™ AUTOMATE Full Disk Encryption

Since 1994: The Original Magazine of the Community JANUARY 2016 | ISSUE 261 | www.linuxjournal.com IMPROVE + Enhance File Transfer Client-Side Performance Security for Users Making Sense of Profiles and RC Scripts

ABINIT for Computational Chemistry Research

Leveraging Ad Blocking

WATCH: ISSUE Audit Serial OVERVIEW Console Access V

LJ261-January2016.indd 1 12/17/15 8:35 PM Improve Finding Your Business Way: Mapping Processes with Your Network Practical books an Enterprise to Improve Job Scheduler Manageability for the most technical Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: people on the planet. Skybot InterMapper

DIY Combating Commerce Site Infrastructure Sprawl Author: Reuven M. Lerner Author: GEEK GUIDES Sponsor: GeoTrust Bill Childers Sponsor: Puppet Labs

Get in the Take Control Fast Lane of Growing with NVMe Redis NoSQL Author: Server Clusters Mike Diehl Author: Sponsor: Reuven M. Lerner Silicon Mechanics Sponsor: IBM &

Download books for free with a Linux in Apache Web simple one-time registration. the Time Servers and of Malware SSL Encryption

Author: Author: http://geekguide.linuxjournal.com Federico Kereki Reuven M. Lerner Sponsor: Sponsor: GeoTrust Bit9 + Carbon Black

LJ261-January2016.indd 2 12/17/15 8:35 PM Improve Finding Your Business Way: Mapping Processes with Your Network Practical books an Enterprise to Improve Job Scheduler Manageability for the most technical Author: Author: Mike Diehl Bill Childers Sponsor: Sponsor: people on the planet. Skybot InterMapper

DIY Combating Commerce Site Infrastructure Sprawl Author: Reuven M. Lerner Author: GEEK GUIDES Sponsor: GeoTrust Bill Childers Sponsor: Puppet Labs

Get in the Take Control Fast Lane of Growing with NVMe Redis NoSQL Author: Server Clusters Mike Diehl Author: Sponsor: Reuven M. Lerner Silicon Mechanics Sponsor: IBM & Intel

Download books for free with a Linux in Apache Web simple one-time registration. the Time Servers and of Malware SSL Encryption

Author: Author: http://geekguide.linuxjournal.com Federico Kereki Reuven M. Lerner Sponsor: Sponsor: GeoTrust Bit9 + Carbon Black

LJ261-January2016.indd 3 12/17/15 8:35 PM JANUARY 2016 CONTENTS ISSUE 261

FEATURES 50 Secure File Transfer 72 Transferring Conserver Use RFC 1867, thttpd and Stunnel Logs to Elasticsearch to improve security. Auditing serial console access in Charles Fisher real time. Fabien Wernli

4 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 4 12/17/15 8:35 PM COLUMNS 26 Reuven M. Lerner’s At the Forge Client-Side Performance 32 Dave Taylor’s Work the Shell Planetary Age 36 Kyle Rankin’s Hack and / Full Disk Encryption

40 Shawn Powers’ 17 The Open- Classroom Profiles and RC Files 86 Doc Searls’ EOF What We Can Do with Ad Blocking’s Leverage

IN EVERY ISSUE 8 Current_Issue.tar.gz 18 10 Letters 14 UPFRONT 24 Editors’ Choice 46 New Products

ON THE COVER ‹0TWYV]L-PSL;YHUZMLY:LJ\YP[`W ‹(\KP[:LYPHS*VUZVSL(JJLZZW ‹(\[VTH[L-\SS+PZR,UJY`W[PVUW ‹,UOHUJL*SPLU[:PKL7LYMVYTHUJLMVY

LINUX JOURNAL (ISSN 1075-3583) is published monthly by Belltown Media, Inc., PO Box 980985, Houston, TX 77098 USA. Subscription rate is $29.50/year. Subscriptions start with the next issue.

WWW.LINUXJOURNAL.COM / JANUARY 2016 / 5

LJ261-January2016.indd 5 12/17/15 8:35 PM Executive Editor Jill Franklin [email protected] Senior Editor Doc Searls [email protected] Associate Editor Shawn Powers [email protected] Art Director Garrick Antikajian [email protected] Products Editor James Gray [email protected] Editor Emeritus Don Marti [email protected] Technical Editor Michael Baxter [email protected] Senior Columnist Reuven Lerner [email protected] Security Editor Mick Bauer [email protected] Hack Editor Kyle Rankin lj@greenfly.net Virtual Editor Bill Childers [email protected]

