. for (i = 0; i < 5; i++) 2 Core The process is terminated, a
SIGKILL. Note that the line numbers are for 32. { memory image (core file) may be written.
reference, they are not part of the file: 33. if (kill(targetpid, 0) < 0) 3 Ignore The signal is ignored.
1. #include <stdio.h> 34. exit(0); However – and here it gets interesting – a
2. #include <stdlib.h> 35. sleep(1); program can install handlers for the various
3. #include <signal.h> 36. } signal types – pieces of code that will run if
4. #include <errno.h> 37. the signal arrives.
6. int main(int argc, char* argv[]) 38. /* Asking nicely didn’t work, bring out the big Rather than do this in C again, we’ll do it in
7. { guns */ a shell script. The purpose of this script is to
8. int targetpid, i; 39. printf(“SIGTERM ineffective, sending count the number of prime numbers less
9. SIGKILL\n”); than one million.
10. /* Get target process ID from command line */ 40. kill(targetpid, SIGKILL); Now of course, doing a computation-rich
11. targetpid = atoi(argv[1]); 41. exit(3); thing like this in a shell script is pretty stupid,
12. 42. } and I’m not using the most efficient
13. /* Check that the process exists */ If you don’t read “C”, here’s a guided tour: algorithm either, which doesn’t help. But
14. if (kill(targetpid, 0) < 0) At line 11 we grab the process ID from the that’s not the point. The point of this
15. { command line. There should really be some example is that it represents a long-running
16. switch (errno) error checking here to verify that the user did program that gradually works its way
17. { actually supply a PID as argument. At line 14 through a data set. Here’s the script:
18. case ESRCH: we try to send signal number 0 to the 1. #!/bin/bash
19. printf(“Process %d does not exist\n”, process. The kill() system call is analogous 2.
targetpid); to the kill command, though notice that the 3. function isprime()
20. exit(1); arguments are in the opposite order. (Hey, 4. {
21. case EPERM: this is Linux! You want consistency?) Now
22. printf(“Do not have permission to terminate there is no signal number 0, so the call will
Signals and exit codes
that process\n”); not actually deliver a signal to the process,
23. exit(2); but it will fail (returning -1) if either the When a process terminates “normally” (by
executing an exit()), it chooses an exit code to
24. } process doesn’t exist, or we don’t have
pass back to the parent – 0 to indicate success
25. } permission to signal it (ie we don’t own it and a small integer to indicate some sort of
26. and we’re not root). These two conditions failure. But if the process is terminated by a
27. /* Ask the process to terminate (politely) */ are trapped at lines 18 and 21, where we signal it doesn’t get a choice. In this case, the
28. kill(targetpid, SIGTERM); print an appropriate error message and exit. exit status will be 128 plus the number of the
signal that killed it. So for example a process
29. If we make it as far as line 28, we know
killed by a SIGKILL (signal 9) will have exit
30. /* Wait for up to 5 seconds for the process to that the process exists and we have status 137 (128+9).
die */ permission to signal it, so we send a polite
66 www.linuxvoice.com
� CORETECHNOLOGY
5. n=$1
6. factor=2 Common signals
7. while (( factor * factor <= n )) Signal name Number Default action Description
8. do
SIGHUP 1 Term Some daemons interpret this to mean “re-read
9. if (( n % factor == 0 )) your configuration”
10. then
<
11. return 1 # number is not prime SIGINT 2 Term This signal is sent by C on the terminal
12. fi
SIGTRAP 5 Core Trace/breakpoint trap
13. (( factor++ ))
14. done SIGBUS 7 Core Invalid memory access (bad alignment)
15. return 0 # no factors, number is prime
16. } SIGFPE 8 Core Arithmetic error such as divide by zero
17.
18. trap ‘echo Testing value $val, found $count SIGKILL 9 Term Lethal signal, cannot be caught or ignored
primes so far’ HUP
SIGSEGV 11 Core Invalid memory access (bad address)
19. trap ‘echo Buzz off I am busy counting primes!’
TERM
SIGPIPE 13 Term Write on a pipe with no one to read it
20. trap ‘’ INT
21. SIGALRM 14 Term Expiry of alarm clock timer
22. count=2
23. val=5 SIGTERM 15 Term Polite “please terminate” signal
24. while (( val < 1000000 ))
SIGCHLD 17 Ignore Child process has terminated
25. do
26. if isprime $val
27. then Each signal has a name, a number, a default “disposition” and a purpose.
28. (( count++ ))
29. fi
30. (( val += 2 )) handler prints a rude message, but the Buzz off I am busy counting primes!
31. done program continues executing. The empty but again, the program will continue. Finally
32. echo count is $count SIGINT handler at line 20 simply makes the (unless you are actually interested in
Let’s walk you through this. Lines 3 to 16 script ignore SIGINT signals. Since ignoring knowing how many primes under 1,000,000
define a function called isprime. It takes the signals is a common requirement, we’ll allow there really are and would like to allow the
number we want to test as an argument, ourselves one more line of C: program to run to completion) we can
and returns 0 (success) if the number is signal(SIGINT, SIG_IGN); forcefully terminate the program with:
prime and 1 (failure) if it isn’t. The code is not which says to ignore SIGINT signals and is $ pkill -KILL countprimes
difficult, but its details do not concern us equivalent to the trap statement at line 20 in We haven’t installed a handler for SIGKILL,
here. The script really starts at line 22. We the script. and we couldn’t if we wanted to because
enter a loop (lines 24 to 31), testing all odd So go back to the terminal where you can’t catch or ignore SIGKILL, so in the
numbers between 5 and 1,000,000 for
prime-ness and counting them. (I do at least
have the sense not to test even numbers.) “This example represents a long-running program
On exiting the loop we print out the
answer (line 32).
that gradually works its way through a data set.”
If you want to try this out (and we hope
you will) put the code into a file called countprimes is running and enter ‘^C’. As first terminal window you’ll see the message
countprimes and make it executable: we’ve seen, this will send a SIGINT signal to Killed
$ chmod u+x countprimes the process. If we didn’t have line 20 in the If you then examine the exit status in that
Now run the script: script this would terminate the program, but terminal:
$ ./countprimes now it is simply ignored and the program $ echo $?
It will take quite a while to run (17 minutes continues. 137
on my laptop). Meanwhile, go back and look Now open a second terminal window. you see that it’s 137. Subtracting 128 as
at lines 18–20. These are the lines that Enter the command: before gives 9, the signal number of SIGKILL.
install signal handlers for SIGHUP, SIGTERM, $ pkill -HUP countprimes That’s all for this month. If you’d like to
and SIGINT signals respectively. In these Testing value 861877, found 68481 primes so far learn more, the man page for signal (man 7
example we have written the signal-handling As you’ll see, the SIGHUP handler tells us signal) has a great deal more detail, but
actions “in line”, though we could also have how far we’ve got in our prime-counting rapidly gets rather techie. There’s also a
written them as functions, which would be task. Now try: good discussion in the GNU C Library
easier to deal with if we wanted the handler $ pkill countprimes manual at www.gnu.org/software/libc/
to do several things. The SIGHUP handler which sends the default SIGTERM signal manual/html_node/Signal-Handling.html.
prints a progress report. The SIGTERM and will elicit the response: Happy signalling!
www.linuxvoice.com 67
� FOSSPICKS
FOSSpicks Sparkling gems and new
releases from the world of
Free and Open Source Software
Mike Saunders has spent a decade mining the internet for free
software treasures. Here’s the result of his latest haul…
Sound file tag editor
Puddletag 1.0.5
W
e love discovering need Mutagen – this is the library
programs that that handles the low-level
ostensibly perform operations of adding tags to music
mundane tasks, but have so many files. On Ubuntu and Debian-based
features and options that they distros, you can get all of the
actually become rather cool. dependencies via the python-qt4,
Puddletag is one such example: it’s python-pyparsing, python-
a music file tag editor. Riveting, mutagen and python-configobj
right? But when you start exploring packages. Then extract the
the interface and discover some of puddletag-1.0.5.tar.gz file, go into
the complexity behind it, you the resulting directory, and run
actually start to admire it. And if you ./puddletag.
manage a large music collection,
you might find that you can’t live I, spreadsheet
without it. Sure, most graphical The first thing you’ll notice is the
music players on Linux include unusual interface: Puddletag looks Puddletag can work with ID3v1, ID3v2 (MP3), MP4,
some kind of tag editing facility, but somewhat like a spreadsheet. This VorbisComments (Ogg and FLAC) and Musepack (mpc) tags.
Puddletag is industrial strength. actually turns out to be a very good
It’s written in Python (2) and uses design when you’re working on lots click on the F button in the toolbar,
Qt 4 for the interface, so its main of files. Under the filesystem panel the file will be renamed according
dependency is PyQt4. You’ll also on the bottom-left, navigate into a to the contents of its artist and
track tags. In this way, you can turn
“Puddletag is almost as flexible bachconcerto1.ogg into something
nicer like Bach Concerto in G pt 1.
as using a scripting language, but ogg. Excellently, you can do this for
with the convenience of a GUI.” multiple files in the list by selecting
them and clicking F – a great
one-click way to clean up your
directory containing audio files, and music collection.
they’ll appear in the list on the right. And that’s just the start of it. You
Just like in a spreadsheet, you can can create user-defined actions
now click into cells and edit data – comprised of functions that sort
that’s the simplest way to do it. values, merge fields, trim
Where Puddletag really shines, whitespace, convert case, and so
however, is in its automation much more. It’s almost as flexible
facilities. Check out the drop-down as using a scripting language, but
list in the toolbar: there you can with the convenience of a GUI, so if
enter variables such as %artist% you have very specific requirements
and %album%. You can use this for your collection, Puddletag should
to rename files according to tags, handle them with aplomb.
so say you have this in the
Various functions are available to drop-down list:
%artist% - %track% PROJECT WEBSITE
include in user-defined actions, such
http://puddletag.sourceforge.net
as regex-based text replacement. If you now select an audio file and
68 www.linuxvoice.com
� FOSSPICKS
Operating system
PC-BSD 10
F
reeBSD is a fine server can take over the whole hard drive
operating system, sharing automatically; custom partitioning
many of the same qualities is also available. One reboot later
that Linux has: it’s open source, it’s and you’re prompted to create a
reliable, it’s secure and it can run root password and normal user
thousands of FOSS programs. account, before landing at your
Some people use it as a desktop chosen desktop.
OS, but it’s not the best experience
out of the box – quite a lot of A bundle of joy
manual work is required to get One of PC-BSD’s most notable
everything set up properly. That’s features is its PBI packaging
not a criticism, as FreeBSD just system. This aims to make
provides a base system and software installation more
expects you to know what you’re Windows or Mac OS X-like, in that
PC-BSD takes the solid
doing, like in Arch Linux. But if you users can download single .pbi So, why else would you consider
server foundations of
want to try something more packages, double-click, and get a FreeBSD and adds a using PC-BSD rather than Linux?
newbie-friendly, PC-BSD, a desktop- new program. All dependencies are user-friendly desktop There’s not a lot between them,
oriented OS based on FreeBSD, is bundled into the package, and it’s and packaging system. although hardware support tends
worth a look. installed in /Programs. This is in to be broader in Linux. Pretty much
Version 10.0 is available as a contrast to Linux, where every major FOSS desktop app is
3.4GB ISO which you can burn to a dependencies are used more available in PC-BSD – LibreOffice,
DVD-R. For testing purposes, extensively and programs are Firefox, Gimp and so forth. There’s
though, it’s much easier to boot it scattered around the filesystem. Is also the usual gamut of
up in VirtualBox. The minimum PC-BSD’s approach better? Well, it’s development tools. But PC-BSD has
system requirements are 1GB of certainly easier when it comes to a few aces up its sleeve as well,
RAM and 20GB of hard drive space, grabbing new apps from the web, inherited from FreeBSD, such as
but the PC-BSD team recommends but there’s a lot of duplication. If a excellent ZFS support. ZFS is a
4GB and 50GB respectively. This security hole is discovered in a filesystem that features storage
might seem excessive, given that widely-used library, every PBI using pools, snapshots, compression,
the FreeBSD core is rather svelte, that library has to be updated – this corruption prevention and many
but the choice of desktop is more time-consuming than the other goodies. Meanwhile, FreeBSD
environments and supplied apps shared library approach. jails are like chroot on steroids, and
makes it a beefy package. the licence makes it much easier to
After booting, you’re given default
settings for installation, including a
“PC-BSD’s packaging system aims incorporate into proprietary
software (if that’s your wish).
KDE 4.12 desktop. You can change to make software installation more
this to Gnome, Mate, Xfce or some
lighter window managers. PC-BSD
Windows- or Mac OS X-like.” PROJECT WEBSITE
www.pc-bsd.org
How it works: Adding software
1 AppCafe 2 Search 3 Install
Click the AppCafe icon on the desktop, and AppCafe shows recommended applications Click Install Now, or Install In Jail to set it
enter your password when prompted. You’ll see a by default; use the search bar to find a specific up in a restricted environment. The latter option is
cluttered window – resize it to make more space. application. Click its name in the list up details. recommended for untrusted programs.
www.linuxvoice.com 69
� FOSSPICKS
Video/audio transcoder
Transmageddon 1.5
W
e’re pretty hardcore Bizarrely, Transmageddon doesn’t
geeks at Linux Voice. But open a file if you specify it at the
one thing has always command line. We’re not sure if this
terrified us: Mencoder. This tool, part is just a simple oversight, but
of MPlayer, is tremendously anyway: you can choose the input
powerful when it comes to file once the GUI appears.
converting media from one format Transmageddon will identify the
to another. But it’s insanely audio and/or video codecs used by
complicated – the man page alone the file, and provide some extra
contains almost 45,000 words! information such as the resolution
Transmageddon has a
So we’re always on the lookout and number of audio channels. You the details about them. Under the
limited range of options,
for graphical tools that make the can then choose the container for but it’s great for quick Presets drop-down menu, for
job a lot simpler. Handbrake and VLC the output format, such as Ogg, converting tasks. instance, you can choose from
work well here, but Transmageddon Matroska, AVI, FLV, WebM and various mobile phones, the Sony
is an excellent lightweight others, and then specify the audio PS3, a “generic Linux” profile (Ogg
alternative. It’s built on Gnome and video codecs to be used inside Vorbis and Theora), HTLM 5 video,
libraries – although it ran without the container. and more. These profiles are stored
any problems on our minimalist in XML format in /usr/share/
Openbox installation – and uses Hurrah for codecs! transmageddon/profiles – you can
GStreamer to handle media codecs. So far so good. But what makes easily edit them to create your own
So if you want to transcode into the Transmageddon especially useful is for other devices.
widest possible range of formats, its in-built profiles, which let you
install the “bad” and “ugly” convert for specific devices and PROJECT WEBSITE
www.linuxrising.org
GStreamer codec packages. platforms without having to know
Drop-down terminal
Guake 0.5.1
I
f you do a lot of work in the usually not well known by users of
terminal, you probably have other desktops. We gave it a try on
several terminal windows at any a plain Openbox setup, and were
one time, and can easily identify pleased to see that it works
them in your taskbar or window list. excellently. It’s also attractive,
Alternatively, you might use picking up on the desktop wallpaper
something like tmux to switch and showing it in the background of
between your command-line apps the terminal window, slightly darker
inside a single terminal window. to make the white terminal text
Either way, this makes sense when stand out.
you have various regularly-used By default, Guake takes up the top
programs or shell prompts running half of the screen when you hit F12,
Don’t like the defaults?
all the time. but you can change this in the Change Guake’s redefine the key that’s used to
But what if you quickly need to settings. Right-click on the Guake appearance and open the terminal. Guake does
enter a command, and don’t want notification area icon and choose keyboard shortcuts with everything it’s supposed to: it’s fast,
to open yet another terminal Preferences; then note the Main just a few clicks. it’s easy to configure, and it’s
window? Guake is the answer. It’s Window Height option. You can perfect for those times when you
an ultra-fast terminal that pops also make the terminal narrower, need to run a quick command
down from the top of the screen and determine where it appears. without adding yet more windows
when you hit a certain key (by Under the Appearance tab it’s to your already busy desktop.
default, bound to F12). possible to change the font and
Guake has been doing the rounds transparency effect, while the PROJECT WEBSITE
https://github.com/Guake/guake
for a while, but as a Gnome app it’s Keyboard Shortcuts tab lets you
70 www.linuxvoice.com
� FOSSPICKS
Tiling terminal window manager
Dvtm 0.13
T
here’s a lot of talk `t the can have the main part of your
moment about the “Unix screen devoted to, say, Firefox, with
philosophy”. In general, various terminals around it showing
most people agree that this means docs, server stats and so forth.
small programs, with single When you start Dvtm, you’ll be
objectives, that can be fitted greeted by just another terminal
together (eg with pipes or prompt. Hit Ctrl+G followed by C,
redirection) to solve larger tasks. however, and you’ll see the terminal
This philosophy inspired the splits into two windows, one left
developer of Dvtwm. It lets you split and one right. Hit Ctrl+G followed
your terminal window up into tiles, by C once more, and the right-hand Don’t overload your desktop with terminal windows – use Dvtm
with individual command line pane will be split into two. These and run multiple programs in a single one.
sessions inside them. But that’s all are the basics of tiling. Ctrl+G in
it does; it stays away from session Dtwm is known as the “mod” key – screen vertically with two windows
management, for instance, which is it’s the key combo that you press at the top and one at the bottom.
provided in a separate program before doing any other action. Do mod and Space again for yet
(Abduco). For instance, press mod followed another layout. It’s awesome: with a
But what’s the benefit of tiling? by Space, and Dtwm will shift to a full-screen terminal window, you
Well, tiling window managers, such different layout, separating the can create some very useful layouts
as i3, are becoming popular on without having to manually resize
Linux desktops, especially for anything.
power users. They maximise “Dvtwm lets you split your
screen space usage and let you
switch layouts quickly, so you can
terminal window up into tiles.” PROJECT WEBSITE
www.brain-dump.org/projects/dvtm/
Multi-system emulator
Mednafen 0.9.33
M
ednafen is the mother of something worth noting about SDL:
all emulators. It can play when we first tried the emulator, we
games from a large didn’t get any sound output. To fix
range of systems, which might it, we had to edit ~/.mednafen/
leave you thinking: what’s the point? mednafen-09x.cfg and change the
There are already good SNES, Mega sound.driver line from default to
Drive, Game Boy etc. emulators out sdl. If you’re running an Ubuntu-
there, so why do we need a single based distro and have the same
program to emulate them all? Well, problem, try that fix.
if you’re a retro gaming fan who
likes to play games from a range of A cornucopia of consoles
systems, life is much easier when Mednafen emulates (deep breath):
you only have to configure one Game Boy, Game Gear, NES, Master
Mednafen handles
emulator. Set up Mednafen with the System, Super NES, Mega Drive formats. It can take a while to set
Mode 7 games like
exact graphics, sound and input (aka Genesis), Virtual Boy, Atari Lynx Super Mario Kart (the up, but the configuration file is well
options that you want, and you can and some fairly obscure handhelds best version, we think) documented and when it’s working
then play all your games without like the Neo Geo Pocket and wonderfully. properly, it’s one of the best
learning a load of different tools. WonderSwan. The emulation was multi-system emulators we’ve
Mednafen is included in many fast and glitch-free with the games come across.
distro repositories, or if you’re we tried. Mednafen supports saved
compiling from source code, the states, real-time game rewinding,
main dependencies are SDL, libcdio PROJECT WEBSITE
screenshot-taking and even the
http://mednafen.sourceforge.net
and libsndfile. And there’s ability to make videos in various
www.linuxvoice.com 71
� FOSSPICKS
Android open source package manager
F-Droid 0.76
W
e thought we’d take a automatically, and you should soon
short break from regular find F-Droid’s copyleft-inspired icon
service and look at a lurking in your launcher.
couple of Android ‘apps’. “Wooah…” As with any other Linux package
you might say, “Aren’t the majority manager, you need to first update
of apps on Android proprietary?” the database of files held in the
Yes, this is true. But open source repositories. You can do this from
applications are being released for the drop-down menu, and with the
Android too, and what’s better is database populated, you’ll see a list
that you don’t need Google’s Play of packages under the ‘Available’
When Google Play isn’t
store to use them. heading. Any of these can now be ability to share your local package
available, such as on
F-Droid is an open source installed first by tapping on the Cyanogenmod, F-Droid cache as a local repository.
package manager for Android, and package, then by clicking on the becomes absolutely Tap on ‘Local Repo’ and a QR
it’s the only package you’ll need to small ‘plus’ symbol at the top of the essential. Code appears. Tap on the ‘Turn on’
install manually. You can do this by screen. If you run F-Droid button and then anyone who scans
first enabling ‘Unknown sources’ in periodically, it will check for package the QR Code with their Android
the Security panel of your device, updates too, and these can be device can install packages directly
and then by downloading the installed automatically. A new off your own Android device. F-Droid
F-Droid apk package onto your feature in the latest version is the isn’t as aesthetically pleasing as
Android device using a web Google Play, but it’s definitely more
browser. You can also open a QR ethically pleasing.
code from a desktop browser. “F-Droid is an open source
Android should ask whether you
want this package installed
package manager for Android.” PROJECT WEBSITE
https://f-droid.org
Android open source email client
K-9 Mail 5.001
T
his is another Android also powerful. We have our work
application, and perhaps email flashing the LED the colour of
not coincidentally, it can be Linux Voice red, and you can
installed easily via F-Droid (although change the sounds too.
you can also install the same Perhaps most importantly,
application through Google Play). K-9 Mail can integrate with
It’s open source and being OpenKeyChain (and APG), also
developed just like any other open available from F-Droid.
source application. Tim Bray, who OpenKeyChain enables you to
we interviewed last month, is even manage your public and private
Tim Bray, who we
one of its contributors. keys, as well as import keys for your shortcuts. It doesn’t look quite as
interviewed last month,
Put simply, K-9 Mail is utterly contacts and add and decode is helping develop part modern as the new Gmail, and
brilliant. It’s like installing an old encrypted emails. We’d love to see of K-9 Mail on Android. attachments aren’t quite so well
desktop email client onto your PGP/MIME integration for integrated, but it can be made to
mobile device. Only better. You can convenience, but we know of no look lovely
easily manage more than one other Android solution that can This is an app that turns your
account from a single app, even offer the same level of security. mobile or tablet from a convenience
migrating Gmail if you don’t like its Outside of our encryption into a productivity tool. We only
new responsive and configuration- paranoia, K-9 still excels, whether wish we could banish email from
free interface. Messages are still you’re searching for emails, adding our lives and forget K-9 is so good.
threaded and sorted and placed in a different signatures, having multiple
PROJECT WEBSITE
unified inbox, if you want them to identities, themeing, attachment
http://k9mail.org
be. IMAP-pushed notifications are saving and even keyboard
72 www.linuxvoice.com
� FOSSPICKS
FOSSPICKS Brain Relaxers
https://launchpad.net/pybik/
Transport simulator
Simutrans 120
E
ver since the glory days of your cash flow, investing in
Sim City on the Amiga infrastructure for longer gains down
we’ve really enjoyed the road (no pun intended).
playing sim-like games. There’s
something incredibly satisfying Telegraph road
about creating your own little When creating a new game, you
world, trying to make everybody can define the size of the playing
happy, and then trashing the area, and how many settlements it
whole place if it doesn’t work (or has. Then use the toolbar icons at
you just get bored and need the top to start building: if you hover
some cathartic release via the mouse over the icons, you’ll see Simutrans’s pixel artwork is nicely detailed, but hard to see on
mindless destruction). different prices for various road high-res monitors. You can zoom in though.
