RRAASSPPBBEERRRRYY PPII MMOODDEELL BB++ Full review and FAQ inside • PLUS 2244 ppaaggeess ooff PPii www.linuxuser.co.uk L IN U X U S E R & D E V E L O P E R IS S U 4 DISTROS E 1 4 3 LIVE-BOOTING DVD 10 INSPIRING Rise of Linux – a hacker’s RASPBERRY PI history PROJECTS 1 0 IN S P IR IN G R » A TTTiiimmmeee---lllaaapppssseee cccaaammmeeerrraaa ||| AAAiiirrrPPPiii ||| RRReeetttrrrooo aaarrrcccaaadddeee S P B E R R Y P I P R O J E C T S AAAAuuuuttttoooommmmaaaatttteeee yyyyoooouuuurrrr DDDrrrooopppbbboooxxx bbbaaaccckkkuuupppsss BBuuiilldd aa PPyytthhoonn ssccrriipptt ttoo ttrraacckk cchhaannggeess aanndd bbaacckk uupp 5 S Expert tutorials U FFFFIIIIRRRREEEEFFFFOOOOXXXX OOOSSS L P » Write shell scripts » Upgrade your TTIIPPSS && TTRRIICCKKSS » Code Android apps ownCloud setup w » Improve web » PPlloott sscciieennttiififi cc ddaattaa w MMoozziillllaa sshhaarreess iittss bbeesstt w app security wwiitthh NNuummPPyy .lin aaddvviiccee ffoorr ddeevveellooppeerrss u x u Network managers BBaannaannaa PPii ser.c Four of the best network utilities SSuucccceessssoorr ttoo tthhee ISSUEIS 1S4N 32041-3270 £54.939> o .u k go head-to-head in our group test Raspberry Pi? 9 772041 327002 001_LUD143_Final.indd 1 05/08/2014 18:13 Can you volunteer for Code Club? Code Club is a nationwide network of volunteer-led after school coding clubs for children aged 9-11. We need people who know how to program computers to volunteer to run a club at their local primary school, library or community centre for an hour a week. We create the projects for our volunteers to teach, the projects we make teach children how to program by showing them how to make computer games, animations and websites. Get involved, let’s teach the next generation to code! Visit www.codeclub.org.uk to ind out more Full Page.indd 1 04/08/2014 14:39 Welcome Get to issue 143 of Linux User & Developer Linux User This issue cheaper … Rob Zwetsloot studied aerospace engineering, using Python to model complex every issue simulations. After striking an s undisclosed deal with the sentient » Code Android GUIs Page 24 Makeblock tank, Rob’s video player t was returned to him and he began » Improve web app security r working on his next Pi-powered e projects (page 50). Arduino-powered » Automate Dropbox with Python Robot-chan was not amused. p » Reviewed: Raspberry Pi Model B+ Richard Smedley started using computers long x before WYSIWYG and still maintains e that the command line, and Emacs, Welcome to the latest edition of Linux User & is the most productive working Developer, the UK and America’s favourite Linux x environment. This month Richard continues his shell scripting series, and open source magazine. u this time looking at prototyping With the release of the new Model B+ back in July programs through the example of a n simple FizzBuzz game (page 26). (see pages 70 and 82 for more on this), it seems that all eyes have turned to the Raspberry Pi again. We’re Li Nitish Tiwari is a software developer by seeing more and more Pi clones emerging too, and profession and an open source enthusiast by heart. As well as some of them are actually pretty good, like the Banana Pi we f writing for leading open source o review over on page 80. So, naturally, we felt that it’s about magazines, he helps fi rms set up and use open source software for time for another swathe of Raspberry Pi projects for you. This m their business needs. This issue he time we based them on ideas that you can combine into more explains OWASP practices (page 30) and the new ownCloud 7 (page 34). complex projects if you fancy it, like turning a private cloud a into a private cloud-based media streamer. Grab your Pi and e Mihalis Tsoukalos is a UNIX system administrator with expertise in turn to page 50 to get started. t programming, databases and Also this month, Richard Hillesley goes right back to the maths. He has been using Linux r since 1993. Mihalis shows us how early days of Linux (when it was just an announcement on a u to perform scientific computing message board) to illuminate its storied history and show us and mathematical operations this o month, with the help of NumPy, the origin of the inquisitive spirit that’s currently embodied by Y SciPy and Matplotlib (page 38). the Pi community – it’s a fascinating read (page 18). Jon Masters is a Linux kernel hacker