Contributing Editors )BRAHIM (ADDAD s 2OBERT ,OVE s :ACK "ROWN s $AVE 0HILLIPS s -ARCO &IORETTI s ,UDOVIC -ARCOTTE 0AUL "ARRY s 0AUL -C+ENNEY s $AVE 4AYLOR s $IRK %LMENDORF s *USTIN 2YAN s !DAM -ONSEN

President Carlie Fairchild [email protected]

Publisher Mark Irgang [email protected]

Associate Publisher John Grogan [email protected]

Director of Digital Experience Katherine Druckman [email protected]

Accountant Candy Beauchamp [email protected]

Linux Journal is published by, and is a registered trade name of, Belltown Media, Inc. PO Box 980985, Houston, TX 77098 USA

Editorial Advisory Panel Nick Baronian Kalyana Krishna Chadalavada "RIAN #ONNER s +EIR $AVIS -ICHAEL %AGER s 6ICTOR 'REGORIO $AVID ! ,ANE s 3TEVE -ARQUEZ $AVE -C!LLISTER s 4HOMAS 1UINLAN #HRIS $ 3TARK s 0ATRICK 3WARTZ

Advertising E-MAIL: [email protected] URL: www.linuxjournal.com/advertising PHONE: +1 713-344-1956 ext. 2

Subscriptions E-MAIL: [email protected] URL: www.linuxjournal.com/subscribe MAIL: PO Box 980985, Houston, TX 77098 USA

LINUX is a registered trademark of .

LJ261-January2016.indd 6 12/17/15 8:35 PM Where every interaction matters.

break down your innovation barriers

power your business to its full potential When you’re presented with new opportunities, you want to focus on turning them into successes, not whether your IT solution can support them.

Peer 1 Hosting powers your business with our wholly owned FastFiber NetworkTM,

solutions that are secure, scalable, and customized for your business.

Unsurpassed performance and reliability help build your business foundation to be rock-solid, ready for high growth, and deliver the fast user experience your customers expect.

Want more on cloud? Call: 844.855.6655 | go.peer1.com/linux | Vew Cloud Webinar:

Public and Private Cloud | Managed Hosting | Dedicated Hosting | Colocation

LJ261-January2016.indd 7 12/17/15 8:35 PM Current_Issue.tar.gz

2016: a SHAWN POWERS Long Year

know you’re expecting a sarcastic calculations this issue and explains how comment about an election year in to determine your age on other planets I the US making it seem longer than programmatically. There’s more to it than normal, but no, 2016 is literally a longer that, but whether you plan to stay on Earth year than most. (Although that bit about or migrate to Mars, learning to calculate it seeming even longer has some merit.) with the date command will be a useful What better way to start this bonus-sized skill no matter where you live. Speaking of year than with an issue of Linux Journal? time, Kyle Rankin gives a lesson in how he I’m not a fan of resolutions, but I do have spent many hours saving a few minutes. a challenge for you: learn something new More specifically, he teaches how to use this year. Personally, I plan to learn more the procedure to automate about development. I dabbled in 2015, disk encryption and partition creation. It and it’s given me the urge to learn more. sounds like something that wouldn’t be Reuven M. Lerner is the perfect author too complicated to automate, but Kyle to join on a journey like that, and this found it was a messy rabbit hole. His month, he teaches how to help improve column should at least provide a flashlight client-side performance on your Web if you decide to delve into a similar hole. applications. Sure, we could buy everyone I took a note from my own challenge faster , but Reuven shows that this month and learned the exact way Linux there are better (and cheaper) ways to systems deal with profile and RC files. It accomplish client-side improvements. seems like a trivial thing to learn about, but Dave Taylor does some really cool it turns out that the procedures for loading profiles and such are fairly complicated. I

V VIDEO: was tired of just copy/pasting information Shawn Powers runs into files without knowing exactly why through the latest issue. some information goes into profiles and

8 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 8 12/17/15 8:35 PM CURRENT_ISSUE.TAR.GZ

