0% found this document useful (0 votes)
109 views100 pages

Linux Magazine - December 2024 USA

The December 2024 issue of Linux Magazine covers various topics including the rise of Linux ransomware tools, particularly the Linodas attack, and highlights the Gnome Foundation's financial struggles. It also features articles on AI-assisted programming, web page monitoring with changedetection.io, and off-grid file sharing using Raspberry Pi. Additionally, the issue includes reviews of Kubuntu 24.10 and Kali Linux 2024.3, along with updates on significant developments in the Linux community.

Uploaded by

dogalo.dingdong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
109 views100 pages

Linux Magazine - December 2024 USA

The December 2024 issue of Linux Magazine covers various topics including the rise of Linux ransomware tools, particularly the Linodas attack, and highlights the Gnome Foundation's financial struggles. It also features articles on AI-assisted programming, web page monitoring with changedetection.io, and off-grid file sharing using Raspberry Pi. Additionally, the issue includes reviews of Kubuntu 24.10 and Kali Linux 2024.3, along with updates on significant developments in the Linux community.

Uploaded by

dogalo.dingdong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 100

Linodas: Exploring a

DV S I D
IN
+

D E
Linux ransomware tool

ISSUE 289 – DECEMBER 2024

Coding
with
Save time with AI-assisted
programming

changedetection.io: Find Anki: Add audio and


out when a website updates video to your flashcards
Web Tricks: Add custom Retro-Gaming: Resurrect
features to a web page your favorite game from
with Tampermonkey an old CD
File Sharing Off the Grid: FABULOUS
Set up a Pi Zero as a hotspot 10 FOSS FINDS!
W W W. L I N U X - M A G A Z I N E . C O M
EDITORIAL
Welcome

THANKS FOR ALL


THE ALLITERATION
Dear Reader,
“We should try to work with these guys. They are just or bank loan officer. Luckily, Shuttleworth was spending
getting started, but I think they might be going places, and his own money, so he could chase his zero-cost vision.
it will be good to make the connection.” These were the The fact that Ubuntu was always all free bought them a lot
words of Brian, my publisher, 20 years ago, when talking of credit with the community. Ubuntu has always had an
about an upstart new Linux that had recently appeared on ear to the aesthetic of their audience, like in 2010, when
the scene. This group had a way of looking like a commu- they released their October Maverick Meerkat version two
nity, but they were strangely more organized and directed weeks early just so they could claim it appeared on 10/10/10,
than the lovable but too-often chaotic community distros a date that corresponded to the binary form of the number
of the era. And the name of this newcomer? It was so 42, which is “The Answer to the Ultimate Question of Life,
unlikely, and yet so memorable – once you heard it, you the Universe, and Everything” in the Hitchhiker’s Guide to
couldn’t forget it: Ubuntu. When you asked them what the the Galaxy.
name meant, they would say, “It sort of means togetherness,
These days Ubuntu is looking and sounding a lot more
or ‘I can be me because you are you,’ but the concept is
corporate. You might even say they sound more like Red
too beautiful to translate directly into English.” It is hard
Hat, except they aren’t like Red Hat. They still give their
to believe that it as been 20 years since the first Ubuntu
whole distribution away for free without a lot of restrictive
release. (Yes, it is also hard to believe that I’ve been doing
licensing gymnastics. They don’t seem to mind when
this job for 20 years, but seriously, I had just started
other developers take their code and adapt it into other
when this happened – I guess that means this is my 20th
distros. And they still put out a sensible, stable Linux that
anniversary also.)
provides everything most users need without feeling clut-
There was so much excitement about Ubuntu in those first tered. If you want a lighter version, try Lubuntu or
few years. Although they were owned and backed by a Xubuntu, and if you’re looking for a different look and feel,
for-profit company, a lot of volunteers were working for try one of the other Ubuntu “flavors” based on alternative
them for free just for the chance to be part of something. desktops. (The KDE-based Kubuntu is included on this
But honestly, they didn’t act like a for-profit company. month’s DVD.)
They gave their full distribution away – not a scaled-down
I want to celebrate Ubuntu and thank them for the care
“community edition.” They flew volunteers to exotic
and excellence they’ve brought to the Linux community
meetups in cool European cities. And they really dreamed
through the years. And a special
big. I think they truly wanted to be as ubiquitous as
nod to Brian, who was right 20
Windows. They even had a crowd-funding effort to
years ago: They really were
launch a mobile phone project at one point, with the
going places. Good insight
dream of converging phone and PC technology.
Brian…I guess that’s why
We really did work with them, especially in those early you’re the publisher….
years. We were one of the first to distribute their DVD as
a covermount, and our very first special edition was an
Ubuntu special.
At the time Ubuntu and its parent company Canonical
appeared on the scene, several other Linux companies Joe Casad,
were vying for a piece of the Linux market. Most of these Editor in Chief
companies – Xandros, Linspire, and other names of the
past – had the general idea that, if Microsoft could charge
$250 for Windows, we ought to be able to charge at least
$25 for a fully operational and well-integrated version of
Linux. When I interviewed Ubuntu founder and self-de-
scribed “benevolent dictator” Mark Shuttleworth years
ago, he told me he had always believed the competitive
pressures of the Linux market would mean that these for-
profit distros would be in a “race to zero,” so he decided
he might as well start out at zero and build his business
model around it – a brilliant move, as it turns out, but not
one he could have easily explained to a venture capitalist

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 3


DECEMBER 2024

ON THE COVER
26 changedetection.io 64 Off-Grid File Sharing
This cool tool will keep an eye on a web page You don’t need the Internet to share files. The next
and alert you to changes. time you’re off grid, stay connected using ownCloud
and a battery-powered Raspberry Pi Zero.
32 Linodas 74 Anki
Do you think Linux is immune to ransomware? Part of training is memorization, and flashcards
We take you inside the Linux version of the are a popular tool for memorizing facts. We
illusive DinodasRAT attack. introduce you to an app that lets you integrate
audio and visual cues into the flashcard format.
42 Tampermonkey 88 Legacy Video Games
Many users don’t realize you can modify web You’ve kept those classic video game CDs from
content on the fly as your browser reads it. your childhood in a drawer for all these years.
We’ll show you how. Isn’t it time you did something with them?

NEWS IN-DEPTH
8 News 26 Web Page Monitoring
• The Gnome Foundation Struggling to Stay Afloat Do you want an alert when a product is back in stock at your
• Thousands of Linux Servers Infected with Stealth Malware favorite online store? With changedetection.io, you can stay
Since 2021 up-to-date on website changes.
• Halcyon Creates Anti-Ransomware Protection for Linux
• Valve and Arch Linux Announce Collaboration 32 Linodas
• OSI and LPI Form Strategic Alliance Cybercriminals are increasingly discovering Linux and
• AlmaLinux Unveils New Hardware Certification adapting malware previously designed for Windows
Process systems. We take you inside the Linux version of a famous
• Wind River Introduces eLxr Pro Linux Solution Windows ransomware tool.
• Juno Tab 3 Launches with Ubuntu 24.04
38 Command Line – zoxide
12 Kernel News Zoxide, a modern version of cd, lets you navigate long
This month in Kernel News, Zack reports on when the directory paths with less typing.
process is the feature.
42 Tampermonkey
Even small changes in a web page can improve the browsing
COVER STORY experience. Your preferred web browser provides all the tools
you need to inject JavaScript to adapt the page. You just
16 Write Code with AI need a browser with its debugging tools, some knowledge
Artificial intelligence is increasingly supporting of scripting, and the browser extension Tampermonkey.
programmers in their daily work. How effective are these
tools? What are the dangers? And how can you benefit 48 Programming Snapshot – Go Interfaces
from AI-assisted development today? Using the Go Interface mechanism, Mike demonstrates its
practical application with a refresh program for local
copies of Git repositories.
REVIEW
22 Distro Walk – ArcoLinux
ArcoLinux, an Arch derivative, offers easier installs while 95 Back Issues 97 Call for Papers
educating users about Arch Linux along the way. 96 Events 98 Coming Next Month

4 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


16 Coding with AI
Futurists predict a day when
computers will write the
computer programs. Are we there 71 Welcome
already? This month we separate This month in Linux Voice.

fact from hype to examine some 73 Doghouse – Stakeholders


of the popular AI-based coding The stakeholder approach of open source broadens
tools and explore what they can the pool of who can access, influence, and benefit
from information technologies.
(and can’t) do well.
74 Anki
Flashcards are a fast and effective way to memorize

MakerSpace pertinent facts for your next exam. Anki takes this
time-honored trick in a direction you never could
have imagined in the days of those classic 3x5 cards.
56 Embedded Rust
Rust, a potential successor to C/C++, claims to solve some 82 FOSSPicks
memory safety issues while maintaining high performance. Nate explores some top FOSS tools, including the latest
We look at Rust on embedded systems, where memory Gnome desktop, a slick 3D model viewer, LibreQuake, a
safety, concurrency, and security are equally important. neat currency converter, and much more.

64 Off-Grid File Sharing 88 Tutorial – Legacy Video Games


A battery-powered WiFi hotspot can provide useful services People born in the late ’80s and early ’90s often have
like file sharing even when you're off a sizeable collection of old video games gathering dust
the grid. A Pi Zero 2 W as the at home. Systems capable of executing these are,
hotspot with ownCloud however, becoming scarce. This article explores the
installed does the trick. options for archiving old PC games and
running them on modern systems.

@linux-magazine.com

@linux_pro
TWO TERRIFIC DISTROS
@linuxpromagazine
DOUBLE-SIDED DVD!
Linux Magazine SEE PAGE 6 FOR DETAILS

@linuxmagazine

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 5


DVD
This Month’s DVD

Kubuntu 24.10 and Kali Linux 2024.3


Two Terrific Distros on a Double-Sided DVD!

Kubuntu 24.10 Kali Linux 2024.3


“Oracular Oriole” 64-bit
64-bit
Kubuntu 24.10, codenamed Oracular Oriole, is the Based on Debian, Kali Linux is a security-directed
newest release of the popular KDE-based Ubuntu flavor distribution. It is a popular choice for forensics,
known as Kubuntu. The latest edition, which ships with penetration testing, and reverse engineering. Kali
Linux kernel 6.11, will receive nine months of full support Linux 2024.3 is the third release of the year.
until the next long-term support release in April 2025. The focus of Kali Linux 2024.3 is the update and
The new Kubuntu comes with the KDE Plasma 6.1 optimization of programming tools, including the
desktop, KDE Frameworks 5.116 and 6.6.0, and “many documentation. However, the release notes also
updated KDE Gear applications.” The latest release is the highlight what is not included because the update
next step in the developers’ quest to replace the ancient and optimization are taking weeks to complete. An
X11 graphics system with the more recent Wayland important feature still to come is Python 3.12, whose
compositor. In the new edition, Wayland is the default, exclusion has also blocked other packages (for details,
although X11 is still available as an option. see https://www.kali.org/blog/kali-linux-2024-3-release/).
Plasma 6.1 comes with a new option for easy remote If a temporarily excluded package interests you, check
access to other Plasma desktops. Also included are the weekly updates to see if it is now available.
enhanced capabilities for screen locking and desktop
customization. A new experimental feature called
“permissions prompting” offers “fine-grained control
over Snap applications permissions.”

Defective discs will be replaced. Please send an email to [email protected].


Although this Linux Magazine disc has been tested and is to the best of our knowledge free of malicious software and defects, Linux Magazine
cannot be held responsible and is not liable for any disruption, loss, or damage to data and computer systems related to the use of this disc.

6 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


NEWS
Updates on technologies, trends, and tools
THIS MONTH’S NEWS
08 • The Gnome Foundation
Struggling to Stay Afloat
• Thousands of Linux
Servers Infected with
Stealth Malware Since
2021
The Gnome Foundation Struggling to Stay Afloat
09 • Halcyon Creates Anti-
Ransomware Protection The Gnome Foundation has announced changes are underway due to some serious
financial issues (https://foundation.gnome.org/2024/10/07/update-from-the-
for Linux
• Valve and Arch Linux board-2024-10/ ). Their current budget was approved on October 1, and they have
Announce Collaboration been forced to make some very tough decisions to ensure long-term sustainability.
• More Online Those decisions include layoffs, most notably Caroline Henrikson, Creative Director,
and, Melissa Wu, Director of Community Development. The foundation also indicated

10 • OSI and LPI Form Strategic


Alliance
that, unless more funds are secured, they will have to make serious changes in how
they market, fundraise, and even attend events.
• AlmaLinux Unveils New One area that did not see cuts is Gnome’s two major conferences, Gnome
Hardware Certification Asia and GUADEC. Fortunately, these events are backed by corporate sponsorship,
Process so they have been spared (for the time being). The Gnome Foundation internship
programs and the group’s participation in Google Summer of Code are also not
11 • Wind River Introduces
eLxr Pro Linux Solution
impacted by the current cuts.
Part of the reason for these cuts is that the Gnome Foundation had been living off
• Juno Tab 3 Launches with
a surplus of funds, but those funds dwindled until, in April 2024, Robert McQueen
Ubuntu 24.04
(Gnome Foundation president) announced that the surplus was gone.
At the time of writing, the Gnome Foundation is currently searching for a new
executive director.
The Gnome Foundation is asking for community support by way of volunteering,
idea sharing, and donations (https://www.gnome.org/donate/ ).

Thousands of Linux Servers Infected with


Stealth Malware Since 2021
A strain of malware has been exploiting misconfigurations on Linux servers since
2021 and has been found to be quite challenging to remove. The malware has been
dubbed perfctl and, as you might expect, mines cryptocurrency.
The developers of this malware are as of yet unknown. They have created a mali-
cious piece of software that uses processes and file names that are either identical
or very similar to those already found in Linux environments.
To keep itself hidden, perfctl uses several tricks, one of which is to install many of
its components as rootkits, which by nature are harder to detect. Perfctrl also stops
all easily detected activities when a user logs in, uses a Unix socket over Tor for
communication, deletes the installation binary after the service is up and running,
manipulates the pcap_loop process by way of hooking to obfuscate the malware,
and suppresses error messages to avoid warnings during execution.
In regards to perfctl, Assaf Morag, a researcher for Aqua Security, said, “The main
impact of the attack is resource hijacking. In all cases, we observed a monero cryp-
tominer (XMRIG) executed and exhausting the server’s CPU resources. The

8 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


NEWS
Linux News

cryptominer is also packed and encrypted. Once unpacked and decrypted it


communicates with cryptomining pools.” Morag continues, “To detect Perfctl MORE ONLINE
malware you look for unusual spikes in CPU usage, or system slowdown if the
rootkit has been deployed on your server. These may indicate cryptomining
activities, especially during idle times,” (https://www.aquasec.com/blog/perfctl-a- Linux Magazine
stealthy-malware-targeting-millions-of-linux-servers/ ). www.linux-magazine.com
To mitigate against perfctl, you should make sure all Linux servers are patched
for all known vulnerabilities, set noexec on /tmp and /dev/shm, disable unused ADMIN HPC
services, implement strict privilege management, isolate critical servers from the http://www.admin-magazine.com/HPC/
Internet or use firewalls to restrict outbound communication, and deploy runtime TUI Tools for Containers
protection. • Jeff Layton
Text-based user interface tools for a
development container.
Halcyon Creates Anti-Ransomware
Protection for Linux ADMIN Online
http://www.admin-magazine.com/
Halcyon’s goal is to defeat ransomware, and on October 1, the company announced A Feature-Rich Drop-In Replacement for
the general availability of Halcyon Linux. This new product offers protection against Microsoft Exchange
ransomware attacks targeting Linux systems. • Markus Feilner
According to Cynet, Linux ransomware attacks increased by 75 percent in 2023 Grommunio is a completely open source
and are expected to continue to climb as more bad actors target Linux deployments and fully compatible drop-in replacement
(https://www.cynet.com/ransomware/linux-ransomware-attack-anatomy-examples- for Microsoft Exchange that uncouples your
and-protection/ ). company from Microsoft's cloud strategy and
The Cynet report states, “While Linux ransomware only represents a small share its severe security and data protection issues.
of cyberattacks, there are several reasons to be concerned. As a Linux user, you Manage Software Apps Publicly and Privately
must not overlook ransomware even if it is not yet common on Linux-based sys- • Kevin Wittmer
tems. While Windows is the favorite for desktops, Linux dominates the market The WinGet client for the Windows Package
for supercomputers and servers. The Linux computing market is projected to Manager improves the software installation
grow to $22 billion by 2029.” experience for administrators, developers, and
To combat that, Halcyon Linux is powered via the Halcyon Anti-Ransomware users and provides a way to create and share
Platform and secures Linux-based systems with real-time visibility and detections, software in the WinGet package format for
integrated ransomware response, data exfiltration prevention, efficient performance, publishing to public and private repos.
cross-platform coverage, and 24/7/365 security analyst monitoring. RFID Technologies and Risks
Jon Miller, CEO and co-founder of Halcyon says of the new solution, “The fact • Tam Hanna
that Linux systems usually are always on and available means they provide the We look at various approaches to RFID asset
perfect beachhead for establishing persistence and moving laterally in a targeted tracking, provide an understanding of the
network, and they can be leveraged for data theft where the exfiltration is easily technologies and challenges involved, and
masked by normal network traffic.” cover some of the potential attack vectors.
Miller continues, “As more ransomware operators are developing the capability
Artificial Admin
to target Linux systems alongside Windows, it is imperative that organizations have
• Martin Loschwitz
the ability to keep pace with the expanded threat.”
AIOps brings artificial intelligence tools
At the moment, there is no indication about the pricing of the new platform, but into everyday administrative work, with
you can request a solutions brief at https://www.halcyon.ai/anti-ransomware/linux AI-supported automation of some admin
and a demo at https://www.halcyon.ai/get-a-demo. responsibilities.

Valve and Arch Linux Announce Collaboration


Arch Linux recently announced that it would be part of a collaboration with Steam
for two major projects. The projects in question are a build service infrastructure and
a secure signing enclave.
According to the Arch news release, “This opportunity allows us to address some
of the biggest outstanding challenges we have been facing for a while. The collabo-
ration will speed up the progress that would otherwise take much longer for us to
achieve and will ultimately unblock us from finally pursuing some of our planned
endeavors. We are incredibly grateful for Valve (https://www.valvesoftware.com/en/ )
to make this possible and for their explicit commitment to help and support
Arch Linux.”
The secure signing enclave is intended for the Arch team to use to sign packages
with a single signing key, instead of the current process (one person key per package).

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 9


NEWS
Linux News

Essentially, this collaboration will make it considerably easier for Arch Linux devel-
opers to do their jobs. Arch Linux project leader Levente Polyak stated (https://lists.
archlinux.org/archives/list/[email protected]/thread/RIZSKIBDSLY-
4S5J2E2STNP5DH4XZGJMR/ ), “These projects will follow our usual development and
consensus-building workflows. [RFCs] will be created for any wide-ranging changes.”
He continues, “Discussions on this mailing list as well as issue, milestone, and
epic planning in our GitLab will provide transparency and insight into the work. We
believe this collaboration will greatly benefit Arch Linux and are looking forward to
sharing further development on this mailing list as work progresses.”
This collaboration shouldn’t come as a surprise to anyone, given that SteamOS
3.0 is based on Arch Linux.
All projects funded by Valve will stick to Arch Linux’s development and consensus-
building workflows and will provide more transparency into the work being done.

