Inhaltsverzeichnis für No. 176 in Linux User & Developer

This issue » Take control of containers » 35 essential Linux fixes » Restrict untrusted software with Firejail » Run a VPN through your Pi Welcome to the latest issue of Linux User & Developer, the UK and America’s favourite Linux and open source magazine. Have you joined the container revolution yet? Whether you’re a developer looking for a complete runtime environment, a sysadmin looking for secure, locked down infrastructure or you simply want to explore the latest development in computing, our feature on p18 will explain everything you need to know, from the principles of containerisation to the key tools and how to use them. Also this issue, discover how to solve 35 of the most annoying Linux problems that you could encounter. Whether you’re new to Linux or…

Finding an accessible way to successfully run Windows apps on Linux was for a long time a pretty thankless task. WINE, however, looked to turn the whole process on its head. It offered users a relatively easy way to run the Windows API on top of a Linux-based OS. Early versions were ropey, with bugs galore and questionable usability at times. It also suffered from limited availability outside of Debian and Ubuntu-based distributions, but that has also thankfully changed. Thanks to a wave of interest in the community, the latest version of WINE, 2.0 to be exact, is now available for download. At the core of the latest update are improvements to the stability of running thousands of Windows programs on your Linux desktop. There’s more than 60 key bug…

Top 10 This month Downloads are generally up this month, with Mint extending its lead at the top of the distro food chain. It’s also great to see some emerging distros make their way into the top ten. Highlights Linux Mint Mint is growing at a rapid pace, so much so that it’s hard to keep up with it! Its recent 18.1 update has been widely praised by the community, primarily for the amount of changes that have been introduced. If you haven’t checked it out already, make sure you do soon. Solus Solus keeps climbing up the board of top downloads, and it’s easy to see why. Touted as being one of the best distros for low-resource machines, Solus prides itself on its ease-of-use and beautiful design. elementaryOS We…

“A container holds an application and everything needed to run it, bundled into a single package” Containers offer a solution to the problem of software portability, i.e. how to get it to run reliably when moving from one computing environment to another. Software development is a lengthy process and needs several iterations of testing and development before it can be termed production-ready. This will usually involve working in numerous different environments – from a developer’s PC to a test environment, from staging to production, and from a physical machine in a data centre to a virtual machine in the cloud. A container holds an application, along with all its dependencies, libraries and other binaries, plus the configuration files needed to run it, bundled into a single package. By containerising the…

Docker has features that make the sandboxing environment abstract. It abstracts the specifics of the underlying host, without needing to rewrite the application and without excessive performance overheads. These features were integrated into a unified low-level component called runC. Later, Docker Inc made runC as a standalone tool. runC is a lightweight, portable container runtime. It has all the plumbing code that is used by Docker to interact with container-related system features. It is designed for security and scalability and is independent of the rest of the Docker platform. It has native support for security features available in Linux – SELinux, Apparmor, seccomp, control groups, capability drop, pivot_root, uid/gid dropping and more. runC has portable performance profiles, contributed by Google engineers. The Open Container Project, under the auspices of the…

Resources Firejail firejail.wordpress.com The internet is the biggest source of knowledge out there and is widely used to share information, but it is also the biggest source of malware, spyware and several other types of viruses. This makes the internet a very interesting, yet difficult place to be in. You need to be careful of unverified (and sometimes even verified) software that you download from the internet, the sites you visit, the email attachments you open and so on. This can be difficult to do for anyone, whether they are from a technical background or not. While nothing can replace being alert to the dangers to system security, there are tools that can help you sandbox the applications you run. This way you can be sure that an application downloaded…

What you’ll need • Raspberry Pi with Wi-Fi support • Ethernet cable • An active VPN subscription that supports OpenVPN • Secondary device such as a laptop to test your AP works Anyone who has been abroad will know it’s a constant pain to have to deal with content that has been switched to the local language, not to mention certain states that censor some internet content. Fortunately there’s a way to evade these restrictions using the Raspberry Pi. In a few simple steps you can configure your Pi to generate its own wireless AP (Access Point) and keep it permanently connected to a VPN (Virtual Private Network) service. All you need to do when travelling is bring your Pi and connect it to a working router and you’ll have…

