4
20
1
Awesome 4.3 2 Cinnamon 4 KDE Plasma 5.18 5 Regolith 1.3
PLUS!
HOW TO…
! OF AT S RM AR FO
The top five tested: 3 Gnome 3.34
YE X NU LI
GET THE BEST DESKTOP
CODE COOL AI GET AMAZING PRINTS MONITOR RADIO TRAFFIC
FREE Manjaro
The #1 open source mag
DVD
PROTECT YOUR DEVICES Firewall your home network, security scan your servers and power up your passwords!
Nostalgia
20 years of LXF We dig up the editors of Linux Format past to discover how it all started
pages of tutorials & features
59
Start using Debian as your daily desktop distro Learn to code by making your own simple games Build a Docker-based remote desktop server
DEBUG TOOLS
Sort out your C with our top tips
EDUCATION USA!
How Linux is being used to teach code in the USA
Contents
PLUS!
REVIEWS
Acer Chromebook Spin 311
17
Powering towards the mainstream, Rob Dwiar takes the latest AMD-powered revision of Acer’s convertible Chromebook for a <cough> spin.
SUBSCRIBE NOW! Page 22
PROTECT
YOUR BITS It may be the end times out there, but Jonni Bidwell will help your Linux boxes weather the storm, on page 30.
AMD Radeon RX 5600 XT
18
Feeling all shook up, Jarred Walton thought AMD was going to shake up the middleaged, when it actually meant just the mid-range GPU market. Sorry.
Untangle NG 15
19
Always a sucker for pretty graphical interfaces, Mayank Sharma simply couldn’t resist the lure of a dedicated Debian-based firewall option.
MX Linux 19.1
20
Ugly duckling isn’t how Mayank Sharma would ever describe this distro, but that’s exactly what the developers have named their latest release!
Trident 20.02 As the supposed de-facto BSD desktop metamorphs into a Linux distro, Mayank Sharma is intrigued by its promise to deliver the best of both worlds.
4 LXF262 May 2020
21
ROUNDUP Desktop environments 24 It’s the working pit face of your system, where the distro and you the user connect, but what’s best for you? Minimal, flashy, easy to tweak – read on!
www.linuxformat.com
CONTENTS ON YOUR FREE DVD
INTERVIEW
Manjaro 19 IPFire 2.25 Page 81
20 years of Linux Format 38 Jonni Bidwell feels like he’s being interviewed, as Nick Veitch, Paul Hudson, Graham Morrison and Neil Mohr line up to reminisce about the many years of producing magazines and tweaking Linux.
DVD pages
IN-DEPTH Education USA!
81
Despite having too much to do, Jonni Bidwell still wants to guide you through getting up and running with Manjaro 19.
44
TUTORIALS
The story of how Neil Plotnick brought computer science to an American school riding on the back of Linux and class-built, second-hand PCs!
GLANCES: Monitoring made easy
48
Knowing about advanced systemmonitoring tools like Glances, and when to use them, is precisely why Shashank Sharma is a celebrated Bash-ninja.
PRINTING: gLabels
CODING ACADEMY Coding Lunar Lander
50
Nick Peers reveals how to use gLabels to design striking business cards or labels that you can print on professional paper – or all that toilet roll you’ve got stockpiled…
68
Calvin Robinson uses Python to create three examples of the legendary Lunar Lander game – text-based, vector-based and complete with GUI.
Build a Python AI
72
Inspired by WarGames, Andrew Smith avoids the many issues of thermonuclear war and ends humanity instead by building an AI solution for tic-tac-toe.
Debugging C code
GNU RADIO: Tune in, drop out
76
Andrew Davison explains using GDB, the GNU Debugger for C, and looks at ways to configure and extend it.
DEBIAN: A perfect install
6
The US moves to read all your messages again, Mozilla moves to protect your DNS, ProtonMail moves to protect your mail, and Volla moves to jump on a bandwagon.
Answers
10
Lost passwords, lost Fedora codecs, lost 32-bit LibreOffice, losing the plot when copying, and losing time printing.
Linux user groups
13
Les Pounder wants you all to stay safely at home with the COVID-19 virus around.
www.techradar.com/pro/linux
Mailserver
60
Too scared to try Debian? Ken Hough reveals how to install and set up Debian 10 “Buster” as a beautiful desktop OS in mostly easy steps.
REGULARS AT A GLANCE News
56
Sean Conway prepares for self-isolation in the Canadian wilderness by constructing an FM radio receiver, using GNU Radio and a suitable software-defined radio adaptor.
14
We got it wrong again, this time with Joplin, Wi-Fi woes spoiling Linux, Amiga Format to come back, and virtual Jonni fun.
Subscriptions
22
Back issues
54
Overseas subs
55
Your free DVD
81
Next month
82
DOCKER: Guacamole
64
It’s time to clean off your worktop and prepare some delicious Guacamole, with the help of Kevin Wittmer and the world of Docker containers.
May 2020 LXF262 5
Newsdesk
THIS ISSUE: US privacy Mozilla fixing DNS ProtonMail battles censors Volla Phone CLI monitoring SETI@home hangs up
PRIVACY
US government wants to read your messages Without your permission, a new bill wants to ban encryption of online messages. he US government is once again trying to gain access to our private online messages, with a new so-called EARN IT bill (which can be read at http://bit.ly/ LXF262EARNIT) being proposed. If passed, this bill could have grave implications for online privacy. As the Electronic Frontier Foundation (EFF) reports (http://bit.ly/LXF262EFF), this new bill essentially creates a government commission, controlled by the attorney general, that will have “legal access” to digital messages. Any company, website, or service that does not allow the commission access to its users’ messages could no longer be allowed to operate. The EARN IT bill, sponsored by Senators Lindsey Graham (R-SC) and Richard Blumenthal (D-CT), is apparently aimed at combating online child exploitation, and while that’s certainly a topic that needs to be urgently addressed, opponents of the bill argue that this is not the way to do that and in fact will remove privacy and the right to free speech. The EFF warns that it could end up censoring innocent people while failing to protect children, as it claims to do. While nowhere in the bill is the word “encryption” mentioned, the EFF, and other critics of the bill, claim that this will legally force companies to drop encryption. Attorney General Barr has been an outspoken critic of encryption in the past, but what the bill does propose means that end-to-end encryption would not be possible. The bill lists a number of best practices, including forcing online services to use messagescreening technology approved by the National
T
6 LXF262 May 2020
Center for Missing and Exploited Children (NCMEC) and US law enforcement, report what they find in their users’ messages, and be held legally accountable for the content of users’ messages. It appears to critics of the bill that it is simply a method of removing encryption and allowing the government and law enforcement agencies to implement mass surveillance on digital messages. As the EFF explains (http://bit.ly/LXF262EFFBill), the bill does not add any extra safeguards to preventing child exploitation – there are provisions in the
The EFF is leading the charge in dropping the proposed EARN IT bill.
WHAT THE BILL DOES PROPOSE MEANS THAT END-TO-END ENCRYPTION WOULD NOT BE POSSIBLE. law that already do what the bill wants to achieve. The EFF and other organisations have written to congress asking for the bill to be discarded, and that “a more effective way to address [child exploitation] would be to better equip law enforcement agencies to investigate it by adding staffing and funding to more effectively use their current lawful investigative tools.” If you’re based in the US and concerned about this, the EFF has set up a website (http://bit.ly/ LXF262EFFReject) that lets you call on your congress representative to reject the bill.
www.linuxformat.com
NEWSDESK THAT INTERNET
OPINION
Mozilla wants to fix DNS Firefox enables encrypted DNS over HTTPS by default. irefox, the open source web browser, now enables encrypted DNS over HTTPS by default in the US, which Mozilla, the company behind Firefox, claims will address the current insecure DNS system used by many people to access the internet, and which leaves their data unencrypted. In a blog post explaining the feature (read it at http://bit. ly/LXF262DoH), Mozilla claims that its DNSover-HTTPS (DoH) protocol will protect its users by encrypting DNS traffic through its Firefox browser to resolvers via HTTPS, so Firefox users’ browsing behaviour can’t be intercepted by anyone spying on the network. Mozilla is working with Cloudflare and NextDNS, which have joined Mozilla’s Trusted Recursive Resolver programme (http://bit.ly/ LXF262MozillaTRR) and will adhere to strict requirements on how they will handle user data. As Mozilla explains, “this includes placing strict limits on data retention so providers– including internet service providers – can no longer tap into an unprotected stream of a user’s browsing history to build a profile that can be sold.” The idea is that through this programme, and its DoH protocol, Mozilla will “close the data
F
leaks” that have plagued DNS for 35 years. But while this is a welcome move, some people are concerned that DoH could lead to greater centralisation of DNS. In a lengthy FAQ in the blog post, Mozilla disputes this, claiming that DoH in Firefox will actually lead to less centralisation as it is moving traffic away from large ISPs, which have a disproportionate control over the internet thanks to consumer devices being locked to the ISPs’ DNS services.