Simutrans is a transport types. So if your money (shown at
simulator, so when you start it, the bottom) is running low, you can
the environment is populated opt for cheaper dirt tracks, for get the most of it, and the
with towns and villages. Your instance. To create a road or teeny-tiny icons can be fiddly to
goal is to connect these locations railway, click and drag between two work with. But there’s a busy
with infrastructure such as roads points, and Simutrans will create the online community supporting the
and railways, helping people and shortest path. game, so it’s easy to get help.
products to move between the It’s not the easiest game to get
settlements and build a thriving into, and you’ll have to spend some PROJECT WEBSITE
www.simutrans.com
economy. You have to monitor time in the documentation to really
Action game
Koules 1.4
P
repare yourself: this game past the Star Wars-esque intro text.
is hardly cutting edge or At the main menu, select Start
fresh by any definition. Game and hit Enter. Your character
Indeed, it hasn’t been updated is the yellow ball with blue eyes, and
since 1998. So why are we you’ll notice a number of small balls
covering it here? Well, for three moving in your direction and
reasons: this author had a dream bouncing off one another. Your job
about it recently, an actual dream is to move your player with the
involving installing software. cursor keys and bash the small
Secondly, the game can still be balls onto the edge of the screen to
found in many distro repositories. destroy them.
And third, it’s still a classic! This might sound easy, but it gets
If you’re running Debian, very tricky, very quickly. With each
A multiplayer mode is
Ubuntu or Fedora, you should be level more and more balls appear laugh at times, given the
available, and there’s
able to install Koules from the and try to bash you onto the edges, even an Android port on craziness of the gameplay – so
repos like any regular program. In in which case you lose a life. Some the Play Store. we’re glad to see that it still runs
Arch Linux it’s available in the balls don’t immediately explode on on modern Linux distros today.
AUR, as opposed to the normal contact with the edges, but turn
repositories. into powerups giving you extra PROJECT WEBSITE
Anyway, once you’ve started speed and mass. The game is www.ucw.cz/~hubicka/koules/
English
Koules, keep tapping Enter to skip massively addictive and makes you
www.linuxvoice.com 73
�� TUTORIALS INTRO
TUTORIALS
Dip your toe into a pool full of Linux knowledge with ten
tutorials lovingly crafted to expand your Linux consciousness
In this issue…
76 78 88
Ben Everard
is looking for some free software that stops the
rain falling like tears in the rain. Wine
Déjà Dup Arduino sensors Run Windows software the
W
Mike Saunders way.
e’ve pledged to release each Like death and taxes, data Les Pounder uses an
issue of Linux Voice under a loss comes to us all – but ultrasonic distance
creative commons licence not if you follow Mayank sensor and an Arduino 92
within nine months. As we put issue 11 Sharma’s advice and use microcontroller to replace
together, this deadline passed for issue this simple backup tool. his tape measure.
1, and so we released it under CC-BY-
SA 3.0. The response has been pretty
overwhelming: enough to crash our
82 84
Samba
server, and the content is now also
John Lane shows how to
shared on BitTorrent and the Internet
share files with Windows.
Archive as well as our website, which
dramatically increases the potential
readership we’ll reach. 96
There remains a healthy skepticism
within the media business about
whether you can build a magazine by
Prey SEToolkit
giving content away like this. As far as Don’t let thieves get away! Social engineering is one of
Mayank Shama shows the most effective ways of
we are aware, we’re the first company
to try it, and since this is the first issue how to use Prey to track beating computer security. Seymour Cray
we’ve released, it’s far too early to tell if and locate your devices Ben Everard harvests Juliet Kemp uncovers the
it’s a daring move that will push media should they go missing. credentials with Set. man behind the computer.
into the modern age, or a poor business
decision made by starry-eyed idealists.
Naturally, we think it’s the former, but it PROGRAMMING
will be some time before we know .
However, even if it doesn’t turn out to Firefox addons NoSQL GPGPU
be the best business decision we’ve 100 Firefox is good, but it’s not 104 Money doesn’t make the 106 Graphics cards are actually
made, we still stand firm on the perfect. Fortunately, it world go around any more, incredibly powerful
includes a mechanism for you to data does. So many ones and processing units capable of much
principal that it’s the right thing to do.
make it so: addons. These are zeros are being collected now that more than just drawing scenes or
We need to balance our ability to make written in JavaScript and can traditional approaches to data playing games. They can solve
a living against the desire to support the control much of the behaviour of management can crumble under some problems far faster than
community that makes the magazine the browser, so whatever feature the load. Big Data needs a new most CPUs using General Purpose
possible, and we think this is the right you want to have, don’t wait for tools and techniques, and NoSQL Programming on GPUs (GPGPU).
someone else – get started with databases have risen to the Don’t let your GPU be lazy; put its
way to do it.
addons and create it today. challenge. processing power to use today!
ben@linuxvoice.com
www.linuxvoice.com 75
� TUTORIAL DÉJÀ DUP
DÉJÀ DUP: BACKUP FOR
TUTORIAL
EVERYONE
Get acquainted with the easiest backup tool on the planet to help
MAYANK SHARMA
you save yourself from the inevitable data apocalypse.
W
e care about you. No, we really do. Which is
WHY DO THIS? why you should believe us when we say
• You’d really risk losing that sooner or later you will lose valuable
data? data. You can spend a fortune on a storage medium
• Quick to set up and easy that’s anti-scratch, dust-resistant, heat-proof and
to use. contains no moving parts, but what you really need to
• Designed for the do is to invest some effort in backing up your data.
everyday desktop user.
Although it isn’t particularly time consuming,
backing up data requires careful thought and
preparation, and involves more than just zipping
files into a tarball. Unfortunately this means it’s often Although it’s changed somewhat, the main interface of
neglected. This is where Déjà Dup comes into play. the app still essentially contains only two buttons – to
It’s different from the plethora of other tools in that back up and restore data.
it has a minimal interface so as to not overwhelm
new users. But it’s based on the powerful Duplicity Déjà Dup gives you the flexibility to include a large
command line backup tool and provides just the right directory – for instance /home – in your backup, while
number of features for desktop users who aren’t used specifying parts to leave out, such as .cache/.
to the ways of a backup tool. On some distros, such To help you get started this section already lists the
as Ubuntu, Déjà Dup ships pre-installed, while it’s Trash and Downloads folders, though many users
available in the official repos of most others. You can might want to remove the latter from the list unless
configure the software in a matter of minutes without you really don’t want to safeguard the contents of the
delving into lengthy documentation. Downloads folder.
Date with data
The first time you fire up the tool, it lands on the Prepare for a backup
Overview page which, as expected, tells you that there
While Déjà Dup takes the pain out of setting up the actual
are no recent backups nor are there any scheduled. data backup process, a crucial part of the process is
Before it can save you from data doomsday, you’ll first preparing for it which involves careful consideration. For
have to set it up. starters, you need to decide where you want to store your
Navigate to the Folders To Save section, which by data. Keeping it on another partition of the same disk isn’t
advisable, since the whole disk might fail and render the
default lists your Home directory. This is generally
backup copy useless.
a safe bet for most users. If you know what you are One solution is to keep the backup on another disk. If
doing you can also remove this location and add any you have multiple disks and a spare computer you can even
particular directories that you wish to back up. You set up your own Network Attached Storage device using
can also use the + button to add other folders on other software like Open Media Vault (instructions in our tutorial
in LV009). To protect your data against physical disasters,
mounted drives or network shares.
such as fires, floods and theft, make sure you keep the
Then switch to Folders To Ignore and specify backup as far away from the original as possible, perhaps
folders you don’t need to back up. By separating on a cheap cloud storage service. Each method has its
the directories to include and exclude in the backup, advantages – hard disks are cheap and readily available
while removable disks offer portability, and online storage
is globally accessible. The kind of data you wish to back up
also influences the choice of storage medium. A DVD might
be useful for holiday snapshots, but isn’t going to be much
use to a professional photographer.
You’ll also need to work out the appropriate backup
methodology. Do you want to back up manually or
Use the Custom Location automatically based on a schedule? The correct backup
option to specify a remote frequency varies based on the kind and value of data being
location supported by the safeguarded. Depending on the size of the files, it might not
Gnome Virtual File System be a good idea to back them up completely everyday either.
(GVFS).
76 www.linuxvoice.com
� DÉJÀ DUP TUTORIAL
What to back up?
Do you really need to backup your entire home directory, or is Then there are apps that create their own directories to
just an overkill? Here’s what you need to know while selecting store files. Most prompt you for the location, while some may
directories for backup. Most modern distros keep the files create them on their own during installation. Make sure you
you’ve created or downloaded under directories such as check for and include such directories which are usually listed
~/Documents, ~/Downloads, and ~/Desktop, so you’ll want to under the Preferences section of the apps. Be vigilant, though.
include them in your backups. Also don’t forget to check Some of these directories contain cache directories, which
/home for any important documents. Some apps, such as needlessly add to the backup’s size. Finally, if there’s a piece
email clients, also keep your downloaded emails, attachments of software that’s crucial to you and you don’t want to spend
and address books under hidden directories beneath your time downloading it again, back it up by saving the cache
home folder, so make sure you include them as well. directory for your distro’s package management system.
Next, move on to Storage location and use the Drop- Once the backup has been created, the Overview
down list to pick one of the supported locations. This window will inform you when the last backup was
can be a local hard disk, a remote location that you taken and when the next one is scheduled.
connect to via FTP or SSH, or a cloud storage service
like Amazon’s S3. Depending on the storage location Déjà Vu
you select, the app will ask you for further details. For To restore files from the backup, launch the app and
example, if you select the FTP option, you’ll be asked click on the Restore button in the Overview section.
to provide the IP address of the FTP server along with The app will launch the Restore wizard, which will first
the authentication information and the location of prompt you for the location of the backed up files.
folder where you want to store the backups. To save Just like before, select the remote location where
the backups to Amazon’s S3 it’ll need your S3 Access you’ve backed up the files and enter any associated
Key ID and for the Rackspace Cloud Files service it’ll information such as the IP address and your login
need your username. credentials.
Finally, you can switch to the Scheduling section Déjà Dup will then scan the remote location and
and select a policy for keeping old backups. By default, in the next section it’ll display a time-stamped list of
old backups will be kept until the target storage all the backups. Select the one you wish to restore
location runs out of space, but you can also specify from and move on to the next step. The app will now
a different time period depending on the importance give you the option to either restore the backed up
of the data. Before you can set a schedule for the files to their original location or into a specified folder.
backup you’ll have to activate the app by toggling the Before restoring the files, the app will prompt you for
button at the top right-corner of the window to On. the password if the backed up files were password
Once the configured backup is enabled, you can use protected.
the pull-down list on the Scheduling section to either One of the best features of the app is its ability to
run this backup every day or every week, which is the restore individuals file as well. To do this, head to the
default option. folder from which you have accidentally lost files.
To create the initial backup, switch to the Overview Right-click inside the folder and select the Restore
section and click on the Back Up Now button. The tool Missing Files option from the context-menu. The app
will provides a summary list of the directories involved will scan the folder against the most recent backup
and will begin. While creating the backup, the app will of this folder and display a list of files that are in the
ask you to optionally encrypt the backup. You can backup but currently missing from the folder. Now use
enter a password in the space provided or choose the checkbox besides the listed files to select the ones
to back up the files without a password. This initial that you wish to restore and the app will restore their
backup may take some time, but subsequent backups latest versions.
are much faster because they are incremental and It’s worth noting that Déjà Dup is missing some of
only back up data that has changed. the flexibility you’d get with other backup tools. One
such missing feature is the ability to create backup
sets to backup different files into different locations.
Déjà Dup, instead, is designed to back up the specified
folders into the specified destination, each and every
time you schedule it to run. Déjà Dup isn’t meant for
use in a complex environment like an enterprise, but
is perfect for safeguarding data for home and SOHO
users and also gives you the flexibility to restore
individual files from the backups with ease.
Despite being a simple app, Déjà Dup offers advanced
Mayank Sharma has been tinkering with Linux since the 90s
features like incremental backups and stores multiple
and contributes to a variety of techie publications.
time-stamped versions of backups.
www.linuxvoice.com 77
� TUTORIAL ARDUINO
ARDUINO:
TUTORIAL
BUILD A PROXIMITY SENSOR
If you have trouble reverse-parking in the tight terraced streets of
LES POUNDER
northern England, why not build one of these?
I
n the world of hobbyist electronics there are two
WHY DO THIS?
big names: the Raspberry Pi and the Arduino. And
• The Arduino is a while the Raspberry Pi has the largest share of the
great platform for
experimentation and in spotlight we should not forget the Arduino, which was
this tutorial we will build the board to launch the Internet of Things back in the
a device that can react mid 2000s.
to our proximity.
The Arduino is a small microcontroller board
created in Italy to enable a low-cost method for artists
to use electronics. The Arduino comes as a hardware
platform with an accompanying software application
TOOLS REQUIRED
used to program the board. Thanks to the Arduino
• An Arduino – ideally an there has been a big change to the programming
Uno, but the code will
work on most types, landscape, with the barrier to physical computing Build your own distance sensor using just a few cheap
such as the Leonardo. projects such as home automation and robotics being components and a little bit of code.
• A large breadboard. broken down by this cheap and flexible platform.
• An HC-SR04 ultrasonic The Arduino platform encompasses a multitude of other into your computer; can you see an LED labelled
sensor. boards. Boards such as the Leonardo, Galileo and the L13 on your board? This should be blinking, which is a
• 9 x 220Ω resistors
Mega are available to purchase, but the most test preloaded into every board to demonstrate that it
(Colour code red red
brown gold). common board used by the majority of new hackers is working.
• 3 x red LED. is the Uno. The Uno is a remarkable board that hits
• 3 x yellow LED. the sweet spot between functionality and price. It Installing the Arduino software
• 3 x green LED. comes with 14 digital input/output pins and six The most convenient way to install the Arduino
• Male-to-male jumper analogue inputs all connected to a microcontroller in software is via the package manager for your
cables. the form of the ATMEL ATmega328, which is distribution. For Debian- and Ubuntu-based systems
programmed via a USB connection to your computer. type the following into a terminal, followed by the
In this project we will be using an Arduino UNO R2, Enter key:
which is fully compatible with the newer Uno R3. Your sudo apt-get install arduino
Uno should also have a USB lead to connect to your With the Arduino application installed we can now
computer. Insert one end into the Arduino and the run it from the menu.
When run for the first time the Arduino application
will ask for our current user to be added to a group
called “dialout”. This is important as only members of
this group can access the Arduino hardware that is
attached to the USB port. Add your user to the dialout
group and then close down all of your open
applications, including the Arduino software, and log
out of the current session. This will ensure that your
user is added to the correct group and that their
privileges are reloaded at the start of the new session.
Once you're logged in, open the Arduino application
once more.
Arduino coding 101
The Arduino language is based upon a language
called Processing, and is relatively easy to pick up
The Arduino Uno is a especially if you have worked with languages such as
remarkable board and a Python before. Let's step through an example
great starting point for provided by the Arduino team and one that is
hardware hacking. preloaded onto every Arduino.
78 www.linuxvoice.com
� ARDUINO TUTORIAL
In this example an LED attached to pin 13 blinks in
an infinite loop. The Arduino Uno comes with a built-in
LED for pin 13, labelled L13 on your board:
int led = 13;
void setup() {
pinMode(led, OUTPUT);
}
void loop() {
digitalWrite(led, HIGH);
delay(1000);
digitalWrite(led, LOW);
delay(1000);
}
Our LEDs have their
We start by declaring a new variable, labelled as led, In our project we have nine LEDs attached to an
shortest leg in line with
and in there we store the integer (int) value 13. With Arduino via a series of wires and resistors that are the ground rail of our
the variable created we now move to the setup connected via a breadboard. We have three green, breadboard and their
section of our code and instruct the Arduino that the yellow and red LEDs, which will provide a visual output longest leg in line with a
pin mode for our led pin is an output, which means when our ultrasonic sensor is triggered. An object 30 resistor to lengthen their
that current will flow from the pin to the LED attached centimetres or further away will trigger the green lifespan.
to it. LEDs, an object less than 30 centimetres but greater
You can see that the code contained in void setup() than 10 centimetres away will trigger the yellow LEDs.
and void loop() is contained inside {} brackets. Finally an object less than 20cm away will trigger the
Arduino uses these brackets to contain the code that red LEDs to illuminate warning us of a collision. This
belongs to that section, unlike Python, which uses setup is very similar to a parking sensor.
indentation to denote what code belongs to what So our logic would be as follows
section. You will also notice that each line of code Take a reading using the sensor.
inside a section ends with a semi colon ';' this If the distance is less than 10cm
instructs the application that this line has been Illuminate red LEDs
completed, and without them you will receive a Else if the distance is greater than 10cm but less than 30cm
compilation error. Illuminate the yellow LEDs
Our focus shifts to the main body of code that will Else
handle the blinking of our LED. This is contained in Illuminate the green LEDs.
loop() and the blinking is achieved by sending power Let's step through the code to see how it works.
to the LED pin using digitalWrite(led, HIGH);. We then
delay the program by one second and then turn off Creating variables
the power to the LED pin digitalWrite(led, LOW); and Unlike Python, the Arduino language requires us to
finally we delay the program by a further one second, identify the type of data that is being stored within a
effectively causing the blink. This is then looped variable. In this case we're storing the pin number for
infinitely. each of the components that are attached to the
This small piece of code is considered the “Hello Arduino via a breadboard. This number is an integer,
World” of the Arduino platform, demonstrating the which is shortened to int. For this project we create 11
functionality in a simple manner. For our project we're variables, nine that control each of the LEDs used and
going to go much further, controlling nine LEDs via a two that handle the sending and receiving of the
novel input device. ultrasonic pulse.
int trigPin = 4;
int echoPin = 3;
int red1 = 13;
int red2 = 12;
int red3 = 11;
int yel1 = 10;
int yel2 = 9;
int yel3 = 8;
int gre1 = 7;
int gre2 = 6;
int gre3 = 5;
Ultrasonic sensors work by firing a burst of ultrasound In order to use the components connected to the
forwards. Any reflected ultrasound is bounced back to the Arduino, the Arduino has to be told that they are there,
sensor enabling our code to calculate the distance. and to do that we need to provide instructions on
www.linuxvoice.com 79
� TUTORIAL ARDUINO
instructs the trigPin to change its state from on to off
(HIGH to LOW).
The code then instructs the project to wait for two
microseconds, which is just enough time for the
ultrasonic sensor to settle ready for use.
We now use the digitalWrite function to send a
pulse from the sensor by setting the trigPin to HIGH,
in other words sending current to the sensor. Current
is sent to the ultrasonic sensor for 10 microseconds
using the delayMicroseconds() function. We then turn
off the current to the trigPin, ending the pulse
transmission sequence.