some into RC files, so I decided to get to then goes on to describe the process for the bottom of how those preference files consolidating log files into searchable are loaded. This month, I share the fruit of archives and even shows how to integrate my labor and hope to demystify the shell- console logs into a real-time monitoring based config files for everyone reading. solution. If you manage a large number of Encrypting filesystems and salting servers via console or serial (even over the hashes are common ways to protect LAN), you’ll want to read his article. DATA ON A SERVER 1UITE HONESTLY WERE Doc Searls finishes the issue by discussing beginning to see the value in encrypting the ramifications of ad blocking on the local data, and it’s becoming common modern Internet. If you browse the Web, for servers to be secured more than ever chances are pretty good that you use an before. Unfortunately, most security ad blocker to make your experience more breaches aren’t happening on the local pleasant. Blocking ads means blocking machines; rather, they’re happening over revenue for content creators, and rather the network. It doesn’t matter how secure than pretending it’s not an issue, we need your local filesystem might be, if you’re not to figure out how to respond in a way that transmitting and receiving data in a secure is useful both to consumers and content way, no amount of local encryption will creators. As usual, Doc has incredible protect your data. Charles Fisher not only insight, and you’ll want to check it out. exposes the weaknesses with traditional file This first issue of Linux Journal in 2016 transfer methods, but he also explains how may be brand new, but it still has all the to shore up network transfers when sending tech tips, product reviews and helpful and receiving data. Whether you consider information you’ve come to expect month your data sensitive or not, there’s no after month. Whether the new year means reason to adopt insecure methods in your ice and snow or sunshine and roses in your environment. Charles shows how to make part of the world, we hope this issue helps sure you keep your private data private, start it off on a good note. We’ll see you even when you send it across the Internet. again next month, when February grows an Fabien Wernli also discusses security this extra day and is almost a full-size month!Q month, but rather than securing network transfers, he covers how to manage log Shawn Powers is the Associate Editor for Linux Journal. files for console connections. Keeping track He’s also the Gadget Guy for LinuxJournal.com, and he has of serial connections to the server console an interesting collection of vintage Garfield coffee mugs. can be challenging when your server Don’t let his silly hairdo fool you, he’s a pretty ordinary guy number increases, but thanks to syslog-ng, and can be reached via e-mail at [email protected]. you’re able to log that information. Fabien Or, swing by the #linuxjournal IRC channel on Freenode.net.

WWW.LINUXJOURNAL.COM / JANUARY 2016 / 9

LJ261-January2016.indd 9 12/17/15 8:35 PM letters

ALL )0S INTO A HASHIP WHICH QUICKLY becomes too large. The script is at https://github.com/zuikway/tlj_blocklist. —Wayne Shumaker

Server Hardening, II Greg Bledsoe missed one small thing that can increase a server’s security: reduce the amount of network traffic a server must process:

iptables -t mangle -I PREROUTING -m state --state INVALID -j DROP

INVALID packets are those that must Server Hardening—ipset:set belong to an established connection, Regarding Greg Bledsoe’s “Server yet has no connection Hardening” article in the November recorded for it. They are “spurious” 2015 issue: I created a modified script packets that cannot be delivered, so for generating ipset blocklists. Namely they should be dropped as early as it creates a set of ipsets, one a hash:net possible. It isn’t worth spending one and the other a hash:ip. The script extra CPU cycle on these packets. generates a second script called blset.sh, Although it won’t eliminate the which adds the IP addresses to the ipset ill effects of a DDoS attack, it can hashes. The blset.sh script first adds all significantly reduce the time the CPU the hash:net entries from the various spends handling INVALID packets. sources, then the hash:ip set is created, —Neal but entries are not added if they already exist in the hash:net set. Find Words Dave Taylor’s Work the Shell column The new script does not exceed the in the September–November 2015 ipset size limit. The suggested script issues covers a fun toy program near in Greg’s Linux Journal article puts and dear to my heart. I’ve been using

10 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 10 12/17/15 8:35 PM [ LETTERS ]

a very similar de-jumbling algorithm word lists I found on-line). In my to strengthen my scripting in Perl language du jour, I construct a massive and Python—although I must admit hash keyed on the alphabetized words, I haven’t been ambitious enough to with an array of matching original implement it in ! It was cool to see words as the value. For example: Dave use the nearly the same approach I came up with myself. I figured it $list{'abt'} -> ['bat', 'tab'] might be interesting to share my own variation to the same problem. All in all, this approach takes only a few seconds on a five-year-old laptop, and Considering that modern machines 21MB of RAM for the data structure. are overkill for most scripts, I started off simply alphabetizing the entire The next fun part was digging into dictionary (first in /usr/share/dict/words, my science background and later a set of professional Scrabble and using a recursive algorithm to

Linux Journal Archive 1994–2015 NOW AVAILABLE!

