sign in sign up
<<
Home , 4MLinux, AbiWord, Alien (file converter), ALT Linux, ArchBang, BleachBit

Discover the new puppet master of 46 projects + Create a Pi box Code for the kernel Go green with PLUS Make money and Get into Linux today! run a Linux business 100 BEST Linux APPS Your essential guide to all the must-have open source apps

Open NHS We exert influence over the Beat Big entire healthcare community Brother around the use of open source The best anonymising Peter Coates on open source in the NHS p44 distros tested and rated

Guitarix guide Networking fu School of rock! Build a router Pro-level virtual Boost security and amps come to Linux hack your own router TuxRadar.com

Welcome

Get into Linux today! What we do We support the open source community by providing a resource of information, and a forum for debate. We help all readers get more from Linux with our tutorials section – we’ve something for everyone! We license all the we print in our tutorials section under the GNU GPLv3. We give you the most accurate, unbiased and up-to-date information on all things Linux. Who we are The best of FOSS This issue we asked out experts: What tool do you find essential, couldn’t live without and Today, we’re celebrating the best of FOSS and why? And no, you can’t all say … championing the 100 best open source software projects. Software that you must have and shouldn’t miss out on. From big-names like LibreOffice to the tiniest tools Jonni Bidwell such as rtorrent, we’re running a catalogue of our 100 Well, I never leave the house without must-have tools – and it even includes 70 that will work on the Chrome, but that’s another story. As far as FOSS goes, for me it’s all about the little old and new Raspberry Pi! things so often taken for granted: grep, Of course, if you really love a piece of software, why not ping, tail, lsof and nano (because contribute to it? That’s the real beauty of open source: the sometimes vi is too hard) can solve so many problems. Also MPD controlled by ability to get involved with the most exciting or your most loved phone is the badger’s nadgers. projects, whether big or small. We’re sure we’ve missed out on some favourite tool or project here, and we’re also sure you’ll let us know what that is. So make sure you us and we’ll let Neil Bothwick everyone know Mailserver on page 12. Well I do use Emacs, but… I’m not sure there is anything so essential. There is so But what use is software without something to run it on? much choice in the free and open source For once we have three systems that come with Linux pre- world that if anything disappeared I’ be installed in our Reviews section starting on page 17. We have a able to find a usable alternative. Having said all that, I’d be hard pushed to do new HP workstation-class laptop, a workstation without ZShell running in screen session and the latest from Acer. It’s certainly a sign of the over SSH. time that we’re able to run regular system reviews with PCs that have a flavour of Linux as a default OS option. I’m also excited that we’re interviewing Peter Coates on how Sean Conway Mozilla is the go-to FOSS for me! the British NHS is using open source in its infrastructure on I cut from ’s SuperMarioNation page 44. Alongside this a feature on how you can not only run a Explorer software when AOL business with open source, but how a business can deploy and released Netscape. I was a last holdout with that, staying with the maintain open source systems on page 48. We’ve got a new until it reached its end of life. A weaning to sysadmin’s coding series from Dr Chris Brown on page 84 while Firefox was the alternative. No amount of another Brown: Jolyon Brown takes the reins of Administeria on Chrome will give me cause to change. page 56 and Jonni looks into MariaDB on page 88. So enjoy the issue and we’ll be back with more next month! Les Pounder The Arduino project is very dear to my heart. It started the Maker movement with art students in Italy, and thanks to its pricing and ease of use it’s become a huge success. Children and adults around the world have built projects great and small thanks to the blue PCB and its great set of resources.

Neil Mohr Editor Mayank Sharma [email protected] VirtualBox! It’s taken the fear out of testing beta software and unfamiliar distros. I can create isolated environments using geekier solutions such as OpenVZ and LXC, but I still prefer the idiot-proof VirtualBox and save all my geekiness for tinkering with whatever it is that I need the virtual Subscribe & save! environment for. Digital and print, see p34

www.linuxformat.com April 2015 LXF196 3 See page 11 for Contents full details. “We become what we behold. We shape our tools and then our tools shape us.” Reviews The HP ZBook 15u G2...... 17 Squeeze workstation power into a laptop and add a dash of Linux on top. Magic. BEST 100 T5810...... 18 Put a workstation in workstation’s clothing, then add a dash of Linux on top. Also magic. Linux tools The best FOSS that you can’t afford to miss p36

A workstation-class desktop to make Linux fly like it deserves! Roundup: Acer Chromebook 13...... 19 A new Chromebook that’s packing a new Anonymising distros p28 Nvidia Tegra K1, can it cut the mustard? AMD FX-8320E...... 20 A ‘budget’ octo-core CPU from AMD might grab your attention, but should it?

If you can spot the eight cores from here, you’re better than we are.

Tiny Core 6.0...... 21 Tiny by name, tiny by nature. The latest evolution of the minimal Linux distro. NetRunner 14.1...... 23 An updated release of a distro that makes KDE enjoyable, even for Mint users! 27...... 24 Yuck, ! The question is whether Opera can do better than Firefox? Interview Philips 4K display...... 26 4K is here, the Linux desktop is ready, so where are all the affordable monitors? I could take, consider, Dying Light...... 27 implement, and share. A city terrorised by brainless, shambling humans getting in your way. Bath, on Fridays. FOSS was a revelation! Peter Coates on open source in the UK’s NHSp44

4 LXF196 April 2015 www.linuxformat.com On your FREE DVD Mint 17.1, 14, , TinyCore and more! The best distros money can buy. Treat yourself or a loved one to an LXF PLUS: 164-page Android p96 subscription! p34

Don’t miss... Linux in business...... 48 How you can run a successful Linux business supporting and running FOSS for all.

School of Guitarix...... 52 Mix pre-amps and amp models with effects and emulations, and service society by rocking.

Coding Academy Tutorials

Kernel hacking...... 84 NTP Dr Chris Brown is back in a regular series of Time gentlemen!...... 68 system programming tutorials, kicking off with Sean Conway explores everything NTP kernel system calls, which will provide the based, so you’ve got no excuse for missing grounding in and Python. that dentist appointment. Raspberry Pi MariaDB...... 88 Build a Tor box ...... 71 Jonni Bidwell runs off hand-in-hand with Mayank Sharma trusts no one! So he’s MariaDB, escaping the evil clutches of Oracle to built a Pi-based Tor box in his lead-lined safe live in a freer MySQL world with his first of solitude somewhere in love. aka an introduction to MariaDB.

Regulars at a glance

News...... 6 Subscriptions...... 34 Back issues...... 66 The Biq phone is finally here Subscribeo t our digital edition or Why do you want to make us sad? and then it was gone, in a flash sale. we’ll make you use an Apple iPhone! Make us happy and buy a back issue. Cry me a river, NSA. An odd way to launch a phone! Issue LXF191 is looking for a home! Sysadmin...... 56 Ecryptfs Mailserver...... 12 Mr Brown takes the helm of Next month...... 98. Encrypt everything!...... 74 The Stallman alternative universe Administeria after an 88 episode run It’s Pi-mageddon! We’re digging up Neil Bothwick trusts no one! So he’s controversy rumbles on, Jonni is from Dr Brown. Kicking off taking a the best Pi projects for old and new encrypting his entire hard drive, here’s how. awful at history and people still love look at CoreOS and Ansible. boards, plus so much more. us it seems, awww. HotPicks...... 60 Startup and standby...... 76 Jonni Bidwell trusts everyone! He just User groups...... 15 Alexander Tolstoy might be Russian, wants to be able to get his PC to sleep. Les Pounder dons his woggle and but he’s not invading the Ukraine, oh celebrates the Pi Jamboree. no, he’s too busy invading GitHub to Networking grab the hottest picks known to man! Build a home router...... 80 Roundup...... 28 Captured for you: Abiword, GParted, Build and configure your own router for the Shhh,t don’ tell anyone but Alex Handbrake, Stellarium, Gnome geeky buzz and benefits, improved VPN security and total control. So says Jonni. Tolstoy has been testing anonymising Battery Bench, , Albert, Xonotic, Our subscriptions team distros, but we’ll never know. X-Moto, TLP and MDP. is waiting for your call.

www.tuxradar.com April 2015 LXF196 5 Newsdesk

ThisSE: IS U Ubuntu Phone ElementaryOS GPG funding #!++

Canonical phones home Ubuntu Phone is finally here The first Ubuntu Phone might not be all that, but it’s a promising start.

t’s been a long time coming but the and the apps we’ve installed on them. world’s first Ubuntu Phone has Rather than laying out all the apps Ibeen released. The BQ Aquaris E4.5 separately in grids as with Android and Ubuntu Edition has recently gone on iOS, Ubuntu Phone is bringing in the sale and it looks like there was plenty of revolutionary idea of “Scopes”. Ubuntu The BQ Aquaris pent up demand for a - Phone is looking to integrate apps and Ubuntu Edition is Almost 1,000 apps from big names flavoured handset. Although so far it services via Scopes into an easy to use the first of many around the world that are coming to has only been sold in limited ‘flash interface, so users don’t have to scroll Ubuntu Phones... Ubuntu Phone. sales’, the first such sale completely through screens of icons. For example we hope. It seems to us that the BQ Aquaris sold out in under an hour. It bodes the NearBy Scope will aggregate local E4.5 Ubuntu Edition isn’t really aimed at pretty well for Canoncial’s fledgling services centred around where you are the mainstream consumer and is mobile , especially and what you’re doing, giving you instead aimed at developers, with considering that the actual phone isn’t reviews of local restaurants nearby, as Canonical keen to get an Ubuntu Phone anything too special. It comes with a well as the weather in your area. We’ve into the hands of app makers as quickly been told that we can as possible. What will be interesting to expect some big- more mainstream consumers is the “Launching a new name apps appearing upcoming Meizu handset. on the new mobile The Chinese product is a journey, operating system. manufacturer signed an agreement this is the first .” When asked Cristian with Canonical late last year, and it Parrino, VP of Mobile looks like its upcoming Meizu MX4 , will 4.5-inch qHD (960x540) display, a at Canonical, what sort of apps and be Ubunutu-flavoured. This handset is MediaTek quad-core Cortex-A7 Scopes we can expect in Ubuntu expected to feature far more impressive processor clocked at 1.3GHz and 1GB of Phone, he replied “, , high-end components: “octa-core” – RAM. It also features a 5-megapixel eBay, Time Out, Yelp, as well as quad-core Cortex A17, quad-core Cortex front camera and an 8-megapixel rear community developed apps working on A7 – MediaTek MT6595 SoC, 5.36-inch camera, which aren’t bad specifications , Dropbox. Lots. Just about every 1920x1152 IPS display, 20MP camera, by a long shot, but not something to get digital platform, in some cases the top 4G-LTE and 2GB of RAM. If the terribly excited about, though perhaps brand, others from valid alternatives” specifications are correct, then we the relatively low price of €169.90 should see an Ubuntu Phone that can (around £127) helped drum up interest. go toe-to-toe with flagship devices from A number of networks in Europe Apple and Android manufacturers. such as amena.com, Giffgaff, and When asked Parrino told us that Portugal Telecom will offer SIM bundles “launching a new product is a journey, with the BQ Aquaris Ubuntu Edition. Scopes are an this is the first step”, and that for the innovative new What is worthy of interest is Ubuntu time being Canonical is focusing on interface feature Phone itself, a early adopters who are bored of iOS that Canoncial with plenty to offer and set it apart from hopes will make and Android, rather than fighting for Apple and Google’s offering. Ubuntu Phone shelf space among more well known Ubuntu Phone looks set to up stand out from brands. Meizu’s Ubuntu Phone could be the way we interact with our phones the crowd. the start of the real fight.

6 LXF196 April 2015 www.linuxformat.com NewsdeskN ewsdesk open source funding Newsbytes

Is nothing sacred? If you’ve got a ElementaryOS hard drive made by Western Digital, Seagate, Toshiba or other top manufacturers then be warned: the U.S. NSA has apparently found a way gets into hot water of inserting spying software into those drives. Security firm Kaspersky Poor choice of words pits elementaryOS against its users. discovered the software in PCs from over 30 countries, with the most ener Koch hasn’t been the only one to stated that “We want users to understand that cases being seen in Iran, Russia, struggle raising funds. The stylish they’re pretty much cheating the system when Pakistan, Afghanistan, China, Mali, W distro elementaryOS latest version they choose not to pay for software.” It has since Syria, Yemen and Algeria. may have been downloaded over 2 million times, been deleted, but the internet’s memory is long, http://blog.kaspersky.com but it seems 99.875% of those, download it and supporters of elementaryOS quite rightly CrunchBang, the lightweight without paying a single penny. didn’t like the accusation. distro that’s also known as #!, is As with other Linux distros elementaryOS is no more, with Philip Newborough, announcing in a forum post titled ‘The free to download, but also asks for voluntary end’ that “I have decided to stop donations to help fund the project. Previously developing CrunchBang. This has not when downloading the ISO of the distro, a text box been an easy decision to make and was included where you could type in an amount I’ve been putting it off for months. It’s of money you’d like to donate, with $10 being the hard to let go of something you love.” default setting. In a bid to get more donations it The reason for the decision is has now changed the download process, with four apparently because Linux has moved buttons ($10, $25, $50 and Custom) which you on, and there’s no longer a place for need to select before you download. If you’d wish CrunchBang. “I honestly believe that it no longer holds any value.” to download for free you need to select Custom http://crunchbang.org and then type in $0. While the additional hurdle to download Although Newborough feels there’s no longer a place for elementaryOS is minimal, we can at least CrunchBang, others disagree. Almost sympathise with the team’s plight of getting as soon as the end of CrunchBang funding. However, what didn’t help was the rather was announced, a new project accusatory post (http://blog.elementary. cropped up, known as CrunchBang io/post/110645528530/payments) that Plus Plus (or #!++). The aim is to accompanied the news which managed to rile up Have the folks behind elementaryOS taken continue the legacy of CrunchBang, elementaryOS’s fans. A particularly ill judged line their supporters for granted? keeping it light weight while getting a reskinned and updated Jessie packages. open source funding ://crunchbangplusplus.org GPG gets funded Fundraisers come to the aid of Werner Koch, the man behind Gnu Privacy Guard that protects us all. CrunchBang is dead. Long live f you value the privacy and protection of your published a CrunchBang Plus Plus! and use email encryption then there’s a number of good chance you use Gnu Privacy Guard, or individuals and I Live Patching is coming to the software that’s based on it. Journalists, companies, organisations Linux Kernel. Although there have rallied to his support, pledging funds for the dissidents and whistle blowers like Edward have been proprietary live patching Snowden around the world use software, however man behind the software so many of us use. features in the past, along with distros it was recently revealed that the man behind the The ’s Core Infrastructure such as and SUSE bringing code, Wener Koch, was running out of the money. Initiative – that was established for just this their own implementations, the Although he continues to patch and update eventuality – awarded him a grant of $60,000 and different approaches to live patching Gnu Privacy Guard from his home in Erkrath, Facebook and Stripe (an online payment were proving problematic. Now a joint , in an interview with Pro Publica (http:// processor) have each pledged to donate $50,000 approach has been agreed on to bit.ly/16uti0Z), Koch revealed that he was a year to the project. His donations page at create infrastructure for live patching, including an API for kernel modules running out of money. A fundrasing campaing https://gnupg.org/donate has also been containing the actual patches, and launched in December raised $43,000, quite a bit inundated with donations, and if you’d like to thank API/ABI for userspace to be able to Koch for his hard work on such an essential tool, less than the $137,000 goal. However since the operate on the patches. article highlighting Kock’s difficulties was please visit and give what you can.

www.tuxradar.com April 2015 LXF196 7

Newsdesk

Comment Hitting the mirrors LibreOffice What’s behind the sofa? 4.4 release M ageia 5 Michael Meeks If all has gone according to plan you should be able to download 5 by the time this issue goes on sale. Recently we Recently the second Beta of Mageia 5 released was delayed, which could impact on LibreOffice 4.4. the final release. The previous major By the time you version of the Mandriva fork was very read this it should be ready for wide-spread well received, so we have high hopes home usage, and is well worth a try. for this release as well. Find out more For me the highlight is Jan Holesovsky’s at www.mageia.org. work (for Collabora) on growing and encouraging the User Experience As long as there haven’t been any more delays, Mageia 5 community. In this release lots of should be available to download improvements have been made across the suite; such as crisping up the look of the default menu and tool-bars. ClearS O 6.6.0 This work was based on user statistics ClearOS 6.6.0 “Community” edition is indicating which items are more frequently now available. The latest version of used. But if somehow your favourite icon is the CentOS-based distribution not visible by default – it’s only a couple of introduces WPAD, QoS, YouTube School ID support, an upgrade to the clicks to show it again. Intrusion Detection engine, and ISO- We have a new colour selector, an to-USB key support. ClearOS is improved side-bar, better rulers, and we’ve aimed at cloud servers and gateways finally finished making all dialogues for homes, hobbyists and small dynamically resizable. Impress is also much organisations. A handy web-based improved, with a number of really odd quirks interface grants you easy access to fixed in the Impress master page editing, and the range of features ClearOS provides and you can find out more a set of pretty new templates to match. ClearOS brings a number of useful and download the latest realise at features and security tools for Naturally there are a slew of other new www.clearfoundation.com. students and organisations. features. Interoperability is a key , with lots of work done on improving round-trip Netrunner 15 OpenXML support (for collaboration with included, along with a number of new less-enlightened users). Another major win is Netrunner 15 brings huge changes to applications and features. Find out the -based distro, and now more at www.netrunner.com. the inclusion of Google’s great Carlito and comes with the KDE Plasma 5.2.0 Caladea, fonts which provide metric desktop by default. This version has compatibility for modern Microsoft been redesigned from the ground up, documents, much improving layout. We also so a fresh install is necessary. KDE now interoperatate with OneDrive as well as Frameworks 5.7 and 5.4 are V15 is a major update. recently SharePoint. One last good taste is the continued drive Ubuntu 15.04 Final Beta to rescue data from proprietary file formats The final beta of Ubuntu 15.04 will be and bring them into ODF: we hitting the mirrors for downloads a now have filters for: Adobe few days after this issue goes on sale. PageMaker files and Sony If you’re a confident beta tester or you e-. Do download it, have a just can’t wait to see what’s coming play, and get involved. with Ubuntu 15.04 then you can download the beta release from www. ubuntu.com. Make sure you back up The final beta before the full all your files before you try it out. release is available to download. Michael is a pseudo-engineer, semi-colon lover, SUSE LibreOffice hacker and amateur pundit.

10 LXF196 April 2015 www.linuxformat.com competition

An APPle WAtCH Keep up with the times in terms of technology and style with this chance to own 2015’s must-have gadget…

APPLE WAtchEs MUST BE 5WON!

mart watches are one of track your physical activity and the most exciting new exercise sessions, the built-in heart WHAt is tHe nAme oF s technology categories rate sensor enables you to monitor tHe APPle WAtCH’s around and there’s your workout performance, and surely no more eagerly awaited fashionistas can customise the face BritisH designer? product than the Apple Watch. of the watch to their heart’s content. Thanks to a combination of Naturally, the Apple Watch also Apple’s innate ability to make the integrates beautifully with an iPhone A steve JoBs latest technology accessible and the and other Apple devices… unrivalled personalisation that B tim Cook wearable technology provides, the Apple Watch is at the top of many All you have to do to be in with a C JonAtHAn ive people’s wish lists. chance of owning one of these With an Apple Watch, notifications remarkable gadgets is answer the If you think you know the answer, simply visit appear on your wrist, included apps following question: http://bit.ly/watchcompo to enter. Good luck!

enter online noW For Free At: http://bit.ly/watchcompo

The closing date for entries is 1 May 2015. Only residents of the UK and Republic of Ireland can enter this competition. After the closing date, five winners will be drawn at random from the correct entries. Only one entry per household permitted; multiple entries will be disqualified. Seewww.futureplc.com/competition-rules for full terms and conditions.

Apple_watch page_RD4.indd 1 2/11/15 10:01 AM Mailserver

Write to us at , Future Publishing, Quay House, The Ambury, Bath BA1 1UA or [email protected]

More mind games Neil Mohr imagines a world Letter of the month without . Of course, it's interesting to imagine a world without open source, but RMS is nowhere near Helping hand as important as he would have us believe. Open source was ears ago you published something Neil says: For around long before the Free that I have found very helpful. those not in the Software Foundation was Actually lots of things; but this one know you can created. And, being a completely Y in particular. I am sure you are not hold Alt and the SysRq key then slowly type REISUB European thing, there's no the only people to know about how to to force a controlled shutdown. This accesses a low- reason to assume Linux would gracefully reboot a Linux computer with the level message system in the kernel, which will only not have appeared in the GUI frozen, or with some similar problem, but I fail if has died or there's been a kernel panic. [No absence of a Richard Stallman. heard about this useful feature from you. It has General Panic jokes – Ed.] And the file will reside Finnish Linux, for instance, is gotten me out of a fair few hangs. forever on www.linuxformat.com/REISUB.html. based on Dutch Minix. Unfortunately, I have a poor memory for Each key stroke does this: And Apple et al would be fine somewhat random sequences of characters, : Switch the keyboard from raw mode to – the BSD history has absolutely so I wrote a reminder through a small HTML XLATE mode. nothing to do with RMS – file to use as my browser home page. Although E : Send the SIGTERM to all processes indeed, it pre-dates him (as does creating the file did drill the sequence into my except init. another major free project: memory, this way it is always there. So, in the I : Send the SIGKILL signal to all processes Wikipedia [does it? – Ed?]). RMS spirit of FOSS and , I've created a except init. started his campaign for Free trivial contribution to other people's S : Sync all mounted filesystems. Software in the late seventies. enjoyment of computers, without the U : Remount all mounted filesystems in read- In fact, if you want to imagine limitations of greed so often found in this only mode. a world without Linux, you only world. Enjoy, and thank you. B: Immediately reboot the system, without have to tweak the dates of the John Paterson, , unmounting partitions or syncing. BSD lawsuit slightly. If it hadn't started, or had been settled a bit earlier, then Linus would have filesystems that enabled proper championed the philosophy, but and Apple, or to be more used BSD and Linux would never directories were required". That as well as katana-wielding historically correct as that's so have been born. may have been true of PCs, but Stallman?“ I also said “this was important, NeXT Step would have RMS may be important in the /Linux is a mini-computer just a silly academic exercise” so struggled to develop its BSD- history of open source, but he operating system and directories again, it was in no way serious, but based OS. So no, OS X and iOS was a child of his time and there were around in the 70s. entirely silly. Also I wasn't wouldn't have appeared. But no, were many others. This cavalier Anthony Youngman, via email. obsessing about Linux, but the RMS disappearing from history attitude to history is also shown Neil says: I did leave some small concept of ‘open source’, so as wouldn't have stopped open in the article on filesystems, print that said “We realise you point out yourself BSD would source being a force in the world, where it says "By the late 80s someone else would have have been included in that group but that was never my point. [email protected] [email protected]

12 LXF196 April 2015 www.linuxformat.com Mailserver

As for the history of filesystems in an exhaustive account of 250 words, I'll let Jonni cover that filesystems throughout the ages. responding to the next letter. But history is important and you are quite correct – hierarchical Horrid histories filesystems have been around I was surprised to read a since Multics, and they even really poorly researched and included support for long misleading footnote on page 49 filenames and permissions which [Filesystems: The Next the outside world never got to play Generation, LXF193] on a brief with until the mid 1990s. history of file systems. Prior to I should have made clear that I 1968, there were a number of was only discussing the situation filesystems in use by various for home computers, which, while computer manufacturers but the only a fraction of the history of Look ma, no dependencies required but your mileage might vary. first, that I am aware of, that computing, does provide some incorporated most of the nice milestones which many features that we would expect in readers will remember. church, whose ageing Windows had no such issue. a modern was XP Toshiba needed to be I eventually solved the implemented at Bell Labs/MIT Report MIA decommissioned. Part of the job problem by hunting through the in the Multics system. Any I feel I must gently take you guys would be the production of data long list of dependencies until I history of file systems which to task. I am a long time reader in form, and it found the Report Generator and omits a mention of Multics can’t of your excellent journal and a seemed to me that a suitable installed it plus all dependencies. have been properly researched. strong supporter of OS and database front-end would be In LXF193 Andrew Procter had a John Hunter, via email. Linux, but I sometimes feel very valuable. I therefore had a related problem about Jonni says: Unfortunately, there your views of how competitive quick look at LibreOffice and as . Your reply was was some missing in that Linux is against Windows are a expected I found that it was; helpful but again there is the boxout, which was meant to be little overstated. Base would connect to data in implication that LibreOffice will taken as an overview of how we As an example I recently set spreadsheet form. do all that is required of a got to where we are, rather than up a new system for a local However, when I tried to database. This is not the case. produce a report using the My point is this: anyone like Report Wizard it would only Andrew or any organisation produce one rather useless wanting to do the same sort of layout, and any attempt at thing could easily be put off by editing it or going direct to the this decision. So guys how about Report Editor failed. A bit of a tutorial on how to use hunting around in the Software LibreOffice with data? Manager to find out if Report David Connell, via email. Generator was a separate install Neil says: How dare Ubuntu not showed nothing. support every piece of software in Puzzled I did some searching the known universe! I jest, it to find a statement from a seems this is more an issue with Ubuntu developer that said: whoever maintains the LibreOffice “Report Generator had been repositories for Ubuntu rather Imaginging a excluded because it had too than Ubuntu itself. world without many dependencies.” At first I The Report Generator worked RMS: We’re not trying thought this was a restricted out of the box with Mageia 4 and to rewrite situation, but SolydK is with Ubuntu 14.04/14.10 we just history, BSD is based and had the same needed to use: fantastic too! problem. Annoyingly, Windows -get install libreoffice-report-builder However, we do take your point, that the “out of the box” experience isn’t always what it should with open source software sometimes. The truth is though that more often than not most of the mainstream Linux distros do provide a smooth experience and isn't that the most important aspect to highlight? You gimps Having scanned hundreds of old photos retrieved from various

www.tuxradar.com April 2015 LXF196 13 Mailserver

family members and done what I Neil says: Nice table! You've got a thought was a reasonable job of totally valid point, as maths never restoring them you then go and lies, which is something our tamed include GIMP: The Complete maths PhD man Jonni, likes to Guide on the DVD. Darn it, now I constantly remind us of, as well as have to go through them all attempting to recite Pi to infinity. again! I hate you! I hate you! The fact is those categories are I hate you! created especially for every Trevor Dipper, UK Roundup and they don't Neil says: It’s our pleasure Trevor. necessarily have the same We hope the LibreOffice eBook weighting of importance. last issue doesn’t have you Cinnamon and KDE score very redoing all of your documents or closely, with KDE clearly having the Android bookazine this issue better documentation and doesn’t have you remodelling your application support. Android home screen. Do we dare The important thing to For a FOSS alternative to Dragon Naturally Speaking try Simon. even mention the Chromebook remember here is that KDE has eBook next issue? been around as long as time itself. So a) Its documentation is going tells me that there's as both provide the user with a Weighting to be excellent, more so than also a FOSS equivalent that’s better overall voice recognition I have a question. How can the Cinnamon's and b) It's going to called Simon. system over the remaining three. Cinnamon desktop be the overall have more applications that The developers of Simon are In this Roundup, Simon comes out winner if it trails behind KDE in support it for a similar reason. rather shy about their product, as the overall winner with Speech- overall points [see the table The question is: does this make though: there's virtually no App closely following behind. below]. While Cinnamon gets a KDE the best choice for everyone? documentation only the built-in Simon is a more complete and all- total of 28 points, KDE gets a More to the point does Linux help. How do you set it up? What round program, and one that will total of 33 points, yet Cinnamon Format think this makes KDE the kind of microphone does it no doubt take over as the clear is still the winner? best choice? We say no, but if you need? How does it have to be Linux competitor to the likes of Peter Schroeder, via email love documentation and support 'trained' to adapt to my kind of Dragon Naturally Speaking.” by applications you may never spoken English? How accurate is From that Roundup we found use, KDE is the choice for you. it? How does it handle things like Simon was an easy package to punctuation? What kinds of text install, since it can be found in the Recognise this formats does it output? I’m sure and I’ve got an amazing idea for a other LXF readers would find requires nothing else but , but the thought of this very useful. searching for and clicking the sitting at a keyboard to Maurice George, Lancashire Install button. write it fills me with gloom. Neil says: It turns out we have in Setting up is another thing I could dictate it to a fact covered Simon in a Roundup though, as Simon is a little more skilful secretary but of [p24, LXF188]. It won out over involved but quite clever to boot. could my computer do the other FOSS options and Starting the program initiates a the job instead? The frankly if you want speech wizard that enables you to software to translate recognition it’s the only viable configure your voice profile, speech to text has option you have. Here’s what profile, test the sound input, existed for a long David Hayward had to say at the output, and volume settings. while; Dragon time: “The LXF voice and speech When we tested Simon with If you’ve enjoyed your Gimp Naturally Speaking is recognition program of choice people using strong accents we bookazine, keep an eye out for the standard commercial boils down to a shouting match even found it to be excellent with more to come. program. A quick check on between Speech-App and Simon, the odd extra bit of recognition training. So hopefully that should satisfy your recognition needs, let Schroeder’s Table of Chastisement us know how you get on! LXF

Category Cinnamon KDE Gnome Mate Write to us Install & Support 5 5 5 4 2 Do you have a burning Linux- Default Applications 3 5 5 3 1 related issue you want to discuss? Appearance 5 5 5 3 1 Want to let us know what inventive uses you’ve been finding for your Help & Documentation 2 5 4 3 2 Raspberry Pi, or suggest future Performance 4 4 3 5 5 content for the magazine? Write to us at Linux Format, Extensions/Add-ons 4 5 5 3 2 Future Publishing, Quay House, Configurability 5 5 2 4 4 The Ambury, Bath BA1 1UA, or Total Points 28 33 27 27 19 email [email protected].

14 LXF196 April 2015 www.linuxformat.com Linux user groups United Linux! The intrepid Les Pounder brings you the latest community and LUG news. Find and join a LUG We’re jamming!

Blackpool Makerspace Meet every Saturday, The Raspberry Jamboree is almost upon us. 10am-2pm. At PC Recycler, 29 Ripon Road FY1 4DY. http://blackpool.lug.org.uk ack in 2013 the worldwide with the OCR examining board, who has Bristol and Bath LUG Meet on the 4th phenomenon of Raspberry supported the Foundation’s mission to Saturday of each month at the Knights Templar (near B Jams were still in their infancy, enable children to learn computing. The Temple Meads Station) at 12:30pm-4pm. but the irrepressible Alan O’Donohoe 2014 Jamboree also introduced panel www.bristol.lug.org.uk (@teknoteacher) was moving on to a discussions with notable members of much bigger event: The Raspberry the community, such as Ryan Walmsley LUG Meet on the first Thursday of the Jamboree. The Jamboree is an annual (RyanTek Robotics), Andrew Mulholland month at The Southsider, West Richmond St, Edinburgh. event for Raspberry Pi fans from across (Pi-LTSP), Jason Barnett (Cyntech). www.edlug.org.uk the world, people travel from as far as For 2015, the Jamboree moves to Hull LUG Meet at 8pm in Hartleys Bar, Newland Dubai to take part and show their Our Lady’s Catholic High School, Ave, 1st Tuesday every month. projects and talk about how the Preston where Alan teaches. It will be a http://hulllug.org Raspberry Pi has become an integral three-day event, from Friday March 20 Lincoln LUG Meet on the third Wednesday of part of their workflow. to 22. Friday will be a teacher-only CPD the month at 7:00pm, Lincoln Bowl, LN4 1EF. The first Jamboree was on the day, but there’s a Family Hack in the www.lincoln.lug.org.uk outskirts of the Education Innovation evening. The Jamboree itself will run on Liverpool LUG Meet on the first Wednesday of Conference and Exhibition (EICE) at Saturday and Sunday. Tickets are the month from 7pm onwards at the Liverpool Social Manchester Central, and merely a small currently available via an Eventbrite Centre on Bold Street, Liverpool. conference room full of stalls. Speakers page http://bit.ly/AoDEvents. LXF http://liv.lug.org.uk/wiki and delegates mingled in an informal manner and Manchester Hackspace Open night every attendance was around Wednesday at their space at 42 Edge St. 200 people (which was http://hacman.org.uk more than those attending Surrey & Hampshire Hackspace Meet the EICE conference). every Thursday from 6:30pm at the Games Galaxy The following year, Alan in Farnborough. negotiated to integrate the www.sh-hackspace.org.uk Jamboree into EICE and we Tyneside LUG Meet from 12pm, first Saturday saw stalls dotted around of the month at the Discovery Museum, Newcastle. the exhibition. The www.tyneside.lug.org.uk Raspberry Pi Foundation The Raspberry Pi Foundation are firm supporters ran its hands-on projects of the Raspberry Jamboree, so join the fun. Community events news

Edinburgh Mini Maker Faire Preston Raspberry Jam In that light, NoSQL Matters, The capital of will play Preston’s monthly Raspberry Dublin takes place June 3-4 with host to its own Mini Maker Faire Jam is growing, says Martin day one hosting a developer on April 19 at Summerhall. On Bateman a host for the event. training day and day two show will be projects that cover It now includes regular featuring a full conference track the broad spectrum of maker presentations from Sonic Pi of workshops and talks on the culture, with electronics rubbing competition finalist, Joshua latest NoSQL advancements. shoulders with wood work and Lowe, who has been hacking and If you are a database or web tailoring. This is a great event for writing music with Raspberry Pi NoSQL Matters developer looking for continued seeing some immense talent and Sonic Pi 2. Preston In the last two years noSQL development training this event using technologies such as the Raspberry Jam is a mix of databases have come to the fore is a must. And, of course, there’s Raspberry Pi and Arduino. presentations, workshops and of web technologies and not a the chance for a Guinness or two For more information head over social event, and takes place on week goes by where we don’t at the various social events. See to the official website. the first Monday of each month. hear about something new from the website for details. http://makerfaireedinburgh.com www.raspberrypi.org/jam the likes of MongoDB and Riak. http://bit.ly/NoSQLMatters2015

www.tuxradar.com April 2015 LXF196 15 TECHNOLOGY. TESTED.

VISIT TECHRADAR, THE UK’S LEADING TECH NEWS & REVIEWS WEBSITE Up-to-the-minute technology news In-depth reviews of the latest gadgets Intensive how-to guides for your kit www..com twitter.com/techradar facebook.com/techradar Xxxxxxxxx Reviews

All the latest software and hardware reviewed and rated by our experts HP ZBook 15u G2 A lightweight, no-frills budget mobile workstation that HP ships with Linux as a native option and Juan Martinez thinks is worth a look.

nlike the majority of consumer an FHD screen and no-spindle Specs laptops on the market, mobile drive, the ZBook 15u is meant to Uworkstations are built to provide business users with the OS: Ubuntu provide desktop performance on ability to get up and go without CPU: Core portable frames. This means sacrificing all of the perks of a i5 5200U (2.2GHz) organisations are likely to sacrifice desktop workstation. It GPU: AMD thickness and heft in exchange for measures 0.84x14.78x9.98 FirePro M4170 1GB, storage capacity, processing speeds inches tall – not exactly Intel HD Graphics 5500 and graphics power. Most workstations something you'll want to hold in offer no-frills design and don't break in one hand, but it won't dislocate Display: 15.6- inch LED more avant garde consumer-friendly your shoulder when you sling 1,920x1,080 features (for example: you won't see your laptop bag on after a RAM: 4GB DDR3 them flip over and turn into tablets). long meeting. HDD: 500GB And because these machines are built Comms: Intel to withstand the rigours of long Solid worker The ZBook 15u provides a smidge 7265ac + workdays, they're likely out of a typical The default OS is .1 but dig more portability and accessibility, Bluetooth 4.0LE consumer's budget. into the component options and HP than the more powerful Zbook 17. Ports: 3x USB Among the best mobile offers ‘Ubuntu Linux’ and even a big 3.0, DisplayPort, workstations on the market is the lump of cash back for the non- keyboard or touchpad, and the screen VGA, 720p webcam boringly-designed Lenovo W540 [see Redmond option. The ZBook 15u isn't touch-capable. Size: Reviews, p17 LXF192], which weighs comes with up to 1.25TB of storage and If you need a workstation but you 375.5x253.6 x21.42mm 2.52kg, but offers an incredible 15.6- 16GB of memory with an Intel i5 don't want to break the bank, the ZBook inch, 2880x1620 (3K) resolution IPS processor on all standard models. It’s 15u is an excellent compromise. It offers Weight: 1.91kg display and a high-end 2.7GHz Intel ISV certified with AMD FirePro M4170 solid processing speeds, decent Core i7-4800MQ processor with a graphics. You'll never lack for inputs, as graphics, but this is middle-of-the-pack Nvidia Quadro K2100M graphics card. the 15u features four USB 3.0 ports, a at best. What you're getting is a Not to be outdone, HP offers the ZBook DisplayPort 1.2, and a media card slot. lightweight workstation with a pretty 17, an expensive workhorse that weighs There's not much to complain about design that your Chief Financial Officer 3.17kg, is 1.3 inches thick, but can with the 15u. You realise that you're will happily approve. LXF outperform some of the best desktops sacrificing something for this unit when on the . Built with an Intel Core i7 you spend over $1,000 less than you processor, up to 32GB of DDR3 would with competitor models. Verdict memory and Nvidia Quadro graphics. For example: the graphics won't be Weighing in at just 1.91kg, the 15.6- super high. The AMD FirePro M4170 HP ZBook 15u G2 inch ZBook 15u is one of the lightest was a mid-range graphics card mid- Developer: HP Web: http://store.hp.com workstations on the market. Built with 2014, and it will likely move further Price: From £1,267 down the list as the machine ages. Features 9/10 Additionally, the Intel i5 is solid, but Performance 7/10 most workstations come equipped Ease of use 9/10 with i7 processors. You can upgrade, Value for money 9/10 but it will cost extra. Although the Offers the lightest build, lowest cost machine is pretty to the touch and with a balanced processor and AMD to the eye, you're not getting GPU alongside native Linux support. anything new here. You won't impress anyone with the Rating 8/10 traditional

www.tuxradar.com April 2015 LXF196 17 Reviews Workstation Dell Precision T5810 A machine that offers more than Alan Stevens was expecting and in an attractive form, too.

ollowing the release of Intel's threads plus a decent 10MB In brief... Haswell-based Xeons, Dell has of cache – a good starting Facted quickly to adopt the new point for buyers on a budget. There's a fine processor and use it to put extra spring Moreover, those with extra line between high- into the step of its popular Precision cash to splash can opt for a end desktop PCs and entry-level workstation family. Dual and single- number of alternatives both workstations. socket workstations will both benefit from the single-socket However, with its from the makeover and for this review E5-1600 v3 family and the new Haswell- we decided to check out the Precision E5-2600 v3 line-up, more based processors T5810, a single-socket workstation usually found in dual-socket allied to a choice of highly capable that sits at the more affordable end of configurations. graphics, the the spectrum. As far as memory is Precision T5810 is Following the standard workstation concerned support for the very much in the pattern, the T5810 is housed in a latest DDR4 technology is latter group. substantial yet compact black and part of the Haswell update, silver tower which, thanks to a couple of with eight DIMM slots design flourishes, manages to available on the T5810 somehow look pretty stylish. Power motherboard to take up to comes from an externally removable 128GB, clocked at up to 685W AC supply which has two fans 2133MHz. Ours had a more Specs built in for cooling with, on the review modest 16GB of ECC- OS: Ubuntu system, another built onto the video protected memory on-board 12.04 LTS card. The end result was far from silent, which is, again, a reasonable There's plenty of room inside the CPU: Intel Xeon but we'd still put it down at the quiet starting point without costing the Earth. T5810 for access and expansion. E5-1620 quad-core end of the scale for this type of system. The DIMMs provided by Dell also left 3.5GHz, 10M cache Designed to be customised, access half the slots empty making later RAM: 16GB to the T5810 is provided via a lift-off additions easy to accommodate. SSD drives both for use as conventional 2133MHz DDR4 side panel with plenty of room to get to storage and boot purposes, or to act as ECC all the important bits and pieces. And Budget workstation a performance-boosting cache using GPU: AMD FirePro W5100 that includes an all-new motherboard Haswell processors aside, it's the video Intel CAS-W technology, now available 4GB sporting a single socket for the Haswell- controller that really sets the as an option on all Precision HDD: 1TB SATA based Intel Xeon processor plus, of performance bar in the workstation workstations. A slimline DVD writer was Warranty: 3-year course, the latest C612 chipset required world with plenty of options here to also fitted on the workstation we looked next-day on-site to manage it. help make the T5810 fly. Customers at and with 10 USB ports (four USB 3.0) Processor-wise, the workstation we with an existing adaptor can save plus two on the motherboard there's looked at was fitted with a Xeon money by leaving this out altogether, very little else you can't plug in. An E5-1620 v3 (it's the ‘v3’ that signifies otherwise it's a choice between AMD integrated Gigabit network interface the Haswell architecture) clocked at FirePro and Nvidia Quadro GPUs, with a also comes as standard and there are 3.5GHz and delivering four cores/eight number of models on offer to suit both five PCIe expansion slots. LXF budget and application requirements. There's room and power for a pair of Features at a glance graphics cards if needed, but the review Verdict system had just one in the form of an AMD FirePro W5100. This 3D capable Dell Precision T5810 card takes up a single PCIe slot and has Developer: Dell Web: www.dell.com/uk/business four DisplayPort connectors offering Price: From £1,573 support for monitors with up to 4K Features 9/10 resolution. In addition there's scope for Performance 8/10 further improvement by opting for a Ease of use 8/10 higher-spec GPU. Value for money 9/10 Storage is, again, down to the A very usable system that delivers Xeon processor AMD FirePro customer to specify. The review system the performance needed by design The new Haswell-based Sports 768 processing had just a single 1TB SATA disk cabled and engineering pros on a budget. Xeon processors plus cores and 4GB of video to the onboard controller, but there's DDR4 RAM provide a RAM which amounts to a plenty of room to add more and RAID is step up. mid-range workstation. Rating 9/10 an option. You can also opt for faster

