Plaintext
ASTRO PI: SEND YOUR IDEAS INTO SPAAAAAAAAAAAACE!
INSIDE March 2015
LINUX
OPENELEC EMBEDDED
BUILD A CODE IN
MALWARE P36
2015
MEDIA CENTRE ASSEMBLER
Control the idiot box with this Earn big money by writing
brilliant Linux media setup tiny, super-efficient code
THE YEAR OF LINUX
Uncover the future of Linux and Free Software – by the experts,
developers and geeks who are making it happen.
40+ PAGES OF TUTORIALS
ARDUINO Write an interface for cheap hardware
KMAIL Take complete control of your email inbox
March 2015 £5.99 Printed in the UK
BAKE A PI We go inside the Raspberry Pi factory in darkest Wales
FREEDOM! INTERVIEW
INSIDE THE EFF LENNART
A campaigning digital POETTERING
The creator of Systemd on
rights organisation that flamewars, init systems and
isn’t full of nutters! why Debian is behind the times
�� WELCOME
Welcome to Linuxlandia
The March issue
Linux Voice is different.
Linux Voice is special.
Here’s why… GRAHAM MORRISON
A free software advocate
At the end of each financial and writer since the late
1
year we’ll give 50% of our 1990s, Graham is a lapsed
profits to a selection of KDE contributor and author
organisations that support free of the Meeq MIDI step
software, decided by a vote among sequencer.
our readers (that’s you).
T SUBSCRIBE
his is our twelfth issue, making it one year since our first
No later than nine months magazine following our successful Indiegogo campaign.
2
after first publication, we will
relicense all of our content under
We’ve produced over one million words about Linux and
Free Software, 23+ podcasts, numerous videos and two audio
ON PAGE 64
the Creative Commons CC-BY-SA editions. We’ve sent over 60,000 emails (including those to
licence, so that old content can subscribers) and received more than 30,000 between us. We’ve
still be useful, and can live on even served terabytes of data (thanks Bytemark!), we’ve released two
after the magazine has come off issues for free under a Creative Commons licence, we’ve helped
the shelves. sponsor conferences and we’ve spoken to many, many people
within the community. It’s been a crazy, manic, challenging,
We’re a small company, so exhausting and ultimately rewarding rollercoaster of a year.
3
we don’t have a board of Without wanting to diminish the value of the awesome
directors or a bunch of magazine currently in your hands – before you’ve even got to the
shareholders in the City of London contents pages – we’ve got even better things planned for the next
to keep happy. The only people 12 issues, starting with the commencement of our profit sharing
that matter to us are the readers. scheme next month. We couldn’t have done any of this without
you, our readership. So… thank you! And here’s to 2015!
THE LINUX VOICE TEAM Graham Morrison
Editor Graham Morrison Editor, Linux Voice
graham@linuxvoice.com
Deputy editor Andrew Gregory
What’s hot in LV#012
andrew@linuxvoice.com
Technical editor Ben Everard
ben@linuxvoice.com
Editor at large Mike Saunders
mike@linuxvoice.com
Games editor Liam Dawe
liam@linuxvoice.com
Creative director Stacey Black
stacey@linuxvoice.com
Malign puppetmaster Nick Veitch
nick@linuxvoice.com
Editorial contributors:
Jono Bacon, Chris Brown, Mark
Crutch, Liam Dawe, Marco Fioretti, MAYANK SHARMA BEN EVERARD MIKE SAUNDERS
Juliet Kemp, John Lane, Vincent “Ben’s practical insight into how “Lennart Poettering couldn’t be “OLED displays are cheap and
Mealing, Simon Phipps, Les Pounder, malware works is fascinating. It’s any more ‘on-topic’, considering brilliant, making our tutorial on
Mayank Sharma and a must-read if you’ve any the Systemd controversy. He was hacking them perfect for my
interest in security.” p36 very candid in our interview.” p42 Arduino Mario clone.” p100
www.linuxvoice.com 3
� CONTENTS
March LV012
A nice Donegal tweed, pipe and comfy armchair. Shall we begin?
2015
20 REGULARS
SUBSCRIBE News
06
ON PAGE 64 Why yet more state control
is the wrong response to
terrorism.
08 Distrohopper
Ubuntu Core, Sparkey and
Clonezilla, plus a look back
through time to Fedora 1.
10 Gaming
Enjoy a fictionalised,
gamified version of the siege
of Sarajevo. Er, no thanks.
THE YEAR OF LINUX 12 Speak your brains
We’ve done wrong, but we’ve
also done right, which kind of
balances out. Thanks!
The future of Free Software, as told by the LV on tour
movers and shakers who are making it happen. 16
The Global Learning Xprize,
and the localised learning
Pi Wars share these pages.
34 Inside the Pi factory
Brave Sir Les bravely rides
42 to Wales, where the smell of
solder hangs heavy in the air.
40 FAQ… Ubuntu Core
Provision virtual systems with
a tiny, easily scalable version
Lennart Poettering
of Ubuntu for phones. What?
58 Group test
He’s not the messiah; he’s not Remote desktop clients –
control your machine without
even a naughty boy. He’s just even being in the same room.
a man trying to make Linux 64 Subscribe!
Invest in the irrepressible
better for everyone. quality of Linux Voice, for as
little as £38 a year. Bargain!
66 Core technologies
For one last time Dr Brown
delves under the surface of
the Internet Protocol.
70 FOSSpicks
The best free software around,
all as free as a little lamb
gambolling on a hillside.
110 Masterclass
Hide the contents of your
28
ASTRO PI 30
INSIDE THE EFF 36
LINUX MALWARE emails from snoopers with GUI
Kids in the UK are Meet some of the Laugh at the feeble and command line encryption.
getting the chance to absolute heroes who attempts of internet 114 My Linux desktop
send code into space. are fighting to protect miscreants to exploit The den of Ben Nuttall, human
and part of the Raspberry Pi
We’re more than a your digital rights. We the linuxvoice.com Foundation’s education team.
little bit jealous. salute them! servers.
4 www.linuxvoice.com
�TUTORIALS REVIEWS
78 80
Henry Audio USB DAC 128 Mk II
Audacity: Python 3: Build a
50
Convert digital music to
Make voice recordings password checker analogue output. Even
One Direction sounds better.
Add your voice to the sound of Use programming tools to test
the Linux Voice audio edition. the strength of your passwords.
84 88
52 Fedora 21
Red Hat’s community distro has
three new flavours to try and a
OpenELEC: Linux 101: tasty Gnome desktop.
Build a media centre Configure KMail 53 Seafile
This superb media distro will Take back control of your inbox This proprietary solution
make you love your television. with KDE’s email application. promises the convenience of
the cloud without the snooping.
92 96
54 Kodi
Unleash your inner Tarantino by
watching lingering shots of toes
using free software.
55 VMware Player 7
Spin up machines with up to
64GB of RAM with the latest
from this virtualisation app.
Regular expressions: Olde Code:
Books Now with infinite battery
work less, work smarter From Unix to Linux
54
life, high resolution and no
Manipulate text strings, find How we got from Bell Labs to screen glare – books!
things and much, much more. millions of smartphones.
100
Arduino: Control 104
Code Ninja: 106
Get started with
cheap hardware RESTful APIs Assembler
Write your own Extract data Talk directly to
Arduino library. from the web. your CPU.
www.linuxvoice.com 5
� ANALYSIS
NEWSANALYSIS
The Linux Voice view on what’s going on in the world of Free Software.
Opinion
Liberté, egalité, fraternité
Terrorism must not become an excuse to give up essential liberties.
Simon Phipps like an autoimmune disorder of democracy. communications must all be prevented or
is president of the You don’t fight terrorism by attacking corrupted. Ultimately that requires general
Open Source Initiative purpose computing devices be eliminated,
the virus; you fight it by strengthening
and a board member
of the Open Rights the immune system. It is too easy to replaced with devices that can’t be modified
Group and of Open succumb to the virus. It seeks to provoke by their owners. Richard Stallman calls this
Source for America. us into destroying ourselves, using the very “treacherous computing”; Cory Doctorow
freedoms we value as a weapon to provoke warns us of the “coming war on general-
their extinction. I refuse to be terrorised and purpose computing”.
decline the opportunity to hate. I choose not
to succumb to the terrorism disease and I Beware straw men
W
ith the rest of the Linux Voice invite you to join me in these choices. As to surveillance: the murderers in France
team, I am appalled and horrified As I write, certain voices are calling for were known to the security services,
by the attack on Charlie Hebdo blanket surveillance, for bans on discussion who had been using existing laws to
in Paris, which was perpetrated just as of some topics, for the blocking of certain apply justified surveillance. There are
this issue was going to the printer. Settling websites, and more. These reactions are circumstances where it’s appropriate in
scores with violence is the recourse of exactly the auto-immune response terrorism a democratic society for accountable
ignorant cowards – lower than animals. I seeks to stimulate. Its architects do so surveillance to be used to prevent crime. But
am heartbroken for every person affected, because they have already dismissed the there are limits. Gathering all metadata on all
and we extend our sympathy to the families, possibility (or the value) of democratic electronic connections is possible in a way
friends and fans of the people murdered. society and want the restrictions to go ever the physical equivalents never were before.
This was without doubt intended as an deeper as a tool both to damage capitalism But is disproportionate democratically even
act of terrorism. Some politicians seem to and to radicalise more people. Ironically, if it is economically feasible.
act as if “terrorism” means a terrible crime banning speech that radicalises youth is In particular, it creates a capability for
committed by someone who doesn’t fit the likely to itself radicalise youth. triangulation with other data from other
speaker’s own racial and religious profile. But even if the bans were not intrinsically contexts that makes Bentham’s panopticon
Just because something induces terror in self-defeating, we should still oppose look trivial in comparison. The result is a
some or many people, that doesn’t make it them. To advocate a ban on anything society in which every form of speech can
terrorism. That diminishes the concept as on the internet is to put one’s faith in be cropped out of context and used to
well as grouping routine crime – for which magical thinking. The fabric of the meshed ensure conformity. The very existence of
society has millennia of experience and society – the internet, the worldwide web, blanket surveillance chills democracy.
solutions – into the same bucket as a more peer-to-peer protocols, wireless networks We should respond to this act of hate,
subtle and serious phenomenon that preys – is all designed for resilience. It “treats which is as indefensible to anyone who
on the meshed society. obstructions as damage” and comes embraces one of the world’s religions as
Terrorism isn’t just performing a terrifying complete with the tools to route round it. to those who reject them all, by ensuring
act. It’s provoking society’s immune system So any requirement for technical we do not succumb to the self-destructive
into attacking itself, making its defence measures to impose a ban is a requirement reactions perpetrators of terrorism want
systems attack the values and people they to defeat the resilience of the meshed to provoke. That includes apparently
are supposed to be defending. Terrorism is society itself. Encryption, VPNs and private reasonable demands for technical measures
to prevent publication of hate speech, ban
radicalising web sites and increase blanket
“To advocate a ban on anything on the internet surveillance. Behind the barbarism of
is to put one’s faith in magical thinking.” terrorism, a brutal yet seductive subtlety of
purpose lurks. We must not succumb.
6 www.linuxvoice.com
� ANALYSIS
Ubuntu • Astro Pi • Linux laptops • Devuan • Rocket • FOSS financing
CATCHUP Summarised: the biggest news
stories from the last month
Canonical announces Raspberry Pis head into HP announces EliteBook
1 Snappy Ubuntu Core 2 space, running code 3 850 running Linux
Imagine a trimmed-down written by kids It’s rather expensive (starting
version of Ubuntu, geared towards You can find Raspberry Pis virtually at $1,709) but it’s available with SUSE
deploying applications via Docker everywhere these days, and soon Enterprise Linux 11. In any case, the
containers. Imagine that it supports a couple of the dinky computers more choice we Linux users have when
transactional updates, so if something will be sent up to the International buying hardware, the better.
goes wrong when during the next round Space Station. Even better: they’ll be http://tinyurl.com/kymfuc2
of updates, you can easily revert back running code to perform experiments
to the previously working versions. written by schoolchildren in primary
Well, this is real, and it’s called Snappy and secondary schools in the UK.
Ubuntu Core. Canonical certainly has its Called Astro Pi, this project should
fingers in many pies at the moment, but be a fantastic way to get youngsters
this looks promising (see p40 for more). involved in programming.
www.ubuntu.com/cloud/tools/snappy www.raspberrypi.org/astro-pi
Devuan team publishes Red Hat adds speed Snowdrift.coop aims to
4 first progress report 5 boosts to Glibc 6 help fund free software
Yes, the now-famous Debian This might not sound like the Many FOSS projects are
fork that aims to provide “init freedom” most exciting news story in the world, funded entirely by donations, but only
(ie it doesn’t use Systemd) has lasted but Glibc is a tremendously important receive occasional or one-off payments
longer than many expected. The piece of software, as it’s the base C from users. A new website at
Devuan team has even delivered its first library that almost every piece of https://snowdrift.coop wants to make
progress report, which details software on a GNU/Linux system links FOSS projects more sustainable in
development going into Loginkitd (a to. Now an engineer at Red Hat has the long run, by asking users to make
standalone alternative to logind, using worked on improving the performance monthly pledges to particular projects.
ConsoleKit2 as a back-end) and other of some of Glibc’s math routines, And if you’re a patron of FooApp, for
software projects. According to the making some of the functions up to example, making a monthly payment
financial report, Devuan received €4,500 eight times faster than before. The from your account on Snowdrift,
in donations up to December. https:// report is heavy reading, but worth a look: you’ll also pay a little extra whenever
devuan.org/newsletter_22dec.html http://tinyurl.com/m8jrj7x someone else becomes a patron too.
Crowdfunded laptop aims CoreOS team ditches
7 to respect your freedom 8 Docker, creates Rocket
If you’ve ever tried to buy a Software containers are all
laptop that works perfectly with Linux, the rage at the moment. They let you
you’ll know it can be a chore. The run applications (typically on servers) in
Librem 15 is a crowdfunded high-end isolated environments with well-defined
laptop starting from $1,899, and at sets of libraries, so you can update
the time of writing, the campaign had them easily and they can’t trample over
reached 71% of its goal. The machine other programs. Docker has been the
will supposedly run on 100% Free big success story so far, but the CoreOS
Software – no binary blobs required. team has decided that Docker’s scope
We’ll try to get our hands on a unit has grown too large, and a replacement
for review in a future issue of the is needed: Rocket. It’s a controversial
magazine. Check it out here: move, but it’s explained well here:
www.crowdsupply.com/purism https://coreos.com/blog/rocket
www.linuxvoice.com 7
� DISTROHOPPER
DISTROHOPPER
Our pick of the latest releases will whet your appetite for new Linux distributions.
Ubuntu Core
Like Ubuntu Touch, for servers.
U
buntu Core is mash-up of Ubuntu
Server and Ubuntu Touch (the
smartphone OS). Yes, we know that
sounds weird, but hear us out. Underneath
the touch-driven interface, Canonical has
been working on the structure of Ubuntu to
make it work better on phones. This means
the package manager works in a different
way. No longer can packages change files
and settings across the system. On Ubuntu
Touch, they’re more self contained and
controlled by AppArmor to make sure they’re
well behaved. The package manager is also
transactional, which means that it’s easier to
roll packages back to previous versions, and For more on the logic behind Ubuntu Core and Snappy, turn to our FAQ on page 40.
you shouldn’t have any problems if a
package fails halfway through an install. manager in the usual sense of the word. It’s time of writing, hadn’t given any details
It turns out that a lot of the stuff that designed to work alongside frameworks that about which would be available.
makes a package manager good for a package applications. The first of these is Ubuntu Core makes spinning up virtual
phone also makes it good for a server, so Docker, so through Snappy, you can install servers really easy. A production version isn’t
Canonical has adapted the package Docker, then have access to the whole range ready yet, but you can grab the alpha
manager from touch to make Snappy, which of Docker apps. Canonical has promised (maybe beta by the time you read this) from
powers Ubuntu Core. Snappy isn’t a package more Frameworks in the future, but at the www.ubuntu.com/cloud/tools/snappy.
Clonezilla
Create snapshots of hard drives with a live distro.
D
o one thing well. That’s the essence image is saved. A simple curses interface
of the Unix philosophy. It’s not guides you through the process, so you
usually applied to operating systems don’t need to know how to use any
themselves, but in the case of Clonezilla it command line tools to use Clonezilla. There
could be. This is a distro for making images are two levels of interface, beginner mode
of hard drives, and then re-imaging drives where you just get the basic options, and The curses interface means you don’t have to
with these images (technically that’s two expert mode where you have access to remember any commands, but you still get you
things, but they’re close enough that we more advanced features. Together these access to a wide range of options.
count them as one). This makes it the distro give you enough options to perform most
of choice for IT workers who need to set up tasks without overwhelming new users. (on which it’s built), including the 3.16 kernel,
a large number of identical machines. It can Clonezilla hasn’t really changed much in so it should support more hardware, and run
also be used as a backup tool. as long as we can remember, but the latest a little faster. We can confidently say that
It’s a live distro that you boot and use version brings in a range of improvements to Clonezilla is the best Linux distribution for
alongside some external storage where the the underlying OS from the latest Debian Sid re-imaging hard disks.
8 www.linuxvoice.com
� DISTROHOPPER
Sparkey: GameOver
Give in and satisfy your inner gamer.
G
ameOver is a new version of Sparkey
designed for gaming. For this, it has
just about every option (both closed
and open source) waiting to go. There are
almost 100 games on the live disc ready to
be played. There are also installers for the
Steam and Desura clients to give you
access to games from these stores. Play on
Linux is installed, which makes it easier to
run Windows games, and there’s a specially
designed app to make it easy to install a
wide range of emulators (APTus Gamer).
We haven’t been able to work out just how
many games this means there are available
for this distro, but we’re confident that it will
be more than any one person will ever be
able to play.
It’s not just the variety of games that
makes GameOver a good distro for playing
on. GameOver also includes the Liquorix
repository. This is a build of the Linux kernel
that’s designed to have the best Balder, one of the installed games, is like a multi-player version of asteroids played in zero gravity.
performance under desktop loads, including
gaming. You’ll need to install the distro to get Like all Sparkey releases, GameOver is Right now, Sparkey Game Over is probably
access to this as it’s not used by default on built on Debian, so as well as games, there’s the quickest way to get a Linux gaming
the live version. also all the software you’d normally expect. system installed.
Fedora Core 1 The first community release from the world’s biggest Linux company.
Way back in the mists of time, you could download Red Hat Linux
for free. This, the company decided, was not an optimal business
strategy, so Red Hat Linux became Red Hat Enterprise Linux, and
was only released to customers paying a hefty fee. The community
wasn’t abandoned though: Red Hat created Fedora Core, a new
distribution that included all the latest software that hadn’t yet
made it to Red Hat Enterprise Linux, and they made this new
distribution available for free (as in beer as well as in speech).
Fedora core 1 (codename Yarrow) came out in 2003 on three
CDs. This is a bit more than most modern distros, but back then,
many computers didn’t have fast internet connections, so
downloading new software was a luxury rather than an expectation.
Live distros weren’t yet common, so trying Fedora meant
installing it (this also makes it easier to split the distro up across
multiple CDs). We selected a Personal install (as opposed to
Workstation or Server), so we only needed the first two discs to get
a desktop. Our memory of Linux installers of this era isn’t pleasant,
but we found the Fedora installer quite straightforward, although
it’s a much more involved process than most modern installers
(when did boot diskettes stop being a thing?).
Considering it took 2 CDs to install it, Yarrow seems a little short
on software. Firefox hadn’t yet reached version 1.0, so wasn’t
considered stable enough. The now-defunct Mozilla browser served
as the default method for accessing the web. OpenOffice.org 1.1
provided office functions, and there’s a wide variety of games, but
that’s about it. There’s plenty of other stuff in the menus, but it’s
mostly simple accessories. The open source ecosystem was a lot
smaller back then. 12 years on, Fedora’s no longer features a red fedora as the start menu.
www.linuxvoice.com 9
� GAMING ON LINUX
GAMING ON LINUX
The tastiest brain candy to relax those tired neurons
FORGET THE SWAN
This War of Mine
As bleak as you can get in a game.
Y
ou’ve played survival games before, sure,
but you’ve never played anything quite as
harsh as This War of Mine. There are
masses of survival games around now, so it’s
good to see a game try and do things a little bit
differently, and succeed at it. Most survival
games are all about being “open-world” leaving
Liam Dawe is our Games Editor and
the founder of gamingonlinux.com, you to figure everything out for yourself, but This
the home of Tux gaming on the web. War of Mine isn’t quite like that, as everything is
very simple to do. the time to accomplish these essential tasks.
H
as it been bothering you how The one thing it does share with other survival You’re given a choice of locations to raid, from
many different package games is that it drops you right in the thick of it, completely abandoned houses to burnt ruins full
managers you have to use to
as you could even start with characters who are of scared citizens who can attack you.
install games? You have Steam,
Desura, GOG, and many other already injured and depressed. A key difference This is when it gets most fun, as you can
websites to pick your games from, is that you have multiple characters to look after. choose to sneak around using hiding places to
but having so many different places You start off at your safe house. We use the pop out and have a rummage, or you can go in
to install and launch games from can word ‘safe’ rather lightly as it’s a pretty ruined guns blazing and murder those poor people for
be a real nuisance.
house that needs some major DIY. You will need whatever is in their pockets – but if you decide to
We’re delighted then to introduce
Lutris, an open source application to sort through the rubble to find supplies, and murder someone your characters’ mental state
built specifically for Linux to help you craft luxury items like chairs, beds and a radio to really will pay for it.
manage your vast library of games, keep your little family of survivors happy, which Overall we found this to be one of the most
and it does make a lot of things can feel like a real chore at times. interesting games to come out recently.
simpler. Lutris doesn’t just simplify
Once night falls, the game becomes
native games either, but the
completely different. You will need to constantly Store http://store.steampowered.com/app/282070/
developers’ is to also support Price £14.99
installing games with Wine, much like find supplies like food and weapons, so this is
the application PlayOnLinux does.
Lutris also includes support for
browser-based games, and retro Bleak graphics match
emulators as well. Having all of your the bleak setting.
games launching from one place
makes it a nifty application to have,
but you still need to manually search
to find the executable; once this is
done though, launching is a simple
click of a button.
Hopefully they will polish up the
process and make it as easy as
possible in future, as the looks leave
a little to be desired.
We mentioned it was open source,
so any willing developers can help
polish up the experience with the
source code, the source has been
conveniently placed on GitHub. Check
it out here: https://lutris.net and be
sure to let us know what you think to
it. We look forward to seeing this
project progress.
“You’ve played survival games before, sure, but you’ve
http://forums.linuxvoice.com never played anything quite as harsh as this...”
10 www.linuxvoice.com
� GAMING ON LINUX
Civilization: Beyond Earth ALSO RELEASED…
Can you survive this alien world?
T
he latest generation of Civilization of Civilization V, and it’s hard to disagree
has arrived for Linux, courtesy of as most of the mechanics are seemingly
porting house Aspyr Media, which the same with different names, but that
ported the previous Civilization and the doesn’t stop it being fun at all, as even for
Borderlands games to Linux. seasoned players it will be refreshing.
In Beyond Earth, instead of conquering The setting alone is far more exciting
a map on planet earth; you’re on a for anyone who is a fan of space science
completely alien world full of wondrous fiction, and it is executed extremely well Godot Engine
mysteries and strange creatures. That with the visual style and sound effects. So, The open source game engine and toolkit
makes it similar in certain ways to the if like us space cadets, that’s your thing, Godot Engine has release its big “1.0” release
old Alpha Centuri games (they really need then you will probably enjoy this version a promising lots of polish and new features.
to do a new one!) for the setting, but lot more. It looks like it will be a serious contender for
anyone wanting to do proper game
game-play wise it’s very similar to the development on Linux directly, and that’s
previous Civilization game. In fact a fair Store http://store.steampowered.com/ fantastic. It has an impressive feature list, so it
app/65980 Price £29.99
amount of people have called it a “re-skin” should satisfy more than your basic needs.
www.godotengine.org/wp
The Civilization games have a history
of good support, so expect more to
come from the latest installment.
The Original Strife: Veteran Edition
Who fancies playing a really old school blend
of RPG and FPS mechanics wrapped up in a
neat open source engine? You actually get a
SuperTuxKart copy of the source with each purchase! The
game originally came out in 1996, so a lot of
the mechanics still feel dated even with the
Open source racing just got awesome. new engine, but it’s still a good bit of nostalgia.
T
http://store.steampowered.com/app/317040
his is probably the biggest ever
update to our favourite open
source racer since it began. This
huge update brings with it an overhaul
to the “Antartica” game engine, and it’s a
good ’un.
The new engine brings massive
improvements to the lighting, physics, and
shadows in the game, making everything
look just that bit better, but you need One thing Linux still lacks is a decent
decent looking maps to go with it, so they racing game, so could this fill the void? It
re-did the maps too, and boy are they certainly would be fantastic for a younger Reassembly
This is the game that has kept a certain Games
gorgeous. The old graphics and engine did audience to muck about on. Sadly, it was Editor glued to his computer, as it is a little
not age well against other racers, so we released without an easily downloadable addictive. It has some fantastic vector
hope this helps to breathe new life into a file to run on Linux, so until they arrange graphics, and an epic soundtrack, so it’s not
fantastic project. that you will need to compile it from the just a treat for the eyes.
You don’t have to take our word for it; source, but they have instructions on their It’s a space sandbox game where you build
you own ships, and the ship editor is so easy
as it’s open source you can give it a go site to follow to enable you to do this. it’s laughable (in a nice way!).
any time. Like most open source games http://store.steampowered.com/app/329130
it needs contributors, so get in touch with Website http://supertuxkart.sourceforge.net/
Price Free
the developers if you fancy helping out.
www.linuxvoice.com 11
� MAIL
YOUR LETTERS
Got something to say? An idea for a new magazine feature?
Or a great discovery? Email us: letters@linuxvoice.com
LINUX VOICE STAR LETTER
FIND OF THE FORTNIGHT
Thanks for the pointer to looks good on the 10.1–inch
Tanglu [DistroHopper, LV008]. LED 1024x600 display.
Even from the live DVD Installation to my netbook
the KDE version was more completed in about 30
responsive than I would minutes. Tanglu detected
expect on my Gateway the netbook platform then
LT4004u with Intel Atom configured the desktop for the
N2600 CPU and 3600 KDE 4 netbook GUI.
Graphics Media Accelerator System Monitor showed
(GMA). It just booted and got four threads consuming less
down to business without than 20% of CPU capacity,
needing any intervention from indicating that Tanglu
me. Other flavours of OS have installed the Intel drivers for
been troublesome with this the GMA: SolydK failed in this
combination of CPU, GMA and area, resorted to software
Broadcom network interface. rendering of the graphics, Debian, but with with graphical polish and a regular release cycle…
In the past, I have found producing a single-thread CPU sounds familiar… sounds like Ubuntu!
KDE to be ponderously load of around 70% capacity –
baroque despite being well- SolydK took over two hours to Ben says: I’m glad you like it! made that it’s refreshing to
developed. The newer version install too We see so many Debian/Ubuntu see a distro trying something
of KDE delivered with Tanglu Andrew Shead respins with minimal changes authentically new.
WE FAIL
A couple of points. Your Arduino The use of Processing is entirely
tutorial [in LV011] contained an optional: for standalone projects
error. The Arduino does not run the where the Arduino is to run
Processing language, although it’s autonomously there is no choice
a commonly held misconception other than to use a sketch written
that it does. In fact “sketches” are in C/++.
written in C or C++ as is evident Secondly I notice you regularly
if you examine the code in the advocate DOSBox rather than
article. Processing is a language DOSEMU for running DOS
that runs on another computer programs. The last time I looked at
and communicates using a serial this – admittedly some years ago
Wire stuff up, then
protocol with an Arduino running a – it was evident that DOSBox was now offers this capability, but it
write code to make cool
standard firmware “sketch” called designed for games, reducing the didn’t when I tried it. It struck me
things happen – that’s
Firmata. The following link makes effective CPU speed accordingly. as a case of horses for courses. the simple genius
this clear: DOSEMU runs DOS programs fast It’s a great magazine and I’ve behind the Arduino.
http://playground.arduino.cc/ and is a program I use daily. Of just renewed my subscription!
Interfacing/Processing course it’s possible that DOSBox Peter Hinch
12 www.linuxvoice.com
� MAIL
DRINKING
Congratulations on hitting the one
year mark! I have gladly renewed
my subscription. Any thoughts
on allowing subscribers to set up
an auto-renewing subscription? I
have that set up with your former
publication, and it is a very nice
convenience.
And, great mugs! Yes, you all do
look great in your photographs, but
that’s not what I’m talking about.
I’m talking about the coffee/tea
mug (do you even drink tea from
a mug?). After having my letter
featured in LV002, I had to have
one. It looks better in person than
it does on your website. I was a bit
apprehensive about having a piece
of ceramic shipped from overseas,
but your shipping department did
a fantastic job on the packaging.
The form fitting styrofoam
container took the trip over the
pond in grand style, showing a bit
of wear and tear, but protecting its
precious cargo without fail. The
ability to publish an outstanding
magazine AND ship mugs
unbroken internationally? What
other skills are you hiding?
Paul Olson, Oklahoma, USA
Americans! Thanks to
should have got it running for new one at a time). On the mug question:
Graham’s packing skills,
Andrew says: Thanks! We’re all subscriptions as well. At first we could I drink tea from a 50-year-old pint your mug will reach the
amazed by how quickly the year only take payments via PayPal, but mug that Mike brought me back from shores of liberty whole
has gone by. It’s funny you should we’re incrementally improving things Germany. Hidden talents: Graham and unbroken –
mention this: we do have Direct Debit (incrementally because if anything plays the piano. Mike can juggle. http://shop.linuxvoice.
payments enabled for renewals now, went wrong it would be up to Ben to Ben was Worcestershire under-10s com/product/linux-
and by the time you read this we fix it, so we’re only adding options freestyle wrestling champion. voice-mug.
www.linuxvoice.com 13
� MAIL
TUTORIAL DÉJÀ DUP
DISTRO HOPPER
DÉJÀ DUP TUTORIAL
DÉJÀ DUP: BACKUP FOR What to back up?
Do you really need to backup your entire home directory, or is Then there are apps that create their own directories to
EVERYONE
just an overkill? Here’s what you need to know while selecting
TUTORIAL directories for backup. Most modern distros keep the files
store files. Most prompt you for the location, while some may
create them on their own during installation. Make sure you
you’ve created or downloaded under directories such as check for and include such directories which are usually listed
~/Documents, ~/Downloads, and ~/Desktop, so you’ll want to under the Preferences section of the apps. Be vigilant, though.
include them in your backups. Also don’t forget to check
Get acquainted with the easiest backup tool on the planet to help Some of these directories contain cache directories, which
As you might expect when one
/home for any important documents. Some apps, such as
MAYANK SHARMA needlessly add to the backup’s size. Finally, if there’s a piece
you save yourself from the inevitable data apocalypse. email clients, also keep your downloaded emails, attachments
and address books under hidden directories beneath your
of software that’s crucial to you and you don’t want to spend
time downloading it again, back it up by saving the cache
W
home folder, so make sure you include them as well. directory for your distro’s package management system.
e care about you. No, we really do. Which is
WHY DO THIS? why you should believe us when we say
distro hops, backing up one’s data be that my own script isn’t the
• You’d really risk losing that sooner or later you will lose valuable Next, move on to Storage location and use the Drop- Once the backup has been created, the Overview
data? data. You can spend a fortune on a storage medium down list to pick one of the supported locations. This window will inform you when the last backup was
• Quick to set up and easy that’s anti-scratch, dust-resistant, heat-proof and can be a local hard disk, a remote location that you taken and when the next one is scheduled.
to use. connect to via FTP or SSH, or a cloud storage service
contains no moving parts, but what you really need to
• Designed for the like Amazon’s S3. Depending on the storage location
everyday desktop user. do is to invest some effort in backing up your data. Déjà Vu
is important. But I had an issue most efficient at backing up but
Although it isn’t particularly time consuming, you select, the app will ask you for further details. For To restore files from the backup, launch the app and
backing up data requires careful thought and example, if you select the FTP option, you’ll be asked click on the Restore button in the Overview section.
preparation, and involves more than just zipping to provide the IP address of the FTP server along with The app will launch the Restore wizard, which will first
files into a tarball. Unfortunately this means it’s often the authentication information and the location of prompt you for the location of the backed up files.
Although it’s changed somewhat, the main interface of folder where you want to store the backups. To save
neglected. This is where Déjà Dup comes into play. Just like before, select the remote location where
the app still essentially contains only two buttons – to
when using Déjà Dup [featured I know I can restore my stuff. I
It’s different from the plethora of other tools in that the backups to Amazon’s S3 it’ll need your S3 Access you’ve backed up the files and enter any associated
back up and restore data.
it has a minimal interface so as to not overwhelm Key ID and for the Rackspace Cloud Files service it’ll information such as the IP address and your login
new users. But it’s based on the powerful Duplicity need your username. credentials.
Déjà Dup gives you the flexibility to include a large
command line backup tool and provides just the right Finally, you can switch to the Scheduling section Déjà Dup will then scan the remote location and
directory – for instance /home – in your backup, while
number of features for desktop users who aren’t used and select a policy for keeping old backups. By default, in the next section it’ll display a time-stamped list of
specifying parts to leave out, such as .cache/.
in our tutorial section, LV011], sometimes wonder when apps are
to the ways of a backup tool. On some distros, such old backups will be kept until the target storage all the backups. Select the one you wish to restore
To help you get started this section already lists the
as Ubuntu, Déjà Dup ships pre-installed, while it’s location runs out of space, but you can also specify from and move on to the next step. The app will now
Trash and Downloads folders, though many users
available in the official repos of most others. You can a different time period depending on the importance give you the option to either restore the backed up
might want to remove the latter from the list unless
configure the software in a matter of minutes without of the data. Before you can set a schedule for the files to their original location or into a specified folder.
you really don’t want to safeguard the contents of the
delving into lengthy documentation. backup you’ll have to activate the app by toggling the Before restoring the files, the app will prompt you for
Downloads folder.
button at the top right-corner of the window to On.
after I tried to restore my data. recommended whether the person
the password if the backed up files were password
Date with data Once the configured backup is enabled, you can use protected.
The first time you fire up the tool, it lands on the Prepare for a backup the pull-down list on the Scheduling section to either One of the best features of the app is its ability to
Overview page which, as expected, tells you that there run this backup every day or every week, which is the restore individuals file as well. To do this, head to the
are no recent backups nor are there any scheduled. While Déjà Dup takes the pain out of setting up the actual default option. folder from which you have accidentally lost files.
data backup process, a crucial part of the process is To create the initial backup, switch to the Overview
Whilst I can’t fully remember the recommending them have actually
Before it can save you from data doomsday, you’ll first Right-click inside the folder and select the Restore
preparing for it which involves careful consideration. For section and click on the Back Up Now button. The tool
have to set it up. starters, you need to decide where you want to store your Missing Files option from the context-menu. The app
Navigate to the Folders To Save section, which by will provides a summary list of the directories involved will scan the folder against the most recent backup
data. Keeping it on another partition of the same disk isn’t
default lists your Home directory. This is generally advisable, since the whole disk might fail and render the and will begin. While creating the backup, the app will of this folder and display a list of files that are in the
a safe bet for most users. If you know what you are backup copy useless. ask you to optionally encrypt the backup. You can backup but currently missing from the folder. Now use
One solution is to keep the backup on another disk. If enter a password in the space provided or choose
sequence of events now, I think used them enough to hit such
doing you can also remove this location and add any the checkbox besides the listed files to select the ones
you have multiple disks and a spare computer you can even to back up the files without a password. This initial
particular directories that you wish to back up. You set up your own Network Attached Storage device using that you wish to restore and the app will restore their
can also use the + button to add other folders on other backup may take some time, but subsequent backups latest versions.
software like Open Media Vault (instructions in our tutorial
mounted drives or network shares. in LV009). To protect your data against physical disasters, are much faster because they are incremental and It’s worth noting that Déjà Dup is missing some of
Then switch to Folders To Ignore and specify such as fires, floods and theft, make sure you keep the only back up data that has changed. the flexibility you’d get with other backup tools. One
backup as far away from the original as possible, perhaps
my problem of NOT being able problems.
folders you don’t need to back up. By separating such missing feature is the ability to create backup
on a cheap cloud storage service. Each method has its
the directories to include and exclude in the backup, advantages – hard disks are cheap and readily available sets to backup different files into different locations.
while removable disks offer portability, and online storage Déjà Dup, instead, is designed to back up the specified
is globally accessible. The kind of data you wish to back up folders into the specified destination, each and every
also influences the choice of storage medium. A DVD might time you schedule it to run. Déjà Dup isn’t meant for
be useful for holiday snapshots, but isn’t going to be much
to restore my data was linked to G White
use in a complex environment like an enterprise, but
use to a professional photographer.
You’ll also need to work out the appropriate backup is perfect for safeguarding data for home and SOHO
Use the Custom Location methodology. Do you want to back up manually or users and also gives you the flexibility to restore
option to specify a remote automatically based on a schedule? The correct backup individual files from the backups with ease.
location supported by the frequency varies based on the kind and value of data being
Gnome Virtual File System safeguarded. Depending on the size of the files, it might not Despite being a simple app, Déjà Dup offers advanced
either a change in my computer’s
be a good idea to back them up completely everyday either.
(GVFS). features like incremental backups and stores multiple Mayank Sharma has been tinkering with Linux since the 90s
time-stamped versions of backups. and contributes to a variety of techie publications.
76 www.linuxvoice.com
www.linuxvoice.com
host name or a change in which Andrew says: I’m pretty sure Mayank,
77
LV011 076 Tutorial Deja Dup.indd 76
28/11/2014 12:38 LV011 076 Tutorial Deja Dup.indd 77
28/11/2014 12:38
DNS service I used. Anyway, a host who wrote the Déjà Dup tutorial last Déjà Dup is an easy
name change was my problem issue, has been using it for a while profound note, I take my hat off way to perform regular
and since Déjà Dup didn’t allow now, and his two-page tutorial was to you for writing your own script! backups – if you aren’t
me to specify the host name or more than enough to get new users Hackability – that’s the key. When backing up already, try
even indicate which host name introduced to it (rather than being the existing solutions don’t work for it out.
it was using I decided to write an exhaustive look at corner cases – whatever reason, free software gives
my own Bash script and using but in this case your best bet would us the ability to make our own – that’s
rsync do my own backup! It may be your distro’s forums). On a more why we like it so much.
I’M HISTORY!
I have been picking up your
magazine since I saw a copy of
issue 3 on one of my irregular
visits to WHS. I like the mix of
articles and tutorials. With my
advancing years I look at the
coverage you give to older
systems and there, on page 99
of issue 10 was the computer
room at the Atlas Computer Lab
where I worked showing Doug
House, Tony Sargent and, I think,
Ros Haliwell on the tape decks.
I actually missed working on the
Atlas as it shut down before I
joined the lab in 1976 as a ICL shift
To have worked on
engineer on the 1906a mainframe. I was also at the Lab, latterly all this in a college five miles
a piece of the UK’s
The Atlas Processor was still there, renamed “Rutherford Atlas Lab” from the Sony factory making the
computing history such
but was being de-commissioned. when a Cray 1 was shipped in, Raspberry Pi. It makes you weep as Atlas must be a great
An urban myth at the time was for temporary storage for the sometimes. privilege.
that on one occasion some circuit UK Meteorological Office at Gordon Ireson, South Wales
boards were removed, allegedly for Bracknell. A very impressive piece
an Atlas still working “Somewhere of hardware, complete with Freon Graham Says: Wow! Thanks for
Underground”. cooling system. sharing that with us! We’re incredibly
My Atlas claim to fame is that My wife has a history even older lucky that the history of our field is
in 1978 I was asked by the ICL as she was a systems analyst so accessible – even if you start with
engineer in charge, Ted Everson, working on LEO computers in the single-application analogue machines
to build a 12-volt power supply so 1960s. with valves rather than programmable
that the Atlas console could be on After 37 years as an engineer, I digital computers, computer science
display at the building Reception am now back at college studying is still young enough that most of us
Desk with some lights on, so I HND computer science, not a sniff can comprehend the timeline without
was pleased to see in your article of Linux, all Microsoft, Adobe, having to bend our heads too much.
that the console has been “re- Access, C#, Visual Basic and And don’t worry about the HND – the
discovered and is back on display”. Oracle, just a tiny hint of MySQL, world will catch up with Linux one day.
14
� MAIL
Email andrew@linuxvoice.com to advertise here
www.linuxvoice.com 15
� LUGS ON TOUR
LUGS ON TOUR
Pi Wars
Deciding the ultimate Raspberry Pi robot!
T
he Raspberry Pi’s small size,
low power requirements
and accessible GPIOs
make it a great device for robotics.
It forms the brains of the robot,
and all manner of hardware can be
attached to the outside to create
everything from sailing boats to
flying machines. The vast majority
of Raspberry Pi robots though
move on solid ground, and it was
these land-based Pi-powered robots
that came together on a frosty
morning at the start of December
in Cambridge University’s Institute
for Astronomy to compete in nine
challenges to find out which would
be crowned champion.
The events were:
Three point turn.
Speed test.
Obstacle course.
Sumo.
Line follower.
Robot golf.
Proximity alert.
Code quality.
Together, these tested a range of
qualities, and no one style of robot The range of events meant that every robot had a chance of doing well at Pi Wars. Good show everyone!
dominated all events. Big, powerful
robots had the upper hand in sumo, were split roughly evenly between each event, and a few special prizes
but line-following and proximity those two categories. This kept the such as the most innovative and
alert (getting as close as possible to playing field even despite people best-looking. In the end, almost
a wall without touching it) favoured entering from a wide variety of every entrant left with something to
smaller, more deft machines. backgrounds. There were schools, show for their efforts.
Entries ranged in size from university students, professional If there’s enough interest, Pi Wars
the University of Plymouth’s bot, hardware designers and more may become a regular competition.
which had the same footprint as present. Keep an eye on www.piwars.org for
a Raspberry Pi A+, to a behemoth When Tim Richardson and Mike details of future events.
decked out as a pirate ship. The Horne (the Pi Wars organisers)
only restriction in the rules was that totted up all the scores, TractorBot TELL US ABOUT YOUR LUG!
the robots had to have a footprint came out on top of the under £75
smaller than a sheet of A3 paper. competition, and Psiclops won the We want to know more about your
The overall results were split over £75 category. Both of them LUG or hackspace, so please write
to us at lugs@linuxvoice.com and
into two categories: those that walked away with a huge selection
we might send one of our roving
cost under £75 to make, and those of Raspberry Pi goodies. There reporters to your next LUG meeting
that cost more. The competitors were also prizes for the winners in
16 www.linuxvoice.com
� LUGS ON TOUR
Literacy On Linux: The Global Learning XPRIZE
Jono Bacon launches a competition from his new position as Senior Director of Community at XPRIZE.
I
n September the $15 million
Global Learning XPRIZE (http://
learning.xprize.org) launched.
The concept of the competition is
simple at its core. Teams around
the world are challenged to create
an application that will run on an
Android tablet that will teach a
child basic reading, writing, and
arithmetic, within 18 months,
autonomously. For Linux and Open
Source fans though, here is the neat
part. The winner of the competition
and the four runner-up teams will
all be expected to release their code
as open source, complete with all of
the included assets, unique content
and materials.
It doesn’t end there. Teams are
Put a team together
being asked to build their solutions irrespective of approach. As you members, it might be useful to
and help create an
using the hugely popular Android can imagine, this is a complex reach out to your local Linux User application that will
platform. This means that every challenge that teams are being Groups, educational groups, autonomously teach
solution will be built on an open asked to solve. The competition universities, visit the forum (http:// kids literacy.
source platform, using open APIs, has been structured with extensive forum.xprize.org) and more.
and running an entirely open development and field-testing Next you should take a look at
educational codebase. As you phases. The overall competition will the prize guidelines and rules at
can imagine, the impact of this conclude in 2019. http://learning.xprize.org/about/
technology could be great. guidelines – this will answer many
According to the United Nations How to enter of the questions you may have
Educational, Scientific and Cultural Team registration is currently open about the specifics of participating.