Now we need to do a little maths. To kick things off
we record the time taken for the pulse to be sent and
received, and this is stored in the duration variable
that we created earlier. Lastly we use the distance
variable to store the answer to the calculation,
duration divided by 2, as we only need to know how
long it took for the pulse to be received. The answer is
then divided by 29.1 to give us the distance in
centimetres:
void loop() {
This diagram was created
where they are connected and what they will do. This long duration, distance;
in Fritzing, a great tool to
help you design the layout is achieved via the void setup() configuration section, digitalWrite(trigPin, LOW);
of a project. You can find and in here we use pinMode to instruct the Arduino delayMicroseconds(2);
a high resolution version on what each pin will do. We earlier created a series digitalWrite(trigPin, HIGH);
in the repository for this of variables that store the pin locations for each of delayMicroseconds(10);
project. the components. We will use those with pinMode digitalWrite(trigPin, LOW);
to identify the pin that we wish to configure. The duration = pulseIn(echoPin, HIGH);
configuration is quite simple: is the pin an input or an distance = (duration/2) / 29.1;
output? An input will wait for a signal/current from For our last section of code we use the classic if,
an external component, while an output will send a else if, else conditional statement to check for three
signal/current to an external component. different states. We'll start with the if statement.
void setup() { The first condition that we wish to test is to check
pinMode(trigPin, OUTPUT); the distance between the sensor and any objects that
pinMode(echoPin, INPUT); might be in the way. At this time we're looking for
pinMode(red1, OUTPUT); objects less than 10 centimetres away, and if this
pinMode(red2, OUTPUT); condition is true we turn on the power to all of the red
pinMode(red3, OUTPUT); LEDs, and turn off the power to the yellow and green
pinMode(yel1, OUTPUT); LED. This tells us that the object is really close, just like
pinMode(yel2, OUTPUT); a parking sensor does in our cars:
pinMode(yel3, OUTPUT); if (distance < 10) {
pinMode(gre1, OUTPUT); digitalWrite(red1,HIGH);
pinMode(gre2, OUTPUT); digitalWrite(red2,HIGH);
pinMode(gre3, OUTPUT); digitalWrite(red3,HIGH);
} digitalWrite(gre1,LOW);
The void loop() is the our main body of code and digitalWrite(gre2,LOW);
contains the logic that controls the detection of an digitalWrite(gre3,LOW);
object by the ultrasonic sensor. We start the first part digitalWrite(yel1,LOW);
of this section by creating two variables, called digitalWrite(yel2,LOW);
duration and distance; these will contain long digitalWrite(yel3,LOW);
integers, so called because they have an extended }
size to store large numbers. We will use these Our next condition to check uses an else if
variables to store the time taken for the pulse to be statement, and this means that if the first if statement
sent and received, and we shall use distance to store is false, check to see if this else if statement is now
the answer to a calculation later in the code. true and if so run the code. So if the distance between
We next trigger a pulse to be sent from the our sensor and object is greater than 10 centimetres
ultrasonic sensor, but before we do that we must but less than 30 centimetres, the red and green LEDs
ensure that the ultrasonic sensor is not already are turned off, and the yellow LED are turned on,
transmitting. We do that using digitalWrite, which indicating that we are getting closer to the object:
80 www.linuxvoice.com
� ARDUINO TUTORIAL
else if (distance > 10 and distance < 30) {
digitalWrite(yel1,HIGH);
digitalWrite(yel2,HIGH);
digitalWrite(yel3,HIGH);
digitalWrite(gre1,LOW);
digitalWrite(gre2,LOW);
digitalWrite(gre3,LOW);
digitalWrite(red1,LOW);
digitalWrite(red2,LOW);
digitalWrite(red3,LOW);
}
Our last condition to test is rather simple, as it does
not require anything to test. else is used when all
other conditions have been tested and proven to be
false. If everything is false then else must be true. So
You can find the complete
if the object is not less than 10 centimetres away, or With the sensor attached, now is the time to
code for this project at our
further than 30 centimetres away then the red and connect each of the 9 LEDs to our breadboard. LEDs GitHub https://github.com/
yellow LED will be turned off and the green LED will be come with two legs: the longest is the positive leg, lesp/LinuxVoice_Issue11_
turned on, indicating that we are far enough away commonly known as the Anode; and a shorter leg Arduino_Project or as a Zip
from the sensor. Our last line of code controls the which is negative/ground and known as a Cathode. file at https://github.com/
speed of the project and introduces a half-second When connecting our LEDs to the breadboard, the lesp/LinuxVoice_Issue11_
delay before the main loop is repeated once again: cathode will be inserted into the same “-” (ground) rail Arduino_Project/archive/
else { that we used for the sensor. The longer anode leg master.zip
digitalWrite(red1,LOW); needs to be inserted into the main breadboard area,
digitalWrite(red2,LOW); so do this for all of the LEDs.
digitalWrite(red3,LOW); Our LEDs require a resistor in line from the Arduino
digitalWrite(gre1,HIGH); to the LEDs. We need this to protect the LED from too
digitalWrite(gre2,HIGH); much current, which can damage or shorten the life of
digitalWrite(gre3,HIGH); our LEDs. For each of the LEDs use a 220Ω resistor
digitalWrite(yel1,LOW); that bridges the central channel and is in line with the
digitalWrite(yel2,LOW); LED anode leg. With the resistors inserted now grab
digitalWrite(yel3,LOW); some male-to-male jumper cables and wire to the
} Arduino as follows:
delay(500); Red1 = pin 13.
} Red2 = pin 12.
Red3 = pin 11.
Building the hardware Yellow1 = pin 10.
Arduino projects come as a package, with software Yellow2 = pin 9.
and hardware. With the code already taken care of, Yellow3 = pin 8.
our focus shifts to the hardware build of the project. Green1 = pin 7.
We start our build with the humble breadboard, and Green2 = pin 6.
to the breadboard we add the HC-SR04 ultrasonic Green3 = pin 5.
sensor, taking care to note the pin layout as we will Before applying power double-check all of your
need to connect each of those pins, using the connections; the worst thing that can happen is that
breadboard to the relevant pins of the Arduino. an LED will pop, but checking your circuit is a good
Here are the connections for the ultrasonic sensor: habit to get into. When ready, connect your Arduino to
VCC connects to 5V. your computer via the USB lead and upload the code
GND connects to GND (we will use the ground rail to your board via the upload button in the Arduino
on the breadboard, marked with a “-”). application. After about 10 seconds your project will
Echo connects to pin 3. come to life and you can move your hand in front of
Trigger connects to pin 4 the sensor to trigger the different coloured LEDs. If the
Now we just mentioned that we will use the ground code does not auto start, press the reset button on
rail on the breadboard. The rails are the outer two your Arduino.
columns of holes that are marked “+” and “-”. Power, That's it! You've built your very own distance sensor
otherwise known as VCC or V+, is connected to the “+” using less than £10 of parts and around 80 lines of
rail, and ground, otherwise known as GND or V-, is code. You're officially an electronics engineer!
connected to “-”. In this project we just use the “-”. By
connecting the GND from our Arduino to the “-” rail via Les Pounder is a maker and hacker specialising in the
a jumper cable we create a common ground that any Raspberry Pi and Arduino. Les travels the UK training
teachers in the new computing curriculum and Raspberry Pi.
component can safely use.
www.linuxvoice.com 81
� TUTORIAL PREY
PREY: RECOVER
TUTORIAL
STOLEN DEVICES
Lost your laptop? Don a deerstalker and follow our advice to pull a
MAYANK SHARMA
fast one on the perp. The game is afoot!
L
inux does a wonderful job of insulating your
WHY DO THIS? computer from the electronic nasties floating
• Recovering a device is about. But it all comes to naught if you leave it
better than replacing it. on a bus or lose it in a robbery. The open source Prey
• The software is easy to software helps recover your stolen devices by
set up and administer. allowing you to track and control them remotely and
• It’s also very economical make them unusable to anyone who’s got them.
and even has a very
usable no-cost plan. Remember, however, that to take advantage of
Prey’s abilities you’ll need to install it before losing
control of the laptop. Prey installs an agent on your
device that runs in the background and periodically To prevent the thief from formatting your laptop, disable
sends an HTTP request to check in with its online booting from removable devices and also lock the BIOS.
headquarters on whether it should perform any action
or stay asleep. When you lose a device, you mark it as After it installs, Prey will fire up its graphical
such on Prey’s dashboard and the device then starts configuration tool and asks you to set up a reporting
collecting information to help you track it down. method. The reporting method controls how Prey
Besides Linux, Prey works on several operating communicates with the devices and reports back
systems including Windows, Mac OS X, and even to you. The recommended method is to use Prey’s
Android and iOS, so you can use it to track laptops web-based control panel, which can be accessed
and mobile devices as well. You can use it for free to from any machine. You can also optionally run Prey in
track up to three devices or upgrade to a paid Pro plan standalone mode, which would require you to set up
starting from $5/month (about £3). your own SMTP mail server whose settings you need
to specify in prey’s config file under /usr/share/prey.
Set up a device Next you need to register with the service. You can
The Prey project has pre-compiled binaries for do so from within the app or by visiting preyproject.
Deb-based distros such as Debian and Ubuntu. To set com. The Prey setup asks you for your name, email
up Prey on these distro, head to preyproject.com and address, and a password. After the account has been
click on the ‘Download now’ button to grab the binary. set up, Prey will ask you to add the laptop to the list of
You can double-click on the downloaded .deb file or tracked devices. It’ll automatically pick up the name of
use the sudo dpkg --install prey-* command to install the device and its type, which you can edit later from
the Prey agent. Prey’s control panel. For subsequent installations on
other devices, select the option to link the device with
your existing account.
That’s it. You are now ready to set up Prey’s
behaviour. If it isn’t already running, launch the
Prey Configurator (which should be under the
Administration applications menu), and switch to the
Main settings tab. Here you can enable a password-
less guest user account to lure whoever is using your
stolen device. You should also opt to activate the Wi-Fi
autoconnect option, which discreetly connects to the
nearest open Wi-Fi hotspot and starts sending you
reports.
Configure behaviour
After you’ve set up your device, you can configure its
behaviour via Prey’s web-based control panel. The
The best thing about the web-based control panel is that it allows you to configure the control panel is broken into various sections that
behaviour of Prey on the stolen machine even after it’s been pilfered. control different aspects of the device.
82 www.linuxvoice.com
� PREY TUTORIAL
Prey on an Android device
Besides netbooks, laptops, and desktops, Prey can also
protect mobile devices. To install Prey on an Android device,
download it from the Google Play Store. Besides Android,
the app also runs on iOS and is available on Apple’s App
Store as well. Once it’s installed, hook it to your account if
you already have one, or create a new one, just like you do
on the laptop version of Prey.
After associating it with your account, Prey prompts
you to activate the Prey administrator by locking down the
software with a password for extra security. Once activated,
whoever’s got your device will first have to revoke the
privileges provided by the administrator before they can
uninstall the software from your phone.
The Prey for Android app has the Disable Power Menu
option, which when enabled prevents your device from
being turned off by disabling its power menu. Also the Prey
dashboard for the Android device has an additional option.
You can toggle the Hide switch, which will then hide the Both the Android and iOS versions are written in their
icon for the Prey app from the Home screen. respective platform’s native languages.
The main dashboard lists all added devices. information such as the public and remote IP address
Click on a device’s name to set it up. Switch to the of the network the device is connected to. You can
Configuration section, from where you can alter the also ask Prey to run a traceroute (to google.com)
name of the device as well as its type in case it wasn’t from the missing machine through the thief’s router.
correctly detected. Then move to the Hardware For this to work though make sure you install the
section, which gives you detailed information about traceroute package on the missing laptop before
the hardware on a particular device including the losing it.
serial number of the device as well as details about its You can also ask Prey to gather information about
motherboard and other components, which helps you the desktop session – including a list of running apps
submit a detailed report to the authorities. along with a screenshot. Sooner or later you will get
The options under the Main section are separated a screenshot of him logging into his account on a
into two groups; ‘Actions to perform’ lists the actions webmail or some other website. While you won’t get
that Prey will take on your device. Although these his password, you’ll be able to clearly see his unique
actions will be performed irrespective of the device username, using which you can contact him.
being marked as missing or not, it’s best to keep them If your device has an inbuilt webcam (most laptops
turned off until the device is actually missing. and netbooks these days do), Prey will also secretly
Some of these options are designed to dissuade the take snapshots of whatever’s in front of the webcam.
thief soon after you’ve lost the device. For example, It won’t take long before you catch the crook in front
the Alarm option sounds a loud alarm from your of your stolen device. You can set the interval after
missing device to help you locate it, if it’s nearby. which Prey wakes up and collects the information
Then there’s the Alert option, which displays an alert you have asked it to gather. In the free version, this
message on the screen on the missing device. If these duration can be between 10 minutes to 50 minutes.
don’t work to discourage the thief, you can use the The Pro version allows you to take this down to two
Lock option to prevent the computer from being used minutes or, better still, create a persistent connection
until a password is entered. However, you might not with the device. One of the benefits of the Pro version
want to lock out the perp as you can trace him better is the On Demand Mode, which brings you reports
when he’s using the laptop. from a missing device in real-time. In this mode, any
changes you make to the configuration of the missing
Keep tabs on your prey device are triggered instantly if the device is online.
When you lose the laptop, log into Prey’s web panel, You’re all set. All you can do now is wait. As soon
click on the device that’s missing, and use the slider at as the miscreant goes online with your laptop, the
the top to mark it as such. Prey can discreetly gather Prey client will alert the Prey web service. Although we
lots of information about the missing device and its hope you never lose your laptop, in case you do, you
current operator. You can mark all the information you are now fully prepared to take on the perp who’s got
wish to gather from the missing devices’ page on the it, and either force him to return your device or collect
web dashboard. enough information to build a strong case for the
As soon as the device is brought online, Prey can authorities to take action on. Happy hunting.
use nearby Wi-Fi access points to interpolate the
location on your device and mark it on Google maps. Mayank Sharma has been tinkering with Linux since the 90s
and contributes to a variety of techie publications.
Along with this it also gathers other network-related
www.linuxvoice.com 83
� TUTORIAL SOCIAL-ENGINEER TOOLKIT
PENETRATION TESTING:
TUTORIAL
SOCIAL ENGINEER TOOLKIT
Don a stylish black hat and open up the software of choice for the
BEN EVERARD
discerning technical con man.
I
t doesn’t matter how good your computer security
WHY DO THIS? systems are if your users just let attackers know
• Learn the tools of online how to log in. Social engineering is the black art of
scammers so you can persuading victims to tell you everything you need to
protect yourself. know to break into their computers. Sometimes this
• Begin a lucrative career can mean persuading them to hand over usernames
as a penetration tester.
or passwords, sometimes it can mean granting you
• Get a better
understanding of the physical access to their computer, and sometimes it
technologies that can mean deleting any incriminating evidence. In
underpin the web. truth, the skilled social engineer can persuade victims
to bypass all sorts of computer security that would be
hard to compromise using just technical means.
The Social-Engineer Toolkit (Set) is a piece of
software that helps you set up some social Our login-stealing Facebook clone. Would you be fooled?
engineering attacks.
is done with:
Stealing credentials sudo apt-get install git
One of the most popular uses of social engineering is Then you can clone the repository with:
tricking people into revealing their login details. This git clone https://github.com/trustedsec/social-engineer-toolkit/
could be through a simple confidence scheme, or set/
through some technical trickery. The Social-Engineer cd set
Toolkit provides some ways to make this easier. sudo python setup.py install
The easiest way to try Set is using a security- You can now use the command setoolkit to access
focused distro that comes with it already installed. the various features of Set. The attack we’re going to
The Social-Engineer Toolkit
Kali Linux is an excellent option for this (see boxout). run is called credential harvesting. It will create a clone
can do far more than just
clone websites. The best Alternatively, you can grab Set from the Git of a website with login details, then we’ll have to try
documentation is at repository. First you’ll need to make sure you’ve and get people to log in. When people do, it’ll save their
www.social-engineer.org installed the git command through your package username and password, then forward them on to
(under Framework). manager. On Debian and Ubuntu-based systems, this the real site where they’ll be prompted to log in again.
Most people will simply assume that they entered
their password incorrectly the first time, or that there’s
been some form of network glitch, and log in again.
In order to run this attack, you’ll need a webserver
with PHP running on your local machine. You can get
this in Debian- and Ubuntu-based systems with:
sudo apt-get install apache2 php5 libapache2-mod-php5
If you’re trying this from Kali Linux, you’ll already
have all this installed. If you’re using another distro
and can’t find Apache in your package manager, it’s
sometimes in a package called httpd.
Legalities
It should go without saying that the techniques we’ve
discussed in this tutorial can be illegal if used against
unsuspecting victims. While it’s fine to try them out by
yourself on your own local network, using them to try to
break into computer networks can have very serious legal
consequences. Just don’t do it.
84 www.linuxvoice.com
� SOCIAL-ENGINEER TOOLKIT TUTORIAL
Now with everything set up, let’s set up the cloned
website. First, start Set running with root permissions:
sudo setoolkit
You may get a warning message about Metasploit
not being installed. This isn’t a problem for us since
we won’t be using any of the attacks that depend on
it. However, if you want to fully investigate more of the
capabilities of Metasploit, it’s worth installing this as
well (see boxout).
Note that these instructions will overwrite
/var/www/index.html (or /var/www/html/index.
html), so if you’re already hosting any website on
the machine, it’s probably best to try this out in a live
environment or a virtual machine.
Setoolkit is controlled via a text-based menu system
(which means it can easily be controlled remotely
should you need to). The cloned website credential
harvester is under: 1) Social-Engineering Attacks >
2) Website Attack Vectors > 3) Credential Harvester
Attack Method > 2) Site Cloner.
Once you’ve selected this, you just need to enter the
Set is just one of many
IP address of the machine you’re running the attack After you’ve entered this, you should enter the URL
penetration testing tools
from. If you’re running the attack on a LAN, then this that you want to clone. For a test, we used Facebook included in Kali (see
should be the local IP address of the machine on (https://facebook.com), but you could put any boxout).
which you’re running Set. You can find this out by website with a login here.
running sudo ifconfig, and looking for something like: Once you’ve done that, it’ll automatically make a
wlan0 Link encap:Ethernet HWaddr 00:13:e8:3d:92:7b copy of the website, host it locally, and set it to harvest
inet addr:192.168.0.4 Bcast:192.168.0.255 the credentials.
Mask:255.255.255.0 You should now be able to point your browser to
In this case, the IP address for wlan0 (wireless lan localhost and see the cloned site. If you don’t see the
– if you’re using wired Ethernet, this will probably be cloned site, then it could be that Set has put the files in
eth0) is 192.168.0.4. the wrong place. By default, it will put them in
If you’ve got a publicly routable IP address, then you /var/www, but many modern Linux systems use
could also enter this here, but you should be careful: /var/www/html as the web root. The easiest way to
running a test attack on a local network is usually fine tell if this is the problem is by opening a new terminal
(see boxout on legalities), but if you’re doing anything and cd’ing to /var/www and seeing if the html folder
on the public internet, you’re far more likely to run into exists. If it does, just move all three files created by Set
problems with the law. to html:
Metasploit
The Social-Engineer Toolkit is designed to work hand-in-hand
with Metasploit. Metasploit isn’t so much a piece of software,
as a complete framework for penetration testing. It includes
everything from exploits to software for recording your
attacks. Set uses some of Metasploit’s features and exploits,
so unless you have Metasploit installed, you won’t get the full
functionality of Set.
The easiest way try out Metasploit is in a live environment
that has it already installed, like Kali. However, you can install
it on a regular Linux distro. To make this a bit easier on
Debian-and Ubuntu-based systems, there’s a script to automate
installation. You can grab it from GitHub with:
git clone https://github.com/darkoperator/MSF-Installer.git msf
Then, to install Metasploit, you just need to run:
cd msf
./msf_install.sh
You can find details on how to install it in Fedora at
http://fedoraproject.org/wiki/Metasploit.
There’s also a version of Metasploit with a HTML front-end. msfconsole (shown here) is the usual interface to
You can grab this from www.rapid7.com/products/metasploit/ Metasploit, but there are others including Armitage
download.jsp. (graphical) and msfcli (for using in scripts).
www.linuxvoice.com 85
� TUTORIAL SOCIAL-ENGINEER TOOLKIT
[default_persistent] => 0
Kali Linux
)
If you do quite a bit of penetration testing, it’s worthwhile This contains all the POST data that the user sent
setting up your own working environment. This is quite a
back to the website. In this case, the important fields
worthwhile exercise; there’s plenty of software that can be
useful, and you’ll be able to pick the ones that are useful are email and pass.
to you. However, if you’re just getting started, or if you just
want to dabble, it’s useful to use a ready-made penetration Getting visitors
testing environment. In last month’s Distrohopper, we took The problem now is to get victims to go to your fake
a look at Backbox. This is one good option, but by far the
site. There are a few options here. Perhaps the
most popular is Kali (formerly BackTrack Linux). It comes in
flavours for small ARM machines as well as x86 desktops. simplest is simply tricking them to click on a link. The
You can install it, but you can also run it live, and it classic approach here is to send them an email with a
has almost every open source (and some closed source) link to Facebook that actually points to your clone.
penetration tool set up and ready to run. You can grab an This, however, will look a little strange to anyone who
ISO from www.kali.org, and then use it like any other distro.
clicks on the link because the URL in the address bar
It also runs well in a virtual machine if you want to separate
your penetration testing from your main desktop. will be an IP number not the proper domain.
One way around this is to register a domain that
looks similar to the one in you’re cloning. For example,
mv /var/www/index.html html www.facebock.com. A casual glance won’t show that
mv /var/www/post.php html there’s anything wrong with that. What’s more, you
mv harvester* html could even get a real SSL certificate for it so that you
Now you should be able to point your browser to could encrypt the connection and make it look even
localhost and see the cloned site. If you enter dummy less suspicious. For Facebook, you’re unlikely to find
details in there, you should find that you get forwarded a domain that looks similar that’s not already taken.
to the real Facebook page, and that whatever you This approach does have the downside that it costs
enter is copied to the harvester file in the webroot. money, and leaves a paper trail.
After a visitor goes to your site, you should see an Another approach is to attack the Domain Name
entry like the following in the harvester file: System (DNS) in such a way that when the user
Array enters a domain name, they get pointed to your site
( instead of the real site. The easiest way of doing this
[lsd] => AVrTM83X requires modifying a file on the victim’s machine. This
[display] => could be done in a few ways. You could get the victim
[enable_profile_selector] => to use your machine (with the attack already set
[legacy_return] => 1 up). If you can get physical access to their machine,
[profile_selector_ids] => you could do it using a live distro to bypass any
[trynum] => 1 passwords they may have (unless their hard drive is
[timezone] => 0 encrypted).
Set just sets up the HTML
and PHP file. The actual [lgnrnd] => 125137_iouC Whenever you type in a domain name, like
attack could be run on any [lgnjs] => 1416689527 www.facebook.com or google.co.uk, your computer
computer with a webserver [email] => test@test.com first checks a file called hosts. If this domain isn’t in
installed. [pass] => test that file, it then sends a message to its DNS server
asking which machine corresponds to the domain
name. To get the victim’s computer to send the
request to our malicious server, all we have to do is
Protect yourself
If the attacker does this well, it can be hard to spot a cloned
site. One obvious giveaway is a lack of SSL on a login page.
However, even this can be faked if the attacker is either
using a real domain, or has managed to get access to your
computer (where they could install a fake certificate).
You can avoid getting caught out by fake domains by
always typing in the domain of any important sites rather
than just clicking on links, but this won’t protect you if
they’ve managed to hijack your DNS connection. The best
protection against an attacker installing fake certificates on
your computer is full disk encryption.
Important sites should use two-factor authentication.
This combines usual login details with a second form
of security (such as a code that is sent via SMS). Using
something like this means that the credentials the attacker
steals won’t be sufficient to log them in.
