grouptest: top backup tools www.linuxuser.co.uk The essenTial magazine foR the GNU GeNeRatioN NetWoRK iN-depth GUide to Qubes os seRval pRoject life-saving disaster the most secure distro in the world response networks expeRt pi pRojects > pycli: Build a pi controller > piserver: Manage many pis iNteRvieW paGes of fixing complexity GUides Puppet’s plan to simplify the toolchain for DevOps > python: parallel programming > security tools: Build an arsenal > Ubuntu server: lockdown linux NReawck Neett rruulnense!r R programming primer also iNside » Pi rocket panel SMmaakret yaonudr sdnreaapmpy with a Make beautiful data simulations » Kernel update cpursotgormam Pmlaisnmg ala dnegsukatgoep with this matrix-based language » GNU Make tips The magazine for The GNU GeNerATION Welcome Future PLC Quay House, The Ambury, Bath BA1 1UA Editorial Editor Chris Thornett [email protected] 01202 442244 Designer Rosie Webber Production Editor Ed Ricketts Editor in Chief, Tech Graham Barlow Senior Art Editor Jo Gulliver to issue 189 of Linux User & Developer Contributors Joey Bernard, Neil Bothwick, Christian Cawley, Alex Cox, Nate Drake, John Gowers, Toni Castillo Girona, Jon Masters, Paul O’Brien, Arsenijs Picugins, Calvin Robinson, In this issue Mayank Sharma All copyrights and trademarks are recognised and respected. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. » Build the Perfect Network, p18 Advertising Media packs are available on request » Qubes OS from Scratch, p60 Commercial Director Clare Dove [email protected] Advertising Director Richard Hemmings » Saving Lives with Mesh, p34 %[email protected] 01225 687615 Account Director Andrew Tilbury %and01re2w2.5ti [email protected] Welcome to the UK and North America’s Account Director Crispin Moller %[email protected] favourite Linux and FOSS magazine. 01225 687335 Somewhat appropriately, I experienced an International Linux User & Developer is available for licensing. Contact the earthquake while writing up this month’s International department to discuss partnership opportunities International Licensing Director Matt Ellis inspiring open source piece on open source mesh [email protected] networks being used for disaster relief (p34). Subscriptions Email enquiries [email protected] Fortunately, it was only 4.3 on the Richter Scale. UK orderline & enquiries 0888 888 8888 But this month there are plenty of other things Overseas order line and enquiries +44 (0)8888 888888 Online orders & enquiries www.myfavouritemagazines.co.uk to get excited about as we devote 14 pages to Head of subscriptions Sharon Todd setting up a network suitable for advanced home Circulation Head of Newstrade Tim Mathers or small-business use (p18). Production If security and privacy are more your concern, you’ll enjoy our Head of Production US & UK Mark Constance Production Project Manager Clare Scott guide to building Qubes OS from scratch, with its bare-metal Advertising Production Manager Joanne Crosby Digital Editions Controller Jason Hudson hypervisor-based compartmentalisation measures (p60). Production Manager Nola Cokely Meanwhile, in tutorials we have a standalone primer on the Management Managing Director Aaron Asadi wonders of statistical programming with R; server hardening with Editorial Director Paul Newman Art & Design Director Ross Andrews Nate Drake; and in Pi tutorials we have ‘Mr. ZeroPhone’ himself, Head of Art & Design Rodney Dive Commercial Finance Director Dan Jotcham Arsenijs Picugins, with a guide to monitoring your Pi’s system Printed by parameters with a press of button with pyLCI. Enjoy! Wyndeham Peterborough, Storey’s Bar Road, Peterborough, Cambridgeshire, PE1 5YS Chris Thornett, Editor Distributed by Marketforce, 5 Churchill Place, Canary Wharf, London, E14 5HU www.marketforce.co.uk Tel: 0203 787 9001 ISSN 2041-3270 We are committed to only using magazine paper which is derived from responsibly managed, certified forestry and chlorine-free manufacture. The paper in this magazine COmpeTITION was sourced and produced from sustainable managed forests, conforming to strict environmental and socioeconomic standards. The manufacturing paper mill holds full Write to us and win an FSC (Forest Stewardship Council) certification and accreditation All contents © 2018 Future Publishing Limited or published under licence. All rights reserved. No part of this magazine may be used, stored, transmitted or reproduced in iStorage datAshur pro! any way without the prior written permission of the publisher. Future Publishing Limited (company number 2008885) is registered in England and Wales. Registered office: Quay House, The Ambury, Bath BA1 1UA. All information contained in this publication is for information only and is, as far as we are aware, correct at the time of going [email protected] to press. Future cannot accept any responsibility for errors or inaccuracies in such information. You are advised to contact manufacturers and retailers directly with regard to the price of products/services referred to in this publication. Apps and websites Twitter: Facebook: mentioned in this publication are not under our control. We are not responsible for their contents or any other changes or updates to them. This magazine is fully independent @linuxusermag facebook.com/LinuxUserUK and not affiliated in any way with the companies mentioned herein. If you submit material to us, you