Be Social

Follow

Hot Products

Shopping cart

 x 

Cart empty

Linux Journal

Articles in Linux Journal cover the range from desktop how-tos to kernel hacking, always balanced to give both newcomers and long-term Linux users maximum enjoyment. See our Web site for an author's guide and list of upcoming topics and deadlines: http://linuxjournal.com/author/index.

  1. Cookies That Go the Other Way

    cookies

    The web—or at least the one we know today—got off on the wrong hoofs. Specifically, I mean with client-server, a distributed application structure that shouldn't subordinate one party to an other, but ended up doing exactly that, which is why the web today looks like this:

    Clients come to servers for the milk of HTML, and get cookies as well.

    The original cookie allowed the server to remember the client when it showed up again. Later the cookie would remember other stuff: for example, that the client was a known customer with a shopping cart.

    Cookies also came to remember fancier things, such as that a client has agreed to the server's terms of use.

    In the last decade, cookies also arrived from third parties, some for site analytics but mostly so clients could be spied on as they went about their business elsewhere on the web. The original purpose was so those clients could be given "relevant" and "interest-based" advertising. What matters is that it was still spying and a breach of personal privacy, no matter how well its perpetrators rationalize it. Simply put, websites and advertisers' interests end at a browser's front door. (Bonus link: The Castle Doctrine.)

    Thanks to the EU's General Data Protection Regulation (GDPR), which comes into full force this Friday, that kind of spying is starting to look illegal. (Though loopholes will be found.) Since there is a world of fear about that, 99.x% of GDPR coverage is about how the new regulation affects the sites and services, and what they can do to avoid risking massive fines for doing what many (or most) of them shouldn't have been doing in the first place.

    But the problem remains structural. As long as we're just "users" and "consumers," we're stuck as calves.

    But we don't have to be. The web's underlying protocol, HTTP, is distributed and collaborative. It doesn't say we need to be subordinate to websites, always consenting to those sites' terms and policies. It doesn't even say we have to be calves to the websites' cows. Consent can go the other way.

    And so can cookies. So let's bake some.

  2. VMware Announces OpenStack 5, Tesla Releases Some Source Code, KDE's Plasma 5.13 Beta and More

    News briefs for May 21, 2018.

    VMware today announced its new OpenStack 5. According to the press release, "VMware Integrated OpenStack 5 will be one of the first commercial OpenStack distributions to comply with the OpenStack Foundation's 2018.02 interoperability guidelines. An active member of the OpenStack community, VMware packages, tests, and supports all major components of the distribution, including the full open source OpenStack code in a multi-cloud architecture."

    Tesla has released some of the source code for its in-car tech. Engadget reports that the company "has posted the source code for both the material that builds the Autopilot system image as well as the kernels for the Autopilot boards and the NVIDIA Tegra-based infotainment system used in the Model S and Model X."

    KDE's Plasma team released Plasma 5.13 beta late last week: "We have spent the last four months optimising startup and minimising memory usage, yielding faster time-to-desktop, better runtime performance and less memory consumption. Basic features like panel popups were optimised to make sure they run smoothly even on the lowest-end hardware. Our design teams have not rested either, producing beautiful new integrated lock and login screen graphics."

    The Linux 4.18 kernel will have the Steam Controller driver that will work without needing the Steam client or other third-party applications. Phoronix reports that "HID subsystem maintainer Jiri Kosina has now queued this Valve Steam Controller driver into his HID-next tree for Linux 4.18. This HID driver will expose the Steam Controller as a virtual mouse, virtual keyboard, and custom HID device(s). In turn this should allow the Steam Controller to work happily with any Linux application."

    SoftMaker recently released SoftMaker FreeOffice 2018, the newest version of its free software. SoftMaker says "with FreeOffice 2018 you can not only open, but also save documents in the Microsoft file formats DOCX, XLSX and PPTX. Share files directly with Microsoft Office users, without having to export them first!" Note that although it is free to download and use, FreeOffice is not open source.

    WordPress recently announced its latest release, 4.9.6, which is a privacy and maintenance release intended to help users be GDPR-compliant. The WordPress blog notes "We're committed to supporting site owners around the world in their work to comply with this important law. As part of that effort, we've added a number of new privacy features in this release."