OSI and LPI Form Strategic Alliance


During the OSPOs for Good event at the United Nations headquarters in New York City,
the Open Source Initiative (OSI, https://members.opensource.org/join/ ) and the Linux
Professional Institute (LPI, https://www.lpi.org/) confirmed a new alliance to address the
growing demand for employability from public and private organizations worldwide. This
will bring the two groups together to collaborate on technical education projects aimed
at increasing professional growth for both Linux and open source technologies.
The agreement bolsters LPI’s professional certification by ensuring that open
source licenses meet open source software requirements, and encouraging mem-
bers of the public to participate in the development and maintenance of open source
projects and achieve certifications.
This coming together will also help both LPI and OSI financially, because it means
they will be eligible to receive certain discounts and exclusive opportunities. However,
more importantly, both organizations will collaborate on initiatives that strengthen
the Linux and open source ecosystems.
According to Stefano Maffulli, Executive Director at OSI, “The global open source
movement has generated immeasurable economic value, yet the movement has
never been in greater need of educated professionals to drive the next leap forward
in open source understanding, innovation, and adoption.” Maffulli continues, “OSI
exists to both promote the Open Source Definition and to encourage the growth of
open source communities around the world. This partnership with LPI is one in a se-
ries of initiatives that will increase accessibility to the certifications and community
participation that open source needs to thrive.”
G. Matthew Rice, Executive Director at LPI, had this to say of the alliance: “It is
our mission to promote the use of open source by supporting the people who work
with it. A closer relationship with OSI makes a valuable contribution to this effort.
We are excited to open up new opportunities for people around the world – personally,
professionally, and in their communities.”

AlmaLinux Unveils New Hardware


Certification Process
If you’re looking for a new enterprise-grade server operating system and are con-
cerned about hardware compatibility, AlmaLinux offers a new certification process.
This new program will verify and certify hardware for the AlmaLinux OS.
Get the latest news The certification process is broken down into four steps:
• Submission of hardware for testing
in your inbox every • Rigorous testing by AlmaLinux or an authorized partner
week • Issuance of certification upon successful completion of tests
• Listing of certified hardware in AlmaLinux’s official catalog
Subscribe FREE There are also two certification levels:
to Linux Update • AlmaLinux Compatible: This is the basic level and confirms that the hardware
bit.ly/Linux-Update functions correctly with AlmaLinux OS.

10 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


NEWS
Linux News

• AlmaLinux Certified: This is a more rigorous certification process that


guarantees the hardware works and meets performance and reliability
standards.
According to benny Vasquez, chair of the AlmaLinux OS foundation, “The creation
of the Certification SIG and the program around it illustrates that AlmaLinux continu-
ally empowers its community and enables action based on the feedback from users
all around the world.” She continues, “Our users depend upon and appreciate the
interactive approach to governance that leads to ongoing advancements in the com-
munity. We’re committed to providing a clear and consistent path toward hardware
certification.”
For those who are concerned that the process will take an extended period, the
new AlmaLinux Hardware Certification takes just days to complete. To do this, the
process leverages an open source certification toolkit, developed by AlmaLinux OS
Foundation, that is built upon various open source hardware and software testing
projects and tools.
Read more about the new certification on the official AlmaLinux Hardware
Certification page: https://almalinux.org/certification/hardware-certification.

Wind River Introduces eLxr Pro Linux Solution


By delivering expert commercial support for the Debian-based open source eLxr
project (https://www.linux-magazine.com/Online/News/Debian-Based-eLxr-Distribution-
Announced-for-Edge-Deployments/(language)/eng-US), Wind River helps organizations
manage critical workloads across distributed environments with new levels of
efficiency and scalability.
This platform “empowers enterprises to adopt scalable, secure, and reliable Linux
solutions for cloud-to-edge deployments” with features such as:
• upstream-first approach: fully aligns with Debian’s open governance, ensuring
a free operating system that preserves software freedom
• cloud-native-ready: optimized for containerized workloads and supported
across a range of modern runtimes
• security-first: continuous security monitoring throughout package lifecycle
The open source eLxr project provides a secure and stable Linux distribution for
near-edge networks and workloads. And, as a founding member and leading contrib-
utor to the eLxr project (https://www.windriver.com/blog/Enriching-the-Edge-Cloud-
Continuum-with-eLxr), Wind River provides customers with comprehensive lifecycle
support to ensure your “Linux platform is always secure, up-to-date, and backed by
dedicated Wind River experts.”
Read more at Wind River: https://www.windriver.com/products/elxr-pro.

Juno Tab 3 Launches with Ubuntu 24.04


With a price of $699, the Tab 3 might be more expensive than the average Android
tablet, but you’d be hard-pressed to find a better option if you want a full-blown
Linux experience in tablet form.
The Juno Tab 3 is available with either the Debian-based Mobian Linux, Ubuntu
24.04, or Kubuntu 24.04. The specs include an Intel Alder Lake-N Celeron N100 CPU
with 4 cores, 4 threads, and a 1.10GHz clock speed (or 3.40GHz with Turbo); an Intel
UHD GPU; a 12.1" anti-glare IPS capacitive touch display at 2K 2160×1440, 60Hz
refresh rate, and 270min/330typ cd/ ; 16GB of RAM, WiFi 6; Bluetooth 5.0; a 2MP
front cam and 3.7MP rear cam; a 512GB SSD; and a 5000 mAh 38Wh 7.6V battery
with a 36W charger.
As far as ports are concerned, the Tab 3 offers plenty, with 1 micro SD, 1 micro
HDMI, 1 USB-C 3.1, 1 USB-C 3.1 with support for charging and video out, one
1.35mm DC, and one headphone jack.
You can bump up the storage to 1TB for $722 or up to 2TB for $799.
The Tab 3 is available to purchase now from the Juno Computers online store and
typically ships within 4-7 business days: https://junocomputers.com/us/product/
juno-tab-3/.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 11


NEWS
Kernel News

Zack’s Kernel News


When the Process Is the more and more stable, and then finally
Feature he releases the new kernel version,
The Linux kernel development process and the cycle begins again. These rela-
has undergone many changes through tively short cycles allow developers to
the years. Linus Torvalds was the first to enjoy the fun part of development
understand how to run an open source while still taking the time to stabilize
project. The GNU General Public License their work and make it more reliable
(GPL) had existed for years, but the GNU for end users.
projects that used it were isolated, and Recently during the Kernel’s usual
potential contributors were largely stabilization phase, Kent Overstreet,
turned away. Linus’s great innovation the main developer of the bcachefs
was to encourage people of all skill lev- filesystem, submitted a very big patch
els to chip in, resulting in such an in- for bcachefs. This is a new filesystem
crease of development speed that pretty that Linus accepted into the source tree
Chronicler Zack Brown reports soon the entire open source world burst in 2024, although it is still flagged in
into existence. The Linux kernel was re- the kernel as being an experimental
on the latest news, views, ally where all of that started. feature.
dilemmas, and developments Since then, the kernel development Kent’s patch fixed a bunch of small
within the Linux kernel process has followed its own evolu- bugs, but then went on to do some more
tionary processes, with subsystem major changes, which had originally
community. maintainers feeding patches for inclu- been intended for the next kernel’s
By Zack Brown sion in the source tree up through “merge window” (the time when new
highly trusted “lieutenants” to Linus. features would be acceptable). Kent sent
At a certain point, Linus also switched them in this patch because he felt they
from simply releasing new versions of were important. However, Linus did not
the kernel to using actual revision con- like his approach.
trol, first the proprietary BitKeeper tool Linus replied to his patch, saying:
and then Git, which Linus wrote himself “No, enough is enough. The last pull
specifically to deal with the BitKeeper was already big.
owner revoking permission to use the “This is too big, it touches non-
tool. bcachefs stuff, and it’s not even remotely
Among the many changes to kernel some kind of regression.
development over the years, one of the “At some point ‘fix something’ just
thorniest has been the struggle to bal- turns into development, and this is that
ance stability with new development. It point.”
seems to be widely accepted wisdom Linux went on to say, “Nobody sane
that developers much prefer writing uses bcachefs and expects it to be sta-
new features than stabilizing and main- ble, so every single user is an experi-
taining those features over the long mental site.” He concluded, “The
term. Linus tried several approaches to bcachefs patches have become these
solving this dilemma. At one point, he kinds of ‘lots of development during
alternated between a very long develop- the release cycles rather than before
ment cycle and a very long stabilization it’, to the point where I’m starting to
Author cycle. But the period of stabilization regret merging bcachefs. If bcachefs
The Linux kernel mailing list comprises was quite painful for many, and he it- can’t work sanely within the normal
the core of Linux development activities. erated quite a bit on finding a better upstream kernel release schedule,
Traffic volumes are immense, often method. maybe it shouldn’t *be* in the normal
reaching 10,000 messages in a week, and His current approach involves each upstream kernel.”
keeping up to date with the entire scope kernel version having its own short Kent, maybe feeling a bit blindsided
of development is a virtually impossible window of time for receiving new fea- by Linus’s comments, strongly de-
task for one person. One of the few brave tures, followed by a series of “release fended the strengths of bcachefs. He
souls to take on this task is Zack Brown. candidates” that in principle become said, “Universal consensus has been

12 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


NEWS
Kernel News

that bcachefs is _definitely_ more “And yes, these _are_ solid, the
trustworthy than brtfs, in terms of ‘will rhashtable stuff was done months ago
this filesystem ever go unrecoverable or (minus the deadlock fix, that’s more re-
lose my data’ – I’ve seen many reports cent), and the rcu_pending stuff was
of people who’ve put it through the mostly done months ago as well, and
same situations where btrfs [fails]. I’ve _heavily_ tested (including using it as re-
ever seen people compare bcachefs’s placement backend for kvfree_rcu, which
robustness in positive terms vs. /xfs/; is the eventual goal there).
and that’s the result of a *hell* of a lot “And the genradix code is code that I
of work with the #1 goal of having a also wrote and maintain, and those are
robust filesystem that _never_ loses simple patches.”
data.” To which Linus merely quipped,
Although in the next breath, he did “What is to be gained by having release
add a public disclaimer: “Please don’t rules and a stable development environ-
rush out and switch to bcachefs just ment? I wonder.”
yet. I still have a backlog of bugs and Linus then replied to his own quip a
issues – some of them serious, as in few minutes later, saying:
your filessystem will go emergency “But seriously – thinking that ‘I
read only – and I don’t want people changed a thousand lines, there’s no
getting bit. There’s still a ton to do; I’m way that introduces new bugs’ is the
not taking EXPERIMENTAL off until at kind of thinking that I DO NOT WANT
least the fuzz testing for on disk cor- TO HEAR from a maintainer.
ruption is in play.” “What planet ARE you from? Stop
Kent also defended his work ethic being obtuse.”
and development practices, saying, Kent replied, “I’m not sending you
“Look, I’ve been doing this for a long anything here that isn’t a fix for a real
time, I’ve had people running my code issue.”
in production for a long time, and I’m At this point, stepping back for a mo-
working with my users on a daily basis ment, Linus offered a more thorough
to address issues. I don’t throw code explanation of his thinking:
over the wall; I do everything I can to “Kent, bugs happen.
support it and make sure it’s working “The number of bugs that happen in
well.” He added, “when I ship code, ‘bug fixes’ is in fact quite high. You
I’m _always_ weighing ‘how much do should see the stable tree discussions
we want this’ vs. ‘risk of regression/ when people get heated about the re-
risk in general’ – I’m not just throwing gressions introduced by fixes.
out whatever I feel like.” “This is, for example, why stable has
Kent went on to say, “Look, this is the the rule of fixes being small (which does
filesystem you’re all going to want to be get violated, but it is at least a goal: ‘It
running in – knock on wood – just a cannot be bigger than 100 lines, with
year or two, because I’m working to context’), because small fixes are easier
make it more robust and reliable than to think about and hopefully they have
xfs and ext4 (and yes, it will be).” fewer problems of their own.
However, in terms of bcachefs’s reli- “It’s also why my ‘development happens
ability, Linus replied plainly: before the merge window’ rule exists.
“I’ll believe that when there are major “If you have to do development to fix
distros that use it and you have lots of an old problem, it’s for the next merge
varied use. window. Exactly because new bugs hap-
“But it doesn’t even change the issue: pen. We want _stability_.
you aren’t fixing a regression, you are “The fixes after the merge window are
doing new development to fix some old supposed to be fixes for regressions, not
problem, and now you are literally edit- ‘oh, I noticed a long-standing problem,
ing non-bcachefs files too. and now I’m fixing that’.
“Enough is enough.” “But obviously the same kind of logic
This attitude seemed to perplex Kent. as for stable trees apply: if it’s a small ob-
He replied: vious fix that would be stable material
“What is to be gained by holding back *anyway*, then there is no reason to
fixes, if we’ve got every reason to believe wait for the next release and then just
that the fixes are solid? put it in the stable pile.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 13


NEWS
Kernel News

“So I do end up taking small fixes, currently stable and working for cus- processes’ vs. ‘weighing the situations
because at that point it is indeed a ‘it tomers and new development. Your and using your judgement’. There isn’t a
wouldn’t help to wait’ situation. work is excellent but *process* is right or wrong answer as to where on the
“But your pull requests haven’t been equally and sometimes even more im- spectrum we should be, we just all have
‘small fixes’. And I admit, I’ve let it slide. portant. Some of the other hats I’ve to use our brains.
You never saw the last pull request, when worn professionally include as a lead “No one is being jerks here, Linus and
I sighed, did a ‘git fetch’, and went C/C++ developer and as a product re- I are just sitting in different places with
through every commit just to see. And lease manager so I’ve learned from different perspectives. He has a responsi-
then did the pull for real. very painful experience that large proj- bility as someone managing a huge proj-
“This time I did the same. And came ects absolutely *must* have strict rules ect to enforce rules as he sees best, while
to the conclusion that no, this was not a for process. I’m sure you realize that. I have a responsibility to support users
series of small fixes any more.” Linus is not being a jerk about this. with working code, and to do that to the
To Linus’s “bugs happen” comment, Just a couple of months ago Linus had best of my abilities.”
Kent replied: to tell you the exact same thing he’s The discussion ended there. My own
“I _know_. telling you again here. And that wasn’t take on the situation is that Linus gen-
“Look, filesystem development is as the first time. Is your plan to just con- erally prefers to win an argument
high stakes as it gets. Normal kernel tinue to break the rules and do what- rather than enforce his position. He
development, you fuck up – you crash ever the heck you want until Linus may have a reputation for being mean
the machine, you lose some work, you stops bothering you? I don’t think and bombastic, but I believe that look-
reboot, people are annoyed but generally that’s a good plan. ing only at those snapshots tends to
it’s ok. “Since I’m already being blunt I’m miss what’s really going on. In general,
“In filesystem land, you can corrupt going to be even more blunt: you have a Linus loses patience when he feels the
data and not find out about it until serious problem working with others. In other person has had something clearly
weeks later, or _worse_. I’ve got stories to the past and in this thread I’ve read explained and is willfully refusing to
give people literal nightmares. Hell, that where you seem to imply that other get the point.
stuff has fueled my own nightmares for kernel developers are gatekeeping and So, since Kent seems to be honestly
years. You know how much grey my resist some of your ideas because you’ve disagreeing with Linus in this conver-
beard has now? created something that (in your opin- sation, I think it could go either way. I
“Which is why I have spent many years ion) is already better in some ways than wouldn’t be surprised if Linus, for ex-
of my life building a codebase and devel- some of things they’ve created. But from ample, accepts another big patch from
opment process where I can work produc- where I’m sitting the problems you’ve Kent and gives him another reminder
tively where I can not just catch but re- experienced are 90% because of *you*. that this needs to change. At the same
cover from pretty much any fuckup You’re an adult and you need to under- time, in this discussion, Linus did say
imaginable. stand that about yourself so you can do “enough is enough,” and that generally
“Because peace of mind is priceless….” something about it.” indicates that he’s about to enforce the
At this point in the conversation, Carl Kent got the final word of the conver- rules. To me, it really could go either
E. Thompson joined in, trying to bridge sation, replying: way at this point.
the gap. He said: “You guys are freaked out because Part of the problem is that many ker-
“Kent, I’m not a kernel developer I’m I’m moving quickly and you don’t have nel developers are really amazing, and
just a user that is impressed with visibility into my own internal process, there can be a certain amount of arro-
bcachefs, uses it on his personal systems, that’s all. gance that goes along with having such
and eagerly waits for new features. I am “I’ve got a test [cluster], a community amazing skills and abilities. Kent
one of the users who’s been using testing my code before I send it to would not be the first Linux developer
bcachefs for years and has never lost any Linus, and a codebase that I own and to feel that their contributions were
data using it. know like the back of my hand that’s better and more carefully written than
“However I am going to be blunt: as stuffed with assertions. And, the other people’s and deserving of special
someone who designs and builds changes in question are algorithmically treatment. Part of Linus’s main discov-
Linux-based storage servers (well, I fairly simple and things that I have ex- ery of the principles of open source de-
used to) as part of their job I would cellent test coverage for. These are all velopment was to encourage people in
never, ever consider using bcachefs pro- factors that let me say, with confidence, their contributions. In the spirit of fun,
fessionally as it is now and the way it that there really aren’t any bugs in this I will say, if Linus turned developers
appears to be developed currently. It is this pull request. away simply because they were arro-
simply too much changed too fast with- “Look, there will always be a natural gant, he might have run out of contrib-
out any separation between what is tension between ‘strict rules and utors a long time ago. Q Q Q

QQQ

14 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


COVER STORY
Write Code with AI

Artificial intelligence as an aid for developers

Ghost Coder
Artificial intelligence is increasingly supporting programmers in their daily
work. How effective are these tools? What are the dangers? And how can
you benefit from AI-assisted development today? By Tim Schürmann

D
evelopers have been using artificial intelligence for suggestions while the developer is typing. The additions will
decades. Even text editors such as Kate offer syntax complete lines started by developers and typically even finish
highlighting and auto-completion. Under the hood, off whole functions. The snippets that GitHub Copilot [5]
these tools are based on pre-
defined rules. If the editor encounters
the for character string, for example, it
highlights the string in green. Modern AI
assistants are far smarter, opening up
completely new possibilities for
developers.
For instance, what happens if you
want to convert your existing program
code from C to the more modern Rust?
No problem for CodeConvert [1]. The
cloud service can translate source code
between many programming languages
(Figure 1). In addition to well-known
representatives such as Go and Python,
you can also translate code from more
exotic languages such as Ocaml, Cobol,
and Tcl. Other translators, such as Re-
fraction [2], Codeium [3], and Figstack
[4] also help you beam your code to dif-
ferent languages, but these tools can do
far more.
The translator tools use plugins to
connect to the development environ- Figure 1: In CodeConvert, you download the existing source code on
ment, monitor the programmer’s work in the left, press a button, and receive the counterpart in Rust or another
the background, and then make coding language on the right.

16 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


COVER STORY
Write Code with AI

expression from a description such as “all


valid email addresses” or deliver a match-
ing SQL query based on a paraphrased
description.