Welcome to the Linux User & Developer DVD. This issue, discover some of the essential tools you need to take control of containers. From must-have FOSS like Docker to lightweight distros designed to help you work with containers or run on minimal and bare-metal systems, you’ll find everything you need to get started. You can even create and manage containers on Windows-based systems too! Featured software: Docker Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. Find out more about how you can use Docker and take advantage of its complete containerisation package in our complete guide on p18. rkt by CoreOS rkt is the next-generation container…

1 deepin Arguably deepin’s biggest selling point is its self-developed desktop environment, DDE. While based on the Qt 5 toolkit, DDE can be customised to suit the needs of the user, without proving to be a burden on your hardware. Make sure you also take a look at all the home-grown applications it offers, including the fantastic DMusic and DPlayer apps. 2 Tails If security is important to you, then Tails should be your first distro of choice. It uses a clever Incognito mode, which helps you bypass internet traffic and makes tracking you only a faint possibility. 3 antiX While not as well-known as the others on this list, antiX shouldn’t be discarded. It’s primarily built for older hardware, but still provides a fully functional OS for both newcomers…

Towards the end of 2016, the Linux Mint Project unveiled the Cinnamon and MATE versions of the amazing Linux Mint 18.1 OS. The public response has been fantastic, especially due to the long term support plans put in place by the development team, with work on the 18.1 update expected to continue well into 2021. While the unveiling of the Xfce and KDE editions won’t be a surprise, the changes involved are great to see. The Xfce version in particular is based on the latest 4.12 desktop environment, equipped with a wide range of XApps, including the likes of Xplayer, Xreader and Xed to name just a few. On the other side, the KDE version uses the Plasma 5.8.5 desktop environment, and includes a wide range of improvements to various…

“Where did the original idea for Blynk first stem from? I first started tinkering with microcomputers four years ago and I was blown away with how quickly you can start prototyping physical interactive objects these days. Having a background in user experience and design, I quickly realised that I needed some sort of a visual interface to control my projects, but I was frustrated to discover that there is no easy way to do that. So, you just got your first LED blinking (by making baby steps in coding) and then you realise that you need to learn PHP, Xcode, Android and all the other things. Not to mention that most of the tools in this space were made by developers and for developers. This is where I decided to…

Resources OpenWRT openwrt.org The end of the last tutorial on OpenWRT was somewhat discouraging: as the OpenWRT team did not populate many of the packages, our experiments on the Raspberry Pi were severely limited due to the lack of available products. Fortunately, solving this problem is not particularly difficult. OpenWRT, after all, is but another version of Linux – when this tutorial’s author was a young cadet, compiling your own kernel was a badge of honour for every professional user. When this is done, the amount of software available to our OpenWRT build is limited only by our imagination and the memory of the target device. The following guide will show you how to create your own OpenWRT image for Raspberry Pi process computers. Be aware that this operation is…

Resources An installation of Erlang A text editor such as Emacs or vi No programming language can be considered important if it cannot deal with text and binary files, because you can’t develop practical system tools without reading data from existing files or storing your data to files. As a result, the subject of this tutorial will be the use of Erlang to process files and directories, which also includes Erlang functions that allow you to find information about files. The next Erlang tutorial will talk about network programming in Erlang, which is also a very significant and essential task, so keep reading and write as much Erlang code as possible. About file I/O File operations are a critical part of systems programming and as such they must be reliable…

“Making is learning. Building your own projects allows you to innovate” Like it? John can boast a pretty incredible portfolio of work, much of which he goes into detail in over on his site at switchdoc.com. Make sure you take a look at the site’s tutorial section, which is packed with tips and tricks for beginner and advanced Pi projects alike. Further reading The entire process of the SmartPlantPi is fairly complex, and if our brief overview here isn’t enough, then make sure you head across to the switchdoc.com website where a full rundown is available. OLED display All the monitoring of the Smart Plant is done centrally through the OLED display located at the top of the unit. It can be used for monitoring watering progress and all relevant…