Organisation (UNESCO), there are and closes on 31 March, 2015, then Finally, go and fill in an Intent To
250 million children around the the solution development phase Compete form at http://learning.
world who cannot read. We simply begins on 1 April, 2015 and will run xprize.org/about/registration. This
cannot build enough schools or until October 2016. These solutions notifies the XPRIZE Foundation of
train enough teachers to serve our will be judged and five finalists will
global literacy needs. be chosen, each of which will be
awarded $1 million. The finalists will “This technology could bring
Make the world better
As such, the Global Learning
then enter the field-testing phase of
the competition where their
learning to children who do not
XPRIZE is exploring how solutions will be tested with real have access to education.”
technology may be utilised to kids in rural villages from June
challenge some of the noted 2017 until the end of 2018. Finally, a
causes of illiteracy due to the lack winner will be picked and awarded your desire to participate and keeps
of access to traditional models of the $10 million prize purse in early you up to date with the progress of
education by creating a bridge to 2019. For more information or to the prize. You will be notified if your
those thought unreachable. This enter simply visit: http://learning. application to participate has been
technology could be deployed xprize.org. successful.
around the world, bringing learning If you’re interested in competing, We hope to see some Linux Voice
experiences to children who do not the first step is to form a team. We readers creating teams and striving
have access to quality education, recommend that you put together a to not just win the $10 million, but
and supplementing the learning team that comprises developers, to put their stamp in truly making
experiences of children who do. testers, designers, artists, scientists, this rock we live on a nicer place for
Anyone is welcome to form content developers and others that everyone.
a team and compete. This is a will help build a comprehensive Global Learning Homepage –
competition that is open to all, solution. If you’re looking for team http://learning.xprize.org
www.linuxvoice.com 17
�18
�19
� 2015: THE YEAR OF LINUX
2015
THE YEAR OF LINUX
This year is set to be the best ever for Linux – and
that’s not just our opinion. Some of the biggest
players in Free Software think so too…
T
here’s a long-running joke in the Linux world, market where Linux dominates thanks to Android –
that the next year will be the year of “Linux on and the server space became even bigger thanks to
the desktop”. At first it was a serious “cloud” computing, software/platform/infrastructure
proposition: back in the early 2000s, it looked like the as a service, and the growth of web apps.
operating system was poised to take a significant So Linux is, today, by far the most prevalent and
chunk of desktop marketshare. Microsoft was important operating system in the world. It’s a long
struggling with major security problems in Windows, way from being on every home desktop PC, but the
Apple’s Mac OS X had barely gotten off the ground, next 12 months have plenty in store, and so for our
and there was clearly room for something better. first issue of the year we want to look ahead at the
So why didn’t Linux dive in and win millions of goodies to come. But we don’t just want to wax
users? Well, it did, just in another way. Microsoft lyrical about our favourite projects here; we also want
started to take security more seriously, and OS to hear from some of the biggest names in Linux
X emerged as a shiny Unix-like OS that appealed and Free Software about what they’re most looking
to many geeks. Linux was still the best all-round forward to.
operating system, we reckon, but the desktop PC But before we hear from the horses’ mouths, so
market was no longer so appealing. As the end of to speak, let’s have a quick look back at 2014, a year
the decade came closer, users were flocking towards crammed with big developments for our favourite
mobile devices such as smartphones and tablets – a operating system…
20 www.linuxvoice.com
� 2015: THE YEAR OF LINUX
Highlights of 2014
There were plenty of ups and downs last year.
L
ast year got off to a corking start, with what? Systemd won, to the surprise of
videogames giant Valve announcing many. Debian is a conservative distro, so the
14 new models of Steam Machines decision to replace a large chunk of the base
– pre-built computers running the Linux- system caused arguments that extended
powered SteamOS platform. For much of its well into the rest of the year.
life, Linux hasn’t been taken seriously as a March was a great month. The Linux
gaming OS, but Valve’s announcements Foundation decided to offer its “Introduction
changed this perception enormously. We’re to Linux” online course, which previously
still a while away from seeing Steam costed a whopping $2,400, for free.
Machines in every shop, but the future is Another big development was Broadcom’s
looking bright for triple-A titles on Linux. release of the video driver source code
Meanwhile, Red Hat, one of the big for the VideoCore IV GPU, as used in the
players in Linux for businesses, snapped up Raspberry Pi. April had some downers
the free CentOS distro. For years, CentOS though: Heartbleed, the internet-breaking
had been providing a free and community- vulnerability in the widely used OpenSSL
supported rebuild of Red Hat’s Enterprise library, led some to question whether open
Linux product, and Red Hat had tolerated its source is really more secure. We’d say it is,
existence without saying much about it. But of course, but just because something is
it became clear that CentOS can benefit the open source, it doesn’t mean that lots of
company: sure, CentOS users aren’t paying eyeballs are going through the code. If only
any money all those big
directly to Red companies
Hat’s coffers, “The Heartbleed vulnerability led affected by The Raspberry Pi Model B+ was a very welcome
but they could
upgrade to the
some to question whether open Heartbleed
had supported
upgrade, with more USB ports, more GPIO pins,
and better power management.
paid enterprise source really is more secure.” OpenSSL
product at a development, other institutions in Valencia, Geneva
certain point. either with and Toulouse announced that they were
From Red Hat’s perspective, it’s better if money or patches, maybe things would no longer paying the Microsoft tax, and
people are using CentOS rather than a have been different. In the same month, had moved to Free Software. The UK
completely different distro such as Debian. Canonical cancelled its Ubuntu One cloud government surprised us all by demanding
In early February, the Debian project had storage service. that public documents should be in open
a vote on which init system it should use Still, in May the ever-diligent OpenBSD formats such as ODF.
in the next release of the distro. And guess team announced LibreSSL, a fork of the In September, the NHS dumped Oracle
OpenSSL codebase, and immediately in favour of an open source solution, while
started ripping out some of the horrendously Netflix users could now watch films on
old and complicated code chunks. Linux (via Chrome and Ubuntu).
Meanwhile, the Chinese government But another downer came in October:
decided to ban the usage of Windows 8, the Shellshock bug, which affected a Bash
while the Razor-Qt and LXDE desktops vulnerability that had been in the code since
merged to form LXQt. 1989. It was another sobering reminder that
FOSS only works when people are studying
Game on the code. Adobe also announced that it was
June was a good month for gamers: over dropping Reader support for Linux, but given
500 games, fully supported on Linux, were the program’s bloat and unreliability, few
now available on Steam. Krita, KDE’s people really cared.
peerless drawing application, announced a November and December wrapped
new crowdfunding project to implement up the year with some announcements:
new features, and as July came in, we were Mozilla ended its relationship with Google,
all greeted by a new Raspberry Pi model, the and decided to move to Yahoo as its
B+. KDE 5 was released and it was default search engine. The Jolla tablet was
announced that 97% of the world’s crowdfunded, Debian was forked into the
The Heartbleed OpenSSL vulnerability was such supercomputers run Linux. Not bad at all! non-Systemd-requiring Devuan distro, and
a big deal, it even got its own logo thanks to And it was a good time for open HP launched an EliteBook laptop with SUSE
security company Codenomicon. standards: governments, schools and Enterprise Linux pre-installed.
www.linuxvoice.com 21
� 2015: THE YEAR OF LINUX
What the big names say
We asked prominent developers and project leaders in the FOSS world what they
thought of 2014, and what they’re most looking forward to this year.
Boudewijn Rempt
Lead developer of Krita, a powerful graphics editor for KDE.
What was your biggest highlight of full support for creating animations, and the
2014? port to the Qt 5 graphical toolkit. No, I’m
BR: Oh gosh! We had so many – we lying, I’m not looking forward to that port, but
released Krita in Valve’s Steam app store, we by March it’ll be done.
did a really successful Kickstarter for the
Krita Foundation, and we had a booth at What are the biggest challenges
Siggraph! [computer graphics conference] that face GNU/Linux and FOSS in
And then we got a five-star review in an the upcoming year?
artists’ magazine, ImagineFX, so Krita is BR: GNU/Linux will probably be fine: the
getting noticed outside the FOSS world too. kernel is well-funded, has a broad contributor
base and, yeah, it’ll do fine. FOSS in general out of working on FOSS! If only everyone
What are you most looking forward too, apart from the usual patents challenge. I who feels the need to write a hateful mail or
to in 2015? think the big challenge is all the divisiveness. post would pledge to also write one love
BR: The next release of Krita, with all the All the hate people feel when someone letter to a project of choice, maybe it’d
Kickstarter features… our next Kickstarter, comes up with a new idea. It’s taking the fun balance out?
Ben Nuttall
Education, development and outreach for the Raspberry Pi Foundation.
What was your biggest highlight of areas what we have is pushing the limits of
2014? the proprietary alternatives, we’re at a tipping
BN: Personally speaking, I’d say attending point where I see FOSS being the preferable
PyConUK. With the Raspberry Pi Foundation option in more and more cases. That’s
running the education track, introducing kids exciting, and I’m looking forward to what
and teachers to open computing; Carrie comes in 2015.
Anne’s keynote thanking the community for
its efforts; and the wealth of presentations What are the biggest challenges
and lightning talks all rounding up to that face GNU/Linux and FOSS in
demonstrate what a great time this is to be the upcoming year?
involved in making a change through open BN: We still suffer from a lack of choice for
source in education and industry. consumers. In the high street, people have
the choice between buying a Windows
What are you most looking forward laptop and a Macbook, there’s just no web servers where Linux is king. They know
to in 2015? awareness of an alternative. The addition of they’re slipping behind and they’re worried.
BN: FOSS is more than just a warm tingle, or Apple is a huge step forward in diversity – What they do to combat that could be good
knowing you’re sticking it to The Man, it’s a now people know there isn’t just one type of for everyone, if they become more open or
viable alternative. We’ve seen such growth in computer with one interface they should start using open standards, or it could be
activity and community engagement in the expect everywhere. However in the mobile competitive. In recent months we’ve seen
FOSS community over the last few years, phone market, when smartphones arrived, Microsoft open source the .NET core and
with more people using Linux in different Linux (though Android) ended up taking the welcome contributions on GitHub, and we’ve
flavours, and open source software libraries majority of market share without anyone seen them make Docker available for
being ever more prevalent. We’re seeing even noticing. Windows. A concern could be that with open
fantastic examples of what can be achieved Proprietary software vendors know they’re source tools available, it takes an edge off
in the free & open source world, and in many losing out to FOSS, especially in areas like the attraction for some to use Linux.
22 www.linuxvoice.com
� 2015: THE YEAR OF LINUX
Matthew Miller
Works for Red Hat as the Fedora Project leader.
What was your highlight of 2014? MM: Without a doubt, the anti-freedom
MM: The Fedora 21 release. It was a agenda of media companies. Patent-
full year since Fedora 20, and it was my first encumbered software and DRM in HTML
release as Project Leader, so I was quite standards sets us on a direction that will be
anxious. But so many people put in amazing, very hard to recover from, and all of the real
great work and it all came together into one money is on the wrong side in this fight.
of the best Linux distro releases ever.
What are the biggest challenges What are you most looking forward
that face GNU/Linux and FOSS in to in 2015?
the upcoming year? MM: Fedora 22 and Fedora 23, of course!
Philip Newborough
Lead developer of CrunchBang Linux.
What was your highlight of 2014? PN: There are a couple of things that come
PN: Gnome 3.14. I’ve been watching to mind. Debian Jessie: I’m running it on a
Gnome 3 with a keen interest and I’ve tried couple of machines and it looks like being
each new release. I found the early releases the best Debian release yet. Windows 10: It’s
unusable, but the latest releases have about time that Microsoft brought virtual
shown real promise. When 3.14 was desktops to the masses.
released in September, I adopted it as my
daily desktop. I’m loving how the Gnome What are the biggest challenges threatening behaviour and/or abuse.
developers make the desktop so simple to facing GNU/Linux and FOSS? Therefore, I think the biggest challenge will
use, it’s minimal, yet still super-powerful. PN: Civility. I think the community really be to keep the debates open, but keep them
struggled in 2014 and at times, I felt civil. If things continue as they have in 2014,
What are you most looking forward embarrassed to be a part of it. Debate is we’ll lose talented developers and we’ll stop
to in 2015? important, but there is no excuse for attracting new ones. That would suck.
Italo Vignoli
Handles media relations at The Document Foundation, makers of LibreOffice.
What was your biggest highlight of We are also looking forward to another
2014? great LibreOffice Conference in the city of
IV: I can list a few: major release of Aarhus in Denmark, and to a large number
LibreOffice 4.2, new board of directors in of events in the other geographies.
place (with second generation TDF
members), UK Government decision to What are the biggest challenges
standardise on ODF, major release of that face GNU/Linux and FOSS in
LibreOffice 4.3, and the Bern LibreOffice the upcoming year?
Conference. IV: Getting recognised for its real value, not
only among people with a decent technical
What are you most looking forward background but also among desktop users.
to in 2015? It’s a pity to look at users who have
IV: We are looking forward to other major Windows-related problems being stuck
releases of LibreOffice, to the availability of because they do not know about the
the software on Android, to other significant possibility of switching to GNU/Linux or grow their penetration among basic PC
projects of companies and public have been discouraged. users who are bombarded by proprietary
administrations migrating to LibreOffice, and FOSS developers should improve their software messages (and who are locked-in
to a further growth of the ecosystem. communication strategies and skills, to without even realising it).
www.linuxvoice.com 23
� 2015: THE YEAR OF LINUX
Jos Poortvliet and Frank Karlitschek
FOSS advocates from the KDE and OwnCloud teams.
What was your highlight of 2014? tackling the very core issues around privacy
JP: In the KDE world, we moved to and security on the web.
deliver Frameworks 5, which is already Self hosting and control are super
having a big impact on the Linux desktop important but they always face the
with many projects porting to Qt and, we challenge of being disconnected – and the
hope, ready to take advantage of KDE power of the web is that it connects people.
technology in the future. Of course, Plasma Many projects work on these issues of
5, and just before the year was over, the first course but OwnCloud is going fast and big:
KDE applications built on Frameworks 5 this technology is being used to connect
also saw the light. These will mature over over 500,000 students from three separate
2015 and move to more platforms, with German universities that each run (and
GCompris leading for Android. control!) their own OwnCloud instances.
I think the move to a single standard
desktop/mobile toolkit for Linux is extremely What are the biggest challenges
important for its future as a viable platform. that face GNU/Linux and FOSS in
Note that the toolkit isn’t the desktop the upcoming year? super extreme projects (like the Purism
– Gnome is doing great as a desktop JP: The challenges are big: to put people project and Librem 15 laptop) show the way,
team, moving user experience forward back in charge of their digital life requires pave it even, but it is the more down to earth
and I applaud them for that! But for app lowering the barrier to using open ones which change the world.
development, it is good if there is one clear technologies. Hardware seems to play an The barrier we fight is twofold: technical
choice, with other more specialised options ever-increasing role in this, with many difficulties and network effects. Nothing
always around to keep some healthy projects working to release open hardware. new, of course. Frankly, the legal, political
competition and pressure. There are significant hurdles to be taken, and commercial forces against ‘all things
both for the wider maker movement as well open’ don’t scare me: look at where we are
What are you most looking forward as for projects like OwnCloud and KDE. We, today compared to one or two decades
to in 2015? the software and the hardware guys and ago! Open platforms are inherently stronger
FK: OwnCloud is moving forward with girls, need to work together more, leverage and, over time, seem to win out. There’s no
distributed and federated cloud technology, each other, yet remain practical. I think the reason to assume this will change.
Lucas Nussbaum
Debian Project Leader, and Debian developer since 2005.
What was your highlight of 2014? What are the biggest challenges
LN: During 2014, Debian made a that face GNU/Linux and FOSS in
series of hard decisions about how to deal the upcoming year?
with the transition from our historical init LN: With the increasing move of our
system (sysvinit) to a more modern one computing to cloud infrastructures, we give
(Systemd). While this sounds fairly technical, up the control of our computing to the
those decisions required us to question our managers of our those infrastructures. Our
deep beliefs about what Debian is supposed terminals (laptops, desktops) might now be
to be, and how Debian is supposed to work. running entirely on Free Software, but this is
This resulted in some of the most difficult increasingly irrelevant given that most of
discussions and decisions in Debian’s what actually matters gets executed on a
history. remote closed system that we don’t control.
The Free Software community needs to
What are you most looking forward work to help users keep the control of all
to in 2015? their computing, by developing suitable
LN: The release for Debian Jessie, in Q1 alternatives and facilitating their deployment.
2015! I am very confident that this release
will reassure all our users that we have
made the right decisions, and that Debian is
stronger than ever.
24 www.linuxvoice.com
� 2015: THE YEAR OF LINUX
Lennart Poettering
Lead developer of Systemd, and formerly of PulseAudio and Avahi fame.
What was your biggest highlight of the upcoming year?
2014? LP: I figure our biggest challenge is to make
LP: Well, I figure the decision from Ubuntu to sure our way of open source becomes more
adopt Systemd, too, so quickly after Debian relevant again, given the threat from
made its decision. “over-the-wall” open source done by Google
and similar companies. These companies
What are you most looking forward maintain projects where no real open source
to in 2015? community exists, but only the most
LP: Hmm, that’s hard to say. I just superficial things you have to do to call
contributed my share to the Gnome Builder something “open source” are done, like they
Indiegogo campaign, so I guess I am looking do for Android for example.
forward to the progress Builder will make We also need to make sure that Linux
over the year! with its classic userspace can compete with
Android, and be an attractive alternative
What are the biggest challenges [to regulated app stores] where everybody
that face GNU/Linux and FOSS in participating is equal.
Simon Steinbeiß
Lead developer of Xubuntu, the Xfce-based Ubuntu spin-off.
What was your biggest highlight of What are you most looking forward
2014? to in 2015?
SS: My personal highlight of 2014 was SS: I’m personally looking forward to the
definitely the release of Xubuntu 14.04 Long 4.12 release of Xfce, which is sort of
Term Support. I’ve been around in the overdue. I’m pretty confident it won’t take
Xubuntu project for several years and to me, too much longer and then starting the port
this is the best release to date. I’m fully to GTK 3 is definitely one of the things I’m
aware of the superlative and that this might looking forward to as well, even if it’ll
sound corny coming from the project leader probably mean a loss of stability in the
(although I wasn’t leader for 14.04), but an beginning. The instability I see ahead is
incredible amount of effort that had been related to GTK 3 being a moving target still
put into the Xubuntu project by its team – the toolkit is changing quite significantly
members during previous cycles has come with each release, breaking theming or
together in this release. deprecating function calls – and porting not some very extreme controversies take place
We also decided to take a leap of faith and being an easy task, especially with the larger in 2014 (for instance Systemd) and I can
ship several development versions of Xfce, components like Thunar (the file manager) or only hope that this will not be among the
as the 4.12 release date is still in the not-so- the panel. biggest challenges of 2015.
clear future. Some of our team members, In terms of Xubuntu, I’m looking forward Other challenges I see ahead are related
including myself, have also helped the Xfce to new contributors joining our ranks and to Android/Google and its dominance. As
project upstream by submitting patches or helping us to make Xubuntu (and Xfce) it is the dominant operating system in the
maintaining abandoned parts of the desktop even better. mobile space, ChromeOS is also gaining
environment. While we’re still a small team, traction, and the traditional Linux desktop
we have several stable contributors and are What are the biggest challenges seems to become less relevant as Google
able to get our stuff done very effectively. It that face GNU/Linux and FOSS in is using the same lock-in mechanism
has to be mentioned though that we’d love the upcoming year? with its ecosystem that made Apple so
to grow and new contributors are more than SS: I’m not sure the challenges have big and ubiquitous. Obviously ChromeOS
welcome! changed too much in the recent years, at doesn’t satisfy the daily needs of many
All in all, I would say 2014 was a terrific least from my perspective. There is an (especially power) users, but the seamless
year for Xubuntu and the overwhelmingly ongoing trend of fragmentation, flame wars integration of mobile systems in the desktop
positive feedback we received from the etc that is very detrimental to the public (notifications, SMS replies etc) is a point
community for the 14.04 release gave us the reception of GNU/Linux or FOSS but also to where Linux will hopefully catch up at some
energy to push forward in 2015. the developer community itself. We’ve seen point in the near future.
www.linuxvoice.com 25
� 2015: THE YEAR OF LINUX
To come in 2015
New distro releases, software updates, and much more…
E
ven if you don’t use Ubuntu, a new
release of that distribution is always
a major event in the Linux world,
given how many other distros are based on
it. Ubuntu 15.04 (aka the Vivid Vervet) is due
to arrive in late April and should include
Systemd by default, making it the last of the
major desktop-oriented distros to switch.
This change hasn’t been received well by
everyone, but it brings Ubuntu – and its
siblings Kubuntu, Xubuntu, Lubuntu and co
– into line with OpenSUSE, Fedora, Arch,
Debian and others.
Kubuntu users will have KDE Plasma 5
as the default desktop; it was also available
in 14.10, but only as a technical preview. It
doesn’t look like Xfce 4.12 will arrive in time
for the next Xubuntu release, nor will LXQt be
ready for Lubuntu, so both of those distros
will have relatively low-profile releases.
Fedora 22, meanwhile, is scheduled
for late May, and will sport DNF as a new
package manager, replacing Yum. It looks
very unlikely that Wayland will replace X.org
by default though. Debian 8 (codenamed
Jessie) isn’t pencilled in for any particular
date, in true Debian fashion, but we can
expect it before summer, all being well. New
features include the aforementioned switch LibreOffice 4.4 will provide a quick way to edit styles, from within the styles menu itself.
to Systemd, the inclusion of the MATE
and Cinnamon desktops in the package configuration of the SDDM display manager, new application for reading and managing
repositories, and container support via the and support for undoing Plasmoid actions eBooks.
increasingly popular Docker. (e.g. recovering deleted Plasmoids).
The KDE team might squeeze a Plasma Gnome 3.16, later in the year, will build on So long, Microsoft Office...
5.2 into the end of January, featuring a the superb work that’s gone into version Due for release at the end of January (but
new KWayland Server component, easy 3.14, most notably with the addition of a more likely to slip into February), LibreOffice
On our wishlist
There’s so much that we, at Linux Voice HQ, would Providing, of course, that it had extensive Linux for this year? Are you waiting for a certain distro to
love to see this year. Imagine a Raspberry Pi Model support, and then there’s one game we’re absolutely be released? A new version of your favourite app?
C, for instance, with a better CPU and more RAM bursting to play on it, which would also need to be Or a long-standing bug to be fixed? Let us know:
(512MB is pretty limiting for some jobs). Sure, ported to Linux… Elite Dangerous! letters@linuxvoice.com.
we appreciate that the Raspberry Pi Foundation On a more technical level, we’d really like
doesn’t want to clutter up the market with many distributions to work together more closely on a
different models, so that some projects only work cross-distro packaging solution. Lennart Poettering
on some boards and not on others – and that the talks a bit about this on page 42. Having different
Pi has never been marketed as a replacement for distros with different goals is great – that’s
a desktop computer. But the Pi makes for such an software freedom. And having well-checked
awesome, silent, low-power server and NAS device repositories is also important. But there needs to
(when hooked up to a USB hard drive), and it could be a simpler way for third-part app developers to
run many services in parallel with more RAM. distribute their software than to package up for
We’d also love to see a final consumer version of Ubuntu 14.10, and Fedora 21, and Fedora 22, and
the Oculus Rift virtual reality headset. The current OpenSUSE X, and RHEL Y, and so forth. Sure, you
developer model (DK2) has received very positive can make cross-distro binaries by statically linking David Braben has given no firm schedule for
feedback, so we’d be in heaven if it were made in every library, but that’s wasteful. a Linux port of Elite Dangerous, so we may
available to the masses before the end of the year. Anyway, what’s on your Linux and FOSS wishlist have a while to wait. Dang!
26 www.linuxvoice.com
� 2015: THE YEAR OF LINUX
4.4 is one of the most ambitious versions PDFs as they’re generated in the suite,
yet, and has seen work across all areas of and two new fonts have been added –
the suite. From an end-user perspective, one Caladea and Carlito – which work as drop-in
of the biggest changes is the revamped replacements for Microsoft’s Cambria and
toolbars: in Writer and Calc, the toolbars have Calibri.
been reorganised to remove lesser-used
features, and add newer ones in their place. Kernel goodies
Not everyone will be happy with this, but on Version 3.19 of the Linux kernel should be
the whole we think it’s a good thing, as we’ve ready by the time you read this, and it packs
often found ourselves scratching our heads in a bag of improvements across the board.
with the default toolbars. On the graphics front, the DRM subsystem
Also in Writer, a new Master Document features Intel Skylake graphics support –
Templates feature is available, which helps Skylake being the processor architecture
in the creation of frameworks for large that’s due to be the successor to Broadwell
documents, such as books with multiple later this year. The AMDKFD driver has been
chapters. Graphical shape objects can have merged into the mainline kernel, and support
text boxes embedded inside them – which has been added for GM204 Maxwell GPUs,
is much more elegant than the previous, as used in GeForce GTX 970 and 980
clumsy approach of adding text boxes on graphics cards.
top and trying to keep everything together. Meanwhile, in filesystem land there have
Calc, meanwhile, will have a new Statistics been plenty of improvements: SquashFS,
Wizard, along with an AGGREGATE function the compressed filesystem, now includes
for better Microsoft Excel compatibility. The LZ4 compression, which has lower CPU Gimp 2.10’s unified transformation tool will let
presentation component of LibreOffice, and memory requirements than Zlib you scale, rotate, shear and add perspective at
Impress, will also support password- compression. F2FS, the Flash Friendly File the same time.
protected documents for editing – that is, System originally developed by Samsung
you can make a document read-only unless for use on solid-state devices, has a new for higher bit-depth images and non-
the viewer knows the password. “fastboot” mount option for snappier boot destructive editing. It will also be possible to
Under the hood, much work has been speeds. preview filter effects directly on the canvas,
done on file format support: you’ll be able to Btrfs users will find improved RAID 5 instead of the little filter window, while a
insert media in RealAudio, RealMedia, AC3, and 6 support, while OverlayFS, the union unified transformation tool should make it
ASF and Ogg Opus formats, and import files filesystem merged in kernel 3.18, will into the release.
from Adobe PageMaker MacDraw. LibreOffice support multiple read-only layers. This But that’s just the start: if we’re very lucky,
4.4 will also be able to connect directly to we may even see Gimp 3.0
SharePoint 2010 and 2013. An especially before the year is out, which
useful addition is the ability to digitally sign “Adoption of open formats looks will be ported to GTK 3. This will
set to continue, and the software bring it in line with the Gnome
3 and Cinnamon desktops, and
is gettng better all the time.” make it look much better on
HiDPI displays. Other features
planned for post-2.10 releases
means you can mount multiple volumes are script recording and playback, better
into the same directory. Then there are text handling, and automatic layer boundary
input driver updates (which should benefit management. We can’t wait!
Google Chromebooks), USB audio support Also in the realm of desktop software,
improvements, merging of support for Firefox 35 is due out in January or February,
ARM’s CoreSight debugging architecture, and will include improvements to the Firefox
and much more. If you’re running a rolling- Hello real-time communication client. It will
release distro like Arch, you should get kernel be easier to start conversations with people
3.19 fairly swiftly – otherwise it will be in the over WebRTC and keep track of multiple
next round of distro releases. chats. Also, the browser will default to using
HTML5 video when accessing YouTube,
Keep an eye on… which may finally mean the death of Flash
Maybe, just maybe, we’ll see a new version for many users. Not that we’re complaining
of Gimp this year. The developers are keen to – we’ve all had enough of that bloated,
stress that there’s no timeframe for version crash-prone, binary blob of evil.
2.10, which should fully support GEGL (the The number of Linux users has never
Firefox Hello lets you set up free voice and Generic Graphics Library, which has been been higher; adoption of open formats looks
video calls without accounts – you just share a under development since the year 2000) set to continue; and the software is getting
simple URL. and all the niceties it brings, such as support better all the time. The future’s bright.
www.linuxvoice.com 27
� FEATURE ASTROPI
Ben Everard is definitely not bitter that he didn’t get the chance to
program space computers when he was in school.
T
he most expensive structure ever built hurtles include a whole range of sensors:
around the earth at almost 8km per second. Gyroscope In space, there’s no up or down. Without
It’s 400km above sea level and needs to be gravity, the concepts don’t really make sense, so
occasionally pushed back up to stop it falling back what does this mean for the ISS? Is it spinning, and
down to earth. It’s been mankind’s home in the skies if so, how fast?
for over 14 years, and has provided innumerable Accelerometer The ISS is moving very fast, but is
scientific advances in that time. However, up until now, it’s decelerating slowly. This means it’s constantly
the International Space Station (ISS) has been missing falling towards the earth and occasionally has to be
one thing: a Raspberry Pi. pushed back up into orbit. An accelerometer could
Fortunately, all this is about to change. Tim Peake, a be used to measure this falling as well as any
British astronaut, will be taking two Raspberry Pis with irregularities in the station’s orbit.
him when he goes up to the ISS towards the end of Magnetometer Compasses always point north
2015, and the Raspberry Pi Foundation is running a when you’re on earth, but in space it’s not quite so
competition to see what runs on these boards. simple. With magnetic field fluctuations and solar
The competition is open to school children in the wind, there’s more variation. This sensor could
UK (with separate categories for primary and each key show what’s going on.
stage of secondary school). Entrants don’t have to be Temperature Space is cold. Very cold, but above the
expert programmers, as the Pi Foundation is on hand atmosphere, the sun’s rays are very powerful. What
to help implement the plans; the main challenge of the does this mean for life on the ISS, which crosses
competition is to come up with ideas for what from summer to winter every 45 minutes?
experiments to run on the computers. Barometric pressure The ISS is a tiny bubble of air
Just running software on a Raspberry Pi wouldn’t floating through the vast vacuum of space. Only the
be any different in space to on earth, so in order to thin walls stop the whole thing popping and
take advantage of the extraterrestrial location, the dooming everyone on board to death. How well is
space Pis will be fitted with Astro Pi HATs, which the pressure maintained, and should the astronauts
fear the bends?
Humidity Humans are constantly breathing out wet
air, and perspiring moisture through their skin. In a
small enclosed space like the ISS, can this cause a
problem?
Camera A bird’s-eye view of earth or an image of the
stars uninhibited by any atmospheric haze. Which
Linux in space Penguins in orbit and beyond
These Raspberry Pis join a long and illustrious line of
computers running Linux in space. In fact, the International
Space Station is already a Linux-only affair. After a
Windows virus outbreak in space (caused by an infected
USB stick), all the laptops on board now run Debian.
As well as laptops, there are a large number of embedded
Linux systems in space. R2, the humanoid robot on the ISS,
is powered by Linux, as are all 71 of Planet Labs’ Dove
satellites that are swarming in the upper atmosphere and
photographing the earth every day (we covered the Planet
Labs project on page 32 of LV008).
Linux hasn’t just been limited to Earth and its orbit. Linux
also powered NASA’s Spirit rover that went to Mars (the
The Astro Pi HAT is the best sensor board on the market, and opens up a more recent Curiosity rover used VxWorks RTOS).
whole new world of possible Pi projects
28 www.linuxvoice.com
� ASTROPI FEATURE
Left R2: The humanoid
robot in space. The future
is here and it’s running
Linux.
Right We don’t know who
the judges will be, but
Major Peake has a degree
in flight dynamics, so
working that into a
proposal may grab his
interest.
would you choose?
IR Camera Infra-red radiation shows different things
to visible light, but what does this mean for the view
from space?
Real Time Clock As well as keeping tabs on the
date and time, this could be used to determine the
location of the ISS at any point, since its orbit is this, they may be for sale commercially, as they
highly predictable. are promised ‘early in 2015’. Keep an eye on
In addition to these sensors, the Astro Pi HATs will raspberrypi.org for details.
have an 8 x 8 matrix of LEDs and some push buttons Although Britain has a strong space industry,
so the astronauts can interact with them. traditionally this country has focussed more on
We’re not part of the team the decides what gets hardware than people and few Britons have ever been
chosen and what doesn’t, but if we were, we’d be most to space (the first was Dr Helen Sharman, the first
interested in projects that combine data from more Yorkshirewoman in space). Major Peake will be the
than one sensor, for first to do so with
example, combining
the gyroscope with
“Although Britain has a strong space government
funding. This
temperature, industry, traditionally we’ve focussed project is part of a
humidity and
barometric pressure
more on hardware than people.” government drive to
get more British
to see how the people – and
atmosphere inside the ISS changes as the station school children in particular – interested in STEM
spins and moved around the world. subjects. In addition to funding this mission, the UK
The Astro Pi HAT has a great set of sensors, and Space Agency has another £2 million of public money
obviously could be put to good use down here on to help fund projects to get people interested in this
Earth. Those of us not lucky enough to be able to mission. Hopefully, we’ll see more funding like this
design projects that run in space can still get hold of from the UK government to invest in the future of one
this hardware for terrestrial use. By the time you read of our leading high-tech industries.
Not a UK student? More ways to get a computer into space
The Astro Pi competition is only open to school-age children in details of projects in your area. Alternatively, if you want to go
the UK, but that doesn’t mean that other people can’t access it alone (and have the budget to), companies such as
computing resources in space. California Polytechnic State Innovative Solutions in Space (www.isispace.nl/cms) can help
University has developed the Cubesat system to make it easier with everything including getting a launch.
to get into orbit. Cubesat is a standard specification for small The easiest option for most people is to cheat a little bit
satellites to make it easy for them to piggyback on launches and only go as far as the upper atmosphere. Helium weather
for a tiny fraction of the normal launch cost. Developing balloons (or high altitude balloons) can take loads up to about
Cubesats is far more involved than the Astro Pi competition, 40km above earth for far less even than the cost of a Cubesat.
but you also have far more control over your computing. Dave Ackerman has sent several Raspberry Pis up already, and
Even though this is far cheaper than most space launches it blogged about the experience on www.daveakerman.com. It
can still be expensive, but there are a few programs that can might not technically be space, but you’d never know that
help people get started. Keep an eye on www.cubesat.org for from the photos that come back.
www.linuxvoice.com 29
� ELECTRONIC FRONTIER FOUNDATION
EFFING
AWESOME
Take a peek into the origin of the world’s leading defender of digital
rights and understand what it takes to protect your civil liberties
online with Mayank Sharma.
W
hen Nelson Pavlosky and Luke Smith Diebold but we hadn’t actually planned out exactly
received the DMCA takedown notice they what we were going to do once we received them.
weren’t really surprised. After all, the Neither of us had sued a corporation before and we
Philosophy sophomores at Swarthmore College in were fuzzy on the mechanics of doing so; where we
Philadelphia had uploaded leaked memos from the would find the money to pay lawyers.” That’s when
billion-dollar voting machine manufacturer Diebold. one of their friends pointed towards the Electronic
Pavlosky and Smith weren’t voting machine activists. Frontier Foundation (EFF). “The EFF informed us
However, they wanted to challenge Diebold in court that they were already filing a lawsuit against Diebold
for abusing copyright law. The teenagers argued that on behalf of a non-profit ISP called the Online Policy
Diebold couldn’t claim copyright over documents that Group, and they asked us if we’d like to join in on
revealed possible flaws with the voting machines and the lawsuit fun.” The duo agreed. The EFF then put
possible evidence of wrongdoing. them in touch with the Stanford Cyberlaw Clinic,
In an email exchange with us, Pavlosky recounted which represented them pro-bono. After a year, the
those times: “We were expecting legal threats from students came out on top, won the case and set a
30 www.linuxvoice.com
� ELECTRONIC FRONTIER FOUNDATION
EFF’s litigious journey
Since its inception in 1990, EFF has undertaken when the EFF took on the US government and got Recently, in October 2013, EFF filed a petition
important cases and achieved landmark victories a favourable verdict which forced it to change the at the US Patent and Trademark Office to take a
in its self-appointed role as protector of users’ draconian laws that treated privacy protection as a second look at the patent owned by Personal Audio
digital rights. Its opponents have included the potential threat to national security. LLC. The company claims its patents cover all
US government, the Federal Communications In one of the famous victory for free speech forms of podcasting and has already sued a handful
Commission (FCC), and various entertainment and the EFF successfully defended a group of of small and large podcasters. In April 2014, the
electronics companies, among others. online journalists against subpoenas from Patent Trial and Appeal Board (PTAB) sided with
The EFF’s long history of fighting new bills Apple Computers, which was later ruled to be the EFF and has allowed EFF’s petition and ordered
and amendments in the US courts has resulted in unenforceable. The foundation also filed a class a review.
several celebrated cases relating to free speech, action lawsuit against Sony BMG for distributing The EFF is also working with the the American
file sharing, digital rights management, privacy, music CDs that contained software to implement Civil Liberties Union (ACLU) as co-counsel to craft
patents, NSA spying, and more. copy protection and Digital Rights Management an appeal to a ruling in a case filed by an Idaho
In the Diebold case mentioned in the feature, and also covertly allowed the company to spy on nurse against President Barack Obama and several
the EFF set a precedent by fighting on behalf of the consumer’s listening behaviour. Eventually Sony US intelligence agencies for violating her Fourth
an ISP, exposing Diebold’s bogus copyright claims. agreed to withdraw the discs and took steps to fix Amendment rights by the various NSA mass-
Also mentioned in the feature is the Bernstein case, the damage. surveillance programs.
legal precedent, which Pavlosky credits to the EFF. founded the EFF in July 1990. Kapor provided the
“Without the EFF’s help, we wouldn’t have had a clue initial funding and Apple co-founder Steve Wozniak
what to do, and we wouldn’t have become part of a also pitched in.
court case that is cited in cyber law textbooks around However, forming a
the country.” foundation wasn’t the initial
plan. Barlow and Kapor just
“The EFF is a non-profit civil
The EFF bomb wanted to hire a law firm liberties organisation that
“The EFF is a non-profit civil liberties organisation that
works to defend your rights in the digital world,” sums
and sue the Secret Service
on behalf of Steve Jackson
works to defend your rights.”
up Shari Steele, EFF’s Executive Director, in a video Games. In a keynote at
titled “EFF’s Five Famous Friends”. The video also the 2008 Digital Freedom Conference in Iceland,
features Sci-Fi writer Cory Doctorow, who credits the Barlow recounted that the plan was to “re-assert the
EFF for making sure “that those civil liberties values constitution in cyberspace with a couple of surgical
that informed the best parts of democracy for legal actions.” However, at around that time Barlow
Nelson Pavlosky
centuries, make the transition to the 21st century, received an email from someone in what was still completed his BA in
make the transition to the internet.” the Soviet Union who had heard of their actions to Philosophy and went on
EFF was founded in July 1990 as an international protect the American constitution on the internet and to graduate from George
digital rights group. The term digital rights, in simple asked “What about us? We don’t have a constitution.” Mason Law School.
terms, is used to describe the rights that enable users
to access, use, create and publish digital media. It also
covers the right to access, and use of communication
networks, computers and electronic devices.
One of the main catalysts that led to the formation
of the EFF was the raid on Steve Jackson Games,
a small games book publisher in Texas. As part
of a series of raids in early 1990 to track a copied
document that described the working of the
emergency 911 system, the United States Secret
Service seized all electronic equipment and copies
of an upcoming game books from Steve Jackson
Games. While the equipment was returned when they
couldn’t find any evidence of wrongdoing, the small-
time business was left in tatters.
This event convinced a bunch of Silicon Valley
technologists that the authorities weren’t informed
about emerging forms of online communication
and that there was a need for increased protection
for civil liberties in this digital era. That’s when Mitch
Kapor, former president of the Lotus Development
Corporation, John Perry Barlow, a poet and musician,
and John Gilmore, a prolific free software hacker and
co-founder of Cygnus Solutions, got together and
www.linuxvoice.com 31
� ELECTRONIC FRONTIER FOUNDATION
EFF staffers Aaron Jue and Magdalena Kazmierczak
talking to a new EFF member.
Image credit: Alex Schoenfeldt
Richard Esguerra, EFF’s
Development Director, According to Barlow, that’s when it “dawned on us Justice from publishing his encryption program on
mc’ing the annual Pioneer that in cyberspace the Bill of Rights is a set of local the internet. The EFF triumphed again, and Judge
Awards. The awards ordinances. And in fact no rights can be conferred in Marilyn Hall Patel ruled, for the first time ever, that
recognise individuals cyberspace by anybody.” That’s when they decided to written software code is speech protected by the First
“who have made create an organisation with a much wider mandate. Amendment. The case also forced the government
significant contributions EFF’s first order of business was to sue the US to change its regulations and allowed everyone to
to the empowerment Secret Service on behalf of Steve Jackson Games and publish encryption software on the internet without
of individuals in using several of the company’s bulletin board users whose prior permission from the US government.
computers”.
Image credit: Alex Schoenfeldt personal messages had been accessed and deleted By the time the verdicts were delivered in these
by Secret Service agents. Since none of the EFF’s cases, the EFF had established itself as an authority
founding members were lawyers, the tech press of in the civil libertarian community and was a bubbling
the time didn’t buy the argument that it was trying to wellspring of information on electronic civil rights and
safeguard the civil liberty issues of the falsely accused privacy issues.
and labelled the EFF a “defence fund for hackers”.
However, a couple of years later Sam Sparks, Electronic freedom fighters
the US District Judge hearing this case, not only Fast forward a couple of decades and the EFF today
reprimanded the Secret Service for its actions but is an expansive organisation. It is particularly
also held that electronic mail deserves at least as interested in issues related to fair use, free speech and
much protection as telephone calls. It is because of privacy. They’ll take on copyright trolls, DMCA and
this case that law enforcement agencies (in the US, at patent abusers, help protect bloggers’ rights, and
least) must now produce a warrant that particularly support initiatives against mass surveillance, by the
describes all electronic mail messages before going government and by the internet companies.
through them. The EFF not only provides legal assistance to
The EFF next came to the rescue of Dan Bernstein, relevant cases, but also does a lot of advocacy work
a University of California mathematics PhD student, by organising campaigns to spread awareness and
who was prevented by the US Department of rally support against harmful actions and legislation.
Encrypting the web
EFF’s involvement with encryption can be traced encrypted pages with links that take you to an has announced the Let’s Encrypt certification
back to its origins, when it defended Dr Dan unencrypted website. authority (CA) initiative, which will start issuing free-
Bernstein and rewrote the rules of distributing Before launching the HTTPS Everywhere plugin of-cost security certificates to websites in 2015.
encryption programs. Then in 1998 it built the DES the EFF began asking some of the largest sites on
cracker, which cracked the DES (Data Encryption the web, including Google, Facebook, Twitter and
Standard) by a brute force attack. It helped prove Wikipedia, to start offering HTTPS versions of their
the lack of security of the DES, which back then sites. They also launched the SSL Observatory
was a federal standard. project, which investigates the certificates used to
The EFF is also the author of the popular HTTPS secure all of the sites encrypted with HTTPS.
Everywhere browser plugin for Firefox, Chrome, In light of the NSA’s surveillance programs, the
and Opera browsers. The extension forces the EFF suggested five best practices for encryption
connection to use the encrypted HTTPS connection for online companies. It also queried the leading
when communicating with a website instead of companies about their initiatives to bolster
the unsecure HTTP, which is the default on many encryption and published the results as part of its You can even install the HTTPS Everywhere
websites. It also alerts you when you run into Encrypt The Web initiative. Recently, the foundation extension in Firefox for Android.
32 www.linuxvoice.com
� ELECTRONIC FRONTIER FOUNDATION
It also publishes white papers and reports that assess
and explain threats to the average user from the
government as well as the industry. Finally, it also
employs programmers who develop tools to keep
users safe online.
The EFF keeps its eyes peeled for messages
requesting legal assistance on info@eff.org.
Communications with the EFF asking for legal
counsel are protected by the attorney/client privilege
regardless of whether or not the EFF takes up a case.
Since it has limited resources, the EFF is likely to take
on cases that will have a large impact on the law and
whose decision will help define how the law is applied
in future cases.