86 www.linuxvoice.com
� SOCIAL-ENGINEER TOOLKIT TUTORIAL
add an entry to their hosts file. On Linux systems, this
Google dorks
file is in /etc/hosts. In most versions of Windows,
it’s in Windows\System32\drivers\etc. Entries are If you want to use this approach on victims some other things) servers that are currently
simply a domain name, then a space (or tab), then the on your local network, you’ll need to run this running Set.
on a public server. This is legally dubious so Obviously, these sites tend to go down
IP address that domain should resolve to.
it’s probably best that you don’t do it. and come back up quite regularly. When we
If we hijack www.facebook.com, then whenever the Another problem with running this sort of did it, there were a couple of live harvesters,
user goes to www.facebook.com, they will be directed attack using a public server is that it uses a only one of which had any data in. Assuming
to our site. However, this causes a problem because standard set of filenames. While you could they haven’t changed the default, the cloned
they won’t be able to get to the actual Facebook quite easily change the index.html, post.php site will be index.html in the same directory.
and harvester files, many people don’t. The Sure enough, we found that it was a clone of
site, and so will quickly see that there is a problem.
first two files there are generic enough that Facebook. We didn’t check to see if any of
However, if we redirect login.facebook.com to our there are files with these names in lots of the credentials in the harvester file were real
site, we can then forward them on to www.facebook. web apps. However, the harvester filename (and obviously, doing this would be illegal).
com, and it should be fairly trivial to persuade a is quite unusual. If you can find a public This style of using Google to find
victim to click on a link to login.facebook.com (Set is, server with a file whose name starts with things that are useful to hackers is known
harvester_2014, then there’s a good chance as Google Dorks. If you know the more
after all, an aid to social engineering, not a complete
that it’s currently running Set’s credential advanced syntax of Google searches, you
hacking solution). harvester. can find all sorts of things that were never
The line you need to add to the hosts file is: Finding files on the internet is easy, you meant to be made public. There’s a database
192.168.0.4 login.facebook.com just use Google. In this case, if you search full of useful examples at www.exploit-db.
If you do this on the same machine that you’re for “inurl:harvester_2014” you’ll find (among com/google-dorks.
running the server on, you won’t be able to clone the
site once you’ve entered this because it will interfere
with the way Set clones the URL. However, you Alternatively, you could change this to an HTML
can disable this line in the hosts file by adding a # page that just contains an error saying that the
character to the start of it. website is down temporarily. As long as it has the first
You can get your cloned web page to point the user php tag, it will still harvest the credentials.
onto whatever other page you want to by editing the This approach is fairly simple to set up, but it does
post.php that Set puts in /var/www. The file should require you to have access to the machine that the
contain a single line that’s something like: victim’s on. There are ways of getting around this
<?php $file = ‘harvester_2014-11-22 20:51:37.547239.txt’;file_ requirement. To do this, you need to perform a
put_contents($file, print_r($_POST, true), FILE_ man-in-the-middle attack which can either be physical
APPEND);?><meta http-equiv=”refresh” content=”0; url=https:// (that is, you actually set up the network so that their
www.facebook.com/login.php” /> connection has to flow through your computer), or by
The first part of this (in the php tag) harvests using an ARP spoofing attack, which will fool other
the credentials, while the second (in the meta tag) computers on the local area network into routing their
forwards the user onto the correct site. In this case, traffic through your machine.
we’ve set it to forward to https://www.facebook.com/
login.php, but this could be anything as long as it Ben Everard is the best-selling author of Learning Python With
Raspberry Pi. He really wants you to be careful on the web.
doesn’t cause a problem with your hosts file.
Ettercap can be used to
manipulate a network to
intercept DNS requests.
Run it from the command
line with sudo ettercap -G
to get the graphical version
shown here.
www.linuxvoice.com 87
� TUTORIAL WINE
LINUX 101: RUN WINDOWS
TUTORIAL
APPLICATIONS WITH WINE
If you still depend on a few Windows programs, or you want to help
MIKE SAUNDERS
newbies make the switch to Linux, Wine is mightily useful.
Q
uestion: what do you call a program that runs from the latter operating system. It’s completely free
WHY DO THIS? software designed for a different platform? An software – you don’t need a licence from Microsoft to
• Run legacy Windows emulator, right? Well, the name Wine comes use it – and it’s capable of running a wide range of
apps without rebooting.
from “Wine Is Not an Emulator” – which is one of programs. Not all of them, mind you, and very recent
• Create multiple
configurations for better those recursive acronyms that are so loved in the software can have problems. But some major
compatibility. FOSS world. But given that Wine lets you run Windows applications like Microsoft Office 2010 work well
• Help Windows users software on your Linux installation, why is it not an enough for daily use.
move over to Free emulator? Essentially, Wine acts as a compatibility So if you’re still dual-booting between Linux and
Software.
layer that translates Windows system calls to their Windows, and would rather spend more time in the
Linux equivalents, and it doesn’t actually emulate a former, here we’ll show you how to use Wine and
complete Windows PC, with its CPU, graphics card (hopefully) run your favourite Windows apps without
and so forth. rebooting. Or if you’re a full-time Linux user and don’t
Anyway, with that naming confusion out of the way, give a hoot about Windows, you can still use this
let’s focus on the software itself. Wine is a godsend for guide when you’re helping others make the transition
many Linux users who’ve made the transition from to Linux, set up Wine for them and demonstrate the
Windows, but still need to run the occasional program awesome power of free software.
1 GETTING STARTED
Wine is included in almost every major distro’s www.winehq.org. After you’ve got it installed, find a
repositories, so find it in your package manager or use simple, standalone Windows program to test; in our
your usual command-line tools to install it (eg sudo case we’re going to use the rather cool Notepad++ text
Here’s our first app runing
apt-get install wine on Ubuntu-based distros). We’re editor available from http://notepad-plus-plus.org.
on Wine – Notepad++. It’s a
simple program and using Arch Linux for this tutorial – but the commands This program exists as a single .exe file and doesn’t
therefore has few are the same across other distros. If you want the have a ton of complicated dependencies, so it’s the
compatibility issues with latest and greatest version and are happy compiling perfect type of program to kick tires of a new Wine
Wine. software from its source code, you can get it from installation.
Go to the Downloads section, then grab the
“minimalist package” and save it to your home
directory. This is in 7-zip format, so install the tool to
extract that in your distro’s package manager (it
should be provided in the package p7zip). Then open
a terminal and enter:
7z x -onpp npp.6.6.9.bin.minimalist.7z
cd npp
Here we’re extracting the download into a new npp
directory – if there’s a newer version of Notepad++ by
the time you read this, change the version number
accordingly. We then switch into the directory, and if
you enter ls, you’ll see that there’s a file there called
notepad++.exe. Let’s run it!
wine notepad++.exe
You may be prompted to install Mono and Gecko
packages; these aren’t important for now, so just click
Cancel in the dialog boxes that appear. And after a few
moments, you’ll see Notepad++, a Windows program,
in all its glory on your Linux desktop. Not bad – it’s as
simple as that!
88 www.linuxvoice.com
� WINE TUTORIAL
CrossOver: the commercial alternative
If you’re looking for improved compatibility, easier installation Pricing starts from €32; this gets you one month of email
and technical support, CrossOver (www.codeweavers.com) is support and upgrades (when new versions are released). For
worth a look. This is a commercial version of Wine with €48 you get the whole package, which includes one year of
various extras, and is especially useful if you want to run email support and upgrades, along with a “phone support
Microsoft Office (XP to 2010), Adobe Photoshop and several incident” – ie you can speak to one of the devs on the phone if
triple-A games like World of Warcraft. CrossOver includes a tool you’re having serious trouble. (Subsequent calls cost €16.95
called CrossTie, which lets you install applications straight each.) CrossOver employs Wine developers and contributes
from the web with just a couple of clicks, and it also uses a code back to the main tree, so if you find Wine really useful
bottles system to stop different configurations from and want to support its development financially, buying
overwriting one another. It also has some tweaks to integrate CrossOver is a good idea. Alternatively, you can donate directly
more smoothly with KDE and Gnome. at www.winehq.org/donate.
Well, for small programs it’s simple; we’ll get to the are Wine’s own implementations of core Windows
more complicated setups later. For now, try exploring libraries – and again, they’re fully open source.
the program. As mentioned, Wine translates every Now, they’re not always as feature-complete as the
Windows system and library call that the program original Windows versions, so in some cases you can
makes into a Linux equivalent. So if you save a file copy DLLs from a real Windows installation into this
from Notepad++, the program calls Windows’ file directory, to improve compatibility with certain
saving routine, Wine intercepts it, and forwards on the programs. The only ones you must never overwrite
request to the Linux equivalent. When Notepad++ are kernel32.dll, gdi32.dll, user32.dll, and ntdll.dll
wants to draw something on the screen, it makes – you can only use the Wine versions of these.
requests to Windows libraries – and Wine has its own As an aside, the
versions of these, which then talk to the X server on ReactOS project
Linux. It’s very cool technology. (www.reactos.org), “Wine translates every system
Two worlds collide
which aims to create an
open source Windows-
call that an application makes
Of course, Wine can’t magically make some of the compatible operating into a Linux equivalent.”
differences between Linux and Windows disappear. system, uses many Wine
Go to File > Open in Notepad++, for instance, and DLLs. The underlying
select My Computer from the “Look in” list. You’ll see structure of ReactOS is very different to Linux and
C:, D: and Z: drives – but they make no sense in the Unix, as it aims to be compatible with Windows drives
Linux world. Well, Wine maps them to different as well as software, but there’s a decent amount of
Adobe has dropped
locations in your filesystem. The Z: drive is mapped to code-flow between ReactOS and Wine. We’ve been support for Reader on
the root directory (/), which is the base of everything in following ReactOS for many years and it’s making Linux, but thanks to Wine,
a Linux/Unix system. So you can use that drive to go slow but steady progress – what Microsoft’s lawyers you can get some Windows
to your home directory in /home and access your think about it, though, remains to be seen… versions running.
personal files – or use the My Documents shortcut.
But where does C: point to? If you click into it, you’ll
see some familiar folders from a Windows installation:
Program files, windows and so forth. These were
created when you first ran Wine, so let’s explore them
in more depth. They’re located in .wine/drive_c in your
home directory, so close Notepad++ and switch into
that directory like so:
cd ~/.wine/drive_c
Enter ls and you’ll see those folders again. Switch
into the windows directory with cd windows and run
ls again – this time, you’ll notice some common tools
like Regedit. Basically, Wine has created a very minimal
Windows installation in your home directory,
comprised of fully open source software, of course.
So you can run the included tools like so:
wine regedit
(Note that you can omit the .exe.) This looks just
like the real Windows registry editor, but go to Help >
About and you’ll see that it’s a tool written by the Wine
developers. Back in the terminal, if you head into the
windows/system32 directory (and syswow64 on
64-bit installations), you’ll see a bunch of DLLs. These
www.linuxvoice.com 89
� TUTORIAL WINE
2 INSTALLING SOFTWARE AND CUSTOM SETUPS
So far, we’ve just tested a simple standalone .exe launcher on your desktop that runs the program with
program. But what if you want to install something this command (note the use of quote marks to get
more complicated, like a program that extracts and round spaces in directory names):
installs its own files? Let’s try Adobe Reader, given that wine ~/.wine/drive_c/”Program Files (x86)”/Adobe/”Reader 9.0”/
it’s no longer supported on Linux. The first thing to do Reader/AcroRd32.exe
before installing any program is to check its Another useful launcher to create is “wine explorer”,
PRO TIP compatibility ratings, so in this case we go to which starts up a file manager, so you can then
It’s important to note that https://appdb.winehq.org and enter “Adobe Reader” in browse into Program Files (x86) yourself and launch
Wine programs can
access your Linux system
the search box in the top-right. When the results come programs by double-clicking on them.
like any other app. They’re up, we click on the “WineHQ – Adobe Reader” link. As you’d expect, Wine is a hugely configurable piece
not sandboxed or Here we can see that different versions of the of software, but fortunately there’s a fairly good GUI
restricted. Of course, the
inbuilt security
program have different ratings: gold means that a tool that lets you tweak settings without fiddling
mechanisms of Unix and program works almost flawlessly, whereas silver and around inside config files. Enter winecfg and a small
Linux should stop a bronze mean that the program is usable, albeit with Windows utility pops up with various tabs. The most
malicious app from
completely hosing your
some glitches or other issues. (These compatibility important of these is Applications: here you can select
system, but if you want to ratings are provided by the community, and some .exe files in your Wine installation, and then choose
be ultra secure, use Wine programs have only been tested with older Wine the Windows version that Wine should emulate for
on Linux inside a virtual
machine!
releases, so it’s possible that compatibility has them. So if you know that a certain program works
improved in the meantime.) best in Windows XP, or Windows 7, you can select it at
Adobe Reader 9.x is rated as silver, so click it and the bottom. In general, Wine’s compatibility is more
then, on the following page, the first “Free Download” complete when it comes to older Windows versions.
link on the left. Save the AdbeRdr90_en_US.exe file to Another useful tab here is Libraries. Here you can
your home directory, fire up a terminal, and enter: choose whether Wine should override its inbuilt
wine AdbeRdr90_en_US.exe libraries with native ones, as mentioned earlier. Under
This isn’t the program itself, but rather its installer the Graphics tab you can also customise the screen
– so follow the prompts, and don’t worry if the resolution, which helps if certain programs are being
PRO TIP
installer gets confused and crashes right at the end. displayed incorrectly.
Got a program that’s
supplied as an .msi file?
(This is a common occurrence in Wine, when
You can install these installers don’t quite understand that they’re not Bottle it!
using the msiexec tool running in an original Windows environment, but Things can get complicated when you’ve customised
along with the /i flag – for
instance, msiexec /i
usually it’s not a problem.) your Wine installation for one particular program, and
filename.msi. This tool is Now, like in regular Windows, Adobe Reader has it’s running beautifully, but then you install another
provided as part of a been installed in a Program Files directory. In this program that needs different settings, library
standard Wine
installation.
case, you’ll find it in ~/.wine/drive_c/Program Files overrides, and so forth. It’s a colossal pain to keep
(x86)/Adobe/Reader 9.0/Reader. If you cd into that switching options manually, but thankfully, Wine has a
directory and enter ls, you’ll see AcroRd32.exe – that’s solution for this called prefixes (aka Wine bottles). This
the program you want to run with Wine. So give it a go, lets you create and maintain separate Wine
and try opening some PDFs – by and large, it does its installations for your programs – albeit with a bit of
job without major bugs. You can now create a extra disk space usage.
Running DOS software with DOSBox
If you’ve got some really old programs that drive to the directory you specified. So if you
you’d like to get running again, from the days enter DIR now, you’ll see the files inside the
when MS-DOS ruled the (business) world, frontier directory – including frontier.bat,
you’re also in luck. FOSS platforms have had which you can use to run it. DOSBox will
great DOS compatibility for many years often grab the mouse cursor for itself, so to
thanks to DOSEMU, but that program hasn’t free it, press Ctrl+F10 at the same time.
seen many updates recently, and can be To configure DOSBox, run it on its own
fiddly to set up. A better alternative can be (without a directory) and then enter config
found in DOSBox – and it’s available in all -wc dosbox.conf in the emulated DOS
major distro’s repositories. session. Type exit to leave, and you’ll see
Once you have it installed, you just need dosbox.conf in your current directory. You
to point it at a directory containing your DOS can now edit this to tweak settings, such as
program(s). In this example we’ve got full-screen mode, mouse sensitivity, and how
Frontier Elite II in a directory called frontier, quickly it should run (look at the cycles
so we just run: option). If you need any help, you’ll find
dosbox frontier plenty of it on the wiki at Elite: Dangerous should be out by the time you read this, but
When DOSBox starts, it maps its emulated C: www.dosbox.com/wiki. we’ll never stop loving Frontier.
90 www.linuxvoice.com
� WINE TUTORIAL
The key to this is the WINEPREFIX environment
variable. Say you want to install program fooapp.exe
into a new Wine installation, and not .wine in your
home directory. You would run this command:
env WINEPREFIX=~/.wine_fooapp wine fooapp.exe
A new Wine installation, with fresh settings and
libraries, will be created in .wine_fooapp in your home
directory. Once the app is installed, you can run its
executable as usual, but make sure to keep the env
WINEPREFIX=~/.wine_fooapp part otherwise it all
gets messy. Essentially, you can make as many Wine
prefixes as you like (at the cost of 35MB each time),
but always make sure you’re pointing WINEPREFIX to
the appropriate place, otherwise one installation can
overwrite settings from another.
To run winecfg for a particular prefix, you also need
to specify the environment variable:
env WINEPREFIX=~/.wine_fooapp winecfg
If you want to completely remove a program and its
prefix, just remove the directory.
Another useful environment variable is WINEARCH.
Wine Explorer is a simple
If you’re running a 64-bit distro, Wine will start in 64-bit good idea to remove the prefixes when you’re done
file manager that you can
mode by default; if this leads to problems with your with them! use to browse files and
programs, you can change this by using env launch programs.
WINEARCH=win32 before your commands. The future of Wine
Wine’s development dates back to the mid-90s, so it’s
Tricks up the sleeve one of the longest-running projects in the Free
Finally, we want to give a mention to Winetricks Software world. After two decades of development,
(www.winetricks.org), a very handy little script that though, why are there still compatibility problems with
assists you in installing various programs and games. so many programs? Well, part of the problem is that
Many distros include it in their package repositories Windows is a moving target. When Wine started, its
– if you can’t find it, just grab it from the website (the goal was to provide compatibility with Win32 – in
Installing page explains how to do it step-by-step). other words, the APIs used on Windows 95, 98 and PRO TIP
You’ll also need some kind of utility for displaying NT. But since then, we’ve seen many more releases of Spaces in file and
dialog boxes, such as Zenity or kdialog from KDE. Windows, and Wine developers keep trying to chase directory names are
When you run Winetricks, you’ll be prompted to the latest APIs. common in the Windows
world, but they’re a royal
install an application, benchmark or game. Try Some would argue that the Wine team should set a pain in the rear on the
installing an app: you’ll see that many of them can be very specific goal: compatibility with Windows XP, for Linux command line. You
downloaded automatically (check the Media column), instance, and forget about Vista, 7 and 8. This could can use escape
characters (backslashes)
but in some cases, such as with Microsoft Office, make sense in positioning Wine as a solution for to get around them if
you’ll need the original CD or DVD. As a test, try legacy applications, but other users and developers you’re a long-time Linuxer,
installing the AbiWord word processor: Winetricks will want to use Wine to play the latest games and run but for new users it’s best
to just use quotes. So if
download the setup.exe file and run it in Wine. recent versions of Office. As most Wine developers are you need to cd into the
After the installation, Winetricks will return to its hacking on the code out of a labour of love, nobody Program Files (x86)
original menu, but you’ll see a new item: “Select can force them to limit the compatibility to a specific directory, enter cd
“Program Files (x86)”.
AbiWord”. Click on this and then OK, and another Windows release.
menu will appear so that you can configure the And then, trying to be compatible with Windows
installation. You can access the usual winecfg tool in APIs is an adventure in itself. Many APIs are
this way, or also fine-tune options via the Change undocumented or don’t behave as expected, so it’s
settings item. Note the titlebar here – Winetricks has not just about following a spec like POSIX. After all, it’s
installed AbiWord into its own prefix, in ~/.local/share/ in Microsoft’s interests that a compatible OS from a
wineprefixes/abiword/. So if you cd into that directory third party isn’t developed. Sure, the Redmond giant
in a terminal, you’ll see the usual drive_c/Program has been more friendly with the FOSS community
Files (x86) subdirectory underneath it, and then recently, but we don’t expect it to suddenly get behind
AbiWord under that. (The launcher, AbiWord.exe, is the Wine project or open up reams of specifications to
inside the bin directory.) help its development.
Winetricks also provides access to a large list of
games and demos, many of which are great for
testing the performance of Wine. Just remember that Mike is a recursive acronym and stands for “Mike ist kein
Emulator”. Blame his parents.
they can swallow up your disk space quickly, so it’s a
www.linuxvoice.com 91
� TUTORIAL SAMBA 4
SAMBA 4: IMPLEMENT ACTIVE
TUTORIAL
DIRECTORY DOMAIN SERVICES
Master your Windows domain from the comfortable
JOHN LANE
familiarity of your Linux server.
S
amba is an open source implementation of the provisioning will fail (it writes a new one and won’t
WHY DO THIS? protocols for user and resource management overwrite an existing one):
• Administer Windows in a Windows network. It allows Unix-like $ rm /etc/samba/smb.conf
machines on a network operating systems such as Linux and OS X to share You should also ensure that your server is
without having to files and printers, and to authenticate and manage configured with a static IP address and has itself
abandon your Linux
working environment. users and resources in a Windows network. listed as its primary name server. If you need help
• Learn one of the most The venerable version 3 series had long satisfied configuring this, our Network Configuration box
important features in the file sharing needs of many Linux systems, until explains what to do.
Samba 4. Microsoft introduced its Active Directory user and Interactive provisioning prompts for you to enter
resource management infrastructure. But version 4 the required information but offers default values
of Samba resolves this, because it is fully-compatible that are usually acceptable. The first question asks
with it. In this tutorial, we’ll install the Samba Version 4 for a Realm, which is the domain suffix that Active
server and configure it as an Active Directory Domain Directory will apply to all hosts that join the domain.
Controller. Up-to-date distros should have updated The default value is the default search domain for
their Samba version, but you can always download your network, as defined in /etc/resolv.conf and
the latest sources from the samba.org website. We’ll converted to upper case letters (eg EXAMPLE.COM)
PRO TIP use the “Trusty Tahr” Ubuntu Server, version 14.04, as and it’s fine to accept this suggestion.
Implementing Samba it’s a long term support release that includes Samba You will also be asked to choose a DNS Backend.
requires root privileges.
sudo -i gives you a root 4.1.6 in its repositories. This makes installation Samba requires a DNS server and implements one
prompt. straightforward – as root: internally if you accept the default SAMBA_INTERNAL
$ apt-get install samba smbclient option. This should be suitable for most uses but you
We also installed smbclient, the command line can use an external BIND DNS server if you prefer.