“The main utility in Anaconda is the conda packaging system” Why Python? It’s the official language of the Raspberry Pi. Read the docs at python.org/doc “Python has always been the language of choice for projects on the Raspberry Pi. There are several reasons for this, but we won't dive into the history here. As a consequence of this decision, there are many Python modules available as packages within the Raspbian package repository. You can trust that these have been compiled to run on the ARM processor and that they have been tested and are therefore safe to use. But not all Python modules are available this way. For the missing modules, the intention is that you could use pip to install them yourself on your Raspberry Pi. While this works…

You may have run cat /proc/cpuinfo when you weren’t sure of the processor(s) on a machine you were logged into, particularly before downloading software compiled for particular chips. It tells you what you need, but there are other occasions where you’ll want to know the complete output of the CPUID information that the manufacturer has put onto the chip. Cpuid is a useful little command line utility for getting that information, and dumping it out to the command line. Pages of it. There’s also an option to dump the raw hex info, and the author of the utility is always pleased to get output in this form to help further debug and update cpuid. Updates are regular, bringing in new chip families, and fixing bugs – usually reflecting bugs in…

We’re being spoilt with the amount of release candidates coming from Linus Torvalds in recent weeks. The latest announcement coming from Linux HQ shows off the new release candidate in the 4.10 kernel series. In an official post, Linus Torvalds has said: “Things seem to be calming down a bit, and everything looks nominal. There’s only been about 250 changes (not counting merges) in the last week, and the diffstat touches less than 300 files (with drivers and architecture updates being the bulk, but there’s tooling and networking too).” While most of the latest release candidate is a refinement of current driver improvements, more surprising is the disclosed information about future updates. Included in the official announcement, Torvalds has also revealed plans for a regular release schedule for Linux 4.10,…

“Linus Torvalds announced a rare eighth release candidate of Linux 4.10. This wasn’t due to massive instability in 4.10, but rather as a consequence of timing. Many of us (including Linus) in the Linux community were, at the time, in Tahoe, California for the annual Linux Foundation Open Source Leadership Summit (OSLS, formerly known as Collab Summit). Had the 4.10 final been released that week, it would have immediately opened the merge window for many thousands of patches destined to land in 4.11. Although he has juggled travel with managing a merge window before, Linus “prefers not to”, and who are we to blame him? It is worth noting that a couple of minor bugs have been reported against 4.10-rc8, including one nfsd warning splat that Dave Jones reported (and…

rkt was started by CoreOS as an alternative to Docker. It is an implementation of the app container (appc) specification, and the project was initially called Rocket. rkt was developed as a standalone tool that lives outside CoreOS and is supported on Ubuntu, RHEL, CentOS and other major distros. rkt is composable. It also has crypto primitives for strong trust, image auditing and application identity, making it secure. It can download, cryptographically verify and run application container images. It is not designed to run full system containers, but instead individual applications such as web apps, databases or caches. rkt enables deployments to private environments without the requirement of a registry. Discovery of container images is simple and facilitated by a federated namespace and distributed retrieval. The format and runtime is…

Resources Ubuntu ubuntu.com Apache apache.org MySQL mysql.com PHP secure.php.net Let’s Encrypt letsencrypt.org certbot-auto github.com/certbot/ certbot Cloudflare cloudflare.com phpMyAdmin phpmyadmin.net Webmin webmin.com Webmin Authentic Theme github.com/qooob/ authentic-theme MySQL tuner mysqltuner.pl Apache2 tuner apache2buddy.pl Percona percona.com Statistics show that Linux powers around 67 per cent of all web servers, despite having much lower penetration on the desktop. There are lots of reasons for this – for hobbyists the OS is free, for corporations it’s powerful yet lightweight (particularly compared to Windows servers) and there is a vast range of software that’s ready to deploy on the OS. The most common use case for Linux web servers is a LAMP stack – meaning Linux (OS), Apache (web server), MySQL (database) and PHP (scripting language). With just these four elements installed, it’s easy to…