Hallucinations
If you believe the many videos and mar-
keting texts on the Internet, AI wizards
effortlessly pull complex code snippets
in countless languages out of their hats.
The providers try to outdo each other in
their claims. Refraction claims to support
56 programming languages, and Code-
ium supports more than 70. It all sounds
too good to be true. And, as anyone who
has tried out the tools in a larger project
will be aware, it often is.
The AI wizards are capable of writing
simple functions such as Bubblesort or
the Euclidean algorithm from Figure 3
quite reliably. They will even provide
new solutions or implement ideas that
Figure 2: In the Codeium Playground on the Codeium website, you can programmers might not have thought
test the AI wizard without any obligation, but only on a handful of of. However, if you need more complex
languages. code, you will often only see unusable
suggestions, some of which are not
outputs also stick to the coding conventions of the rest of the even recognizable as code (Figure 4).
document. AI coding thus goes far beyond conventional rule- Problems of this kind are due to the way the AI tools work:
based autocompletion. The source code of neural networks is generated in the back-
In order to autonomously complete a function, the wiz- ground, usually in the form of Large Language Models (LLM).
ards use the existing or surrounding code as a reference The programming wizards therefore use the same technology
point. Tabnine [6] is based on both the signature of a func- that powers ChatGPT. Unlike ChatGPT, however, the neural
tion and on a comment above it. Programmers can use hint networks are not simply trained with everyday knowledge from
lines to steer the AI to the right results. Keep in mind that Wikipedia but with existing source code. Tabnine and some of
many providers don’t bother describing the working meth- its competitors also offer to customize the resulting models for
ods of their AI tools. In the case of Codeium (Figure 2), for their customers. To do this, they train their models with the
example, it is unclear which lines the wizard takes into ac- private source code of the customer.
count when it generates code. In all cases, the neural networks will always suggest the kind
Most AI tools don’t just rewrite source code; you can also ex- of source code that they believe is most likely to match the ex-
plicitly ask them to solve a programming problem. You need to isting code. But when faced with complex code, the AI wizards
describe the task for the AI with a short sentence to immediately tend to go haywire. The resulting suggestions sometimes con-
see the matching code. For example, the AI wizards provide the sist of confusing instructions or are no longer fit for the pur-
complete code for sor algorithms or make suggestions relating to pose, although the code might require closer inspection to dis-
classes. Some tools, such as Refraction, can also derive a regular cover these issues (Figure 5).
Worse still: The generated source code can contain errors
and security vulnerabilities, for example, if the AI recom-
mends the use of an outdated API. The self-confidence that

Figure 3: Codeium completing the function for calcu- Figure 4: In other cases, there are either no sugges-
lating the greatest common divisor. tions or meaningless ones.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 17


COVER STORY
Write Code with AI

significantly more source code in C than


in less popular languages such as D or
Cobol. Thanks to the AI wizards’ greater
knowledge of C, the wizards can create
far more complex code in the C language,
whereas even simple situations in D will
lead to nonsensical solutions.
The various quirks of the leading AI
development tools mean that developers
walk away with widely differing experi-
ences. Some programmers no longer want
to be without their AI tools, and others
find them useless. Anyone interested in
these experiences will want to take a look
at the discussions on Reddit, such as the
thread on GitHub Copilot [8].

Legal Pitfalls
Another problem with the training data is
that AI users can never be sure whether
the source code generated on demand
Figure 5: Refraction generated code: Note that Refraction’s own code violates licenses, copyrights, or even pat-
audit feature immediately criticizes several items. ents. This problem is exacerbated if the
AI simply copies code snippets from the
the wizards appear to have tempts many developers to adopt training data and passes them off as its own. According to
the code without checking it carefully. In a blog post [7], GitHub, this happens with Copilot, especially if there isn’t very
developer Marcio Frayze shows how quickly bugs can slip much code in the programmer’s editor, or if the AI is asked for
through. very common solutions, such as a bubblesort algorithm. Source
code also often contains personal data, such as the email ad-
Exam Board dresses of the developers involved. Basically, this information
GitHub Copilot tries to mitigate these problems with filters. can also be found in the AI’s memory.
The filters scan the generated code snippet for common prob- GitHub tries to filter the output of email addresses, but you
lematic patterns. According to GitHub, potential problems in- can’t rule out the risk of some slipping through. And there is
clude SQL injections and hard-coded credentials. If Copilot de- duplicate detection to help prevent code copying. The GitHub
tects a problem, it blocks the suggestion or at least notifies the AI searches for the code snippet it has generated in all public
developer of the problem. Having said this, the AI wizard does GitHub repos. If it finds what it is looking for, it either blocks
not deploy any additional security measures. GitHub then rec- its proposal or reports the location and license. Developers can
ommends its other tools, such as GitHub
Advanced Security.
Programmers should always check the
auto-generated source code themselves.
GitHub Copilot and CodeConvert even
explicitly point this out in the small print
and in their FAQs. A second look is defi-
nitely recommended if a feature is still
tagged as beta or even experimental,
such as the Codeium Command function
in Codeium, which generates code that
matches a natural language description.
The quality of the suggestions largely
depends on the wizard’s knowledge base
and therefore on the training data. But
where the data comes from remains a
mystery throughout. It is only rarely that
providers cite a source. The notable ex-
ceptions include Tabnine and GitHub.
Both AIs learn from the source code in Figure 6: The AIs generate documentation relatively accurately. In this
publicly accessible repositories, including example, Codeium has written a correct comment for the task of
those on GitHub. However, there is computing the greatest common divisor.

18 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


COVER STORY
Write Code with AI

Figure 7: Refraction explaining the code in the center.

then decide for themselves whether the suggested code and comment with a short, appropriate, natural-language descrip-
license are suitable for their project. tion (Figure 6). Like many other candidates, the AI developed
Despite this, some worries remain when you use Copilot. by JetBrains [9] for its IDEs also automatically writes commit
Duplicate detection only works if the code snippet exists in a texts. Although all the AI-generated texts still require a little re-
public GitHub repository, is at least 150 characters in length, work, as many developers confirm, the generated comments
and the developer is working with Visual Studio Code. In the substantially speed up the documentation work.
small print, GitHub points out that you must always check for You can also ask AI wizards to explain existing code to you
yourself whether Copilot’s proposals infringe on the rights of (Figure 7). In this way, you can quickly find out what the func-
other parties. In the case of active duplicate detection, GitHub tion (written by a former member of staff who long since left
at least promises support for Copilot users who are accused of the company) actually does. You can even ask Codeium, Tab-
copyright infringement. GitHub does not specify how far this nine, GitHub Copilot, and others questions about the source
help extends.
Even given a check like this, there is
always the question of the license under
which the generated code proposal is
registered. GitHub itself explicitly
makes no copyright claims to the code
generated by Copilot; other providers
are tacit on the subject. This and all the
other problems do not exactly speak in
favor of using AI wizards. On the up-
side, the wizards are still useful for
some specific tasks.

Documentation
Many developers see the documentation
of their source code as a pesky chore.
But this is a task that the AI wizards
carry out with an astonishing accuracy.
All programmers have to do is ask Code-
ium, Refraction, and the like to explain a
function and the AI will provide a Figure 8: Codeium provides details of the Fmt package included in Go.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 19


COVER STORY
Write Code with AI

code – for example, how one function uses another or what strings and numbers into variables and adds missing types.
patterns a cryptic regular expression covers. Figstack also Once again, the quality of the results depends to a huge extent
determines the runtime of the source code in O notation. on the complexity of the source code.
These tools can also help newcomers master a new language
(Figure 8). You can tell the AI wizards to show you examples Payment Plans
and ask questions about the existing code. Some AIs offer Most smart programming aids are only available as commercial
special assistance: Refraction will create an introduction to an cloud services, which the plugins for the development environ-
arbitrary programming topic on request, whereas JetBrains AI ments then consult. Alternatively, you can talk to the AI directly
guides you through the range of functions in the in-house IDEs. in the browser, but this means that you have to constantly copy
However, the texts of the AI tools sometimes sound very much the source code back and forth. Tabnine is one of the few pro-
like boring reference manuals, which is why many developers viders that lets you host its models on-premises yourself.
prefer to switch to ChatGPT for this task. Any free offers available are either time-limited or severely re-
stricted in terms of their feature set. Fees also vary considerably
Testing, Testing, 1, 2, 1, 2 among the services. Professional developers will pay at least
The AI wizards also offer useful support for testing. More specif- US$80 per year with Refraction, whereas GitHub Copilot charges
ically, they can automatically generate test cases or unit tests at US$19 per user and month. Special conditions are often available
the push of a button. The AI developed by JetBrains for its IDE for students, teachers, and developers of open source projects.
is based on both the source code and the documentation. Refrac- Looking for open source programming wizards is like finding
tion, in turn, automatically inserts debug texts into the code, a needle in a haystack, and they are also far more complex to
such as “All elements processed.” The AI derives the texts from set up. As with Tabby [10] and FauxPilot [11], you typically
the names of functions, variables, and other elements, which is need to launch a server in a Docker container. Well-known
why they often require some rework. Some AIs detect typical or open source models often operate in the background. Tabby
potential programming errors and alert you to them. These er- uses Code Llama, StarCoder, or CodeGen, for example.
rors can even happen while you are typing. Refraction even ex- Some AI wizards let you query with an API – via OpenAPI in
plains how the error occurred and how to remedy it. But none of the case of Tabby, for example. If you do not want to use Curl to
the AI assistants can guarantee completely error-free code. access these interfaces, you will need a matching client or a plu-
When things have to be done quickly, spaghetti code with gin for your own IDE. Fortunately, the Tabby project itself pro-
variables whose names consist of just one letter is still com- vides some plugins. In the case of FauxPilot, you either have to
monplace. Some AI tools are capable of unraveling this mess of resort to plugins from third-party developers or use tricks to per-
code and formatting it in compliance with a style guide. In ad- suade the official Visual Studio code plugin for the GitHub Copi-
dition to optimized code, Refraction offers natural language im- lot to cooperate (Figure 10). As an alternative to Tabby and Faux-
provement tips. For example, the AI complains about a lack of Pilot, you can install the Ollama framework [12] directly and use
input checking and meaningless variable names. Refraction, it to run an open source model such as Code Llama locally. If
Codeium, and others can automatically refactor the code (Fig- you decide to take this extremely bumpy path, you will find a
ure 9). Refraction also automatically converts hard-coded usable Visual Studio code plug-in in the form of Privy [13].

Figure 9: Refraction refactoring older Rust code while adapting it to current Rust versions at the same time.

20 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


COVER STORY
Write Code with AI

Anyone considering running Tabnine


themselves or using an open source AI
such as Tabby for data protection rea-
sons will inevitably face issues with
this technology. Even if you no longer
have to train these models yourself,
running them still requires powerful
hardware. Ideally, your system will in-
clude a powerful NVIDIA graphics card
with plenty of memory that can be ad-
dressed via the CUDA interface. The
FauxPilot quick-start guide cites this
configuration as a mandatory
requirement.

Conclusions
Automatically generated tests and ref-
erences to best practices – according to
a survey of Go developers – is what
many programmers want from an AI
wizard [15]. And, at least with most
Figure 10: Some tools, such as GitHub Copilot, not only offer IDE commercial services, these wishes are
plugins but also support queries via a command-line tool. likely to come true. But no AI is cur-
rently able to implement complex code
Data Protection automatically. In practice, the wizards do their jobs primar-
In order to generate high-quality source code for different ily as enhanced auto-completers, documentation aids, and
languages, a wizard requires a large neural network and unit test generators. In these areas, the tools take tedious
huge amounts of training data. The required computing routine work off the developer’s plate, although you still
power and financial resources are primarily the domain of need to double-check the results. Q Q Q
large corporations such as Google, Amazon, and Microsoft,
as well as players like OpenAI. Smaller providers of pro- Info
gramming tools, such as the former pioneer Kite [14], are [1] CodeConvert: https://www.codeconvert.ai
falling by the wayside or are increasingly forced to rely on [2] Refraction: https://refraction.dev/
preparatory services by the global players. Refraction from
[3] Codeium: https://codeium.com/
Portugal, for example, uses customized models from
OpenAI. [4] Figstack: https://www.figstack.com/
This reliance on background services leads to a data protec- [5] GitHub Copilot: https://github.com/features/copilot
tion problem. In order to provide immediate suggestions, the [6] Tabnine: https://www.tabnine.com/
AI monitors the developer’s work and sends some of the [7] “What it was like to spend a month using GitHub Copilot and
source code to the cloud for evaluation. If you let CodeConvert why I plan to not use it (next month)”: https://dev.to/
translate all of your source code, for example, this means you marciofrayze/what-it-was-like-to-spend-a-month-using-
have sent the internals of your entire program to a company in github-copilot-and-why-i-plan-to-not-use-it-next-month-3ao5
India. In most cases, the providers also receive further informa- [8] “GitHub Copilot – what’s your experience been like? Worth
tion. GitHub Copilot collects various metrics such as the errors it?”: https://www.reddit.com/r/webdev/comments/11hmsqp/
reported by the development environment and the features github_copilot_whats_your_experience_been_like/
enabled in it. [9] JetBrains AI: https://www.jetbrains.com/ai/
What happens to the data in the cloud is up to the provider. [10] Tabby: https://tabby.tabbyml.com/
In particular, the source code and therefore important internal
[11] FauxPilot: https://github.com/fauxpilot/fauxpilot
enterprise data could be incorporated into the AI as training
[12] Ollama: https://ollama.com/
material. As a result, the wizards would then offer up your
company’s knowledge to other users. In the worst case, code [13] Privy: https://getprivy.dev/
fragments could even appear there. Manufacturers deal with [14] Kite: https://www.kite.com/blog/product/
this problem in different ways, and the pertinent details are kite-is-saying-farewell/
often hidden in the small print. GitHub Copilot, for example, [15] Survey of AI assistants: https://go.dev/blog/survey2023h2/
only guarantees for the business plan that the source code
sent to the cloud will not be used as training data. GitHub also Author
reserves the right to allow employees working on the Copilot Tim Schürmann is a freelance computer scientist and author.
project to view the requests. These include employees of Besides books, Tim has published various articles in magazines
Microsoft and OpenAI. and on websites.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 21


REVIEW
Distro Walk – ArcoLinux

The experience of Arch Linux on the desktop

ArcoLinux
ArcoLinux, an Arch derivative, offers easier installs while well as explanations of the different fla-
vors and derivatives of ArcoLinux, but
educating users about Arch Linux along the way. By Bruce Byfield the most interesting menu item is the

T
suggested learning path [3] shown in
oday, Arch Linux is in the same ArcoLinux’s emphasis on education Figure 1. The learning path begins with
state as Debian around the turn of is obvious from the choice of a .info warnings like “You will break your sys-
the millennium – popular for its domain name. The distribution boasts tem […] This is normal. 15 minutes later
technical excellence, but with a more than 4,000 videos on YouTube [2] you are back on a newly installed OS.”
reputation for being difficult to install. and proclaims in all caps on its site: ArcoLinux suggests that users begin with
Even with detailed installation documenta- “You ask a question that concerns a mostly automatic install that provides
tion and the minimal archinstall script, everyone we make a video.” an Xfce desktop on which they can learn
the reputation remains. As a result, just Moreover, the project’s home site in- curated apps, system configuration and
as Debian spun off rivals like Ubuntu and cludes a Start Here top-level menu. The maintenance, page management, key-
MEPIS that feature easy installs, so Arch Start Here menu includes the usual links board shortcuts and aliases, and become
has spun off distributions like Endeav- to review, news, and testimonials, as comfortable using the terminal. Users
ourOS and Manjaro. Among Arch Linux’s
derivatives, ArcoLinux is unique [1]. As
much an open university as a distribution,
ArcoLinux takes its inspiration from Arch
Linux’s extensive documentation as well
as its technology and organization. In the
process, ArcoLinux offers beginners and
veterans alike the experience of installing
an Arch-like desktop version.
Lead Image © maxkrasnov, 123RF.com

Author
Bruce Byfield is a computer journalist and
a freelance writer and editor specializing
in free and open source software. In
addition to his writing projects, he also
teaches live and e-learning courses. In his
spare time, Bruce writes about Northwest
Coast art (http://brucebyfield.wordpress.
com). He is also co-founder of Prentice
Pieces, a blog about writing and fantasy Figure 1: Phase 1 of ArcoLinux’s learning path is designed to systemati-
at https://prenticepieces.com/. cally to turn novices into experts.

22 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


REVIEW
Distro Walk – ArcoLinux

Figure 2: The introductory installation stages include Figure 3: In the advanced installation, ArcoLinux
useful preinstall links. leaves the choice of apps to the user. Shown here is
the extensive list of desktops and window managers
can then move on to an advanced instal- users will only in- available during installation.
lation and other desktops, saving tiled stall a few times
desktops for last. From there, they can at most. However, ArcoLinux’s installa- ArcoLinux uses the Calamares in-
learn to create their own installation tion process warrants more detail than staller. What distinguishes ArcoLinux’s
images, how to install Arch Linux itself, usual because it is shaped by the goal of version (Figure 2) is the addition of the
and, finally, how to create their own educating users. Some users may want Advanced Installation option. The intro-
Arch Linux derivative distribution. Read- to begin with Home | Info to learn about ductory stages of the install emphasize
ing the summary of the eight phases pro- burning a .iso to a USB drive or a virtual education and ease of use, but the over-
vides a clear picture of what separates a machine. Download images are available all impression is of a graphical version of
newcomer from a knowledgeable Linux from the Download menu, where they an Arch Linux install – something that
user. The learning path contains obvious are all briefly described in terms of de- almost seems a contradiction in terms –
biases, such as the need to know the fault applications and services, as well and a tool that rivals the Debian installer
command line or the assumption that as ease of use. Some are characterized for comprehensiveness and user control.
tiled desktops are an advanced choice, by the type of kernel, others by the desk- It starts with a choice of graphics that in-
but probably few long-time Linux users top. Each of the downloads – Arconet, cludes pure open source or NVIDIA. It
would disagree with these biases. The ArcoPro, and ArcoPlasma – also has its then moves on to a choice of options to
overall effect is a summary for beginners own video that users can watch before update download mirrors, to partition
that, as far as I know, is unmatched any they install. with GParted, and to set screen
place else.
In following the learning path, users
can refer to other menu items. Although
the links are often obscurely named, the
Home menu contains detailed guidelines
for each phase, as well as a link to the
user forum. Users designing their own
installation images may also want to
refer to Home | ArcoLinux | Applications
for information about widgets, termi-
nals, and similar images. Unfortunately,
though, many of the items in the General
menu about configuration and hardware
are still placeholders, so following the
learning path may also require addi-
tional web searches. No doubt Arco-
Linux will get to these topics in time.