Firefox will now use DNS-over-HTTPS by default.
CENSORSHIP
ProtonMail battles censorship Encrypted email provider could route connections via Google. rotonMail (https://protonmail.com), an encrypted email provider, could avoid censorship by routing connections to its servers via “third-party infrastructure and networks we do not control, some of which might belong to companies such as Google.” ProtonMail is an email service that puts heavy emphasis on protecting the privacy of its users by using client-side encryption, and it has often positioned itself as a secure and private alternative to Gmail – which means its reliance on Google’s infrastructure will certainly raise a few eyebrows. Because of its emphasis on encryption, ProtonMail has been subjected to censorship in countries such as Turkey and Russia, which has led to this rather surprising move. A new tool is being rolled out to ProtonMail users on
P
www.techradar.com/pro/linux
desktop and mobile, which will avoid censorship by using alternative infrastructure providers to avoid being blocked. In a blog post (that can be read at over here http://bit.ly/LXF262ProtonMailBlog), the team behind the service states that the feature will only be used when it believes you’re likely to be subjected to censorship, and that “it’s imperative that we remain one step ahead of those who would seek to spy on people and restrict the freedom of information. Alternative routing is an additional capability which helps us ensure users can access our services.” While this shouldn’t affect too many users, it does mean that there is a chance some users’ information, such as their IP address, could be visible to third parties. Anyone who is uncomfortable with that can turn the feature off, it is promised.
THE OLD WAYS
Jonni Bidwell is happy with his new boat-based purchase, considering the recent precipitation-based weather. I’ve gotten to meet some wonderful and highly regarded people through my employ in the strange world of dead tree tech publishing. But I must say this month’s assembly of LXF editors past and present was really quite special. There are those who say making magazines was more fun back in the day, but they probably know very little of my antics. Naturally, magazines at Future Towers are a lot more uniformly treated nowadays. LXF, when I joined, still described itself as “an isolated silo of maverick publishing”. Now we have to make our covers please not only our art editor, who strives for perfection in everything, but also management, who get scared of Linux argot. Somehow we make it work, exactly how those Jupiters of LXF-past did, when challenged by whatever were the challenges of the time (ale-related misreading of deadlines, one supposes). It’s very easy to get overly nostalgic about Linux too. It all seems so simple now, and the thrill of getting a distro to actually work has been devalued. Equally, even the simplest tutorial will rely on a raft of code you didn’t write (shhh!–Ed) and will never understand.
May 2020 LXF262 7
ANSWERS
Answers
Got a burning question about open source or the kernel? Whatever your level, email it to lxf.answers@futurenet.com password Q Lost I successfully installed Linux Mint
Cinnamon 19.3 on an old Dell laptop, previously on Windows 7. I promptly forgot the password. Determined as I was to try to recover/reset it I scoured all the info I could find, and although I seemed to be able to update the password, the new password is not recognised. Alexander Oyler
A
You need to use the passwd command to change passwords. However, in order to do that you will need to supply your old password first or run passwd as the root user. On Mint that means running it with sudo, which also requires your old password. This seems like a vicious circle, but all is not lost, there is a way around it – which, incidentally, is why passwords alone are not sufficient security when someone gains physical access to your computer. First of all, you need to know the device that contains your root partition. You can find this by opening a terminal and running $ findmnt /
Look for / in the TARGET column, this is your root filesystem, the SOURCE column on the same line will show your root device, something like /dev/sda1. Now reboot your computer using a live CD – the one
you used to install Linux Mint is a good choice. The live distro is set up to allow sudo without a password, so you can change passwords here, but you have to tell it to use the password files on your installed distro. First of all, mount your installed root partition, the device we found above. You can either do this from the file manager or in a terminal with: $ sudo mkdir -p /mnt/myroot $ sudo mount /dev/sda1 /mnt/myroot Now comes the clever bit. The passwd
command has an option to operate inside a chroot directory. This is a directory that presents itself as the root filesystem, so we can use the installed distro rather than the live environment you are currently running. Assuming your system is mounted at /mnt/myroot as above, run this: $ sudo passwd --root /mnt/myroot USERNAME
This runs as root, so it doesn’t ask for the user’s password. Give a new password for the user, make sure you use the right username, and reboot. You should now be able to login with the new password.
codecs Q Fedora I am a keen fan of Fedora and am comfortable using it, but there is one aspect of Fedora that totally throws me, and that is codecs. Because of the
Neil Bothwick knows your problems before you even have them!
open source-only policy of Fedora, the standard distribution doesn’t contain many codecs. As a result, I have to play my film DVDs on my Windows installation. I have installed VLC, and I would really like to play my DVDs using my Fedora installation but I have no idea how to go about it. Do you have any suggestions for this? Ian Van Maanen
A
Distributing codecs can be a legal minefield. Many of them are protected by patents that make distribution illegal in some countries. As Fedora is a global distro, the only safe option is to exclude anything with software patents. However, that doesn’t stop you from installing any codecs you need after installing Fedora – that becomes your responsibility and decision. You can install the commercial Fluendo codec pack (www. fluendo.com) or you can add a repository that contains free (as in beer) codecs and install what you need. Go to https://rpmfusion.org/ Configuration and click on the “RPM Fusion free for Fedora” link for the version of Fedora you are using. When asked if you want to save or open the file, open it with the Software Install program. When the program opens, click on the Install button. Repeat this with the non-free option. Alternatively, you can do this from a terminal with: $ sudo dnf install https://download1. rpmfusion.org/free/fedora/rpmfusionfree-release-$(rpm -E %fedora).noarch. rpm $ sudo dnf install https://download1. rpmfusion.org/nonfree/fedora/ rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
You will be asked to confirm the signature of the repositories the first time you go to use them. Now you have three options. You may install individual codecs as you need them. You could also install the whole lot with these terminal commands: VLC can play just about anything you throw at it, but you need the full-fat version, not the edition that is restricted to free codecs.
10 LXF262 May 2020
$ sudo dnf install gstreamer1-plugins{bad-\*,good-\*,base} gstreamer1-plugin-
www.linuxformat.com
ANSWERS openh264 gstreamer1-libav --exclude= gstreamer1-plugins-bad-free-devel $ sudo dnf install lame\* --exclude=lamedevel $ sudo dnf group upgrade --with-optional Multimedia
The third option is to replace the cutdown, codec-reduced version of VLC with the full version, including all the necessary codecs. If the version in the RPMFusion repositories is newer than your installed version, this may happen automatically the next time you do a software upgrade. If not, you can uninstall the existing VLC package(s) and install it all afresh to get the fully-enabled version. Enjoy your DVDs!
LibreOffice Q 32-bit While installing LibreOffice
Your distro’s package manager, or equivalent, is almost always the best way to install software on Linux. Packages downloaded directly from websites should be a last resort.