who has We have another round of great tutorials for you, as well. been working on Linux for some This month we take a look at scientifi c computing in Python, 18 years, since he fi rst attended creating Android and Firefox OS apps, automating Dropbox, university at the age of 13. Jon lives in Cambridge, Massachusetts, upgrading a private cloud setup and more. Enjoy the issue. and works for a large enterprise Gavin Thomas, Deputy Editor Linux vendor. You can fi nd his brilliant Kernel Column on pages 12-13 this month. Get in touch with the team: Gareth Halfacree is our resident news reporter and brings us the latest developments from all over the [email protected] open source world, starting on page 6. Over on page 80, Gareth reviews the new Banana Pi Buy online and asks whether it’s a worthy Facebook: Twitter: successor to the Raspberry Pi. Linux User & Developer @linuxusermag Visit us online for more news, opinion, tutorials and reviews: www.linuxuser.co.uk 3Issue 143 003_LUD_143.indd 3 07/08/2014 21:55 Contents Subscribe & save! 24 Save up to 50% UonS tchues stohmope rpsr ice. pcaagne s 7u9bscribe via 50 10 Inspiring Raspberry Pi Projects Build a media caster, a secure web station, AirPi and more OpenSource Tutorials Reviews 06 News 26 Write useful shell scripts – part 2 75 BSesot fntewtwoarkr emanagers T he biggest stories from the Prototype programs for any language group test open source world 30 Improve web app security with Which tool is best for handling your 10 Opinion Columns OWASP coding tips day-to-day network connections? Expert views on open Boost security without slowing development source and free software 34 Upgrade your private cloud 12 Kernel Column with ownCloud 7 The latest on the Linux Keep a cloud server inside your own home Ifconfig GNOME Network Kernel with Jon Masters 38 Scientific computing with NumPy 94 Letters Perform powerful calculations with the help Your views on the magazine of NumPy, SciPy and Matplotlib and the open source scene Network Tools Wicd 42 Sync files to Dropbox with Python Features Automate your backups using a script 80 Banana Pi 14 Firefox OS app 46 Design advanced user interfaces Just another clone or a worthy development for Android successor to the Raspberry Pi? Create, edit and test web The final tutorial in our Android coding series 82 Raspberry Pi Model B+ apps in the Firefox browser OOnn yyoouurr ffrreeee ddiisscc What’s new with the Model B+ 18 Rise of Linux aaannnddd iiisss iiittt wwwooorrrttthhh uuupppgggrrraaadddiiinnnggg yyyeeettt??? How Linux was created – 96 Cover disc and how it almost wasn’t Four of the latest distros 50 10 Inspiring Raspberry for you to try out Pi Projects on this issue’s DVD Get creative with this month’s CentOS 7 Pi-powered inventions Ubuntu 14.0.4.1 Tails 1.1 88 Q & A GParted Live Your questions answered Join us online for more Linux news, opinion and reviews www.lliinnuuxxuusseerr...cccooo...uuukkk 4www.linuxuser.co.uk 004_LUD_143.indd 4 07/08/2014 21:56 fullpg.indd 1 05/08/2014 10:37 06 News | 10 Opinion | 94 Letters ■ The world’s fastest computers, including this IBM Blue Gene cluster, are almost exclusively Linux-based LINUX Linux dominates TOP500 supercomputing Powers 97% of high-performance systems GNU/Linux has retained its position as the most popular operating system for high- T op 10 Maximum performance computing (HPC), according to the achieved Power most recent TOP500 survey results. Cores (TFlops/s) (kW) Published twice a year, the TOP500 List 1. Tianhe-2 (MilkyWay-2), China 3,120,000 33,863 17,808 records the 500 most powerful supercomputer systems in the world. This year’s list shows a 2. Titan, USA 560,640 17,590 8,209 continued dependence on Linux variants, with 3. Sequoia, USA 1,572,864 17,173 7,890 an impressive 486 of the 500 computers listed using a Linux variant – including the world’s 4. K computer, Japan 705,024 10,510 12,660 fastest supercomputer, China’s Tianhe-2 5. Mira, USA 786,432 8,587 3,945 (MilkyWay-2), and a mixed-platform Blue Gene system in Saudi Arabia which couples SUSE 6. Piz Daint, Switzerland 115,984 6,271 2,325 Linux Enterprise Server 9 with IBM’s Compute 7. Stampede, USA 462,462 5,168 4,510 Node Kernel (CNK). The remaining systems in the latest TOP500 8. Juqueen, Germany 458,752 5,009 2,301 list use Unix (12 systems), with Microsoft’s 9. Vulcan, USA 393,216 4,293 1,972 proprietary Windows platform running on only two – one of which, at position 433, is the 10. [Incognito], USA 225,984 3,144 Unknown company’s own Azure cloud computing platform. 