Working a lawsuit usually costs a lot of money,
and since the EFF has limited resources it only helps
Use Panopticlick (http://
those who simply can’t afford legal representation. In in the last financial year, over $2.5 million (about £1.6
panopticlick.eff.org) to
their last financial period they spent over $120,000 million) were grants from various organisations. see how much information
(about £80,000) in legal and professional fees and Another sizeable chunk of the income, over $2 million your web browser gives
almost $90,000 (about £60,000) for various litigation (about £1.3 million), were from the sales proceeds of away to websites.
expenses. Rebecca Jeschke, the EFF’s Media the Humble Bundles. Humble Bundle Inc, shares its
Relations Director and Digital Rights Analyst, told us income with various charities and organisations
that the EFF currently has a staff of 63 employees, of including the EFF in a completely transparent fashion.
whom 20 are legal staff. They are however assisted by However, the biggest source of income for the EFF
others, Jeschke says: “Our activists and technologists is from direct individual contributions. In the same
and analysts also help on legal cases for background financial year, the EFF received over $4.3 million
and insight, etc.” If the EFF can’t take up your case, (about £2.7 million) from individual supporters like
they’ll redirect you to another attorney on their you. Since the EFF is a registered 501(c)(3) non-
Cooperating Attorneys list, who are passionate about profit organisation, all donations are tax deductible if
the same things as the EFF. you’re a US citizen. All donations get you a 12-month
Advocacy is handled by the 15 activists and membership and discounts on general admission to
analysts employed for this purpose. Then there’s the EFF events.
technology products team of seven, which develops There are also several other ways you can support
tools such as HTTPS Everywhere. There are also the foundation, such as by
general technologists who provide support and help donating air miles and gifting
build things like web pages for the activism, and folks stocks. Visit the supporters page “The EFF is interested in
who answer emails from members. at https://supporters.eff.org for
more details of such programs.
issues related to fair use,
Support with your wallets We at Linux Voice also free speech and privacy .”
The EFF gets a high proportion of its funds through appreciate the EFF’s efforts in
grants, so the foundation has to employ a bunch of safeguarding our digital rights,
people to help write the grant bids. Of its total income and it’s our pleasure to include the EFF in our “Giving
Profits Back” scheme. You can read about our profit
sharing scheme in detail in Issue 10. As promised in
our crowdfunding campaign, at the end of every year
we’ll give 50% of our profits back to Free Software and
Linux communities as per our readers wishes and
EFF is one of the organisations you can choose to
give to.
The Electronic Frontier Foundation is doing
important work, and the Snowden revelations show
that it has a huge amount of work to keep on top of.
Everything the organisation does, in one part or the
other, reflects one of its founders, John Perry Barlow’s,
ambition to be a good ancestor: “If you want to be a
good ancestor you want to keep the internet open
to anything that flows over it, which might be awful
Jacob Applebaum, a core member of the Tor project,
stuff. But as John Stuart Mill said, liberty resides in
sits under a dunk tank to raise money for the Electronic
Frontier Foundation. the rights of that person whose views you find most
Image credit: Scott Beale / Laughing Squid odious.” Keep up the good work, team!
www.linuxvoice.com 33
� LINUX VOICE AND THE PI FACTORY
INSIDE THE
PI FACTORY Les Pounder bought a Raspberry Pi and inside
was a golden ticket to the secret Pi factory.
T
he Sony UK Technology Centre in Pencoed, the vast line of machinery. First, the boards receive an
Wales, is the home of Sony’s manufacturing application of solder paste via an extremely thin steel
operations for professional television stencil. An optical check of each board ensures that
broadcast equipment, but by sheer volume the the application has been done correctly.
biggest product manufactured there is the Raspberry With the solder paste in place, the Pis make
Pi, with some 50,000 units being produced each week their way through Sony’s specially designed SMT
– roughly one new Raspberry Pi every 5.5 seconds. (Surface Mount) mounting machine, which is home
We asked Pete Lomas, the designer of the Pi, to to hundreds of reels containing thousands of SMT
explain how they can make so many models in one components such as resistors, capacitors etc. These
factory, including the newly released model A+ components are removed from sealed pockets on the
reels by advanced pick-and-place machines operating
Process 1 and 2 – bottom SMT and top SMT in parallel at tremendous speeds to ensure a smooth
A Raspberry Pi starts life as one of six Pis in a panel operation. These are then gently pressed into the
for the model B+ (it’s 8 per panel for the A+, making it solder paste on the board.
about 30% faster to make) to reduce the handling of With all the SMT parts in place, the board is then
the bare PCBs (Printed Circuit Boards) and to group run through the reflow oven to heat the solder paste
the boards into batches. Each panel is loaded into a and the components so that they are bonded together.
hopper and in turn each panel makes its way through The SMT process is repeated for the underside and
34 www.linuxvoice.com
� LINUX VOICE AND THE PI FACTORY
Top Placing the SMT
top of the Raspberry Pi, with special attention being improvements and there were quite a few Raspberry components is a precise
paid to the BCM2835 processor unit, which requires Pi flavoured awards on the board. and rapid part of the
process, with thousands
a memory chip to be installed on top of it using a After the tests are completed each of the Raspberry
of components loaded on
specialist package-on-package (or PoP) applicator that Pis are placed into an anti-static bag and boxed into
to massive reels ready to
adds a small amount of solder paste to the balls of the correct packaging for the distributor, either RS be used.
solder on the bottom of the memory chip; this is then (Allied) and Farnell (element14). For all of the above Top-right A panel is made
lowered onto the BCM2835 to make the connections. processes there are three production lines which up of six Raspberry Pis
are working together to produce around 10,000 (eight for the A+) and they
Process 3 – PTH (through-hole) Raspberry Pi per day – and all made in the UK. will go through all of the
The Raspberry Pi has only a handful of through-hole From here the Raspberry Pi is sent to stores ready processes as a group.
components (such as the Ethernet jack) which are for you to purchase, where it will be taken home and
added to the panel by a team of skilled operatives. The used to power projects both big and small, lighting the
panel is then placed into a heat-resistant frame to fire of imagination inside a child’s mind and enabling
protect the SMT components from desoldering in the them to enjoy learning not just about computer
next stage. After a quick spray of flux to the underside science but about the worlds of science, engineering Using a thin steel mask,
of the Pis the panel is sent through a wave soldering and technology that can benefit greatly from this solder paste is applied to
machine, which will solder the PTH components to small PCB. the Raspberry Pi PCB.
the Pis via a wave of molten solder. Using the wave
soldering station takes a high level of accuracy to get
right, as too much power to the wave can cause the
molten solder to flow over the board and ruin a batch
of Pis.
Once the PTH stage is complete the Pis are broken
from their panels and passed to the test teams who
perform automated tests of each Pi. For each testing
station there are two Pis being tested at any one time
and where a defect is found (this is very uncommon)
they are placed into a fail box and an operative will
investigate to see if any optimisations can be made to
the production process to reduce or remove this fault
from the process. Sony take these optimisations very
seriously and there is a wall of fame out in the 200
metre long corridor where staff are rewarded for their
www.linuxvoice.com 35
� FEATURE MALWARE
LINUX MALWARE
Open source software isn’t immune
to viruses and trojans, but
Ben Everard isn’t
panicking yet.
L
inux is generally considered to be virus-free for stories in the news. Is it time to rethink the maxim that
all practical purposes. No major distros ship Linux is secure?
with anti-virus software running, and this is not Trojans are pieces of software that hide from the
considered a problem. Most Linux users never install user and steal data from within. Unlike viruses, they
any specific security software, and also never run into don’t usually have a mechanism for self-replicating, so
any issues. However, as Linux becomes more popular, they require the user to be tricked into installing them.
it also becomes a more attractive target for malware They’re a major problem for people who download
creators. In 2013, we saw the release of the first major software from dubious internet sites. Usually, they
piece of malware targeting Linux desktop users in the attack Windows, but Hand of Thief goes after Linux
shape of the Hand of Thief banking trojan. In 2014, the users. Hand Of Thief is designed to steal information
trend has continued with several major Linux malware from web browser sessions, specifically login
36 www.linuxvoice.com
� MALWARE FEATURE
information for internet banking. It can grab data from
HTML forms, and other details from the web browser,
and relay them back to the attacker. It’s also reported
to be able to prevent users from accessing anti-virus
sites in order to make it harder for them to identify an
infection. The Linux version of this trojan has been
offered for sale in Russian malware forums for an
amount in the region of thousands of pounds, so
some people are obviously keen to target Linux users .
Despite being quite powerful once it’s installed,
Hand of Thief doesn’t have a good method of
infection. It requires the user to be tricked into
installing it manually. This sort of thing is quite familiar
to Windows users. For example, many people have
received bogus phone calls from people claiming to
work for Microsoft saying something along the lines
of, ‘we have detected a problem with your computer
and you need to install some software to fix it’. They
will then talk the unsuspecting user into downloading
After the Shellshock news,
and installing some trojan. This sort of thing is unlikely Within a few hours of Shellshock’s announcement,
crackers tried to exploit
to work with Linux users both because they tend to be malware writers had adapted their code and were our servers; helpfully,
more knowledgeable about computing and because scanning huge swathes of the internet for vulnerable they furnished us with
most users would be suspicious of any software that servers, trying to infect them using this as a vector. commented source code
doesn’t come from their package manager. We have a couple of servers at Linux Voice: one for to their malware. It made
The hard part of Linux malware isn’t controlling the the website, and one for our internal use. These both analysis much easier.
system once you’re in; it’s infecting the system in the run CentOS and were vulnerable to Shellshock (but
first place. This doesn’t our server setup wouldn’t
mean that we Linux
users can disregard
“The hard part of Linux malware allow remote execution).
We patched them
malware completely isn’t controlling the system; it’s quickly, and didn’t have
though. In 2014 we
found that we too were
infecting it in the first place.” any problems. However,
we could see all the
vulnerable to bugs that attempts to exploit us,
allow rapid infection of a large number of machines. and we kept track of the code that attackers were
trying to run on our servers. The vast majority tried to
Shellshocked use the vulnerability to use wget to download some
A code execution bug in Bash may not immediately malware onto our server. Seeing these, we grabbed
seem like a big problem. After all, code execution is the malware to see what people were trying to run.
the entire point of a shell. However, Bash is used to All of the malware that targeted us tried to enlist
span new sessions in when generating web pages our servers into Distributed Denial of Service (DDOS)
under some server setups. Shellshock – a Bash code botnets. There were bots written in Perl, Python and
execution vulnerability announced in September 2014 C (sent as source code to be compiled on the server),
– allowed attackers to execute code on a server by but they all worked in roughly the same way.
sending specially crafted HTTP requests that An important part of any botnet is the command
exploited this session spawning. and control setup. This is the mechanism that enables
Embedded malware Inherent insecurity
Embedded devices pose a new type of threat, and one
that could be hard to combat unless there’s a radical
rethink of the way embedded software is maintained.
In the past, devices have shipped with software pre-
installed, and normally left with the same software for
their entire lifetime. This means few embedded devices
ever get patched against bugs, few even have their default
passwords changed.
Linux can be secure, but it isn’t automatically. Unless
manufacturers start taking security seriously, and enable
users to update their devices, then the internet of things
You can view a map of DDOS attacks as they happen at will continue to be an increasingly attractive target for
www.digitalattackmap.com, and even scroll back to big malware developers, regardless of what OS is running it.
attacks in the past.
www.linuxvoice.com 37
� FEATURE MALWARE
Internet of Things When everything is connected, everything is a target
More and more things besides desktop and server do) using both a brute force password guesser and The internet of things is rapidly expanding, and
computers are being connected to the internet, an authentication bypass exploit. there’s seemingly no end to the range of devices
and anything connected to the internet can get Hydra itself wasn’t particularly malicious. some manufacturers try to connect to the internet.
malware. Phones are the most visible aspect of this Infected routers were just used to infect more It goes far beyond routers to more mundane items
internet of things (see Android boxout, below), but routers. However, there are many pieces of malware like televisions and fridges. Although these aren’t
they’re not the only type of device. that have since been built based on the Hydra code positioned on the network in such a way as to
Routers and ADSL modems pose a particularly which are more malicious. allow them to run man-in-the-middle attacks like
attractive target to malware developers. They’re Not all attacks on routers need malware though. compromised routers can, they could still be used
usually left switched on 24 hours a day and One reason for targeting routers is to launch man- in DDOS botnets.
permanently connected to the internet, and they sit in-the-middle attacks people browsing the web, and The trend for embedded Linux devices is
between people browsing the web and the internet this can be done quite effectively by altering the increasing, and they’re becoming a more and
itself, so they’re perfectly placed for performing router’s Domain Name System (DNS) settings. By more attractive target for malware. However, few
man-in-the-middle attacks. altering these, an attacker can send all of a router’s manufacturers make it easy to keep software up
The first major attack of this type, known data through a machine that the attacker controls to date, and even fewer users actually do. This
as Hydra, happened in 2008. Hydra was an IRC allowing them to intercept – and change – any means that security bugs often sit around unfixed
controlled worm that infected Linux systems of the data. Recently, attackers have used this to for years. As we saw with Shellshock, attackers can
running on the MIPS architecture (as many routers target banks in Brazil and Eastern Europe. quickly exploit these.
the attacker to communicate with the bots (and and the command is the command that should be sent. For
ideally with lots of bots concurrently), but at the same example, if you
time allows the attacker to remain untraceable when want to tell all the clients with the nickname starting with N, to
the malware gets discovered. send you
All the bots that we saw used IRC for this. The the help message, you type in the channel:
bots included the details of servers, channels and !N* HELP
passwords to connect with. As soon as they ran, they That will send you a list of all the commands. You can also
connected to a particular IRC channel, which they specify an
listened to, then they acted depending on what was astrick alone to make all client do a specific command:
sent on the channel. The people running the botnet !* SH uname -a
could then connect to the same channel through an There are a number of commands that can be sent to the client:
anonymising proxy and be untraceable. TSUNAMI <target> <secs> = A PUSH+ACK flooder
Helpfully, all the bots were well commented with PAN <target> <port> <secs> = A SYN flooder
instructions for use. Here’s the comments describing UDP <target> <port> <secs> = An UDP flooder
the IRC commands for one bot: UNKNOWN <target> <secs> = Another non-spoof udp
The syntax is: flooder
Only about 30% of Android
!<nick> <command> NICK <nick> = Changes the nick of the client
devices are running the
latest version of the OS, You send this message to the channel that is defined later in this SERVER <server> = Changes servers
which means many are code. GETSPOOFS = Gets the current spoofing
vulnerable to known Where <nick> is the nickname of the client (which can include SPOOFS <subnet> = Changes spoofing to a subnet
security bugs. wildcards) DISABLE = Disables all packeting from this bot
ENABLE = Enables all packeting from this bot
Percentage of Android devices by version KILL = Kills the knight
GET <http address> <save as> = Downloads a file off the web
VERSION = Requests version of knight
KILLALL = Kills all current packeting
HELP = Displays this
IRC <command> = Sends this command to the server
SH <command> = Executes a command
2.2 0.5%
By getting all the bots to connect to a single
2.3 9.1% channel, and allowing wildcards in the commands, the
4.0 7.8% controllers can easily launch an attack using a large
number of infected computers – this shows that the
4.1 21.3%
bot is designed for DDOSing.
4.2 20.4% The SH command gives the controller the power to
4.3 7.0% execute arbitrary code, so the bots could be used for
more than DDOSing even though this appears to be
4.4 33.9% their primary purpose. Amassing network bandwidth
is usually the aim of server malware.
The Active Threat Level Analysis System (ATLAS)
run by Arbour networks monitors DDOS attacks
around the world through ISPs sharing their data (see
38 www.linuxvoice.com
� MALWARE FEATURE
https://atlas.arbor.net for more information). In 2012,
the largest attack reported by Atlas used a peak
bandwidth of 100Gbps. By 2014, that had increased
to 325Gbps with attacks over 100Gbps occurring
almost every month. In other words, DDOSing is
becoming big business, and attackers need larger and
larger botnets in order to keep up with the
competition. Shellshock provided one such source of
new servers, but every vulnerability that can be
exploited in this way will be. These botnets are then
rented out (often by the hour) to whoever has a desire
to take a site offline.
Another common goal of malware on Linux servers
is as a vector to infect other machines (typically ones
running Windows). In this scenario, when a Linux
web server is compromised, the attackers then use
it to deliver malware to people who visit the websites
Many routers, like this one,
hosted on the server through so-called drive-by a SYN-ACK packet, and finally, the client responds
can be configured through
downloads. with an ACK packet. At the end of this handshake, an HTML interface. This
both machines know that they’re communicating with potentially makes them
Advanced Persistent Threats a machine that’s switched on and working, so they vulnerable to cross-site
Late in 2014, news surfaced of a newly discovered can then start to transfer real data. request forgery attacks
Linux component of the Turla Advanced Persistent From a network security point of view, this means (CSRF).
Threat (APT). APTs are targeted malware that’s that a computer can always tell which ports on a
designed to get into an organisation and stay there server are open by sending SYN packets. If they get
allowing attackers to steal large amounts of data, or a SYN-ACK in response then they know that some
monitor activity for a long time. This is the sort of software is listening on that port. On the server
malware used in industrial espionage, or by nation- side, Linux netstat or ss can be used to show which
state spies. processes are using a particular port.
Turla is a suite of APT malware that’s been known Cd00r doesn’t listen on a port in a normal way.
about for some time. It’s thought to be linked to the It doesn’t respond to SYN packets with SYN-ACK
Russian government, and has been used to spy packets. Instead, it sniffs packages that go to a range
on governments and militaries around the world. of ports, and looks for SYN packets being sent to
However, up until now, all known components have several specified ports in order. For example, the code
targeted Windows. to trigger cd00r could be SYN packets to port 55, 74,
We haven’t been able to get hold of a copy of 12, 90 then 45. Once it detected this pattern of SYN
Turla to analyse. However, Turla is based on an older packets, it would trigger a piece of code. This is know
backdoor called cd00r developed by Phenoelit – Turla as port knocking. Turla works in a similar way, but
uses the same method used by cd00r to stay invisible instead of listening for a pattern of SYN packets, it
to normal socket monitoring tools while still being listens for special values in the SYN packets.
contactable from outside for example. A normal TCP This method has allowed Turla to remain
connection starts with a three-way handshake. First, undiscovered on Linux for at least four years. If you
the client sends a SYN packet. The server then sends fancy having a look at how Turla works, the cd00r
source code is available at www.phenoelit.org/fr/
tools.html.
Android Malware Viruses in your pocket
Android – the world’s most popular smartphone operating Don’t panic!
system – is also a distribution of Linux and it s useful case Servers are far more public than most computers, and
study for how malware can affect this OS. On the desktop,
Linux is used much less than Windows or Mac OS X, and
so are most vulnerable to attack when a weakness
has far fewer problems with malware. On phones, Linux (as is discovered. The popularity of Linux on the server
Android) has a much larger market share than any of the market means that Linux vulnerabilities are exploited
competitors (around 85% of all smartphone users are on heavily once they are discovered.
Android), and also has the majority of malware (around 97% Desktop computers, on the other hand, are not
of smartphone malware is on Android).
The situation isn’t as simple as it may first appear
usually reachable from the internet, and this means
though. Smartphone software is typically installed through attackers have far fewer chances to access them.
app stores. Android is the only popular platform that allows Linux distros’ repositories are our greatest strength
appstores other than its own, and it’s on these third-party in fighting malware on the desktop. As long as you
app stores that most of the malware exists. That’s not to only use trusted repositories, you’re unlikely to have
say there isn’t any malware on Google Play Store, but that
it’s a small proportion of the overall situation.
any problem with malware. That’s true now, and it will
remain true for the foreseeable future.
www.linuxvoice.com 39
� FAQ SNAPPY UBUNTU CORE
SNAPPY UBUNTU CORE
Just in time for Ubuntu’s new phone, we’re condensing a new buzzword that
embraces both the handheld and the cloud.
compressed boot image, it uses less distribution for the cloud, followed by
GRAHAM MORRISON that 100MB, but size isn’t its most RHEL and CentOS. It’s also popular on
important characteristic. It’s that the Google’s and Amazon’s cloud platforms,
image includes all you need to build as well as HP’s and even Microsoft’s.
Oh no! Not another Ubuntu- your own more complex installation. Unfortunately for Canonical, and despite
related catchphrase that will Ubuntu Core has been around in the incredible growth of cloud-related
fail to deliver on time! various forms for years, and it’s business, the company receives very
While we agree there have been a designed to be a platform for creating little from all those businesses spinning
few, perhaps, hyperbolic your own distribution, with only those up instances of Ubuntu. We’re guessing
Ubuntu-related statements made over packages installed you need and that Canonical’s latest cloud initiatives
the last few years, Canonical is getting nothing else, providing nothing more are an attempt to harness some of that
better at controlling its enthusiasm. The than a platform for package Ubuntu love and put its service
Ubuntu Phone is imminent, for management. As Canonical puts it, “it’s provision at the heart of cloud users,
example, and Snappy Ubuntu Core is an engine, chassis and wheels, no perhaps with an option for providing
already available and doing things. We luxuries, just what you need for paid-for managed subscriptions at
think it’s excellent, and it’s no massively parallel systems.” some point.
coincidence that it arrives at almost the ‘Snappy’, on the other hand, is less
same time as the long-developed descriptive, and marks a new direction Hasn’t Canonical covered this
Ubuntu Phone. for Ubuntu Core. We’d like to guess that with Ubuntu Server?
its name is the result of a marketing/PR Ubuntu Server has been one of
If this is something genuinely brainstorming session where delegates our favourite spins of Ubuntu for
useful, why the weird name? were fed a diet of terms like ‘Docker’, some time. It’s a full version of Ubuntu
The weird name is because this ‘Cloud’, ‘Synergy’ and ‘Leverage.’ For without many desktop packages
is actually the combination of now let’s describe Snappy in hugely pre-installed. It will even install a LAMP
two things. The sober half is ‘Ubuntu simplistic terms – it’s a package stack (Linux, Apache, MySQL and PHP)
Core’. This can be explained in Linux manager for the new Ubuntu Core, but as part of the installer, taking you from
terms you may already be familiar with we’ll flesh out this answer a little more bare metal to WordPress, for instance, in
– it’s a tiny Ubuntu image that creates a in a few questions time. less than 10 minutes. Add to this the
minimal functional userspace convenience of apt-get install for any
environment from where other Does that mean this initiative other packages you need, and the vast
packages can be installed. As a has something to do with that amount of support available from any
web of network services known Ubuntu forum, and Ubuntu Server is a
colloquially as ‘the cloud’? brilliant option for low-end boxes, public
“The OpenStack User Survey Yes it does. Ubuntu is actually a
massively popular cloud
clouds and VPSs. But that’s not the
target demographic of Ubuntu Core.
from 2014 listed Ubuntu as the operating system. The OpenStack User
preferred distro for the cloud .” Survey from 2014, for example, listed
Ubuntu as the most preferred
What makes Ubuntu Core
more suitable for installing on
40 www.linuxvoice.com
� SNAPPY UBUNTU CORE FAQ
virtual machines in the cloud than
something like Ubuntu Server?
It’s only better in specific
circumstances. Ubuntu Server
would still be a great choice for your
own machines, for example, but the
cloud has opened up all kinds of
potential uses that could never have
been envisaged back in the old server
days. Mostly this potential is thanks to
scale, because if there’s one thing that
defines cloud services, it’s their ability to
scale quickly and transparently. This is
primarily what differentiates the cloud
from those old server networks, despite
there being nothing particularly new in
the technology that runs them. The Canonical’s announcement includes instructions on trying out Snappy for yourself.
cloud also creates new problems, such
as security and automation. importantly, both sets of files are applications immediately. Some of the
‘read-only’. That makes it far easier for most popular at the Docker hub include
You mean when you’re Canonical/carriers/cloud providers/ configurations running node.js,
creating hundreds of new administrators/you to validate the WordPress and databases, but equally,
servers with a click of a button, you integrity of an installation. At run-time, many people create their own bespoke
need some way of keeping them the permissions are handled by setups to provide specific
updated and secure? AppArmor, the access control system configurations and services for
Exactly. Ubuntu Core is a good that’s been a part of Ubuntu for years themselves or for their customers.
foundation for this because it’s (and is also the basis for the new phone Docker is becoming something of a
such a minimal distribution. As Mark application security). In that way, standard for “shrink wrapping your
Shuttleworth puts it, “It’s completely applications can be run within isolated applications and shipping them to the
extensible to all forms of container or containers where the OS is shared, but cloud”, to paraphrase Mark Shuttleworth
service.” But the minimalism also not the space where other applications in his Snappy announcement. Ubuntu is
makes it much easier to secure and may be running. popular among the Docker community,
lock down. What’s missing from the so it makes sense migrating the tested
original Ubuntu Core is an equally How does Snappy manage formula from phones and into the cloud,
scaleable and secure ability to update installation if the operating even if they’re on opposite sides of the
and install packages for these new system is read-only? CPU scale.
environments, rather than through the To make this work, Snappy
traditional apt-get package borrows a concept from ‘Docker’, As all of this is so cloud-
management, and that’s where the the software abstraction container based, how do us mortals get
partnership with Snappy comes in. that’s being used to deploy applications to play with the technology?
(collections of pre-configured At its most basic, you can try
Does that mean Snappy is the packages) to the cloud. Installation and running Snappy on your local
bit designed for the cloud? updates are applied as atomic, machine using qemu-kvm and a
Not quite, although Canonical indivisible transactions that also allow pre-made image downloadable from
must have realised its potential you to roll forward and backwards ubuntu.com. Instructions are also
for the cloud early on. Snappy was through updates in the same way you included for running an instance on
originally designed for its smartphone might with a modern filesystem like Microsoft’s Azure (one of the first
platform because Canonical needed to btrfs. It accomplishes this trick by platforms to declare its support for
ensure carrier-grade secure updates installing updates and applications as Canonical’s new venture), as well as
and a way of separating the operating ‘deltas’ containing only the differences Google’s Compute and Amazon’s EC2.
system from the applications that between the base installation or the When everything is up and running,
people will want to install. It’s one thing previous package and the update. typing sudo snappy install docker will
if updating from Ubuntu 14.10 to 15.04 install the Docker package, for example,
breaks your desktop, forcing you to Applications like LibreOffice, and you can search and update
re-install. It’s quite another if an update you mean? packages in exactly the same way you
breaks your Ubuntu Phone, and that’s No. As we’re in the cloud, we’re would with apt-get, with the addition of
why Canonical has had to be so careful. talking about distributed being able to roll back to previous
Snappy does this by keeping the networking applications. That’s why the versions. To try out Snappy Ubuntu
operating system and the application Docker framework is so important, Core, point your browser at: www.
files completely separate, and more because it opens Ubuntu Core to Docker ubuntu.com/cloud/tools/snappy.
www.linuxvoice.com 41
� INTERVIEW LENNART POETTERING
REBUILDING
LINUX FROM THE
GROUND UP
We meet Lennart Poettering, the lead developer
of Systemd, an ambitious (and controversial)
attempt to rewrite the Linux base system.
F
ew pieces of software in scheduled actions (like Cron) and
history have been so fiercely much more. Almost every major Linux
debated as Systemd. Initially distribution has adopted Systemd, but
a replacement for Sysvinit, the there are still some unhappy campers
boot scripts that start up a Linux out there, so Mike and Graham
installation, Systemd has grown into ventured to Berlin to meet Systemd’s
“Most people who say
a hugely powerful – and sometimes lead developer and get his view.
complex – replacement for the “bag We also looked beyond Systemd,
of bits” that make up the Linux base and Lennart’s intriguing proposals
Systemd is un-Unixish have
no idea what Unix is like.”
system. It’s growing all the time for a new packaging system to make
and now handles logging, device life easier for third-party application
hotplugging events, networking, developers…
Systemd has now been different maintainers, different coding working on Systemd, many of us who
adopted by pretty much every styles, different release cycles, different worked on the lower levels of the
major distribution, and yet whenever maintenance statuses. Much of the operating system realised that Sysvinit
it gets mentioned in discussions on Linux userspace used to be pretty badly was not going to be the future. And
the web, flamewars erupt. What do maintained, if at all. You had completely then I was playing around with writing
you think are still the biggest different styles, the commands worked my own init system, which had the
misconceptions? differently – in the most superficial funny name Babykit, and that was 10
Lennart Poettering: There are many level, some used -h for help, and others years ago or something. And then
different misconceptions. Something --h. It’s not uniform. Canonical’s Scott James Remnant
you always see is the claim that If we put a lot of the glue in one started working on a new init system
Systemd is monolithic – and another is repository, it’s not all the way towards called Upstart. He made it public, and I
that it’s not like Unix. The Unix Unix, but it’s half way between stopped working on Babykit.
misconception is a pretty interesting traditional Linux and traditional Unix. We, at that time, thought: OK, Upstart
one, because most people who say We do not put libc and the kernel in the is the future! Scott understood how init
Systemd is un-Unixish have no idea same repository, just the basic things. systems work – it needs to be dynamic,
what Unix is actually like. So that’s a misconception that I’m it needs to react to events, and it’s not
What’s typical for Unix, for example, always bemused about, and I’m pretty the static thing that Sysvinit was. So we
is that all the tools, the C library, the sure that most people who claim that thought that was the way of the future,
kernel, are all maintained in the same have never actually played around with but as it progressed, we realised it
repository, right? And they’re released in Unix at all. probably wasn’t the future, because we
sync, have the same coding style, the realised that conceptually, it was the
same build infrastructure, the same Another issue is: some people wrong design.
release cycles – everything’s the same. see Systemd presented as an The way Upstart worked is that, as a
So you get the entire central part of the init system replacement, but now it’s programmer or admin, you write: if A
operating system like that. If people doing X, Y and Z on top. You’ve said happens to B, or X happens to Y, do a
claim that, because we stick a lot of it’s about replacing a “bag of bits” certain thing. But we believed that an
things into the Systemd repository, then with an integrated suite of tools. init system should work the other way
it’s un-Unixish, then it’s absolutely the When you started Systemd, was it a around, where you say: this is where I
opposite. It’s more Unix-ish than Linux case of Red Hat saying to you, “we want to go to, and you figure out the
ever was! want a new init system”, or… rest. Because of that design, Upstart
The Linux model is the one where LP: No, it was actually the opposite. was very simple, but it put a lot of
you have everything split up, and have Back in the day, when we started complexity on admins and developers,
42 www.linuxvoice.com
� LENNART POETTERING INTERVIEW
wasn’t moving ahead. And then we
started working on it, pulled out the old
Babykit code, gave it a new name, and
started proposing it.
A lot of people understood that this
was the better approach. It was a lot
more complex than Upstart – to make
it clear, I think Upstart actually has its
benefits. The source code is very, very
nice, and it’s very simple, but I think it’s
too simple. It doesn’t have this engine
that can figure out what the computer
is supposed to be doing.
So we started writing Systemd, and
Red Hat didn’t like it at all. Red Hat
management said: no, we’re going for
Upstart, don’t work on that. So I said,
OK, I’ll work on it in my free time.
Eventually Red Hat realised that the
problems we solved with Systemd were
relevant, and were problems that
needed to be solved, and that you
couldn’t ignore them.
Then we convinced the Fedora
Technical Committee to adopt it, and
then Red Hat internal management
accepted it for RHEL, and we managed
to convince every committee that
because you actually had to write down that Canonical tried very hard to stay in mattered, bit by bit. It was absolutely
all these rules. It wasn’t the computer control of it. They made sure, with not that Red Hat told us to work on it
that figured out what to do. copyright assignment, that they made it – we had to convince them.
We thought: if you want to solve this really hard to contribute, but that’s what
properly, then you need to let the Linux actually lives off. You get these I don’t think many people know
computer do these things. And this had drive-by patches, as I would call them, that!
lots of different effects: for example, where people see that something is LP: This is something that people in
Upstart always maximised what broken, or something could be general don’t know. They assume that
happened on the system, while we improved. They do a Git checkout, do Red Hat is this one entity, that has one
think you always have to minimise what one change, send you it and forget opinion and pushes one thing. It’s really
happens. And the reason for that was about it. not like that. The people who work at
simply because, if you specify exactly Red Hat, the engineers, they come from
what state you want to end up in, you And you never see them again! the community – they first become
can pull in all the dependencies LP: Yeah, and this is great – famous in the community, they hack on
recursively and boot to exactly that. these are the people you want to have, things, do good stuff, and then Red Hat
because the vast majority of patches comes along and says, “Hey, do you
“We started writing Systemd, are actually of that kind. It gives you this
polishing that you want. The people
want to work for us?”
And when you start working for Red
and Red Hat didn’t like it at all. invested in the project all the time do Hat, they don’t check your opinions at
So I worked in my free time.”
the big things, and don’t care so much the door. You can be sure that if there
about the polishing. So these kind of are multiple opinions on one topic in the
patches are what you want. But if you broader community, the very same
The Upstart way is always, “if this is do these copyright assignment things, opinions inside Red Hat exist too. Inside
started, then start that”. If the network you will never get those people because of Red Hat there are discussions. Red
is up, you take that as a trigger to start they would have to sign a contract Hat has many different people, and
NFS and things like that. It always has before they can send you something. most of them have strong opinions and
this effect that you start as much as Putting it all together, we realised that convictions.
possible instead of as little as possible. Upstart wouldn’t be it. So at one Linux
So anyway, long story short, we Plumbers Conference, four years ago or And much of this debate
came to the conclusion that Upstart is so, Kay Sievers and I said that we happens in public, on public
conceptually wrong, and it moved at should do something about it, after we mailing lists. Then you have some
glacial speeds. It also had the problem saw at the conference how Upstart people saying that all this arguing
www.linuxvoice.com 43
� INTERVIEW LENNART POETTERING
looks bad, compared to how people would hate us for it. We knew want to use the way Systemd loads
Microsoft or Apple does things. But I we’d have to fight for a long time to get kernel modules from a static list, then
bet they all have the same it accepted. you can absolutely replace it.
arguments, just as passionately. We eventually realised that doing just Or if you don’t want to use some of
LP: I’m absolutely sure. There was this the init system would never be a the more modern components like
time when the people working on complete solution. Because if you do an Networkd, then use something else. I
Microsoft Word had their own compiler init system but still invoke all the shell mean, on my laptop I even use
to build Word and the rest of MS Office scripts and all the other things needed NetworkManager, because Networkd
with. Microsoft had the Visual Studio to bring up the system, you’ve only doesn’t do wireless, right? Networkd is
group, and the Office group, and they solved part of the problem. You’ve more for containers and servers. So if
had their own individual compilers. solved one thing but not 90% of the you want to adopt Systemd, you can
That’s just crazy of course. problem. So we slowly started doing absolutely adopt the baseline, which is
So I don’t think that Red Hat is stuff that all the other Linux distros did,
“Most people at Canonical
different from anywhere else; except and implemented that in simple C code
that at Red Hat, because people are that was fast and parallelised.
working on open source, they have Debian had its init scripts, and Fedora
didn’t even realise that they
had commit access Systemd.”
much greater attachment to their code. had its init scripts, and they all kind of
So they have even stronger opinions. did the same thing, and did it differently,
and some are better, and some are
If back at the start of Systemd, worse. We thought OK: this is bullshit, the three components that I mentioned.
you and the other developers let’s write this in C in a unified way, and You can keep the rest of the system
had explicitly said: “We’re going to try to pick the best features of all – however, our implementation of the
replace a lot of the base system”, do distributions and make a convincing individual parts is usually pretty
you think it would’ve been better argument that it’s the right way. convincing, and usually people then
received? Some people see it as an So it initially grew. But something to replace more.
init system that’s suddenly touching realise is that there’s very little in
everything else. Systemd that’s actually required. Some people see it as a
LP: Initially it was an init system – it Systemd requires Journald, because requirement for Gnome…
was just PID 1. We knew from the very every single service that runs on the LP: But it’s not actually a requirement.
beginning what we were getting system is connected to Journald, and Some people don’t realise that when
ourselves into. We knew very well that we need some way to log things during Gnome started making use of Logind, I
touching something that has so much early boot. So Journald is a actually wrote the patch for that. I
history, that is so close to what admins requirement, and Udev is a requirement. ported GDM onto Logind. But when it
do all day… That changing it would be a But pretty much all other components did that, I was very careful to make sure
massive problem. So we knew that are completely optional. If you don’t it would still run on ConsoleKit. I didn’t
You need a thick skin to hack in
open source code sometimes,
especially if half of the world
seems against you.
44 www.linuxvoice.com
� LENNART POETTERING INTERVIEW
Lennart lives in Berlin, and
knows where to get great
Vietnamese grub.
want to have those fights – if people Canonical always wanted to stay in Why do you think some
want to continue running ConsoleKit, control of everything. For us it was an distributions managed to adopt
they can. Those patches made it in, but exercise to make sure this doesn’t Systemd without any major fights,
some people saw that Gnome now happen. We’re not the ones in power – and then others like Debian had very
works with Logind, hence it must not the community is. intense debates and resignations? Is
work with ConsoleKit any more! So of those 26 committers, there’s a it just because it’s a distro with more
But that’s actually not true. And to my good chunk working for Red Hat right political processes?
knowledge the code is still in there – now, but there are people from Intel, LP: Arch Linux probably did it the
the compatibility for ConsoleKit. The Canonical… We had people from quickest way. You know, distributions
Gnome team has the general problem Canonical in the committers group, all attract different kinds of people, of
though, that nobody’s willing to the time during the discussion about course. If you looked at Arch Linux, it
maintain it. People who want to stick to whether they should even adopt attracted very progressive kinds of
the old stuff, they actually need to do Systemd. Most people at Canonical people – like power users. They’re
some work on it. If they don’t, then it will didn’t even realise that they had commit progressive and want to make the best
bit-rot and go away. access to these things. out of their computers. So it was easy
So anyway, we tried to do these There are also developers from for them to adopt.
things in the nicest possible way, but of Debian – two or three of them. Then if you look at Gentoo, for
course people generally don’t example, they still haven’t done
acknowledge it! There should be a Systemd Systemd as default. They used to be
foundation! like Arch Linux is now – they used to be
A lot of people just think LP: [Laughs] Well, we don’t want to the young people who adopted things
there’s only Red Hat working make it too formal. We have this speed, quickly. But the Gentoo people aged,
on Systemd. this quick pace with how we progress and they became more conservative.
LP: Oh yeah, we’re a lot of people now. Systemd, and I think it can only work if And Debian is probably an even more
Yesterday we had 26 committers, and we stay somewhat loose and not have conservative bunch. Debian is a really
40 people contributing code every strict regulations about how these old project, and many people from back
month or so. The committers group is things work. in the old days are still active on it. So
quite diverse, and for us it’s quite an But we try to make sure that it’s they have longer release cycles. And
exercise in making the diversity of the inclusive. We have people from Arch Fedora always defined itself as being
community be reflected in the diversity Linux, people from all the Linux on the bleeding edge, of course, so it
of the people who work on it. This is distributions, big companies that do was easier. Well, not that easy – some
also related to how Upstart worked: open source. We want to make sure it people don’t realise that inside of
Upstart was very locked-down, and stays that way. Fedora and inside of Red Hat, there
www.linuxvoice.com 45
� INTERVIEW LENNART POETTERING
After Avahi, PulseAudio and
Systemd, we’re intrigued to see
what Lennart tackles next…
were lots of fights. So it’s to do with the potential open source contributors and ship updates. On Linux we don’t
culture around the various distributions. from getting involved. have anything that’s as convincing. We
And Slackware are the ultra LP: I’m in the lucky position in that don’t have a common way to sandbox
conservatives! there’s no pressure on me in any way. I stuff, and the way that we ship stuff is
know that a lot of people have with Deb packages, or RPMs.
Do you read the comments pressures that they live under, and if It’s madness for third-party app
when Systemd is being you also get pressure from the internet developers, to develop for Linux. Like,
discussed on the net? Do you over some things that you do in your what do they develop against – which
despair when it all turns into hatred free time, because you love it, that is distribution? And if they make that
and flamewars? very disappointing for them. So I have a decision about which distributions they
LP: For some reason it doesn’t touch luxury, and I know it, and I can only feel wanted to support, it’d be quite a few,
me too much. I try to keep an open for people where it’s not like that. and then there are lots of versions. You
mind and figure out what people I know a lot of people who’ve had might want to support Fedora 20, 21,
actually think. There’s a lot of noise out enough of open source, and who will and 22, and then OpenSUSE and its
there, but usually there’s some core of not participate in the communities various versions, and Ubuntu and its
an argument – something that we where things get really bad. And that’s a various versions… All of those
should actually be aware of. So if big loss for open source. distributions bring different libraries.
people are annoyed by Systemd, So the test matrix, the combinations
usually they ran into some kind of bug Something else we wanted to of software you have to test your apps
or something. It might not necessarily talk about is your proposal for with, grows incredibly. That’s not
be a Systemd bug, but we need to take packaging. What’s that about? something that’s digestible for
it seriously. LP: It’s really about augmenting the third-party app developers. And it’s
Nowadays Systemd is very polished Linux platform with a new way to really hard. The only way you can really
in many ways, and the reason why it is package applications. It’s not about deal with that is to get your stuff into
so polished is because we actually simplifying things or changing things the distributions. Then the distributions
listen to people. Sometimes people say – it’s adding something to the will do all the work for you – they’ll
we don’t listen – we do, but we just ecosystem that we were missing so far. rebuild for you, test for you and things
don’t always agree. If we would just There are lots of people working on that like that.
stick our heads in the sand and not care in different areas.
at all what people wrote, Systemd If you look at all the operating But for upstream developers
would certainly not be what it is, or have systems that are popular these days, it’s hard to get new releases
found the adoption that it has. like Android, Mac OS, iOS, Windows into distributions quickly.
Metro, they always have really strong LP: Exactly – you’re bound to what the
You’ve said yourself that the app platforms, where they provide a distributors do, to the lifecycles of the
flamewars could dissuade sandbox, a nice way to distribute apps distributions, the release cycles. You’re
46 www.linuxvoice.com
� LENNART POETTERING INTERVIEW
not responsible any more for your that they look at the code before – and then, if they’re sure that
software – you’ve passed it on to the packaging it, and then you get a nice everything works, they can check it off,
distributions. Which in many cases is stamp on it: this is good software. And and when it’s installed on the final
actually a good thing, but in general it’s then you only have to trust the machine, it knows exactly the
not what third-party developers want. If distribution, and not trust 100 different combination of software that it runs
you look at how Firefox, for example, software vendors any more. against. Instead of some weird
packages its Linux version, it’s a tarball Now, if we open this up and make it combination of software local to that
that installs in its own directory. typical that you install one distribution machine, where they have real trouble
The classic Linux distribution model, and then 100 different apps from 100 making sure it works.
where you get everything from the different vendors, we need to do Third-party developers don’t want to
distribution nicely packaged up, vetted something about this trust problem. do all the support for someone who
for security problems, with security So that’s why we need sandboxing. says: “Yeah, but I have this old version
updates – that’s a fantastic thing. But I We need to reduce the chance that of libc and it doesn’t work”, or “I have
also think it leaves out all these badly behaving software can destroy
third-party people, and if we want to
grow the Linux ecosystem beyond
your data.
“Sometimes people say we
what we already have, into something OK, but how do you deal with don’t listen – we do, we just
where it’s actually useful for a broad
number of people, where we have
the niggling little differences
between distributions, where don’t always agree.”
markets and more apps, we need to everything has slightly different
provide a way to make these apps library versions, filesystem this really custom distro I compiled
digestible. locations? myself”. So we have this concept we
And by digestible I mean: we need to LP: Our idea is to introduce something call a runtime, which is basically just a
have good sandboxes. If you don’t get called runtimes. When third-party set of libraries with very specific
your software from the distribution any developers develop their stuff, they versions. The idea is that you can install
more but directly from the developers should be able to do so against one multiple runtimes at the same time.
of the software, then you have the very fixed set of libraries, in very specific And then, if you have apps that require
problem that you can’t trust the code as versions, compiled in a very specific different runtimes with different
much. Distributions add a bit of trust, in way. They can test their stuff with that versions, they’ll run against their
specific runtime and everything’s good.