Resources System admin topics bit.ly/2jn1syX A step-by-step approach to understanding the Ubuntu Linux system bit.ly/2kjCe42 Basic Ubuntu server administration bit.ly/2kGsler Ubuntu server guide (PDF) bit.ly/18NkP9K When we set up a Linux system to act as a server, we need to focus on several tasks. As the name implies, servers exist to serve. The data that they serve can include webpages, files, database information and so on. From a server administration perspective, there are some typical challenges to your system administration skills. The first is remote access. In the majority of cases, administration will be carried out using remote access tools. Since graphical interfaces may not be available, you need to depend solely on command-line tools to carry out various tasks such as remote login, remote copying and remote execution. The…

What you’ll need • Pimoroni Blinkt! Pimoroni has created an awesome ‘super-bright RGB LED indicator’ that is ideal for adding visual notifications to your Raspberry Pi without breaking the bank! The Blinkt! offers eight APA102 pixels in the smallest (and cheapest) form factor to plug straight into your Raspberry Pi 3/2/B+/A+/Zero. This tutorial walks you through how to install the Blinkt! and the required Python libraries and modules. Next, create and try out some simple code to control the lights and change the colours and the brightness of the LEDs. Finally, combine these skills together to code an LED colour generator that selects a random LED and a random RGB colour value for the range of eight lights. This creates a psychedelic disco-light setup. 01 Install the Blinkt! The guys…

While the conda system is a very powerful tool in simplifying the management of environments and Python modules, it isn’t the only one available. As mentioned in the main article, there is the python-env module available to do the same basic task. You can install it with the command: It will also install a number of dependencies. The main command is called virtualenv. With it, you can create new environments, manage them and even delete unneeded ones. To create a new environment, you can use the following command: This will create a new subdirectory, named deathstar, within the current directory. It then makes a copy of the core of a Python environment, including Python itself and setup tools like pip. There is also a set of management scripts available within…

Available from aryalinux.org Specs 20GB HD space 1GHz CPU 32-bit platform When it comes to low-resource machines, finding a distribution that functions well is a surprisingly difficult task. Namely due to the constraints they tend to include, but also the omissions normally in abundance. For a long time, Puppy Linux was regarded as arguably the best low-resource distribution available, but that’s somewhat changed in recent times. One of the fast-rising distributions of choice is AryaLinux. Based on the popular LFS (Linux From Scratch), AryaLinux is celebrating its 2017 update, and with some fanfare, we should add. One of the pleasures of Arya has always been its simplistic installation system, which remains a focal point of the latest build. Thanks largely to user feedback, slowdown issues found in previous versions have…

OCaml in the browser: powerful, expressive, typesafe code Perhaps you’ve come to OCaml through its relative SML, and the wonderful University of Washington MOOC on programming languages; perhaps through curiosity about F#’s parent, or maybe a search for statically typed languages that compile to JavaScript. Perhaps this is the first time you’ve looked at it. However you’ve got here, welcome to strong, static typing and a great reduction in runtime errors. Install OCaml from your operating system’s packaging manager and you’ll get the OPAM package manager, from which will grab you all of the dependencies. However, Js_of_ocaml is a component of the Ocsigen web application framework and will give you Js_of_ocaml within a wider group of packages. The website features API documentation and a tutorial on working with Ocsigen. Using…

“Having your own dedicated server will give you maximum performance; our UK servers typically include same-day activation” Featured host:   www.cyberhostpro.com 0845 527 9345 About us Cyber Host Pro are committed to provide the best cloud server hosting in the UK; we are obsessed with automation and have been since our doors opened 15 years ago! We’ve grown year on year and love our solid growing customer base who trust us to keep their business’s cloud online! If you’re looking for a hosting provider who will provide you with the quality you need to help your business grow then contact us to see how we can help you and your business! We’ve got a vast range of hosting solutions including reseller hosting and server products for all business sizes. What…