Installing ArcoLinux
When reviewing most distributions, I
generally try to keep the description of
the installation minimal. After all, most Figure 4: The default desktop for the ArcoPlasma flavor of ArcoLinux.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 23


REVIEW
Distro Walk – ArcoLinux

resolutions. Only then can users choose


an automatic easy install or an advanced
install in which every option is chosen
by the user. The advanced install is the
most secure choice, although ArcoLinux
does not mention the fact.
The easy install is similar to that of
many distributions. Although extensive
online help is provided, the advanced in-
stallation is best installed with a browser
at hand to help in making choices. The
advanced installation defaults to Ameri-
can English and includes the usual basics,
but many of its pages require some
knowledge. Otherwise, users may puzzle
over which kernel to install – the latest, a
hardened kernel, or half a dozen others.
The choices threaten to be even more
overwhelming in over 20 additional pages
of options for drivers, logins, office soft-
ware, fonts, theming, and graphics. Even
if you adopt the policy of leaving installa- Figure 5: The Arch Linux Tweak Tool is a comprehensive configuration tool.
tion until later when in doubt, this is no
15-minute install. Most likely it will be personal. Many productivity categories free software, but ArcoLinux is an exam-
more like 45 minutes, but those who have multiple choices, but the most ple of how it should be done. While Ar-
value customization should appreciate varied are the dozens of choices for coLinux is probably unsuitable for abso-
the freedom of choice (Figure 3). desktop environments, which range lute beginners, it is ideal for beginners
from window managers to almost who aspire to become experts, and for
ArcoLinux Applications every desktop I have ever heard of, anyone who values customization and
ArcoLinux’s desktop applications de- and many I haven’t. A close second is freedom of choice. Q Q Q
pend on how the desktop is installed and the choice of web browsers. Where
the choices made (Figure 4). The easy some distributions offer two or three, Info
installation’s curated applications are ArcoTool offers over two dozen, al- [1] ArcoLinux: https://www.arcolinux.info/
mostly unexceptional. They vary with though some are only variations of the
[2] ArcoLinux videos: https://www.
the desktop chosen, especially among same choice.
arcolinux.info/arcolinux-editions/
the development apps. For instance,
choosing KDE Plasma also installs the The State of the Project [3] Learning paths: https://www.arcolinux.
Plasma Engine Explorer and Plasma ArcoLinux could benefit from some reor- info/learning-path/
Theme Explorer. Otherwise, the choices ganization. The
are mostly typical of most distributions. text on links could
The main exceptions in the easy installa- be more descrip-
tion are the apps inherited from Arch tive, and the site
Linux. Chief among them are the Arch can be hard to
Linux Tweak Tool (Figure 5), to which a navigate and not
few ArcoLinux extras are added, and the just for the first
Arch Linux Kernel Manager. Both are time. All the same,
comprehensive administration apps that ArcoLinux is an
would be useful in any distribution. In ambitious project,
addition, the ArcoLinux install includes especially for a
a welcome screen with a few basic utili- small develop-
ties, a guide to building custom install ment team. What
images (Figure 6) and another for build- it does to make
ing Conky docks, and still another for Linux in general
removing one or more desktops. All are and Arch Linux in
more comprehensive than the average particular more
desktop app and deserve to be ported to accessible is im-
other distributions. pressive. Docu-
With an advanced installation, by mentation is often Figure 6: The ArcoLinux Application Glade helps
definition, the variation becomes more a weak point in users to create their own install images.

24 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Web Page Monitoring

Get notified on website changes

Do you want to be alerted when a product is back in stock on your favorite online store? Do you
want to know when a website without an RSS feed gets an update? With changedetection.io,
you can stay up-to-date on website changes. By Koen Vervloesem

I
f you want to stay updated on
news from various websites, Really
Simple Syndication (RSS) [1] is a
great solution. Many websites offer
their news in an RSS feed, which is an
XML file with a specific format. You can
subscribe to these feeds and read the
content in RSS feed readers, which can
be graphical, command-line, or web-
based clients.
However, not all websites provide an
RSS feed, and RSS usage seems to have
diminished somewhat in recent years.
Moreover, not all websites offer their
content in the form of articles. Still, you
may want to know about changes on
these websites, such as the price of your
favorite product on an online store or a
new page in the table of contents of an
online document. Are you then doomed
to regularly visit all those websites
you’re interested in?
Lead Image © rendeeplumia, 123RF.com

With changedetection.io [2], you can


monitor arbitrary changes on web pages
and be notified in various ways. At first
glance, changedetection.io’s website
(Figure 1) seems to suggest it is a com-
mercial service that requires a monthly
subscription fee. However, changedetec-
tion.io is a completely open source proj- Figure 1: It takes some time to discover that changedetection.io is an
ect, with its source code [3] published open source project.

26 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Web Page Monitoring

under the Apache 2.0 license. The devel- $ sudo usermod -aG docker $USER two web pages as examples: the chan-
oper simply offers this solution as a sub- gelog of its own releases, and the
scription to fund development. Log out and log in again to apply the Hacker News homepage. Each of these
group membership. Next, create a data “change detection watches” gets its
Installing changedetection.io directory for the container: own row in a table. For each page, this
Changedetection.io is a Python program, table shows the last time it was checked
which you can install using Python’s $ mkdir changedetection as well as the last time it changed. If the
package manager pip. However, because page has a change that you haven’t
you probably want to run this continu- Then create a docker-compose.yml file viewed yet, the entire row is shown in
ously as a service, it makes sense to run with the content from Listing 1. bold. Clicking on the Diff button then
it in a Docker container. On Ubuntu Of course, you need to modify the shows the changes, with new lines in
24.04 LTS, install Docker and Docker path in the volume to match your user’s green and deleted lines in red. A click
Compose with home directory. Now, start changedetec- on Reset queues a new check of the
tion.io with: page if you don’t want to wait for the
$ sudo apt install docker.io docker-U next scheduled check. By default, pages
compose-v2 $ docker compose up -d are checked every three hours.
Each page can have one or more tags,
Then add your user to the docker group: If you run this on your desktop or such as Tech news or another general
laptop, simply category. These tags are also shown next
Listing 1: changedetection.io Docker Compose File visit http:// to the page in the change detection
01 version: '3.2'
localhost:5000 in watch table, and there are also tabs for
your web browser each tag. If you click on a tag, the table
02 services:
to access the user only shows pages with that tag, provid-
03 changedetection:
interface (Fig- ing a clearer overview if you have many
04 image: ghcr.io/dgtlmoon/changedetection.io
ure 2). If you run pages added to your watch. At the bot-
05 container_name: changedetection this on a server, tom right of the table, you can always
06 hostname: changedetection just replace local- mark all pages of the current tag as
07 volumes: host with its IP viewed, recheck them all, or get an RSS
08 - /home/koan/changedetection:/datastore address. feed with changes of these pages for you
09 ports:
to add to your RSS feed reader.
10 - 5000:5000
The Basics Each page also has two grayed-out
Changedetection. icons at the start of its row. Clicking on
11 restart: unless-stopped
io starts watching the first one pauses the checks for this

Figure 2: Changedetection.io starts watching two web pages as examples.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 27


IN-DEPTH
Web Page Monitoring

page, and clicking on the second one than a 100 popular services, including Don’t forget to click on Save at the bot-
stops notifying you of changes, but Telegram, Discord, Slack, Home Assis- tom to save your notification settings.
keeps checking for them. A click on the tant, Kodi, Pushbullet, and email. For For now, you can ignore the other tabs of
Edit button opens the settings for the each of these services, Apprise defines changedetection.io’s settings.
page’s change detection watch. a URL. I’ll use sending emails with
Mailjet [5] as an example (for more ex- Adding a New Change
Basic Settings amples, see the Apprise wiki [6]). Detection Watch
Before adding pages, I’ll first cover some Enter one or more Apprise URLs in If you want to monitor a specific web
of changedetection.io’s basic settings. changedetection.io’s Notification URL page for changes, you can simply add
After clicking on Settings at the top right, List. For Mailjet, this looks like the URL in the text box at the top,
the General tab allows you to set the under Add a new change detection
time between checks (the default is three mailtos://username:[email protected] watch. Optionally, add one or more tags
hours), as well as other general settings. mailjet.com?from=Change%20DetectionU (separated by a comma), and then click
This is where you can set a password on <[email protected]>&to=U on Watch to add the watch with the de-
changedetection.io. Click on Save at the [email protected]&mode=ssl fault settings or Edit | Watch to edit the
bottom if you change any of the settings. watch’s settings before adding it.
In the Notifications tab (Figure 3), you This defines the notification as secure By default, changedetection.io
define how changedetection.io sends SMTP, with a username and password watches for web page text/HTML, JSON,
you notifications when it detects a page for login and a from and to email ad- and PDF changes. However, if you select
change. You can leave this field blank if dress in SSL mode. Re-stock & Price detection for single prod-
you’re content with regularly checking the If you then click on Send test notifica- uct pages, the program looks for signs of
watch list manually or if you monitor the tion, you should receive a notification a price or terms such as “in stock” or
changes in your RSS feed reader. But if you on all services you set up. If not, click “out of stock,” which lets you watch for
want faster notifications, set this up here. on Notification debug logs and try to changes in prices or stock status. Note
Changedetection.io uses Apprise [4] find out what went wrong. You can also that this only works if the page covers
for notifications. Apprise is a library that change the title and body of the notifica- one product.
supports sending notifications to more tions, but the defaults are often fine. There’s also a Chrome extension [7]
that works together with your change-
detection.io instance. Just add it to
Chrome, open your changedetection.io’s
Settings and go to the API tab. Then
open the extension from the toolbar and
click on Sync API Access. The extension
then automatically configures itself to
talk to your changedetection.io instance.
On any page, you can now click on the
extension icon in the toolbar, select
whether you want to detect normal
changes or stock and price changes, op-
tionally add one or more tags, and click
on Watch this website to add a change
detection watch (Figure 4).

Change Detection Watch


Settings
If you click on Edit | Watch when add-
ing a new watch or click on Edit for an
existing watch, you can modify various
settings specific to the change detection
watch. In the General tab, you can
change the title shown in the watch
table (by default the full URL), the tags,
and the time between checks if you
want something other than the global
settings. The Request tab allows you to
adjust how changedetection.io fetches
the web pages, which I’ll explain later.
For general web page changes, there
Figure 3: Add Apprise URLs for notifications of detected changes. are settings to filter which parts of the

28 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Web Page Monitoring

Figure 4: With changedetection.io’s Chrome extension, monitoring page changes becomes even easier.

page changedetection.io monitors for watching has a footer showing how footer. So I added the XPath filter //main
changes. The Visual Filter Selector is ad- many “bad” access attempts it has to the CSS/JSONPath/JQ/XPath Filters
vanced functionality that I’ll explain blocked. Naturally, this triggers change text box on this tab. Don’t forget to save
later, and Filters & Triggers allows you to detections I’m not interested in. When your changes.
remove HTML elements or select only examining the web page’s HTML code, I For stock and price detection, the Re-
specific HMTL elements from the page. noticed that the main element contains stock & Price Detection tab allows you to
For example, one of the web pages I’m all the information I need, without the adjust the watch’s behavior. For example,
you can specify whether you want to
know about any availability changes or
only when an out-of-stock product is back
in stock. You can also enable and disable
price monitoring, and you can even trigger
notifications when the price changes
below or above a set value (Figure 5).
For both types of change detection
watches, the Notifications tab allows you
to modify the behavior from using the
general notification settings to some-
thing custom for this watch. For in-
stance, you can disable notifications for
this watch or add another Apprise URL
for a custom notification. The Stats tab
simply shows some statistics of the
watch and allows you to download the
latest HTML version that changedetec-
tion.io has downloaded from the page to
debug any issues.

Using a Chromium/
JavaScript Server
Figure 5: Trigger a change when the price drops below or rises above a By default, changedetection.io down-
specific value. loads the watched pages as plain HTML

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 29


IN-DEPTH
Web Page Monitoring

Listing 2: Docker Compose File for changedetection.io with a Chromium/JavaScript Server


01 version: '3.2' 15 playwright-chrome:

02 services: 16 condition: service_started


03 changedetection:
17 playwright-chrome:
04 image: ghcr.io/dgtlmoon/changedetection.io
18 image: dgtlmoon/sockpuppetbrowser:latest
05 container_name: changedetection
19 container_name: playwright-chrome
06 hostname: changedetection

07 volumes: 20 hostname: playwright-chrome

08 - /home/koan/changedetection:/datastore 21 environment:

09 ports:
22 - SCREEN_WIDTH=1920
10 - 5000:5000
23 - SCREEN_HEIGHT=1024
11 environment:
24 - SCREEN_DEPTH=16
12 - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000

13 restart: unless-stopped 25 - MAX_CONCURRENT_CHROME_PROCESSES=10

14 depends_on: 26 restart: unless-stopped

files using an HTTP client. This works To configure this, update your $ docker compose up -d

for many web pages and is fast. How- docker-compose.yml file with the Docker
ever, as soon as a page uses JavaScript to Compose file shown in Listing 2. In principle, you could now change
render important parts of its content, This adds a second container run- changedetection.io’s fetch method to
this simple HTTP client won’t see the ning a Chromium web browser and Playwright Chromium/Javascript via
content. Fortunately, you can run a web lets changedetection.io’s container ‘ws://playwright-chrome:3000’ in its set-
browser in a Docker container and let wait until this container is started. tings, but the default fetch method is
changedetection.io use it to fetch the After these changes, restart Docker much more efficient. It’s recommended
watched pages. Compose with: to only change the fetch method for indi-
vidual watches where the default
method doesn’t work.
You can make this change in the Re-
quest tab of the watch settings by chang-
ing the Fetch Method to Playwright Chro-
mium/Javascript via ‘ws://playwright-
chrome:3000’. Save your changes and
wait for the queued watch to be exe-
cuted. If all goes well, the change detec-
tion watch works now. However, some
websites (such as Amazon) detect that
you’re visiting them with a bot, so they
don’t show the desired content. You can
check this by clicking on Preview next to
the change detection watch. If you go to
the Screenshot tab, you’ll see what the
page looks like to the browser in the
container, and this often shows a CAPT-
CHA. There are solutions for this prob-
lem, such as Bright Data’s (paid) Scrap-
ing Browser [8], but that is beyond the
scope of this article.

Visual Filter Selectors and


Browser Steps
If you’re using a Chromium/JavaScript
server, you get even more possibilities,
for example, for filters. Instead of having
to look up the HTML source code and
construct the XPath expression, you can
just click on the Visual Filter Selector tab
Figure 6: Select the parts of the web page you want to monitor. of the watch’s settings. This shows the

30 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Web Page Monitoring

web page, and when you hover over dif- between checks appropriately: You don’t expressions. Before you know it, you’ll
ferent parts of the page, you see a red want your account blocked because have this service constantly browsing
bounding box (Figure 6). Click on the changedetection.io logs in too the web for you, notifying you of any-
box to select the element you want to frequently. thing you need to know. Q Q Q
use for change detection. This automati-
cally fills in the corresponding filter in Conclusion Info
the Filters & Triggers tab. You can also Changedetection.io can be a great tool [1] RSS: https://www.rssboard.org/
select multiple elements. Click on Save for being notified of web page changes. rss-specification
to confirm the filter. Once you have it running for a few [2] changedetection.io:
Another advantage of using the Chro- websites without an RSS feed, you’ll https://changedetection.io
mium/JavaScript server can be found in likely add more and more change de-
[3] changedetection.io source code:
the Browser Steps tab. By clicking on the tection watches. The filters and trig-
https://github.com/dgtlmoon/
play button there, changedetection.io gers are quite powerful, and you can changedetection.io
creates a live connection to a web even ask changedetection.io to extract
[4] Apprise:
browser, and you can interact with the text from a page using regular
https://github.com/caronc/apprise
page from within this browser. You can
[5] Mailjet: https://www.mailjet.com/
then perform actions such as clicking on Author
a cookie accept box or logging into the Koen Vervloesem has been writing about [6] Apprise wiki: https://github.com/
website. After saving this, changedetec- Linux and open source, computer security, caronc/apprise/wiki
tion.io replays these steps every time be- privacy, programming, artificial intelli- [7] Chrome extension:
fore its change detection watch. You can gence, and the Internet of Things for more https://chromewebstore.google.com/
use this, especially in combination with than 20 years. He holds master’s degrees detail/changedetectionio-website/
the Visual Filter Selector, to get alerts in Computer Science Engineering and Phi- kefcfmgmlhmankjmnbijimhofdjekbop
about information shown only after log- losophy and is teaching Linux, Python, [8] Bright Data’s Scraping Browser:
ging in, such as new invoices or private and IoT classes. You can find more on his https://brightdata.com/products/
messages. Of course, adjust the time website at koen.vervloesem.eu. scraping-browser
IN-DEPTH
Linodas

Anatomy of a Linux backdoor attack

Through
the Back
Door
Cybercriminals are increasingly discovering Linux and adapting malware previously designed for
Windows systems. We take you inside the Linux version of a famous Windows ransomware tool.
By Thomas Boele

S
ince the beginning of the year, South America. The toolkit for this This article provides technical analysis
security researchers from Check threat actor includes the DinodasRAT [1] of the Linux version (v11) of DinodasRAT,
Point Research (CPR) have been cross-platform backdoor, also known as aka Linodas. The Linux edition appears
investigating the activities of a XDealer, which was previously observed to be more sophisticated than the Win-
Chinese cyber espionage threat actor in attacks by the Chinese group known dows version and has a range of features
focused on Southeast Asia, Africa, and as LuoYu. specially tailored to Linux servers. In

Photo by David Szweduik on Unsplash

Figure 1: Similarities in the function for identifying the operating system version between the Dinodas
example (left) and the open source code. © Check Point Software

32 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Linodas

Table 1: Strings of the Backdoor


Marker Discovered for the First Time Hashes
Linux_%s_%s_%u_V7 July 2021 3d93b8954ed1441516302681674f4989bd0f20232ac2b211f4b601af0fcfc13bbf-
830191215e0c8db207ea320d8e795990cf6b3e6698932e6e0c9c0588fc9eff

Linux_%s_%s_%u_V10 January 2023 15412d1a6b7f79fad45bcd32cf82f9d651d9ccca082f98a0cca3ad5335284e45


Linux_%s_%s_%u_V11 November 2023 6302acdfce30cec5e9167ff7905800a6220c7dda495c0aae1f4594c7263a29b2
ebdf3d3e0867b29e66d8b7570be4e6619c64fae7e1fbd052be387f736c980c8e
(embedded module)

Table 2: Comparing Linux and Windows Versions


Version Operating system Hash
Linux_%s_%s_%u_V11 Linux 6302acdfce30cec5e9167ff7905800a6220c7dda495c0aae1f4594c7263a29b2
Win_%s_%s_%u_V10 Windows 57f64f170dfeaa1150493ed3f63ea6f1df3ca71ad1722e12ac0f77744fb1a829

addition, the version under investigation Two samples with different internal rc.local.service file exists and writes
introduces a separate bypass module to versions suggest that there were two dif- the code from Listing 1 to the file.
hide traces of malware in the system. ferent development teams or at least two It then creates the following symlink.
The execution of the system binary files backdoors in different stages of develop-
is modified by proxies. ment communicating with the same C2 /lib/systemd/system/rc.local.service U
server. The Linux and Windows versions --> /etc/systemd/system/

Dinodas Origins have overlapping command IDs that


Several clues indicate DinodasRAT was seamlessly support the same malware In the next step, the malware determines
originally based on the SimpleRemote [2] functionality for different operating sys- whether the /etc/rc.local file exists
open source project. SimpleRemote is a tems. The cybercriminals have im- and, if it does, adds the following
remote access tool based on the Windows planted their work on Linux servers to character string:
remote access trojan Gh0st RAT [3], but it bolster their position on the network.
has some additional improvements. Sim- Security researchers found malware files #!/bin/bash

ilarities between SimpleRemote and an named ntfsys that pretend to be system [SELF_FILE_PATH] exit 0

older version of DinodasRAT include the or driver files in the context of the NTFS
use of the same Zlib library (version filesystem. Linodas then runs the chmod 777 com-
1.2.11) and some overlaps in the code As soon as the backdoor is executed, it mand to make the /etc/rc.local file ex-
(Figure 1). checks whether it has been launched for ecutable and evaluates whether the per-
The developers of DinodasRAT re- the first time by requesting two argu- sistence has been correctly written to
hashed parts of the source code and ments: the letter d and the process ID of the file. Finally, the malware changes
added some additional open source code the calling daemon. If it cannot find the the INI fields in the /lib/systemd/system/
from another repository. This code in- arguments, it calls the daemon function rc.local.service file (Listing 2).
cludes functions for handling INI files. and establishes its persistence on the
DinodasRAT uses encryption used in system. The backdoor then restarts itself. Listing 1: rc.local Activated via systemd
QQ Messenger. It retrieves the process ID and its exec [Unit]
self path and calls the system function
Description=/etc/rc.local Compatibility
Independent Code Base to run the [SELF_PATH] d [SELF_PID]
ConditionFilelsExecutable=/etc/rc.local
All examples of the cross-platform Dino- command.
After=network.target
dasRAT embed a string containing the
internal version of the backdoor. Some Persistence Methods [Service]

strings reflecting the development of the The persistence process is relatively ex- Type=forking

backdoor appear in Table 1. tensive and includes several Ubuntu ver- ExecStart/=etc/rc.local start
The earliest version for Linux was first sions and Red Hat distributions. The first TimeoutSec=0
spotted in the wild by security research- step is to determine the current operat-
RemainAfterExit=yes
ers in July 2021. Linodas has the same ing system version by reading the /proc/
logic as the Windows version, but it version and etc/lsb-release files and an-
adds a number of its own behaviors and alyzing the output. Then, based on the Listing 2: Changing INI Fields
specifically targets Linux servers. The data collected, persistence can be [Service]
latest Linodas version (v11) can also be achieved using one of the following
RemainAfterExit=no
observed in a Windows version, which methods.
[Install]
communicates with the same C2 server Method 1 (Ubuntu) – rc.local activated
WantedBy=multi-user.target
update.microsoft-setting[.]com (see via systemd: The malware first checks
Alias=rc-local.service
Table 2). whether the /lib/systemd/system/