After our interview, Lennart
pointed us in the direction of Didn’t the Linux Standards
the East Side Gallery for some Base try to do something
Berlin Wall exploring fun. similar for third-party devs?
LP: What the LSB did there was to
standardise a set of libraries, but didn’t
define any specific versions. And
classic Linux distributions only allowed
installation of one set of libraries at a
time – you could have one libc, and one
OpenSSL. So LSB tried to make the
best out of the traditional Linux model,
but that’s not enough.
There’s a scheme that we put
together that’s not unlike what Android
has. For example, if you develop an
Android app, you do so focusing on one
specific runtime, right? It’s one that
Google defines, and if there’s something
that’s not in this huge runtime, then you
have to ship it yourself inside of the app,
and everything is good. And the phones
have a couple of runtimes for the
different versions, and then you pick
one of the versions you want to develop
against – usually the newest version,
or maybe an older one. So we kind of
want to adopt the same scheme, but
make it more pluralistic. In Linux
everything is pluralistic.
www.linuxvoice.com 47
�BUY MUGS AND T-SHIRTS!
shop.linuxvoice.com
� INTRO REVIEWS
REVIEWS
The latest software and hardware for your Linux box, reviewed
and rated by the most experienced writers in the business
On test this issue...
50 52
Andrew Gregory
Imagination piqued after Pi Wars, Andrew
needs to get his hands on some servos, fast.
I
’ve just written, and then deleted, an
angry rant about the EU’s Henry Audio USB DAC 128 Mk II Fedora 21
imposition of a new piece of tax law Open source code and the schematics Smooth, polished, at the cutting-edge of
on its subjects. In a nutshell, to make it included make this digital/analogue technology yet usable enough for
harder for Amazon to dodge tax by converter Graham Morrison’s favourite newbies. Enough about Mike Saunders;
basing themselves in Luxembourg, all gadget of the year so far. how does the new version of Fedora fare?
businesses supplying digital products
now have to pay sales tax in the
territory where the customer is based, 53 54 55
rather than where the business is
based. This sounds fair enough, but
because of the way it’s being
implemented, businesses that sell
online now have to collect two
independently verifiable proofs that the
customer lives where they say they live
Seafile Kodi 14 VMware Player
(otherwise we could pretend that all of Ben Everard builds his own The artist formerly known In a world full of free
our digital subscribers live in Monaco, cloud setup to escape the as Graham Morrison virtualisation technology, is
and spend the saved tax on cigars). prying eyes of Amazon, watches endless repeats of there room for a proprietary
Google and the Ed Sheeran Bagpuss, all from this solution? Ben Everard
Help me, Obi-Wan! fan club. Linux-based media centre. ponders this and more.
There’s an obvious guilty-until-proved-
innocent aspect to this, but more
importantly, it means that any BOOKS AND GROUP TEST
customer buying online from an EU
If you’ve helped a relative install Linux over the
business has to supply more
Christmas holidays, you’ve probably had loads of
information about themselves than if phone calls in the last few weeks asking for help
they were to buy the same product fixing some vague problem or another. Well, if you
from outside the EU. It’s a needless install one of the remote desktop setups from this
inconvenience that will inevitably drive month’s Group Test, you won’t have to rely on vague
‘It doesn’t work’-style error messages – you’ll be able
business away from the EU. Good news
to log in and fix the problem as easily as you would
though: the system accepts ODF – on your own machine. Linux is magic!
after years of heel-dragging, we can Also magic is the written word, and we’ve a great
now interact with our government selection of brain-enhancers for you on page 56.
using an open format. Every cloud…
www.linuxvoice.com 49
� REVIEWS HENRY AUDIO
USB DAC 128 Mk II from Henry Audio
Graham Morrison reviews a high-end audio output device without resorting to words
like ‘air’, ‘gravity’ and ‘pea soup’.
A
good tune is still a good tune on AM radio, or price, and with strong links to both Linux and open
DATA through an MP3 player, or from the front seat source. The controller inside its small aluminium case
Web
of a car while the kids are screaming for One is an Atmel AVR32 general-purpose MCU, running C
www.henryaudio.com Direction in the back. Music is about enjoyment, and it code that’s open source, and the whole project is a
Developer can be enjoyed in virtually any environment. But we’re descendent of the Audio Widget, a DIY DAC based
Børge Strand-Bergesen also certain that if you spend a lot of time listening to on similar hardware, software and specification. The
Price music, improvements in playback quality will increase manual even includes the schematics.
€260.00 (£200 approx.)
your levels of enjoyment. It may come from moving Børge Strand-Bergesen, the brains behind Henry
from AM to FM radio, or mono playback to stereo, or Audio, has been a long-time contributor to this
from taking time out of a busy day to listen to some community, and he’s an audio geek who’s been
music on your own. But it can also come from playing with converters for decades. You only need to
improving the way your digital music is converted into look at his recent blog post (http://www.henryaudio.
audio. This is the job of a DAC, the digital-to-analogue com/blog.php) on the difficulties of filming wagon
converter, and they’re everywhere. From the wheels in motion to understand something of his
headphone and dedication to taming streams of sound.
speaker outputs
“There was more stereo width on your
smartphone, to
Living in a box
The box itself feels small but substantial (it’s
and clarity, and a much stronger your games 114.4mm wide by 32.8mm high with a depth of
low-frequency bass response .” console or DVD
player to your car
128mm). There are two halves to the metal surround,
and the top half can easily be removed with a small
or amplifier. They hex/Allen key, giving access to the cleanly designed
perform an important job, and despite DACs having circuit board with its internal headers and potential for
been consumer products since the dawn of the modification. There’s a single dual-colour LED on the
The PC requirements for compact disc there’s still enormous variation in their front, alongside a nicely rendered logo, and the rear
high definition audio can quality and capabilities. panel houses two momentary switches, the audio
be quite demanding, and
DACs come in all shapes and sizes, with some connectors and a mini USB port.
the specs require a
costing thousands of pounds. It’s a hardware category Power comes in through the USB, so there’s no
dual-core PC. However, we
had good results from a occupied by audiophiles and enthusiasts, and more external PSU to worry about, although the USB cable
relatively lowly quad-core recently, hackers. This is where the USB DAC 128 Mk isn’t included in the package. When connected to your
ARM Cortex-A9 at 1.0GHz II belongs. It’s an affordable DAC, in audiophile terms, PC, the USB DAC 128 Mk II appears as a standard
and even a Raspberry Pi. with reportedly exceptional quality output for the class compliant USB audio output device, requiring no
drivers nor any further configuration. There are no
inputs, and outputs are available as both digital and
analogue when listed from your software’s audio
mixer. Digital co-axial output is provided as a
convenience rather than a feature, because it
bypasses the DAC, but the same gold-plated RCA
connectors are used for both functions.
We first connected ours to an Arch laptop and an
amplifier, and yes, you need an amplifier. When we
spoke to Børge and asked why the unit couldn’t
incorporate a headphone output, his response was
that building a quality amplifier for a pair of
headphones would make the unit dramatically more
expensive. We know from shopping for similar
products ourselves that he’s got a point, but it
diminishes the portability of the device when you’ve
got to carry around two units.
As well as our Arch machine we also connected the
unit to a Raspberry Pi and an ARM-based TBS 2910
Mini PC to see whether the DAC could be used as the
output for a media centre.
50 www.linuxvoice.com
� HENRY AUDIO REVIEWS
The USB DAC 128 Mk II operates as both a class
1 and class 2 USB audio interface, and the colour of
the LED indicates which mode the unit is currently
using – bright green for class 1 and a more subdued
orangey red for class 2. The difference in capabilities
of the two modes is dramatic. Class 1 seems to be
provided purely for compatibility with older Windows
hardware that doesn’t include class 2 drivers by
default. Its maximum output resolution is 24-bit audio
at 48kHz – or a little higher than CD quality. Class 2
output is capable of 32-bit audio delivered at 192kHz.
The two modes are toggled manually using a slightly
unintuitive button sequence on the back of the unit,
but we had no problems using only class 2 from Linux
when the correct mode was enabled.
This isn’t an audio magazine. And we’re all too
aware of the mire of comments that accompany
many Hi-Fi magazines/websites trying to describe
something as subjective as audio quality – we
still remember the gushing Hi-Fi review of an
extortionately priced SATA cable for a music server.
But reviewing an audio interface without giving an
opinion on the sound quality would be remiss, and we
do understand some of the technical challenges in
The schematics and the
creating great audio. produced by the USB DAC. Without resorting to the
controller software are
Quality in digital audio output is the result of sycophantic lexicon of audiophile journalists, there
open source, and there’s an
absolute rock solid timing, and we’d even argue this was undoubtedly more stereo width and clarity, and a active community of
is more important than resolution. Most USB audio much stronger low-frequency bass response with the hackers building better
interfaces, for example, rely on the PC for both the 128 Mk II – a huge improvement over the Denon’s power supplies and
clock and the management of the data stream built-in DAC and marginally better than the vinyl. converters for the Audio
(known as a synchronous protocol). Any drift in Widget baselines designs.
timing affects how the DAC interpolates between Living in a box
one sample and the next, resulting in less audible Since then, we’ve spent a considerable amount of
clarity. (there’s an analogous problem in video when a time listening to the DAC, and not just scary electronic
framerate becomes jittery.) music. We tested 24bit/192kHz playback with
The clock and the crystal oscillators that drive the Mozart’s Violin Concerto, where we found the
Henry Audio unit are of exceptional quality, and are differences more subtle, and we listened to heavily
fundamental to its sound. So too is the DAC chip itself, compressed pop, where the DAC added much more
an Asahi Kasei AKM4430, and the asynchronous USB dynamic life to the recording. Everything we played
driver that Børge has spent a long time developing. sounded better, sometimes subtly and sometimes
This means the interface talks back to the PC rather dramatically. And while we came into this review
than simply processing everything sent across the having absolutely no intention of spending £200 on
cable – an asynchronous protocol. something as prosaic as a converter, we’re left
convinced that it’s worth the money.
We are the music makers If you’re an audio hacker who wants a quality DAC
We sat down to listen with some trepidation. Our first to tinker with, we know of no better device. If you’re a
choice of music was something we’re very familiar Linux user wanting great quality audio output, and
with, the album Exai by Autechre. To most, it will you’ve got the music collection and the amplifier to
sound like an electronic cacophony of high-pitched match the investment, it’s worth it. However, if you’re
squeals and noise, but it’s one of the author’s still listening to music with your free smartphone
favourites and we’d imagine a good test for any headphones, you’re better off investing in a better pair
converter. Best of all, we own the album as both vinyl of headphones.
and high-resolution 24 bit FLAC files, so we could test
the DAC against an analogue input from the record
LINUX VOICE VERDICT
player, the DAC on a (modest) Denon amplifier and the
It may seem like a luxury, but if you
128 Mk II. The difference between the amplifier’s DAC
listen to anything other than MP3
and that in the USB 128 Mk II was so huge we had to and you’ve got a decent amplifier, it’s
check we’d not connected the source correctly. The definitely worth the investment.
amp was being driven by an HDMI output from the
laptop, but there was no comparison with the output
www.linuxvoice.com 51
� REVIEWS LINUX DISTRIBUTION
Fedora 21
This “game changer” of a release is provided in three new versions.
Mike Saunders checks them out.
T
he Fedora Project is no stranger to
DATA reinvention. It started off as a community-
Web
supported successor to Red Hat Linux, as that
www.fedoraproject.org particular distribution started to focus on the
Developer enterprise market, and most recently has been gaining
Red Hat and community ground as a bleeding-edge test-bed for upcoming Red
Licence Hat Enterprise Linux products.
Free/open source
licences
With Fedora 21, the distribution has been split into
three sub-projects: Cloud, Server and Workstation.
These are flavours of the same distribution, with
different focuses, but all based on the same core
components: kernel 3.16, glibc 2.20, Yum 3.4.3 and
Systemd 216. The Cloud version provides a minimal
environment that’s designed to run Docker containers, The DevAssistant is a great little addition for this release,
and includes work from Project Atomic, making it making it easy to set up new coding projects.
easy to roll back updates should they cause problems.
The Server flavour, meanwhile, includes the Cockpit manager is also worth checking out, as it has seen
management interface, Rolekit for specifying server GUI refinements too.
roles, and the FreeIPA identity management tools. Gnome Terminal sees the reintroduction of
We spent most of our time with the Workstation transparent backgrounds, after plenty of rage from
variant, which runs Gnome 3.14 on top of X.org users when this feature was removed in an earlier
server 1.16.1. Wayland is available, but only as a release. Much work has been put into making the
technology preview; we’re still a while away from distro look better on HiDPI displays (like on the
seeing it replace X by default. So without big changes MacBook Pro and some Chromebooks), although
like Wayland, what’s in here to make it worth the once you start running non-Gnome apps, the results
upgrade from Fedora 20, or just trying the distro if are a mixed bag.
you use something else? Well, the installation process
has been simplified, bringing it down to a handful of Identity crisis
clicks. After choosing your language, Anaconda (the But while the Workstation flavour continues Fedora’s
Gnome 3.14 is the default Fedora installer) will try to auto-detect as much as reputation as a cutting-edge desktop distro, we’re left
desktop, but there are possible, and present a recommended disk layout, so wondering about the long-term goals of the Server
‘spins’ with alternatives you can get the distro onto your hard drive with very and Cloud flavours. Why would you run Fedora on a
such as KDE and Xfce. little effort. After installation, the Software package server? If you don’t mind major upgrades every year
that could break things and require re-learning new
tools, Fedora Server might make a decent server OS.
Or if you just want to see what’s coming in future
CentOS and RHEL releases, it’s a great way to try out
new technologies. However, its support lifecycle is a
paltry 13 months – we suspect most Fedora users
would rather use CentOS (CentOS 7, for instance, will
receive security updates until 2024!).
Still, on the desktop it’s still one of our favourite
distributions, bringing new ideas to the table without
being too bleeding-edge to be usable. The next few
releases are likely to be more ambitious though,
especially with Wayland.
LINUX VOICE VERDICT
A solid, if not especially exciting,
release from the Fedora team with
lots of welcome refinements.
52 www.linuxvoice.com
� SEAFILE 4 REVIEWS
Seafile 4
Fed up with being spied on by GCHQ, the CIA and Google, Ben Everard is
now looking for a server to run his own cloud storage.
C
loud storage is a wonderful idea. However, it
comes at a price – when you upload your data
to someone else’s server, you lose control of it.
As soon as it leaves your machine, it’s not really your
data any more. There is a solution to this – run your
own cloud storage.
Seafile is an open source cloud storage platform. It
comes in three parts: the client, the server and Seahub.
Seahub is the web interface that enables you to
manage users, and upload and download files without
the client software installed. The client software
synchronises directories on your computer with
libraries stored on the server, and the server software
provides all the functionality to make the client and
Seahub work.
Running your own cloud storage can be more
secure, especially as most cloud storage providers
have been shown to share data with government
If you don’t want to run
spies. To help keep everything safe, Seafile provides an afterthought, and we can’t see any advantages of
your own server, you
the option to encrypt your data on the client side. This this is over email (every login is an email address). can get an account on
means that it’s secured before it leaves your machine, The Seahub web interface provides you with full www.seafile.cc. Free
so even someone with complete server access access to your libraries without needing to install any accounts come with 1GB,
wouldn’t be able to decypt it. This is especially useful if client software. It also enables you to preview and but this can be increased
you’re using a Seafile server someone else is running. edit some filetypes, although these are quite limited, to 100GB for a $10
especially editing, which is only text, markdown, and monthly fee.
Ease of use seaf formats. The latter of these is a rich text format
The client software is easy to use, and works well. You developed specifically for Seafile, so isn’t widely
can add accounts from more than one server, and it supported by other software.
will sync the required libraries with your machine. There are client packages for Ubuntu and spinoffs
DATA
The server provides all the features you would on the Seafile website. For other distros, you’ll need to
expect from cloud storage. You can share files and check your package manager, or install from source Web
libraries with other users, with groups of users, and (https://github.com/haiwen/seafile-client). www.seafile.com
Developer
with the public (via an HTML link) easily. It keeps a Installing the server just requires you to download
Haiwen
history, so you can always undo any changes. There’s and unzip a tarball, then run a shell script that Price
also messaging between users, but this feels a bit like configures the environment. By default, Seahub runs Free under Apache
on the Gunicorn server, so if you’re already using port licence or from €12 per
80 for a web server, you’ll need run it on a different user
port (it defaults to 8000). It is possible to run it using
Apache or Nginx, though the setup is a bit more
involved. The documentation covers everything you
need to know: http://manual.seafile.com.
Seafile should run on just about any box including
cheap VPSes. There’s even a version designed
specifically for the Raspberry Pi. Provided you just
want file-syncing and cloud storage, Seafile is easy to
install and run, and gives you all you need.
LINUX VOICE VERDICT
Seafile is excellent for cloud storage,
but its messaging and editing
capabilities are weak.
The Qt app looks good, but doesn’t fit in with our desktop
www.linuxvoice.com 53
� REVIEWS KODI 14.0 HELIX
Kodi 14.0 Helix
It’s new beginnings for XBMC, as Graham Morrison tests the first
version released under its new name.
K
odi is the media player/platform that used to
DATA be know as XBMC. It’s best run on a computer
Web
connected to a television where it can
kodi.tv manage, serve and play movies, music, photos and
Developer more from its full screen mile-wide interface. Through
Team Kodi a comprehensive plugin repository, it can orchestrate
Licence television recordings, play YouTube videos and enable
GPLv2
you to catch up on BBC programmes, and many other
services. It’s been developed for over 10 years, and
this is the second major release of the last 12 months,
following on from the last XBMC release in May 2014.
For years, the overall quality of the application has Kodi gives you a clear, intuitive interface from which to
been a shining example of what open source can choose from the sea of rubbish clogging your telly.
achieve. The user interface is fast and polished,
with the application always making best use of installed on a PC, on a Raspberry Pi, on a quad-core
whatever environment it finds itself in. We really don’t ARM-based platform and a Nexus 5 Android phone.
know how the development team manages to create As long as the hardware can take advantage of some
so many regular and significant updates while form of hardware acceleration, Kodi always performs
maintaining the quality. exceptionally well, and we’ve noticed a significant
performance upgrade with version 14, especially
From TV to T. Rex on those less powerful platforms. This is likely to be
Part of this release is a renaming exercise, as a result of significant library, codec and hardware
everything from an old installation will be moved over acceleration upgrades for all kinds of platforms.
to the new There’s cutting-edge support for the latest FFmpeg
“Kodi always performs exceptionally one. That may
make reverting
packages, for example, bringing compatibility with
the shiny new H.265 codec, an even more efficient
well, and we’ve noticed a significant to the previous algorithm that promises to halve your file sizes for the
upgrade with version 14.” version difficult
if you want
same quality.
The only problem is that there’s no support for
to keep your hardware acceleration, which means it was only
settings. We first installed the latest edition of the our PC (and not the smaller mcahines on which we
TVHeadEnd plugin to test the new PVR functionality, tested we tested Kodi) that was able to decode a full
and we experienced almost no stability problems. HD movie encoded with the new codec. There’s also
There seems to be a speed increase in the way new support for binary codecs, which may enable
The Kodi team has had
help from Intel to squash a Kodi scans your network for media shares, as well proprietary media playback at some point. On the
firmware bug that caused as grabbing the programme guide. In the process of plus side, decoding now defaults to being
random crashes after a writing the OpenELEC tutorial (see page 84), we’ve multithreaded. As usual, the more power you throw
period of time. spent quite a bit of time with the latest release, at Kodi, the better it will feel, and the Raspberry Pi in
particular needs a lot of patience, especially if you
install any of the PVR plugins.
This is one of those strong consolidation releases
that shoudn’t be underestimated. Kodi works brilliantly
and looks awesome and this release only strengthens
its position. Considering everything that has had to be
changed to accommodate the new name, we think it’s
a huge success.
LINUX VOICE VERDICT
An unrivalled media player that begs
to be installed on an embedded
system underneath your television.
54 www.linuxvoice.com
� VMWARE PLAYER 7 REVIEWS
VMware Player 7
Ben Everard doesn’t need real computers any more. He’s moved to
the cloud and runs everything virtually.
V
irtualisation software gives you the power to
run many virtual machines (VMs) on a single
computer. Each of these machines can have
a different OS, and will run completely independently
from the host machine. Here at Linux Voice, we use
VMs extensively for testing out different distros, and
to run our web server.
There are a few different pieces of software
available for virtualisation, some open source (like
VirtualBox) and some) are proprietary (like VMware
Player). Since it’s proprietary, you won’t find Player in
your distro’s repository. Instead, you need to download
and execute (as root) the bundle file from www.
vmware.com/products/player/.
Version 7 brings support for more RAM (up to
64GB), more CPU cores (up to 16) and more video
memory (up to 2GB). It also brings the advantages for
Intel’s latest Haswell chips. If you’re already running
VMware Player 6 and don’t need any of these, version 7
may not be worth the cost of an upgrade (£63).
There are two different feature sets, the professional
version (which enables you to run VMs that have been
restricted), and the personal version (which is only
The clutter-free interface
allowed for non-commercial use). When you install processing core to the VM. You can also enable USB
presents the user with only
Player, you’ll be asked for a licence key, but you can support for versions 1 to 3 of the protocol. the options they need.
skip this step if you want the personal version.
The graphical interface for Player is simple to use, Performance
and shouldn’t cause any problems even if you’re not We tested Player against the most similar open source
familiar with virtualisation software. You just select software (VirtualBox) in a speed test. The challenge
the install media, and follow the instructions, and you was simple: Which could boot ElementaryOS the
should have a working virtual machine. The simple fastest? Player took 29 seconds from starting the VM
GUI is Player’s strongest feature given that other to the desktop being fully loaded, but VirtualBox
virtualisation applications often have either confusing managed the task in 25 seconds. That’s a
interfaces, or are command-line only. performance difference of 16% in favour of the open DATA
Player gives you the ability to control most aspects source software. Web
of the virtual machine including the amount of If you’re looking to move up to enterprise-level www.vmware.com
memory allocated to it, the network setup, the virtualisation solutions, VMware’s software has some Developer
storage available and ability to allocate more than one significant advantages (but comes at a significant VMware
cost). Player is the first rung on the ladder up to this. Price
Free for non-commercial
However, unless you’re planning on using it alongside use, or £120
the more powerful specialised VMware tools, VMware
Player doesn’t offer any significant advantages over
open source solutions (and is missing some useful
features like snapshots). As proprietary software, it
doesn’t link in with distro-specific tools such as the
package manager.
LINUX VOICE VERDICT
VMware Player is let down by not
having snapshots, and is poor value
VMware Player’s settings window includes useful hints for money compared to other options.
for beginners to help them choose sensible settings for
their virtual machines.
www.linuxvoice.com 55
� REVIEWS BOOKS
The developer’s code
Ben Everard delves into a programmer’s book that’s not about programming.
T
he Developer’s Code is a series of about progressing in this industry,
essays on the subject of commercial The Developer’s Code is the best such book
software development. This isn’t a we’ve come across.
book on the subtleties of the art of computer The Developer’s Code doesn’t include any
programming; it’s all about how to work well special new techniques or hidden secrets
in a commercial setting. that haven’t been published before. Instead,
The essays are grouped into eight it presents useful information in an easy-to-
categories (Metaphor, Motivation, digest fashion that will help you use your
Productivity, Complexity, Teaching, Clients, programming skills more effectively. If you
Code and Pride). Each essay is about a skill feel as if you’re stuck in a Dilbert strip, it could
that isn’t directly related to programming, help you out.
but that programmers need in order to work
effectively, such as how to manage teams
well, and how to speak to clients. The short
LINUX VOICE VERDICT
essays are easy to read and completely Author Ka Wai Cheung
self-contained, so it’s easy to read this book Publisher Pragmatic Bookshelf
ISBN 978-1934356791
in pieces if you don’t have time to get Price £19.50
through the whole thing in one go.
A useful book to help professional programmers
If your main interest in programming is in advance up the corporate ladder. As well a physical book, The Developer’s Code
open source or solo projects, this book has comes as a DRM-free eBook (in a variety of
very little for you. However, if you’re serious formats) at https://pragprog.com.
This Machine Kills Secrets
Dave Rebner is so secretive he won’t even tell us his real name.
C
ypherpunks – people who believe This Machine Kills Secrets isn’t just a book
that sufficiently sophisticated about how leaking has happened in the past,
cryptography can change the world it’s a book about why it has happened, and
for the better – have profoundly affected why it will continue to happen. It’s about the
the last decade. Perhaps the most famous motives and passions that have led to the
of these people is Julian Assange, but he technology leakers use today.
wasn’t the first, and he isn’t alone. In This The book finishes with Assange still under
Machine Kills Secrets, Andy Greenberg charts house arrest before he fled to the Ecuadorian
the movement from its birth on a mailing Embassy, and before Ed Snowden leaked the
list in the early days of the internet to the NSA documents. This doesn’t detract from
schisms that rocked Wikileaks following the book, but it does mean that if you’re
Assange’s house arrest. It looks at the looking for a modern history of leaking, you’ll
differing personalities that often clashed, and need to supplement this book with another
the different technology they built to free the covering the more recent leaks, such as
world’s information. No Place To Hide by Glenn Greenwald.
Greenberg has spoken with many of the
key people in this saga, and this book
includes first-hand testimony from just LINUX VOICE VERDICT
about every era the movement covers. Many Author Andy Greenberg
books focus on the figureheads that are the Publisher Virgin Books
ISBN 978-0753540510
public face of the movement, but This
Price £12.99
Machine Kills Secrets goes deeper and
The information wars are upon us, and
includes testimony from the geeks that this book tells the history of the resistance. Woodie Guthrie’s guitar may have been a
made it all possible. It’s well researched, well machine for killing fascists, but all of our
written, and an excellent read. computers can help kill secrets.
56 www.linuxvoice.com
� REVIEWS BOOKS
Free as in Freedom (2.0) ALSO RELEASED…
Mike Saunders pokes his nose into this biography of the mighty RMS.
T
his book is a few years old now. So
why are we covering it here? First:
it’s available as a free download
(in PDF format) from http://shop.fsf.org/
product/free-as-in-freedom-2. Second:
you can get a copy of it signed by Richard
Stallman (RMS) himself. And third: it’s
simply a great read! Master Vim
Print copies,
The book explores Stallman’s career and throw your
signed by RMS, are
as a programmer and activist, looking mouse away.
available for $50.
at his early work and how his positions Pro Vim
on software freedom developed. It’s not without signing an NDA, anyway. Learning a powerful text editor can change
fascinating to read how RMS was merely The book is a fascinating insight into the your life. You might find Vim horrendously
a humble hacker at the MIT AI Lab in the culture of the time, and what made RMS terse and strange, but once you get your head
round it and master the basics, you’re well on
1970s and 1980s, with no grand plans the fighter he is today.
the path to editing enlightenment. This
for the future, but slowly becoming aware 424-page tome assists you on the journey.
of the increasing commercialisation of LINUX VOICE VERDICT
software. There used to be a tradition of Author Sam Williams and Richard Stallman
sharing and openness in the computing Publisher Free Software Foundation
world, but RMS saw these principles ISBN 9780 9831 59216
Price Free (PDF), $20 (book), $50 (signed)
being eroded, and the straw that broke
Essential reading for anyone who wants to
the camel’s back was when he couldn’t understand how Free Software came about.
get access to the lab printer’s source
code in order to fix some bugs. At least,
Why some
products sell,
Tmux: Productive mouse-free development and some fail.
Does anyone need a mouse? Ben Everard’s is now redundant and free. Badass: Making Users Awesome
Got a great idea for a product or service, but no
T
marketing budget? This guide, from Kathy
mux, the terminal multiplexer, is a Sierra of Head First fame, shows you how to
tool for managing many terminals turn your ideas into a success. The key?
at once. Its most popular features Making your users feel badass – as in, spiffing,
are the ability to run many terminals in tip-top, in our British English vernacular.
separate panes in a single window, and
to detach from a session, but leave the
Once you’ve
terminals running. It’s entirely keyboard- mastered Tmux,
driven, so you can control everything you’ll never go
without reaching for the carpal tunnel- back to using he
forming rodent by your side. mouse.
Like many powerful keyboard-driven
tools, Tmux can require a little effort to Workflows) cover everything you need to
learn. It doesn’t have an especially steep know. It also lets you know why you might
learning curve, and you should be able to need particular features, not just how to Tmux + Vim =
get started with it quite quickly. However, if use them. heaven. In our
you want to get the most out of it, you’ll humble opinion.
probably need a little help, and Tmux: LINUX VOICE VERDICT Tmux Taster
Productive mouse-driven development is Author Brian P Hogan This mini guide (96 pages) takes you through
possibly the best way to get started. At 66 Publisher Pragmatic Bookshelf the basics of Tmux, an extremely handy
ISBN 978-1934356968 terminal multiplexer. Wassat, you say? As
pages, it’s concise, but at the same time,
Price £10.99 reviewed immediately to the left? That’s right.
its six chapters (Learning the basics,
Tmux is more powerful than most people It’s such a useful piece of software that books
Configuring Tmux, Scripting customised realise, and this book will help you unlock it. are springing up like mushrooms in the dew.
tmux environments, Working with text and
buffers, Pair programming with Tmux and
www.linuxvoice.com 57
� GROUP TEST REMOTE DESKTOP CLIENTS
REMOTE DESKTOP
CLIENTS
GROUP TEST
Tired of hopping from one computer to another, Mayank Sharma
tests options that allow him to control all his computers remotely.
On Test Remote desktop clients
W
hen you think of remote remote desktop. For this group test
Remmina access the first thing we’ve set up the Vino VNC server
URL http://freerdp.github.io/Remmina that comes to mind is on a Linux Mint machine and a
VERSION 1.1.1 SSH. System admins have been TightVNC server on a Raspberry Pi
LICENCE GNU GPL using it since time immemorial to and on a Windows 8.1 box. Many of
Can this do-it-all software ward off the mount remote directories, back up the clients on test support multiple
competition?
remote servers, spring-clean protocols. The exceptions are the
remote databases, and even run two proprietary clients, which we’ll
KRDC remote GUI apps. You probably use connect to with their own servers.
URL www.kde.org/applications/ SSH to interact with your Raspberry A good remote desktop client
internet/krdc Pi anchored behind the TV. should be responsive, and we’ll rate
VERSION 4.14.1 However, there are times when it higher than a client that does a
LICENCE GNU GPL you need to remotely access the wonderful job of replicating the
Does KDE’s default app do enough? complete desktop session rather remote desktop in true colour but
than just a single app. Perhaps you takes ages to register clicks and
Vinagre want to handhold the person on
the other end through installing and
key presses. We’ll also keep an eye
out for related features such as the
URL https://wiki.gnome.org/Apps/
using a complex piece of graphical ability to encrypt connections and
Vinagre
VERSION 3.12.2 software, or want to tweak settings transfer files and audio along with
LICENCE GNU GPL on a Windows machine from the the remote desktop.
...does Gnome’s? comfort of your Linux distro. That’s The clients and servers are
where remote desktop software all running inside our network
comes in handy. Using these nifty connected via Wi-Fi. While for
TightVNC little applications you can remotely maximum performance you’d
URL www.tightvnc.com access and operate a computer want them to be connected via
VERSION 2.7.10 from all sorts of devices. Gigabit LAN cables, it rules out the
LICENCE GNU GPL
There are various protocols that all-important convenience factor for
Is the once popular Java app keeping up
are designed to interact with a most readers.
with the times?
NoMachine NX “There are times when you need to access
URL www.nomachine.com
VERSION 4.3.30
the whole desktop, not just one app.”
LICENCE Freeware
Is it the best NX client out there? Protocol soup
VNC or Virtual Network Computing is vendor. Then there’s Microsoft’s
one of the most popular mechanisms proprietary Remote Desktop Protocol
TeamViewer for accessing a remote desktop. At its (RDP). While the RDP server is only
heart is the RFB (Remote Framebuffer) available for the Windows platform,
URL www.teamviewer.com
protocol, which works at the framebuffer there are clients for Windows, Linux,
VERSION 10.0
level and is therefore supported by all Mac OS X, Android, iOS and other
License: Freeware platforms. One big advantage of the platforms. Besides these, several
Does it offer more than just protocol is that you can connect to a proprietary remote desktop solutions
convenience? VNC server with a client from a different have their own proprietary protocols.
58 www.linuxvoice.com
� REMOTE DESKTOP CLIENTS GROUP TEST
Getting started with desktop sharing
The basics behind this essential technique.
A
remote desktop sharing session desktop. The remote machine can host this remote desktop servers work on different
involves a server and a client. The connection on a local network or even over ports. For example, by default the VNC
server component is installed on the the internet. Furthermore, the host computer server listens on port 5900 for connections
remote machine that you want to access can also hand over control of the keyboard and on port 5800 for download requests.
and the client component is installed on the and mouse to the other party. In this case, all If you use a router, you must configure
local machine, or even on a mobile device keystrokes and mouse clicks on the client it to forward connections if you want to
such as a tablet. are registered on the server as if they were connect to a remote desktop over the
In a typical desktop sharing session, the actually performed on the remote machine. internet. Remember that in order to
remote computer (also known as the host, You’ll also have to poke holes in the establish a remote connection, both
as it’s hosting the session) enables a user to firewall on the remote host machine to make the host and the client have to use the
view the contents of the host computer’s sure it allows the client to connect. Different same protocol.
Remmina
Maximum performance.
O
ne of the best things about Remmina
is that the app supports a variety of
protocols including VNC, RDP, NX,
SSH and more. It has a simple interface, and
maintains a list of profiles, and you can
organise connections in separate groups.
Before you begin, you’ll have to create a
profile and define the parameters before you
can connect to a remote server. At the very
least, you’ll have to select a protocol from a
drop-down list and enter the IP address of
the server. Optionally you can define other
parameters as well that vary depending on Remmina is a GTK app and will bring along a lot of baggage when installed on a KDE desktop.
the protocol being used. For example, for
VNC connections, you can optionally choose the remote connection. There’s a hidden Conversely, when connected to a dual-
the colour depth and quality of the toolbar at the top of the screen which gets core Mint box with full-HD resolution, the
connection. You also get checkboxes to you all this control in the full-screen mode. game was playable even at the best quality
toggle some quick settings like starting a Remmina houses default remote setting. However, video playback wasn’t
simple View Only session, disable connection settings under its Preferences watchable at any quality setting – at the
encryption, and more. If you’re connecting to window. Here you can tweak some auto lowest quality level the video was less jerky
a NX or a RDP server, you can also specify a save settings for the connections, define but the colours were all wrong; at the other
resolution for the remote desktop. default connection resolution and custom end of the quality setting the colours were
You can use the app in window mode as hotkeys. RDP users gets a bunch of perfect but the the video was skipping
well as full-screen mode. Remmina has a additional options to help trim down the frames. Also Remmina doesn’t transfer audio
tabbed interface that enables you manage size of the remote desktop stream, such as and lacks the ability to transfer files.
multiple remote desktop sessions from a the ability to turn off the wallpaper, menu We could easily scroll through lightweight
single window. When connected you get a animations, cursor shadow and more. PDFs at best quality, while PDFs with lots
bunch of buttons for common tasks such of images were best scrolled through at
as switching to full-screen mode, or to the Stable performer lower quality levels and were readable at the
scaled mode in case the remote desktop To test its responsiveness, we tried playing a lowest setting. Remmina is available in the
doesn’t fit. You also get a button to change Snake-like game on the remote desktop. official repositories of most popular distros.
the quality of the connection. Unlike other When connected to the puny little Raspberry
open source apps, Remmina changes the Pi, the game was playable but the VERDICT
Impresses with its list of
colour depth of the remote desktop of the fly, keystrokes were delayed by a block or two. supported protocols,
which is a definite plus. There’s also a button Changing to a lower quality level didn’t have features and performance.
that sends all the keyboard commands to any noticeable impact on this delay.
www.linuxvoice.com 59
� GROUP TEST REMOTE DESKTOP CLIENTS
Krdc
Krude but effective.
K
rdc is KDE’s default remote And that’s it. Depending on the three
desktop client and supports the settings, Krdc works out the other
VNC and RDP protocols. The details for the connection. The app’s
app does a nice job of handling set of choices is rather limited, but you
connections, with the main interface do get the option to manually specify a
showing a history of connections with resolution for the session.
the recently accessed servers at the Krdc lists all connected remote
top. You can also arrange the list by the computers in different tabs. From
number of visits to a server. You can within a connection, you get buttons to
even bookmark connections you want switch to full screen, scale the remote
to use more often. display to fit the local resolution, take Krdc doesn’t offer the option to route the connection
Although the main interface might a screenshot of the remote display, through a SSH channel.
seem overwhelming to a new user, with change the session into a view-only
a handful of menus and buttons, it’s mode, and send all keyboard inputs to test PDFs were readable and scrolled
fairly simple to operate. To establish a the remote computer. nicely as well. However, performance
connection, you only need to select a We connected to another computer degraded sharply when we selected the
protocol and enter the IP address of the on the local LAN using the default High quality option which is suggested
remote machine you wish to connect to. medium setting. Videos played for LAN computers. Inversely, the Low
This brings up the host configuration flawlessly albeit without sound, and our quality wasn’t of much use as the
box, from where you have to select a colours and fonts rendered poorly.
quality setting. The default is Medium,
which is claimed to be suitable for DSL, “Krdc’s main interface might VERDICT
cable, and fast internet connections. seem overwhelming, but it’s A useful client for KDE
fairly simple to operate.”
users who use VNC
There’s also high quality for LAN and occasionally.
low quality for slower connections.
Vinagre
Not nearly as versatile as vinegar.
V
inagre, also known simply as if you have the resources to bear the
Remote Desktop Viewer, is processing overhead.
Gnome’s default client for Another useful option is the ability
viewing remote desktops and supports to tunnel the VNC connection through
the VNC, RDP, SPICE and SSH an SSH server. To establish a secure
protocols. It has a minimal interface session make sure you run the SSH The Reverse Connection option simplifies the process of
that’s very much like Remmina. server on the remote server that’s also accessing a host behind a firewall.
However, there aren’t nearly as many the VNC host.
advanced options that are available Also remember that before switching playable at all quality levels and while
behind Remmina’s simple GUI. To to the full-screen mode, you should videos played without jerks on the 16
connect all you need to do is pick a enable the keyboard shortcuts option bit High Colour setting they weren’t
protocol from the pull-down list and (under the View menu) and then really watchable because of the lack
enter its IP address. There’s also a very use the F11 key to switch between of colours. If you went any higher,
helpful Find button next to the host fullscreen and window mode. During the videos became jerky and started
address field that hunts for active an active remote desktop session, you skipping frames. Also, Vinagre doesn’t
servers on the local network. can stop sending keyboard and mouse send audio, and we had to disconnect
Also much like Remmina, you get to the remote desktop and effectively to change the quality setting.
optional checkboxes for starting a full- turn it into a view-only session. The
screen session, a view-only or a scaled interface also includes a button to VERDICT
window. You also have the ability to send the famous three-finger salute Vinagre is to Gnome what
Krdc is to KDE – a usable
select a colour depth from 24-bit true (Ctrl+Alt+Del) to the remote desktop. default for occasional
colour to three-bit ultra-low colour. You Performance wise, the app is pretty use.
can also enable JPEG compression mediocre. The Snake game was
60 www.linuxvoice.com
� REMOTE DESKTOP CLIENTS GROUP TEST
TightVNC
Never let go of your computers. Other options
T
here are several other remote desktop
clients and solutions that you can use.
While we have only covered the most
popular and actively developed VNC clients,
there are several others. There’s RealVNC,
which is often touted as the official VNC client.
You can use it for free for a limited number of
connections after registering on its website.
Other VNC clients include TigerVNC, TurboVNC
and x11vnc. If you’re using Microsoft’s RDP
server, you can connect to it using the
Rdesktop client.
There’s also the open source Neatx server
based on NoMachine’s NX technology, and
Google’s Chrome Remote Desktop tool which is
currently in beta for Linux. If you aren’t averse
to proprietary solutions, there are several
The project has recently released an Android client optimised for mobile internet connections. paid and freeware solutions such as Bomgar
and Mikogo.
One solution that uses remote desktop
T
ightVNC is one of the oldest VNC as its own TightVNC server. When using sharing technology is iTALC. It is an open
client that’s still in development Vino, we had to turn off encryption on the source solution for remotely accessing,
and is the progenitor of many server before TightVNC would connect to controlling and managing classroom
popular VNC clients with different goals. the server. It also correctly autodetected computers and uses the RFB protocol. Also, if
The TightVNC project doesn’t just produce colour depth. Video playback without the you just wish to access a single app and care
a client. They also release a VNC server, audio was watchable and the Snake game more about security than zippyness then you
which is what we use on the Raspberry Pi. was playable without any issues. can just enable X11 forwarding over SSH.
The project uses its own enhanced
version of VNC’s RFB protocol. The Some fiddling required
project has added extensions to the RFB When using TightVNC server, we had
protocol to improve performance over low to alter the default config file to show
bandwidth connections. TightVNC gets the server’s MATE window manager.
its name from the fact that it encodes We had to do a similar modification to
the VNC stream more tightly by using view Ubuntu’s Unity desktop as well.
a combination of the JPEG and Zlib This connection uses the Tight protocol,
compression mechanisms. However, although we didn’t notice any remarkable
this compression shouldn’t impose improvements. One major difference is
any performance penalties on modern that the TightVNC server shares a new
processors. In fact, the official Raspberry desktop, while Vino shares the same
Pi documentation asks users to run the desktop that’s currently on the remote
TightVNC server to set up a VNC on the desktop.
Raspberry Pi. In addition to the lack of audio from the
One of the best things about TightVNC remote desktop, there’s also no means
is that it is still compatible with other to chat with the user on the other end.
implementations of VNC. However to use Furthermore, the file sharing facility is
its tight encoding and gain full advantage only supported on the Windows platform.
of its enhancements you must use You wouldn’t be able to transfer files even
TightVNC at both end of the connection. if you use the TightVNC Linux client to
The TightVNC client for Linux is written in connect to the server on Windows.
Java that doesn’t need to be installed –
just double click on the .jar file to launch VERDICT
the client (assuming you have installed A decent performer that
covers all your
the JRE). It works fine with the OpenJDK multi-platform Google Play has several clients for accessing
JRE. We tested the TightVNC client by multi-device bases. remote desktops on your Android device.
connecting it to the Vino server as well
www.linuxvoice.com 61
� GROUP TEST REMOTE DESKTOP CLIENTS
NoMachine NX vs TeamViewer
Cross-platform proprietary freeware at their best.
N
oMachine NX uses the NX from the remote desktop. You can
protocol that tunnels a remote mount a remote disk either as public,
X session across an SSH which mounts it in /media or private
encrypted channel. The protocol also which mounts it on the user’s desktop.
encodes and compresses data to Similarly, you can also manage local
minimise the bandwidth required. This and remote printers and USB devices
allows it to do some cool things such including removable disks, scanners,
as pipe audio from the remote server to web cams and more. Performance-
the local client. wise NoMachine NX is phenomenal.