18 LXF196 April 2015 www.linuxformat.com Chromebook Reviews Acer Chromebook 13 Say hello to the longest-lasting Chromebook yet, David Eitelbach takes it for a lengthy test drive.

ompared to most laptops, Specs are a one-trick Cpony: They're good for web- CPU: 2.1GHz based productivity and not much else. Nvidia Tegra K1 Acer has refined this simple formula CD570M-A1 (quad- with Chromebook 13, which offers a core) The Tegra K1 processor 768p screen, an outstanding keyboard GPU: Nvidia greatly benefits the and a slim and light design. It's also the Keplar battery life of the Acer. first Chromebook to feature Nvidia's RAM: 2GB DDR3 energy-efficient Tegra K1 quad-core Screen: 13.3- inch, 1,920x1,080 processor, which provides much longer HDD: 16GB SSD battery life than competing notebooks. Moreover, at £219 the Chromebook 13 Ports: 2x USB 3.0, HDMI, SD card is the same price as the Samsung slot, headphone Chromebook 2 [Reviews, p19, LXF193], drive, although almost nothing in used on a Chromebook. The chiclet- and mic. jack which uses a 1,366x768 display and a Chrome OS needs to be saved locally. shaped keys offer plenty of vertical Comms: dual-core Intel Celeron N2840 CPU. At £219, this laptop is on par with travel and tactile feedback, and the 802.11ac Wi-Fi, Sporting a slim, matte white plastic typical Chromebooks, which is a spacing is generous enough that we Bluetooth 4.0 chassis that's refreshingly minimalist. surprise given its Tegra K1 processor. only made a few adjacent-key errors. Camera: 720p Despite its thin profile, the notebook By comparison, the Toshiba We also didn't notice any flex in the HD webcam feels surprisingly sturdy in my hand. Chromebook 2 features a dual-core keyboard. The spacious touchpad is a Battery: On the other side of the lid, the laptop Intel Celeron N2840 processor, 4GB of joy to use as well. Gestures such as two- 3,220mAh features a 13.3-inch display with a RAM and a 1080p panel. The Samsung finger scrolling and three-finger swiping Size: 327 x 227 x 18mm, 1.5kg matte, glare-resistant finish. The black Chromebook 2 11, uses a dual-core perform reliably, and the pad doesn't island-style keyboard stands in sharp N2840 processor, 2GB of RAM and a require excessive force to depress. relief against the bone-white deck, and 1,366x768 display. Annoyingly the US As with most Chromebooks, you have the palm rest offers plenty of room for configuration sports a 1080p screen. to tap with two fingers to open the right- the wrists. A blue LED at the top right Instead, European users are limited to a click menu. corner glows when the laptop is on. 1,366x768 display on the base model. Nvidia promised unprecedented For the Chromebook 13, Acer efficiency with the Tegra K1 processor, ditched Intel's Celeron line of Tegra effect and it wasn't kidding. The Chromebook processors for a quad-core 2.1GHz The Chromebook 13 easily handles 13 lasts longer on a charge than any Nvidia Tegra K1 CPU. In our experience, simple tasks like browsing the web with Chromebook we've seen. While writing the laptop handled browsing the web, a few tabs open or streaming 1080p the review with the brightness at 50%, composing a document or streaming video, but it struggles when streaming watching YouTube videos and streaming music with aplomb, but performance music with more than a dozen tabs music, the notebook lasted a jaw- slowed down noticeably when we open. We noticed a half-second delay dropping 8 hours and 56 minutes. opened more than a dozen tabs. The when typing in the address bar, for That's an hour longer than the Acer also ships with a 16GB solid-state example, and Chrome occasionally Samsung Chromebook 2. LXF froze for several seconds whenever we opened a website in a new . Features at a glance Doubling the memory would have Verdict significantly improved the Chromebook 13's performance at very little cost. The Acer Chromebook 13 11-inch Samsung Chromebook 2, which Developer: Acer Web: www.acer.co.uk also uses 2GB of RAM, suffered from Price: £219 noticeable stuttering but the the Features 9/10 Toshiba Chromebook 2 with 4GB of Performance 7/10 RAM, had no trouble streaming music. Ease of use 9/10 Thankfully, the Acer's speakers hit Value for money 9/10 almost all the right notes. Audio sounds Excellent keyboard and great Nvidia Tegra K1 Cool keyboard remarkably clear and well-balanced, battery in a slim and light package, The latest Arm-based Acer has done an excellent and we didn't notice any but lacks multitasking performance. processor from Nvidia job with the keyboard, and when the volume was cranked up to the helps extend the run time typing is easy and swift, maximum. The laptop's island-style of the Chromebook. and nicely designed. Rating 8/10 keyboard is one of the better ones I've

www.tuxradar.com April 2015 LXF196 19 Reviews Processor AMD FX-8320E A budget octo-core processor that’s not from Intel, but is it cheap enough? Dave James takes out his wallet and counts the moths.

hen AMD tells us it’s Specs sending over a new W FX-series CPU, we can’t Socket type: help the sudden rush of excitement. It’s AMD AM3+ an automatic response, born of a time Core tech: when a new AMD CPU had the potential AMD Piledriver to offer something genuinely Clock: 3.2GHz competitive. But those days seem long : 4GHz gone. All we get now are half-hearted Cores: 4 revisions of increasingly elderly chips. Threads: 8 The FX-8320E is the perfect Cache: 4x 2MB example of that. AMD released this chip L2, 8MB L3 late 2014, along with the FX-8370E as a TDP: 95W pair of lower-powered octo-core CPUs Process: 32nm for the more power-conscious consumer. These two chips use AMD’s Bulldozer processor tech and squeeze it into a 95W TDP. They’re able to do this Another 95W Vishera FX chip racing towards obsolescence. by utilising a lower base clock, retaining the same Turbo clock as their non-E using the old Piledriver architecture, is Intel K-series), you can get happy with brethren. To that end, this FX-8320E is two generations behind AMD’s top the overclocking. Well, should your chip running at 3.2GHz as standard, with the CPU cores. And it doesn’t look like it has and board be capable of it anyways. ability to hit 4GHz as needed. The any interest at all in shifting the FX For the AMD upgrader then, it’s not standard FX-8320’s clockspeed sits range over to the Excavator design, a bad budget option. If you’re looking to some 300MHz higher at 3.5GHz. despite the IPC (Instructions Per Clock) build an all-new machine though we’d So far, so good. For 30W less power boosts that both the Steamroller and still struggle to recommend an AMD you only sacrifice 300MHz of CPU Excavator tech have over Piledriver. setup. Even though you’re getting eight horsepower, which seems like a pretty threads of processing power, a good trade-off. But the fact these CPUs The cost of saving resolutely quad-core, unoverclockable are still running with an outdated What’s the game with the FX-8320E Core i5-4570 will still deliver better CPU version of the Bulldozer architecture then? You’d assume that with the focus performance, and in a smaller power makes them seem more like an on hitting a lower TDP, this chip would envelope too. The Intel platform is also afterthought than a proper processor be looking at small form factor PCs, but going to be more up to date and not release. The Kaveri APU, launched mid- that 95W TDP is still higher than the much more expensive either. While 2014, AMD used the latest revision of 84W Haswell Core i5 processors, even AMD’s AM3+ chipsets were queuing up Bulldozer, codenamed Steamroller. Its the K-series versions. But then there’s for their pensions, Intel’s motherboard next APU, Carrizo, will use the final the price. At just over £100, this is the chipsets were busy fitting themselves Bulldozer revision which is codenamed cheapest eight-core CPU around – even out with native USB 3.0 and PCIe 3.0 Excavator. This 95W processor then, if you baulk at referring to its quad- support, which is handy… LXF module design as a full octo-core setup it still sits as the cheapest, eight- Features at a glance threaded CPU you can buy. Verdict In this context, suddenly the FX-8320E looks like a more intriguing AMD FX-8320E purchase. That’s especially true if you’re Developer: AMD Web: www.amd.com sitting on a lower core-count AM3+ chip Price: £105 and feel the need for an upgrade. In Features 7/10 performance terms – in both straight Performance 6/10 CPU and gaming tests – the FX-8320E Ease of use 9/10 is evidently behind both the FX-8350 Value for money 8/10 and Intel Core i5-4570, but it’s a good Overclocking Gaming issues A decent upgrade for an AMD setup, Our sample wasn’t happy The difference between £30-50 cheaper than those more but it’s old tech; power-hungry with no running above 4GHz. the Core i5-4570 and this powerful chips. And because it’s an native USB 3.0 or PCIe 3.0 support. Voltage tweaks helped, but FX chip is nearly 20fps on AMD chip, without the needless not enough to keep it stable average at 1080p settings limitations imposed on it by overzealous on the 970 board. with the same GPU. Rating 7/10 marketing execs (looking at you, Mr

20 LXF196 April 2015 www.linuxformat.com Reviews Tiny Core 6.0 Shashank Sharma tests a major release of the minimalist distro.

iny Core Linux is designed for In brief... people willing to put in the Trequisite effort to build a A barebones customised streamlined cholesterol- distro designed free distro that suits their needs. The for older distro has a major new release in which computers and the developers have updated almost power users. The small size of the every core component, all 15MBs distro means that worth! Tiny Core is the miniculest of users are free to distros that boots into a graphical mold the distro desktop and it isn’t derived from any of any way they see fit. While the the mainstream distros. project ships Traditionally only available as a several editions of 32-bit ISO, the latest edition also has varying sizes, 64-bit variants and is available in users can take the multiple flavours. Besides the 15MB all-purpose Core release and stack Tiny Core release, there’s an even apps on top to smaller 10MB Core release that ships suit them. See without a desktop and a 76MB also: . CorePlus variant that includes multiple desktops. The latest release also Don’t expose this to a real drive without first reading its extensive user guide. features a version of the distro for the Raspberry Pi called PiCore, available in the FLWM manager. The icon- The recommended Tiny Core edition multiple editions with images that have based application launcher at the doesn’t even ship with an installer, a GUI and another with SSH pre- bottom of the desktop contains icons to though it offers many options for installed for remote administration. access settings, add packages to the making data survive reboots. The distro Due to its bare-bones nature, the system, disks, launch the does have an official installer available new release isn’t visibly different from terminal, and such. When you install in the repos and also pre-installed in the previous releases. However, there are apps to the distro, their icons are CorePlus edition. This has the useful substantial differences in the lower automatically placed on the launcher. option to install the distro on a USB disk support infrastructure. Tiny Core 6 that you can boot from on older PCs boots off a new kernel and includes a Big on apps that don’t support USB booting. newer glibc package which is used by Tiny Core uses its own Getting familiar with Tiny Core various apps. The tce-load utility has and its repository is flush with hundreds requires time and effort. But once you also been tweaked, which can be of popular apps. Some apps have have the system up and running, it’s considered the distro’s package recent versions such as LibreOffice 4.4, easy to maintain. For example, if you’ve manager, to handle the dependencies while others such as Firefox, anchored the distro using the frugal of large apps like LibreOffice. and Thunderbird have older versions. installation method, you can upgrade The distro is quick off the blocks and However Firefox has an upgrade script from the previous release to the latest drops you to a plain desktop running that’ll detect the latest upstream one by just replacing two files. LXF version and update accordingly. It worked flawlessly and bumped us to Features at a glance Firefox 35.0.1. Adding individual apps is Verdict painless, but the distros small footprint means that most apps will download all Tiny Core 6.0 dependencies. Unfortunately, not all Developer: Robert Shingledecker Web: www.tinycorelinux.net listed apps are installable, such as VLC. Licence: GPL v2 The version of VLC in the repos requires Features 7 the libiconv whose functionality Performance 9 is now provided by glibc. Ease of use 6 Despite the availability of apps and Documentation 9 conveniences like automated app A must-have upgrade for existing Updated base Multiple flavours installers, it still takes some doing to users and a viable option for users The latest distro features The 72MB Core Plus transform Tiny Core into a regular holding on to dated hardware. kernel 3.16.6 and release features more desktop. The distro is designed for components such as glibc, useful tools like wireless users who can’t spare the resources gcc and e2fsprogs. drivers and a Pi edition. Rating 8/10 required by a regular desktop distro.

www.tuxradar.com April 2015 LXF196 21 the tenth annual

free DIgItAl ISSUE!

SubScribe to our digital edition by 16/04/2015 and receive t3’S annual Hot 100 iSSue totally FREE!

Search for t3 in your device’S today

ANDROID APP ON Linux distribution Reviews Netrunner 14.1 An updated release of a distro that makes KDE enjoyable, even for a Cinnamon user like Shashank Sharma.

lthough there’s no dearth of In brief... distros that ship with KDE as Athe default desktop, Kubuntu A KDE-based seems to hog all the limelight. While we distro designed don’t have anything against the distro, it for desktop users. See also: doesn’t really showcase the true Kubuntu, potential of KDE. If you want to taste OpenSUSE and the best of KDE take a look at the Mageia. Netrunner distro. It’s sponsored by Blue Systems, the same German company that now supports the development of Kubuntu and a handful of KDE projects. The distro is available in two flavours and has recently released an update of their Long-Term Support release. Netrunner 14.1 is a polished version Netrunner lets you use Windows DreamScene animated wallpapers. of the previous release based on Kubuntu 14.04 LTS. It features an updated KDE SC 4.14 desktop, which place. The result is a stunning desktop Google. Once configured, these was the final release in the KDE4 that appears coherent despite the accounts are flawlessly synced with branch. This version of KDE uses an multitude of apps. the associated installed apps such improved version of the new desktop Blue Systems also funds the as the PIM and the Telepathy file indexing and search tool Baloo. development of several integral IM . While this release still uses Ubuntu’s components such as the - If you’ve ever been intimidated or installer, the project’s rolling mounter, which is a graphical app to even overwhelmed by the endless list of release variant uses the new distro- easily mount and manage Samba configurable elements in KDE, you’ll independent installer. shares. Patched versions of the latest appreciate the fact that the Netrunner releases of both Firefox and developers have cut down and Apps galore Thunderbird that blend with the Plasma customised the KDE System Settings One of the highlights of Netrunner 14.1 desktop are another highlight. list to make it more approachable. is that it’s chock full of apps. All the If you run Netrunner 14.1 on a It doesn’t take long for one to realise popular ones, such as LibreOffice, VLC, desktop with more than 2GB of RAM, that Netrunner is unlike other KDE Gimp, and others are complemented by the distro will preload Firefox on boot. distros. Its developers have paid special KDE gems such as , Krita, This doesn’t seem to have an adverse attention to highlight all the good , and and many more. effect on the distro’s boot times and it aspects of the KDE desktop and it Furthermore, the developers have was quick off the blocks on our 4GB shows. The desktop looks beautiful and taken extra care to ensure that the non- test machine, while loading Firefox consistent despite its varied and KDE apps also adhere to the KDE almost instantaneously. extensive collection of apps that’ll cater Plasma and don’t appear out of The browser is equipped with to all kinds of desktop users. LXF several plugins and extensions including the Flash plugin, Google Talk video Features at a glance plugin, the AdBlock Plus extension, the Verdict DownloadHelper extension and more. While the distros default selection of Netrunner 14.1 apps should suffice for most users, you Developer: Blue Systems Web: www.netrunner-os.com can use the Muon Software Center or Licence: Various the classic Synaptic Features 8/10 to fetch others. Performance 8/10 Another inclusion that makes Ease of use 8/10 Netrunner a top choice is their Documentation 7/10 Runners-ID cloud storage A wonderfully nurtured distro Updated apps Coherent desktop service. The distro includes a Social that deserves its place at the top The LTS distro uses an The distro has taken steps Accounts configurator in the KDE of the KDE-distros food-chain. updated release of the KDE to ensure its variety of System Settings that helps you sign 4 branch and includes new apps are well integrated into Runners-ID as well as your versions of various apps. into the Plasma desktop. Rating 8/10 accounts on OwnCloud, Facebook and

www.tuxradar.com April 2015 LXF196 23 Reviews Web browser Opera 27 More than content with the open source web browsers on offer, Shashank Sharma rolls his eyes at the proprietary alternative.

he release of Opera 26 in In brief... December 2014 marked the Treturn of major releases of the The latest browser to Linux. The latest release, update of the Opera 27 continues that trend and was feature-rich but proprietary web released for Linux alongside versions browser. The for Windows and Mac OS X. Officially, release sadly the binaries for Opera 27 are available offers no concrete only as . and that too is just for reason for Firefox 64-bit installations, but Opera’s team- or Chromium users to switch lead for the Linux initiative maintains a allegiance. It's a personal repository with RPMs for competent Fedora and OpenSUSE. browser but still Opera 27 features a handful of new has a lot of catching up to do interface and backend changes since to be in the same the previous release. It’s powered by the Apart from the odd feature, Opera can barely hold a candle to Firefox. league as its more latest Chromium/Blink layout engine. famous open The browser has also adopted now displayed at the bottom of the features are welcome additions, they source Chromium’s Pepper Flash player along internal Opera pages namely the Speed aren’t compelling enough to dump alternatives. See also: Firefox and with the associated Pepper Plugin API. Dial, the Bookmarks page and the open source gems like Firefox and Chromium. This is in tune with Chromium dropping Discover feature. The new bar adds switch to the proprietary browser. the use of all NPAPI plugins like the consistency across these pages and There’s nothing wrong with the browser Player. lets the user switch between them with as such, and we wouldn’t write it off The Bookmarks Manager has also a single click. simply for being closed-source. The fact been tweaked and the developers have The Print Preview window has also is that the open source alternatives, fixed issues with context menus and been restyled and lets you save web such as Firefox and Chromium, don’t empty bookmark folders. Opera’s pages as PDF. The window gives you the leave much to be desired. Bookmarks Manager is more visual option to print information about the In terms of features, Opera is largely compared to other browsers and web page, such as its URL, title and similar to Firefox. Both have includes the usual abilities to sort, page number in the header and footer. synchronisation features and can be search, filter and manage bookmarked Another useful feature is that you can extended by add-ons. The one feature links. An interesting feature is the turn off background graphics from unique to Opera is its Turbo mode browser’s ability to share selected pages before printing them. which helps cut down bandwidth costs bookmarks or even entire bookmark The other major feature by compressing web pages before folders with anyone on the web with a enhancement of this release is the sending them to the user. This makes personalised share.opera.com URL return of tab previews. With the feature Opera a viable option for Android users that’s valid for 14 days. you can the contents of a tab with limited data plans, but isn’t really One highlighted feature of the without switching to it. You can do this useful for the average privacy- release is a new navigation bar that’s by bringing up the list of open tabs by conscious desktop Linux user. LXF clicking on the tab list button in the tab bar and them hovering over them. Or, Features at a glance you can simply move the mouse over Verdict any inactive tab to bring up the preview. The previews are displayed in a large Opera 27 popup along with the title of the page Developer: Opera Software Web: www.opera.com open in the tab. Licence: Proprietary Features 8/10 Business as usual Performance 8/10 Although tab previews are a highlighted Ease of use 8/10 feature of this release, they aren’t Documentation 8/10 enabled by default. Even after enabling Despite the high scores, we Tab previews Unified navigation the feature, you have to open multiple wouldn’t recommend it because there Click on the Expand Tabs The Speed dial, tabs for the tab list button to appear. are capable open source alternatives. button on the extreme-right bookmarks and discover From then on the button is visible every of the tab bar presents a pages now have a unified time you launch the browser. list of all open tabs. navigation bar. Rating 8/10 All said and done, while the new

24 LXF196 April 2015 www.linuxformat.com SERIOUS ABOUT HARDWARE?

NOW ON APPLE NEWSSTAND & Download the day they go on sale in the UK!

NO.1 FOR REVIEWS! ●Samsung 850 EVO M.2 ●Asus G751JY ●Gigabyte BRIX S Alpha ● 19/02/2015 15:45 ●Roccat Ryos TKL Pro

PCF303.bb.indd 1

Delivered direct to your door Order online at www.myfavouritemagazines.co.uk or find us in your nearest supermarket, newsagent or bookstore! Reviews 4K monitor Philips BDM4065UC Is this the screen we’ve been searching for? Jeremy Laird thinks it might be.

ven before the Philips Specs BDM4065UC arrived at LXF ETowers, we had a notion that Size: 40 inches when it came to 4K monitors, the HDTV Resolution: 3,840 market was going to be particularly x 2,160 relevant. HDTVs have always offered Type: VA better value for money than monitors Colour: 8-bit because they’re cranked out in huge Contrast: 5,000:1 volumes. Conventional HDTVs though Angles: 178/178 have made poor PC screens. degrees Meanwhile, the first budget 4K Response: 8ms monitors have appeared, but offering G-to-G (3ms with just 28 inches, diagonally. Hardly titchy, overdrive) but when you’ve got nearly 4,000 pixels Inputs: across the horizontal, the dot pitch is DisplayPort, HDMI, MHL, VGA tiny – and that generates all kinds of problems. Either you leave the scaling Stand: Non- adjustable (200m at 100% so that everything is eye- VESA support) squintingly small, or you tweak the System Settings and browser scaling Philips has adapted one of its 4K HDTVs to create a no frills 40-inch monitor. settings and everything looks hideous. But what if you had a 4K PC monitor that was 40 inches in diagonal? Then interface, and you don’t get that with a PC monitor and the whole point is you’d have a monitor on an epic scale TVs. Instead, Philips has taken a budget that you sit close. Is it a deal-breaker? with a pixel pitch in that workable 4K HDTV model, ripped out the TV Probably not, but it is enough to make window where it’s fine enough to enable tuner, and bunged in a DisplayPort 1.2 us wonder whether this is only for early a crisp, sharp image, but not so fine you interface to enable a 60Hz refresh from adopters willing to make compromises. have to deal with the scale-or-not-to- a single transport stream. No frills – just Of course, what we haven’t scale dilemma. And guess what, 40 the minimum you need from a monitor. mentioned is the sheer load any 4K inches is into budget HDTV territory in That’s great news. The main upsides panel puts on your graphics card; no terms of panels and production are the affordability – okay, £600 is a single GPU is currently up to the job of volumes. That explains why this lot of money, but spread over six, seven running the latest games at 4K and full massive Philips is cheaper than existing or more years and the annual cost looks detail. Even multi-GPU setups with high- 30-inch 2,560 by 1,600 pixel monitors. reasonable. Then there’s the slim shape end cards will struggle. In mitigation, Hold on though, you can’t just take a of the chassis and the super-skinny this screen looks decent running 1440p 4K HDTV off the shelf and use it as a bezel in traditional HDTV style. interpolated. So you could take the long monitor. That’s because the bandwidth term view – buy now and plan on a GPU limitations of the current HDMI 1.4 Full of compromises upgrade in a couple of years – that standard restrict it to 30fps. What you However, it’s not all good news. The should see you enjoying many years of need is the latest DisplayPort 1.2 most obvious downside is a stand that native-res 4K gaming. LXF doesn’t adjust. At all. Though you do have the option of using the 200mm Features at a glance VESA mounts on the back to cook up Verdict something. Once you’ve seen something like The Witcher 2: Assassins Philips BDM4065UC of Kings running at 4K on a 40-inch Developer: Philips Web: www.philips.co.uk panel, you’re ruined for other screens. Price: £608 Where the HDTV-ness kicks in with Features 9/10 an unambiguous negative is the VA, or Performance 8/10 Vertical Alignment, rather than IPS Ease of use 9/10 panel tech. It delivers lovely deep blacks Value 7/10 and nice, rich colours, but also viewing Cheaper than many 30-inch Display port 4K HDPI angles that are basically a bit broken. monitors, but with vertical alignment The only real way to drive The Linux desktop is The problem is most obvious at the issues and quite a hefty price tag. this 4K display is viaa ready for High Dots Per extremities of the display, especially DisplayPort v1.2, while we Inch displays. Notably, along the bottom. If you sit back far wait for HDMI 2.0. Ubuntu is well on its way.. Rating 8/10 enough, the issue resolves – but this is

26 LXF196 April 2015 www.linuxformat.com Games Reviews Dying Light Skipping and hopping Christopher Livingston is parkouring his way to zombie-free safety.

ike its hero, Dying Light has its Specs ups and downs and is kind of all Lover the map. Techland, creator OS: Ubuntu of the Dead Island series, takes 14.04 or OS elements from a number of games and CPU: Intel Core mashes them together in its open world i5-2500 or AMD first-person zombie shooter. It's an FX-8320 uneven mix, bookended by a slow start Memory: and an exasperating finish, not to 4GB DDR3 mention a few troubling performance HDD: 40GB issues, but in the middle lies a sweet GPU: Nvidia GeForce GTX 560 spot that provides hours of satisfying, zombie-stomping fun. (1GB VRAM) Our hero, Crane, could be mistaken for the Inspector Clueso of the secret- agent world, managing to skydive into a This is my club, there are many like it, but this one is mine. locked-down zombie-filled city in broad daylight, immediately get accosted by and clambering. Skill points are slowly appreciate being able to skip cutscenes three thugs, gets infected and also a doled out and there's lots to spend and speed up conversations. That said friendly killed. All before the game them on: vaulting to jump over zombies, it also contains classic gaffs like a QTE starts. Despite being what we assumed flying kicks and sliding kicks are the knife fight, a couple of deathmatch was a top physical specimen, he initially norm, exotic stealth and grappling hook fights with no weapons, and a can't run for long before slowing and skills take a lot more gameplay to attain. tedious lengthy dream sequence. gasping, and can only swing a melee It's a well paced steady climb in When it wasn't tripping over its own weapon a few times before running improving abilities. feet, be it technical or the story, Dying out of stamina. Light was really enjoyable. We came Weapons, at first, are limited to Right, zombies! away having had a good time. There are pipes, small knives, or sticks. Blueprints Mostly, they're slow, shambling types, frustrations here, but there’s also an let you craft upgrades to electrify pipes, clogging the surface streets and exciting movement system and a sharpen or poison knives, add nails to a occasionally comedically toppling off healthy list of activities to engage in. baseball bats. Better weapons like rooftops. There are also specials: huge The Linux release experienced swords and axes slowly begin to appear brutes who swing clubs, spitters who serious early issues, largely on AMD as you progress, while it’ll be hours of barf slime, and bloated blobs who Radeon cards and owners should wait play before you get a handgun. scream then explode. for suitable patches. Even Nvidia cards So your best weapon is Crane's When night falls, the zombie game had performance issues, but turning off slowly improving agility coupled with a changes entirely. A new breed of zombie certain shadows and DoF boosted city perfectly built for climbing and roof- called Volatiles appear, and suddenly frame rates. Techland has already said running. Once you get the hang of Crane is no longer the fastest thing on that it’s working on patches, which leaping and climbing, Dying Light opens two legs in Harran. Wander into their should now be available. LXF You might want up and becomes a fun, zombie-infested vision cone and they pursue you at a to get that lump playground. Techland has done a great lightning-fast pace while screeching to looked at. job with the running, jumping, climbing, attract other zombies. Verdict Harran itself is peppered with stuff to do, much of it familiar from other Dying Light open world games. In addition to Developer: Techland Web: dyinglightgame.com lengthy story missions, there are Price: £39.99 multipart side-quests, looting and Gameplay 9/10 scavenging expeditions, securing safe- Graphics 8/10 houses, and a few timed challenges. Longevity 7/10 The story itself, it's a bit of a clunker as Value for money 7/10 Crane, supposedly torn between his A vastly fun first-person zombie loyalties, grapples unconvincingly with shooter that stumbles on its story his conscience despite very obviously and some big technical issues. being a complete Boy Scout. Considering the formulaic story and Rating 8/10 the uninteresting characters, we

www.tuxradar.com April 2015 LXF196 27 Roundup XxxxxxxxxxxxxxxxOffice suites Every month we compare tons of stuff so you don’t have to! Privacy distros Cover your tracks and keep your identity private. Alexander Tolstoy compares special-purpose Linux distros to help you stay invisible on the web.

How we tested...

Nearly two years ago mainstream media started discussing PRISM, which raised a lot of concerns about privacy and anonymous access to the Internet. Shortly after that Linux Format came out with great Anonymous distros round-up [see Roundup, p26, LXF174], which highlighted a noticeable outburst of new releases for , and other Linux distributions for the security conscious user. This time we revisit the topic with a different selection of contenders and a changed perspective, too. We'll cover: the current state of actively maintained distros; their availability; ease of use; performance; feature set and documentation, and last, but not least; we'll cover the level of compromise they require for regular, general-purpose computing.

here are numerous use cases where someone “The winner should be not only security conscious may secure, but balanced and friendly T want to use a specialised and non-mainstream Linux distribution even to less tech-savvy users.” instead of a regular one. So we selected five diverse options, each with its own access. Whonix boasts nearly the same internet surfing anonymiser with traits and benefits. features as Tails but goes even further privacy and security in mind. Tails is perhaps the most well- by dividing your workflow into two and security tend to go established system we’re covering, and parts: server and workstation. Qubes hand in hand, so we expect an added Our claims to provide anonymous internet OS implements the 'security by benefit to be being able to nail down selection access, circumventing any censorship. compartmentalisation' approach [see your system so it's secure from would- JonDo Live-DVD Ubuntu Privacy Remix (UPR) provides Reviews, p28, LXF164], but this time be hackers. We'll compare all these Qubes OS Tails anonymity together with a strong will face off against other alternatives. options with each other in different Ubuntu Privacy Remix means of securing your data. It runs Finally, JonDo Live-DVD is a very terms, and the winner should be not Whonix only in live mode, encrypts your data interesting solution, which grew out of only secure, but generally balanced and and protects it against unsolicited the multiplatform JonDonym, an friendly even to less tech-savvy users.

28 LXF196 April 2015 www.linuxformat.com Privacy distributions Roundup

Availability What does it take to get them running?

hen you decide to try out an turns out to be less straightforward, point. So, the first thing to do is launch anonymous distro, you have because the image has to be modified and configure the Whonix Gateway on W to be aware that there's cost with the isohybrid utility. So, it went: one VM and then accessing it from involved in using them, but it varies, so isohybrid tails--1.2.3.iso -h 255 -s another VM, where all work will be done. lets see what it takes to get our 63 We didn't find any issues with it, but we contenders up and running. if=tails-i386-1.2.3.iso of=/dev/sdc have to admit that only advanced users Tails is the most well-known distro, bs=16M will be able to deploy their workflow and we expected to download its ISO Where /dev/sdc is your flash drive. under Whonix. file and write it onto USB stick via some After that it works like a charm. After writing Qubes OS's ISO onto convenient tool like dd or front-end like The system boots into the live session USB stick and booting from it, we ImageWriter. But the process with Tails just like a regular Debian-based distro. discovered that there's no live session, Whonix and only an installation mode. Qubes OS is Qubes OS are based on a recent Fedora release and significantly harder shares the same installer with it. Verd ict to launch, and here But the system has some quite JonDo Live is why: Whonix surprising system requirements: HHHHH comes in the form it wants you to provide it with 4GB of Qubes OS of two Virtualbox RAM, 32GB for the root partition and HHHHH machines, one for prefers built-in Intel video chip, as Ubuntu Privacy Remix the Gateway and Nvidia or AMD have some issues in HHHHH another for the Qubes OS. The system needs such Tails Workstation. The overstated resources due to its HHHHH idea behind this 'Security via isolation' approach, which Whonix exquisite delivery is we'll discuss later. HHHHH to isolate the Finally, Ubuntu Privacy Remix and Easy access environment you JonDo Live-DVD were extremely easy to to anonymous live sessions No, it's not a blue SUSE lizard, it's Ubuntu Privacy work in from the launch. Their respective live sessions wins out. Remix, which features this cool Protected Pangolin! internet access were fast and easy to use. Development state Private and secure today, but how actively are they maintained?

his aspect is often overlooked, Privatix) or left unmaintained for years UPR emerged in December 2008 and but it's vital as regular users will (like Liberté). Some may think that it's a has been sticking with Ubuntu LTS T want to have an up-to-date and matter of new features and fixes, but releases. The current version is 12.04r1 actively supported distro. The reality is let's not forget that abandoned Linux (Protected Pangolin) which supports that some secretive distros are distros may have trouble running on new hardware but is still a very abandoned by developers (such as modern hardware that has things like lightweight distro. UEFI and Secure Boot. Whonix is a relatively new project, Tails is one of the which started in 2012 and has been best maintained security very actively developed since then. Verd ict distros, with a very fast Now at version 9.6, Whonix continues JonDo Live pace of development. to get updates every few months. HHHHH New releases are rolled Qubes OS is similar in that its birth Qubes OS out every 2-4 months, also dates back to 2012, and the project HHHHH which means Tails has has reached R2 release. Qubes OS's Ubuntu Privacy Remix had six releases during development is very active, with lots of HHHHH 2014 and went from well-documented alpha, beta and Tails v0.23 to 1.2.3 rapidly. release candidate versions published HHHHH The Ubuntu Privacy every few months. Whonix HHHHH Remix (UPR) developers, But that leaves us with the insanely in comparison, don't speedy development record of JonDo All our participants are Live-DVD. Somewhat staggeringly, seem to be in such a in rude health & hurry, but keep JonDo boasts a changelog, which is updated often. JonDo Live-DVD has embarassingly frequent updates. development steady. updated every 5-10 days!

www.tuxradar.com April 2015 LXF196 29 Roundup Privacy distributions

Web surfing protection How effectively do they shield you from web threats?

hen you're accessing the internet, We also assume that while security is a top as lower download speeds and a harder things become complicated and no priority, users will still need to: access password policy, but we also insist on a W one can guarantee that everything webmail; download and upload files; store comfortable web browsing experience. But you access is 'absolutely' safe. But most of our passwords and sensitive data; and perform don't confuse greater security and hardened distros try their best to offer the maximum other common activities on the internet. internet policies with good user data safety. possible protection. Anonymity requires some compromises, such This is different and something we’ll cover later.

JonDo Live-DVD HHHHH JonDo provides network anonymity using the JonDo IP changerv (aka JonDonym), which is a , similar to Tor. JonDo enables web browsing (via a Firefox-based JonDoBrowser) with revocable pseudonymity and sends requests through a cascade and mixes the data streams of multiple users to further hide the data to outsiders. It's worth noting that while the whole thing is open source, there are free and commercial plans. The free one can only use destination ports 80 and 443 that are used for the HTTP and HTTPS protocol (enough for web browsing and FTP). The premium service provides additional SOCKS proxies for extra anonymisation and a better connection speed. Generally, we find JonDo safer than Tor, because JonDo is much more centralised and can’t include malicious nodes (which is possible in Tor).

Qubes OS HHHHH Qubes OS implements another concept of virtualisation-based isolation. The system runs with multiple instances of an altered Fedora 20 virtualised on top of it. Qubes OS is divided into several 'domains' and applications can be run as virtual machines (AppVMs). The standard way of anonymising network traffic is using Qubes TorVM, which connects to the internet and runs Tor. Other applications can be assigned to use this 'Torified' connection. The positive side is that an application doesn't need to be aware of Tor; it runs in regular mode without needing add-ons, and all IPv4 TCP and DNS traffic is routed by Tor. The downside is that you need to configure everything manually. We also noticed that this concept tends to restrain attacks and from spreading outside domain/AppVM, rather than prevent them.

Data safety How safe is your sensitive data within each distro? Verd ict JonDo Live hough the most important can be stored on removable USB media Qubes OS is much better for data HHHHH feature of Tails is its 'amnesia' in only (which, in turn, is mounted with a security, because it's possible to isolate Qubes OS T live mode, you can install it to 'noexec' option). There's no way for your sensitive data in a separate domain/ HHHHH your hard drive and use it just like a data to be left on drive partitions, not AppVM without network access, but Ubuntu Privacy Remix regular Linux distro. Among all of the even unnoticed or by accident. again the security level is heavily HHHHH benefits of doing that, you'll note that Whonix is much less amnesic than dependent on the skill of the user and Tails your RAM will be wiped on reboot or most of the others. On the Workstation how disciplined they are. JonDo Live- HHHHH shutdown, which will protect against side all data can be stored persistently, DVD offers a way for using persistent Whonix forensic recovery techniques. and its up to you how you keep it. You storage, and we found it to be quite HHHHH Ubuntu Privacy Remix shines when may want to encrypt and protect it with user-friendly. It's ready to use LUKS This time it comes to securing your data. The an extra password or store it on isolated encrypted USB sticks and drives and UPR offers the most security only way to store it is using the location. But generally Whonix doesn’t provides a special assistant to prepare for your data. extended TrueCrypt-Volumes, which have a strong focus on data security. your media.

30 LXF196 April 2015 www.linuxformat.com Privacy distributions Roundup

Ubuntu Privacy Remix HHHHH Sad but true, Ubuntu Privacy Remix (UPR) has no networking functionality at all. The system kernel is modified so that it ignores any network hardware, making UPR a perfectly isolated system, which can’t be attacked via LAN, WLAN, Bluetooth and Infrared etc. So, there's no web browsing, no cookies, no trojans nor any data downloaded from the web, and no or remote or cloud services. Almost all traces of network connectivity are wiped off the UPR, though some are still there. For example, ifconfig and ifup/ifdown commands are there, but they are virtually helpless, as network hardware is violently disabled. So in this test UPR fails to be any use for web surfing, even if it is part of the design. If, however, you're paranoid and want a system that avoids being online entirely then UPR will be the right solution.

Tails HHHHH Tails includes top-notch networking features, and the most important one is Tor, which is an open network of anonymous servers that attempts to prevent your identification and traffic analysis. This is accompanied by , a front-end for easy set up, a preconfigured Firefox ESR-based web browser, which is equipped with a Tor Button, HTTPS Everywhere, NoScript and AdBlock Plus extensions. Tails many extras include anonymising network, proxy and VPN front-ends, the Florence virtual keyboard, application isolation via AppArmor, PWGen for generating strong passwords and KeePassX for managing them, and AirCrackNG for wireless networks auditing etc. Tor and I2P traffic are also divided, thanks to the dedicatedI2P Browser, and Pidgin uses the more secure Off-the-Record (OTR) mode.