Samba client. We’ll use it to help test our server. The provisioning tool asks two questions that
Ubuntu’s Samba package automatically starts the require non-default answers. You need to supply:
daemons upon installation. We’re about to reconfigure The DNS Forwarder Address: the IP address of
it, so stop them now: another DNS on your network, such as another
$ stop smbd name server defined in /etc/resolv.conf;
$ stop nmbd An Administrator Password of your choosing that is
Samba’s main administration tool, samba-tool, is suitably complex – it needs to have least eight
A new server hasn’t got used to provision (set up) a new domain controller. characters containing three of these four kinds:
much to share, but there’s You need to remove the pre-installed default Samba lower-case letters, upper-case letters, digits and
no harm in looking. configuration file before you begin otherwise symbols. We’ll use “Pa$$w0rd” in this tutorial; you
should use something different.
Provisioning can be as simple as:
$ samba-tool domain provision --interactive
however, it’s best to add some optional arguments to
gain some additional benefits:
$ samba-tool domain provision --interactive --use-rfc2307
--use-xattrs=yes
The --use-rfc2307 argument configures Active
Directory so that it can store Unix user attributes, and
this makes it possible to authenticate Linux users
with Samba. The second argument allows Samba
to support access control lists. These are lists of
permissions that augment the basic user, group and
others entitlements. Windows makes extensive use
of them.
To support access control lists, the Linux kernel
and any filesystem that you want to use with Samba
92 www.linuxvoice.com
� SAMBA 4 TUTORIAL
need to have extended attribute (abbreviated to
‘xattr’) support. You should be fine with the ext4 What is Active Directory?
filesystem, but options for various other filesystems Active Directory, or its more complete and is managed by a “Directory System Agent” (DSA)
are explained at https://wiki.samba.org/index.php/ up-to-date name, Active Directory Domain and can be accessed using the Lightweight
OS_Requirements. You’ll also need the attr and acl Services, (ADDS) is a scalable, secure, and Directory Access Protocol (LDAP); there are
packages. Ubuntu 14.04 includes all of this by default. manageable infrastructure for user and also ADSI, MAPI and “Security Accounts
You can start Samba when provisioning completes; resource management. Manager” (SAM) interfaces. The objects are
A server that provides ADDS has the ADDS either “resources” or “security principals”,
the Ubuntu-specifc way to do this is to use Upstart: ‘Server Role’ and is called a ‘domain controller’. the latter having unique “Security Identifiers”
$ start samba-ad-dc Its responsibilities include authentication (SIDs). Unlike the earlier Windows NT domain
but you can instead run the daemon directly, a and authorisation of users and computers controllers, it’s possible for there to be multiple
distro-agnostic approach that is also useful when in a Windows network, the assignment and servers with the ADDS role, all accepting read/
testing: to run it in the foreground with debug logging enforcement of security policies and installing write operations and replicating changes to
and updating software. The “directory” part remain in sync.
you can use: refers to a listing of “objects”. It’s a database that ADDS uses Kerberos for authentication.
$ samba -i -d 2 -M single
These, and many other, command line options are
documented on the daemon’s manual page (man 8 Default principal: administrator@EXAMPLE.COM
samba).
With Samba running, you can exercise the DNS to Valid starting Expires Service principal
ensure it returns the expected results: 16/09/14 12:42:07 16/09/14 22:42:07 krbtgt/EXAMPLE.COM@
$ host -t SRV _ldap._tcp.example.com EXAMPLE.COM
_ldap._tcp.example.com has SRV record 0 100 389 samba. renew until 17/09/14 12:41:56
example.com. We can use the Samba client tool to browse our
$ host -t SRV _kerberos._udp.example.com domain’s shares. We can list them and connect to
PRO TIP
_kerberos._udp.example.com has SRV record 0 100 88 samba. them to see their contents (you’ll need to enter the
If you want to use less
example.com. password that you chose during provisioning). secure passwords:
$ host -t A samba.example.com $ smbclient -L localhost -U% samba-tool domain
samba.example.com has address 10.0.100.1 $ smbclient //localhost/sysvol -U’Administrator%Pa$$w0rd’ -c ls passwordsettings set
--complexity=off
You may have seen the notification when the Another way to access shares is to mount them
provisioning completed that “a Kerberos configuration using the cifs filesystem:
suitable for Samba 4 has been generated”. Kerberos $ mount -t cifs -o username=Administrator,password=’Pa$$w0
is the authentication protocol used by Active Directory rd’ //samba/sysvol /mnt
and the generated configuration allows you to interact
with Samba’s Kerberos services. Doing so is optional Serving time
but useful for testing. If you want to use it, copy it into Participants in an Active Directory domain work best
place and install the Kerberos client utilities: when they have synchronised time clocks because PRO TIP
$ cp /var/lib/samba/private/krb5.conf /etc Active Directory uses Kerberos for authentication, and Borked install? Just
delete /etc/samba/smb.
$ apt-get install krb5-user this is extremely time-sensitive. There is an allowed conf and /var/lib/samba/
You can then run some basic Kerberos tests (the tolerance of five minutes and any more than this will private and start over.
Samba server needs to be running): result in denied access. It’s also essential if you have
# kinit administrator@EXAMPLE.COM multiple servers because directory replication relies on
Password for administrator@EXAMPLE.COM: synchronised clocks. Implementing a time server will
# klist allow clients attempting to connect to our server to
Ticket cache: FILE:/tmp/krb5cc_0 synchronise their clocks from it.
Microsoft uses an extension to the standard
Network Time Protocol that uses signed timestamps.
It calls this the “Windows Time Service”. The standard
ntpd time server can provide such times by having
Samba sign its timestamps. Install the daemon from
the repository:
$ apt-get install ntp
Modify the configuration file so that ntpd asks
Samba to sign its timestamps. You need to define
the socket where the signing agent listens and add
a server restriction so that requests get signed by
default. If you’re using a virtual server, such as LXC,
you can replace the whole /etc/ntp.conf with the
following example, otherwise amend your existing
configuration so that it includes the last two lines.
Installing RSAT is not enough: you must also use Turn Restart the daemon after making your changes
Windows Features On Or Off to enable it. (service ntp restart).
www.linuxvoice.com 93
� TUTORIAL SAMBA 4
server, say within a few seconds, otherwise errors
Network configuration may be reported that bear no relationship to the real
Your Samba server needs a static IP address there are various ways to do this. One way on problem and you will not be able to authenticate.
and it should be configured to use Samba as Ubuntu is to add it to /etc/resolvconf/resolv. The Windows time service will keep the clocks
its primary DNS name server. You can use a conf.d.head like this: synchronised once the client becomes a domain
static IP configuration to achieve this by nameserver 10.0.100.1
member. We’ll assume you know how to make these
editing /etc/network/interfaces.d/eth0.cfg You should also set a host name in /etc/
so that it reads like this: hostname and its fully-qualified domain tweaks or know a Windows tech who does.
auto eth0 name in /etc/hosts. We’re using samba. Now, to add the client to the domain, go to Start
iface eth0 inet static example.com so our /etc/hostname file > Computer > Right-click > Properties > Change
address 10.0.100.1 contains just the host name, like this: Settings. This will display the System Properties
netmask 255.0.0.0 samba
dialog, where you should click on the Change
gateway 10.0.0.138 and our /etc/hosts file contains a line like
dns-nameservers 10.0.100.1 10.0.0.138 this: button and then select Domain in the Member Of
dns-search example.com 127.0.1.1 samba.example.com samba section and enter the Samba domain name before
You’ll need to use values appropriate to The easiest way to ensure your network pressing ‘OK’. This should request the administrator
your own network. Our server’s interface settings take effect is to reboot after making account credentials (the username is ‘Administrator’
is eth0 but yours may be different and you them so that the \etc\resolv.conf file that
and password is ‘Pa$$w0rd’ if you’ve followed our
should use your own domain name and an IP DNS relies on is updated. You can then
address appropriate to your network. confirm your settings: example settings). It should finish by welcoming you
You can use DHCP if you prefer but you $ hostname to the domain and asking you to restart the computer.
will need to make sure that your DHCP samba Log in as your domain administrator, (EXAMPLE\
server always assigns the same IP address $ hostname -f Administrator), when Windows restarts. You can
to your network interface. You can get your samba.example.com
now test NTP. Open a command prompt window as
network’s interface (MAC address) by doing: $ cat /etc/resolv.conf
$ cat /sys/class/net/eth0/address nameserver 10.0.100.1
the Administrator (click the Start button, type cmd
You’ll need to prepend the settings supplied nameserver 10.0.0.138 and then right-click the cmd icon that appears in the
by DHCP with the local DNS server entry and search example.com search results to select Run As Administrator) and
then:
C:\> w32tm /resync
server 127.127.1.0 Sending resync command to local computer
fudge 127.127.1.0 stratum 12 The command completed successfully.
ntpsigndsocket /var/lib/samba/ntp_signd/ So, we now have Active Directory Domain Services
restrict default mssntp and have joined a client to the domain. What does
Our example uses 127.127.1.0 as a time server that give us? Well, we can now use Windows tools to
PRO TIP address. This is a pseudo-address that NTP administer our domain, but you need to download the
Reload Samba’s config recognises as its own local clock and synchronises Remote Server Administration Tools and install them.
without restarting:
with itself. This is sufficient inside a virtual server Do this while you’re still logged in to your Windows
smbcontrol all reload-
config. Sanity check it whose clock is controlled by the VPS host. desktop – see http://bit.ly/ms-rsat.
with testparm. The ntpsigndsocket entry defines the path to the The Remote Server Administration Tools include
directory where Samba places the socket file on a tool called Active Directory Users And Computers
which it will listen for signing requests. The path is that you can use for your admin tasks. Run this, as an
determined by Samba’s configuration and you can administrator, via the Start button: search for dsa.msc
confirm the correct path with: (this is the name of the relevant executable file that
$ samba-tool testparm --verbose --suppress-prompt | grep “ntp you need to run). The Action menu lists the various
signd socket directory” administrative actions that you can perform, such as
ntp signd socket directory = /var/lib/samba/ adding a new user.
ntp_signd You can also perform these tasks using the Samba
PRO TIP Samba creates the socket directory but you should command line tools if you prefer that way of doing
ntp_signd is a compile- ensure that it is writeable by the ntpd daemon, which things. The Samba administration utility is called
time option. If signed
requests do not work you usually runs as ntp:ntp. You should change the
may need to rebuild ntpd directory’s group to match:
from source. This isn’t the $ chgrp ntp /var/lib/samba/ntp_signd
case with Ubuntu 14.04.
Unfortunately there is no tool to test NTP
authentication from Linux but we can do so when we
connect our first Windows client to our Samba server.
The following examples assume that you have a
clean install of Windows 7, and bear in mind that you
can’t join a domain from the Starter or Home editions
although you’ll still be able to access shares.
There are a couple of prerequisites before a client
can join the domain. The first is that it must use the Whatever your preference, you can get your admin done:
Samba server’s DNS. The second requirement is for you can use the native Windows tools or the various Linux
its clock to be reasonably consistent with the Samba command line alternatives.
94 www.linuxvoice.com
� SAMBA 4 TUTORIAL
samba-tool, and you can use it to add users like this: Roaming profiles link
$ samba-tool user create myuser to the [profiles] share
This creates a user but doesn’t enrich it with configured in smb.conf.
The \%U in the path will
supplementary data that can be stored in Active
be replaced with the
Directory, such as their name and phone number, but
username.
you can use the pdbedit command line tool for that:
$ pdbedit --username myuser --modify --fullname “My User”
You can edit common user attributes with pdbedit
but there are many more attributes in the directory
that you can access. You’ll need a basic grasp of how
LDAP stores data and you’ll need the LDAP Database
Tools to access it. Install the tools and try some
queries:
$ apt-get install ldb-tools
$ ldbsearch -H /var/lib/samba/private/sam.ldb -b CN=myuser,CN
=Users,DC=example,DC=com
$ ldbsearch -H /var/lib/samba/private/sam.ldb -b
CN=Users,DC=example,DC=com samaccountname=myuser $ id myuser
The first argument points at Samba’s database – uid=3000021(EXAMPLE\myuser) gid=100(users)
your Active Directory. The second argument is the groups=100(users)
Distinguished Name (DN) to search within (a DN is Domain users have high-numbered UIDs that are
what uniquely identifies a record in LDAP and the base assigned by Active Directory. You can modify this (or
DN specifies where to start the search). What follows any other LDAP attribute) using ldbedit but they’re
the arguments is an expression that selects records kept separately from the main directory. You need a
from the database and fields from those records. If user’s Security Identifier, or SID, to find them. The SID
the expression is omitted then everything beneath the is another way that Active Directory uniquely identifies
base DN is returned. See man ldapsearch for more. a user. The commands you need are:
PRO TIP
Use your preferred method to try adding a user now, $ wbinfo --name-to-sid myuser
If you have Apparmor on
we’ll make use of myuser in the following examples. If S-1-5-21-3373576103-2381685468-725138442-1109 your server, check that
you need to edit your user’s record then ldbedit gives SID_USER (1) its configuration allows
you direct edit access to the directory. Be careful not $ ldbedit -H /var/lib/samba/private/idmap.ldb cn=S-1-5-21- access to the Samba
socket (it does on
to alter any internal Active Directory data. You can edit 3373576103-2381685468-725138442-1109 Ubuntu 14.04). See
a user like this: The field that you need to change is xidNumber; /etc/apparmor.d/usr.sbin.
$ ldbedit -H /var/lib/samba/private/sam.ldb -b you can set this to the desired uid value. You only ntpd.
CN=Users,DC=example,DC=com samaccountname=myuser really need to do this when moving existing users
from /etc/passwd into the directory.
Linux login You can try logging in as the user you created
We recommended adding a --use-rfc2307 option earlier, for example:
when provisioning the Samba server. RFC2307 is an $ ssh myuser@my_linux_box
internet standard that Active Directory implements so
that it can store Unix attributes like usernames and When in Roam…
PRO TIP
passwords in a standard way. The provisioning option File and print sharing works exactly as it does when
From a Windows
instructs Samba to do similarly and this allows us to Samba is used in the classic, non-Active Directory, command line, use
use Samba to authenticate users that log in to our way by writing stanzas in smb.conf. One thing that a ipconfig /all to check
Linux machines. Microsoft’s Active Directory domain controller adds to this is Roaming Profiles. network settings such
as DNS.
implementation calls this “Identity Management for This feature enables your domain users to log in to
UNIX”. If you want to authenticate users in this way, Windows clients and download their user profile
their computers need winbind, a daemon that looks directory. Think about your users’ habits before
up usernames and passwords in Active Directory. You enabling roaming profiles. Because they are
need to install it, along with libraries that link it into the downloaded and uploaded inefficiently, users storing
authentication process: large amounts of data in their profile can put undue
$ apt-get winbind libnss-winbind libpam-winbind pressure on your Samba server.
NSS is the Name Service Switch and you need to There’s much more to Active Directory than we’ve
configure it to use winbind as a data source by adding covered here, but you should be able to get your first
it after the options already in place. Our modified server up and running and save yourself from one
Ubuntu /etc/nsswitch.conf looks like this: more proprietary server.
passwd: compat winbind
group: compat winbind
John Lane provides technical solutions to business
You can test these using getent passwd and getent
problems. He has yet to find anything that Linux can’t solve.
group, and you can look up your user with id:
www.linuxvoice.com 95
� TUTORIAL SEYMOUR CRAY AND SUPERCOMPUTERS
SEYMOUR CRAY AND
TUTORIAL
SUPERCOMPUTERS
JULIET KEMP
Join us in the Linux Voice time machine once more as we go back
to the 1970s and the early Cray supercomputers.
C
omputers in the 1940s were vast, unreliable computer in the world. He started working on the CDC
beasts built with vacuum tubes and mercury 6600, which was to become the first really
memory. Then came the 1950s, when commercially successful supercomputer. (The UK
transistors and magnetic memory allowed computers Atlas, operational at a similar time, only had three
to become smaller, more reliable, and, importantly, installations, although Ferranti was certainly
faster. The quest for speed gave rise to the interested in sales.)
“supercomputer”, computers right at the edge of the Cray’s vital realisation was that supercomputing –
possible in processing speed. Almost synonymous computing power – wasn’t purely a factor of
with supercomputing is Seymour Cray. For at least processor speed. What was needed was to design a
two decades, starting at Control Data Corporation in whole system that worked as fast as possible, which
1964, then at Cray Research and other companies, meant (among other things) designing for faster IO
Cray computers were the fastest general-purpose bandwidth. Otherwise your lovely ultrafast processor
computers in the world. And they’re still what many would spend its time idly waiting for more data to
people think of when they imagine a supercomputer. come down the pipeline. Cray has been quoted as
Seymour Cray was born in Wisconsin in 1925, and saying, “Anyone can build a fast CPU. The trick is to
was interested in science and engineering from build a fast system.” He was also focussed on cooling
childhood. He was drafted as a radio operator towards systems (heat being one of the major problems when
the end of World War II, went back to college after the building any computer, even now), and on ensuring
war, then joined Engineering Research Associates that signal arrivals were properly synchronised.
PRO TIP (ERA) in 1951. They were best known for their
For some diagrams of code-breaking work, with a little involvement with CDC 6600: the first supercomputer
this setup and far greater
detail about registers
digital computing, and Cray moved into this area. He Cray made several big architectural improvements in
and functional units, see was involved in designing the ERA 1103, the first the CDC 6600. The first was its significant instruction-
this detailed article by scientific computer to see commercial success. ERA level parallelism: it was built to operate in parallel in
James E Thornton: http://
research.microsoft.com/
was eventually bought out by Remington Rand and two different ways. Firstly, within the CPU, there were
en-us/um/people/gbell/ folded into the UNIVAC team. multiple functional units (execution units forming
Computer_Structures__ In the late 1950s, Cray followed a number of other discrete parts of the CPU) which could operate in
Readings_and_
Examples/00000511.htm.
former ERA employees to the newly-formed Control parallel; so it could begin the next instruction while still
Data Corporation (CDC) where he continued designing computing the current one, as long as the current one
computers. However, he wasn’t interested in CDC’s wasn’t required by the next. It also had an instruction
main business of producing low-end commercial cache of sorts to reduce the time the CPU spent
computers. What he wanted was to build the largest waiting for the next instruction fetch result. Secondly,
the CPU itself contained 10 parallel functional units
(parallel processors, or PPs), so it could operate on ten
different instructions simultaneously. This was unique
for the time. The CPU read and decoded instructions
from memory (via the PPs), and passed them onto the
functional units to be processed. The CPU also
contained an eight-word stack to hold previously
executed instructions, making these instructions
quicker to access as they required no memory fetch.
There were 10 PPs, but the CPU could only handle a
single one at a time. They were housed in a ‘barrel’,
and would be presented to the CPU one at a time. On
each barrel ‘rotation’ the CPU would operate on the
instruction in the next PP, and so on through each of
Seymour Cray with the
the PPs and back to the start again. This meant that
Cray-1 (1976).
Image courtesy of multiple instructions could be processing in parallel
Cray Research, Inc. and the PPs could handle I/O while the CPU ran its
96 www.linuxvoice.com
� SEYMOUR CRAY AND SUPERCOMPUTERS TUTORIAL
arithmetic/logic independently. The CPU’s only
connections to the PPs were memory, and a two-way Cray-1
connection such that either a PP could provide an
From 1968 to 1972, Cray was working on the Wall Street, and they were off again. Three
interrupt, or it could monitor the central program
CDC 8600, the next stage after the CDC 6600 years later, the Cray-1 was announced, and
address. To make best use of this, and of the and 7600. Effectively, this was four 7600s Los Alamos National Laboratory won the
functional units within the CPU, programmers had to wired together; but by 1972 it was clear that bidding war for the first machine.
write their code to take into account memory access it was simply too complex to work well. Cray They only expected to sell around a dozen,
and parallelisation of instructions, but the speed-up wanted to start a redesign, but CDC was once so priced them at around $8 million; but in
again in financial trouble, and the money the end they sold around 80, at prices of
possibilities were significant.
was not available. Cray, therefore, left CDC between $5 million and $8 million, making
A related improvement was in the size of the and started his own company, Cray Research Cray Research a huge success. On top of
instruction set. At the time, it was usual to have large very nearby. Their CTO found investment on that, users paid for the engineers to run it.
multi-task CPUs, with a large instruction set. This
meant that they tended to run slowly. Cray, instead,
used a small CPU with a small instruction set,
handling only arithmetic and logic, which could
therefore run much faster. For the other tasks usually
dealt with by the CPU (memory access, I/O, and so
on), Cray used secondary processors known as
peripheral processors. Nearly all of the operating
system, and all of the I/O (input/output) of the
machine ran on these peripheral processors, to free
up the CPU for user programs. This was the
forerunner of the “reduced instruction set computing”
(RISC) designs which gave rise to the ARM processor
in the early 1980s.
The 6600 also had some instruction set
idiosyncrasies. It had 8 general purpose X registers
(60 bits wide), 8 A address registers (18 bits), and 8 B
‘increment’ registers (in which B0 was always zero,
and B1 was often programmed as always 1) (18 bits).
So far so normal; but instead of having an explicit Cray-1 with its innards showing, in Lausanne. CREDIT/COPYRIGHT: CC-BY-SA 2.0 by Rama.
memory access instruction, memory access was
handled by the CPU as a side effect of assigning to
particular registers (setting A1–A5 loaded the word at (written at the time) Design of a Computer: CDC6600
the given address into registers X1–X5, and setting A6 www.textfiles.com/bitsavers/pdf/cdc/6x00/books/
or A7 stored registers X6 or X7 into the given address). DesignOfAComputer_CDC6600.pdf.
There’s a limit to what you
(This is quite elegant, really, but a little confusing at One important change in the Cray-1 was vector
can do on the simulator at
first glance.) processing. This meant that if operating on a large the moment, but you could
Physically, the machine was built in a + -shaped dataset, instead of having an instruction for each try running a test job,
cabinet, with Freon circulating within the machine for member of the data set (ie looping round and as described on Andras
cooling. The intersection of the + housed the swapping in a dataset member each time round the Tantos’ blog.
interconnection cables, which were designed for
minimum distance and thus maximum speed. The
logic modules, each of two parallel circuit boards with
components packed between them (cordwood
construction) were very densely packed but had good
heat removal. (Hard to repair though!) It had 400,000
transistors, over 100 miles of wiring, and a 100
nanosecond clock speed (the fastest in the world at
the time). It also, of course, came with tape and disk
units, high-speed card readers, a card punch, two
circular ‘scopes’ (CRT screens) to watch data
processing happening, and even a free operator’s chair.
