Plaintext
PROUDLY INDEPENDENT SINCE 2013
FREE THE WEB
Brave – the
browser that
doesn’t spy
July 2016 www.linuxvoice.com on you
MASTER YOUR
LINUX BOX
Power up
your system
administration
skills with our
hands-on
guide
BOOSTRAP Prettify your web apps the easy way
AMAHI Serve cat videos all round the house with this media setup
31 PAGES OF TUTORIALS
OPENBSD Try a super-secure Unix-alike operating system today
LICENCE TO CHILL RASPBERRY PI
July 2016 £5.99 Printe d in the UK
SIMON PHIPPS RETRO CODE
On culture, coding Store simple
and the need to keep programs on a
up the fight for physical cartridge –
software freedom just like a SNES
OPENVPN ›GNEWSENSE ›MICROSOFT & MORE!
�FOSSTALK LIVE
2016
A free evening of live Linux Podcasts
Saturday 6 August 2016
Plus Stuart Langridge and Dave MegaSlippers
http://www.fosstalk.com/tickets/
The Harrison, 28 Harrison Street, Kings Cross, London, WC1H 8JF
Doors 5pm
� ISSUE 28 WELCOME
WELCOME TO LINUX!
The July issue What’s hot in LV#028
ANDREW GREGORY
I’ve been using Linux for years,
but this month OpenBSD has
caught my eye. I think it might be
time to try out an open source
Unix clone with a different
development philosophy.
BEN EVERARD p70
Long-term Linux user and
best-selling author Ben is GRAHAM MORRISON
usually found knee-deep in Machine learning is finally
either Python code or a coming from science fiction to a
tangle of wires. computer near you. With Ben’s AI
tutorial as a starting point, it’s
T
time to begin work on an army of
hose of you with an eye for detail will notice the editorship silicon brains.
has changed hands this issue. Graham, the previous editor, is p92
still involved and you can read his views on the latest free
software in FOSSPicks (page 58). Aside from adding my foolish grin MIKE SAUNDERS
to this page, not much should change. I’m happy to keep the formula My home server is due for an
that we’ve perfected over the previous two and a half years. If there’s upgrade, and it looks like Ahami
anything you think would improve the magazine, let me know at could do this job easily. Less time
ben@linuxvoice.com. setting up servers means more
This month we’re looking at system administration. At its heart, time to spend porting MikeOS to
system administration is just taking control of your computer so the Raspberry Pi.
p66
they run your tasks better. The better your computers run their tasks,
the less stress you have, and the less stress you have, the happier
you are. Basically, sysadmin skills are the key to a better life.
Ben Everard
Editor, Linux Voice
Linux Voice is different.
THE LINUX VOICE TEAM
Linux Voice is special. SUBSCRIBE
Editor Ben Everard
ben@linuxvoice.com Here’s why… ON PAGE 56
Deputy editor Andrew Gregory
1 At the end of each financial year we’ll
andrew@linuxvoice.com
give 50% of our profits to a selection of
Editor in hiding Graham Morrison organisations that support free
graham@linuxvoice.com software, decided by a vote among our
Editor at large Mike Saunders readers (that’s you).
mike@linuxvoice.com
Games editor Michel Loubet-Jambert 2 No later than nine months after first
michel@linuxvoice.com publication, we will relicense all of our
Creative director Stacey Black content under the Creative Commons
stacey@linuxvoice.com CC-BY-SA licence, so that old content
can still be useful, and can live on even
Malign puppetmaster Nick Veitch
after the magazine has come off the
nick@linuxvoice.com
shelves
Editorial contributors:
Mark Crutch, Juliet Kemp, 3 We’re a small company, so we don’t
Vincent Mealing, Simon Phipps, have a board of directors or a bunch of
Les Pounder, Mayank Sharma, shareholders in the City of London to
Amit Saha, Valentine Sinitsyn keep happy. The only people that matter
to us are the readers.
www.linuxvoice.com 3
� CONTENTS ISSUE 28 JULY 2016
Contents
Dearly beloved, we are gathered here today to get through this thing called life…
Regulars Cover Feature
News 06
A new approach from Linux Mint, an award
for Richard Stallman, and Duck Duck Go 14
proves how awesome it is by donating a
chunk of money to Free Software apps.
Distrohopper 08
Presenting Escuelas Linux 4.4 – a distro
showing 45,000 students around the world
that there’s more to computing than XP.
Speak your brains 10
Demands, requests, rants, raves and even a
crumb of praise from our elite readership.
Subscribe! 12/56
Save money, get the magazine delivered to
your door and get access to 28 issues of
Linux Voice, in lovely DRM-free PDFs.
FOSSPicks 58
We’re not all free, but we do have the
If you installed your own Linux distro, you’re a sysadmin – so rise to the
freedom to be free. Do your bit by installing challenge and make yourself a better computer user.
some of this great software.
Core Tech 94 Interview Feature
Take Dr Valentine Sinitsyn’s electron
microscope and examine the subatomic
particles that make up your Linux machine.
This issue: networking and hping. 34 22
Geek Desktop 98
Debian has abandoned support for
586-class processors. Here’s why we should
put down our angry pitchforks and just be
happy instead.
Simon Phipps What the hell is going on?
SUBSCRIBE What software licensing really means for Microsoft doesn’t hate us any more, and it feels weird.
ON PAGE 56 the future of Free Software communities. Is this entente for real, or are we being hoodwinked?
FAQ Group Test
Hadoop 32 Download managers 50
When Big Data gets too big, this Eke every last drop out of your
recruiter-friendly technology is on bandwidth with one of these time-
hand to rescue the situation. and effort-saving tools.
SECRETS OF CHROMIUM
TURN TO PAGE 26
4 www.linuxvoice.com
� ISSUE 28 JULY 2016 CONTENTS
Feature Tutorials
28
Amahi 66
Spruce up your home media server with
some new software and Ocean Rain.
OpenBSD 70
Libre Graphics Meeting If you’re at all interested in security, you
really should give this Unix-alike OS a try.
Software, culture and humans combine in Greater London to create something quite lovely.
Raspberry Pi 74
Take a pilgimage to the 90s and build
Reviews a cartridge – not to store Sonic The
Hedgehog, but a program for the Pi.
Brave 42
Bootstrap 78
App design is hard – so it’s great news that
someone has done it all for you. Huzzah!
Brendan Eich, formerly
of Mozilla, has a new
OpenVPN 82
company and a new
Send data securely over the wild internet.
browser, which promised
no spying. It’s a great
idea, but will it work in Coding
the real world?
gNewSense 4 44 Qt Creator 4 45
Run a full operating system without the ethical This IDE for building Qt apps bundles a host of
compromises of proprietary codecs and binary formerly proprietary features, works brilliantly and
blobs. However – there is a trade-off… looks positively edible.
Libcontainer 86
Isolate apps within their own little
sandboxes. It’s just like Inception!
Gaming on Linux 46 Books 48
Look beyond the beautifully rendered ponytail and Reflect on where we’re going and how far we’ve Machine learning 92
there’s a deeply absorbing game in Tomb Raider – come with thought, discussion and ideas featuring Teach inanimate silicon to think, then wait
and now it’s coming to Linux. Aaron Swartz, RMS and other luminaries. for Sarah Connor to come and find you.
www.linuxvoice.com 5
� NEWS ANALYSIS
NEWSANALYSIS
The Linux Voice view on what’s going on in the world of Free Software.
Opinion
The other side of compliance
Inside the FUD-driven economy of software licensing.
Simon Phipps contained within proprietary software, dependencies, the proprietary vendor
is ex-president of the leaving the impression it is uniquely alone is able to offer reliable remediation,
Open Source Initiative
problematic. The document wants its since it has chosen to monetise the
and a board member
of the Open Rights readers to know that dangerous open scarcity of its software and of its fixes.
Group and of Open source code is entering their company When you decided that the best supplier
Source for America. through the channel of unspecified to address your business need was one
proprietary software. They recommend that monetises the scarcity of software
buying their scanning product and imposing and its fixes, rather than monetising some
further processes on employees to keep other scarcity such as experience or
their wanton ways under control. availability of skills, you accepted the need
I
n my previous column, I wrote about the It seems the issue they are concerned to keep paying or to eliminate the software
phenomenon of businesses treating about is old versions of proprietary software from your business in favour of another
compliance with open source licences that embed open source code. Their worry is solution. There is no safe third way.
as the end-goal rather than the starting point that this code might contain exploited If you do happen to have open source
for their relationship with the open source defects that put your security at risk, like code in your proprietary software, it is
community. But there is another side to the Poodle, LogJam and Freak. They don’t possible to get it fixed without the original
story; the compliance industry. mention that the same proprietary code is vendor as long as you can still get the full
There are several businesses whose also probably chock full of unfixed defects source code corresponding to the version
existence is predicated on ensuring from non-open-source origins whose on which you depend. This is most likely
corporations can know they are complying exploits are known only to the black-hat to be the case if it was licensed under a
with open source licence terms. Such community so don’t have cute names and copyleft licence like the GPL or LGPL. No
businesses provide tools for scanning code famous fixes. such option exists for proprietary
repositories for licence signatures and then It doesn’t have to be this way. An dependencies (such as libraries and
aiding corporate legal teams in identifying alternative business model could be to frameworks included in the work), so even
whether all the terms of the licence are persuade the client along these lines: in this unfortunate case open source may
being met. Since a fear of negative All software has defects. Some of these save the day for you.
consequences – such as is happening to defects lead to vulnerabilities. Some of An alternative approach uses the flexibility
VMware – is a great stimulus to becoming these vulnerabilities can be exploited to inherent in open source software. Since
their client, these companies tend to trade in read a security exposure. Some of these the community of co-developers of open
horror stories about compliance failures and exploits are wild on the internet. source software need all the latest source
innuendo about licences they consider When defects are detected, vendors fix all the time, you can have it too – no
sources of risk (typically copyleft licences). them and provide the fixes to their paying scarcity. If you also build your solutions on
For example, a recent report issued by customers. When these defects are GNU/Linux, the updates may even show
Black Duck (https://info. known to be exploitable vulnerabilities, up automatically.
blackducksoftware.com/rs/872-OLS-526/ responsible vendors ensure all users are Since open source licenses exist to release
images/OSSAReportFINAL.pdf) propagates able to patch them. developers to innovate freely without
an unusually intense amount of fear, No matter where they sourced the parts needing to seek permission from others, it’s
uncertainty and doubt about open source that comprise their product and its a great shame the compliance industry
exists at all. But it seems inevitable, given
Companies trade in horror stories about the burden of software asset management
left behind by the proprietary software
compliance failure and innuendo about industry. All the same, it would far better for
‘risky’ copyleft licences us all if that industry promoted itself
positively rather than negatively.
6 www.linuxvoice.com
� ANALYSIS NEWS
Linux Mint • DuckDuckGo • Ubuntu • Pyra • Stallman • Debian • Devuan
CATCHUP Summarised: the biggest news
stories from the last month
Linux Mint 18 won’t ship DuckDuckGo gives chunk Month of LibreOffice
1 with media codecs 2 of money to FOSS apps 3 campaign underway
Historically, one of Linux Privacy-centric search Contribute code, bug reports,
Mint’s biggest plus points has been its engine DuckDuckGo has announced a translations and more to LibreOffice
support for many multimedia codecs, whopping $225,000 of support for open and win a badge – that’s the goal of a
out of the box. Whereas other distros source projects. Recipients include the new campaign from The Document
avoided shipping them due to software Freenet project, OpenBSD Foundation, Foundation. Read all about it at:
patent issues, Mint ensured a polished CrypTech, Tor, Fight for the Future, http://blog.documentfoundation.org
Linux setup in minimal mouse clicks Riseup Labs and GPGTools. These are
where you could play all your video predominantly projects that focus on
and audio files. From the next release, security and encryption, and it’s great
however, Mint won’t include certain to see companies that use FOSS giving
codecs by default – forcing users to back to the communities and projects
download them instead. Not the end of that make their work possible.
the world, but a bit of extra hassle. http://tinyurl.com/hwdyyq3
Ubuntu 16.04 features Pyra handheld Linux box Richard Stallman wins
4 snappy Firefox 5 available for pre-order 6 ACM software award
We’re not referring to speed Got €595 that you’re just RMS has won plenty of
here, but rather the package format begging to part with? Fancy an awards in his time, but we always like
used to update Firefox in the new awesome little Linux handheld that’s to see the mighty man get a bit more
Ubuntu release. Previously, when a new especially suited for videogame console credit for his efforts. Now Stallman
version of Firefox was made available, emulation? The Pyra might be right up has won the Software System Award
Ubuntu devs would have to compile it, your street. It’s a bit pricy, but sports a from the Association for Computing
package it up and ship it through the 5-inch 720p touchscreen, 1.5GHz Machinery, “for the development and
usual software repositories. In Ubuntu dual-core CPU, gaming controls, backlit leadership of GCC (GNU Compiler
16.04, Mozilla can issue its own snap physical keyboard and ships with Collection), which has enabled
updates for Firefox, thereby getting new Debian GNU/Linux. It’s described as “the extensive software and hardware
releases out the door instantly, instead most feature-rich ultra portable innovation, and has been a lynchpin of
of waiting for the Canonical team to do computer”, and that’s a fair assessment. the free software movement.”
it all for them. www.pyra-handheld.com http://tinyurl.com/zp67lgw
Debian drops support for Devuan issues first beta
7 older 586-class CPUs 8 release for 1.0
Debian GNU/Linux has Devuan GNU+Linux started
always been one of the best distros life as a fork of the Debian distro, after
for running on older hardware, but the the latter decided to adopt Systemd
team behind it wants to drop support as its startup and services manager.
for some older CPUs to streamline Devuan aims to provide “init freedom”,
the development process. AMD K5 but many in the community were
and K6 chips will no longer work in sceptical that the fork would ever
future releases, while users rocking IDT achieve anything more than flamewars
Winchip C6 VIA C3 and Cyrix III PCs will on mailing lists and a few dummies
also have to look elsewhere. Support for spat out of prams. But fair play: Devuan
other CPUs will also be dropped in the 1.0 is actually approaching, and curious
next Debian release – see the list here: users can download and try it here:
http://tinyurl.com/hnud68s https://beta.devuan.org
www.linuxvoice.com 7
� DISTROHOPPER LINUX DISTROS
DISTROHOPPER
What’s hot and happening in the world of Linux distros (and BSD!).
Ubuntu 16.04 LTS
...and its official derivatives.
T
he release of Ubuntu LTS every two
years is often an unexciting affair
given that they are intended to focus
on stability rather than features, but given
the sheer amount of Ubuntu-based
distributions out there and servers running
LTS releases, it’s a big deal.
In the base upgrades, perhaps the biggest
change is support for the ZFS filesystem,
though ext4 continues to be the default.
Some additional hardware support includes
journalled RAID 5 support, TPM 2.0 support
and improved Intel Skylake support, while
the fglrx driver for AMD graphics cards has
been deprecated, so owners of the cards will
either have to hold off upgrading or use the The Xenial Xerus is the latest adjective-animal combination (apparently it’s a type of squirrel).
open source Radeon drivers. There’s also a
broad range of software updates, ranging Ubuntu flavours also have DE updates, with Gnome users benefit from the most
from the kernel’s 4.4 release to Python 3.5. the exception of Lubuntu, which has by far significant DE updates, experimental
As for Ubuntu itself, there are a few the least exciting roster of updates as its Wayland support and Gnome Software
updates to the Unity desktop environment developers gear up for the shift towards replacing Ubuntu Software Centre.
consisting mostly of minor UI tweaks and LXQt, though support for the PowerPC It’s also noteworthy that while Ubuntu and
bugfixes, though the ability to change the architecture is a welcome addition to those Kubuntu offer five years of support for this
position of the Unity launcher has finally looking to get more life out of an old Apple release instead of the usual nine months,
landed in this version. The other official computer. On the other hand, Ubuntu the other derivatives offer three years.
Escuelas Linux 4.4
Windows XP replacement for schools.
E
scuelas is an educational distribution that’s gone into UEFI improvements for
intended for primary schools aiming easier installation on Windows 8 and 10
to replace their ageing Windows XP machines. It’s worth noting that Bodhi and
systems – and with some success, as it’s Escuelas are currently based on Ubuntu
used by some 45,000 students in 44 14.04, with the 16.04 version due in August.
countries, according to the developers. The distro has pretty much everything A lightweight distro means users with limited
Escuelas is based on Bodhi Linux, which needed for a school environment, such as resources can save money on hardware.
is in turn based on Ubuntu, and it can run on LibreOffice and the cross-platform remote
computers with as little as 256MB of RAM, monitoring software iTALC, so that teachers relevant subjects and age groups, while the
making an upgrade from Windows XP a very can make sure students aren’t watching choice of web browser is left open. Having
real possibility on most systems. Apart from videos or playing games in lessons. There’s these tools on a lightweight system is far
general updates and bugfixes, the biggest also a bunch of educational software like more practical than resource-hungry ones in
improvement to Escuelas 4.4 is the work GCompris, GeoGebra and KTurtle for their most of the world.
8 www.linuxvoice.com
� LINUX DISTROS DISTROHOPPER
News from the *BSD camps
What’s going on in the world of FreeBSD, NetBSD and OpenBSD.
T
he FreeBSD-based UbuntuBSD,
which we covered last month, is
making good progress, with the Beta
5 release of version 15.10 out the door and a
stable version expected very soon. We’re still
waiting to find out whether or not Canonical
will accept it as an official Ubuntu flavour,
but this is one we’ll be following closely
regardless of the decision from Ubuntu’s
parent company.
FreeBSD itself has moved on to version
10.3 with some rather big updates. These
include improvements to the UEFI
bootloader, support for ZFS, full Intel Skylake
support and 64-bit support for the Linux
compatibility layer, among the usual updates
to Gnome, X.Org and the like. This has in
turn resulted in updates to PC-BSD, and like The Mate desktop environment running on GhostBSD 10.1 Ève.
the FreeBSD base and its other derivatives,
will be the last maintenance release in the FreeBSD 10.3 changes into its own 10.3 people with limited experience. Following
10.X series. Alpha version, while skipping version 10.2. that logic, those looking to try it out should
The developers of GhostBSD – designed Other changes include updating Mate wait for the release version, or download
to be more user-friendly than FreeBSD (which is used by default) to version 1.12 version 10.1.
through features like automatic hardware and visual tweaks to what is already quite an Meanwhile, OpenBSD 5.9 was released a
detection and preinstalled desktop attractive system. Much like UbuntuBSD, it month early and is the 40th release of the
environments – also incorporated the aims to bring BSD to a wider audience or operating system. The biggest changes
include support for booting on computers
Much like UbuntuBSD, GhostBSD aims to with UEFI, support for the 802.11n wireless
standard and support for Intel Broadwell and
bring BSD to a wider audience or people Bay Trail graphics. Finally, a point release
with limited experience of the BSDs has been released of DragonflyBSD 4.4.3,
consisting mostly of bugfixes.
Linux for Playstation 2
Now that serious progress is being made on getting a stable Linux environment
running on a PS4, it’s a good time to look back at one of the most unusual Linux
distributions. While running homebrew Linux distros on games consoles is not
that uncommon, such as with Dreamcast Linux, having an official distro like
Linux for Playstation 2 was one of those strange moments in the history of the
OS. The distribution came as part of a package that included an installation
DVD with a Tux icon on it, a keyboard, mouse and a 40GB hard drive and
Ethernet network adaptor. The idea was to turn the console into a complete
desktop computer. The limitations here were the console’s 32MB of RAM and
the ~300MHz MIPS CPU, though one advantage was that the PS2’s USB ports
could be used to add Linux-compatible peripherals used on a normal PC.
The distro itself was based on a Red Hat 6-derived Japanese distribution
called Kondara MNU/Linux (discontinued in 2002) and used the 2.2.1 kernel.
For its window manager, it used Window Maker, a project designed to emulate
Nextstep’s GUI. Familiar Linux software like AbiWord, Pidgin Messenger and
XChat was also included in the distribution.
Game development was also possible on the system, as it included libraries
such as SDL, but these games wouldn’t run on a standard PS2. This venture into
the open source world also didn’t make it into subsequent generations, and
while the PS3 had the ability to install Linux or BSD onto it, this was later The Linux for Playstation 2 kit cost $200 on release and shipped
patched-out through firmware upgrades. limited numbers.
www.linuxvoice.com 9
� MAIL YOUR LETTERS
YOUR LETTERS
Got an idea for the magazine? Or a great discovery? Email us: letters@linuxvoice.com
UBUNTU WHAT?
Now then gentlemen, I really think you should tone down
your ridiculous Ubuntu fanboy enthusiasm. So it’s going to
be on phones – so what? Android is Linux, and it’s on
STAR millions of phones already. Convergence is happening
LETTER – big deal, if I want a destop machine I’ll buy one; there’s
no point having a mobile device that turns itself into a
desktop. Unity lets you customise it (a bit). Big wow – if
you want to customise, you’ll use KDE; if you want to be
force-fed whatever Canonical thinks you should be using,
you’ll use Unity. Ubuntu for TVs? If you can get it to filter
the Kardashians and replace them with paint drying,
you’re on. Otherwise, why bother? Ubuntu isn’t the messiah – it’s just a very, very good Linux
Please, try to be more impartial. There’s loads going on distribution, which by its existence makes all other types of
in Linux and Free Software, and they all deserve coverage. Linux better.
Loading it all on Ubuntu is just not fair, or desirable.
James O’Brian log in as root and have a look around to see what
was going on.
Andrew says: On the specific point of Ubuntu for The wider accusation of Ubuntu fanaticism is
TVs, I have an LG smart telly. LG doesn’t give out nonsense. We like it because it’s good, and we write
the root password, so I can’t install silverlight, and about it because we believe people are interested
somehow the iPlayer app has stopped working. I in it. Personally I can’t understand the need some
suspect planned obsolescence, but I’ll never know. people have to configure every last element of their
If the television were running Ubuntu I’d be able to desktop, but hey – as long as they’re happy it’s OK.
BIG BROTHER IS WATCHING YOU
The internet of things is a scary, insane proposition. There Andrew says: I agree. We’ve only just scratched
best thing to do would be to rewind the clock and pretend the surface when it comes to IoT folly. Devices
this awful phrase was never coined. Whose idea was it that were never meant to be connected will be
anyway? Can I have a quiet word with them? connected by default, and we’ll hear more and
Connecting your heater to your phone so you can more stories of computer viruses [aka Windows
switch it on on the way home is a great idea, but it’s open viruses] popping up in increasingly unlikely
to abuse – still more all the internet-connected cars, baby scenarios. Nuclear power stations are the scariest
monitors, fridges and whatever else the industry comes example I can think of. I am actually terrified now.
up with next.
So if we can’t stop it happening, how can we make it
better? With Linux of course! An open source baby
camera, for example, would never have its default
password set to Password123. Many eyeballs may find
more bugs, but they also make it harder to obfuscate
stupidity – if daft decisions are made in the open, they
very quickly get replaced with smart decisions. When it
comes to my car, or the locks on my house, I know that I
don’t want anything non-stupid. Free Software for the
Internet of Things – it’s the only way! Congratulations, humanity – your microwave now informs
Josh Black advertisers what you’re eating. What a silly bunch we are.
10
� YOUR LETTERS MAIL
AMAZING GRACE
Hi all, I started with Linux Mint 9 and now use Linux Mint
Mate 17.3, multiple desktops is the best thing since sliced
bread. I would like to see an article on writing a GUI
program for Linux Mint Mate with multiple windows and
one of them with a directory tree.
My last few years I worked at Naval Air Station North
Island (NASNI) building 1482, the Grace Hopper building;
which also has a museum with Grace Hopper items.
Here’s a link www.public.navy.mil/fcc-c10f/
nctssandiego/Pages/Museums.aspx.
Jim Quinn, Lakeside, CA, USA
Ben says: Thanks Jim! I’m impressed that the US
Navy is looking after the memory of Grace Hopper.
She deserves to be a household name, much like
Alan Turing is [slowly] getting more recognition
over here. Making a GUI app for Mint eh? We’ll see You can show your appreciation for Grace Hopper by drinking out of a mug adorned
what we can do. with a picture of her face. It’s what she would have wanted. Maybe.
LINUX ≠ GNU/LINUX
Yes, we know that
Hey there! Could we have more in Linux Voice about Linux ‘Linux’ is just the kernel.
please? Not Gnome, or Qt, or GCC – but actual Linux? Of
course, I know you know that Linux is just the kernel, and
everythign else on top of that isn’t really Linux, but not
everyone knows that. Please give us more of the real Linux
and less of that other Linux.
Bruce Fitzmorris
Andrew says: Bruce, you’ll be pleased to hear that
next issue we’ll be looking into the Linux kernel;
what it does, how you can tweak it to get better
performance from your machines, and how to
understand its mysteries. Prepare yourself!
www.linuxvoice.com 11
� SUBSCRIBE
Subscribe
shop.linuxvoice.com
Get your regular dose
of Linux Voice, the
magazine that:
Gives 50% of its profits
back to Free Software
Licenses its content
SUBSCRIBE TO CC-BY-SA within 9 months
US/Canada subs prices
TODAY! 1-year print & digital: £95
12-month digital only: £38
Get many pages Access our Save money on
of tutorials, rapidly growing the shop price
features, interviews back-issues archive and get each issue
and reviews – all DRM-free and delivered to
every month ready to download your door
Payment is in Pounds Sterling. 12-month subscribers will receive 12 issues of Linux Voice a year. 7-month
subscribers will receive 7 issue of Linux Voice. If you are dissatisfied in any way you can write to us to cancel your
subscription at subscriptions@linuxvoice.com and we will refund you for all unmailed issues.
12 www.linuxvoice.com
� SUBSCRIBE
All subscribers get access to every
single digital back issue –
that’s about 1,000,000 words of
tutorials, reviews and free software
hackery at your fingertips
Overseas subs prices
12-month print & digital:
Europe: £85
US/Canada: £95
Rest of world: £99 DIGITAL
SUBSCRIPTION*
ONLY
*
£38
WHEREVER IN THE WORLD YOU
ARE – IT’S DIGITAL, SO THERE ARE
NO POSTAGE COSTS
www.linuxvoice.com 13
� FEATURE SYSTEM ADMINISTRATION
MASTER YOUR
LINUX BOX
Updates, backups,
networking and data
recovery – they’re all in a
day’s work for a system
administrator. Brush up
your skills or develop them
from scratch with our
beginner’s guide.
S
ystem administrators – or sysadmins – are the friends or family? Congratulations – you’re a system
all-powerful gods of your computer system. administrator.
They can create users or destroy months of Of course there’s a world of difference between
work with just a few well- or mis-placed keystrokes. being the admin for a small home network, and
But with such power comes responsibility, which in running a server farm at a large multi-national
sysadmin terms means dealing with backups, corporation, but the underlying requirements are
recovering from disasters, or just being the scapegoat all the same, regardless of scale. Over the next few
that the MD points to after a zero-day vulnerability pages we’re going to take a look at a few of the skills
takes down your network. that every administrator should have under their belt,
In reality just about everyone reading this article is a whatever size of system they have to look after.
sysadmin. Did you install your own Linux distro? Then One final word of warning: we weren’t joking about
you’re a system administrator. Are you responsible for destroying months of work with a few misplaced
maintaining the Wi-Fi network in your house? You’re keystrokes. If you’re just learning your sysadmin skills
a system administrator. Are you the go-to person for we recommend using a spare box, or setting up a
any technical questions or problems among your virtual machine to avoid any nasty mistakes.
14 www.linuxvoice.com
� SYSTEM ADMINISTRATION FEATURE
TAKE COMMAND
Key incantations for every administrator
As a home user you might get away
with performing all your administrative Help! I’m trapped in a text editor!
tasks via the GUI, but even a basic Once you’ve got a command line in front of you, what than enough features for simple work, though it’s
understanding of the command line next? Many sysadmin jobs involve finding and editing worth launching it with the -w switch to disable line
can open up a world of possibilities that configuration files, so you can go a long way with just wrapping when editing configuration files. Even with
the cd command and a hands-on knowledge of a text Nano installed, however, you may sometimes find
quickly separate real sysadmins from
editor or two. yourself unexpectedly dropped into Vi or Emacs so,
normal users. In many instances there’s It’s no secret that we’re fans of Vi, but for nascent whatever your choice of text editor, it’s worth knowing
no need for a server to even have a administrators something a little more user-friendly how to quit out of the others, even if it’s only to launch
monitor attached, let alone waste might be a good starting point. Nano has more an editor you’re more familiar with.
processor cycles drawing windows that
could be better spent powering your Editor Save and Quit Abandon Changes and Quit Help
web server or virtual machines.
Your first challenge as an Vi/Vim Esc, :wq Esc, qa! Esc, :H, Enter
administrator is often to actually get
a connection to the command line. If Emacs Ctrl+X, Ctrl+C, Y Ctrl+X, Ctrl+X, Q, yes Ctrl+H, Ctrl+H
you’re working in the comfort of a GUI
Nano/Pico Ctrl+X, Y, Enter Ctrl+X, N Ctrl+G
then just launch a terminal application
– every Linux desktop has one hiding
away somewhere. Most of them enable
you to open multiple terminals in a
tabbed interface, which can be useful IP_address will get you to a password work on remote files as easily as if they
for managing several command lines prompt if the server’s configuration were on your local machine. Adding the
at once. If, however, you find yourself allows it, although we strongly -X parameter to your ssh connection
having to fix a broken X server, or just recommend setting up public key will let you run X applications on the
working directly on a machine with authentication for additional security. server, while their windows appear
no GUI installed, you’ll find that there on your own desktop. OpenSSH has
are several local consoles available by Screen and tmux several other useful features, so if
pressing Ctrl+Alt+F1 through to F6. When you inevitably need to make you have to deal with remote Linux
If there is a running X server you can multiple connections to the same machines on a regular basis it will pay
return to it by pressing Ctrl+Alt+F7 or server you can run several separate dividends to learn more about this
F8, depending on the distro. If an X instances of ssh, but it’s not the most incredibly versatile tool.
server is installed but not running, the efficient use of your bandwidth. It is
startx command will usually bring it up. possible to configure ssh to multiplex
When working on a local console several connections into a single tunnel,
it can be handy to install the gpm but a quick alternative is to use screen
(General Purpose Mouse) package. or tmux to provide you with several
This lets you use a mouse even on the command lines via a single connection.
command line, and can be invaluable These also let you disconnect from
If you have to
for selecting text elsewhere on the a running terminal and then re- administer
screen and pasting it at the cursor with connect later – ideal for long-running a Linux box from a
a middle-click. admin tasks that might take hours to Windows machine,
As a sysadmin you may need complete. check out MobaXterm
to work with remote machines. By Running an OpenSSH server on your (http://mobaxterm.
far the best tool for the job is ssh, remote machine also lets you transfer mobatek.net).
assuming the target machine has the files using the scp or sftp programs.
OpenSSH server installed. If not, that Better still, if you’re using a modern
should be one of your first tasks. The Linux desktop you can connect to the
basic invocation of ssh username@ server using your file manager, then
Did you install your own Linux distro?
Congratulations – you’re a system administrator
www.linuxvoice.com 15
� FEATURE SYSTEM ADMINISTRATION
THE LINUX FILESYSTEM
Where the hell is everything?
can still find system logs, lock files,
printer spools and, less frequently now,
users’ email.
/etc was originally a dumping ground
for things that didn’t really fit anywhere
else, but quickly became the standard
location for system-wide configuration
files and start-up scripts. Per-user
configuration files are kept inside each
user’s home directory, hidden away
from view by prefixing the filename with
a dot. Most Linux file managers have
an option to show these hidden files,
or you can use ls -a to list them at the
command line.
You can get an overview Unix systems are built on the ethos
of your filesystem just by that “everything is a file”. In reality that’s
navigating to the root directory not quite the case, so a better phrase
in your normal file manager. might be “everything is a file, and those
things that aren’t – well, we’ll jolly well
make them behave as though they are!”