Whonix HHHHH Whonix also relies on Tor for network anonymity and shares many third- party tools with Tails. So lets point out the differences. Here the Tor client runs on Whonix-Gateway, which provides better protection against IP and location discovery on the Workstation. The level of IP and DNS protocol leak protection is sometimes the same, but in Tails there's a possibility of misconfiguration, which can lead to IP leak and in Whonix this doesn’t exist. Even if the workstation is compromised (eg by someone getting root access), it would still be impossible to find out the real IP. Isolating the within a standalone VM (or maybe a physical PC) works great. Whonix also makes use of 'entry guards' in Tor (randomising endpoints), which is something that is missing in Tails out of the box. Performance How snappily do they run? Verd ict

JonDo Live ore recent Tails uses 3.16.7 very easy on resources. UPR uses a you need a host capable of running two HHHHH kernel and loads into Gnome classic Gnome 2 desktop, which loads Virtualbox guest machines at a time. Qubes OS M 3.4 in fallback mode by in a couple of seconds. We'd suggest Your host OS and configuration is down HHHHH default. The desktop is very lightweight; that 512MB of RAM is enough, though to you, but you're going to need at least Ubuntu Privacy Remix nearly as fast as classic Gnome 2 in UPR can make use of the larger RAM 4GB of RAM, a spare 12GB of hard drive HHHHH previous Tails releases, but official volume as the system implements space. However, the SSD and CPU with Tails system requirements say it needs at 'ramzswap' to store swap file in RAM. hardware virtualisation support are HHHHH least 1GB of RAM to work smoothly, JonDo Live-DVD can boot even on both very welcome. Whonix which we think is a bit much. very old CPUs, and its desktop is For Qubes OS you'll need an even HHHHH Ubuntu Privacy Remix was updated very fast. However, you'll need 1GB RAM beefier machine: a 64-bit CPU, 4GB of Both Tails to use the Ubuntu 12.04 LTS package to work smoothly with the Java-based RAM and at least 32GB for root and JonDo are modest base and thus has numerous backports JonDo app and the web browsers. partition. Qubes OS is, therefore, the on resources. and modern features, yet it remains Whonix is different, again, because most demanding choice.

www.tuxradar.com April 2015 LXF196 31 Roundup Privacy distributions

Desktop usability Can you be anonymous and still enjoy a feature-rich desktop?

hough Tails is 'amnesic', JonDo Live-DVD also has a very Ubuntu Privacy Remix (UPR) it includes an installer, which can usable Xfce live desktop, which is includes only basic Gnome 2 T create a persistent partition packed with all the essential desktop accessories and very few desktop apps either on the same USB stick you boot software, but its main advantage is that ( and LibreOffice are the most from, or another USB storage device. you can install both the JonDo IP noticeable examples). The desktop This makes Tails a pleasant experience changer and JonDoFox browser on any experience in UPR is poor, so much so for permanent work in live mode. It also Linux distro. This is a huge bonus, that even extracting screenshots includes a vast selection of software, because you can stay with your already- turned out to be a problem. Worst of all, from LibreOffice and Gimp to Audacity configured Linux box and seamlessly UPR is made deliberately non- and . turn anonymous. manipulative, so nothing can be fixed from a desktop perspective. Both Whonix guest machines use the KDE desktop on top of Debian. We really love KDE, but it seems to be excessive on the Gateway side. But the Workstation experience turned out to Verd ict be very comfortable. Aside from some JonDo Live minor slowdowns and restrictions, HHHHH because of it being a virtualised and Qubes OS firewalled system, Whonix Workstation HHHHH can be used as a fully featured desktop. Ubuntu Qubes OS is an entirely different Privacy Remix HHHHH experience: it’s easy to install but can Tails work very slowly later down the line. HHHHH Its KDE desktop is intuitive, but Whonix interaction between domains requires HHHHH extra skill. For example, copying and The best sharing files from one domain or offer familiar software and AppVM to another has its own logic and anonymity tools. The desktop in Tails will be familiar and easy to use for Gnome users. clipboard usage is limited. Documentation and support Is there any help and where do you get answers to questions?

ood wiki pages, FAQs and other how-to guides, such as helpful documentation are instructions for creating a G important for any software. This personal UPR build (with a is certainly the case with anonymous custom software set). distros that can be frustrating even for Nearly all Whonix people familiar with Linux. documentation resides in a Tails offers in-depth end-user dedicated and detailed wiki Verd ict documentation with general portal. We found it to be very JonDo Live information, first steps, commonly comprehensive and more The Whonix help section is huge and scrollable. HHHHH asked questions and detailed in-depth than the resources Even advanced and in-depth topics are covered. Qubes OS explanations for almost all aspects, Tails supplies – Whonix has HHHHH even those not related to Tails directly, more articles, more support options There’s also a helpful developer's corner, Ubuntu Privacy Remix but it’s all essential if you want to study and a very active forum. which provides all you need to develop HHHHH the basics of privacy and encryption. The Qubes OS project also has a wiki custom solutions. Tails There’s even a chat room and a 'request portal with essential and advanced JonDo has help topics, an FAQ, HHHHH a feature' form. articles. The OS architecture is tutorials, a wiki portal and a forum. Whonix Ubuntu Privacy Remix has a neat explained in detail and there's an FAQ, Though it looks complete, a thorough HHHHH and compact website, yet there isn’t tutorial slides and user documentation. review shows many weaknesses. The Whonix sneaks in front that much materials, but the quantity of Qubes OS has many extra features, FAQ is brief, and the wiki is very small. of Tails for it’s UPR resources corresponds with its such as running non-Linux AppVMs, Very few topics are actually covered, level of support. feature set. You can find some helpful and this is covered in a detailed manual. which is disappointing.

32 LXF196 April 2015 www.linuxformat.com Privacy distributions Roundup

Privacy distributions The verdict ava Anon Proxy was a 2007 Other participants clearly defined startup, backed by solid research the cost they charge for advanced Jwork of many years. Here, we privacy and security. Whonix forces you witness the fruit of that work as JonDo to use , which is always Live-DVD clearly outperforms the slower than a host computer, has little former king of anonymous web access: or no 3D support and takes extra time Tails. Both projects are premiere quality, and skills to install it for the first time. however, with balanced features and But once you've done that Whonix can JonDoFox won't active development. be configured to your need just like any Remix is unconventional, but it's also let you surf the It's hard to say whether Tor provides other Debian-based distro. about anonymity although dealing with internet unless perfect anonymity or not, but it's It would also appear that Qubes OS it very differently to the others. The your start Java technically possible to single out a Tor will only work on quite high specified project's website shows how you can Anon Proxy. user either through a compromised hardware, but even then it runs even create your own UPR spin-off and use it node or by matching traffic and user slower than virtualised Whonix. Qubes as a perfectly isolated system, which behaviour with other details, or even by OS does, however, deliver good leaves no traces on a computer. UPR correlation-timing attacks. On the other anonymity, but its main purpose is to can also detect virtual environments hand, JonDo node selection is less isolate different segments so that one and eject its ISO from its settings, but random than Tor, and we're not segment can’t bring down the others if all this is solely local, without any completely sure to what you can compromised. You will also have to connectivity with the outside world. trust it. Both solutions slow the internet learn how different speeds greatly, and the JonDo proxy software domains cascade seems to be even slower than communicate with “JonDo Live-DVD clearly Tor node chain. But connection speed is each other. outperforms the former king of not top priority, because you’re getting The approach of well-tested and supported anonymity. Ubuntu Privacy anonymous web access: Tails.”

1st 4th JonDo Live-DVD HHHHH Qubes OS HHHHH Web: http://bit.ly/JonDoLive-DVD Licence: BSD Version: 0.9.71.2 Web: https://qubes-os.org Licence: Mainly GNU GPL Version: R2 Fast, portable, effective and easy to use for anonymous web surfing. Very secure, but like riding a bumpy narrow road between concrete walls.

2nd 5th Tails HHHHH UPR HHHHH Web: https://tails.boum.org Licence: GNU GPLv3 Version: 1.2.3 Web: www.privacy-cd.org Licence: Mainly GNU GPL Version: 12.04r1 Balanced for 'mostly' safe internet access. Also a friendly way to try Tor. Consider it as a special-purpose distro for securing sensitive data.

3rd Whonix HHHHH Over to you... Web: www.whonix.org Licence: Mainly GNU GPL Version: 9.6 Tell us about your anonymous web surfing experiences at Very usable and super-secure, but the hardware specs are quite high. [email protected]. What’s your favoured distro for privacy? Also consider...

Many people share the illusion that they can be right to keep your data away from third-parties, projects too, such as IprediaOS, Polippix and invisible and unreachable under the Tor so why not take some measures? Mandragora that didn’t fit in this Roundup but network. In fact, this is only true until a user The choice of anonymising distros is larger are worth considering. In fact, it’s not too hard breaks a law or somehow attracts attention than what we’ve covered. Privatix and Liberté to turn your existing Linux install into a digital from intelligence services. Please use both haven’t received any updates for a long fortress. Almost all tools for anonymity on anonymity only for peaceful purposes and at time, but they are still usable and ready for web Linux are open source, including Tor front-ends, your own risk. On the other hand, you have a surfing on most machines. There are other extensions and encryption methods. LXF

www.tuxradar.com April 2015 LXF196 33 Subscribe to Get into Linux today! Read what matters to you when and where you want. Whether you want Linux Format delivered to your door, your device, or both each month, we have three great options to choose from.* Choose your package today! #1 for Free Software

Now on Print Digital Android!

Every issue delivered to your door with Instant access to the digital editions a 4GB DVD packed full of the hottest of the magazine on your iPad, distros, app, games and more. iPhone and Android* devices. PLUS PLUS exclusive access to the exclusive access to the Linux Format Linux Format subscribers-only area. subscribers-only area, featuring complete issues & disc downloads. Only £31.99 Only £20.49 Your subscription will then continue at £31.99 every Your subscription will then continue at £20.49 every 6 months – SAVING 17% on the shop price. 6 months – SAVING up to 37% on the shop price.

*Only available in certain territories: http://bit.ly/LXFwhere

34 LXF196 April 2015 www.linuxformat.com Get the complete package Get into Linux today!

Now on Print + Digital Android! A DVD packed with the best new distros and free & open source software every issue.

Exclusive access to the Linux Format archive – with 1,000s of DRM-free tutorials, features, and reviews.

Every new issue of the magazine in print and on iPad, iPhone, and Android* devices.

Never miss an issue, with delivery to your door and straight to your device. BEST VALUE! Huge savings, the best value for money, and a money-back guarantee. Only £38.49 Your subscription will then continue at £38.49 every 6 months – SAVING 17% on the shop price and giving you up to a 78% discount on a digital subscription.

Two easy ways to subscribe… Online: myfavouritemagazines.co.uk/LINsubs Or call 0844 848 2852 (please quote PRINT15, DIGITAL15, BUNDLE15)

Prices and savings quoted are compared to buying full-priced UK print and digital issues. You will receive 13 issues in a year. If you are dissatisfied in any way you can write to us or call us to cancel your subscription at any time and we will refund you for all undelivered issues. Prices correct at point of print and subject to change. For full terms and conditions please visit: myfavm.ag/magterms. Offer ends 19/04/2015

www.tuxradar.com April 2015 LXF196 35 Top 100 Linux tools TOP 100 Linux tools Take a stroll through the open source garden with Mayank Sharma as he picks the best apps, tools and utilities available to all Linux kind.

With 70 Raspberry Pi top apps!

e all have our favourite counterparts. They have also proved designed graphical interfaces and others open source apps that work themselves to be invaluable to home and are more versatile when operated from the for us better than any business users in more than one sense of command-line. Wavailable alternative. the word. According to rough estimates on In this feature, we traverse this diverse But take a moment and step back from www.openhub.net, some popular apps and vast collection of open source gems the Emacs vs type battles raging on such as LibreOffice, Firefox and Apache on offer and pick the ones that are at the in the Linux-verse and marvel at the would take several hundred person-years top of their game. In this list of the 100 sheer number of apps at our disposal. to develop and cost millions of pounds. best apps we’ve covered a wide range of Your distros’ software repositories give Yet they are all available to you for no-cost. categories. Whether you are a business you access to thousands of owner, an educational apps, and you can install institution, a developer, a everything from fully featured “Many of these apps have home user, or a gamer, we’ve app suites to nifty command- proved their mettle and surpass got something for everyone. line utilities literally with the While you’ll be familiar with touch of a button. their proprietary counterparts.” some of the most popular There are open source apps tools in this list, rest assured and tools for all kinds of applications today. Open source apps come in many there are quite a few that might have There’s hardly any use case that isn’t shapes and sizes and you can grade them missed your attention. If you’ve been catered for by a community contributed based on their usability. There are feature- unable to escape the clutches of app. Many of these apps have proved their rich apps, task-oriented app suites, well , we’re sure you’ll find mettle and offer features and performance put-together tools, and newfangled novelty quite a few tools on this list that are benefits that surpass their proprietary apps and games. Some ship with well- suitable replacements.

36 LXF196 April 2015 www.linuxformat.com Top 100 Linux tools

Gufw ouy ma not be using a Essential apps Ycurrently, and if that’s because they are difficult to set up then you need Gufw. A Linux desktop isn’t complete without them. It features an intuitive graphical interface for managing the inbound and outbound LibreOffice Thunderbird traffic rules for various apps and services and even individual ports. Its wizard-like orked from OpenOffice.org, nother gem from the graphical menus are designed especially LibreOffice has become one of the Mozilla Foundation, F A for inexperienced users. most popular office productivity suites. Thunderbird isf one o the best email www.gufw.org It includes programs for word processing, clients, being easy to setup and is and can create , slide shows, brimming with features. Simple setup diagrams and drawings, maintain wizards aid syncing with popular web- databases, and compose mathematical based email services and it can manage formulae. It also offers good compatibility multiple accounts, supports encryption with documents in proprietary formats and is extended through add-ons. and has recently had a face lift. www.mozilla.org/thunderbird www.libreoffice.org KeepassX ryingo t remember different espite the increasing Tpasswords for the various services is a Dnumber of cross-platform challenge for most humans (that don’t count cards in Las Vegas for fun). You can apps that work on Linux, there are some Gufw has profiles and preconfigured defer this task to KeePassX which stores that still only support Windows. This rules to aid inexperienced users. includes big third-party proprietary apps, password in an encrypted database. It can such as tor jus small fill in the password automatically and also niche home-grown tools that you can’t do includes a random password generator. VirtualBox without. For such situations, you can use www.keepassx.org hen Wine doesn’t cut it Wine, which generally run these Windows- Wyou can use VirtualBox to only apps and games with ease. The BleachBit run an entire Windows installation inside a virtual machine. The software is also project supports over 20,000 apps. Some distro accumulates a lot of digital useful for installing experimental apps work flawlessly out-of-the-box while gunk over time. BleachBit shelp you A that you don’t want to deploy on a real others require minor configuration tweaks. spring clean it and protect your privacy. It computer, and for testing other OSes www.winehq.org also removes temporary and other without exposing it to real hardware. unnecessary files, and has tools to www..org securely delete files or wipe them. http://bleachbit.sourceforge.net ith Remmina you can access a Wremote computer from the comforts of your desktop. It supports the OpenSSH his is a cloning solution that’s widest range of protocols and will connect hen you need to interface Tdistributed as a live CD and is popular to all kinds of remote desktop servers. Wwith a remote computer, for doing bare metal and The app is easy to use, and has enough you cannot do without OpenSSH. It’s a restoration of individual PCs. It can also features that make family of tools that provides secure deploy an image to multiple computers in it a viable option tunnelling capabilities by encrypting all a lab. Clonezilla can work with a large for occasional use. traffic and includes several authentication number of popular disks, partitions and http://remmina. methods, and supports all SSH protocols. filesystem types. .net www.openssh.org www.clonezilla.org

VLC PeaZip Gparted ZuluCrypt HomeBank Distros ship with a PeaZip is a graphical Use Gparted to Create an This is a feature- functional video player. archiving tool that can restructure a disk on your encrypted rich finance app. It can But if you need more work with over 130 computer. It’s available as a disk within a import data from other control, there’s no beating different types of archive live CD and can also be file or within a non-system apps and bank statements VLC.s It support virtually files and can even create installed inside your distro. partition or USB disk. in popular formats. It can every video and audio encrypted ones. It Gparted can create, resize, ZuluCrypt has an intuitive also detect duplicate format out there and integrates with popular move, delete, reformat or user interface and can be transactions and features includes handy CLI tools desktops and also has a check partitions and used to encrypt individual dynamic reports and is for advanced users. CLI for advanced users. supports many filesystems. files with GPG. easy to use for budgeting. www..org/vlc http://bit.ly/PeaZipSF www.gparted.org http://bit.ly/zuluCrypt http://homebank.free.fr

www.tuxradar.com April 2015 LXF196 37 Top 100 Linux tools Internet apps he go-to browser for anyone Get the best of the web with these tools. Tconcerned about resource consumption, Midori is popular with Firefox RSSOwl lightweight distros. Despite its lightweight nef o the most widely n excellent desktop alternative to nature and design, Midori has all the Orecognised pieces of open AGoogle Reader, RSSOwl is a news features you’d expect from a web browser source software, Mozilla’s Firefox bwe aggregator for RSS and News feeds including a speed dial, tabbed interface, browser is the default browser on virtually that’s easy to configure. The app gathers, bookmark management and configurable every Linux distro. It’s pretty responsive organises, updates, and stores news in an web search as well as an incognito mode. and known for its privacy features. You can easy to use, and saves selected items for www.midori-browser.org customise it to the hilt and also extend it offline viewing and sharing. with an impressive number of extensions. www..org www.firefox.com FileZilla or those who use FTP a lot, there’s FFileZilla. The client supports FTP, gFTP SFTP and FTPS protocols and has just he gFTP client is a feature-rich client about any configuration option you can Tthat’ll get the job done, if you need to imagine. It also has a tabbed interface so download files via FTP occasionally. It has you can browse more than one server and a simple two-pane interface that shows even transfer files simultaneously the content of the local and remote between multiple servers. filesystem. Using gFTP you can also https://filezilla-project.org transfer files between two remote servers. http://gftp.seul.org itsi is the best VoIP app, as long as you’re not adverse to J itTorrent is popular for downloading Java apps. It supports IM and make one- rivacy conscious users should try the Linux distros and there are numerous to-one audio and video calls, as well as B new decentralised IM and VoIP client download clients. One of the best is P audio conference calls. It supports many called Tox. This relies on a distributed Deluge which has multiple front-ends, of the widely used IM and telephony network, which uses P2P connections, the including a graphical and a web-interface. protocols, including SIP, XMPP, AIM, ICQ, same technology used by BitTorrent to It has features that enable advanced users MSN, etc. Jitsi has all the features you’d provide a direct connection, between to tweak it to their liking and also has a expect from a softphone, and more, such users for chats and, unlike other nice library of plugins. as encrypt text chats with OTR and voice alternatives, www.deluge-torrent.org and video by establishing a ZRTP session. Tox uses no https://jitsi.org centralised servers or Pidgin supernodes, Aria2 idgin is a wonderful app which could be hat makes Aria2 a unique utility is P for instant messaging over compromised. Wthat it can download the same file many network protocols. You can sign in All chats are at the same time using different protocols. with multiple accounts in the single client also encrypted The lightweight CLI app can download via and chat with many friends in different using the peer- HTTP, FTP, BitTorrent and Metalink and networks. You can use it to connect to audited NaCl can also open multiple connections to AIM, MSN, Google Talk, Yahoo, Jabber, IRC crypto library. download the file faster. and more chat networks all at once. https://tox.im http://aria2.sourceforge.net www.pidgin.im

0 A.D. Arena OpenMW FlightGear This is a real-time Another strategy game A popular first OpenMW wis a ne game For f fans o aircraft civilisation-building that challenges players to person shooter with a sci- engine that recreates the simulators there’s strategy game that lead their tribe 4,000B.C fi theme and the popular Morrowind .RPG FlightGear othat aims t features impressive to the space age. tournament style The aim of the project offer flight across real graphics and intense www.freeciv.org deathmatch of Quake and isn’t to improve game world terrain. It includes battle gameplay. It’s yet Unreal Tournament. The assets or add additional scenery for more than Games to have a final release but game has several game features but to provide 20,000 airports, and can has already won accolades modes and over 60 maps, gamers a more moddable be extended with your in its current state. and is quite configurable. edition of the game. own aircraft and locations. http://play0ad.com http://red.planetarena.org https://openmw.org www.flightgear.org

38 LXF196 April 2015 www.linuxformat.com Top 100 Linux tools Office and productivity

Enhance your workflow with these apps. biWord is usually paired Zathura A with the lightweight nless you feel you need his is a simple and a lightweight PDF Gnumeric spreadsheet app. However, the ULibreOffice’s superior Treader that supports almost all the app isn’t light on features and offers a lot compatibility with proprietary formats, usual features you’d expect. You can more functionality than proprietary you may want to consider Calligra.s It’ a search text strings, jump pages, zoom in spreadsheet apps. Gnumeric will import continuation of KOffice eand unlik and out, rotate pages, add bookmarks and data from files and there LibreOffice, Calligra has a modern-looking, more. In addition to , it can display are import filters for other apps as well. modular design, and also uses Open DjVu and even encrypted documents. www.gnumeric.org Document as its native . It ships https://pwmt.org/projects/zathura with a large clutch of apps. In addition to KMyMoney the Words , Tables rfo esigned for KDE users, KMyMoney spreadsheets, Stage for preparing AbiWord is a feature-rich accounting app. presentations, and for managing he wide gap between rich D It supports different account types, such databases, it also benefits from Krita [see Ttext editors and word as Cash, Checking, Savings, etc and can p40] for . processors is occupied by categorise incomes and expenses, and www.calligra.org AbiWord.s It’ lightweight but still offers commonly-used word processing features, can reconcile bank accounts. If your bank which makes it a popular for lightweight allows it, you can have KMyMoney GnuCash distros. It also offers cloud-based connect to your bank directly to retrieve nome users have GnuCash which collaboration capabilities via its AbiCollab. your account activity. Gis similar to KMyMoney fin terms o net service. https://kmymoney.org features, but also handles and categorises entries differently. GnuCash is a personal and small business accounting app that’s ProjectLibre based on double-entry for professional project management tool helps you ou e can us Calibre oet manag your reporting and A stay on top of ongoing projects and Ycollection of , and supports a besides dealing ProjectLibre fis one o the best. It’s an wide range of readers and . with monetary award winning app that’s used widely by The app can import ebooks manually or, if transactions, it many enterprises around the world. you prefer, by syncing a reading device can track things ProjectLibre has several useful features such as the Kindle. Any files imported can such as stocks, and can also visualise tasks with various be sorted and grouped by metadata fields, bonds and charts and reports. which can be pulled from various online mutual funds. www.projectlibre.org sources, such as www.goodreads.com. www.gnucash.org www.calibre-ebook.com OpenLDAP Xournal penLDAP is great for his app is very handy for when you Owhen you want to run a Tneed to scribble bits of information directory server. It implements the LDAP down for later. As well as typing out notes, protocol and has all the expected features, you can use it with either a mouse or a including logging, replication, access stylus. It can also be used to add control, user and group management etc. annotations to PDF files. It also integrates with . http://xournal.sourceforge.net www.openldap.org

Achievo L aTex Shutter ClamAV This is a web-based The default PDF LaTex is a document Besides capturing the full While most viruses and resource management viewer for KDE and preparation system and screen, Shutter can trojans will have no effect tool with a simple includes a good number of document markup capture a specific area, or on Linux, you still can have interface for accessing its useful features. Besides language based on TeX. Its a window. You can also infected files in your distro CRM, HRM and project PDF it can also read a purpose is to simplify TeX upload to a hosting service. that can wreck havoc management and number of other file types, typesetting for documents www.shutter-project.org when accessed on a planning tools. You can including Postscript, DjVu, containing mathematical Windows machine. So be also track resources CHM, XPS, ePub, TIFF, formulae and is widely a good admin and use across multiple projects. CBR, and others. used in academia. ClamAV to scan files. www.achievo.org https://okular.kde.org www.latex-project.org www.clamav.net

www.tuxradar.com April 2015 LXF196 39 Top 100 Linux tools

Krita OpenShot lthough Krita fis part o the heree ar only a handful of video Hobbyist ACalligra esuit (see p39), Teditors for Linux and OpenShot offers it needs a special mention of its own. Krita the best combination of features and ease Follow your passion. is a digital painting and illustration app of use for the home user. You can use it to that offers many expressive brushes, HDR combine videos, audio tracks, and still painting, filters, perspective grids, painting images together and add in captions, RawTherapee assistants, and many other features you’d transitions, and more, and export the final o you shoot with a digital single lens expect from such an app. product in a variety of formats. Openshot Dreflex camera (DSLR)? Then take a www.krita.org can also use ot create 3D look at RawTherapee which includes a animated titles wide range of tools for processing and www..org converting RAW files. In addition to basic Stellarium manipulations, the app has extensive tellarium is a free open source options for working with RAW files. Using Splanetarium for your computer. the app you can adjust the colour and It calculates the positions of the Sun and brightness values of your images, correct Moon, planets and stars, and draws the white balance, adjust tones, and a lot sky as per the users location and time. more. Besides RAW files you can also use It can also draw the constellations and RawTherapee for editing traditional image simulate astronomical phenomena such files, and it also includes Adobe Lens as meteor showers, and eclipses. Correction profiles. www.stellarium.org www.rawtherapee.com JOSM nother pro-quality tool, eeno t contribute to the mapping AInkscape offers advanced Kproject, OpenStreetMap? Then use editing and is popular for JOSM.s It’ a Java-based offline map editor drawing vector art, line art, and designing that can help you plot GPS traces. You can logos and graphics. It’s brimming with load GPS track-logs into JOSM and start features, such as markers, clones, alpha adding streets to OpenStreetMap blending and more, and is often compared instantly. Although OpenStreetMap has to expensive proprietary apps such as several other editors available, most Illustrator and CorelDraw. contributors use JOSM for their edits, as www.inkscape.org Scribus it lets them upload changes back to OSM comprehensive desktop quickly and easily enough. JOSM offers A publishing program. several features and can be extended with inelerra is excellent if you need to edit Scribus can be used to create professional plugins and styles. Cmore than home videos, as it’s the press-ready online and print documents https://josm.openstreetmap.de most advanced non-linear video editor including brochures, booklets, books and and compositor for Linux. It supports HiFi magazines. It has a feature-rich interface video and audio and is resolution and and has features, such as PostScript frame-rate independent, which enables it colour separations, support for CMYK and to edit videos of any size. The app has spot colours, ICC profiles, and printer several advanced features, such as marks. Scribus oals includes a variety of overlays, denoising, normalisation, time templates and styles and you also get an stretching, color balance, compositing, array of settings and tools to precisely real time effects and a lot more. It also define and position the various layout includes a compositing engine for elements you require. performing tasks such as keying. www.scribus.net www.cinelerra.org

Comix FontForge CairoDock Audacity MPD Digital comics are FontForge is a feature-rich CairoDock Sis a MacO X If you need to work The Music Player distributed as comic book app for creating and dock-like app. One of its with audio, you should use is an audio player with a archive files that mainly editing fonts and supports main advantages over the powerful Audacity server-client architecture, consist of a series of all common font formats. other docks is that it sound editor. You can trim which means you can image files, typically PNG It can extract information doesn’t require a audio, combine tracks, control it remotely from Media or JPEG files, stored as a from a font file as well as compositing window and even stack multiple another computer. It plays single archive file. Comix convert from one format manager to work and can tracks, as well as export to audio files, organises can read digital comics in to another, and can be add bling to older low- a number of formats and and can maintain virtually every format. used for previews. powered machines. quality settings. a music database. http://bit.ly/ComixApp http://bit.ly/FontForge www.glx-dock.org http://bit.ly/AudacityApp www.musicpd.org

40 LXF196 April 2015 www.linuxformat.com Top 100 Linux tools

Blender ith Blender animators can Development Wcreate 3D printed models, visual effects, art, interactive 3D applications and video games. The app Power tools and programs for power users. provides a wide range of features that can be used to create 3D films. It’s jEdit a one-stop 3D package and includes a his is a for graphical diff tool, Meld senable gaming engine, a video sequence editor, Tthat supports auto indent, and syntax A you to compare two or three files as production-ready camera and object highlighting for more than 140 different well as whole directories. It includes tracking, a large library of extensions, and programming languages. The app enables features, such as and an advanced physics engine. It can render you to define complex macros and offers direct file editing, and using the tool you fluid dynamics and simulate the a powerful and user-friendly keyboard can easily isolate and merge the movement of elastic objects and clothes. mapping system. It’s highly configurable differences. Meld ocan als be used to www.blender.org and customisable, and you can extend its browse various popular version control functionality by adding plugins. systems such as CVS and Subversion. www.jedit.org www.meldmerge.org out don’ need a full-blown IDE if you Yonly program occasionally, which makes Geany a good choice. It’s a cross here’s no beating Eclipse, between a plain text editor and an IDE Tthe most feature-rich IDE. with support for the popular languages Although Java is its speciality, Eclipse and nifty features like a compile/run supports a range of languages via plugins. button, a listing of functions defined in the In fact, its plugin marketplace is an currently opened file, and much more. indispensable resource. Eclipse does code www.geany.org refactoring and you can use it to extract KompoZer the selection as a local variable or method. ew and experienced HTML APTonCD Since it can target multi-person installs, programmers will save a lot of N uddenly realise that you need to it handles version control very maturely amount of time and effort with the move your Ubuntu installation or www.eclipse.org KompoZer editor. It has an intuitive S need to give a friend a copy of your setup? interface and includes a colour picker, an With APTonCD Ubuntu users can back up FTP site manager, CSS editor, all of their installed packages to an ISO customisable toolbars, forms, spell image, which can then be added as a o you develop for the web? Bluefish checker, markup cleaner and can also software source on another installation. is a multi-language editor that’s validate code using W3C’s HTML validator. D You can use this source to restore the designed for web developers. It supports www..net packages on to the system or keep many programming and markup everything in the APT cache. languages and focuses on dynamic and aptoncd.sourceforge.net interactive websites. It supports code Gimp block folding, unlimited undo/redo, espites it name, Gimp is automatic tag closing, and syntax Da powerful, comprehensive highlighting. Another useful feature is the image manipulation program. It offers a snippets bar from where you can add the wide range of tools for professional-quality most common snippets of code for a photo retouching and image manipulation variety of languages. Bluefish oals has capabilities for free. It also offers a huge support for popular open source web list of features and supports all the apps such as MediaWiki and Wordpress. common graphics file formats. http://bluefish.openoffice.nl www.gimp.org

Clementine LMMS Kodi Use Clementine to play With Icecast you can If e you us KDE your LMMS is digital audio Until recently Kodi locally stored music and stream music across the distro may already include workstation that produces was known as XBMC.s It’ streaming audio. The app network. Icecast ssupport this music player, Amarok. music by synthesising an excellent option for has an attractive interface many audio streams It too integrates with sounds, arranging users who wish to turn and it also helps organise simultaneously and several online audio samples, and playing their PCs into media hubs. and transfer music to listeners can access a services, and its features them on a MIDI keyboard. It plays most kinds of various devices, and stream via a remote media include creating dynamic It also has a song editor media files and works with integrates well with player and also configure playlists, bookmarks, and plugins to simulate TVs, IR and bluetooth popular cloud services. MPD as a source. scripting, context view. instruments and effects. remote controls. www.clementine-player.org www.icecast.org https://amarok.kde.org www.lmms.io www.kodi.tv

www.tuxradar.com April 2015 LXF196 41 Top 100 Linux tools Utilities Handbrake hen the need to convert a Apps that let you do more with your computer. Wvideo arises, Handbrake, the video transcoder app does a commendable job. It can convert nearly Gnome Tweak Tool Grub Customizer any format and supports a wide range of ot satisfied with the stock Gnome rub 2 is the most popular Linux video codecs. One of its best features is Ndesktop? Use the Gnome Tweak Tool Gbootloader that’s used by virtually all built-in device profiles for popular devices to customise several aspects, including major distributions. It’s an impressive that make the conversion process easier. the appearance settings of the desktop. piece of software with lots of options. www.handbrake.fr With this tweak app you can also change The Grub Customizer is a simple to use the behaviour of the Windows and graphical tool,which enables you to Workspaces, manage extensions and you quickly customise all aspects the EasyStroke anto t control your PC with the flick can even circumvent the design , including its appearance. of the mouse? The EasyStroke app philosophy of Gnome 3 by placing icons, www..net/grub-customizer W lets you define and manage gestures by files and folders on the Gnome desktop. recording the movements of your pointing http://bit.ly/GnomeTweakTool DOSBox device while holding down a specific elive the good ol’ days with mouse button. You can then configure RDOSBox yand pla your actions that’ll be executed when the app favourite classic DOS games that won’t recognises the defined stroke. run on your modern hardware. This is an https://easystroke.sourceforge.net x86 PC emulator that creates an IBM PC compatible computer complete with compatible graphics and sound cards. The Vokoscreen app can also simulate networking feature-rich screencasting app hardware for multiplayer games on the Aworthy of note is Vokoscreen, which is based on FFmpeg for handling digiKam local network and even over the Internet. The Wine project even uses code from multimedia data. Vokoscreen can capture nef o the best photo management DOSBox ot bolster support for DOS apps. both video and audio, with options to tools for Linux is digiKam and it has O www..com record the entire screen, window or a features that’ll appeal to all kinds of users. selected region, along with video from a It recognises all major webcam. The app supports MPEG4, x264, and can organise and sort images based MP3 and codecs and can save files on metadata. The app also has plugins to videmux is a video editor and in either .AVI and .MKV containers. export images to various online services. converter that can be used for basic The app offers some controls such as the www..org A cutting, filtering and encoding tasks. ability to change the video quality and It supports many file types, including AVI, frames captured per second and can be MPEG, and MP4. The app is designed for used to make screencasts of games. lthoughs it’ designed for users who know what they want to do but www.kohaupt-online.de/hp AKDE, the K3b optical media also provides an intuitive interface so that burning utility is one of the finest for the tasks such as cutting and appending job. The app can burn multiple El Torito videos are pretty straightforward. The app boot images, audio CDs, VCDs, SVCDs, has some presets and users can also save mixed-mode CDs, eMovix CDs, and . custom settings that make the app easier It can also rip DVDs and write ISO images. for new users to operate. www.k3b.org http://fixounet.free.fr/avidemux

Ncmpcpp Samba rTorrent Links2 Midnight This is a command-line Samba efis a suit o Heree w have a command- Theree ar lightweight Commander MPD sclient that’ easy to programs that enables line BitTorrent client with browsers and then there’s Before the days of use and customisable. Linux users to access and an interface. Links2. This is a web graphical file managers, It provides useful features use files, printers and You can run it as a browser that can render real hackers used such as the ability to sort other commonly shared daemon and manage it complex pages and even Midnight Commander, playlists, song lyrics, item resources on a Windows with screen eand sinc it has a pull-down menu. It’s known as mc.s It’ still your filtering, fetching artist’s PC on a network and does supports SSH you can also special because it’s a best option if you regularly info from last.fm, tag this by supporting the manage your torrents CLI browser that you find yourself in the console Terminal editor and much more. SMB protocol which. from any remote machine. operate via the keyboard. environmen a lot. http://bit.ly/Ncmpcpp www.samba.org http://bit.ly/rTorrent http://links.twibright.com http://bit.ly/MidnightCdr

42 LXF196 April 2015 www.linuxformat.com Top 100 Linux tools

Conky oncerned about the resource Admin tools Cutilisation on your PC? is a nifty little app that lets you keep an eye on your system. It can monitor and report on Take charge of your distro with these power apps. the states of various components. The tool is very flexible and highly configurable and can also display information from Redo Backup Qemu apps, such as weather updates. e’ve mentioned the Clonezilla t’s is a feature-rich multi-purpose http://conky.sourceforge.net Wcloning solution earlier in the Iprocessor emulator and virtualiser. You feature [see7 p3 ], but if all you need is a can use it to create virtual machines and tool to swap out an old disk for a new one, even emulate various hardware Turnkey Linux then you use Redo Backup and Recovery. architectures. If you have the right he Turnkey project produces The tool is designed for inexperienced hardware on tap (a processor with T appliances which you can use to users and has the simplest of interfaces. hardware virtualisation extensions), you deploy a new server in a jiffy. A Turnkey www.redobackup.org can use Qemu with KVM oin order t run appliance is a self-contained system that virtual machines at near-native speed. packs in a fully functional web app that XAMPP www..org runs on top of Just enough Operating System (JeOS) components required to he XAMPP stack gives you power that particular app. All the a single package that you T appliances are based on Debian but are can use as a sandbox to test and develop available in several formats depending on web apps. It includes all the necessary the hardware that you want to deploy it components such as Apache, MySQL, on. Once they’re up and running you can PHP, and as well as several other manage each appliance using a browser- libraries, modules and tools, such as based interface. phpMyAdmin and FileZilla for managing www.turnkeylinux.org the stack components. Once installed, you can manage the various services via a graphical control panel. www.apachefriends.org Mondo Rescue ondo is a unique backup solution Mthat creates bootable backup and Déjà Dup restoration disks customised for the hes app’ minimal GUI sets itself system being used. Mondo has a text- apart from the various other backup T driven interface and works with a wide apps you’ll find, and it lets you configure range of file systems and can use a variety within a matter of minutes. Déjà of media as backup mediums. Dup is based on Duplicity and provides www.mondorescue.org just the right number of features for desktop users who aren’t used to the ways of a backup tool. Open Media Vault he Zentyal distro has all the http://live.gnome.org/DejaDup hen you need more Tcomponents you need to run a Wprotection for your data gateway server. The distro simplifies the than a simple backup then you need to process of setting up, monitoring and deploy a NAS server. The Open Media controlling the components of the server Vault project is a Debian-based server that with a host of custom management tools offers the power of commercial options in and helps you configure the servers a way that’s easy to setup and manage. without mucking about with config files. www..org www.zentyal.org

Mutt Profanity FFmeg Mutt ois t email what Profanity is a console- Wanto t do more from the This is an MP3 Onef o the most versatile Links2 ois t the web based client for the XMPP command-line? Get the audio player for the media conversion utilities, browser. It’s a text-based protocol that supports Canto CLI RSS feed command-line that FFmeg can manipulate mail client that is highly multi-user chats and OTR reader. It supports RSS, supports gapless virtually any type of media configurable and it message encryption. Atom and RDF feeds and playback. It’s so good that file in various ways, such supports both POP and www.profanity.im imports and exports feeds its decoding library, as changing bitrate, IMAP protocols and has all in OPML format. It has lots libmpg123 is used by extract audio, record the usual features you’d of customisation and even other audio players for streams, extract stream want from an . configure it with Python. MP3 playback and much more. www.mutt.org http://bit.ly/CantoRSS www.mpg123.de www..org

www.tuxradar.com April 2015 LXF196 43 Peter Coates

National

ServiceSam Tuke talks budget band aids and health record healing with the National Health Service's own open source crusader Peter Coates.

44 LXF196 April 2015 www.linuxformat.com Peter Coates

Peter Coates has spent a year Interview convincing Britain's largest employer to buy open source and its largest suppliers to sell the option. As Head of the NHS Open Source Programme, he's fostered a generation of new in-house apps, and witnessed some of the largest companies in the field climb on board with copyleft. His work has cleared a path for wider adoption, with a new toolkit for public sector buyers, and a novel support structure for community made apps. And with a 20-year record in public sector IT he's got stories to tell.