warrant that you own the material and/or have the FIND mOre DeTAILS ON pAGe 11 necessary rights/permissions to supply the material and you automatically grant Future and its licensees a licence to publish your submission in whole or in part in any/ all issues and/or editions of publications, in any format published worldwide and on associated websites, social media channels and associated products. Any material you submit is sent at your own risk and, although every care is taken, neither Future nor its For the best subscription deal head to: employees, agents, subcontractors or licensees shall be liable for loss or damage. We assume all unsolicited material is for publication unless otherwise stated, and reserve the right to edit, amend, adapt all submissions. myfavouritemagazines.co.uk/sublud Save up to 20% on print subs! See page 30 for details Future plc is a public Chief executive Zillah Byng-Thorne company quoted on the Non-executive chairman Peter Allen London Stock Exchange Chief financial officer Penny Ladkin-Brand (symbol: FUTR) www.futureplc.com Tel +44 (0)1225 442 244 www.linuxuser.co.uk 3 Contents 18 60 cOver FeaTure NeTWOrK 46 OpenSource Features Tutorials 06 News 18 Build the Perfect Network 38 Essential Linux: GNU Make Wayland woes and Wine updated Are your systems and file management How best to deal with multiple getting out of hand? It might be time to directories when building a project 10 Letters create your own network. Neil Bothwick Tell us what you really think looks at what you need to set up an 42 Security: an InfoSec arsenal advanced home or small business network Build your own collection of essential 12 Interview – from determining its best topology and security tools for penetration testing Config management business Puppet setting up basic services, to automating on its plans to make DevOps simpler administration and providing good wireless 46 Server hardening coverage without compromising on security Lock down your Linux server from 16 Kernel Column unwanted attention with this guide 4 .16 is approaching – Jon Masters 60 Qubes OS From Scratch reveals what will be in it Qubes OS is touted by its developers as 50 Python: Dask ‘a reasonably secure’ operating system Meet the tool that can take a lot of the InspireOS but in reality, the distribution offers huge pain out of parallel programming benefits over standard distros from a security perspective – provided you’re 54 R: statistical programming 34 The Serval Project willing to put in a little bit of effort. Discover Learn how to analyse data and Founder Dr Paul Gardner-Stephen on how to install, configure and use this hyper- perform simulations using this matrix- saving lives with mesh telephony secure OS to keep your data safe based language 4 Issue 189 March 2018 facebook.com/LinuxUserUK 94 Free downloads Twitter: @linuxusermag We’ve uploaded a host of new free and open source software this month 86 72 74 76 88 Practical Pi reviews Back page 72 Pi Project 81 Group test: backup tools 96 Top open source projects As a child, rick Perotti always wanted Backing up can be a drudge, but these What projects are tickling developers’ his own retro rocket ship panel. As an tools promise to make the process fancies this month? adult, he spent 14 months in spare simpler. Which of them does it best? time building one based around the Pi – and here he explains exactly how he 86 FRITZ!Box 7590 did it with the help of a laser cutter A do-it-all router with a wacky name and even wackier design, but can it 74 Create a PiServer network justify its hefty price? The Pi Foundation’s latest tool is a godsend for anyone who wants to 88 Netrunner Rolling 2018.01 create a network of Pis. Discover how Another day, another Arch-based to use it with our guide KDE distribution – except this one has a few tricks up it sleeve 76 Control your Pi with pyLCI SuBScrIBe TODaY pyCLI is a simple hardware interface 90 Fresh FOSS which you can use with a character We take a look at QupZilla 2.2.5, a web Save up to 20% when you display and buttons to control your Pi’s browser; the ExifTool 10.77 metadata subscribe! Turn to page 32 for basic functions – and even monitor its modifier; youtube-dl for downloading more information uptime and CPU at a glance web video; and BallRoomDJ www.linuxuser.co.uk 5 06News & Opinion | 10Letters | 12Interview | 16 Kernel Column UbUntU Ubuntu: Wayland dropped as default With complaints over stability and screen sharing in Wayland, it seems X.Org’s just better suited for the job Forthcoming Ubuntu release 18.04 LtS Explaining the first two, Cooke observed performance in terms of frame rate, textures ‘bionic beaver’ will abandon the Wayland that while the Wayland/GNOME plan is to and so on. The solution to this problem is to display server and revert to X.Org, it has use Pipewire for screen sharing, further switch to X.Org and use proprietary drivers. been announced. A blog post from Ubuntu development is required. “Until that happens, But it’s not the end for Wayland, Cooke desktop engineering manager Will Cooke Xorg [sic] is necessary for people who need added. “There are two solutions to this revealed that both the traditional X.Org screen sharing features,” he wrote. problem when using Wayland: make sure graphics stack and the Wayland-based With regards to recoverability, and the the shell doesn’t crash or change the stack will be