6www.linuxuser.co.uk 006-009_LUD143 .indd 6 07/08/2014 21:57 News The latest in the Linux community OPEN SOURCE SECURITY DISTRO Google Launches VolksPC Project Zero merges Debian with Android Aims to boost web security for all ARM focus for MicroXwin team’s new distro The team behind MicroXwin has announced a new distribution which aims to make Debian a more tempting proposition for ARM-based devices by adding in support for native execution of Android applications. The team’s distribution, based on Debian Wheezy compiled for ARM with hard-float support, will come with several Debian Advertising giant Google has announced This, Evans explained, includes locating and packages pre-installed including the kernel- the foundation of Project Zero, a security reporting vulnerabilities, researching mitigations, based MicroXwin implementation and an XFCE programme that the company hopes will help exploitations, doing formal program analysis desktop. Its biggest feature over stock Debian increase the safety of the web – and, crucially, and “anything else our researchers decide is a is the ability to run Android applications direct consumer confidence in that safety in the worthwhile investment.” from the Google Play market. wake of highly publicised vulnerabilities like The results of Project Zero will initially be shared The team has announced plans to OpenSSL’s Heartbleed. only with the software vendor or open source produce hardware under the VolksPC brand “You should be able to use the web without development team, in an example of responsible with the distribution pre-loaded. A desktop fear that a criminal or state-sponsored actor is disclosure. When a patch has been issued or system based on a low-cost Rockchip exploiting software bugs to infect your computer, accepted for a particular vulnerability, the report RK3066 dual-core 1.4GHz ARM processor steal secrets or monitor your communications,” will be made public along with statistics such and 1GB of RAM has been confi rmed, with claimed Google security researcher Chris Evans as vendor-time-to-fix performance and copies plans for a future tablet with keyboard dock in the Project Zero launch announcement. “Yet of historical exploitation information and crash should the initial device prove successful. in sophisticated attacks, we see the use of traces. “We also commit to sending bug reports to The VolksPC hardware has not yet been ‘zero-day’ vulnerabilities to target, for example, vendors in as close to real-time as possible,” added given a price, and the VolksPC software is human rights activists or to conduct industrial Evans, “and to working with them to get fixes to not yet available for public download. No espionage. This needs to stop. We think more can users in a reasonable time.” time-frame has been offered for either by be done to tackle this problem. Project Zero is our Google has indicated that it is still actively the developers. contribution, to start the ball rolling.” hiring team members, with one of the fi rst Similar to the Linux Foundation’s Core confi rmed Project Zero staffers named as George Infrastructure Initiative, in which resources and Hotz. Better known by the handle ‘geohot,’ Hotz funding are applied to selected open-source made a name for himself with the development projects to improve their security, Project Zero of ‘jailbreak’ exploits for the Apple iPhone and the differs with a signifi cantly wider focus. “We’re not Sony PlayStation 3. placing any particular bounds on this project and “We believe that most security researchers will work to improve the security of any software do what they do because they love what they do. depended upon by large numbers of people, What we offer that we think is new is a place to paying careful attention to the techniques, do what you love—but in the open and without targets and motivations of attackers,” Evans distraction,” Evans concluded. “We’ll also be explained. looking at ways to involve the wider community, The programme will see a “new, well-staffed such as extensions of our popular reward team” employed by Google spend the entirety initiatives and