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 33


IN-DEPTH
Linodas

Method 2 (Red Hat) – init.d script: Core Logic and used later on when the backdoor
The backdoor calls up the command, After the malware has executed correctly contacts C2 for the first time. The hard-
the output from which is analyzed by with two arguments, it moves on to the coded C2 address is parsed, stored in a
Chkconfig, and attempts to execute it. actual logic. First, it runs a series of global structure, and the malware reads
If the command is found and executed checks, including root privileges, the two more configuration fields, mode and
correctly, it adds it to the PATH environ- path/folder, and the process ID of the checkroot, from the para section. The
ment variable and continues with the calling daemon and saves them all in mode field specifies the transport proto-
actual persistence. The malware global variables. The backdoor then col to use: TCP or UDP. In contrast, the
checks whether the file /etc/init.d/ changes the timestamp of its file. checkroot field determines whether the
[SELF_FILE_NAME] exists and then writes backdoor should monitor logged-in
the code from Listing 3 to it. touch -d \"2010-09-08:*12:23:02\" U users. After the initial configuration, the
If the file has not been created, it [SELF_FILE_PATH] backdoor generates several threads that
writes the same data to the /etc/ch.sh are used for monitoring and cleaning
file and executes the following Now a configuration file based on the up. It then initiates the connection to
command: hard-coded string /etc/.netsc.conf is the C2 server.
read. The configuration files for all ex-
mv /etc/ch.sh /etc/init.d/U amples are usually hidden files. From Monitoring and
[SELF_FILE_NAME] the configuration file, the malware at- Cleaning Up
tempts to read the imei field under the The backdoor creates five threads that
The malware then executes the chmod 777 para section. The field stands for the are tasked with system monitoring,
command for the created file and checks bot ID generated for the infected com- downloading helper modules, and clean-
the persistence using the next call: puter. If it is missing in the configura- ing up old reverse shell connections.
tion file, a unique computer ID is gen- Thread #1 handles monitoring of the
chkconfig --list | grep U erated on the basis of computer param- logged-in user. If the mode field in the
[SELF_FILE_NAME] eters in five steps. configuration or the global variable for
The first step is to determine the com- mode is set to 1, this thread monitors
If the result does not contain 6:, the fol- puter’s MAC address. The malware runs logged-in users with the who command.
lowing two commands are used: the ifconfig or ip command and extracts It analyzes the output and closes the C2
the MAC address from the output; this de- connection if the registered IP is not a
chkconfig --add [SELF_FLE_NAME] U pends on the distribution. The malware local IP or the C2 IP.
chkconfig zentao [SELF_FLE_NAME] then calls the dmidecode command to ob- Thread #2 is responsible for monitor-
tain the system’s SMIBIOS. After it has ing the C2 connection status. Each
Method 3 (Red Hat) – rc.local: Persis- combined the MAC address and the out- time a valid request is made to the C2,
tence takes place via the file /etc/rc.d/ put of dmidecode, it executes the md5sum the time field in the global C2 connec-
rc.local. If the file exists, the backdoor command. Finally, in the fourth and fifth tion structure is updated. If half an
checks whether its self path exists in the steps, the backdoor generates a random hour has passed since the last request
content – if not, it adds itself to the file number and a timestamp based on the to the C2 server, the thread closes the
with the \n[SELF_PATH]\n string. current time. All of the fields and an ex- connection to C2.
ample are shown Thread #3 downloads and sets up the
Listing 3: Modify /etc/init.d/[SELF_FILE_NAME] in Listing 4. After filter module. The thread first uses a
#!/bin/sh
it is generated, the variable to check whether the module
bot ID is saved in has already been downloaded. If this is
### BEGIN INIT INFO
the configuration not the case, the thread again carries
# Provides: [SELF_FILE_NAME]
file and the config- out a few steps. It first checks whether
# Required Start: $local_fs $network uration file time- the file [SELF_PATH].so6 exists and com-
# Required Stop: $local_fs stamp is also putes an Md5 hash of its content. It
changed, as with then sends an encrypted request to C2,
# Default Start: 2 3 4 5
the executable file. in which it requests the Md5 hash of a
# Default Stop: 0 1 6
The backdoor module available on the C2 server and
# Short Description: [SELF_FILE_NAME] service then enumerates compares the received Md5 hash with
# Description: [SELF_FILE_NAME] service daemon the system to de- the existing one.
### END INIT INFO
termine the distri- If the hash is different, the thread
bution, the exact makes another request to C2 and saves
[SELF_FULL_ATH] restart
operating system the newly received file under the same
version, and the name. In the second-to-last step, it
Listing 4: Unique Computer ID system architec- reads the data from the /usr/lib/lib-
Linux_[TIMESTAMP]_[MD5SUM]_[RANDOM NUMBER]_V11
ture. All of these sysattr.so file; this was probably stored
values are stored at an earlier stage of the infection. This
Linux_20240310_11cb06d0bf454c3708a3658c2601ea16_40459_V11
in global variables file should contain a series of values

34 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Linodas

separated by pipes (|) and includes a match a local IPV4 or one of the C2s, be used when connecting to C2; the
series of instructions for executable its details are logged and sent to the C2 other specifies whether C2 communi-
files to be replaced. The thread now server. cation should be interrupted if there
searches the system for each file listed Thread #5 takes care of cleaning up are logged-in users. If one of these
in the statement file and saves it as old reverse shell sessions. First of all, the checks fails, the malware does not es-
[FILE_NAME].a. thread monitors reverse shell sessions. If tablish communication with C2. If the
Finally, the thread replaces the original a reverse shell session is found that has checks are successful, the backdoor
files with the newly obtained So6 filter not been active for almost an hour, the analyzes the C2 address and resolves a
module and makes it executable. All of session is removed. C2 domain to IPv4 if necessary.
these steps allow threat actors to put Next, the malware sets up a socket in
wrappers around specific executable C2 Communication TCP or UDP mode, depending on the
system files. Before C2 communication begins, two configuration, and attempts to establish
Thread #4 monitors and logs logged- global structures are checked: One a connection to the C2 server. If the con-
in users. If a user is logged on to the contains the configuration value that nection is successful, the malware starts
Linux machine and their IPv4 does not specifies whether TCP or UDP should a thread to parse C2 commands. After

Table 3: Supported Functions


ID Description Parameters Existing in the
Windows version
0x02 List files and directories under a specific folder Name of the folder yes
0x03 List files and directories in a specific folder List of files or directories separated by && yes
0x05 Send files to C2 Request ID, file list separated by && yes
0x06 Terminate the “Send files” command – yes
0x08 Download a file from C2 and execute (if a flag is Execute flag, file name, file data, all separated by /t yes
activated)
0x09 Terminate the “Download files” command – yes
0x0E Update the C2 URL List of C2 URLs, separated by /t yes
0x0F Display logged-in users – yes
0x11 List running processes – yes
0x12 End process Process ID to be terminated yes
0x13 List executed services – yes
0x14 Start/stop service Service name, action type, separated by /t; action yes
types: 1 – Start service, 0 – Stop service, 2 – Stop
and delete service
0x18 Execute process and send back the response Process path to be executed yes
0x19 Make file executable and execute Receive multiple files to be executed, separated by /t yes
0x1A Start/stop/call up status of HTTP proxy Integer value no
0x1B Start reverse shell – yes
0x1C Undo shell restart – no
0x1D Undo shell termination – no
0x1E Write to reverse shell Binary values divided by 0x010x02 yes
0x27 Rename, copy, move file Action type, file path, new path yes
0x28 Send ok to C2 – yes
0x2B Change proxy connection type Integer value yes
0x2C Set proxy type Integer value yes
0x2D Change file transfer mode Integer, integer value yes
0x2E Auto-complete uninstall, remove persistence, – yes
terminate parent daemon and exit
0x31 Update a global integer value used as the UDP Integer value yes
packet length
0x32 Read file and return content File path, max. bytes to be read no
0x33 Write data to file File path, bytes to be written to a hexadecimal no
character string
0x34 Collect user activities from various files such as – no
/var/run/utmp, var/log/wtmp, var/log/lastlog
0x35 Analyze and send /usr/lib/libsysattr.a file – no
0x36 Analyze data and write to /usr/lib/ Fields separated by /t no
libsysattr.a file

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 35


IN-DEPTH
Linodas

this first connection to the C2 server has support this function. The filter module This step merges the error output with
been established and the C2 command (Figure 2), which was obtained by the standard output so that both can
thread has been created, the backdoor executing ntfsys (v11) from the C&C be manipulated or viewed together.
executes an infinite loop that is respon- server controlled by the actor, is stored While the module executes the sub-
sible for sending a heartbeat to the C2 as ntfsys.so6. routine, it reads parts of the output and
server. The heartbeat contains the fol- The module has the task of control- splits them line by line. Each line runs
lowing values, which are combined ling the execution of the binary files through a filter process in which the
and separated by \t: information about and monitoring their output (Figure 3). line that contains one of the values for
the distribution, the system architec- The module is started each time the ip or name from the configuration is ig-
ture, the string root, the constant value system attempts to use the replaced bi- nored. If the line passes through the
0xC, the UDP packet length 800, and a nary file, with or without parameters. filter, it is printed.
custom path. If the request to C2 has As soon as it is executed, the module The threat actors probably deploy
failed, the connection to C2 is re-estab- checks whether the configuration file this module as a rootkit to filter arbi-
lished; the heartbeat string is then gen- is in /usr/lib/libsysattr.a. This sepa- trary values such as IP, username, pro-
erated and sent again. rate configuration file is not down- cess name, or other artifacts from vari-
loaded together with the module. In- ous binaries in order to collect infor-
Supported C2 Commands stead, the threat actors drop it onto the mation provided by commands such as
Much like the Windows backdoor, the server using the Linodas reverse shell. who, netstat, ps, in order to hide Lino-
Linux backdoor also supports a wide The module loads the ip and name das from monitoring attempts.
range of functions. These functions are fields from the para section of the con-
all listed in Table 3. The table also figuration file. The module combines Conclusions
shows whether they are present in the all received parameters, separates them The Linux version of DinodasRAT ap-
Windows version of the backdoor. with spaces, and checks whether the pears in connection with Chinese APT
original binary file with the name threat actors and has been used repeat-
Filter Module [SELF_PATH].a exists. If not, it outputs edly since at least 2021. Although Lino-
In Linodas v11, thread #3 is responsible the bash shell and exits. das has numerous similarities with the
for downloading an additional module However, if the file exists, the mod- Windows version, the Linux malware
that replaces all specified binaries in the ule executes it with the received argu- points to a separate and independent
system. None of the previous versions ments and appends the string 2>&1. development branch. Linodas intro-
duces add-on modules with separate
configuration files and additional C2
commands that focus on setting up
and controlling reverse shells, collect-
ing user activity from logs, and manip-
ulating local file contents. Q Q Q

Info
[1] DinodasRAT:
Figure 2: File identifiers for the filter module when it first appeared in https://malpedia.caad.fkie.fraunhofer.
November 2023. de/details/win.dinodas_rat
[2] SimpleRemote: https://github.com/
microsoft/SimpleRemote
[3] Gh0st RAT: https://malpedia.caad.fkie.
fraunhofer.de/details/win.ghost_rat

Author
Thomas Boele is an experienced tech
expert and recognized speaker. He has
more than 20 years of experience creating
go-to-market strategies for global IT
companies and start-ups by developing
and building pre-sales organizations in
high-growth environments with results-
oriented, supportive work cultures. Before
joining Check Point Software as Regional
Director, Sales Engineering CER/DACH,
he worked for companies such as Cisco,
Figure 3: Diagram of the execution of a system binary wrapped by the 3Com, NetApp, Riverbed, HPE SimpliVity,
filter module, which changes its output in real time. © Check Point Software Cohesity, and Twilio.

36 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Command Line – zoxide

A modern cd command

Smarter
Navigation
Zoxide, a modern version of cd, lets you navigate long directory paths with less typing.
By Bruce Byfield

I
n most shells, the main navigation Installation and felix and ranger, as outlined on the
utility is cd (change directory). Configuration GitHub page [1]. Usually, integration in-
Generally, cd is built into the shell, Zoxide is available in many distribu- volves the installation of a sub-project.
which is why it does not have its tions, as well as on multiple platforms For example, for Vim and neovim inte-
own man page like other commands. and in multiple package formats. How- gration, zoxide.vim must be added via
The lack of a man page is usually not ever, installing the package is just the one of several package managers, and it
noticed, because the bare cd is all that beginning. To be functional, zoxide re- is used by a half dozen Vim commands.
most users need. However, when direc- quires at least some configuration. Similarly, Emacs integration requires
tories have multiple levels, cd can re- To start, users need to add zoxide to zoxide.el and enables a dozen func-
quire tedious typing, especially when their shell. In Bash, the line tions, such as zoxide-cd and zox-
you have to travel up the directory struc- ide-open-with. Unfortunately, many
ture and down another branch. A mod- eval "$(zoxide init bash)" popular text editors, such as JOE, or
ern version of cd, zoxide, changes all file managers like Dolphin or Caja, are
that by using a database that, once set must be added to the end of ~/.bashrc. not yet supported.
up, requires the typing of only the last This line can be added manually, or with Zoxide’s behavior can also be set with
directory in the path. zoxide-init (more on this later). The environmental variables:
To get its results, zoxide relies on an project’s GitHub page gives instructions • _ZO_DATA_DIR: Specifies the directory in
algorithm based on how often a direc- for other common shells. In order for which the database is stored. The de-
tory is accessed. When first added to the zoxide to deal with directory name con- fault is $XDG_DATA_HOME or $HOME/.
database, a directory is given a score of flicts, the fuzzy searcher fzf must be in- local/share.
1. Each time it is accessed, its score rises stalled. Optionally, you can change the • _ZO_ECHO: When set to 1, z will display
Lead Image © alexandragl,, 123RF.com

by one. When a query is made, a direc- default command z with cmd NAME, even the matched directory before navigat-
tory adds 4 if accessed in the last hour replacing the cd command. Directories ing to it. With this variable, you do not
and 2 if accessed in the last day or last that are scored in searches can also be need to run pwd from the destination
week. The higher the value, the most set with --hook SETTING, with a choice of for its complete path.
likely a directory is to be the one sought. none, prompt, or pwd. • _ZO_EXCLUDE_DIRS: Excludes the speci-
When the database reaches the maxi- Still another option is to integrate zox- fied directories from the database.
mum number of entries, it reassigns ide with other applications such as /home is included by default. This fea-
the frequency of access and deletes any Emacs, Vim, and neovim, as well as sev- ture can be useful for privacy and
directory that falls below 1. eral lesser-known file managers such as security.

38 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Command Line – zoxide

• _ZO_FZF_OPTS: Provides custom options one directory with z .. or into the previ- Except for zoxide-query, none of the sub-
to pass to fzf during interactive selec- ous directory with z -. commands return feedback.
tion. Useful options include case-sen- For many users, no further informa-
sitivity, alternative ways of weighting tion is needed. However, zoxide’s data- Alternative Navigation
directories in search results, and as- base can be edited by subcommands If zoxide does not suit you, there are
sorted display options. See man fzf for placed after the basic command: other cd replacements, including auto-
the list of options. • zoxide add PATHS: Adds a path with a jump, z.lua, and rupa/z. Many of these
• _ZO_MAXAGE: Limits the maximum ranking of 1, or adds 1 to the ranking alternatives are structured similarly to
number of entries in the database. of a directory already in the database. zoxide, using a database and assigning
The default is 10,000. After either, the last updated field of directories a score based on frequency
the entry is updated. Directories ex- of use. Some, such as zsf, can be com-
Using zoxide cluded by the _ZO_EXCLUDE_DIRS envi- bined with zoxide during configuration.
All this lengthy configuration results in ronmental variable cannot be added. Data from some can be transferred to
the basic use of Zoxide being simple. This subcommand is a quicker way to zoxide. Keep in mind that zoxide has
Type z PATH, and the final directory is add directories than letting zoxide the advantages of being simple to use
added to the database. The next time learn from your navigation. and easy to learn.
you need to navigate to that directory, • -zoxide import --from FORMAT: The for- True, new users might wish for a
you only need to type z DIRECTORY, no mat is autojump or z for fasd, z.lua, or zoxide installer to replace the compli-
matter how deep in the directory tree it zsh-z. cated configuration process. More ad-
is buried. For instance, if you type • -zoxide-init: Automatically initializes vanced users might wish for additional
a command shell to read it for use. features, such as associating a direc-
z /home/bb/creative This action can also be done manually tory with a particular application.
in a text editor. However, once set up, zoxide in its
next time you only need to type z cre- • -zoxide query KEYWORDS OPTIONS: current form is a substitute for cd that
ative. Once zoxide is set up, you can Searches the database for keywords. is only slightly more complicated.
quickly add your most-used directories Options for results are --all and Users might want to make zoxide an
to the database and simplify your fu- --exclude PATH. With fzf installed, alias of cd by adding alias z='cd' to
ture navigation. When paths are simi- --interactive (-i) is enabled. With their shell configuration file. With zox-
lar, you can use zi as the basic com- --list (-l), all results are listed, not ide, users will save thousands of key-
mand or press Space+Tab to choose just the most used, while --score (-s) strokes, an improvement that is both
from a list (Figure 1). lists rankings, which can be manipu- efficient and ergonomic. Q Q Q
As the database is populated, zoxide lated with zoxide-add.
will choose the highest ranked directory • -zoxide remove PATHS: Deletes directo- Info
by default. You can change this behavior ries from the database. To permanently [1] zoxide:
by searching for multiple directories in remove a directory from the database, https://github.com/ajeetdsouza/zoxide
the path, or by specifying a subdirectory specify it in the _ZO_EXCLUDE_DIRS
with /. As in cd, you can also move up environment variable. Author
Bruce Byfield is a computer journalist and
a freelance writer and editor specializing
in free and open source software. In
addition to his writing projects, he also
teaches live and e-learning courses. In his
spare time, Bruce writes about Northwest
Coast art (http://brucebyfield.wordpress.
com). He is also cofounder of Prentice
Figure 1: When directories contain similar names, zoxide provides a list Pieces, a blog about writing and fantasy at
of alternatives to select from. https://prenticepieces.com/.