6.2.8.2-2, I ran $ sudo tar -xvf LibreOffice_6.2.8.2_x86 $ dpkg -I *.deb
Then I ran LibreOffice 6.2, which ran until this error message came up: /home/john/LibreOffice_6.2.8.2_Linux_ x86_deb/DEBS/6.2 does not exist
Do you know what it means? What file did LibreOffice not have? John M Hensgen
A
You don’t mention the distro you are running. I assume it is one based on Debian or Ubuntu as you are trying to install .deb packages. Almost all distros include LibreOffice in their software repositories, most desktop distros install it by default, so it is unclear why you are trying to install from the LibreOffice release package. It may be that you are new to Linux, as this is the Windows way of doing things – download a file from the project’s website and install it. The Linux way is to use your distro’s package manager to install it. On the other hand, you may have a good reason for doing things this way; for example, you may need a feature in the latest version that has not yet been packaged up by your distro. In that case, you can install directly, but there are a couple of things to bear in mind. Firstly, you must make sure any LibreOffice packages that are already installed by the package manager are removed. You can do this in the distro’s software manager, for more control you should install Synaptic, a graphical package manager for Debianbased distros. Make sure you uninstall all related packages, such as language packs and dictionary files, or you may find you get a conflict between the two versions. Then you can install from the LibreOffice ‑supplied tarball, but the approach you have used is not quite right. The correct sequence is:
www.techradar.com/pro/linux
$ tar xf LibreOffice_6.2.8_Linux_x86_deb. tar.gz $ cd LibreOffice_6.2.8.2_Linux_x86_deb/ DEBS $ sudo dpkg -I *.deb
The main differences are when sudo is used. There is no need to use sudo to unpack the tarball, as all you are doing is writing a bunch of files in the current directory, where you already have write permissions. But you should use sudo to install the packages, otherwise they can only be installed in your home directory, which is not where LibreOffice expects to find its files – hence the error message you saw. However, the last version of LibreOffice’s own packages that supported 32-bit architectures is an older one, so you are probably better off using your distro’s packages as they will be at least as up to date, if not more so.
Q
Copy on content
I have several files in a directory and need to copy to a different location those that contain within the file itself – not within the name – a certain string. So far I know how to find the string using grep ‘pattern’ *.ext1
and I tried to use grep ‘pattern’ *.ext1 | xargs cp / newlocation
but to no avail. Patrick Smith
A
You have the right idea in using grep to generate the list of files to copy, but there are a few issues with your implementation. First of all, when applying grep to multiple files, it returns both the name of the file and the matching lines from within that file. You can change this by adding the --files-with-matches or -l (that’s a lower case L) option, which tells grep to
only output the names of files that contain a match. As a side benefit, this can help to speed up the execution of grep because it will stop searching a file as soon as it finds a match, instead of continuing to read the whole file. Once you do this, your command will still fail, as it expects the destination directory to be the last argument, not the first, unless you tell it otherwise. You can do so with the --target-directory, or -t option to cp. This works for a single extension, but you say you wish to repeat the procedure for multiple extensions. You could do this by specifying each match separately: $ grep -l ‘pattern’ *.ext1 *.ext2
The shell expands the wildcards before executing the command, so grep will just get a list of files either way. You can tidy this up a bit more by using the shell’s brace expansion: $ grep -l ‘pattern’ *.{ext1,ext2}
which the shell expands to be the same as the previous example. It makes little difference with just two extensions, but as you add more, it keeps the command line much neater. There is one issue left to address, do any of the filenames contain spaces? This will mess up xargs as it will see spacey filename.txt as two separate arguments. There are two ways around this. For the simple case here, you can use the -d or --delimiter option to tell xargs to use a newline (\n) as the file delimiter. So your command now becomes: $ grep -l ‘pattern’ *.{ext1,ext2} | xargs -d \n cp -t /newlocation
The more general, and preferred method, of dealing with spaces is to tell both programs to use the null byte as the delimiter. For both grep and xargs, this argument is --null, so now we have the most robust version:
May 2020 LXF262 11
SUBSCRIBE Save money today!
SUBSCRIBE
Sign up today and get this fantastic
KLIPSCH T5M WIRED EARPHONES Enjoy What Hi-Fi? 5-star awardwinning audio quality with these in-ear Klipsch earphones. Top-rated for comfort, sound, build and winner of the Best in-ear headphones 2019 category! Who could ask for more?
YOUR GIFT! WORTH £70.00
Don’t miss out, subscribe now!
“The Klipsch T5M Wired in-ears are up there with the very best at this kind of money and will make a big difference.” What Hi-Fi? July 2019
Top features Premium in-ear headphone with moving coil micro speaker Patented contour ear tips and IPX4 water/sweat resistant Wired in-ear headphone with detailed, impactful sound Patented contour ear tips Full bass, dynamic driver
SUBSCRIBE NOW! www.myfavouritemagazines.co.uk/lin/klp1
Call: 0344 848 2852 22 LXF262 May 2020
www.linuxformat.com
Overseas subs on p55
PLUS: Exclusive access to the Linux Format subs area! 1
! DON’T MISS s ar ye Now with 5 & r se U x of Linu Developer issues
CHOOSE YOUR PACKAGE! 6-MONTHLY PRINT ONLY
ANNUAL PRINT AND DIGITAL
PLUS!
SAVE!
Only
22%
£32.50
6-monthly print by Direct Debit (NO GIFT)
2-YEAR PRINT AND DIGITAL
Only
£72
SAVE!
58%
Annual print and digital by Direct Debit
PLUS! Only
SAVE!
£136
61%
2-year print and digital one-off payment
*Terms and conditions: This offer is only available for new UK subscribers. Gift is subject to availability (MSRP £70.00). Free gift is not valid with 6-monthly print only subscriptions. Please allow up to 60 days for the delivery of your gift. In the event of stocks being exhausted we reserve the right to replace with items of similar value. Prices and savings quoted are compared to buying full-priced print issues. You will receive 13 issues in a year. You can write to us or call us to cancel your subscription within 14 days of purchase. Payment is non-refundable after the 14 day cancellation period unless exceptional circumstances apply. UK calls will cost the same as other standard fixed line numbers (starting 01 or 02) or are included as part of any inclusive or free minutes allowances (if offered by your phone tariff). For full terms and conditions please visit: www.bit.ly/magterms. Offer ends: 30/06/2020
www.techradar.com/pro/linux
May 2020 LXF262 23
1) Only available to MyFavouriteMagazines.co.uk subscribers.
1,000s of DRM-free PDF back issues and articles! Get instant access back to issue 66 (May 2005) with tutorials, interviews, features and reviews. At linuxformat.com
ROUNDUP Desktop WE COMPARE TONSenvironnments OF STUFF SO YOU DON’T HAVE TO!
Roundup Gnome KDE Cinnamon Awesome Regolith
Mats Tage Axelsson has been trawling through different desktop environments with a contented smile.
Desktop Environments It’s the working pit face of your system, where the distro and you the user connect, but what’s best for you? Minimal, flashy, easy to tweak, read on!
HOW WE TESTED… For this Roundup, we are investigating the reasons for choosing a desktop environment. The amount of choice out there could see you spending hours of effort (hopefully with a wide smile on your face) as you test each one. First, you need to know why designers made the choices they made so you can see if you agree. To be certain about your choice, you want to know about the learning curve and if you can aesthetically fit your applications in to the particular environment. You need to know which applications depend on desktop features to operate correctly and where you need to take extra steps to make it work. After you’ve overcome the learning curve, you can continue measuring how it feels to use each environment. The ones that focus on keyboard use and minimalism are more useful for people who use the keyboard, like programmers and admins. But a graphic artists may benefit from different setups.
24 LXF262 May 2020
hen you start out with Linux, you may judge your distribution primarily by its desktop environment. So for this Roundup we’re going to take a closer look at what designers consider when they design a desktop. The “environment” is the window manager combined with the other elements you may have on your desktop. These are taskbars, icons and sometimes active elements on your desktop. Designers make desktop environments to appeal to all users. You may not be a generic user. While you read this, consider what your preferences are.