The tool can automatically pick up Video playback, games and PDFs
any NX servers that are accepting look and work as if you are operating NoMachine places an icon in the system tray that gives
connections running on the LAN. You them on the local computer. There’s you access to tools such as the whiteboard, which can be
can also define a new connection by no noticeable lag and the images and used for scribbling instant messages.
specifying its IP address and the login video are very crisp.
credentials that you specified while launch the client and enter the unique
setting up the server. NoMachine will One for the team numeric code displayed on the machine
then detect the remote resolution and TeamViewer is perhaps one of the most you wish to connect to. If you’re
offer to change it to match the local recognisable names in the remote accessing your own remote computer,
resolution. By default, it’ll forward audio desktop domain and the app is used by you can set up a password and log in
to the local client and mute it on the several major enterprises. However, its unattended. If you are handholding
server, but you get the option to unmute Linux client isn’t nearly as spectacular. another TeamViewer user, all you need
it on the server as well. In fact, TeamViewer’s Linux client still from them is their unique code and the
Once connected you can access all runs with the help of Wine, like its initial randomly generated password that’ll be
its features from the Session menu, version several years ago. valid only for the current session.
which is accessed from the page peel The client offers more features However, the quality of the
in the top-right corner of the window. than you get with the usual open connection is very poor. You can use
The menu gives you access to some source remote desktop clients, and it to either render a nice desktop at
useful features, such as the ability TeamViewer uses its own proprietary
“Video playback, games and
to access a device such as a disk, or protocol that connects clients through
printer, stream the mic input to the a central server. One obvious advantage
remote server, and record the remote of this scheme is that you can connect
PDFs look and work as if they
are on the local computer.”
desktop in a WebM video. to a remote desktop from anywhere,
NoMachine lets you export the even those behind firewalls, without
contents of a local disk to the remote messing with routers or setting up port
machine or import the remote disk forwarding. a slow frame rate or an unreadable
into the local desktop. You can also TeamViewer is one of the most desktop at a usable speed. For what
copy files by dragging them to and convenient apps to set up and use. Just it’s worth, TeamViewer does offer a few
extra features such as a text and video
chat client, the ability to transfer files
as well as a VoIP service. The client
can also host group meetings. Some
features though, such as the ability to
invite other users into a session, require
you to sign into a TeamViewer account.
Like NoMachine, you can also record
a session in TeamViewer’s own .tvs
format. But we couldn’t get the option
to convert it into AVI format even after
following the manual.
VERDICT
NOMACHINE NX The TEAMVIEWER It might
best remote desktop be a big name on
solution for the Windows but on Linux
Both NoMachine and TeamViewer can be installed on any Linux distribution, and have pragmatic user. it’s just a bit meh.
precompiled binaries for RPM- and Deb-based distros.
62 www.linuxvoice.com
� REMOTE DESKTOP CLIENTS GROUP TEST
OUR VERDICT
Remote desktop clients
K
DE’s Krdc and Gnome’s change the quality settings of the
Vinagre are good defaults connection on the fly. All things
for their respective considered, Remmina is a wonderful
desktops and both don’t support remote desktop client and would
NX connections. One big turn off serve you well if you can live
with Krdc is the limited flexibility without extra features such as the
with the quality settings which ability to transfer files
really just left us with only one That leaves us with the two At least the NX protocol is open.
usable quality option. Vinagre didn’t proprietary clients. TeamViewer
fare much better with its mediocre
performance.
turned out to be a disappointment.
Its ease of use doesn’t outweigh
1st NoMachine NX 4.3.30
Licence Freeware Version 4.3.30
TightVNC is the only Java app its poor performance and we can’t
on test. The app performed well recommend it for any use case. www.nomachine.com
even when used with other VNC NoMachine NX surprised us too, Proprietary software done right. The quality is so good, we have
servers. One big advantage of pleasantly, that is. We haven’t yet to recommend it even though it isn’t free software.
the app is that it’s cross-platform awarded a Linux Voice Group Test
and even has mobile clients. It’s to a proprietary app, but NoMachine
2nd Remmina 1.1.1
“It’s proprietary, but NoMachine NX is Licence GNU GPL Version 1.1.1
way ahead of everything out there.”
http://freerdp.github.io/Remmina
Supports the widest range of protocols and performs well.
the recommended server for the NX is way ahead of everything out
Raspberry Pi, and if you’re using it there. The open source clients do 3rd TightVNC 2.7.10
on the Pi you should use the client their bit too and depending on your Licence GNU GPL Version 2.7.10
to take advantage of the protocol’s use case, might be the perfect
tight compression. tool for many of you. However www.tightvnc.com
However, for maximum coverage they aren’t as comprehensive as Best coupled with its own server that’s tuned to make best use
there’s no beating Remmina. The NoMachine NX, which will work for of limited resources.
client supports the widest range all types of use cases. You can use
of protocols and will connect
to all kinds of remote desktop
it to simply access your remote
desktop or any peripherals attached
4th Krdc 4.14.1
Licence GNU GPL Version 4.14.1
servers. The app scores well in to it or use it to collaborate with
the performance department as another remote user over the www.kde.org/applications/internet/krdc
well and gives you the flexibility to internet without much fuss. Good default client for simple use.
VNC RDP NX File Transfer Audio Support
5th Vinagre 3.12.2
Remmina Y Y Y N N Licence GNU GPL Version 3.12.2
Krdc Y Y N N N https://wiki.gnome.org/Apps/Vinagre
Another good default for occasional use.
Vinagre Y Y N N N
TightVNC Y N N N N 6th TeamViewer 10
Licence Freeware Version 10.0
NoMachine NX N N Y Y Y
www.teamviewer.com
TeamViewer N N N Y N Overshadowed by every client in terms of performance.
www.linuxvoice.com 63
� SUBSCRIBE
SUBSCRIBE shop.linuxvoice.com
Introducing Linux Voice,
the magazine that:
Gives 50% of its profits
back to Free Software
Licenses its content
CC-BY-SA within 9 months
12-month subs prices
UK – £55
Europe – £85
US/Canada – £95
ROW – £99
7-month subs prices DIGITAL
UK – £38 SUBSCRIPTION
Europe – £53
US/Canada – £57
ONLY £38
ROW – £60
Get 114 pages Access our Save money on
of tutorials, rapidly growing the shop price
features, interviews back-issues archive and get each issue
and reviews – all DRM-free and delivered to
every month ready to download your door
Payment is in Pounds Sterling. 12-month subscribers will receive 12 issues of Linux Voice a year. 7-month
subscribers will receive 7 issue of Linux Voice. If you are dissatisfied in any way you can write to us to cancel your
subscription at subscriptions@linuxvoice.com and we will refund you for all unmailed issues.
64 www.linuxvoice.com
� NEXT MONTH
NEXT MONTH IN
ON SALE EVEN MORE AWESOME!
THURSDAY
Raspberry Pi?
26 FEBUARY Something big’s
coming out of East
Anglia, and we don’t
mean Black Shuck.
All will be revealed
relatively soon.
THE WEB
Ubuntu phones
Father Christmas
was kind – he
brought us some
shiny new hardware
to play with, and it’s
running Ubuntu’s
smartphone
operating system.
Keep it secret…
… keep it safe, with
ETHICAL HACKING the ultimate
paranoiac guide to
hiding encrypted
Security 101: how to hack vulnerable servers partitions on your
with Linux (and how to protect your own hard drive. Now go
find government
from the scumbags who lurk on the internet). secrets…
LINUX VOICE IS BROUGHT TO YOU BY
Editor Graham Morrison Editorial consultant Nick Veitch through the use of advice in this magazine. Copyright Linux is a trademark of Linus
graham@linuxvoice.com nick@linuxvoice.com Experiment with Linux at your own risk! Torvalds, and is used with permission.
Deputy editor Andrew Gregory Distributed by Marketforce (UK) Ltd, Blue Nothing in this magazine may be reproduced
andrew@linuxvoice.com All code printed in this magazine is licensed Fin Building, 110 Southwark Street, London, without permission of the editor, until
Technical editor Ben Everard under the GNU GPLv3 SE1 0SU October 2015 when all content (including
ben@linuxvoice.com Tel: +44 (0) 20 3148 3300 our images) is re-licensed CC-BY-SA.
Editor at large Mike Saunders Printed in the UK by ©Linux Voice Ltd 2014
mike@linuxvoice.com Acorn Web Offset Ltd Circulation Marketing by Intermedia Brand ISSN 2054-3778
Creative director Stacey Black Marketing Ltd, registered office North Quay
stacey@linuxvoice.com Disclaimer We accept no liability for any House, Sutton Harbour, Plymouth PL4 0RA Subscribe: shop.linuxvoice.com
loss of data or damage to your hardware Tel: 01737 852166 subscriptions@linuxvoice.com
www.linuxvoice.com
� CORETECHNOLOGY
CORE
A veteran Unix and Linux
enthusiast, Chris Brown has
written and delivered open
source training from New Delhi
to San Francisco, though not on
TECHNOLOGY
the same day. Prise the back off Linux and find out what really makes it tick.
The Internet Protocol
The Internet Protocol is at the heart of – well – the internet. But what exactly does it do?
W
hat would you consider to be the The TCP layer hands the packet down browser which (after removing the header)
most important inventions of the to the IP layer, which is responsible for renders the page for you.
last 50 years? Genetic routing packets across an interconnected Each layer thinks of itself as talking
engineering? Post-It Notes? The set of networks (an “internet”) to the correct directly to its peer layer – the one at the
Teletubbies? How about the Internet machine. The IP layer adds its own header, same level in the stack – at the other end.
Protocol? It underpins the entire internet and again, it regards the whole of the packet The application layer talks to the application
(obviously) and has found its way into cars, handed to it from the layer above simply as layer, the TCP layer talks to the TCP layer,
fridges, televisions, smoke alarms, in fact the its payload. and so on. In reality, of course, the data
entire “Internet of Things”. There’s at least one more layer below that flows down and up the protocol stacks.
Let’s start with the big picture, and talk before the packet actually hits the wire. The
about protocol stacks. Consider the very detail here depends on what medium is IP addressing
common case of a web server sending a being used to actually transmit the packets; Back in issues 6 and 7 I discussed the TCP
web page to a browser. The server and the assuming that it’s some form of Ethernet, and UDP protocols in some detail, with
browser communicate with a protocol called the IP datagram will get encapsulated emphasis on the “sockets” API that provides
HTTP (Hyper Text Transfer Protocol). So the inside an Ethernet frame, with its own access to these protocols from our code. I
web server builds an HTTP response packet, header and its own destination address, as want to focus on the IP layer this month.
which consists of the content of the web I’ll discuss. (Though for a tongue-in-cheek Typically, programmers do not interact
page it’s sending, with an HTTP header alternative, see RFC1149: A Standard for directly with this layer, although it is possible
stuck on the front. This header contains the the Transmission of IP Datagrams on Avian to create a “raw” socket that lets you craft
information that the HTTP layer needs to do Carriers.) your own transport layer header. Program
its job. It’s in this header, for example, that When the packet reaches its destination like ping, and some of the weirder forms of
you’ll find the HTTP status code such as (where your browser is running) it proceeds nmap scan, use this technique. But we are
200 (OK) or 404 (file not found). back up the protocol stack, each layer not really going to look at IP through a
discarding its header before passing its programmer’s eyes.
Enter the TCP layer payload up to the layer above. Finally the To begin at the beginning, every
Having assembled the packet, the browser original HTTP packet is handed up to the connection from a computer to an internet
hands it down to the transport layer, TCP
(see Figure 1). The task of this layer is to
IPv6
“guarantee” delivery of the packet to the
correct program (in this case, the web You probably don’t need to be told that we’re could do it 100 million times over. Although IPv6
browser) on the destination machine by running out of IPv4 addresses. RIPE (the is on its way, it’s slow in arriving. You’ve been able
providing the illusion of a permanent “circuit” organisation that allocates these things in Europe) to build IPv6-only intranets with Linux for years.
started allocating addresses from its last /8 block The latest infographic from RIPE claims that
connecting the server and the client. This two years ago (a /8 block is 2^24 addresses, globally, more than 20,000 websites, 240 network
layer adds its own, rather complicated, roughly 16 million, which sounds a lot but is operators, and 10 home router vendors now offer
header to help it do its job. The TCP layer actually less than 0.5% of the IPv4 address space). IPv6 products and services.
doesn’t know anything about the data it’s The number of addresses available in IPv6, Nonetheless, I think we’re still some way away
carrying. For example, it doesn’t distinguish with its 128-bit addresses, is too big to get a from having full end-to-end IPv6 connectivity from
proper handle on. I just used two Post-It notes the average home user to the average website. I
the HTTP header from the rest of the packet. working out that you could allocate the equivalent keep thinking I’ll call my ISP and ask them… but
As far as the TCP layer is concerned, the of an entire IPv4 address space for every square they’ll just tell me to reboot my router and see if
whole thing is just the “payload” it’s being millimetre of the earth’s surface – in fact, you that fixes the problem…
asked to deliver.
66 www.linuxvoice.com
� CORETECHNOLOGY
is allocated an IP address, which is 32 bits
long and is written in a format called “dotted Web server Web browser
decimal notation” – you split the address
into four lots of 8 bits (called an octet), HTTP HTTP Protocol HTTP
Page Page
write each octet’s value down as a decimal Header Header
number (giving a value between 0 and 255)
then stick dots in between. So you end TCP HTTP
TCP Protocol TCP HTTP
Header Header Page Header Header Page
up with something like 104.28.7.18. This
address is logically split into two parts – a
network ID and a host ID. The network ID IP TCP HTTP IP Protocol IP TCP HTTP
Page Page
is the piece that’s used for routing (getting Header Header Header Header Header Header
packets to the right network); the host ID
only comes into play once a packet has Ethernet IP TCP HTTP Ethernet IP TCP HTTP
Page Page
reached the right network, when it’s used Header Header Header Header Header Header Header Header
for the final stage of delivery to the
destination machine.
What’s a subnet mask? Network
The division between the network piece and
the host piece is specified by the “subnet
mask”, which is also usually written in
dotted decimal notation. For example, a
subnet mask of 255.255.255.0 converted Figure 1: As a packet passes down through the layers of a protocol stack, each layer’s header
to binary gives us 24 ones followed by 8 forms part of the payload of the layer below.
zeros, meaning that the top 24 bits of the IP
address are network ID, and the remaining 8 In the early days of the internet every needed to communicate within their own
bits are the host ID. There’s a more compact single machine that used TCP/IP had a private “intranet” could use IP addresses
way of representing this. We might say that globally unique IP address assigned to from these private blocks and didn’t need
a machine is on the network 192.168.1.0/24, it. We could establish direct end-to-end to apply for an address allocation from a
meaning that the top 24 bits of this (the connectivity between any two machines. But central registry. More than anything else,
192.168.1 piece) specify the network and the internet grew way beyond expectations this strategy has staved off the exhaustion
the remaining 8 bits select the host. and we started running out of addresses. of IPv4 addresses, as countless corporate
Figure 3 shows a typical small internet. So in 1996, the Internet Assigned Numbers networks around the world re-use these
Machines A, B, C and D are connected to the Authority designated three “private” address private address blocks.
upper network 192.168.0/24; machines P, Q, blocks as follows: In our diagram, there is only one globally
and R are connected to the lower network 10.0.0.0–10.255.255.255 (10/8 prefix) unique IP address – that’s the 176.13.4.92
192.168.1/24. Additionally, machine S is 172.16.0.0–172.31.255.255 (172.16/12 address of the outward-facing connection of
connected to both networks (it has two prefix) machine D.
network cards) and can route packets 192.168.0.0–192.168.255.255
between them. Finally, machine D has a (192.168/16 prefix) The routing routine
connection to the outside world. The idea was that machines that only So, what does the IP layer do, exactly? Well,
it has the job of delivering a packet to a
specified destination IP address. To figure
out how to send IP packets on their way,
each machine maintains a routing table.
Subnet mask 11111111 11111111 11111111 00000000
Machines on “stub” networks, like machine P
in the diagram, only need to know two things
– which network they’re connected to
192.168.0.5/24 (192.168.1/24 in this case) and where to
send packets destined for other networks
(192.168.1.254 in this example); this is
usually called the default gateway.
If we examine the routing table of
IP address 11000000 10101000 00000000 00000101 machine P, we’ll see something like this:
$ route -n
Network ID Host ID Kernel IP routing table
Destination Gateway Genmask Flags Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG eth0
An IP address is split into a network ID and a host ID. The “CIDR” notation shown here specifies the 192.168.1.0 0.0.0.0 255.255.255.0 U eth0
boundary between the two pieces I’ll explain all this in a minute, but first let’s
www.linuxvoice.com 67
� CORETECHNOLOGY
Machine A to machine C
This is the easy case, because the
destination address of the packet,
192.168.0.3, is on the same network as
machine A, as determined by the third entry
in machine A’s routing table. But we’re not
quite home and dry, because the packet
needs to be encapsulated into an Ethernet
frame for transmission, and we need to
know the Ethernet address of machine C.
Ethernet addresses are 48 bits long and are
written down as a group of 6 pairs of
hexadecimal digits, separated by colons, for
example 00:06:5B:BA:6E:FB. Ultimately, it’s
this address that’s used to get the packet to
the right machine.
Keep in mind though, that it’s pointless
addressing a packet to an Ethernet address
that isn’t on your network -- these addresses
are not used for routing. The Address
Figure 3: The internet in miniature – two networks connected by a gateway.
Resolution Protocol (ARP) is used to
discover the Ethernet address. Essentially,
look at the routing table for machine A, the routing table on machine S: machine A broadcasts an ARP request onto
which has an extra entry because it needs $ route -n its local network that says “Who is
a route onto the lower network, so it might Kernel IP routing table 192.168.0.3? Please tell 192.168.0.1”. All the
look like this: Destination Gateway Genmask Flags Iface machines pick up and ponder this request
$ route -n 0.0.0.0 192.168.0.4 0.0.0.0 UG eth0 but only machine C, recognising its own IP
Kernel IP routing table 192.168.0.0 0.0.0.0 255.255.255.0 U eth0 address, responds with the reply:
Destination Gateway Genmask Flags Iface 192.168.1.0 0.0.0.0 255.255.255.0 U eth1 “192.168.0.3 is at 00:06:5B:BA:6E:FB”.
0.0.0.0 192.168.0.4 0.0.0.0 UG eth0 A careful examination of this (the last two Finally, machine A is able to build an
192.168.1.0 192.168.0.254 255.255.255.0 U eth0 lines) shows that the machine has direct Ethernet frame and send it out on the wire in
192.168.0.0 0.0.0.0 255.255.255.0 U eth0 connections to two networks, 192.168.0/24 the reasonable expectation that it will reach
Here’s how it works. The IP layer works (via its “upper” network connection eth0), machine C.
through the entries in the routing table in and 192.168.1/24 (via its lower connection Broadcasting an ARP request every single
turn. For each one, it takes the packet’s eth1). time you want to send an IP datagram is
destination IP address, bit-wise ANDs it To get a feel for how IP routing and packet clearly not smart, so machine A will keep the
with the value in the Genmask column and delivery works, let’s consider three routing result for a while (60 seconds by default) in
compares it to the value in the Destination scenarios in turn: its ARP cache. You can examine this cache
column. If they match this is considered as 1 Machine A to machine C. with the arp command:
a potential route. If more than one entry in 2 Machine A to machine Q. $ arp -a
the routing table matches, the most specific 3 Machine A to a machine somewhere in ? (10.0.2.2) at 52:54:00:12:35:02 [ether] on eth0
route – the one with the longest Genmask the outside world. You can also manually add and delete ARP
– wins.
So, taking the three entries in turn: the
first entry always matches, because any
destination IP address AND-ed with 0.0.0.0
is going to give 0.0.0.0. So this route will
be used if there isn’t a more specific match
– it says that 192.168.0.4 is our default
gateway. The second entry defines the
route onto the lower network; basically it
says “to reach the 192.168.1/24 network, go
via 192.168.0.254”. The third entry has no
gateway defined; it says that traffic to the
192.168.0/24 network doesn’t need to go via
a gateway because that’s the network we’re
actually connected to. In all three cases,
packets will go out via network interface
eth0. That’s a bit of a no-brainer because it’s
the only one we’ve got. Let’s take a look at A broadcast ARP request is used to find the Ethernet address of a directly connected machine
whose IP address is known.
68 www.linuxvoice.com
� CORETECHNOLOGY
cache entries with this command, though default gateway (machine D at 192.168.0.4).
there shouldn’t be any need to. Now we haven’t looked at machine D’s So long and thanks for all the fish
Machine A to machine Q routing table, but it will in turn discover that I’ve decided to stop writing for Linux Voice,
Our second scenario, machine A sending to the packet needs to go out on the as part of a process that I am told is called
machine Q, is a little more complicated. The 176.13.4.92 interface to its own default “retirement”. So this will be my last piece. I’d
destination IP address for machine Q is gateway -- a machine operated by the site’s like to thank the Editorial Team for offering me
the opportunity over the last months, and wish
192.168.1.2. From the second entry in Internet service provider.
them every success as they take the magazine
machine A’s routing table, it discovers that to But there’s a problem. Sending the through into its second year. Thanks to all of
reach this network it needs to send the packet out with a destination address you who have read what I’ve written – that’s
packet to 192.168.0.254, the upper network of 104.28.6.18 and a source address of what makes it all worthwhile. Oh, and the
connection of machine S. So it will check its 192.168.0.1 will work fine, but getting a reply cheques of course.
ARP cache for an entry for this IP address, back is a different matter: 192.168.0.1 is a
and use the associated Ethernet address if it private address; you can’t route packets to it can interact with the outside world. If you
finds one, or broadcast an ARP request if it across the internet. browse the web from home, your broadband
doesn’t. Note that machine A has absolutely So here’s what happens. Machine S picks router does this on every single packet
no idea what will happen to the packet after an unused TCP port on its outward-facing you send. Note that machine A has no
it reaches machine S. interface. Suppose it picks port 13348. It idea that NAT is taking place – as far as
The focus of attention now turns to then re-writes the SOURCE IP address and it’s concerned, it’s sending the packet to
machine S, the gateway. Tasked with port number on the packet to be 176.13.4.92 machine S simply because it’s the default
delivering the packet to 192.168.1.2, it and 13348, and sends the packet on to Linux gateway to the outside world.
discovers from its routing table that one Voice’s web server. This server thinks the NAT is, in a sense, extending the IP
of its network interfaces (eth1) is directly request originated at machine S and sends address space by using the port number
connected to that network. So it will the reply back there; that is, to 176.13.4.92 as part of the address. This form of NAT
broadcast an ARP request on eth1 to get an port 13348. Machine S, meanwhile, has is sometimes called IP masquerading,
Ethernet address for machine Q, and finally remembered the IP address and port because it hides the internal structure
send the packet to its destination. number that this request originally came of our network from the outside world. It
from – ie, machine A. So it now re-writes the only works when a network connection is
Machine A to the outside world DESTINATION IP address and port number initiated from a machine within the local
In our final routing scenario, machine A of the reply packet and sends it back to intranet. A web browser running somewhere
wants to send a packet to a machine out in machine A. “out there” cannot connect to a web server
running on our intranet. In this sense, NAT
offers a kind of firewall, protecting our
“NAT is fundamental to how machines on private systems from external attack.
internal networks interact with the outside world.” So… if you get the impression that all
this routing stuff can get complicated…
well, you’re right. But keep in mind that the
the internet -- perhaps to Linux Voice’s web This trick is known as NAT (Network operations I’ve described occur thousands
server at 104.28.6.18. Machine A quickly Address Translation) and is fundamental to of times on maybe a dozen machines, just
discovers that its only hope is to go via its how machines on private internal networks for a single visit to a website. Long live IP!
Command of the month: ip
The ip command is the main administrative To show all addresses assigned to all $ sudo ip route del 192.168.1.0/24
tool for things down at the IP layer. It’s interfaces (roughly analogous to the old The help option of the command makes
intended to replace commands like ifconfig, ifconfig -a): it, to some extent, self-documenting. For
route and arp. As such, it’s a bit of a $ ip address show example:
jack-of-all-trades, with an extensive To list just the IPv6 addresses assigned $ ip help
command syntax. Commands are basically to eth0: will give you a list of the object you can
of the form: $ ip -family inet6 address show dev eth0 operate on, and drilling down a level further:
# ip object action To show the routing table (similar to $ ip route help
where the objects you can perform actions route -n): will show you the actions you can perform
on include addresses, network interfaces $ ip route show on a route.
(ip calls them links), arp cache entries, and To add the static route from machine A to I get the impression that the ip command
routes. The actions you can perform depend the bottom network in our example: hasn’t gained quite the level of adoption that
on the object you’re operating on, but $ sudo ip route add 192.168.1.0/24 via it perhaps deserves, a result (I suspect) of its
typically you can show, add or delete them. 192.168.0.254 dev eth0 extensive command syntax, and the inertia
Here are a few examples: …and to delete it again: of the sysadmin community
www.linuxvoice.com 69
� FOSSPICKS
FOSSpicks Sparkling gems and new
releases from the world of
Free and Open Source Software
Hunting snarks is for amateurs – Ben Everard spends his time in
the long grass, stalking the hottest, free-est Linux software around.
Web-based database management
PHPMyAdmin
P
HPMyAdmin may sound like most distros have a package for
a tool for administering PHP, PHPMyAdmin, though this might not
but it’s not. It’s a front-end always be the latest version.
for MySQL and MariaDB written in One of the big advantages of
PHP. From creating databases and PHPMyAdmin is that it makes it
tables, to backups, to finding easy for non-experts to manage
particular pieces of data in the databases. Backing up and
tables, PHPMyAdmin really can querying are probably the most
perform just about everything you basic tasks, and these are easily
need to do on a database, but for performed provided you know a bit
anything that’s not directly about databases. The search tool
supported, there’s an SQL interface works as an SQL query builder, so it The cities of the world displayed in PHPMyAdmin’s GIS data view
on the web page. helps you learn SQL as you use it. In on top of an OpenStreetMap outline.
Unsurprisingly given the name, fact, the whole PHPMyAdmin
PHPMyAdmin runs on top of a As well as general database
LAMP stack, so if you’ve already got
this installed, then getting
“PHPMyAdmin really can perform tools, there’s a range of tools to help
you visualise data including GIS
PHPMyAdmin is just a case of just about everything you need to (geographical) data map overlays,
downloading it and unzipping it
somewhere in the webroot.
do on a database.” various chart-drawing tools, and
image viewers.
Configuring PHPMyAdmin can be There are also plenty of features
a little more awkward. This is either interface is closely tied to SQL, so for advanced users. The profiling
done by hand, or by moving config. it’s easy to transfer your skills both options can help you optimise the
inc.php into a config folder and ways. If you learn in PHPMyAdmin, it performance of queries, and just
using the web-based script. Full can be easy to pick up SQL, and if about everything can be tweaked
details are on the project’s website you already know SQL, you should so it works the way you want it.
at http://docs.phpmyadmin.net/ find it easy to get started with There’s even an advisor that tries to
en/latest/setup.html. Alternatively, PHPMyAdmin. highlight potential performance
problems and solutions. The server
monitoring tools can then help you
tell how effective any optimisations
have been.
If you’re building your database
from scratch, there’s also a
relational designer tool to help you
create or amend a schema, and see
how the keys are set up. We can’t
recommend this tool highly enough.
You can try out a live demo of
PHPMyAdmin without installing at
http://demo.phpmyadmin.net.
PROJECT WEBSITE
PHPMyAdmin isn’t the best-looking HTML interface, but it is themeable if you
www.phpmyadmin.net
prefer a different colour scheme.
70 www.linuxvoice.com
� FOSSPICKS
Online collaborative text editor
Etherpad
E
therpad is an online notepad It’s this collaboration focus that
for real-time collaboration. makes it an invaluable tool for
That means you can work many open source projects.
with people on a single text You can view a time-slider of how
document and see what each other the document has developed, and
is doing as you’re doing it. Originally, the contributions by different
Etherpad was closed source, and people show up in different colours.
Google bought the company There’s also an in-built chat function
producing the software with the to help you communicate with the
aim of including it in the ill-fated other people editing the document.
Google Wave. Now Etherpad is open
source, and is hosted in thousands Collaboration tool
The minimalist interface
of places both public and private. If you need more features, there are Etherpad instances that are
forces you to focus on
Etherpad is based around what it plenty of plugins to provide the content, not the available, such as Wikimedia’s
calls ‘pads’, which is just another everything from spellchecking to application. (https://etherpad.wikimedia.org/),
name for text documents. These printing to turning the pad into a or Mozilla’s (https://etherpad.
can be quickly created, and shared collaborative development mozilla.org). There’s even a public
between users using just the URL. environment. You can see a full list pad hosted as a Tor hidden service
Slightly confusingly, there were of available options at https:// at https://5jp7xtmox6jyoqd5.
once two pieces of software, one github.com/ether/etherpad-lite/ onion/. You’ll find a list of public
called Etherpad and another called wiki/Plugin,-a-list. pads on the Etherpad site at https://
Etherpad-lite. The original Etherpad is github.com/ether/etherpad-lite/
now defunct, and Etherpad-lite is
commonly known as Etherpad
“The main focus of Etherpad wiki/Sites-that-run-Etherpad-Lite.
Each site has different terms of use,
(though you may still see the -lite is on collaboration rather than and some delete pads after a
suffix in some filenames).
The main focus of the app is on
word processing.” certain amount of time, so always
take a look at the terms and
collaboration rather than word conditions before hosting important
processing, so the stylistic options JavaScript is used both for the work anywhere.
are quite limited. You can use bold, interface and the back-end (via If you already run a site based on
italic, lists, alignments and a few Node.js).Keeping everything in one a popular CMS such as WordPress
other basic functions, but not language is useful for development, or Drupal, you should be able to find
The Etherpad API is well
much. In some ways, you can think but does mean that it won’t run on documented, so a plugin to integrate Etherpad into
of it a bit like a stripped down, a normal LAMP stack. If you don’t interacting with it your website. There’s also an HTTP
open-source version of Google want to install Node, you can should be API so you can interact with it from
Docs, or perhaps a real-time wiki. always use one of the many public straightforward. almost any software.
Along with the usual bugfixes
and UI improvements, the big
improvements in the latest version
(1.5 aka Turkey Slayer) are full
import and export support
(including to word processor
formats such as Microsoft’s DOC
and the open source ODF), and
support for sharding to help scaling
to large numbers of users.
The new export functions alone
are enough for 1.5 to be a worthy
upgrade for anyone already running
Etherpad, and make it even more
attractive to new users.
PROJECT WEBSITE
http://etherpad.org
www.linuxvoice.com 71
� FOSSPICKS
Shell script paralleliser
Gnu Parallel 20141122
M
odern computers have thread, you could launch new
many CPU cores, but threads for each unzipping. This
quite a lot of command would run across many CPU cores,
line utilities were designed back but wouldn’t do so very intelligently:
when most machines had only a for file in *.gz; do gunzip $file & done
single core. This means that, by A more efficient option is to use
default, they don’t fully utilise your Gnu Parallel. This intelligently
hardware. There is a solution: Gnu spreads the load over all available
Parallel. This isn’t a panacea that CPUs, and should run faster than
makes single-threaded programs either of the previous examples.
If you have a multi-core
multi-threaded, but it load-balances Unzipping the files is done with: gnu.org/software/parallel/
CPU, your commands
command line programs across parallel gunzip ::: *.gz should take full parallel_tutorial.html
multiple CPU cores. advantage of it. Perhaps one of the most
Imagine, for example, you have a Unleach the power! powerful features is the ability to
directory with many gzipped files This is the simplest form of the split-run across multiple machines.
that you want to unzip. The command, and is an easy This may be the simplest method
simplest way of decompressing substitute for a for loop on files of utilising the processing power of
them is with a simple for loop: when there’s quite a bit of a cluster of machines – perhaps a
for file in *.gz; do gunzip $file; done processing to do. The three colons bunch of EC2 machines you’ve just
However, this would run the simply split the command to run split up, or an office full of PCs that
entire operation on a single CPU from the selector of the files. are unused overnight.
core, which could be quite slow if Gnu Parallel has far more power
you have a lot of zipped files. than this, and there’s a thorough PROJECT WEBSITE
www.gnu.org/software/parallel
Instead of running them on a single tutorial on the Gnu website at www.
Source code management
Git 2.2
S
ource code management This enables different people to
may not be an exciting develop on different trees
subject to most people, but it simultaneously, then combine their
can be a real hassle when it goes changes with minimal fuss, which
badly, like when you can’t locate a is perfect when developers are
change that broke something, or working on different features.
get into a mess when two people Understanding how these branches
have changed the same file. Git not work is key to using Git effectively.
There are graphical
only solves all the normal problems While Git is amazingly useful, it’s However, unless you’ve got a good
clients, such as Git-cola
of source code management not always the easiest software to shown here, for anyone understanding of how the software
wonderfully, it was also designed get started with. GitHub (a website who wants the power of works, you’ll struggle to get the
from the ground up to work for that hosts Git repositories) have put Git but prefers not to most out of them.
open source projects (specifically together a web-based tutorial to use the command line. Despite being a relatively recent
the Linux kernel). help you get started. You’ll find an option when compared to the likes
The most powerful feature of Git easy introduction to the world of Git of CVS and Subversion, Git is already
is the forking and merging options. at https://try.github.io/levels/1/ the most popular source code
Forking in Git doesn’t mean the challenges/1. By the time you’ve management tool in the open
same thing as forking software in completed challenge 25, you should source world, and is becoming
general. It creates a new copy of be well versed in source code increasingly popular in the
the code that can be worked on management. commercial world as well.
independently, and the idea is that it As well as the command line
will eventually be merged back into tools, there are graphical clients, PROJECT WEBSITE
http://git-scm.com
the main branch. and web-based interfaces.
72 www.linuxvoice.com
� FOSSPICKS
Music streaming software
mps-youtube
Y
ouTube hosts millions of by Google – so it does a good job
videos that anyone with a of finding the most popular
web browser can play, and response to queries, even if they’re
a large number of these videos incomplete or not spelled perfectly.
include music. This essentially To play a song, just enter the
makes it a massive, free (zero cost) number of the result and hit Enter.
music library. The only downside to This will stream the song straight
this is that the web interface isn’t from Google’s website. Playlists
ideal for music playing. Mps-youtube and other more advanced features
is a terminal application for are supported, and altogether it’s
searching videos and playing music quite a powerful music player. You It’s just good old YouTube, but without all that annoying video that
without getting bogged down with can add items to a playlist with: just gets in the way of the audio.
the graphics. add <number>
You can install it with a simple: The vp command displays the have much difficulty working out
sudo pip install mps-youtube current playlist. There are other how to use it. Entering help tips at
Then start it with mpsyt. You’ll be options to save playlists to your the command prompt is the best
dropped into a command prompt local machine, and open ones that way of discovering all the features.
that you can search. For example: you created earlier. The help system YouTube isn’t known for its high
search big buck bunny is comprehensive, so you shouldn’t audio fidelity, so this isn’t a tool for
will bring back all the audio from the replacing a high-end stereo, but a
free (as in speech) film Big Buck nice way of finding new songs.
Bunny made by the Blender “Mps-youtube is a terminal app for
Foundation. This uses YouTube’s
search feature – which is powered
searching videos and playing music.” PROJECT WEBSITE
https://github.com/np1/mps-youtube
Graphical maths tool
GeoGebra
B
ack when I were a lad you manipulate the properties either by
could buy a Mars bar for entering absolute values, or linking
25p and still have change them through a simple language. In
for the bus ride home, and all this some ways, you could view
were fields, and when it came to GeoGebra as a mathematical
maths class, you drew equations graphical programming language
using graphical calculators. rather than a charting tool. That
Now, mobile computers – from said, it’s almost entirely mouse-
laptops to smart phones – are driven, so you don’t get bogged
seemingly everywhere, and it might down in code
be time to replace these ageing GeoGebra is structured to help
calculators. There are many plotting teachers, and this means you can
As well as mathematics,
tools available, but GeoGebra stands create work sheets for export to m3022), or take a light hearted look
you can also use
out because it’s designed for other users. There’s a website – GeoGebra for idle through a kaleidoscope (http://
interactive exploration. That means tube.geogebra.org – that hosts time-wasting, as shown tube.geogebra.org/student/
that it’s not just good for displaying them as HTML pages so viewers here. m27651). True to the earlier
data, but learning about the only need a web browser and graphical calculators, there are even
mathematical properties of the internet access to use them. You some games available, like billiards
graphs. You can think of it less like don’t have to be a student to find (http://tube.geogebra.org/student/
a plotting tool and more like a useful things on the website though. m167309).
mathematical play pen. Drivers can find a mathematical
Objects are dragged-and-dropped examination parallel parking (http:// PROJECT WEBSITE
www.geogebra.org
onto the canvas, then you can tube.geogebra.org/student/
www.linuxvoice.com 73
� FOSSPICKS
Low-latency voice chat
Mumble
M
umble is a bit like IRC for It was originally designed for
voice. It’s built on a gamers and does have some
client-server model, so special features to support this
once a server’s running, many (such as overlays and positional
people can connect to this and audio). However, it’s also useful in
share their audio. Like IRC, it other areas, for example, many
features channels so a single server podcasts use it for recording.
can host many conversations. The Perhaps the most powerful part
The Mumble
Mumble project includes a client of Mumble isn’t in the software at http://wiki.mumble.info/
configurations mean
and a server (known as Murmer), so itself, but in the ecosystem that’s you can tune the setup wiki/3rd_Party_Applications.
has everything you need to host built around it. There’s everything to your particular There are clients for all major
your own chat sessions – provided, from web interfaces to command internet connection to platforms, so you don’t need to limit
that is, you have a server to host it line clients and bots for almost maximise quality and your chats to just your FOSS-loving
on. It’s fairly low-resource, so should every available task. There are even minimise latency. friends. This includes iOS and
run on a low-spec VPS, though you other servers for the Mumble Android so you can also stay
may need more power if you’re protocol that are optimised in chatting on the go.
planning on hosting a lot of users. different ways. For a more You can try out Mumble without
Mumble is built for low-latency, so complete list of Mumble-related running your own server by finding
chatting works well, and quality is software, check out the project wiki a public server at www.mumble.
good, though this can depend on com/serverlist.
the available bandwidth. You don’t
need to worry about who’s listening “Mumble has everything you need
in as all communications are
secure by default.
to host your own chat sessions.” PROJECT WEBSITE
www.mumble.com
Android photo enhancer
Effects Pro
Effects Pro is simple to
use, and open source:
two qualities that are
rare in Android apps.
T
hese days, photos need to a copy of the image should there be
have a filter, or it’s just not a problem. Performance was also a
cool enough. We’re all for little slower than we would like, but
jazzing up pictures, but too often it’s hopefully these minor issues will be
done through proprietary web apps. ironed out in future releases.
Sure, Gimp has some great options, There are 19 effects available,
but if you’ve only got your phone ranging from colour changes to
with you, that’s not much help. classic photo manipulations like
In steps Effects Pro. It’s a simple sepia and vignette. It’s designed to
Android app that lets you be simple on a touchscreen, so
manipulate images (either new doesn’t have anywhere near the
photos or ones stored on your range of options as powerful
phone). You don’t need to know desktop software (like Gimp), but
much about image processing – with a few clicks, you can liven up
just select the effect you wish to most pictures.
add, adjust the amount, and Effects You can get the source code This isn’t the same as Photo Effects
Pro does everything else. from https://github.com/yaa110/ Pro on the Google Play Store, so if
Version 1.1 did seem to have a Effects-Pro if you want to tinker you want the free software app,
few stability issues on our test with it, or the compiled software is make sure you get it through the
device (a Moto G), so we’d in the F-Droid repository, so you can F-Droid store.
recommend taking the photo first, get it through that app store
PROJECT WEBSITE
saving it, and then opening it in (https://f-droid.org/repository/
https://github.com/yaa110/Effects-Pro
Effects Pro. This way you’ll still have browse/?fdid=org.appsroid.fxpro).
74 www.linuxvoice.com
� FOSSPICKS
FOSSPICKS Brain Relaxers
https://launchpad.net/pybik/
Terminal-based robot deathmatch
BSD Robots
W
hat Minesweeper is to starting out), you can teleport. This
Windows, Robots is to moves you to another place on the
BSD. It’s the classic screen, but it can land you in the
game perfect for wasting hours path of a robot, so there’s a chance
of otherwise productive time (or any teleport could be fatal. Some
to run while you’re waiting for clones have the option to safe
something to compile). The teleport, but this corruption of the
game play is simple: you’re an @ game’s ideals is anathema to true
symbol surrounded by robots. BSD Robots aficionados.
Each turn you move, then the There are other versions of the
robots move. The robots don’t game where the protagonist is You can teleport to a
have any collision prevention, so escaping zombies or Daleks, but random place if you’re GNU Robots is a completely
they’re prone to colliding with the mechanics are the same. really stuck, but beware, different game, so make sure you
each other. The aim of the game As with all classic games, there this could take you get the right one (it’s often in a
is to make all the robots collide are plenty of clones that are more directly into the path of package called bsd-games).
with each other so there are none graphically impressive – Gnome a robot. Alternatively, you can play it in a
left. It gets easier, because dead Robots, for instance – but for us, web browser without installing
robots leave scrap metal that the classic black and white terminal anything at http://ctho.org/
other robots can then crash into. version can’t be beaten. If you want games/robots.
If you get completely stuck and the full retro experience, you could
can’t move anywhere (this can run it through Cool Old Term to PROJECT WEBSITE
none
happen quite a lot as you’re simulate a CRT display.
Dungeon game
Angband
I
n issue 5, we posed the constantly adapt, even if you’ve
question: is Nethack the played the level before. Carefully
greatest game of all time? A managing your inventory (so you’re
lot of you said yes. Among the ready for any eventuality) is key to
dissenters, the most popular progressing in the game.
alternative put forward wasn’t Like Nethack, Angband is turn-
some AAA game with fancy based, so you have time to think
graphics, but another text-based through your decisions. Make no
dungeon crawler: Angband. mistake though, Angband is hard.
You can’t see round
The aim of Angband is to delve There’s a very real chance that even can drive you mad at times and
corners in Angband, so
deeper and deeper into a world of if you keep playing for 20 years, you there’s always a chance make you ecstatic at others. The
dungeons until you reach level still won’t complete it (if you don’t of a monster waiting to terminal-nature of Nethack makes
100 where you come face to face believe us, check out the forums on attack. it a bit easier to run on a server,
with Morgoth. Tolkien fans will the project website). However, the but Angband gets the edge from
recognise that name, and counterpoint to this difficulty is that this author because the level
Angband is set in Middle Earth, each little victory (like descending to generator seems just a little more
though a knowledge of this isn’t another level) brings a huge amount brilliantly malevolent.
necessary to enjoy the game. of satisfaction.
Levels are randomly generated, So, the question remains, which
so no two games are the same. is better: Nethack or Angband? Both PROJECT WEBSITE
http://rephial.org
This means that you have to are mind-numbingly difficult and
www.linuxvoice.com 75
�� TUTORIALS INTRO
TUTORIALS
Dip your toe into a pool full of Linux knowledge with eight
tutorials lovingly crafted to expand your Linux consciousness
In this issue…
78 80 84
Ben Everard
is trying to get sudo powers to apt-get purge
winter, but can’t remember Aslan’s password.
Audacity Passwords OpenElec
I
ssue 12 marks one year since we We’re looking for help with Are your passwords secure Graham Morrison installs
began this crazy experiment called the audio version of Linux enough? Les Pounder this home theatre PC
Linux Voice. It all started with a few Voice. Graham Morrison shows you how to check distro and converts an old
simple ideas: that a magazine should shows you how to join this their strength using a computer into a state-of-
support the community it serves, that community effort. Python script. the-art media centre.
good publishing still has a place in a
world of clickbait, and that a profitable
business can share its intellectual
88 92 96
property in a socially responsible way.
We still believe in these ideas, and we
think that the past 12 months have
vindicated them. Our strong
subscription growth is testament to
that, so Linux Voice is here to stay,
and we’re not going to compromise
these values.
KMail Regex Olde Unix
What can you expect from the next After managing to tame If you need to search Linux stands on the
12 months of Linux Voice? First of all, this magnificent beast, through test files, then you shoulders of the OSes that
more of the same. Another 12 issues in Graham Morrison reveals need regular expressions. came before it. Juliet Kemp
the shops, and 12 issues released free the secrets to getting the Marco Fioretti shows how takes a look at how we
under a Creative Commons licence nine most out of KMail. to get started. arrived at the modern OS.
months after they were published.