QQQ

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 39


IN-DEPTH
Tampermonkey

Customizing web content with Tampermonkey

Monkey Business
Even small changes in a web page can improve the browsing experience. Your preferred web
browser provides all the tools you need to inject JavaScript to adapt the page. You just need a
browser with its debugging tools, some knowledge of scripting, and the browser extension
Tampermonkey. By Reinhard E. Voglmaier

T
he browser has become a very automation tools or similar functional- the document itself. You can consider
important component for inter- ities, and this construct as similar to the chicken-
acting with the Internet. In recent • providing easy access to AI-based and-egg question: The document con-
years, browsers have evolved tools. tains the script and the script can mod-
from being just a tool for interacting This flexibility and power push the ify the document, including the script it-
with static HTML to a comprehensive browser far beyond its original role of self. The technology that allows this is
part of the infrastructure. The modern simply rendering HTML. the DOM (Document Object Model) [1]
browser is a kind of operating system [2]. When a web page is loaded, the
within the operating system, with a com- Before I Start … browser constructs a DOM tree, which is
plete SDK for JavaScript, HTML, and This article is intended for educational a hierarchical representation of the doc-
CSS, along with features such as a visual purposes only. My goal is to show you ument’s content. This tree structure al-
debugger, a code inspector, options for the power of the described technologies. lows for efficient selection, addition, re-
network and performance monitoring, All information you will find here is al- moval, and modification of elements on
and much more. One interesting features ready available on the Internet – links the web page. The DOM is not tied to
is that you can modify pages already are provided at the end of this article. As any programming language; however,
loaded into the browser with your own with many tools used for programming, JavaScript is commonly used to interact
scripts. The ability to customize web these tools can also be used for illegal with the DOM.
Photo by Jamie Haughton on Unsplash

pages is useful for: activities. If you decide to experiment, it Style sheets (CSS) also are part of the
• quick bug fixes for intranet is up to you to obey all applicable laws DOM. A style sheet describes how the doc-
applications, and treat any websites in a way that is ument will be displayed in the browser
• fixing annoying behaviors of websites compliant with their intended use. (the font, the colors, and so forth). The
or web applications, most interesting feature of the browser is
• implementing security features for Welcome to the DOM that the user can inject code into the DOM.
users in the enterprise, One very exciting feature of today’s web This code can interact with the HTML and
• adding convenient new features to is the connection between the HTML CSS part of the document. This feature
publicly available websites, such as document and the scripts contained in opens a world of possibilities.

42 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Tampermonkey

Listing 1: manifest.json Listing 2: main.js executed when the user clicks the
{ const btn =
Clickme button. Look online if you’re in-
document.createElement('button'); terested in learning more about creating
"manifest_version":2,
btn.textContent = "Clickme"; extensions [3] [4].
"version":"1.0",
btn.onclick = function() {
"name":"Hello World",
alert("Hello World!");
Permanence
"content_scripts":[ So far, the plugin you created is only tem-
}
{ porary. When you restart the browser,
alert("JavaScript loaded!");
"matches":["*://*.perl.org/*"], you have to load it again. With the help
document.body.appendChild(btn);
"js":["main.js"] of the Node.js framework and a function
}
called web-ext, you can create a perma-
is called main.js (Listing 2). The script is nent extension. Now that you understand
]
located in the same directory as the the basic process, I’ll show you an easier
}
manifest file. way to achieve the same result: using an
The script doesn’t do much, but it illus- extension such as Tampermonkey [5].
Extending the Browser trates very well what is possible. You add
Integrating code into the DOM is easy. a button to all pages matching the do- How Tampermonkey Helps
Consider the classic “Hello World” ex- main perl.org. You also define a new Ja- Tampermonkey lets you permanently
ample to demonstrate this process. You vaScript function to be executed when load a user-defined extension into your
need one file called manifest.json (List- the button is pressed. For simplicity, this browser. You can use Tampermonkey to
ing 1) and at least one program file. function only executes the alert function. inject JavaScript code into the DOM to
manifest.json outlines several details, Now you just need to load the exten- be executed in the context of the loaded
such as the plugin’s name, version, sion into your browser. Open the link web page. Tampermonkey is based upon
and, important to us, the URLs of the about:debugging#/runtime/this-firefox. Greasemonkey [6], which currently only
web pages where the plugin should be Click on the button Load Temporary works in the Firefox browser. Tamper-
inserted (in this case, all URLs of the Add-on and load the manifest.json file. monkey, on the other hand, works with
domain perl.org). From now on, all pages from the domain the most common web browsers, and it
The second file you need contains the perl.org opened with this browser in- has a huge user community. The exam-
script you wish to inject. The script is stance will contain a brand-new Clickme ples in this article were produced on the
defined in the js parameter of the mani- button. You have successfully changed Firefox web browser on Linux Mint, but
fest.json file. In this example, the script the DOM and added a function that is they work also on other browsers, as

Figure 1: Tampermonkey asks you to accept privacy conditions.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 43


IN-DEPTH
Tampermonkey

well as on other operating systems. You example I created before as a plugin. In videos using the Invidious front end [7].
can also use different browser extensions Figure 2, you see the script, which you Of course, Google is not happy about the
if they are available for your browser. just need to save using the menu that presence of an alternative open source
opens when you click on File. The result front end for YouTube that doesn’t allow
Installing the is the same as before, which gives a cer- Google’s tracking, and they have de-
Tampermonkey Extension tain confidence that what you did before manded that the developers take down
Tampermonkey is quite easy to install. In is working correctly. Invidious. Over the past few months,
Firefox, select Addons and themes then Google has been actively working to
choose Extensions in the menu on the left. Same Play with AI … shut down Invidious, so by the time you
Search for Tampermonkey, and click on For a more challenging example, there read this, this example might not give
the Tampermonkey icon to install. The are people who prefer to access YouTube the result shown here. In this case,
provider of the extension asks you to ac-
cept the necessary conditions regarding Listing 3: Substitute YouTube Links
privacy (Figure 1); you should read this // ==UserScript==
text carefully then choose which permis- // @name Replace YouTube Links on DuckDuckGo
sions you give to the provider. Monitoring // @namespace http://tampermonkey.net/
network traffic, you will notice that the // @version 0.1
provider of the extension is notified not // @description Replaces YouTube links with invidious.private.coffee in
only that you install his extension, but DuckDuckGo search results

every time you use it. Once you accept // @author Your Name

these conditions, the extension will install. // @match https://*.duckduckgo.com/*

// @grant none

Let’s Play // ==/UserScript==

When you open Tampermonkey for the


first time, it kindly asks if you will allow (function() {

sending anonymous statistics about its 'use strict';

usage home to its developer. It is up to


you whether you allow or disallow this. // Function to replace YouTube URLs with invidious.private.coffee

After that, you can write a new user function replaceYouTubeLinks() {

script. Click on Create a new script .... const links = document.querySelectorAll('a[href*="www.youtube.com"]');

Tampermonkey creates a skeleton for links.forEach(link => {

your new user script and displays it in link.href = link.href.replace


("www.youtube.com", "invidious.private.coffee");
the Tampermonkey editor. You will find
});
the same meta information you config-
}
ured in the manifest file in the previous
})();
example. I will reuse the "Hello, World"

Figure 2: Execute a script with Tampermonkey.

44 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Tampermonkey

Listing 4: Substitute YouTube Links 2.0 are very powerful tools. You should
// ==UserScript==
know what you are doing – otherwise
// @name Replace YouTube Links on DuckDuckGo things could get complicated very fast.
// @namespace http://tampermonkey.net/
// @version 0.2 Another Way
// @description Replaces YouTube links with invidious.private.coffee in In the world of programming, the saying
DuckDuckGo search results goes, “There is more than one way to do
// @author Your Name
it!” I will show you a third way to get a
// @match https://*.duckduckgo.com/*
script up and running. If you open the
// @grant none
Tampermonkey extension, you will see in
// ==/UserScript==
the menu the option Find New Scripts.
This option opens a new menu contain-
(function() {
ing links that bring you to websites offer-
'use strict';
ing tons of ready-to-use user scripts. You
// Function to replace YouTube URLs with invidious.private.coffee
can perform a search to look for a script
function replaceYouTubeLinks() {
that fits your needs. But be prepared:
const links = document.querySelectorAll('a[href*="www.youtube.com"]'); These scripts might or might not work.
links.forEach(link => { Someone could have written the script for
link.href = link.href.replace a different extension, such as Greasemon-
("www.youtube.com", "invidious.private.coffee"); key, or for a different version of the exten-
}); sion you are using. Also, as the previous
}
example showed, timing could have an
impact on the operations. You should
// wait until the page has been loaded
therefore understand what you are doing
window.addEventListener('load', replaceYouTubeLinks);
before you use one of these scripts.
})();

Explore the DOM


though, I’m just using this example as a When I tried again, the search brought When you look at the text you get from
way of showing how to substitute links up links to Invidious instead of YouTube. a web server, you’re sure to be con-
in the result list of a search engine with The updated version of the script is in fused by the complexity of some pages.
something different. Listing 4. The browser’s SDK can help. In
Suppose you don’t want to take the You can even substitute links to a func- Firegox, go to the element on the web
time to write the code yourself. You can tion that is executed when the user clicks page you’re planning to change and
take your preferred AI chat tool (in this it. For example, this function could con- right-click with your mouse. A menu
example, www.phind.com) and ask the sult a blacklist of links that should be opens; the last choice in the menu is
friendly bot to do the following: “Please avoided and inform the user if a match is Inspect. Click on Inspect and the inter-
write a user script that replaces YouTube found. Again, ask your preferred AI chat- face to this SDK opens (Figure 3).
with the site name invidious.private. bot to deliver you the code. When you hover your mouse over the
coffee in all search results of Duck- Please allow me one comment: Your HTML code on the page itself, the cor-
DuckGo.” Phind delivers a neat little browser, JavaScript, and Tampermonkey responding element is highlighted. This
script (Listing 3) that contains all the
information necessary to make Tamper-
monkey happy. Tampermonkey per-
forms syntax checks and complains if it
detects syntax errors. Save the script
and perform a search with Duck-
DuckGo; for examples, look for Tam-
permonkey installation tutorials.
My first attempt at this hack didn’t ap-
pear to work; all video links to YouTube
were unchanged. It turns out timing is
critical: when the script executed, the
page was not completely loaded, there-
fore it was impossible to substitute the
links contained in it. Adding a simple
event listener fixed the problem:

window.addEventListener('load', U
replaceYouTubeLinks); Figure 3: Inspecting an HTML page using the browser’s built-in SDK.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 45


IN-DEPTH
Tampermonkey

feature helps you to find the element in


the DOM you want to change.

Test Your Code


The browser SDK helps you test your
code. Consider the "Hello, World" exam-
ple. Open the SDK by pressing F12. Once
the SDK is open, click on the Console
tab. In the console, you can now enter
the code you want to test. Start typing in
the program from Listing 2. As you type
in the line const btn = document.
createElement('button');, you will no-
tice (after you enter the dot after docu-
ment) that the SDK offers you autocom-
pletion, which is very helpful. Once
you finish the definition of the button,
you can explore what you created using Figure 4: Executing the JavaScript example in the console.
JavaScript or insert the newly created
button on the web page using the line: Now that you know how to get the scripts. That is not a good idea at all.
"document.body.appendChild(btn);” (Fig- URL of the 3D model, you just need to Install user scripts only if you com-
ure 4). Your newly created button will create a clickable button that will let you pletely understand what these scripts
pop up on the web page. download this URL (Figure 5). You can are doing. Do not use scripts that con-
use the JavaScript function tain code you do not fully understand.
3D Furniture Models "createElement('button')" for this step. Script code performing harmful opera-
Modeling your home can be a little The user script that performs this mir- tions on your behalf could be obfus-
tricky. You will find some excellent open acle is available on GitHub [8]. I recom- cated in a way that is difficult to per-
source programs that will help you, such mend that you download the script and ceive unless you look carefully and
as Blender. But also, many furniture ven- read it carefully – you will learn a lot know what you are looking at. The
dors provide 3D models of their prod- from a very short bit of code. most secure scripts are those you de-
ucts. IKEA, for example, offers a lot of velop and test yourself. The same sug-
products as 3D models together with an Cybersecurity gestion holds for extensions.
online tool to visualize them. Downloading a user script you found on Instead of trusting the scripts on the
If you explore the DOM for these the Internet into Tampermonkey can be distribution site of your browser, why
pages, you will find that a little Java- quite dangerous. As I have mentioned not create your own extension? It is eas-
Script program (Listing 5) is used to before, the user scripts you install can ier than you may think. You can write
open a 3D file with the extension .glb – run on every page you load into your the code in JavaScript, just as you do
a royalty-free method of encoding 3D browser. Every script can control all with user scripts.
data. A tool such as Blender can easily communication between your browser You could also choose to use Tamper-
use this data to help you model your and the contacted servers. They act on monkey in a sandbox for development
home. Look at the web page of an IKEA your behalf and can do things on your purposes, once you have developed a ro-
product with 3D modeling and you will behalf that you might not even notice. bust user script, and then convert the
discover that the View in 3D button calls Obviously, the same holds for every ex- whole application to the form of an
a script that contains, as a parameter, the tension you install into your browser. extension.
3D model you would like to download. Therefore, it is important to only in- BTW: I hope you do not perform on-
With this information, you can easily stall scripts you trust, as well as to in- line banking with your regular browser
download the model. You can then im- stall only browser extensions you trust. and instead use a specially hardened
port the model directly into Blender. Extensions should only be installed browser for this purpose.
However it is not very convenient to from the official distribution of your
have to right-click on the HTML area of browser provider.
the SDK in order to find out the URL of You will find Listing 5: Fetching 3D Models
the .glb file. A little user script can assist statements on the <script type="application/json" id="pip-xr-viewer-model">
you. You know the name of the function Internet telling
{"productId":"<productId>",
and can search for it in the DOM with you that tools
the help of the function document.query- such as Tamper- "productName":"<productName>",

Selector. Once you find the function, monkey allow


you just need to use the URL in its pa- people with no "url":"<Url 3D Model>"}
rameters to discover where to get the coding experience
</script>
3D model. to use powerful

46 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Tampermonkey

Law and Ethics experience. The most interesting advan- Tampermonkey extension. Alternatively,
Before concluding this article, I want to tages are: you can use open source extensions
invite you to consider a few things. Your • Enhancing web pages – Tampermon- such as Violentmonkey [9]. You could
web browser is obviously your property, key enables users to modify the con- also choose to write your own extension,
whereas the web server you are contact- tent of web pages to add custom func- which is not very difficult. The same
ing with your browser belongs to some- tionality ranging from simple DOM holds for the scripts. You can develop
one else. I am not a lawyer, and the law manipulations to making AJAX calls. your own, let AI tools help you in writ-
in the field of informatics is rather com- This flexibility allows for a wide ing scripts, or download entire scripts
plex. I think that processing data you ob- array of enhancements, such as from trusted Internet sources.
tained from the Internet on your browser cleaning up websites, adding export Tampermonkey stands out as a valu-
is one thing. Constructing a web page to to PDF buttons, displaying word able tool for enhancing the web brows-
hack into a web server or modifying a counts, and much more. ing experience through user scripts. Ease
page to present to another user – or to • Customization and personalization – of use makes Tampermonkey accessible
masquerade as the original web server – By creating and utilizing user scripts, to a wide audience. However, users
is something entirely different. It is your individuals can tailor their browsing should remain mindful of legal issues
responsibility to act in accordance with experience to meet a specific need. and security considerations when em-
applicable legislation. Whether that need is improving the ploying custom scripts. Q Q Q
I have no idea how copyright applies usability of frequently visited sites or
to websites. In many cases, a copyright adding new functionalities, Tamper- Info
notice is listed somewhere on the site monkey scripts can significantly en- [1] The DOM W3 Schools: https://www.
with terms of usage. I suggest consider- hance the overall web-browsing w3schools.com/js/js_htmldom.asp
ing one ethical perspective. Some sites experience. [2] Introduction to the DOM:
rely on ads; without them, these sites • Learning opportunity – Writing user https://developer.mozilla.org/en-US/
could not stay online. Consider this scripts with Tampermonkey can serve docs/Web/API/Document_Object_
when trying to implement functionalities as an excellent learning opportunity Model/Introduction
such as ad blockers. for both beginners and experienced [3] Firefox Extension Workshop:
programmers. Tampermonkey pro- https://extensionworkshop.com/
Conclusions vides insights into web-page struc-
[4] How to Write Your Own Browser Ex-
Using Tampermonkey to write user tures, JavaScript, and the DOM.
tension:
scripts for web pages is a great way to Obviously all this comes with a price: se-
https://www.freecodecamp.org/news/
enhance and personalize the browsing curity. You must trust the supplier of the write-your-own-browser-extensions
[5] Tampermonkey:
https://www.tampermonkey.net/
[6] Greasemonkey: https://github.com/
greasemonkey/greasemonkey
[7] Invidious: https://invidious.io/
[8] IKEA 3D Model Downloader:
https://github.com/apinanaivot/
IKEA-3D-Model-Download-Button
[9] Violentmonkey:
https://violentmonkey.github.io/

Author
Reinhard E. Voglmaier
discovered his love for
computer science while
writing his diploma thesis
at the Max Planck Insti-
tute for Extraterrestrial
Physics in Germany. He started his career
as IT project manager and subsequently
took on the role of intranet manager in a
pharmaceutical company, overseeing web
services and addressing cybersecurity
concerns. Following his retirement, he
continues to lead the expert charter GRC
in Digital Health for ISACA Germany and
Figure 5: Downloading a 3D model: The button in the lower right is engaged in a computer linguistics proj-
labeled Download 3D was added by the script. ect at the University of Innsbruck.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 47


IN-DEPTH
Programming Snapshot – Go Interfaces

Go program updates local copies


of Git repositories

In
Harmony
Using the Go Interface mechanism, Mike demonstrates
its practical application with a refresh program for local
copies of Git repositories. By Mike Schilli

V
acation time is travel time! I version until Git reported
like to take my laptop with me “up-to-date,” as well as clone
on long-haul flights. After all, repositories I previously only
the best ideas for new articles checked out on my home computer on collections in one fell swoop (e.g., “all
always come to me at the worst possi- my laptop to deliver all the resources I GitHub repos belonging to this user” or
ble times. But, without an Internet con- can access at home. “all subdirectories on a host with an SSH
nection, neither Google nor ChatGPT connection”). I want the GMF parser in
work, and GitHub is also out of reach Meta Format Go to read these individual entries or
for code ideas. Even the stuff I wrote Now the little helper can’t read my mind collections from the GMF file one after
previously is stashed away in Git reposi- (yet) and simply load everything that I the other and create matching objects
tories, and – worse still – the copies on think is important. That’s why I went for from them, all of which are then capable
my laptop are not always up to date. a meta file, as shown in Figure 1, to of using the Expand() method, from
That’s really annoying, because it specify the repositories and define the which the directories to be cloned –
means duplicating the work, which I directory names in each new develop- along with their URLs – are extracted.
want to avoid, or at least pesky integra- ment environment. It contains an array Later, the GMF parser will go through
tion and potential conflict-resolution in YAML format whose elements under all the entries in the YAML file in Listing
tasks later, when I look to reconcile the the keywords dir and url contain the 1 and call the Expand() method for each
texts I checked in while I was up in the clone directory and the URL of a reposi- one. There is not much to do in the first
air with an out of sync repository. tory I want to clone. Because this is entry in lines 1 and 2, because the YAML
Wouldn’t it be great to fire up a pro- GitHub repository metadata, the format, element already specifies the Git URL
gram on my laptop before the plane for historical reasons, should be called and the clone directory, so Expand() sim-
takes off to update the local copies of GitHub Meta Format (GMF), because I ply passes the combination to the clon-
all my checked-out Git repositories? It wrote it in Perl 15 years ago and intro- ing tool that then runs.
would need to sync the existing clones duced it in my column [1]. Fast forward The second entry in Listing 1, starting
on the laptop with the latest cloud to today, and there’s an opportunity to in line 3, uses the github-user-repos type
rewrite it in Go and at the same time to reference the repositories of a GitHub
Author demonstrate Go’s
Mike Schilli works as a cool interface Listing 1: repos.gmf
Lead Jörg_Stöber © Author, 123RF.com

software engineer in the mechanism for 01 - dir: bondy


San Francisco Bay Area, plugin-based
02 url: [email protected]:git/bondy.git
California. Each month architecture!
03 - type: github-user-repos
in his column, which has The meta for-
been running since 1997, mat can do more 04 user: mschilli

he researches practical applications of than simply target 05 - type: ssh-user-repos


various programming languages. If you individual reposi- 06 host: shared01.somehoster.com
email him at [email protected] tories; it can also
07 path: git
he will gladly answer any questions. define entire