guest blog posts.” ■ The hybrid OS for ARM of their working day on investigating ways to “You should be able to use the web without devices will run Debian Linux improve the security of internet-facing software. fear,” Evans asserted. and Android side-by-side 7www.linuxuser.co.uk 006-009_LUD143 .indd 7 07/08/2014 21:57 OpenSource Your source of Linux news and views www.linuxuser.co.uk Email us directly… For the latest news and views [email protected] MALWARE SECURITY Mayhem malware Zero-day vulnerabilities spotted in the wild found in Tails ‘Restricted privileges offer little protection’ Tails, the privacy-enhancing Linux A new malware package, dubbed Mayhem, has control server to begin attempts to brute-force distribution favoured by whistleblower been spotted in the wild on Linux web servers administrative logins to public-facing WordPress Edward Snowden, has been found to have and other *nix-based systems, providing installations. The nature of the malware would several major security vulnerabilities, its creators with remote control in a similar allow it to be used for other purposes, however. according to a report by cash-for-bugs fi rm fashion to Windows-based ‘botnets.’ “We can confi dently say that botnets made Exodus Intelligence. According to an analysis of the malware by up of *nix web servers are becoming more and Details of the precise vulnerabilities have Yandex employees Andrew Kovalev, Konstantin more popular as a modern trend in malware,” been provided by the company to the Tails Otrashkevich and Evgeny Sidorov published in the team claimed. “Web servers have good project, which has stated that it will be Virus Bulletin, Mayhem is capable of running uptime, network channels and are more addressing them as soon as possible. In the on a system even under restricted privileges. powerful than ordinary personal computers. In meantime, Exodus Intelligence has indicated It is dropped via a malicious PHP script and the *nix world, autoupdate technologies aren’t that it will be selling vulnerability details has been found on systems worldwide, with widely used, especially in comparison with to its customers – likely to include, among the biggest numbers of infections found in desktops and smartphones. [Additionally,] the others, the US National Security Agency. the USA, Russia, Germany and Canada and use of anti-virus technologies isn’t widespread. The vulnerabilities have been fi xed smaller pockets of infection in the UK, Europe A lot of vendors don’t offer any proactive defence upstream in the Invisible Internet Project and Australia. or process memory checking modules.” (I2P), but at the time of writing the Tails Its primary use appears to be to create a With a surprisingly high infection rate, web team had not announced a timescale for a botnet of infected systems, which are then admins are advised to check their systems for fi xed release. sent the command from a command and the presence of the Mayhem malware. MAGAZINE Entire world illustrated How It Works team launch travel-sized magazine Setting its sights on nothing less than the reinventing the partwork for the modern age. complete illustration of the world – or at Not only that, each issue of How It Works least, all the exciting bits that fascinate both Illustrated will look at a single, high-interest kids and grown-ups – the team behind the topic in depth, such as Ancient Rome or award-winning How It Works, All About Space, dinosaurs. Collect the whole series and you’ll World of Animals and All About History have have an illustrated guide to the entire world. launched a brand new magazine. Grab the fi rst issue – ‘History of the World’ – Travel-sized, packed full of gorgeous artwork from our store: bit.ly/UI44WS. To make sure and also supporting Key Stage 2 learning, the you don’t miss a single issue, subscribe new How It Works Illustrated launched on 31 now and save up to 50%: July for just £6.99. This 132-page magazine is bit.ly/1pG4DsR. not only bursting at the seams with premium illustration and educational content, but is also shaking up the newsstand with a refreshing blast from the past and a new strategy. How It Works Illustrated is uniquely designed to be a collectible publication, 8www.linuxuser.co.uk 006-009_LUD143 .indd 8 07/08/2014 21:57 News The latest in the Linux community OPEN SOURCE