W
The two dominating desktop environments are Gnome and KDE, and they have very different philosophies. For Gnome, it is to keep things available but not visible, while KDE chooses to stick with the menus at all times. The third big one is Cinnamon, while Awesome and Regolith are smaller options. The choice is personal taste, though what you are working on will have the biggest influence on your decision, and whether you are typing a lot or doing graphic work. For example, programmers will appreciate the minimal look of tiling window managers, as they rarely lift their hands from the keyboard.
www.linuxformat.com
Desktop environments ROUNDUP
Installation Each distribution has a bias for a specific desktop environment stribution maintainers tend to choose a specific desktop when they start. This does not lock you into a specific one, but installing another desktop will require a lot of software. This software is the foundation that implements all the graphical components, such as frames, buttons and menus. The major packages also have projects that create specific applications that match the look of their own desktop. Many of these can be used in other environments in case you want a particular one. It will be graphically inconsistent but works well. The Plasma project from KDE has many such projects, so if you have a Gnome desktop and want to switch you may end up with a multi-gigabyte install. If you choose to install all recommended packages, you will have access to the ‘K’ applications. These are great applications, but on each system you should choose either Gnome or KDE to avoid disk space waste. Of course, you have many other options that can really mess up your settings. Cinnamon, meanwhile, doesn’t require anything from its Gnome ancestor – it has replaced it all with its own packages. You can install many of the minimal ones with your package manager. Suckless dwm is an alternative minimal option that needs to be compiled from source and changed to your settings. This is actually easy to do, the tricky part is to configure it to your liking. To get some inspiration, check out the build of Luke Smith; https://github.com/LukeSmithxyz/dwm. You need to add a few programs and compile them yourself. You need to be fluent with compiling software and handling patches.
D
When you install over another environment, you may run into trouble both with mixed settings and disc waste
Awesome, meanwhile, comes with a basic setup and is easier to set up than some of the other options because there are many themes to choose from. It is also available in your repository as a fresh version. Regolith comes in an impressive state – it is easy to install and has decent defaults. It requires Gnome, however, because it replaces gnome-shell, which draws down the impression. You also need to be careful when you try it out together with Gnome. You may find that there are some changes to your gnome-shell session after first testing Regolith.
VERDICT GNOME 7/10 AWESOME 7/10 KDE 7/10 REGOLITH 8/10 CINNAMON 9/10 Cinnamon has replaced Gnome packages with its own, making the install small.
Applications Can you use the ones you want? ome applications rely heavily on the window manager to handle their windows. When you choose a window manager, you need to consider whether your applications can handle your whole workflow. GIMP is an example that can cause problems when you use the tools in an undocked mode. With GIMP, you have an option to have all tools inside the application, called single-window mode. When running office packages, they usually do fine unless they are made especially for the environment. KDE has many projects that need the desktop environment to operate. Watch out for programs that are spelled with a ‘K’ for no apparent reason. They are usually made for KDE. That said, most of them work across platforms, so don’t switch until you know you have to. You may also notice that the whole tiling windows thing doesn’t suit you very well. If that is the case, don’t consider Awesome, Regolith or the do-it-yourself Suckless dwm. They can do floating windows, but not very well. Dwm can handle most situations, but you may have problems with application size exceeding the screen in a dual-head setup. The same happens in Awesome if you have different resolutions on the second screen. This is not a big problem for
S
www.techradar.com/pro/linux
A large part of your desktop choice is down to compatibility.
most applications. It is worth it if you feel you can save on memory usage. The thing to consider is if you want the notifications that come with the big three. You can take them with you, with some tweaks.
VERDICT GNOME 8/10 AWESOME 6/10 KDE 8/10 REGOLITH 7/10 CINNAMON 8/10 It looks scary to switch to a rare window manager, but the problems are small.
May 2020 LXF262 25
LOCK DOWN LINUX It may be the end times out there but Jonni Bidwell will ensure your Linux boxes are equipped to weather the storm.
hen you install Linux on your desktop, then as long as you install an up-to-date distro the chances are you’re reasonably secure. The same is true for servers, as long as you choose a strong password (or disable password access altogether and use SSH keys instead). There’s a faction of the Linux-using populous that still likes to bang the “Linux is more secure than Windows” drum, but this isn’t really true anymore. Both Linux and Windows have multiple layers of security coded by very smart people. Both Linux and Windows rapidly patch
W
30 LXF262 May 2020
emergent security issues. And neither Linux nor Windows can do a whole lot about flaws in whatever software people choose to run on them, and they
We’ll look at how to shore up defences on Linux, whether on the desktop, server or up in the clouds. We’ll cover passwords, keys, firewalls and much more to keep your data safe. We’ll focus more on security than privacy, so won’t be talking Tor, VPNs or Whonix, but there’s no reason why these can’t be used with the setups we’ll discuss. What we will look at is everything from next-gen logins with hardware tokens to basics like SSH keys. We’ve also got tips for shoring up Nextcloud and more. Let’s start with a survey of Linux security features, and how they get thwarted.
WHAT’S TO COME… “We will look at everything from next-gen logins with hardware tokens to basics like SSH keys.” certainly can’t do anything about users configuring that software in an overly permissive manner.
www.linuxformat.com
Lock down Linux
The state of Linux security Linux provides more security features than you can shake a stick at – more often than not it’s users that are a weak point. ainstream Linux distros provide a huge amount of security features out of the box. Some have been around for a long time (address space layout randomisation, having services drop root privileges when they don’t need them, mounting removable drives with the noexec option so they can’t launch binaries) and some are quite new (Spectre and microdata sampling protections). A few desktop Linux distributions (Ubuntu, Mint, Solus, Pop!_OS) offer full disk or home directory encryption out of the box too, which we’d highly recommend you do on your laptop, and if you’re handling sensitive data it’s worth considering on your desktop too. Fedora (and its commercial cousin RHEL) enforces SELinux accounting, which takes permissions and access control lists (ACLs) to a new level, sandboxing apps with fine-grained configurations. AppArmor on Ubuntu does much the same. Disk encryption is usually done through LUKS and device mapper, and will secure data at rest. However, once the encryption password is entered, that data is (physically) accessible as long as the device remains turned on. With home directory encryption, $HOME is usually unlocked until you log out. Similarly, personal data on modern mobile devices is protected by a pin code, pattern or fingerprint. This is why when the FBI or
M
If you leave your NAS open to the internet, you better hope it’s someone nice like Matthew Garrett who finds it.
NCA or another three-letter organisation suspects you’ve been using your devices for no good, they tend to swoop in and grab those off you while you’re using them so that they’re unlocked. Then a USB dongle is usually fitted, which sends benign keystrokes to ensure the device stays awake and doesn’t lock. Usually a power source is connected too, as that would be embarrassing. Most new software is installed with a safe, sane configuration, but default usernames and passwords are still common. More often than not users have to tweak initial configurations to suit their requirements, and these tweaks only get as far as making the thing work, not making the thing secure. Where this is most dangerous is running services, because you’re pretty much inviting the world to use your machine. You may want the world to see your website, but you don’t want to allow them to abuse the machine running it. On the desktop, web browsers and email clients are the main conduits for nasties, and we tend to cover those in our privacy-centric features. Over the page we’ll show you how to change your password habits with a hardware key, and how to use IPFire to protect your home networks. As for servers we’ve got all kinds of tips.
We do love pie charts, especially when they tell us no one’s trying anything particularly crafty to breach our IPFire defences.
UEFI AND SECURE BOOT When UEFI was introduced to address the diverse and varied shortcomings of using BIOS to initialise hardware, it was met in some circles with a chilly reception. Most of this centred around UEFI’s Secure Boot extension, which at the time made it hard for consumers to replace Windows 8 (which at the time was being shipped on new machines), or even boot a Linux distro. Much of that criticism was unjust, Secure Boot is meant to enable administrators to limit
www.techradar.com/pro/linux
which bootloaders can run and which kernels they can boot. Most x86 hardware ships with Microsoft’s Secure Boot public key prebaked in, which permits booting only Microsoft-signed bootloaders. Some Linux distros provide a boot manager signed by Microsoft – there are two approaches here, Fedora’s Shim (also used by Ubuntu and a few others) and the Linux Foundation’s PreLoader. So these will work fine with Secure Boot,
but some other distros will require it to be disabled. If you have full control over Secure Boot though, you can enrol your own signing key into the firmware and allow booting for only those OSes you deign worthy. If your machine has a TPM chip, you can use this to store, for example, LUKS disk encryption keys. These can be verified against a register in the TPM, so that if another OS is securely booted the disk still won’t be unlocked.
