Table of contents for No. 178 in Linux User & Developer

This issue » Ubuntu 17.04 has landed, p18 » New series on Qt5 development, p34 » Encrypt everything, p56 There’s a famous quote from British Prime Minister Harold Wilson: “A week is a long time in politics.” Recently, the same thing could easily apply to Linux and Ubuntu. By the time you read this, we will have seen a massive U-turn in strategy from Canonical, the company that backs Ubuntu. Years of work and millions invested in making Ubuntu and Unity a convergent Linux distribution (unified across devices from phone to desktop) has come to an abrupt halt. We’ve attempted to provide context for what’s happening at the company, particularly the layoffs (see News, p10 and The future of Canonical and Convergence, p30), while devoting 13 pages to the release…

1 Camera Module V2 With a Sony 8-megapixel sensor at its core, the official Camera Module V2 can be used to not only add camera functionality to your Pi, but also video recording elements. In recent times, the module has been customised to work in a whole matter of projects, including a good number of IoT and security-based systems. 2 MTS Smart Power Base If you prefer running your Pi on battery power, then the portable MTS Smart Power Base is essential. This rechargeable battery pack delivers a constant 5VDC power flow, and is sturdy enough to be recharged many times. 3 Alamode Want to run Arduino on your Pi? That’s easy. The Alamode is an Arduino-compatible Raspberry Pi plate, that enables users to enjoy the versatility of Arduino software…

"Can you tell us a little about what the company does? Patrick Carey: Black Duck has been working specifically in the open source ‘enablement space’ since the company was launched in 2004. The premise behind the original company launch was, if you go back to that timeframe, open source was not nearly as widely use for general purpose applications as it is today. It was viewed by many organisations as a niche or experimental. There was a lot of fear and uncertainty with the use of it, with licenses associated with it, with people who weren’t sure about the intellectual property. So the founder of the company [Doug Levin] set off to tackle one of the big problems at the time, which was helping companies get visibility into and understand…

Many common mistakes happen due to the duplication of logic. These are eliminated by unifying around a common codebase. For instance, we had a client that saved significant costs by using the same code on an embedded device and on the server that handled incoming data. Not only was duplication reduced – due to the same algorithms being used on both sides, no Endianness and encoding issues were encountered. In the last few years, we’ve seen the emergence of quite a few cross-platform frameworks: none of them can battle Qt in regard to its popularity and wealth of features. Originally developed as Quasar Toolkit in the 1990s, it's since become a staple of Unix development. We’ve covered Qt before in LU&D, so the beginning of this series on Qt5 development…

There are many kinds of applications that need to be working constantly without the luxury of downtime. One such category is telephony, because there’s an expectation that calls can be made at any time on the mobile network with the smallest amount of downtime. OTP stands for Open Telecom Platform and is Erlang’s collection of open-source libraries and tools that enable developers to create fault-tolerant and highly available applications. In fact, you could easily argue that OTP is the most important and vital part of Erlang. OTP is not about the functionality of your Erlang application, but about what will happen when your application shuts down for any reason. The second important thing to remember is that both the supervisor and the application being supervised must follow certain rules that…

“VeraCrypt’s developers have gone through every concern found in TrueCrypt by the Open Crypto Audit” You turn your back for a moment and your laptop has gone. No worries, it was only £60 on eBay, but what about the saved browser logins for all of your accounts, the confidential client information, and numerous other private documentation you don’t want to find passed around forums for the amusement of strangers? Save potential embarrassment, financial loss and litigation, by ensuring that should your laptop go astray, your important files—and the contents of your entire hard disk—remain unreadable. There are many options to choose from, all with some trade-offs between absolute security, convenience, and plausible deniability. One easy option is to use a tool like TrueCrypt (but not TrueCrypt itself, see box) to…