The secret to understanding the quirks As for those bin directories: putting It may not be quite so pithy, but there’s
of the Linux filesystem is to put yourself admin tools into /sbin made it easier some truth to it: almost any device that
in the mind of a 1980s Unix system to prevent normal users accessing creates or consumes data – whether
administrator. Back then hard drives them – they had all the binaries they it’s a mouse, terminal or hard drive
were small, so a typical mainframe needed in /bin. Between them, those – is exposed as a fake file via /dev,
would have several of them installed, two directories offered an administrator simplifying the job for any developer
some of which could be mounted access to the core command line who wants to interface with it.
read-only to improve the security of tools they might need to recover from Linux expands on that idea further
your system. The /tmp directory would a broken system, so they often ended with the addition of the /proc directory
often be local to each client machine, up on the first hard drive in the system. – a construct of the kernel that doesn’t
while /home – containing each user’s Other applications and user-facing
personal directory – would be on a tools, on the other hand, could be
separate drive or partition. relegated to the equivalent directories in
A problem mounting /home the /usr directory, potentially mounted
would stop anyone logging in, so the read-only on a separate drive.
superuser’s home directory was kept on Use the tree /
the primary hard drive in its own /root Variables command to get a
folder. Even if nobody else could use In fact it was generally considered quick overview of your
the system, the sysadmin could log in a good idea to mount as much as
filesystem. You may
need to install tree
to attempt a repair. Unfortunately that possible in read-only mode, but
using your package
directory is ill-named, as the topmost inevitably some transient data – manager first
level of the file system is also referred whether system logs or users’ email
to as “root”. Most of the time phrases – needed to be written somewhere. So
like “cd to the root directory” mean that there’s /var, a repository for all manner
you should run cd / not cd /root. of “variable” data, which is where you
The secret to understanding the quirks of the Linux
filesystem is to put yourself in the mind of a 1980s
Unix system administrator
16 www.linuxvoice.com
� SYSTEM ADMINISTRATION FEATURE
With your permission
The disk free It’s no surprise that when Linux inherited its filesystem three sets of permissions, indicating the access rights
command with from Unix, notions of file ownership and permissions of the owner of the file, any member of the group that
human readable came along for the ride. Each file or directory has the file has been assigned to, and any other user.
output (df -h) will
give you details of
which drives are drwxrwxrwx 2 elvie linux_voice 4096 Apr 4 08:18 VL_articles
mounted and much File/directory name
space is available Date/time stamp
File size
Group
Owner (User)
Number of links
really exist on disk, but which appears
Other permissions:
to hold numerous directories and ‘r’ for read permission
files corresponding to the system’s ‘w’ for write permission
hardware, processes and kernel ‘x’ for execute permission
settings. Details about the CPU can be (or permission to enter a
directory)
obtained by reading /proc/cpuinfo, for ‘-’ for no permission
example, while /proc/meminfo supplies
‘Group’ permissions:
details about the amount of memory in As above
the machine, and how it’s being used. ‘User’ permissions:
As above
Alphabet soup File type:
One problem with Windows’ approach Note: There are other permissions and file types ‘-’ for a regular file
to drives is that it’s impossible to add that you may find used for specific purposes. ‘d’ for a directory
This diagram shows only the main values that ‘l’ for a symbolic link
extra space just where you need it.
you’ll see on normal files and directories.
We’ve seen more than one machine
rendered virtually useless by a small
C: drive, while acres of space on drive The most common output you’ll see when using ls -l to obtain a list of a directory’s contents.
D: go unused. The Unix approach
of having a single unified filesystem To change the permissions on a file or directory, use will set a specific combination of permissions – in
avoids this problem by letting the the chmod command. This can take a mnemonic this case it sets the read and write flags for user and
system administrator mount an description of what permissions to apply, so chmod group, while only setting read for other users.
additional drive or partition to any ugo+r filename would add the read flag to the user, Changing the ownership of a file can be done using
group and other permissions, whereas chmod go-w the chown (change owner) and chgrp (change group)
location in the directory tree. Need filename removes the write flag from the group and commands. In practice the former can perform both
more space for your databases? Just other permissions. You may also see it used with tasks, so spare your memory a little work and just
mount another drive at /var/lib/mysql an octal value, such as chmod 664 filename, which remember chown:
and you’re good to go.
Change the owner of the file to the user named
Mapping physical drives into the chown elvie filename elvie, leaving the group untouched.
filesystem like this is managed using
the /etc/fstab (filesystem table) chown elvie:linuxvoice filename Change the owner to elvie and the group to linuxvoice.
configuration file. To avoid drives
chown :linuxvoice filename Change the group to linuxvoice, leaving the owner untouched.
getting mapped in the wrong order,
most distributions now use a UUID
(Universally Unique IDentifier) to
reference a partition or filesystem in systems still have that, but often also you’ll still find many seasoned admins
fstab, rather than the traditional /dev/ have a /media directory used for even splitting their /home directory out into
sda1 style of naming. Use ls -l /dev/ more ephemeral mountings – think CD- a separate partition, which makes
disk/by-uuid in a terminal to see how ROMs and USB thumb drives. it easier to do a complete wipe and
they are related, and run man fstab You might think that hanging on to reinstall without losing any user data.
if you want to know more about the all these vestiges of an OS from the Although it’s rare to mount parts of the
syntax of this file. 70s is a bit of an anachronism now that filesystem as read-only these days,
Not all drives need to be permanently storage space is cheap and plentiful. different performance profiles of solid
mounted into a specific location. To Indeed it is possible to run a Linux state drives versus spinning magnetic
temporarily mount a drive, traditional system with just a single large partition, platters mean that there’s still good
Unix and older Linux systems use and many desktop installations reason to split your filesystem across
a /mnt directory. Modern desktop default to little more than that. But multiple drives, even for a home user.
www.linuxvoice.com 17
� FEATURE SYSTEM ADMINISTRATION
OF USERS AND GROUPS
Who can do what to whom?
Through its Unix heritage, Linux was
born as a multi-user operating system.
From the outset there was support for
multiple users on a machine, each with
their own home directory through
which their files could be segregated
from the prying eyes of other
individuals. To facilitate collaboration
there were also groups, a mechanism
with which users could be corralled into
functional or institutional divisions in
order to share files between their peers
without having to open up access to
everyone else on the machine.
But there’s more to users and groups
If you want to run a graphical
than just sharing files. Every process
program as root, it’s best to
on a Linux box runs under the auspices use gksudo or kdesudo.
of a specific user, so a typical machine
also includes a number of ‘system’
users. The first of these is root, the
superuser who owns the very first practice to log in as root – and if you and take a look at the first column to
process, from which all others are have to grant yourself super powers see who owns the processes that are
spawned. But root’s complete control it’s advisable to revoke them again as currently running on your system.
over the system makes it dangerous. soon as possible. For the same reason,
A compromised program, owned by many servers and other daemons Control with groups
root, could readily take down the whole (background processes), such as the System-level groups also exist, and are
operating system. A fat-fingered admin, Apache web server or MySQL database, used to restrict access to hardware
logged in as root, can just as easily do run as a separate named user rather or services. In the days when internet
the same. As such it’s considered bad than as root. Run ps aux in a console access was via modems and expensive
phone calls, only those users added
to the dialout group could initiate a
connection, while even now, a desktop
Get your backup back up user on a home machine needs to
Perhaps the single most important job of to a cloud server. That way we can recover be added to the vboxusers group in
any system administrator is that of creating them even when the network is down, or order to access USB devices from
backups. The value of your server isn’t in the access them from another site entirely. The their VirtualBox VMs. Desktop systems
plastic, metal and silicon; it’s in the ones and likelihood of losing all your backups at once
usually have a GUI tool for managing
zeroes that constitute your data. Here are our diminishes with each location you add.
rules of thumb for backups: • Automate your backups – Whether you use users and groups (though increasingly
• Back up regularly – A backup is only useful a simple desktop program such as Déjà Dup, the groups functionality is hidden). For
if it contains the files you need; you don’t roll your own script with cron and rsync, or
want to be the one telling your boss that the set up a complex multi-server backup using
file he’s been working on for three days is Bacula, the key thing is to have a system
lost because you only back up once a week. that works reliably in the background so that
• Make off-site backups – Backing up to you don’t have to remember to do anything
a second drive in your desktop machine except change the tapes or disks.
is fine, until they’re both destroyed by an • Rotate your backups – Not physically, If you often run a root
errant power supply. Backing up to another temporally! Don’t just have a single backup terminal using su or
computer in your office is better, until a fire drive that you overwrite each time, but use sudo -s, keep an eye
takes them both out. An off-site backup several in rotation. That way, even if the on your command line
vastly reduces the likelihood of you losing most recent backup is corrupted you have a prompt to see whether
everything at once, whether that’s swapping chance of recovering data from an old copy.
you’re currently
CD-ROMs of photos with a relative, or • Check your backups – An unreadable backup
hosting your backups on a cloud server. is just as bad as no backup at all. You
running as root
• Make multiple backups – Our most should regularly check your backup process
important files get backed up to a local hard by attempting to recover data to a spare
drive, to a NAS box on our network, and also machine or drive.
18 www.linuxvoice.com
� SYSTEM ADMINISTRATION FEATURE
Disaster recovery
Your server has died, your backups are bad, but still (www.system-rescue-cd.org), Ultimate Boot CD further degradation (see our tutorial in LV013). You
all is not lost. Linux is a great platform for disaster (www.ultimatebootcd.com) and Trinity Rescue Kit can then try to recover files from the image or, if
recovery, due to its capability to run live from a CD, (trinityhome.org – principally for the recovery and it’s not even possible to mount the filesystem, try
DVD or USB stick. Just pop your server’s hard disk repair of Windows machines). Download them and the testdisk program, which can often recover files
into another box, boot from the CD and start the familiarise yourself with their tools before you need or even whole partitions. As a last resort, photorec
recovery process. to use them in earnest! can recover files by directly reading the disk sectors
While you can use pretty much any live CD, there If you suspect that the hard drive might be and looking for data that matches the signature of
are some that are packed full of tools for data dying, use GNU ddrescue to create an image file, known file types. If you get that far, though, don’t
recovery such as System Rescue CD then remove the drive from the box to prevent any expect anything close to 100% recovery.
command line operation the useradd,
usermod, groupadd and groupmod On systems such as Ubuntu, OpenSUSE
and Mac OS X, the root user account is
tools provide low-level facilities for
the same purpose, while on Debian-
disabled to prevent you logging into it
based systems adduser and addgroup
provide more friendly wrappers to these
underlying commands. Once they’ve
logged in to their new account, a user
can use the passwd command to specified username) as required.
change their own password. The same On other systems, such as Ubuntu,
command, if followed by a username, OpenSUSE and Mac OS X, the root
can be used by the admin to reset a user account is disabled to prevent you
user’s password when the inevitable “I either logging into it, or using su for the
can’t log in” call arrives. same effect. These instead offer the RAID arrays provide
sudo command, which is a short-lived
redundancy in case of
a disk failure, but
What’s in a name? version of su, elevating you to root
they’re no substitute
It’s important to note that user and solely for the duration of the supplied for backups – RAID is
group names are purely there for the command. For example, sudo nano -w for uptime, not
convenience of us muddle-headed /etc/fstab will enable you to edit restoring lost data
humans; Linux itself works with /etc/fstab (a root-owned file) using
numeric IDs. This is particularly the Nano editor. You can also use
important when restoring files from sudo -s to open a root shell if you
one machine to another – you need to need to perform several administrative
either re-create users and groups in the operations in succession. Once you
right order, or be prepared to re-map have a root shell, whether using su or
the files’ ownership. You can use the -R sudo, you should drop back to your which opens the file in a text editor
option to chown in order to recursively normal user as soon as possible and also performs some validation
change the ownership of a whole – press Ctrl+D at the prompt, as a checks before any changes are saved.
directory and its descendants. shortcut for the exit command. The slightest problem with this file will
As the administrator you will With su you need to know the cause sudo to lock down, preventing
inevitably have to execute some password of the account you’re anyone from gaining superuser rights.
commands with root privileges. On switching to. Sudo takes a different If you haven’t set a root password this
some systems you can log in directly approach: you provide your own puts you in the Catch-22 situation of
as root, although that leaves you password, but the program has a not being able to gain sufficient rights
prone to running commands with configuration file (/etc/sudoers) to to fix the problem, and you’ll have no
higher privileges than they need, determine which applications can choice but to boot from a live CD and
making a typo or bug exponentially be executed with elevated privileges try to alter the file from outside your
more dangerous. Better to remain a by which users. A word of caution: normal running environment. Better
normal user and use the su command DON’T edit that file directly! Instead by far to use visudo to avoid a bad file
to elevate yourself to root (or another you should use the visudo command, being created in the first place!
If you have to grant yourself super powers, it’s
advisable to revoke them again as soon as possible
www.linuxvoice.com 19
� FEATURE SYSTEM ADMINISTRATION
NO PC IS AN ISLAND
Look after your network.
Almost all modern computers are
connected to a local network, which in
turn is connected, usually via an ISP, to
the internet. Every sysadmin therefore
needs to know a little about networking
in order to connect clients and servers
to the wider world beyond your
parochial network borders. The majority
of local networks still use the IPv4
protocol, so we’ll focus on that – but if
you’re in a more forward-looking
establishment you may need to read up
on IPv6, too.
There was a time when every device
on a network had to be manually
configured. Now it’s far more common
to just plug your hardware in and
have it negotiate its own IP address
using the Dynamic Host Configuration
Protocol (DHCP). For users’ machines
that’s probably fine, but it’s handy to
give servers a fixed IP address so that
you can document how to connect to Insulation stripper, punch-down tool, Ethernet tester and a couple of short patch leads. This kit cost
them without having to worry about the less than £20 but is invaluable for installing and testing a wired network.
details changing overnight.
To manually set the address on a
modern Linux box it’s easiest to use server you’ll have to edit the underlying distribution, /etc/sysconfig/network for a Red Hat-
the GUI tools that are available with configuration files directly – /etc/ based distro. You can find the syntax in the relevant
your distribution. If your box has no X network/interfaces for a Debian-based man page (eg man 5 interfaces).
Fixed IP addresses
IP fundamentals If you can, though, it’s better to assign fixed addresses
In order to engage with the internet your is local. via your DHCP server. This often isn’t an option for
machine needs to know how to send requests • Gateway – Any requests that aren’t for the cheap router that your ISP supplied for home use,
to the outside world. There are four pieces of your local network are sent to the gateway but should be available on more sophisticated routers
data that are required to do that: address. This is the IP of a local machine
• IP Address – A 32-bit binary number that knows how to talk to other networks.
and firewalls. It’s also a possibility if you run your own
displayed as a “dotted quad” of four numbers For a small network with only one gateway DHCP server, either on an arbitrary machine in your
between 0 and 255, separated by dots. it’s probably the address of the router or network, or via a dedicated firewall distro such as
Each machine’s IP must be unique within firewall. In our example, a request to any ClearOS, IPFire or Smoothwall Express. If you can use
your local network, and most networks address that’s not in the 192.168.0.x range this approach it’s simply a case of finding the MAC
behind a router or firewall will use one of will be sent to the gateway machine to route
the “non-routable” IP ranges – usually it onwards.
address of the network card (run ifconfig and look
192.168.x.x for a home network. The router • DNS Server – The Domain Name System is a
maps ports on its external address back to hierarchical collection of servers that can be
individual machines in your network through queried to find the IP address for a domain
a mechanism called “network address name, so that humans can use “linuxvoice.
translation” (NAT). com” instead of its equivalent dotted quad.
• Netmask – Another 32-bit number that’s You can use the dig command line tool for
combined with your IP to determine querying this service. Many networks have a
whether another address is part of your small DNS server locally (often built into the When troubleshooting
local network. For most networks this is router), which passes queries up to a higher- networks the nmap
usually 255.255.255.0, which means that level server before caching the results to command can be used
any address starting with the same three speed up subsequent requests. Google
to check that ports are
numbers is considered to be part of the has a public DNS server at 8.8.8.8, which
local network. If your IP is 192.168.0.26, is easy to remember when you’re trying to
open and services are
any other address of the form 192.168.0.x troubleshoot network problems. responding
20 www.linuxvoice.com
� SYSTEM ADMINISTRATION FEATURE
Apache usually runs as At your service
a specific system user
(www-data on a Debian With networking up and running, you may want to however, you can edit the configuration files in
system). If you can’t see have at least one service running for other machines /etc/apache2/ to tweak the setup and behaviour to
your web pages, check to connect to. Linux is more than capable of handling suit your requirements. Just about any other server
the file ownership and file sharing (Samba, NFS, Netatalk), dishing out web daemon will have its own set of configuration files,
permissions to make pages (Apache, Nginx), providing a database (MySQL, usually located in a subdirectory in /etc. Remember
sure the daemon can MariaDB, PostgreSQL) or even handling your telephone when we said that a lot of system administration is just
system (Asterisk, FreeSWITCH). These services take finding and editing text files? This is what we meant.
access them.
the form of background processes – or ‘daemons’ in Although you can run a number of services on
traditional Unix parlance – programs that sit idly doing a single box, for security, stability or performance
nothing until an incoming request spurs them into reasons it’s often useful to segregate them.
a flurry of activity. Once the file, web page or query Traditionally this meant separate physical machines,
results have been sent they’ll settle back down into a but increasingly administrators are using virtual
stupor until another request comes their way. machines or containers (a more lightweight form of
for the HWAddr section), then putting Services can be added to your Linux box just like virtualisation) to achieve the same effect with less
that into a config file or web interface, any other package, and will generally be installed with hardware. Running cloud-based services further
some basic defaults. sudo apt-get install apache on muddies the water, as you won’t even know the details
together with the IP address you
an Ubuntu box, for example, and your machine will of the underlying hardware.
want to use. Whenever the computer be up and running as a web server; anyone on your These topics are probably outside the realms of a
makes a DHCP request it sends its local network will be able to access the default web simple administrative primer – at least for now. Within
MAC address to the server, which will page (/var/www/html/index.html) just by putting the next few years we expect containers to become
respond by allocating your chosen IP. your machine’s IP into their browser’s URL bar. You more mainstream, resulting in more user-friendly
can replace that file or add more to build up an entire management tools, so that an equivalent article in the
If you find yourself having to
website if you want to, which is great for internal future may well begin with the assumption that your
administer a wired network, it’s worth testing before you upload the files to some hosted Linux box is little more than a big container to hold all
familiarising yourself with the hardware web space at your ISP. If you don’t like the defaults, your small containers.
end of things. With the right tools it’s
easy to run a length of Cat 6 Ethernet
cable: it’s connected to a socket at
either end using a “punch-down tool” are sound, or if you have any crossed into two parts that are plugged in at
that forces each individual wire into wires. Cables may run through walls opposite ends of the connection. Just
a colour-coded terminal while also and under floors, from the wall socket press a button on the active end and
trimming the wire. A cheap tester is near a user’s desk to a patch bay in LEDs will show you the state of each
sufficient to tell you if your connections the server room, so the tester splits wire.
Now it’s common to just plug your hardware in
and have it negotiate its own IP address
Your journey has just begun
“System administration” is such a broad access the system’s documentation
term that we could have filled an article via the man and info commands, and
twice as long, and still felt as though how to search the internet for arcane
we’d missed something vital. There information. Don’t forget to document
are books on the subject that are thick your findings – preferably online where
enough to test the finest bookshelves, your fellow admins can learn from
and that’s not including the many them.
application-specific tomes that go There’s a lot more to being a system
into far more detail. However, they’ll administrator than resetting passwords
all be out of date in a couple of years and telling users to “turn it off and on
– the title of System Administrator again” – although there is a fair amount
represents a journey, not a destination. of that as well! But at its heart, the job
We’ve said that the most important of a sysadmin is one of self-education.
job of an administrator is running One article can’t tell you all you need to
backups. But the most important skill is know, but there’s also a wealth of useful
the ability to find information, absorb it, information in our back issues (all of
and learn from it. Every admin’s role is which are available to subscribers),
different and often changes on a daily and there will be a lot more to come
basis. You might have to administer an in future. What better way to further
ancient machine running an obsolete your abilities as an admin than to relax
OS one day, then beta test a distro with a cup of tea and a copy of Linux
that’s not even released yet on the next. Voice? If your boss asks, just tell him
Either way you’ll have to know how to it’s research.
www.linuxvoice.com 21
�LINUX
FEATURE LINUX AND MICROSOFT
&MICROSOFT
CURIOUS BEDFELLOWS
Microsoft loves Linux – or at least, that’s what the company claims.
But how did this happen? And can we trust the Redmond giant?
S
omething very strange is going on. products under open source licences major cloud services provider, away from its
For decades, Microsoft fought GNU/ and being less hostile to our community. traditional cash cows of Windows and
Linux, criticised it, insulted it, tried to Some have attributed this to the change of Office. But at the same time, Linux has been
make people scared of using it, and leadership in Redmond: the chest-thumping enormously successful in the cloud, so
generally was an enemy of the whole open hyper-competitive Steve Ballmer was Microsoft wants a piece of the action.
source movement. Even hardcore Windows replaced by the more level-headed Satya Nadyella has even claimed that “Microsoft
fans were sometimes ashamed of the way Nadella, who many argue has a much more loves Linux” – presumably when it’s running
that Microsoft executives talked about the sensible long-term strategy than simply on the Azure cloud infrastructure, though.
budding Free Software community. Sure, “destroy anything that isn’t made by us”. So what does all this mean for GNU, Linux
competition is healthy and Microsoft had and Free Software? Is it time to celebrate?
every right to pitch its products and services Head in the clouds Have we won, and the market is now
against Linux – but not in such a sour, overly Then there’s the whole hype surrounding the operating freely, healthily and competitively?
aggressive, and some might say anti- “cloud”. Whereas Microsoft dragged its feet Or is Microsoft now a wolf in sheep’s
competitive manner. with the internet in the 1990s and mobile clothing, pretending to be a happy partner
In recent years, this has changed. devices in the 2000s – losing a potentially in the FOSS ecosystem but with long-term
Microsoft has gradually shifted its stance huge market share with the latter – the goals to embrace, extend and extinguish the
on Free Software, releasing some of its company has worked to establish itself as a platform we love?
Microsoft has gradually shifted its stance on Free Software, releasing some of its products
under open source licences and being less hostile to our community
22 www.linuxvoice.com
� LINUX AND MICROSOFT FEATURE
THE EARLY DAYS
How Microsoft originally perceived FOSS and Linux.
Above left: Microsoft
Although the concept of “software” (that is, encoded share them on the internet – was baffling to many
was hauled before the US
instruction that can be loaded onto a computer) has proprietary software developers at the time. courts in 1998 for anti-
been around since the late 1950s, it wasn’t until the Of course, GNU/Linux was very much a hacker’s competitive behaviour, but
1970s and early 1980s that the idea of hobbyist plaything in its early years and didn’t make got away with a slap on the
commercialising it took off. Before then, software was a blip on Microsoft’s radar – the company was busy wrist.
simply a means to an end – and sharing it, viewing its establishing an empire with MS-DOS, Windows and Above right: Microsoft’s
source code and making modifications was simply Office. And while Windows 95 was hardly the bastion Jim Allchin called open
part of the package. If you wanted to make money, of stability, it had a certain level of spit-shine and source an “intellectual
property destroyer”.
you made hardware; software, being an abstract refinement that put it beyond the desktop-oriented (credit: Gregor Hochmuth,
collection of 1s and 0s, was just something to make Linux distros of the time. CC-BY-SA, www.flickr.com/
people/25302425@N00)
the hardware do a useful job.
Many people like Richard Stallman, the creator of Rising to the challenge
GNU, came of age in this environment of sharing and Linux really started to get Microsoft execs’ brows
modifying software. The idea that someone could furrowing in the late 1990s and early 2000s, as
sell you software that you can’t study or change was Ballmer and co. started to aggressively pursue the
alien. But a certain William Henry Gates III, founder of server space. Unix was the big player there, but many
“Micro-Soft” took a different line in 1976. In response of the commercial Unix variants (such as HP-UX
to piracy of his company’s Altair BASIC interpreter, he and Irix) were declining in popularity and it was clear
wrote an “open letter to hobbyists” stating: that Linux would emerge as the new “standard”. Unix
“As the majority of hobbyists must be aware, most vendors were rushing around to incorporate Linux
of you steal your software. Hardware must be paid for, compatibility and FOSS packages into their releases,
but software is something to share. Who cares if the but Microsoft wanted to assault the open source
people who worked on it get paid?” project full-on. Microsoft’s
Now, Gates had a point that people illegally copying In 2001, Windows chief Jim Allchin said: “Open early ethos
software simply to avoid paying for it weren’t doing source is an intellectual-property destroyer. I can’t
was very
the right thing. But this line also showed the growing imagine something that could be worse than this for
rift between traditional hackers who simply regarded the software business and the intellectual-property much
the sharing and studying of software as an essential business.” As if that wasn’t sour enough, Microsoft antithetical to
freedom, and a then-new wave of businesspeople CEO Steve Ballmer followed up with “Linux is a cancer
the concepts
who wanted to close up software, prevent people that attaches itself in an intellectual property sense
from studying it, and charge lots of money for it. to everything it touches.” Not only was comparing of Free
So Microsoft’s early ethos was very much the efforts of a passionate, sharing-oriented tech Software and
antithetical to the concepts of Free Software and community to a horrible illness an incredibly stupid
open source
open source. Indeed, the idea that people would write thing to do, but it obliterated any hope for the FOSS
large pieces of software without being paid – and community that Microsoft would play fair.
www.linuxvoice.com 23
� FEATURE LINUX AND MICROSOFT
RECENT YEARS: A TIME OF CHANGE
Just when things were looking really bad, a new CEO steps in…
Above left: In late 2014,
In the early 2000s, the relationship between Microsoft Nadella was seen as a more compromising
new Microsoft head-
honcho Satya Nadella and the GNU, Linux and Free Software movements player than Ballmer; he had a huge job on his hands,
claimed in a presentation was incredibly sour. This was only compounded by retaining Microsoft’s significance when in a world
that his company “loves SCO’s hyperactive legal manoeuvres against IBM: where most servers, cloud deployments and mobile
Linux”. Hmm… SCO claimed that IBM had snuck proprietary Unix devices were not running his company’s software.
Above right: If Vim and code into Linux, and therefore wanted a billion dollars Sure, Windows and Office still dominated in homes
Emacs don’t float your as reparations. There was plenty of reason to doubt and businesses – but Nadella recognised that the
boat, you can now hack these claims, but what really irked the Linux company needed to adapt. Whereas Ballmer tried to
code on Linux in an open
community was the possibility that Microsoft was establish Microsoft in new markets by throwing huge
source editor created by
funding SCO’s legal claims, in order to make Linux amounts of money at them, Nadella saw the need
Microsoft: Visual Code.
deployments look risky. The classic Fear, Uncertainty for at least some cooperation with the established
and Doubt (FUD) strategy in action. players there.
And who knows – although SCO ultimately failed
in its attempts to throttle Linux adoption, it may well Turning the ship around
have slowed down progress for a while and sown the And so in October 2014, Nadella said something
seeds of doubt in many minds. Meanwhile, in 2004 that would have been unimaginable just a few years
Microsoft kicked off a controversial “Get the Facts” earlier: “Microsoft loves Linux”. Those of us who’d
marketing campaign, which claimed that Linux has been writing about Linux and FOSS for 15+ years had
more security vulnerabilities than Windows, is less to look out of our windows for a glance of flying pigs,
reliable, and the total cost of ownership is higher due but no, it was real. Microsoft wanted to become a
to retraining and migration costs. In other words, major player as a cloud services provider, Linux was
Windows is pretty much the best choice everywhere. hugely popular as a cloud OS, so Microsoft made
Microsoft But Microsoft’s claims were criticised all across the that statement. Of course, how true it is remains to
tried to computing world: in terms of security vulnerabilities, be seen – it’s very easy to profess love for short-term
intervene it’s unfair to compare a stock Windows installation gain. But with over 20% of Microsoft’s Azure cloud
(which included WordPad and Minesweeper) to a running Linux, we don’t think the company will cancel
when the city stock Linux installation (which typically included much the whole operation and go back to “Linux is a cancer”
of Munich more software, including development tools, server any time soon.
switched to apps, Gimp, OpenOffice.org etc.) But it’s more than just talk. In 2015, Microsoft
Microsoft continued to battle Linux, trying to announced Visual Studio Code, an open source editor
open source intervene when the city of Munich switched to open for multiple programming languages that runs on
and showed source (see www.linuxvoice.com/the-big-switch), Windows, Mac OS X and Linux. And instead of being
no interest in and generally showing no interest in cooperating with released under a custom Microsoft-specific “shared
the FOSS community. That was pretty much the story source” licence, it was released under the MIT licence.
cooperating of the 2000s, but in the early 2010s, things started What benefit does Microsoft get from this? Well,
with the FOSS to change. Microsoft execs started to make more one could argue that it’s all about mindshare. From
community positive statements about Linux and open source, and Microsoft’s perspective, if someone is committed to
on 4 February 2014, Satya Nadella took over the CEO using Linux, it’s best if they’re doing it on Microsoft’s
job of Microsoft, replacing Steve Ballmer. Azure cloud and using Microsoft’s tools to develop.
24 www.linuxvoice.com
� LINUX AND MICROSOFT FEATURE
THE ROAD AHEAD
Where will the Microsoft-Linux relationship go from here?
Above left: Microsoft CEO
So, Microsoft loves Linux, provides Linux support on “Microsoft Linux 2017” with the most kick-ass version
Satya Nadella is much
its cloud infrastructure, and is creating open source of Minesweeper that no geek can refuse. No, we have more FOSS-friendly than
software that runs on Linux. We’ve won, right? to keep a careful eye on the terms and conditions his predecessor – but will
One of the fears that many of us in the Free Microsoft uses for Linux on Azure, the licences it uses it last?
Software community have is the “embrace, extend for its open source software, and whether all this is (credit: OFFICIAL LEWEB
PHOTOS, CC-BY, www.flickr.com/
and extinguish” business strategy; this is where gradually accompanied by closed source, proprietary
people/86704644@N00)
a company pretends to support a competitor’s extensions, plugins or services. Above right: If Microsoft
software, adds custom and proprietary extensions seriously loves Linux,
to it (effectively fragmenting the market), and then Be a good community player it could work with the
proceeding to take it over or shut it down. Then there’s the issue of software patents. Microsoft community to resolve
There are many examples in the history of hasn’t been the worst offender in this regard, but the patent issues with Android.
Microsoft in which the company has been accused company still makes money from Android phones,
of employing this tactic. Take Java, for instance. claiming that Google’s OS infringes a bunch of its
Java was created by Sun Microsystems to make patents. The problem is, Microsoft has never been
cross-platform application development easier – so fully clear which patents these are. Obviously, we
you write a program once, and it will run flawlessly at Linux Voice are no fans of software patents, but
on Windows, Mac OS X and various Unix flavours. working with the situation we have right now, we’d be
Other companies could create their own Java a lot happier with Microsoft if the company at least
implementations too. revealed the patents involved and worked together
So when Java started to take off, Microsoft with Google and the Android community to resolve We have
appeared to support it, despite wanting developers to the situation.
focus on Windows-only programs. Microsoft made We have nothing against healthy competition – nothing
its own implementation of Java but promoted its J/ after all, a Linux monopoly could lead to stagnation against
Direct technology, which allowed Java programs to – but we want it to be about features, performance, healthy
directly access certain Windows features. The end security and stability. Things that actually affect real
result? Java coders on Windows (the most popular people, and not the squabblings of lawyers. competition,
platform) ended up using J/Direct features, thereby So Satya, if you love Linux as much as you say, you but we want
stopping such programs from running on competing must also regularly read the best Linux magazine in it to be about
operating systems. the world. So Linux Voice says: back up your words
Now, some would argue that it’s much harder for with actions. Show that you’re in it for the long run. features,
Microsoft to employ the same tricks against GNU/ Write up a clear charter or policy statement about performance,
Linux, given the open source underpinnings of our your plans for Linux and FOSS. Drop spurious patent security and
operating system. But if Microsoft really does want to claims. Embrace Linux without needing to extend and
embrace, extend and extinguish Linux, the company extinguish it. And then we can all sit down together stability
will certainly be a lot more subtle than releasing and have a nice cup of tea.
www.linuxvoice.com 25
� SECRETS CHROMIUM
SECRETS OF
CHROMIUM
Find the hidden features to get the most out of your browser.
B
ack in issue 21 we looked at the hidden features of Firefox, first place. Hidden behind this plain interface there are more features
and this time we turn our magnifying glass on Google’s than first meet the eye. If you take the time to look deeper, you can
offering, Chromium. This browser is built from the open find some great ways of saving time and enhancing your web
source code for Chrome (Google’s proprietary web browser). experience. Here, we take a look at our eight favourite Chromium
Chromium’s minimalist interface just gets out of the way and lets features. (They all work in Chrome as well, but we prefer to stick with
you browse the web, which after all, is what you opened it for in the the truly open source option.)
01
02
01
Task manager but you can also use it as a calculator. rainbow in ways that are sometimes
Your web browser runs Just enter your sum, and in the elegant and sometimes garish. Find the
many pages in the same way drop-down suggestions, one of the lines one that’s right for you and brighten up
that your operating system runs many will give you the answer. Obviously, it our web browsing.
programs. Just like your OS, Chromium would be overkill to open Chromium just
04
can give you a breakdown of which web to perform a calculation, but if you’re Sandboxing
pages are hogging your memory, already using the browser, it can save The web is a security
processor and network connection you opening a calculator as well. nightmare. Your browser is
giving you useful information if your constantly processing content from
03
system starts to slow down. Go to Themes remote sites, and anyone can set up a
Tools > Task Manager to see details. If By default, Chromium is website anonymously and serve any
you want to drill down further, click on displayed in various shades content they like. Websites are regularly
Stats For Nerds to get a more fine- of grey. It’s inoffensive, some might compromised and made to display
grained view of what’s happening. even say stylish, but it’s definitely malicious content, yet at the same time,
boring. Why have a colourful, vibrant we expect to be able to go to any
02
Omnibar maths desktop background only to cover it up website and suffer no ill effects.
You probably know that with uninspiring monotone? Well you Chromium puts each tab into a sandbox
you can use the single text don’t have to. In the Chrome Web Store so that any malicious activity is
bar at the top of the Chromium window (see secret 5), you can select Themes. confined to that website and can’t
to enter URLs and perform searches, They range through every colour of the reach our machine’s internals.