Its performance was around 1 megaFLOPS, the
fastest in the world by a factor of three. It remained the
fastest between its introduction in 1964 (the first one
went to CERN to analyse bubble-chamber tracks; the
second one to Berkeley to analyse nuclear events, also
inside a bubble chamber), and the introduction of the
CDC 7600 in 1969. For more detail check out the book
www.linuxvoice.com 97
� TUTORIAL SEYMOUR CRAY AND SUPERCOMPUTERS
system took some time to perfect as the lubricant and
Freon mix kept leaking out of the seals.
The Cray-1 featured some other nifty tricks to get
maximum speed – such as the shape of the chassis.
The iconic C-shape was actually created to get shorter
wires on the inside of the C, so that the most speed-
dependent parts of the machine could be placed
there, and signals between them speeded up slightly
as they had less wire to get down. Overall throughput
was around 4.5 times faster than the CDC 7600.
It was a 64 bit system (the 6600 and 7600 were
60-bit), with 24-bit addressing, and 1 megaword (ie
1M of 64-bit words) of main memory. It had eight
64-bit scalar registers and eight 24-bit address
registers, each backed with 64 registers of temporary
storage. In addition, the vector system had its own
eight 64-element by 64-bit vector registers. There was
also a clock register and 4 instruction buffers. Its
fastest speed was around 250 MFLOPS, although in
The emulator installing
loop), the programmer could use a single instruction general it ran at around 160 MFLOPS.
the system. The top-right
window shows the ‘start’ and apply it to the entire dataset. So instead of Also it looked very cool, in a 1970s kind of way, with
commands, and the top- fetching a million instructions, the machine only a central column, in orange and black, containing the
left is the station window. fetches one. But more importantly, it also means that processing unit, and a padded bench around it
the CPU can use an ‘instruction pipeline’, queuing covering the power supplies. It weighed an impressive
instructions up to be sent through the CPU while the 5.5 tons (just shy of 5 metric tonnes), and used about
previous one is still processing, rather than waiting for 115kW of power (plus cooling and storage).
it to be fully completed.
Instruction pipelining wasn’t new -- the 6600 did Emulators
something rather like this, as did Atlas -- but vector Two awesome geeks, Chris Fenton and Andras
processors are able to fine-tune the pipelines because Tantos, have been working on emulating the Cray-1.
the data layout is known already to be a set of Chris’s project is to create a desktop size version, and
numbers arranged in order in a specific memory the first part was (fairly) straightforward: build a model
PRO TIP location. The Cray-1 took this a step further, using of the thing, and find a modern circuit board to hide
Cray’s design notes were registers to load in a piece of data once and then inside it. Amazing though the Cray-1 was at the time,
all written in hand using apply, say, three operations to it, rather than these days a tablet has more computing power.
Boolean notation; the folk
assembling the system processing the memory three times to operate on it But what Chris wanted was real Cray-1 software:
worked directly from three times. (Specifically, this was an improvement on specifically, COS. Turns out, no one has it. He
these, without creating the STAR.) This reduced flexibility, as registers were managed to track down a couple of disk packs (vast
schematic diagrams
first. See a picture at expensive to produce and therefore limited; the Cray-1 10lb ones), but then had to get something to read
www.computerhistory. would have to read in a vector in portions of a them… in the end he used an impressive home-brew
org/revolution/ particular size. However, the overhead was worth it in robot solution to map the information, but that still left
supercomputers
/10/7/915. terms of the speed increase payoff. The Cray-1 deciphering it. A Norwegian coder, Yngve Ådlandsvik,
hardware was optimised specifically to get these
operations as fast as possible. Cray called this whole
Other emulators
process “chaining”, as programmers could “chain”
together instructions for performance improvements. There are a few other emulators online, though we haven’t
The Cray-1 was also the first Cray design to use tried them ourselves:
1 Verilog implementation of Cray-1 for FPGAs https://code.
integrated circuits (silicon chip style circuits) rather
google.com/p/cray-1x/source/
than wiring together a bunch of independent browse/#svn%2Ftrunk%2FSoftware.
transistors. ICs were developed in the 1960s but 2 Desktop CYBER emulator, which emulates various CDC
initially were low-performance. By this time they had machines but not the Cray-1 or others. It emulates the
become fast enough to be worthwhile. However, they CDC 6400 but you need a disk image of your own to run
an OS on it. http://members.iinet.net.au/~tom-hunter.
also ran very hot, especially in the huge stacks that
You can also log onto a real live Cray machine online,
were wired together for the Cray-1. (It had 1,662 courtesy of the folks at www.cray-cyber.org. Unfortunately
modules each with one or two boards of up to 144 ICs at time of writing this service was offline (while they’re
per board.) The wiring was arranged so as to balance moving their machines), but it is due back up soon. Many
the load on the power supply very neatly. The circuit of the machines are only available on Saturdays as they
cost so much to run (power bill donations are gratefully
boards were paired with a copper sheet between
accepted). Sadly they don’t have a Cray-1 or Cray X-MP; all
them; the copper drew the heat to the outside where their Cray machines are later ones that run NOS.
liquid Freon drew it away to the cooling unit. This
98 www.linuxvoice.com
� SEYMOUR CRAY AND SUPERCOMPUTERS TUTORIAL
managed to play with the data set enough to figure
out the data format and other bits and pieces, and
wrote a data recovery script. Unfortunately that disk
was just a maintenance image, but another disk was
located which did indeed contain an OS image.
This is where Tantos came in; he found that the
images were full of faults, so worked on a better
recovery tool to reconstruct the boot disk. He’s been
working on it since (his website has lots of detailed
information and links to some of the disk images) and
now has an emulator of sorts. In fact, it’s not strictly a
Cray-1 but a Cray X-MP emulator. The Cray X-MP was
an improvement on the Cray-1 design, released in
1982. Andras Tantos has lots of detailed information
on it (http://modularcircuits.tantosonline.com/blog/
articles/the-cray-files/the-return-of-the-cray). The
other design path taken by Cray Research at the time
led to the Cray-2, a full redesign which wasn’t
particularly successful. As with all the Cray machines
since, the instruction set of the Cray X-MP derives
directly from the instruction set of the Cray-1. More
pertinently, those were the disks that have been
recovered, so that’s what we’ve got. 4 To continue booting, type STMSG to see the system The Cray simulator running
a job. The top-left window
You can download the most recent zipfile from messages, then REPLY,0,GO to reply to message 0
shows the status as the
Tantos’ webpage (http://modularcircuits. and tell the system to GO. job is processed.
tantosonline.com/blog/articles/the-cray-files/ 5 When the next message pops up, warning that
downloads). It has Windows binaries, but for Linux install is about to start, type REPLY,1, GO.
you’ll have to compile it yourself, as per these steps 6 Installation takes 10–15 minutes on a fast machine.
(on Debian stable up-to-date at time of writing): Go make a cup of tea. (Or try out some other
commands, like STMSG,I to see the info messages.)
Compile steps: 7 It’s done when FIXME gets this working!
Install the Boost library (exists as Debian package When you’ve installed it once, you can use the
libboost1.49-all-dev), GCC (gcc-4.7, g++-4.7, make, deadstart process another time; please see Tantos’
and libncurses5-dev). blog for details.
Unzip the file into its own directory and cd into that Unfortunately, test jobs is all that you can do at the
directory, then add a line to sw/common.mak in the moment; there’s still no compiler, libraries, or any of
downloaded file, after the SYSTEM line (line 26): the other parts of the system that would mean
SYSTEM=linux actually being able to write and run proper software.
SHELL=/bin/bash Tantos is still hopeful that something may show up,
Type make from the sw directory, and wait for a bit. but sadly it is entirely possible that those disks are lost
(Tip: if you get an internal G++ compiler error, try forever. Keep watching the project if you’re interested
increasing your swap.) (and get in touch with him if anyone reading this
Copy the sw/_bin/linux_release files into bin/, then happens to have a Cray disk in their loft!).
add ~/Cray/bin to your $PATH in .bashrc.
(With thanks to Jonathan Chin for assistance in What happened next
fixing my compile problems. See also this page in Cray-related companies have gone through a
French (http://framboisepi.fr/installation-dun- multitude of mergers and separations over the years,
simulateur-cray) and Tantos’ instructions.) and Seymour Cray died in a traffic accident in 1996. A
You should now be ready to go. To start it up, cd bin company called Cray Inc does still exist, and as of
and type cray_xmp_sim xmp_sim.cfg, and then follow Sept 2014 has just launched the XC40 and CS400
the steps on Andras Tantos’ blog to get the system supercomputer and cluster supercomputer systems.
installed. Here’s a quick summary: These include SSD-based buffering with DataWarp,
1 Enter a date and time (before 1999! Year-2000 error hoping to solve the current problem that compute
here...). power is increasing faster than regular disk-based IO
2 Type START COS_117 INSTALL. can handle. It’s still very much in the game of
3 Type STATION once you see the line designing whole system speed that Seymour Cray
Concentrator ordinal 3 processed LOGON from ID FE was so enthusiastic about.
You’ll get a new window up: this is your main
console (Cray Station) window. Type LOGON, then Juliet Kemp is a scary polymath, and is the author of
Apress’s Linux System Administration Recipes.
HELP to see the available commands.
www.linuxvoice.com 99
� CODING FIREFOX ADD-ON
CREATE A FIREFOX ADD-ON
TUTORIAL
FOR FUN AND PROFIT
BEN EVERARD
Give your web surfing extra power by creating new features for
your browser – and get your work seen by millions!
F
irefox is a great web browser, but there are
WHY DO THIS? times when you want a little more functionality
• Create more features for than it provides by itself. For these occasions,
Firefox to improve your you can use add-ons to power-up the browser
web browsing. Like most web technology, Firefox’s addons are
• Find out who’s tracking written in JavaScript, CSS and HTML. So, if you know
your browsing habits.
how to create a web page, you know how to create a
• Package your software
for a platform that’s Firefox add-on. All you have to do is package it in the
used by more than 450 right way.
million people around Mozilla provides all the tools you need for this in the
the world.
add-on SDK. You can grab this from https://add-ons.
mozilla.org/en-US/developers/builder.
Unzip this and move into the directory in creates:
unzip add-on-sdk-1.17.zip
cd add-on-sdk-1.17 The main.js file is where you define how your add-on will
You should then be able to start the SDK with: work, but in our case, most of the processing is done in
source bin/activate trackers.js.
This expects Python to default to Python 2, which
is the case in most Linux distros. However, if you’re again. If you’re going to be doing a lot of add-on
using a bleeding-edge distro such as Arch, it may development, you could add this to your Bash profile
point to Python 3 instead. If you get a Python error, to run it automatically when you start.
this is probably what caused it. You can solve this The SDK works on a directory basis, so you’ll need
by changing the first line of the cfx file in the bin to create a new directory for your add-on. This can be
subfolder to: anywhere. Once you’ve created a new directory, cd
#! /usr/bin/env python2 into it using your shell with the SDK active and run:
It will still output a warning, but should work fine. cfx init
We also require the Bash shell. Again, this is the This will create the directory structure and files
default in most Linux distros, but if you’re using a you need for an add-on. There should now be
different shell, switch to Bash for this session. subdirectories called data, lib and main, and a file
Once you’ve run this command, you should notice called package.json. From this directory, you can also
that your command line prompt has changed. use the cfx tool that’s part of the SDK to launch Firefox
Twitter lets Google track This tells you that the SDK is now running. It isn’t with your add-on enabled:
users as they view tweets permanent, so every time you start a new shell, you’ll cfx run
through Google’s Analytics. have to re-run source bin/activate to start the SDK This won’t interfere with your normal Firefox
session, so you can still use that to browse normally
while using this second Firefox instance for testing
your plugin.
Start coding
Let’s now start making an add-on. Our simple test
add-on will track which companies are tracking you as
you browse the web. Every time you load a website,
you download the text, scripts and images separately,
often from different servers. With every server you
download one of these items from, you reveal your
browser’s location. Lots of companies exploit this to
try and track people as they move around the web
then use this data to target advertising. We’ll turn this
around, and get data about who’s tracking us.
100 www.linuxvoice.com
� FIREFOX ADD-ON CODING
The first JavaScript file that Firefox loads is
lib/main.js. The SDK creates this when it initialises Google Chrome
the directory, but it leaves it blank. Typically, this file
Most major web browsers allow users If you want to develop for Chome, you’ll find
is just used to load the appropriate parts of the SDK,
to extend their functionality in one way all the information you need to get started
then hand off to other JavaScript files that are in the or another. In Google’s popular Chrome at https://developer.chrome.com/extensions.
data directory. browser, this is done through extensions. In The Opera web browser is now based on
For our add-on, we’ll need the tabs section of the many ways these are very similar to Firefox Chromium, so extensions work in much the
SDK, which enables us to interact with the web pages add-ons. They’re also written in HTML, CSS same way as with Google’s browser. Opera
and JavaScript, and also defined by a JSON has one additional API for interacting with
the user is viewing, and the self section, which just
file. However, there are different methods the Speed Dial (https://dev.opera.com/
lets us load additional scripts. Add the following to available to you to interact with the browser. extensions/speeddial.html).
lib/main.js:
var tabs = require(“sdk/tabs”).on(“load”, runTracker);
var self = require(“sdk/self”); alert(alertText);
We just need to replace the comment line with code
function runTracker(tab) { that actually locates the various people tracking us.
tab.attach({contentScriptFile: self.data.url(“tracking. To do this, you need to get the URL of every element
js”)}); on the page, then loop through these and extract just
} the domains, then assemble a list of the domains. You
This attaches data/tracking.js to pages as they are can do this with the following code:
loaded. The terminology here is a little confusing. The // add details of who’s watching
tabs part of the SDK is used for interacting with web var spyElements = document.querySelectorAll(‘img, script’)
pages rather than the actual tabs on the browser. var domains = [];
In this case, attaching a script means injecting
it into the page and running it. This script could do for(var i = 0; i < spyElements.length; i++) {
anything that a script in the page could do. That try {
includes things like manipulating the page, inserting or var domain = new URL(spyElements[i].src).hostname;
removing elements from the page and sending data }
to remote servers. catch(err) {
It’s in the tracking.js file that we’ll do all the work, so domain = null;
create this as an empty text file in the data directory. }
The first thing we need to do is create an area where
we can display information to the user. There are if(domain && domains.indexOf(domain)==-1 ) {
many ways to do this, but we’ll use a JavaScript alert. domains.push( domain );
This is a simple pop-up that will spring up every time a alertText += domain + “\n”;
page is loaded. Our tracking.js code for this is: }
alertText=”Who’s Watching you visit this page?\n” }
// add details of who’s watching
//sort by type
The document.querySelectorAll() function is used to
Our top five add-ons
get an array of all the images and scripts on the page.
Ghostery is like a super-charged version of the add-on We can get the source (src) of these, and from this we
created in this tutorial. It also gives you the ability to need to get the hostname.
block trackers, and gives you more details about some of There are a few ways of extracting the hostname
them. However, it doesn’t give details on all servers that The popular Firebug add-on
from a string in JavaScript, but the easiest is just to gives web developers extra
can see your web traffic like ours does (https://add-ons.
mozilla.org/en-US/firefox/add-on/ghostery). try and make a URL out of it. If the src doesn’t have power for debugging web
Firebug is the most popular add-on for web developers. It a hostname, this will throw an error, so we put this pages.
adds a host of features to Firefox’s already impressive
developer’s toolset (https://add-ons.mozilla.org/en-US/
firefox/add-on/firebug).
NoScript Security Suite gives you fine-grained control
over what type of scripts which sites can run. This can
increase your security, privacy and browsing speed
(https://add-ons.mozilla.org/en-US/firefox/add-on/
noscript).
Leech Block If you’re anything like us, you’re easily
distracted by the web, and can lose hours of productivity
on some sites. Leechblock is an add-on to force you to
get off those sites and back to work. (https://add-ons.
mozilla.org/en-US/firefox/add-on/leechblock).
LastPass helps you remember secure passwords to your
online accounts. (https://add-ons.mozilla.org/en-US/
firefox/add-on/lastpass-password-manager).
www.linuxvoice.com 101
� CODING FIREFOX ADD-ON
The next thing we need to do is loop through the
domains we’ve found, and for each one, we’ll put an
entry in either advertisers, others or trackers. Put the
following code at the bottom of tracking.js.
for(var i=0; i<domains.length; i++) {
found = false;
for (var j=0; j<knownDomains.length; j++) {
if (domains[i].indexOf(knownDomains[j][0]) > -1) {
found = true;
if (knownDomains[j][2] == ‘Ad’) {
if ( advertisers.indexOf(knownDomains[j][1]) == -1) {
advertisers += knownDomains[j][1] + “, “
}
}
else {
if (trackers.indexOf(knownDomains[j][i]) == -1) {
You can find loads of other
line in a try block to catch the error. If it does throw an trackers += knownDomains[j][1] + “, “
add-ons by pointing your
browser to about:add- error, we can safely ignore that element because it will }
ons. See boxout for our be on the same host as the main file and therefore }
recommendations. can’t be used to track us. }
The if statement checks that the variable domain }
isn’t null, and that it isn’t already in the domains
array (we don’t want to report each domain more if (found == false) {
than once). If the domain passes this test, we add it others += domains[i] + “, “;
to the domains array, and add it to the string that is }
displayed on the screen. }
You can test this out by saving the above to
tracking.js, then running cfx run in the root directory alertText += “\n**Advertisers**\n” + advertisers +
of the add-on. You should now be able to browse the “\n**Trackers**\n” + trackers + “\n**Others**\n” + others;
web and see who’s spying on you.
alert(alertText);
Let’s tidy it up a bit
This works, but it’s not a very friendly way of This does everything we need, so you can test it
outputting the information. After all, domain names with cfx run.
may not mean all that much to you. Unless you
happen to know who a Getting interactive
“We have a working add-on particular domain
belongs to, and what
At this stage, we have a working add-on that lets you
know who’s watching you as you browse online. It
that lets you know who’s they use it for, you can’t could use a little more data on which domains are
watching you as you browse .” know if there’s a problem
or not.
trackers and advertisers, but otherwise it works.
However, it is a little invasive, and when surfing you
The next part we’ll don’t always want a pop-up on every new page.
add will sort out some of the most popular domains. Rather than automatically injecting the code into
We’ll split them up into Advertisers (companies that every page, you can add a button that just runs this
make money out of selling advertising), Trackers script on the current page whenever it’s pressed. This
(companies that make money out of profiling people’s
browsing habits), and Others (domains we haven’t Themes
been able to classify).
Themes are another form of Firefox add-on. They don’t add
First we need to set up the data:
any functionality, but they do make the interface look better
var advertisers = “”; (or at least different). The simplest way of creating a theme
var others = “”; is with a lightweight theme. These don’t have as much
var trackers = “”; scope as full themes, but they also don’t require any coding.
var found = false; You just select the images you want and fill in a few details.
There’s information on getting started with this at https://
var knownDomains = [[‘google’, ‘Google’, ‘Ad’],
add-ons.mozilla.org/en-US/developers/docs/themes.
[‘doubleclick’, ‘DoubleClick(Google)’, ‘Ad’], Complete themes allow you to interact with the interface
[‘facebook’, ‘Facebook’, ‘Ad’], XUL (an XML grammar that controls the layout) using
[‘adnxs’, ‘AppNexus’, ‘Tr’]]; CSS. This way you can modify the GUI in far more ways
Here, we’ve just included four domains to keep the than adding simple images, however, it is more involved
than a lightweight theme. You can find out more at https://
code short, but we could easily include as many as we
developer.mozilla.org/en-US/docs/Building_a_Theme.
know about.
102 www.linuxvoice.com
� FIREFOX ADD-ON CODING
enables the user to leave the add-on running, but only
see who’s tracking their browsing when they want to. Useful parts of the SDK API
To do this, we’ll need another API: ui/ActionButton. In our sample add-on, we’ve only interacted the request than you would have if you
This puts an icon button in the main bar that you can with a few parts of the SDK. The full API is used JavaScript to simply fetch the
use. The first thing you need for this is an icon for the far more complete. Here are some of the resource.
button. There are loads of sources of icons around most useful parts. simple storage: If you need to store data
add-on-page: This is where you can create between browser sessions, then this is the
under different licences. We like the eyeball icon
an about page for your add-on. API you need.
from https://www.iconfinder.com/icons/126581/ panel: These are like the JavaScript alerts tabs: You’ve seen how it can be used to
eye_eyeball_view_icon. You’ll need it in sizes 16x16, that we used in the sample add-on, but let inject scripts into web pages, but this API
32x32 and 64x64 in PNG format. These can all be you include HTML so they are more useful can also pull information from pages, or
downloaded from the above website. The icons are if you’ve got complex information to interact with them in other ways.
display, or want to include pictures. ui: In our example, we used this to add a
by Timothy Miller and released under the Creative
notifications: Another type of pop-up. button to the user interface, but it can also
Commons Attribution Share Alike licence, so you’re These are desktop notifications that pop be used to add other things such as a
free to use them as long as you credit the creator and up to alert the user to some event. In toggle button, a frame, a toolbar or even a
release any changes under the same licence. Linux, they use libnotify, so the whole sidebar.
Grab the images, and save them as icon-16.png, appearance will depend on your desktop io/file: As you can probably guess from the
environment. name, this is the API for interacting with
icon-32.png and icon64.png in the data folder of your
request: This is the API for making HTTP the filesystem. It allows you far more
add-on. The button is added in main.js. Change this to requests. It allows you more control over control than would usually be possible.
the following:
var self = require(“sdk/self”); This uses the same attach() method that we used
var buttons = require(‘sdk/ui/button/action’); earlier, but instead of doing it to each tab when they
var tabs = require(“sdk/tabs”); loaded, we do it to the active tab when the button is
pressed. With this added, you can use cfx run to start
var button = buttons.ActionButton({ Firefox with the new version, and you should be able to
id: “track”, inspect who’s spying you in the currently active tab by
label: “tracker”, clicking on the eye icon.
icon: {
“16”: “./icon-16.png”, Packaging our add-on
“32”: “./icon-32.png”, We’ve now finished coding and the only thing left to
“64”: “./icon-64.png” do is package the add-on so we can distribute it.