NEW RELEASE OpenWRT gets native IPv6 Barrier Breaker release includes shiny new features Popular embedded distribution OpenWRT has announced a new release which adds fully native support for the Internet Protocol version 6 (IPv6) via DHCP for the first time. ■ OpenWRT is frequently used as a replacement OS for off-the-shelf routers Commonly used to replace the stock software on off-the-shelf router hardware, previous features include source-constrained routing, networks using the HNCP standard. A new OpenWRT packages have been slowly introducing router advertisements, and multihoming with package feed has also been created, due to support for IPv6, starting with the ability to route local prefi x allocations. organisers’ displeasure with the quality of IPv6 traffi c over more common IPv4 connections. Additional tweaks in the latest release existing feeds. Dubbed ‘Barrier Breaker,’ OpenWRT 14.07 include better wireless confi guration through The Barrier Breaker release uses the 3.10 enhances the IPv6 stack with the introduction netifd, support for dynamic fi rewall rules and Linux kernel, with the project leaders stating their of DHCPv6, allowing an OpenWRT-based router zones, a UCI data validation layer, fi lesystem intentions to release a Chaos Calmer build before to receive both IPv4 and IPv6 addresses from tweaks including snapshots and rollbacks, the end of the year with either 3.14 or a newer a wide-area network provider. Additional new and draft support for self-managing home long-term support (LTS) kernel version. NEW RELEASE GIVE YOUR DATABASE AN EFF launches router OS INFORMATION IMPORT. Privacy-focused package unveiled at HOPE X The Electronic Frontier Foundation has released what it describes as a “hacker alpha” of its planned operating system for routers, part of the privacy group’s Open Wireless Movement. Linux-based, the Open Wireless Router software has been developed in conjunction with Fight for the Future, Mozilla, Free Press and other privacy advocate groups with the view of providing a simple and easy-to-use means for internet users to help increase their privacy. The software will, in its fi nal stages, include bandwidth-controlled public and encrypted private wireless networks, offer anonymisation and encryption features, be hardened against attack and feature an auto-update mechanism over a secured connection. fcuonuTcphtleieo dnE aFwliFtity h af oltsrho er e pdbruaocnmedidsw eildas ttehtn occ oyin nicntlr uotdilmse eoa-nsd evtnahsneict iepvdeu banlpicep tlwniceoatrtwkio onqrsku. eTsuihdiniesg,, oLfe CPaoodnsiftneggrr eeSnsp cOoenp seonr ipsu bhloicp euds et ow iethnocuotu trhagee n euesde rfso rt oa noeptewno rtkh ekier yi notre orntheet rc aountnheecnttiiocnasti otno SECPHTI C1A7G-1O9 measures. Building on the CeroWRT project, the early-version alpha currently supports only the Netgear WNDR3800 router. “This release WWee''llll sshhaarree oouurr kknnoowwlleeddggee ttoo iimmpprroovvee yyoouurrss.. is a work in progress,” the team behind it warned at the unveiling, “and is intended only for developers and people willing to deal with the 100% of our clients rate our PostgreSQL bleeding edge.” training courses as excellent. Book your place and gain access to unrivalled knowledge of the core code. +44 (0)870 766 7756 2ndquadrant.com/knowledge 006-009_LUD143 .indd 9 07/08/2014 21:57 OpenSource Your source of Linux news and views the free SOftware cOLumn Sense of community While companies are keen to profit from free and open source software, Richard isn’t sure they are looking closely at what makes communities work The nature and effect of copyleft was promise of Unix without the waste of resources important both to the success of GNU/Linux and that ensued from the countless incompatible its adoption by the former Unix companies, who and proprietary variants of Unix. had had their ingers burnt with the fracturing of The contribution of the GPL and copyleft to Unix and open standards during the Eighties and this success isn’t always given due recognition, Nineties. If they had learnt anything from the Unix and there are reasons for this. Companies are wars, it was that proprietary operating systems, still looking for ways that they can monetise the even if they are your own, cost money and create contributions of others without giving back the hurdles