Chromium puts each tab into a sandbox so that
05
Web Store
The basic version of
any malicious activity is confined to the website Chromium is quite limited.
In some ways, it embodies the old Unix
and can’t reach our machine’s internals philosophy of ‘do one thing well’. It’s
26 www.linuxvoice.com
� CHROMIUM SECRETS
03 04
06
05
07
very good at rendering web pages, but a lot of tabs open, and even more
doesn’t go very far beyond this. It does, significant if the tabs are advert-heavy,
however, give you the ability to extend as these tend to use a lot of processor
the core with additional functionality. power to render.
You can browse a wide range of
08
07
addons on the Web Store (https:// Applications shortcut
chrome.google.com/webstore). There are some websites
There are a few apps in here, but we that we use as if they were
find the extensions to be most useful. desktop applications. Take web-based
Here you’ll find all manner of ways to email for example – it’s really not very
add more functionality to your browser, different from a regular email client, so
such as blocking adverts and using it makes sense that it should be treated
bookmark managers. more like an application than a regular
web page. Chromium enables us to
06
Multi-proccess tabs make application shortcuts. These
Chromium uses a different wrap up a page (such as our webmail)
process for each tab in your into a launcher that opens a minimal
browser, which means that it makes browsing window. This launcher will be
better use of your multi-core CPU than treated like any other application
some other browsers that keep running launcher on the desktop or in the Chromium enables you to pin tabs of
each new tab you open in the same Applications menu. your most-visited websites to the left
process. This also means that if one side of your browser; these are kept
08
browser tab is CPU-intensive, the other Pinned tabs together and always opened when you
tabs don’t slow down significantly, as There are some websites start your browser. The top of the tab
they can move to a different processor you visit more than others displays just the Favicon to save space
core that’s not being used as much. – perhaps you’re a Hacker News junkie, – and after all, you recognise the icon
This is most significant for people with or maybe you’re addicted to Facebook. of your favourite websites don’t you?
www.linuxvoice.com 27
� SHOW REPORT LIBRE GRAPHICS 2016
Libre Graphics Meeting 2016
Ben Everard discovers that all art is at once surface and symbol.
W
e rarely venture out of Linux Voice Towers, running over ground – mind tricks like this are why we
where the comforting hum of the server like to stay in the south-west), we made it to the
room is the soundtrack to our lives. borough of Brent – there to meet with some of the
Residing in the south-west of England, we have all the movers and shakers behind the graphics software on
cheese and cider we need on our doorstep, which your Linux machine.
meets most of our needs. Alas, our little penguin-
powered headquarters can’t quite provide all our A meeting of minds
social interaction, and on occasion we have to venture Every year, the community of people working on and
out into the wider world. The Great Western Railway with Free and Open Source graphics software get
– designed by Isambard Kingdom Brunel – carried us together to code, chat and share their successes
up the Avon valley, through the Box Tunnel (aligned so with each other. The Libre Graphics Meeting (LGM)
that the rising sun shines through on Brunel’s moves around the world, and in 2016 it came to the
birthday) and into the metropolis of London. After a fair shores of England. The University of Westminster,
short hop on the underground (which was confusingly Harrow campus is focused on design, so made a
The Libre Graphics Meeting caters to all forms of
art, but the 2016 event particularly focused on the
theme of “Other Dimensions”.
28 www.linuxvoice.com
� LIBRE GRAPHICS 2016 SHOW REPORT
fitting venue for the annual get together.
Artwork hanging from the ceiling, sculpted tables
and a staircase-sofa were all to be found in the main Modelling) and FreeCad by Yorik van Havre; TopoBIM, a
forum to provide graphical stimuli for the participants. 3D editor for early stage architectural design by Mark
The LGM caters to all forms of art, but the 2016 Meagher and Phil Langley; and 3D stenanography, by Students’ designs
adorn The Forum at the
event particularly focused on the theme of “Other Dennis de Bel.
University of Westminster
Dimensions”, particularly depth. Recent technical While the 3D-themed content extended the range Harrow campus.
advancements in 3D printing have made it much of the event, these talks didn’t dominate the schedule.
easier to use digital products to create three- In total, there were 56 different talks, workshops
dimensional products – both physical and virtual. and sessions covering areas as diverse as font
This extra dimension came in the form of a talk on validation and using Libre Graphics in education. The exhibition alongside
architectural design, BIM (Buildings Information Some talks were more about the art side of things, the conference displayed
work by Libre Graphics
artists.
www.linuxvoice.com 29
� SHOW REPORT LIBRE GRAPHICS 2016
others more about the technical side of things. The The meeting is free to attend thanks to
The talks covered a wide
range of issues such as only real qualification is that they had to be linked the support of its sponsors, which this year
monitor calibration, Libre in some way to the principals of sharing and free included the University of Westminster, The
Graphics in Brazillian software. We particularly enjoyed the talk by Mick Software Sustainability Institute, BrydenWood
colleges and Manchester’s Chesterman about Edlab, an educational space linked Technology, Furtherfield, Fossbox and The
EdLab. to Manchester Metropolitan University. We learned Common House among their number.
that Edlab is a student enrichment and employability Thanks to their generous support as well as
project that uses open source technology along with the hard work of the organisers, the 2016
collaboration, participation, cogeneration and agility to LGM ran smoothly and was thoroughly enjoyed by all
help primary and secondary students in the north- the people we spoke to.
west of England (www.edlab.org.uk). Alongside the meeting, the University of
Westminster hosted the Libre Graphics Culture and
The corridor track Practice exhibition in London Gallery West (part of
Talks and presentations are only part of the value the Harrow campus) from 15 April until 22 May 2016.
of the LGM. It’s a once a year opportunity to come Appropriately for an institution that hosted the first
together with other people working in the same area – motion pictures in Britain (at the university’s Regent St
and often on the same project – to socialise face-to- Cinema in 1896), the first artwork you see on entering
face rather than via a computer terminal. On Saturday the gallery is a flickering motion picture of the LGM
The Libre Graphics Culture night, everyone decamped to The Common House, logo. The exhibition also featured posters, books and
and Practice exhibition “a collectively managed space for radical groups, cartoons that brought together work from many areas
included work showing the projects and community events” (in its own marketing of creative computing. According to the exhibition’s
creation of free fonts. words) for the annual party. The following day, the press release, “the selected work allows a critical look
evening social life moved the Cock Tavern in Euston. at software as cultural production, rather than just
technological tool”. Perhaps the most unusual thing
30 www.linuxvoice.com
� LIBRE GRAPHICS 2016 SHOW REPORT
about the exhibition is that all the work there was
released under a copyleft licence. True to the spirit
of Libre Graphics, it’s all available for other artists
and creators to remix and re-release in new forms.
Perhaps it’s no surprise that the art world is interested
in open source principles. As TS Eliot put it, “The
immature poet imitates; the mature poet plagiarises”,
or, as Steve Jobs claimed Picasso said, “good artists
copy, great artists steal” (although there’s no evidence
that the one-and-a-half-eared Spaniard ever said this,
the Apple co-founder attributed the quote to him so
frequently that it’s now embedded in the art world’s
collective consciousness). Perhaps the motto of
future artists will be ‘great artists re-use and re-share’.
We’ll meet again
The choice of location for this exhibition (in the School
of Arts, Media and Design) shows that the principles
behind Free Software can apply outside of software
(and even hardware). As more and more products
are digital, the notion of source code is finding a
wider application, even if this source code is in the
form of design files rather than text. Libre Graphics The LGM organisers
spans disciplines, making it the ideal vehicle to get the If you weren’t able to make the event, don’t worry: made sure every attendee
messages of Free Software to a wider audience. the LGM has its own YouTube channel where you knew where to go and
The final act of the conference was to look to the can find videos going back six years: https://www. what to do.
future. Libre Graphics is a global movement, and the youtube.com/user/LibreGraphicsMeeting. At the
meeting moves around the world every year to take time of writing, the 2016 videos weren’t yet uploaded,
into account the participants from different countries though they may be there by the time you read this.
and continents. In 2017, the Libre Graphics Meeting The LGM is unlike any other FOSS event we’ve
follows the Olympics and World Cup as it heads attended. The cross-discipline nature of the subject
to Brazil, and organisers discussed plans with the inevitably attracts a diverse crowd and diverse
attendees. At the time of writing, there were no firm speakers. If you’re in Brazil in 2017, we strongly
plans for 2018, though Singapore, Italy and the Czech recommend you pop along even if you’re more
Republic were all suggested. interested in Libre than you are in Graphics.
www.linuxvoice.com 31
� FAQ APACHE HADOOP
Apache Hadoop
When your data is too big for one machine, you need a cluster –
and the software to power it.
from Wikipedia https://dumps. framework. The data processing
BEN EVERARD wikimedia.org; the International framework enables you to schedule
Genome Sample Resource http:// and run jobs on the data, and these
www.1000genomes.org; and the Large jobs are small programs that transform
Hadupe? As in Ha! You duped Hadron Collider data at http:// the input in some way to create an
me into thinking that was a opendata.cern.ch/?ln=en. You should output. These programs are usually
real word? What is this silliness? also find plenty more online depending written in Java, though you can use
It’s Hadoop not Hadupe,and it’s a on the area you’re interested in. other languages. The key part of these
real project under the umbrella of While it is possible to create a single programs is that they are structured to
the Apache Foundation that enables machine with a really large storage do a map-reduce. There are additional
the processing of huge datasets on capacity, it’s not practical to perform frameworks that can run on top of
clusters of machines. complex analyses of hundreds of Hadoop to give SQL access to the data.
gigabytes of data on a single CPU in a Apache Hive and Apache Drill are two
‘Huge datasets’? Are you trying reasonable time frame. Big data is all such options.
to avoid a buzzword there? about finding useful information in large
OK, yes, Hadoop is for big data. . datasets, so we need tools to help us Hang on, map-reduce – what’s
These days, it feels like people analyse data this large, and the only real that?
are throwing the phrase ‘big data’ at any option for this is splitting it up across Map-reduce is the method by
dataset too large to fit on a 1.44MB multiple machines and to process in which Hadoop splits up the
floppy, but in reality, big data is any parallel. In simple terms, Hadoop processing across all the clusters. The
dataset that’s impractical to handle on enables us to throw more machines at first phase is the map. Each machine in
a single machine. the problem – as long as you can get the cluster has a different chunk of the
A lot of big data is held in secret by your hands on enough machines, you dataset, and Hadoop goes through each
private companies, but there’s a can use Hadoop to analyse almost any item in the dataset and uses the map
growing push for open data around the size of dataset. function to generate an output.
world, which has led to some big On very large datasets, you’ll have a
datasets becoming available for the I’ve done some data work huge number of map outputs. These
general public. If you’re interested in big before and always used SQL aren’t particularly useful to us, because
data, there are a few options for you to databases. Does Hadoop use SQL or we generally want to aggregate them in
investigate (provided you’ve got a fast have its own language? some way to make them
enough internet connection and Both. Hadoop is a little different to understandable. This is done by the
enough computing power). A few to get a database – it’s a data store reduce phase, in which Hadoop
you started are: content and pageviews coupled with a data processing combines the various mappings into a
smaller number of outputs. Again, this
Big data is all about finding useful information is done using the combined processing
power of the cluster.
in large datasets… Hadoop enables us to throw That is all a bit abstract, so let’s look
at an example. Suppose you had a
more machines at the problem dataset made up of the pages of Linux
32 www.linuxvoice.com
� APACHE HADOOP FAQ
Voice. Each entry in the dataset The name Hadoop comes from
contains the issue number, the page the name the son of the project’s
number, and the text on that page. Now, creator (Doug Cutting) gave his
let’s suppose that you wanted to find stuffed yellow elephant.
out how much Raspberry Pi content we
printed in each issue. The map phase
could map each page to a count of the
number of times the phrase “Raspberry
Pi” appears on the page. The reduce
phase could then be to count up the
results by issue. The final output would
then be the number of times the phrase
“Raspberry Pi” occurred in each issue.
The map and reduce phases can be
as simple or as complex as you like (or
your cluster can handle). Since they’re
typically written in Java, you can
perform far more advanced
computations than you could with an
SQL query. For example, if your dataset
contained images, you could do object
recognition in the map stage to count
the number of faces in each image, or if system and immediately start running To run Hadoop, the first thing you
your recognition system is good – that would result in network delays need is hardware. Hadoop will run on
enough, identify individual people. that could be huge. Instead, the data is clusters of thousands of machines, but
routinely stored in HDFS so that when it also works on a single node, which is
If I’m dealing with a huge you need it, it’s already distributed the easiest way to get started. However
dataset (let’s say 1TB) across across the nodes. Essentially, Hadoop many machines you’re running it on, the
a lot of nodes (let’s say 1,000), how enables you to combine your storage first decision is whether to run a
does that avoid swamping my system with your processing system to distribution of Hadoop or install it from
network? Do I have to send a full cut down on network usage. scratch. Distributions such as Cloudera
copy to every node, only the data (www.cloudera.com) or MapR
needed for that node sent to it, or This Hadoop sounds cool. How (www.mapr.com) bring together
something else? can I get started with it? Hadoop and several other tools to
Something else. Any data you Remember what we said at the create a data-processing platform.
have in a Hadoop setup is stored start: Hadoop is for really big Installing Hadoop from scratch will give
in a Hadoop Distributed Filesystem datasets. If you can process your data you a better view of what’s going on at
(HDFS). In HDFS, data is stored across on one machine quick enough for your a low level, while using a distribution will
all the nodes in the system with a needs, it’s usually best to avoid Hadoop. get you started much faster and also
pre-determined amount of replication to However, this doesn’t mean that you introduce you to other options.
allow the system to recover if a node can’t use Hadoop for smaller datasets You can get a feel for Hadoop by
fails. The HDFS is distinct from the – it may not be technically sensible, but running a single node, but you won’t
map-reduce engine but designed to run it can teach you how to run Hadoop, experience the technology properly
on the same machines, so typically, you and it’s interesting to run your own unless you set it up on a cluster, where
won’t start a map-reduce job by system using the same processing you’ll be able to see how factors such as
uploading a dataset to a Hadoop technology that CERN uses. the number of nodes and the replication
factor of the filesystem affect the
performance and network load. In a
home lab, this could be on a collection
of old PCs or a group of Raspberry Pis.
The machines don’t have to have the
same hardware, but it can lead to
performance oddities if they aren’t.
Alternatively, you can rent clusters of
machines through cloud providers such
as Amazon’s EC2 or Google’s Compute
Platform. Their pricing structures can
be complicated, but these providers
As you would expect for a project from Apache, Hadoop is well documented, and enable you to rapidly scale up or down
everything you need to know to get up and running is at http://hadoop.apache.org. your cluster according to your needs.
www.linuxvoice.com 33
� INTERVIEW SIMON PHIPPS
34 www.linuxvoice.com
� SIMON PHIPPS INTERVIEW
SIMON PHIPPS
FREE SOFTWARE’S GUIDING HAND
Graham Morrison meets an open source troubadour fighting for our digital liberties.
T
here are few people in the world he’s a pro bono director of the Open Rights Southampton, England, and with so much
of open source as insightful as Group and of The Document Foundation. going on in the world of open source –
Simon Phipps. He’s been the Oh, and he writes for us too. We recently especially surrounding licences – we had a
President of the Open Source Initiative, had the chance to meet up with Simon in lot to talk about.
We’ve recently felt a permissive licence allowed those would be crazy not to contribute their
disturbance in the force, as if people to freeload, and putting it out improvements back, because who
permissive licences are becoming under a copyleft licence immediately wants their own fork of httpd? So, as
more accessible. Personally, are you ended the ability of those people to soon as you’ve decided to keep your
on the side of the GPL? freeload, and grew the community. For changes private, you’ve opted to
Simon Phipps: Personally, I avoid the infrastructure software and maintain an in-house fork. And, for
topic strenuously because I think that components, I think you can make a infrastructure software like httpd, that
it’s a very tricky subject to discuss and good case for permissive licensing. But isn’t very smart.
what you end up asserting ultimately is for end user software, I think you can There are some people who do it, like
your own political viewpoint. It’s a make a good case for copyleft IBM, because WebSphere is an in-house
mirror for the percentage progressive licensing. But it isn’t even that simple. fork of httpd, but most people would
that your own personal politics are. You’ve got to ask yourself which effects rather contribute their changes back.
are going be operative in the So, because there is a natural gravity
Do you think one licence is community that you’re looking at. Take pulling changes back to httpd, it can get
more effective at promoting httpd and Apache: the Apache Licence away with having a permissive licence,
free and open source than the rest works really well for it because the and the permissive licence actually
of them? community is made up of people who removes barriers to participation and so
SP: It depends on the community that
you’re applying them to. I do think we’re
better off using copyleft licences for
end user software, because there’s a lot
of money to be made from end user
software by people capturing software
under permissive licences. I say that
from direct experience. We changed the
licence of OpenOffice from a moderately
permissive licence over to the GPL, and
we immediately saw a change in who
was participating and contributing.
So you’re saying there were
more politically motivated
people contributing?
SP: Well no, what was happening was
that there was OpenOffice and quite a
lot of people out there using it that
weren’t contributing, because they
hated the thought of contributing to
something that other people would
benefit from. So having it under a
www.linuxvoice.com 35
� INTERVIEW SIMON PHIPPS
Simon stepped down as
president of the Open Source
Initiative in 2015. Looks like he
still has a soft spot for them…
increases the number of people that are threat if you don’t contribute, and So it’s to do with the
willing to use it and contribute back. so consequently everybody stays in personalities of the people
Now take something like OpenOffice, balance. So I think you need to look at involved rather than a pragmatic
which was and still is a hairball – if the individual situation. approach about what it can deliver?
you’re going to use it commercially then SP: Ultimately, it’s all about people. This
you’re almost certainly going to need to There are breakaway cases like world wasn’t created by robots.
have a fork, and employ people who are Apple with Clang vs GCC that
going to work on it. There isn’t a lot of subvert projects. But do you think things are
incentive to contribute back; they need SP: Right, but you can subvert any changing? Do you think the
incentivising to contribute back. And a model. You can subvert the GPL model. original motivations of open source
copyleft licence on OpenOffice turns out People are busy making AGPL to make are becoming lost on recent
to be a good thing to do. Putting it out scareware. Any model can be generations?
under a copyleft licence resulted in the subverted. Ultimately it’s going to come SP: One of the things that I’m really hot
commercial entities that were working down to what you think you can make on when I’m giving a talk is to anchor
on it seeing the copyleft licence as both work. And this is where the wisest thing everything about open source back to
an incentive to contribute back and also said about licences was coined by Eben the four freedoms. Because the key
a reason to trust the other parties. The Moglen [founder of the Software insight at the root of free and open
problem there is, with a LibreOffice or an Freedom Law Centre]. He said source software was that there were a
OpenOffice with a permissive licence, ‘Licencing is the constitution of a
is that there’s every chance that a well-
funded corporation will come along,
community’.
By saying that, what he meant was
If you treat Free Software
take the work and monetise it without that the licence is the summary of the as just free as in money,
ever contributing to the community. agreements of the collaborators about
And as soon as you get to that how they’re going to behave. If you’re in you come unstuck
position, you get the Canonicals and the a community where the people
Red Hats of this world saying, ‘well why collectively feel more secure with the set of user freedom vectors that create
are we wasting money on this code GPL, you should use the GPL. And if a four-dimensional space that you can
when company X down the street is you’re in a group of people that succeed in. And whenever you try and
making all the money on it?’. And then collectively feel more secure with the treat free software as just free as in
those companies stop investing and Apache Licence, you should use the money, or whenever you try to treat
it becomes a single-company project. Apache Licence. No licence has got a open source as an abstract
Whereas having it under a copyleft magic force on it that prevents it being methodology, you come unstuck
licence, everybody knows that there is subverted by a suitably motivated party, because they work not because they’ve
an expectation to participate, everybody so having something that no one wants got a proven methodology, but because
knows that there is a plausible legal to subvert is probably your best choice. it’s a freedom space. You’ve created a
36 www.linuxvoice.com
� SIMON PHIPPS INTERVIEW
freedom space in which people have with no licences. create the space where it happens
got permission in advance to innovate. The reason it’s got no licences rather than having no expectation of
In which people have got the freedom is that the people that created the openness and needing to be educated
to use, understand, improve and share projects didn’t think they needed about the requirement for it.
a piece of software. licences, because that was mindless
If you forget that open source is bureaucracy. They still think that At one of the lightning talks at
about those freedoms to use, everyone in the world can use the OSCON last year, someone
understand, improve and share, then software, because that’s a basic talked about the GPL being viral and
you begin to come unstuck. You begin assumption. If you put it on GitHub, everybody cheered. We’ve not felt
to think it’s OK to have a free everyone can use it. And the fact they’ve this so much over here in the UK.
community edition. You begin to think put it on GitHub for everybody to use SP: There’s a lot of evidence at
it’s OK to have a piece of hybrid but they haven’t actually told people FOSDEM of people having a really good
software that you haven’t got that they can is the lesson. You know, grasp of the need for freedom. As I say,
permission in advance to change. And they draw those two lines together I think you look at GibHub and you can
that’s when you drift away. and suddenly have an epiphany, where do a glass half full/glass half empty
Now I actually think that the they suddenly realise they’ve got to thing. You could say ‘Oh my God, there’s
generations that are coming in now create a licence file, and what’s got no licences on anything’ or you can say
have an instinctive grasp of the need to be in the licence file has got to be ‘hey look, everyone just assumes that it
to have those freedoms, and that an unsigned licence. Not because it’s ought to be open’. We really ought to
what they need is to be encouraged to a piece of bureaucracy but because help them put licences on things.
articulate them, rather than to be taught it’s an expression of the thing they
that they exist. Because I think if they’ve assumed was the norm. I’m surprisingly But GitHub now defaults to a
grown up doing software with open encouraged by the number of people permissive licence for projects
source tools, everyone has always been who don’t put licences in things on that it hosts, after spending so long
talking about those freedoms and they GitHub because it shows that people trying to decide whether to do a
take it for granted. You’ve only got to have an expectation of openness, and default, and then itself isn’t open
look at GitHub: there’s all this software need educating about the vectors that source.
SP: But they’re moving. They’ve now
got http://choosealicense.com, they’ve
now got the expectation that the code
will have a licence. I don’t actually like
the term ‘permissive’, because I think
that open source licences are all
permissive. I tend to use the terms
non-reciprocal, scope-reciprocal and
fully-reciprocal, because those help you
understand what’s going on better. I
think that each of those categories has
its pros and cons. Fully-reciprocal
licences do get in the way of dinosaur
corporations being involved. Non-
reciprocal licences get in the way of
communicating the need to collaborate
to people that are in corporations. So
they’ve both got downsides.
Could you tell us about your
time at Sun Microsystems?
Sun has had such a lasting impact
on the software we all use.
SP: I don’t know if you’ve noticed, but
Microsoft is now led by a former Sun
employee – Satya Nadella.
Yes, and I suppose there has
been a bit of a glasnost in the
“You need to understand the people you’re
way Microsoft now approaches open
working with… you have to work with the
grain rather than across the grain of the source. When we first met, you were
people you’re working with.” announcing the beginning of the
process for open sourcing Java.
www.linuxvoice.com 37
� INTERVIEW SIMON PHIPPS
if you look at open source today, it’s
awfully like what was happening in the
Java community in 1996. Lots of
people at Sun knew that Java had to
become open source, and when I joined
in 2000 every year from then onwards
there would be a question about three
months before the JavaOne conference
saying ‘well, is this the year we’re going
to do it then?’. And there were some
very strong minded, distinguished
engineers involved who basically said
‘over my dead body’. To make Java go
open source, in the end, Jonathan
Schwartz had to reassign an engineer
to get them out the way so they could
stop obstructing it. But we had, every
year, attempting to make it go open
source, and each year there was a
reason why we couldn’t do it. And in the
end, Jonathan just did it and said ‘I’m
Deborah Bryant sits on the board
the chief executive, I’m going to stand
of the Open Source Initiative, and
up at the conference and announce it
is another tireless promoter of
software freedom. and you can’t stop me’.
So he just announced it
Was there a change in Sun’s source and didn’t need any of these without knowing how difficult
mentality in the late 90s? young whippersnappers coming in and it would be?
There are several different telling them how to do it. SP: No, no, he knew exactly how hard it
threads that you can pull on here. was going to be, but he also knew that
The longest, oldest thread is the one Was it complicated because the Java organisation didn’t agree that
that says that you’ve got to recognise Sun had never consider the now was the time to do it. So they were
that free and open source software was formality of sharing? all shocked when he stood on the stage
not the invention of Richard Stallman. SP: The thing is that, when Sun created at JavaOne and announced it, because
The expectation that software would Java, what it created was a very good in the briefings a couple of days before
come accompanied by source was a approximation of what open source he’d agreed that this wasn’t the time.
common expectation of the academic would become. All the source code to And then he announced and said you’d
environment, and Richard would agree Java was made available. It was the better make it work. That
with that. But while Richard was doing epitome of open source behaviour, announcement was in 2005, so Java
what he was doing, which was ethically except the licensing didn’t give people became open source in 2006. It took us
based, over on the west coast Bill Joy the four freedoms. a year from then.
was doing something that was Operationally, for enterprises, it was
pragmatically based. Sun, in my view, proof of the power of open source. If It seemed to take a lot longer
was the first free and open source you published the source code and it’s than that.
company. It was founded by a group of worth using, people will download it and SP: That’s because everyone had been
people who saw that getting out of the start deriving things from it. So Sun had talking about it. We couldn’t make it go
way in licensing terms created the started this thing, it had come up with
scope for collaboration. Sun certainly ways of preventing the commercial
saw itself in that way. pressures destroying the community, For enterprises, Java
And consequently, when Linux came
along and people started talking about
because when Microsoft came in and
tried to destroy the community, there
was proof of the power
open source as something that had just actually was a protective measure that of open source
been invented, there were lots of people stopped Microsoft doing that. Between
in Sun who said ‘like hell they’ve just 95 and 99 in Java, it was like a lab
invented it, we’ve been doing it since the prototype of the open source fully open source straight away
1980s!’. I think a lot of what happened movement. It wasn’t right, it had the because there were elements that Sun
at Sun was a resistance to open source, wrong licence and it had some of the didn’t own the copyrights to, in
not because Sun was opposed to open wrong thinking behind it, but particular the MIDI function – we didn’t
source, but rather out of misplaced operationally it was really close to what have enough rights to produce an open
pride that Sun was already doing open open source was going to turn into. And source library, and that was where the
38 www.linuxvoice.com
� SIMON PHIPPS INTERVIEW
“Even at the design
level, people at Sun
were not making
mistakes.”
GNU Classpath community stepped in outsiders. The thing is, Solaris was a what the wall was made from. They
and wrote a MIDI library. really old operating system and it had a knew how long it was intended to last.
community, because everyone who And they could tell you why it couldn’t
MIDI as in the synthesizer installed Solaris had the source. be red, but really they’d have to teach
thing? It wasn’t that it was closed source, you so much before they could even
SP: Yes, so Java has got this MIDI because the source was available to begin to explain it to you that there was
capability. There were a couple of everybody who bought an enterprise a huge gulf in understanding.
places that were right on the margins of licence to it. The problem was that the So, for Solaris, if it had stayed open, it
Java where we couldn’t make it open source was licensed in a way that didn’t was going to take 15 years for a
source because we didn’t have let you create independent derivative community to form. If it had stayed
sufficient rights. So we simply left those works. So there was an existing Solaris open source, I think it by now it would
and we made everything else open community, and that existing Solaris be really strongly contributing to the
source, and left those bits at the edge. community didn’t turn into an open open source world. The first thing we
We stubbed them out. We made sure source community. The combination of saw when Solaris was open sourced
that OpenJDK just simply didn’t have those two facts: that the existing was people produced their own
any MIDI libraries in it. And to make community turned out not to want to distributions of it. And the reason they
OpenJDK pass the test suite, you collaborate over the code (that’s not did that was because they couldn’t
actually had to go to GNU Classpath true – there were some people who collaborate very freely with the real
and get this library and include it in and wanted to collaborate over the code but distribution. And I think we would have
then take the test suite. But that was not enough to make a difference) and seen some of those beginning to get
very different to the experience with also Sun Solaris engineering, they were legs. I mean, Nexenta did a pretty good
Solaris. It was Solaris that took a very very clever people – to do what they job, with a lot of people scratching
long time to do. were doing, there was a big gap you heads about how they blend the GPL
had to jump to catch up with them. and CDDL code with each other. So I
Was Solaris worth releasing as You couldn’t just come in and say, think if Solaris had been GPL and if
open source? you know, we want to paint that wall Oracle hadn’t bought Sun, I think that
SP: I think the vision behind Solaris was red, because there were extremely good open sourcing Solaris would have been
the right vision – it was to take it open reasons why that wall was blue. And all exactly the right thing to do, because
source and create an innovation the people who had painted the wall by now it would have changed the face
community. I think that the way it was blue knew why it was blue. They knew of computing.
executed didn’t result in bringing in why there was a wall there. They knew
www.linuxvoice.com 39
�MUGS AND T-SHIRTS!
You can drink
coffee, tea or
champagne.
It’s all about
choice.
This mug
respects your
freedom. Look,
it even says
GNU/Linux!
shop.linuxvoice.com
� INTRO REVIEWS
REVIEWS
The latest software and hardware, rigorously bashed against a wall by our crack team.
On test this issue . . .
Brave 42
Here’s an idea: a web browser that
works out what ads you might want
to see, but does so
without phoning
home with all your
shopping data. We
quite like prvacy, so
it sounds too good to
be true – we give it a
go to find out.
Andrew Gregory
Has added a new machine to the PC graveyard:
a Dell 3000 with a wopping 256MB RAM.
A
s a rational human, I know that
a computer is just a device. If
you can run Linux Mint on one
machine with a processor and some
sort of storage, you should be abe to
run it on any machine with the right
kind of processor and some storage, gNewSense 44 Qt Creator 4 45
right? Yet despite this knowledge, I still A distro that respects your freedom, with a silly Build lovely-loking apps on theis lovely-looking IDE,
get a bit giddy at the thought of Linux name and a load of dated software. Why? then run them on lovely-looking KDE 4.
on touchscreens. It’s not new, and I
don’t want to buy one (it’s not the right
fit for me), but there’s something about
the juxtaposition of humble old Linux
on a perfectly smooth, shiny screen
Group test and books
that’s really exciting.
The desktops I’m really thinking of
are KDE, Gnome and Unity; Mate, for all
that it’s my first choice when it comes
to getting work done, doesn’t have the
wow factor of a tablet OS (of course
that’s why it’s better for getting work
done – I don’t want to be distracted
when I’m trying to get things done).
When the revolution comes and I do
find myself needing a device useful only
for checking what’s on the TV, I’ll make
it a tablet running Linux. Until then, I’ll Booooooooooooooks!!!! 48 Group test – download managers 50
keep going upstairs to fetch the laptop. The assorted writings of many internet Wise Ones, Use your bandwidth more effectively by grabbing
But they do look so, so nice. gathered into two books for us to study, learn from one of these apps to download the whole internet.
andrew@linuxvoice.com and be inspired by.
www.linuxvoice.com 41
� REVIEWS BRAVE
Brave
Can a web browser that promises privacy keep Ben Everard safe from snoopers?
T
Developer Brave Software inc he web browser marketplace is very Brave’s safety comes from its privacy settings,
Website Brave.com competitive. There’re already excellent options which we’d classify as good for most people. They’ll
Licence MPL 2.0
from Google, Mozilla, Microsoft and Apple, and stop most commercial web trackers following your
another half-dozen niche products that serve a progress through different websites, while at the
community well. Any new software has to give same time, not breaking the legitimate tracking use
potential new users a very good reason to switch from of websites following you within their own pages (to
their tried and trusted browsers. Brave’s website allow shopping carts and keeping you logged in). If
claims there are two good reasons: safety and speed. you prefer more complete privacy online, you’ll be
better served by a different browser. In addition to
blocking tracking, Brave forces connections to run
over a secure HTTPS connection where possible in
the same way that the HTTPS Everywhere extensions
do for Firefox and Chrome.
The question of speed is a little more complex.
We tested Brave’s performance against Firefox and
Chrome using the Jetstream benchmarker. Brave’s
result was almost identical to Firefox and just a touch
slower than Chrome. However, when browsing the
web, we found Brave loaded pages two to three times
faster than either of the competitors. The reason is
advertising: these little rectangles of images and video
can take up a large proprotion of the page load time,
and Brave has a very different approach to advertising
than most browsers.
In the default setup Brave blocks adverts, but in the
The advert and privacy
settings are easily future, this will change to replacing adverts with ones
understandable and can be that don’t track you or perform any negative activity
changed in the Bravery such as installing malware. Brave will split the revenue
Menu. from these adverts, with 30% going to Brave, 55%
42 www.linuxvoice.com
� BRAVE REVIEWS
Clicking on the URL icon will give details about how
secure the current page is.
going to the website and 15% going to either the user
or to the website depending on the user’s settings.