www.linuxjournal.com/archive

WWW.LINUXJOURNAL.COM / JANUARY 2016 / 11

LJ261-January2016.indd 11 12/17/15 8:35 PM [ LETTERS ]

deconstruct the input letter sets by versions, forcing me to stick to a certain calling the same function minus a version or adapt my awk|perl|grep different letter each time and looking processing of the text output. Text up the result in the hash. Putting the output for the Python CLI was bigger input function into a loop (checking and a bit trickier to parse well—enter FOR %/& OR hQv FOR TERMINATION ALLOWS JSON output. As Kyle writes, the Python you to perform multiple searches CLI offers the option of different against the hash you’ve spent several outputs, including JSON. It’s a slightly busy CPU-seconds constructing. steeper learning curve, but using the *3/. OUTPUT TOGETHER WITH THE JQ *3/. Keep on hacking! command-line parser makes processing —Chandler Wilkerson anything from the CLI straightforward and keeps me safe from EC2 CLI adding Dave Taylor replies: Great to hear fields or new lines, etc., that may break from you, Chandler, and glad my column by text processing! One can always brought you some enjoyment as you script things prettier, but being a realized we’d taken the same algorithmic one-liner fan, one can, for example, get approach to the word jumble algorithm! all the volume IDs for one’s servers:

AWS EC2 VPC CLI aws ec2 describe-instances | jq -r

Thanks for an excellent journal. I ´'.Reservations[].Instances[].BlockDeviceMappings[].Ebs.VolumeId' really enjoy it and love the digital version on my Kindle. Taking it a little further, snapshot every EBS volume, but only if it does not The reason I’m writing is just a general belong to a certain tag (or do it the hint to Kyle Rankin’s great article on other way around and snapshot only a the EC2 CLI in the October 2015 issue. given tag) and snapshot only those that I have myself gone through an identical are mounted on a given device name: process for exactly the same reasons in

changing to the Python CLI. The only aws ec2 describe-instances | jq -r '.Reservations[].Instances[] |

thing I chose to do differently in the ´select(contains({Tags: [{Key: "SomeKey",Value:

end was processing the output. I, on ´"SomeValue"} ]}) | not) | .BlockDeviceMappings[] |

occasion, had issues in processing the ´select(contains({DeviceName: "/dev/sda"})) | .Ebs.VolumeId'

text output of the Java CLI in that it ´| parallel aws ec2 create-snapshot

sometimes changed slightly between ´--description "backup_`date +\%Y\%m\%d`" --volume-id

12 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 12 12/17/15 8:35 PM [ LETTERS ]

parallel is a great trick to call the command on every volume ID. I would often use xargs and give At Your Service multiple IDs in one call, but with the Python CLI, I could give each call only one volume ID. I add the SUBSCRIPTIONS: Linux Journal is available in a variety of digital formats, including PDF, date to the description for a better overview of .epub, .mobi and an on-line digital edition, as well as apps for iOS and Android devices. snapshots and a simple way to monitor and delete Renewing your subscription, changing your e-mail address for issue delivery, paying your given snapshots. invoice, viewing your account details or other subscription inquiries can be done instantly on-line: http://www.linuxjournal.com/subs. Then, I would also have a similar simple one-liner E-mail us at [email protected] or reach us via postal mail at Linux Journal, PO Box to clean up old snapshots and monitor that all 980985, Houston, TX 77098 USA. Please remember to include your complete name snapshots are successful. and address when contacting us.

ACCESSING THE DIGITAL ARCHIVE: Keep up the good work! Your monthly download notifications will have links to the various formats —Elfar and to the digital archive. To access the digital archive at any time, log in at http://www.linuxjournal.com/digital.

Photo of the Month LETTERS TO THE EDITOR: We welcome your letters and encourage you to submit them Mateo from at http://www.linuxjournal.com/contact or mail them to Linux Journal, PO Box 980985, Argentina, already Houston, TX 77098 USA. Letters may be supporting Linux the edited for space and clarity. first day of his life. WRITING FOR US: We always are looking for contributed articles, tutorials and —Gaston real-world stories for the magazine. An author’s guide, a list of topics and due dates can be found on-line: http://www.linuxjournal.com/author.

FREE e-NEWSLETTERS: Linux Journal editors publish newsletters on both a weekly and monthly basis. Receive late-breaking news, technical tips and tricks, an inside look at upcoming issues and links to in-depth stories featured on PHOTO OF THE MONTH http://www.linuxjournal.com. Subscribe for free today: http://www.linuxjournal.com/ Remember, send your Linux-related photos to enewsletters. [email protected]! ADVERTISING: Linux Journal is a great resource for readers and advertisers alike. Request a media kit, view our current editorial calendar and advertising due dates, or learn more about other advertising and marketing opportunities by visiting WRITE LJ A LETTER us on-line: http://ww.linuxjournal.com/ We love hearing from our readers. Please advertising. Contact us directly for further information: [email protected] or send us your comments and feedback via +1 713-344-1956 ext. 2. http://www.linuxjournal.com/contact.