Linux Format: What's your background? Peter Coates: I was a Head of IT and Information for many years at a large local authority in the social services department. I had complete control over the IT side of things, from boxes and wires, telephony, all the way through to desktops, managing information expensive for the budgets they had. It meant we It had to connect securely to a whole host of systems, and training. I came to realise that the actually had to develop things ourselves – local systems, including Police Command and public sector is not well served by software. It’s additional modules to meet our needs, for Control systems. In the end we found an open a very, very small market. English social services example. Then we started coming up against source solution called ActiveMQ. This was the departments work quite differently to other issues, commercial issues, around being able to first software I'd used that I could take, consider, ones, even in the UK, never mind outside of integrate additional functionality with the core implement, and share. It was a revelation! Europe, because they are joined up with all systems we got from software vendors. We could just take this free software that had a sorts of other government services. At that time weren’t commonly large community, language support, Therefore the market for companies who available, which would have allowed us to development tools, and adapt it to our own very, supply software is also very small. That means connect different proprietary components very specific needs. there isn't much innovation, because there's no more easily. Where such interfaces did exist, they were expensive and LXF: And did it work? on development not very open. My social PC: Actually, it amazed me that it had already workers had very reached such a mature level – it was very “We would have had to write particular needs. stable. If it hadn't been for this open source app, Proprietary solutions we would have had to write something brand something brand new from weren't available to buy; new from scratch, with no support, and no we had to develop community. Making up a custom solution like scratch, with no support...” something. And we had that would have been extremely expensive. to be able to do it rapidly. At that point, open source became a third significant investment in research and About 20 years ago I put together a way for me. An alternative to having to either development – there isn't a good enough development team to add custom functionality. develop from scratch, or buy ready made. The prospect of recovering that investment. All this Open source wasn't yet on my radar. Whatever system we built ended up running on a Linux- means that, as an IT manager, to meet the we made had to connect to the other core Apache infrastructure, because that turned out needs of your organisation you’re looking at a systems that were already in place. And that’s to have far superior performance than the other lot of bespoke development. where we'd start to hit roadblocks due to systems we tested. These two things gave me a So local authority, the public sector, they’d licensing restrictions. Over the following years window into how valuable open source could be try using well-known systems for business we worked with these constraints. Some of the for us. administration. Local authorities would use SAP applications we created were quite successful, and Oracle Enterprise Resource Planning but the restrictions didn't go away. LXF: What does the NHS Open Source applications (ERPs), generally wall-to-wall programme do? Microsoft for office productivity, email etc. They LXF: How did you get into open source? PC: Primarily we're an educational service for could get away with that approach, though they PC: The team was crystal clear from the start informing people of the benefits that open weren't ideal, and were very expensive. But that everything we developed would be freely source can bring. We provide resources, they'd really struggle with the clinical space – available for other departments. So our work expertise and advice to healthcare systems that deal with the cases of individual effectively was open source in how we handled professionals. We exert influence over the entire patients and related services. it, but it wasn't open source licensed. I was healthcare community around the use of open The only option they were left with was to working on a very challenging project to source. Ultimately this education is a means to use a small number of system vendors who implement the new 101 non-emergency an end; the goal is to help deliver better catered to that market. These were also number in Northumberland Tyne and Wear. healthcare services and outcomes for patients.

www.tuxradar.com April 2015 LXF196 45 Peter Coates

Two policies drive the programme, both use, even though there isn't a company that’s February. More are in the works for software from a department called the Government behind it. used in dental and mental health, and Digital Service (GDS). They have a national community dentistry. strategy to ensure that open source has a level LXF: Why is such a kit necessary? playing field when competing against PC: There are perception issues and myths LXF: How do you get proprietary software proprietary systems. That's the first one. The surrounding open source which we need to companies involved in what you're doing? other is about maximum benefit from public bust through. Myths like “Open source software PC: We run events with trade bodies, such as spending. If tax payer’s money is going to be is not as safe as proprietary software”, and TechUK, which represents 850 technology spent building software, then that software “procuring open source is harder”. The NHS is a companies. We’ve held a number of open days should be open source, so that there is huge and diverse , and open source is and open sessions for vendors, where we talk maximum opportunity for re-use. Of course, still new and unknown to large parts of the about open source and the NHS. We present there are some areas of government where public sector. our work at broader conferences like EHI Live, that's just not appropriate. Misunderstandings like this exist on the and Health Insights. I'd say we've participated in We’re trying to do things differently to how supply side too – it's not just the buyers. over 20 formal events since I started. they're being done in the NHS today, because if We provide information to proprietary software Additionally, we have our own NHS Open you do what you’ve always done, you get what vendors and put them in touch with open Source Open Days, two last year at Chelsea FC you’ve always got. This is about transformation source vendors and integrators, to show them and Newcastle Racecourse. to a new model. how other companies have moved from being product-based to being service-based. LXF: Are you involved with other open LXF: Who's your boss? Companies come to our events to see if there's source communities? PC: The programme answers directly to NHS a new commercial model that would suit them. PC: Yes, we went to the MongoDB Public Sector England, which is responsible for organising and You’ve got to remember that for a long time Hackathon in London. Other Central paying for all services in that region. Government departments on medical staff contributions who were at that event were LXF: You joined the programme 6 months blown away by what we've after its creation, and have just completed “They’re passionate about been doing. We’ve also got a your first year at the helm. What are you seat on the British Computer most proud of? making systems that meet Society's Open Source PC: One thing is the new Commercial Toolkit, Specialist's Group. created in-house, for obtaining open source for their patients’ needs.” health organisations. It explains how to LXF: We notice there's an implement and maintain open source solutions, in the NHS, software choices were limited to official @NHSOpenSource Twitter account – and how to procure deployment and support what was effectively a catalogue of proprietary who're you trying to reach? services. This is critical information for NHS systems. We’re coming out of that period now, PC: I think our Twitter followers fall into two organisations that want to switch. and organisations have got a lot more choice. camps: those interested in health informatics, Another thing we're proud of is a delivery The kit also helps navigate compliance with including doctors, nurses etc, and then vendors model we've developed for applications that things like procurement regulations. It's a and suppliers, including many proprietary ones. come from a community rather than from an comprehensive document. Somewhere in there is a group of people who individual company. This is based on not-for- develop health apps in their spare time. It’s very profit organisations acting as custodians for LXF: What's the not-for-profit assurance easy to get engineers interested in working on open source apps. They provide assurance to model that you mentioned? new things. Some of them do it for their own healthcare users that the software is safe to PC: It's a way to provide assurance for open technical interest, with the blessing, if you like, source software that would otherwise be of their employer. Many of them work for the wanting. It uses a particular legal structure, large proprietary vendors. When they attend based on Community Interest Companies our events it's voluntary. I think it's like a hobby (CICs) – not-for-profit organisations, to fulfil the for them. role of custodian for a particular application that's used in healthcare. This way people who LXF: Do you prefer a particular licence for want to use that software have someone to go community contributions? to for assurance and services related to the app. PC: The AGPL (Affero General Public License) Questions about future releases, testing, and so is one of our preferred licenses because all on can be answered by the CIC. They work as of the changes must be shared back to umbrella organisations to represent the needs the community. of users in healthcare and communicate with the software's developers. LXF: What's been hardest thing about raising awareness? LXF: How many Community Interest PC: It's a complex message to communicate. Companies are there? Software is not ‘one size all’. Assurance is PC: Five are being set up currently. One key because the organisations who're using this example is the Open Eyes Foundation, which stuff do very serious work: every day the of already has multiple sponsors. Another was set patients depend on them. They need to be up for openMaxims, a large Electronic Health confident that anything they use, whether it’s Record (EHR) system released under the AGPL proprietary or open source, is safe. They need last June. Three NHS Trusts, including Blackpool assurance during the procurement process that Teaching Hospitals, became legal members in there are sufficient professional organisations

46 LXF196 April 2015 www.linuxformat.com Peter Coates

around to provide support, to implement it, to extend it. That’s been the biggest challenge. What's been surprisingly easy is getting clinicians – hands-on staff like doctors – to contribute. They’re really passionate about software. They're passionate about making systems that meet their patients' needs, and they're prepared to give their time. They are really the driving force. We're just here as a facilitator and enabler.

LXF: If assurance is key, are enough companies offering those services for open source? PC: The trouble is that most of the organisations who support open source in England have not traditionally worked in the health sector. We definitely need the availability of more open source solutions, and more vendors who can provide open source services to the health sector. In other parts of the world they are to a proprietary application. They can PC: It's a major problem when a proprietary this is already happening. VistA is an open choose to participate with the knowledge that licence impedes a healthcare system's function. source EHR system used and developed by the their work is not going to be commercially Open source gives you the ultimate flexibility US Department of Veterans Affairs. It delivers exploited for someone else's advantage. here. It's like back when I was an IT Manager – healthcare to all ex-US service personnel – it’s a Because the resulting product will be available the problem wasn't a technical one, it was a very large system. In North America, it's for everyone's use and adaptation, it'll instead legal one, due to terms and conditions and supported by the big IT vendors, including be used to deliver better software, and licenses. The same problem has been PricewaterhouseCoopers, HP and Google. better healthcare. recognised by the United States Congress: I feel this is unique to the medical profession, strict proprietary licensing can impede the LXF: How do you encourage vendors to and why open source is such a good fit for healthcare economy. switch to open source products? healthcare. Medics are used to sharing their PC: I explain that their products would be more discoveries and practices with a wider LXF: Earlier you mentioned Open Eyes. attractive to customers if they were free from community in order to improve them. That’s Is that a port of xeyes? the threat of vendor lock-in. Businesses how they work. They take an iterative approach, PC: No, it's a web-based Electronic Patient developing open source products are effectively publishing ideas in a journal, letting others test Records system for ophthalmology. It was saying: “we're so confident that you'll want our and improve it, and then publishing new created by Bill Aylward at Moorfields Eye services, we'll let you choose where you buy – findings in turn. That's how we want our Hospital. It set out to be an open source project our offer is that good”. It's a compelling pitch. software development to work too: a product is from the start, including it's full web stack. Some vendors try dipping their toe into the developed, contributed to by others, and It's now being deployed elsewhere, and has the open source waters with a new product, as an ultimately improved upon. An open source support of The Queen Elizabeth Diamond experiment. New products don't have a user licence means commercial exploitation can't Jubilee Trust. Their foundation uses our CIC base, and the company wants to bring it to prevent that evolutionary process. The goals are model, and so far they're doing very well. market. They say “Actually, I’ll release it as open different; rather than a purely commercial source, and generate business revenue from outcome, it's about the best solution that can LXF: Do you think big vendors will open value added services such as support, be achieved. source more of their products in future? implementation and maintenance”. PC: It’s a big decision for a business to open Vendors can also offer proprietary-style LXF: So it's not about the money? source their property and write off revenue from contracts for open source products, just as they PC: We're focused on the long-term benefits, a licence-based business model. It obviously do for their other products. IMS effectively not short term cost savings on licenses. stacks up for IMS [Health, a US healthcare offers both. They say: “Here's our product By taking the open source approach we benefit technology company]. They’ve just signed a openMaxims, you can get a copy from us with a from all these ideas, collaborations and ten-year deal for openMaxims with Ramsay cast-iron guarantee, support and maintenance, innovations. When combined to serve Health Care private hospitals, serving 1,500 but you can have the source code, too”. Other healthcare needs we end up with a more useful users per day. vendors make opportunities by adding open system that delivers better patient outcomes. source components together and setting up as The real financial saving comes from LXF: Where can I learn more? an implementer or support partner of a third- preventative services. When we're able to PC: There are lots of videos online about what party app. Because of the licence, they can predict the need for a low-cost intervention we're up to, and our Twitter feed has carried the combine different systems together: integrate early on, and avoid the need for a later high-cost latest news, including patient workshops and their unique product, and reap the benefits of a intervention, that's a huge advantage in terms Open Day announcements. You'll also find us at broader service offer. of both the patient's health, and public the next round of Health Insights events. spending. This is where interoperability issues For more details see: LXF: How is the Nation Health Service come into play. https://twitter.com/nhsopensource benefiting from open source? http://www.technologystrategy.england. PC: In my experience clinicians are more likely LXF: Incompatible health records have been nhs.uk/pg/groups/99205 to contribute to an open source project than an issue – can open source fix the problem? http://www.healthinsights.co.uk. LXF

www.tuxradar.com April 2015 LXF196 47 Run a Linux business

Run a Linux Business Keith Edmunds shows how he powers his computing business with open source and how you could too.

echnology has always fascinated still do). As my career progressed, I left that. Linux clearly had a value to businesses, me. As a child and teenager it was Digital and one day I found myself managing and it was around that time (late 1990s) electronics, and when the chance the European IT helpdesk for a worldwide that I began to wonder whether it would be Tcame to work for viable to run a company that Digital Equipment helped other businesses use Corporation, a (now “I wondered: would it be viable Linux? That may not seem defunct) American like a very revolutionary idea computing company in to run a company that helped now, but back then Linux was 1980 (yes, I am that old), I other businesses use Linux?” virtually unheard of outside of jumped at it. And I loved it. I the IT industry (and for large learned a lot about computing, even before company. We needed to monitor our parts inside it, too). I spent a lot of time personal computing really took hold. network to understand when things were thinking and talking about it, and – to cut a When Linux arrived on the scene in the failing. I wondered if maybe Linux could help long story short – in 2002 I left the job I early 1990s, I thought it was brilliant (and I and so yes, I set up a Linux system to do just then had and started Tiger Computing.

48 LXF196 April 2015 www.linuxformat.com Run a Linux Xxxxxxxbusiness

t Tiger Computing, we support Linux for businesses throughout the UK, and Aour own business runs (almost) entirely on Linux. I'm going to tell you how we do that, but first a little history. It was 2002. I saw a posting on one of the mailing lists from a business asking for some Linux help. That posting led to our first client, but more importantly it proved that there was a market for providing Linux help to busineses. Back then, clients would call from time to time with Linux problems. That was good: I thought that was what we were there for. Those problems would split into two groups, and the first would be requests such as ‘can you add a new user?’ or ‘can you install this software?’ or ‘could you set up a new server?’ These are change requests: part of the IT person's role in ensuring that the IT systems Munin is very useful for graphing Nagios parameters to track problems and their resolution. keep up with the business requirements. The second type of problems would be server collates those results and displays and perhaps resolve a log rotation problem; faults: ‘email isn't arriving’ or ‘we can't save them on a web page. Each result falls into one /var drops down below 80% full, the monitor documents’ or ‘Sally/Joe can't access the of four categories: OK (displayed with green returns to green and life goes on. No service Accounts’ share’. background), Warning (yellow), Critical (red) interruption due to a full /var partition. There's little we can do about change or Unknown (indicating an internal problem At first, we missed a few things. requests other than fulfil them: we can't know with Nagios itself and displayed in orange). Occasionally, a client would report a problem that a new user is starting next Monday unless that we hadn’t been warned about, so then we someone tells us. But we can do something Pre-empting problems had two things to fix: the client’s server, and about the faults. We can monitor the mail Unlike our clients, we're not interested in what our monitoring. We would write an additional queues; we can monitor free disk space, and is working, so we filter out all the green lines check that could be run on that server or, we can monitor a lot more besides. and just show the rest (pictured below). Now more often, run on many or even all servers. It's clearly better all round if we can detect we're getting somewhere! The /var partition Over time, our monitoring infrastructure grew, that mail is not being sent by the server, on ServerA becomes 80% full; 80% is the and the number of problems we didn’t detect investigate the problem and, ideally, resolve it transition we have set between OK and in advance fell to close to zero. before our client is even aware. This approach Warning, so the ‘how full is your /var partition’ Our goal now is that our clients should was implicitly backed up by our own clients check now shows up with a yellow never have to tell us about server problems: when I asked them what the most important background. If that partition gets to 90% full, we should know about problems before they element of the service we supplied was. it will become Critical and go red. At either, or do, and we say as much on our website. The answer was always the same: reliability, both, stages, an email or SMS notification can So, that's what we do and that's why we do uptime and availability. be sent to our support staff. They investigate it. Let's look some more at how we do it. So we started monitoring the servers we supported. There are many open source server monitoring utilities out there; we tried a few and settled on Nagios. For those who are unaware of Nagios, the basic principle is simple. A central server (the Nagios server) contacts each of the servers it’s monitoring in turn and instructs them to run a local program or script and feed the results back. The Nagios Nagios enables you to find the ‘bad wood’ among the healthy trees… or servers.

The software we use

I mentioned earlier that the business runs Our staff are free to choose whichever Linux presentations. We use OwnCloud (hosted on almost entirely on Linux, so let's get the version and they want to our own servers) for our ‘documents anywhere’ aberration out of the way: our accounts system run on their desktop PCs; as it happens, we all requirement. We favour Python for scripting, runs on . choose to run Debian with XFCE. and we use the Python web framework Web2py We'd rather it ran on Linux, but we've not All of our servers run Debian; we use for a couple of internally-written applications. been able to find an accounting system that for mail; Apache for web; Pacemaker and We use for source code control and Jabber meets our business needs and runs on Linux Corosync for clusters; and Shorewall rfo with Psi for communicating between ourselves. (and not for the want of looking). If it's any managing firewalls. Despite trying to use technology for consolation, the Windows system itself is Perhaps unsurprisingly, we use Libree Offic everything, sometimes you can't beat a virtualised and running under Linux. for all our documents, spreadsheets and whiteboard and a handful of coloured pens.

www.tuxradar.com April 2015 LXF196 49 Run a Linux business

There are three main ingredients, and the first particular case, it was easy to find one user and which require action. It’s that action that is system monitoring. Exactly what we who was using the vast majority of the space. increases the security or availability or monitor on a server is determined by the Asking them to clean up their $HOME performance of the server. server's role, but typically there are around directory resolved the problem, as can be After monitoring, the second ingredient is 45-50 parameters that are measured, and seen by the drop in space used in mid- system management. In 2006, we needed to most of them are checked once every five October [see top, p49]. make a change to the firewall on every system minutes, 24/7, 365 days a year. Another element of monitoring involves we supported. It quickly became apparent checking log files. As anyone who has looked that making changes to systems by logging Smart monitoring through a typical Linux system's logs will into each one individually was both inefficient As well as the almost real-time monitoring know, there is a myriad of information there: and risky: one typo and we could lock that Nagios provides, we also graph a lot of a user logs in; an email is received; the internal ourselves out of a server. We needed to find a the same parameters using Munin. There are clock is adjusted by 27 milliseconds etc. scalable way to do it. a huge number of graphs available. The Occasionally, there will be events logged example graph [see bottom of page] shows that should be acted upon. Maybe a disk is Efficient management memory usage. There’s a lot of information reporting errors, or perhaps there are We are supporting hundreds of systems that here, but note that a significant chunk of repeated attempts to log into a nonexistent perform a variety of roles for businesses. memory is being used as a disk cache (the user account. The difficulty is in finding the Some of those servers are running Red Hat, dark blue area) to improve disk read times. that are significant among the some Debian, some CentOS and so on. The At the top of the graph, the red area shows thousands of benign messages. The needles typical system management tasks include: swap space used. are small and the haystack is big: certainly Install outstanding security updates on all Unlike Nagios, we don't monitor the Munin servers on a ‘Business graphs as a matter of routine; rather, we look Support’ contract at them in the context of solving a problem. Nagios:“The aim here is to except those For example, we were alerted (by Nagios) belonging to client A. to a system where the /home partition was only ever receive reports Remove user B from 80% full. A quick investigation showed the all servers belonging data taking up the space was just data in the that will be acted upon.” to client X. home directories, as might be expected. Ensure Apache is The Munin graph of disk space used, [see searching the logs manually is both time- installed on all web servers except those top, p49] shows a quite steep but also quite a consuming and inefficient. marked as ‘lighttpd’, regardless of distro. linear rise. It's easy to see that, if nothing is One approach is to define what is being Do all of the above in a secure, scalable way, done, the /home partition will be full around sought, and have a report sent each time a complete with an audit trail. the end of October. That information is match is found. The challenge, though, is That list is quite a challenge. Even "ensure invaluable: we can call the client, explain what defining what to look for. Searching for ‘error’ Apache is installed" hides some complexity. is happening, and also tell them how quickly in the logs might highlight some interesting On a Debian system, the command is the problem needs to be resolved. In this entries, but it won’t find a line reporting apt-get install apache2 ‘Unknown user: fredbloggs’, for instance whereas on a Red Hat system, it's: A better approach is to define what we install httpd don’t want to know about, and then report on The solution is a configuration everything else. This approach sends emails management system and we use Puppet, to the sysadmin detailing everything in the which comprises a server (the ‘puppet logs that the system hasn’t been told to master’), configuration information, and client ignore. As you might expect, initially that can systems. By default, every half an hour every be a lot of data, with most of it being benign. client ascertains ‘facts’ about itself and sends The aim here is to only ever receive reports them to the puppet master. Those facts will be that will be acted upon: if something is things like the distro being run, the version; reported that will be ignored, that "something" the architecture; the system name etc. should be added to the filters so it’s no longer The ‘Puppet master’ then compiles reported. The end result will typically be a configuration data from the facts, such as the A memory usage graph. Use Munin graphs small number of short reports detailing the log ’node database’, the various Puppet ‘classes’ to help solve problems not for monitoring. entries that didn’t match the ‘expected’ ones, and it sends that configuration data back to

Get a job

Here are some tips for getting a Linux job: Love Linux if you want to get that dream job Get Things Done On your CV and in the CV The role of your CV is to get you an working with Linux every day, show that you are interview, say what you have achieved, not what interview, not a job. Pay attention to spelling, really, really passionate about Linux (and if you were responsible for. Businesses employ grammar and relevance. Two sides of A4 is you're not, maybe this isn't the right career people to make them money (hard truth). sufficient: cut until you can fit it in that space. move for you). Linux Support Experience If you don't have Covering letter Send one, but don't start it Be Smart I don't mean wear a tie, although commercial experience, help friends, go to a LUG ‘Dear Sir’ or ‘To whom it may concern.’ Do your that's a great idea for the interview, regardless of or offer to support a server for a local charity. homework and find out who it should be the office dress code. Linux isn't always easy, Combine points ‘be smart’ and ‘love Linux’ addressed to. Again, check spelling and and smart people are always needed. Note: and you'll demonstrate that you could do this grammar, and then have someone else check it. Sending your CV in isn’t smart. commercially, given the chance.

50 LXF196 April 2015 www.linuxformat.com Run a Linux Xxxxxxxbusiness

the client. The Puppet agent on the client then enforces the client state to match the configuration data (for example, by installing the package apache2). The node database describes how the client node should look, and there are many ways that this can be implemented. We use a hierarchical structure called, imaginatively, 'hiera'. This data hierarchy is specific to us, and a simplified version of it looks like this: Common data This applies to all servers, regardless of Linux distro, client etc. One example is that we always disable the Ctrl+Alt+Delete combination (so that Windows users don't reboot the Linux servers by mistake: yes, it has happened). Common data for a specific client This Keith Edmunds and his team at Tiger Computing have turned a love of Linux into a business. applies to all servers belonging to that client. Example: setting the text of the ‘message of the day’ (motd), the welcome text you see all servers, that disables the Control+Alt+Del processes. One can almost hear a unified sigh: when you log into a Linux system. key sequence: processes? Boring! Specific role within client This might apply class tclbase::ctrl_alt_del { Well, that may be true, but look at it this to all web servers belonging to client X, and # Disable control-alt-delete way. We have over 4,000 lines of hiera files might implement a skeletal holding page with exec { ‘Disable control-alt-delete’: and 170,000 lines of class code and their logo for new websites. path => ‘/usr/bin:/usr/sbin:/bin’, associated data in our Puppet git repository. Specific site within client This applies to command => ‘sed --in-place=.bak -e Not having some kind of process defining how all of one client's servers at a specific location, \’s/^ca:/#ca:/\’ /etc/inittab’, we organise and update such files is quickly and might point those servers at a specific onlyif => ‘grep \’^ca:\’ /etc/inittab’, going to cause problem, eg if each of our local DNS server. } consultants is free to set up email however he Full qualified domain name (fqdn) } or she likes, the next consultant to look at that Specific to a server, eg sets the root password. You can see a simple sed command that server will have to first of all work out how it's Detailed below is a sample of a server- will edit the /etc/inittab file, where that key been done. So we have standards, processes, specific hiera file (with blank lines removed): sequence is defined, and comments it out. documentation. Nothing is cast in stone: if --- However, it only comments it out (onlyif) if it there's a better way of doing something, we classes: isn’t already commented out. In most cases want to discuss it – but until we've agreed to - shorewall this class will only take action the first time it change, we do it the current way. packages: runs, but if someone edits /etc/inittab and There are exceptions, of course. One client - joe uncomments that line, the next time Puppet may be using and another Exim, but - samba runs it re-enforces the change. we document how any particular server differs root-pw: “$6$4s...IdvYocg7sb1Wf.” Puppet configuration can be a complex from our norm on the relevant client wiki page. This system belongs to a class called beast. All of the config files are held in agit In summary, then, these are the shorewall; packages joe and samba are to be repository, and there are testing frameworks applications we use to build our client installed; and a variable called root-pw is included. We use Puppet to manage almost all management infrastructure: Nagios for defined, which holds the hashed value of the routine system management tasks, including system monitoring; Munin for trend root password. Any of those entries could be installing security updates, updating firewall monitoring; Logcheck for log file monitoring; put into a different file and be applied to all configuration and managing packages. TWiki dealing with internal documentation; servers belonging to this client. So how are Puppet covering configuration management those variables used? That's where the Nailing process and Request Tracker for the ticketing system. Puppet classes come in. Each class comprises That's monitoring and management in place; If you want to read how many of those a definition of one element of the server setup. the last ingredient to ensure that our clients might work together in a ‘typical day’, take a For instance, below shows the class applied to never have to tell us about a server problem is look at http://bit.ly/TigCompRole. LXF Why pilots wear uniforms

Does wearing a uniform help a pilot fly the went into the cockpit and sat down in the quick email to the support team asking them to aircraft? Clearly not; if anything, he or she may driver's seat, you'd probably be quite look at something, and the reply they get back do a better job in more comfortable clothes. So concerned. Yet nothing in his appearance has is poorly put together, perhaps with typos and why do they wear uniforms? the slightest relevance to flying a Boeing 737 grammatical mistakes. The recipient will form Imagine you're sitting in a plane waiting to go safely to . conclusions, probably unconsciously, about the to Barcelona for the weekend. A man gets on As human beings, we all jump to conclusions sender, and may well wonder whether the the aircraft, aged about 30, not shaved for 3 or on the flimsiest of evidence. Our brain likes to sender is to be trusted to fix their IT problem. 4 days, jeans, scruffy sweatshirt and trainers. have a full picture of what we're dealing with, Good IT departments fix the confidence Without even consciously being aware of it, you even if that picture is wrong. Most IT support problem by making sure their IT staff can start to form opinions of that person. If he then staff work remotely, so suppose a user sends a communicate in a clear and literate way.

www.tuxradar.com April 2015 LXF196 51 School of Guitarix School of Guitarix Rock out with Conor McCormack as he takes you back to basics and explains pre- amps, MIDI control and effects modules.

uitarix is a modular, virtual amplifier for Linux. With it you can choose different pre-amp and amp models, combine them with various effects Gand speaker cabinet emulations to come up with your very own tones. Guitarix comes as a standalone application, but its modules are also available in the LV2 plugin format, which you can incorporate into your DAW (Digital Audio Workstation) of choice. Furthermore, it can even be run headless, so you can turn a Raspberry Pi, or any other such devices, into a dedicated amp modeler. You can even control Guitarix via a MIDI controller or foot-board. Before you get started, you’ll need to know how to correctly get your guitar signal into your computer. First, you’ll need to make sure your audio interface is selected by the Jack Audio Connection Kit (JACK). This must be selected and JACK must be started before starting up Guitarix. There are various ways to do this but two of the most popular are to use Qjackctl or alternatively, Cadence, which is bundled with KXStudio. To learn more about the fundamentals and getting JACK set up read our recent article [Features, p48 LXF191], but lets plug into Guitarix.

For more pro-level music guides, advice and help visit: libremusicproduction.com

52 LXF196 April 2015 www.linuxformat.com School of Guitarix

Inputs Outputs To speackers Guitar

Guitarix modules

The guitar Your first consideration depends on what type of audio through Guitarix. This will result in the sound being played is connected interface you are using. It’s important to match the guitars back through your speakers with a slight delay. These delays, into input one Guitarix high output impedance level to that of your audio interfaces while small, can completely throw you off your performance. on the audio input or else there will be degradation of the guitar signal, For this reason, you will want to get your audio latency low interface. It is notably, the high frequencies will drop off and you will have a enough that the delay is not perceivable. However, this comes then routed thin, noisy and possibly distorted signal. There are a few ways at the cost of increased CPU usage. through to do this correctly: How low you can get your latency settings depends on Guitarix while the Instrument input If your audio interface has this input, use both your hardware and software set up. For this purpose, an sound goes it. Alternatively, some interfaces have inputs that can be audio-based Linux distribution is recommended, as these will out through switched between line in and instrument. In this case, make have a low latency kernel and other optimisations that will output 1 sure you have it set to ‘instrument’. Note that on some enable you to get superior performance over stock Linux and 2 of the interfaces, instrument inputs are labeled Hi-Z. distros for low latency audio. interface DI Box If your audio interface doesn’t have an instrument You can adjust your latency (frame rate) in Qjackctl or and into the input, you need one of these boxes. This will correct the Cadence but if you are using the standalone Guitarix client, speakers. impedance mismatch so that you can then connect it up to a there is an easier way of doing this. If you go to Engine > line in or mic input. Latency, you can choose your frame rate setting here. Next, start up Guitarix. When you have your guitar hooked The advantage of changing it from within Guitarix is that you up into your computers sound card, you will need to connect can change the setting on the fly, ie there’s no need to stop up it up to Guitarix. You can use the patchbay area of Qjackctl and restart JACK each time you change the setting. It will or alternatively more graphical programs such as Patchage or default to either 1,024 or 512 frames. Those settings will Catia, to make your connections. For the standalone Guitarix typically cause a noticeable delay. Try lowering the frame rate application, see our diagram (above) for how your input and in increments until you get the audio latency low enough that output connections should look. it is not perceivable. A setting between 64 and 256 will usually Note that Guitarix is broken up into two JACK modules. give you the best results. The first one is called gx_head_amp, which is a module containing the amp and mono rack effects. The second is a Interface explained stereo module for stereo rack effects. If these are not When you first start up Guitarix, you will be presented with correctly connected up, make sure the output of the amp is the amp head and nothing more. You will find some toggle going into the input of the stereo effects section. You can then buttons along the top. These do the following: treat them as one module in most cases; however, you can Effects Toggles the visibility of the effects plugin bar. insert effects from other JACK applications in between gx_ Config mode Collapses the height of all effects modules head_amp and gx_head_fx if you wish. and enables you to easily click and drag around their order. This is useful for reordering large amounts of effects. Latency settings Tuner Toggles the visibility of the tuner rack. Latency is the length of time that it takes your computer to Show Rack Toggles the visibility of rack effects modules. process a signal and give you back the result. Audio latency is Horizontal This changes the way that the rack modules are not something that you want if you are playing your guitar live displayed and presents them across two columns: the mono

Convolution

Guitarix includes a convolution module called emulator by loading up speaker cabinet button in the Convolver module. Next, click on Convolver that enables you to load up impulse impulses. Any impulse responses saved in WAV File. You will see two bookmarks on the left response files, and you will find Convolver under file format can be used with Guitarix. A search called amps and bands. In these folders you will the Reverb category. online will yield lots of forums full of them. find WAV files that you can load up as impulse With Convolver you can load up reverb To get you started though, Guitarix comes responses. If you are using impulse responses impulses although another very good use for with some guitar cabinet impulse response files for your cabinet emulation, make sure you convolution is using it as a speaker cabinet preinstalled. To load these up, click on the Setup disable your cabinet module.

www.tuxradar.com April 2015 LXF196 53 School of Guitarix

plugins in the left-hand column and the stereo plugins in the the rack handles on either side of a module, click and drag to right-hand column. rearrange the order. To remove a module from the rack, grab Plus and minus buttons The minus button collapses the it and drag it back into the plugin bar. The signal is processed height of all rack effects modules, while the plus button through these modules from top to bottom. If you add stereo expands them again. plugins, they can only be added to the bottom of the rack. Live play This shows a minimal fullscreen display with This is because stereo effects are processed after mono preset information, which is useful for live performance. effects, and hence why Guitarix shows up as two separate You’ll want to start adding and arranging modules and JACK modules. If you are using the horizontal option for effects. Press the Effects toggle button. You will now see all displaying rack effects, the signal flows from top to bottom available plugins and effects down the left-hand side. These through the mono rack on the left and then into the stereo are categorised into collapsible boxes. You can expand any of rack on the right, again being processed from top to bottom. these categories by clicking on a category box. The order of your signal chain is important. The basic To add an effect to your signal chain, simply click and drag structure that will mimic a real amp and speaker cabinet set it across to the rack area and drop it into position. Effects up needs to have a tonestack and cabinet module below default to disabled when first added to the rack. On the left- (after) the preamp. You will find both of these modules in the hand side of each effect module is a button, which you can Tone control category: toggle to enable or disable the effect. These modules can be Preamp Boosts your guitar signal, with tube emulation. moved around in various orders, and can be added before Tone Stack Processes the guitar sound. There are (above) or after (below) the pre-amp section. Just hover over selectable amp models which you can choose Cabinet Emulates the playback through selectable Exploring the Guitarix interface guitar cabinets. The amp head controls are as follows: Signal flows top to bottom Pregain The input level of the guitar. Drive The signal gain. Clean/dist The amount of distortion. Control strip Master gain The amount of signal sent from the pre-amp to the power section. Master out This control is an exception to the top to bottom signal flow rule. On this meter you will notice a small white slider. If you drag this up and down it will boost or attenuate the final output signal (to JACK signal). This is Drag and drop useful for attenuating the signal so it doesn’t clip on its way effects Preamp FX out of Guitarix. Master out Effects modules Guitarix comes with an extensive list of effects, including compression, distortion, modulation, reverb, delay, EQ, etc. Some of the effects modules that are included in Guitarix are Expand Tonestack Postamp FX influenced by some popular hardware units, for example the category Tube Screamer is, not surprisingly, based off of the Ibanez boxes Tube Screamer. As well as its built-in effects, Guitarix can also make use of Cabinet any LAPSPA or LV2 plugins that you have installed on your system. These have to be specifically enabled for them to show up in the plugin sidebar. To do this, go to Plugins > LADSPA/LV2 Plugins. Any enabled plugins will now show up in your plugin side bar under the category ‘External’. Between Guitarix’s built-in plugins and third-party plugins, there is a vast amount of effects to choose from. Controlling Guitarix via MIDI

Almost all parameters in Guitarix can be Go to Engine > Jack Ports and click on MIDI tab. Behringer FCB1010, you can bind your foot controlled via MIDI. This includes changing the You can select your MIDI device here. switches to turn various effects modules on and values of knobs right through to turning on and Once you have your MIDI device connected off. Alternatively, if your MIDI controller has off modules and even scrolling through menus. up, creating bindings is as simple as pressing knobs, you can also bind parameters to these. Before you create any MIDI bindings, you will the middle mouse button on whichever The expression pedals can be bound to Wah first need to make sure that your MIDI device is parameters you wish to control, followed by effects, etc, and your various bindings can be hooked up to Guitarix. You can make this moving what you want to bind it to on your viewed and edited by navigating to Engine > connection using any of the many connection controller. Being able to control so much this Midi Controller. These bindings can also be tools that Linux has to offer but one method is way makes Guitarix a very good tool for live use. saved in presets so that they can easily be to use the built-in MIDI connections window. If you have a MIDI foot-board, for example, the recalled for later use.

54 LXF196 April 2015 www.linuxformat.com School of Guitarix

There are no hard and fast rules for the order to place your effects in. If something achieves the sound you are looking for, then it is the correct way for that purpose, however, there are some generally accepted best practices for the order in which most guitarists prefer to have their effects. The effects table (below) will give you some idea of effects and their recommended order, from top to bottom, in the signal chain. If you press the preset button on the bottom left of Guitarix, the preset manager will pop up along the bottom. There are already a few presets here but it’s easy to add and manage your own. To create a new preset, click on New in the Scratchpad section. This will prompt you to name your preset. You can then press Save to save your new preset, or The main guitar LV2 amp modelling plugin is GxAmplifier. tweak it more before doing so. You can also create new banks for your presets and organise them. and matching knobs. Additionally, the cabinet and tonestack menus have an off option. This is particularly useful in relation Ways to use Guitarix to the cabinet section, as you might prefer to use an impulse Guitarix can be used in many different ways: as a practice response after the plugin for you cabinet emulation. In this tool, a recording tool and a reamping tool. Having both the case, you’d disable the cabinet section with the off option and standalone version and LV2 plugin versions, allows for great add an impulse response plugin after GxAmplifier. We’d flexibility of use: as standalone; as a live/live practice tool; to suggest two good choices for impulse response plugins, record directly into your DAW or as an insert in your DAW. which are IR LV2 and Klangfalter. Another option is to use the LV2 plugins on a channel strip As well as the GxAmplifier, Guitarix has also ported over and record your guitar signal into your DAW dry. This way you many of its effects modules as LV2 plugins. All of these have great flexibility in processing your sound later, and plugins are prefixed by Gx, so if you search for ‘gx’ in your tweaking it to perfection, as you will always have the original plugin manager, you will quickly find all the plugins. dry performance. Guitarix is a very flexible tool. It can be used in many GxAmplifier is the main guitar LV2 amp modelling plugin different types of setups and there are many interesting (pictured above). This plugin consolidates the main amp projects related to it. One project is , a hardware sound signal flow mentioned above, into one plugin. So, you have the processing pedal running Guitarix and its various modules. If pre-amp choice on the left, cabinet choice in the middle and you want to check out some of the sounds, then head over to tonestack choice on the right. When switching between pre- the MOD website (http://portalmod.com/promo) where amp types, the plugins skin changes to a suitable amp type you will find some sound . LXF Effect order

EFFECT RECOMMENDED GUITARIX MODULE TIPS PRE-AMP EFFECTS Cuts off low level noise. This is built into Noise gate Built-in noise gate Guitarix as first in the signal path. Compressor Compressors work best when placed before Compressor Category – Guitar Effects any sound shaping effects. The tube screamer is a popular guitar pedal. It’s often used to add a signal boost without Tube Screamer Overdrive/Distortion driving up the gain setting too much. Category – Distortion This hotter signal can drive the pre-amp section harder. Graphic EQ Useful for sculpting your tone, cutting Graphic EQ Category – Tone Control problematic frequencies, mid boost etc. The GCB 95 is based off of a crybaby wah GCB 95 Wah pedal. If you have a MIDI controlled expression Category – Guitar Effects pedal, you can use it to control this. POST AMP EFFECTS Zita Rev1 This can add space around your guitar. Reverb Category – Reverb More suited to clean/lead tones. Delay, or Echo, can often be more suitable Digital Stereo Delay than reverb. Whereas reverb can blend a Delay (sometimes called Echo) Category – Echo/Delay guitar into the back, delay can make a guitars sound more up front. This can be used for adding reverb impulse Convolver response files, but also is a good alternative to Convolution Category – Reverb using the cabinet module if you have impulse response files of cabinets.

www.tuxradar.com April 2015 LXF196 55 Mr Brown’s Administeria Mr Brown’s Administeria Jolyon Brown When not consulting on Linux/DevOps, Jolyon Esoteric system administration goodness from spends his time bootstrapping a startup. His biggest ambition is to find a reason to use Emacs. the impenetrable bowels of the server room.

Ain’t no reboot

hen Linux Format’s esteemed editor [me? - Ed] first got in W contact with me about picking up the Administeria column he handily included a list of previous articles Dr Brown (Sorry, no relation) has penned in the last 80-odd issues he’s contributed to. It was rather daunting list to read to say the least! There doesn’t seem to be a topic Chris Development continues hasn’t covered in some way, shape or form in that time. Matching this prolific output combined with the high quality The Good apace at CoreOS Doctor has managed will be some feat. In some ways, picking up this column feels like The battle with heats up as etcd hits 2.0 walking into a new sysadmin job, except it doesn’t come with the one advantage that and CoreOS targets the modern infrastructure biz. sysadmins and governments have in common – being able to blame the oreOS (https://coreos.com), the Foundry – Pivotal Software's platform as a previous employee when things go wrong! Linux distro, which declared itself service). What etcd does is provides It does beg the question though – what Cproduction ready halfway through last applications with details on their database to cover? It doesn’t seem as though the life year, announced that etcd, a key component of connection credentials and enables services to of a sysadmin is getting any easier; the its infrastructure, had also reached a stable advertise to, say, a proxy server that they are physical systems of years ago have been release point. This follows the announcement online and are available for routing traffic to. replaced by virtual equivalents at a ratio of back in December that it was working on While being open source, the company many multiples to one. Security threats and Rocket, a container 'replacement' for Docker. behind CoreOS offer a paid 'push' model where demands have grown, and the delineation as the CoreOS team between the traditional sysadmin and other felt Docker was roles, particularly development, is becoming diverging from it's increasingly blurred. original intentions. With this in mind, over the next few The distro itself issues we’ll be looking at some open source boasts a very small core, tools that sysadmins can use in their day to and uses containers for day jobs to make life easier. This month hosting services, and we'll begin with Ansible, the – dare we say includes a cluster manager (Fleet) which it software updates are applied without fun but definitely – interesting take on says enables CoreOS to deliver 'easy intervention from the local support teams. configuration management. I’d really like to warehouse-scale computing'. It does this by Despite the danger of this causing aneurysms hear from readers of Administeria with any aggregating individual machines into a single for some sysadmins and security teams, in this suggestions of areas they would like to see pool of resources. Services which need to be increasingly cloud and centric – some may say covered, especially on subjects that cause run are submitted to the cluster and Fleet hyped – world there's mileage in a service that them problems or that they find confusing. decides where they should run. It also allows supplies a modern OS to customers managed Please feel free to drop me an email on for graceful updates of the OS across a cluster, in the same way as a browser or retail appliance. these or other sysadmin-related subjects. handles machine failures automatically and The distro is quietly gaining momentum My hope is this excellent column will carry allows for efficient resource utilization. with the likes of RackSpace and even Redmond on being as useful and relevant as it has Etcd is a distributed key/value store which starting to offer it on their public clouds (it's an been for me over the years. CoreOS uses to share data across it's clusters increasingly popular choice on OpenStack [email protected] and it’s in use by many other projects clouds). I plan to cover CoreOS in a lot more (including Google and Cloud depth in a forthcoming issue, watch this space.