Alternatively, users can block all adverts, and if they
choose, they can also pay the website in Bitcoin. Brendan Eich (creator of
This is a reasonable deal for publishers when so that, while you will still see adverts tailored to your JavaScript and former CTO
compared with other forms of web advertising. In interests, your profile won’t be stored on a remote of Mozilla) is the CEO of
Brave Software and is
Google’s AdSense (the most popular web advertising server owned by an advertising company.
active on the project’s
platform), publishers get 68% of the revenue. Out-of-the box, Brave comes with a setup that’s far GitHub pages.
However, everything depends on whether or not more to most people’s taste than most browsers.
Brave can display adverts that the users want to It’s fast, disables the most egregious tracking, and
click on. In principle, Brave is well placed to do this delivers a more pleasant browsing experience than
since your browser knows almost everything about
your browsing habits. In practice, we don’t yet know,
because Brave’s advertisment replacement isn’t live.
Although the Brave browser knows a
huge amount about you, it keeps all this
It’s all about choice. This time, it is!
For the user, this really depends on whether the ads data on your local machine
Brave puts in are any better behaved than those it
replaces. The biggest promise of Brave is that the any other browser. Blocking adverts is just a mouse
adverts won’t track you. Although the Brave browser click, and there’s the option of paying websites
does know a huge amount about you, it keeps all this directly if you wish to block adverts but also want
data on your local machine. General categories of to help publishers pay their bills. These are very real
interest are the only pieces of data sent back to the advantages that even the most non-technical people
advertising server, and the browser decides what to will appreciate.
display out of the options returned. This removes the Brave’s dual position as both advertising network
task of tracking from the cloud to your local machine and self-appointed advertising regulator feels
uncomfortable. There’s a very real conflict of interest
right at the heart of its business model. However, the
alternatives (block all advertisers and deny publishers
a source of revenue or allow adverts and be tracked,
visually assaulted and potentially attacked) aren’t
any better. We, at Linux Voice, exist on both sides of
the browser. As publishers we have adverts on our
website and as citizens of the web, we’re bombarded
with distracting and invasive images that drain our
CPUs and mobile batteries. For all its imperfections,
Brave is the best option for the web that’s currently
available, and we say that as both web browsers and
web publishers.
Brave is the first browser to take a serious look
at the problem of invasive tracking and
malicious adverts.
Yes, there’s an Android version of Brave, so even if your
OS is tracking you, at least your browser isn’t.
www.linuxvoice.com 43
� REVIEWS GNU/LINUX DISTRIBUTION
gNewSense 4
Mike Saunders does his computing the RMS way, with no binary blobs in sight.
M
Web www.gnewsense.org ost desktop-oriented Linux distros are built gNewSense is available as a live ISO image that you
Platforms x86, amd64, mipsel on free and open source software, but can boot up to try out the distro before installing. Its
Licence Various FOSS
include some binary blobs or proprietary default desktop is Gnome 3, but on our test box it had
codecs to make the out-of-the-box experience as to revert to its “fallback” mode due to graphics driver
good as possible. But many in the GNU/Linux world issues. And this illustrates one of the key problems
see that as a cop-out – ignoring the principles that with gNewSense: because various proprietary drivers
started the GNU project in the first place. So a handful and blobs are omitted, you have to be more selective
of distros have cropped up over the years which with your hardware. Otherwise, plenty of desktop
contain absolutely no proprietary code, and one of the software is included, and as gNewSense is based on
most prominent, gNewSense, just got updated. Debian it has solid underpinnings. But despite this
version 4 release arriving in May 2016, it’s already
incredibly dated, using kernel 3.2 as its base. The
version of Gnome included is version 3.14 (when
3.20 is actually the latest release), and gNewSense’s
LibreOffice is also ancient at version 3.5.
We find it hard to recommend gNewSense when
there are other freedom-centric distros out there that
are much more up-to-date, such as Trisquel GNU/
Linux. gNewSense has one advantage in that it has a
mipsel port, which enables it to run on the fully open
Lemote Yeelong netbook (that Richard Stallman used
as his primary computer for many years). We love the
idea and philosophy behind gNewSense, and it’s there
if you can’t get Trisquel to work for whatever reason,
but it desperately needs a big overhaul.
Thumbs up for the focus on total computing
gNewSense ships with freedom, but thumbs down for including ancient
LibreOffice 3.5 – a release packages.
that came out in 2012!
Ouch.
44 www.linuxvoice.com
� DEVELOPMENT ENVIRONMENT REVIEWS
Qt Creator 4.0
Appearances are no reason to use an IDE, but Graham Morrison loves pretty colours.
W
e’ve been fans of Qt Creator ever since it Web https://www.qt.io/ide
Developer The Qt Company
was called ‘Project Greenhouse’. It’s Licence GPLv3
relatively easy to use, especially if you’re
getting started with Qt and QML, and it genuinely does
help a developer manage or contribute to a large
project. It has everything you commonly need,
including Git support, a good ‘diff’ viewer, integrated
help and Vim bindings. But Qt’s beautiful rendering is
If you want to learn about
important too, whether that’s for the text, the folding Qt, there are some
and marking options in the source code editor, the excellent tutorials and
pop-up windows for syntax suggestions or the videos embedded within
integrated help and Designer panes. the IDE.
This is a major release for a few specific reasons. In
particular, Qt Creator now includes features that were instance, is a perfect way of seeing exactly where your
previously parts of a commercial product, and their applications are spending their resources, and it’s as
bundling into Qt Creator’s GPLv3 licence is both a easy to use as selecting it from the menu, waiting for
major upgrade and a major statement of intent from the profile to build, and clicking around the two
Qt’s current curators, The Qt Company (formerly timelines and one pane of statistics. If you’ve ever
Digia). These features are Clang static analyser used the JavaScript and HTML profiler in Chromium’s
integration, the extended QML profiler and auto test Developer Tools, where you can see what parts of a
integration, and they’re already useful, as each will aid website are consuming the most resources, you’ll pick
with the QA and testing of your code. it up immediately. Qt Creator is efficient, open source
The test integration, for example, uses Google’s C++ and brilliant.
unit test framework for checking your code against
any error conditions, and while it will typically help Brilliant if you’re into desktop and mobile
larger projects and their teams, it’s good to see great development. But we’ve knocked off a star for
lacking High DPI support.
integration like this. But even the lone developer can
benefit from these new features. The QML profiler, for
www.linuxvoice.com 45
� REVIEWS GAMING
GAMING ON LINUX
The tastiest brain candy to relax those tired neurons
TECHNO TECHNO TECHNO! Tomb Raider
A more grown up game for a younger Lara
Website http://store.steampowered.com/app/203160
Price £14.99
G
ames have changed a lot since the first
Tomb Raider came out, with Lara Croft
beginning as a gimmick character
created by those under the impression that
Michel Loubet-Jambert is our Games
Editor. He hasn’t had a decent night’s gamers consisted solely of hormonal teenage
sleep since Steam came out on Linux. boys, and the game soon went out of style along
with the stereotype. After a long absence, we In the game, Lara transitions from innocent
V
alve’s venture into virtual have a well-rounded and relatable character who archeologist to all-out adventurer.
reality has been released in helps bring the franchise into the 21st century.
the form of the HTC Vive, and
It seems that someone didn’t like this new does well to evoke a captivating setting, littered
boy is it pricey, coming in at just
under £700 – enough to buy a Lara much though, as within the first couple of with WW2-era crashed planes, ruins and Shinto
top-of-the-line gaming rig. hours of the game, she gets her foot caught in a temples. The setting and story make for a
Considering that one would also need bear trap, falls down a couple of cliffs, gets shot rewarding experience while also giving a lot of
the aforementioned top-of-the-line and is mauled by wolves. All this, combined with background into Lara’s early years as she gains
PC to have a decent VR experience as
a younger and less experienced Lara, add a new the skills needed to become an explorer.
well, saying that virtual reality is still
somewhat out of reach for your survival feel to the game which portrays her as The gameplay and mechanics are varied and
average person is a bit of an more of a lone underdog than a hero. interesting, adding in some levelling, open world
understatement. The game takes place as a group of aspects and survival to the familiar acrobatics,
It gets even worse if you’re on archeologists are shipwrecked, and there’s a trap dodging and gunplay of the originals. It has
Linux, since only a fraction of the
good dose of the occult and a bit of mystery as to be said that the quick time events
Vive titles support the operating
system, and Linux support for the the group examines the possibility that a can be a little
system itself is still being worked on queen-cum-godess is responsible for these much at times,
despite it having been intended on occurrences, all the while being chased around though this is
day one. When it does make its way and kidnapped by armed nitpicking at what is a
onto Linux sometime soon there are
thugs. The game very fine game.
some excellent titles like Universe
Sandbox 2 on the Vive, though they
don’t quite justify the cost yet, as
even the majority of Windows titles
consist of what are essentially paid
tech demos.
Good times ahead
However, as Moore’s law takes effect
and it becomes cheaper, it’s good to
know that there’s a Linux VR system
expected soon, which is more than
can be said for the Oculus Rift, which
put Linux development on hold some
time ago and is inferior to the Vive in
some areas. The Vive is one to keep
an eye on as we’re now on the cusp of
mass-market VR gaming and
hopefully by the time we get it, there
should be a more affordable and
Tomb Raider has a very cinematic feel,
refined iteration with more games.
both in-game and in cutscenes.
46 www.linuxvoice.com
� GAMING REVIEWS
Darkest Dungeon ALSO RELEASED…
Escape your stressful day with more stress
Website http://store.steampowered.com/app/262060/ contend with, Darkest Dungeon sets out to
Price £18.99
challenge the patience as well as the skill.
Even the random nature of the dungeons
D
arkest Dungeon is one of those adds to this effect by preventing the player
indie games that became a huge from anticipating what lurks round the
hit, partly thanks to YouTube, corner, and the game subsequently laughs
though its success is certainly deserved. in your face when your carefully planned
This brutal dungeon crawler emanates a and equipped party falls apart when faced
Don’t Starve Together
dark atmosphere, fitting for how insanely with an enemy or trap that no amount While the hugely popular Don’t Starve has been
brutal – and often unfair – it can be. It’s careful preparation could have addressed. around for a while, its multiplayer spin off has
also incredibly addictive. There’s some great narration in the just come out of Early Access. The survival
From its menacing gothic art style to game and a town to upgrade, which add game maintains its permadeath and Tim
the numerous afflictions the party has to to what is a very well polished game. Burton-esque visuals, but the main addition is
multiplayer, which adds tonnes of enjoyment if
played with friends, or just lengthens the list of
ways to die.
http://store.steampowered.com/app/322330
The town screen is where all Pharaonic
the party management and This 2.5D action RPG has some impressive
upgrading is done. visuals, put to use in its ancient Egyptian
setting. The game claims to be inspired by the
Souls franchise, something which is most
notable in its difficulty and often unavoidable
Saints Row: The Third
death, but also in a few key mechanics like
being able to regain lost experience after
death. There’s also plenty of character
More open-world madness customisation as well as a story to get into.
http://store.steampowered.com/app/386080
Website http://store.steampowered.com/app/55230/
Price £10.99
W
e got the port of Saints Row
IV on Linux not too long ago,
and now we have the second
and third games as well, though we’ll be
focusing on The Third since it’s both a
better game and port than its predecessor. Like any good sandbox, there’s a nice variety
The game has all the usual silly antics of vehicles.
and humour of the franchise, though it is Enter the Gungeon
Skilfully combining the rogue-like and bullet
far more coherent than Saints Row IV. The In this sense, this is probably the closest
hell genres, Enter the Gungeon provides both
story revolves around the Third Street thing to Grand Theft Auto on Linux, albeit action-packed fun and replayability. The game
Saints gang taking over the city of with a bunch of extras and insane amount has a wide variety of weapons and some very
Steelport, getting the rival gangs out of the of character and other customisability. It’s challenging and memorable bosses to use
picture in the process. Though it is hard to take this kind of game too them on. Being a Rogue-like, there are aspects
of the game that are randomised, such as item
primarily a mission-based sandbox seriously, and one of the main strengths of
drops and the arrangement of dungeons, while
experience, this focus does help ground Saints Row is that it doesn’t attempt to NPCs, dialogue, an attractive art style and
the game significantly without falling into with its wacky and unrealistic characters, humour help give it more personality.
the trap of overpowered mindless chaos weapons and vehicles. This is one to get if http://store.steampowered.com/app/311690
of Saints Row IV. you’re looking to blow off some steam.
www.linuxvoice.com 47
� REVIEWS BOOKS
Manifestos For The Internet Age
Ben Everard believes in Free Software, a Free internet and Free cat videos for all.
Author Various
Publisher Greyscale Press
Price Free or £4.90
ISBN 978-2-940561-02-5
A
manifesto is a public declaration people around the world not to bow down to
of someone’s beliefs. In Manifesto those who seek to put a price on knowledge.
For The Internet Age, 47 of the most In 2013, we read Edward Snowden also
important figures in computing lay out calling for access to vital information. As he
their views on a wide range of subjects puts it, “Citizens have to fight suppression
including education, Free Software, Bitcoin of information on matters of vital public
and cryptography. These manifestos weren’t importance. To tell the truth is not a crime.”
written specifically for this book – they’ve There are 47 chapters in this collection
been collected from web pages, newspapers covering most aspects of computer culture.
and books over the past 32 years. Manifestos For The Internet Age captures
The collected writings offer a window the passion for change that computers can
back to various points in history. We see bring. It’s essential reading for citizens of
Richard Stallman set out his ideas for a the internet who want to understand the
Free Software operating system in The Gnu revolutionary importance of the medium.
Manifesto (1986). Fast forward to 2007 and
we can read Aaron Swartz on the injustice A book of infectious passion for creating a
better digital world.
of restricted access in the Guerilla Open Manifestos For The Internet Age captures the
Access Manifesto, in which he implores fire that’s often missing from computing books.
Conversations
Free Software meetup chats packaged for Ben Everard to enjoy on the beach.
Authors Femke Snelting, Christoph Haag
Publisher Constant Verlag
Price Free or 15 Euros
ISBN 978-9081145930
F
ree Software is a social movement annual chance to catchup with other free
as much as it is a technical one – software geeks. Conversations is a little bit
it’s about people coming together of that spirit distilled down and etched onto
to solve their problems with software and paper/electrons to keep us going until the
sharing the results. The community isn’t next event.
just a side-effect of the software, it’s an We’re not completely devoid of Free
integral part of what makes it great, and Software meetups in the UK though. This
Conversations celebrates this by recording year some of the UK’s Free Software
some of the interactions between the people podcasts are coming together for FOSSTalk
behind the software. Live, which should carry on the OGGCamp
Conversations is a collection of spirit if only for one evening.
discussions with people involved in Libre Conversations is available as a print book,
Graphics – some are designers, some are or you can download the PDF for free (as in
programmers, but all are avid users of Free speech – it’s licensed under Free Art 1.3).
Software. The 21 converstations in this
book took place over eight years at various
conventions and meetups around the world. Conversations encapsulates the Free Software
community spirit.
In 2016, we’re mourning the absence of When you buy Conversations, you have the
OggCamp, which has been our favourite option of donating to Libre Graphics Meetings.
48 www.linuxvoice.com
�� GROUP TEST DOWNLOAD MANAGERS
GROUP TEST
An habitual hoarder, Mayank Sharma tests handy apps that satiate his need to grab videos
of kittens from the four corners of the internet.
On test Download managers
D
espite the proliferation of the browsers’ implementations lack
DownThemAll larger bandwidth and the sophistication of a dedicated
URL www.downthemall.net smaller hard disks, our love download manager, and don’t
Licence GPL v2 of downloading files is as strong as offer nearly the same amount of
Latest release 2.0.19 ever. And our need to gorge bits optimisation and file management
Is the Firefox addon good enough to more efficiently has kept internet features. If you’re still relying on
make you switch browsers? download managers as relevant as your browser to snag files from the
they were at the advent of the internet, the download managers
FlareGet internet. While their primary goal is on test are a breath of fresh air.
URL https://flareget.com still to help you download large or Some even accelerate the download
Licence Various multiple files, most come with extra process, squeezing the last drop of
Latest release 4.3.95 functionality and conveniences to available bandwidth by splitting the
Why would you pay for an app when offer you more control over the files into smaller portions that are
feature-rich alternative are available at transfer process. fetched simultaneously.
no cost? Download managers save you There are some fantastic
FlashGot time and effort by prioritising and
scheduling a long list of downloads.
download managers for the Linux
desktop. Some are standalone
URL https://flashgot.net
If you live in an area with relatively apps, while other snug themselves
Licence GNU GPL v2
slow internet, a download manager into the web browsers to offer a
Latest release 1.5.6.13
Is this really a download manager? will make the best use of your more integrated experience. In the
scarce resources. Virtually all following pages we’ll shake down
browsers these days include a some of the popular options and
KGet download manager of their own. But find the one that works best for you.
URL www.kde.org/applications/
internet/kget
Licence GNU GPL v2
If you live in an area with slow
Latest release 2.14.18
Is the KDE badge a restriction?
internet, a download manager will
make the best use of your resources
uGet
URL www.ugetdm.com What is Metalink?
Licence GNU LGPL
Most of you are probably aware of the that contain details including information
Latest release 2.0.4
three avenues of snagging bits from about all the different ways to download
Is the self-proclaimed “Best Download the Internet: FTP, HTTP and P2P. But a file (from multiple mirrors to P2P), the
Manager for Linux” really that good? there’s another mechanism that attempts priority and geographical location of the
to harness the power of these three mirrors, checksums, and more. Unlike
Xtreme Download Manager protocols for much speedier downloads.
Metalink isn’t new and is used by several
traditional downloads, metalinks have
high availability so if some servers are
URL xdman.sourceforge.net prominent open source projects including down or very busy, it’ll parse through all
Licence GNU GPL v3 Ubuntu and LibreOffice. Metalink isn’t the listed links and use ones that are up.
Latest release 5.0.47 a transfer protocol but rather a means It can use the different links to download
What’s extreme about a download of stitching the conventional download different parts of a file from many places,
protocols into a simpler automated which saturates your bandwidth without
manager?
process. The .metalink files are XML files choking a particular download server.
50 www.linuxvoice.com
� DOWNLOAD MANAGERS GROUP TEST
Curl vs wget
The CLI miracle workers.
W
hile we pit the easy-to-use download recursively. The command-line including FTP, FTPS, HTTP, HTTPS, SCP,
graphical download managers tool supports downloading from HTTP, SFTP, LDAP, Gopher, Telnet and more. While
against each other in the group HTTPS and FTP. You give it a link and it wget is just a downloading tool, curl can be
test, there are a whole lot of users who don’t downloads the file after building the request used for uploading files as well.
really want to leave the comforts of the automatically. For standalone downloads, wget scores
command line. The wget and curl utilities In contrast to wget, curl is powered by the over curl for its recursive downloading
are two of the best downloaders on offer for libcurl library, and lets you build the request capabilities. On the other hand, if you’re
the command-line warriors and each has its as per your requirements. Furthermore, programming, you should use curl; it has a
strengths. One of the major strengths of unlike wget’s limited protocol support, curl nice API and is available for most languages.
wget as compared to curl is its ability to supports a huge number of protocols
uGet
Get a load of this!
O
ne of the most frequently
recommended download managers
with fans across all distributions, the
lightweight uGet has solid underpinnings. By
default the app relies on curl, but if you
install the aria2 package on your distro, it
can take on some additional features, such
as the ability to download torrents and
metalinks in addition to the standard
download protocols.
uGet is an all-round downloader that
has all the features you’d expect from a
download manager. It features a download The uGet website hosts installers for a number of Linux distros and platforms including Android.
queue, can pause and resume downloads
and also accelerates downloads by grabbing com/download/event1.zip, www.example. uGet offers a bunch of videos to guide
files from multiple parallel streams. You com/download/event2.zip and so on, uGet users through popular tasks such as batch
can use the app to prioritise the download can automatically grab all the files in the downloads and using the scheduler. The
queue and even regulate the speed of the sequence, without you having to manually project’s website also hosts active forums.
downloads individually. The app features point it to each and every target. Our only concern with uGet is its crowded
an easy-to-use scheduler and can also shut interface, which might overwhelm some
down and hibernate your computer once it’s For the download connoisseurs first-time users. Even the window to add a
finished downloading all the files. If you download stuff regularly, uGet offers new download has over half a dozen text
uGet doesn’t directly integrate with any extensive file management options and fields and toggle buttons for things like
web browser. Its Chrome plugin has been is very configurable. The app’s settings listing mirrors, specifying the number of
broken forever and for Firefox its developers window gives you control over its clipboard connections, authenticated logins and more.
recommend using it via the FlashGot monitor feature and also defines global Then there’s the Advanced tab for even
extension. That said, the app does actively upload and download speed limits. more options such as the speed limits and
monitor the clipboard and will capture One of the highlights of uGet is its the delay between retries.
any copied link. You can tweak the list of category management feature. You can That said, the app only needs a URL to get
extensions it monitors and even create create multiple categories to cater to to work and also features a quiet mode that
batch downloads with links copied to the different types of downloads. begins downloading automatically using
clipboard. Batch downloads are in fact one Advanced users will appreciate the fact default settings.
of uGet’s specialities. The app can easily that the app can be controlled with the
import links for a text or an HTML file and it keyboard alone, although you don’t get the VERDICT
can also download URLs in sequence. So for option to define custom shortcuts. You can An excellent feature-rich
download manager with
example, if you have a sequentially named also use the app to download files via the an overwhelming UI.
download targets such as www.example. command line. In terms of documentation,
www.linuxvoice.com 51
� GROUP TEST DOWNLOAD MANAGERS
FlareGet
Get in gear.
T
he cross-platform FlareGet scheduling downloads the app can also
download manager hosts pause them at predefined time. FlareGet
binary packages for all the Deb, also has impressive batch download
RPM and Pacman-based distributions. features. It can import download URLs
Unlike other apps on test here, FlareGet from a text or HTML file and can also
is available in two versions – a download files in a sequence. The app
restricted free version and a Pro version is configured to categorise downloads
that costs a one-time fee of just £3.72. under separate folders such as
For this ridiculously small cost you Compressed, Applications, Documents
get loads of features. Besides FTP and more. Each category identifies
and HTTP, FlareGet can also download files by a list of extensions that you can You can easily change FlareGet’s appearance to match
metalinks. You can use the app to modify as per your requirements. your window manager.
add mirrors for a download, and it can
make most of the available bandwidth Queue up tasks features of the app is its ability to grab
by splitting the download into multiple By default, the app will not perform any videos from YouTube. The app’s
segments that it then fetches action once it’s run through the YouTube grabber parses a link to a
simultaneously. It uses HTTP pipelining download queue, but you can ask video on the website and offers it for
to accelerate the downloads. FlareGet to either exit the app or download in various containers and file
Like all top download managers, you shutdown the computer once it’s done formats of varying quality and sizes.
can use FlareGet to pause and resume downloading. Besides monitoring the
downloads. You can also limit the clipboard for common extensions, the VERDICT
number of simultaneous downloads app also offers integration plugins for A feature-rich download
manager that charges a
and define speed limits. The app also the top browsers including Firefox, small fee
includes a scheduler and besides Chrome and Opera. One of the unique
KGet
The Komfort kit.
I
s it really a surprise that KDE has a Even support for torrent and metalink
download manager of its own? And files is implemented via plugins.
like most built-in KDE apps, KGet is The app also has some unique
a very capable client that should meet features of its own. Unlike others, KGet
the requirements of a fairly large offers a remote control interface via an
number of users. It has all the integrated web service. Then there’s
necessary features and conveniences the drop target feature, which adds a
like clipboard monitoring and the ability floating blue arrow to your desktop. You
to group downloads by file type. You can drag and drop URLs from the web
can also configure KGet to browser directly to this arrow in order to
automatically restart failed downloads. download them.
The app can be configured to hibernate KGet includes a wizard to help you create and maintain a
or shutdown the computer once it’s Missing features metalink to any local or online file.
done downloading the files. However, the app has a few
You can tweak the number of weaknesses as well. First up, KGet has the links to any mirrors. Another
simultaneous downloads, which is no inbuilt scheduler. Secondly, while it shortcoming is that although KGet can
implemented via the multi-segment does support downloading via mirrors, import a bunch of links from a file, it
KIO plugin. Talking of plugins, the app adding them isn’t very intuitive. First offers no support for batch downloads
supports a couple of interesting ones. you’ll have to start a download from a like some other clients.
There’s the checksum search plugin, single URL. Then right-click on the file
which finds any available hashes as it’s downloading and select the VERDICT
A decent default download
for the files you’re downloading to Transfer Settings option. Next, select manager that lacks a few
automatically verify the integrity of the the file in the window that pops open features.
files once they have been downloaded. and click on the Mirrors button to add
52 www.linuxvoice.com
� DOWNLOAD MANAGERS GROUP TEST
Xtreme Download Manager Ultra fast CLI downloader
Radically different?
Accelerated downloads from
the command line.
W
hile wget is a wonderful command-
line downloader, it lacks the ability
to squeeze the last bit of
bandwidth. This is where Axel comes in. Axel is
a multithreaded download accelerator that
pulls in multiple HTTP or FTP streams into a
single download location. Even if you use it like
wget and point it to a single download
location, Axel can pull data from multiple
streams at the same time, which in essence
increases your download speed.
Axel is particularly useful for grabbing stuff
quickly from FTP locations that limit the speed
of each connection. However, there’s a high
The Advanced YouTube downloader option in XDM eases the process of downloading videos by probability that FTP locations that limit speed
forcing the web browser to masquerade as a tablet. frown upon establishing multiple connections.
Instead it’s better if you increase speed by
D
espite its name, the only thing of features. It’s missing some basic using Axel’s ability to download from multiple
extreme about the Xtreme ones, like the support for mirrors or a mirrors simultaneously.
Download Manager (XDM) is that comprehensive scheduler that you’ll Axel is available in the official repos of most
it’s based on Java. In terms of appearance find in some of its contemporaries. Yet distros. Once you’ve installed it you can grab
and function, the app is quite mellow. XDM it includes useful features such as the a file with
has a modern-looking, neatly organised option to refresh links, which comes in axel http://some_server.net/abigfile.tar.gz
and straightforward interface. In terms of handy when a download has stopped The tool can also operate with limits. The
features, the app monitors the clipboard because a link has expired. Another command
like the other apps in the group test and interesting option lurking in its menus is axel -s 2097152 http://some_server.net/my.iso
also does its bit to accelerate the called Force Assemble. This option helps limits its speed to 2MBPS. Similarly,
downloads by splitting the files into you assemble any incomplete downloads. axel -n 4 http://some_server/my.iso
various segments. This comes in handy to preview any limits the number of parallel connections to 4.
XDM displays an icon on the desktop partially downloaded audio or video files. To download a file from different FTP mirrors
similar to KGet’s drop target, and you can XDM also lets you execute custom-defined you can point to all of them with something
drop any URL on the icon to add it to the commands to shut down the computer like
app’s download queue. If you want to or scan the files for malware, rootkits and axel ftp://{mirror.liquidtelecom.com,ftp.is.co.za/
manually add a download, you can specify other infections after the completion of mirror,mirror.wbs.co.za,ftp.wa.co.za/pub}/
the filename as as the saving folder, a download. centos/7.2.1511/isos/x86_64/CentOS-7-x86_64-
and optionally enter the authentication The app can also integrate with all the Everything-1511.iso
information for the server as required. major web browsers including Chrome
XDM enables you to begin a download and Firefox. It ships with the required
immediately or add it to the queue for extension itself but recent versions of the
later. The app also has an interface browsers won’t let you install unsigned
to define the parameters for batch extensions, so you’ll have to fetch them
downloading sequential files. from your browser’s online plugin store.
One of the highlights of the app is its
Unusual feature mix video downloader function, which helps
XDM identifies the downloaded file you grab videos from YouTube. The
type and automatically sorts them feature reads a youtube.com URL and
into their separate categories, such as spits out options for downloading the
documents, compressed, music, videos, video in various resolutions and formats.
and applications. Similarly, completed
and on-going downloads are housed VERDICT
An esoteric downloader
under different tabs and bring up relevant that offers some The CLI-averse can use Axel via graphical
options in the right-click context menu. advanced features. frontends like axel-kapt.
The app has a rather strange mix
www.linuxvoice.com 53
� GROUP TEST DOWNLOAD MANAGERS
DownThemAll vs FlashGot
The battle of the extensions!
T
he DownThemAll download
manager is different from the
previously mentioned apps in
that it’s an extension rather than a
standalone app. That one fact wouldn’t
make much difference to users, since a
download manager isn’t of much use
with a browser. However, what could
limit DownThemAll’s appeal is the fact
that it’s only available for Firefox.
As a download manager, the
extension has all the features you’d
expect. It can pause and restart
downloads, and accelerates them by
splitting the files into multiple segments
that it then downloads simultaneously.
Furthermore, you can manually add or
remove sections whenever you want
during the download, and also choose Metalink support is listed as a feature of DownloadThemAll but it didn’t work in our tests.
the maximum number of chunks every
file is split into. available hashes for the download, FlashGot Selection, which grabs all
The best feature of the extension is which the plugin can use to verify the links from the currently selected area.
that it enables users to download all the integrity of the downloaded file. All You can choose to use the filters on
links, images or embedded objects on a files downloaded by DownThemAll can your external download manager to
web page. You can also filter the list by be easily auto-renamed according to download the specific files you want.
using wildcard or regular expressions to predefined rules. Similarly, FlashGot All grabs all links
download specific types of files, such on the current page, then excludes
as PDFs only. There’s also the OneClick Go get ’em duplicates and queues the files for
feature, which will download all the links The other extension on test here, batch downloading. There’s also the
of the current web page that match the FlashGot, isn’t really a download Build Gallery option, which captures
filters used in the last session. manager: it’s an extension for Firefox media from serial content scattered
You can also manually download that hooks Firefox with the installed on several pages. This is equivalent
a file by pasting a URL into the Add download manager on your distribution. to the sequential batch downloading
Downloads window. The window There are several ways you can option available in some of the other
also tells you how to use batch download files from a webpage. The download managers like uGet, FlareGet
descriptors to sequentially download FlashGot Link option downloads the and XDM. The FlashGot Media option
multiple files. You can also paste any currently highlighted link. Then there’s helps you download media from
streaming websites like YouTube. The
plugin intercepts the streaming video
and notifies you by flashing the status
bar icon. Click on the icon to either
download all the streams at once, or
make a selection.
The various download options are
available in the right-click context
menu. The plugin lets you configure the
options listed in the context menu, and
FlashGot also pops up as an option in
the browser’s download dialog box.
VERDICT
DOWNTHEMALL The FLASHGOT The
one-click feature is a missing link between
boon for voracious Firefox and your
Remember that FlashGot’s strength is also dependent on the strength of the external downloaders. download manager.
download manager.
54 www.linuxvoice.com
� DOWNLOAD MANAGERS GROUP TEST
OUR VERDICT
Download managers
D
espite the fact that the It’s hard to rate FlashGot
download management along with download managers
components built into the since it isn’t really one. But the
modern web browsers have plugin integrates well with all the
evolved quite a lot over the years, all popular and powerful download
the apps on test here offer a lot managers and when used with our Firefox users should use uGet’s extensive download dexterity via
more options and dexterity. While top choices, FlashGot is a better the FlashGot plugin.
the apps have different user proposition than, for example, the
interfaces, operating them isn’t all DownThemAll extension.
that different. Even if the apps don’t We’ve rated FlareGet higher than 1st uGet
directly interface with your preferred the other freely available options
web browser, forwarding because of its functional YouTube Killer feature Multi-protocol support and download categories
downloads to the app from your downloader feature and the simple URL www.ugetdm.com
favourite web browser is rather user interface. However these two An all-rounder that can fetch files across a range of protocols.
straightforward thanks to features features are only good enough
like clipboard monitoring. for the runner up spot. The top
This is the reason we’re on the honour goes to uGet. It ships with 2nd FlashGot
lookout for the app that trumps an amazing range of features that
others in terms of features more can aid in downloading single Killer feature Extensive list of supported download managers
than anything else. XDM loses out items or filtering through an entire URL https://flashgot.net
for its Java dependency, which web page for relevant items to If you use Firefox, you’ve got to use this plugin.
makes it look out of place on the grab. uGet also supports all the
Linux desktop. The app also only popular downloading protocols and
has a subset of features of its mechanisms including HTTP, FTP, 3rd FlareGet
peers. KDE’s KGet loses out for BitTorrent and Magnet. The app
being unintuitive in places and for lacks a browser integration plugin, Killer feature YouTube grabber
lacking a scheduler. The popular but Firefox users can use it via the URL https://flareget.com
DownThemAll plugin also lacks a FlashGot add-on to effortlessly The app looks nice across all desktops and offers a YouTube
grabber if that’s important for you.
scheduler and is only restricted to download all sorts of static and
Firefox users. multimedia content.
4th DownThemAll
uGet ships with an amazing range of
features that can aid in downloading Killer feature One-click batch downloads
URL www.downthemall.net
single items of whole web pages The Firefox-only plugin works well but lacks a few features, such
as a scheduler.