  3. Nextcloud 13: How to Get Started and Why You Should

    Nextcloud could be the first step toward replacing proprietary services like Dropbox and Skype.

    In its simplest form, the Nextcloud server is "just" a personal, free software alternative to services like Dropbox or iCloud. You can set it up so your files are always accessible via the internet, from wherever you are, and share them with your friends. However, Nextcloud can do so much more.

    In this article, I first describe what the Nextcloud server is and how to install and set it up on GNU/Linux systems. Then I explain how to configure the optional Nextcloud features, which may be the first steps toward making Nextcloud the shell of a complete replacement for many proprietary platforms existing today, such as Dropbox, Facebook and Skype.

    Figure 1. A safe home for all your data that all your devices can reach—that's what Nextcloud wants to be.

    Why Nextcloud and Not ownCloud?

    Nextcloud, whose version 13 was released in February 2018, was spun off the popular ownCloud project in 2016, out of licensing and other disagreements. See the Resources section for some of the most complete feature-by-feature comparisons between Nextcloud and ownCloud. The most basic capabilities are still almost identical, two years after the fork. Some of the functions described here, however, are easier to integrate in Nextcloud than in its ancestor. In addition, my personal reasons for recommending Nextcloud over ownCloud are the following:

    • Licensing and pricing policies: all the official components of Nextcloud are both free as in freedom and as in free beer. You pay only for support and update services. That's not the case with ownCloud.
    • Long-term roadmap: at the moment, ownCloud seems to be more focused on corporate customers and more relevant for investors, while Nextcloud seems to be more focused on extending "direct" user-to-user communication and cooperation features.

    Figure 2. The Original Nextcloud/ownCloud Functions: File and Picture Storage, Dropbox-Style

    A Word on Security

    Several good reasons to choose Nextcloud as the online home for your own files and data are related to security. I don't cover them in detail in this introductory article, but I want to mention at least some of them.

    Nextcloud refuses continuous (that is, malicious) attempts to authenticate from any computer, except those whose IP addresses are included in "brute-force IP whitelists". (Of course, the best possible whitelist you can configure is an empty one.)

  4. Weekend Reading: Backups

    backup!

    Public Service Announcement: please do a backup if you haven't in awhile. This weekend we feature articles varying from scary backup stories to how-to safeguard your data with encrypted backup solutions. 

     

    Scary Backup Stories

    by Paul Barry

    Backups. We all know the importance of making a backup of our most important systems. Unfortunately, some of us also know that realizing the importance of performing backups often is a lesson learned the hard way. Everyone has their scary backup stories. Here are mine.

     

    Reliable, Inexpensive RAID Backup

    by Brian C. Lane

    As a topic, backups is one of those subject likely to elicit as many answers as people you ask about it. It is as personal a choice as your desktop configuration or your operating system. So in this article I am not even going to attempt to cover all the options. Instead I describe the methods I use for building a reliable, useful backup system. This solution is not the right answer for everyone, but it works well for my situation.

     

    LVM and Removable IDE Drives Backup System

    by Mike Fogarty

    When the company I work for, a civil engineering and surveying firm, decided to move all its AutoCad drawings onto a central fileserver, we were presented with a backup situation orders of magnitude larger than anything we had confronted before. We had at that time (now considerably larger) about 120,000 files, totaling 200GB, that were in active change and needed to be backed up at least daily.

    My first thoughts were of some sort of tape backup system, but as I began to research them, I was shocked at the prices I encountered. A tape autoloader large enough to contain our filesystem ran about $12,000 and a 40Gig tape was $89. When I first convinced my boss to let me run Linux on our servers, cheap was a big selling point. So, what are the alternatives?

     

    Backup and Update

    by Shawn Powers

    In this video, editor Shawn Powers shows us how to do a basic backup in Linux. Or as he puts it, a public service announcement to please do a backup if you haven't in awhile!

     

     

     

  5. Caption This: May Winner

    Drawing of an Alexa plugged in to a hamburger

    Winner: Is this what my cardiologist means by I need an echo?

    —Tom Dison, twitter.com/fretinator

    Second Place: USBurger

    —Greg Charnock, twitter.com/gregcharnock7

    Third Place: "Alexa, where's the beef?"

    —Jack, via comment on https://www.linuxjournal.com

    Each month, we provide a cartoon in need of a caption—check https://www.linuxjournal.com for the next one. You submit your caption in the comments on the site or via Twitter, we choose three finalists, and readers vote for their favorite. See the June issue for the next winner.