for other parts of your business. Unix had code, so tend to promote ‘open source’ or ideas been touted as the universal operating system, such as ‘open core’ or copyright assignment, and each of the Unix companies poured huge hoping to win the participation of developers resources into developing proprietary versions of without the obligation to return their changes the same operating system at the expense of the – often so that subsets of the code can be hardware, services and userland software that submerged into proprietary offerings. richard hillesley writes were their core business. Advocates of ‘open source’ in industry too about art, music, digital The arrival of GNU/Linux opened up new often dismiss copyleft as an unnecessary rights, Linux and free software for a variety possibilities. GNU/Linux was ‘owned’ by embellishment, or ind a way to subvert its of publications everybody and was licensed under the GPL. original purpose, but projects do not thrive Once more than one Unix company had formed when there are ambivalences and ambiguities as richard Stallman is careful to explain, open a commitment to Linux it became obvious that around the leadership and ownership of the source and free software are two very different there was a mutual advantage in contributing code, as was illustrated by the fallout among the concepts (www.gnu.org/philosophy/open- back to the project, and they did. The framework various projects that Oracle inherited from Sun source-misses-the-point.html). While the that made this possible was the GPL. Microsystems. Similarly, devices such as dual ‘Open Source Initiative’ began as a marketing The GPL protected the code against forks, licensing, copyright assignment and Community exercise in 1998 to sell free software to corporate and encouraged commoditisation, and Licence Agreements (CLAs), which subvert the enterprises, and open source advocates tended commoditisation reduced costs and beneitted common purpose of developers, can strip away to claim it for themselves, the success of free and everybody. A more permissive licence wouldn’t the clarity of a project’s purpose and act as a open source software in the corporate world was have given this protection and, inevitably, forks disincentive to the sense of community that is guaranteed by the rise of GNU/Linux, licensed would have ensued. The release of core chunks of the lifeblood of an ‘open source’ project. under a copyleft licence. corporate code accelerated the development of The Linux ‘community’ of the Nineties, and Free software can be described as ‘open Linux and ensured its success in the enterprise, offshoots like Debian, grew around a piece source’, and much open source software is enhanced by its portability across a wide range of software and a licence that promoted also ‘free software’, but these terms are not of hardware. Dozens of companies contributed reciprocity. They were almost entirely voluntary interchangeable. What distinguishes free to the Linux kernel and gained access to the and spontaneous. The software and the licence software from ‘open source’ is the concept of the beneits of the contributions of all the others. were the glue. The sense of community and Four Freedoms and the notion of copyleft (read This effect has made it possible to port fun, and the ensuing feeling that anything was more at www.gnu.org/philosophy/free-sw.html). anything to anything at a vastly reduced cost, possible, were the drivers. It is perhaps a shame Copyleft licences, such as the GPL, allow third because the costs are shared. Portability may that while companies are keen to proit from parties to take the code, repackage it, and pass or may not have been a factor in the original free and open source software, they do not it on in any form they wish, but ensure reciprocity adoption of GNU/Linux, but has worked to the always look more closely at what makes these by obliging those who distribute the code to pass long term advantage of its many participants, communities work. on any changes under the same licence, thus and free and open source software has grown preventing forks and preserving the free and in popularity as a result, with some beneicial open source nature of the code. consequences. GNU/Linux has fulilled the 10www.linuxuser.co.uk 010-011_LUD143.indd 10 07/08/2014 21:57