“Tunnelling through SSH is less risky than using an OpenVPN connection” Sometimes, it can feel like we’re all drowning in an alphabet soup of acronyms, and we glance over similar-sounding terms while no longer really taking them in. If you’re unsure of the differences between OpenSSL, OpenSSH, and even OpenVPN, then this page is for you. What these three standards or technologies have in common is that they are all for securely transmitting data ‘over the wire’ across any network and that includes the internet. OpenSSL implements the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols, which appear in the a web browser URL bar as a padlock, but are also used in everything from VoIP to email. In the case of email they are used after a…

"The print quality isn’t great but it’s cheap and fun for friends" Pierre Muth is a long-time Raspberry Pi tinkerer and engineer, who likes to explore how best to integrate the Pi into everyday items Like it? Raspberry Pi camera projects are plentiful, and there are several we highly recommend you check out. One of the best is the Polatherm, which is one of the first to be based on the thermal printing method: www.dkia.at/en/node/125. Further reading Pierre has taken time to upload everything you could possibly want to know about the project over on his Hackaday page. He provides a tutorial of sorts for you to re-create your own PolaPi Zero: https://hackaday.io/project/19731. Adding printing functions to the case Thanks to the personalised casing, Pierre could simply slide…

"Make your Pi more responsive to people" Why Python? It’s the official language of the Raspberry Pi. Read the docs at python.org/doc. “In a previous issue, we taught the Raspberry Pi to recognise faces, using OpenCV. This month, we're taking this further to teach the Raspberry Pi how to recognise emotional content. To do this, we will look at how to use the Google Cloud Vision API to analyse the images that the Raspberry Pi has taken. This API is free if you are just using it for personal projects, but keep in mind that if you use it for a large number of transactions, you will need to pay based on usage. You start by getting an account set up with Google and creating a file with your authentication…

As more devices, such as the Raspberry Pi Zero, are being used to run data collection, and Raspberry Pi 3s are being used to run containers full of data analysis, the need arises to serve files across a network – and for a local network, FTP will do just fine. You may also need to make start-up files available over TFTP. Either way, a simple server is all that’s needed, and they don’t come much more straightforward than Joachim Nilsson’s Uftpd. The only wrinkle is first having to build the libuEv – a simple event loop – and Libite by running the autogen.sh script to generate a configure file for each one. Afterwards, you will need to follow your distro’s variation for the make steps outlined in the respective readme…

“Use our intuitive ControlPanel to manage your domain name” Featured host: www.thenames.co.uk 0370 321 2027 About us As well as selling domain names at rock-bottom prices, TheNames.co.uk offers great value. cPanel Web Hosting, SSL Certificates, Business Email, WordPress hosting, Cloud and VPS. If you are a reseller, we offer a product portfolio for your customers, a private label website, and an API. What we offer • Free email accounts. Receive two personalised email addresses such as mail@your domain, which come with free fraud, spam and virus protection. • Free DNS management Free lifetime DNS service which allows you to manage your DNS records on our globally distributed and highly redundant DNS infrastructure. • Easy to use Control Panel Use our intuitive Control Panel to manage your domain name, configure…

Valve has been showing Linux users a lot of love for a few years now, but with the recent news that its ready to officially launch its virtual reality service, this partnership shows no signs of slowing down. For Linux developers, Valve has opened up availability of its entire suite of tools, allowing for creation of content for the HTC Vive and associated hardware. In its current state, the program is very much in the beta phase. Currently, access to the core NVIDIA beta driver is available, which acts as a successor to Valve’s OpenGL client. However, it’s important to note that current restrictions do apply. Development support is currently limited to only a few graphical cards, with Intel graphics not supported at all. Limitations to certain programmable headset elements…

"Linus Torvalds announced Linux 4.11-rc5, saying that “things have definitely started to calm down” since the previous few weeks of more frantic activity. This bodes well for the future release of a 4.11 final, which will hopefully be out by the time you read this. The RC5 (Release Candidate) kernel included a fix for a gnarly bug that was hitting a lot of people who rely on virtual machines to test ongoing development kernels. The bug was in virtio_pci driver in guests (specifically in an access to a structure providing information about MSIs – Message Signalled Interrupts). It manifested as an assorted and arbitrary-looking kernel oops (not quite a crash) and worse access violation faults that would crash the system. It was fixed in RC5. Intel FPGA Device Drivers One…