  6. Purism's New Purekey OpenPGP Security Token, Windows 10 Now Includes OpenSSH, Vim 8.1 Released and More

    News briefs for May 18, 2018.

    Purism, maker of the security-focused Librem laptops, announced yesterday it has partnered with Nitrokey to create Purekey, "Purism's own OpenPGP security token designed to integrate with its hardware and software. Purekey embodies Purism's mission to make security and cryptography accessible where its customers hold the keys to their own security." You can purchase a Purekey by itself or as an add-on with a laptop order. According to Purism's CSO Kyle Rankin, "By keeping your encryption keys on a Purekey instead of on a hard drive, your keys never leave the tamper-proof hardware. This not only makes your keys more secure from attackers, it makes using your keys on multiple devices more convenient."

    The latest update of Windows 10 includes OpenSSH. ZDNet reports this has been in the works since 2015 due to user requests. Also, third-party SSH clients like Putty no longer will be necessary to connect to a system with SSH.

    Vim 8.1 is now available. The major new feature of this release is that you now can run a terminal in a Vim window, which allows you to do things like run a command (like make) while editing in other windows or "use the new terminal debugger plugin for debugging inside Vim".

    0 A.D., the "open-source ancient warfare game", has a new release, Alpha 23. Phoronix reports that this "RTS game in its latest alpha release features a new civilization, new models, improved AI behavior, a mod downloader, new random maps, and other changes to enhance the game-play for this game that's been open-source for nearly a decade."

    Valve launched the Steam Link App for Android devices yesterday. The app "allows gamers to experience their Steam library of games on their Android (phone, tablet, and TV) devices while connected to the same 5Ghz network or wired Ethernet as their Steam gaming computer (PC, Linux, Mac)". You can get the app here. (Source: Phoronix.)

  7. AsteroidOS 1.0 Released, Net Neutrality Update, Qt 3D Studio 2.0 Beta Now Available and More

    News briefs for May 17, 2018.

    AsteroidOS 1.0 is now available. Released yesterday, the open-source operating system for smartwatches is finally available after four years in the works. As posted on the AsteroidOS website, "AsteroidOS is built on standard Linux technologies including OpenEmbedded, opkg, Wayland, Qt5, systemd, BlueZ, and PulseAudio. This makes it the ideal platform to build any sort of wearable project you can imagine. Do you want to run Docker on your watch? AsteroidOS can do it. Do you want to run Quake on your watch? AsteroidOS can do that too. The sky is really the limit! Our community welcomes anyone interested in playing with a smartwatch project."

    Yesterday the Senate voted to reverse the net neutrality repeal. As reported by Ars Technica and elsewhere, if the Congressional Review Act "is approved by the House and signed by President Trump, Internet service providers would have to continue following rules that prohibit blocking, throttling, and paid prioritization." If Congress doesn't act, the net neutrality rules expire on June 11.

    Qt 3D Studio 2.0 beta was released yesterday. This release includes a new runtime and viewer application, improved data input, editor improvements and more.

    Have a release party for openSUSE Leap 15. See the openSUSE page for how you can help the community spread the word, and see the Launch Party Wiki to sign up and add your party to the map. openSUSE Leap 15 launches May 25, 2018.

    Linspire Server 2018 was released this week. Linspire Server is based on Ubuntu Server 16.04 and is intended for small to medium-size businesses and schools. It is fee to download and use under a self-support license.

  8. Generating Good Passwords, Part I

    Dave starts a new method for generating secure passwords with the help of 1Password.

    A while back I shared a script concept that would let you enter a proposed password for an account and evaluate whether it was very good (well, maybe "secure" would be a better word to describe the set of tests to ensure that the proposed password included uppercase, lowercase, a digit and a punctuation symbol to make it more unguessable).

    Since then, however, I've really been trying personally to move beyond mnemonic passwords of any sort to those that look more like gobbledygook. You know what I mean—passwords like fRz3li,4qDP? that turn out to be essentially random and, therefore, impossible to crack using any sort of dictionary attack.

    Aiding me with this is the terrific password manager 1Password. You can learn more about it here, but the key feature I'm using is a combination of having it securely store my passwords for hundreds of websites and having a simple and straightforward password generator feature (Figure 1).