56 LXF196 April 2015 www.linuxformat.com Mr Brown’s Administeria

Ansible for easy config management Learn how to consistently manage huge groups of machines armed with little more than an SSH connection and some Python.

onfiguration management software is now pretty ansible on Ubuntu or commonplace, but not universal by any means, in any sudo yum install Corganisation that has to manage multiple machines ansible on Red Hat- Host Host Host (virtual or otherwise). There are quite a few choices available based systems (after in the free/open source world, some of which are now pretty enabling the EPEL mature. However, one slight criticism often levied against repository). It’s also tools such as Puppet and Chef are that they require their own pretty easy to install infrastructure to be useful. from source (or from A central ‘management’ type server is often needed to Ansible repos). store the configuration, and agents need to be distributed out Installing from Ansible Inventory across an estate for them to be able to pull settings out to will generally mean site.yml individual nodes. Any additional infrastructure of this kind you get a more up-to- – roles Git brings it’s own headaches. You'll need to consider backups date version of the –playbooks –templates and/or high availability, as well as bespoke firewall and/or software (1.8 vs –files routing changes. So while being able to consistently wield Ubuntu’s 1.5). control over a large number of machines with a high server to Once installed sysadmin ratio is desirable, the effort needed to get to that locally on our development machine, we need a target system Ansible can use SSH and point is quite high. to configure (we won’t cover actually installing any target easy-to-read text OSes here). This system could be anywhere: a local VM, a files to control Enter Ansible physical box on the network or out in the cloud. It doesn't all your hosts. Ansible aims to reduce the barriers to using configuration matter so long as it’s reachable by SSH and we have the Just remember management. It achieves this by having a very minimal set of logon credentials for it. Ideally, using SSH keys is the way to to version control requirements for getting up and running. Aside from the go here. (The command ssh-copy- is worth investigating for everything. ansible package itself (which will needs to be installed on distributing keys to boxes you have password access to, and it local machines used by the sysadmin/dev ops teams) most, comes bundled with OpenSSH.) if not all, the other elements of the Ansible stack come The first thing to do is to add the hosts details to an bundled with any Linux distribution by default (Python 2.5 or inventory. There's a default inventory located under /etc/ later, and SSH). Rather than using specialised agents to ansible/hosts (but inventories can be created anywhere and configure target systems, Ansible uses SSH connections and multiple inventories can exist (a common use case is to have nodes need no extra software installation to run. separate inventories for production and development hosts, The actual config steps themselves are written in YAML for example). We can edit that file and add our target host (www.yaml.org), which makes them easy for humans to (and have a look at some of the example lines). Lets assume read, write and more importantly understand. Ansible also it’s called testserver.example.com. Also, we could reference makes use of a templating language called Jinja2 it by it’s IP address instead if we wanted. (http://jinja.pocoo.org) based on the templating found in …. Django (another Python-based bit of software) but extends it # Ex 1: Ungrouped hosts, specify before any group headers. to make it more powerful. testserver.example.com At the basic level, most work in Ansible involves writing a One thing to note is that hosts can be grouped together list of tasks to be carried out on a set of target hosts. These here by simply listing them under a title between two square tasks, written in YAML, are carried out in the order listed in a eg, [webservers]. When you run Ansible commands, file called in Ansible lingo as a 'playbook'. you can target groups like this, so that installing Apache as in Now lets install Ansible and give it a whirl. This is very the example above on multiple machines becomes just as straightforward, requiring a simple sudo apt-get install easy as installing it on one. Ansible modules and idempotency Ase I'v mentioned, Ansible comes complete with boxes (should you wish to do so). If for some unless it's required. The idea here is that I could many modules (a full list of modules is in the reason what you need isn't available, modules safely run playbooks against my systems over docs: http://bit.ly/AnsibleModules). These can be extended with locally written ones. and over in the knowledge that they won't break. cover a wide range of areas, broadly related to There's a handy guide to doing this at http:// This takes a bit of testing and getting used to at individual tasks a sysadmin might carry out bit.ly/AnsibleDevMods Ansible tisn’ fussy first, but is well worth the effort. However a team regularly. Some of these are available in an about the language modules are written in so running Ansible (or other types of tools) need to 'extras' module found on GitHub (http://bit.ly/ long as it can handle JSON. Python is popular be very wary of manual changes, which aren't AnsibleModExtras). These are expanding all the though, given Ansible’s roots pushed back into Ansible and version control. time and looking down the list will usually throw It's important to understand that modules The whole team needs to get onboard with a up things you need – everything from the basic attempt to be idempotent in Ansible. This system like this or problems will result and be shell command type tasks to managing windows means that they will not try to change anything hard to track down.

www.tuxradar.com April 2015 LXF196 57 Mr Brown’s Administeria

A quick command to show that everything is working is to importantly, allow us to hold all of our Ansible configuration in run a ping against our host. It’s worth noting thatAnsible will source control (I'm assuming you can install git locally if you attempt to connect to the target using the current username, haven’t got it already). just the same way SSH would. If you have a different account mkdir lxf-ansible you want to use on the remote node, specify that with the-u cd lxf-ansible parameter to the ansible command (which itself is just for git init . running a single command): Our personal preference is to hold inventory files in the ~$ ansible all -m ping -u jolyon same source-controlled location as the rest of our files. Let’s testserver.example.com | success >> { make a sub-directory and create a new inventory file in it "changed": false, (substituting your server name for our example here). "ping": "pong" mkdir inventory } echo [ubuntu] > inventory/lxf When it comes to actually implementing change on the echo testserver.example.com >> inventory/lxf target host, there’s a fair chance that root level access might Here, I've put the server into an ‘ubuntu’ group. Now, let’s be required (but not always). There are a couple of ways to create a playbook, using whatever text editor we have to handle this: either use root as the user supplied to the hand. Save it with the filename lxf.yml: ansible command (probably not recommended) or use the --- --ask-sudo- flag. You could attempt to run apt-get - hosts: ubuntu update against our target node here, but that would receive vars: permission errors: - iptables_ports: ansible all -a "apt-get update" -u jolyon - { protocol: "tcp", port: "22" } Using the sudo parameter, however, I’ll be prompted for a - { protocol: "tcp", port: "443" } password before seeing the familiar list of apt data-sources tasks: and before we return back to the prompt: - name: Install iptables-persistent ansible all -a "apt-get update" -u jolyon --ask-sudo-pass apt: name=iptables-persistent state=present - name: ensure firewall includes our ports Playbooks & roles template: dest=/etc/iptables/rules.v4 src=iptables.j2 Now that I’ve tested that owner=root group=root mode=0600 Ansible is communicating notify: with our host, let’s turn to - restart iptables actually writing a playbook. - name: start iptables-persistent service Let’s assume that our single service: name=iptables-persistent state=started server is a new host running handlers: Ubuntu 14.04 and I want to - name: restart iptables configure it with some service: name=iptables-persistent enabled=yes sensible security and system state=restarted defaults. I want to set a OK, time for a quick review of what's happening. The first firewall up, and ensure that line specifies that I've targeted the ‘ubuntu’ group I created is installed and just now. I then set some variables for use in the playbook, enabled. Note: A properly such as iptables ports I'm looking to enable. The next couple secured server would have of tasks here should be pretty understandable. The playbook not only these steps but installs the iptables-persistent package using apt, then many more). drops a templated iptables configuration file onto the system. A nice option in Ansible is the use of cowsay Let’s start with creating a The template line mentions a source file with the name if it’s installed and having your orchestration new directory to hold our apache2.conf.j2. the .j2 means it's a Jinja2 source file (see efforts commented on by a herd of bovines. Ansible playbook and, more below). The notify line here is a special action forAnsible ,

Jinja2 templates

The Jinja2 templating system (http://jinja. gathering phase of a playbook run, and figuring ------pocoo.org/docs/dev/) is a very powerful out what can be gathered from the inventory etc {{ group_names | to_nice_json }} element of the Ansible stack. It allows files to be can be a bit frustrating at the beginning. Luckily, generated using data available to Ansible at the these can be dumped out with a special Group variables time the playbook is run. Within the template template file. Save a copy of this for future use ------itself, various control structures and expressions (call it something like dumpall.j2) {{ groups | to_nice_json }} can be used as well as passing variables from Module variables ("vars") Ansible. A good place to start here is the ------Host variables Template Designer documentation page on the {{ vars | to_nice_json }} ------Jinja website. With a bit of practice, generating {{ hostvars | to_nice_json }} configuration files etc for Linux host will Environment Variables ("environment") This can then be called from a playbook: becomes second nature. ------name: dump all variables There are a few tricks worth noting when {{ environment | to_nice_json }} template: src=drumpall.j2 dest=/tmp/ansible.all getting started with templates, though. Knowing You will then have a nice collection of variable which variables are available through the facts- Group names names and output in /tmp on your target host.

58 LXF196 April 2015 www.linuxformat.com Mr Brown’s Administeria

which says that if the template line changes the file, then the handler to restart iptables must be notified. If the file doesn’t change, then the handler won't take any action. Finally, we just ensure the iptables-persistent service gets enabled to pick up our changes if it hasn’t been already. Now create a second file with the following content and save it as iptables.j2: *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT {% if iptables_ports is defined %} {% for data in iptables_ports %} -A INPUT -p {{ data.protocol }} -m {{ data.protocol }} --dport {{ data.port }} -j ACCEPT A lot of {% endfor %} Fact gathering can be disabled, which is handy in certain open source {% endif %} circumstances, eg one off runs against multiple hosts. vendors support COMMIT After the playbook has run, I run the same command themselves with This file is an example of a Jinja2 template. The lines again. This time some of the tasks complete as ‘OK’ rather ‘value-added’ enclosed within %s are Python statements, and the values than ‘Changed’. This is because Ansible knows it has no work products, Ansible Tower is a within the {{ }} are replaced with values generated at runtime to do for this run, as the system is already in the desired state. browser-based and everything else makes it into the file as is. The template Logging onto the target system reveals, via the command application has access to the ‘vars’ declared in our playbook, namely the sudo iptables -L that the system now has ports 22 (SSH) with enterprise iptables_ports list of values. These are then looped over and and https (443) available, with others blocked off. friendly features. their contents transferred into an iptables entry. Variables can Pushing on, I re-open the lxf.yml file and add the following be presented to templates in quite a few different ways within lines to the bottom of the ‘tasks’ section (but above the Ansible, and combined with the templating system provide a ‘handler’ lines). very powerful tool for sysadmin use. Once I've made these - name: ensure apparmor is installed changes, best practice is to add them to git and commit apt: name=apparmor state=present them. I can test this playbook out as follows: ansible-playbook -i inventory/lxf lxf.yml —sudo —ask-sudo- - name: ensure apparmor is enabled, started pass -u service: name=apparmor enabled=yes state=started This should result in output similar to the following: And re-run the ansible-playbook command again [see PLAY [ubuntu] ******************************************************** above]. This should now ensure apparmor is available to me ********* on my Ubuntu host. You may notice that our code featured GATHERING FACTS ************************************************ the keywords ‘apt’ , ‘service’ and ‘template’ in the examples. *************** These refer to Ansibles built in modules. The software has ok: [testserver.example.com] many of these available in it’s core libraries with many more TASK: [Install iptables-persistent] ********************************* downloadable, and with the option to write my own [see the ********** Ansible modules and idempotency box, p57]. ok: [testserver.example.com] While these are relatively trivial examples, I've shown how TASK: [ensure firewall includes our ports] *********************** to create a playbook; chosen which nodes to run it against; ************* dynamically created files containing information within it; and changed: [testserver.example.com] made our server a little more secure. I could easily add to the TASK: [enable iptables-persistent service] *********************** hosts I want to run this against by adding them to my ************* inventory. Also, I could decide to use the playbook to create a changed: [testserver.example.com] role. Roles are a great way to organise playbooks. By NOTIFIED: [restart iptables] *************************************** assigning a group of hosts roles, I can ensure they all get the *********** settings they need. So for example, all ubuntu hosts could get changed: [testserver.example.com] my ‘security’ role that I've just started to develop above. They PLAY RECAP ******************************************************** might also get a ‘webservers’ role while others get a ‘’ ************ role. All of these are then referenced in a file usually known as testserver.example.com : ok=5 changed=3 site.yml. This is a playbook that describes the whole unreachable=0 failed=0 infrastructure, referencing roles within it. By running site.yml, Note that the first thing Ansible does is gather ‘facts’. I could build my whole infrastructure from scratch, and by These are in fact (sorry) variables populated by Ansible with targeting another inventory, I can replicate my infrastructure everything it can find out about the host that it's running on another environment entirely. against. These are quite detailed. They include a lot of This only scratches the surface of Ansible, but hopefully information on the system architecture, IP addresses, I've given you a sense of how straightforward it is to get up processor cores available etc. These can then be used within and running. There’s a lot of information available at the playbook (and within templates) as required. http://docs.ansible.com. LXF

www.tuxradar.com April 2015 LXF196 59 The best new open source software on the planet

Alexander Tolstoy The hottest bits of the latest and the greatest open source software around are brought by Alexander for your perusal. AbiWord GParted Handbrake Stellarium Gnome Battery Bench Krita Albert Xonotic X-Moto TLP MDP

Text processor AbiWord Version: 3.0.1 Web: www..org

e're revisiting AbiWord again, optional and many packages (such as after this outstanding word for Gentoo or FreeBSD) disabled the W processing software landed OpenXML plug-in because it wasn't in a previous HotPicks [p60, LXF179]. considered stable enough. Now the The new version is 3.0.1, which may problems are mostly solved and, when seem a minor update compared to you have to, you can now open 3.0.0, but the AbiWord developers Microsoft Word documents directly, haven't been idle for the past year and modify them and save, and write any a half since rolling out that major changes to the original file. release. And, again, the team is offering After rolling out the 3.0.0, the DOCX support is perhaps not perfect yet but it’s still very something special for those who are AbiWord developers faced many decent and getting better with each release. involved in lots of typing and formatting stability and performance issues that of documents. were introduced along with their much- praised transition to the GTK3 toolkit. The most praised and highly In 3.0.1 most of those issues are solved. anticipated feature of AbiWord 3.0.1 is For instance, AbiWord no longer the default OpenXML plugin, which has “Now has a default crashes while importing complex better support for the DOCX file format. OpenXML plugin, and documents and redrawing some areas; There has been DOCX support in a few and it also no longer has GTK memory previous AbiWord releases, but it was better support for DOCX.” leaks and is generally more stable. AbiWord remains a feature-rich, yet lightweight competitor of LibreOffice Writer, and it offers gorgeous Exploring the Abiword interface collaboration features, including Telepathy support, along with support Familiar toolbar for the Resource Description Framework (RDF), the original If you're still missing the classic non-ribbon interface, grammar-checking parser (known as these convenient buttons ) and some handy are here to stay. optional plugins. We were pleased to be able to work with correctly formatted Latex formulas and had fun with Open Collaboration Text Summarizer (libots), which Don't gloss over this automatically extracts the plot from powerful feature, as it'll show you how to open voluminous texts. access to your document AbiWord can be found in almost any for others to see and alter. Linux distro, but we can't guarantee that the software will be updated MathML support Easy text formatting XMPP-ready everywhere to the latest version, but AbiWord does a good job Most essential and frequently used Connect your Jabber account you can compile the application from when it comes to handling features are just one click away. to AbiWord and select a buddy source. This way also brings more mathematical expressions, These include numbered and bullet that you want to share your freedom, because you can decide, equations and formulas. lists, alignment and filling etc. document with. which features you want to enable or disable, according to your preferences.

60 LXF196 April 2015 www.linuxformat.com LXFHotPicks

Partition manager GParted Version: 0.21 Web: http://gparted.org

Parted is a free partition editor distros that are already aging, even and a neat graphical when RHEL 5.x and its libre derivatives Gapplication for managing disks use legacy 2.6.18 kernel and thus are and partitions. The name actually unable to mount partitions, you'll stands for GNU Parted, as it was initially still be able to create them with started as a GTK front-end for the GParted, which is lovely. Your disk layouts are easier to alter now that duplicate console parted command. Another game changer is the actions when resizing a partition have been removed. GParted isn't the official Gnome inclusion of ReFS support. ReFS stands partition manager, the official one is for Resilient File System and is from Disks aka Palimpsest , but we Microsoft. It's intended to become the back to life, enabling the creation of really think that GParted is more default filesystem in a future post-NTFS partitions on modern Linux 3.x beloved and valued among Linux Windows. ReFS was introduced in kernels. Reiser4 continues to progress community. The new release, which was 2012 and uses B+ on Linux with filesystem patches rolled out after half a year of trees for on-disk data structures, recently updated for Linux 3.16 kernel development, brings many promising allocation-on-write updating of meta- support, as well as support for SSD and attractive features. data, and supports some of NTFS discard option. The key changes in GParted 0.21 features. Last but not least, the new GParted is present in almost any include a fix for an off-by-one sector release brings the Reiser4 filesystem distro, plus you can download a GParted error with editor’s internal block copy; Live image (which is based on Debian support for Ext4 file-systems on RHEL/ Sid, http://bit.ly/GPartedLive), which CentOS 5.x; and the removal “Enables the creation of you can burn to CD or write to a USB unnecessary duplicate actions when Reiser4 partitions on stick. The technology is really , resizing a partition. GParted also takes keeping in mind that GParted itself has care to support enterprise-level Linux Linux 3.x kernels.” tiny footprint of just 2MB.

Video transcoder Handbrake Version: 0.10 Web: https://handbrake.fr

or years we've been using main window area, but it's possible to FFmpeg, mencoder and vlc for choose custom options at any time. Fvarious tasks, from extracting The output settings area have six audio tracks out of movies to tabs, of which the most important are downsizing video for use on Filters and Video. The first one enables mobile devices. Handbrake is you to quickly fix common picture Handbrake supplies more metadata than other tools and specifically a video transcoder, but it's issues, such as telecining (distorted while your movie converts, you can explore the file details. an enticing option to many convenient frames of moving objects, when encoders and here's why: The program recorded from PAL or NTSC source), and even more options for the originally served as a DVD ripper, but as interlacing, noise and blocks. H.264/264 codec. time has gone on, it’s gained more Handbrake filters are quite effective, Using Handbrake is a pleasure to features, including support for though they slow the encoding a little. use – the program is simple, yet H.264/265, Blu-Ray and DVD subtitles. The Video tab has video codec options powerful and stable. Handbrake relies However, the most prominent feature is for H.264/265, MPEG-2/4, VP8, ; on dozens of open source libraries and a handy bunch of predefined target container selection (MP4 or MKV) and codecs, including FFmpeg and presets for popular devices. Handbrake various codec tunables, such as GStreamer plugins. Some components allows you to seamlessly convert your optimisation rate, framerate selection are statically linked and in the video – whether local file or optical disc Handbrake install – the team say it uses – including Android, iPad and AppleTV. custom patches that aren't part of the The pane on the right-hand side of the “A pleasure to use – the upstream versions for better stability. Handbrake window houses a tree of program is simple, yet More than that, almost its major those formats. When you click one, the features are available via HandbrakeCLI settings are applied instantly in the powerful and stable.” executable – very useful for scripting.

www.tuxradar.com April 2015 LXF196 61 LXFHotPicks

Planetarium Stellarium Version: 0.13.2 Web: www.stellarium.org

f you love a flower that lives on a and with the correct rotation just as if star, it is sweet to look at the sky at you were looking at them through in Inight", wrote Antoine de Saint- real sky. Stellarium enables you to Exupéry in Little . And for Linux switch the atmosphere on and off, and users that are no less romantic – but when it is on you can enjoy very detailed not so eager to pry themselves away sunrises and sunsets on Earth or look from their seats – Stellarium is the cure. at the Earth from another planet or It's a detailed OpenGL-powered 3D sky position in space. Take a trip into the virtual night sky and view 210 million emulator, which you can scroll, zoom in Stellarium is very feature-rich with stars from any spot on Earth and beyond. and out of and travel to any spot on lots of interface controls, 20 sky Earth and beyond. cultures and translations in 133 Stellarium has a catalogue of more languages. Starting from the 0.13 and exoplanets; Zodiacal light; native than 210 million stars, of which nearly series, Stellarium has started using Qt5 planets naming for non-English locales 600,000 are bundled within a local controls, and brings significant and an updated plug-ins stack. Yes, installation. You can gaze at them all improvements over 0.12 version. These hardcore astronomy nerds will be with the 'naked eye', which makes include new sky cultures (Arabic, happy with the new coordinates sense only for great planets, the milky Japanese and Siberian); a more realistic measuring tool, observatory plugin, way and some constellations, or by Milky Way, nebulas, comets, asteroids telescope control tool and son on. If you using binoculars or an even more find it thrilling, don't miss the new powerful telescope. Stellarium release and go download the Little and distant stars are rendered “Zoom in and out of a latest version from the project website. as simplified circles, but solar system detailed OpenGL-powered The program requires and some planets and the Moon are shown with Qt5-devel packages, which should be their appropriate textures, correctly lit 3D sky emulator.” available in your distribution.

Battery monitor Gnome Battery Bench Version: 3.15.4 Web: http://bit.ly/GnomeBatteryBench

hose who run Linux on a laptop are three graphs for: power, battery are probably aware of some percentage and estimated battery life. Tbasic tips, which help improve Test sequences are editable, plus you battery life. Among a bounty of can create your own one by running Gnome Battery Bench is a nice and visually appealing optimising and analysing tools there's gbb record on the command line. The front-end to the Powertop tool. the Powertop utility for measuring output is saved in a plain text file in power consumption and generating /usr/share/-battery-bench/ or until 5% of battery charge) and reports. Powertop doesn't take over test, which can be played back using backlight percentage (5-50-100%). control of your settings, but analyses gbb play /your/file.txt. You can place Gnome Battery Bench only emerged them and helps find culprits for battery your own recording in similar files in the earlier this year and requires GTK 3.14 drain. Gnome Battery Bench is a folder, which you’ll be able to access via or later. Currently it’s only packaged for graphical front-end for Powertop that a drop-down menu in Powertop. For any Ubuntu 15.04, but you can build it from controls battery usage in real time, test you choose you can specify the source, which is simple if you have X11, which can be very useful if you want to duration of the loop (5-10-30 minutes GTK3, and a few other Gnome- measure the results of your changes. related dependencies installed. It's The program offers two test cases - worth noting that the app can be Idle and Light Duty. For the latter it “A front-end for Powertop successfully compiled with older GTK3 plays back recorded sequences of that controls battery versions, but just won't run. Also, make events in a loop and monitors battery sure that you have Powertop installed, charge to estimate power usage. There usage in real time.” as Battery Bench doesn’t check for it.

62 LXF196 April 2015 www.linuxformat.com F LXLXFHotPicks

Raster graphics editor Krita Version: 2.8.7 Web: https://krita.org

et's start with an answer to a artists in many communities, such as common question: Krita means Deviant Art. L'chalk' in Swedish as the The layout of the main window program was designed primarily for would be familiar for most users. drawing from the outset. This isn't The toolbar is on the left while colours, evident to everyone, as we keep being brushes, tool options, layers and other asked whether Krita is an Adobe stuff are on the right. The top menu Even Grumpy Cat can't believe how many brush presets Photoshop alternative or a KDE-friendly houses common file-handling options, that Krita has to offer the digital artist. equivalent to Gimp. The simple answer such as New, Save, Undo arrows and is: not really. Krita is a sophisticated also Gradients and Filling tools. for instance, can be recorded to a and professional drawing software, For those who explore Krita more macro and played back later. targeted at creating hand-drawn digital deeply will find some stunning features. But the best way to get the most out art. It, therefore, has dozens of Along with more common tools, such of Krita and see what's possible is to templates for strip cartoons, but very as path drawing and multi-brush surf through the official gallery of few image filters. painting, Krita offers CMYK support, fantastic artwork created in the editor Krita is a part of the popular but still HDR painting, perspective grids, (https://krita.org/features/gallery). lesser-known office suite Calligra, and is dockers, filters, painting assistants and Krita is available for most Linux perhaps the most prominent and much more. The sequence of actions, flavours, thanks to its parent Calligra complete part of Calligra, as the suite, in Suite package. If you're not sure that general, doesn’t even come close to you're going to get the latest Krita LibreOffice in terms of features. “The editor is respected version, you may want to try to compile But Krita is often regarded as a unique, and widely used by it from source, but keep in mind that it standalone software, and the editor is will be quite time-consuming, as the respected and widely used by digital digital artists.” editor's code is massive.

Desktop launcher Albert Version: 0.6 Web: http://bit.ly/AlbertLauncher

pple introduced over users can get it from ppa:nilarimogard/ 11 years ago, an amazing webupd8, other users will likely have to Asystem-wide desktop search build it from source (you'll need the feature, which has inspired many Qt5-dev stack and cmake). similar open source technologies. The first time you run Albert, you'll The concept of a 'search as you type' feature has got For instance, you might have heard of be greeted with its Settings window. faster and better looking thanks to Albert. , which stopped development in The first thing we advise doing is to 2009, or some more recent and active assign a hotkey for invoking the Albert of files can push memory usage to projects, such as ’s search lens search bar. Under the General tab you hundreds of megabytes. and Synapse. Albert is another one can also edit the history depth; the The Modules tab currently has five application, which is something in number of proposals; and the search modules, for web search, calculator, app between a launcher and a global search bar look, position and extra action index, bookmark Index and file index. tool. It's a fast, Qt5-powered and modifiers. If you add more folders to Each (aside from the calculator) is desktop environment agnostic omni Albert's index, please keep tracking the configurable: For example, you can add launcher (it's name is a play on the memory usage as while the default or remove search paths or define a path Alfred launcher in OS X). Albert configuration needs 9-10 MB of to browser bookmarks file. Another big Albert can run applications, open RAM, adding a folder with a massive set feature is fuzzy search, which has to be files, open Chromium bookmarks, enabled manually for the app index calculate math expressions, search the module. Albert is under heavy Internet and more if you enable optional “A fast, Qt5-powered development, and its search backend is modules. Firefox bookmarks aren’t and desktop agnostic constantly evolving, so it's likely that by indexed right now, but its support is the time you read this its capabilities planned for the nearest future. Ubuntu omni launcher.” will be even more advanced.

www.tuxradar.com April 2015 LXF196 63 LXFHotPicks

HotGames Entertainment apps

First-person shooter Xonotic Version: 0.8 Web: www.xonotic.org

onotic is a fork from Nexuiz, power-ups (or buffs), three extra maps an open-source first person for capture the flag mode and a brand- Xshooter that hit controversy new weapon called the Arc, which is a in 2010. Nexuiz was licensed to medium-range hitscan gun limited by Illfonic Game Studios in an attempt its risk of overheating. Also, for the first to go commercial and Team Xonotic time there are monsters of five types was born. The game runs on a heavily and a special invasion game mode. modified version of the DarkPlaces And, of course, there are plenty of You could stand and stare at the explosions in Xonotic, engine from Quake and borrows performance improvements. After but you're going to be quickly fragged. elements from Unreal Tournament. installing Xonotic 0.8 (a 900MB data Playing this futuristic arena shooter package), you'll find that the game in mind. You'll also find OpenGL really gets the adrenaline pumping, creates two launchers: one for OpenGL has less problems with third-party even if you just select a single player and another for SDL mode. SDL input devices, while SDL provides mode and compete with AI bots. The support isn't a new thing, but the game much greater mouse sensitivity game has many playing modes, but builds are now optimised with SDL 2.0 and some visual improvements. the most relevant are deathmatch We can happily report that Xonotic and capture the flag. runs very smoothly even on The previous version of Xonotic “A futuristic arena integrated video, while still looking was released almost two years ago, shooter that really gets good. You can grab a copy from so the 0.8 release was highly your package manager or anticipated. Its features include new the adrenaline pumping.” download a build from the website.

Motocross platform game X-Moto Version: 0.5.11 Web: http://xmoto.tuxfamily.org

hanks to the world-wide and Right arrows define the movement. adoption of the Android You can also flip the bike instantly by T mobile platform, almost pressing the Spacebar. anyone has heard of Hill Climb The game has a wealth of levels, but Racing, a popular 2D platform very few are included by default, but the scroller. Some of you may have heard first time you run X-Moto, the game will of Elasto Mania too, which is where insist on connecting to the internet, Accelerating too fast can flip your rider over, which is the idea for X-Moto came from, where there are nearly 2,800 levels fatal in Xmoto and in real life too. accompanied by some thoughts on available. The levels are divided into physics emulation. packs, which are sorted by things like The game is heavily oriented to X-Moto is meant to reflect complexity and theme etc. In each pack online; each level will show you a 'realistic' and super-sensitive control you can start with a random level, or try global best time ghost. When you of a motorcycle. The game uses the to complete them in order. The goal of have passed the level at least once, SDL framework and features very the game is to collect items there will be another ghost showing basic cartoonish graphics, (strawberries, coins etc) and reach an your best time. We have to admit, accompanied with retro electronic end marker (usually a flower or ball). that most levels are hard to complete, music. As the game is designed for so it's recommended to start with desktop computers (Linux, FreeBSD, the Classical pack. This offers 42 OS X and Windows are supported), “Like a lot of time trial levels with more basic maps and the controls are very simple: The Up games, it does a good job steep terrain, and like a lot of these arrow accelerates the cycle, the precision, time trial games, it does a Down arrow brakes while the Left of keeping you hooked.” good job of keeping you hooked.

64 LXF196 April 2015 www.linuxformat.com LXFHotPicks

Power management tool TLP Version: 0.7 Web: http://linrunner.de/en/tlp/tlp.html

hile Gnome Battery Bench distros (although absent in Mageia). enables you to silently You'll need two packages: tlp and tlp- Wwitness your battery drain, rdw (Radio Device Wizard). TLP will we demand more control. In the past automatically start upon the next there were dozens of tips, tricks, hacks, reboot, but if you can't stand the wait tunables and sometimes controversial (or your laptop fans are roaring suggestions that could really squeeze dangerously), issue the an extra hour from a Linux laptop. But sudo tlp start why not make things easier? The first command. TLP has two modes: for AC Now we're confident that our laptop won't misspend two 'one stop' optimisers were Jupiter and battery respectively. The modes are precious watts and run smooth and silent. and Laptop-mode-tool, and are both switched automatically when you considered as legacy solutions now. change a laptop's power source. TLP suspends USB (everything but input The successor is TLP, which is an manages your CPU power state and devices) and applies supported power advanced and modern power auto-sets its frequency (something like management policies to things such as management tool for Linux that doesn’t 'on-demand' in CPUFreq), the number the optical drive bay, audio chip, KMS, require you to understand every of active cores and threads. It also spins PCI bus, Wi-Fi and Bluetooth chips and technical detail. down your SATA hard drive, auto- a whole lot more. TLP comes with a default It's worth mentioning that TLP is configuration already optimised for incompatible with laptop-mode-tools, battery life, so you may just install and so you must choose only one solution forget it. Nevertheless, TLP is highly “An advanced, modern to manage your power settings. At the customisable to fulfill your specific power management same time, TLP works comfortably with requirements. The tool is also widely Powertop, because the latter is an available across most major Linux ºtool for Linux. analysing tool and not a manager.

Presentation tool MDP Version: GIT Web: https://github.com/visit1985/mdp

hen you prepare to talk to /mdp.git an audience and need a make && make install Wpresentation, filling it with And you're nearly done. Before you shiny graphics and fancy effects can be can launch MDP, you'll want to enable a tempting idea. Think twice: simply some more fancy colour effects, by decorated text with limited colours may issuing the: Help your presentation audience concentrate by using work better, especially for technical export TERM=xterm-256color MDP’s simply decorated text, instead of lots of eye-candy. information. If you agree – and are fed command, which you can also put in up of slides of cute kittens – MDP is an your .bashrc file. many formatting options, such as undiscovered gem you've been missing. The tool accepts MD files as input headlines, code, quotes, text decoration In Hotpicks there's always some parameters, so the: and highlighting (bold, underline etc) room for another command-line mdp sample.md and UTF-8 special characters. You can software alternative, and this time we'll command will open the sample even draw pseudo-graphic boxes, using try to make a real presentation using presentation, which comes bundled characters such as , , and so on Markdown and MDP. Lets start with with the tool. The inside of an MD file is (see this Unicode chart www.unicode. obtaining the tool. As far as we know, no plain Markdown text, which supports org/charts/PDF/U2500.). MDP packages exist, but the manual When you finally master your compile procedure is a very presentation and launch it, use PgUp/ straightforward thing. You'll only need PgDn or respective arrow keys to go to essential build tools and libncursesw5- “Make yourself a real the next or previous slide, Home/End dev (or similarly named) package. Then presentation using keys jump to the first or last slide, and q just issue: exits. More keys and examples are git clone https://github.com/visit1985 Markdown and MDP.” available at the project's Git page. LXF

www.tuxradar.com April 2015 LXF196 65 Get into Linux today! Back issues Missed one?

Issue 195 Issue 194 Issue 193 March 2015 February 2015 January 2015 Product code: Product code: Product code: LXFDB0195 LXFDB0194 LXFDB0193 In the magazine In the magazine In the magazine All the details on the new What’s the Next Big Create a multimedia 500% faster Raspberry Thing in Linux OS tech? hub for your home and Pi 2! Get started with We show the hot stuff stream films, music Linux: a guide to the new you’ll want to try. Bored and photos around the distros and how to install of your default desktop? house. Try out next-gen them. Port your code Take your pick of our filesystems for a RAID to Python 3. Scripting LXFDVD highlights alternatives. Plus, cake LXFDVD highlights array, mod Minetest and LXFDVD highlights languages explored and Ubuntu 14.10, Fedora 21, for everyone! Firefox Fedora 21 Workstation, , simplify your firewalls Ubuntu 14.10, OpenSUSE 13.2 setting up a Ghost blog. ArchBang 2015.01 and more! celebrates 10 years. ALT Linux, 4MLinux and more! and so much more! and XBMCbuntu 13.2 and more.

Issue 192 Issue 191 Issue 190 Christmas 2014 December 2014 November 2014 Product code: Product code: Product code: LXFDB0192 LXFDB0191 LXFDB0190 In the magazine In the magazine In the magazine More power! Charge Take your Raspberry Origin of the distro – up your distro with Pi mastery to the LXF tracks the source of essential tips and tools. next level with our hot your favourite distro and Build a robot and a hacks. Learn how to picks the best of each monstrous 24TB NAS contain everything genus. Plus: we chart box. Plus: system with Docker and plug Ubuntu’s bumpy history recovery, Linux certs LXFDVD highlights in to professional audio LXFDVD highlights as it celebrates 10 years. LXFDVD highlights and our pick of the most Ubuntu 14.10 Remix (pick from production using JACK. Hot Pi distros! , Jasper, Also, Pi alternatives and Tails 1.1 Live DVD, 2014 productive desktops. 5 desktops), ROSA, Rescatux. Plus: Develop with PHP. RetroPie, Pi MusicBox and more. the best web browsers. and 3 essential rescue distros.

To order, visit www.myfavouritemagazines.co.uk Select Computer from the all Magazines list and then select Linux Format. Quote the issue code shown above and Or call the back issues hotline on 0844 848 2852 have your credit or debit card details ready or +44 1604 251045 for overseas orders. Get our digital edition!

Subscribe today and get 2 FREE issues*

Available on your device now

*Free Trial not available on Zinio. gem “therubyracer”, “~> 0.11.4” group :development, :test do gem “rspec-rails”, “~> 2.13.0” $ gem install bundler $ gem install rails --version=3.2.12 $ rbenv rehash $ rails new todolist --skip-test-unit respond_to do |format| if @task.update_attributes(params[:task]) format.html { redirect_to @task, notice: ‘...’ } format.json { head :no_content } else format.html { render action: “edit” } format.json { render json: @task.errors, status: :unprocessable_entity } $ bundle exec rails generate migration add_priority_to_tasks priority:integer $ bundle exec rake db:migrate $ bundle exec rake db:migrate $ bundle exec rails server validate :due_at_is_in_the_past def due_at_is_in_the_past errors. add(:due_at, ‘is in the past!’) if due_at < Time.zone.now #!/usr/bin/en python import pygame from random import randrange MAX_STARS = 100 pygame.init() screen = pygame.display.set_mode((640, 480)) clock = pygame.time.Clock() stars = for i in range(MAX_STARS): star = [randrange(0, 639), randrange(0, 479), randrange(1, 16)] stars. append(star) while True: clock.tick(30) for event in pygame.event.get(): if event.type == pygame.QUIT: exit(0) #!/usr/bin/perl $numstars = 100; use Time::HiRes qw(usleep); use Curses; $screen = new Curses; noecho; curs_set(0); for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] = rand(80); $star_y[$i] = rand(24); $star_s[$i] = rand(4) + 1; } while (1) { $screen->clear; for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] -= $star_s[$i]; if ($star_x[$i] < 0) { $star_x[$i] = 80; } $screen->addch($star_y[$i], $star_x[$i], “.”); } $screen->refresh; usleep 50000; gem “therubyracer”, “~> 0.11.4” group :development, :test do gem “rspec-rails”, “~> 2.13.0” $ gem install bundler $ gem install rails --version=3.2.12 $ rbenv rehash $ rails new todolist --skip-test-unit respond_to do |format| if @task.update_attributes(params[:task]) format.html { redirect_to @task, notice: ‘...’ } format.json { head :no_content } else format.html { render action: “edit” } format.json { render json: @task.errors, status: :unprocessable_entity } $ bundle exec rails generate migration add_ priority_to_tasks priority:integer $ bundle exec rake db:migrate $ bundle exec rake db:migrate $ bundle exec rails server validate :due_at_is_in_the_past def due_at_is_in_ the_past errors.add(:due_at, ‘is in the past!’) if due_at < Time.zone.now #!/usr/bin/en python import pygame from random import randrange MAX_STARS = 100 pygame. init() screen = pygame.display.set_mode((640, 480)) clock = pygame.time.Clock() stars = for i in range(MAX_STARS): star = [randrange(0, 639), randrange(0, 479), randrange(1, 16)] stars.append(star) while True: clock.tick(30) for event in pygame.event.get(): if event.type == pygame.QUIT: exit(0) #!/usr/bin/perl $numstars = 100; use Time::HiRes qw(usleep); use Curses; $screen = new Curses; noecho; curs_set(0); for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] = rand(80); $star_y[$i] = rand(24); $star_s[$i] = rand(4) + 1; } while (1) { $screen->clear; for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] -= $star_s[$i]; if ($star_x[$i] < 0) { $star_x[$i] = 80; } $screen->addch($star_y[$i], $star_x[$i], “.”); } $screen->refresh; usleep 50000; gem “therubyracer”, “~> 0.11.4” group :development, :test do gem “rspec-rails”, “~> 2.13.0” $ gem install bundler $ gem install rails --version=3.2.12 $ rbenv rehash $ rails new todolist --skip-test-unit respond_to do |format| if @task.update_attributes(params[:task]) format.html { redirect_to @task, notice: ‘...’ } format.json { head :no_content } else format.html { render action: “edit” } format.json { render json: @task.errors, status: :unprocessable_entity } $ bundle exec rails generate migration add_priority_to_tasks priority:integer $ bundle exec rake db:migrate $ bundle exec rake db:migrate $ bundle exec rails server validate :due_at_is_in_the_ past def due_at_is_in_the_past errors.add(:due_at, ‘is in the past!’) if due_at < Time.zone.now #!/usr/bin/en python import pygame from random import randrange MAX_ STARS = 100 pygame.init() screen = pygame.display.set_mode((640, 480)) clock = pygame.time.Clock() stars = for i in range(MAX_STARS): star = [randrange(0, 639), randrange(0, 479), randrange(1, 16)] stars.append(star) while True: clock.tick(30) for event in pygame.event.get(): if event.type == pygame.QUIT: exit(0) #!/usr/bin/perl $numstars = 100; use Time::HiRes qw(usleep); use Curses; $screen = new Curses; noecho; curs_set(0); for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] = rand(80); $star_y[$i] = rand(24); $star_s[$i] = rand(4) + 1; } while (1) { $screen->clear; for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] -= $star_s[$i]; if ($star_x[$i] < 0) { $star_x[$i] = 80; } $screen- >addch($star_y[$i], $star_x[$i], “.”); } $screen->refresh; usleep 50000; gem “therubyracer”, “~> 0.11.4” group :development, :test do FULLYgem “rspec-rails”, “~> 2.13.0” $ gem install bundler $ gem install rails --version=3.2.12 $ rbenv rehash $ rails new todolist --skip-test-unit respond_to do |format| if @task.update_attributes(params[:task])REVISED & format.html { redirect_to @task, notice: ‘...’ } format.json { head :no_content } else format.html { render action: “edit” } format.json { render json: @task.errors, status: :unprocessable_entity } $ bundle exec rails generate migration add_priority_to_tasks priority:integer $ bundle exec rake db:migrate $ bundle exec rakeUPDATED db:migrate $ bundle exec rails server validate :due_at_is_in_the_past def due_at_is_in_the_past errors.add(:due_at, ‘is in the past!’) if due_at < Time.zone.now #!/usr/bin/enEDITION python import pygame from random import randrange MAX_STARS = 100 pygame.init() screen = pygame.display.set_mode((640, 480)) clock = pygame.time.Clock() stars = for i in range(MAX_STARS): star = [randrange(0, 639), randrange(0, 479), randrange(1, 16)] stars.append(star) while True: clock.tick(30) for event in pygame.event.get(): if event.type == pygame.QUIT: exit(0) #!/usr/bin/perl $numstars = 100; use Time::HiRes qw(usleep); use Curses; $screen = new Curses; noecho; curs_set(0); for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] = rand(80); $star_y[$i] = rand(24); $star_s[$i] = rand(4) + 1; } while (1) { $screen->clear; for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] -= $star_s[$i]; if ($star_x[$i] < 0) { $star_x[$i] = 80; } $screen->addch($star_y[$i], $star_x[$i], “.”); } $screen->refresh; usleep 50000; gem “therubyracer”, “~> 0.11.4” group :development, :test do gem “rspec-rails”, “~> 2.13.0” $ gem install bundler $ gem installLEARN rails --version=3.2.12 TO $ rbenv rehash CODE $ rails new todolist FAST --skip-test-unit respond_to TODAY! do |format| if @task.update_attributes(params[:task]) format.html { redirect_to @task, notice: ‘...’ } format.json { head :no_content } else format.html { render action: “edit” } format.json { render json: @task.errors, status: :unprocessable_entity } $ bundle exec rails generate migration add_priority_to_tasks priority:integer $ bundle exec rake db:migrate $ bundle exec rake db:migrate $ bundle exec rails server validate :due_at_is_in_the_past• PYTHON def due_at_is_in_the_past • RUBYerrors.add(:due_at, ‘isON in the past!’) RAILS if due_at < Time.zone.now #!/usr/bin/en python import pygame from random import randrange MAX_STARS = 100 pygame.init() screen = pygame.display.set_mode((640, 480)) clock = pygame.time.Clock() stars = for i in range(MAX_STARS): star = [randrange(0, 639), randrange(0, •479), PERLrandrange(1, 16)] stars.append(star) • PHP while True: clock.tick(30) for event in pygame.event.get(): if event.type == pygame.QUIT: exit(0) #!/usr/bin/perl $numstars = 100; use Time::HiRes qw(usleep); use Curses; $screen = new Curses; noecho; curs_set(0); for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] = rand(80); $star_y[$i] = rand(24); $star_s[$i] = rand(4) + 1; } while (1) { $screen->clear; for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] -= $star_s[$i]; if ($star_x[$i] < 0) { $star_x[$i] = 80; } $screen->addch($star_y[$i], $star_x[$i], “.”); } $screen->refresh; usleep 50000; gem “therubyracer”, “~> 0.11.4” group :development, :test do gem “rspec-rails”, “~> 2.13.0” $ gem install bundler $ gem install rails --version=3.2.12 $ rbenv rehash $ rails new todolist --skip-test-unit respond_to do |format| if @task. update_attributes(params[:task]) format.html { redirect_to @task, notice: ‘...’ } format.json { head :no_content } else format.html { render action: “edit” } format.json { render json: @task.errors, status: :unprocessable_entity } $ bundle exec rails generate migration add_priority_to_tasks priority:integer $ bundle exec rake db:migrate $ bundle exec rake db:migrate $ bundle exec rails server180 validate :due_at_is_in_the_pastPAGES def OF due_at_is_in_the_past TUTORIALS errors.add(:due_at, ‘is in the past!’) if due_at < Time.zone.now #!/usr/ bin/en python import pygame from random import randrange MAX_STARS = 100 pygame.init() screen = pygame.display.set_mode((640, 480)) clock = pygame.time.Clock() stars = for i in range(MAX_STARS):MASTER star = [randrange(0, NEW 639), randrange(0, SKILLS 479), randrange(1, YOU 16)] stars.append(star) CAN while True: APPLY clock.tick(30) for event in pygame.event. get(): if event.type == pygame.QUIT: exit(0) #!/usr/bin/perl $numstars = 100; use Time::HiRes qw(usleep); use Curses; $screen = new Curses; noecho; curs_set(0); for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] = rand(80); $star_y[$i] = rand(24); $star_s[$i] = rand(4) + 1; } while (1) { $screen->clear; for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] -= $star_s[$i]; if ($star_x[$i] < 0) { $star_x[$i]TO = 80; ANY} $screen->addch($star_y[$i], PROJECT $star_x[$i], “.”); } $screen->refresh; TODAY! usleep 50000; gem “therubyracer”, “~> 0.11.4” group :development, :test do gem “rspec-rails”, “~> 2.13.0” $ gem install bundler $ gem install rails --version=3.2.12 $ rbenv rehash $ rails new todolist --skip-test-unit respond_to do |format| if @task.update_attributes(params[:task]) format.html { redirect_to @task, notice: ‘...’ } format.json { head :no_content } else format.html { render action: “edit” } format.json { render json: @task.errors, status: :unprocessable_entity } $ bundle exec rails generate migration add_priority_to_tasks priority:integer $ bundle exec rake db:migrate $ bundle exec rake db:migrate $ bundle exec rails server validate :due_at_is_in_the_past def due_at_is_in_the_past errors.add(:due_at, ‘is in the past!’) if due_at < Time.zone.now #!/usr/bin/en python import pygame from random import randrange MAX_STARS = 100 pygame.init() screen = pygame.display.set_mode((640, 480)) clock = pygame.time.Clock() stars = for i in range(MAX_STARS): star = [randrange(0, 639), randrange(0, 479), randrange(1, 16)] stars.append(star) while True: clock.tick(30) for event in pygame.event.get(): if event.typeAvailable == pygame.QUIT: exit(0)at all #!/usr/bin/perl good $numstars newsagents = 100; use Time::HiRes or qw(usleep);visit use Curses; $screen = new Curses; noecho; curs_set(0); for ($i = 0; $i < $numstars ; $i++) { $star_x[$i] = rand(80); $star_y[$i] = rand(24); $star_s[$i] = rand(4) + 1; } while (1) { $screen->clear; for ($i = 0; $i < $numstars ; $i++) { $star_x[$i]www. -= $star_s[$i];myfavouritemagazines if ($star_x[$i] < 0) { $star_x[$i] = 80; } $screen->addch($star_y[$i], $star_x[$i],.co.uk/computer “.”); } $screen->refresh; usleep 50000; gem “therubyracer”, “~> 0.11.4” group :development, :test do gem “rspec-rails”, “~> 2.13.0” $ gem install bundler $ gem install rails --version=3.2.12 $ rbenv rehash $ rails new todolist --skip-test-unit respond_to do |format| if @task.update_attributes(params[:task]) format.html { redirect_to @task, notice: ‘...’ } format.json { head :no_content } else format.html { render action: “edit” } format.json { render json: @task.errors, status: :unprocessable_entity } $ bundle exec rails generate migration add_priority_to_tasks priority:integer $ bundle exec rake db:migrate $ bundle exec rake db:migrate $ bundle exec rails server validate :due_at_is_in_the_past def due_at_is_in_the_past errors.add(:due_at, ‘is in the past!’) if due_at < Time.zone.now #!/usr/bin/en python import pygame from random import randrange MAX_STARS = 100 pygame.init() screen = pygame.display.set_mode((640, 480)) clock = pygame.time.Clock() stars = for i in range(MAX_STARS): star = [randrange(0, 639), randrange(0, 479), randrange(1, 16)] stars.append(star) while True: clock.tick(30) Tutorialntpd Xxxx Understanding system time, creating config files and querying ntpd ntpd: How time ticks on Linux Like the white rabbit Sean Conway is late! Here’s how to configure the Network Time Protocol and keep the time daemon accurate.