01 Preparing for snap development In order to develop Snaps on your Ubuntu machine, you’ll need to install pre-requisites. If ,you’re running Ubuntu core, you’ll need to effectively install a traditional Ubuntu chroot first, using the command sudo snap install classic --edge --devmode. You’ll then launch the chroot with sudo classic. If you are on a full Ubuntu distro, you need to install the primary dependencies, with ‘sudo apt install snapcraft build-essential’. Snapcraft uses a plugin architecture, hence the build-essential requirement. 02 Create the base snap As we are going to be starting from scratch with creating our snap, we need to create an empty directory for the snap (ideally in a location such as your home directory) and use a simple template as the starting point. In your terminal,…

Being realistic, when working on any Linux distribution (distro) many things can go wrong, and Ubuntu is no exception even if it is the most popular and used by millions. You can face issues while saving a file, mainly because of a lack of disk space, or encounter application crashes because the system is out of memory. The system may fail to boot up in a proper way for various reasons, and you’ll discover that various open source tools can be used to troubleshoot these issues in the Ubuntu distro. But before we can troubleshoot a running Linux system, it’s important to understand how the system boots up. To boot up, a lot of things need to happen in a specific sequence and a Linux distro normally goes through the…

Powered by MySQL is one of the oldest and most recognised open-source relational databases available. This tutorial is about the latest and greatest version of MySQL, version 8. We will start with the history of MySQL, before presenting the latest features of MySQL 8 and discussing whether using it is worth it or not. Then we will present various commands that will enable you to create and administer a MySQL database, create a new user and take a backup. Finally, we will demonstrate how to create handy applications in MySQL 8 using Python, Go and Perl. The reason this tutorial will not deal with PHP is that PHP needs a more complicated development environment in order to properly test how well it operates with MySQL 8, which, in turn, also…

01 Into the crypt… 1.19 is the current release. Click on VeraCrypt Linux Setup on the Downloads page of the VeraCrypt site—https://veracrypt.codeplex.com/ – untar, then run the intaller program (shell and GUI installers are virtually identical in operation): select install, then agree to the (Apache) licence. After being prompted for your password, VeraCrypt quickly installs. 02 Creating containers Take a look at the Accessories menu, where you should find it installed, otherwise type veracrypt at the shell. You’ll be shown a fairly untroubling interface, save for a column labelled ‘slot’. It is these slots that await our encrypted containers. Click ‘Create Volume’, and choose ‘Create an encrypted file container’ at the next screen. The other option is for protecting a whole USB drive. If you do this, pick the correct…

What you’ll need Minecraft http://www.mojang.com/games Python https://www.python.org McPiFoMo http://rogerthat.co.uk/McPiFoMo.rar Sometimes, Minecraft can seem far more than just a game. It’s an incredibly creative tool and with the use of Redstone and Command Blocks you can produce some amazing worlds. We’re taking things a step further by enabling you to plug Python code directly into Minecraft. What you do with it is completely up to your imagination! MCPiPy was developed by ‘fleap’ and ‘bluepillRabbit’ of https://mcpipy.wordpress.com, to connect MineCraft Pi Edition with Python on the Raspberry Pi, using open APIs. However, with the use of Forge we have put together a package that enables the use of Python in retail Minecraft. We’re using Raspberry Jam developed by Alexander Pruss, a Forge mod for Minecraft which implements most of the Raspberry Juice/Pi…

This article uses the generic Google API client Python module to make its requests to the vision service. If you are only going to be using the Google Cloud services, there is a specific Python module that only supports only these services. You can install it using the pip command below: The equivalent to the facial recognition code in the main article would look like the following: The big advantage to these specific Python client modules is that everything is accessible as either a method or a property of the provided classes. So, you can create and image object and call its detect_faces() method to access the Google Cloud service. The returned list contains objects that encapsulate the JSON that we were parsing manually earlier. This makes for much more…