    Figure 1. 1Password Password Generation System

    If I'm working on the command line, however, why pop out to the program to get a good password? Instead, a script can do the same thing, particularly if I again tap into the useful $RANDOM shortcut for generating random numbers.

    Generating Secure Passwords

    The easiest way to fulfill this task is to have a general-purpose approach to generating a random element from a specific set of possibilities. So, a random uppercase letter might be generated like this:

    
    uppers="ABCDEFGHIJKLMNOPQRSTUVWXYZ"
    
    letter=${uppers:$(( $RANDOM % 26 )):1}
    
    

    The basic notational convention used here is the super handy Bash shell variable slicing syntax of:

    
    ${variable:startpoint:charcount}
    
    

    To get the first character only of a variable, for example, you can simply reference it as:

    
    ${variable:1:1}
    
    

    That's easy enough. Instead of a fixed reference number, however, I'm using $(( $RANDOM % 26 )) as a way to generate a value between 0–25 that's different each time.

    Add strings that contain all the major character classes you seek and you've got a good start:

    
    lowers="abcdefghijklmnopqrstuvwxyz"
    digits="0123456789"
    punct="()./?;:[{]}|=+-_*&^%$#@!~"  # skip quotes
    
    

    To get even fancier, there's another notation ${#variable} that returns the number of characters in a variable, so the following shows that there are 24 characters in that particular string:

  9. Thunderbird and the Recent #EFAIL Vulnerability, Fedora Urges Users to Update DHCP Packages, Kernel Updates and More

    News briefs for May 16, 2018.

    Mozilla has come out discouraging folks from disabling encryption within the Thunderbird email client regarding the recent #EFAIL vulnerability. Mozilla is also providing notes on how to best protect yourself.

    The Fedora team is pushing its users to update their DHCP packages addressing a recently discovered flaw (CVE-2018-1111). Fixes are available for versions 26, 27, 28 and Rawhide.

    Yesterday, Canonical released an official statement regarding the malware discovered in the Ubuntu Snap Store, stating how this always was going to be a challenge since launch and how the company is now committing itself to better security and trust of the published applications.

    Earlier this morning, the kernel development team pushed the following updates: 4.16.9, 4.14.41, 4.9.100, 4.4.132 and 3.18.109. See the Linux Kernel Archives website for more information.

  10. Speeding Up Netfilter (by Avoiding Netfilter)

    Imre Palik tried to speed up some of Linux's networking code but was met with stubborn opposition. Essentially, he wanted networking packets to bypass the netfilter code unless absolutely necessary. Netfilter, he said, was designed for flexibility at the expense of speed. According to his tests, bypassing it could speed up the system by as much as 15%.

    Netfilter is a piece of infrastructure that gives users a tremendous amount of power and flexibility in processing and restricting networking traffic. Imre's idea was that if the user didn't want to filter network packets, the netfilter code shouldn't even be traversed. He therefore wanted to let users disable netfilter for any given firewall that didn't need it.

    There was some initial interest and also some questions about how he'd calculated his 15% speed increase. Florian Westphal tried to reason out where the speedup might have come from. But David S. Miller put his foot down, saying that any speedup estimates were just guesses until they were properly analyzed via perf.

    David absolutely refused to apply networking patches without a more reliable indication that they would improve the situation.

    Imre explained his testing methods and asserted that they seemed sound to him. But Pablo Neira Ayuso felt that Imre's approach was too haphazard. He said there needed to be a more generic way to do that sort of testing.

    David was completely unsatisfied by Imre's tests. Instead of trying to work around netfilter, even in cases where there were no actual filters configured, he said, the proper solution was to speed up netfilter so it wouldn't be necessary to bypass it. David said, "We need to find a clean and generic way to make the netfilter hooks as cheap as possible when netfilter rules are not in use."

    David Woodhouse, on the other hand, felt that a 15% speedup was a 15% speedup, and we shouldn't look a gift horse in the mouth.

    But, David M stood firm. The netfilter hooks were the fundamental issue, he said, and "I definitely would rather see the fundamental issue addressed rather than poking at it randomly with knobs for this case and that."

    David W and others started hunting around for ways to satisfy David M without actually recoding the netfilter hooks. David W suggested having the hooks disable themselves automatically if they detected that they wouldn't be useful.