he keeping of time and insuring it’s accurate is a time isn’t accurate because the hardware clock is a poor common function on computer systems. It occurs timekeeper. How far the hardware clock time drifts can result Tunder the hood of your system and is a given when in problems, which we’ll discuss later. establishing servers. The responsibility of ensuring the foundational infrastructure is in place to support time on Managing time computers is the systems administrator. This month we’ll The system clock can call for assistance to get the time right Our explore the configuration options to allow the network time using a network time protocol daemon (ntpd). This daemon expert protocol (NTP) to manage time. We’ll also introduce a tool to sends a request to more accurate external time source for Sean Conway examine statics from time sources and cover a few time checks, and using the data provided the daemon feeds is a former troubleshooting exercises using network tools. the system clock a drift factor to keep the time in sync with electronic Using the block diagram [see bottom, p70], we start our the external sources. technologist in aviation now discussion with the hardware box, moving to sources of time One of the limitations of ntpd is how far out of whack the turned senior and finish with more in-depth details on management – system clock and the external sources are allowed to be. If system specialist in telecoms. but let's begin with the BIOS and hardware clocks. the hardware clock and system clock differ by approximately If you’ve ever set up the BIOS you will have been <>1K seconds the daemon assumes one of the two time presented menu selections for establishing date and time. keepers is misconfigured and the daemon will fail. This establishes the clock time on the PC’s motherboard. Since the hardware clock is the system clocks time, This clock answers to many names, a complimentary metal it becomes important for the hardware clock to be within the oxide semiconductor (or CMOS) clock, a BIOS clock, a <>1K limits. One mechanism to compensate for the hardware motherboard clock or as in our drawing a hardware clock. clock is ntpdate. The program ntpdate uses an external time The CMOS battery keeps the clock ticking when there’s no source to provide a one-time adjustment to the systems AC power to the board. In times of old the clock and battery clock for accuracy. may have been contained in a CMOS module that plugged From the command line you can provide ntpdate with a into a 16-pin chip socket. time source. Note: Make sure no time service is running: The hardware clock is, in turn, the source of time for the ntpdate 0.pool.ntp.org system clock that’s maintained by the operating systems. On some OSes, before the ntpd starts ntpdate uses the When an OS starts, the system clock seed time is taken from external time source to provide a one-time kick to the the hardware clock and the OS then takes over. Both of these systems clock for accuracy. The list of time source URLs or clocks operate independently and are not synchronised, IPs for ntpdate, look in the /etc/ntp/step-tickers file. When which means it’s possible to reboot and discover the system ntpd takes over and provides drift compensation it isn't faced with a system clock that’s too far out it can't pull it back on time. The hardware clock can continue to run a muck or get some help, but we’ll discuss that a little later. The world of external time sources is divided into levels or stratum followed by a number of accurate time. The closer to The GPS time- the originating source of time, the lower the stratum number. source receiver and Cesium clock Getting time from a source that’s directly connected is are in the module considered stratum 0. If that time has been provided to other (to the left of distribution points, which in turn passes the time on to other middle) with the points, the stratum number is incremented to a maximum of black heat sink. 15 (See http://bit.ly/NTPRulesOfEngagement).

68 LXF196 April 2015 www.linuxformat.com ntpd Tutorial

Checking ntp exists

Check to see if a time keeper program is installed program or pursue directories in search of files and for a Debian variant: and running. Here are some suggestions on how you know will be there if the program exists. sudo apt-get install ntp to accomplish the task. Providing an example of the best way to Check the time daemon isn’t running with either Using the command line, query the OS achieve the result, requires a clear understanding sudo systemctl stop ntpd software manager, eg yum or apt-get, to of the subjective word best. or determine if the time software is installed. If the support for NTP is not installed on your sudo service ntp stop You can scan running processes to grep for the system use the software managing tool For the start of this tutorial you’ll want to network time protocol (NTP) pattern. You could installation command. Two flavours of the OS rename the original time configuration file to also use the systemctl or service tool to software manager commands are provided something else. The file can then be created with determine program status. Additionally, you can below for Red Hat: a configuration for working through this tutorial: cull directories with a whereis looking for the sudo yum install ntpd mv /etc/ntp.conf /etc/ntp.conf.org

The source of most accurate times are atomic clocks, Let's do some probing using the command-line time which can be carried in satellites or be ground-based. query tool ntpq. This program is a utility used to monitor the Satellites have multiple atomic clocks on board, to ensure a NTP daemon’s (ntpd) operation and performance. The more accurate time, and the global positioning system (GPS) commands to enter can be found in the screenshot from the requires the time accuracy to put a plane on a runway and output of our test system [see top, p70]. The -n switch not off in the bush [see bottom, p68]. Ground-based atomic enables a DNS lookup of 0.pool.ntp.org. The URL used in our clocks have been a source of time in the telecommunication example is a front for a pool of servers. Don't expect to get industry for decades. Accurate time is important to ensure the same IP shown in our output as it will vary. Just after start information transmitted as bits can be decoded as it will look like this: acceptable bits when received at the other end. [root@fedora19]# ntpq -n -c peers remote refid st t when poll reach delay offset NTP config files jitter That wraps up the three blocks in our hardware, managing ======and sources drawing (see bottom, p70). Lets circle back ======around for a sequel to managing time by opening a terminal 142.137.247.109 209.51.161.238 2 u 2 64 1 43.446 for some more management. Using what ever text editor you 3.550 0.000 were weaned on edit/create a file called /etc/ntp.conf. We’re going to create a file that has all the configuration options [root@fedora19]# ntpq -c assoc needed but commented out. We’ll remove the octothorpe ind assid status conf reach auth condition last_event cnt (pound sign #) and the text Line as instructed, to ======expand the options in the configuration file. It’s important to ======save the file after each change. Using a second terminal 1 58621 9024 yes yes none reject reachable 2 window, we’ll run commands to start the time daemon and After 4 minutes, it will look like this: probe the services workings with query tools. By adding the [root@fedora19]# ntpq -n -c peers configuration options line by line, the reader will witness how remote refid st t when poll reach delay offset the daemons operation is impacted: jitter server 0.pool.ntp.org ======#Line 1 restrict default kod nomodify notrap nopeer ======noquery *142.137.247.109 209.51.161.238 2 u 4 64 17 43.300 #Line 2 restrict -6 default kod nomodify notrap nopeer 4.534 0.838 noquery #Line 3 restrict 127.0.0.1 [root@fedora19]# ntpq -c assoc #Line 4 restrict -6 ::1 ind assid status conf reach auth condition last_event cnt #Line 5 server 127.127.1.0 ======#Line 6 fudge 127.127.1.0 stratum 10 ======#Line 7 driftfile /var/lib/ntp/drift 1 58621 963a yes yes none sys.peer sys_peer 3 Now make sure to save the file. We’ll come back to the The commands were issued once when the daemon was config file a few times to remove comments and save. We’d started and again four minutes later. The line around the suggest keeping the file open and do a save from one condition field indicates the source is being used as a peer. terminal window. If you are running SElinux in enforced mode, The line around the remote field is to draw attention to the the new file will also need the proper context. This is done by asterisk. This indicates that the daemon has successfully referencing the original config file: peered with the source for time input. For more information chcon –reference=/etc/ntp/ntp.conf.org /etc/ntp.conf on the ntpq tool, the de facto resource for all documentation Start the time daemon using either is on the University of Delaware website found here: sudo systemctl start ntpd http://bit.ly/NTPQueryProgram. or What do you do if the daemon is not peering with a sudo service ntp start source? This is a good time to break out the packet sniffer to

If you missed last issue Head over to http://bit.ly/MFMissues now!

www.tuxradar.com April 2015 LXF189 69 Tutorial ntpd

see if our daemon is functioning. This will enable us to check if the daemon is sending out a time request and receiving a reply. You can confirm the port number used by ntp or other services examining the /etc/services file. [See the red No.1 in the screenshot for the command output, right]: sudo tcpdump -i port 123 The output of tcpdump displays the daemons call to the external time source every minute. There doesn't appear to be any replies being received. A quick check of the local firewall reveals a closed port 123 on the firewall. Look at the same tcpdump output, a reply was received once the port was opened. If you don't see requests being sent then the issue rests with the daemon; it may not have started. Check your install and configuration file. Securing ntpd The ntp daemon by default is open and very chatty when queried (see the green No.2 in screen shot for output, right). This information enables others computers to get the status and more details. Reading the output is a simple way to tell what kernel a system is running. The security conscious may Packet sniffing to see what ntp’s chatting about. want to curtail the daemon propensity to speak out. Edit the/ etc/ntp.conf configuration file by removing the # and Line Running the same query commands as before, the 1-4 text. You should now have a total of five lines. Don't forget daemon isn’t responding to requests. Edit the /etc/ntp.conf to save the file after making the changes. Restart the daemon configuration file by removing the # and Line 5-7 text, and to read the configuration changes using restart the daemon to read the configuration changes. sudo systemctl restart ntpd Lines 5-6 enable the daemon to use the hardware clock as or a time source, if external sources aren’t available. Line 7 sudo service ntp restart enables the daemon to record the hardware clocks drift from Lines 1-2 allow time synchronisation system clock in a file. This information assists the daemon on Sources with another source but doesn't allow the power down restarts. A simple ntp print query displays the source to interrogate or make changes to local time source in the output [see blue No.3 in the Satelite the daemon. Lines 3-4 enable loop back screenshot above, for the output]: access and disable others. The reason for mv /etc/ntp.conf.org /etc/ntp.conf Cs two config lines is to cover off Using a text editor examine /etc/ntp.conf for configuration for IPv4 and IPv6 protocols. commented entries. If you plan to use this config file for your installation, you’ll need to add your server selections and/or remove the default entries. Stratum 0 Hardware Let's finish off back at the hardware clock. The hardware clock values are read with Stratum 1 Hardware clock hwclock -r Managing and written from the system clock to the hardware clock with: hwclock -w Stratum 2 The man pages suggests running the write command ntpdate System periodically to compensate for the hardware clock drift. Stratum 15 Clock There you have it, taking care of business and working over time; an examination of Father Time provided by the ntp daemon. The ntp program follows the client server model and ntpd can be used to set time and be used to distribute time as a broadcast. Those tidbits of time distribution configuration you How time is set, managed and synchronised. can discover in the original configuration file. LXF

Sensei Conway & The Art of Sysadmin

When being taught (grasshopper), it’s important When a teacher prefaces an instruction with ways themselves. When you become the teacher for any junior sysadmin to realise that there’s the words “a quick way to do this is…”, the then you share what you’ve learned for others to generally more than one way to achieve a given listener needs to translate this as how that build on. A friend suggested to me that everyone result. This will often depend on a few things: individual does it, rather than this is the way to has 300 things they can do well. Certainly, there the age of the teacher; the teacher’s level of do it. There will often be quicker or more efficient might be some overlap and some unique skills, experience on one or more OSes; and their level of ways to the same results. The pupil’s job is to but we should aim to share our 300 with others patience. And there will be surprising differences. take what’s offered and build on it and find other and, in turn, learn 300 ourselves so we can grow.

Never miss another issue Subscribe to the #1 source for Linux on page 34.

70 LXF196 April 2015 www.linuxformat.com TorBox Use a Raspberry Pi and Tor to set up an anonymising hotspot Tor: Set up a Wi-Fi hotspot Mayank Sharma configures a Raspberry Pi as an access point that routes all traffic over the anonymous Tor network.

o you use To r to prevent big brother from tracking you and install the software that will make it act as an access online? Although it is pretty straightforward to use, it point with: Dcan be quite a hassle to configure To r on all your sudo apt-get install hostapd isc-dhcp-server Internet-enabled devices. You can save yourself a lot of hassle When it’s installed, it’s time to set it up. Begin by editing Our by using a Raspberry Pi as an anonymised wireless access the /etc/dhcp/dhcpd.conf file that controls the DHCP and expert point. The Pi will dole out an IP address and any device that’s automatically assigns IP addresses to all connected devices. connected to it will be able to access the Internet via theTo r Open it in the nano text editor with Mayank Sharma has network. To get this project up and running, you’ll need a sudo nano /etc/dhcp/dhcpd.conf configured so Raspberry Pi along with an SD card with the Raspbian distro. and comment out the following two lines by adding a # in many of his If you haven’t done this before, follow the walkthrough to get front of them, so that they read: devices for anonymous use Raspbian up and running. You’ll also need an Ethernet cable. #option domain-name "example.org"; recently that even Hook one end into the Pi’s Ethernet port and the other into #option domain-name-servers ns1.example.org, ns2.example. he’s confused your wireless router. This is how the Pi will connect to the org; about who he is anymore. It’s all Internet. You’ll also need a USB Wi-Fi adaptor that’s In the same file, scroll down and uncomment the word gone a bit A compatible with the Raspberry Pi. If you haven’t got one yet, authoritative; by removing the # in front. Scanner Darkly. check the list of compatible adapters that are known to work Then scroll down to the end of the file and add the on the Pi (http://elinux.org/RPi_USB_Wi-Fi_Adapters). following lines: subnet 192.168.12.0 netmask 255.255.255.0 { Access Point Pi range 192.168.12.5 192.168.12.50; Quick Once you’ve setup the Pi, you can configure the Pi from a option broadcast-address 192.168.12.255; tip remote machine via SSH. For the rest of the tutorial, we’ll option routers 192.168.12.1; If you get Locale assume the IP address of your Pi is 192.168.2.100. Fire up a default-lease-time 600; errors when terminal that’s connected to the same router as the Pi and -lease-time 7200; connected to the Pi remotely, make enter option domain-name "local"; sure you don’t ssh [email protected] option domain-name-servers 8.8.8.8, 8.8.4.4; forward your locale to connect to it. After authenticating yourself into the Pi, use } by editing /etc/ iwconfig In these lines we define the IP address of our Pi access ssh/ssh_config and commenting to make sure the wireless adaptor is recognised by the device. point (192.168.12.1), the range of the IP addresses it’ll hand out the SendEnv Now refresh its package list with out to connected devices (from 192.168.12.5 to LANG LC_* line. sudo apt-get update 192.168.12.50) as well as the address of the domain name servers (8.8.8.8 and 8.8.4.4). You can change any of these values as per your preference. Save the file (Ctrl+X) once you’re done. Setting up a static IP We’ll now edit the /etc/default/isc-dhcp-server to specify the interfaces that our new DHCP server should listen to. Open the file and scroll down to the line that reads INTERFACES="". Insert wlan0 between the quotes so that it now reads INTERFACES="wlan0", and save the file. Now we’ll setup the wireless adaptor (wlan0) and give it a static IP address. First, deactivate the wireless adaptor with: sudo ifdown wlan0 command and then open the /etc/network/interfaces file. In the file, comment out every existing entry associated with It takes more than Tor to stay anonymous. Make sure you wlan0, such as: read the documentation on the Tor Project’s website. # iface wlan0 inet manual

www.tuxradar.com April 2015 LXF196 71 Tutorial Tor

# wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf wpa_passphrase=$$Your_Passphrase$$ # iface default inet dhcp wpa_key_mgmt=WPA-PSK Then add the following lines below the line that reads wpa_pairwise=TKIP allow-hotplug wlan0 to set the static IP address for the new rsn_pairwise=CCMP access point: We’ve setup a password-protected network called iface wlan0 inet static TorSpot. You can specify a different name for the access point address 192.168.12.1 by specifying it in the ssid= string. Also change the wpa_ netmask 255.255.255.0 passphrase= string to specify a custom password. You’ll Save the file and activate the interface with need to enter this password to authenticate yourself to the Quick sudo ifconfig wlan0 192.168.12.1 Pi’s access point. tip Next up, we’ll tell the Pi where to find this configuration Use the tail -f / Make your point file by pointing to it in the /etc/default/hostapd file. Open var/log/syslog Now that we’ve defined the wireless access point it’s time to the file, find the commented out line that reads #DAEMON_ command to configure it. Create a new file called /etc/hostapd/hostapd. CONF="" and uncomment and edit it to read DAEMON_ keep an eye on all conf with the following contents: CONF="/etc/hostapd/hostapd.conf". system messages. This might come interface=wlan0 in handy if you are ssid=TorSpot NAT setup unable to connect hw_mode=g We now need to set up NAT to allow multiple clients to to the Pi hotspot. channel=6 connect to the Pi’s access point and route all their traffic macaddr_acl=0 through the single Ethernet IP. Edit the /etc/sysctl.conf file auth_algs=1 and at the bottom add the following line: ignore_broadcast_ssid=0 net.ipv4.ip_forward=1 wpa=2 Save the file and then enter sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" to activate the forwarding. You’ll now have to specify the routing rules that will connect the Ethernet port (eth0) that’s connected to the internet and the Wi-Fi access point (wlan0) which is exposed to the devices within your network: sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT By default, these rules will be flushed when you restart the Pi. To make them permanent, first run: sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" Then edit the /etc/network/interfaces file, scroll down to the very end and add up iptables-restore < /etc/iptables.ipv4.nat Use the tail -f /var/log/syslog common to keep an eye on the devices what this does is loads the rules when the devices are connected to your Tor hotspot. activated on boot. Your own hostapd

Sometimes even though a wireless adaptor download a compressed zip file with a long- CFLAGS = -MMD -O2 -Wall -g works out of the box on the Raspberry Pi, it windy name. In our case this was called line towards the top of the file with might throw errors when it’s asked to serve as RTL8188C_8192C_USB_linux_ CFLAGS=-MMD -Os -Wall -g an access point. This is especially true of cards v4.0.2_9000.20130911.zip. We’ll just refer to it Save the file and enter make to compile the that use Realtek chipsets, like the one we’ve as driver.zip. hostapd client. It’ll take quite some time and used – MicroNext MN-WD152B – which uses the Copy this file to the Raspberry Pi using scp when it’s complete it’ll replace the hostapd RTL8192CU chipset. While it works right off the using something like: binary in this directory. bat for browsing the web, it doesn’t work with scp driver.zip [email protected]:/home/pi Before using this new version, move out the the hostapd client in Raspbian’s repository. This copies the file to the Pi’s home directory. old version with: It turns out Realtek has its own version of Now extract the file with sudo mv /usr/sbin/hostapd /usr/sbin/hostapd. hostapd client which you’ll have to use in case unzip driver.zip orig you are in the same predicament as us. and cd into the wpa_supplicant_hostapd Then copy over the newly compiled version To download the file, head to Realtek’s directory. It’ll list several compressed tarballs. with the following: download section (http://bit.ly/ Use the zxvf command to extract the file sudo cp hostapd /usr/sbin/ RealtekWiFiDrivers) and select your chipset beginning with wpa_supplicant_hostapd. And give it the right permissions with: from the ones listed. This takes you to a page Now cd into the hostapd directory under the sudo chmod 755 /usr/sbin/hostapd that lists the drivers for your chipsets. From this extract directory. This directory has a file named You should now be able to get your access page grab the driver for Linux, which will Makefile. Open it in a text editor and replace the point online without any issues.

Get print and digital subs See www.myfavouritemagazines.co.uk/linsubs

72 LXF196 April 2015 www.linuxformat.com Tor Tutorial

Your Pi access point is now all set. To test it restart the sudo iptables -t nat -F DHCP server with command. Since, we’ll still want to be able to SSH into the Pi, sudo service isc-dhcp-server restart we’ll add an exception for SSH’s Port 22 with: and manually enable the access point with our configuration sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport with the following command [Read the ‘Your Own Hostapd’ 22 -j REDIRECT --to-ports 22 box, p72, if you get an unknown driver error]: We’ll now add two rules. The first is a passthrough rule for sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf DNS lookups and the second directs all TCP traffic toTo r ’s If everything goes well, the wireless access point (TorSpot) port 9040: Quick is listed in the list of available Wi-Fi hotspots. You can connect sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport tip to it from another computer or a smartphone and 53 -j REDIRECT --to-ports 53 We’ve used Google’s authenticate using the password you specified in the sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j DNS service in this hostapd.conf file. When connected, you should be able to REDIRECT --to-ports 9040 tutorial, but you can use another service browse the Internet normally. Like before, these rules won’t be carried on to the next like OpenDNS or Once you have tested the new access point, let’s cement session. To load them on reboot, all you have to do is save your ISPs DNS the settings so that they are activated as soon as the Pi boots them to the NAT save file like before with servers by pointing up. Start the hostapd and DHCP services with the sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" to them in the sudo service hostapd start In the previous section, we’ve already configured the / /etc/dhcp/dhcpd. conf file. and etc/network/interfaces file to load the contents of this file sudo service isc-dhcp-server start when the interfaces are activated. commands and then update the init scripts with You can now enable the Tor service with sudo update-rc.d hostapd enable sudo service tor start and and update the relevant boot scripts with sudo update-rc.d isc-dhcp-server enable sudo update-rc.d tor enable. Now restart the Pi with That’s it. Now restart the Pi. When it’s back up again, you’ll sudo shutdown -r now be able to connect to the Pi hotspot, TorSpot, as before. When the Pi is back up again, you’ll be able to connect to However, unlike as before all your traffic will now be routed the new access point and browse normally. through the To r network. You can verify that this is happening by heading to check Torify access https://torproject.org from any device that’s connected to Your Raspberry Pi is now fully functional as a wireless TorSpot. The page will also list your IP address which will not hotspot. However, the data is still not anonymised. So let’s be that of your ISP. Visit this page from another device add To r to the mix. SSH back into the Pi and installTo r with connected to TorSpot and it’ll show a different address. sudo apt-get install tor Congratulations, you can now anonymously browse the web When it’s installed, edit To r ’s config file /etc/tor/torrc on all your devices! LXF and add the following at the top: Log notice file /var/log/tor/notices.log VirtualAddrNetwork 10.192.0.0/10 AutomapHostsSuffixes .onion,.exit AutomapHostsOnResolve 1 TransPort 9040 TransListenAddress 192.168.12.1 DNSPort 53 DNSListenAddress 192.168.12.1 These settings inform To r about the IP address of our access point and asks that it anonymises any traffic that flows over it. Next up, we’ll change the routing tables so that connections via the Wi-Fi adaptor (wlan0) are routed through To r . First, flush the existing redirection and NAT rules with the sudo iptables -F command go on to Verify the traffic redirection rules with the sudo iptables -t nat -L command. Tor-in-a-box options

If you find this tutorial too cumbersome, or want However, you’ll still have to follow the instructions $51 and surpassed its funding target in early to set up something for a non-technical friend or and set it yourself. January 2015 and will begin shipping in February relative, there are several ready-made hardware If you’d rather have something more plug and 2015. Anonabox is a router that you can directly solutions that can anonymise all their web traffic play, there’s the SafePlug from the guys who connect to via Wi-Fi or Ethernet. in a similar fashion. bought us PogoPlug. It’s a $49 device that plugs Another router-based option is Portal which There’s the OnionPi Pack from AdaFruit into your wireless router and once activated stands for Personal Onion Router To Assure (http://bit.ly/AdaOnionPi) which includes a routes all traffic over the Tor network. A neater Liberty. The project produces a pre-built software Raspberry Pi B+ and a compatible USB Wi-Fi and smaller alternative is the Anonabox image for several TP-Link routers. You can simply adaptor along with a case for the Pi, cables, SD (www.anonabox.com). It initially launched on flash the Portal firmware image onto these router card and everything else you need to setup your Kickstarter but after its funding was suspended it following the instructions on the project’s Torrified Wi-Fi hitspot. The bundle costs $80. relaunched on Indiegogo. Here it was listed at website (https://github.com/grugq/portal).

www.tuxradar.com April 2015 LXF196 73 TutorialEncryption Xxxx Set up encryptfs and tweak it for auto-mounting and easy access Encryption: full drive protection Neil Bothwick shows you how to keep your files safe from prying eyes, even other users of your computer, using .

ast year, when everyone was interested in privacy in the Because ecryptfs works on top of the normal filesystem, aftermath of 's revelations, we looked it's not restricted to entire disk partitions, it can be used to Lat using cryptsetup to encrypt whole disk partitions encrypt individual directories. This is the method Ubuntu with the Linux kernel's dm-crypt facilities, but there are other uses to provide encrypted home directories if you choose encryption systems available. There are several ways of that option during installation. It is easiest to explain with an encrypting data on your computer. example. The ecryptfs filesystem itself is contained in the Our The method we looked at before encrypted a whole block Linux kernel, but you will need to install the ecryptfs-utils expert device, usually a disk partition. This is good for whole system package for the tools to work with it. Create two directories encryption, but makes everything available once the system called crypt and plain, then you can create an encrypted Neil Bothwick is booted. There was also TrueCrypt, which works with either directory with this command: has a great deal of experience with whole devices or virtual disks (a large file that acts like a disk). sudo mount.ecryptfs crypt plain booting up, as he We looked at using TrueCrypt back in LXF161,[Tutorials, p84] You will be asked a number of questions, obviously you has a computer in but it was abandoned in 2014, and although there have been should choose a password that is both secure and every room, but not as much with a couple of forks many people are still using the 7.1a version memorable (or store it somewhere safe). Most of the rest can rebooting since he (the final, neutered 7.2 version only allows viewing of be left as the defaults with the possible exception of Enable made the switch TrueCrypt volumes). Another alternative is for the filesystem Filename Encryption that you may want to set to yes. from Windows to Linux. to handle the encryption, as ZFS does on Sun systems, but Now copy some files to plain then look in crypt. You will see none of the main Linux filesystems provide encryption the same filenames if you didn’t enable filename encryption, themselves. otherwise you will see encrypted names. Either way, the contents will be encrypted; try viewing one of the files. Now unmount it with: This is how your Introducing ecryptfs files look after The next option, and the one we are concerned with today, is sudo umount plain encryption, and what is called a stacked filesystem, where you mount one The readable versions of the files have disappeared, their contents filesystem on top of another, and this is what ecryptfs uses leaving only the encrypted versions. Run the above mount are equally (cryptsetup, which we’ve covered before uses stacked block command and the contents of plain will reappear. This unintelligible devices, below the filesystem). method of mounting is cumbersome but it illustrates how ecryptfs functions. The filesystem you mounted on plain is virtual, it exists only in memory, the only data written to disk are the encrypted files in crypt. Once you unmount the plain version your data is protected, and cannot be read again until you mount it, which requires your password. Convenient encryption There is, of course, a more convenient way of setting up an encrypted directory for a user that doesn't require sudo or answering questions - run this as your normal user: ecryptfs-setup-private The command will ask for your login password and then a passphrase for the encrypted directory. The former is used to lock the latter, which you can leave that blank and have ecryptfs generate a secure passphrase automatically. This creates three directories: .Private contains your encrypted data, Private is the mountpoint for the decrypted contents and .ecryptfs contains files that are used to mount your directory. As the passphrase itself is encrypted, you should make a copy and store it somewhere secure, such as a USB

74 LXF196 April 2015 www.linuxformat.com Encryption Tutorial

Pros and cons of ecryptfs

Ecryptfs has a number of advantages over LUKS/ Directory Ecryptfs can also be used on mitigated (at the expense of security) by having dm-crypt: system directories and swap, with a suitable ecryptfs not encrypt filenames. Back up to cloud As the encryption is at file fstab entry, but it will prompt for a passphrase. Large files Because each file is encrypted level, you can backup your .Private directory to a Login to read A user's data is only available separately, the files all increase in size, which can cloud service or external drive without worrying when the user is logged in, and even then be significant with a large number of small files, about your data being accessible to others. ecryptfs defaults to making it only readable by like an email or browser cache. Just make sure you backup .cryptfs and your that user (and root, of course). Not cross-platform Ecryptfs is Linux only, passphrase some separate and secure. There are, however, some disadvantages too: using features of the kernel, which won’t be a Multi-user security Ecryptfs can encrypt Many files It is slower dealing with directories problem for everyone. As far as we are aware, directories separately for each user. containing many files, although this can be there’s no reliable way to read Windows files.

key nowhere near your computer: ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase >/somewhere/safe/ecryptfs_passphrase Now you can mount and unmount your private data with these commands, or use the desktop icon it provides. ecryptfs-mount-private ecryptfs-umount-private This creates a single, encrypted directory in your home, but what if you want more? Let's say you want your Documents and Accounts directories encrypted but see no point in encrypting Photos or Music (why waste time decrypting large files that hold nothing private). The easy answer is to move the directories into Private and create symbolic links back to their original locations, like this: mv Documents Private If your distro ln -s Private/Documents Documents directory may seem to be to install Ubuntu and choose that does not permit Make sure Private is mounted when you do this, then your option. There are a couple of reasons you may not want to do root login, like files will only be available when the ecryptfs filesystem is this: you may use a different distro or you may already use Ubuntu, create mounted, otherwise it will just show up as a broken link. Ubuntu but don't want to start again with a new installation. a spare user with admin rights There’s a single command that will convert your entire when encrypting home directory to ecryptfs, but there are a couple of caveats. Automatic mounting your home You give your login password to unlock the ecryptfs You must have no files in use in the home directory, which directory. passphrase to mount the filesystem (you can use the -w means that the user mustn’t be logged in, and you need free option to ecryptfs-setup-private if you want to use an space of up to 2.5 times the current size of yourhome independent password) so you may be asking why when directory for the conversion process (mainly because you've already just given a password to login, you need to give encrypted and unencrypted copies of your files are stored it again to mount your private files? This is a valid question, until the job is done). So log out and log in as another user if you know it once, I'm sure you can remember it again a few with admin rights then run: seconds later. If you prefer, you can have your Private sudo ecryptfs-migrate-home --user directory automatically mounted when you login (and After the process completes, you must log in as that user unmounted when you logout), thanks to the magic of PAM. before rebooting, to complete the setup and make sure As root, insert this line into /etc/pam.d/common-auth: everything is working. Once that is done and you have verified auth required pam_ecryptfs.so unwrap that your files are there and readable, you can delete the and this one into /etc/pam.d/common-session: original unencrypted files that are still in /home/user.some_ session optional pam_ecryptfs.so unwrap random_string. Be aware that deleting that directory does Now PAM will mount your ecryptfs home directory when not remove all of your unencrypted data from your hard drive, you login. This will not happen if you have auto-login enabled, only the directory table. To be fully secure, you should otherwise you would have no security at all. overwrite all unused space with random data. dd if=/dev/urandom of=somefile bs=4k Encrypted $HOME rm somefile If all of this looks a little familiar, that is probably because you This creates a file of random data that fills the drive and have used the encrypted home directory feature in Ubuntu, then deletes it to return the space to you. which also uses ecryptfs. But this a standard kernel feature Whether you use ecryptfs-setup-private or ecryptfs- not restricted to one distro (ChromeOS also uses ecryptfs migrate-home, you should use ecryptfs-unwrap-passphrase behind the scenes). Ubuntu doesn't just set up a Private to save the passphrase to a safe place. If you don’t keep a copy directory when you install it, but it encrypts your entirehome of your passphrase, you won’t be able to access your data if directory. So the simplest way to get a fully encryptedhome the .ecryptfs directory is lost or damaged. LXF

If you missed last issue Call 0844 848 2852 or +44 1604 251045

www.tuxradar.com April 2015 LXF196 75 TutorialPower Xxxx management Using suspend, hibernate and Wake on LAN Power: States and governors Jonni Bidwell dabbles with the many facades of managing power in Linux.

Unfortunately, motherboard manufacturers were not particularly adept at adhering to these standards, which was largely fine if people used the protocol-deviant Windows drivers provided with their motherboards, but it led to a world of pain for users of other OSes. Besides compliance issues, Our ACPI itself has come under fire, Linus in particular decried it expert as "a complete design disaster in every way" in 2003 (as is his way, he further advised any Intel employee having a hand Jonni Bidwell in it to "shoot yourself now, before you reproduce"). His is – mostly – still in his hibernatory objections stemmed from, besides it being a generally messy winter state. The and overly complex system, the way that it requires AML motherboard of the cursed Linux bytecode to be run unchecked by the kernel. The ASL (ACPI box abandoned Source Language) code which gives rise to this bytecode may unto him at LXF not be available, which makes debugging a pain. Towers is resolute in its ACPI- uncompliance. Buggy BIOSes The 2.6 series kernels heralded a new era of ACPI support, early (pre-2001), buggy implementations were blocked, and, in theory, a typical Linux PC circa 2004 could understand the six Power Sleep states S0-S5, Device states, Processor and Performance states. This was particularly helpful on laptops (which had recently become affordable and portable), whose users were able to at once conserve battery life and obviate lengthy boot times, courtesy of Suspend to RAM/Disk. New t one stage, power management on Linux was processors brought ACPI innovations into the server room regarded as a bit of a joke. And we're not talking too by throttling or powering down idle machines, Aquirks with relatively advanced features such as temperatures and bills were lowered. hibernate and suspend – oh no, it used to be that a simple Unfortunately buggy BIOSes persist, particularly on shutdown -h now could, rather than gracefully power off the machines older than five years, so if you do run into issues, system, send it into some nightmarish limbo state, whence it's worth checking if an updated BIOS is available from your one's only recourse was to hard reset the machine. Upon motherboard manufacturer. If this doesn't solve your problem starting up the unfortunate machine, one might have to and you feel like an adventure, then read up on repairing endure a lengthy fsck (we're talking back in the pre-journal buggy DSDT tables. The wiki page is a good place days), which may unearth corrupted data. Worse still, hard drives could end up damaged following the whole ordeal. While these days are, for the most part behind us, many people still run into other difficulties with power management. There are open standards which govern power management (also hardware discovery), namely the ACPI (Advanced Configuration and Power Interface) BIOS standard developed by Intel, Toshiba and Microsoft, and first released in 1996. ACPI replaced the old and no longer fit for purpose APM (advanced power management), which provided a rudimentary bridge between BIOS and the OS. An ACPI- aware OS is, among other things, able to react to button or lid events, triggering shutdown or standby states. Thus Windows 98, the first such OS, could do away with the ‘It's now safe to This is what a broken DSDT looks like, the spec is rather turn off your computer’ shutdown screen of its predecessor. fussy about the length of identifiers.