Be a good open source samaritan
While a majority of open source projects ease by creating a torrent either with 5th KGet
offer direct downloads to their wares, it’s dedicated apps such as mktorrent or via
a good idea to use these as a last resort. torrents downloaders like KTorrent or Killer feature Drop target
Instead, if the project offers BitTorrent Transmission. The process requires you URL www.kde.org/applications/internet/kget
downloads you should use these. to specify a tracker and there are quite KDE’s inbuilt option isn’t always intuitive and also lacks some
The big attraction of the protocol a few public trackers that you can use convenient features, such as a scheduler.
is that it spreads the load of any file for free. For example, LinuxTracker.org
transfer across several computers, is one of the best BitTorrent trackers
many of which are both uploading and for Linux distributions. It tracks and
downloading data. Downloading data facilitates the download of a variety of 6th XDM
using BitTorrent helps lowers the hosting distros. If you’ve crafted a distro of your
and bandwidth costs of the projects own (learn how in LV008), share it with
hosting the file. the world by creating a torrent using the Killer feature Mobile mode
If you wish to share your own software website’s tracker (http://linuxtracker. URL xdman.sourceforge.net
or files via BitTorrent you can do with org:2710/announce). Java-based, and offers nothing compelling over the competition.
www.linuxvoice.com 55
� SUBSCRIBE
Subscribe
shop.linuxvoice.com
Introducing Linux Voice,
the magazine that:
Gives 50% of its profits
back to Free Software
Licenses its content
CC-BY-SA within 9 months
12-month subs prices
UK – £55
Europe – £85
US/Canada – £95
ROW – £99
7-month subs prices DIGITAL
UK – £38 SUBSCRIPTION
Europe – £53
US/Canada – £57
ONLY £38
ROW – £60
Get 100 pages Access our Save money on
of tutorials, rapidly growing the shop price
features, interviews back-issues archive and get each issue
and reviews – all DRM-free and delivered to
every month ready to download your door
Payment is in Pounds Sterling. 12-month subscribers will receive 12 issues of Linux Voice a year. 7-month
subscribers will receive 7 issue of Linux Voice. If you are dissatisfied in any way you can write to us to cancel your
subscription at subscriptions@linuxvoice.com and we will refund you for all unmailed issues.
56 www.linuxvoice.com
� NEXT MONTH
NEXT MONTH IN
ON SALE EVEN MORE AWESOME!
THURSDAY
Jim Killock
23 JUNE The executive
director of the Open
Rights Group is
rather busy fighting
the Investigatory
Powers bill. Find out
why he’s doing this
awesome work.
Pis in space
Enjoy a bunch of
simple, fun science
for the summer
holidays to be run on
your Raspberry Pi
(international space
station not
supplied).
Publishing
Turn your scribles
INSIDE THE KERNEL
into deathless prose
using only a Linux
machine, some Free
Dig down to the source of unearthly power Software and your
that gives strength to your Linux machine – imagination. Anyone
can write a book,
the almightly kernel! right?
LINUX VOICE IS BROUGHT TO YOU BY
Editor Ben Everard Editorial consultant Nick Veitch through the use of advice in this magazine. Copyright Linux is a trademark of Linus
ben@linuxvoice.com nick@linuxvoice.com Experiment with Linux at your own risk! Torvalds, and is used with permission.
Deputy editor Andrew Gregory Distributed by Marketforce (UK) Ltd, 2nd Anything in this magazine may not be
andrew@linuxvoice.com All code printed in this magazine is licensed Floor, 5 Churchill Place, Canary Wharf, reproduced without permission of the editor,
Editor at large Mike Saunders under the GNU GPLv3 London, E14 5HU until March 2017 when all content (including
mike@linuxvoice.com Tel: +44 (0) 20 3148 3300 our images) is re-licensed CC-BY-SA.
Editor in hiding Graham Morrison Printed in the UK by ©Linux Voice Ltd 2015
graham@linuxvoice.com Acorn Web Offset Ltd Circulation Marketing by Intermedia Brand ISSN 2054-3778
Creative director Stacey Black Marketing Ltd, registered office North Quay
stacey@linuxvoice.com Disclaimer We accept no liability for any House, Sutton Harbour, Plymouth PL4 0RA Subscribe: shop.linuxvoice.com
loss of data or damage to your hardware Tel: 01737 852166 subscriptions@linuxvoice.com
www.linuxvoice.com 57
� FOSSPICKS
FOSSpicks Sparkling gems and new
releases from the world of
Free and Open Source Software
Our benevolent editorial overlord Graham Morrison tears himself away
from updating Arch Linux to search for the best new free software.
Music player
Clementine 1.3.1
V
ersion 1.3 of Clementine is we like it so much. It’s quick and log in to your (Premium) account,
a huge release for this easy to use, and doesn’t put too access your online playlists, search
music player, and it’s the much load on your system. There and drag Spotify tracks into your
first major update since October are tabs for music sources on the local playlist, and play music at
2013. As you’d expect, it’s full of left and and the playlist pane on the 320kbps. It even enables you to
new features – that’s why we’re right. Drag and drop items from one construct new Spotify playlists.
writing about it – but what’s also to the other and click Play. You hear You can do the same thing with
important is that these new music without the distraction of other online resources too,
features don’t affect Clementine’s loads of extra data, although this including files held on Dropbox,
simple usability. This is what makes update adds some sources for Google Drive and OneDrive, and
Clementine different from the displaying lyrics. music streamed from Last.fm,
sprawling metropolis of KDE’s SoundCloud and Magnatune. Plus,
Amarok media player, and why the Fruity loops this version adds Vk.com, Amazon
project originally forked from But Clementine isn’t some out-of- cloud drive and Seafile support, as
Amarok 1.4 in the first place. touch backwater either. This release well as Ampache compatibility for
All these years later, Clementine has made Clementine our favourite roll-your-own media streaming. It’s
essentially looks and behaves like Spotify client, for example, because a huge list of potential sources, and
Amarok 1.4, and that’s exactly why its bundled plugin enables you to one we’ve not seen from any music
player, allowing to you construct
local playlists using all kinds of
1 different sources, even with a
working search that delivers results
from whatever sources you’ve
configured. Clementine does this far
2
3 4 better than similar players such as
Tomahawk, especially when you
consider its other brilliant features
like tag editing, album art
downloading and visualisations.
8 There’s a rather neat Android app
that acts as a remote control, so
you can play music from your
Raspberry Pi while sitting in the
5 kitchen. Its user interface may hark
6
back to an earlier time, but we find
7
the visuals hugely preferable to
something as ugly as Apple’s
iTunes, and a great alternative to
Amarok itself. Clementine is a
1 Visualisations Despite Clementine’s austere GUI, there’s still room for bling. 2 Playlists Use all kinds of sources to genuine contender for being the
construct the perfect sequence. 3 Online streaming Sources include SoundCloud, Magnatune and Spotify. best music player on Linux.
4 Equalizer Fine-tune the sound for your playback system. 5 Cover manager Download and manage your collection’s
album covers. 6 Spotify client Almost all the features of the official client, only without the HTML. Project website
7 Plugins From streaming music to local CD ripping. 8 Rainbow dash Because there just isn’t enough MLP in the world. https://www.clementine-player.org
58 www.linuxvoice.com
� FOSSPICKS
GUI tweaker
qt5ct 0.23
T
here are more applications most of these options, and includes
built using the Qt API than a preview render of a typical
ever before. Even if you’re application to allow you to visualise
not using the Qt-based KDE, there’s the effect.
a good good chance you still rely on This doesn’t always mean your Qt
something built against Qt, such as application of choice will change
Calibre, Google Earth, Mathematica, according to the preview. Spotify, for
Stellarium, Spotify, VirtualBox or example, obeys its own rules, and it
Wireshark. And without in-built depends on how malleable other Qt
options, or a desktop that’s aware applications are too, but there’s a
of Qt’s own requirements, it’s good chance they can be made to
difficult to fine-tune the appearance conform if they’re standard Qt grey,
of these Qt applications. and this makes having qt5ct a
This is the problem that qt5ct, a massive advantage if you’d like
Qt 5 Configuration Tool, solves. It them to appear better integrated Make your Qt applications look different even if they don’t provide
reminds us a lot of the Magical with your chosen desktop. There’s the ability to do so.
User Interface (MUI) on the Amiga, also an important usability
and because Qt is a similar perspective, as not only can fonts and colours be changed, but you
technology, this configuration panel can also use your own stylesheets
allows you to access many of the
same options as MUI. Like MUI, Qt
Qt5ct enables you to fine- in much the same way you would
with an illegible website.
applications use their own widgets, tune the appearance of Qt
fonts, colour palettes and rendering
routines. Qt5ct lets you change applications on your desktop Project website
https://sourceforge.net/projects/qt5ct
Music trainer
Minuet 0.1
I
f you’re anything like us, even if helpful config wizard to make sure
you’ve got a few guitars and you hear things when you’re
keyboards lying around, your supposed to. Minuet’s basic
music knowledge is at about the function is to play notes, scales,
same level as your French, perhaps rhythms and chords and ask you to
with the exception of a mistaken identify them. It’s simpler than it
augmented sixth whilst singing sounds, as you’re free to choose
Frère Jacques. But music is fun, which categories you’re tested on,
right? And we’ve never been the as well as their sub-categories like
kind of people to let a lack of ‘Minor and Major Chords,’ or
practical experience get in the way. detecting second and third intervals.
But Minuet has really helped, at We dare you to get through life without knowing the difference
least with our internal musical This is music between a tritone and a seventh.
encyclopaedias. It’s an educational Questions usually create a sound
tool that’s now tentatively part of before asking you to click on one of and students, making its GUI rather
KDE’s educational packages, but several multiple-choice answers. It’s plain, but it’s also fun if you enjoy
still at only version 0.1. We found it quick and easy to use, and you revelling in your own ignorance in
already works excellently. Sound never feel too judged by your the blind hope that Wednesday’s
output is via MIDI and is pre- inability to guess the correct pub quiz will include a section on
configured to use the Timidity answers. This means you can ascending melodic intervals.
software synthesizer, so you don’t focus on your weaknesses, even if
need to worry about connections that means everything. Admittedly, Project website
unless you want to. There’s also a Minuet’s focus is on music teachers https://github.com/KDE/minuet
www.linuxvoice.com 59
� FOSSPICKS
Markdown editor
Abricotine 0.3.2
I
t’s taken over a decade, but
we’re very happy that
Markdown has become popular.
It has almost single-handedly
transformed our thoughts on how
sections of plain text can be
marked up for context while still
remaining portable. It’s moved us
away from the absolute re-usability
of XML towards the easy-to-learn
and mostly re-usable Markdown.
We also like it because it’s
practical, and not unlike the way
many of us have highlighted
sections of plaintext and emails for
years. Headings are underlined with
=== symbols, while sub-headings
are preceded with a # symbol or
two. Lists happen automagically
when you put numbers in front of
things, or bulleted when you put a *.
All of this looks ordinary and easy
to understand when you look at the
raw text, but it’s transformed by
anything that understands
Markdown, turning your scribblings
into fully formed layout, often
complete with tables of contents,
an index, and lovely looking CSS.
This is why it’s used by the cool kids
with Ghost blogging accounts, and Abricotine is almost better than an apricot liqueur.
the even cooler kids with GitHub
accounts. It’s become the default link to them, add multi-coloured have to see the images if you don’t
writing framework without a format. code syntax correctly, and even want to, and there’s a helper menu
The only slight issue is that, while render mathematical symbols as for adding tables, just as you used
it’s easy to write raw text, we’re long as you use the correct to find with old HTML editors. It’s
missing a proper editor, and that’s markdown. It’s a brilliant way to quick, easy to use and immensely
exactly what we’ve found with write, and works extremely well as a practical. The only disadvantage is
Abricotine. distraction-free text editor for that it’s built on top of some
writing your own re-usable modern web technologies like
Close to the edit documents. Node.js and CSS 3, which can make
What makes it different from other You can also export the text as its installation a little larger than
editors, especially those found HTML, either with the Save option ideal for a simple text editor
alongside Ghost, for example, is or with a simple copy and paste, (172MB for our build). This might
that Abricotine includes a real-time which makes this an even better change as the project gets closer to
preview of the output. This happens editor when writing for the web. a stable release, but as we’re all
as you type, so you can see your list Each category of preview can be swimming in storage these days,
formatted correctly just as easily as enabled and disabled, so you don’t an application that would require
you can check the spelling, and it the memory of 2697 Commodore
does the same with headings too
– automatically constructing the
Abricotine is a proper editor 64s isn’t that bad. Either way, we
like Abricotine a lot.
table of contents and placing the for turning your scribblings
links alongside the text editor. It will
include images (and videos!) if you into fully formed layout Project website
https://github.com/brrd/Abricotine
60 www.linuxvoice.com
� FOSSPICKS
Arch made easy
Arch Linux Anywhere
L
ike many Linux users, we love with losing the notes you’ve made
the Arch Linux distribution. for your specific hardware, and
It’s the antidote to distro familiar old Ubuntu becomes
bloat and lack of control, and it’s the extremely tempting.
perfect way of learning more about The Arch-based Manjaro
Linux while building yourself the distribution is a closer alternative to
ultimate personalised OS. Arch that’s easier to install, but Arch
However, we’re not huge fans of Linux Anywhere gets much nearer
Arch’s labour-intensive installation to creating a fully fledged Arch
procedure. Of course, it’s fun the installation, and that’s because it’s
first time, and there’s a good basically a wrapper around the
argument that a distribution that installation process. Rather than
filters out newbies with its installer expecting you to configure your
will offer a better experience for the system after a base installation,
rest of us, but after the euphoria of Arch Linux Anywhere lets you install
We liked Arch before it
your first successes, it can also be a graphics drivers, desktop different bootloaders, all from a
was cool – but making
little tedious. Every step has the environments, network utilities it easier to install is single installation medium. You still
potential to destroy other partitions (including Network Manager!) and even cooler. need to know mostly what you’re
on your drive, and if you forget to doing, especially when you
install the necessary wireless
drivers before that first reboot,
Arch Linux Anywhere is compare it to Ubuntu, but it’s a lot
easier than the default Arch install.
you’re stuck (Android tethering basically a wrapper around
should not be part of any
installation process). Combine this the Arch installation process Project website
http://arch-anywhere.org/download.html
Multimedia sequencer
i-score 1.0.0-a67 ‘Le Plip et le Plop’
T
he Open Sound Control you to do is generate OSC
protocol (OSC) is excellent messages, and messages for
at sending messages from similar protocols, using graphical
one multimedia device or elements within a visual ‘score’
application to another. timeline that allows parameters to
The magic of OSC is that, unlike change over time.
other protocols such as MIDI, none You could easily automate the
of the messages are pre-defined. A volume on a synthesizer, for
message may be as simple as example. But those parameters can
increasing the volume on a also be event-driven, changing and
synthesizer, but it could also branching according to internal/
encapsulate more complex external triggers or conditions. This
messages, such as the real-time makes i-score more like a visual
Developed over 15 years
parameters that make up sound, or programming interface, where you experimentation (the source of
at the Laboratoire
the the complete orchestration of a create complex blocks of data Bordelais de Recherche i-score itself), but it’s also a
remote controlled light show. generators that can spit out en Informatique, i-score wonderful way of playing with new
Those messages can be messages to your various OSC is wonderfully ideas and concepts. Be warned, we
delivered over a cable, over a clients, whether they’re other complicated. may do a tutorial on this in the
network, or even a satellite link. OSC-aware applications like Pure future, so let us know if we’re
i-score is a seriously comprehensive Data, OSC-compatible hardware, or becoming too niche.
application that describes itself as your own OSC clients built into
an ‘open source intermedia something like a Raspberry Pi. It’s Project website
sequencer.’ What it really enables complex and verging on academic http://i-score.org
www.linuxvoice.com 61
� FOSSPICKS
Terminal file manager
NcursesFM
O
n the command line, there compete with Midnight Commander.
is only one file manager. Instead, it’s a super-lightweight
And that’s Midnight curses-based application that the
Commander. It does everything you developer used to experiment with
could ever need, and it does it some C programming. This might
quickly and efficiently. It’s one of the explain why it built in less than a
best reasons for using the single second when we grabbed the
command line in the first place. It’s source code.
even great on Android, without the
command line. Control = power
Midnight Commander’s supreme Despite this, it’s got almost every The command line is like the ultimate hipster hangout – full of
GUI minimalism and extreme function you need. There are reinvented things and beards.
functionality has survived intact, location bookmarks, a system
and its Samba plugin for network monitor, archive extraction, search typing commands out on the
file transfers is one of the few and even the ability to have two command line. Considering the tiny
reliable options we’ve found for tabs open. File lists load incredibly size of the project, this speed and
transferring data from our phone to quickly, and you can move, copy power is a great credit to both C
computer. But just because and rename quicker even than programming and the programmer.
Midnight Commander is good, If you need something that barely
doesn’t means someone else can’t
have a go at doing a better job. And
You can move, copy and makes a mark on your system,
NcursesFM is a great option.
that’s exactly what NcursesFM is. rename quicker even than
It’s a file manager for the command
line, but it hasn’t been developed to on the command line Project website
https://github.com/FedeDP/ncursesFM
Easy TMux copy and paste
tmux-fingers
B
ack in issue 12 (now free your tmux session, giving your
under the CC BY-SA!), we ran fingers even more power. From
a short tutorial on using two within tmux, add a few lines to your
command line tools that perform configuration file and press the
very similar jobs – screen and tmux. tmux shortcut (normally Ctrl+B)
Both screen and tmux help you use followed by Shift+I. A new screen
the command line by creating will show your plugins being
encapsulated sessions that enable downloaded and activated. And our
you to create new terminals, split favourite plugin is tmux-fingers.
views and suspend and resume a When enabled, it will display ‘hint’
session. They’re essential if you for text within the view you might There are plugins for tmux! And tmux-fingers is our new favourite!
commonly do more than one task want to copy. Type ifconfig to see
on the command line, just as network connections, for example, paste that value into the command
editing source code, building a then activate tmux-fingers, and a line with the tmux shortcut and ].
project and committing files to letter hint will appear over IP Tmux (and tmux-fingers) is
version control systems. addresses. Press the hint letter to invaluable for all kinds of things, like
Tmux is our favourite, but one copy the value, and you can now passwords, MAC and IP addresses
thing we didn’t mention in our and filenames, and you begin to
original article – because we didn’t wish Bash had a similar feature
know – is that tmux can be made Tmux creates encapsulated without having to resort to tmux.
even better. This is thanks to a sessions that enable you to
plugin system that enables you to
create new terminals…
Project website
install and enable plugins from with https://github.com/morantron/tmux-fingers
62 www.linuxvoice.com
� FOSSPICKS
FOSSPICKS Brain relaxers
https://launchpad.net/pybik/
Stay alive!
OpenHexagon 2 RC
T
his is an insanely buttons, plus a press of the middle
addictive recreation of a button for the 180 degree flip.
game called Super Regardless of the control you
Hexagon. You’re a tiny triangle in select, it’s insanely difficult and
the middle of the screen, and the often impossible – even when you
cursor keys rotate you around the reduce the difficulty to as low as
middle hexagon. Pressing space possible! Despite this, we couldn’t
will cause you to do a 180-degree help ourselves wanting just one
flip to the other side. While you’re more go…
doing this, crude, colourful Level sets are also accompanied
polygons rotate and descend on by pounding music, often
you, leaving just a small gap for synchronised with the background
you to navigate through. You and the movement on screen. It all Have we eaten too much cheese, or is it another Linux game?
need to rotate your triangle looks like an Amiga demo from the
around the middle to find this gap early 1990s, and if you play it long had great fun playing this and
and get through each descending enough you soon feel like another trying to get somewhere. There’s
wall of polygons. casualty of acid rave culture, but we even an online element where
Your simple task is to stay alive you can compete with other
as long as possible while things
get increasingly faster and more
Your task is to stay alive as players, trying to survive longer
than everyone else.
complicated. We preferred the long as possible while things
mouse controls, which map the
cursor keys to left and right get more complicated Project website
http://vittorioromeo.info/projects.html
Puzzle game
Xor
X
or is a puzzle game that which outputs the opposite of the
just happens to teach input). The slight issue with OR is
you a little about binary that the output is still true if both
numbers and simple logic gates. inputs are true, which is rectified by
Well, just one logic gate – XOR. A XOR. This is true if one or the other
little like Tetris, blocks descend input is true, but false if both are
from above slowly to land on your true or both are false.
own blocks. Unlike Tetris, each It’s the reverse of the input, which
separate unit within the blocks is is what this game is all about. Each
either 1 or 0, and you need to time you get a row correctly Xor is open source, but there’s also a binary download that only
switch the values on your own reversed, an extra block is added to needs libalure installed somewhere.
blocks to be the opposite of the line, making the next go harder.
those descending. The game gets tricky as you blocks look the same as the
This is XOR, ‘exclusive or’, frantically try to reverse your row, descending ones.
which in simple computing and and it’s surprising counterintuitive, Either way, it’s a fun distraction
electronics is one of the gates as naturally want to make your and a good foundation for a more
that allows conditional operations advanced game if you’re looking
and programming logic (the
others being AND, where the
Xor is a fun distraction and for a simple project on whch to
unleash your coding skills.
output is ‘true’ or 1 if both inputs a good foundation for a more
are true, OR, which is true if either
of the inputs are true and NOT, advanced game Project website
http://faissaloo.webs.com/xor
www.linuxvoice.com 63
�� INTRO TUTORIALS
TUTORIALS
Warning: excessive Linux knowledge may lead to fun and more efficient computing.
In this issue . . .
66 70
Mike Saunders
Mike is still playing Frontier: Elite II after all
these years. Off to Barnard’s Star we go!
Amahi: supercharge your OpenBSD: expand your
home network Unix horizons
N
Access and stream all kinds of data around your It’s like Linux, but it takes security to the next level.
ow that Ben is sitting in the home network. Mayank Sharma shows you how to Mike Saunders helps you to install and configure
hotseat of Linux Voice, I can set up an Amahi server with modest hardware. this well-engineered operating system.
take over his column for some
musings of my own. Did you know that
Linux is being used in rockets? In
rockets that place satellites into orbit
and service the International Space
Station? In rockets that return from
space at 2km per second and land on
floating drone ships in the sea?
Yes, I was over the moon to read that
SpaceX is using Linux in its utterly Build a card reader 74 Add shine to Bootstrap 78 OpenVPN 82
awesome space programme. For those Minecraft + GPIO Zero + Les Make your web photo gallery look Set up a VPN and gain access
not in the know, SpaceX is an American Pounder = a rather awesome pretty as a, er, picture with the to your network from anywhere,
company started by PayPal founder card reader for just £5. help of Ben Everard. with John Lane.
and Tesla chief Elon Musk, with the
(eventual) goal of establishing a human
colony on Mars.
There’s a long way to go – probably
Coding
two decades before there’s any kind of
settlement on the red planet – but
Get access to ev
SpaceX is working on rapidly reusable ery
Linux Voice tuto
rockets that should reduce the cost of rial ever
published in ou
access to space and make such a plan r digital
library of back-i
more feasible. Rockets can only deliver ssues
available exclus
3 or 4% of their total mass to orbit, so ively to
subscribers – tu
making them reusable (instead of rn to
page p56 to join
dumping them in the sea) saves a lot of Open containers 86 Machine learning 92 .
resources. Good luck SpaceX, and Hurrah – we have a standard Ben Everard gets the singularity
kudos for using Linux! for containers! But how does it party started, using machine
mike@linuxvoice.com work? Amit Saha explains all. learning with Support Vector.
www.linuxvoice.com 65
� TUTORIAL AMAHI
AMAHI: SUPERCHARGE
YOUR HOME NETWORK
Teach your network new tricks with an old computer.
MAYANK SHARMA
Y
ou can find an open source network app for
virtually all tasks that once required an
expensive piece of proprietary software.
WHY DO THIS? Whether you want a centralised file repository, a
• An all-in-one solution to streaming jukebox, or a multi-protocol file backup and
access and stream all NAS server, the apps to deploy these are just a
kinds of data around the download away. Most apps that live on a network
network
have also been spun into specialised distros, and
• Bundles popular and
powerful network apps as you’ve probably read about setting many of them in
one-click installs these pages. While most network apps aren’t difficult
• To top it all, setting it up to setup and configure, Amahi does one better and
doesn’t take much effort packages the lot in an idiot-proof package.
And we aren’t exaggerating. Amahi includes a DLNA
server and several streaming servers to broadcast
all kinds of multimedia to compatible players and
devices. It also includes Greyhole, for pooling disks into
a unified network storage medium that you can then
use to create shares that can be accessed via the
Samba protocol and even as a network backup target.
Amahi also comes with a free Dynamic DNS name
that’s useful both for universal access to your files and
for hosting websites.
Amahi has modest requirements and can manage
a small network from a computer with a 1GHz Users of the Amahi Anywhere app on the same network as
processor and 512MB RAM. Deployments on larger the server can even access the installed apps.
The Amahi server runs the networks, where multiple users are shuttling oodles of
Samba filesharing server, data running several different apps, will require a multi- To get started, head to Amahi’s website
and you can use it as a core processor with at least 4GB of RAM and multiple (www.amahi.org) and click on the Get Started Now
destination with most
hard disks. Also the recommended distro for the latest button to register with the service. The sign-up
popular backup software.
stable release of the server, Amahi v8, is Fedora 21. process involves picking up a username, which will
also help determine your Dynamic DNS URL. Once
you’ve registered, login into the Amahi dashboard on
the website and click the Configure Your HDA button.
An HDA (Home Digital Assistant) is Amahi’s way of
referring to your Amahi Linux Home server.
The configuration process will walk you through
a couple of pages requesting various information
about your network setup. You’ll be asked to enter
the gateway address of the network that’ll host the
Amahi server. This is the IP address of the Wireless/
Wired router in your home network. Next up, you’ll
have to enter the fixed IP address that’ll be used by the
Amahi server. Usually it’s safe to go with the default
suggestion, unless you’ve already assigned the listed
address to another server on your network. For this
tutorial let’s assume this to be 192.168.2.10.
66 www.linuxvoice.com
� AMAHI TUTORIAL
By default Amahi lists all
the installed apps on its
simple dashboard, but
you can also access them
directly via their friendly
URLs.
The third and last setting you’ll be prompted for on your network and resolve websites. This allows all
is the local DNS domain name. This is the name for machines on your network to access the Amahi server,
your home domain, so you can change it to anything the apps running on the server as well as the shares
that catches your fancy. Do keep in mind that your with human readable names instead of IP addresses.
network shares and Amahi apps will be accessible via However, most users already have a DHCP server
this domain. on their router. You can of course continue using the
Once you’ve entered the requested information, router’s DHCP server and just use Amahi for DNS,
click the Create Your HDA Profile button, which will which still lets you access the server and the apps
bring up a page with the necessary information with friendly names. To continue using your router’s
required to setup your Amahi HDA. Make a note of the DHCP address, fire up the Amahi server’s dashboard
install code shown on this page. and log in. Now head to Settings > Details and toggle
the Advanced Settings option. After the advanced
Deploy the server settings have been enabled, head to Network >
Now head to your Fedora server, fire up a terminal Settings and disable the DHCP server. Next, to ask
window and switch to the superuser root with you network to use the Amahi server’s
su - DNS on your network, open the router’s
The order of business is to download and install admin page in your browser and head PRO TIP
Amahi’s repository with to the section that lists DHCP settings. Head to Settings > Servers to control the
rpm -Uvh http://f21.amahi.org/noarch/hda- Here you can enter the static address services, such as Samba, running on the
server.
release-6.9.0-1.noarch.rpm of the Amahi server as both the Primary
Once the repository has been installed, grab the server and Secondary DNS server.
with The big caveat with using Amahi’s DNS is that the
yum -y install hda-ctl hda-platform server needs to be up and running before any client
When these packages have been download, you can can access the internet. If the Amahi server goes
install Amahi using the install code shown earlier with down, the computers on the network will not be able
hda-install <the-install-code> to resolve websites until the server running Amahi
This will configure the Amahi server as per the settings comes back up again. If you ever take down the Amahi
you provided earlier. server, don’t forget to hand over the DNS function
That’s all there’s to it. You don’t have to manually back to your router. Once you’ve setup Amahi’s DNS
edit any configuration files or tweak network settings; you can access your server by using the http://hda
Amahi does it all for you automatically. When it’s done, address into of the IP address.
simply reboot the server. Once it comes back up,
you should have a fully functional home server that’s Tweak your HDA
initially accessible via the static IP address you setup You can now start configuring the home server as per
earlier (192.168.2.10 in our case). your requirements. The first order of business is to
The first time you fire up your Amahi server’s web manage network shares. By default, Amahi creates a
interface, you’ll be asked to create a dashboard admin bunch of shared folders (books, movies, music,
user. By default Amahi wants to manage your network pictures, etc) that are accessible to all users. To view
and hand out IP address to all connected machines and configure them, head to Setup > Shares. You can
www.linuxvoice.com 67
� TUTORIAL AMAHI
Amahi makes money
by selling easy-to-use
installers for several useful
apps and services such as
OpenVPN.
further customise an individual share by clicking it. home server by adding apps. Select the Apps option
This brings several options related to that particular from the toolbar at the top of the dashboard to
share. From here you can reset a share’s permissions, browse the list of all supported apps. All apps follow a
control access and even delete the share entirely. By similar installation procedure; click on the app to
default, all shares are expand it and read about it in detail. Once you’re sure
PRO TIP available to all users. To you’d like to use it, click on the Install button, which will
If you’re setting up a dedicated machine specify users, uncheck the download the app. When it’s done downloading, Amahi
for the Amahi server, use the Fedora All Users checkbox. This will show you the necessary information you need to
netinstall ISO to install a minimal server.
displays a list of users on the use the app including the credentials for the default
server and lets you select admin user. One of the best things about these Amahi
which user has read and/or apps is that they are preconfigured for your network,
write access to the folder. To create a new share, so you can start using them without any delay.
scroll down and click the New Share button. Give it a
name and set it to visible. After it’s been created, you Get the Android app
can repeat the process described earlier to control If you want universal access to your files, you can
access and permissions. use the Amahi Anywhere app to remotely browse and
If you have multiple hard drives in your server, you stream files from your server on an Android or iOS
can use the Disk Wizard to make the Amahi server device. First up, install the Amahi Anywhere app on
aware of them. Shut down the server and plug in your Amahi server. Then head to the app/play store on
the additional drives if you haven’t already. The Disk the mobile device and install the freely available Amahi
Wizard is an app to manage the disk drives and app. You can now use your Amahi server credentials
partitions. It's a web-based tool accessed from the to log in and browse the files on your Amahi HDA.
dashboard from Setup > Disks > Add. It’ll scan the Similarly, if you want an easier (and specialised)
computer and detect any new unused drives.Select mechanism to manage your centralised data pool
the additional drive and click the Next button, then and sync them across all your devices, you can install
toggle the button to format the drive and select a the OwnCloud app. As with the other apps, Amahi
filesystem. takes care of setting up the app for you. You can start
It’s best to go with the default option unless you using the app as soon as it’s installed by using the
have a reason for favouring a particular filesystem. default login credentials. If you need handholding with
Toggle the option to mount the drive automatically OwnCloud, use our tutorial from an earlier issue – go
and give it a label for easier identification, then review on, take it, download it, share it, and have fun with
the settings before pressing the Apply button. Repeat Free Software (https://www.linuxvoice.com/set-up-
the process to add more drives. owncloud-6).
Flesh out your server Mayank Sharma has been installing media servers ever since
his collection of kitten videos got too big for one machine.
Once you’ve set up the storage, you can enrich your
68 www.linuxvoice.com
�� TUTORIAL BSD
OPENBSD 101: EXPAND
YOUR UNIX SKILLS
Explore an ultra-secure and trimmed-down alternative Unix-like operating system.
MIKE SAUNDERS
E
ven if you've never used OpenBSD before, Firefox, LibreOffice, GCC, Bash, Vim, Emacs and pretty
you've almost certainly used software much every major application from the Free Software
developed by the project. In particular, if you've world. For end users, it's often indistinguishable from
WHY DO THIS? ever logged in to a remote Linux box via the terminal, a Linux installation.
• Discover another flavour there's a 99.999% chance that you've used OpenSSH So why use it? The number one reason is: security.
of Unix. to do it. (If you're still using plain text Telnet to connect GNU/Linux is pretty secure, but its codebase is
• Expand your skill-set with to machines over the internet, you have other enormous, scattered across many disparate projects
more OSes. problems!) OpenSSH is by far the most widely used (the kernel, Glibc, Coreutils etc) and tries to run on
• Deploy highly secure implementation of the SSH protocol – so if you've everything from wristwatches to supercomputers.
servers and workstations.
ever typed ssh or scp into a terminal, you've probably Many distros omit or turn off security-related features
used it. for convenience – which often makes sense on
OpenSSH is developed by the OpenBSD project, desktop machines. In contrast, OpenBSD is a smaller,
along with many other pieces of software that have more concentrated and tightly focused project.
found their way into the GNU/Linux distros we all use Everything in it – the kernel, core libraries, utilities
and love. But what is OpenBSD? Nutshellised, it's a etc – is developed in a single source code tree.
free, open source and highly robust Unix-like operating When the OpenBSD team wants to implement a
system that runs Apache, MySQL/MariaDB, Gnome, new security feature, such as Address Space Layout
OpenBSD's mascot Puffy
is arguably the best in the
entire open source world.