May 2020 LXF262 31
INTERVIEW 20 years of LXF
EDITORIAL
CORDIAL Would the spacetime continuum stand up to four editors of Linux Format in one place? Neil Mohr wanted to find out…
38 LXF262 May 2020
www.linuxformat.com
20 years of LXF INTERVIEW
t’s our two-decade anniversary! We weren’t quite sure what would happen when we assembled three past LXF editors and one from the present in a quaint tavern by the River Avon to celebrate this. But we did it anyway and the results were most cordial. Our little Linux magazine has an illustrious history, an enthusiastic readership and has somehow managed to survive for 20 years without management knowing what a Linux is.
I
So we summoned Paul Hudson (a titan of all things Swift and iOS, and creator of the legendary Brain Party), Nick Veitch and Graham Morrison (both now at Canonical), together with current helmsman Neil Mohr, to discuss Linux, magazines and of course to enjoy fine ales while the rest of Future Towers was chipping away at the content mine. Naturally, the insubordinate Jonni and long-serving Effy (there are unverified accounts of him joining sometime in late 2005) came along for the banter too.
Linux Format: Do we agree that getting kids into coding at school is A Good Thing™? Nick Veitch, Paul Hudson, Graham Morrison: PH: Kids these days are amazingly good at coding at school. It’s remarkable. I volunteer at a school for year six girls. I think they had a challenge last year, part of the Oxford University Computing Challenge. I showed it to some Swifties and proper 10-15 year iOS veterans couldn’t solve it, so it was hard. And then here’s these 11-year-olds solving it on their laptops using Scratch and Python.
TIMELINE Pre-history – Linux Answers In late 1999 Future plc published a oneoff magazine, this was borne off the back of the success of, the now closed, PC Answers and PC Plus [the flashbacks! – Ed]. Grab it from here https://bit.ly/LXA01. All we’ll say is that this was successful enough to launch a monthly magazine…
www.techradar.com/pro/linux
May 2000 – Linux Format #1 Renaming the title in line with Future’s most successful print magazines: Amiga Format and PC Format, Linux Format was released with editor Nick Veitch of Amiga Format fame and writing talent from PC Plus mag. It came with a CD and was an instant hit. Here it is https://bit.ly/LXF001.
May 2020 LXF262 39
IN-DEPTH Education USA
EDUCATION The story of how Neil Plotnick brought computer science to an American school riding on the back of Linux, open source and a spare USB stick. n the autumn of 2014, Neil Plotnick was successful in lobbying his school to offer its first computer science class. Students previously had instruction in web design and office applications, but this was to be the first time where programming was going to be the focus. The transformation officially began over one summer week participating in training from https://code.org and was among the first cohort of teachers to bring the Exploring Computer Science (ECS) www.exploringcs.org curriculum to students. Computer science
I
was an effort to bring 10,000 highly qualified teachers to high schools. Plotnick got to learn how teachers were bringing computer science to their classrooms. During the conference hosted by the National Science Foundation and the National Center for Women in Information Technology he gave his first presentation on using Linux with students. Computer science classrooms are overwhelmingly Windows and Mac environments. However, there is a growing number of teachers that are embracing Linux. There has also been an emergence in the
ARTHUR R. ON REVIVING OLD COMPUTERS “Learning about how you can reuse these old computers to make them have some use rather than take up dust is really interesting.” has become increasingly popular as a class for students over the past decade. Numerous efforts have sought to make coding instruction available for children in the earliest grades. In 2015 Neil was invited to the White House when President Barack Obama launched the CS 10K initiative (www.computingportal.org/cs10k). It
44 LXF262 May 2020
cybersecurity area that recognises the importance of Linux. Through virtualisation and cloud-based labs, thousands of classrooms are learning about how to control Linux systems. As a way of inspiration we’re going to explore some of the ways Linux has been used by his students, and the struggles and lessons learned along the way.
www.linuxformat.com
Education USA IN-DEPTH
Robot challenges or any teacher, there will always be challenges when mastering a new curriculum. However, the biggest roadblock experienced was working in a computer lab that was governed by district information technology policies, which created some serious problems. The speedbumps began with a unit on programming robots. The district only supported Windows computers in the classroom, and security settings prevented the loading of software or accessing USB devices. In the true spirit of IT professionals, we discovered multiple ways that Linux could get around imposed barriers and enabled students to gain an authentic appreciation of the things Linux could accomplish. Over time, the classroom evolved and the students were able to use a dedicated Linux network in parallel with their Windows and Mac workstations. In the ECS classroom, students learn the basics of algorithms and web design. Students begin actual programming lessons with Scratch (https://scratch. mit.edu). This block-based language is used in introductory-level classes and is often accessed via a web browser. There were no initial problems working with our Windows systems. It made sense to introduce robots that used the same language. We have a classroom set of Finch www.birdbraintechnologies. com/finch and they are designed to be controlled via Scratch. However, right at the start, the Finch robots were unable to communicate via the USB ports with the host computer, and students were disappointed and frustrated. With a little investigation, it became apparent that system policies were at fault. Delving into the Finch documentation, we discovered there was a Linux implementation of the robot driver and sample Python code that could be used. While users could not install files or modify the operating system on the Windows computers in the classroom, we could access the BIOS at startup to select a different boot disk. With a Linux distribution loaded on a USB thumb drive, the robot began responding on the first try.
F
Using Nano to edit a program file.
www.techradar.com/pro/linux
The next step was to equip each of the students with their own USB Linux boot stick. Using a personal Windows laptop not subject to account restrictions, an ISO image for Ubuntu was downloaded and PenDriveLinux (www.pendrivelinux.com) was used to create a set of bootable drives for the students. It is suggested that if you need to use USB drives in your environment, reserve a portion for “persistent”
ANDREW O. ON LINUX “Installing and looking at Linux was pretty simple and fun. I thought it was cool to see you can have multiple screens on one monitor!” storage. This must be done when initially using a program like PenDriveLinux. This allows for the storage of files students create for editing and expansion later. The students’ reactions were immediately positive. They found that the old computers seemed faster than before, especially when accessing the internet. Most importantly, they began to feel that they were more in control of their learning environment. When it was suggested going back to Scratch and web-based learning modules, they protested and demanded to stay with Python and text-based programming. So over the rest of the year we developed a curriculum that showcased the power and versatility of Linux. This experience led me to present several sessions at the Computer Science Teachers Association annual conferences, focused on Linux in the classroom.
TEACHING RESOURCES General Linux Lessons Practical Introduction – https://docs.ycrc.yale.edu/PIL Linux Journey – https://linuxjourney.com Lessons in Linux – www.lions-wing.net/lessons Command line Official Unbuntu – http://bit.ly/lxf262terminal Ryan’s tutorials – https://ryanstutorials.net/linuxtutorial Nano – http://bit.ly/lxf262nano Blogs for computer science teachers Mike Zamansky – https://cestlaz.github.io Alfred Thompson – http://blog.acthompson.net My blog – www.csforallteachers.org/blog/open-source-teaching Programming languages Microsoft TEALS program – https://tealsk12.gitbook.io/apcsa Computer Science Principles – http://bit.ly/lxf262cs EXLskills Java – https://github.com/exlskills/course-java-ap Cybersecurity High school guide – https://github.com/DerekBabb/CyberSecurity UoRI High School Cyber Project – http://bit.ly/lxf262cyber
May 2020 LXF262 45
TUTORIALS GLANCES
Monitoring systems made super easy
Knowing about advanced system-monitoring tools like Glances, and when to use them, is precisely why Shashank Sharma is a celebrated Bash-ninja. ystem administrators have long favoured command-line utilities for myriad activities ranging from setup, configuration, and maintenance of the machines under their charge. A necessary part of the job involves keeping tabs on the different machines. On a local installation, tools like top, htop, etc. have long reigned supreme. But if you want all the features of these, and many more, with the added convenience of keeping tabs on remote machines, Glances is just the tool for you. Whereas utilities like top will help you gauge the CPU and memory usage, Glances goes quite a bit further. It can be used to monitor filesystem I/O, network I/O, and even sensor readouts to display CPU and other hardware temperatures. It can also show you disk usage by hardware device and logical volume, and even provide Docker statistics. Please refer to the Getting started boxout (see opposite) on instructions on how to install Glances.