Another 26 (or so) podcasts. We hope
to sponsor more events (in 2014 we PROGRAMMING
sponsored OggCamp and Pi Wars). If
you’ve got any ideas for this, let us Arduino RESTful APIs ASM
know. We’ll be donating 50% of a first 100 These microcontroller 104 If you need to get data from 106 In part one of this series,
year’s profit to organisations chosen by boards have opened up the an internet source, then we introduce the idea of
world of bare-metal computing to there’s a good chance you’ll need programming using just the
readers shortly.
a whole new audience. With an to use a RESTful API. In this instructions that the CPU uses
We’re also hoping to expand into Arduino, you can easily control tutorial we look at what they are, rather than high-level statements,
other media. We can’t reveal too many almost any hardware with just a see why they work the way they do and look at how assembly
details yet, but in 2015 we hope to few lines of C++. In this tutorial, and show you how to grab the language works. After all, true
spread the word of FOSS even further. we look at controlling an OLED data you need using either a geeks speak to the computer in its
display, but the I2C protocol can normal web browser or a single own language – compilers and
Stay tuned!
be used for lots more hardware. line of Python code. interpreters are just for newbies.
ben@linuxvoice.com
www.linuxvoice.com 77
� TUTORIAL AUDACITY
VOICE RECORDINGS WITH
TUTORIAL
AUDACITY
Learn some new skills, get your work onto the internet
GRAHM MORRISON
and help with our crowdsourced audio editions.
W
hen we released our first two issues under around five hours of various recordings for each issue
WHY DO THIS?
the Creative Commons CC BY-SA licences, and make them available for free.
• Help Linux Voice reach a
we wanted to include audio versions of as We need as much help as possible for issue three
bigger audience.
much content as we could. Not only, we thought, onwards, so we thought we’d cover the brief details of
• Learn one of the basic
audio applications for would this help people who often don’t have the time how you can make these recordings yourself, and if
Linux. to sit down and read, it would help all sorts of other you enjoy the process and wanted to help, you can
• Take the first step into people who may find reading difficult. With the help of help us with our future recordings. Keep an eye on
the world of podcasting.
the Linux Voice community, we were able to pool LinuxVoice.com for details.
Step by step: Record with Audacity
1
Install and configure Audacity 2
Get the right level
The best tool for recording and editing audio is After reducing the amount of background noise, the
Audacity. It’s part of every distribution’s package next most important thing to get right is the input level
repertoire, it’s relatively simple to use and provides all of your recording, and your desktop audio mixer input
the functionality you need to make even complex should be ramped up. But this really means how loud
audio recordings. Making any kind of recording is you should speak and how close the microphone you
better with an external microphone, but it’s not should be, rather than dealing with amplification
unfeasible with whatever’s built into your system before a recording is made (which is what you might
(we’ve had a few good recordings made with a adjust if you’re running a mic through a mixer). This is
laptop’s internal mic). important because every recording has a noise floor
More than choice of microphone, it’s more – the level at which noise is introduced from both the
important that your recording environment is as quiet environment and from the recording hardware itself,
and as dead as possible. By ‘dead’ we mean that and this noise floor is the same regardless of how
sound is dampened by carpet or curtains, rather than loud your recording is. This means that if your
bouncing off flagstone flooring and tiling. It also helps recording is too quiet and you boost the recording to
if your computer is quiet. With all that set, open up make it louder, you’ll also boost the level of the noise
Audacity and make sure your microphone is the floor. If a recording is louder to begin with, the
configured input for any recording. If you’re running proportional boost to noise is smaller, making a better
PulseAudio, it’s better to select the device name rather quality recording.
than choose one of PulseAudio’s inputs.
78 www.linuxvoice.com
� AUDACITY TUTORIAL
3
Monitoring your input signal 4
Your first recording
You can monitor the input level within Audacity by If everything looks good, make sure you’ve got a glass
selecting Start Monitoring from the small drop-down of water at hand and press R on the keyboard or the
menu next to the microphone icon near the bar graph red button in the toolbar to start the recording. The
in the main window. When enabled, a red bar will start input monitor will still bounce and a waveform
bouncing across the widget. If you prefer vertical bars showing the amplitude of your recording over time will
rather than horizontal, you can drag and re-size the be drawn to the right of the audio track. Glancing at
whole widget out of Audacity’s main window. You’ll this is a good way of checking everything is going OK
probably see only a single bar when there’s space for and you should now try narrating an article.
two and that’s because microphone inputs, including It will typically take a few tries to get something
those on your computer, are nearly all mono, as right, and also to find a pace that works for you. You’ll
opposed to stereo. likely start quicker and slow down as you get more
We make our recordings in mono too, as they take used to the process. But remember you can always
half the space and processing, but they can still be go back and edit what you’ve already recorded, or
used to create stereo files if necessary. Make sure that start again if you mess up too badly, so don’t worry
your speaking voice/recording uses the full range of about small glitches or mistakes as you go along. A
the monitoring bar without hitting the maximum, four page tutorial typically takes us around 15–20
which for historical reasons is labelled 0(dB) . Too loud minutes, depending on your reading speed.
a signal is worse than too quiet a signal, because it
adds ear-crunching distortion.
5
Edit the audio 6
Export the audio
If you’ve made any mistakes, you can easily edit them When you’re happy with the recording, it’s time to
out. They key to this is listening to the playback and share it. For issue 2, we’ve asked for files to be
seeing which bumps in the waveform correspond to provided in the FLAC format, where possible. This is
the bits you want to cut. Selecting these areas and not just because FLAC is the lossless equivalent of
using the Edit menu or the usual shortcuts will gzip for audio, but because it doesn’t process the
remove them, merging the two sides of the recording audio in any way. This is so we can encode the files
bordering on your selection. You can also copy and using our own scripts to ensure that all files are
paste areas from other parts of the recording, which is processed in the same way. If space or bandwidth is
useful if you want re-record bits you’ve messed up at an issue, it’s no problem providing files as MP3, OGG
the end. Pasted audio will not overwrite audio by or even Opus either, if that’s going to make it easier to
default, but be inserted at the cursor. put on our server. You can’t use Audacity’s ‘Save’ dialog
The only other processing that might be useful is to to create the audio file; instead you have to use ‘Export
normalise the recording. This will make sure the Audio’ from the File menu. Use the drop-down menu
waveform fills all the available headroom without beneath the file list to choose FLAC, and you don’t
changing the dynamics of the recording itself. To do need to adjust any other options. You’ll also be asked
this, select the entire recording and choose ‘Normalise’ to enter some metadata for the recording, but we’ll
from the ‘Effects’ menu. You can leave the settings in replace this with our own scripts. All that’s then left is
the window that appears at their default values. to save the file and send us the link! Thanks!
www.linuxvoice.com 79
� TUTORIAL PYTHON 3
PYTHON 3:
TUTORIAL
BUILD A PASSWORD CHECKER
Use programming logic, variables and functions
LES POUNDER
to check the strength of your passwords.
K
eeping our data private is a major concern,
WHY DO THIS?
and one way to keep our data safe is via a
• We will learn how to good password. But being human we rarely
accept user input via a
graphical user interface choose a secure password; instead use insecure data
and then check the input such as the name of our pet, our date of birth or other
against an algorithm such details. Data such as this is not really suitable in
to ensure that the
password input meets a a password, and we are encouraged to create harder
criteria. to guess passwords with a mix of both upper and
lower case characters along with numbers.
In this project we will be using the popular
TOOLS REQUIRED
programming language Python, and we will be writing
• Python 3 installed on
the code using the Python 3 syntax, which also
your machine.
enables this project to be run on Python 2 systems.
• EasyGUI installed on
your machine. This project can be created using any computer,
including a Raspberry Pi.
For this project you will need The password checker in action. Our simple application
DISCLAIMER Idle 3 A Python editor for Python 3 has but one job to do: to keep our passwords strong.
This project should not be pip3 A Python package manager
used to check any “real EasyGUI A GUI library for Python sudo apt-get install idle3
world” passwords for
example online banking For this tutorial we're using Linux Mint 17, which is New to Python 3 is the bundling of the pip Python
or shopping. based on Ubuntu, and so we will install software using package manager, which works in a similar manner to
the apt package manager. The software is also other Linux package managers. This should be
available for other Linux distributions. installed by default for your distribution, but if this is
To install Idle 3 open a terminal and type in the not the case open a terminal and type in the following.
following. sudo apt-get install python3-pip
Using EasyGUI we can easily create a graphical user interface to capture the user's password.
80 www.linuxvoice.com
� PYTHON 3 TUTORIAL
With pip for Python 3 installed now we use it to
install EasyGUI, in a terminal type in the following
sudo pip3 install easygui
After a few moments EasyGUI will be installed and
ready for use in our project.
The project
In this project we use Python 3 to write a program that
captures the user's password and checks it against a
series of conditions. These conditions are:
The password must have six or more characters.
The password must have less than or equal to 12
characters.
There must be at least one integer in the password.
There must be at least one upper case character.
There must be at least one lower case character.
We start the project by importing additional
modules to expand the abilities of our Python code.
import easygui as eg
In this example we import the easygui module and
rename it as eg, which makes it a lot easier to work
If your password meets
with. With the imports completed we now create a print(length)
the criteria then it will
series of functions that handle the input and testing of Our first check is get the length of the password, be evaluated as a strong
the password. which is done using the len() function and giving it the password, an essential
Firstly we create the function and name it pword(): name of the variable that we would like to check. The part of keeping you safe.
def pword(): output of this is stored as the variable length, which
Next we create four global variables that are used we then print to the Python shell. We do not need to
by our function and other functions later in the project. print the output to the shell, but it can really help to
These global will contain the data for our project. debug a project quickly.
global password Now that we know how long
global lower
global upper
the password is we need to find
out what the password is made
“Our first check is to get
global integer of, which will generally be a mix the length of the password,
With the variables created we now use one of the
EasyGUI functions to create a dialog box that will
of lower- and upper-case letters
along with numbers. We create
with the len() function.”
enable us to enter our password and then save it as three variables: lower, upper and
the global variable password. integer and they handle lower-case and upper-case
password = eg.enterbox(msg="Please enter your password") characters, and integers relates to any numbers in the
With the password captured and stored as a variable password. For each of these variables we do the
we can now do a lot of checks. following.
length = len(password) Count every lower-case letter in the password and save it as a
variable called lower.
Count every upper-case letter in the password and save it as a
variable called upper.
Count every integer in the password and save it as a variable
called integer.
In Python code it looks like this – after each line we
also print the value as a debug measure.
lower = sum([int(c.islower()) for c in password])
print(lower)
upper = sum([int(c.isupper()) for c in password])
print(upper)
integer = sum([int(c.isdigit()) for c in password])
print(integer)
If you are familiar with spreadsheets you will see
that the line is not too dissimilar to the syntax needed
for LibreOffice or Excel. The term c refers to each
There isn't a great deal of code to this project but it is a character in the password, and we can instruct
great meaty project to reinforce your learning and brush Python to look for characters that match islower
up your skills. isupper or isdigit. We wrap the value returned in a
www.linuxvoice.com 81
� TUTORIAL PYTHON 3
helper function that converts the data type returned elif len(password) > 12:
Getting the latest version
into an integer value int(c.islower()). This is not strictly eg.msgbox(msg="Your password is too long, please try
of Python 3 is really simple
– you can download it via necessary as the value returned is already an integer, again")
your distribution's package but it helps to sanitise the data just in case anyone Our last function runs a series of tests against the
manager or download the tries to intentionally break the project. Data password. These tests are there to assess that the
latest package from the sanitisation is best practice and a great skill to learn, password meets our criteria that we defined earlier in
Python website. as it is used a lot when working with content on the the project.
web and in databases. To start we name our function strength() and
Our next function has one purpose: to check the instruct Python that we wish to use the global
length of the password against a strict set of criteria. variables that we created earlier.
Its length must be greater than or equal to six def strength():
characters but it must also be less than or equal to 12 global lower
characters in length. A good password should be of a global upper
reasonable length, but a long password does not global integer
equal a secure password. We now reuse an if..elif conditional statement that
In the code snippet following we first define a new we used in our length() function to run three
function called length() and then instruct Python that conditional tests.
we wish to use the global variable password that we Firstly we compare the value stored in the variable
created in our first function. lower to see if it is lower than 1, which means there
def length(): are no lower-case characters in the password. If this
global password is correct then we use the EasyGUI msgbox function
Next we create an if..elif conditional statement that to create a dialog box that informs the user that there
will first check to see if the length of the password is are no lower-case characters in their password.
less than six characters. If this condition is true we will if (lower) < 1:
use EasyGUI's msgbox function to generate a pop-up eg.msgbox(msg="Please use a mixed case password with
dialog box that advises the user that their password is lower case letters")
too short and that they should try again. After the lower-case character test is complete we
if len(password) < 6:
eg.msgbox(msg="Your password is too short, please try
Project code
again")
Similar to the previous condition we tested, we now You can find the complete code for this project at our
use else if, which is shortened to elif in Python to run GitHub repository https://github.com/lesp/LinuxVoice_
another test on the password, which in this case is to Issue12_Password_Checker. For those of you unfamiliar
with Git you can download the complete package as a Zip
see if the password is longer than 12 characters. If
file from https://github.com/lesp/LinuxVoice_Issue12_
this is the case, a dialog box pops up to advise the Password_Checker/archive/master.zip
user to try again.
82 www.linuxvoice.com
� PYTHON 3 TUTORIAL
Python 3
Python has come a long way since its début in There are a few changes to Python 3 syntax for pass it two strings, in this case the name of my dog
1989, when it started as the personal project of example, in Python 2, print is a statement, and will and I. To check the contents we print the list to the
a chap called Guido van Rossum, who needed a pick up whatever is inside the quotation marks, shell. Now using del we delete the contents of the
project to keep him busy over the Christmas period. like so: list and then use print to check that the list has
In the passing years Python has improved with each print “Hello World” been deleted.
release, and since around 2001 Python 2 has been In Python 3, print is now a function that comes names = [“Les”, “Dexter”]
the default version. In recent years, however, there with a number of arguments to make it a lot more print(names)
has been a strong move towards leaving the Python functional, including options to control how content del(names)
2 series and moving on to version 3, which has been is separated, ended and error control. print(names)
supported by such organisations as the Raspberry print(“Hello World”) In Python 3 lists have been refined with functions
Pi Foundation. that handle printing the contents of the list, in
But why should we move to Python 3? Well User input this example names.copy() prints the contents of
the most obvious reason is that the Python core In Python 2 raw_input is used to capture the the list. To clear the list we use the names.clear()
developers are no longer working on any code or keyboard input via the Python shell. function.
projects for Python 2. In fact they are so focused raw_input(“What is your name?”) names = [“Les”, “Dexter”]
on Python 3 that the Python team have created an In Python 3 this has been renamed as input but it names.copy()
“un-release schedule for Python 2.8”, or in other performs the same actions as raw_input. names.clear()
words, Python 2.7 series is the last of that series. input(“What is your name?”) names.copy()
There will be bugfixes and updates for Python 2 for These are but a few changes made to Python 3.
a few years yet, but now is the time to migrate your Working with lists Head over to https://docs.python.org/3 for a full list
projects to Python 3. In Python 2, working with a list called “names” we of all the changes and additions to Python.
now run the same test looking for upper-case strength()
characters. With the functions called and their contents
elif (upper) < 1: executed, the next part of the loop is a question to the
eg.msgbox(msg="Please use a mixed case password with user, asking if they would like to run the program
UPPER case letters") again, and their answer to this question is captured
Our last test is exactly the same, but this time we using EasyGUI's choicebox dialog. Their choices are
are looking for integers in our password. limited to Yes and No via the choices argument. The
elif (integer) < 1: answer is then stored inside a variable called answer.
eg.msgbox(msg="Please try adding a number") answer = eg.choicebox(title="Try again?", msg="Would you
To close the if..elif conditional statement we use an like to try again?", choices=("Yes","No"))
else condition which requires no condition to be used. In our last section of code we use an if statement to
For example, if all of the previous statements evaluate check the value of the variable answer. If it does not
as false then our else condition must be true. match “Yes”, which in Python can be written as !=,
else: then the loop is broken via break and the program
eg.msgbox(msg="Strength Assessed - Your password is ends.
ok") if answer != "Yes":
With our last function completed our attention now break
turns to threading the functions together into a
sequence. What have we learnt?
Firstly we instruct Python that we wish to run the In this project we have
following code in an infinite loop, which in Python is
while True:
used Python 3 to
develop a simple
“These tests are there to assess
while True: program which that our password meets the
Inside our infinite loop we call the three functions
that we created earlier.
evaluates a password.
We provided a
criteria that we defined earlier.”
pword() graphical user
length() interface to capture the password.
We created a function to evaluate the contents.
We tested using programming logic to ascertain the
number of lower- and upper-case characters along
with the number of integers present.
We used conditional logic to compare the actual
results against what we expected to find and where
they were different we advised the user as such.
Les Pounder divides his time between tinkering with
hardware and travelling the United Kingdom training teachers
The program is designed to loop infinitely enabling many
in the new IT curriculum.
passwords to be checked.
www.linuxvoice.com 83
� TUTORIAL OPENELEC
GET A LINUX-BASED MEDIA
TUTORIAL
CENTRE WITH OPENELEC
Now that version 5.0 is here, there’s never been a better time to
GRAHAM MORRISON
install this award-winning Kodi-based media player.
T
here are many distributions designed to plugin-hosting media monster that used to be called
WHY DO THIS? deliver the ultimate multimedia experience to XBMC. And the best thing about OpenELEC is that it’s
• Install, configure and your living room. Even devices like Google’s built from scratch to cut everything out that isn’t
use the best Linux-
based movie, music Chromecast are trying to muscle in on the action. But absolutely necessary for running Kodi. That means it’s
and photo viewer you our favourite is a tiny yet brilliantly constructed not a good choice if you want to install other things
can connect to your distribution called OpenELEC, and version 5.0 has just alongside Kodi, but it’s perfect if you want to get the
television.
been released, giving us the perfect excuse to write a best out of whatever diminutive hardware you want to
guide on getting the most out of it. connect to your television and amplifier. It has support
Unlike the vast majority of distributions, including for Nvidia, AMD, Intel and Broadcom hardware
TOOLS REQUIRED
those designed for media playback, OpenELEC has decoders typically found in embedded chipsets, for
• A low-powered PC,
a Raspberry Pi or an
one purpose and one purpose only – it’s a distribution example, and runs brilliantly on low-powered Atom,
ARM-based system designed to run a single application, Kodi. Kodi is the Fusion systems and the Raspberry Pi, as well as just
such as the Matrix television-recording, music-playing, video-managing, about any PC from the last 10 years.
TBS 2910. You’ll also
need a 1GB USB stick
and some storage or
media files accessible 1 CREATE THE INSTALLATION MEDIUM
from a network. The
system also works best
when connected to a Just because OpenELEC runs well on all these OpenELEC downloads look different to those for
television. platforms doesn’t mean you can’t install it on a normal typical distributions, as they take the form of a tar file
PC, and the install instructions for both are very or as a device image (.img). This is because the
similar. To prove this, we’re going to include installation medium is assumed to be an external USB
instructions for installing them both. After installation stick or SD Card, rather than the antiquated ISO of
is out of the way though, OpenELEC behaves almost optical media. This is only viable because OpenELEC
identically on whichever platform you choose, whether is so small – 146MB for the generic PC version, and
that’s a PC or a Raspberry Pi. To get started, go to the 105MB for the Raspberry Pi images. That means you
download page at http://openelec.tv. If you’re going only need a small USB thumb drive or card (for the Pi)
to install on a PC, download the tar version of the to fit the installer. We opted for the tar file because
generic build – 64-bit for a modern system, or 32-bit they’re easier to install onto your USB stick or SD Card,
for older systems. 32-bit is being deprecated for the but you’ll need to extract the contents of the tar
next major release of OpenELEC, which is worth archive first, either from your desktop or by typing tar
considering if you build your installation with other xvf filename on the command line. The tar file itself
As OpenELEC typically
installs via a USB stick, hardware. We’d recommend grabbing the equivalent contains a few scripts, one of which will format and
you’ll need to make sure tar version if you’re installing onto a Raspberry Pi too. install all the necessary files automatically.
you run the installer At the time of writing, this file is called OpenELEC-RPi. Running this installer against an external device will
against the correct device. arm-5.0.0.tar. require us to run the gauntlet of making sure you’re
copying files to the correct device identifier and not
your PC’s hard drive. If you end up copying files to the
hard drive by mistake, you will lose data, so it’s
important to get this part correct. We’d recommend
opening up the command line and typing dmesg -w.
This will open the last few entries from your system
log and automatically display further messages as
they appear. If you now insert your USB thumb drive
or SD card, you’ll see the system update to
accommodate the new device, hopefully outputting
something similar to the following in the system log:
[63162.365605] sdc: sdc1
This is telling us that the new device is called sdc
(along with a single partition on this device called
84 www.linuxvoice.com
� OPENELEC TUTORIAL
sdc1), and we’re going to use this device as the sudo ./create_installstick /dev/sdX
destination for the OpenELEC installer. Back on the # FOR RASPBERRY PI
command line, press Ctrl+C to escape from dmesg sudo ./create_sdcard /dev/sdX
and switch to the untarred OpenELEC folder. Be As we’re using sudo, you’ll be first asked for your
warned, the following command will erase whatever is user password. (Switch to your root account if your
on sdX and replace it with either the OpenELEC distro doesn’t use sudo.) The installer should finish
installer for PCs, or the full installation for the within seconds; if you get an error complaining that
Raspberry Pi, so you must make sure you replace sdX there’s no mkfs.vfat tool installed, you’ll need to install
with the correct device name from the output of your distribution’s equivalent to the dosfstools
dmesg. Here are the commands for either the PC package first and try again. PC users will now need to
installer or the Raspberry Pi: navigate a brief installation step, while Raspberry Pi
# FOR GENERIC PCS users move directly to the OpenELEC startup wizard.
2 RUNNING THE INSTALLER ON A PC
Now that the installer has itself been installed onto The startup wizard is as simple as clicking past a
your USB stick you now need to boot your OpenELEC few questions. If you’re using a wireless connection,
machine off this. Most will do this automatically, but you’ll need to configure the access point settings, and
you may need to use your BIOS boot menu to choose Raspberry Pi users might want to enable SSH and/or
the USB device, or enable USB booting from the BIOS. Samba from the fourth step. This will take a few
The sign of success is the MAIN MENU screen, from moments as the additional packages are installed.
which you get to select between five options. Choose After that, you’ll be dropped to the default XBMC/Kodi
option 1 – Quick Install of OpenELEC. side-scrolling interface, from where you can now start
The next step will ask you for a drive to install to. Be using your new media player.
warned – the installer is going to overwrite the drive If you’ve used Kodi/XBMC before, the experience
and remove whatever might have been there before. from OpenELEC is identical. But OpenELEC also
You’re next asked whether SSH should be enabled includes its own configuration panel which is
from the start, and we’d recommend saying ‘Yes’ integrated into Kodi’s own settings menu. You can get
before you’re finally warned twice more than all data to this by going to the ‘System’ menu option and
on your chosen storage medium is going to be cursoring down to the ‘OpenELEC’ submenu option.
overwritten. The installer only takes a few moments to Most importantly, and a huge advantage for
copy over 100MB of files before you’re returned to the OpenELEC users, is that you can update both Kodiand
previous menu, with no indication of whether the the OpenELEC distribution from the first settings
process has been a success. Select ‘Reboot’ to find page. This option is set to manual by default, but you
out. With a bit of luck, you’ll soon be presented with can switch this to automatic so that updates are
the OpenELEC Welcome screen and startup wizard. installed without you needing to check manually.
3 REMOTE CONTROL
For installation and testing, we’re assuming you’ve got the right, and you’ll need to use the menu in the
a keyboard connected to your media device. This is a Android app to add the new client. You’ll also need to
good idea, because it’s much easier to enter IP make sure your router gives the same IP address to
addresses and network share details when you can
type them on a QWERTY keyboard. But a keyboard
isn’t going to be too family-friendly, which means at
some point you’ll need to disconnect the keyboard
and configure a remote control. If you’ve got an
Android phone or tablet, the easiest option is to use
the official app. Although it’s still called XBMC Remote
and hasn’t been updated for a while, it’s free and
works well. Before it will work with your XBMC
installation, you need to make sure ‘Allow control of
With a generic USB
Kodi via HTTP’ is enabled in the Webserver page of
infrared receiver, remote
the configuration panel, then add the IP address of
controls such as those for
your OpenELEC installation to the XBMC app. Windows Media Centre will
You can get the IP address by going to the work perfectly, or you
OpenELEC Specific configuration panel and selecting could use the free Android
the ‘Connections’ page. The address will be listed on app.
www.linuxvoice.com 85
� TUTORIAL OPENELEC
your media centre each time it boots, otherwise your your own using the GPIO pins of a Raspberry Pi). The
remote or any other service you add to the setup, software that accepts keypresses and translates
won’t find the installation. Now when you go back to them into codes that Kodi can understand is called
the remote app, you’ll be able to navigate around Kodi Lirc. OpenELEC installs and pre-configures Lirc to work
using your phone just as you would with a typical with a few popular remotes out of the box, and that’s
infrared remote. what we’d recommend doing to get started as quickly
The final option we’d recommend is the best, and as possible, using a Logitech Harmony remote, for
that’s to configure a real remote. For this to work, you’ll instance, or a Microsoft Windows Media Centre remote,
need a cheap infrared receiver (you could even make both of which will work without further configuration.
4 PLAYING MEDIA
The quickest and easiest way to celebrate your
installation success is to watch a film, listen to some
music or browse some photos, and the easiest way to
do any of these is by putting your files onto a USB
stick and connecting this to your new media centre.
Kodi should offer you a choice of ‘Mounted Removable
Hard Drive’ which you can access by cursoring across
to Video playback, to choose one media format, and
PRO TIP selecting files. This opens Kodi’s file requester. The
If you want an even easier
first time you run this you’ll be reminded that
Raspberry Pi installation
method, OpenELEC can important sources are hidden on the right of the Kodi can scan local and remote collections of files, but
also be installed from display. When this window is closed, you should see you’ll need to add each source manually.
NOOBS. your USB device listed, and selecting this will display
the list of media files Kodi has detected. Playback is Content’ will appear, and if you select what kind of
as simple as selecting one and pressing Enter. Use content your folder contains, Kodi will download
the keyboard shortcuts to control playback and return covers and other details for your media.
to the main GUI.
But for most devices, playing media off the network Media visualisation
is more useful than accessing files on local storage, Now when you go to your media, you’ll be able to go
and Kodi is brilliant at doing this. Instead of selecting through the ‘Library’ option and select the share
the storage device from the file requester, select the you’ve just added. To be able to see this content, you
‘Add’ button (whether you’re wanting to add videos or need to switch from the file list view to one of the
music). This will open the ‘Add Source’ requester. image views. With movies, for instance, press the left
Pressing ‘Browse’ will open a share window listing all cursor to open the view options and press Enter with
the protocols Kodi currently speaks, including direct the ‘View’ option selected. This will switch between
connections to some hardware, such as HDHomerun the various viewing modes. ‘Thumbnail’ will show
devices and network shares. To add a SAMBA folder movie covers, for example, whereas ‘Poster Wrap’
being shared on your network, for example, choose lines up every film cover on a long horizontal line, a
the ‘Windows Share (SMB)’ option. The window will little like the Netflix user interface.
update to display any detected share networks, from Other modes include online film ratings and even
where you’ll be able to add the folder you’re looking for. fan art, so it’s worth experimenting with whatever
Finally, add a username and password if you’ve works best. If you don’t like having to navigate through
protected the share on the network and make sure the title or genre list before getting to your content,
you select ‘Remember For This Path’ if you don’t want you can disable this option from the Library page of
to go through the process again. To add the share, tab Kodi’s Settings menu, which we’d recommend if you’ve
over to the ‘OK’ button on the right, give the share a only got a relatively small library. The same facilities
name and select OK again. A final window called ‘Set are offered for your music collection too.
5 PARENTAL CONTROL
Often, younger members of your family are going to restrict access in much the same way. The most
use your media centre and you don’t necessarily want useful of these is Profiles. Profiles are created by
them having complete access to your media library. going to the System > Profiles submenu. A Master
While there are no specific parental/content controls user is created by default, and you simply select ‘Add
over who can access your media, or restricting media Profile’ to create a new one. The two important
to certain age ranges, there are a few features that will options are to set ‘Media Info’ and ‘Media Sources’ to
86 www.linuxvoice.com
� OPENELEC TUTORIAL
Separate. This will force you to add separate media
sources for the new profile through the Music and
Video menus. To switch to a new profile, go down to
the power button icon at the bottom of the display
and select the ‘logout’ option. This will re-load Kodi
with the new access permissions.
Place content for this profile in a subdirectory of the
main content folder and add this as a source. The
profile’s user won’t be able to access the other files,
yet the master user will still be able to if the
‘Recursively Scan’ option was enabled when you
added the source. After doing this, go back to the
profiles editor and change the ‘Media Info’ and ‘Media
Sources’ options to ‘Separate (locked)’ which means
the profile user can’t add their own content or sources.
Of course, the profile user is still able to edit their
There’s no access control
profile themselves, and the solution to this is to create window that first lists what kind of block you’d like to
based on age suitability of
a master lock. A master lock can be used to block use followed by the various elements of Kodi you can content, but you can create
access to everything, using either a button block. As a minimum, you might want to block profiles with access only to
combination of a pin to unlock access to the master programs & scripts, the file manager ‘All’ settings and specific media content
account so that changes can be made. This can be the add-on manager. Locking the movies, photos and
done from your new user’s profile page by selecting music windows locks access to the content itself,
the ‘Lock Preferences’ option. If you don’t want to other than the titles that are listed as recently added.
block content but want to block the ability to change This could be useful if, rather than create different
settings, you can even do the same with the master folders for your media, you started playback of one
account profile. Selecting this option opens another film and locked access afterwards.
6 PLUGINS
We’ve kept OpenELEC and Kodi’s best feature until the I key will open the configuration panel for an
last, and that’s the way you can extend its capabilities add-on even if nothing was required when it installed.
with plugins. For photos, videos and music, you can With YouTube, for example, you can set the quality of
access content-specific plugins from the ‘Addons’ playback or the cache size.
submenu that appears when you select the content Despite the long list of plugins that can be installed
type. But each usually accesses the same plugin list, with no further configuration, there are plenty of
as does the Addons menu that opens from the others that can be installed with a little manual PRO TIP
If you enable SSH on
Settings page. To install one, just select and press intervention. They’re normally not included for fear of
OpenELEC, you can
Enter. The addon will download and install. Some instability or because they may have some connect remotely to your
plugins not connected may need to be configured, geographical restrictions, and the iPlayer plugin is a media centre using the
default username of ‘root’
and this is accomplished by selecting the plugin again good example of this. It enables you to access all of
with a password of
and filling out whatever settings are required. the BBC’s streaming content from your OpenELEC ‘openelec’.
Adding one of these, such as the YouTube addon media centre but it will need to be downloaded and
from Videos, will normally create a new menu entry to installed manually. Fortunately, this is almost as easily
the ‘Add-Ons’ menu, but this does depend on what accomplished as installing bundled plugins. Grab the
each plugin is doing. Selecting a plugin and pressing latest release of the plugin as a Zip file (see kodi.wiki
for the link), place this file onto a USB stick and
connect this to your OpenELEC box. To install from
the Zip file, go to the ‘Get More’ add-ons link, and
rather than scrolling through the list of available
plugins, select the ‘..’ symbol that represents going up
a folder, first to take you to all add-ons and then to the
global add-ons menu. From here you’ll be able to
select ‘Install From Zip File’ and from the requester
that appears, select your USB stick and navigate to
your downloaded plugin. It will then install and
configure itself just like any other plugin.
Plugins can be used to add audio and video sources,
Graham Morrison wasted his youth configuring MythTV. He
including YouTube and even iPlayer and Spotify from
thinks Kodi is the best thing since Jean Michel Jarre.
externally installed scripts.
www.linuxvoice.com 87
� TUTORIAL KMAIL
MASTER YOUR EMAIL
TUTORIAL
WITH KMAIL
Graham Morrison tames possibly the most powerful email client in
GRAHAM MORRISON
the world and yet still doesn’t reply to all his email.
N
ot so long ago, it seemed the web browser
WHY DO THIS? had replaced our email clients. Services such
• Learn some of the most as Google’s Gmail became so convenient,
powerful sorting and powerful and easy to use, not to mention ubiquitously
aggregation functions of access from our phones, laptops and desktops, that
any email client that can
help free your time. running a standalone application seemed
• Impress your friends. disconnected and old fashioned. But attitudes
towards email have been changing, especially since
Edward Snowden revealed that many online mail
services did little to protect our privacy.
This has given fully-fledged desktop applications a
boost as we mix our accounts and services, or start to
use encryption. And there’s a great selection of email KMail is often overlooked because its default appearance
clients for Linux. We love Gnome’s Geary, for example, filtering options don’t give the best first impression.
and it’s done a wonderful job at re-inventing the simple
and clean user interface for the web service great migration alternative to proprietary applications
generation. And Mozilla’s Thunderbird is still the go-to like OS X’s Mail or whatever Microsoft’s equivalent is
application for many, thanks to its rock-solid these days.
development, the sympathetic aims of the Mozilla
Foundation and configurability. Getting email
But there’s another option that we don’t think is We’ve installed the latest version of KMail (version
often considered, and that’s KDE’s KMail. KMail is a 4.14) into a KDE environment on both Arch and
great choice because it can be made to look fantastic, Kubuntu 14.10 for testing. In the years since its
it’s well integrated with any Linux desktop and utterly migration to the Kontact ‘PIM’ suite, the development
configurable. GnuPG encryption is almost transparent pace has been slow and steady, which means there
and there are powerful filters, anti-spamming and are still updates, but any version from the last year is
ad-blocking mechanisms. Its problem is that none of basically functionally identical. We’re not huge fans of
this is apparent when you first install and launch the the ‘PIM’ suite concept, where email is integrated with
application. KMail can look old-fashioned and difficult contacts, notes, a journal and todo lists (we think PIM
to tame, and features such as custom tagging and stands for Personal Information Management, was
virtual folders are barely documented. These are popular when email clients wanted to look like
some of the problems we’re going to tackle over the Microsoft’s Outlook).
next four pages, turning KMail into what we think is For that reason, we run KMail independently of the
a contender for the best email client on Linux, and a Kontact suite, despite Kontact being its default
incarnation. In Kubuntu, for example, Kontact is
launched from the Favourites list, whereas KMail can
be found under the Internet category. Whichever you
choose, the KMail component behaves identically.
When KMail is launched for the first time, you
need to navigate past both the Tip of the Day, which
can be bypassed, and the Account Assistant. This
assistant is the best way of configuring KMail for
your specific email account, and it will first attempt to
Without changing
guess settings the correct parameters using Mozilla’s
anything, KMail splits the
connections database. If you’re using Gmail, for
main window into three –
one panel for your folders, example, Mozilla’s database will provide the correct
one for the message list incoming and outgoing server details, and you’ll be
and one that previews the able to choose between IMAP or POP3. If you’ve not
email itself. configured email manually before, IMAP and POP3
88 www.linuxvoice.com
� KMAIL TUTORIAL
What is Akonadi
It may have a silly name, but Akonadi is with all the applications that request it. This
an essential part of how KDE applications is how the same contact addresses work
work. As with lots of other parts of KDE, with both instant messaging and email, or
the motivation behind Akonadi is to avoid how the content of your emails are delivered
duplication and re-invention, and it deals as search results through KRunner.
specifically with the way your personal The most important thing to know about
information is stored and accessed by Akonadi is that while it is a database, it
other applications. It’s the framework doesn’t actually store your email and you
that currently handles email, addresses, don’t have worry about adding anything
events, journals, calendars, notes and alarm too specific to your backup routine. If your
settings. KMail uses Akonadi to manage emails are stored on an IMAP email server,
your email while at the same time making they’ll still be stored there. If you’re using
it available to those applications and POP3, your emails will still be downloaded to
processes that you permit with their support your local maildir folder, just as they would
for Akonadi. with any other email application. Akonadi is
This could mean allowing the desktop to an interface to these repositories and only
search and index your email, for instance, stores metadata relating to those sources,
so that results are delivered from a global not the actual data itself. It’s like Google for
search prompt, but it could equally be about your personal information, with applications In KDE 4, the resource configuration panel gives an
having a single contacts list of names and accessing this information through calls to overview of all the state of any Akonadi services you
addresses, and sharing access to that list the framework. may be using.
are the two most popular protocols used to send details, behind a single password. After setup has
email from the server to your client. Most people use completed, click on Finish. KMail will now go off and
IMAP, because it allows you to leave the email on the download your email and the time this takes is going
server and only browse through subjects or download to be entirely dependent on how much email is stored
email on demand, if you need to. KMail supports IMAP on your account and the speed of your connection.
push, which will inform you immediately as soon as 2GB of email took about 20 minutes to synchronise
you receive an email, rather than relying on polling the with KMail for us, with a decent internet connection.
server every set period. It also allows you to check PRO TIP
your email through other portals, such as through a The main window You can only run one
web browser through Gmail or RoundCube. This isn’t With a fresh installation, KMail’s default window will list instance of KMail but
you can tab different
normally possible with POP3 as emails are usually your various email sources within a panel on the
views and open more
deleted after they’re sent to your client (this is an left-hand side and a simple ‘Changes’ page on the than one window. Most
option for IMAP too). You may prefer to download and right listing whatever’s new in each version. But after configuration panels can
also be opened at the
delete emails, as it reduces your online footprint and your accounts have synchronised, you’ll find that the
same time.
pulls all your email onto your hard drive, under your window on the right gets split into two. When you
direct control. select an inbox or a folder from the panel on the left,
We’re using online services like Gmail as a the list of emails contained within that folder are listed
convenient example, but it’s important to remember in the top panel on the right, while the contents of any
that you can also pay for or install your own email email you end up selecting will be shown in the
domains and servers, so that you’re in control of every bottom-right. You can change the size of any of these
aspect of your email. This won’t necessarily make it panels by click-dragging the divider. If you drag this
any more secure – email is still sent from one server divider to the border of the panel window, it will close
to another as plain text, with no guarantee of validity one of the windows, and this can only be opened
unless there’s a chain of encryption – but it removes again by click and dragging the border down from
your data from the meta-crawling context gathering where it’s now locked in place. This is difficult to spot
of most online services. Even if you’re using an email if you don’t know there’s a ‘minimised’ panel there.
client with a web service, this is still a step in the right Folders in KMail are powerful. Right-click on one
direction. KMail is more extensible and more powerful and select Folder Properties to see what we mean.
than even the best web interface. With your own You can have a different identity for each folder, for
server, as long as you’re using the typical ports for instance. Identities can be added and edited from
IMAP or POP3, you’ll be able to enter your details just the main Configuration panel (Settings > Configure
as you would with any other mail service. KMail) and using a different identity for a folder might
After entering the details, you need to click on be useful if it contains email forwarded on from a
Create Account rather than Next, as this will just different account, or a different Linux alias. They’re
re-detect the server settings for you. Create Account also useful for mailing lists, where you may want to
will add your details to the KMail configuration, and use a different identity or email address, and there
you’ll be asked to create a KDE Wallet if you don’t have are further options for mailing lists hidden within its
one already. This is a global password holder that own tab. You can customise how your reply will look
stores important information, such as your email login and how the folder appears and is sorted, completely
www.linuxvoice.com 89
� TUTORIAL KMAIL
Virtual folders
Yet another of KMail’s great but the list view will be populated with results,
undocumented features is its ability to You will now be able to enter a search folder
create virtual folders. These are equivalent name, which you can save by clicking on
to Gmail’s labels, and they enable you to ‘Open Search Folder’. This creates a virtual
sort email into dynamic groups without folder that will be listed alongside your other
moving them from your inbox. You could use folders, and we’d recommend making this
them to hold messages you’ve flagged as a favourite in the same way you would your
important, for example, or messages where other folders. It will automatically update
you’ve added a descriptive tag, or even a with any new results for the search you
folder to contain your previous searches. The entered, and can be removed with a right-
secret to creating virtual folders is to use the click and ‘Delete Search’.
search dialog, because it’s from there that
you can save your search as a new folder.
Open this dialog window by pressing S or
Virtual folders automatically update when
clicking on Find Messages in the Edit menu.
The window allows you to specify an inbox or
an incoming email matches a certain
folder and then to create a list of conditions search criterion. But you can also use
that will need to be met for the search to them to list flagged messages, such as
return results. When you click on Search, those you’ve marked as important.
independently of any global settings or how in the case of longer conversations, and the 6 or 7
messages are listed in its parent folder. messages that fit into the default view aren’t enough.
One of the first improvements to the layout we’d The ideal solution for us is to move the messages
recommend is dumping the default list of every email list view into its own panel, and the ability to do this
PRO TIP
folder you’ve likely already created and switch to is the last option hidden under the Layout tab in the
KMail is a little over-
paranoid about HTML viewing only those you mark as favourites. This will main configuration panel. Select Show The Message
email, but it can render help if you don’t want to see folders such as Drafts, or Preview Pane Next To The Message List’ and the main
them without trouble if
Spam, or Sent. There’s a separate panel (of course!) user-interface switches from two columns to three,
you enable the option
in the security tab. for favourites, and it’s above the mail folder view. with the folder list/favourites on the left, the message
We’d highly recommend You can drag it down if it’s hidden, and when empty, list in the middle and the preview pane on the right.
sticking with plain text
greyed-out text states “Drop your favourite folders You can now drag the borders between these to
for your own emails,
however. here…” You can make any folder a favourite by right- adjust their horizontal size. In our opinion, this makes
clicking on it and selecting “Add Folder To Favourites”. KMail far more usable.
This may not make sense until you drag and hide
the default list, leaving you only with those favourite Changing the message list
folders you want to see. The Favourites view uses an Two of KMail’s most powerful features are the
icon view, but we find it more useful as as a list. Right- themeing and sorting engines which manage how the
It makes more sense to
click within the panel and select the Mode sub-menu. message list is displayed, and both of which can be
have a three-column view
This gives you the option of switching to the list view. different for different folders or views. This stuff is
for emails, especially with
the wider aspect ratio of We’re also not too keen on the way the message list complex and little-understood, so we’re going to try
most modern displays and appears above the message preview window. This is and explain them both here and how you can create
laptops. because we’d rather see a long list to provide context your perfect setup. If you get a lot of email, they both
allow you to fine-tune the appearance of your inbox to
give maximum context to your messages without you
having to resort to clicking on them.
How messages are listed is the result of three
specific configuration options. The first is the
aggregation mode. This governs how messages are
threaded, or appear tabbed in from parent to child so
that messages are grouped by conversation. The
second is how those parent messages and their
children are sorted, as once you’ve included older
messages in a thread, you need more control over
which messages appear where. Finally, there’s the
theme options, which change how each header is
displayed, along with the icons and actions that can
be performed on a message. All three of these options
are accessible from the View > Message List menu.
Before you can understand sorting, we need to
understand what KMail calls message aggregation.
90 www.linuxvoice.com
� KMAIL TUTORIAL
Aggregation in this case means the way that related Almost anything about the
messages are grouped together, mostly as a threaded way the message list is
presented can be changed
conversation, but it also groups messages together
with the theme editor.
according to the day. The ‘Activity by Date, Flat’
aggregation option, for instance, simply lists all the
emails you’ve received today, with a marker dividing
previous days. ‘Flat’ means there’s no threaded view
of the conversation. ‘Activity by Date, Threaded’ is
the same only with the emails branched off the first
email in a thread when you click on the small cross
to open the thread contents. A thread will include
emails earlier than the date if KMail thinks they’re
part of the same activity, with the latest email added
to the bottom of the list. The next two options are
very similar. ‘Current Activity’ is used to try to make
an intelligent guess about the date of an email. Next
there are aggregations that are easier to understand,
including ‘Thread Starters’, a list of contacts and your
conversations, a flat date view and a shallow list.