76 LXF196 April 2015 www.linuxformat.com Power managment Tutorial

Ice ice, baby

Enhanced suspend and hibernate functionality Arch Linux users can use the linux-ice TuxOnIce allows for nice progress bars to be is provided by the TuxOnIce kernel patchset. package from the AUR, others will want to grab displayed through the framebuffer layer during Power: States This allows, among other things, more control the patch from www..net and follow hibernate and resume. This is achieved through over the hibernate image: such as where it's their distribution's instructions for compiling the fbsplash and tuxonice-uerui packages. stored, compression and the ability to encrypt it. custom kernels. On non-Ubuntu systems, some It also allows you to interrupt the suspend/ If you use the Ubuntu distribution then you additional setup is required, and this is very resume process or force a reboot. The TuxOnIce can add the TuxOnIce PPA and install the kernel much distro-dependent. This is mostly team also maintains hibernate-script a wrapper like this: concerned with tweaks to the initramfs/initrd – which provides easy access to both its own and $ sudo add-apt-repository ppa:tuxonice/ppa the initial harness which Grub loads for the uswsusp's hibernate back-ends. This means you and governors $ sudo apt-get update kernel. It needs to have resume support as well can use the hybrid Suspend to Both state, which $ sudo apt-get install tuxonice-userui linux- load the lzo module so that decompression resumes quickly from RAM if the battery generic-tuxonice linux-headers-generic-tuxonice can happen. survived the break or slowly from disk otherwise.

to start https://wiki.archlinux.org/index.php/DSDT, but Sometimes the since the table needs to be embedded into your kernel image, DPMS settings you'll need to be au fait with kernel compilation. The kernel's shown in xset documentation provides some good advice for debugging will be clobbered hibernate and suspend issues, too (see http://bit.ly/ by your desktop. Here, Unity BasicPMDebug). has taken All ACPI functionality used to be controlled by the acpid responsibility daemon, but much of it is now provided by either your for turning off desktop environment or . For the latter, you can the screen. specify what happens when you close your laptop's lid, push the power button etc, by editing the file /etc/systemd/ logind.conf. The relevant options and actions are largely self- explanatory: HandlePowerKey=poweroff Quick HandleSuspendKey=suspend HandleHibernateKey=hibernate tip HandleLidSwitch=suspend If you run into HandleLidSwitchDocked=ignore difficulties (eg no graphics after the Of course, if you want to test things the grown-up way system is resumed then you'll need some command-line fu. In particular, you can from RAM), check trigger power changes by writing directly to the /sys/power/ out the uswsusp state interface. For example, to enter the suspend (S3, STR) package which allows further state, issue the following (as root): though: If a kernel update is applied, and then you hibernate customisation of # echo mem > /sys/power/state your machine, and then resume it, then the new kernel will get the suspension Besides mem, you can also enter the slightly more power- very upset with the resume image. So don't hibernate process. It allows hungry but faster-resuming freeze (S1) or standby (S2) following kernel updates. you to tweak states. Use disk to enter the hibernate (S4) state. For this to graphics card settings pre- and work you'll need to have a sufficiently large swap partition, Who’s the governor? post-resume, as well since your RAM contents are going to get dumped here. They Modern processors (and even 12-year-old Athlon XPs if you as providing support will be compressed, so even if your swap partition is smaller have an nForce 2 motherboard and some time on your for encrypted than your quantity of RAM it’s still possible for this to work. hands) all support some degree of frequency stepping. This is images. The machine will shutdown (S5) once the hibernate image is enabled (usually by default) in the BIOS. Intel's incarnation of written, so in order for it to resume we need to tell the kernel this is dubbed Enhanced Speedstep and AMD's goes by Cool where this is located. This requires adding an option such as and Quiet, or PowerNow. The idea is that, when feasible, the resume=/dev/sda2 processor is slowed down and core voltages dropped (in as a kernel parameter, where sda2 is your swap partition. some cases cores are powered off entirely). This means that You can use the more robust (also more lengthy) UUID of said system temperatures will drop, and, in turn, that fans can be partition here, if you prefer. To effect the changes, as root add slowed down and energy bills significantly reduced. Control the desired option to GRUB_CMDLINE_LINUX in /etc/ of this mechanism is done through the kernel's CPUFreq default/grub and then run grub-update. subsystem, and is generally set up by default. Different It is worth looking at pm-utils which is a collection of profiles, which are called governors, are available to suit wrappers around the kernel's (or TuxOnIce's or uswsusp's) various situations. You can check which one is active on your powerdown machinations. It provides workarounds for system with: various motherboard quirks, as well as the ability to unload $ cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_ troublesome modules prior to suspending. A word of warning governor

Get print and digital subs See www.myfavouritemagazines.co.uk/linsubs

www.tuxradar.com April 2015 LXF196 77 Tutorial Power management

For a desktop system the default ondemand governor is frequency, which could be achieved with something like: generally the best choice – it will keep the frequency at its # cpupower frequency-set -u 1600MHz lowest until the CPU is stressed, then it will be raised as high You can examine the frequencies that are supported by as necessary, until the panic is over. your CPU with: The governor is very responsive, capable of changing the $ cpupower -c 0 frequency-info frequency hundreds of times per second, so you won't notice where the -c option determines a particular CPU core. any latency when more megahertz are required. However, you It’s possible to set frequencies on a per-core basis too. In the might notice some slowdown if you have a particularly event that this command returns unexpected results, eg that variable workload, heavy compilation jobs for example, where your CPU can only operate very much slower than its the bottleneck oscillates chaotically between CPU and disk marketed frequency, then you'll probably want to investigate I/O operations . The other governors are: performance if a BIOS upgrade is available, particularly on older hardware. (keeps the CPU at its maximum frequency), conservative As mentioned earlier, manufacturers sometimes aren't very (switches frequency gradually, higher latency than good at adhering to standards, which in this case results in ondemand), and powersave (lowest frequency). The latter the BIOS reporting inaccurate frequencies. If no update is might be something of a misnomer under heavy workloads available and you're happy to have your CPU running at full though, since it would be more energy efficient to process speed all the time, then you can always disable Speedstepet these faster, rather than labour the CPU. The active governor al in the BIOS. can be changed by writing to the /sys entry above as root, If you install Intel's powertop program then you can see for instance: how much time has been spent in each frequency. Powertop $ sudo -i also shows which programs are generating the most wake- # echo performance > /sys/devices/system/cpu/cpu0/cpufreq/ ups, and can even tune various and diverse power- scaling_governor management settings through the /sys interface. Running Besides these, you can also set the scaling governor to # powertop –html=powerreport.html userspace, which isn't really a governor in itself, but rather will generate a report showing this information. indicates that a userspace program will manipulate frequencies. Such a program is cpupower, which (replacing Wake ‘n’ bake the deprecated cpufreqd) allows you to set custom minimum The system can be re-animated from the suspend or hibernate and maximum frequencies. In general, it's not necessary to states by keyboard or mouse activity. With well-behaved install this, but you may want to do so nonetheless. hardware though, one can also wake a remote machine by For example, on old laptops it's common that too onerous a sending a so-called magic packet via the LAN. Note: this can workload will cause overheating and the BIOS to lock the CPU work with specific wireless adaptors, but it’s a hit and miss into a cripplingly low-powered state. In this case it’s affair, so we’re concentrating only on wired WoL here. The first convenient to preclude the CPU reaching its maximum thing to check is that WoL is enabled in the power settings of

The idlewatcher component of LXQt’s power management seems to be something of an attention seeker. Oh, the irony.

Get print and digital subs See www.myfavouritemagazines.co.uk/linsubs

78 LXF196 April 2015 www.linuxformat.com Power management Tutorial

your BIOS. Then install ethtool and check that your adaptor There are many (call it eth0) supports WoL: Wake-on-LAN $ ethtool eth0 | grep Wake apps for Android, Supports Wake-on: pumbg but getting Wake-on: b magic packets from the outside The first line shows the type of packets which the adaptor world into your can respond, in this case: PHY, Unicast, Multicast, Broadcast home network is and maGic packet activity. For WoL to work, we need this to non-trivial. be set to the latter. If this is not the case, make it so with: # ethtool -s eth0 wol g This setting won't survive a reboot, so if you needed it permanently you'll want to add this command to your startup somewhere, either as a post-up networking script or through a rule. For the udev route, create a file/etc/udev/ rules.d/50-wol.rules with the contents: ACTION=="add", SUBSYSTEM=="net", KERNEL=="eth0", Quick RUN+="/usr/bin/ethtool -s %k wol g" tip You'll need the MAC address of the target machine, since magic packets operate below the IP layer. This is a 12 Owners of modern Intel CPUs (those hexdigit identifier which you can easily find out from: bearing the # ip link Core , i5 or i7 Waking up the target machine will require a WoL designations) will application to be installed on the host machine. One such tool probably want to is provided by the wol package and you can also find tools for check out the i7z program which Android and various other operating systems allows manipulation Having installed wol and got everything set up then of the advanced hopefully you may awaken a slumbering machine with P-states afforded # wol aa:bb:cc:dd:ee:ff by these chips. Mmm, chips. substituting for your target machine's MAC address. It's good practice to specify the machine's hostname or IP address with the -i option. ARP magic Magic packets can, in theory, be sent across the internet too – they are usually sent as UDP datagrams to port 9, some routers, however, will have difficulty dealing with them. Forwarding traffic on UDP port 9 to the target machine's IP will not suffice, since our machine will not be stirred by these If you are able to set this up, then the machine may be Next issue: high-level noises. Instead, the router must be configured to switched on remotely using the external IP or hostname Apache forward this traffic to the broadcast address of the internal assigned to your router (dynamic DNS services, such as network (eg 192.168.1.255), and many devices don’t permit duckdns.org are useful here) and the target machine's made easy this. It’s possible to work around this if you have shell access MAC address: to your router, for example if it's running DD-WRT or Tomato $ wol -p 9 -i EXTERNAL_IP_OR_HOSTNAME or something similar. The trick is to add an ARP entry with an aa:bb:cc:dd:ee:ff unassigned IP address to the relevant interface, with the And that concludes our tour of power management. It was reserved broadcast MAC address FF:FF:FF:FF:FF:FF like this: once a fragmented system, plagued by buggy hardware, and # arp -i br0 -s 192.168.1.254 FF:FF:FF:FF:FF:FF in many ways it still is. But it mostly works nowadays. Just not and forward WoL traffic to this imaginary host. on Jonni's computer. LXF

DPMS explained

All this fancy watt-saving is all well and good, but power usage or increasing resume time. Option "StandbyTime" "45" sometimes you need your machine, but not your Some monitors don't recognise the difference Option "SuspendTime" "55" monitor to stay on. The voodoo that controls the between the first two. Option "OffTime" "60" display's alertness is called DPMS (Display If you're using a fully-featured desktop EndSection Power Management Signalling), the voodoo that environment (or even a minimal one like the Where the timeouts are specified in minutes. makes the screen blank right before you want to newly-released LXQt 0.9,(pictured, p78), then You can verify your settings by running xset q, use it, is one of life's great mysteries. In the you'll be able to manipulate these settings if they're not what you expect then it's possible majority of cases, some kind of screen blanking graphically, but otherwise you can change them that a screensaver is overwriting your settings. will work out of the box (even without an X by adding a file, say /etc/X11/xorg. The multi-talented xset can deal to that with a server running), but it may not be just to your conf.d/12-dpms.conf having the form: simple xset s off. You can also use it to liking. There are three gradations of sleep: Section "ServerLayout" experiment with the different sleep states, eg: Suspend, Standby, Off in order of decreasing Identifier "ServerLayout0" $ xset dpms force standby

www.tuxradar.com April 2015 LXF196 79 TutorialNetworking Xxxx Build a home gateway that gets packets to where they need to go Router: set up a gateway Jonni Bidwell throws down some iptables rules and, receiving no reply to his concerns about the temperature in the office, makes his own hotspot.

Our expert Jonni Bidwell is shocked to learn that a computer in Leicester has control over the temperature at LXF towers. Today the temperature, tomorrow the minds of the content and marketing team. A bridge too far. We’re not meant to mess with Future Towers’ networks, but brctl makes it easy.

just be paranoid and want to install some additional firewalling for a small internal network: you could only allow certain traffic, or force all traffic to be routed via a VPN. You can even install [see LXF191] on the gateway machine and check out how much Internet chatter comes ou probably have at least one router in your house. out of the devices connected to it. They perform the not insignificant task of routing We'll cover setting up a wireless gateway later, but for now Y data from one network, eg the internet, to another, assume we've got some computers that aren't connected to such as your home wired/wireless network. While in theory the external network, and one computer (the gateway) that is. you could build on this tutorial and replace the box your ISP We'll assume all of these computers are connected by wired gave you, it's probably not the best idea – getting a Linux box connections to a switch and that the gateway machine is with a DSL or ADSL modem in it to talk to your ISP can be happily talking to the internet (either wired or wirelessly – tricky. Besides, many of these hubs already run Linux, and for now we're just assuming that the internal network isn’t many more allow you to install a DD-WRT or OpenWRT image, connecting wirelessly to the gateway, this requires some extra both of which handle much of the ugliness for you. So why configuring that we'll cover later). this article then? There's lots of other routing that useful! Quick Suppose your wireless card breaks, or needs some new Setting up IP addresses tip firmware, leaving you without connection or a long enough The first thing we need to do is get the machines talking to Simple traffic patch cable to reach the router. Certainly you could replace each other, which requires getting their IP addresses set up routing doesn’t the broken hardware or download the files from another nicely. We won't deal with IPv6 in this tutorial (but soon my require a powerful machine, but that's hardly cricket. Instead, why not have a pretties), since most home routers still work with IPv4 and it's CPU, but if you're anticipating a lot of handy, portable, lifesaving gateway machine around, that can, simpler to keep our protocols homogenous. Your distro may traffic you'll want to via a simple cable, feed the starving machine the have progressed to kernel-generated persistent names for make sure you've a network it so desires? You could even connect several your network devices, in which case your wired and wireless Gigabit adaptor in machines this way via a simple switch – only the gateway devices will, have names such as enp0s327 and wlp999, the gateway and a machine needs to be able to see the internet, or whatever respectively. Or you may still have the old-style, human- gigabit switch. external network you want to share access to. You may also readable names, such as eth0 and wlan0. We'll just refer to

80 LXF196 April 2015 www.linuxformat.com Networking Tutorial

Router/xDSL modem Thanks to 192.168.1.127 the miracle of NAT, packets Ext0 Wired/wireless link can traverse 10.0.1.254 Int0 the murky marshes of our internal network, negotiate all Switch kinds of perils in the 192 plains and soar amongst the cloud birds of the internet wider internet.

10.0.1.128 10.0.1.129 10.0.1.130

the external interface of the gateway (eg the one connecting Installing dnsmasq will just be a matter of to your ISP-supplied router) as ext0, and the internal interface $ sudo apt-get install dnsmasq Quick (the one connecting to the switch) as int0. So you'll have to or whatever is your distribution's equivalent command is. tip make your own substitutions. This will install a heavily-commented /etc/dnsmasq.conf file Basic forwarding, RFC1918 provides a few standard IPv4 addresses that can which we shall tweak to our requirements. It's good practice routing and only be used for internal networks, eg 10.x.x.x, 172.16.x.x, to add the following lines right after their commented masquerading can now be carried 192.168.x.x, so let's go with the first format. We can be a bit equivalents, so that options are sensibly grouped. We'll first out via systemd's more specific here, so let's stipulate that all our internal IPs set up our ersatz DNS server to listen to requests from our networking are in the form of 10.0.1.x. This is usually written 10.0.1.0/24 fledgling internal network. Add the following line to /etc/ daemon, networkd. ie a 24-bit netmask (255.255.255.0). We'll set up the gateway dnsmasq.conf: Is nothing sacred? machine's Ethernet interface manually, with the static IP listen-address=10.0.1.254 We're taking bets on what its next address 10.0.1.254. Depending on how your machine is set We'll also set up our DHCP server while we've got this file trick will be. Our up, this might be achieved through Network Manager, the open. It's going to allocate addresses in the range 10.0.1.128 money's on Siry- ifconfig or ip commands, making a netctl (Arch Linux) script, to 10.0.1.253, this way addresses with a lower final octet can stemd: "Siry, can I editing /etc/network/interfaces (Debian). Whatever you be reserved for machines on the internal network which need have my init scripts back, please?" choose, it should be straightforward, and also not interfere static IPs. It’s also possible to have DHCP assign specific No! – ED. with the gateway machine's existing internet connection. addresses to specific machines based on their MAC address, We could do this for all the machines on our network, but using the dhcp-host option: it's easier to use the dnsmasq program, which provides a dhcp-range=10.0.1.128, 10.0.1.253, 12h simple DHCP server to allocate addresses. This program will Now start the dnsmasq service with also be useful later since it will enable the gateway machine to $ sudo systemctl start dnsmasq masquerade as a DNS server (hence the program's name). or if you're not running systemd:

Hotspots with hostapd On Debian (and friends) sudo apt-get install Before we proceed any further, make sure that max_num_sta=5 hostapd will install, besides the hostapd you know the name of your wireless interface rsn_pairwise=CCMP program, a gzipped sample configuration file (you can check this with ifconfig). For this wpa=2 which you can peruse with: section we'll refer to the wireless network as wpa_key_mgmt=WPA-PSK $ zcat /usr/share//hostapd/examples/ wlan0 and the wired external network as eth0. wpa_pairwise=TKIP CCMP hostapd.conf.gz | less A basic WPA2 password protected network is The driver option might require some trial Other distros will install a similar file, probably set up with the following /etc/hostapd/ and error – most hardware will work with the in another place. This file is heavily commented hostapd.conf file: nl80211 driver, but you might need something and gives examples for setting up all manner of ssid=LXFwireless else here. Test your hostapd configuration using access points. We'll only need a few options to wpa_passphrase=secret passphrase the following: get our hotspot up and running, so rather than interface=wlan0 $ sudo hostapd -d /etc/hostapd/hostapd.conf edit the example file, we'll start afresh. Hostapd auth_algs=3 If you don't see any errors, then try and needs to know where to find this file so edit channel=6 connect to your hotspot with your phone. /etc/default/hostapd and add the line: driver=nl80211 It probably won't get anywhere since there’s no DAEMON_CONF=”/etc/hostapd/hostapd.conf” hw_mode=g DHCP service at this stage, but you should at This is a sane place to put the file and may logger_stdout=-1 least be able to authenticate. We'll get DHCP for already be the default on your distribution. logger_stdout_level=2 free once we set up our network bridge.

If you missed last issue Head over to http://bit.ly/MFMissues now!

www.tuxradar.com April 2015 LXF196 81 Tutorial Networking

$ sudo service dnsmasq start most distros will, by default, allow all packets to be forwarded, Now set all the other internal network machines to use as well as allowing everything else. We will need to set up NAT, DHCP on the local network and you should discover two so that traffic coming out of ext0 can find its way back to int0. things: That the internal network machines can all ping each This step changes the packets' source addresses to our other (by IP address, once you've figured out who's who) and, gateway's IP, and keeps track of the connection so that, as if further, that while they can’t ping the outside world, they can by magic, any responses are forwarded to the correct at least perform name resolution. Dnsmasq will cache queries machine on our internal network. too, which saves a few milliseconds, should you query the $ sudo iptables -t nat -A POSTROUTING -o ext0 -j same address more than once. When the client machines MASQUERADE obtain a DHCP lease, dnsmasq will push the required gateway A more robust approach here is to use SNAT (Source and DNS settings automatically, and the clients' /etc/resolv. NAT) instead of MASQUERADE. This is conditional on the conf files will be updated accordingly. ext0 interface on your gateway having a static IP, though. Note that this has nothing to do with how your ISP assigns IP Packet forwarding addresses, merely how you set up your gateway machine's In order to get traffic flowing we need to set up packet ext0 interface. Using the following line instead means that forwarding and NAT (Network Address Translation). The first NAT-ed connections can better survive link loss: thing to do is to enable packet forwarding in the kernel. $ sudo iptables -t nat -A POSTROUTING -o ext0 -j SNAT You can do this through the /proc interface like so: --to-source 192.168.1.127 $ echo 1 > /proc/sys/net/ipv4/ip_forward If ext0 does not have the IP address above, then this won't To make this persist across reboots depends on your work, funnily enough. The reason this doesn't work with a distro – some still use the /etc/sysctl.conf file, so add: variable address is that if the link is interrupted then it's net.ipv4.ip_forward=1 possible that upon reconnecting ext0 is assigned a different Some (Arch and derivatives) have deprecated this file in address. The MASQUERADE target just forgets everything in favour of individual fils in /etc/sysctl.d/. If this is you create a the event of link loss, so connections can be safely (but file, say /etc/sysctl.d/40-ip-forward.conf, and add the slowly) re-established via the new address. above line to it. That tells the kernel that forwarding is allowed, If you're running services on your internal network, and but we still have to stipulate the whences and wheretos. We'll you want these to be accessible from the external network, use some good old fashioned iptables rules to do this. It's then you must set up port forwarding, eg if you have an SSH certainly possible with the newer framework [see server running on the machine 10.0.1.1, in order for externally Administeria, p54, LXF185], but with every distro running a networked machines to see it, they'll need to connect via the different version, and it still being quite new code, we won't do gateway machine 192.168.1.254. Since you might have an that. Since we're assuming our gateway machine is behind SSH server running on the gateway already, we'll forward its another gateway (that connects to your ISP), we needn't TCP port 2222 to port 22 on the internal machine: worry too much about security. So we can tell iptables to $ sudo iptables -t nat -A PREROUTING -i ext0 -p tcp --dport forward packets from the outside to our internal network: 2222 -j DNAT --to 10.0.1.1:22 $ sudo iptables -A FORWARD -i int0 -o ext0 -j ACCEPT Now you can connect from the external network by If you haven't previously added any iptables rules of your pointing your SSH client at your gateway's port 2222. If you own then its very likely you won't need the previous line – wanted to connect from the outside world, then you could add another rule which forwards traffic from your primary router to our gateway machine's port 2222. Once you've got everything working it's good to save your iptables rules. Each distro does this slightly differently, but ultimately rules are saved to a text file with: $ sudo iptables-save > /etc/iptables.rules Some distributions will auto-magically restore firewall rules from this file, others require to be told. Species of the Debian lineage, for example, would require the following line to be added to /etc/network/interfaces: pre-up iptables-restore < /etc/iptables.rules Cutting cords Sometimes it's desirable to make your router accessible wirelessly, so that your mobile devices can connect to it. This is particularly useful if you find yourself using said devices in areas of your house with poor wireless coverage: Your gateway machine may be connected to your ISP- supplied box via Powerline Ethernet, and situated in or around the blackspot, bringing light to the darkness. It is also possible for this to work if there is a wireless link instead of a Powerline one, so that we have a simple wireless repeater. This may This is what a successful WPA2 handshake should look like, but our hotspot require two wireless cards in the gateway machine though, fails to make it warm in here [see Hotspots With Hostapd, p81]. since some cards cannot be access points and clients

Never miss another issue Subscribe to the #1 source for Linux on page 34.

82 LXF196 April 2015 www.linuxformat.com Networking Tutorial

Router/xDLS modem eth0 192.168.1.127 br0 Wired link wlan0

The bridge connects our wired and wireless interfaces, meaning wireless 192.168.1.100 192.168.1.101 clients can be part of the 192 fun too

simultaneously. Furthermore, some cards lack Linux support A network bridge amalgamates two disparate interfaces for Access Point mode entirely. To check the capabilities of (eg our eth0 and wlan0) into a single interface, which in our your wireless adapter use the iw tool (sudo apt-get install example will be br0. Traffic will flow unimpeded between the iw, if you don't have it). Running two interfaces, and machines connected to our wireless $ iw list hotspot will behave exactly as if they were connected to the will show you everything you could possibly want to know same network as eth0. Hopefully, anyway. The first thing we'll about your wireless devices. Check the ‘Supported interface need to sudo apt-get install bridge-utils, or equivalent. modes’ section and ensure that ‘AP’ features somewhere. Then we create a new bridge with For a repeater set up you'll want to check ‘valid interface $ sudo brctl addbr br0 combinations’ for ‘AP, mesh point’. Bear in mind that mesh and then add our wired interface to it with: Next issue: protocols haven't yet been standardised so we won't try and $ sudo brctl addif br0 eth0 cover them here. You'll need to be sure your wireless driver We can't add the wlan0 interface to the bridge without Zentyal supports 4-address frames if you want to have a go. first starting our access point, since only devices in so-called server promiscuous mode can be bridged. We can automate this by Building bridges adding the following line to our hostapd.conf: So let's reverse our previous setup – we'll have an internet- bridge=br0 facing wired connection to the gateway machine and we want Now we can test our access point by starting the service: to set up a local wireless network which provides access to $ sudo service hostapd start this. In the previous section we used NAT to direct traffic Replace with systemctl start hostapt if you're using between the internal and external networks, for this part we'll Systemd. If everything works then enable the service. You can show you the alternative: network bridging. In many ways this recreate the bridge setup in Network Manager, or by is easier to understand than NAT, since it effectively unifies modifying /etc/network/interfaces. the two (or more) networks – providing a transparent bridge And that concludes our foray into the world of bespoke over which traffic flows unimpeded. However, the NAT routers. We've covered two different set ups, but don't be approach is a little more flexible and provides more granular afraid to mix and match if you require, all these technologies control, so you may prefer to use it again. will work together where it makes sense. We'll also be Whatever your preference, the first task is to install and covering replacing the firmware on your home router with configure the hostapd package (see the Hotspots With Linux one of these days. For now we're all huddled round an Hostapd box, p81). overclocked Raspberry Pi for Wi-Fi warmth. LXF

Anonymising gateway

A nice thing about this setup is that any routing Then you can set up any applications running on traffic travels via tun0, redirecting everything beyond the gateway machine propagates trivially our internal network to use that proxy. A more through the VPN. If you have already successfully to our internal network. So if you have your passive approach is to set the gateway machine set this up on your gateway machine, then all gateway machine's traffic routed through a VPN up as a transparent proxy or an isolating proxy, that is required is a small addition to our or To r , then so can all our internal network traffic. but this is beyond the scope of this little box. NAT rules: Installing To r is straightforward, the default config You may subscribe to a commercial VPN $ sudo iptables -t nat -A POSTROUTING -o sets up a SOCKS proxy which you must connect provider, or even be running your own OpenVPN tun0 -j MASQUERADE your applications to. You can make this proxy server somewhere on the internet. Either way, Since VPN traffic travels through the tun0 available to the internal network by adding a line, connection is usually achieved by setting up a interface, this line ensures that it can still find its such as SOCKSPort 10.1.0.254:9050 and TUN device (usually called tun0) on the client way back to the internal network. As before, you TransPort 10.1.0.254:9040 to /etc/tor/torrc. end. The routing table is then modified so that all can use SNAT here if ext0 has a static IP.

www.tuxradar.com April 2015 LXF196 83 System coding System coding: the Linux kernel Dr. Chris Brown kicks off a new series on systems programming, surely the most fun you can have without taking your clothes off.

space programs through a set of tightly defined entry points known as system calls. At the last count there are around 350 of these and they provide services ranging from accessing files to creating processes and network sockets. It’s this system call interface that’s the focus of these tutorials. Now it turns out that programs don't make system calls Our directly, they do so via thin 'wrapper' routines in the standard expert library, glibc [see diagram, p85]. Taking the write() call as an Dr. Chris Brown example, there's a little function called write() in glibc that provides Linux simply marshals the arguments in the right way and does the training, authoring little bit of magic necessary to make the jump into kernel and consultancy. He finds his Ph.D. space. As another example, consider the familiar printf() in particle physics routine. This isn't a system call; all the fancy formatting it to be of no help in this work at all. does occurs in . It (presumably) eventually calls write() to actually push the resulting byte stream out. Other library routines, such as sqrt() for example, operate entirely in user space and return their result to the program without ever diving in to the kernel. The waters sometimes get a little muddier. Things that used to be system calls in unix, such as exit(), have become library routines in Linux, calling down to even lower level system calls that you're not expected to invoke directly. But to be honest, as a you don't much care whether something is a system call or a library routine, except that the e’re going to look at the Linux kernel through a system calls are documented in section two of the man pages programmer's eyes, in this series. We'll be and library routines are in section three. So Wexamining the system calls that allow our $ man 2 write programs to obtain services from the kernel, and also some gets you the man page for the write() system call, whereas of the interesting bits of the standard library. Traditionally, $ man 3 printf these things are done using C, but C is not the only language gets you the printf library routine. to expose the system call interface, and to prove the point, To get started, we're going to look at four (yes, four) ways we'll present some of our examples in Python. Along the way, to copy a file. Here's the first one. It demonstrates direct use we'll develop a few simple programs ranging from a shell to a of system calls and the lowest level approach of the four: web server. 1. /* Trivial file copy program using low-level I/O */ 2. Kernel space and user space 3. #include To get started, let's talk architecture for a moment. As you 4. #include know, the kernel is the real heart of Linux. It provides services 5. #define BSIZE 16384 such as memory management, process , the file 6. system, and the TCP/IP network stack. It implements access 7. void main() controls based on process identity and file permissions, and 8. { also provides the modules (sometimes called device drivers) 9. int fin, fout; /* Input and output handles */ that manage the actual hardware. All of this software runs in a 10. char buf[BSIZE]; privileged processor mode. We call this 'kernel space'. All 11. int count; other programs – the shell, command line tools, graphical 12. apps – everything, run in an unprivileged mode. We say they 13. if ((fin = open("foo", O_RDONLY)) < 0) { run in 'user space'. The kernel provides its services to the user 14. perror("foo");

84 LXF196 April 2015 www.linuxformat.com System coding

Application Program sqrt() printf() The User Linux space Write() virtual Runtime machine Library Write()

The Linux Kernel System calls provide the entry Kernel points from user Space space to kernel I/O Network space. In reality, CPU Memory Disk all system calls Ports Interface are made via library wrappers.

15. exit(1); we're going to use during the copying process. Choosing a 16. } large number here will speed things up by reducing the 17. if ((fout = open("bar", O_WRONLY | O_CREAT, 0644)) < number of read() and write() calls the program will make, and 0) { choosing a multiple of the file system's block size (typically Quick 18. perror("bar"); 4k) will also help. The buffer is actually declared at line 10. tip 19. exit(2); The main() function at line 7 is the entry point of a C The best book on 20. } program. At line 13 we meet open() – our first system call. this stuff is The 21. while ((count = read(fin, buf, BSIZE)) > 0) The first argument "foo" is the input file name; it's a relative Linux Programming 22. write(fout, buf, count); path name (it doesn't start with a ‘/’) so Linux will interpret Interface by 23. the name relative to the current directory that the program is . It’s head and shoulders 24. close(fin); running in. Alternatively I could have used an absolute path above the others, 25. close(fout); name like "/home/chris/demo/foo". Now, open() returns a but at 1,500 pages, 26. } ‘file handle’ (a plain old integer) which we assign to fin. Hard- the word 'tome' This program illustrates five system calls: open(), read(), wiring the file names into the code is clearly dumb; later in the comes to mind. write(), close() and exit(), and one library routine, perror(). series we'll see how to pluck these from the program's There's quite a lot going on here and we'll dissect the code in command line. detail. Lines 3 and 4 include a couple of header files. Typically, these contain function prototypes and definitions of symbolic Exceptions and failures constants (such as O_RDONLY in this example). How do you If you're coming from .NET or Java, you're used to having know what files to include? The man pages will tell you. (See methods raise exceptions when they run into trouble. The Reading the Man Pages, below.) The compiler will throw up Linux system call interface doesn't use exceptions; instead, errors if you omit a header file, but it won't tell you which calls like open() which normally return a positive integer will you've forgotten. At line 5 we define the size of the buffer return -1 to indicate an error, for example if the file "foo"

The 2 means it's a system call – Reading the man pages 3 means it's a library routine.

The man pages that describe the system Here we're consuming 10 bytes from file calls can be a little intimidating, and you descriptor 0 (standard input). Well, the need to understand how to read them. The types all match up with what the man page annotated screen shot of the man page for says, and the code compiles OK. The You should include read() should help, but I want to make one problem is that p isn't actually pointing to this header file point clear: the line of code you see in the an allocated buffer! We need to either man page is not an example of a call to the allocate the buffer at compile time, or function; it's the function's prototype. For allocate it at run time like this: example, you might be tempted to write: char *p; void *p; p = malloc(10); read(0, p, 10); read(0, p, 10); Function prototype tells you the types of the parameters and the return type.

Get print and digital subs See www.myfavouritemagazines.co.uk/linsubs

www.tuxradar.com April 2015 LXF196 85 System coding

doesn't exist. You're expected to check the return value from important actions as side effects in evaluating the test the call and respond appropriately. Line 13 illustrates why I predicate for an if or while statement, as we do here. love C so much. In C, an assignment such as a = b not only Once the copy loop has finished, we close our two streams has a 'side effect' (changing the value of a) it also has a value at lines 24 and 25. In this particular example it doesn't really (the value of b). It's this value that's being tested in theif matter because the program terminates immediately statement on line 13. So this one line of code is really doing afterwards and its open streams will be implicitly closed. three things: opening the file, saving the resulting file However, it's good practice to close desciptors when you're descriptor, and testing this value to check if the call failed. done with them, because there's a limit on how many the When a system call fails, it sets the value of a global process can have open and a long running program (say a integer variable called errno to indicate the cause of the error. server that opens a file every time a client connects) will For example a value of 2 means ‘no such file or process’ and eventually run out if it doesn't close them. 13 means ‘permission denied’. However, best practice is to use Maybe you're thinking that this system programming stuff symbolic constants like ENOENT and EACCESS instead of is very low-level. You're right. Short of crawling out over the numeric values. We don’t reference errno explicitly in our surface of the disk with a tiny bar magnet, you can't do I/O at code, but it's used by the library routine perror() at line 14 to a lower level than this in Linux. index into a table of error messages. The appropriate message is printed on the standard error stream. After that, Remember Tim Toady? at line 15 we exit the program, returning a non-zero exit code Of course, there's always more than one way to do it. to indicate that we ran into trouble. I'll talk about exit codes Traditionally, the system call interface is discussed using the later in the series when I discuss processes. Lines 17-20 do C language. The man pages all show C function prototypes, much the same thing to open the output file. and C remains the lingua franca of Linux systems Notice that this is not an object-oriented model. The programming. But there are other languages that provide open() call does not return some sort of file object on which language bindings to the self-same set of system calls. Take we can invoke read and write methods; instead it returns a python for example – the "os" module provides lots of plain integer file handle, which can be passed as a parameter functions that provide direct access to the system calls and in subsequent read() and write() calls. Lines 21 and 22 are the parallel the "C" calls almost one for one. To prove the point, heart of this program. Line 21 is another example of the ‘do here's our file copy program in Python: something, capture the result, and test it’ idiom that we met import os earlier. Here, the ‘do something’ part is to read up to BSIZE bytes into the buffer buf. It's important that the buffer you're bsize = 16384 reading into is at least as large as the number of bytes you're fin = os.open("foo", os.O_RDONLY) asking to read. The return value from the read() call is the fout = os.open("bar", os.O_WRONLY | os.O_CREAT, 0o644) number of bytes we actually got. Unless we've reached the end of the file, this will be the same as the number we asked while 1: for. For example, if the file had exactly 40,000 bytes we would buf = os.read(fin, bsize) do four reads, which would return 16384, 16384, 7232 and 0 if buf: respectively. The fourth read, of course, would cause the loop os.write(fout, buf) to terminate. At line 22, we write however many bytes we got else: The mmap() to the output file. Notice that C has no boolean data type – it break system call lets you read and uses integers instead, with nonzero meaning true and zero write a file as meaning false. So you can write line 21 more compactly: os.close(fin) if it were an while (count = read(fin, buf, BSIZE)) os.close(fout) in-memory array. It’s common practice for C programmers to hide all the I'm sure that the pythonistas among you are queuing up to point out that there are ‘better’ ways to do this, and you In-memory would be right. I've deliberately chosen an approach that buffers parallels the C version as closely as possible. I won't do another line-by-line breakdown, but for any readers fluent in mmap () mmap () C but new to Python, here are some key differences: A dynamically typed language We don't have to pre- Input file Output file declare variables such as fin and buf. They spring into msync existence (and take on a type) at the point at which you “foo” memcpy () “bar” assign to them. (0) No curly brackets Python doesn't use them to delimit loops and branches, it uses indentation. No pre-allocated buffer When passed to the read() call. Instead, the call returns a bytestring, a built-in Python type analogous to an array of char in C, but which knows how long it is. So the code does not directly expose anything equivalent to the count variable that we had before. src dts Run-time error reporting I haven't included code to detect and report errors in the os.open() calls, because the default

Missed an issue? Turn to page 66 and grab a back issue now!

86 LXF196 April 2015 www.linuxformat.com System coding

behaviour of Python when it encounters run-time errors is Typedef name Actual Type Description mostly equivalent to the perror() calls I included in the C code. pid_t int A process ID or process group ID Different syntax for octal constants The strange notation gid_t unsigned int A numeric group identifier 0o644 is not a typo. As from Python 3.0, it's the syntax for octal constants. Yes, really. uid_t unsigned int A numeric user identifier time_t long int Time (in seconds) since “the epoch” Let's get portable size_t unsigned long The size of an object in bytes Our third implementation of the file copier rises above the system call level to use the standard library: ssize_t long int The size of an object, or a negative error indication #include #define BSIZE 16384 mode_t unsigned int File permissions off_t long int A file offset or size void main() socklen_t unsigned int The size of a socket address structure { FILE *fin, *fout; For code char buf[BSIZE]; 11. struct stat sb; portability, most int count; 12. data types used 13. fin = open("foo", O_RDONLY); by system calls are defined using fin = fopen("foo", "r"); 14. fstat(fin, &sb); typedefs. Here fout = fopen("bar", "w"); 15. src = mmap(NULL, sb.st_size, PROT_READ, MAP_ are a few. PRIVATE, fin, 0); while ((count = fread(buf, 1, BSIZE, fin)) > 0) 16. fwrite(buf, 1, count, fout); 17. fout = open("bar", O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); fclose(fin); 18. ftruncate(fout, sb.st_size); fclose(fout); 19. dst = mmap(NULL, sb.st_size, PROT_READ | PROT_ } WRITE, MAP_SHARED, fout, 0); It doesn't look much different really, does it? Notice that 20. open(), read(), write() and close() are replaced by fopen(), 21. memcpy(dst, src, sb.st_size); fread(), fwrite() and fclose(), and file descriptors are of type 22. msync(dst, sb.st_size, MS_SYNC); "FILE *" rather than plain integers. The crucial difference is 23. that our previous example used system calls that are specific 24. exit(0); to Linux and Unix; here, we're using routines that are part of 25. } standard C. Any implementation of C that conforms to the Bits of this should look familiar by now, but some of it is very ANSI standard should provide them, regardless of the new. The fstat() system call at line 14 reads the input file's underlying operating system. So this version is likely to be attributes into a 'stat' structure (sb); the only field we're much more portable. interested in here is st_size, the file's size. Line 15 is really interesting. It maps the file into memory. We capture the Something completely different return value from mmap(), which is the address at which it Our final copy program is very different. It uses themmap() mapped the file, rather like the way malloc() allocates a lump system call to map the input and output files into memory, of memory and returns a pointer to tell you where it is. Once then simply does a memory-to-memory copy. this is done, we can access the data in the file as if it were any 1. #include array: src[0] gets us the first byte of the file, and so on. I will 2. #include leave you to look up the man page on mmap to figure out 3. #include exactly what all the other arguments do. Similarly, lines 17-19 4. #include map in the output file, setting its size (via ftruncate()) to 5. #include match the input file. All the real work is done by line 21 -- this 6. is a pure in-memory copy of the two mapped files. Finally at 7. int main() line 22, msync() flushes the changes in the dst array back 8. { out to the file. Magic! Next month, we'll tackle random file 9. char *src, *dst; access using lseek() and friends, and see how to manage 10. int fin, fout; links and directories. See you then! LXF

Data types

The Linux system call interface specifies a large the chain of include files to find out can be tricky. common, though it is by no means a complete number of data types, defined using typedefs in In the case of ssize_t we can (if we dig deep list. The entries in the 'actual data type’ column the various header files. Depending on your enough) uncover two typedefs: reflect my own 64-bit Linux installation; your point of view (and degree of cynicism) the typedef long int __ssize_t; mileage may vary. The point is that you are not purpose of these is either to make the code typedef __ssize_t ssize_t; supposed to care what the actual underlying more portable, or to make it harder to So an ssize_t is really just a long -- at least on type is; you just declare variable of types that understand. For example, you'll discover from my machine. In fact, most of these data types the man pages tell you to use, and bask in the the man page that the read() call returns an turn out simply to be either signed or unsigned glory of knowing your code will be more portable ssize_t. What the heck is that? Chasing through integers. I have included a table of the most as a result.

www.tuxradar.com April 2015 LXF196 87 MariaDB MariaDB: get to grips with SQL Jonni Bidwell turns the tables on Oracle's MySQL as he dabbles in the wholesome fork that is MariaDB and claps his hands like a seal.

offering. Many in the industry, Canonical in particular, are happy with the attention Oracle continues to give to MySQL. In a ZD-Net interview, (Founder of Canonical) dismissed the surrounding exodus as a symptom of the "tendency to imagine conspiracies" on the part of Our certain players in the open source community. expert While MariaDB is nowhere near as popular as its rival Jonni Bidwell Oracle (the world's most used RDBMS), its parent MySQL, or feels that Spring Microsoft's SQL Server ( 2 and 3 on the podium), is in the air, time it is certainly gaining ground. A ranking on db-engines.com to get out and enjoy the puts it at #26 as of Feb 2015. Being (almost) a drop-in outdoors. Right replacement for MySQL, but at the same time offering after he updates his Gentoo box. improved performance (and a more wholesome provenance), means that obstacles to adoption are low. Many distros have already adopted MariaDB as their default MySQL implementation, among the first to do so were Arch and OpenSUSE 12.3 (March 2013), followed by Fedora 19 (July 2013), now joined by Mageia, Chakra and RHEL 7. Most other distros, while still having packages for Oracle's MySQL Community Server, will also have MariaDB packages that you can use instead. This Strange Engine The guts of any RDBMS, as in the gubbins that does all the he MySQL RDBMS (Relational database management CRUD (creating, reading, updating and deleting of data) is system) first appeared on the scene in 1995, and its known as the database engine. Older versions of MySQL used Tthen custodian, Swedish firm MySQL AB, became one the MyISAM engine, but this was later replaced with InnoDB. of the earliest examples of a successful open source Up until version 10.0.9 MariaDB also used InnoDB, but it has company. While the database was entirely available under the since then replaced it with a fork called XtraDB, which is a GPL, clients unwilling to pander to its clauses (ie those who drop-in replacement for InnoDB with some extra features. wanted to implement MySQL databases in closed-source XtraDB is maintained by Percona, who maintain Percona products) could acquire the software under a monetary Server, which is, confusingly enough, another drop-in licence. In 2008, MySQL AB was acquired by Sun replacement for MySQL. Microsystems, giving them a competitor to arch rival Oracle's XtraDB takes greater advantage of modern hardware, database. However, two years hence, Sun was acquired by offers better scalability, is highly configurable and more Oracle, so that MySQL was now, in a sense, in the hands of memory-efficient. What's not to like? Of course, there are Quick the enemy. As one may imagine consternation ensued in the many other database engines supported by MariaDB and tip MySQL community, the main concern being that, under many places where it’s technically superior to its parent. Oracle's stewardship, MySQL would become a closed (or at Yo u can read about them on the MariaDB website (see For experimenting least partially so) product. The very day that the takeover was http://bit.ly/MariadbVSMySQL). with compatibility between different announced, Michael Widenius (former CTO of MySQL AB) The first stable version of MariaDB to be released, in versions of MySQL/ and a number of other MySQL developers forked MySQL, and February 2010, was numbered 5.1.42, in an apparent defiance MariaDB, checkout the result was MariaDB. of convention. The rationale here is that it was based on the the handy MySQL Since taking the helm Oracle has certainly added some then current 5.1.42 version of MySQL. Version 5.5, was Sandbox: http:// closed source extensions to MySQL, but it also continues to likewise based on MySQL 5.5. However, since the current mysqlsandbox.net develop the Community Edition alongside the Enterprise stable branch of MariaDB evolved independently of MySQL

88 LXF196 April 2015 www.linuxformat.com MariaDB

5.6, it’s numbered differently – they chose a nice round 10.0 Inside the database, data is stored in tables, but we don't for this series. To be clear, this is not to say that MariaDB 10.0 have any yet. So let's rectify this by creating an example table isn’t compatible with MySQL 5.6 as that would be almost called linuxes, which will house some data about various entirely untrue. Rather, many of the extra features and Linux distros. Tables are formed of columns, and each column bugfixes introduced by Oracle in 5.6 had already been has an associated data type. SQL queries will span newlines implemented by the community, and the extensive so you can format them nicely. refactoring of code undertaken by Oracle was deemed CREATE TABLE linuxes ( unnecessary to replicate. MariaDB is its own entity, and has id int(5) NOT NULL AUTO_INCREMENT, Quick added many of its own features and revamped many under- name varchar(32) DEFAULT NULL, tip the-hood components, some of which we'll explore here. current_version varchar(32) DEFAULT NULL, One of the big However, MySQL is also its own thing and while new features easy bool DEFAULT NULL, names that have added to it will be reflected in MariaDB where appropriate, PRIMARY KEY(id) switched from this will take time and so there are edge-cases where the two ); MySQL to MariaDB is Wikipedia. You are incompatible, and this gap may widen in the future. We've set up four columns, here's how we'll use them: can read all about That said, this is an introductory tutorial and so most of it id An id number, this will automatically incremented for its transition here will work just fine in both the Maria and My databases (these each entry. http://bit.ly/ are the names of Widenius' daughters incidentally, he also name The name of the distro, a 32 character string, WikipediaAdopts MariaDB. has a son called Max, and another database called MaxDB). defaults to the value NULL if not stated. Actually it'll mostly work for any SQL database. current_version The distro's version number, or The box [see p90] gives some hopefully distro-agnostic codename. Same datatype as name. instructions for installing MariaDB, but do check your own easy Whether or not the distro is suitable for beginners. distro's documentation in case some new-fangled install A boolean (true or false) value. method has been concocted since this was written. Once We'll use id as a primary key, which is a canonical index for you've got it installed, the next thing is to set up the database the table. Each table must have at least one primary key and server, a helpful script is provided for this purpose. It needs to said keys must be unique. Yo u can quit the MariaDB shall be run as root: with quit or Ctrl-D. # mysql_secure_installation The screenshot [pictured below] shows a summary of our This script (which might be run automatically on install, in empty database. Booleans are referred to as tinyints, since which case there's no need to run it again) will prompt for the they are stored as the integers 1 or 0. Yo u can read all about current MySQL root password (not your system's root the manifold datatypes in MariaDB at password) which will be blank if you've just done a clean http://bit.ly/MariaDBDataTypes . For example, the blob install. Yo u will then be prompted to set a new root password; datatype stores up to (but not including) 64K of binary data, offered the opportunity to delete anonymous users and test and has its counterparts tinyblob, for storing up to 256 bytes, databases, and restrict root access to local logins. All of which as well as mediumblob (16MB) and longblob (4GB). you should do, unless you have some reason not to. We can start the MariaDB shell as the root user with: Don’t hurt yourself $ mysql -u root -p Just like the situation for the rest of Linux, it's generally not a The -p means that we will be prompted for the password. good idea to use the root user except when necessary. This is Once we're in, you should see the MariaDB prompt MariaDB especially true if your database is connected to a web [(none)]>. SQL (Structured Query Language) is a fairly easy application – if this connects as the root user then all your to follow language, don't forget the semicolons at the end of databases could be at risk if that application becomes every command though. We can see any databases currently compromised. So lets create a less privileged user. in service with a simple: First reconnect to our lxfdata database: SHOW DATABASES; $ mysql -u root lxfdata -p While the uppercase is optional, and hard on the eyes, you We'll call our user lxfuser and give them a weak password: should still use it for SQL commands as it helps to CREATE USER 'lxfuser'@'localhost' IDENTIFIED BY differentiate reserved words from database names and the 'password1'; like. Yo u'll see three databases here, one called mysql which is to do with MariaDB's internals and not for you to touch, as well as information_schema and performance_schema which hold metadata about databases and can be used to diagnose issues. We can create a new database called lxfdata and then connect to it with: CREATE DATABASE lxfdata; USE lxfdata; After the first command, you'll see a friendly acknowledgement that everything went OK: Query OK, 1 row affected (0.00 sec) And note that the prompt changes to MariaDB [(lxfdata)]> after the second. Yo u can also tack the database name onto the end of the mysql shell command to dive The columns of our linuxes table, you can extend this to include all kinds of straight into it. data – even, using the blob types, binary data, eg A logo image for each distro.