WWW.LINUXJOURNAL.COM / JANUARY 2016 / 13

LJ261-January2016.indd 13 12/17/15 8:35 PM UPFRONT NEWS + FUN

diff -u What’s New in Kernel Development There’s an ongoing impulse among heavy, inefficient battery technology, a diversity of developers to be able there’s a big incentive to figure out to compile some or all of the Linux ways to save power. One possibility kernel as a library, so that a piece of is to turn off portions of hardware software could use kernel services when they’re currently not in use, and APIs while running under a like a phone’s touchscreen when the different kernel entirely, or a different phone is in your pocket. . The difficulty lies in knowing exactly This time, the impulse came which piece of hardware to turn off, from Octavian Purdila, creator of and when. If there’s a clear user action, the Library (LKL), like flipping closed a flip-phone, the essentially an entire kernel compiled problem is simplified. Irina Tirdea as a static library. He distinguished LKL recently tried to recognize such actions from projects like User Mode Linux and come up with mechanisms to (UML), saying that LKL was more respond to them properly. She posted lightweight, having no infrastructure some patches to do this. REQUIREMENTS OR NEEDING ANY PARTICULAR Octavian Purdila, also working sort of runtime environment. on the project with Irina, described A bunch of folks expressed interest, a target scenario as being when a especially in terms of interacting touchscreen has been blanked but is with similar projects like libOS still aware of the user’s touch—through and libguestFS. And, Richard the fabric of a pocket, for example. Weinberger remarked that LKL The goal of the patches, he said, seemed to solve UML’s biggest pain would be to save power by turning off points: the need to use ptrace() to all the hardware associated with that handle system calls and to do virtual screen, and turn everything on again memory management using SIGSEGV. when the user activates the device. In a device-centric world with The problem with this sort of feature

14 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 14 12/17/15 8:35 PM [ UPFRONT ]

is that it could be implemented along Meanwhile, Lukasz Pawelczyk was any of a number of different layers working on code specifically to support of the kernel code. The ideal location that same security information. could make the difference between a A debate sprang up over the complex, easily broken implementation particular context involved. Andy and a simple, efficient implementation. Lutomirski suggested that if a Several folks felt that Irina and filesystem contained a user’s own data, Octavian’s approach was in the wrong it would be fine to override security part of the kernel, and the discussion features, on the grounds that users devolved into a consideration of should be able to do what they wanted completely different approaches. with their own data. While Casey No consensus arose, although Schaufler replied that the kernel the allure of power-savings will shouldn’t care what the user knew undoubtedly keep the debate alive. about the data, it had to follow the Mounting a filesystem under a security protocols or else it wouldn’t be virtual machine can be tricky. Security able to enforce them at all. privileges and restrictions need to On the other hand, as Eric pointed be respected, or else a filesystem out, filesystems like FAT and Minix could become a vector of attack weren’t capable of storing the same by a malicious user. This particular type of security information as more area of kernel development also modern filesystems. There had to be a tends to have a wide appeal among way, he said, to mount such filesystems companies trying to support their WITHOUT REQUIRING THEM TO SUPPORT products, so it’s possible for a variety security features they couldn’t support. of developers to find themselves It’s an ongoing debate. Security working at cross purposes and need trumps all other considerations, to accommodate each other before including dire need, so an issue their patches can be accepted. like unprivileged filesystem mounts Seth Forshee and Eric Biederman, inevitably will involve a consideration for example, recently wrote some of the specific context in which a user patches to allow mounting and might try to do something. Often FUSE filesystems by unprivileged users, there’s some kind of crazy nuance ignoring the security information that that makes something feasible when otherwise might prevent those users you could have sworn it never would from accessing that data. be feasible.—ZACK BROWN

WWW.LINUXJOURNAL.COM / JANUARY 2016 / 15

LJ261-January2016.indd 15 12/17/15 8:35 PM [ UPFRONT ]

Non-Linux FOSS: Open-Source Windows?

I have mixed emotions about ReactOS. It’s open source. It’s freely available. But, its goal is to be binary-compatible with Windows! ReactOS is not a Linux operating system. In fact, it doesn’t share the UNIX architecture at all. It looks like Windows NT, and it behaves much like Windows NT. It’s just odd! The best way I can think to describe it is to imagine if code. I’m personally not convinced Wine evolved into an entire operating that ReactOS is a better idea than system that booted on hardware Wine running inside Linux, but I’m sure instead of running inside Linux. running it as its own operating system That’s basically what ReactOS feels will provide possibilities that just can’t like. It’s not ready for prime time happen in a Wine environment. The (and the developers make that very folks at ReactOS provide installers clear—it’s alpha software), but it’s AND PREBUILT 6- INSTANCES THAT CAN BE worth checking out. Since it’s early in launched in order to try it out on your the development process, if you get existing system. Whether you are just involved now, you can have a say in morbidly curious about a non-Windows what compatibilities get priority. Windows or are interested in getting ReactOS is the perfect solution for involved in the development, go to folks who need to run Windows apps, http://reactos.org for more details. but absolutely refuse to run —SHAWN POWERS

16 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 16 12/17/15 8:35 PM [ UPFRONT ]

Android Candy: Quality Time, or Not?