Most importantly, you can create your own
aggregation theme by selecting the ‘Configure’
option at the bottom of the menu, which is exactly
what we’ve done. We like to see threaded, open
conversations arranged by the date, so we duplicated
this configuration, opened the ‘Configure’ window and same view, but it allows you to switch between how
used the ‘Grouping and Threading’ tab to fine-tune activities and threads are displayed. Nearly all of this,
the automatic expansion of threads, the smart date such as ‘By Date/Time’, ‘By Sender’ or ‘By Receiver’
ranges and which messages are used at the head of a are self-explanatory, with perhaps the exception of
thread. You need to be slightly careful, because some ‘By Date/Time of Most Recent in Subtree’. This is a
of the aggregations will place new messages in past reference to which message in a thread is used to
days as they attempt to keep new email together with group them together.
an old thread. We also use ‘Perfect And By References’ Finally, we get to change how the message list
as the threading policy, so that threads don’t become is rendered. This uses a small selection of themes
huge as KMail tries to keep every email you’ve ever that will change the font, position and information
sent. You can then save your own aggregation and for exactly what information is included in each list
use this on specific folders or globally. item, as well as where each component is placed. You
And that leads us onto something closely linked can customise the theme and download new ones,
to aggregation – sorting. Sorting options for the and we think it’s worth experimenting with because
message list can be adjusted by selecting ‘Sorting’ there are more options in the simple window that
from the View > Message List menu. Message appears than you’ll find in the whole of a supposedly
sorting comes after aggregation, so you’ll still get the more complicated application such as Gimp. You
can change everything, from the icons’ size and text
colour, to how much the edges are rounded, and the
way in which the background and foreground colours
are rendered. Our layout has a ‘bold’ sender field in the
most prominent position with the date and time to the
right. Beneath this is the subject followed by the icon
symbols. We feel this is the perfect balance. The only
option we couldn’t find was a way to reduce the size
of the indentation in threaded items.
All this leaves us with a vastly improved email client
and one that looks like it belongs in 2015 rather than
2005. That KMail offers all these options is brilliant,
even if that leaves us floundering for their meaning,
and we like the contrast you find in KMail with an
application like Geary, which we also like a lot but we
just wish it had more options.
How messages are grouped and threaded can also be Graham Morrison is a lapsed KDE developer and the editor
of the magazine you’re reading. He gets a lot of mail.
customised to fit the way you work.
www.linuxvoice.com 91
� TUTORIAL REGULAR EXPRESSIONS
REGULAR EXPRESSIONS:
TUTORIAL
WORK LESS, WORK SMARTER
Save time and baffle your friends with one of the most powerful
MARCO FIORETTI
tools available to the Linux users – the magic regex.
A
regular expression, or regex for short, is a sort
WHY DO THIS? of textual formula which describes the
• Process datasets of any structure (“pattern”) of a generic snippet of
kind without writing text. Regexes are given as input to software programs
complex, low-level called regex engines, to find and process all the
software.
strings inside one or more text files or streams that
• Always find the file(s)
you were looking, contain those patterns. Regex engines are embedded,
looking at their name, or embeddable as libraries, in almost any relevant
content or both. software language used today.
• Catalog and tag all sorts Regular expressions always seem, to beginners, like
of documents, from
photographs to office gibberish typed by somebody drunk in total darkness.
reports. Therefore, the first concept we have to make clear is
why you should bother with them at all. Our answer is
that, even if you are not a programmer, regexes can
make your life a lot easier if you routinely produce or A great way to practice regular expressions is to save
process anything made of plain text. Here are a few several forms of the same string in one text file, then
examples to show you that you likely are already apply a regex to it, to see which lines match.
doing something like that, or you should. All are real,
non-programming uses we make of regular presentations is, at its core, nothing more than zipped
expressions on our desktops. plain text, that is stuff that you can search, analyse
and update with regular expressions.
Regex applications for the rest of us The goal of this tutorial is to teach you just enough
Exiftool and the ImageMagick suite can georeference, about regular expressions to create simple regexes
frame, resize, rename and catalog all your pictures in a and adapt many of the more complex ones you may
few seconds, as long as you give them proper, suitably find online to your needs. We hope to give you lots of
flexible instructions. And the most efficient way to do great ideas and help you find the right tools to
it is to generate them (also) with regular expressions. implement them. We will show you what can you
The same applies to home and small business describe (and find) with regular expressions; where,
accounting, or any other data analysis activity. A tool how many times and in which exact ways a regex
like Gnuplot can plot countless charts for you, but engine may search for what you described; finally we
extracting only the data you need from a 50,000-row will discuss what regexes can do for you.
spreadsheet would be a daunting task without regular As they are supported by almost all programming
expressions. languages, regular expressions exist in a variety of
Ditto for database dumps and websites, which are dialects. What you read here should work in any of
both big blobs of plain text. Quick scripts based on them, but don’t be surprised if it requires adjustments.
regexes can reformat or update such collections of Another thing to keep in mind is the meaning of
documents and raw data much more quickly than you “character”. For English and all the other alphabets
could without them. Finally, office productivity: the contained in the ASCII set, each “character” is
OpenDocument format for texts, spreadsheets and encoded in one byte, that is eight bits. The sequence
The background of this 01011000, for example, corresponds to capital ‘X’.
snapshot is the map Non-alphabetic symbols, and in general everything
view of Digikam, showing outside the ASCII set, may be encoded using more
photos grouped according than one byte per character. Matching patterns of
to where they were taken.
multibyte characters may require changes in your
To georeference the
expressions, so be prepared for that too.
pictures, we created a list
of place names, each with
its coordinates, and used First, matching
find which ones should be Regular expressions, or more exactly their engines,
written in each file. work in two main phases. First they find the strings of
92 www.linuxvoice.com
� REGULAR EXPRESSIONS TUTORIAL
text that matches the pattern described by the regex
itself. The second phase, covered later in this tutorial,
consists of actually doing something with that text.
Patterns can be literal or contain special symbols that
enrich their meaning. Besides, they are almost always
delimited by slashes, are case sensitive and work on
one line of input text at a time. This pattern:
/linux/
means “look for strings containing EXACTLY the
sequence of lowercase letters l, i, n, u and x, in this
order, one after another, in any position inside the
whole string”. Therefore, only the first two samples of
this list would match a regex like that:
I love linux.
linux is great.
How great is Linux?
I just misspelled lynux.
I did it again: li nux.
If there is more than one match for the same regex
in a string, the engine will, by default, return the
leftmost, longest one. More on this later.
Anchors
Matches like those in the previous paragraph happen
Here we have hundreds of
regardless of where in the input string the pattern is meta-characters as you need, and remembering that
different charts, all created
found. You need extra meta (special) characters an initial caret negates the whole class:
automatically with Gnuplot,
called anchors to say that you only care about [aqF\d] means “match one a OR one q OR one after extracting the
matches that begin or end in certain exact positions. capital F or any digit”. corresponding datasets
The two most common anchors are ^ and $: (Fig. 1) [^rtw] means “match any character but r, t and w”. with regular expressions
By default, these two metacharacters work on lines. Ranges of consecutive characters can be from the same, huge
In strings that contain more than one line, ^ and $ may shortened with a dash. To match one occurrence of file of raw data in CSV
match on the beginning or end of each of them. To any of the first 10 letters of the English alphabet, format. Please note that
only match at the actual beginning or end of whole lowercase, write /[a-j]/. the same could not be
done on databases, as
multiline string, instead, you should use the anchors The main gotcha here is that a negated class does
the filtering power of
\A and, respectively, \Z. not necessarily mean what it may seem at first sight.
regular expressions greatly
Another anchor you must know is \b, which means This regular expression, for example: exceeds those of database
“word boundary”: \bk and k\b will match on strings /boar[^d]/ engines.
with at least one word beginning and, respectively, will not match the word “boar” if it is at the very end of
ending, with the letter “k” (in regular expressions, a a string! That regex in fact, means “search the
“word” is any continuous sequence of letters, digits, sequence b, o, a, r, followed by at least one character
underscores, dashes and nothing else). which is not d”!
Character classes Modifiers
You can make your regular expressions more One important class of regex special characters is
compact and readable by using predefined character that of modifiers. These are characters that go
classes, or by building your owns. The most common outside the actual regex, because they modify the very
standard classes are: way the whole matching happens. There are many
\d Matches one digit (0…9). modifiers, depending on which language you use, and
\s Matches one “white space”, that is, characters they don’t work in the same way in all languages, so
like actual white spaces, tabs, line breaks etc. we will list only a few ones to present the concept. PRO TIP
\w Matches one “word character”, that is letters, Adding an i after a regex makes its matching Try to seriously look
at your computer
digits, underscore and dash. case-insensitive. A g forces it to go “global”, that is to activities as something
. (dot) Matches any character except newline search for all the matches in a string, not just the first that manipulates big
(escape it with a slash \. if you mean “one dot”!). one. An e, instead, tells the regex engine to evaluate quantities of text, or can
be described by them.
Upper case versions of the three identifiers above the right half of the expression (which we will explain You will be surprised by
negate the corresponding classes: \D means in the second part of the tutorial) as if it were an actual how many of the things
“everything but one digit”, \S “everything but one command programming statement. you do fit this description,
and can therefore by
whitespace” and so on. Finally, m and s turn on multiline and single-line managed with regular
If these classes aren’t enough, you can build your mode: the first treats strings as multiple lines, making expressions.
own inside square brackets, mixing both literal and the ^ and $ anchors match on the start or end of any
www.linuxvoice.com 93
� TUTORIAL REGULAR EXPRESSIONS
of them. The s modifier does the opposite. You can
use more modifiers in the same regex: to find all the
occurrences of the ‘linux’ substring in a string,
regardless of case, write /linux/gi.
Greediness, laziness and backtracking
By default, regex engines are greedy. This simply
means that they will always try to match the longest
PRO TIP possible string that respects the pattern described by
Want to see by yourself a regex. As a dumb, but effective example, let’s
which variant of the same
regular expression is imagine we want to find all the URLs in some HTML
faster? Here is a quick page, and consider this regex:
and dirty way: write /href=.*>/
one long sentence in an
empty file that may match Would its bold, higlighted part match the whole URL
it, then copy it many in this string, quotes included, and nothing else: What you see in the foreground is a standard ODF
times (ie ten thousands or <a href=”http://www.linuxvoice.com”>Linux
more), then run the script
slideshow. In the background there are some of the
containing the regex on it Voice</a> is <b>great</b> regular expressions that created it, filling a blank template
with the time command. or not? The answer is “no”, and the reason is exactly with content loaded by a plain text file.
that regex engines, by default, are greedy. A regex like
that will match everything up to, and included, the “b” /href=[^>]*>/
character at the end. Because it says to match as means “you can stop as soon as you find a “>”. Writing this,
many characters as possible, whatever they are (that’s instead:
what the dot quantified with the asterisk means), as /href=.*?>/
long as they are followed by one >. That is why it won’t lets the engine free to match as much as it can till the
stop at the end of the URL. To match only ”http:// end of the string, that is free to be greedy… as long as,
www.linuxvoice.com”, we would have to write: once it’s there, it then starts to parse the string
/href=[^>]*>/ backwards, to check if maybe there is also a shortest
PRO TIP This is a proper description of quoted URLs and match, and choose that one. This behaviour, called
Regular expressions are nothing else: as many characters as possible (the backtracking, is very powerful and is often the only
also great for managing
large quantities of files,
asterisk) between the “href=” substring and a > way to write some complex regular expressions.
without changing their character, as long as they themselves are not > However, it is also easy to see, if you think a bit about
content at all! The right characters! it, that it may take much longer to find the right match.
“regex-enabled” tools for
this kind of job are egrep,
There are times when negated character classes
sed and awk. Combine cannot do the trick. In such cases, you can still force Backreferences
them with the find the quantifiers to be “lazy”, that is to stop at the The last bit of theory and regular expression syntax
command, and you will
quickly sort and catalog
shortest, not longest, possible match. Just put a we need to introduce is called backreferencing. This is
thousands of files in any question mark after them: the mechanism that you must use to tell a regex
way you may want. /href=.*?>/ engine to remember what it found, in order to reuse it.
This will make the engine stop at the first >, that is, Backreferencing can be used several times in the
unlike the first form you saw, only match the quoted same regex, and is done by means of parentheses:
URL. In practice you should always try to apply the first /I use Linux, my name is (\w+) and my favourite distro is (.+)$/
strategy – greedy matching of negated classes. Those two pairs of parentheses tell the engine to
The reason is that regexes with that structure allow store the name of the user in the first of the special
their engines to look at the string(s) only once, always internal variables it uses for backreferencing, and the
in the same direction from left to right. This: name of the distribution in the second one. Depending
on the programming language, these variables are
named $1, $2 or \1, \2, or something else on the
same line, but they always have the same meaning.
Perl, for example, uses the dollar notation, and this is
what it would store in $1 and $2 when applying the
regex above to two sample strings (Fig. 4)
The same technique shown Relax: we have finally laid out on the table enough
in Figure 4 can be applied features of regular expressions to explain with simple,
to all types of office but realistic examples why one should bother to learn
documents supported by
and use them. In a nutshell, a program using a regex
the ODF standard. Create
engine can do three things once that engine has
a template spreadsheet,
fill it with bogus numbers found a match for a regular expression: execute some
or placeholder strings, predefined action, pass the match result to the next
and the right formulas and instruction for further processing, or immediately
charts. replace the match with some other string, which may
94 www.linuxvoice.com
� REGULAR EXPRESSIONS TUTORIAL
be a constant or something calculated on the fly. The Fig. 1
first behaviour is what command line utilities like grep Character Example Matches?
and egrep do. If you launch egrep in this way: Linux is great I love Linux
#> egrep ‘^(Debian|Centos)’ install-list.txt
^ (start of line) /^Linux/ Y N
it won’t have any choice but to print in the terminal all
and only the lines of the install-list.txt file that begin
$ (end of line) /Linux$/ N Y
(did you notice the caret?) with either Debian or
CentOS. This snippet of Perl code shows the second Fig. 2: Other metacharacters
type of action: Character Meaning
$_ =~ m/www\.(.*)\.com$/; | Alternation: ‘/(cat|dog)/ means “match cat OR dog”
print “ .com domain name found: .$1\n” if ($1); (don’t forget the parentheses!)
In Perl, $_ is the variable that contains the current
\ Transforms the following special character in a literal one
line of text input, and the =~ m operators mean, more (e.g. \| if you want to match one actual “pipe” character)
or less, “check if this string matches this regex”.
If a match is found it is stored by the parentheses in
\n newline
the special $1 variable. The second line prints that
variable, but only if it is not empty. Therefore, that code \t tab
will print all and only the internet domain names in the
text stream with a “www.SITENAME.com” structure.
Anchors and shorthands for character classes are just two of the special characters that
Finally, there is substitution. Did your boss come you may use to describe text patterns with whatever structure. This table lists almost all the
and tell you to change the format of your company’s other metacharacters you must learn (Fig. 2)
customers list? No problem, if you know regular
expressions. For simplicity, let’s assume that you Fig. 3 Quantifiers
must only swap first and last names, so that Quantifier Match: Example Matches strings like:
First Name: Winston Last Name: Churchill ? 0 or 1 time /liy?nux/ linux, liynux
in this way:
Last Name: Churchill First Name: Winston * 0 or many times /li.*nux/ linux, liynux, liiinux,
Regular expressions that substitute text have an s liabc1234nux...
before them, and the text pattern to use for
{m} exactly m times /liy{5}nux/ liyyyyynux
replacement at the end. This is how you would
generate a new list of names with the required format, {m,} at least m times /liy{6}nux/ Left as exercise for the
using the sed program: reader...
#> cat namelist.txt | sed -E ‘s/First Name: (.*)Last Name: (.*)/
{m, M} from m to M times /liy{2,4}nux/ liyynux, liyyynux,
Last Name: \2\t\tFirst Name: \1/’ > newnamelist.txt liyyyynux
It is very common, when building a regular expression, to have to specify optional, or
Processing office documents repeated characters, for example to find and correct typing errors. To do this, use these
OpenDocument spreadsheets are zipped archives of quantifying metacharacters and constructs.
several files. The actual content of the spreadsheet is
in the one called content.xml. Each row of the Fig. 4
spreadsheet is represented with a long string of text String Content of $1 Content of $2
like this (here heavily trimmed for clarity!):
I use Linux, my name is Paul and my favourite distro is Debian Paul Debian
What to read next I use Linux, my name is John and my favourite distro is Red Hat John Red Hat
The complete ODF scripts used by the author to generate
the slideshows and spreadsheets shown in these pages,
together with several others of the same kind, are available <table:table-row><table:table-cell office:value-
online at http://freesoftware.zona-m.net/tag/odf-scripting. type=”string”><text:p>SOME_NUMBER</text:p></table:table-
The ones about Gnuplot are in the same blog, but in a cell>.....</table:table-row>
different section: http://freesoftware.zona-m.net/tag/ See what we mean? Once you have created a
gnuplot. A very comprehensive online reference for regular
spreadsheet template with predefined names in
expressions, which is still general enough to be usable in
most languages, is the website www.regular-expressions. certain cells, it is trivial to make however many copies
info. Finally, if you fall in love with this programming tool, you want of that template, placing different values in
go for the ultimate guide for it: the wonderful book by those cells each time, with regular expressions like:
Jeffrey Friedl titled Mastering Regular Expressions, 3rd s/MY_LABEL_STRING/$CURRENTVALUE/
Edition, 2006, by O’Reilly Media. Besides teaching you
where $CURRENTVALUE may be a number taken
more than you could ever imagine about the inner workings
of regex engines, and how to make the most of them, it’s from a database, calculated on the spot or provided
great reading. In our opinion, few programming books by the user. Powerful, isn’t it?
show better than this how to be both more productive
and creative at the same time on the job, using the right Marco Fioretti is a Free Software and open data campaigner
software tools. who has advocated FOSS all over the world.
www.linuxvoice.com 95
� TUTORIAL UNIX
UNIX, LINUX AND HOW WE
TUTORIAL
GOT WHERE WE ARE TODAY
JULIET KEMP
Linux didn’t just come from thin air you know. Take a look back at
how we got from the 1970s to the OS we know and love today.
U
nix is the oldest operating system that’s still together with a bunch of supporting packages, to run
widely used today. Linux -- which, if you’re on a spare PDP-7 that was kicking around.
reading this, you’re presumably interested in Preparing programs for the PDP-7 was
-- is just one of the many Unix clones and complicated, requiring them to be created on a GE
descendants that are kicking around the computer 635 and the paper tapes carried by hand to the PDP-7.
world, alongside UNIX (the trademark is all-caps) So Thompson began implementing a full operating
itself. Unix and Unix-like systems have always been system on the PDP-7: filesystem, processes, small
popular as servers, with a rather smaller population of utilities, and a simple shell. It was 1970 when
‘users’ alongside them; but with the rise of the Kernighan suggested calling the new system Unics or
smartphone, nearly a billion people worldwide now Unix – a play on Multics.
have a Unix-type box in their pocket. Pretty good for a The filesystem developed on that first machine had
45-year-old Bell Labs side project! i-nodes, directories, and device files, just like modern
Unixes, but there were no path names (they were
Bell Labs: starting out substituted by a complicated linking system). The
Back in 1968, Bell Labs was involved with a shared system had processes, too, but they were very limited,
project called Multics, an early time-sharing operating with no forking or waiting. A fascinating 1979 paper
system for the GE-645 mainframe. However, the by Dennis Ritchie (available online from Bell Labs –
project, while functional for those working on it, wasn’t http://cm.bell-labs.com/who/dmr/hist.html) goes
producing the widely-available OS that Bell was after, into detail about the various calls and processes.
and they pulled out. The last of the Bell people working In 1970–1 the system was rewritten for a new
on it (Ken Thompson, Dennis Ritchie, Doug McIlroy PDP-11, together with a text editor and formatter (roff).
and Joe Ossanna) were keen not to lose their own The machine began offering a text-processing service
access to interactive computing, so spent 1969 partly to the Patent department, and three typists from that
trying to persuade management to buy them a department came to use it. This was an important
Ken Thompson (sitting)
computer, and partly developing what would become part of demonstrating that Unix was genuinely useful,
and Dennis Ritchie at a
PDP-11. Possibly even the Unix filesystem. In his spare time, Thompson even if it got a little in the way of the programmers!
working on C at the time! rewrote a game called Space Travel (a sort of solar It was also in 1971 that Ken Thompson and
Copyright: CC-BY-SA Peter Hamer system simulator where the player also piloted a ship), Dennis Ritchie began working on the C programming
language. Thompson had already developed a
language called B, but although some general
systems programs were written in it, the operating
system basics were still in assembler (see page 106
for more on this minimalist way of coding). Once C
was developed, it was used to rewrite the kernel into C
in 1973 – the first time that an operating system had
been written in anything other than assembler. This
also let them demonstrate just how genuinely useful
C was (and continues to be: it’s still under the hood of
plenty of programs).
In the mid-70s, UNIX began to be shipped out under
licence, with its full source code included. It was
versioned according to editions of the user manual,
so Fifth Edition UNIX and UNIX Version 5 are the
same. By 1978, when UNIX/32V was released for the
new VAX system, over 600 machines were running
some variety of UNIX, and various people (such as the
BSD folk) were adapting it. At this point, an ongoing
antitrust case still prevented AT&T from releasing a
commercial product. When this was finally resolved in
96 www.linuxvoice.com
� UNIX TUTORIAL
1983, they released a commercial licence version of
UNIX System V. Since the licence conditions weren’t GNU tools
great for university use, BSD became more popular. Here’s just a few of the GNU tools you may of user software. You may never use it
(And, indeed, the BSD networking code made it back be using: directly, but it’s essential to your system.
into the main Unix kernel.) Various other companies The Bash shell. The GNU Compiler Collection compiles
also developed their own versions of UNIX under The coreutils package, which provides ls, languages including C, C++, and Java.
mv, rm, cat, and so on. The graphics program Gimp.
licence; which turned in due course into the “Unix The boot loader Grub. The Gnome desktop project (although this
wars” where different companies tried to promote The sysutils package, which provides is effectively a separate entity now, it is
rival standards. POSIX was eventually the most utilities to manage users and groups. officially a GNU project).
successful, designed to be easy to implement on both tar and gzip. The venerable text editor GNU Emacs…
BSD and System V. grep for searching through text files. as well as scientific software, desktop
make and autotools for building software. software, internet software, and a whole
AT&T sold UNIX to Novell in the late 1980s, then glibc, the C library, underlies a huge range plethora of development tools.
(after UnixWare did badly) Novell transferred it
to the X/Open Consortion, which now sets UNIX
specification standards. Some parts of the licensing delivermail (a sendmail precursor) and the curses
business were also sold to SCO, which in due course library, among other useful bits of software.
led to the SCO/Linux legal action (see boxout). In 1989, BSD released its networking code
There are five commercial UNIX-certified OSes still separately, under the BSD licence. Prior to this, all
available: OS X, HP-UX, Solaris, Inspur K-UX (used on BSD releases included AT&T Unix code, so post-
mainframes), and AIX. Unfortunately you can’t try out 1983 had required an (expensive) AT&T licence.
HP-UX or IBM’s AIX without going through HP/IBM (or The networking code had been developed entirely
a partner) and spending a large sum of money; and outside this, and various people were interested in
for Inspur K-UX you need a mainframe. But there’s acquiring it separately. The general BSD distribution
more below on OS X and Solaris. was continuing to improve, and in 1990 the BSD
team decided to rewrite all the AT&T-dependent code,
BSD Unix resulting in Networking Release 2 in 1991, a freely
The University of California, Berkeley, had a Unix available OS that was the basis for ports to Intel
Version 4 system running in 1974, and when Ken 80386 architecture and which would later become
Thompson was there in 1975 he helped install Version NetBSD and FreeBSD.
6. As more people, and other universities, became Networking is probably the BSD team’s most
interested in the system, Bill Joy, a Berkeley grad important contribution to computing. Berkeley
student, started creating the Berkeley Software sockets, the first Internet Protocol libraries available
Distribution. This was an add-on to Version 6 Unix for Unix, became the standard internet interface. The
which included a Pascal compiler and the ex line POSIX API is basically Berkeley with a few changes,
editor (written by Joy). This was possible because so all modern OSes have some implementation of the
Unix was still being released with full source code at Berkeley interface.
the time. The second release, 2BSD, in 1979, included Unfortunately, the then-owners of the Unix
the text editor Vi and the C shell csh, both still available copyright sued in 1992, and while the lawsuit was
on Unix systems. (I wrote this article in Vim, an settled in 1994 largely in the favour of BSD (only three
extended version of Vi, which dates back to 1991.) of the 18,000 files had to be removed and a handful
BSD became increasingly popular as it improved – more modified), development slowed massively
it was the OS of choice for VAX minicomputers (used during those two years. As it happens, this was
for timesharing) at the start of the 80s. It included while Linux was being developed. The slow release
of 386BSD was part of what prompted Torvalds to
create the Linux kernel.
The modern operating systems of FreeBSD,
OpenBSD, and NetBSD are all descendants of the
386 port and of 4.4BSD-Lite. They in their turn have
various descendants, including SunOS and Mac OS X.
Most of these are open source and available under the
BSD Licence. Sendmail, Vi, curses, and csh are a few of
the BSD programs and utilities still in use today.
Of the currently available BSDs, FreeBSD is probably
the most friendly to the average non-developer user
(though they all have good points, and NetBSD has
the distinction that you can install it on a toaster).
You can download FreeBSD from https://www.
I couldn’t get Gnome running on FreeBSD but Xfce freebsd.org/where.html, which also has good user
worked fine – the apps in the menu are probably from the documentation. FreeBSD’s install is text-based and
abortive Gnome install though. will be familiar if you’ve installed Debian in text mode.
www.linuxvoice.com 97
� TUTORIAL UNIX
Solaris has always been heavily associated with
Sun’s own SPARC hardware, but it’s also used on
i86pc machines worldwide, and is supported by
several of the major server manufacturers including
Dell, IBM and Intel. Linux distros are also available
for SPARC and i86pc hardware. Since 2007, Sun has
also supported the open source OpenSolaris project,
although it is now known as Solaris 11 Express.
Solaris 11 is free (but not freely licenced) to
download for personal use. I tried out the live CD,
which was very slow to download, but once there,
booted fine on a 64-bit virtual machine.
The basic terminal commands of Solaris 11
are the same as in Linux, and you can find further
documentation on the Oracle website. The differences
between Solaris and Linux become (in my experience)
more noticeable as you delve further into the guts of
The Hurd running on The basic install is deliberately very sparse; afterwards the system; the average desktop user may not notice
VirtualBox. No graphical
you’ll need to install any packages you want. The anything beyond the difference in package availability.
desktop! (Though X is
binary package management system is pkg, so to get
supported.) The ‘translator’
trial from the README is the Gnome desktop I logged into the new system as NeXTSTEP/Mac OS/Darwin
shown. root, then typed: NeXT was founded by Steve Jobs after he was
$ /usr/sbin/pkg # this bootstraps pkg itself pushed out of Apple in 1985. They developed
$ pkg install xorg NeXTSTEP, an object-oriented, multitasking OS to run
$ pkg install xfce on their workstations, based on Unix (including some
$ echo “exec /usr/local/bin/startxfce4” > /home/juliet/.xinitrc BSD code) and various other bits and pieces. Tim
pkg search name is a useful command to find Berners-Lee developed the first browser,
other available packages, and the documentation and WorldWideWeb, on a NeXT cube running NeXTSTEP;
other support for FreeBSD seems good. However, Doom and Quake were also developed on NeXT
don’t expect to log on immediately into a fully-featured machines. In 1993, OPENSTEP was created by Sun
PRO TIP desktop system; it expects you to decide the details of and NeXT; before Apple decided to use it as the basis
The Free Software what you install for yourself. of what would become Mac OS X, and bought out
Foundation argue that
as GNU software makes
NeXT. (Jobs, of course, returned to Apple along with
up a significant part of a BSD to SunOS to Solaris his company.)
‘Linux’ system (more than In 1982, Bill Joy, one of the main BSD developers, Mac OS X is based on the XNU (X is Not Unix)
the kernel does in many
systems), it should be
joined three Stanford graduates to found Sun kernel, developed for NeXTSTEP, with all the usual
referred to as GNU/Linux. Microsystems. Their first generation of workstations Unix commands and utilities available on the
This isn’t reflected in and servers were based around a design created by command line. The kernel has code from FreeBSD
mainstream usage.
Andy Bechtolsheim (co-founder of Sun Microsystems) along with other improvements and changes. It’s
while still studying at Stanford. The very first software POSIX compliant, which means that many BSD/
was Sun UNIX 0.7, based on UniSoft Unix v7, but a Linux/Unix packages can be recompiled for OS X
year later, SunOS 1.0, based on 4.1BSD, was released. with a bit of work (as with HomeBrew, Fink, and other
SunOS continued to be based on BSD until the similar projects). The core of OS X is released as the
final update on SunOS4 in 1994. One of their major open-source Darwin. iOS is also based on OS X, and
developments was the creation, in 1984, of the Android (Linux-based) and iOS between them have
NFS (Network File System) protocol, allowing client a 90% share of the smartphone market. So it’s very
computers to access files (largely) transparently likely that your smartphone runs a Unix-like OS, giving
over a network. NFS is an open standard so can be Unix today an unprecedented userbase.
implemented by anyone. It’s still used in modern
networks, especially Unix and Unix-like ones. The GNU Project
In the late 1980s, AT&T and Sun began a joint Richard Stallman started the GNU Project in 1983,
project to merge BSD, System V, and Xenix, resulting with the aim of creating “a sufficient body of free
in Unix System V Release 4 (SVR4). In 1991, Sun software […] to get along without any software that is
replaced SunOS4 with Solaris, based on SVR4 instead not free”. GNU stands for ‘GNU’s Not Unix’: the
of on BSD. (So, still a Unix derivative, just with a proposed GNU operating system was Unix-like, but
different parent.) Solaris included OpenWindows (a Unix was proprietary and GNU was to be free.
GUI) and Open Network Computing. SunOS (current The first piece of software released by the GNU
release SunOS5.11) still exists as the core of Solaris project was GNU Emacs (an implementation of the
(current release Solaris 11.2), but the Solaris brand is existing Emacs text editor). They had a debugger,
used externally. parser, and linker; they also needed a free C compiler
98 www.linuxvoice.com
� UNIX TUTORIAL
SCO/Linux lawsuit
Various bits of Unix were sold on to Novell in 1993, which
then sold parts of it again to what became SCO. In 2003,
SCO filed a lawsuit against IBM for $1 billion (later
$5 billion), claiming that IBM had transferred SCO property
into Linux. Another four major lawsuits followed.
SCO’s right to be identified as the ‘owner’ of UNIX was
challenged by Novell, so SCO sued them too. Assorted
legal wranglings followed. SCO also claimed that some
UNIX code had been transferred line-for-line into Linux, but
seemed reluctant to specify the details.
In 2010, after several court rulings and a jury trial, Novell
was found to be the owner of the UNIX copyright, and has
announced that “We don’t believe there is Unix in Linux”. As
of December 2014, SCO’s case against IBM for ‘devaluing’
its version of UNIX remains open, though now with a
reduced scope.
and tools. By 1987 they had an assembler, nearly the
GCC C compiler, GNU Emacs, and a bunch of utilities,
together with an initial kernel. Although the rest of the
software development carried on at a decent pace, by
Here’s the Hurd after
1992 they had all the major components except the was system-call compatible with Seventh Edition Unix
running startx from the
kernel. The GNU Hurd kernel started development in but was created from scratch. In 1991, Linus Torvalds console. All very basic
1990, based on the Mach microkernel, but for various was irritated by the lack of a free kernel (GNU Hurd by default (no graphical
reasons moved very slowly (it is still not ready for didn’t exist and BSD were having problems), so browser here…).
production environments, although the existence of started writing one. He developed it on a Minix system
Linux has doubtless slowed development). using the GNU C compiler, and was influenced by
You can try out the GNU/Hurd project courtesy of many Minix design decisions, but there was no actual
Debian. Note that it is not yet complete and it’s not code overlap (see the boxout for SCO’s legal claims).
recommended for production use. If you just want to The first release was on 25 August 1991. Unlike
give it a quick go, you can get a virtual image thus, and Minix’s microkernel (a microkernel has as little
run it on KVM: software as possible in the kernel and moves
$ wget http://ftp.debian-ports.org/debian-cd/hurd-i386/current/ functions like device drivers and filesystems into
README.txt userspace), Linux has a monolithic kernel, where all
$ tar zxf debian-hurd.img.tar.gz the operating system is in kernel space.
$ kvm -no-kvm-irqchip -drive file=debian-hurd*. Initially, it was just a kernel distribution, the idea
img,cache=writeback -m 1G being that you would also get hold of the GNU tools
Or on VirtualBox if you convert it to the correct format: and that would give you a full system. GNU and Linux
$ VBoxManage convertfromraw debian-hurd*.img debian-hurd. also had different licences. In Dec 1992 Linux was
vdi --format vdi released under the GNU GPL, which in due course
(This information from http://ftp.debian-ports.org/ meant the whole thing could be distributed as an
debian-cd/hurd-i386/current/README.txt; more integrated system.
detailed information available there.) From there… well, there are a huge number of Linux
The Hurd’s notion of ‘translators’ is new to me: a distros, you can build your own, and you’re reading
translator basically translates between one sort of a whole magazine dedicated to Linux. While it isn’t
data structure and another, for example from disk Unix, it’s largely Unix-compatible (it adheres to POSIX
storage to the traditional filesystem. Check out the standards even if uncertified) and broadly speaking,
GNU Hurd website (https://www.gnu.org/software/ if you know Linux you can find your way around Unix
hurd/index.html) for more information on this and (though as any sysadmin will tell you there are a fair
other features of the Hurd. If you want to install the few gotchas in the details of utilities and syntax).
Hurd, the instructions suggest that this is a lot like If you’re interested in exploring the various Unixes
installing Linux was about 15 years ago when I first further, try out some of the systems I tried, or one
tried it out, and requires a fair amount of messing of the many others. For more on Unix, here’s a cool
around with text files and configuring by hand. (Ah, (but huge) Unix family tree; there are also links at the
nostalgia…) Currently only about 50% of the Debian bottom of this page – www.levenez.com/unix. And
packages are available for the Hurd. here’s a Unix timeline (www.unix.org/what_is_unix/
history_timeline.html).
Linux
Finally, we come, of course, to Linux. Linux is not, in Juliet Kemp is a scary polymath, and is the author of
Apress’s Linux System Administration Recipes.
fact, an actual Unix variant. It’s related to Minix, which
www.linuxvoice.com 99
� CODING ARDUINO
ARDUINO HARDWARE
TUTORIAL
ENABLEMENT
NICK VEITCH
Plug an OLED display into your Arduino, script a driver and learn
C++ library programming, all without requiring any experience.
T
his tutorial exists because I am a lazy miser. could have adapted an existing library, but there were
WHY DO THIS? These are two undersung qualities, which in some other implementation issues. Cheapskatiness
• Learn how to plug my opinion make the best engineers, but trumped laziness and I decided to write my own
awesome displays into maybe I am biased as well as lazy and a miser. In any hardware enablement. Hurrah!
cheap hardware and case, because of my character flaws, I have learnt and
code your own interface
using the Arduino IDE will now pass on to you some amazing things: I (2) See
and a smattering of How to use a cheap OLED display with an Arduino. The I2C interface is a fairly standard way of
learner-level C++. How to create and package an Arduino library. connecting microcontrollers to things. There are
How to save precious dynamic memory. several slightly different ways of doing it, but a
How to save some I2C pins. common way is to use two wires: a clock (SCL) and a
How to do your own hardware enablement projects. dataline (SDA). By cunning signalling, both can be
How to convert bitmap images into code. used to signify the beginning and end of
So, everyone’s a winner. Except people who make transmissions too. The Arduino has a library (the Wire
expensive OLED displays. This is going to be the first library) to take care of this for you, but it uses
of a two-part tutorial where we learn to tame both hardwired pins. The trouble is that, although you can
displays and the Arduino by writing our own code and have multiple devices on the I2C bus, there are limits,
building our own libraries. This month we’re going to and if you want to drive more than one display, you will
work out how to communicate with the screen and find they have a very limited range of addresses. For
create a library that encapsulates those commands these reasons, I decided to implement the protocol in
into a library before next month, creating lots of pretty my library so I could use any pins I liked, and also to
works and pictures with our library. reduce the overhead on having another library (Wire
isn’t that big, but it does contain a lot of stuff we won’t
Cautionary beginnings need). For the master device (the Arduino in our case),
OLED displays can easily be powered long-term by transmission of data goes like this:
batteries, giving you freedom to use the serial port Bring SCL and SDA HIGH.
connection to find out what is going on inside its tiny Bring SDA and SCL LOW.
mind. I wanted to build a device with a display that Load bit into SDA.
would log and tell me the temperature in the water Pulse SCL (High then Low).
tank in my attic (relayed by another Arduino), because … continue transmitting bits until end of byte.
I am too lazy to go up to the attic to find out. And that Send control bit (SDA HIGH) and signal end of
is when I happened on a cheap supply of OLED transmission.
displays online, which were selling for $3 a unit Bring SCL and SDA LOW.
instead of the $15 to $20 I was used to. Bring SCL and SDA HIGH.
When they arrived I discovered that these displays The actual bits you are transmitting all follow this
differed significantly enough from the “standard” procedure, so we can start off by writing the low-level
ones that no existing library would work with them. I bits and then write higher level functions to send
bytes and commands etc.
Initially, it is useful to write this code directly into an
Arduino sketch – it keeps everything in one place and
makes it a bit easier to test. So, our Arduino functions
would look something like this:
void i2cStart()
{
digitalWrite(dSCL, HIGH);
digitalWrite(dSDA, HIGH);
You too can delight your digitalWrite(dSDA, LOW);
friends and confound your digitalWrite(dSCL, LOW);
enemies by writing custom }
drivers for cheap displays! void i2cStop()
100 www.linuxvoice.com
� ARDUINO CODING
{
digitalWrite(dSCL, LOW);
digitalWrite(dSDA, LOW);
digitalWrite(dSCL, HIGH);
digitalWrite(dSDA, HIGH);
}
void sendByte(unsigned char b)
{
char i;
for(i=0;i<8;i++)
{
if((b << i) & 0x80){
digitalWrite(dSDA, HIGH);
}else{
digitalWrite(dSDA, LOW);
The breadboard view
} i2cStart();
shows why an Arduino
digitalWrite(dSCL, HIGH); sendByte(0x78); //Slave address,SA0=0 Nano is really very very
digitalWrite(dSCL, LOW); sendByte(0x00); //write command useful for working on this
} sendByte(cmd); sort of project – it just
digitalWrite(dSDA, HIGH); i2cStop(); slots right in.
digitalWrite(dSCL, HIGH); }
digitalWrite(dSCL, LOW); The actual list of commands to initiate the display
} is long and consists of things we don’t need to know
This presupposes that in the main code somewhere much about (the slew rate seems to be a function of
we define the pins (here called dSCL and dSDA) and the size of the display, and there are various different
set them as outputs. The loop in the sendByte() ways of addressing the memory). For the moment we
function merely uses a bitshift operator, <<, to iterate can just make an array out of the commands:
through the bits in the byte supplied to the function, char init_codes[] {
and transmit them one at a time. 0xAE,0x00,0x10,0x40,0xB0,0x81,0xCF,0xA1,
Now, to go any further than this, we need some 0xA6,0xA8,0x3F,0xC8,0xD3,0x00,0xD5,0x80,
specifics about the device we are communicating 0xD9,0xF1,0xDA,0x12,0xDB,0x40,0x8D,0x14,
to. In this case, the OLED display uses the common 0xAF
SSD1306 control chip. This is a multi-protocol chip, };
though our hardware is hardwired to only supply a which we would declare in the main loop, and then
write-only I2C interface. The address of the device create a function to loop through sending these when
on the i2c bus is either 0x78 or 0x7A, which is set we want to initialise the display:
via connecting a pin on the SSD1306 device. Since void init()
these displays usually come on a board, you may {
have a jumper (with the cheap hardware I have, it is for (i = 0;i < 25;i++) {
hardwired to be 0x78). sendCmd(init_codes[i])
The address is important, as you need to signal this }
on the I2C bus to get a device to listen (remember, }
the bus is designed to have potential for more than We now have enough code to bring up the display.
one occupant). You will also need to know what But how will we even know that it is on? We need to
commands you can and should send. For this, we stick something on it.
need to find the datasheet for the SSD1306. A quick
Google search should bring up some candidates, or Addressing
you can request one direct from the manufacturers. The SSD1306 has three different modes of
A lot of the datasheet is not relevant to us because addressing the display – a horizontal mode, a vertical
we will be using only one of the connection modes. mode and a paged mode. The ‘pages’ are basically
What is highly relevant are the setup commands lines 8-bits deep across the display, which will be very
though – we need to send these to get the display to useful for when we want to display characters.
turn on and work correctly. To send a command we However, the horizontal mode will be useful for things
have to initiate the bus, send the slave address, send like blanking the display.
the control byte (telling the device we are writing to Horizontal mode, it turns out, doesn’t mean what
it), then send the actual command byte and close you think it does. Each byte you send still corresponds
the bus again. We can wrap this up in a higher level to a vertical slice of 8 pixels, it just means that when
function like this: you get to the end, the address pointer is updated
void sendCmd(unsigned char cmd) to the beginning of the next row (see diagram).
{ This means though that we can write 1024 bytes in
www.linuxvoice.com 101
� CODING ARDUINO
In this case, a chequerboard pattern). If you keep
writing after 1024 bytes, the address counters on the
SSD1306 will just reset and you will end up writing at
the beginning again. Now that we have verifiable code
that can be proved to work with the display, it is time
to look into libraries.
Oh, I C++
Arduino libraries are written in C++. This may seem
surprising and daunting to some, but it shouldn’t be
– the Arduino code you’re used to writing is basically
C++, albeit a version that hides a lot of the tricky stuff
and wraps everything else in a layer of simplification.
The point is, that for the most part, the actual code
writing part should feel familiar; it’s just the structures
surrounding it which will be new to some.
The simplest library consists of just two files. There
The fritzing diagram
sequence to fill up the whole screen, which is perfect will be the .cpp file which contains the code itself, and
showing the connections
for an Arduino Nano. It is for a cls() type routine. a .h or header file.To start with, we need to create a
straightforward though – To do this we need to: directory in the place where user libraries live. This will
just direct connections for Send the commands to initiate horizontal mode. be (on nearly all Linux distros) in the path ~/Arduino/
the power and the two pins Initiate the data connection. libraries. The only exception is if you are in the habit
we use for I2C (in this case Send 1024 bytes. of running the Arduino IDE as root, which is very
D8 and D9). Close the connection. naughty! The reason some people do this is because
For now, we can just build this in the main loop of then you don’t have to change permissions for some
the Arduino code of the devices used; consider instead following the
void loop() { Linux instructions here: http://playground.arduino.
char init_codes[] { cc/Linux/All.
0xAE,0x00,0x10,0x40,0xB0,0x81,0xCF,0xA1, In the libraries directory, simply make a new
0xA6,0xA8,0x3F,0xC8,0xD3,0x00,0xD5,0x80, directory (I called mine evilOLED), then we can create
0xD9,0xF1,0xDA,0x12,0xDB,0x40,0x8D,0x14, some files and directories
0xAF $ tree
}; .
init(); evilOLED.cpp
sendCmd(0x20); // send the command to initiate horizontal evilOLED.h
mode examples
sendCmd(0x00); utils
i2cStart(); The directories (utils and examples) we can forget
sendByte(0x78); // identify the slave device about for now. The first thing to do is open up your
sendByte(0x40); // signal that what follows is data rather than favourite code editor and start editing the evilOLED.
commands cpp file. The very first thing we need to put in the file is
for (unsigned int n=0;n<512;n++) the include line, which adds this file’s own header:
{ #include “evilOLED.h”
sendByte(0xAA); The next important order of business is to create a
sendByte(0x55); class (skip this paragraph if you already know what
} that is!). A class is really like a special datatype. Think
i2cStop(); of it like this: instead of defining an integer or a string,
delay(1000); we are going to define a display. Along with that we
} have to provide the code for all of its interactions in
This is a useful way to prototype functions that you the form of functions. We also have to allocate space
may wish to develop – just bash them out in the main for any variables and data that instances of the class
code, experiment with rationalisations and shortcuts, will need when they are created. The class isn’t an
and then encapsulate them into a function. instance, it is the recipe for creating one, in almost
Here we have initialised the display as discussed the same way that the Arduino code knows that an
before. Then we send the commands to the device int is an integer, and what to do when creating one, or
to set it into the horizontal addressing mode. To send adding or subtracting or printing one.
the stream of data, we initiate the I2C connection Our class is defined like this:
and send the identifier byte (to address the correct evilOLED::evilOLED(char sda, char scl)
device), and indicate that we are writing data to the {
display memory (0x40). Then we just send the bytes. _sda = sda;
102 www.linuxvoice.com
� ARDUINO CODING
_scl = scl; The datasheet is useful,
_col = 0x00; even though a lot of it
_row = 0x00; doesn’t apply. there is
init(); some info about other
cls(0xff);
modes you may care
to implement, such as
}
hardware scrolling!