Get print and digital subs See www.myfavouritemagazines.co.uk/linsubs

www.tuxradar.com April 2015 LXF196 89 MariaDB

The @ 'localhost' syntax means this user can only log in ('Ubuntu', '14.10 Utopic Unicorn', 1), locally. Yo u can also specify any hostname here, or use @'%' ('', '17.1 Rebecca', 1), to enable the user to login from anywhere else. Let's say, for ('Debian', '7.8 Wheezy', 0), instance, we want to allow lxfuser to add rows to our table, ('openSUSE', '13.2', 1), and select (view) it: ('Fedora', '21', 0), GRANT INSERT, SELECT on lxfdata.linuxes TO ('Mageia', '4.1', 1), 'lxfuser'@'localhost'; ('Elementary OS', '0.2 Luna', 1), Now we can connect to our database as lxfuser, and start ('', '3.0.0', 1); adding some data. So exit the shell and log in again with: We can view the fruits of our labour using the following $ mysql -u lxfuser lxfdata -p SQL query: Each entry in our table (ie each distro) will occupy a row. SELECT * FROM linuxes; Our first row will be the distro of choice at LXF towers, As you can imagine, tables can become unwieldy and the DPRK’s Red Star Linux (the OSX-ey Desktop version is viewing them in their entirety like this will not always be now floating around the darker corners of the possible, or pleasant. It’s handy, then to restrict the rows and http://bit.ly/RedStar3Desktop: columns that are displayed. Suppose we are only interested in INSERT INTO linuxes (name, current_version, easy) the names and version numbers of our distros. This query will VALUES ('Red Star Linux', '3.0', 0); show only those columns: Red Star is definitely not easy if you don't read Korean. SELECT name, current_version FROM linuxes; Note that we don't need to specify the id column since it On the other hand, we might only be interested in ‘easy’ auto-increments. Other columns which we don't specify in distributions, which we can display with: the first set of brackets will get the value NULL, or whatever SELECT * FROM linuxes WHERE easy = 1; other default value you specified above. Thus, for our next two We can also specify a sort order here, rather than the favourite distros, which are rolling releases and hence have no order in which the data were entered. All we need do is add an version number, we can do: ORDER BY directive, for example to sort the last query INSERT INTO linuxes (name, easy) VALUES lexicographically by distribution name, do: ('Arch Linux', 0), SELECT * FROM linuxes WHERE easy = 1 ORDER BY ('Gentoo', 0); name; And we conclude this exercise in data entry with some Queries can be nested, and can include regular more Linuxes we love: expressions via the REGEXP operator. INSERT INTO linuxes (name, current_version, easy) We never granted our humble lxfuser the privileges VALUES required to change or delete rows, but we can do that if we first logout of the client shell and, while logged in as the root user we do: GRANT UPDATE, DELETE on lxfdata.linuxes TO 'lxfuser'@'localhost'; Now if we log in to the client as lxfuser we can start messing with our data. We might, if we were to follow the advice of 4chan's /g/ board, get the idea that Gentoo is easy. We can update the database to reflect our new opinion with: UPDATE linuxes SET easy=1 WHERE name='Gentoo'; Deleting rows is straightforward, we could delete Ubuntu (not that we have anything against it, after all Canonical pay our wages, if you believe the whispers) with a simple: We empowered our user and DELETE FROM linuxes WHERE name = 'Ubuntu'; all they did was Columns can be deleted (technically DROP-ped) too, mess with our but this requires a different privilege, ALTER. The second data. Tsk. most destructive thing one can do with your database is Installation differences

As mentioned elsewhere, a few of the distros keyserver.ubuntu.com:80 $ 0xcbcb082a1bb943db repo/10.0/debian wheezy main'. For other including Fedora, Arch, openSUSE and some $ sudo add-apt-repository 'deb http://mirrors. distributions and bleeding-edge releases from others have chosen MariaDB as their default coreix.net/mariadb/repo/10.0/ubuntu utopic MariaDB's own repositories, visit https:// RDBMS, meaning that there will be a main' downloads.mariadb.org/mariadb/ package (and on Fedora a mariadb-server $ sudo apt-get update repositories. package as well) waiting in the repositories for $ sudo apt-get install mariadb-server Once installed the service will automatically you. Ubuntu has chosen to stick with MySQL, This will also work for Linux Mint. For Debian start on some distros, and other distros, however, so the following code will add the MariaDB repo the procedure is much the same, just replace you will need to start it manually. For Systemd and install everything: software-properties-common with python- peeps, this will be done with the command $ sudo apt-get install software-properties- software-properties in the first command and systemctl start mysqld – MariaDB is so common change the repository in the third to something compatible that it didn't even change the name $ sudo apt-key adv --recv-keys --keyserver hkp:// like ‘deb http://mirrors.coreix.net/mariadb/ of the daemon here.

Never miss another issue Subscribe to the #1 source for Linux on page 34.

90 LXF196 April 2015 www.linuxformat.com MariaDB

PHPMyAdmin DROP one or more tables, this requires DROP privileges: is a popular DROP TABLE linuxes; tool for web- The most destructive thing that we can do is to callously based database delete whole databases: administration. DROP DATABASE lxfdata; It’s also a In some cases it’s possible to (partially) recover popular target accidentally dropped tables, but it's not something you can for hackers, so count on. Rather, you should keep regular backups, which we be careful. shall now explore. on Nobody likes losing data, and databases are known for housing lots of it, so performing regular back ups is a good idea. We can use the mysqldump client to do this. Rather than saving the data as stored by the engine, mysqldump will, by default, output the SQL commands necessary to recreate the databases and tables, so that they can be Note that this will replace, rather than add to, the extant imported by some other relational database management linuxes table, but it will not recreate the whole lxfdata Ne system if needs be. It can also output CSV or XML data. database in which it is housed. That functionality can be xt issue: To save our simple linuxes table, do: achieved by omitting the table name from the mysqldump Dive into $ mysqldump lxfdata linuxes -u root -p command. Indeed, if you want to back up all the databases Haskell Yo u need to do this as MariaDB's root user since tables (except the internal information schema one) you can omit are locked prior to dumping, and this requires privileges the database name too. For more details on mysqldump beyond those assigned to our humble lxfuser. Hopefully that check https://mariadb.com/kb/en/mariadb/mysqldump. works and you will see some messy looking SQL. Of course, And that concludes our primer on the wholesome SQL it's more convenient to redirect this to a file, by adding database that is Maria. Besides the basic SQL we've shown something like > linuxes. to the command above. here, you can use it in conjunction with any number of Yo u could then import the data like this: popular applications, including OwnCloud, Wordpress and $ mysql lxfdata < linuxes.sql Drupal. So don't delay, snub Larry today. LXF

DEVELOPING WITH LAZARUS

Lazarus WithFreePascalruns on “Thisbook comes highly multiple platforms-Linux,Mac, Windows, RaspberryPi… recommended.Its styleis friendly and accessible –just Lazarusoffers asingleIDE forRAD havefun! „ Perfect - forall levels (enthusiasts, beginners, intermediates and advanced developers wishing to Packedwith easy-to-follow and migrate quickly to Lazarus) this practical hands-onprojects,you will book’s step-by-step approach will developdatabases, webapplications, help you tackle yourprogramming 2-D&3-Danimation programs… projects with increasingconfidence GettingStarted withLazarusand Free Pascal helpsunleash yourinnate creativity!

AVAILABLENOW: e-BOOK &PRINT (ENGLISH)VERSION VIAAMAZON (Spanish/Portuguese versions coming soon!)

Advertisement Got a question about open source? Whatever your level, email it [email protected] for a solution.

This month we answer questions on:

1 Partition tables Windows 2 Sed syntax bootloader 3 A DVD that will 5 Display not boot corruption 4 Booting ★ Access to Ubuntu with the server blocked

1 GPT go bye-bye I have an Acer TMP253/M with Professional 64-bit. I’ve loaded Linux onto my own and many family and friends units over the past 10 , on Rescatux will rebuild your partition table after an accident. years or so, but this is the first one with the latest BIOS. I bought and followed your dev/sda. On rebooting into the LXFDVD I moment. The only thing wiped was GPT, as Beginners Guide, and with fast boot still found no Windows or any other partition, per the instructions, so I have no idea where disabled, as per your magazine, I booted and on restarting the computer no to get back to correcting the booting from the LXF192 DVD into Ubuntu 14.10. was found either, being informed that no OS into Windows. Your tutorial on Rescatux As no Windows install was found I was loaded and to insert a bootable disk, so I looks as if I could go down that route, but backtracked as stated and followed the am now only able to boot from the DVD, and before I go further I need to be sure, so can instructions on page 15, running sudo gdisk don't have a bootable Windows disc at the you help me to restore the boot to Windows? G. C. Green Running gdisk will have let you delete the partition table, so nothing could be Enter our competition Win! found, and Windows would be unable to boot. However, unless you’ve written anything else to the disk, the filesystems are still there; it's only the table that shows where they are that’s missing. if ($letter == winner) Fortunately, there is a tool that will scan your disk for partitions and recreate the partition table, and it's called Testdisk. This needs to be run from a live CD, such as get $books Rescatux. Scroll down to the bottom of the Rescapp window to find Testdisk in the Expert Get your questions answered and exploit our generosity. Tools section and run it. Select the option to create a log file, this may be useful if things go Linux Format is proud As we like giving nice things to our wrong, then select your disk – usually /dev/ to produce the biggest wonderful readers, the Star Question each sda (/dev/sr0 will be your DVD drive). Next, and best magazine month will win a copy of Martin O’Hanlon’s select the type of partition table, which should Get into Linux today! about Linux and free Adventures in , and it’s a great be EFI GPT for you, older systems using an software that we can. A rough word count intro to fun Minecraft API projects for you MBR partition table would use the Intel option. of LXF193 showed it had 55,242 words. or a youngster. For a chance to win, email a You will then see the current partition structure, That’s a few thousand more than Animal question to lxf.answers@ which will probably be empty as you have Farm and Kafka’s The Metamorphosis futurenet.com, or post it deleted the partition table, so select the Quick combined, but with way more Linux, coding to www.linuxformat. Search option. Despite the name, this may take and free software (but hopefully less bugs). com/forums to seek a little while, so don't be concerned if your That’s more than most of our competitors, help from our lively computer is unresponsive. and as for the best, well… that’s a subjective community of readers. Once the scan is complete, Testdisk will claim, but it’s one we’re happy to stand by. See page 94 for our star question. show you what it found. Press Enter to move to

92 LXF196 April 2015 www.linuxformat.com Answers

there’s a typo in the magazine or that I have command once for each, replacing {} with the Terminals and a problem with my typing and spaces etc. file name. Note: I’m use of quotes again, superusers rlcoop just in case. From the forums We often give a solution as commands to type in The replace string works here, 3 Non-booting DVD a terminal. While it is usually possible to do the same although you probably don't want to In my quest to rid myself of the with a distro’s graphical tools, the differences between these mean that such solutions are very specific. change NoDisplay to Nodisplay, clutches of the dreaded Windows The terminal commands are more flexible and, most the case usually matters. To explain what the Vista, I downloaded Mint 17 and importantly, can be used with all distributions. command does, sed takes a script and applies burned it to disk. Alas, it failed to boot! System configuration commands often have to be run as the superuser, often called root. There are it to the input. In this case, the script is Taking it over to my FOSS machine running two main ways of doing this, depending on your distro. s/NoDisplay=true/Nodisplay=false/g Mint 13 (I know, I know, I should upgrade) Many, especially Ubuntu and its derivatives, prefix the command with sudo, which asks for the user password The s at the start tells sed to perform a and running md5sum I got the required and sets up root privileges for the duration of the search and replace, the part between the first affirmation that the download went well. command only. Other distros use su, which requires the two slashes is the text to replace, the next part Then, applying sudo fdisk -l distro.iso (as root password and gives full root access until you type logout. If your distro uses su, run this once and then run is the replacement text. The slash at the end is per [Your Linux Problems, Solved p40, any given commands without the preceding sudo. required, the following g stands for global, LXF189], I got the information that there telling sed to replace all occurrences and was a boot track, but despite the size, it was without g it only replaces the first instance on marked as ‘empty’. Am I missing something? the next screen. If you are happy with what it each line. Normally sed reads from a pipe or Device Boot found, select Write to save the partition table the files given on the command line and prints Start End Blocks Id System back to the disk, otherwise select Deeper its output, suitable for redirecting to a file or /media/20150112_155405/linuxmint-17.1- Search for a more extensive scan of your disk. piping to another program. The --in-place cinnamon-64bit.iso1 * 0 3026591 Finally, select Quit, reboot from the power option tells it to modify the file in place instead 1513296 0 Empty button on the Rescatux toolbar and then it’s a (it actually writes its output to a temporary file /media/20150112_155405/linuxmint-17.1- case of crossing your fingers! and then replaces the original with that file). cinnamon-64bit.iso2 2958600 2963143 It is easy to say this after the event, but if You don't say which distro you are using, or 2272 ef EFI (FAT-12/16/32) you have anything of value on your hard disk, how old it is, but older versions of sed don’t John Heselton you should ensure it is backed up somewhere accept multiple input files in conjunction with The ISO works fine here, both when safe. This is only one of many ways in which --in-place so you may need to run it separately burned to a DVD and used to boot a hard disk data is vulnerable. for each .desktop file. Run it for one and, if that virtual machine. The advice about gives no errors, you can do them all with a running fdisk on an ISO image only applies if 2 We sed it short shell loop: you want to use it on a USB stick. The Empty In your excellent article on for i in *.desktop; do designation is harmless, it merely means that improving performance of your sed -i 's/NoDisplay=true/NoDisplay=false/g' the partition does not have a filesystem ID. Linux box, [Speed Up Linux, p34, "$i" As you can see from the start and end values, it LXF188], line 5 of the following code done is anything but empty. supplied comes up with an error: This runs the command once for each Did you try booting the disc in your "FOSS sudo sed --in-place 's/NoDisplay=true/ matching file, the quotes around the file machine"? It has Mint installed already, so it’s Nodisplay=false/g' *.desktop marker are there in case file names contain a presumably capable of booting from a DVD. sed:-e expression#1,char35: unknown option space. You can do a similar thing with the find: As the ISO's checksum is correct the most to `s find -name '*.desktop' -exec sed 's/ likely causes of this problem are either: a As a newcomer I don't know enough NoDisplay=true/NoDisplay=false/g' "{}" \; setting in the computer's BIOS or EFI firmware about sed to work out how this command Surprisingly enough, find finds all files preventing booting from DVD, or a faulty DVD works and cannot, therefore, spot whether matching the pattern and then runs the exec drive or a bad burn of the ISO. The first two A quick reference to...

Tab completion completion. What is tab completion? The name, it avoids any errors since it can only easiest way to explain is with an example. match on files that exist. here are a number of reasons why Let's say you want to read the file /usr/ What happens if more than one Linux users may avoid using the share/sane/xsane/doc/sane-xsane-fax- command or file matches? The shell will Tcommand line. Remembering the doc.html (this file actually exists on my complete as much as possible, if you press various commands may be one; there’s also computer), you could fire up a browser and the tab key again, it will show a list of possible the feeling that typing in long commands and try to type the path with no errors, or you matches. You can then add one or two more filenames is slower than a quick mouse click could use a shell and type characters and press tab again. This way, you on an icon. And, if you are a lousy typist like fire[TAB]/us[TAB]sha[TAB]sa[TAB]x[TAB] can also use tab completion to see what me, there’s always the risk of it not working d[TAB]sa[TAB]x[TAB]f[TAB] commands are available. Used properly, it because you typed something incorrectly. The first tab searches the command path can greatly speed up and enhance command The good, or bad depending on your for a matching command (firefox) and line working. Some shells, such as and perspective, news is that none of those subsequent presses of tab try to complete a Zsh, can be extended to use completion for reasons are really valid, thanks to one of the filename relative to the current directory. Not other things, such as hostnames and shells' most user-friendly features: tab only is this much quicker than typing the full program arguments.

www.tuxradar.com April 2015 LXF196 93 Answers

causes can be eliminated if the system boots from other DVDs. The bad burn may be due to a poor quality disc, especially if it’s a rewritable disc, which don’t work as well in some drives as pure recordables, because they are less reflective. Try with a new DVD-R, it may also help if you lower the burning speed, perhaps to 2x. You don't say how you are writing the ISO to a disc, but all of the popular CD/DVD burning programs have options to write an ISO file to a disc, and generally offer the option to restrict the writing speed. Depending on the computer you are trying to boot from the DVD, some require a certain amount of hoop-jumping when booting from anything but the primary hard drive try the F11 key. Incidentally, you can quickly test boot an ISO image with the Qemu emulator. Install the qemu-kvm package to get it. Use one of these commands, the former is faster, only use the second if this doesn't work. When writing bootable DVDs, use a new DVD-R or DVD+R disc rather than a rewritable. kvm -boot d -cdrom linuxmint-17.1-cinnamon- 64bit.iso loader, if possible. Since I know this is going bootloader and if you want to keep the qemu-system-x86_64 -boot d -cdrom to require a custom install, and I don't want Windows one, things are not as easy as they linuxmint-17.1-cinnamon-64bit.iso to hose Windows, could you point me in the used to be. Previous Ubuntu releases had an You can do this with VirtualBox, which also direction how to do this? alternate install image, which gave you the works on Windows, but the kvm one liner is a Alexander Sarosi option to install the Ubuntu bootloader to the much faster method. If you have a UEFI system, there’s no root partition rather than the MBR. If you want issue as UEFI itself is the bootloader that you need to install and then 4 Windows bootloader and you only need to load a boot install Unity on top of it. There is an alternate So, since I haven't really been manager, which you do by holding down the Lubuntu installer. playing around with Linux for a relevant Function key or Esc when you boot. This will leave your Windows bootloader while, I have decided to put Ubuntu This is because UEFI allows multiple boot untouched, but also leave you no option to on my second hard drive. However, this hard managers on the same disk. In that case, just boot into your new Ubuntu system. To do that, drive has a NTFS partition already on it, and I let Ubuntu do its thing. If you have a BIOS/ you need to add an entry to the Windows boot want to keep the default Windows boot MBR system, then you are stuck with a single menu. The easiest way to do this is with the

Star Question Winner! This month’s winner is John Sorkin. Get in touch with us to claim your glittering prize!

★ Inaccessible server This problem is usually caused by not other OSes too) with sshd running, and that I’m trying to run a server on my LAN setting up port forwarding properly, /etc/ssh/sshd-config contains the line: which will give me access to RStudio but you appear to have covered that. GatewayPorts yes on my iPad when I‘m away from my If you’re sure that the external IP address you This other computer must have a static home. I can connect to my server when I’m are using is correct, ISPs use dynamic address or domain name (you can use a within my home LAN, but can’t access the addressing so can change your external dynamic DNS service if necessary). Now you server from the Internet. It connects to a address without notice at any time, that leaves open the tunnel on your server by running: wireless router which connects to the the possibility that your ISP is blocking the ssh -R 8000:localhost:8787 user@ internet via a cable TV modem. access. This is quite common, they don’t want othercomputer I am running RStudio server on my Linux people running servers on their networks or it Because this command is run on your Mint 14.1 box. When I try to access the server can be done in the name of security. Your first server, it’s an outgoing connection and will on my LAN I have no problem: step should be to check with your ISP, it may not be affected by any blocks on incoming http://192.168.0.108:8787 connects to be that access is allowed on some ports, in ports. Now, when you connect to http:// RStudio server. When I try to reach it from which case just forward that incoming port on othercomputer:8000 all traffic will be the web, I can’t: http://73.213.144.65:8787 your router to port 8787 on your server, or run forwarded to port 8787 on your server. leads to "This web page is not available". I the server on the allowed port. You don’t need to use different port got my IP address by going to one of the If all incoming traffic is blocked, you can still numbers, it just makes the example easier to websites that reports your IP and by do what you want but it requires you to have understand. There’s no longer any need for querying my wireless router. Can you help access to another computer outside of your port forwarding on your router. This does me understand what I need to do please? network that does allow incoming connections. require an external computer, but VPS I made IP address 192.168.0.108 static. I set Then you can use the magic of SSH reverse (Virtual Private Server) packages are port forwarding for 8787. I turned off UPnP. tunnelling. The only requirement is that it’s available for a few dollars a month and free John Sorkin running Linux (although this is possible with you from the shackles of your ISP's firewall.

94 LXF196 April 2015 www.linuxformat.com Answers

Windows program EasyBCD (http:// neosmart.net/EasyBCD). Boot into Windows, Help us to help you install EasyBCD and run it. Click on Add Entry We receive several questions each month that we are and select Grub 2 from the options. Click on unable to answer, because they give insufficient detail the Write MBR button and you should now about the problem. In order to give the best answers to have a Windows boot menu that includes the your questions, we need to know as much as possible. If you get an error message, please tell us the Grub option for Ubuntu. exact message and precisely what you did to invoke it. It would be simpler to allow the Ubuntu If you have a hardware problem, let us know about the hardware. If Linux is already running, you can use the installer to take the default route of installing Hardinfo program (http://hardinfo.berlios.de) that Grub to the MBR. Should you subsequently gives a full report on your hardware and system as an decide you want to go back to Windows, you HTML file you can send us. Alternatively, the output from lshw is just as useful can use EasyBCD to reinstall the Windows (http://ezix.org/project/wiki/HardwareLiSter). bootloader, just make sure you do this before One or both of these should be in your distro’s you delete the Ubuntu partitions so that you repositories. If you are unwilling, or unable, to install 3D desktop effects and an older graphics these, run the following commands in a root terminal can still boot into Windows to run EasyBCD. card do not always work well together. and attach the system.txt file to your email. This will still be a great help in diagnosing your problem. 5 Hidden display I suspect the problem is caused by a uname -a >system.txt I downloaded Mint 17.1 KDE 64-bit combination of a fairly old Nvidia card, lspci >>system.txt and installed it on a system that was the nouveau drivers and KDE's lspci -vv >>system.txt originally running Mint 16 64-bit desktop effects. The nouveau drivers don't Debian fine. The only problem I had was have as good 3D acceleration as the closed when I ran videos in YouTube and Facebook, source drivers that are supplied by Nvidia. displays the frame rate in the terminal, if you it was slow. I only used Mint 16 for about a Combine that with a relatively low-powered find that you don't get a reasonable and week, and I wanted to try it out over the graphics card by today's standards, the use of smooth performance from this, your 3D drivers Ubuntu I had as I didn't like the Unity KDE's 3D effects and the display could be are not up to scratch. desktop. With Mint 17.1, I’ve a more serious struggling. The card and driver combination If this is the cause of your problems, you problem. The screen desktop doesn’t show may also have had a bearing on your video have a couple of options. You could install the what’s there. I have to hover over the pop-up playback problems. It's not that the nouveau Nvidia binary drivers, most distros have them window to see what’s in it. Also when I click drivers are bad – I use them myself in in their package repositories - if not you can get on the . I don't see the items combination with a graphics card that’s only them from www.nvidia.com (make sure you unless I hover over it. I‘ve attached the slightly newer than yours, but without many of get the right version for your card). suggested output you recommend: KDE's desktop effects turned on – but they Alternatively, you can reduce the number of uname -a > system.txt just don't have the same 3D performance. desktop effects in use in KDE's System lspci >>system.txt One way to test the performance is by Settings. You can quickly test if this is the cause lspci -vv>>system.txt running glxgears from a terminal window. This by pressing Alt+Shift+F12, which disables and Mike Racelo program renders an animation in 3D and enables the desktop effects. LXF Frequently asked questions…

configuration, and you need VPN suitably configured kernel. Most Virtual Private Networks client software running locally – this distros have a suitable kernel by can be running on your computer. default. The software you need That's a fancy sounding name, purpose: to run a shell or access depends on the VPN variant at the but what is it? web pages securely. VPN works at That sounds expensive? other end of the link, but the A (or VPN) a lower level, so that everything Not really, many routers support OpenVPN (http://openvpn.net) is a network tunnelled through is encrypted. VPN, some of them costing only and (www.openswan. another network. slightly more than the most basic org) projects cover just about all Why would you need that? non-VPN routers. Watch out for the options between them. I'm still impressed by the Imagine you’ve a network in your routers that sound of it, yet still no wiser… office, locked away behind a advertise ‘VPN The main use of a VPN is to carry firewall. But you need to access pass-though’. This private network data over a public your work systems from home or means they support network, such as the internet. on the road. A VPN establishes a the use of VPN over The connection runs through an connection between your their connections, encrypted tunnel, and the security computer and the company but aren’t capable of the public network can’t be network, so that you’re on the of managing a VPN guaranteed, as you have no control network as if you were sitting at connection and you over access to the intermediate your desk, but everything is will still need VPN hardware, but the encryption makes encrypted before leaving the real client software with the data useless to anyone else. network, making it safe to use over one of these. the internet. Can't you use an SSH or What software is HTTPS connection? Do you need special hardware? needed, then? Those are two types of encrypted You need a VPN server running on You need both client You can run a VPN server on your network, connection used for a specific the network, and a suitable firewall software and a but many routers include one too.

www.tuxradar.com April 2015 LXF196 95 On the disc Distros, apps, games, , miscellany and more…

The best of the internet, crammed into a phantom-zone like 4GB DVD.

Distros Powerful consumer distribution 64-bit

hat's in a name? Linux Mint 17.1 WTwo of the distros on this month's Linux Format DVD have name issues. Linux Mint has proved to be one of the surprise term release, and they really mean long term, it will While Scientific Linux's name is Linux distribution hits of recent years. It’s success be supported for five years, until 2019 – Linux Mint accurate, it is also somewhat was helped initially, in no small part, by Ubuntu's certainly plan to be around for a while. limiting in that the distro has a far decision to introduce the Unity wider usage. Kodi Media Center, desktop environment, which in comparison, is a new name, upset many that preferred a because the old one had limits. traditional desktop interface. Changing a name like this is a big However, Mint has continued to step, while the name XBMC, which survive and grow it’s userbase stood for X-Box Media Center, had on its own merits since then, become inaccurate it was also well and is particularly notable for known. That means that much of paying very careful attention to the work of the past few years spent in building up a reputation is feedback from its community. at risk. Reputation and familiarity The latest release is 17.1 and are important – we go for what we we have included the Cinnamon know and like. That was a factor in edition on the DVD. This is the rise of another of this month's version 2.4, which offers an even distros, Linux Mint. smoother experience from the Is that right, though? Are we 3D-enhanced desktop and helping ourselves by sticking to our certainly creates a good comfort zone? Do we miss out by impression. Mint 17.1 is a long being afraid, or at least wary of, the unfamiliar? If Linux and open source are about giving the user Media centre distribution choice, shouldn’t we embrace those 64-bit choices by being more willing to try the new? Or is choosing not to do so also a valid choice? Some people go to the same holiday KodiBuntu 14.0 destination every year, others try new places. Using Some projects change names for legal reasons, main platform – although the Raspberry Pi is also Linux distros is some should really change their names but don’t an option – the name has become an similar, which and some simply grow out of their names. XBMC anachronism. So the latest version has been category do you fall into? started life as the X-Box Media Centre – that’s the renamed Kodi. This is a software package that can original X-Box, not the 360 or One. XMBC was be installed on various distros, but we have ported to PCs and now that the PC has become its included the KodiBuntu live version, which boots straight into Kodi. You will need decent hardware to run Important this, and not just a 64-bit processor but also a graphics card with good 3D N otice! acceleration. If Kodi thinks Defective discs your hardware is inadequate, In the unlikely event of your Linux Format it will dump you at a login coverdisc being in any way defective, screen but don’t worry. If you please visit our support site at then login as user kodi with no www.linuxformat.com/dvdsupport for further assistance. If you would prefer to password and select the talk to a member of our reader support Lubuntu option, you get a team, email us at discsupport@futurenet. standard desktop, from which com or telephone +44 (0) 1225 822743. you are able to run Kodi.

96 LXF196 April 2015 www.linuxformat.com New to Linux? Start here What is Linux? How do I install it? Is there an equivalent of MS Office? What’s this command line all about? Are you reading How do I install software? this on a tablet? Download your DVD from Open Index.html on the disc to find out www.linuxformat.com

Itsy-bitsy distribution 32-bit And more! Free eBook Tiny Core 6.0 Android: Your Companion Manual This month your free 164-page eBook is Most of the interesting new distribution releases lightweight operating systems for older hardware. all about Android, the mobile operating focus on 64-bit hardware, which is not really Tiny Core certainly fits in the lightweight category, system that’s everywhere now – it’s in surprising, but there’s still a lot of demand for which has a very modular design, which uses lots phones, tablets and devices that connect directly to our TVs and even of extensions that have been built slipping onto our wrists, if you’re by the community. We have embracing the whole wearable thing. supplied three versions on the In this guide, you’ll learn the DVD with the standard Tiny Core essentials from what to buy, how to get more from the built-in framework to ISO image being only 15MB in getting organised and protecting your size. There’s also the Core Plus device. Going further, you’ll learn how to image, with many extensions built automate some tasks, turn your phone in, but at the expense of a rather into a wireless webcam, master your bloated 75MB image. If you are media and remote control music with an old phone. In all, there are 317 ways hardcore and eschew graphical to improve your Android devices for frippery, the smallest Core image Samsung, Motorla, HTC and more. is a mere 9MB, which still gets You’ll also hear from CyanogenMod’s you a functional OS. Be warned, founders, alongside a guide to installing and enhancing the best-known custom if you’re looking for a turnkey OS Android OS. It even covers what you with lots of pre-installed apps this can look forward to from Android isn’t going to be for you. reaching to 2020. And all for free. Enjoy!

General-purpose distribution 64-bit Scientific Linux 7

This is an interesting distribution that intersects source, making it possible for others to build their business and academia, and is useful beyond both own versions of the distro without cost (and of those fields. Scientific Linux is a respin of Red without the RHEL support contract, of course). Hat Enterprise Linux (RHEL), and RHEL is a Scientific Linux is sponsored by the Fermi System tools commercial product that is still completely open National Accelerator Laboratory, which explains Essentials the name, but it is at its heart a general- Checkinstall Install tarballs with your purpose Linux distribution, the scientific package manager. tag applies more to those who developed GNU Core Utils The basic utilities that should exist on every operating system. it than to those who are using it. In particular, if you need to gain Hardinfo A system benchmarking tool. experience of RHEL, possibly to improve Kernel Source code for the latest stable kernel release, should you need it. your employment prospects, without purchasing a Red Hat contract, this is one Memtest86+ Check for faulty memory. way to go. If you just want to see how a Plop A simple manager for booting OSes, from CD, DVD and USB. distro designed for the more stable RaWrite Create boot floppy disks under environment that’s required by the MS-DOS in Windows. commercial and academic users SBM An OS-independent boot manager compares with the more fluid and cutting with an easy-to-use interface. edge offerings available for casual WvDial Connect with a dial-up modem. desktop users, this is a good place to look.

www.tuxradar.com April 2015 LXF196 97 Get into Linux today!

Future Publishing, Quay House, The Ambury, Bath, BA1 1UA Tel 01225 442244 Email [email protected]

19,000 January – December 2014 A member of the Audit Bureau of Circulations.

EDITORIAL Editor Neil Mohr [email protected] Technical editor Jonni Bidwell [email protected] Operations editor Chris Thornett [email protected] Art editor Efrain Hernandez-Mendoza [email protected] Editorial contributors Neil Bothwick, Chris Brown, Jolyon Brown, Sean Conway, Keith Edmunds, David Eitelbach, Kent Elchuk, Dave James, Matt Hanson, Jeremy Laird, Christopher Livingston, Conor McCormack, Juan Martinez, Les Pounder, Mayank Sharma, Shashank Sharma, Alan Stevens, Alexander Tolstoy, Mihalis Tsoukalos, Sam Tuke Illustrations Shane Collinge, Chris Hedley A dverTIsing For ad enquiries please contact: Key Accounts - sales manager Richard Hemmings [email protected] M arkeTIng Marketing manager Richard Stephens [email protected]

Podc r u tIOn and Distribution Production controller Marie Quilter LXF 197 Production manager Mark Constance Distributed by Seymour Distribution Ltd, 2 East Poultry Avenue, London EC1A 9PT Tel 020 7429 4000 will be on sale Overseas distribution by Seymour International Lgicensin Thursday International director Regina Erak [email protected] Tel +44 (0)1225 442244 16 April 2015 Fax +44 (0)1225 732275 CirlatiocU n Trade marketing manager Juliette Winyard Next month: Tel 07551 150 984 Subscriptions & back issues UK reader order line & enquiries 0844 848 2852 Overseas reader order line & enquiries +44 (0)1604 251045 Raspberry Pi: the Online enquiries www.myfavouritemagazines.co.uk Email [email protected] management Content & Marketing director Nial Ferguson best new projects Head of Content & Marketing, Technology Nick Merritt Group editor-in-chief Paul Newman Cool new projects for a cool new Pi. Put your Pi to Group art director Steve Gotobed Editor-in-chief, Computing Brands Graham Barlow good use streaming games, as an alarm and more! LINUX is a trademark of , GNU/Linux is abbreviated to Linux throughout for brevity. All other trademarks are the property of their respective owners. Where applicable code printed in this magazine is licensed under the GNU GPL v2 or later. See www..org/copyleft/gpl.html.

Copyright © 2015 Future Publishing Ltd. No part of this publication may be reproduced without written permission from our publisher. We assume all letters sent – by email, fax or post – are for publication unless otherwise stated, and reserve Escape the GUI the right to edit contributions. All contributions toLinux Format are submitted and accepted on the basis of non-exclusive worldwide licence to publish or license others to do so unless otherwise agreed in advance in writing.Linux Format recognises all copyrights in this issue. Where possible, we have acknowledged the copyright holder. Discover how you can do it all from the terminal! Contact us if we haven’t credited your copyright and we will always correct any oversight. We cannot be held responsible for mistakes or misprints.

Including web browsing, video and more. All DVD demos and reader submissions are supplied to us on the assumption they can be incorporated into a future covermounted DVD, unless stated to the contrary.

Disclaimer All tips in this magazine are used at your own risk. We accept no liability for any loss of data or damage to your computer, peripherals or software through the use of any tips or advice.

Build a Steam box Printed in the UK by William Gibbons on behalf of Future.

Future is an award-winning international media We’re going and we’re going to group and leading digital business. We reach more than 49 million international consumers a month and create world-class content and advertising use Steam OS and some top gaming hardware. solutions for passionate consumers online, on tablet & smartphone and in print.

Future plc is a public Chief executive Zillah Byng-Maddick company quoted Non-executive chairman Peter Allen on the London Chief financial officer Richard Haley Inside Apache Stock Exchange (symbol: FUTR). Tel +44 (0)207 042 4000 (London) We delve into Apache server, so you can learn how to www.futureplc.com Tel +44 (0)1225 442 244 (Bath) We are committed to only using magazine paper which is derived from well-managed, certified forestry and chlorine- configure and set up every aspect of this web server. free manufacture. Future Publishing and its paper suppliers have been independently certified in accordance with the rules of the FSC (Forest Stewardship Council).

Contents of future issues subject to change – unless we’ve launched ourselves into space with a Pi.

98 LXF196 April 2015 www.linuxformat.com

9000 9015