S
OUR EXPERT Shashank Sharma is a trial lawyer in Delhi. He’s pained at having to abandon the noble quest of growing a yeard.
Even if you have multiple modules toggled on, Glances will only show info that can fit into the size of the screen or the terminal emulator window. There’s no way to scroll through the interface and view info for other modules. Toggle on/off modules as you need them.
Monitoring with Glances Unlike other system-monitoring tools, Glances is capable of presenting a vast array of information. The very first line at the top is called the Header and displays the hostname, OS name and version, the running Linux kernel, IP address and system uptime. The next few lines present much the same information as you’d find on other monitors, such as top, including stats for CPU and memory usage, and load. The default interface might seem a little overwhelming, but that’s understandable considering the vast amount of information that’s on display. Each distinct block of information is referred to as a module, and there’s a module each for CPU, memory, network stats, etc. Thankfully, you can tweak the display with different keyboard shortcuts. From within the interface, press 1, and look at the top left of the interface. If you’re running a multi-core machine, you’ll notice that instead of combined
Many shortcuts affect the info displayed. Pressing f will enable/disable the filesystem module, F shows the used/ free space in the filesystem module.
48 LXF262 May 2020
www.linuxformat.com
*
BIG SAVINGS ON OUR BEST-SELLING MAGAZINES SAVE
93%
SAVE
93%
SAVE
92%
SAVE
92%
SAVE
88%
SAVE
92%
For great savings on our best-selling magazines, visit online
myfavouritemagazines.co.uk/spring Order Hotline 0344 848 2852
* TERMS AND CONDITIONS: This offer entitles new UK subscribers to receive their first 5 issues for 5 for UK readers. After your trial ends, your subscription price will be adjusted to reflect a 10% saving against the RRP price. This offer is also open to overseas readers, 5 issues for â&#x201A;Ź5 for Europe and 5 issues for $5 for ROW. After these issues, standard subscription pricing will apply. The biggest savings are compared with the overseas RRP. For all savings details see online offer page. You can write to us or call us to cancel your subscription within 14 days of purchase. Payment is non-refundable after the 14 day cancellation period unless exceptional circumstances apply. Your statutory rights are not affected. Prices correct at point of print and subject to change. Full details of the Direct Debit guarantee are available upon request. For full terms and conditions please visit: bit.ly/magtandc. Offer ends 30th April 2020.
TUTORIALS Radio receiver Credit: www.gnuradio.org
GNU RADIO
Build an FM radio receiver from a PC Sean Conway provides step-by-step instructions to construct an FM radio receiver using the versatile GNU Radio software. he fun this issue is all about configuring a computer as a radio receiver. An introduction to GNU Radio concepts and its basic set up was provided in LXF261. This tutorial will expand on that knowledge to construct an FM radio receiver circuit with a flow graph. An antenna attached to a software-defined radio (SDR) dongle will capture a frequency-modulated (FM) broadcast radio-frequency (RF) signal. The signal will be digitally processed using GNU Radio software running on an Ubuntu 18.04 computer to produce an audio output. The reader can skip the set-up instructions that follow if they have completed the steps in LXF261 to install the GNU Radio application. Let’s refresh the Ubuntu install with:
T
OUR EXPERT Sean D. Conway having invested 40 years in technology careers, this retired IT security specialist continues to play with computers in his basement for the enjoyment of writing about it.
sudo apt-get update -y && sudo apt-get upgrade -y sudo reboot sudo apt-get install rtl-sdr gnuradio gr-osmosdr
After installing the RTL-SDR dongle, use the command line to confirm that the hardware has been detected: sudo rtl_test -t
The command response Found Rafael Micro R820T tuner, and other details contained in message, confirms that the SDR dongle has been detected. Ignore the No E4000 tuner error. Locate GNU Radio Companion (GRC) icon in Ubuntu and start the application. GRC is the application software for the user to access GNU Radio. GRC and GNU Radio are software
1
2 Options
ID: top_block Generate Options: QT GUI
QT GUI Waterfall Sink FFT Size: 1.024K Center Frequency (Hz): 92.1M Bandwidth (Hz): 2M
Variable
Variable
QT GUI Sink
ID: samp_rate Value: 2M
ID: down_rate Value: 250k
FFT Size: 1.024K Center Frequency (Hz): 92.1M Bandwidth (Hz): 2M Update Rate: 10
RTL-SDR Source Sample Rate (sps): 2M Ch0: Frequency (Hz): 92.1M Ch0: Freq. Corr. (ppm): 1 Ch0: DC Offset Mode: Automatic. Ch0: IQ Balance Mode: Off Ch0: Gain Mode: Manual Ch0: RF Gain (dB): 15 Ch0: IF Gain (dB): 20 Ch0: BB Gain (dB): 20
56 LXF262 May 2020
3
QT GUI Chooser ID: FM_freq Num Options: 3 Default Value: 92.1M Option 0: 92.1M Label 0: 92.1FM Option 1: 99.9M Label 1: 99.9FM Option 2: 107.1M Label 2: 107.1FM
Low Pass Filter Decimation: 8 Gain: 2 Sample Rate: 2M Cutoff Freq: 100K Transition Width: 10K Window: Blackman Beta: 6.76
projects supported by different development teams. The layout of GRC has changed through different versions. This tutorial was made using GNU Radio Companion version 3.7.11 as there appears to be some issues with the latest 3.8 release. Here is a refresher of some of the GRC and GNU Radio concepts: GNU Radio uses flow graphs constructed with blocks (see below) that contain one or more ports with specific data types to process signals. The data type between blocks must match in order to establish a connection. A block performs one signal-processing operation, such as generating signals, playing signals, establishing variables, and providing access to hardware (such as the speaker). Source Blocks have only output ports and Sink Blocks have only input ports. Every flow graph requires a minimum of one Source Block and one Sink Block in order to function. Flow graphs are assembled and run in the GNU Radiocompanion (GRC) application workspace. Libraries are organised into categories of blocks. The search function is a novice’s friend when trying to navigate the Libraries. GNU Radio provides a number of methods to identify errors. Users need to look for hints provided by the software to resolve the errors. Extra messaging is available inside the property box of blocks.
WBFM Receive Quadrature Rate: 250k Audio Decimation: 1
QT GUI Range ID: RF_gain Default Value: 15 Start: 10 Stop: 70 Step: 10
Three steps to radio reception heaven.
QT GUI Range ID: AF_gain Default Value: 100 Start: 0 Stop: 1k Step: 1
Rational Resampler Interpolation: 24 Decimation: 250 Taps: Fractional BW: 0
Multiply Const Constant: 1
Audio Sink Sample Rate: 24KHz
www.linuxformat.com
TUTORIALS Debian for the desktop Credit: https://www.debian.org
DEBIAN
Configure Debian 10 for the desktop Too scared to try Debian? Ken Hough reveals how to install and set up Debian Linux up as a beautiful desktop OS. ebian GNU/Linux, known simply as Debian, is one of the most thoroughly tested and reliable Linux distributions. It can be configured to work as a file server (i.e. without a desktop manager) or as a fully functioning desktop system, including software for office, internet, multimedia, scientific, programming compilers, editors, and lots more. There is very little literature available concerning Debian Linux on the desktop, but it’s not difficult to set up. Complete beginners are advised to read the excellent Linux In Easy Steps by Mike McGrath, which is based on Linux Mint. Linux Mint is built on Ubuntu Linux, which was derived from a development version of Debian. There are many, many distros that have been derived directly or indirectly from Debian. Debian can run on pretty much any modern PC. An old Pentium or Core 2 Duo laptop will do (but will be slow), as will a modern Core i7 PC, or a PC using an AMD processor. Debian includes drivers for most kinds of hardware used in PCs. Most recent main stream Linux distros, including Debian 10, will install with the recent Wayland display server. However, Wayland is incompatible with some older and well-established software (see the boxout on page 72). This article, assumes that Wayland will be disabled on your system.
D
OUR EXPERT Ken Hough began using Linux in 1998 with SuSE v5.2 running on a 486 processor. In 2007 he transferred to Debian Linux.