48 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Programming Snapshot – Go Interfaces

user. This means that Expand(), in this Expand() methods do different things. arrays or passed around like others, and
case, needs to perform a search on The entries in the YAML file give me a whatever calls their methods is given the
GitHub, obtain the user’s repositories, list of different objects whose Expand() desired results, regardless of the actual
and generate the results: a list of Git methods do the right thing as a function object type under the hood.
URLs and their clone directories. The of the type. A loop then iterates across
third entry in Listing 1, starting in line 5, the objects and calls their Expand() meth- One Plugin for Every Task
of the ssh-user-repos type, tells Expand() ods while blissfully ignoring the actual To allow the GMF parser in Listing 2 to
to use SSH to log into the specified host, object types. collectively process the entries of differ-
list the Git directories there, and return a ent types, the parser defines the PluginIf
list of the directories as a result. Multifaceted in Go type, starting in line 17; the type has
In object-oriented programming, this pro- three functions. Applicable() checks
No Spaghetti Code cess is known as polymorphism, which whether the plugin can actually process
The parser calls Expand() three times, but comes from the Greek word for “many the current GMF entry from the meta
each time it achieves the result in a dif- forms.” What this translates to is that an file. If this returns true, the main pro-
ferent way. Of course, Expand() could identifier (i.e., a variable containing an gram calls the plugin’s Expand() function
find the currently correct algorithm in a object) can accept instances of different to obtain an array of cloneable reposito-
forest of if-else branches, but this is classes that all use the same method. Al- ries. If false is returned, the main program
confusing, not to mention difficult to test though the methods trigger different ac- moves on and tries the next plugin.
for correctness, expand, and maintain. tions as a function of the type currently in What the call to Expand() does now de-
In object-oriented terms, it makes more use, they have the same name and deliver pends on the plugin. The plugin for sin-
sense to write the solution to the the results in the same format. gle entries with a repository URL and
problem as different classes whose Unfortunately, Go is committed to clone directory, like in line 1 of Listing 1,
strict types, and just returns an array with a single ele-
the same variable ment – a variable of the Cloneable type
can never store containing these values. The code for
different types. this simple plugin is shown later in List-
This is where the ing 4. What all plugins have in common
Go interface type is that they offer a constructor (e.g., New-
enters the scene; GMFEntry()), which returns an object of
it determines the type in question that the main pro-
which functions a gram can use later on to call the func-
variable of a spe- tions standardized in the interface.
cific type offers.
Variables of type Plugin Wanted
interface can If the GMF parser later reads a YAML
then be stored in entry, this is returned as a GMFMetaEntry

Figure 1: The API call for a user’s repositories Figure 2: Every Github respository lists its own clone
returns JSON. URL, which is reported by the API.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 49


IN-DEPTH
Programming Snapshot – Go Interfaces

type variable; FindPlugin(), starting in starting in line 23, contains three plu- Starting in line 28, the for loop then
line 22 of Listing 2, then rummages gin elements, all of which it creates by iterates through all the known plugins,
through all known plugins to find the using New...() to call their calling the Applicable() function for
right one. The plugins array slice, constructors. each one until true is returned. In

Listing 2: gmf.go
01 package main 33 return nil, errors.New("No applicable plugin found")

02 34 }

03 import ( 35

04 "errors" 36 func NewGitmeta() *Gitmeta {

05 "os" 37 return &Gitmeta{

06 ) 38 Cloneables: []Cloneable{},

07 39 }

08 type Cloneable struct { 40 }

09 URL string 41

10 Dir string 42 func (g *Gitmeta) AddGMF(f *os.File) error {

11 } 43 entries, err := g.parseGMF(f)

12 44 if err != nil {

13 type Gitmeta struct { 45 return err

14 Cloneables []Cloneable 46 }

15 } 47 for _, e := range entries {

16 48 p, err := g.FindPlugin(e)

17 type PluginIf interface { 49 if err != nil {

18 Applicable(e GitMetaEntry) bool 50 return err

19 Expand(e GitMetaEntry) ([]Cloneable, error) 51 }

20 } 52 cloneables, err := p.Expand(e)

21 53 if err != nil {

22 func (g *Gitmeta) FindPlugin(m GitMetaEntry) 54 return err


(PluginIf, error) { 55 }
23 plugins := []PluginIf{ 56 for _, cloneable := range cloneables {
24 NewGMFEntry(), 57 g.Cloneables = append(g.Cloneables, cloneable)
25 NewGMFGithubUser(), 58 }
26 NewGMFSSH(), 59 }
27 } 60 return nil

28 for _, plugin := range plugins { 61 }

29 if plugin.Applicable(m) { 62

30 return plugin, nil 63 func (g *Gitmeta) AllCloneables() []Cloneable {

31 } 64 return g.Cloneables

32 } 65 }

Listing 3: parser.go
01 package main 17

02 18 func (g *Gitmeta) parseGMF(f *os.File)


03 import ( ([]GitMetaEntry, error) {
04 "gopkg.in/yaml.v2"
19 records := []GitMetaEntry{}
05 "io/ioutil"
20 data, err := ioutil.ReadAll(f)
06 "os"
21 if err != nil {
07 )

08 22 return records, err

09 type GitMetaEntry struct { 23 }

10 URL string `yaml:"url"` 24 err = yaml.Unmarshal(data, &records)


11 Type string `yaml:"type"`
25 if err != nil {
12 Dir string `yaml:"dir"`
26 return records, err
13 User string `yaml:"user"`
27 }
14 Path string `yaml:"path"`

15 Host string `yaml:"host"` 28 return records, nil

16 } 29 }

50 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Programming Snapshot – Go Interfaces

Figure 3: One Gitmeta entry is all you need for all of a user’s GitHub repositories.

line 30, FindPlugin returns the reference AllCloneables() function in line 63 does contain the URL and target directory of
found in this way to the caller, or it re- no more than return the previous results a repository to be cloned. Like its big
ports an error in line 33 if it failed to to the caller as an array slice. brothers later, it is object-oriented and
find a suitable plugin. Listing 3 defines which entries are defines the NewGMFEntry() constructor
The GMF parser in Listing 2 is now permitted as elements of the long list of in line 5; the constructor returns a
object-oriented itself; line 36 defines its entries in the YAML file. An entry can structure that acts as the instance data
constructor. As the instance data, the specify a type. If this is missing, you are container, in typical Go style. In this
Gitmeta structure in line 13 contains an looking at a simple repository definition simple case, the structure remains un-
array slice of Cloneable types, each of consisting of the URL and its target populated; later, it will be used by the
which contains repositories to be cloned directory. caller as a reference for calling further
into their target directories (Figure 2). The Go GitMetaEntry type defines all plugin functions.
The AddGMF() function starting in line 42 permitted field names of the entries in The Applicable() function starting in
expects a file descriptor for an open the .gmf file starting in line 9. In addi- line 9 checks whether the repository’s
GMF file and calls parseGMF() (shown tion to the optional entry type, an YAML definition includes a field named
later in Listing 3) to read the file’s entry can contain the URL and Dir fields Type. If this field is missing, it’s a case
YAML content; this returns an array for a single entry, or the user for a for the plugin; the function returns true
slice of GitMetaEntry structures. GitHub repository (Figure 3), or the because e.Type == "" in line 10 evalu-
host and path for an SSH host that ates to true. Generating and returning a
Worker Assigned stores Git repositories. list of structures from the YAML entry
In line 48 FindPlugin() then then checks The parseGMF() function starting in line in Expand() in this simple case is merely
each array slice element to find the right 18 expects an open file descriptor, reads a formality; line 15 adds a single entry
processor, while the call to Expand() in YAML data from it, converts the YAML to the array slice of Cloneables. This
line 52 allows the plugin to discover configuration into a list of GitMetaEntry ob- concludes my first plugin!
which actual repositories of the Cloneable jects, and passes these back to the caller.
type the current entry actually points to. Plugin for GitHub
The for loop starting in line 56 ap- Simple Plugin What about a more advanced plugin,
pends each match to the Cloneables in- To get started, the plugin in Listing 4 is like one that fetches all repos in a us-
stance array, while the exported dedicated to simple entries that er’s GitHub account? Listing 5 shows

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 51


IN-DEPTH
Programming Snapshot – Go Interfaces

Listing 4: gmf-entry.go the plugin I built for this, following the previously used
01 package main
pattern.
It also comes with a constructor in line 18 which returns an
02
empty GMFGithubUser type structure to the caller. The Applica-
03 type GMFEntry struct {}
ble() interface function starting in line 22 examines the entry’s
04
type field and volunteers to take care of the entry if it finds the
05 func NewGMFEntry() GMFEntry { github-user-repos string there. Later, Expand(), starting in line
06 return GMFEntry{} 26, calls the githubProjectsOfUser() helper function from line
07 } 39 to contact the GitHub API and lists the specified user’s re-
08
positories in JSON format.
As you can see from Figure 1, what is returned in JSON is a
09 func (g GMFEntry) Applicable(e GitMetaEntry) bool {
jumble of data that lists all of the user’s repositories with all
10 return e.Type == ""
kinds of parameters, such as whether it is a fork of another
11 }
project. Because the cloning tool is only interested in original
12 repositories, line 57 discards all forks. Finally, Expand() returns
13 func (g GMFEntry) Expand(e GitMetaEntry) ([]Cloneable, a list of Cloneable structures to the main program.
error) {

14 return []Cloneable{ Plugin for SSH


15 {URL: e.URL, Dir: e.Dir}, The plugin for Git repositories located in a specific directory on
a host accessible via ssh is shown in Listing 6. It also checks
16 }, nil
the type specified in YAML within Applicable(). If it matches, it
17 }
calls the helper function sshGitDirs() from line 39 in Expand()

Listing 5: gmf-ghuser.go
01 package main 34 clones = append(clones, Cloneable{URL: repo.SSHURL,

02 Dir: repo.Name})

03 import ( 35 }

04 "encoding/json" 36 return clones, nil

05 "fmt" 37 }

06 "net/http" 38

07 ) 39 func githubProjectsOfUser(user string)


([]Repository, error) {
08
40 results := []Repository{}
09 type Repository struct {
41 url :=
10 Name string `json:"name"`
"https://api.github.com/users/" + user + "/repos"
11 Fork bool `json:"fork"`
42 resp, err := http.Get(url)
12 SSHURL string `json:"ssh_url"`
43 if err != nil {
13 HTMLURL string `json:html_url"`
44 return results, err
14 }
45 }
15
46 defer resp.Body.Close()
16 type GMFGithubUser struct {}
47
17
48 if resp.StatusCode != http.StatusOK {
18 func NewGMFGithubUser() GMFGithubUser {
49 return results, fmt.Errorf("Status %s", resp.Status)
19 return GMFGithubUser{}
50 }
20 }
51
21
52 var repos []Repository
22 func (g GMFGithubUser) Applicable(e GitMetaEntry) bool {

23 return e.Type == "github-user-repos" 53 if err :=


json.NewDecoder(resp.Body).Decode(&repos); err != nil {
24 }
54 return results, err
25
55 }
26 func (g GMFGithubUser) Expand(e GitMetaEntry)
([]Cloneable, error) { 56 for _, repo := range repos {

27 clones := []Cloneable{} 57 if !repo.Fork {

28 res, err := githubProjectsOfUser(e.User) 58 results = append(results, repo)

29 if err != nil { 59 }

30 return clones, err 60 }

31 } 61

32 62 return results, err

33 for _, repo := range res { 63 }

52 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


IN-DEPTH
Programming Snapshot – Go Interfaces

Listing 6: gmf-ssh.go
01 package main 31 URL: fmt.Sprintf("%s:%s/%s", e.Host, e.Path, dir),

02 32 Dir: ldir,

03 import ( 33 })

04 "bufio" 34 }
05 "bytes" 35
06 "fmt" 36 return clones, nil
07 "os/exec"
37 }
08 "strings"
38
09 )
39 func sshGitDirs(host string, path string) ([]string,
10 error) {
11 type GMFSSH struct {} 40 results := []string{}
12
41 cmd := exec.Command("ssh", host, "ls", path+"/*/
13 func NewGMFSSH() GMFSSH { config")

14 return GMFSSH{} 42 output, err := cmd.Output()


15 } 43 if err != nil {
16 44 return results, err
17 func (g GMFSSH) Applicable(e GitMetaEntry) bool {
45 }
18 return e.Type == "ssh-user-repos"
46
19 }
47 reader := bytes.NewReader(output)
20
48 scanner := bufio.NewScanner(reader)
21 func (g GMFSSH) Expand(e GitMetaEntry) ([]Cloneable,
49 for scanner.Scan() {
error) {
50 line := scanner.Text()
22 clones := []Cloneable{}
51 parts := strings.Split(line, "/")
23 res, err := sshGitDirs(e.Host, e.Path)
52 if len(parts) > 2 {
24 if err != nil {

25 return clones, err 53 results = append(results, parts[len(parts)-2])

26 } 54 }

27 55 }

28 for _, dir := range res { 56

29 ldir := strings.TrimSuffix(dir, ".git") 57 return results, err

30 clones = append(clones, Cloneable{ 58 }

Listing 7: gitmeta.go
01 package main 20 }

02 21

03 import ( 22 gmf.AddGMF(f)

04 "fmt" 23 usr, err := user.Current()

05 "os" 24 if err != nil {

06 "os/user" 25 panic(err)

07 "path/filepath" 26 }

08 ) 27 gitDir := filepath.Join(usr.HomeDir, "git")

09 28 err = os.Chdir(gitDir)

10 func main() { 29 if err != nil {

11 if len(os.Args) != 2 { 30 panic(err)

12 panic(fmt.Errorf("usage: %s repos.gmf", 31 }
os.Args[0])) 32

13 } 33 for _, c := range gmf.AllCloneables() {

14 cfg := os.Args[1] 34 err := cloneOrUpdate(c, gitDir)

15 35 if err != nil {

16 gmf := NewGitmeta() 36 panic(err)

17 f, err := os.Open(cfg) 37 }

18 if err != nil { 38 }

19 panic(err) 39 }

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 53


IN-DEPTH
Programming Snapshot – Go Interfaces

starting at line 21. sshGitDirs() runs ssh Starting with the paths to the config loop then checks these, starting in line 33,
on the command line, which runs an ls files inside the repositories that have calling cloneOrUpdate() from Listing 8
command on the remote host to list the been found, line 53 truncates them to in each case.
Git repositories under the specified path. their last two parts and adds this relative This function in turn expects a Clone-
It is assumed that ssh is configured with directory name to the end of the results able struct and the path under which all
a key pair and works without manual string array slice. Back in Expand(), line 29 Git clones are stored. Prior to this, the
password entry. trims the frequently used .git suffix to main program has set gitPath to the git
create the name I directory in the current user’s home di-
Listing 8: clone.go want the Git clon- rectory; if you want something else, you
01 package main
ing tool to use for will need edit this section.
02
the local copy. There are now two options for the ac-
Line 31 then cob- tual cloning process: Either the directory
03 import (
bles together the with the clone already exists and only
04 "os"
URL for the repos- needs to be updated with git pull. Or it
05 "os/exec"
itory from the does not yet exist, and git clone in
06 "path"
hostname, the line 13 of Listing 8 creates a new local
07 ) path, and the re- copy of the remote repository.
08 pository’s direc-
09 func cloneOrUpdate(c Cloneable, gitPath string) error { tory. The result is Bringing It All Together
10 fullPath := path.Join(gitPath, c.Dir) a list of Cloneable To build a binary from all of the listings
11 _, err := os.Stat(fullPath) structures. in this issue, follow the usual steps:
12 if os.IsNotExist(err) {

13 cmd := exec.Command("git", "clone", c.URL, fullPath)


And … git mod init gitmeta

14 _, err := cmd.CombinedOutput()
Action! git mod tidy

The main pro- go build


15 if err != nil {
gram in Listing 7
16 return err
now has to read This defines a new Go module, resolves
17 }
the name of the all the dependencies on external librar-
18 }
GMF file to be ies, and links everything to create an ex-
19 err = os.Chdir(fullPath) processed from ecutable. Now you just need to quickly
20 if err != nil { the command line create a .gmf file with all the repositories
21 return err in main(), open you want to clone before you set off on
22 } the file, and send vacation! Q Q Q
23 it to the parser by
24 cmd := exec.Command("git", "pull")
calling AddGMF(). Info
25 _, err = cmd.CombinedOutput()
If successful, a [1] “Manage Git Repositories with a
list of Cloneable Meta Directory” by Mike Schilli,
26 return err
structures is re- Linux Magazine, issue 118, Septem-
27 }
turned; the for ber 2010, pp. 50-55

QQQ

54 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


MAKERSPACE Embedded Rust

MakerSpace
Make your microcontroller apps
safe and secure with Rust

Rust on a Device
Rust, a potential successor to C/C++, claims to solve some memory safety issues while
maintaining high performance. We look at Rust on embedded systems, where memory
safety, concurrency, and security are equally important. By Andrew Malcolm

F
or decades, C and increasingly for new code and for re-writing critical push button. A little later, I’ll show how
C++ have been the languages sections of existing code as a stepping to check if Rust supports a particular
of choice for microcontroller de- stone to a full Rust implementation. processor and/or architecture. STM32
velopment, with assembler re- With that being said, this article is devices are ARM Cortex based, and Rust
served for optimizations and start-up code. intended as a “getting started” guide: has excellent support for that architec-
Most vendors provide free development Adoption of Rust is a big step in a com- ture. This particular NUCLEO develop-
IDEs, and most of these use GNU compil- mercial environment, and one of the ment board, in common with many such
ers under the hood. Some of the IDEs best ways to evaluate a new language boards, has an on-board programmer
come with initialization code and generate is to try it! In today’s world of low-cost (typically another microcontroller), so a
device configuration code (choosing I/O development boards and free software USB cable hooked up to you Linux box is
functionality, etc.), so a device can be tools, all it takes is a little time and de- all you need to download, run, and
configured in a point-and-shoot manner termination. Then you can base your debug code on the board.
letting you concentrate on writing applica- decisions on some real-life experience. Development in Rust requires only the
tion code. Similarly, manufacturers of I/O There will be a lot of code in this arti- Rust toolchain and an editor. I’m going
devices such as sensors and wireless mod- cle – many of the following listings have to be using VS Code [5] with the rust-
ules supply drivers and example code. a filename – and you can get all those analyzer plugin [6], as this has excellent
C/C++ is an easy-to-learn language, but files from our download area [2]. support for Rust with code completion,
it’s also easy to abuse and to write buggy syntax highlighting, and so on, but there
code. Embedded code is expected to run Setting Up a Development are other solutions out there.
unattended, often in hostile environments Environment
where code updates are difficult if not im- I’m going to assume you’ve installed Cross Compiling
possible. Increasingly, these devices are In- Rust and its associated tools and got be- You’ll need the datasheet [7] and reference
ternet-connected. While this means easier yond a simple “hello world” program. If manual [8] for the chosen microcontroller.
code updates, it requires a significant not, you can follow the instructions on From the start, you can see that the micro-
amount of extra effort to do well, and iron- the Rust website [3] to get started. I’d controller has an ARM 32-bit Cortex-M4
Photo by Lucas van Oort on Unsplash

ically this very connectivity lays the device encourage you to become familiar with 32-bit processor with hard floating-point
open to nefarious access attempts. I know the rudiments of Rust by writing code support. You can use this information to
that there are tools available that help to for your Linux platform before moving tell Rust what to cross compile to. Visit
minimize the risk of bad code getting into on to an embedded environment. I will ARM’s developer website [9] for more de-
a product, and it is certainly not easy to use an STM32 development board, spe- tails: specifically the ARMv7E-M architec-
consider rewriting large legacy codebases in cifically the NUCLEO-L476RG [4] (Fig- ture and Thumb instruction set. Armed
another language, but I think that Rust [1] ure 1), but you could use almost any (no pun intended) with this information,
has come far enough and has sufficient development board, though it’s useful if you can visit Rust’s platform support page
advantages over C/C++ to be considered the board has at least one LED and a and find the thumbv7 target support [10].