70 www.linuxvoice.com
� BSD TUTORIAL
Randomisation (whereby binaries are loaded into
random places in memory, so that crackers can't be
sure where specific code is), this feature can quickly
and efficiently be utilised across the whole OS. In
Linux it's more complicated, with different distros and
projects taking their own approaches.
So OpenBSD is extremely secure out of the box.
It also has a different licence to GNU/Linux: the BSD
Licence. This is very permissive and lets companies
take OpenBSD code and put it into proprietary
products (which is why OpenSSH is used almost
anywhere). We're huge fans of the GNU GPL here
at Linux Voice, but we recognise the need for more
permissive licences in certain situations.
OpenBSD has been in development for over two
decades and is a very mature and refined OS, so
OpenBSD's installer is not
it's well worth learning about and trying. Even if you VirtualBox click on Storage, and for the CD/DVD drive
an all-singing, all-dancing
just install it as a weekend project, it opens up your (usually on IDE Secondary Master) point it at the graphical affair, but it gets
horizons as your explore different Unix flavours. So, install59.iso file you just downloaded. Click Start to the job done very quickly.
let's get started. boot up the emulated PC and you're ready to roll!
OpenBSD will boot up from the emulated CD – you'll
Installing OpenBSD see that messages from its kernel are displayed as
By far the simplest way to try OpenBSD is to install it white text on a blue background. After the kernel has
in a virtual machine – we recommend VirtualBox. detected your hardware it will offer you four options:
Install it from your distro's package manager (or get install, upgrade, autoinstall or shell. Press the I (for
the latest release from www.virtualbox.org), fire it up install) key then hit Enter to begin the process. And
and click the New button in the toolbar to create a
new emulated PC. Choose BSD as the type of OS,
allocate some RAM to it (256MB is fine for server
OpenBSD's installer may look extremely
usage, but we recommend 1GB if you want to play primitive, but it's actually quite simple
around with OpenBSD as a desktop OS), and then
define the size of the virtual hard drive (10GB is fine). to use when you get familiar with it
Next, get an OpenBSD CD image by going to
www.openbsd.org/ftp.html#mirrors and choosing what happens next? A question mark appears.
a mirror closest to you. Go into the 5.9 directory and OpenBSD's installer may look extremely primitive,
then i386 if you're on a 32-bit PC, or amd64 if you're as it's just a series of questions in text mode, but it's
using 64-bit. Then download the install59.iso CD actually quite simple to use when you get familiar with
image – it's around 220MB. When you're done, in the BSD way of doing things. It may not have point-
and-clicky wizards or pretty Ncurses-driven menus, but
for the most part you can just read the prompts, keep
OpenBSD as a desktop OS? prodding Enter and let the installer do its work.
Given that OpenBSD runs a huge swathe of popular open
source desktop apps, what's stopping it from competing Step by step PRO TIP
head-to-head with Linux in this market? Well, it has some If you're happy with the US keyboard If you're looking to perform more
issues with performance, largely due to its comparatively layout, just hit Enter. Or press L, then complicated installations, eg with
weak SMP (multi-processor) support. custom disk space layouts or on
Enter for a list of other options, and type
Hardware-wise, OpenBSD simply doesn't support the unusual hardware, it's well worth
vast range of devices that Linux does – so you have to be in the one you want. Then enter a reading OpenBSD's official installation
much more choosy with your hardware. That said, OpenBSD hostname (eg obsd-test), and hit Enter documentation. You'll find this as an
developers are very much in the "eat your own dogfood" twice for the network options if you're in INSTALL.xxx file in the same place you
camp, so they don't just hack on OpenBSD inside VMs on downloaded install59.iso – replace xxx
VirtualBox to get an IP address via with i386 or amd64 as appropriate. This
their MacBooks. Many of them run it directly on slightly
DHCP. Hit enter twice more to skip IPv6 is just a plain text file, so you can read it
older ThinkPads, and the hardware support here is largely with the less command or with an editor.
excellent. configuration and setup of any other
For instance, the snazzy-looking 2015 ThinkPad Carbon network interfaces, then enter a root
X1 ultrabook runs OpenBSD like a champ – see one (admin) password.
developer's experiences at www.tedunangst.com/flak/post/ It's a good idea to Start OpenSSH (SSHD) by default
Thinkpad-Carbon-X1-2015. It may not be quite as sprightly
on a test box, so just hit Enter again, and then once
as when running Linux, but it still means you can have
pretty modern hardware and still be rocking OpenBSD as more if you plan to use the X Window System (ie run
your daily driver. OpenBSD in graphical mode). Choose to not start
XDM by default, then enter a username for a normal
www.linuxvoice.com 71
� TUTORIAL BSD
It only takes one command
login account. Choose not to allow SSH root login, the way – it assumes you know exactly what kind of
to replace the bare-bones
FVWM setup with a more select a timezone, hit Enter twice to select the first setup you want to create. The first thing you'll want to
usable Xfce desktop. hard drive (sd0) and use the entirety of it. Then tap do is to install some binary packages to make your
Enter again to choose automatic drive partitioning, installation more familiar and comfortable. To do this,
and once more to install the "sets" (OpenBSD you need to tell OpenBSD where to find those
components) from the CD drive device of cd0. Press packages on the internet. Enter:
Enter twice more to install everything. If you're asked mg .profile
to "continue without verification" enter "yes". Here, mg starts a very simple Emacs-like editor,
Now the OpenBSD sets will be extracted on to your and .profile is the file that stores the settings for the
virtual hard drive – this may take a few minutes. Hit default shell, Ksh. Go down to the bottom of the file
Enter at the final prompt and you'll be and add this line:
given a "congratulations" message, export PKG_PATH=http://openbsd.cs.fau.de/pub/
PRO TIP saying that you're done. That wasn't so OpenBSD/$(uname -r)/packages/$(machine -a)/
If you fall in love with OpenBSD's difficult, was it? You've seen that despite (Here we're using a package mirror in Nuremberg,
simplicity and elegance, or you like some having a very basic command-driven but you can change it to the nearby mirror you used
of the software produced by the project,
you can donate to keep it going via installer, getting OpenBSD onto your to download the CD image earlier in the tutorial.) To
www.openbsdfoundation.org. OpenBSD hard drive is actually a very simple and save your changes and quit, press the following in
is a small fish in the vast ocean of open quick affair. sequence: Ctrl+X, Ctrl+S, Ctrl+X, Ctrl+C. Now press
source software, so contributions to keep
development and infrastructure going are Now enter "halt" to shut down, and Ctrl+D to log out, then log in again as root, and you
hugely appreciated. when you get a "Press Any Key To can now begin adding packages, eg:
Reboot" message, close the virtual pkg_add bash nano
machine window and remove the With pkg_add, binary packages (including their
install59.iso file from the emulated CD/DVD drive dependencies) are downloaded, extracted and
(so that VirtualBox doesn't try to keep booting from installed – usually into /usr/local. You can now
it). Finally, click Start in VirtualBox and your freshly change your shell to Bash (eg chsh -s /usr/local/bin/
installed OpenBSD setup will boot up! bash), use the familiar Nano editor, and so forth.
Now, you're no doubt aware that running as root
Using OpenBSD all the time is a bad idea, so let's fix that. Whereas
Log in as "root" (using the password you provided many Linux distributions use sudo to let you run as a
during the installation) and you'll land at a prompt – a normal user and execute the occasional command as
very bare prompt at that. Out of the box, OpenBSD is a root, OpenBSD has a super-secure alternative called
very minimal OS and doesn't try to hold your hand all doas. To activate it, create a file called /etc/doas.conf
72 www.linuxvoice.com
� BSD TUTORIAL
OpenBSD's limitations
For us, there are two main issues with OpenBSD that put it
behind Linux in some areas. Its support for SMP (multiple
processors) is comparatively weak – the development
team needs to "meet the challenge" here, as OpenBSD lead
developer Theo de Raadt put it. Progress is being made in
this area.
The second issue concerns support and binary updates.
OpenBSD releases are supported with bug and security
fixes for only 12 months – then you have to upgrade.
And to compound the matter, there's no official system of
binary updates built in to the OS, so you have to recompile
components every time there's an upgrade.
Now, the OpenBSD team is very small compared to
what's going on in the Linux world, so we're not criticising
them here. But when you're managing a lot of servers,
Debian/CentOS with their several years of updates (so
long-term stability) and simple "apt-get/yum update" tools
make life much easier. You can also get third-party binary
updates for OpenBSD from M:Tier (www.mtier.org). If you have any questions
exec startxfce4
about or issues with
Now enter startx to fire up X again, and voilà: a shiny OpenBSD, the FAQ is the
(with the nano -w /etc/doas.conf command) with the Xfce desktop with all its bells and whistles! You now absolute best starting
following contents: have a much more attractive working environment point – it's well written and
permit keepenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK and can add Firefox, LibreOffice, Gimp and anything detailed.
} :wheel else you need to be productive. Enjoy!
Now log out as root and log in as the regular user
account you created during installation. You can now Going further
run commands with root privileges like so: OpenBSD's documentation is widely regarded as
doas ls /root being some of the best in the open source world, and
You'll be prompted for your password. During the in our experience that's very much true. One
installation, the regular user account was placed into document you should absolutely read is the 'afterboot'
the "wheel" group, so in /etc/doas.conf we assign manual page – so enter man afterboot in a terminal
members of that group certain permissions to or at the command line to read it. This document
execute commands with root privileges. If you want to explains everything you need to configure networking
start adding packages as your normal user account
via doas pkg_add you'll need to set up $PKG_PATH in
your .profile like you did as root earlier. OpenBSD provides you with enough of a
Fire up the X server
functioning graphical environment that
So those are the essentials of the command line – you can build up exactly what you want
what about using OpenBSD graphically? Enter startx
and once the X Window System loads, you'll be (if you need to change the defaults), mount disk
presented with a very basic FVWM setup that looks partitions, manage processes and users, and so forth.
like something from the mid-80s. Yes, this is OpenBSD Once you've gone through it all, you'll feel confident
being minimalist again. It doesn't expect you to be that your OpenBSD installation is configured and
using this arcane default FVWM setup as your daily secured exactly as you want it.
driver, but it does provide you with enough of a The other manual pages are equally excellent, but
functioning graphical environment so you can start tend to be very direct and terse; for more friendly and
apps, install other window managers and desktops, step-by-step help content, see the OpenBSD FAQ at
and build up exactly what you want. www.openbsd.org/faq. This is the definitive reference
Let's install Xfce and get a more attractive and for all things OpenBSD, so if you have a question or
usable desktop. In an XTerm window (or at the bare a problem, it should be answered there! Failing that,
command line) run: try posting on one of the mailing lists provided via
doas pkg_add -i xfce www.openbsd.org – just remember that the team
A bunch of packages will be downloaded – this is small and busy, so make sure to read as much
could take a while depending on the speed of your documentation as possible before asking a question,
connection, so grab a well-deserved cuppa. Once the and provide plenty of details about your installation
process is done, exit out of X (if you're running FVWM, and hardware. Happy BSDing!
left click on an empty area of the desktop and choose
Exit from the menu), and then run nano .xinitrc to Mike Saunders is such an operating system addict that he
wrote his own (http://mikeos.sf.net).
create a custom X startup file. Add the following:
www.linuxvoice.com 73
� TUTORIAL LINUX FOR LEARNERS
CARD READER CONTROL:
MINECRAFT & GPIO ZERO
Les Pounder harnesses Minecraft to create a card reader that can change the world!
LES POUNDER
I
n the 21st century we take software downloads
and updates for granted, and the games that we
play receive regular updates to fix bugs and offer
WHY DO THIS? new content. But between the 1970s and early 2000s
• Learn Minecraft we relied upon cartridges to deliver our video game fix.
• Learn GPIO Zero Consoles such as the Super Nintendo, Megadrive (aka
• Learn simple electronics Genesis) and Gameboy relied on small plastic
cartridges containing ROM (Read Only Memory) chips
to store games. These cartridges were expensive and
ultimately fell out of favour with the rise of the
TOOLS REQUIRED Playstation generation, but they still command high The default state of our project is to prompt the user to
• Any model Raspberry prices online. In this tutorial we are going to build our
Pi running the latest
insert a card, and this prompt is printed to the Minecraft
Raspbian release own card reader that will read cards/cartridges that chat window.
• Female–female jumper we shall build from everyday household arts and
wire crafts materials. These cards will be used to control around 1.5cm was gripped by the peg. This will ensure
• An LED the actions on our Raspberry Pi, playing music, a good contact. The other end of the paperclip is
• A buzzer opening applications and causing flowers to rain hidden inside the desk tidy and on to the end of the
• A breadboard down upon us in Minecraft. You could easily extend paper clip we attach a female–female jumper wire.
• 220Ω resistor this project to offer students a method of designing Once all four paperclips are completed, connect each
• 4 wooden clothes pegs and building their own Pi-powered games console of them to a corresponding GPIO pin. For ours we
• Paperclips with custom cartridges. started with the first peg connected to GND on our Pi;
• Thick card this is our GND peg, otherwise known as Peg 0. Peg 1,
• Aluminum foil Cartridges! which is our second physical peg after GND, is
• Sticky-backed plastic The goal of our hardware build is to create a unit that connected to GPIO pin 17. Peg 2 is connected to GPIO
will securely hold the card reader while allowing easy pin 27, and Peg 3 is connected to GPIO pin 22 (see
access to insert a card. For our build we visited a local figure 1 for details).
Once a card is inserted into pound shop and found a small desk tidy drawer. We
the reader it is read, in this
drilled holes through the desk tidy and hot glued a Hardware
case peg 1 is connected
to GND and triggers the series of clothespegs to the top. (If you are a younger Now that our interface is created we can move on to
game to rain flowers from reader then perhaps seek an adult's help with that bit.) connecting two output devices. We attach the positive
the sky. Through the hole we threaded a paperclip so that leg of a buzzer to GPIO pin 23 – we can identify the
positive leg of the buzzer as it has a plus sign
embossed into the plastic of the buzzer. The other leg
of the buzzer is connected to GND. For both legs we
used a female–female jumper cable. Our final
connection is to GPIO pin 24, which is connected to
the long leg (anode) of an LED via a 220Ω resistor; for
this you will need to use a breadboard. The short leg
of the resistor is connected to GND.
Now our attention turns to creating our “cards”. The
goal of the cards is to connect either Peg 1, 2 or 3 to
GND. This works like a switch, and the Raspberry Pi
will detect a change of state, which we use to trigger
the code. For our cards we cut sections of card to
match the width of the desk-tidy card reader. Next
we cut a further piece of card to match the same
74 www.linuxvoice.com
� LINUX FOR LEARNERS TUTORIAL
width, but then we cut tracks to match the distance
between GND and a peg. This card is then wrapped
in aluminum foil before being stuck to the larger piece
of card. Now when this card is inserted into the peg
card reader it uses the aluminum foil to connect GND
to a peg. Repeat this process for the remaining pegs
ensuring that the foil only touches the intended peg
(see figure 2).
With the hardware build completed, attach your
keyboard, mouse, HDMI, Ethernet and power to your
Raspberry Pi and boot up to the desktop.
Software
We are now at the Raspberry Pi Raspbian desktop
and from here we need to navigate to the main menu,
in the top-left of the screen. From the main menu go
Inserting another card into
to Programming and then go to Python 3. A new from mcpi import block
the reader triggers the
window will open for the Python 3 application, import pygame lightshow function, which
commonly known as Idle; in this new window, click on import subprocess will flash an LED on the
File > New. This opens a new editor window, where we Now we move on to creating a series of variables reader, buzz a buzzer and
will write the code for this project. Best practice is to that will be used to refer to the pegs of our card reader. then automatically open a
save often, and to make this easier we shall save Peg 1 we connected to GPIO pin 17, and we now web browser.
straight away. So click on File > Save and name the need to tell Python that we have done so. For this we
file card-reader.py. Subsequent saves will not require shall use GPIO Zero, specifically the Button class that
us to specify a filename, speeding the process along. we earlier imported. The Button class enables us to
As always we start our Python code by importing a identify a GPIO pin that is being used as an input. By
number of modules that will enable extra functionality passing the pin number to the class the pin is pulled
in our project. We start by importing the Button, high (turned on) and is ready for use. The other side
LED and Buzzer classes from GPIO Zero. Next we of our button is connected to GND. But a button is a
import the sleep function from the time module. momentary switch, and until the button is pressed, the
To import the Minecraft module and the Minecraft two pins are not connected. When pressed, the GPIO
block class we use two lines. The last two imports pin that has been pulled high is connected to GND and
are pygame, which we shall use to handle audio is then pulled low, registering a change of state that
playback, and subprocess, which is used to call an we use as a trigger for the reader. In our project we
external application in much the same way as using use the aluminum foil strips to connect the GPIO pin
the terminal. for the peg to the GND peg. For each peg we instruct
from gpiozero import Button, LED, Buzzer the code as to which pin is being used.
from time import sleep peg1 = Button(17)
from mcpi.minecraft import Minecraft peg2 = Button(27)
peg3 = Button(22)
We will now create two further variables. The first
GPIO Zero is used to instruct the Buzzer class that we have
attached a buzzer to pin 23 on the GPIO. The second
GPIO Zero is a project created by Ben Nuttall, community
manager for the Raspberry Pi Foundation. One of the is to instruct the LED class that we have an LED, of
main contributors to the project is Dave Jones, famed for any colour, attached to pin 24.
his sterling work with the Raspberry Pi Camera picamera buzzer = Buzzer(23)
Python library. Between them Dave and Ben have created a led = LED(24)
simple and efficient module that enables the user to focus
Our last variable is used to shorten the function that
on the task at hand rather than feeling bamboozled learning
Python. The goal of GPIO Zero is to enable anyone to use will connect this project to Minecraft.
the GPIO pins to build a project, simply. GPIO Zero has mc = Minecraft.create()
classes that handle LEDs, buttons, motors, robots, passive We now shift our focus to creating a series of
infrared (PIR) sensors and in the latest version, 1.2, the functions. Functions are a handy way to contain
tricky subject of ultrasonic sensors – sensors that use a
a section of code. When we wish to execute that
pulse of ultrasound to measure the distance from an object
in much the same way that a parking sensor works. section of code we simply call the function by its
GPIO Zero has come pre-installed with Raspbian since name and the code within is executed. Functions
late 2015, but to ensure that your version is up to date it is come in two forms: standard functions, and functions
best practice to open a terminal and type the following. that have an argument. Our first three functions are
$ sudo apt-get update && sudo apt-get install python3-gpiozero
typical “standard” functions, the first of which is called
test and is used to print a message to the screen
www.linuxvoice.com 75
� TUTORIAL LINUX FOR LEARNERS
uses subprocess to call an external application in
much the same manner as we issue commands at
the Linux terminal. We call the application epiphany,
which is the web browser provided with the Raspbian
operating system. We also pass a website address as
an argument for the epiphany command. In this case
it will open the web browser to that website. Finally
for this function we sleep for five seconds before the
process repeats, unless the card is removed.
def lightshow():
led.blink(n=3)
buzzer.beep(n=3)
mc.postToChat("Lots of blinking lights, lets now open
a browser window!")
subprocess.call(["epiphany","http://linuxvoice.com"])
sleep(5)
By inserting this card we
using Minecraft's built in chat window. We then pause Our final function is called audio, which is different
trigger the playback of the
Linux Voice podcast intro the code for five seconds, otherwise the chat window to those used previously because this function
music. I wonder if we could will become littered with messages. requires an argument. An argument is a piece of data
listen to the podcast in the def test(): passed to the function that provides an extra step or
Minecraft world – maybe mc.postToChat("Insert a card") configuration. In our project we use the audio function
render the team in blocks? sleep(5) with the name of an audio file, this is passed to the
Our second function is called flowers, and we use function as it is called. The argument is the path to the
it to scatter flowers above the player's head. First file that you wish to play, and it can be an MP3, Ogg
the function finds the location of the player using or WAV audio file. If the file is in the same directory as
mc.player.getTIlePos(); this returns a coarse X,Y,Z the code for this project then you will just need to use
co-ordinate for our player. We save this value as a the name and extension type – mp3, ogg, wav – to
variable and then we use mc.setBlock to change the call that file. If the file is located in another directory
block that is three blocks above the head of our player, then you will need to provide the full address, known
this is done via pos.y +3. The block is then changed to as the absolute location. This typically looks like this
FLOWER_YELLOW – you can use any block that you /home/pi/music/cooltrack.wav
wish, but be careful with sand, lava or water as these
blocks can cause mayhem in your world. Add audio
def flowers(): To play the audio we use Pygame. Pygame is a
pos = mc.player.getTilePos() Python framework for building games and media
mc.setBlock(pos.x, pos.y +3, pos.z, block.FLOWER_ content. To play audio we use the audio mixer built
YELLOW) into Pygame, but first we must initialise it ready for
Our third function, the last of the “standard” use. We do this using pygame.mixer.init(). Next we
load our audio file ready for use. Then we play the
audio file once; this can be changed to any integer
You can use any block you wish, but be value, a number with no decimal place, to repeat the
careful with sand, lava or water, as these playback. If you wish for the audio to be repeated
indefinitely then use the value 0 and the audio will
can cause problems in your world continue as long as the project is running. The last line
functions, is called lightshow, and this function
controls the flashing of an LED, the beeping of a
buzzer and opens a web browser to our website. We
start by using the LED class, specifically the blink
function contained therein. Rather than use a for loop
to count the correct number of times that we turn
the LED on and off, the blink function has its own
argument to handle that action. We simply pass the
number of times as (n=3), and we can change the
number to reflect the number of times that we blink.
The Buzzer class also has a function that performs
the same action; this time it is called beep, and it has Figure1. A high-resolution version of this circuit
the same method to control the number of beeps. diagram can be found via our GitHub page: https://raw.
Next we use the Minecraft chat window to post a githubusercontent.com/lesp/Linux-Voice-28-Card-
quick message to the user. Our next line of code Powered-Hacks/master/Card_Reader_bb.png.
76 www.linuxvoice.com
� LINUX FOR LEARNERS TUTORIAL
Pygame
We have used the excellent Pygame module for many of the
Raspberry Pi projects in Linux Voice. Pygame is designed
to handle every aspect of game creation with Python. For
example, we can create sprites (characters in our games),
that come as a large sheet (a sprite sheet), and when the
sprite moves in the game all that is really happening is that
we are referencing a part of the sheet. By doing this quickly
enough we can give the illusion of movement. Pygame can
also handle graphics such as backgrounds and animations,
giving us smooth-scrolling games or quick cuts between
content by blitting (quickly copying the data to the screen
buffer). Pygame can also interact with keyboards, mice
and joypads that are connected to the computer. This
could easily be integrated into a robotics project giving
us a method of input and a GUI showing the status of
the robot. Pygame also has support for USB dance mats, Figure 2. Our reader was constructed using arts and crafts materials that cost less than
meaning that you can code your own version of Dance
£5. Hardware hacking doesn't have to be expensive – we just need to get creative.
Dance Revolution if you like. Pygame also has support for
MPEG videos, but playback can be a little choppy on older
Raspberry Pis. homepage.
Pygame is well maintained and has an extensive library elif peg2.is_pressed:
of examples and documentation to help you get to grips lightshow()
with the impressive library. You can learn more at
The next test is triggered if the previous two tests
http://pygame.org/hifi.html.
return a False value. This test looks to peg 3, and if
that returns a True value then the audio function is
for this function uses the Minecraft chat window to called and the LV podcast music is played. Please
post the name of the audio file that is being played. note that if you are using headphones or speakers on
def audio(file): the 3.5mm jack then you will need to right-click on the
pygame.mixer.init() audio icon in the top-right of the desktop to change
sound = pygame.mixer.music.load(file) the audio output device.
pygame.mixer.music.play(1) elif peg3.is_pressed:
mc.postToChat("You're now listening to "+(file)) audio("LV.wav")
We now move on to the main sequence of our code, If all of the above tests return a False value then
this is the algorithm that will run the project. We start the the final test, else, is used as a catch-all (if all
by using try – this is part of a try..except construction of the previous tests are False, then else must be
that we shall use to handle exiting the project. The True). Here use use else to trigger the test function,
default state is to run the code under try; if there is prompting the user to insert a card.
an error then the project will exit. Under try we use a else:
while True loop, this is a loop that will run indefintely. test()
You will see that the while True is indented so that it is Our last two lines of code close the try..except
inside the try construction. construction and we use except to handle the user
try: exiting the project using Ctrl+C in the Python shell. If
while True: the user presses these keys the project exits and says
Indented inside of the while True loop we next goodbye.
create a conditional test that will look at each of except KeyboardInterrupt:
the three pegs connected to the GPIO and acting print("EXIT - Bye bye")
as buttons. The conditional test uses if, else if With the code completed we save our work. Now
(shortened to elif in Python), and else. Our first test navigate to the main Raspbian menu, go to Games
looks to see if peg 1 has been triggered, in this case and select Minecraft. Open or create a world and then
pressed. If that test is correct then the function press Esc to open the Minecraft menu; click on the
flowers is called and the code inside of that function second icon in the top-left of the screen to change the
is executed, which will cause flowers to rain down on view from first-person to third-person, enabling us to
our player. see the player. To release your mouse from Minecraft
if peg1.is_pressed: press Tab and return to Python 3. Click on Run > Run
flowers() Module to run our code. Now return to Minecraft, insert
If that condition returns as False then the test a card and get ready to interact using Ye Olde physical
moves on to the next condition, which looks to see cards. It's like being back in the 80s!
if peg 2 has been triggered. If that returns as True
then the function lightshow is called and the code Les Pounder divides his time between tinkering with
executed, flashing the LED, beeping the buzzer hardware and travelling the United Kingdom training teachers
in the new IT curriculum.
and loading the web browser to the Linux Voice
www.linuxvoice.com 77
� TUTORIAL BOOTSTRAP
ADD STYLE TO YOUR WEB
APPS WITH BOOTSTRAP
In part 2 of our web app series, we give our photosharing app a makeover.
BEN EVERARD
T
he web is everywhere. It’s on our desktops, our end up being unintuitive and hard to use – the
TVs, our phones and our tablets. This is great restrictions placed by Bootstrap (which we will see
for us as browsers because it means we can later) are actually a good thing for almost everyone
access information from almost anywhere, but it who’s not a trained designer.
WHY DO THIS? creates a headache for designers, because they have In part one of this series, we built a simple web
• Make your app easier for to create web content that looks good in different app to enable people to view and upload pictures of
your users to navigate formats. The same website could be rendered in a wedding. We built the working parts in Python’s
• Ensure the interface landscape or portrait, in low or high resolution, and Tornado framework, but the interface (rendered in
works on small or large
screens interact with mouse or touch. That’s a big ask of basic HTML) left quite a lot to be desired. In this
• Pretty is a feature humble HTML, so rather than start from scratch, we’re tutorial, we’re going to make it look better.
going to get a little help.
Bootstrap is a bundle of CSS and JavaScript that Prettification the lazy way
make it easy to create good-looking websites. While Bootstrap is particularly good for sites that are going
Bootstrap is popular, it does get some complaints, to be displayed across a range of different devices.
and it’s always good to address the downsides of Our photosharing website is designed to be run on
a technology before using it for a project. There phones during the event and desktops afterwards
are two main criticisms of Bootstrap: that it makes (to allow everyone to view the pictures of the day).
a lot of websites look similar, and that it restricts This scenario, where both mobile and desktop web
the layout you can give to your website. There are environments are important, is perfect for Bootstrap.
projects for which these complaints are legitimate, As we’ll see, it makes it easy to specify different
but they’re rare. After all, does it matter if your website layouts for different screen sizes.
looks similar to others? That just means that users Themes in Bootstrap are just extra bits of CSS to
The three official themes
will know what to expect and how to use it. Many customise a website, and they vary in complexity.
for Bootstrap show the
websites that try to be too creative with their space Which theme you pick depends entirely on how you
library at its best.
want your website to look: some are simple and
just let the content shine through, while others are
much more complicated. In our mind, the essence
of good design is simplicity. We don’t want the
users to be blown away by the look of the website;
instead we want them to find the website easy to
use and be blown away by the pictures shared on
it. With that in mind, we don’t need to look too hard.
In fact, we’re happy to stick with one of the default
Bootstrap themes – Jumbotron Narrow. Theme
selection, probably more than anything else in web
programming, is a hugely personal thing, so if you’d
rather go for something more elaborate, there are
loads of options online. You can find the official
themes at http://themes.getbootstrap.com, but
there are also unofficial repositories of open source
themes at https://bootswatch.com and http://
startbootstrap.com. When looking for themes online,
be sure to check the licence, as not all are open
source.
Since Themes are just additional CSS, there’s no
specific process for installing them. You just need to
78 www.linuxvoice.com
� BOOTSTRAP TUTORIAL
make sure you have the code you need, and include it You can use the responsive
in your HTML files. design tool in Firefox to
The head for our HTML files is: see how your web app will
<!DOCTYPE html> look on different sized
screens.
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width,
initial-scale=1">
<link href="/static/bootstrap.min.css" rel="stylesheet">
<link href="/static/ie10-viewport-bug-workaround.css"
rel="stylesheet">
<link href="/static/jumbotron-narrow.css"
rel="stylesheet">
<meta name="robots" content="noindex">
<title>Gallery</title>
</head>
This works if you’re serving all your static content
out of the /static/ URL – you’ll need to adjust
this if you’ve got a different setup. The <meta
name=”robots” …> tag is used to tell search engines
that we don’t want this page to be indexed. Since
our gallery is for a private event, we don’t want our
pictures popping up in public searches.
Why no JavaScript?
You may notice that we haven’t included any
JavaScript files here. While there are some in
Bootstrap, they’re not essential for all projects. Take a At its most basic, Bootstrap is a grid-
look at the boxout on JavaScript for more details of
what you can do with these. based layout system that divides the
The first thing you need in the body of your HTML
is a container. These are div elements and can have page up based on rows and columns
one of two classes: container or container-fluid. The
first type is fixed width (but responsive at smaller the website will look fairly similar on both phones
screen sizes) while the second will scale entirely with and desktops. If you want to make the most of the
the screen size. We went with the former so that width of a desktop’s screen, you may wish to opt for
container-fluid.
The basic structure of our HTML body is:
Customising
<body>
Bootstrap is large. The full build of CSS is over 100kB after <div class=”container”>
minification and includes hundreds of features. In any one
<!-- heading -->
site, you’re only likely to use a handful of these features, so
the rest are just a waste of bandwidth and parser time. To <!-- images -->
make this a little lighter, you can customise the version of <!-- controls -->
Bootstrap so that it only includes the particular components </div>
you need. </body>
The easiest way of doing this is via the Bootstrap
</html>
website. At http://getbootstrap.com/customize you can
choose the parts of Bootstrap you want (and customise
many aspects of the appearance) to generate a much The starting grid
smaller file. When we performed this for our site, the CSS At its most basic, Bootstrap is a grid-based layout
for Bootstrap dropped in size from 121.3kB to 26.5kB. system that divides the page up based on rows and
If you’re working on a long-term project, it may be
columns. You can have as many rows as you like
better to be able to configure the build of Bootstrap in
your build system so that you can reliably add and remove (these are defined in divs with the class row). Each
components without having to check boxes on a website. row has 12 columns, but an item in the row can span
For this, you’ll need the Less CSS compiler, which requires more than one column. If the items in a row go
a little setup, but if it’s important for your project, you’ll find beyond 12 columns, the row will wrap around, but it
all the details you need at http://getbootstrap.com/getting-
won’t join onto a separate row that’s defined using a
started/#grunt.
div tag. The particularly clever thing about Bootstrap is
www.linuxvoice.com 79
� TUTORIAL BOOTSTRAP
that you can tell an item to span different numbers of the narrow screen means you should see only a few)
columns depending on the screen size. or on a desktop (where you can fit more images on
In last issue's tutorial we created the server side the wider screen). Let’s look at the code for our grid.
part of our website that enabled users to upload <div class="row">
images and view the gallery. Let’s now look into how {% for pic in pics %}
to style this gallery page. This page consists of a <div class="col-xs-4 col-sm-3 col-md-3 col-lg-2">
header, a grid of images, then some controls at the <a href="/pictures?pic={{pic}}"><img src="{{img_dir}}
bottom. Let’s look at the middle part of this first, the {{pic}}"></a>
grid of images. </div>
We’ll display this in a single row div, however, we’ll {% end %}
use more than 12 columns so this row will actually </div>
span multiple lines. The row div is there to separate If you didn’t follow last month’s tutorial, all you need
the images from the header and the controls rather to know for this is that the bracketed expressions are
than the other rows of images. We then need to evaluated in Python. The for loop will repeat the block
decide how many thumbnails we want to display on of HTML for every image on this page of the gallery,
each line. The best option for this varies depending on and the double-bracketed expressions will put the
whether you’re viewing the page on a phone (where right links in place.