If this is your first attempt at installing Linux, then try installing onto an old/spare PC to see how it goes and to figure out just what you want Linux to do. If you don’t have a spare PC, then temporarily swap your existing hard drive for a small/spare/ cheap hard drive.
The Debian way Debian produces three versions of its operating systems. Firstly, there is a development version, known as “sid”, which is a first presentation of a new operating system and is for gurus and testers to develop. Eventually, this will be promoted to a “testing” version, which may or may not be worth trying. When the testing version has stabilised, it will be declared to be a “release” version. The present release version is Debian 10, also known as Buster, and was presented in August 2019. The development process might take three years or more. The names of Debian release distros are taken from characters in the Toy Story films, but Debian is a serious operating system. Release versions of Debian have been subjected to long and very rigorous testing. Other Linux distributions that are derived from early testing versions of Debian (for example Ubuntu and Mint) are not subjected to such long-term testing and might still include older software. For example, Linux Mint 19.3 still includes LibreOffice 6.0.7 and GIMP 2.8.22. Debian 10, however, includes LibreOffice 6.1.5 and the very much more advanced GIMP 2.10.8. Release versions of Debian continue to receive software upgrades. Debian’s release distros are
Debian 10 installation menu showing that a BIOS system has been detected.
60 LXF262 May 2020
www.linuxformat.com
TUTORIALS Remote desktop Credit: https://guacamole.apache.org
GUACAMOLE
Pull, configure and run It’s time to clean off your worktop and prepare some delicious Guacamole with the help of Kevin Wittmer. uacamole offers ready-to-run installation packages that are available for Linux distros such as CentOS or Debian. However, the thrust of this article is to illustrate running Guacamole in a Docker container context. Fire up an environment where you have access to the Docker command line and where you feel comfortable to pull and run Docker images. It’s recommended that you evaluate Guacamole in a sandbox that has Docker tooling installed. The Docker command line should have access to the default registry maintained at hub.docker. com. To verify which registry your Docker tooling is pointing to, type this command:
G
OUR EXPERT Kevin Wittmer is a software technologist and IT manager at the BOSCH group. He enjoys Linux and has fond memories of hacking Minix back in the early 1990s. He particularly enjoys coding, with C#.
docker info
Scan the output of this command-line tool for Registry and confirm that this field includes index.docker.io (or possibly a mirror of this registry). The next step is to search for the official Guacamole Docker images using the Docker search command. The search command prints an abbreviated description of the image by default. To receive the full description specify the --no-trunc argument. The search syntax shown below matches various Docker images of Guacamole, including several derivatives. A crude way to filter these results is by stars. docker search --no-trunc --filter stars=25 guacamole The results should include image guacamole/ guacamole and image guacamole/guacd. To download
the Apache Guacamole Proxy image from the Docker Hub registry, execute this command: docker pull guacamole/guacd
The default Url is ‘myhost:8080/ guacamole’. Default login credentials are ‘guacadmin’ for both the user id and password.
64 LXF262 May 2020
docker pull guacamole/guacamole
After downloading has completed, reconfirm by using the Docker images command, and gain a sense of the size of each image. docker images
Scanning the output from this command, you can see that Docker image guacd is approximately 400MB in size, while guacamole is approaching 500MB. As a security precaution, it’s advised to scan Docker images before promoting these beyond any sandbox. Anchore, an open source project that provides a centralised service for inspection, analysis, and certification of container images is one tooling option. In the command example below, the Anchore CLI is used to perform a vulnerability scan on the main Guacamole Docker image. anchore-cli image vuln guacamole/guacamole:latest all
The results of the scan will show critical, high, medium and low vulnerabilities using Common Vulnerabilities and Exposures (CVE) identifiers. The ‘all’ argument includes vulnerabilities at the OS level. Scanning all Docker images deployed is recommend. The docker inspect command gives these results. docker inspect guacamole/guacd
The most telling fields included in the results of the docker inspect command are ExposedPorts, Env and
Cmd. In this instance, ExposedPorts shows the value of
Container – reverse proxy
Container – web app
Container – protocol proxy
nginx lib Linux Base Image
Guacamole WAR
Guacamole proxy
(bundle app + HTML + JavaScript)
FreeRDP lib
Tomcat Base Image
Linux Base Image
Docker Hub Figure 1: Block diagram of Guacamole Docker footprint.
Execute the pull command again but now download the Docker image guacamole/guacamole, as this has the Java and JavaScript bits comprising the Web API and Web UI application layers.
SSH2 lib VNCServer lib Linux Base Image
Server Farm
Docker Host OS
www.linuxformat.com
CODING ACADEMY CODING ACADEMY Lunar Lander
The code
PYTHON
At linuxformat. com/archives and on the DVD!
Coding a Lunar Lander space game in Python Calvin Robinson uses Python to create three examples of the legendary Lunar Lander game – text-based, vector-based and complete with GUI. n this new Python series we’re going to be developing classic video games using contemporary techniques. This issue we’re kicking things off with the legendary Lunar Lander. Lunar Lander games are a genre originating from the original Atari back in 1979, and are one of the oldest video game genres. The player controls a lander spacecraft and attempts to land the spacecraft by controlling the thrusters, while monitoring forces and fuel levels, with the game round ending in either a crash or a successful landing, most commonly the former. Points can be given for time and precision of landing. The game world is black and white with vector graphics, displaying the environment and lander module in a 2D environment. We need to set up measurements for our lander’s fuel levels, speed and altitude. Our player will need a way of controlling the thrusters in upwards and left and right directions to steer the module. Before we program the graphics it’s a good idea to get our head around the maths. For that reason, we’re going to program a text-based Lunar Lander first. Let’s start by setting up some variables for our approach speed, gravity level, amount of fuel, altitude above the surface of the Moon, and initial burn rate.
I
OUR EXPERT Calvin Robinson is a computer science teacher, former deputy headteacher and currently consulting as a subject matter expert for the National Centre for Computing Education.
speed = 30;gravity = 1.622;fuel = 1500;altitude = 1000;burn = 0
Credit to Jason R Briggs for his partial solution for tkinter, and of course to game designers Howard Delman and Rich Moore for the first ever Lunar Lander on the Atari.
An exciting crash in text-based Lunar Lander.
68 LXF262 May 2020
Now we’ll ask the user for burn rates and calculate the speed and altitude accordingly, not forgetting to take into consideration gravity. If our pilot burns all the fuel the rocket will gravitate towards the Moon. while altitude > 0: if speed <= 0: impact = 1000 else: impact = altitude / speed print(“Altitude={:8.3f} Speed={:6.3f} Fuel={:8.3f} Impact={:6.3f} Previous burn={:6.3f}”.format(altitude,sp eed,fuel,impact,burn)) burn = float(input(“Enter an amount of fuel to burn between 0 and 50: “)) if burn < 0: burn = 0 if burn > 50: burn = 50 if burn > fuel: burn = fuel altitude -= speed speed += gravity - burn/10 fuel -= burn Specifying .3f and using .format{} enables us to be
more precise with our output, sticking to three decimal places. Integers provide no decimal places, so they wouldn’t be helpful for this use case, while floats are generally inefficient for this level of calculation. We might see two decimal places for one number and three for another. To avoid inconsistencies we’ll set all printed data to display three numbers after the decimal point. We’re running on a loop to get constant updates from our user and updating the flight information. We also have protections to ensure that the rate of fuel burning can’t exceed the amount of fuel remaining. This loop can conclude with two possible outcomes; either we crash our module or successfully land on the Moon. print(“Altitude={:8.3f} Speed={:6.3f} Fuel={:8.3f} Last burn={:6.3f}”.format(altitude,speed,fuel,burn)) if altitude <- 5 or speed > 5: print(“You have crashed.“) else: print(“You have successfully landed.“)
www.linuxformat.com
CODING ACADEMY Game AI
PYTHON AI
Build a noughts and crosses playing AI
Inspired by WarGames, Andrew Smith avoids thermonuclear war and proposes an AI solution for tic-tac-toe instead. he solution presented in this article was first inspired by the movie WarGames (1983) where strategy games such as poker, backgammon and noughts and crosses were featured in the movie that depicted AI opponents not only playing against human players but also having the ability to figure out how to beat them. The AI opponent built for this project mainly uses the minimax1 AI algorithm to help beat a human opponent. In addition, various YouTube videos were viewed for common implementation techniques and approaches already attempted by others. The aim of this project was to create an AI player that would prove very difficult to beat for a human player even though not completely impossible. In the end, to get this projected to a reasonably completed state, various strategies were implemented so that the AI player was very difficult to beat. In addition to using the minimax algorithm, various scenarios have been considered, such as where the human player would likely start the game from and how that starting position would affect the chances of the AI player winning or losing. We have also considered various aspects that were highlighted in several different YouTube videos on creating a tic-tac-toe game with an AI player using the minimax algorithm.