RAM 1GB Storage 30GB HD space Specs 1GHz processor, HD graphics card Manjaro is one of the few rolling release distributions (distros) that caters for nearly all desktop interests. As well as its leading Xfce and KDE versions, the Manjaro team is also behind the development of the i3, Cinnamon, Gnome and LXQt desktop environment variants. All of these different desktops have seen numerous updates with the new Manjaro 17 release. While the sheer choice is reason enough to check it out, we’ll be focusing on the Xfce update, which is considered the most popular desktop in Manjaro’s arsenal. As with most rolling release models, current Manjaro users will find a modified ISO installation image ready to download and apply, with the update process taking just a short amount of…

Free and open source software is becoming the norm in many areas, but you may be surprised to find that this is also the case for financial technology software. (In fact, we’ll be covering the growing use of blockchain technologies in the fintech industry in LU&D178.) Here, open source’s rapid pace of development, new API creation and standards for reporting and data interchange is bolstered by a growing awareness of the benefits of transparency and shared development in an industry traditionally known for secrecy and competitive advantage. If you think applications such as derivatives analysis are a bit niche, consider this: There is a lot of data hidden in plain sight on balance sheets, market reports and end-of-day trading figures. Good journalists and researchers have been combing through such information…

The Linux Foundation has been rapidly acquiring a vast number of diverse projects in recent months, many of which are benefitting from the support of the community that the foundation can offer. The latest to join its ever-expanding list of acquaintances is Intel’s Data Plane Kit. The DPDK was originally created back in 2010, offering users a suite of tools for the efficient transfer of data packets through a series of server infrastructures. Despite open sourcing the project back in 2013, stalling support has seen Intel join the Linux Foundation. Now that DPDK is an official Linux Foundation project, Intel will benefit from both the initial governance and project hosting that falls within the foundation’s umbrella. As proven with other projects, the Linux Foundation can provide legal assistance when required,…

Top 10 This month Downloads are up across the board, with many of the bigger names continuing to open up a gap between some of the lesser names on the list. Highlights Mint Mint’s continued dominance at the top of the list shows no signs of slowing down. Its recent 18th release has proven to be a massive hit, especially helping new users moving across to Linux for the first time. Manjaro We highly praised the recent Manjaro 17 update see (p88), and it’s great to see that many Linux users are also enjoying it. If Mint isn’t for you, this is a good substitute. Zorin Zorin is the only distro sliding down the list this month, with increased competition coming in. We doubt we’ll be seeing it in…

According to anonymous sources that spoke to LU&D, working at Canonical for the last 13 years has been a unique experience: “Most companies purely want to make money,” said one employee. “Whereas I feel, in Canonical it’s been almost like… ‘plaything’ is the wrong word, but it’s kind of like a sandbox of ideas.” That sandbox has lost a lot of its buckets and spades in recent weeks. Hours after Mark Shuttleworth’s surprise blog announcement that Canonical would end “investment in Unity 8, the phone and convergence shell”, a list of about 100 affected employees was circulated around the company. A significant company transformation is now in full swing, focused on streamlining the staff count in each department, cutting projects and products that weren’t profitable in a bid to make…

SPI (Serial Peripheral Interface) is a highly efficient bus that is ideally suited to connecting a limited number of peripherals to process computers while providing very high bandwidth. It’s normally used for accessing storage media and medium-speed ADCs or DACs, but the interface has recently established itself as the preferred choice for a variety of display modules. The ones used in this tutorial have a resolution of 128x64 and can be purchased from AliExpress for a relatively low price – we got ours for less than £5 each from a supplier in China. This compares favourably to HDMI screens for two reasons. First of all, the price is significantly lower. Second, the small physical size and the use of organic LED technology reduces the total power consumption of the process…