JavaScript and plugins
In this tutorial, we’ve looked at all the great styling Bootstrap use it; worse, most of the uses of JavaScript in Bootstrap add
CSS can bring to your website. However, CSS is only part of some form of animation, and when used poorly, this can lead
Bootstrap – there’s also a set of JavaScript plugins that give to confusion.
you more graphical niceties to add to your site. Before we take None of these are a reason that you shouldn’t ever use
a look at them, let’s think about whether we should… JavaScipt or Bootstrap plugins, but we’ve included them
JavaScript adds delays. There’s more to download, and because we think JavaScript graphics are best used sparingly
more processing for the browser to perform before the and only when they provide a definite advantage. Bootstrap
rendering is complete. Not all users have JavaScript enabled, depends on jQuery, so you need to include this in all pages
so if your page relies on plugins, not all users will be able to that use these plugins.
• Modals are pop-up boxes that are rendered in the HTML of • Carousels are a style of display that rotates through a
the site itself (rather than JavaScript alerts, which are extra series of images (with text attached). They’re a great way of
windows openned by the browser). Used badly, they block highlighting things that the user may be interested in, such
your view of content until you take action; however when as other pages on your website for more information about
used well, they can alert a user to something important. the topic at hand.
• Collapses enable you to show and hide content in a smooth • Alerts in Bootstrap aren’t the same as JavaScript Alerts,
animation, and are useful for including information that although they are both created with JavaScript. They’re
won’t be needed by all readers. By default, it can be hidden dismissable elements on the page that the user can get rid
(collapsed) and so allow the page to remain uncluttered. If a of once they’ve read and absorbed the information. They’re
reader finds they need the extra detail, they can click to make particularly useful for adding feedback to forms.
it appear.
80 www.linuxvoice.com
� BOOTSTRAP TUTORIAL
In this code, every image in inside a div, and the
class of the div tells bootstrap how many columns
we want the image to take up on the different sizes of
screen. The class col-xs-4 stands for four columns on
an extra-small screen, which is defined in bootstrap
as anything less than 768 pixels across. Small (sm)
screens are less than 992 pixels; medium (md) are
less than 1200 pixels; and large are anything beyond
this. Our gallery will then scale between three and six
images per line depending on the size of the screen.
This layout is dynamic, so if a user has a phone in
portrait orientation and rotates it to landscape, the
web page will change to reflect the new size.
Intuitive inputs
The controls of our gallery enable the user to move
backwards and forwards through the pages of the
We’ve kept our final web
images. Mouse and touch inputs are best with slightly whenever you’re adding anything to your Bootstrap page simple. It’s up to you
different spacings. On large screens, we like to keep site, check out the documentation for styling options. whether you do the same
the controls close to each other so that the user The final thing we need to add is the heading. This, or add more graphical
doesn’t have to move the mouse too much if they’re in the terminology of our theme, is the Jumbotron. niceties.
going backwards and forwards through the pages. On The cutesy name refers to a large block that stands
small screens, it’s helpful to keep the controls a little out from the rest of the page.
way apart so that the user doesn’t accidentally press <div class="jumbotron">
the wrong one. We’ll use the layout controls to change <h1>Gallery</h1>
this for different screen sizes. This is done with the <p class="lead">We'd love to see your pictures
following code: of the day. You can send them straight from your phone:
<div class="row"> <a class="btn btn-lg btn-success" href="/upload"
<div class="col-lg-2 col-xs-2"> role="button">Upload Pics</a></p>
{% if page > 0 %} </div>
<p><a class="btn btn-lg btn-success" href="/ The main title is just a h1 tag. Bootstrap will style
gallery?page={{page-1}}" role="button">Previous Page</ all of the standard HTML typography options for you.
a></p> This includes almost all HTML options including more
{% end %} esoteric tags such as abbr (used to add tool-tips to
</div>
<div class="col-lg-1 col-xs-4">
</div>
If you spend a little time learning
<div class="col-lg-2 col-xs-2"> Bootstrap now, you'll be able to apply it
{% if page < final_page %}
<p><a class="btn btn-lg btn-success" href="/gallery? to many web-based projects in future
page={{page+1}}" role="button">Next Page</a></p>
{% end %} abbreviations for people who don’t know what they
</div> mean) and mark (to highlight text). As well as styling
<div class="col-lg-7 col-sm-4"> the standard HTML tags, Bootstrap provides some
</div> classes that you can use to add additional typography.
</div> Here we’ve used the lead class, which is used to make
The two if blocks are used to hide the next and a whole paragraph more prominent.
previous buttons if the user is at the end or start of Bootstrap is a versatile tool, and if you spend a little
the gallery respectively. This code also uses another time learning it now, you’ll be able to apply it to many
bit of Bootstrap – the styling for buttons. The link has web-based projects in the future. There’s too much
the classes btn, btn-lg and btn-success. These tell of Bootstrap to cover in one tutorial, but it all works
Bootstrap that we want the link to look like a button, in roughly the same way. Once you’ve mastered the
that it should be large, and that it should be blue grid-based layout (as we have with our Gallery page),
(success buttons are blue by default). and seen how to use the CSS, Components and
As well as buttons, Bootstrap gives you great styles JavaScript, it becomes a simple job to tie together the
for lists, tables, navigation bars, input boxes and a bits you need for your project.
huge number of components that can come together
to make up your site. There’s no space to cover them Ben Everard is an adventurer, security obsessive, editor
all here, and there’s no reason to learn them all when of this very magazine and co-author of the best-selling
Learning Python with Raspberry Pi.
you’re just making a simple site. Just remember that
www.linuxvoice.com 81
� TUTORIAL OPENVPN
OPENVPN: VIRTUAL
PRIVATE NETWORK
A VPN across the internet gives you secure access to your network from anywhere…
JOHN LANE
A
virtual private network, or VPN, is an another network interface, just like those that connect
extension of a secure, private network across to real wired or wireless networks. The operating
an insecure public one, making it possible to system includes this virtual network device in the local
access the private network's resources when not network, and any network-capable application can use
WHY DO THIS? directly connected to it. It enables you to connect it without special knowledge or consideration.
• Download movies from across the internet into your home or office network The VPN software establishes the point-to-point
your home network while and use it as if you were there. connection (our tunnel) using an appropriate protocol
you're stuck in an airport/
bus station…
It works by establishing a secure tunnel through an for securely communicating across the internet.
• … without the usual insecure network such as the internet and passing The specifics of this will vary depending on the VPN
insecurities of network traffic through the tunnel. A tunnel connects software being used, but examples include SSL/TLS
transmitting data over the two things together, be they two sides of a river or (as used in secure websites) or SSH. Data can then be
wild wild internet.
two internet-connected devices: desktop or laptop sent through this secure connection as-is, but some
computers, smartphones, tablets or other capable VPN software offers other options such as further
devices. A typical VPN is a point-to-point connection encryption or compression to increase security and
between two devices that have internet access. performance. The end result is that network traffic
One device in the pair is configured to initiate the can pass securely between two devices as long as
connection; this we'll call the client and say it's the they have internet access.
remote end of the connection. The other device, at the Another aspect to consider is the network protocol
local end of the connection, is configured to listen for used to implement the tunnel. The general advice is,
connection attempts; this is the server. where possible, to use the faster UDP protocol unless
The TCP/IP and OSI The server can concurrently maintain connections you experience problems; in which case use the
models use layers
with multiple clients but each one is separate: a client slower, but more deliberate TCP.
to describe network
can only communicate with another via the server
architecture; VPNs are
often described using the and only if the server allows it. Layer cake
OSI layers they carry. OSI Each device needs to run some software that Network protocols are sometimes described using
is an ISO standard (ISO/IEC establishes this connection, but it does something models, either the older "OSI Model" or the simpler
7498-1). else too: it appears to the operating system as "TCP/IP" (also called "DoD") model, as illustrated in
our diagram. They both use layers to illustrate how
TCP/IP (DoD) Model OSI Model one protocol is built upon another. Data transmission
Application Application from one layer travels down through the lower layers
7 to reach the wires or Wi-Fi of the physical network and
Presentation then, at the receiving side, upwards to the same layer.
The layers we're interested in are:
6
Layer 2, which refers to the OSI Data Link layer or
Session
Network Access layer in the TCP/IP model. This is
5 the lowest-level protocol that we refer to and it
transmit
Host-to-host Transport carries data in chunks (as what it calls Frames).
receive
4 Layer 3, being the OSI Network or TCP/IP Internet
Internet Network layer, is where the Internet Protocol that we refer to
Layer 3 VPN - IP packets as "IP" lives. IP data is also carried in chunks, but
3
these ones are called Packets; they are, in-turn,
Network Access Data Link carried by the frames we just described.
Layer 2 VPN - ethernet frames 2 Higher-level protocols sit above these; examples
Physical you'd typically encounter include UDP or TCP, with the
1 familiar term TCP/IP also referring to the IP protocol in
the layer beneath.
82 www.linuxvoice.com
� OPENVPN TUTORIAL
A VPN works with either frames or packets. applications designed to provide tunnelling and virtual
Networking people might describe a VPN as being networking, and we'll use them to create a VPN.
"layer 2" if it uses frames, or "layer 3" if it uses packets.
What all this means for us is what protocol layer our OpenVPN
VPN operates at: we can choose to build it in either OpenVPN is a cross-platform GPL-
layer two or three so that it uses either frames or licensed VPN application that can use PRO TIP
packets. Another, and perhaps more understandable either UDP or TCP to tunnel Ethernet You can use "easy-rsa" to manage your
way to describe them, is the way they're typically used: frames or IP packets secured by SSL/ own certificate authority for other uses
"bridged" or "routed". Bridging joins networks together, TLS. It can use either tun or tap devices, besides OpenVPN. The latest version is at
https://github.com/OpenVPN/easy-rsa.
whereas routing keeps them separate but allows and supports the latter used in a bridged
them to communicate. configuration to give a homogenous
A bridged VPN extends the server's IP network network over the tunnel. Both client and server are
across the tunnel so that the client becomes part contained in the same package; you should be able to
of it. The client has visibility of, and is visible to, the install it from your distro's repository:
other IP devices on the network. The client can use IP $ sudo apt-get install openvpn
broadcast and multicast, and other layer 3 protocols Like anything that uses SSL, OpenVPN uses Public
should also work, such as IPX, which some games Key Infrastrucure (PKI) certificates for authentication
use. A routed VPN creates a separate IP subnetwork but, unlike SSL, it's unusual for them to be issued by a
for connecting clients. The server manages an public certificate authority. Instead, OpenVPN provides
address pool and allocates each client with an IP a utility called easy-rsa that you can use
address from it. Because it's a separate subnetwork, to produce your own certificates, and
clients must configure IP routing to reach beyond you'll need to do this before configuring PRO TIP
the server. It only supports point-to-point IP network the server and any clients you need. Getting "TXT_DB error number 2" when
traffic, so won't work for IP broadcast or other Decide where you need it, and install signing a cert? Ensure its Common
Name field is unique amongst all valid
protocols. easy-rsa from your distro's repository: certificates.
$ sudo apt-get install easy-rsa
TAP and TUN You should then copy the easy-rsa to
So we've learnt that our VPN uses a tunnel to carry make your own working copy:
either data frames or packets, and that it's a virtual $ cp -r /usr/share/easy-rsa ~
network device connected the local network. Two $ cd ~/easy-rsa
types of virtual network device are implemented by Review and edit the configuration file, called vars,
the Linux kernel's Universal TUN/TAP device driver: to meet your needs. At a minimum, alter the default
The tap (network tap) is a layer 2 device and, as certificate field values:
such, works with frames. It's similar to a regular # These are the default values for fields
network device like /dev/eth0 – a virtual network # which will be placed in the certificate.
interface that can be used in a bridge. # Don't leave any of these fields blank.
The tun (tunnel), as a layer 3 device, works with IP export KEY_COUNTRY="US"
packets. It is a virtual IP point-to-point device (it isn't export KEY_PROVINCE="CA"
a network interface so cannot be used in a bridge export KEY_CITY="SanFrancisco"
– routing can instead be used to extend reach). export KEY_ORG="Fort-Funston"
The TUN/TAP driver is used by many networking export KEY_EMAIL="me@myhost.mydomain"
SSH: The poor man's VPN
If you find yourself in need of a temporary VPN and you device, choosing a new subnet for the tunnel and giving the
already have an SSH connection, you can use SSH to quickly server's end an IP address within it:
establish a private tunnel without additional software as long # ip addr add 10.9.1.1/24 broadcast 10.9.1.255 dev tun78
as the server is configured to allow it. # ip link set up tun78
The PermitTunnel setting in the server's configuration Now open a new shell on the client and do similarly: give
(/etc/ssh sshd_config) controls this, and its default value, it a different IP address in the same subnet as the server and
no, disables tunnelling. Set it to yes to allow 'tun' and 'tap'; to define a route to the server's network via the server tunnel's
point-to-point for only the former or ethernet for the latter. IP address:
You need to be able to establish tun or tap devices, which # ip addr add 10.9.1.2/24 broadcast 10.9.1.255 dev tun56
usually requires you to be root or to otherwise have the # ip link set up tun56
CAP_NET_ADMIN Linux kernel capability. Assuming this, begin # ip route add 172.16.2.0/24 via 10.9.1.1
by connecting to the server with SSH: You should then be able to reach any node on the server's
$ ssh -w 56:78 172.16.1.3 172.16.2.0/24 network from the client. There are other modes
where you can choose the numbers 56 and 78, which are too – tap devices can be used or port forwarding tunnels can
the "tun" device numbers assigned at the client (56) and be established with ssh -L in a forward configuration or ssh
server (78). You get a server shell and the tunnel as a second -R for a reverse tunnel. See the SSH man page to learn more
background process. Use the shell to bring up the server about these options.
www.linuxvoice.com 83
� TUTORIAL OPENVPN
server's certificate (myhost.crt) and private key
(myhost.key) to the same directory. Then edit the
configuration to reference them:
ca /etc/openvpn/ca.crt
cert /etc/openvpn/myhost.crt
key /etc/openvpn/myhost.key
dh /etc/openvpn/dh2048.pem
You can also configure the server to drop privileges
(it must start as root so doing this is a good security
precaution):
user nobody
group nobody
The other things to decide at this point are the
connection protocol (udp or tcp) and whether the
tunnel should carry frames (layer 2; "tap") or packets
Add management export KEY_OU="MyOrganizationalUnit" (layer 3; "tun"). The configuration file is preconfigured
localhost 1234 to the
The Easy-RSA Certificate Authority needs to be to carry packets over UDP. It contains:
configuration file and then
initialised; you can accept the defaults (that you set in proto udp
use telnet localhost 1234
to access it. See http://bit. vars) when prompted or enter alternative values: dev tun
ly/openvpn-mi for more. $ source vars server 10.8.0.0 255.255.255.0
$ ./clean-all The default value of the server declaration tells the
$ ./build-ca VPN that it's a server for the 10.8.0.0/24 subnet. The
Easy-RSA writes to a keys directory where you address range that you allocate by this directive must
should now find your new CA's private key (ca.key) be a private address range that is otherwise unused
and its self-signed certificate (ca.crt). The other files on your network. The server takes the first address
you'll find there (index.txt and serial) are used to (in this example, 10.8.0.1) and can issue remaining
manage the certificates that your CA will sign, and the addresses to connecting clients. You can change the
first of these is your server certificate: dev setting if you want to run the VPN in layer 2:
$ ./build-key-server myhost dev tap
The myhost parameter refers to the server and is In both cases, the VPN will create and destroy the
what the PKI calls its Common Name (CN); it can be virtual network device. Bridging is slightly different,
a host or username, or whatever you want as long as however, because a pre-existing device must be
it's unique. Building a certificate is a two-step process: specified. If the bridged device is /dev/tap0 then the
first, a certificate signing request, or CSR, is made, declaration should be:
which is then signed to produce the certificate. You'll dev tap0
find the CSR, myhost.csr, and certificate, myhost.crt and, instead of the server setting just described, use
in the keys directory. server-bridge instead. This takes the network and
The CSR can include a challenge password netmask, and the first and last addresses in a range
which only becomes relevant if you want to revoke that the VPN can allocate to clients.
(invalidate) a certificate. It's normal practice to leave server-bridge 172.16.2.0 255.255.255.0 172.16.2.100
this blank. The last thing that the server 172.16.2.199
needs is a file containing Diffie-Helman With all configuration done, we can start the server
PRO TIP
parameters that are used to establish and move on to the client...
The example config files on Ubuntu
derivatives are in /usr/share/doc/openvpn/
a shared secret used for ongoing $ sudo openvpn //etc/openvpn/server.conf
examples/sample-config-files. encryption. OpenVPN 2.3.9 ...
$ ./build-dh Initialization Sequence Completed
Of all of the files generated, only the
*.key files should be considered secrets that that Certificate request
must be protected to keep the VPN secure. By running Client configuration is similar, but each client needs its
the PKI certificate authority on a separate host to the own certificate. They can also use easy-rsa to create
server, its private key (ca.key) need never be exposed their private key and a certificate signing request:
to the VPN. $ source vars
All private keys should be given restricted access $ ./build-req myclient
permissions: chown root and chmod 400. Copy the request, myclient.csr, (not the key – the
Configuring the server requires editing a client should keep that secret) into to your certificate
configuration file. Begin by copying an example: authority's easy-rsa/keys directory and then use
$ sudo cp /usr/share/openvpn/examples/server.conf / $ ./sign-req myclient
etc/openvpn/myhost.conf to sign it. This may report an error due to not having
You should also copy the CA certificate (ca.crt), the private key but, because that is intentional, the
Diffie-Hellman parameters (dh2048.pem), and the error can be ignored.
84 www.linuxvoice.com
� OPENVPN TUTORIAL
chmod: cannot access 'myclient.key': No such file or This way, the packets go through the kernel so you
directory can then use its netfilter (Iptables firewall) to permit or
Pass the resulting myclient.crt file back to the deny specific client interactions.
client. Alternatively, you can use sign-key to do the Adding routes usually needs to be done in pairs:
whole thing on the CA, but the CA will also generate a route on the sender to the receiver and another
a new private key for the client, which end-users may on the receiver to the sender. It can be done in two
prefer to maintain privately themselves. ways: using the operating system's tools (the ip route
Client configuration is similar to the server, but the command) or by configuring OpenVPN to do it for
example file is called client.conf and the files you you. In the latter case, such routes are automatically
need to configure are: removed when the VPN is closed.
ca /etc/openvpn/ca.crt As an example, do the following on a client to allow
cert /etc/openvpn/myclient.crt it to connect to other clients (also do the same on
key /etc/openvpn/myclient.key those clients):
You should also specify the OpenVPN server's $ ip route add 10.8.0.0/24 dev tun0
type (tun or tap) and its name, either as a domain or Alternatively add the route to the VPN server's
hostname, or by its IP address. The port, 1194, is the configuration. It will then push the route to the client
standard port used by OpenVPN and configured on when the VPN starts and the route will be removed
the server; there is no compelling reason to change it. when it stops:
dev tun push "route 10.8.0.0 255.255.255.0"
server myserver.example.com 1194 Notice how OpenVPN requires that the subnet
Start the VPN client: mask is expressed longhand instead of the more
$ sudo openvpn //etc/openvpn/client.conf succinct CIDR notation. Similarly, if the server's local
At this point the client should be allocated an IP network is 172.16.2.0/24, then adding
address by the server; you can check this on the client: push "route 172.16.2.0 255.255.255.0"
$ hostname -i to the server's configuration will allow clients to
172.16.1.4 10.8.0.6 access its local network. A route from that network
back to the VPN is also required, which the OpenVPN
Network configuration server automatically adds to its own host. If that isn't
It's a feature of the internet protocol that a network the network's default gateway then a similar route will
node (a device connected to the network) only has also need to be manually added there. For example,
visibility of other nodes on the same network segment if the VPN server runs on 172.16.2.1, this would be
(or subnet) and that routes can be defined so that appropriate for the default gateway:
nodes beyond this may be reached via some other ip route add 10.8.0.0/24 via 172.16.2.1
node (usually called a gateway) on the same segment You can run multiple instances of OpenVPN, say
that is able to reach them. to offer both TCP and UDP or, perhaps, two UDP
This means that the reach of a VPN is limited to instances for bridged and routed configurations. The
the VPN's subnet unless routes are configured to assigned, and default, port number for OpenVPN is
extend it. This is the address range defined in the 1194 – you can run one UDP and one TCP instance
configuration file of a routed VPN or, for a bridged concurrently with this port, but multiple instances
VPN, it is the networks that have been been bridged using the same protocol will require additional port
(usually this means the VPN's local network). numbers. You can use any port number that your
Configuring routes is very environment-specific; server isn't otherwise using.
what's right for one network may not be for another.
Typical configurations include: Don't clash…
Giving VPN clients access to other nodes on the One last thing to be aware of is that a VPN client's
server's local network. local network must have different IP address ranges
Giving VPN clients access to other VPN clients. to those that the server makes available via the tunnel,
Giving nodes on the server's local network access otherwise address conflicts can arise. If there are local
to VPN clients. and remote addresses that are the same then the
Extending reach from and to the client's local client will be unable to determine the required routes
network. and things won't work as expected.
The easiest way to allow VPN clients to interact There are many other aspects of OpenVPN that we
with each other is to use client-to-client mode on the haven't covered such as its management interface,
OpenVPN server. This allows connectivity between status log (look for openvpn-status.log), internal
any pair of clients through the OpenVPN server; the routing tables and much more. The documentation
packets are routed within the VPN server software at https://openvpn.net/index.php/open-source.html
and not exposed to the server's operating system. would be a good place to continue learning.
To enable this mode, add a client-to-client directive
to the server's configuration. However, if you want John Lane provides technical solutions to businesses. He
has yet to find something that Linux can't solve.
control over such interaction, add routes instead.
www.linuxvoice.com 85
� CODING LIBCONTAINER
THE OPEN CONTAINER
RUNTIME SPECIFICATION
libcontainer, containerd and further adventures in container standardisation.
AMIT SAHA
A
Container is an isolated environment inside a defined: "Prestart", "Poststart" and "Poststop". Prestart
Linux system. It has its own filesystem, limits hooks are programs that are called in order after
on resource usage and its own set of the container is spawned, but before the program-
WHY DO THIS? processes (and other internal identifiers). To the user, specified runs. Poststart hooks are called after the
• Isolate your software to a container appears to be completely isolated from user-specified process has started. Poststop hooks
improve security. the main system much like a virtual machine is, but in are called after the container is destroyed. These
• Manage your containers practise, it runs on the same kernel as the host OS so hooks are the link between the host system and the
from software for maximum uses fewer resources to run than virtualisation. container, because they run from the host's filesystem
control.
Several different technologies have emerged for but as a process in the container. In technical terms,
• Understand the technology
behind the latest Docker creating and managing containers on Linux, including we say they run inside the container's namespace
release. Docker and LXC. In 2016, many of these have come (see figure 3). Given their unique position partially in
together in the Open Container Institute (OCI, https:// both the host system and the namespace, we can use
www.opencontainers.org) to make the different them to configure the container.
technologies interoperable. Let's take a look at how this all works in practise.
The OCI Runtime Specification lays down what a
conforming program for running containers should Get ready to run
expect as input and the operations it allows on runC (https://github.com/opencontainers/runc) is
the container. For input, the runtime should take a the reference implementation of the OCI runtime
filesystem bundle, which is a directory containing a specification and is being developed as the
JSON-formatted configuration file (config.json), and a specification evolves. It is written in Golang, so if you
sub-directory containing the filesystem. don't have the Go tools installed, you can either use
The most basic operation of the container runtime the distro's package manager to install them or
is to create an isolated environment (based on download the Linux binary and follow the instructions
the config.json and the filesystem), run whatever on the install page at https://golang.org/doc/install.
software's specified in the config file, then exit. Some The runC tools are rapidly evolving so rather than try
software will exit almost immediately, while others will and find them in your distro's repositories, we'll
continue running for an unspecified piece of time. download the source and build them. The steps below
The OCI runtime specification's lifecycle document are tested on Ubuntu and Fedora, but it should work
(https://github.com/opencontainers/runtime-spec/ on other distros.
Figure 1: An OCI-
compliant container blob/master/runtime.md#lifecycle) goes deeper Go needs a workspace, so create a sub-directory
runtime conforming to into the exact process of creating and destroying the called golang in your home directory and a sub-
the container runtime isolated environment. The most important things directory called src inside it.
specifications. for us are the hooks. Presently, there are three hooks The Go compiler and other tools expect the
GOPATH environment variable to be point to the
workspace directory, so set the following in your
List of all running conatiners .bashrc or the file relevant to your shell, so that it is
Hooks always set when you start a new terminal session
Other standard operations (Replace <user> with your username):
export GOPATH=/home/<user>/golang
Standard Filesystem bundle OCI compliant runtime container To check that this has worked properly, start a new
terminal session and type in go env GOPATH:
$ go env GOPATH
/home/<user>/golang
Status of a running container
We're all set to get the source for runC, so build and
Inspect the processes running
install it. If you're using a Debian derivative such as
Ubuntu, you can get the dependencies with:
86 www.linuxvoice.com
� LIBCONTAINER CODING
$ sudo apt-get -y install libseccomp-dev Figure 2: Container
Alternatively, you can use the following on Fedora: lifecycle and hooks.
runc start <container-id>
$ sudo dnf -y install libseccomp-devel
Now grab the files and install them with:
$ mkdir -p ~/golang/github.com/opencontainers Prestart hooks
$ cd ~/golang/github.com/opencontainers Hook 1, Hook 2, . . ., HookN
$ git clone https://github.com/opencontainers/runc.git
$ cd runc
$ make Process started in <container-id>
$ sudo make install Executec in
At this stage you have runc installed and accessible runc's namespace
via the runc command. Just typing it and pressing Poststart hooks
Enter displays all the different runc sub-commands. Hook 1, Hook 2, . . ., HookN
Contain your excitement
Let's create our first container with runc. You will recall Process finished in <container-id>
that we need to first create a filesystem bundle. We
will create one called, alpine, since we plan to use an
Poststart hooks
Alpine Linux (www.alpinelinux.org) root filesystem.
Hook 1, Hook 2, . . ., HookN
First, we will create a subdirectory with mkdir alpine
and cd into it. The easiest way to create a root
filesystem for runC is to download a Docker image,
export it to a tar file and extract it. If you don't have "CAP_AUDIT_WRITE",
Docker installed and running, you will need to do so "CAP_KILL",
before we can carry on. "CAP_NET_BIND_SERVICE"
To get the root filesystem, we need to download ],
the alpine image, run a container once and export the "rlimits": [
image into a .tar file: {
$ sudo docker export $(sudo docker create alpine sh) > "type": "RLIMIT_NOFILE",
rootfs.tar "hard": 1024,
The alpine sub-directory should have a rootfs. "soft": 1024
tar file. Next, create a sub-directory, rootfs, within }
the alpine sub-directory and extract the tar contents ],
into it. Your directory tree in the alpine sub-directory "noNewPrivileges": true
should now look as follows (after removing the rootfs. },
tar file): The key-value pairs above describes the process
$ tree -L 1 alpine/ that runs in the container when it is started:
alpine/ The terminal key specifies whether we want a
rootfs terminal attached to the process, and can take
We can create the config.json automatically using either of two values true or false.
the runc command: The value of the user key is a structure should
$ runc spec --bundle alpine specify the user the process will run as. By default,
Our filesystem bundle is now ready, but before we the process runs as user ID and group ID 0 (as root).
start the container, we will briefly go over key parts of The value of the args key is used to specify an array
the config.json file generated for us. of strings, with the first string being the executable
The process object generated is as follows: to run and the following elements passed as
"process": { arguments to the executable. Here it's the shell, sh.
"terminal": true, When an absolute path is not specified, it is
"user": {}, searched for in the PATH environment variable.
"args": [ The env key is used to specify an array of strings,
"sh" with each string being an environment variable of
], the form, variable=value.
"env": [ The cwd key specifies the current working directory
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/ of the process.
bin:/sbin:/bin", The capabilities key specifies an array of strings,
"TERM=xterm" with each string being a Linux capability that the
], process has when it is started.
"cwd": "/", The rlimits key specifies an array of resource limits
"capabilities": [ for the process. Each resource limit is an object
www.linuxvoice.com 87
� CODING LIBCONTAINER
essentially gives the container its own network
stack. Your host's network interfaces or
Host Linux Kernel
configuration are not visible to the container.
Similary, the ipc and mount namespaces gives the
runC container its own IPC and mount namespaces such
that they are isolated from the host's. The uts
namespace allows the container to have its own
hostname without affecting the host system's
name.
IPC IPC maskedPaths These are a set of paths that are
Network Network present in the container but are not readable.
Mount Mount readonlyPaths This key specifies an array of strings
UTS UTS – each a path inside the container set as read-only.
User User Let's now start a container with the alpine
PID PID filesystem bundle we created earlier:
$ cd alpine
$ sudo /usr/local/sbin/runc start alpine-test-1
Container 1's Namespaces Container 2's Namespaces / # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
Figure 3: Linux Kernel
having the type, hard and soft keys corresponding ...
Namespaces.
to the type of resource and the soft and hard limits. / # ps aux
The noNewPrivileges key specifies whether we PID USER TIME COMMAND
allow the container to gain additional privileges. 1 root 0:00 sh
The "root" object configures the root filesystem: 6 root 0:00 ps aux
"root": { The start sub-command of runc starts a container.
"path": "rootfs", The only argument necessary to start the container
"readonly": true is a container ID – a string to uniquely identify the
} container in your system and obviously cannot be the
The path object specifies the path to the root same for two running containers.
filesystem, which as we know from above, is the In the container, we can see that we have the sh
rootfs sub-directory. We set it to readonly, so that no process as PID 1 and any other process is a child of
modifications happen in the root filesystem from the this process. Our container is an isolated environment
container. The hostname key specifies the hostname running on the host system, so these processes also
of the container. The mounts key is a list of mount exist on the host system (albeit with different ids).
points for the container. You can see that it is a list of Now, we will execute the program top in the
in-memory filesystems such as /proc, /sys and /dev. container. In a new terminal on the host system, you
The hooks key is used to specify any Prestart, can find the process for runc using pgrep, and then
Poststart or Poststop hooks. Hooks are specified (using the pstree command) find the other processes
as an array of objects, each containing a path key that exist in the container. This is the fundamental
specifying the executable to execute. In addition, args difference between a container and a virtual machine.
and env key can be specified with args containing In containers, all the processes run on the same
an array of strings specifying the program name kernel but are contained in a particular environment
and the arguments to be passed to it. The env key wherease a virtual machine runs on an entirely
can be used to specify environment variables for the different kernel that is allowed to run on top of the
program as an array of strings, with each string of host system.
the form variable=value. The linux key then specifies $ pgrep runc
configuration for four other objects: 14906
resources This key is used to configure the $ pstree -aA 14906
container's runtime constraints via cgroups. runc start alpine-test-1
namespaces This is perhaps the most important |-sh
configuration that makes a container possible. It | `-top
specifies a list of Linux namespaces that are `-8*[{runc}]
created for the container. By default the following If you start another container, you will see another
namespaces are created: pid, network, ipc, uts, and similar process tree, but no immediate hierarchical
mount. The pid namespace gives the container its relationship between the two runc processes exist.
own process namespace, which means that
processes running inside the container have no runC commands
visibility of the processes running on the host or in The list command lists the various containers running
another container. The network namespace on the system:
88 www.linuxvoice.com
� LIBCONTAINER CODING
$ sudo /usr/local/sbin/runc list
ID PID STATUS BUNDLE CREATED
Linux Host
alpine-test-1 3838 running /home/ubuntu/runc-
containers/alpine 2016-05-01T00:55:02.811703536Z
runC runC
The state command tells us the state of a container:
(PID:X) (PID:Y)
$ sudo /usr/local/sbin/runc state alpine-test-1
{
Filesystem bundle Filesystem bundle
"ociVersion": "0.6.0-dev",
"id": "alpine-test-1",
"pid": 14917,
"bundlePath": "/home/ubuntu/runc-containers/alpine", Process X Process Y
"rootfsPath": "/home/ubuntu/runc-containers/alpine/
rootfs", Container 1 Container 2
"status": "running",
"created": "2016-04-29T05:37:31.545870123Z"
Figure 4: Each runc
} In the generated config.json file, we'll see two
process and the container
The ps command tells us about the processes new objects: uidMappings and gidMappings. The it spawns has its own
running in a container: uidMappings option specifies the container/host independent process tree.
$ sudo /usr/local/sbin/runc ps alpine-test-1 user ID mapping, which then becomes the uid_map
UID PID PPID C STIME TTY TIME CMD file of a process in the container. Please note that the
root 14917 14906 0 15:37 pts/8 00:00:00 sh user ID 1001 must exist on your host system. These
The exec command enables us to run a command new key-value pairs are under the linux key:
inside the container. For example, if we want to start "uidMappings": [
an interactive shell in an existing container: {
$ sudo /usr/local/sbin/runc exec alpine-test-1 sh "hostID": 1001,
/# "containerID": 0,
runc has a number of other commands including "size": 65535
those for creating and restoring from a "checkpoint", }
suspending and resuming all processes in a container, ],
and getting a stream of events inside the container. "gidMappings": [
{
User namespaces and runc "hostID": 1001,
The user namespace plays a vital role in the "containerID": 0,
discussion of container security on Linux. Let's see a "size": 65535
basic example of user namespaces in action. Going }
back to our alpine-test-1 container: ],
# cat /proc/1/uid_map You will also notice that user has been added to the
0 0 4294967295 list of namespaces. As earlier, we will need to modify
The file uid_map for a process contains a mapping terminal to true in the process block. Let's exit from
of the user ID from the container to outside the the previous running container, start a new one and
container. The first column of this file is the starting see what the uid_map file looks like for a process
user ID within the container, and the second column inside the container:
is the starting user ID that it "maps" to outside the / # cat /proc/1/uid_map
host, and the last column is the length of the mapped 0 1001 65535
range. What this means that a root user within the This confirms that our root user in the container
container is also the root user outside the container. maps to a non-root user outside the container. Thus,
This is undesirable – even if a container ensures you can do things inside the container that require
isolation from the host via namespaces, this is still a root privileges, but at the same time outside the host,
security concern. it is an unprivileged user.