included. However, in a massive fact that a GNOME Shell crash can “end your architecture. Both of these are work[s] in reversal, it was underlined that X.Org will be whole session, killing running applications progress and we continue to contribute to the default – for several reasons. and returning you to the login screen,” he this work upstream. GNOME Shell 4 will bring Bearing in mind that the LTS has a five- clarified: “When using Xorg, the shell can a new architecture… In short, we remain year support life, and therefore needs to be restart independently of the display server committed to GNOME and the GNOME stack working out of the box, Cooke cited three key and running applications. This means that and will continue to actively contribute to deciders: screen sharing on services such once the shell is restarted, you can pretty Wayland by adding features and fixing bugs.” as WebRTC, Google Hangouts and Skype; much pick up your session from where you As Cooke noted: “ […] the Ubuntu remote desktop with RDP and VNC; and left off, with your applications still running.” experience needs to be stable and provide recovery from shell crashes. These all work There is also some question over the the features [users] have come to expect better with X.Org than with Wayland. Given stability of Wayland when it comes to games. and use in daily life […] For 18.10 we will re- that Canonical increasingly sees Ubuntu as While open source drivers work fine with evaluate Wayland as the default.” Ultimately, a business-ready operating system, it makes Wayland for standard desktop activities, reverting to X.Org for 18.04 LTS is little more sense that they would want to ensure its proprietary drivers are less reliable and, than a hiccup on the road to Wayland’s stability with these functions. unfortunately, they offer far better graphics eventual adoption by all major Linux distros. 6 DiStrO FEED Top 10 (Average hits per day, 30 days to 11 Feb 2018) 1. Manjaro 3438 2. Mint 2955 3. Ubuntu 1690 4. Debian 1675 5. elementary 1285 6. Solus 1249 7. Antergos 1088 8. TrueOS 1081 9. Fedora 967 10. openSUSE 906 SOFtWare This month Wine updated with ■ In development (5) ■ Stable releases (5) support for Direct3D 10/11 The usual suspects occupy the top 10 list, although it’s worth noting that ArchLinux Windows compatibility layer also adds has dropped to 12th Android graphics driver place; rival Manjaro remains at number 1. Highlights the Wine team has announced the release All of this means that you can expect of Wine 3.0, the favoured option for running improvements in the performance of Windows apps and games on Linux, which Windows software running on Linux, as well archLinux brings with it a number of long-awaited as a wider selection of apps and games. One of the most well-known improvements. Among these are Direct3D Wider support for more recent games is alternatives to the Debian family, 10 and 11 support, the Direct3D command another benefit, something that will certainly ArchLinux has its own package manager and is stream, the Android graphics driver, and attract anyone hanging onto a Windows available for x86, x64 and ARM devices. improved DirectWrite and Direct2D support. dual-boot partition. Wine 3.0 is available for Noting the lack of some other hoped- free now, although improved support can be Manjaro Linux for additions, the Wine team clarified that enjoyed if you opt to wait for CrossOver to Manjaro is a more powerful “because of the annual release schedule, a adopt and polish it. interpretation of Arch, with number of features that are being worked on As important as the release of Wine automatic hardware detection, multiple kernel have been deferred to the next development 3.0 is for gamers, it’s also quite a big deal support and desktop configurability. cycle. This includes in particular Direct3D 12 for Android. The inclusion of the Android and Vulkan support, as well as OpenGL ES graphics driver means that an APK version archman GnU/Linux support to enable Direct3D on Android.” has been made available from www.winehq. Although based on Arch, this version Most significant for PC users, particularly org. Available for ARM and Intel-based eschews pacman in favour of gamers, is the Direct3D 10 and 11 support, Android devices, Wine 3.0 can be easily Octopi, with the intention of making software which includes compute shaders, installed on Android as long as ‘unknown installation easier. It’s lightweight, too. tessellation shaders, depth bias, multi- sources’ is enabled. At this stage only a small threaded command streams, support for number of tools work, with wider support more graphics cards, and improvements to on x86/x64 devices than on ARM. However, Latest distros OpenGL. There are also improvements to the possibility of running legacy Windows available: HiDPi scaling and memory management. software on Android tablets is fascinating. filesilo.co.uk www.linuxuser.co.uk 7 OpenSource Your source of Linux news & views harDWare Purism breaks silence on the Librem 5 Regular updates promised for the phone project Following the announcement of Purism’s new security and privacy-focused Linux smartphone, Librem 5, in august 2017, news about its progress has largely disappeared. That’s about to change. In a blog post in late February, Mobile Development Lead Nicole Faerber revealed that the team has been expanded, with 15 new roles