The CIA leaks, dubbed Vault 7 by WikiLeaks, have been relentless. It seems likely that by the time you read this that Linux will receive its own tailored bundle of exploits and vulnerabilities. The documents have demonstrated the CIA’s abilities to compromise cars, smart TVs and web browsers, as well as embedded Linux and Android, and the Cisco switches that carry most of the internet’s traffic. The CIA will not be the only actors doing this and given the chances of criminals hoovering up data, it’s more necessary than ever to encrypt sensitive documents. Not all encryption is equal. The ever-increasing power of computers means that what was good enough once now has the potential to be cracked. For example, the SHA-1 hash function and several programs have had weaknesses…

Although most businesses are savvy enough not to put their corporate secrets on the back of a postcard, many businesses do an equivalent act each time they send an unencrypted e-mail. Transport between mail providers is getting better, as Google and others push TLS—the Transport Layer Security cryptographic protocol—use between mail servers. However, once the message reaches Google’s servers, it travels unencrypted and passes through Gmail’s Machine Learning and AI to learn more about you, so Google can more effectively ‘monetise’ each user, primarily through throwing advertisements at you. If you’d rather keep your messages private, you need to encrypt them before they leave your computer and travel to your mail provider. GPG uses the OpenPGP standard, which is designed to work with Phil Zimmermann’s original Pretty Good Privacy (PGP)…

If all of this seems like a lot of work, despite the gradual but continuous improvements in free and open source solutions, we can only point out that if you take privacy for granted, then you very likely don’t have it any more, and it’s only by the active participation of motivated citizens that we’ll see a roll-back of the erosions of data privacy by corporations and governments across the internet. Where should you start? Setting up a Virtual Private Network requires infrastructure or at least an account with a commercial VPN provider, but if you frequently use coffee shops or other insecure Wi-Fi networks, it might be more a matter of a security imperative. If you deal with sensitive data for whatever reason, you certainly owe it to your…

What you’ll need Raspberry Pi 3 8GB SD card Xbox 360 controller Oculus Rift Developer Kit (optional) Virtual Reality is huge now and has come a long way since the concepts and CGI visuals of Stephen King’s Lawnmower Man. It is one of the fastest growing areas of technology and you can now design models, explore new places and play games all within a virtual environment. A professional VR hardware package is expensive and will set you back several hundred pounds. However, it’s possible to emulate the VR setup up using a Raspberry Pi, Python-VRZero and a 3D graphics module, Pi3D. Now, this is purely for fun and learning, so don’t expect huge gaming PC frame rates, although some of the demos do peak at around 25-30 FPS on a…

When Sekkoïa released the strategy board game Blokus in 2000, made by Bernard Tavitian, it rapidly became a family favourite. The board game involves placing polyominoes on a square board (or a hexagon, in the version using triangular pieces) until no-one else can place a piece. It combines simple rules with subtle strategy and has captured the imagination of many board game fans to the extent that there are pages devoted purely to strategy tips. If you need an AI opponent, then there are plenty of free software implementations of the game, but Pentobi stands out as a polished version with the best AI we’ve seen so far. Installation is easy enough, with cmake replacing the ./configure step before make and sudo make install. As dependencies are restricted to half…

Instead of encrypting a file and trying to remember to remove the unencrypted original, why not write it in an editor that never writes your information to disk unencrypted? Notebook-PEA (PEA stands for Password Encryption Archives) is a simple rich text editor which uses authenticated encryption to protect your jottings. The key derivation function used for password hashing is the highly regarded Catena-Dragonfly, which was highly commended in the Password Hashing Competition used to find a better standard algorithm for password hashing. Add in the Bruce Schneier-designed Threefish cipher, and the Blake2b hash function, and there’s a lot of top-notch security options to protect your sensitive documents, secret love letters or whatever else you don’t want leaked onto the internet. You may need to edit the included unix_start.sh to get…