This is the season of resolutions, and in the technological world we live in, spending time off-line is a difficult but healthy activity. The problem is our lives have become so intertwined with our phones that it’s easy to whip out our cell phones inadvertently to check our social NETWORKS QUICKLY 4HE 1UALITY4IME APP IS DESIGNED to help curb the habit just a bit. Ironically, it’s an Android app designed to help you stop using Android apps so much. Still, it’s

just geeky enough to make limiting (Photo from http://qualitytimeapp.com) technology time a fun endeavor. If you like graphs, data, numbers TO GIVE 1UALITY4IME A TRY )F YOU AND GOALS 1UALITY4IME CAN HELP just want to see how much time you identify where you spend most you spend on various applications of your time on-line and then on your Android device, you assist in lessening your face time SHOULD TRY 1UALITY4IME AS WELL ) with FaceTime (okay, not actually found the data alone worth the FaceTime, since that’s an Apple installation, and it inspired me to app, but the word play was too spend a little less time texting my fun to leave out). kids and a little more time talking If you’re forgetting what your to them (while they text their family members actually look friends—baby steps...). like, or if you’re surprised to see Check it out at your friends as anything but their http://qualitytimeapp.com. on-line avatars, you really need —SHAWN POWERS

WWW.LINUXJOURNAL.COM / JANUARY 2016 / 17

LJ261-January2016.indd 17 12/17/15 8:35 PM [ UPFRONT ]

Dear , Where’s My Surround?!?!

I love Kodi. (This is just an evolution we found its interface to be of my love for XBMC, since it’s the cumbersome and the transcoding same thing with a new name.) In for local media frustrating. fact, although I’ve expressed my So during the holidays, I once love for over and over (and again installed Kodi on over) the past few years, I still use devices around my house. Using Kodi as my main interface for the OpenELEC, the installation process televisions in my house. We gave itself is painless. Heck, even Plex a try as our main media center centralizing the library database was software when it was released for painless. The frustrating part was 4I6O BUT AFTER SEVERAL MONTHS getting 5.1 surround sound to work.

18 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 18 12/17/15 8:35 PM [ UPFRONT ]

On the bedroom televisions, surround sound They is a moot point, because I just use whatever Said It STEREO SPEAKERS ARE INCLUDED IN THE 46 &OR OUR main media center, however, I have a fancy Don’t watch Sonos PLAYBAR with subwoofer and rear the clock; do channel speakers. The only audio connection the what it does. PLAYBAR accepts is optical audio, so I bought an Keep going. inexpensive HDMI audio extractor. (This one works —Sam Levenson great: http://smile.amazon.com/dp/B00BIQER0E.) What you The problem is that when Kodi is set to 5.1 do today audio output, the center channel is missing! can improve There’s a bit of disagreement as to whether it’s a all your bug in Kodi/OpenELEC or just a result of optical tomorrows. audio supporting only two channels of audio. —Ralph Marston (If that seems odd to you, it was to me too. But apparently, it supports only two channels, which Life is 10% contain all the surround information, or something what happens like that.) The non-intuitive solution is to force to you and Kodi to 2.0 audio. Although it doesn’t seem to 90% how you make sense, I can vouch for it working. Kodi sends react to it. —Charles R. the audio as 2.0 stereo, which is transferred over Swindoll optical (or HDMI, whatever you’re using), and then the receiver decodes the surround information It does not from that two-channel signal. matter how The tl;dr version is that Kodi will send the slowly you go surround sound information over two-channel as long as you audio, so if you are missing your center channel, do not stop. —Confucius try switching to 2.0 audio.—SHAWN POWERS

Keep your eyes on the stars, and your feet on the ground. —Theodore Roosevelt

WWW.LINUXJOURNAL.COM / JANUARY 2016 / 19

LJ261-January2016.indd 19 12/17/15 8:35 PM [ UPFRONT ]