We can explain this a little bit. The constructor
is the first line. This is like a special function (with
no return type at all) which is called whenever an
instance of the class is first created. In it, we want
to put definitions for any special data we want the
instance to have, and any functions it should call. The
argument or parameters in the constructor are special
bits of data that will be passed in by the code creating
the instance. In this case, we want to specify which
pins we are going to use for communication. but they are used in the main C++ file. It is a common
The bit inside the braces (curly brackets { and }) is convention to put all the necessary includes in one
the code that will run. The first two bits may seem place, the header file, so the main code only has one
a little strange – we have taken the values passed include in it – it just means it is easier to track things
in by the constructor and copied them to new down if you aren’t searching two files for it.
variables (which haven’t even got a type!). Then we We have also included a #define statement for
set two more variables, and all of them begin with an the slave address of the display here. This is just an
underscore. The underscore is the convention which example of something you may want to do in your
means that these variables are ‘private’ to the class – header file. As there is more than one possible value
that means that only functions belonging to that class for this, it is probably more useful to have it as a
can see them – they can’t be read or changed by variable rather than a compiled-in value, but it is also a
any code outside of this class. We actually explicitly useful reminder of what the default value actually is.
declare this in the header, but we have more to do The class definition that follows is what is called
here before we get on to that. The last two lines call a ‘prototype’. This outlines the parameters accepted
other functions of the class – we will have to transfer and returned by all the member functions (including
them from the Arduino code we wrote, which should the constructor) as well as a list of the private data
be up by now on www.linuxvoice.com/code/lv012/ or functions used by the code. Basically, to add your
arduino. function to the header, you can just copy and paste
They function are practically unchanged from the it, then edit out the evilOLED:: prefix. There is no
Arduino code – they have just been updated to use functional code here, but this demonstrates how
our new private variables, plus the function definitions the code works, and if well commented, can tell you
now begin with evilOLED::<name>, which declares everything useful you need to know about the library.
them as part of our class. The examples directory is where you will put any
To complete this fairly minimal version of our library, complete sample code using your library, which
we also need to generate the header file. This is also will then turn up in the relevant Arduino menu. It is
on www.linuxvoice.com/code/lv012/arduino. The a good idea to include as much, well commented,
opening #ifndef statement is a common convention functionality as possible in these, as people tend not
which basically prevents the header file from being to read the instructions!
parsed twice, as may happen on larger projects where To make sure your library is usable by the Arduino
several code files may include it. The following block IDE, you should put it where the rest of the libraries are.
of code, up until the #endif, will not be processed This is usually ~/arduino/libraries but may depend on
more than once. For completeness we’ve include how and where you installed it. The foolproof way is
the Arduino library and the pgmspace. These, as it to put the directory somewhere findable, then open up
turns out, are not explicitly used by the header file, the IDE. Create a new sketch and then choose Sketch
> Import Library > Add Library, and use the requester
to specify the location of your library directory. You
The best Arduino? will find all the files are copied to wherever the library
This is a small aside about the Arduino Nano, which I have storage for Arduino happens to be. Note that you
come to believe is the best model for prototyping on. The can continue to edit the library in situ – the code is
reason is simply that it comes on a board, ready to plug recompiled each time you compile source that refers
into a breadboard. All the pins are single pitch around the to it (uploading or checking sketches) so this can be a
edge so it doesn’t take up much room, and it still has the
handy way to test changes.
very useful programming header on it if you need/want to
program it that way. Coincidentally, it is also quite cheap,
Nick Veitch has edited computer magazines for 1,000 years.
thus fulfilling my pinchfist proclivities.
He now works at Canonical and collects gin bottles.
www.linuxvoice.com 103
� CODING NINJA
CODE NINJA:
TUTORIAL
RESTFUL APIS
Access resources from around the web and integrate them into
BEN EVERARD
your own site in a simple, uniform manner.
T
he web is a great way of sharing data. Anyone,
WHY DO THIS? anywhere in the world can upload information
• Understand how huge and make it instantly available to almost
databases handle
billions of transactions. everyone in the world. However, as wonderful as these
• Gain the flexibility of not web pages are, they do have a problem: it’s hard for
having a schema. computers to understand them. Web browsers can
• Use the trendiest obviously render web pages, but they can’t easily
database in town. extract information. Take, for example, a web page of
a weather forecast. The browser knows what text to
put where, and which images should be displayed, but
it’s hopeless at understanding the forecast, and can’t
easily pull out the data so it can be displayed in a
different forecast. The XML pages are viewable in a web browser, but the
When a person or organisation wants to make their links aren’t clickable, so you’ll have to copy and paste
information available for computers to understand it, them into the URL bar.
they need to create an API (Application Program
Interface). This is a method for programs to extract executed on the client. In terms of the web, this is
the information they need in a computer-readable usually JavaScript or a Java applet.
format. The most popular method for doing this on URLs are in a uniform structure, and there’s a
the internet is through REpresentational State uniform series of four HTTP requests that you can
Transfer (REST) APIs. perform on them (GET, PUT, POST and DELETE) .
A RESTful API must be client–server; stateless; Although four are all available in theory, in practice
cacheable; layered; code on demand (optional); and almost all websites only use GET and POST, the latter
have a uniform interface. of which is used when you submit a form.
Let’s look at these properties by analysing the There’s an example API that links an SQL database
largest RESTful system, the world-wide web. This is a to a RESTful service at www.thomas-bayer.com/
series of HTML documents that are sent and received sqlrest. If you point your browser there, you’ll see an
using Hyper Text Transfer Protocol (HTTP). The web XML document describing all the resources available.
is client–server. This means there’s a separation You should notice that they’re all resources one
between the software that browses the web (such as level above /sqlrest/. This is part of the uniform
Firefox) and the software that serves the web pages architectural constraint. If you point your browser to
(such as Apache). one of the listed resources – www.thomas-bayer.
The web (or rather, web servers) is stateless. This com/sqlrest/CUSTOMER/ – you should then see a
means that if you make the same request, you should list of the customers. Again, each listed resource is
get the same result. It doesn’t matter what requests one level above /sqlrest/CUSTOMER/.
you’ve sent before this. This still allows for things like This is a public API that allows anyone to change
authentication, because this session data can be sent and delete information without authentication, so it’s
in the HTTP request along with the URL. possible that the exact examples we use now won’t
Web resources can be cacheable. To statisfy the exist any longer in the database. If they don’t, you’ll
RESTful requirements, not everything has to be have to substitute in other values.
cached, but information needs to be included about You can view one of the customers by viewing a link
what can and can’t be cached. This is taken care of in in this list, for example, www.thomas-bayer.com/
HTTP headers. sqlrest/CUSTOMER/16. Unlike the other queries
When you connect to a website, you could be we’ve done, this doesn’t just return a list of resources,
connecting directly to the server, or through some but the actual customer information as an XML file.
proxy. This is all handled transparently because HTTP We can see that the format of the URLs for this
is layered. Code on demand is the only optional aspect database is: www.thomas-bayer.com/
of the REST principals. However, the web does allow sqlrest/<table>/<id>/. Using this, we can extract any
it. This is when the server sends some code to be information from the database. We can also
104 www.linuxvoice.com
� NINJA CODING
manipulate the database using other HTTP methods.
POST, PUT and DELETE map to amending a record,
adding a record and deleting a record respectively.
However, you can only generate GET requests using
the URL bar of most web browsers, so we’ll need
another tool to send these requests. There’s a
web-based HTTP tool at http://thomas-bayer.com/
restgate/ that will do what we need.
To add a new item to the database, we use the PUT
method on the URL for the table. So, for example, to
add a new person at ID 0, you’ll need to go to http://
thomas-bayer.com/restgate/, then enter the URL
http://www.thomas-bayer.com/sqlrest/CUSTOMER,
select the method PUT, then in the content text box
(that will appear when you select PUT), enter the The RESTgate webpage
following XML: ... <LASTNAME>Saunders</LASTNAME> can be used to interact
<CUSTOMER> ... <STREET>xxx</STREET> with almost any HTTP
<ID>0</ID> ... <CITY>Munich</CITY> RESTful API, not just the
<FIRSTNAME>Ben</FIRSTNAME> ... </CUSTOMER>’’’ ones we’ve used here.
<LASTNAME>Everard</LASTNAME> >>> r = requests.put(“http://www.thomas-bayer.com/sqlrest/
<STREET>xxx</STREET> CUSTOMER/”, data=mike_data, headers={‘Content-
<CITY>Brizzle</CITY> Type’:’application/xml’})
</CUSTOMER> >>> r = requests.get(“http://www.thomas-bayer.com/sqlrest/
Note that you’ll have to use a different ID when you CUSTOMER/897324/”)
do it as this one’s taken. At the time of writing, this >>> print r.content
request returned an error, however, the actual record This should display the new record we’ve just
was updated. You can see for yourself at http://www. created for Mike Saunders. We can now update it to
thomas-bayer.com/sqlrest/CUSTOMER/0/. his nicknames with:
Using the same web form, you can amend a >>> r = requests.post(“http://www.thomas-bayer.com/sqlrest/
customer’s details. This time, enter the URL http:// CUSTOMER/897324/”, data=”<FIRSTNAME>Mikeyboy</
www.thomas-bayer.com/sqlrest/CUSTOMER/0/ FIRSTNAME>”, headers={‘Content-Type’:’application/xml’})
(again, you’ll need to change the ID to match one >>> r = requests.get(“http://www.thomas-bayer.com/sqlrest/
you’ve created), the method POST and the content: CUSTOMER/897324/”)
<STREET>Colston Av</STREET> >>> print r.content
Finally, you can use DELETE to remove customers. Then delete it with:
So far, what you’ve seen is a slightly awkward way >>> r = requests.delete(“http://www.thomas-bayer.com/sqlrest/
of accessing a database through a browser. This isn’t CUSTOMER/897324/”)
at all the point of a RESTful API. The point is to make it In this case, we’ve been updating a database, but
easy for other software to interact with our service. RESTful APIs exist for all sorts of data source. You
should be able to use the same methods we’ve used
Doing it in Python here to access the vast majority of them which use
In Python, we can use the requests module to interact HTTP. In many cases, you’ll need to authenticate
with this RESTful API. This is easy to use, so we’ll use yourself before you can perform any action (especially
an Python interactive session, which you can start by those that modify data), but this should be fully
typing Python2 at the command line. Then you need documented as it differs between APIs.
to import the requests module with: To go back to the first problem, how could our
>>> import requests program get a weather forecast:
A GET request is then simply done with: >>> r = requests.get(“http://api.openweathermap.org/data/2.5/
>>> r = requests.get(“http://www.thomas-bayer.com/sqlrest/ weather?q=Bristol&mode=xml”
CUSTOMER/0/”) )
>>> print r.content
This will print out the raw XML. If you were doing >>> print r.content
this in a real program, you could either manipulate the For more information on this weather API, go to
XML as strings, or you could use one of the XML http://openweathermap.org/current.
parsing modules to do it for you. We’ve looked at Python here, but you should find
The requests module can also issue POST, PUT and equivalent libraries in most languages that make it
DELETE requests. just as simple. Once you’ve mastered sending HTTP
>>> mike_data=’’’<CUSTOMER> requests, the process is quite straightforward. It’s this
... <ID>897324</ID> simple approach that makes HTTP-based RESTful
... <FIRSTNAME>Mike</FIRSTNAME> APIs so simple and ubiquitous.
www.linuxvoice.com 105
� CODING MACHINE CODE
ASMSCHOOL: GET STARTED
TUTORIAL
WITH ASSEMBLY LANGUAGE
MIKE SAUNDERS
Part 1: Explore beyond the limits of high-level languages and
discover exactly how your CPU really ticks.
M
ost people see assembly language as a colossal effort to port to other architectures. But
WHY DO THIS? some kind of black magic, part of a dark assembly is still used in various places: many drivers
• Learn what compilers do and scary world where only the top 0.01% in the Linux kernel have chunks written in assembly,
behind the scenes. of developers ever dare roam. But it’s actually a partly because it’s the best language to use when
• Understand the fascinating and surprisingly accessible subject. It’s you’re interfacing directly with hardware, and partly
language of CPUs. also well worth learning the basics to help you for speed reasons. In certain cases, hand-written
• Fine-tune your code for understand how compilers generate code, what CPUs assembly language can perform better than code
better performance.
actually do, and get a good all-round picture of how generated by a compiler.
computers work. Assembly language is ultimately a Over the next few issues we’ll delve into the world
textual representation of the instructions that the CPU of assembly language. We’ll explain the basics here,
executes, with some extra bits ’n bobs to make move onto some more advanced logic next month,
programming easier. and finish up with a simple bootable operating system
Nobody in their right mind would write a large – it won’t do a great amount, but it’ll be your own
desktop application in assembly language today. It’d code, running on bare hardware, with no other OS
be monstrously complicated, very hard to debug, and required. Sounds good, right? Let’s go…
1 YOUR FIRST ASSEMBLY PROGRAM
Many assembly guides start off with huge, bland, section .text
tiresome chapters that spend ages talking about global _start
binary arithmetic and CPU design theory, before even
showing any real code. That’s no fun, so we’ll get _start:
straight into a program. Then we’ll go through it step mov ecx, message
Some text editors, such by step so that you can learn how assembly works mov edx, length
as Vim, include syntax from a practical example. mov ebx, 1
highlighting for assembly Type this into a plain text editor and save it as mov eax, 4
(try set syn=nasm). myfirst.asm in your home directory: int 0x80
mov eax, 1
int 0x80
section .data
message db ‘Assembly rules!’, 10
length equ $ – message
(Note: you can use tabs to indent the code here, or
whitespace – it doesn’t matter.) This program simply
prints the text “Assembly rules!” onto the screen, and
then exits.
The tool we’re going to use to convert this assembly
code into an executable binary file is called, funnily
enough, an assembler. There are many assemblers
out there, but our favourite is NASM; it’s available in
almost every distro’s package repositories, so get it
via your graphical package manager, or yum install
nasm, or apt-get install nasm, or whatever’s best for
your distro.
Now open a terminal window and enter the
following commands:
106 www.linuxvoice.com
� MACHINE CODE CODING
nasm -f elf -o myfirst.o myfirst.asm
ld -m elf_i386 -o myfirst myfirst.o
The first command here uses NASM to generate
an object (executable) file called myfirst.o, in
ELF format (the executable format used on
Linux). What exactly is an executable format, you
might be asking – why not just use plain binary
CPU instructions for the CPU to execute? Well,
you could use plain binary back in the 80s, but
modern operating systems have more demanding
requirements. ELF binaries include information
for debugging, they split up code and data into
separate sections to stop one from overwriting
another, and so forth.
Later in this tutorial series, when we look
at writing code to run on bare metal (our mini
operating system), we’ll explore plain binaries.
A link to the past
So now we have myfirst.o, the executable code
containing our program. It’s not quite complete yet,
though; using ld, the linker, we link it with some
Using system calls, you
system startup code (ie boilerplate code that’s run #include <stdio.h>
can ask the kernel to
at the start of every program) to generate an perform various tasks
executable called myfirst. (The elf_i386 bit int main() relating to files and text
describes the exact binary format – in this case, it { input/output.
means you can use 32-bit assembly code, even if puts(“Assembly rules!”);
you’re running a 64-bit distro.) }
If everything has gone smoothly, you can now If you save that as test.c, compile it (gcc -o test
execute your program as follows: test.c) and look at the resulting test binary, you’ll
./myfirst see that it’s much larger – 8.4k. You can remove
And you should see this output: “Assembly rules!” some debugging information (strip -s test) but it still
And there we have it – a complete, standalone Linux remains around 6k. This is because GCC adds a lot
program, written entirely in assembly language. more of the aforementioned boilerplate startup and
Sure, it doesn’t do very much, but it’s a good way shutdown code, and also links to a large C library.
to get started and get an overview of the structure But it also demonstrates why assembly is the best
of an assembly program, and see how the source language to use when space is tight.
code is converted into binary. Many assembly programmers make good money
But before we dive into the code itself, it’s useful writing code for extremely restricted embedded
to check out the size of the program. Enter ls -l devices, for instance, and it’s why assembly was the
myfirst and you’ll see that it’s around 670 bytes. only real choice for writing games back on the old
Now consider the size of the C equivalent: 8-bit consoles and home computers.
Disassembling code
Writing new code is fun, but it can be even more in the data section. So disassembled binaries
interesting to pick apart someone else’s work. are less useful than the original code, as they’re
Using a tool called objdump (part of the Binutils missing things like comments and labels,
package), you can “disassemble” an executable but they can be useful to see how a program
file – essentially turning the binary CPU implements a time-critical routine, or performing
instructions into their text-mode equivalents. Try hacks. Back in the 80s and 90s, many coders
it on the myfirst example we’ve been working on used disassembly tools to identify and remove
in this tutorial, like so: copy protection routines from games, for
objdump -d -M intel myfirst instance.
You’ll see a list of instructions from the text You can also disassemble programs written
section of the binary. For instance, the first in other languages, but the results can be
instruction, where we placed the location of our immensely complicated. Run the above objdump
string into the ecx register, looks like this: command on /bin/ls, for instance, and you’ll
mov ecx,0x80490a0 see many thousands of lines of code in the text
During assembly, NASM replaced “message” section, generated by the compiler from the Here’s the disassembly of our sample program,
with the actual numerical location of the string original C source. showing hexadecimal codes and the instructions.
www.linuxvoice.com 107
� CODING MACHINE CODE
2 ANALYSING THE CODE
So, let’s now see what each line of our program Anyway, to understand this line of code, we also
actually does. We start off with these two: need to understand the concept of registers. CPUs
section .text don’t do anything especially fancy – they simply move
global _start memory around, perform calculations on it, and then
These are not CPU instructions, but directives do other operations depending on the results. The
given to the NASM assembler; the first one says CPU has no idea what a display is, or a mouse, or a
that the following code belongs in the “text” section printer. It simply moves data around and performs a
of the final executable. Slightly confusingly, the text few calculations.
section doesn’t contain plain text (like our “Assembly Now, the main storage area for data that the CPU
rules” string), but executable code instead – ie CPU uses is your RAM banks. But because RAM is held
instructions. Next we have global _start, which tells outside of the CPU, accessing it takes a lot of time.
the ld linker where execution should begin in our file. To make things faster and simpler, the CPU includes
This is useful if we don’t want to start execution right its own small group of memory cells called registers.
at the beginning of the text CPU instructions can use these registers directly, and
section, but somewhere in this line of code we’re using the register called ecx.
“Assembly language is really else. The global part This is a 32-bit register (so it can store numbers
just a bunch of mnemonics makes it readable by from zero to 4,294,967,295). You’ll see in subsequent
other tools than just the lines of code that we also work with edx, ebx and
for CPU instructions.” assembler, so that ld can eax – these are all general-purpose registers that we
see it. can use for any task, as opposed to special registers
So, we’ve said that execution should begin at that we’ll explore next month. And if you’re wondering
the _start position. And then we define this location where the names came from: ecx started as c in the
explicitly in our code: 8-bit days, when was extended to cx for 16-bit, and
_start: then ecx for 32-bit. So the names look a bit odd now,
Standalone words ending in colons are known as but back on the old CPUs, you had nicely named
labels, and are locations in the code we can jump general-purpose registers like a, b, c and d.
to (more on that next issue). So, program execution
begins here! And now we come to our first real CPU Moving on up
instruction: Back to the code: the mov instruction moves (actually,
mov ecx, message copies) a number from one place to another, from
Assembly language is essentially a bunch of right to left. So in this case, we’re saying “place
mnemonics for CPU instructions (aka machine message in the ecx register”. But what is message?
code). Here, mov is one such instruction – it could It’s not another register – it’s a location. Down at the
also be written in the raw binary format that the CPU bottom of the code, in the data section, you’ll see the
understands, like 10001011. But working with raw message label followed by db, which defines some
And just as a teaser for
binary would be a nightmare for us puny humans, so bytes that are placed at the message location in the
what’s to come: here’s
bare-metal code, running we use these slightly more readable variants instead. code. This is really useful, as we don’t need to know
on a PC emulator! And we’ll The assembler simply converts the text instructions the exact location of the “Assembly rules” string in the
show you how to boot it on to their binary equivalents – although it can do more, data section – we can just refer to it via the message
a real box… as we’ll see in later tutorials. label. (The number 10 after our string is simply a
newline character, like adding \n to a C string.)
So, we’ve moved that location into our ecx register.
But what we’re about to do is especially cool. As
mentioned, the CPU has no real concept of hardware
devices – to print something on the screen, you have
to send data to the video card, or move data into video
RAM. We have absolutely no idea where this video
RAM is, and everyone has a different video card, X
server configuration, window manager etc. So directly
printing something on the screen is, for us, virtually
impossible in a short program.
So what we do is tell the kernel to do it for us. The
Linux kernel has a bunch of system calls that low-level
programs can use, to get the kernel to do various
jobs. One of these calls is to output a string of text.
Then the kernel handles it all – and indeed, it offers an
even deeper layer of abstraction, in that it can output
108 www.linuxvoice.com
� MACHINE CODE CODING
Once you pop, you can’t stop
One thing we’ll be looking at next month is the stack, so we’ll pop eax
get you prepared for it here. The stack is an area of memory pop ebx
where temporary values can be placed, when you need to free pop ecx
up your registers for other purposes. But the most important After these six instructions, eax will contain 10, ebx will
feature of the stack is the way data is stored in it: you “push” contain 5, and ecx 2. So the stack is a great way to liberate
numbers onto the stack, and “pop” them out. It’s LIFO (last in, some space temporarily; if you have some important values
first out), so the most recent item you place onto it is the most in eax and ebx, for instance, but need to do a quick job with
recent you’ll pull out. them, you can push them onto the stack, do your work,
Imagine you have an empty Pringles can, for instance, and and then pop back the previous values to return to your
you place into it a cream cracker, an Alf Pog and a GameCube previous state.
disc – in that order. If you now retrieve the items, the first will The stack is also used when calling subroutines, in that
be the GameCube disc, the second the Alf Pog, and so forth. the return address of the code is pushed onto the stack. This
Here’s how it works in assembly language: is why you have to be careful when using the stack – if you
push 2 overwrite it with the wrong data, you might not be able to
push 5 return to a previous place in the code, and you’ve taken a
push 10 one-way trip to crashland!
the string to a plain text terminal, or via a terminal sys_write (“write to a file descriptor”), which is number
emulator in the X Window System, or even redirect it 4. So we place that in the eax register:
to an open file. mov eax, 4
Before we ask the kernel to print the string, though, And that’s it! We’ve set up everything we need to
we need to provide it with more information than just use a kernel system call, so now we hand control over
the string location in the ecx register. We also need to like so:
tell it how many characters to print, so that it doesn’t int 0x80
just keep printing after the end of our string. That’s Here, int stands for “interrupt”, and literally
when this line comes into play, in the data section interrupts the current program flow by jumping into
towards the bottom: the kernel. (The 0x80 is hexadecimal here – you don’t
length equ $ – message need to concern yourself with it for now.) The kernel
Here we have another label, length, but instead of prints the string pointed to in the ecx register, then
using db to include some data next to it, we use equ to hands control back to our program.
say it’s the equivalent of something (a bit like #define To end our program, we need to call the kernel’s
in C). The dollar sign refers to the current location sys_exit routine, which has the value 1. So we place
in the code, so here we’re saying: length should be that number in eax, interrupt our program again, and
equal to the current location in the code, minus the the kernel neatly terminates our program, putting
“message” location. In other words, this gives us the us back at the command prompt. There you have it:
length of the “message” string. a complete (albeit very small) assembly language
Back in the main code, we put this value into the program, hand written and without the need to use
edx register: any fat libraries.
mov edx, length We’ve raced through a lot in this tutorial, and as
So far so good: two registers are populated with the mentioned, we could’ve focused entirely on theory
string location and the number of characters to print. instead. But we hope you’ve found it useful to
But before we tell the kernel to do its work, we need see a real example in action, and next issue we’ll
to provide a bit more information. First, we need to spend more time with some of the concepts we’ve
tell the kernel which “file descriptor” to use – in other introduced here. But we’ll also take it up a notch,
words, where the output should go to. This topic is by adding logic and subroutines to our program –
beyond the scope of this assembly tutorial, but we assembly versions of IFs and GOTOs.
need to use stdout, which basically means: print to Meanwhile, as you get familiar with this program,
the screen. The number for this is 1, and we put it in here are some things you can try:
the ebx register. Print a different, longer string.
Now we’re tantalisingly close to using the kernel, Print two strings, one after another.
but there’s one more register to fill. The kernel can Change the exit code that the program hands back
actually do lots of different things, such as mounting to the shell (this could take a bit of Googling!).
filesystems, reading data from files, deleting files If you get stuck or need any help, pop by our
and so forth. These facilities are provided by the forums on http://forums.linuxvoice.com – this
aforementioned system calls, and before we hand author will be at hand to point you in the right
control over to the kernel, we need to tell it which direction. Happy hacking!
call to use. If you look at http://asm.sourceforge.
net/syscall.html, you’ll see some of the many calls Mike Saunders has written a whole OS in assembly
(http://mikeos.sf.net) and is contemplating a Pi version.
available to programs – in our case we want
www.linuxvoice.com 109
� MASTERCLASS GNUPG
MASTERCLASS
You wouldn’t want other people opening your letters and
BEN EVERARD your data is no different. Encrypt it today!
SECURE EMAIL WITH GNUPG
AND ENIGMAIL
Send encrypted emails from your favourite email client.
Y
our typical email is about as secure as a The first thing that you need to do is create a key to
JOHN LANE postcard, which is good news if you’re a represent your identity in the OpenPGP world. You’d
government agency. But you wouldn’t use a typically create one key per identity that you have.
postcard for most things sent in the post; you’d use a Most people would have one identity, being
sealed envelope. Email is no different; you just need themselves as a person. However, some may find
an envelope – and it’s called “Encryption”. having separate personal and professional identities
Since the early 1990s, the main way to encrypt useful. It’s a personal choice, but starting with a single
email has been PGP, which stands for “Pretty Good key will help while you’re learning.
Privacy”. It’s a protocol for the secure encryption of Launch Seahorse and click on the large plus-sign
email that has since evolved into an open standard icon that’s just below the menu. Select ‘PGP Key’ and
called OpenPGP. work your way through the screens that follow to
supply your name and email address and then
My lovely horse generate the key.
The GNU Privacy Guard (GnuPG), is a free, GPL-licensed You can, optionally, use the Advanced Key Options
implementation of the OpenPGP standard (there are to add a comment that can help others identify your
other implementations, both free and commercial – key and to select the cipher, its strength and set when
the PGP name now refers to a commercial product the key should expire.
owned by Symantec). An easy way to get started with The final step requires you to supply a passphrase
encryption is to use Seahorse, a GTK graphical user – you’ll need to supply this later on when you use your
Seahorse makes it easy to
manage PGP keys, and its interface for GnuPG that should be available in your key. After doing so, a new key is generated in the
step-by-step key creation chosen distribution’s package repository. It’s installed background. There’s no feedback while this is
dialog is a good way to get by default on Ubuntu, where it’s called “Passwords happening (which gives the impression that it isn’t
started. and Keys”. working) but, eventually, you should see your key in
the main Seahorse window (select ‘GnuPG Keys’ in the
main window to see it).
Get the key…
Key generation can take a few minutes, because the
algorithms need to collect sufficient entropy
(randomness) to generate a secure key. If your system
struggles to provide this, you can install a package
called haveged from your distribution’s repository; it’s
a daemon that gathers entropy from unpredictable
background system events and will quickly deliver the
entropy needed to satisfy key generation.
Once you have a key, you can right-click to view its
properties, which will show you the details that you
supplied when creating it, plus its Key ID. This is
shown as an eight-digit hexadecimal number but the
110 www.linuxvoice.com
� GNUPG MASTERCLASS
actual key ID is 64 bits. The lower 32 bits are usually
sufficient to identify a key (you can see the full key ID Web of trust
on the Details tab). Key servers offer a convenient way to possible. To help with this, Seahorse’s Key
distribute your key and to obtain others’ keys, Properties screen displays a human-readable
Know the secret… but they don’t prove authenticity in they way “Key Fingerprint” that can be easily
Your key is complex: it contains a secret part that you that an SSL certificate authority would. PGP compared. You can then indicate your trust
uses a “Web of Trust” model instead, where by selecting a trust level from the drop-down
should keep for yourself, plus a public part that you
trust is left to the users. This means that it’s menu on the same screen. If you want to
can share with others. Someone wishing to send you up to you to decide if a key obtained from a share that trust publicly then you can use the
encrypted email will need your public key. If you look key server really does belong to who you “Trust” tab to sign the key. A popular way to
at the Details tab, you’ll see that you actually have two think it does. You should use offline methods build your web of trust is to attend a
keys; the first one is your primary key and the other to establish a key’s authenticity, in-person if key-signing party, as we explain on page 113.
one is a subkey. The subkey is used for encryption and
the primary key is used for GnuPG’s other purpose:
signing. You can sign other people’s keys to affirm
your trust and you can sign emails and other files to
affirm their authenticity, which others may verify using
your public key.
For your key to be useful, its public part needs to be
accessible by anyone who may want to send
encrypted documents to you, or anyone wishing to
verify a document or key that you’ve signed. You could
personally issue your public key to those that need it
but it’s better to publish it to a key server. Likewise, you
can use a key server to get any public keys that you You can sign a key that you trust, but be honest about how much you trust it.
need. Seahorse will do this for you if you select its
Remote > Sync And Publish Keys menu option.
You can browse key servers that have web them with any applications that support GnuPG, and
interfaces – try http://pool.sks-keyservers. your email client is an obvious candidate here.
net:11371 which, as its URL suggests, is actually a Enigmail is a GnuPG add-on for Mozilla Thunderbird
PRO TIP
pool of many key servers. Some key servers may offer that you can install by selecting Thunderbird’s Tools >
Seahorse can also be
an option to upload keys directly through the website. Add-ons from its menu bar and searching for
used to manage SSH keys
Key servers propagate changes so, if you’re looking ‘enigmail’. and X.509 certificates.
for a key, you can use any server.
Seahorse will help you manage your own keys as Encrypting email
well as any public keys that you’ve downloaded and, It adds a new menu with options for encryption and
because it’s a front-end to GnuPG, they’re stored at signing, plus key management that provides similar
~/.gnupg within your home directory. You can use functionality to Seahorse (try both and see which you
prefer). It automatically decrypts or verifies inbound
email using your keys once you’ve configured your PRO TIP
email account to use it. Use Thunderbird’s Edit >
PGP keys are often
Account Settings to do that – you’ll notice there is a referred to as a ‘key pair’
new OpenPGP Security settings page there with a and the secret and public
parts as a ‘Private Key’
check a box that enables OpenPGP support.
and a ‘Public Key’.
By default, Enigmail locates your key with your email
address, and this should be sufficient unless you have
multiple of either. You can, however, use the Account
Settings screen to explicitly select a key if you need to.
You can also configure
default behaviour there,
such as whether to sign
“You may find it useful to have
or encrypt messages. separate personal and private
With the configuration
done, you can write your
identities for use with GnuPGP.”
first email. Adele” is “The
friendly OpenPGP email robot” and it can help you test
your setup. Just send a message to adele-en@
gnupp.de and you’ll get a reply that will highlight any
Enigmail uses your secret key to open encrypted issues with your ability to send encrypted messages.
messages that you receive, like this from “Adele”, which You can attach your public key to the message if you
confirms that sending encrypted messages works too. haven’t published it to a key server.
www.linuxvoice.com 111
� MASTERCLASS GNUPG
USE GNUPG ENCRYPTION FROM
THE COMMAND LINE
P
owering the desktop applications and plugins
JOHN LANE we’ve just looked at is libgcrypt, the GnuPG
cryptographic library, and gpg, is its command
line utility. If you’ve already installed a GUI tool then
you’ll already have gpg; if not, you can install it from
your repository and confirm the version that you have:
$ sudo apt-get install gpg
$ gpg --version
gpg (GnuPG) 2.0.26
libgcrypt 1.6.2
You’ll need to create a key if you’re starting out and, There are pass phrase dialogs for GTK 2, Qt 4, and if you
as gpg affords you more control than the graphical aren’t running a graphical desktop, Curses.
tools that we looked at previously, it’s worth using it to
create your key if you’re comfortable on the command Use the file as input to batch mode:
line. The simplest way to create a key is to use gpg $ gpg --gen-key --verbose --batch alice.keygen
interactively and follow its prompts: gpg: key 4A924D1C marked as ultimately trusted
$ gpg --gen-key The --verbose argument is there to show what’s going
Alternatively, you can write your settings into a text on. The last line of output shows your key ID.
file, say alice.keygen, like this: Your key is written into files in your ~/.gnupg
Key-Type: RSA directory; the secret part in secring.gpg and the public
Key-Length: 4096 part in pubring.gpg. Collectively these files are your
Key-Usage: sign Key Ring and, as you use gpg, you’ll also store other
Subkey-Type: RSA people’s public keys in there. Central to this key
Subkey-Length: 3072 sharing is the Key Server, and you can tell gpg which
Subkey-Usage: encrypt one to use by adding an entry to its configuration file,
Preferences: SHA512 SHA384 SHA256 SHA224 AES256 ~/.gnupg/gpg.conf:
AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed keyserver hkp://pool.sks-keyservers.net
Name-Real: Alice You should send your public key to the key server
Name-Comment: Alice from example.com, the well-known so others can find it and you can retrieve their public
participant in examples. key using their email address or key ID:
Name-Email: alice@example.com $ gpg --send-key 4A924D1C
Passphrase: your secret is safe with me $ gpg --search-keys bob@example.com
This example creates a 4096-bit RSA primary $ gpg --recv-key 4E4A3DB3
signing key and a 3072-bit subkey for encryption.
Longer keys are harder to crack, but they may not be Who do you trust?
compatible with all software, so as an example we’ve The fact that anyone can upload to key servers means
given our subkey a different size. The long list of that you should challenge the authenticity of any key
Preferences contains our preferred hash, cipher and that you acquire. An individual who believes a key to
compression algorithms. If you omit the Passphrase be genuine can sign it to acknowledge that view, but
entry from the file, you’ll be prompted to enter it. Either it’s still your decision to trust their opinion. Likewise,
way, your passphrase protects your key – choose it you can also sign keys that you trust. If you don’t want
wisely and don’t forget it! to sign a key, you can still record your own trust level.
This “Explicit Trust” is private to you, and you use the
key editor to do it:
GnuPG Modern
$ gpg --edit-key bob@example.com
GnuPG version 2.1 was released on to its gpg-agent. The secret keyring file gpg> trust
6 November 2014 after a long beta. The 2.0.6 secring.gpg is no longer used and pubring. Please decide how far you trust this user to correctly verify
version series retains the “Stable” moniker, gpg is now pubring.kbx, as the release notes
other users’ keys
with this new release being called “Modern”. explain. See https://www.gnupg.org/faq/
It has many new features, but most whats-new-in-2.1.html. (by looking at passports, checking fingerprints from different
notable is that it manages private keys It’s unlikely to be in your distro yet, unless sources, etc.)
differently, delegating responsibility entirely you use a rolling release like Arch Linux. 1 = I don’t know or won’t say
2 = I do NOT trust
112 www.linuxvoice.com
� GNUPG MASTERCLASS
gpg-key2ps quickly produces these key slips for you to print out, which are useful if you’re getting your key signed.
3 = I trust marginally
4 = I trust fully
The GPG agent and Pinentry
5 = I trust ultimately The gpg-agent is a daemon that manages pinentry-program /usr/bin/pinentry-curses
m = back to the main menu secret keys for gpg, which starts it You can start the agent manually:
Your decision? 3 automatically on demand, making it $ eval $(gpg-agent --daemon)
something that you don’t normally need to be To re-start it after changing configuration:
concerned about. Pinentry is a helper tool $ pkill --signal HUP gpg-agent
Using your key used by gpg when it requires a user to enter You can also ask it to reload itself like this:
Once you have a key, you can get on with the a passphrase. The agent reads configuration $ echo RELOADAGENT | gpg-connect-agent
nitty-gritty details of its use, the main ones being from an optional file ~/.gnupg/gpg-agent. Should you want to terminate it:
signing and encryption. Let’s look at signing first. conf, and one reason to use it is to specify $ pkill --signal TERM gpg-agent
the pinentry path if gpg has difficulty finding The agent can also serve in place of the
There are two ways to do it; the first method produces it, which an entry like this will achieve: ssh-agent see man gpg-agent for more.
a signed copy of an input file that is compressed and
signed. It works like this:
$ gpg --sign mydocument.odt The need to decrypt can be avoided with a
which leaves the original file intact and creates a new “detached signature”. This signs the document as
binary file with a .gpg extension that is a compressed before but only writes a signature file that you can
and signed copy. The signature can be verified: pass along with the original file to anyone who needs
$ gpg --verify mydocument.odt.gpg it and they will be able to verify its authenticity using
gpg: Signature made Tue 25 Nov 2014 16:38:36 UTC using RSA the signature file:
key ID 89572049 $ gpg --output mydocument.sig --detach-sig mydocument.odt
gpg: Good signature from “Alice (Alice from example.com, the $ gpg --verify mydocument.sig mydocument.odt
well-known participant in examples.) <alice@example.com>” gpg: Signature made Tue 25 Nov 2014 16:50:39 UTC using RSA
[ultimate] key ID 89572049
You have to use --decrypt to recover the original gpg: Good signature from “Alice (Alice from example.com, the
document, even though it’s only compressed inside well-known participant in examples.) <alice@example.com>”
the binary container file: [ultimate]
$ gpg --decrypt --output mydocument.odt mydocument.odt.gpg
Validating software packages
Many open source applications sign their packages
Key signing party so that their authenticity can be validated. As an
example, we’ll validate the latest GnuPG source:
A key signing party is any event where individuals can meet
$ wget ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2
to verify each others’ identities before signing each others’
keys to build their web of trust. You need to bring along $ wget ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-2.1.0.tar.bz2.sig
some form of identification, a photo ID like a driving licence $ gpg --verify gnupg-2.1.0.tar.bz2.sig gnupg-2.1.0.tar.bz2
or passport, and a hard-copy of your “Key Fingerprint” We downloaded the package and its signature but
which you can output from your secret key: will also need the public keys belonging to those who
$ gpg --list-secret-keys --fingerprint
signed the package, as gpg will report an error if it
If you’re on a Debian derivative, the signing-party
package contains a utility that prints a page containing can’t find them:
multiple copies of your fingerprint that you can cut into gpg: Signature made Wed 05 Nov 2014 15:44:27 UTC using RSA
slips and use at a keysigining event: key ID 4F25E3B6
$ gpg-key2ps -p a4 BC5EDAFF > keysheet.ps gpg: Can’t check signature: No public key
At the event you’ll verify each individual’s identity and
You can download the key (assign trust if you want
collect their email address and key fingerprint. After the
event, you should obtain, verify and sign their keys and then to) and then verify again:
send each person an encrypted copy of their key that you $ gpg --recv-keys 4F25E3B6
signed, which they should use to update their key and $ gpg --verify gnupg-2.1.0.tar.bz2.sig gnupg-2.1.0.tar.bz2
upload it to their keyserver. Here’s how: gpg: Good signature from ...
$ gpg --search-keys bob@example.com
We’ve covered the basics of key management,
$ gpg --fingerprint bob@example.com
$ gpg --sign-key bob@example.com
document signing and encryption, but there’s much
$ gpg -a --export bob@example.com | gpg --encrypt -r bob@ more to GnuPG and OpenPGP in general. How far you
example.com -a | mail bob@example.com go depends on how paranoid you are!
It’s up to you how much identity verification you do, but
you’re more likely to be trusted if you’re known to take it
John Lane provides technical solutions to business
seriously. If you’re interested in key signing, websites like problems. He has yet to find something that Linux can’t
biglumber.com and keysigning.org have event listings. solve.
www.linuxvoice.com 113
� /DEV/RANDOM/
Final thoughts, musings and reflections
Nick Veitch
was the original editor i5 machine with 16GB RAM and
of Linux Format, a a selection of SSDs and big hard
role he played until he drives, running Ubuntu 14.10.
Guake drop-down terminal.
got bored and went
to work at Canonical
instead. Splitter! Babbage Bear, the
official mascot of
the Raspberry Pi.
O
ne of the very great things about Linux is
Logitech unifying
the many splendid flavours available. wireless mouse
Some of them cropped up at the recent and keyboard.
CES show, where Intel unveiled its “PC on a
stick”, a dongle-sized quad Atom thing (running A Linux Voice
Ubuntu) for next to no money. I am still thinking mug, of course!
about what I would use it for. Maybe I need more
than one.
My Linux Setup Ben Nuttall
Of course, Linux featured heavily in the TV
section too. Not just the endless Android
powered devices (it still runs a sort-of-Linux
kernel after all), but the latest Samsung Smart Education and outreach human at the Raspberry Pi Foundation.
TV (which uses the Tizen OS it originally shipped
with some phones), and one or two featuring What version of Linux are you drop-down terminal. It suits the way I work
Roku (the operating system that’s also available using at the moment? really well, as I like to have focus on some
in some media boxes of the same name). It is a I have a desktop at home and a window, like a web browser, and have
bit of a wonder that nobody has tried to put laptop for work – both running the quick access to a terminal or three,
MythTV into an actual TV. latest Ubuntu release. I also have a little without juggling different windows.
HP ARM Chromebook, which is great for
Supreme Leader’s distro when I’m travelling. Chrome OS is nice for What do other people love, but
There seems to be a Linux for everything. Unless browsing (and even SSH), but I can switch you can get on without?
you are in North Korea, in which case there is to an Ubuntu container with crouton if I A lot of people use the GitHub
only one Linux deemed suitable for the Sony- need to hack at something. desktop GUI, but I guess that’s
hating masses – Red Star Linux, which in its Windows and Mac only anyway. I’m
latest incarnation seems to have borrowed quite What was the first Linux setup perfectly happy using git from the
a lot of look and feel from somewhere else - you ever used? command line.
surely they don’t take field-trips to Cupertino? I ran my computer solely from an
Anyhow, it is testament to what one can do with Ubuntu live disc for a good few Is there one single piece of
KDE (see for yourself – http://goo.gl/DxOPSu weeks once when my hard drive was proprietary software you wish
courtesey of Wikimedia), but I think you may playing up, back in around 2007. A couple were open source?
have to travel there to actually buy a copy. of years later I started using it more, and I’m a fan of the Sublime Text editor,
Of course, this celebration of distros can’t miss by then I’d met a bunch of people who and although you can download it
out on one of my favourites (or should that be used it day-to-day so I had more support, for free it’s not open source. I’m starting to
three of my favourites, since the development and that’s really important. use GitHub’s open source editor Atom
team decided to split it up into bits?): Fedora. more, which is still in beta but it’s more
While the new versions are all very exciting, I did What Free Software/open source feature heavy and really nice to use.
notice some “end of life” messages for an older can’t you live without? Having said that, I probably use Vim more
version.Yes, release 19, codenamed One of the first things I install on a than anything – but graphical editors
“Schrödinger’s cat”, is officially dead. new machine is Guake – a simple definitely have a place.
114 www.linuxvoice.com
�This is what we’ve done in the last 12 issues.
Subscribe to the next 12 from just £38.
Every subscription includes access to every PDF, ePub and audio edition we’ve ever published.
shop.linuxvoice.com
��