T
OUR EXPERT Andrew Smith is a software developer at NHS Digital, has a Bachelor’s degree in Software Engineering and an MSc in Computer Networks (Mobile and Distributed).
The source code for this project is located on the LXFDVD called tictactoe.py
From the min to the max The minimax algorithm is an algorithm (you don’t say – Ed) that can be used in turn-based strategy games such
The AI player plots its moved based on the opening move made by the human player.
as chess, draughts or in this case tic-tac-toe. A minimax algorithm can be used to predetermine possible outcomes before or after a move has been taken by a player. A score is given to each predicted outcome, usually a high or low score to identify a winning or losing move respectively. The minimax algorithm can be used to predict at least two move outcomes that may end in a game state (win, lose or draw). The tic-tac-toe game has been set up in a way that allows a human player to play against an AI player, where by default the human player goes first when the program is run/executed. The human player will select their move using a mouse, which will then be displayed on the tic-tac-toe board. After that the AI player will do some processing and then perform its move on the tic‑tac-toe board. This process will continue until there is an end-game state reached, for instance the AI player or human player has won the game or the game has ended in a draw state. The program can be quit at any time by closing the window the game is presented in.
Process of execution The first move of the AI player is dependent on the opening move of the human player. After many testing runs, it was found that the minimax algorithm didn’t have much of an impact on the first two moves of the game – the minimax algorithm is only engaged after the human player undertakes their second move. It was also found that by undertaking this approach, the minimax algorithm didn’t have to do as much processing, as there were fewer possibilities to process. After the first two moves of the game have been taken, the minimax processing algorithm is engaged until an end terminal game state is reached (win, lose or draw). The processing the AI player does can be seen in the console window as shown in the screenshot that’s on page 95: From the processed outcomes of the AI Player, priority is given to outcomes that have a score of -1, then outcomes that have a score of 1, and then lastly outcomes that have a score of 0. The AI player was written to evaluate threats to success first and then evaluate possible advantage/win scenarios after. Even
1) https://en.wikipedia.org/wiki/Minimax 72 LXF262 May 2020
www.linuxformat.com
CODING ACADEMY Debugging
GNU DEBUGGER
Using, configuring, and extending GDB
Andrew Davison describes using the text-based user interface (TUI) of GDB, the GNU debugger for C, and looks at ways to configure and extend it. DB has an undeserving reputation as being complicated to use, mostly because of its oldstyle command-line interface. In fact, there are numerous GUI frontends for the tool, including DDD (www.gnu.org/software/ddd), CGDB (https://github. com/cgdb/cgdb), GDB dashboard (https://github. com/cyrus-and/gdb-dashboard), and gdbgui (www. gdbgui.com). However, its text-based interface (TUI) is built in, simple to use and understand, especially when debugging C code. Faulty code should be compiled by GCC with the necessary flags, and loaded into GDB:
G
OUR EXPERT Andrew Davison is a teacher, author, and programmer who is rekindling his love for UNIX and Linux by hacking with the Raspberry Pi.
gcc -std=c99 -ggdb3 -O0 -o max max.c gdb -tui -q ./max
-ggdb3 makes GCC save the maximum amount of debugging information, while -O0 switches off any optimisations that might affect that data. -std=c99 indicates that the code follows the C99 standard. GDB’s -tui flag switches on the TUI, and -q disables the printing of GDB’s licensing preamble.
The GDB TUI with max.c listed at the top, with the command window beneath. Cursor keys let the user move around in the source code window, while GDB commands are entered in the lower window.
Debugging to the max The code max.c (all the code can be found on the DVD or linuxformat.com/archives) is meant to find the largest integer in an array by calling findMax():
The best online resource for GDB debugging is its website (www.gnu. org/software/ gdb or https:// sourceware. org/gdb), which includes an excellent documentation page with links to a manual (http://bit.ly/ lxf262manual) and a book.
76 LXF262 May 2020
printf(“Array: “); printArr(a, 5); if (findMax(a, 5, max) == -1) printf(“Error\n”); else printf(“Max value: %d\n”, max); return 0;
int findMax(int *arr, int len, int max) { if(!arr || (len <= 0)) return -1; max = arr[0]; for(int i=1; i <= len; i++) { if(max < arr[i]) max = arr[i]; } return 0; } // end of findMax()
int main(void) { int a[5] = {17, 21, 44, 2, 60}; int max = a[0];
}
Note the program contains a printArr() function for printing an array. Neither GCC nor cppcheck found any errors in the code (see the boxout opposite), but the program prints the wrong answer: ./max Array: { 17 21 44 2 60 } Max value: 17
After loading a program into GDB, the usual first step is to sprinkle breakpoints among the code. Execution will stop at these places so you can examine data. A breakpoint is put on line 44 of max.c, so the array can be checked before findMax() is called. It’s visually indicated in the GDB source window by a b+ tag placed
www.linuxformat.com
9000
DOWNLOAD YOUR DVD
On the disc
Get code and DVD images at: www.linuxformat.com /archives
Distros, apps, games, books, miscellany and more… THE ‘OTHER’ GREEN DISTRO
HTTPS://MANJARO.ORG
Manjaro 19.0.1 anjaro continues to be a popular choice for penguinistas – you get all the power of Arch Linux, but with all the home comforts that “easy” distros provide, such as a nice installer, assistance with hardware drivers, and a very nice desktop. The flagship Manjaro edition, the one we’ve provided, uses the Xfce desktop. Manjaro’s take on Xfce (now entirely ported to GTK3) is stylish and lightweight, but if you want something tending towards the hypermodern check out the new KDE Plasma edition. Manjaro uses the graphical Pamac package manager to peruse repos and provide automatic updates. This can be configured to access the Arch User Repository (AUR) from the Preferences page. Bear in mind that AUR packages may not work with Manjaro, as they may use older software than vanilla Arch. During the Calamares install you’ll be asked about office suites. You can have the stalwart and free LibreOffice, or FreeOffice, a proprietary product.
64-bit
M
RING O’ FIRE
There be all manner of fine backgrounds in Manjaro, and we do so enjoy a magical golden sunset here at LXF Towers.
64-bit & 32-bit
WWW.IPFIRE.ORG
IPFire 2.25 Core 141 PFire is one of the finest firewall distros. It’s also very small, so we’ve provided an ISO for 32-bit x86 machines, as well as USB and SD card images for 64-bit PCs and ARM devices. The Raspberry Pi is well supported, so just add a cheap gigabit switch and possibly a USB Ethernet adapter (IPFire requires two network adapters, and you may not want to be restricted to wireless) to make your own mini firewall appliance. You can read more about IPFire in our security feature on page 30. The install takes seconds (if you read the documentation and understand the network topology you’re aiming for) and you’ll be configuring from the web GUI in no time. IPFire designates each network interface (it can handle up to four) a colour, for easier
I
www.techradar.com/pro/linux
management. In the simplest configuration you have a Red network (outside) and a Green network (inside). By default traffic can flow from Green to Red, but not vice versa (unless you explicitly allow it). IPFire also has an Intrusion Detection/ Prevention System (IDS). This can actively detect exploits or leaking data on your network, raising alerts via email. Note there’s no facility for booting the distro from the DVD menu.
IPFire’s Intrusion Detection System is easy to activate, but may challenge early-edition Pis with respect to memory usage.
IMPORTANT NOTICE!
DEFECTIVE DISCS: In the unlikely event of your Linux Format cover disc being defective, please visit our support site at www.linuxformat.com/dvdsupport.
May 2020 LXF262 81