}, All the information about the add-on is in the
onClick: handleClick packages.json file in the add-on directory. You can
}); edit this to add the appropriate information like this:
To add an action button, all you need to do is bring {
in the appropriate part of the SDK, then set the button “name”: “LVPrivacy”,
up with an id, label and icon set. The line onclick: “title”: “Linux Voice Privacy”,
handleClick tells the add-on which function we want “id”: “jid1-jBER4uLTx3qzfQ”,
to run when the user clicks on the icon. This function “description”: “See who’s spying on your web browsing”,
also needs to be added to the main.js file as well with: “author”: “Ben Everard”,
“license”: “MPL 2.0”,
function handleClick(state) { “version”: “0.1”
tabs.activeTab.attach({ }
contentScriptFile: self.data.url(“tracking.js”)});
} You can change these for your own add-on.
There are full details about what can go in this file at
https://developer.mozilla.org/en-US/Add-ons/SDK/
Tools/package_json.
The final thing is to use cfx to package your file as
an XPI that can then be installed in Firefox just like any
other add-on. This is done with:
cfx xpi
This will create a file with the XPI extension which
you can then install in Firefox by going to Tools >
Add-Ons > The settings menu in the top right corner >
Install Add-On From file.
Ben Everard is the best-selling author of Learning Python With
The add-on SDK is well documented at https://developer.
Raspberry Pi. He hacks robots for fun.
mozilla.org/en/Add-ons/SDK.
www.linuxvoice.com 103
� CODING NINJA
CODE NINJA:
TUTORIAL
NOSQL
When data gets big, get NoSQL – it’ll future-proof your project
BEN EVERARD
and enhance your job prospects too!
B
efore we take a look at NoSQL databases, let’s
WHY DO THIS? first consider databases in general. Broadly
• Understand how huge speaking, a database is anything that can
databases handle
billions of transactions. store and retrieve data. Most of the common
• Gain the flexibility of not databases use Structured Query Language (SQL) to
having a schema. access and manipulate this data. SQL databases are
• Use the trendiest in the relational class of database. In relational
database in town. databases, everything is stored in tables, and there are
links between these tables known as keys. Each table
has a series of columns, and each column has a data
type associated with it.
As a quick example, a shop may have a database
with tables for customers, orders, invoices, and stock.
If you needed to know what items a particular
customer had bought, you’d need to link the relevant
rows from all the tables to build up a picture of what
was going on. SQL makes this linking of the tables
MongoDB’s JavaScript Shell enables you to create simple
very easy. Splitting data up this way means that data
programs that interact with the database.
isn’t duplicated, and so can be easily updated. For
example, in this example, a customer’s address can
be stored in one table and NoSQL can refer to any database that doesn’t use
“There are some areas in automatically linked to all
orders. This means you can
SQL, but it’s generally used to refer to schema-less
databases. These basically consist of one big pot
which relational databases easily find out the current into which you can put any data you want regardless
are struggling to keep up.” address for a customer on
an old order.
of its format. These are sometimes known as
document stores.
Relational databases
have served the computing world well for a few Introducing MongoDB
decades; however, the computing world is changing We’ll look at one of the most popular of the document
and there are some areas in which these old- stores, MongoDB. In this database, data is stored in
fashioned databases are struggling to keep up. JSON-style documents. Each document can be put in
Size Once a database gets too big to store on a the store regardless of what format it’s in.
single machine, it becomes complex to store it in a To try this out, you’ll first need to install MongoDB. In
relational database. Ubuntu and derivitives, it’s in a package called
Performance At very high transactional levels, the mongodb, so you can grab it with:
overhead of linking tables together can slow down sudo apt-get install mongodb
the database. Once that’s finished, you can run it with:
Flexibility Changing the table structure can be a mongo
complex procedure. This will drop you into the MongoDB shell. It uses a
At this point, we should say that the above points stripped-down version of JavaScript that you can use
are only relevant in the most extreme cases. to build software, but we won’t deal too much with
Relational databases can be very big, very fast (and a that. As a quick example, we’ll add and retrieve a
little flexible). Unless you’re trying to push the couple of items in completely different formats:
boundaries of what your hardware can do, a relational db.test.save({writer: “Ben”, title: “Code Ninja: MongoDB”})
database will probably serve your needs well. db.test.save({issue: “11”, mag: “Linux Voice”})
However, if you’re starting a new company and db.test.find();
hope to be the next Google or Facebook, how do you This automatically creates a database called test,
ensure that your database will scale to a few billion then puts two entries in it. The final line retrieves them
users? The answer is NoSQL. Technically speaking, from the database.
104 www.linuxvoice.com
� NINJA CODING
You can also grab particular entries by adding
parameters to the find function. For example:
db.test.find({writer: “Ben”});
As you can see, the fact that it is schema-less
means you can store and retrieve any information.
This means that if your requirements change, you can
just put different information in. On the other hand, it
means that you can’t always be sure what format the
data coming out will be. This can have advantages for
all sorts of projects. It means you can just start coding
your hobby project, and not have to worry about the
overhead of changing the design should you with to,
and it also means that a multi-million dollar Internet of
Things project won’t be rendered obsolete in six
months when a new device comes out and needs to
store different data.
Linking documents
The concept of linking tables isn’t completely gone.
Even though there are no tables, you can still
reference other bits of data in MongoDB. Unlike in
relational databases, MongoDB gives you a choice.
You can do this by linking documents or embedding
them. Linking documents works in a fairly similar way
to linking tables in relational databases. You just
include the document index of one document in You don’t have to install MongoDB to try it out. There’s a web-based version (with a
another. Embedding is different. When you embed one tutorial) available at http://try.mongodb.org.
document in another, you make a copy of the first
document inside the second one. This means that the Not only can MongoDB perform a query faster on a
database takes up more space, and it also means that particular piece of hardware, but it can also spread the
if you update the first document, the second load across hardware better. Typically, getting better
document won’t get updates as well. However, it also performance out of an SQL database means buying a
means that any queries returning the document will faster computer to run it on. This is known as scaling
be quicker because they only have to find a single up. You can get better performance out of a NoSQL
document in the store. The actual time it takes to database by running it across more computers
perform the query isn’t usually critical on its own, (scaling out). This is too complex a topic to get into in
however, it means that you can perform more queries just two pages, but briefly, scaling out makes it easier
per second on the database server than you to manage your database as load increases
otherwise could. If you’re serving billions of people (especially as it scales up to huge transaction
who each do hundreds of queries a day, this can make volumes). Again, this is something most users never
a huge difference. need to worry about because a good server is
mag = db.test.findOne({issue: “11”}); powerful enough to run a large MySQL database.
db.test.save({writer: “Ben”, issue: mag, title: “DistroHopper”}); Any readers well versed in SQL are probably reeling
db.test.save({writer: “Ben”, issue_id: mag._id, title: at some aspects of MongoDB, like embedding
“DistroHopper”}); documents. For anyone indoctrinated with the
This will create two different documents for importance of normalising data, this looks like a
DistroHopper, one which is linked with a reference (a terrible violation of all things that are important in a
manual reference in MongoDB speak), and the other is database. In many ways, it is. However, in return for
embedded. You can see the differences between violating these important principals, you get speed
them by finding them: and scalability. It’s not a tradeoff that always makes
> db.test.find(); sense, but there are occasions when this flexibility can
{ “_id” : ObjectId(“545e4058035f3795183110d2”), “issue” : “11”, be important.
“mag” : “Linux Voice” } Perhaps the most compelling reason to learn
{ “_id” : ObjectId(“545e44b9e4d4d3f214c587f5”), “writer” : NoSQL though is the job market. Currently jobs.com
“Ben”, “issue_id” : ObjectId(“545e4058035f3795183110d2”), lists NoSQL as the second best trending skill in the
“title” : “DistroHopper” } jobs market. What’s more, if you’re still near the start
{ “_id” : ObjectId(“545e44e2e4d4d3f214c587f7”), “writer” : of your career, you won’t be competing for jobs with
“Ben”, “issue” : { “_id” : ObjectId(“545e4058035f379518311 anyone with huge amounts of experience. There are
0d2”), “issue” : “11”, “mag” : “Linux Voice” }, “title” : very few people with more than three years NoSQL
“DistroHopper” } experience, so it’s relatively easy to enter the field.
www.linuxvoice.com 105
� CODING GPU PROGRAMMING
FEEL THE TASTE OF
TUTORIAL
GPU PROGRAMMING
VALENTINE SINITSYN
Use your videocard for non-graphics tasks, and discover
a whole new programming paradigm.
P
eople like faster computers. Faster computers Linux kernel) always use CUDA C (unless you’re
WHY DO THIS? means more numbers to crunch per second, from Fortran camp, but we won’t discuss that here).
• Make your programs run and more importantly, fancier user interfaces Besides the language and compiler for it (LLVM-based
faster. and eye candy. For the last decade, many PCs came nvcc), the CUDA Toolkit (https://developer.nvidia.
• Discover new tools for with videocards delivering decent FPS rates in 3D com/cuda-toolkit) contains some other tools and a
day-to-day tasks. shooters and enough sides on the Compiz cube. set of libraries, including accelerated BLAS and Sparse
• Get prepared for the Wouldn’t it be cool to have a supercomputer at BLAS implementations (the de-facto standard in
computing way of
tomorrow. home? Perhaps you’d be surprised to learn that scientific computing).
you already do (almost). Graphics Processing Units CUDA is non-free (as in speech). There is also
(GPUs) on videocards have many (up to thousands) OpenCL – an open heterogeneous (another term to
computing cores, come with fast memory, are describe CPU+GPU code) computing specification
optimised for number crunching, and are parallel from baked by the Khronos Group. They also maintain
the ground up. Sounds like a supercomputer to us! OpenGL, and there are certain similarities between
these two technologies. Where CUDA relies on
Early days language extensions, OpenCL is more like a
In the early 2000s, researchers realised that massively conventional library with API calls. It’s also vendor-
parallel GPU architecture works perfect for some neutral: OpenCL is available for AMD, Intel, Nvidia and
scientific problems (eg molecular dynamics). In those some others, and supports not only GPUs but also
days the only available interface to a GPU was multi-core CPUs and specialised hardware. However,
OpenGL (or DirectX, for Windows folks). So you OpenCL implementations aren’t necessarily open: say,
needed to express the solution in terms of pixel Beignet (for Intel integrated graphics) is free, while
shaders and texture coordinates. This became known AMD’s APP SDK for AMD/ATI videocards isn’t.
as GP (General Purpose) GPU computing, and this OpenCL and CUDA coexist peacefully: the former is
term is sometimes applied to later technologies as a way to make ideas behind the latter (historically the
well. GPGPU was clever, but neither versatile nor first) a formal standard. Nvidia supports it, and many
convenient, so Nvidia’s CUDA was born in 2007. applications come both in CUDA and OpenCL editions.
CUDA stands for Compute Unified Device CUDA and OpenCL provide a two-level hierarchical
Architecture, and it is meant to provide uniform view on the GPU’s computational resources. At the
access to Nvidia GPUs (or “devices”) for general lowest level is the basic entity that executes a kernel –
purpose computations. CUDA programs (by called a “thread” in CUDA or a “worker item” in OpenCL.
convention, they carry a .cu suffix) are written in These are combined in three-dimensional “blocks” or
Nsight provides complete
Eclipse-based IDE for CUDA C/C++, which is essentially a C language with two-dimensional “worker groups”. There is an upper
CUDA programming, extensions. You can use other languages as well, limit on the number of threads per block (512 or 1024
including interactive but functions to be executed on the GPU (called in CUDA, depending on your card’s age). Finally, blocks
debugger. “kernels” in CUDA parlance; don’t confuse them with and worker groups are combined in a “grid” (CUDA) or
“index space” (OpenCL). Many programs use one-
dimensional blocks and 1x1 grids, which makes up for
a simpler geometry.
A silly example
CUDA and OpenCL make GPUs accessible for general
computing, but this approach also has some
limitations. First, the amount of RAM available on
many videocards is not very large (somewhere in the
region of 4GB is pretty common) or easily extensible.
Second, early GPUs (prior to CUDA 1.3, or around
2009) lacked support for double-precision floating
point arithmetics. Even where available, it’s much
slower than single-precision. And there are some
106 www.linuxvoice.com
� GPU PROGRAMMING CODING
tasks that suit the CPU better: GPU computing isn’t
meant to replace the CPU, but to supplement it.
Say hello to Mister Point. He lives in an unrestricted
(0,0) (1,0) An example of a two-
dimensional 3x3 CUDA
block aligned in a 2x2 grid.
two-dimensional plane (the poor guy). One day, he 0,00 ,1 ...
comes to his pointy kitchen and spots fire on the
curtains. He promptly calls 999 for the fire brigade.
As Mr Point resides in highly urbanised area, there are
loads of them around, but which one is the closest
and quickest to come? This is the question that an
... 2,12 ,2
emergency phone operator has to answer instantly.
As Mr Point is a proud resident of the large city with
many blocks, a straight distance between him and
a firehouse means next to nothing, and Manhattan
norm (the pattern of city blocks) is what we need to
consider (ignoring traffic jams for now).
This toy problem demonstrates a typical task that
is easy to parallelise. On input, we have a (presumably
long) list of fire brigade coordinates (both are pairs (1,0) (1,1)
of integers to keep things simple). Poor Mr Point is
assumed to live at (0, 0). The output is a single integer
(the distance to the closest brigade).
Developing a heterogeneous computing program is /* Put minimum distance for this block in dist[0] */
always about writing kernels and code that launches for (int j = blockDim.x / 2; j > 0; j /= 2) {
them, and waiting for the result (besides other things, if (t < j && dists[t] > dist[t + j])
of course). Let’s implement ours for both CUDA and dist[t] = dist[t + j];
OpenCL, using different host-side languages to feel __syncthreads();
the difference. }
We start with CUDA kernel. For convenience, we
declare struct coord (not shown here) which is a pair /* Update global minimum distance, if ours is smaller */
of integers. if (t == 0)
#define N (1024 * 1024) atomicMin(closest, dist[0]);
#define THREADS_PER_BLOCK 512 }
__global__ designates the function as a kernel that is
__global__ void find_closest(struct coord *coords, int *closest) callable from the host; there is also the __device__
{ attribute for GPU-only visible functions, and __host__,
int i = blockDim.x * blockIdx.x + threadIdx.x, t = threadIdx.x; which is implicit and is used for the host-only code.
__shared__ int dist[THREADS_PER_BLOCK]; A built-in threadIdx.[xyz] variable is the block-local
thread identifier. Similarly, blockIdx.[xyz] locates
/* Calculate the distance */ that block in a grid, and blockDim.[xyz] stores the
dist[t] = abs(coords[i].x) + abs(coords[i].y); block size in each dimension. For one-dimensional
geometries, only the .x part of these variables is used.
__syncthreads(); Each thread calculates the distance for a given
fire brigade and stores the result in the dist[] array,
Obtaining the tools which is shared between all threads in a block (hence
the __shared keyword). Then the array is “reduced”
CUDA is (unfortunately) proprietary, but Nvidia maintains to find the block-local minimum (ie the smallest
repositories for major distros, including Red Hat and distance among computed distances in the current
family, SUSE, and Debian/Ubuntu. Download and install the block). Before the reduction starts, we must ensure
repository configuration files (available as Deb or RPM) then
that all threads in a block have calculated the distance
add the software through your package manger.
OpenCL is available from different vendors, and and dist[] is fully filled. This is what __syncthreads()
installation methods differ as well. With some, you may be (known as a barrier) is for. We also need a barrier at
lucky enough to find the required libraries in your distro’s each reduction iteration to guarantee the array is in
package repositories. For others, you may need to download consistent state.
a tarball or an unofficial package.
The way we find a block-local minimum isn’t
Either way, pay attention to system requirements. CUDA
and OpenCL integrate tightly with host-side tools (gcc and straightforward. We are iteratively taking pairs of
alike). Although you may be able to run them on a system values and putting the smaller one at a lower index,
that isn’t officially supported (I do), I’d recommend you stick until the minimal value is written to dist[0]. The reason
to the vendor-approved list for production. Red Hat, SUSE, for this complexity is that GPU is a variant of SIMD
Debian and friends are usually on it. You’re also likely need (Single Instruction – Multiple Data) architecture, and
to install a proprietary graphics driver.
multiple threads (32 in current CUDA devices) are
www.linuxvoice.com 107
� CODING GPU PROGRAMMING
cudaMemcpy(&min_dist, dev_min, sizeof(int),
The Manhattan (or taxicab)
cudaMemcpyDeviceToHost);
norm is an easy way to
printf(“Mr. Point is at (%d, %d) and the closest brigade is %d
measure distance in a
rectangular street grid. units away\n”, 0, 0, min_dist);
y2 free(coords);
cudaFree(dev_coords);
cudaFree(dev_min);
y1 return 0;
}
Launching kernels with CUDA is a three-stage
process. First, input data is copied from the host
(main RAM) to device (GPU global memory). They
are separate memories, and the cost of the copying
x1 x2 (although relatively small) should always be kept in
mind. Then, the kernel is launched. Finally, the results
are copied back from device to host memory.
running the same instruction but on different input func<<<N, M>>>(args) is a special syntax for kernel
data. If two threads “diverge”, that is, need to run two launch. It schedules the kernel on N one-dimensional
different instructions (as with many native reduction blocks M threads each (1x1 grid assumed). There
implementations), it is done in two passes and is also an advanced syntax to run kernels on
negatively affects the performance. The algorithm multidimensional blocks and larger grids – consult
above is the standard way to minimise thread the CUDA Toolkit Documentation for details. Here, the
divergence. This being said, the example’s code aims 1M coords array is equally split between 2048 blocks
at expressiveness, not the speed. 512 threads each. Both values have architecture-
Finally, if block-local minimum is smaller than defined limits, and you should play with them to see
current ‘closest’ value, the latter is updated. This way, how it affects the performance.
the smallest per-block distance becomes the result. As we are working with C, memory management is
The first thread in a block (whose threadIdx.x is 0) manual, and you shouldn’t forget to allocate buffers
does this, however we can’t simply use if (dist[0] < for input and output data and free them when they are
*closest) *closest = dist[0] here. The reason is that no longer needed.
thread #0 in another block can interleave between the Now, you can compile and run the program with:
check and the assignment. To prevent the race, one nvcc -arch sm_20 mrpoint.cu
should use atomic operations, like atomicMin() above. ./mrpoint
Mr. Point is at (0, 0) and the closest brigade is 8 units away
Launching kernels It is recommended that you explicitly set the device
Now, let’s turn to the host-side code that launches the architecture to match your card’s capabilities (CUDA
kernel. To feel the full taste of CUDA, we’ll do it in 2.0 here), otherwise you may encounter weird bugs.
native C:
int main() The OpenCL way
{ Let’s now see how the same example can be rewritten
struct coord *coords, *dev_coords; the OpenCL way. To make things more interesting, we
int min_dist = INT_MAX, *dev_min, size = N * sizeof(struct also switch from C to Python for the host-side.
coord);
OpenCL vs CUDA
coords = (struct coord *)malloc(size);
random_coords(coords, N); Choosing between OpenCL and CUDA is much like deciding
on OpenGL vs DirectX. CUDA is somewhat simpler but
Nvidia-only. OpenCL requires more work, but enjoys wider
cudaMalloc((void **)&dev_coords, size); vendor support. The downside of this diversity is that it is
cudaMalloc((void **)&dev_min, sizeof(int)); harder to optimise your code for each particular device, but
you should be able to achieve the same performance with
cudaMemcpy(dev_coords, coords, size, CUDA and OpenCL on the same hardware. There are some
discrepancies in feature set (mostly minor), and CUDA has
cudaMemcpyHostToDevice);
somewhat more advanced tools.
cudaMemcpy(dev_min, &min_dist, sizeof(int), For in-house application targeting Nvidia hardware,
cudaMemcpyHostToDevice); we’d probably choose CUDA because of its features and
consciousness of API. For a less biased comparison,
find_closest<<<N/THREADS_PER_BLOCK, THREADS_PER_ visit Andreas Klöckner’s (the maintainer for both PyCUDA
and PyOpenCL) wiki page at http://wiki.tiker.net/
BLOCK>>>(dev_coords, dev_min);
CudaVsOpenCL.
108 www.linuxvoice.com
� GPU PROGRAMMING CODING
For OpenCL, the kernel looks almost the same:
__kernel void find_closest(__global struct coord *coords, __
global int *closest)
{
int i = get_global_id(0), t = get_local_id(0);
__local int dist[THREADS_PER_BLOCK];
dist[t] = abs(coords[i].x) + abs(coords[i].y);
barrier(CLK_LOCAL_MEM_FENCE);
for (int j = get_local_size(0) / 2; j > 0; j /= 2) {
if (t < j && dist[t] > dist[t + j])
dist[t] = dist[t + j];
There are specialised
barrier(CLK_LOCAL_MEM_FENCE); THREADS_PER_BLOCK in). There were no stringified
massively parallel
} sources in CUDA thanks to nvcc, but with PyCUDA it accelerator boards, like
would look similar – consider reading external files if it Intel Xeon Phi, or Nvidia
if (t == 0) doesn’t look neat. PyOpenCL integrates with NumPy, Tesla found in this author’s
atom_min(closest, dist[0]); and we use numpy.array for data exchange. new server. They are fully
} To execute a kernel, you call a method on the supported by CUDA and/or
Underscored markers look a bit different, and we program object. The parameter list contains the OpenCL.
need to explicitly say that the arguments come from global and local sizes and the kernel’s arguments.
global memory. Instead of built-in variables, functions Note that the global size is the total number of worker
are used to get indices (also note that OpenCL items in OpenCL (not blocks, as in CUDA), and we
provides a direct way for this with no maths involved). could choose to pass None later if we wanted the
__local declares worker group shared memory, runtime to choose the appropriate local size for
and barrier() creates a barrier (we synchronise us. To get the result, we explictly enqueue the copy
local memory access only, as it is where dist[] is). operation. Mr Point’s trouble was, of course, a simple
Otherwise, the kernel stays pretty the same. example. However, with some generalisations it may
Launching it, however, is more involved process, form a building block for a more complex task like
although PyOpenCL hides some complexity. classification or character recognition.