The OCI runtime container configuration enables us
to specify a user ID and group ID mappings. Instead of Specifying hooks
adding it our existing config.json by hand, we will use We now know that hooks are a way to run external
a tool called ocitools. One of the things this enables programs at different stages of the container lifecycle.
us to do is to generate a config.json file with better At this stage, when we start a container with runc, you
customisation than runc spec. First, let's obtain and will see that we have a single network interface (lo
source and build it: – the loopback interface) and you will not be able to
$ go get github.com/opencontainers/ocitools make any external network connections to the host or
Then, in the same directory as the alpine bundle: beyond. To be able to do so, we will set up a simple
$ $GOPATH/bin/ocitools generate network bridge; the recommended way to do this is
--uidmappings=1001:0:65535 --gidmappings=1001:0:65535 via a prestart hook. The program we will use is called
www.linuxvoice.com 89
� CODING LIBCONTAINER
hostnames. You can also connect from your host to
Host UID: 1001 Host UID: 5001 your container. Let's see an example. In the container
(Non-privileged user) (Non-privileged user) set up a listening server on port 9090 using netcat:
/ # nc -lp 9090
Then, on the host in a different terminal session, use
telnet to connect to your container:
$ telnet 172.19.0.3 9090 # Please replace this by the IP
UID:0 UID:0 UID:0
address you see in your container
(Privileged) (Privileged) (Privileged)
Trying 172.19.0.3...
Connected to 172.19.0.3.
Container 1 Container 2 Container 3 Escape character is '^]'.
hello
world
Figure 5: Example of what
netns (https://github.com/jfrazelle/netns), so the You should see the messages you send from the
user namespaces allow us
to achieve. first step is to obtain it. This is written in Golang, and host on the container's nc session. Similarly you can
so on the host system, do the following: set other hooks in your configuration file and perform
$ go get github.com/jfrazelle/netns various other operations.
$ $GOPATH/bin/netns --help
.. Face your daemons
Now, we have to edit our config.json file that was runc is a standalone program, which means that you
generated earlier to specify this program as a prestart can control runc via an init manager like Systemd
hook. Once again, we will use ocitools to generate (Figure 6). There is however another project whose
the configuration for us. We will execute the following goal is to develop a daemon specifically meant to
command while in the alpine bundle directory (note manage runc containers – containerd.
that this will overwrite the previous config.json file): Containerd is a daemon that has been explicitly
$ $GOPATH/bin/ocitools generate --prestart $GOPATH/ built to control runc and powers the Docker engine
bin/netns – in fact it is one of the core components of the
You will see that the config.json file has the prestart latest Docker engine release, which makes it an OCI-
hook specified as follows: compatible container runtime. You can learn more
"hooks": { about it from the project page at https://github.com/
"prestart": [ docker/containerd.
{ runc is built upon libcontainer – a pure Golang
"path": "/home/ubuntu/golang/bin/netns" interface to the Linux kernel namespaces. In this
} section, we will write a Golang program that's
] essentially a severely limited version of runc. It
} just starts a container, runs a process (ps) in it and
We'll also need to make another change to the exits. You can find the entire program at https://
config.json file – set terminal to true, since ocitools github.com/amitsaha/linux_voice_3/blob/master/
currently defaults to false. Now we are all set, we libcontainer-example.go. Download it and place
can exit out of the previous container and start our it somewhere under your $GOPATH sub-directory
container again: (Maybe $GOPATH/src/github.com/linux_voice_3).
$ sudo /usr/local/sbin/runc start alpine-test-1 Let's build and run it:
/ # ip addr $ cd $GOPATH/src/github.com/linux_voice_3
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc $ wget https://github.com/amitsaha/linux_voice_3/raw/
noqueue state UNKNOWN qlen 1 master/libcontainer-example.go
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 $ go get .
inet 127.0.0.1/8 scope host lo $ sudo GOPATH=<absolute-path-to-go-path>/ go run
valid_lft forever preferred_lft forever libcontainer-example.go <absolute-path-to-alpine-
inet6 ::1/128 scope host bundle-rootfs>
valid_lft forever preferred_lft forever PID USER TIME COMMAND
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M- 1 root 0:00 ps
DOWN> mtu 1500 qdisc noqueue state UP qlen 1000 We can see that the program ran the ps process,
link/ether 66:94:a7:26:d4:83 brd ff:ff:ff:ff:ff:ff which happened to be the only process that ran in the
inet 172.19.0.3/16 scope global eth0 container and exited. Let's now understand what the
valid_lft forever preferred_lft forever program is doing one section at a time:
inet6 fe80::6494:a7ff:fe26:d483/64 scope link // Common for any program using libcontainer
valid_lft forever preferred_lft forever func init() {
We have two interfaces, and you will be able to if len(os.Args) > 1 && os.Args[1] == "init" {
connect external hosts. Note that you will need to set a runtime.GOMAXPROCS(1)
nameserver in /etc/resolv.conf so that you can resolve runtime.LockOSThread()
90 www.linuxvoice.com
� LIBCONTAINER CODING
factory, _ := libcontainer.New("")
if err := factory.StartInitialization(); err != nil { Host Linux kernel
log.Fatal(err) Systemd
}
panic("--this line should have never been executed,
congratulations--") Systemd unit 1 Systemd unit 2 Systemd unit 3
}
}
Any program using libcontainer must have an
init() function – this is called externally as part of the Container1 Container2 Container3
namespaces creation and initialisation. It sets the (via runc) (via runc) (via runc)
number of Go runtime threads to 1 using runtime.
GOMAXPROCS(1) and then "pins" the current
executing goroutine to the current operating system Cwd: "/", Figure 6: Managing runc
thread. Then, it starts the initialisation using the Args: []string{"ps"},
processes via Systemd.
StartInitialization() function. If we get any error at this Env: standardEnvironment,
stage, we panic (and exit). Stdin: os.Stdin,
Next, we have the main() function – this program Stdout: os.Stdout,
expects the path to the root filesystem as the first Stderr: os.Stderr,
argument, and we set a binding, rootfs, to point to it. }
We then create the configuration for our container We create an object of the structure type
– a reference of type configs.Config{}. This is the libcontainer.Process{} specifying the following:
programmatic equivalent of creating the config.json Cwd Current working directory of the process
file: Args This is an array of strings. The first element is
config := &configs.Config{ the command to be executed, which here is ps. If
Rootfs: rootfs, there were any additional arguments we wanted to
Capabilities: []string{ pass, they would be specified as additional
"CAP_NET_BIND_SERVICE", elements in the array.
"CAP_KILL", Env This sets up the environment variables for the
"CAP_AUDIT_WRITE", process. standaradEnvironment is an array of
}, strings, each of type variable=value:
.. var standardEnvironment = []string{ "PATH=/usr/
.. local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
The Config{} structure is defined in the package "HOSTNAME=test-container",
github.com/opencontainers/runc/libcontainer/ }
configs. The next two steps creates our container, but Stdin, Stdout, Stderr We specify the standard input,
don't start it yet. The first of these two is initialising a output and error for the process.
factory object: Now we are ready to start the container with the
factory, err := libcontainer.New(rootfs, libcontainer. above process:
Cgroupfs) err = container.Start(process)
if err != nil { If there was no error, we wait for the process to
log.Fatal(err) complete:
} _, err = process.Wait()
The first argument to the New() function is the Finally, we destroy the container, which frees up all
root filesystem and the second argument is telling the resources.
libcontainer that we want it to configure the cgroups container.Destroy()
directly rather than asking Systemd (if available) to do You can query the container for processes, obtain
it. If we have any error we print the error and exit via runtime statistics, even run hooks using libcontainer.
log.Fatal(). This code outlines the building blocks you need to
In the next step, we use the factory object to create write your own containter-controlling software. With
a new container with the ID test-container and the this you can enhance the security of your system
earlier configuration we created: while still maintaing full control over how your
container, err := factory.Create("test-container", config) software runs.
if err != nil { You can find the program above at https://github.
log.Fatal(err) com/amitsaha/linux_voice_3 in addition to a set of
return resources to explore next.
}
Next, we set up the process we want to run in the Amit Saha is the author of Doing Math with Python
container: (No Starch Press) and a software engineer. He blogs at
https://echorand.me and tweets @echorand.
process := &libcontainer.Process{
www.linuxvoice.com 91
� CODING CONCEPTS
AI: SUPPORT VECTOR
MACHINES
Welcome our new artificial intelligence overlords by adding to their power.
BEN EVERARD
M
achine learning is an incredibly powerful data, otherwise your program could learn to recognise
way of analysing data, and it encompasses the wrong traits.
a whole range of different techniques to Incorrect training data is a significant problem in
WHY DO THIS? tackle different types of problem. In this tutorial we're artificial intelligence and is often summed up in the
• Classify data going to look just one learning technique for solving Parable Of The Tanks. When the US military was first
automatically with one problem: Support Vector Machines for developing AI, they wanted to be able to analyse
minimal programming classification. The problem of classification is where images to see if they contained enemy tanks. The
• Mine data to extract all you have a dataset that you want to break up into army sent people to a training ground equipped with
the information that it has
to offer different types. For example, you might have lots of cameras and took pictures of tanks hiding in bushes.
• Automate paint-by- email that you want to classify as spam or not spam, Later, they went out and took pictures of bushes with
numbers in an elaborate or you might have lots of images of handwritten no tanks in. All these images formed the training set
manner characters that you want to classify as letters. for their AI system, and it learned to classify them into
We're not going to write our classifier from scratch, pictures with tanks and no tanks remarkably
but look at how to use a popular Python module to successfully. The army then tried to use this system
learn from a training set and then apply this to analyse a new set of images, and was almost
knowledge to new data. This module is sklearn, and is completely unsuccessful. After a significant
available through pip, the Python package installer, but investigation, they realised that in the training set, the
it depends on SciPy which you'll need to install via pictures with tanks in them had all been taken on a
1,000 points tested against
your package manager. In Debian-based systems, you sunny day while the pictures without tanks were taken
our trained machine. Blue
can get everything you need with: on a cloudy day. The AI had recognised the weather,
points were correctly
identified as inside, green sudo apt install python-scipy python-pip not the presence of military hardware.
were correctly identified pip install sklearn
as outside and red were The first thing we need is data for training our I know kung fu…
incorrectly classified. program. This has to be of the same form as the final Acquiring accurate training data is obviously a
problem specific to each application, but it often
means classifying thousands of pieces of data by
hand. We're going to side-step this problem entirely by
teaching our program to recognise a mathematical
trait, specifically, whether or not a point is within a
circle. We'll randomly generate x and y coordinates
and if x^2 + y^2 > 1 then that coordinate will be outside
a circle with radius 1; if not, it's inside. By using a
mathematical property like this, we can very quickly
generate training data, and we can also verify that test
data has been correctly classified.
Firstly we'll generate 2,500 pieces of training data:
import random
from sklearn import svm
training_data = []
training_results = []
for i in range(2500):
x=random.random()
y=random.random()
training_data.append((x,y))
if (x*x)+(y*y) > 1:
training_results.append(1)
92 www.linuxvoice.com
� CONCEPTS CODING
else:
training_results.append(0)
This will generate positive values for x and y, so we're
only dealing with a quarter of a circle, but that doesn't
matter, because it still gives us an area to classify.
Much of machine learning is about tuning your
program for most efficient learning. In this case, we're
using 2,500 pieces of training data. You may be
wondering why we picked that number; there aren't
any hard-and-fast rules that you can use to know how
much training data you need. It mostly depends on
how complex your data is and how hard it is to
differentiate the various classes. In general, the more
test data you have, the more accurately your program
will be able to classify future datapoints; however, at a
certain point, adding more test data will not lead to a
noticeable improvement in accuracy. The easiest way
to see how much test data you need is to gradually
increase the amount you have and see how this
effects the classification of your test data. This is
exactly what we did, and we found that beyond 2,500,
there was little increase in accuracy.
Now we have our training data, we just need to
apply it to our machine learning setup:
clf = svm.SVC(gamma=1, C=1000)
Sklearn contains far more
clf.fit(training_data, training_results) program classified correctly. We tested our learning than SVM, and is well
Our classifier (clf) is created using the svm module with the final section of code: documented to help you
we imported in the previous block of code. There are results = [] learn the finer details of
two parameters, gamma and C. Before we look too wrong = 0 machine learning.
closely at these, let's see how Support Vector for i in range(1000):
Machines (SVMs) work. Our data is composed of x x=random.random()
and y coordinates that can be plotted on a graph. In y=random.random()
our case, the data is two-dimensional, but there's no out = clf.predict((x,y))
reason why it couldn't be three, four or more if (x*x)+(y*y) > 1 and out[0] == 1:
dimensional (though it would be harder to visualise print str(x) + "," + str(y) + " correct"
this on a graph). SVMs attempt to find a line that can elif (x*x)+(y*y) <= 1 and out[0] == 0:
be drawn on the graph to separate the two (or more) print str(x) + "," + str(y) + " correct"
classes of data. The learning phase of an SVM is else:
where it looks for the best line to separate the values print str(x) + "," + str(y) + " actual: " +
in the different classes. str(x*x+y*y) + " predicted: " + str(out[0])
wrong = wrong + 1
… show me print "Total Wrong " + str(wrong)
The C parameter defines how hard the margin is. If This chunk of code tests the SVM against a
you've got a fuzzy set of real-world data, there might thousand new data points. Machine learning isn't an
not be a line that can adequately separate the two exact science, so we can't expect it to get every single
groups all of the time, so you have to accept that
some data points will be on the wrong side. A small C The learning phase of an SVM is where
value essentially enables the classifier to miss-classify
some of the values in the training set in order to better it looks for the best line to separate the
fit the majority. Since we have a firm line between the
two, we want a large C value. values in the different classes
The gamma parameter determines how much
influence each data point has based on its distance point correct, but in our tests, the code was about
from the lines between the classes. In simple terms, 99.6% correct (with the mistakes being points very
high gamma values can result in wigglier lines – and close to the edge of the circle).
potential overfitting – between the classes. As with Our example is simple, but it uses one of the most
the training set size, we found the values used here by common machine learning techniques. As long as you
running the program with different values of C and can get enough sample data, you can apply the same
gamma, and seeing how many data points the method to all sorts of classification problems.
www.linuxvoice.com 93
� CORETECHNOLOGY NETWORKING
CORE
Valentine Sinitsyn develops
high-loaded services and
teaches students completely
unrelated subjects. He also has
a KDE developer account that
he’s never really used.
TECHNOLOGY
Prise the back off Linux and find out what really makes it tick.
Networking via Scapy
I
f the 20th century was the era of computing, 21th don't generate it themselves. This is OK for many
is certainly the era of networks. Sure, they existed applications, but what if you also want to craft
well before yesterday, and core internet protocols packets manually? This is useful in penetration testing
are several decades old. Yet they were the territory of or fuzzing, and also great for learning. Reading about
enterprises, academia or the military. Even 20 years IPv4 datagram fields is boring; assembling an IP
ago, most home PCs were unconnected, and the datagram, throwing it at something and seeing what
lucky ones only had sporadic dial-up channels. Even happens is fun.
Linux first gained sockets support just to run X Granted, Linux has this sort of tool as well. Meet
Window System. Scapy, an interactive packet manipulation program
Now, checking email or watching video on the go (www.secdev.org/projects/scapy). It enables you
is what we do every day. Major mobile OSes assume to forge packets or dissect ones you grab from
you won't notice them grabbing a few megabytes for networks. Packet dumps are also supported. It's
updates. The networking "experience" has changed, possible to record live traffic at one host and replay it
and Linux was an important factor in this change. at another. Scapy is written in Python and it is easy to
Understanding core networking protocols is the key to extend if the existing feature set doesn't feel enough.
running your home or office network smoothly. In this Before we dive in, a word of warning: do not
Core Tech, we'll refresh the basics, the Linux way. experiment on corporate or public networks, as it's
usually disallowed officially. Do it on your home
Meet Scapy network, or (even better) setup a host-only network
Perhaps the most widely known network analysis tool with some virtual machines.
is a sniffer. It captures all network traffic coming to the
local host, decodes the protocols, and dumps them Crafting packets
in a readable form. There are established methods Scapy should be in your package manager. If it's not,
to receive traffic addressed to neighbouring LAN grab the executable Zip from http://scapy.net (no
hosts as well, and that's why you should never use a path is needed). Official Scapy releases use Python
Wireshark is a popular GUI protocol that send passwords in clear text (like Telnet). 2. A port to Python 3 exists as a separate project,
packet sniffer for Linux Linux has many good sniffers, such as tcpdump Scapy3k (https://phaethon.github.io/scapy).
and other OSes. or Wireshark/TShark. They analyse traffic but To run Scapy, simply type scapy at the command
prompt. Scapy feels much like a Python interactive
session. Tab completion works, and you can use
arrow keys or Ctrl+R to search through the history.
The last command's result is available in the _
variable. In fact, you can use any Python syntax
you want. You don't need to know Python to use
Scapy, however. Scapy defines its own functions and
classes and overloads some Python operators. This
provides a high-level interface that makes raw Python
constructs almost unnecessary. To leave Scapy, type
quit() or press Ctrl+D.
If you have IPython installed (LV016), Scapy can run
on top of it. IPython adds more interactive features,
such as enhanced command history or object
introspection. To enable this, create the ~/.scapy_
94 www.linuxvoice.com
� NETWORKING CORETECHNOLOGY
prestart.py config file, and put conf.interactive_shell
= "IPython" in it. Then, run scapy. You should see the
banner saying "Welcome to Scapy using IPython".
Otherwise, check that IPython and Scapy use the same
Python version (either 2 or 3).
Let's have a first look around. Scapy supports many
networking protocols, and the ls() command shows
them all:
>>> ls()
AH : AH
ARP : ARP
...
lsc() lists all commands available. Use
help(command) to get the details.
With such an assortment of protocols, what about
crafting some packets?
>>> pkt = IP(dst="8.8.8.8") 0000 45 00 00 14 00 01 00 00 40 00 45 06 C0 A8 65 2B
Yes, it's that simple. pkt now stores an IPv4 E.......@.E...e+
Scapy is like the Python
interactive shell, and it
datagram for 8.8.8.8. ls() can list all its fields: 0010 08 08 08 08 ....
colorises packet fields for
>>> ls(pkt) Network packets don't exist in a void. Protocols as better understanding.
version : BitField (4 bits) =4 (4) stacked one on top of another. A theoretical OSI model
ihl : BitField (4 bits) = None (None) defines seven layers; the most widely deployed TCP/
tos : XByteField =0 (0) IP model has four. IPv4 is an internet layer protocol. It
... needs a Link Layer protocol as a base (say, Ethernet)
This is somewhat verbose, and unless you to go through the wire. We also need a Transport
are a networking expert, many values may feel protocol (TCP or UDP) to convey our data. Finally, an
meaningless. You can retrieve individual fields as well Application layer protocol (e.g. HTTP or DNS) dictates
(pkt.src). Also, pkt.summary() is a neat way to get the exact meaning of this data. Scapy supports this
what's essential: layering with the / (division) operator. The packet on
>>> pkt.summary() the left encapsulates the one on the right:
'192.168.101.43 > 8.8.8.8 hopopt' >>> dns_q = pkt / UDP(dport=53) / DNS(rd=1,
192.168.101.43 is the local IP address. As you can qd=DNSQR(qname="www.linuxvoice.com."))
see, pkt is a Python object having its own methods. Here, we create a UDP datagram targeting port 53,
Real IPv4 datagrams are sequences of bytes. str(pkt) and "wrap" it with pkt. Note that ports are UDP or TCP,
converts the former to the latter. hexdumps(pkt) does but not an IP property. This enables many applications
the same, but in a [semi] readable form: to share a single IP address. Say, 8.8.8.8 may have
>>> hexdump(pkt) a DNS server listening on port 53/udp, but also an
HTTP server on port 80/tcp. Ports also facilitate other
technologies, such as Port Address Translation (PAT).
What on the Earth is pcap? The UDP payload here is the DNS query to resolve the
Pcap stands for "packet capture". It is an API available as www.linuxvoice.com domain name (LV024).
the libpcap library, or through bindings like the Python's Naturally, Scapy has many tools to work with
pypcap. The original implementation was developed as combined packets. For starters, repr(dns_q) yields a
a back-end for tcpdump, but appeared to be quite useful
on its own. Many network monitoring tools in Linux use
colourful summary of all layers:
libpcap, and many low-level technologies (such as PF_ >>> dns_q
RING) provide accelerated libpcap API implementations. <IP frag=0 proto=udp dst=8.8.8.8 |<UDP sport=domain
A Windows port also exists under the WinPcap name dport=domain |<DNS rd=1 qd=<DNSQR qname='www.
(www.winpcap.org). linuxvoice.com' |> |>>>
The API abstracts away the actual OS-dependent
method used to capture packets. They may come from a
For deeper introspection, use dns_q.show(). You
real networking interface, but also from a file, dubbed a can also retrieve individual layers as if the packet were
PCAP dump. Naturally, libpcap can save (or dump) packets an array: dns_q[UDP]. And to complete the picture,
to these files as well. PCAP dumps come handy for replay Scapy can visualise packets as diagrams in PS or
and analysis. Wireshark Sample Captures (https://wiki. PDF format. The pkt.pdfdump() and pkt.psdump()
wireshark.org/SampleCaptures) has many dumps of
popular internet protocols. Scapy can import them with
methods do this. If you don't pass them a filename,
rdpcap(). they will open a viewer for you.
libpcap also defines a high-level language for filtering For the latter, you'll probably need to configure a
rules. Internally, they are compiled to BPF bytecode PDF reader. It could be Evince, Okular or whatever else
(LV017). Many programs (Scapy included) use this you prefer. Determine the app's full path (say, /usr/bin/
feature to build a filter they can attach to a socket with
setsockopt(2).
okular) and store it in conf.prog.pdfreader. To make
the setting persistent, add it to the config file. You may
www.linuxvoice.com 95
� CORETECHNOLOGY NETWORKING
A picture is worth (8080,8088)]. Scapy understands both network
thousand of words. If masks and lists, a tuple (8080, 8088) means a
you're lost in bytes, look at complete range (inclusive). This is how you can check
the diagram. if a supposed SSH daemon runs on the target subnet:
>>> sr1(IP(dst="192.168.101.0/24") / TCP(dport=[22, 222,
2222], flags="S"))
This examines standard and popular non-standard
ports. There could be more than one SSH server,
and the first one to answer will be found. flags="S"
means to send a TCP SYN packet, which establishes
a connection. If the host answers with SYN ACK, there
is a service (not necessary SSH) running on the port.
This technique is known as TCP SYN scan.
The packet sending capabilities in Scapy go far
beyond this. You can configure timeouts and retries,
specify network interfaces to send packets from, and
even maintain custom routing tables.
also want to set conf.prog.psreader, as most PDF
readers in Linux can also handle PostScript. Grab them all
Now we know how to forge and dissect network To capture live traffic, use sniff(). By default, it grabs
packets with Scapy, it's time to put them to work. all packets from every network interface. On a busy
Before we do that, restart Scapy as root. Sending raw network, this means many hundreds of packets per
packets from userspace and capturing them requires second. To make sniff() more selective, you apply a
root permissions in Linux. filter. Filters in Scapy come in two flavours. First and
To send a packet, just call send(pkt). This works foremost, there are BPF filters (LV017) which are
for Internet layer packets. Scapy can also build Link handled in the Linux kernel. Scapy uses the same BPF
layer (eg Ethernet or 802.11) frames. Use sendp(pkt) syntax as described in pcap-filter(7). Internally, it calls
to send these. Note that packets you send with Scapy tcpdump to compile the rule. These filters are passed
bypass much of the kernel networking machinery. You, as filter= keyword arguments to many functions,
not Linux, are now responsible for their correctness. including sniff():
Throwing packets at some host may help to ensure >>> sniff(filter="tcp and port 80")
it is configured the intended way. You may use it to Then, you can filter by a Python function. This
debug firewall rules, for instance. But in many cases, works in Scapy (naturally) and is slower, but allows
you also want the remote party to respond. Scapy for greater flexibility. These filters are passed as the
handles this with sr(), a "send-receive" (or "stimulus- filter= keyword argument:
reaction", if you prefer) function: >>> sniff(filter="tcp and port 80", lfilter=lambda p: p.
>>> sr(dns_q) haslayer(Raw))
Begin emission: The first command captures HTTP sessions
.Finished to send 1 packets. packets. This includes, for instance, TCP ACK packets
* which convey no HTTP data. The second command
Received 2 packets, got 1 answers, remaining 0 packets selects only those with an application-layer payload.
(<Results: TCP:0 UDP:1 ICMP:0 Other:0>, <Unanswered: Scapy doesn't decode HTTP, so it is recognised as a
TCP:0 UDP:0 ICMP:0 Other:0>) Raw protocol.
Scapy prints a dot when it sends or receives a To stop a capture, press Ctrl+C. Alternatively, pass
packet; asterisks denote answers. They aren't the sniff() the number of packets you want to capture
same: Scapy sniffs all traffic and captures packets (count=), or a stop filter expression in stop_filter=. In
unrelated to the request you made. sr() returns two the latter case, the process will stop as soon as the
lists. The first one contains (packet, answer) tuples, packet you are after is received.
and the second gathers packets left unanswered: Time for some practice. Let's try this:
>>> ans, unans = _ >>> ntp = sniff(filter="udp and port 123", count=3)
>>> ans.summary() This should capture three NTP packets. Most
IP / UDP / DNS Qry "www.linuxvoice.com." ==> IP / UDP / systems have NTP synchronisation enabled these
DNS Ans "104.28.6.18" days. To keep the local clock in sync, the NTP client
There are several sr() variations. srp() is for sending continuously polls NTP servers. This means that
raw Ethernet frames, like sendp(). sr1() stops when sniff() should eventually return. However, if it takes too
the first answer is received. This comes in handy long, force the synchronisation with ntpdate or alike.
in conjunction with the packet series generation Scapy already supports NTP (check with ls()) so you
feature. Where a single value, like an IP address or can dissect captured packets:
port is expected, you can also put multiple ones: >>> ntp[1].getlayer(NTP).show()
dst="192.168.101.40/30" or dport=[80, 443, ###[ NTP ]###
96 www.linuxvoice.com
� NETWORKING CORETECHNOLOGY
leap= nowarning Boring tables, begone:
version= 4L
192.168.101.1 Scapy can draw a
mode= server traceroute as a graph.
stratum= 2L Graphviz is required.
poll= 3L
12668
[MIRALOGIC_AS LLC_KomTechCentr_,RU]
precision= 235L
delay= 0.0103607177734
46.48.38.1
dispersion= 0.0191955566406
id= 195.210.189.106
ref= Tue, 05 Apr 2016 19:39:30 +0000
orig= Tue, 05 Apr 2016 19:42:26 +0000
recv= Tue, 05 Apr 2016 19:42:26 +0000 92.242.29.101
sent= Tue, 05 Apr 2016 19:42:26 +0000
The excerpt above shows the reply from a
secondary NTP server, which is not directly attached
to the time source. NTP clients typically speak to
many NTP servers. The four timestamps in NTP 193.106.112.71
packet are used to estimate accuracy and round-trip
delays. The most accurate answers are selected 15169
[GOOGLE - Google Inc., US]
and combined, and their weighted average is used to
calculate the local clock offset. Then, the local clock is
adjusted accordingly. 8.8.4.4 80/tcp
Doing ping
The de-facto network diagnostic tools for Linux are
ping and traceroute. How do you use them with ...
Scapy? ping is simple. It sends some ICMP Echo 7 8.8.4.4
packets and counts the replies. The core of this ...
procedure is easy to implement with Scapy: There is no need to implement round trip time (RTT)
>>> sr(IP(dst="8.8.4.4") / ICMP(type="echo-request"), calculation machinery, as Scapy already provides
timeout=2) an almighty traceroute() function that does TCP
With packet series generation, you can also do ICMP traceroute. The usage is straightforward:
scans across subnets. >>> r, _ = traceroute("8.8.4.4")
traceroute is a bit more convoluted. You send some The function returns a TracerouteResult instance.
IP packets (the payload may vary) with increasing ttl You can ask for standard table-like output with
values, and gather ICMP Time Exceeded responses r.show(). There are also some visualisations. r.graph()
from intermediate hops. Packet series generation builds a directed graph shown in the figure. Rectangles
comes to rescue again: correspond to Autonomous Systems (AS), or roughly
>>> ans, unans = sr(IP(dst="8.8.4.4", ttl=(1, 10)) / ICMP()) speaking, network operators. r.trace3D() builds
>>> for req, resp in ans: an interactive 3D image, and r.world_trace() puts
... print req.ttl, resp.src discovered routes on a map. For everything except
1 192.168.101.1 show(), external dependencies, such as Graphviz,
2 46.48.38.1 VPython, GeoIP, and Matplotlib, will be required.
Command of the month: hping
Scapy is a real Swiss Army knife, but it isn't the only the inner working of TCP/IP protocols. You may adjust
such tool available in Linux. the TTL of the packets as they are sent with Ctrl+Z
Hping is somewhat like ping on steroids. It also (use the -z flag) and see how it affects the result.
sends packets and collects responses from remote Hping can also serve as a secret file transfer
hosts. Whereas ping sends ICMP Echo requests, tool, which works across event strict firewalls. The
Hping supports TCP, UDP and raw IP, and can program supports a so-called listen mode in which it
also work in traceroute mode. Moreover, Hping is dumps all data payload after known signature. You
scriptable via Tcl. The current version is Hping3, and run Hping in this mode at the recipient host. Now,
you are likely to find it in your package manager. the trick is to send your data as something innocent,
Hping gives you full control over many packet fields, like DNS requests. The hping3(8) man page has an
like source IP address or TCP flags. This helps to example. Remember that evil guys may use this
debug firewall rules, and is also a great way to learn method as well, so firewalls aren't a silver bullet.
www.linuxvoice.com 97
� /DEV/RANDOM/ FINAL THOUGHTS
Final thoughts, musings and reflections
Nick Veitch
was the original editor
of Linux Format, a
role he played until he
got bored and went
to work at Canonical
instead. Splitter!
D
ebian has dropped i586 support and
some people just can’t handle it.
That would be the clickbait headline
for this column if we weren’t in the more
sober environs of Linux Voice. Nevertheless,
the thrust of the facts is the same – your
beloved old Pentium-based server (I used to
use mine to heat my office in the winter),
battered old laptop and out-of-date desktop
which now pretends to be a NAS will not be
supported by ‘Stretch’.
Now, there may be some cases where this I’m currently researching lymphoma using flow cytometry – we get large datasets
could actually be concerning, but none of with 10- and soon 40-dimensional data. Most software runs on Windows, but I’m
the above fit into that category. trying to see how far I can get in Linux.
Jokes, ideas and empty gin bottles are
MY LINUX SETUP
worth recycling; computers, generally, are
not. There is a lot to be said for trying to get
DUNCAN J MURRAY
the most out of them, but there is a limit.
Inefficient, power-hungry old processors
(even the mobile versions burn more ergs
than an idling core i-7) that plod through
Science, but no musicals in thie setup.
tasks a modern device needs to perform
isn’t saving you or the planet.
There are still some cases where the older What desktop are you using at the Ubuntu 9.04.
32-bit thermal pumps are still used and are moment?
useful – but these are usually highly I’m currently on Ubuntu Mate 14.04. I What Free Software/open source
customised embedded systems, which are sometimes yearn to show off Linux a can’t you live without?
unlikely to be running Debian anyhow. little bit with, say, Unity or Gnome 3, but apt-get, Kupfer, Mutt, R.
If you do have some desperate need to Mate is just so effective for actually working.
continue running Debian on hardware old What do other people love but you
enough to remember a UK trade surplus, What was the first Linux setup you can’t get on with?
there is always Jessie, which gives you at ever used? Musicals and costume dramas.
least three years to come to your senses. If
you can think of a use case for some old
CPU that also really needs to run the very
most modern software, please drop me a
Send your photos and text to:
postcard at /dev/null. In the meantime, let
Debian devs concentrate on supporting geekdesktop@linuxvoice.com
architecture that people actually use.
98 www.linuxvoice.com
�This is what we’ve done in the last 24 issues.
Subscribe to the next 12 from just £38.
Every subscription includes access to every PDF, ePub and audio edition we’ve ever published.
shop.linuxvoice.com
��