ABINIT for Chemists

The single largest group of users install it with: on high-performance computing clusters has to be the chemists. Their sudo -get install abinit abinit-data abinit-doc CPU-year count is definitely at the very top of the list. Because of this The only issue with that method heavy use, several different packages is you probably will get an older have become standard tools that most version of ABINIT. At the time of this computational chemistry researchers writing, the package installs use. So in this article, I take an version 7.8.2, while on the Web site, introductory look at one called you can download version 7.10.5. ABINIT (http://www.abinit.org). If you need the latest available ABINIT calculates the energy and code, you always can get the structure of groups of nuclei and source code from the main home electrons. The method used to make page and compile it yourself on your these calculations is Density Functional local machine. In order to build it Theory (DFT, https://en.wikipedia.org/ yourself, you need the usual utilities wiki/Density_functional_theory). If to build other packages, such as you want to know more about the make, libtool and autoconf. Because underlying theory, feel free to go talk the majority of the code is written in to your nearest computational chemist. FORTRAN, you also need a compiler Although my exposure has been capable of compiling F90 code. with people running ABINIT on scores This will allow you to build a basic of machines in parallel, at least in version of ABINIT. You can include a learning environment or for small extra functionality, such as MPI or systems, nothing is stopping you NetCDF, if you have them available from running it on your own desktop. on your system. The first step, of course, is to install The main executable to run these it on your machine. You may have calculations is called abinit. It packages within your distribution to takes a number of input files in make installation easier. For example, order to do the actual calculation. on Debian-based systems, you can One of these input files is actually

20 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 20 12/17/15 8:35 PM [ UPFRONT ]

a file of files. It is a file that Q my.psp — the pseudopotential contains a list of other input files used for this run. that abinit needs to read in. The usual filename ending is “.files”. The root names “abi”, “abo” and If you have this input file, you can “tmp” are used to create the multiple run your simulation with: files for each of those sections. There are a few rules around abinit < my_input.files >& log the input files that may cause problems if you don’t follow This tells abinit to read the input them. The first is that you can’t have data from standard input (attached to tab characters in your input file. So, the file my_input.files) and to write its be sure that your editor uses space results to standard output (attached to characters when you press the tab the file log). The log file only captures key. The second rule has to do with output that gets written out to the using negative numbers. There can’t standard output stream. There is a be any spaces between the negative lot more output that is written out. sign and the first digit of the number. These other output files are defined in The last formatting rule is that no the my_input.files file. The following line can be more than 132 characters. list is a more-detailed description of If any lines end up longer than that, the contents: ABINIT simply will ignore the extra content. If you get errors when trying Q ab_in — main input file. to run your own jobs, those are the first few places you should check. Q ab_out — main output file. There are a massive number of input variables that allow you to Q abi — root filename for other control parameters around file input files. handling, geometry, structure optimization and response Q abo — root filename for other functions, among many others. output files. These input variables can be in any order. The entire file gets Q tmp — root filename for parsed before the calculations temporary files. start. When you start creating

WWW.LINUXJOURNAL.COM / JANUARY 2016 / 21

LJ261-January2016.indd 21 12/17/15 8:35 PM [ UPFRONT ]

your own input files, you probably access to all of the source code will want to be able to check them and can investigate exactly how somehow. Luckily, you can use the calculations are being done. ABINIT itself to do this. The abinit When doing fundamental scientific executable includes an option (-d research, that can be very important. or --dry-run) to take your input You may be trying to do calculations files and validate them without in a region where the available starting the calculations. This algorithm is no longer valid. All of allows you at least to catch major these calculations make assumptions typos before wasting the time to try to simplify the calculations so involved in doing a partial run and that they are actually doable, and having it fail. it is very important to keep that in Along with your own input files, mind. But, with access to the code, describing the geometry and other you have the opportunity to make descriptive variables, ABINIT needs changes to those algorithms to fit input files that describe something the assumptions better that are valid called the pseudopotential for for your problem. This open-source your system. There are different code gives you the ability to build types, such as Troullier-Martins on all of the past work and push or Hartwigsen-Goedecker-Hutter it into new areas of research. Just pseudopotentials, that can be used remember to pass these extensions for different situations. Luckily, ABINIT and improvements on to the next includes pseudopotentials for the group of researchers to keep pushing entire periodic table. This means you our understanding forward. simply can build up your molecule Interpreting the output from by including the pseudopotentials ABINIT can be a bit of a job. There for each of the different types of is a lot of output describing how atoms in your system. Although it the calculated values progressed isn’t necessary in most cases, you UNTIL THEY REACHED THE REQUESTED can create your own for some very accuracy to the actual answer. For specialized system if needed. example, if you are calculating The other thing to be aware of the energy for a molecular is that ABINIT is released under a configuration, you probably are GPL license. This means you have interested in when the energy is