filled as of January 2018. Some volunteer roles are also expected. More importantly, weekly blog posts will provide progress reports, an alternating weekly focus on the hardware and the UI. But what has been happening to prompt the Librem 5 team’s radio silence? Most significant is that the NXP i.MX 6 system-on-chip (SoC), used in early evaluation for the project, is unsuitable for use in a phone. “The most important above The Librem 5 promises to revolutionise smartphone security feature of the i.MX6 was that it is one of only a handful of SOCs supported by a highly work with the i.MX6 showed us that it still architecture – also known as ARM64, the functional free software GPU driver set, the uses quite a lot of power so when put under 64-bit version of ARM – is planned, and Etnaviv driver,” Faerber wrote. “However, load it would drain a battery quickly, as well development without the intended SoC as warm up the device.” continues with the i.MX 6 Quad Plus board. User interface and Although disappointing, it seems User interface and user experience work is that the team has identified a suitable also underway, with the display expanded user experience work replacement, the NXP i.MX 8M SoC, which to be between 5-5.5 inches with full HD Faerber describes as “currently the most resolution (1920x1080p). Keep an eye on is also underway likely candidate.” Meanwhile, AARCH64 https://puri.sm/posts for more. SOFtWare Softmaker Office adds Microsoft-style ribbon 2018 version touts extra features, but still isn’t open source Writing and managing documents, ribbon menu. First seen in Microsoft Office interface, enabling the use of multiple spreadsheets and presentations on Linux 2007, the ribbon is intended to ease access documents within the same app window. can be tricky for anyone who has recently of rarely used tools. In Softmaker Office it For presentations, 2D and 3D slide migrated from Windows. Microsoft Office has a secondary purpose, however: to ‘ease transitions can be used. Integration with won’t run without Wine; LibreOffice, for all its in’ newcomers to office tasks on Linux. Mozilla Thunderbird brings some productivity strengths, doesn’t look like Microsoft Office. Available in 32-bit and 64-bit versions, boosts, such as enhanced calendar One solution is to try a different office Softmaker Office 2018 features the management. The address book can also be suite, and Softmaker Office – the 2018 TextMaker word processor, PlanMaker imported into TextMaker. version of which has just been released – spreadsheet, Presentations for presentation You’ll find a 30-day trial version at www. could be the answer for many people. As well design, and add-ons for Mozilla Thunderbird, softmaker.com, while the standard package as adopting the DOCX, XLSX and PPTX file which is also included. costs £60 for three household devices. formats by default, Softmaker Office 2018 Various other enhancements are also A ‘professional’ suite can be bought for £90, also introduces a Microsoft Office-style featured. These include a tabbed user with five home licences included. 8 opinion Security: it’s time to make the shift left The merging of development and operations has left security concerns lagging behind – paul Farrington suggests a number of ways to bring it back in line he staggering growth of the application inconvenient bottleneck, and must become an integral T economy has put unprecedented pressure part of the build process. To shift left, it is crucial to on development teams. Missed delivery bring development, operations and security together deadlines can result in lost revenues, while with a culture of quality improvement. Here are a few poor functionality can impact customer loyalty and suggestions to help DevOps teams make the shift. retention. To meet the demands of a faster time to Fail quickly, using automation Build testing directly into market, many organisation are adopting DevOps. This the DevOps process through automation. Save time by burgeoning philosophy shifts left the responsibility for failing tests as early in the DevOps pipeline as possible. ensuring stability and security of an application integrate app security into your dev tools Integrating paul throughout the entire lifecycle – including production security helps reduce friction. Ensure your security Farrington and customer usage – to include developers. assessments integrate with your IDE and build and ticketing systems that automatically test code and Evolution of ‘shift left’ coordinate remediation. Paul is a Manager The shift left into development has not only impacted Fix flaws as you go Give developers the tools to find and for the EMEA the role and responsibility of developers, but has fix coding errors as they write code, such as developer Solution Architects transformed the entire software life cycle. sandboxes, ‘as-you-type’ static testing, and eLearning. at Veracode. In the more traditional approach to software Build security champions Make those developers with development, Waterfall, there would be handoffs at an interest in security your security champions, who can each stage of the software development life cycle help reduce culture conflict between development and (SDLC): from planning, development, quality assurance security by promoting the security message on a peer-to- and operations. With knowledge lost during the silos, peer