Compared to CUDA, OpenCL provides no high-level
API – that’s the price to be paid for flexibility and Everyone’s covered
multivendor support. At this point you may think: “GPU’s benefits for
import numpy as np scientific computing are clear, but I’m not into it, so
import pyopencl as cl why should I care?” Glad you asked. While the APIs
certainly target writers of high-performance code,
N = (1024 * 1024) there are tools ready that are useful for non-
THREADS_PER_BLOCK = 256 programmers as well.
ctx = cl.create_some_context() Administrators can secure their networks with
queue = cl.CommandQueue(ctx) Suricata IDS/IPS (http://suricata-ids.org), which
program = cl.Program(ctx, kernel_src).build() uses CUDA to speed up protocol, file etc detection in
coords = np.random.randint(-8192, 8192, size=(N, 2)). network traffic. You still need a decent network card
astype(np.int32) to capture packets quickly, but GPU processing will
min_dist = np.array([2147483647]).astype(np.int32) help you to discover potential threats faster. There
mf = cl.mem_flags are also many WPA/ZIP file/whatever else password
dev_coords = cl.Buffer(ctx, mf.READ_ONLY | mf.COPY_HOST_ recovery utilities: a tool like Hashcat (http://hashcat.
PTR, hostbuf=coords) net) would certainly have improved your chances of
dev_min = cl.Buffer(ctx, mf.READ_WRITE | mf.COPY_HOST_PTR, winning the LV’s Password Cracking Challenge. There
hostbuf=min_dist) are other legitimate uses for these tools but keep in
program.find_closest(queue, (N,), (THREADS_PER_BLOCK,), mind that are in the bad guys’ arsenal as well, and
dev_coords, dev_min) don’t forget to use strong passwords (run some of
cl.enqueue_copy(queue, min_dist, dev_min) these password crackers on your password file to see
print “Mr. Point is at (%d, %d) and the closest brigade is %d units if you are already in danger).
away” % (0, 0, min_dist) GPU computing has many other applications in
First, we obtain a context encompassing all medicine, engineering and even finance, and we’ll
OpenCL devices in the system. PyOpenCL provides certainly see more in the future. Stay tuned!
a convenient wrapper for this. We also need a queue
to push commands to the OpenCL driver. Then the Dr Valentine Sinitsyn spends half of the day in university
program is built; kernel_src is a string containing where he teaches students physics and diagonalizes large
matrices.
its source (you could use string formatting to pass
www.linuxvoice.com 109
� MASTERCLASS ENCRYPTION
MASTERCLASS
You wouldn’t want other people opening your letters and
BEN EVERARD your data is no different. Encrypt it today!
CIPHERSHED: ENCRYPTION
FOR EVERYONE
TrueCrypt lives on as CipherShed, so it’s still really easy to protect your valuable data.
E
verybody has something to hide. It might be a
JOHN LANE little more mundane than what our
governments get up to but, to each of us, that
something is important and valuable enough to
protect. It could be your personal finances, or perhaps
that new app or book you’ve been working on. If your
laptop were stolen, it would be pretty useless if your
precious data were encrypted. The good news is that
it’s easy and, this month, we show you how.
One of the best freely available encryption tools over
the past decade was TrueCrypt. It provided on-the-fly
filesystem encryption and was a cross-platform
PRO TIP
solution that worked, not only on Linux, but on
Truecrypt / Cyphershed
Windows and Mac OS X too.
requires root privileges. If
you can “sudo” then you’ll Back in May, TrueCrypt as we know it ceased to
be ok. exist. Its SourceForge site was replaced with some
basic pages claiming that it is “insecure and may CipherShed’s goals include a secure audited codebase
contain unfixed security issues”. It now only provides that is released under an OSI-approved licence.
guidance for migrating away, and the only download
available is for version 7.2, a limited functionality can install the current development version from its
version that can only decrypt. However, general GitHub repository. It’s based upon and named
opinion is that these claims are unfounded and the similarly to TrueCrypt version 7.1a. There are
original developers just asserted their right to kill the instructions for installing on Debian-based distros,
product. But the free software community is making and Arch Linux users can build it from a package in
sure that the story doesn’t end there. the Arch User Repository. Here’s what you need to do
The latest news is, of course, that TrueCrypt has if you’re on Ubuntu or another Debian-based distro:
been forked and is moving forward as CipherShed; you $ sudo apt-get git build-essential
$ sudo apt-get install libwxgtk2.8-dev nasm libfuse-dev
$ git clone https://github.com/CipherShed/CipherShed.git
AES new instructions $ cd CipherShed/src
If your computer has a recent Intel or AMD processor then it $ LIBS=”-ldl” make
may support AES-NI. This is a set of new x86 CPU $ sudo install -m755 {Main,/usr/bin}/ciphershed
instructions that provide hardware-accelerated AES So, what’s it all about? Well, you get very
encryption, allowing encryption tasks to be performed four
to eight times faster.
straightforward encryption tools that you can
Support for AES-NI was introduced with TrueCrypt configure using a GUI or command line interface.
version 7.0. You can check whether your system supports it They make encrypted filesystems either on real disks
by looking at Settings > Preferences > Performance. If you or partitions, or as virtual disks contained within a file
have support but prefer not to use a proprietary encryption and mounted as a real disk. It claims to offer plausible
mechanism then you can disable it on the same screen.
deniability by creating volumes hidden undetectably
110 www.linuxvoice.com
� ENCRYPTION MASTERCLASS
Plausible deniability
People keen on privacy and encryption are protected within the hidden volume,
well aware that the weak link is the person. affording plausible deniability in the event
You can have the strongest keys but they that it should be necessary.
won’t protect you from being forced to reveal
them. Being able to reveal a fake key in such
scenarios is attractive and a TrueCrypt
hidden volume enables you to do just that.
A hidden volume is created within the free
space of a normal volume in such a way that
it cannot be detected. Each has different
passphrases and the volume that gets
Moving your mouse rapidly provides entropy, which is mounted is selected by the given
used to generate encryption keys. passphrase. This feature would allow
someone under duress to give out the normal
within others and can even boot operating systems volume passphrase, allowing access to Hidden volumes offer an added layer
hidden in this way. whatever seemingly important files were of protection – just be careful not to
This is transparent encryption. Once you set up and
placed there while leaving the true secrets overwrite it.
mount an encrypted volume, you use it just like any
other. Copy files there, work on them, edit them, delete The final pages set the volume’s size and password
them. Do whatever you would do with unencrypted (this can be a passphrase – using single words is
files. All the while, the encryption happens in the insecure). You can also use keyfiles to enhance
background. Once you unmount the volume, the data security. These are just normal files that can be on
inside is secure. your hard drive or removable media. The first 1024
kilobytes of each key file is considered as part of the
Your first encrypted volume passphrase that is required to unlock the volume (you
Begin by typing truecrypt or ciphershed at a should therefore only choose files that won’t change).
command prompt to start the GUI. Press the Create You can leave the password field empty if you use
Volume button to launch the Volume Creation Wizard. keyfiles, although it’s less secure if you do. The final
This offers two choices – you can either create an choice you have is the encrypted volume’s filesystem
encrypted file container (a virtual encrypted disk and this can be Windows FAT format or Linux ext2–4.
within a file), or you can create a volume on a You then land on the Volume Format screen, which
partition/drive – essentially any valid block device that will compute a volume key before formatting. It invites
you can create a filesystem on. you to move your mouse around as a way of
The first option is best to experiment with; select it gathering entropy for the key.
and press “Next” to proceed. Now choose between a
standard or hidden volume. Choose a standard Favourite mounts
volume and, on the following page, a location for it. You need to mount devices before you can use them.
You’re then offered the choice of several encryption The Volume section of the main window is where you
and hashing algorithms, but the defaults offer an select a file or device and use the Mount button to
appropriate balance between speed and security. If mount it. This is when you need to supply the pass
you’re paranoid, choose a stacked scheme like phrase and any required key files. Once the device is
“AES-Twofish-Serpent” – these apply multiple mounted, it’s accessible as a subdirectory of /media PRO TIP
algorithms one after the other but result in slower and you use it like any other filesystem. You can download the
read/write times. You can optionally cache the passphrases and key TrueCrypt 7.1a User’s
Guide PDF http://bit.ly/
files in memory to avoid having to re-enter them on tc71a_ug.
successive mounts. The cache only persists while the
Also consider...
encryption driver is running. You close the CipherShed
There are other TrueCrypt derivatives besides CipherShed GUI by pressing its Exit button. If you have mounted
that you may also like to try.
volumes, CipherShed goes into the background and
VeraCrypt contains enhanced security algorithms that,
the developers claim, make it immune to new developments presents itself as a taskbar icon that you can use to
in brute-force attacks and solves vulnerabilities found in re-open the main window or quickly mount/unmount
TrueCrypt. These enhancements, however, mean its storage favourite volumes via a right-click pop-up menu.
format is incompatible with TrueCrypt. Read more on their CipherShed terminates if you exit when there are no
website at http://sourceforge.net/projects/veracrypt.
mounted volumes in place.
Realcrypt is essentially TrueCrypt with the branding
changed. It’s available for Fedora users in the RPM Fusion TrueCrypt has, for a long time, been one of the
repository http://rpmfusion.org/Package/realcrypt. easiest ways to use some of the most secure
Tcplay is a free BSD-licensed command-line TrueCrypt methods available for encrypting sensitive data.
implementation based on the Linux kernel’s dm-crypt CipherShed aims to continue that legacy and should
device mapper (https://github.com/bwalex/tc-play). It is
mean that we’ll be able to continue securing our data
compatible with TrueCrypt volumes.
with an easy-to-use GUI desktop application.
www.linuxvoice.com 111
� MASTERCLASS ENCRYPTION
KEEP YOUR DATA SAFE
WITH ENCRYPTION
Linux has baked-in encryption capabilities. Use them or regret it when your laptop gets stolen.
T
he Linux kernel has a feature called a device
JOHN LANE mapper. It allows virtual block devices to be A block device in a file
created that are based on other block devices, You aren’t restricted to real block devices – you can create
and there’s a device mapper module called dm-crypt an encrypted volume in a regular file. To do this, just create
that we can use to create encrypted block devices. a file of whatever size device you want:
The device mapper allows devices to be stacked. $ head -c 100M /dev/urandom > /path/to/myvolume
You can, for example, create RAID or LVM devices and You can then use the file’s path wherever cryptsetup
expects a device.
then encrypt them. You can also do it the other way
around. You need userspace tools to work with the
dm-crypt kernel module. The primary one, cryptsetup, $ cryptsetup luksFormat /dev/mydevice
is used to administer encrypted volumes and requires The default cipher that you get depends on the
root privileges. The other tool is cryptmount; it allows version of cryptsetup that you have. Since version
unprivileged users to mount encrypted volumes. 1.6.0, this is aes-xts-plain64, where aes is the cipher
Encrypted volumes can either be formatted or raw. and xts is the chaining mode that affects how the
Formatted volumes contain metadata that describes cipher is applied to subsequent blocks of data. xts is
PRO TIP the encrypted payload, whereas raw volumes are just an improvement over the cbc mode used by prior
The LUKS default header encrypted disk blocks. Use of raw volumes requires versions. Go with the defaults unless you have reason
size of 2MB maintains
things like cipers, keys, etc, to be provided as to change them; you can specify an alternative with
sector alignment of the
LUKS volume with the command line parameters; they should be considered the --cipher command line argument.
underlying device. LUKS as an expert-level option. So far, we have an encrypted block device but it
uses 512-byte blocks.
The standard volume format on Linux is called needs to be opened (you’ll be asked for the pass
LUKS – the Linux Unified Key Setup format. phrase). You can can then put a filesystem onto it and
Cryptsetup also supports the TrueCrypt format. The mount it:
LUKS format uses a header at the start of the volume $ cryptsetup open /dev/mydevice myvolume
PRO TIP that contains metadata including cipher details and $ mkfs.ext4 /dev/mapper/myvolume
eight key-slots. You can have up to eight different $ mount /dev/mapper/myvolume /mnt
Earlier cryptsetup
versions required salted, hashed and changeable pass phrases that myvolume is how the device mapper will identify
luksOpen and luksClose decrypt a master key to unlock the data payload. the unlocked device; you can use any meaningful
instead of open and LUKS automatically configures non-default dm-crypt label. To take an encrypted filesystem offline,
close.
parameters to make it more secure. The format unmount and then close it:
occupies a header that can consume between 1 and $ umount /mnt
2MB of the volume’s capacity. $ cryptsetup close myvolume
Begin by installing the userspace tools; your distro
should carry them in its package repository: Boot configuration
$ sudo apt-get install cryptsetup cryptmount You can automatically unlock encrypted devices when
We’ll begin by using cryptsetup to format a block your system boots. The encrypted device table is a file
device with LUKS. called /etc/crypttab that is similar to the /etc/fstab
used for mounts. You specify four things: a device
mapper name, the device path, an optional key file (or
just “none”) and options. Use the “luks” option to
specify the format:
myvolume /dev/mydevice none luks
The listed volumes will be opened at boot time and
this will require entry of the pass phrases. An
alternative to passphrase entry is to store it in an
appropriately secured key file:
$ sudo echo -n ‘my secret passphrase’ > /root/keyfile
$ sudo chmod 0400 /root/keyfile
Choose an appropriate cipher: an encrypted bitmap can reveal cryptographic You can, if you want, use a more complex key now
weaknesses. that it won’t need to be manually entered. It’s
112 www.linuxvoice.com
� ENCRYPTION MASTERCLASS
customary to use a large blob of random data:
$ head -c 4096 /dev/urandom > /root/keyfile Use TrueCrypt volumes with cryptsetup
Specify the key file in /etc/crypttab instead of Cryptsetup has been able to open TrueCrypt volumes since
“none” and add it to the LUKS header – you’ll need to version 1.6. You just need to specify the volume type:
enter an existing passphrase to unlock it before the $ cryptsetup open --type tcrypt /path/to/myvolume myvolume
new one can be added: $ mount /dev/mapper/myvolume /mnt
If you want to mount a hidden volume, add the
$ cryptsetup luksAddKey /dev/myvolume /root/keyfile
--tcrypt-hidden command-line argument and use --key-file
Once a volume is opened, it can be mounted in the if you need to specify key files.
usual way with an entry in the /etc/fstab file.
You can use /etc/crypttab for all filesystems and
swap devices. However, if you want to encrypt your you’ll have an encrypted filesystem. A file written to
root partition, then your system’s initrd will need mysecrets will be transparently encrypted and stored
cryptography support. You should refer to your distro’s in .mysecrets_encrypted:
docs for more information about this because boot $ echo “This is my secret” > mysecrets/test
PRO TIP
configurations vary. The system’s BIOS needs to read $ ls -l mysecrets
Ubuntu users can do
the boot partition, so that cannot be encrypted. -rw-rw-r-- 1 myuser users 18 Oct 20 14:08 test
cryptdisks_start
$ ls -la .mysecrets_encrypted myvolume to open a
Encrypted filesystems -rw-rw-r-- 1 myuser users 1092 Oct 20 13:58 .encfs6.xml volume in /etc/crypttab.
cryptdisks_stop closes it.
Another approach to encryption is to use Encrypted -rw-rw-r-- 1 myuser users 34 Oct 20 14:08
systemd has cryptsetup.
Filesystems. These are virtual filesystems stacked on 5gk8Df5Gk3eN0sJx1fiqPppA target.
top of existing ones. They provide cleartext read/write Notice the encrypted file is larger and has an
access to encrypted files stored in the underlying indecipherable name. There’s also a hidden file called
filesystem. Encrypted filesystems work at the .encf6.xml containing the metadata required. You use
filesystem level, whereas dm-crypt operates at the the FUSE mount command to unmount your
block level, beneath the filesystem. encrypted filesystem: PRO TIP
Two encrypted filesystems available for Linux are $ fusermount -u ~/mysecrets cat /proc/crypto lists the
eCryptFS and EncFS; the latter runs entirely in Mounting is performed using the same encfs kernel’s available ciphers
userspace (it’s FUSE-based) and, therefore, doesn’t command that was used above to create the and supported key sizes.
require elevated privileges to use it. Using EncFS is filesystem – it only creates a configuration if it doesn’t
straightforward. You specify an encrypted directory already exist. A useful thing to know is that the
where your files will be stored and an unencrypted encrypted and plaintext directories can be on different
directory where you’ll read and write them: filesystems. One useful application for this is
$ encfs ~/.mysecrets_encrypted ~/mysecrets encrypting files in cloud-based storage like DropBox:
You need to use absolute paths. Follow the you can do something like this:
instructions: select the “Pre-Configured Paranoia $ encfs ~/Dropbox/Private ~/Private
Mode” for suitable defaults or, for more control, use The other part to EncFS is encfstcl, an
the advanced mode. When your shell prompt returns, administrative tool that can display information about
an encrypted filesystem but is mostly useful to
change its password:
cryptmount volumes for unprivileged users
$ encfsctl passwd ~/.mysecrets_encrypted
The other userspace tool for dm-crypt is called cryptmount, You can also use encfsctl to access an encrypted
PRO TIP
which offers an easy way for unprivileged users to use directory without mounting it. EncFS is used by
encrypted volumes. Root privileges are required to create boxcryptor.com/classic,
an encrypted volume for an unprivileged user but that user $ encfsctl ls ~/.mysecrets_encrypted which may be handy if
can mount and unmount it without any special privileges. We’ve covered the two main ways to perform you need to access
$ sudo cryptmount-setup transparent encryption but neither suit if you just want protected directories from
other platforms.
Follow the prompts – you need to enter a volume name, to secure a single file. You can do this quickly with
username and absolute paths to a mount point and the file nothing more than OpenSSL – you can encrypt a file
that will contain the encrypted volume. Both are created
automatically and an ext3 filesystem is created inside the
like this:
file. The volume’s conifguration is written into $ openssl aes-256-cbc < plaintext > encrypted
/etc/cryptmount/cmtab and the key is securely stored in a and decrypt it
file in the /etc/cryptmount directory. You’ll also be asked for $ openssl aes-256-cbc -d < encrypted > plaintext
a passphrase to secure the key and the user will need to
The aes-256-cbc cipher gives good protection but,
enter this when mounting their volume. They do that with
cryptmount:
while this method achieves its objective, it’s more
$ cryptmount myvolume practical to use a public key infrastructure to share
Unmounting is similar: encrypted files. OpenPGP is an example of this that
$ cryptmount --unmount myvolume we’ll explore next month.
Cryptmount might be more appropriate for some
applications. Unprivileged users could, for example, have
encrypted volumes on USB sticks and be able to use them John Lane provides technical solutions to business
without help from the systems administrator. problems. He has yet to find something Linux can’t solve.
www.linuxvoice.com 113
� /DEV/RANDOM/
Final thoughts, musings and reflections
Nick Veitch
was the original editor DIY synth using
of Linux Format, a a SID chip taken
from my childhood An amazing sounding
role he played until he
Commodore 64. semi-modular Polish
got bored and went synthesiser.
to work at Canonical
instead. Splitter!
A collection envelope,
timing generators and
sequencer modules
S
o, at this time of year, there is one burning Voltage-controlled
question on everyone’s mind. I don’t mean Minimoog. I built my
whether Santa will be able to deliver a 3D own breakout box.
printer on time, but… will 2015 finally be the year
of Linux on the Desktop? A rare glimpse
of the Meeq
I’m sorry, it’s just my seasonal joke. 2015 will KDE running
generative
come and go and still analysts will tell us that Core i5 PC Bitwig Studio.
sequencer.
with 16GB of
Linux is irrelevant, nobody uses it and even Mac RAM running
OS X is more worthy of attention. Maybe, in Arch (among
some ways, they are right. I know I have long others).
since tired of trying to convert friends and
relatives to the way of Linux.
If anything, running Linux is a great get-out-of-
jail-free card for me, because at family
My Linux Setup Graham Morrison
gatherings I can truthfully deny being able to
help them with their IT problems, since I have
never run Windows 8 or seen a version of OS X
since they stopped naming them after cats. Editor of Linux Voice and creator of weird music noises.
The amusing thing is, that aside from the
desktop, Linux is not only flourishing, but open What version of Linux are you Gimp. The list is endless. But to be a little
source operating systems dominate. using at the moment? more adventurous, I launch everything
Servers have long been the mainstay of Linux I’ve been using Arch for a couple of from KDE’s Kickoff.
usage, but in emerging areas of computing, like years. But that’s not really a badge
clouds, Linux all but eclipses everything else. You of honour. I’m constantly breaking it and What do other people love but
may argue whether Android really counts as getting told off. But I do love the user you can get on without?
Linux (I would say not), but in the mobile and repository and the package management. I really don’t like most music players
tablet space it also eats the competition. – such as Amarok. I listen to quite a
But those are boring examples. A lot of the What was the first Linux setup lot of music and I just want quick access
systems run by the European Space Agency are you ever used? to audio and simplicity. I don’t want
based on their own version of Linux – it forms I tried getting Red Hat 5.1 running Wikipedia entries, lyrics and VU meters.
part of the standard software deployment for on a Commodore Amiga and gave
remote experimentation. Even better, a lot of the up when I couldn’t get X to work. After Is there one single piece of
Antarctic ice shelf was just measured by this that, it was Mandrake 6.0 on a PC a proprietary software you wish
(www.whoi.edu/page.do?pid=21140) – an couple of years later. were open source?
autonomous underwater vehicle that runs on Adobe’s InDesign. That way I’d be
Ubuntu. Because why not? What Free Software/open source completely free of any other
Let the “others” keep the desktop – everything can’t you live without? operating system but Linux.
exciting runs on Linux. And I won’t have to There’s just so much; Vim/X/KDE/
answer so many support questions at dinner. Audacity/Bash/kernel/Kodi/Ardour/
114 www.linuxvoice.com
� Pub Quiz Image Round
(See page 28)
40 41 42
43 44 45
46
49
47 48
��