22 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 22 12/17/15 8:35 PM [ UPFRONT ]

at its lowest value. This will be the This is just a very basic most stable configuration for these introduction to what is involved nuclei and electrons. But, how do when using ABINIT. Hopefully, you you interpret this output? Several now feel a bit more comfortable tools are available to take the digging in to the massive geometric portion of this output documentation and using ABINIT and plot it so that you can see what to solve whatever molecular the configuration actually looks like. problem you have. When you are There also will be output describing ready, you can move on to much how strong the various connections larger problems by using the are between the nuclei, which you MPI capabilities in ABINIT to use can use to see how reactive your as many machines as you have molecule may be. available.—JOEY BERNARD

LINUX JOURNAL on your Android device

Download the app now from the Play Store.

www.linuxjournal.com/android

For more information about advertising opportunities within Linux Journal iPhone, iPad and Android apps, contact John Grogan at +1-713-344-1956 x2 or [email protected].

LJ261-January2016.indd 23 12/17/15 8:35 PM [ EDITORS' CHOICE ]

EDITORS’ Help Me, CHOICE Uncle Shawn ★

If you’re anything like me, the ( is holiday season is spent fixing Wi-Fi usually my choice). The problem and removing . Occasionally, with helping friends and relatives I get to install Linux for a relative with their computers over the who is ready to give up Windows holidays is that you become their or needs something that will run first call when something goes on a circa-Windows 2000 computer wrong. You either can fight it

24 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 24 12/17/15 8:35 PM or make it easier on yourself by 6IEWER GETS THIS MONTHS %DITORS preparing in advance. Choice award. It’s not new ) LOVE 4EAM 6IEWER )TS NOT AN software, but after a stretch of open-source program, but it’s holidays, I’m reminded just how free for personal use with no nice it is to have installed on all frustrating limitations. Plus, it my relatives’ computers. Be sure runs on Windows, OS X and Linux. to install the client before you The best part is how easy it is to leave their houses, or else be use. I generally don’t set up the prepared to explain software “automatic availability” feature installation over the phone! Get that logs the computer in to the your copy at http://teamviewer.com. 4EAM 6IEWER NETWORK AUTOMATICALLY —SHAWN POWERS on boot. I like to use the standard STARTUP WHICH REQUIRES USERS TO CALL me with the code on their screen. The best thing about Team 6IEWER IS HOW EASILY IT HANDLES LINUX JOURNAL NAT situations. Since the software on your e-Reader CONNECTS TO THE 4EAM 6IEWER servers, those servers act like a connection broker, meaning there are no router ports to forward and no proxies to set up. As long as the computer is on-line, you should be able to take over and help someone. Again, you might not like the ease with which you’ll be able to e-Reader editions help, but having access to a user’s FREE for Subscribers computer in real time is so much nicer than explaining to Uncle Harry what “right click” means. Customized Kindle and Nook Due to its for personal editions now available use, cross-platform compatibility and incredible ease of use, Team LEARN MORE

WWW.LINUXJOURNAL.COM / JANUARY 2016 / 25

LJ261-January2016.indd 25 12/17/15 8:35 PM COLUMNS AT THE FORGE Client-Side REUVEN M. Performance LERNER Give your users a better experience by improving client-side performance.

In my last few columns, I’ve Angular.js and React.js, assume that covered different ways to understand, you’ll be writing your application in analyze and improve the performance JavaScript and provide you with the of your Web applications. I’ve objects and infrastructure necessary shown that between your network for doing so. connections, server hardware, If you’re worried about the database design and HTTP server performance of your Web configuration, you can change and application, you need to concern improve the performance of your yourself not only with what happens Web application—well, sort of. Web on the server, but also with what applications, when they first started, happens in the browser. Some were dynamic only on the server commercial performance-monitoring side. Sure, they output HTML— solutions already take this into and later, CSS and JavaScript—but account, allowing you to see how the overwhelming majority of the long it takes for elements to render, processing and computation took and then to execute, on your users’ place on the server. browsers. However, there is also This model, of course, has changed no shortage of open-source tools dramatically in the last decade, to available for you to check and such a degree that you now accurately improve the ways in which your can claim to be a Web developer and client-side programs are executing. work almost exclusively in HTML, This month, I’m concluding this CSS and JavaScript, with little or exploration of Web application no server-side component. Entire performance with a survey of things -6# FRAMEWORKS SUCH AS %MBERJS to keep in mind, as well as tools that

26 / JANUARY 2016 / WWW.LINUXJOURNAL.COM

LJ261-January2016.indd 26 12/17/15 8:35 PM COLUMNS AT THE FORGE

help ensure that you’re actually doing HTML page. That is, instead of having what you should be. your