level. operations issues would never be fed back down to developers; to the same end, business intent would never Give developers the tools to find and make it up the chain to operations. fix coding errors as they write code, Agile development further aligned business intent and application knowledge with the product owner, such as developer sandboxes developers and quality assurance on the same team. However, it was still someone else’s problem to operate the software. DevSecOps now supports continuity across Don’t stop for false alarms Don’t put up with application the spectrum; the team now must be responsible for security solutions with a high false-positive rate – what is written and deployed. As a result, developers are especially as false alarms could prevent a critical starting to think differently about what they’re building business function from being deployed. and how they’re building it. The result for software Extend application security into production Application delivery has been lower waste, fewer errors through security can’t stop after deployment. Similar to other automation and greater empathy for demands on the aspects of DevOps, a well-engineered solution must teams across the SDLC. enable closed-loop feedback from production for any The benefits of ‘shift left’ testing have been understood subsequent security incidents. by the software development industry for a long time, provide operational visibility DevOps promotes team including higher confidence in the delivered product, autonomy, but make sure operations and security have higher customer satisfaction and reduced product the required visibility to measure and assess teams for developments costs, but security has been a latecomer compliance and risk. to the ‘shift left’ methodology. However, with software Start making the shift By taking the decision to ensure and application-related data breaches and cyberattacks that security is integrated across the entire SDLC from heavily plaguing the industry over that last five years, the outset, you will enable your team to deliver more it is clear that security can no longer be viewed as an secure software – and faster. www.linuxuser.co.uk 9 OpenSource Your source of Linux news & views Comment Your letters Questions and opinions about the mag, Linux and open source I heart pcDuino top tweet A nice message Dear LU&D, You’ve asked readers about their interests from @arribada_i: so I thought I’d mention my own. I’m running Linux Mint A wonderful write having given Windows 10 ‘the flick’ as it was gobbling up by up all my meagre bandwidth with updates every time I @LinuxUserMag connected to the internet. I’m also interested in Knoppix looking at the and really small SBCs like the pc3Duino Nano, having story behind had success with the Arduino UNO. Unfortunately, it the Arribada looks like the Raspberry Pi is going to win out in the Initiative’s drive popularity stakes and I will have to switch over, which Above The Electron Particle 3G comes with its own SIM card and towards open is a shame because the Duino has on-board analogue/ a plug-in system for extensions conservation digital converters. Data logging from sensors is what I’m technology. working on, so low power consumption and an ‘all in one’ a Pi myself making a radio and weather station with the Shout outs to standalone black box is my aim. youngster since the Christmas break. I’ve also got the @institute_irnas tom Hartley Particle Electron 3G set aside for some IoT playtime in the @AudioMoth near future. Its hardware design is entirely open source @OpenAcoustics Chris: Thanks, Tom. You’re in good company with (https://github.com/particle-iot/electron). and the Principe Linux Mint. It seems that Mint has taken over as the Trust too. mainstream distro of choice. I think our small board Developing dev skills computer round-up (See Features, p60, LU&D187) demonstrated that there’s a big ol’ world out there for the Dear LU&D, I’m a new Linux user and I just want to create adventurous. I must admit I’ve been mucking about with a simple application and I don’t know where to find tutorials. I’m looking to design an application such as a music player or calculator for Linux. Freeman moyo Chris: It’s an interesting idea, isn’t it? How about a ‘Developer’s 101’ series on building a Linux desktop app from scratch and covering all the decisions that you have to make along the way? Questions like what language to write it in? Of course, a lot of people will say Python, but it doesn’t have to be as you’re likely to find an interpreter or compiler that will enable you to run most languages on Linux (and particularly Ubuntu). As I was thinking about this I was reminded that Jon ‘Kernel Column’ Masters co-wrote a useful book that covers this subject called Professional Linux Programming (1st Edition), published by Wrox. Not surprisingly, it dealt with development for the Linux kernel, but also development for the desktop and web. It looked at techniques for integrating an app with the OS. I believe it’s out of print now, which prompts the question: is it time for a second Above If you can’t afford to buy a programming book, there are plenty available for free – edition, Jon? Of course, outside of magazines there are and nice people like the Free Ebook Foundation curate them for you on GitHub plenty of introductory books or bookazines (try www. 10