56 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


Embedded Rust MAKERSPACE

By default, your Rust installation only provides support for the Cortex core and processor will jump to an entry in the in-
supports your host architecture, Linux. To includes linker instructions to ensure our terrupt vector table located at the begin-
add support for your target, simply type: code is properly located in the target ning of FLASH. This is taken care of in the
memory [12]. You can add this crate as a start-up code, so all you have to tell the
rustup target add thumbv7em-none-eabihf dependency with linker is where to find the memory. Add
memory.x with the following lines in the
Typing rustup show will confirm the sup- cargo add cortex-m-rt root of your project directory:
ported targets. To start a project, type:
this should add a dependency line to MEMORY

cargo new nucleo-l476rg-primer Cargo.toml. {

Now you can add the entry-point direc- RAM : ORIGIN = 0x20000000, LENGTH = 96K

Change your directory to the directory tive and a function that never returns. Your FLASH : ORIGIN = 0x08000000, LENGTH = 1024K

created in that command and start VS code should look like this (main-01.rs): }

Code by typing code . (with a dot for the


current directory at the end). You should #![no_std] The linker also needs to know the target
see a source subdirectory and a Cargo.toml #![no_main] microcontroller so you need to add an-
file; you can ignore the other files and extern crate cortex_m; other file, config.toml, in a new .cargo
directories for now. Open the main.rs file use cortex_m_rt::entry; directory:
in the source directory. You need to tell the
compiler not to include the standard li- #[entry] [build]

brary and that your program does not fn entry_point() -> !{ target = "thumbv7em-none-eabihf"

have the usual entry point. We use the loop {

#![no_std] and #![no_main] directives for } [target.thumbv7em-none-eabihf]

this. Later you will add another directive } rustflags = ["-C", "link-arg=-Tlink.x"]

to tell the compiler where the entry point


is, and that can be a function with any
In order for the linker to know where to This saves you from having to pass these
name of your choice (including, oddly
locate your code, you need to provide arguments on the command line. The
enough, main). the cortex-m-rt crate with a memory lay- file link.x that rustflags refers to is
At this point you need support from
out file that it adds to the linker script. generated by Cargo, and memory.x is
an external library. There is a registry
Looking at the memory map in the included in it. If you attempt to control
of available libraries (known as crates
STM32L476 datasheet (page 103), you memory layout by adding statements to
in Rust) [11]. The cortex_m_rt crate
see that there is 128KB of internal memory.x, they may clash with those in
RAM located at link.x and lead to some puzzling error
0x20000000. Look- messages. If you want finer control over
ing more closely at memory layout, use the Rust flags to
the datasheet point to your own linker script.
(page 20), the To help VS Code’s Rust analyzer, you
SRAM is divided need to add a further configuration file,
into 96KB mapped which will ensure that it applies checks
at address to the target architecture instead of the
0x20000000 host. Otherwise you will get some
(SRAM1) and strange messages. In a directory called
32KB located at .vscode add the settings.json file from
address the source code file collection.
0x10000000 with If you try to compile the code now with
hardware parity cargo build, you’ll get an error: The com-
check (SRAM2), piler will complain about a missing panic
so SRAM1 is the handler. As you may know, Rust may
one you need. I panic when something bad happens, such
will return to as an out-of-bounds array reference. In a
SRAM2 later. desktop application, this would cause the
There is also program to terminate and print an infor-
1MB internal FLASH mative error message. On an embedded
at 0x08000000. system, that’s impossible, so for the mo-
With some digging ment, we’ll add a default handler which
in the reference just stops the processor in an infinite loop.
manual (at page To add the handler, run
Figure 1: The NUCLEO-L476RG is an STM32 develop- 393), you can find
ment board. © st.com that at reset the cargo add panic-halt

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 57


MAKERSPACE Embedded Rust

and add the line

use panic_halt as _;

to main.rs immediately below the exist-


ing use statement. The code should now Figure 2: Cargo can copy the binary to the target machine.
build without errors, and the binaries
for your target should be in the target board, which in turn manages program- To complete the project configuration,
subdirectory. You can install some fur- ming the microcontroller. You can no you can add the chip information to an
ther tools to check their validity. Run longer install cargo embed directly as it Embed.toml file in the project’s root
the following commands: is now part of a project called probe-rs. folder, so you don’t have to provide all
Follow the instructions at the project the details every time:
rustup component add llvm-tools website [13], which just amounts to run-
cargo install cargo-binutils ning a curl command. Let’s first check [default.general]

that probe-rs supports our target: chip = "STM32L476RGTx"

This installs the standard LLVM tools


and a wrapper that Cargo uses to call $ probe-rs chip list | grep STM32L476 [default.rtt]

them. If you type ... enabled = false

STM32L476RCTx

cargo size -- -Ax STM32L476RETx [default.reset]

STM32L476RGTx halt_afterwards = false

you will get some information about ...

how the code is laid out in memory (see Then typing cargo embed will be enough to
Listing 1). It shows that the vector table The output shows it supports many vari- program and run your code on the target.
is located at the start of the flash mem- ants of the STM32L476, including our
ory, the program code (.text) 0x400 target. Now connect the target board to Runtime Debugging
bytes later, and it’s all of 0x8c bytes in a USB socket on your host. The power Before diving into programming the mi-
size. Any variables (.data) would be lo- LED should light. Type probe-rs list crocontroller’s I/O, I’ll deal with a debug-
cated in RAM, though in this case, with and you should see that it has detected ging technique which allows you to print
the program being so simple, the .data the target board. Your output may vary, data back to your host’s console. The first
segment has zero size. depending on the exact configuration: step is to add another crate with

Programming the Target The following debug probes were found: cargo add rtt-target

To program your microcontroller with [0]: STLink V3 -- 0483:3753:0006002737U

this code, you need one further tool, 56501320303658 (ST-LINK) (which provides a feature called real-time
cargo embed. This tool talks over USB to transfer, RTT) and a new statement to the
the companion processor on the target Let’s try programming the target: program:

Listing 1: Output of “Cargo Size” cargo embed --chip STM32L476RGT use rtt_target::{rprintln, rtt_init_U

print};
nucleo-l476rg-primer :
section size addr You should see an output similar to that in
.vector_table 0x400 0x8000000 Figure 2 – success: Your code runs! Note Modify the Embed.toml file you created
.text 0x8c 0x8000400 that the proper launch command was cargo above, and set enabled to true in the de-
.rodata 0 0x800048c embed and not cargo run, which would at- fault.rtt section. Then you can add
.data 0 0x20000000 tempt to run your program on the host. some print statements to your code (see
.gnu.sgstubs 0 0x80004a0 source code file main-02.rs). This will
.bss 0 0x20000000 fail to link, producing an undefined sym-
.uninit 0 0x20000000 bol error. You can fix it by adding a fea-
.debug_abbrev 0x11ab 0x0 ture to the cortex-m crate. Change the
.debug_info 0x223c7 0x0 appropriate line in Cargo.toml to this:
.debug_aranges 0x1348 0x0
.debug_ranges 0x195f0 0x0 [dependencies]
.debug_str 0x3b4da 0x0 cortex-m = { version = "0.7.7", U
.comment 0x40 0x0
features = critical-section-single-core"] }
.ARM.attributes 0x3a 0x0
.debug_frame 0x4154 0x0
Modify main.rs so that it looks like Fig-
.debug_line 0x1f26e 0x0
Figure 3: Real-time transfer lets ure 3 (main-03.rs). This should clear
.debug_loc 0x29 0x0
you see output from the embed- your terminal and print a list of ascend-
Total 0x9cc75
ded device (main-03.rs). ing numbers. As this data is exchanged

58 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


Embedded Rust MAKERSPACE

via in-memory buffers, it is very fast. prone. That’s a matter of taste though. cargo remove stm32l4

Embedded debugging is a whole topic in For a higher-level approach, like that cargo add stm32l4xx_hal

itself, and sometimes there is no substi- provided by ST’s hardware abstraction cargo clean

tute for a full gdb-type debugger, but layer (HAL), you have the choice of two
print statements like this will answer levels available in Rust crates. For the cur- Change Cargo.toml again, replacing
many questions such as “did my code rent device, one popular crate is stm32l4
reach this point?” or “what is the value which you can add via cargo add stm32l4. stm32l4xx-hal = "0.7.1"

of this register?” without interrupting Repeat the earlier test and make the LED
what can be time-sensitive code. Press flash using this approach. First modify with
Ctrl+C to return to the command line. your Cargo.toml file to specify the exact
microcontroller in use. Change stm32l4xx-hal = { version = "0.7.1", U
Configuring I/O Pins and features = ["rt", "stm32l476"] }

Internal Clocks stm32l4 = "0.15.1"

With vendor IDEs, you configure I/O pins Now change main.rs into the version in
for a user interface. For instance, you can to Figure 6 (main-06.rs). Compile and run
make port A pin 5 an output (it’s con- it. I’ve added an input for a push but-
nected to an LED) and port C pin 13 an stm32l4 = { version = "0.15.1", U ton, but otherwise the result is the
input (it’s connected to a push button). features = ["stm32l4x6"] } same – this code is more concise and
The IDE will generate the appropriate C/ easier to read.
C++ code for you and add it to your proj- Then change main.rs to look like Figure 5
ect’s startup code. Rust doesn't offer this (main-05.rs). The stm32l4 crate sticks Setting Up the Microcontoller
option, but of course, you can examine closely to the register names in the data- Clock Tree
the microcontroller data sheet, figure out sheet, so with a bit or careful study it By default, the STM32 processor runs
what values to write to what register, and should be clear what’s happening. For in- off an internal RC clock at 4MHz, so
dispense entirely with the IDE approach. stance, odr is the output data register, so you are not getting its best perfor-
I’ve annotated the code in Figure 4 odr5 refers to bit 5, which is the bit that mance. The delays I’ve added are clock
(main-04.rs) with references to the man- controls pin 5 of that particular port, in this dependent. If you set up the clock cor-
ual, to show how I found the values. I case port A. For example, it should be clear rectly with
have now managed to make the LED what the following in line 27 is doing.
blink using only direct register writes. If let mut flash = peripherals.FLASH.U

you are very familiar with this approach, gpioa.odr.modify(|_, w| U constrain();

possibly coming from an assembler or w.odr5().clear_bit()) let mut pwr = peripherals.PWR.U

C/C++ background, this may work for constrain(&mut rcc.apb1

you, though I think in all but the most You can step up a level and use a HAL rcc.cfgr.sysclk(80.MHz()).freezeU

trivial cases it’s tiresome and error- crate. Run these commands: (&mut flash.acr, &mut

Figure 4: Make it blink – with direct register Figure 5: Register access via peripheral access crate
access (main-04.rs). (main-05.rs).

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 59


MAKERSPACE Embedded Rust

(main-07.rs), the LED should blink much rprintln!("{}", _info); Memory Management
faster. This still uses the internal 4MHz loop {} If you try to use a String or Vec type,
clock, but via a PLL, which increases the } you’ll notice they are not available, as
system clock frequency to 80MHz. If they are part of the standard library and
your board has an external crystal The modified version outputs something I have disabled it with #![no_std]. This
(usually 8MHz), you can use that as like this: leads to a thorny topic for embedded sys-
the primary clock source, and your sys- tems: memory allocation. Many projects
tem clock frequency will be much panicked at .cargo/registry/src/index.U avoid memory allocation altogether or re-
more stable (see below). However, using crates.io-6f17d22bba15001f/U strict its use to initialization, as there is a
cortex_m::asm::delay is clock dependant, stm32l4xx-hal-0.7.1/src/rcc.rs:719:13: risk of the heap becoming full or so frag-
so it’s time to use a proper delay mech- assertion failed: pllconf.n >= 8 mented that it cannot allocate any further
anism that runs from sysclk. This is space. In order to use strings and vectors
shown in Figure 7 (main-08.rs). In that So you can see the the PLL configuration in embedded Rust, you can use the alloc
version, the LED flashes at a more accu- is not correct, and an assertion in the clock crate. This comes as part of the distribu-
rate one-second period. configuration has failed. There are limits to tion, so there is no need to change Cargo.
If you set the clock to 40MHz, you’ll the frequencies that can be generated. If toml. However, if you use this crate and
notice that the code does not run. you set the clock frequency to 64MHz, the attempt to create a string like this:
What’s going on? Let’s improve our code will run again. Note that the LED
panic handling to see if there is a panic period stays the same – this is all sorted extern crate alloc;

occurring. Replace the line out internally. If you want to use an exter- use alloc::string::String;

nal crystal (usually an 8MHz crystal), ...

use panic_halt as _; which is known as the HSE clock source, let s = String::from("I am a string U
you can set it up as shown in Listing 2. allocated on the heap");

with
Next Steps you will get a compile time error. You
use core::panic::PanicInfo; So far, I have created a very simple Rust have to supply your own allocator, as the
program running on a microcontroller. alloc crate only supplies the types, but no
run I’ve dealt with clock configuration and implementation of the heap allocator. The
toggling an I/O pin. The stm32l4xx_hal excellent Embedded Rust book [17] shows
panic!("testing panic handler"); repository [14] has an examples folder how to implement a simple allocator that
demonstrating how to set up and use the never frees up memory. Of course, that
before the end of the loop, and add this various I/O facilities of the STM32, such might cause problems in some circum-
panic handler at the end of the file: as I2C, SPI, UARTS, and USB. The crate stances, but if you carefully instrument
documentation is another good source the allocation, it may work for you. Alter-
#[inline(never)] for details on how to use this library. natively, you can look for a more sophisti-
#[panic_handler] The “Working with Legacy Code” box cated allocator at crates.io. I’ll give the
fn panic(_info: &PanicInfo) -> ! { shows how to integrate old C code. simple approach a try. First, modify

Figure 6: I/O access with an abstraction layer Figure 7: A proper delay mechanism is derived from
(main-06.rs). sysclk (main-08.rs).

60 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


Embedded Rust MAKERSPACE

memory.x so that it looks like in Listing 2: Setting Up an External Crystal


Listing 3 (memory-v2.x). let clocks = rcc.cfgr.
The STM32L476 has a second hse(8.MHz(), hal::rcc::CrystalBypass::Disable,hal::rcc::ClockSecuritySystem::Disable).
RAM bank, 8K in size, so I’ll put
pll_source(PllSource::HSE).
the heap there. The allocator is a
sysclk(80.MHz()).freeze(&mut flash.acr, &mut pwr);
modified version of the one sug-
gested in the book, which takes
the heap location from memory.x. Copy heap start: 0x10000000 allocation is logged as it happens. If you
allocator.rs from the source code collec- heap end: 0x10008000 restrict the size of the heap and try to
tion to your source directory; it defines a heap initialised over-allocate from it, you’ll get a panic, so
public initializer function init_alloc() alloc request of 35 bytes at least the allocator will not die silently
that you can call from your code. A mini- I am a string allocated on the heap or corrupt data.
mal test program is shown in Figure 9. If It’s important to note that variables
you run it, you should see the following This shows that the heap is located at the are normally allocated on the stack.
output: correct memory location, and each Some data types have new() factory

Working with Legacy Code


It is often not a realistic prospect to rewrite a project from is considered an “unsafe” operation, which explains the re-
scratch in a new language. If you have an existing codebase quired use of the unsafe keyword in line 15.
that’s well tested and trusted, it may be better to retain this code For a more complex library, generating the prototype bindings
in a library which is linked into new Rust code. Let’s look at an by hand would soon get tedious. Thankfully, Rust provides a
example library that I wrote some time ago. It consists of a sin- tool called bindgen [16] that aids in this process. You can also au-
gle method that rewrites the rules of mathematics. Here’s the tomate building the C library from a Rust build script. Simply
source code (wonky_math_library.c): add build.rs with the following lines to the root of your project:

#include <stdint.h> use std::process::Command;


int32_t wonky_add(int32_t a, int32_t b) fn main() {
{ Command::new("sh")
return a+b+1; .arg("-c")
} .arg("cd wonky_math_library && make")
.output()
To link this into your Rust code, you need to cross compile it for the .expect("failed to execute process");
ARM Cortex architecture. Create a directory off the root of your }
project called wonky_math_library. From there, create wonky_math_
library.c with the above code, and Makefile containing these lines:
Now, if you change your C file, it will be updated and linked with
the Rust program.
all:

arm-none-eabi-gcc -c -mcpu=cortex-m4 U
wonky_math_library.c -o wonky_math_library.o

arm-none-eabi-ar rs libwonky_math_library.a U
wonky_math_library.o

If you don’t have these C compilers installed, follow the in-


structions online [15]. You will need to add linker arguments
to config.toml, so Rust knows how to link to the library:

[target.thumbv7em-none-eabihf]

rustflags = ["-C", "link-args=-Tlink.x U


-Lwonky_math_library -lwonky_math_library"]

In order to call your library from Rust, you must define its
prototype:

extern "C"
{
pub fn wonky_add(a : i32, b: i32)-> i32;
}

and then you can call it. Figure 8 shows a simple, complete pro-
gram that demonstrates this; the output at the host terminal is
“Calling wonky_add to compute 2+2. Answer = 5” – clearly, I have
some work to do on my math library! Calling external functions Figure 8: Calling C/C++ code from Rust (main-10.rs).

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 61


MAKERSPACE Embedded Rust

Listing 3: memory.x (Updated)


01 /* Define memory regions */

02 MEMORY

03 {

04 RAM : ORIGIN = 0x20000000, LENGTH = 96K /* Main SRAM */

05 RAM2 : ORIGIN = 0x10000000, LENGTH = 32K /* Additional SRAM */

06 FLASH : ORIGIN = 0x08000000, LENGTH = 1024K /* Flash memory */

07 }

08

09 /* heap */

10 _heap_start = ORIGIN(RAM2);

11 _heap_end = ORIGIN(RAM2) + LENGTH(RAM2);

methods, but the name is a little mis- work to build an equivalent applica- Figure 9: This program uses an
leading as they don’t work in the same tion. Crates.io offers many helpful li- allocator to access a second RAM
way as in C/C++. For instance, braries, but they are not all highly de- bank (main-11.rs).
veloped. Vendors of sensor chips and
struct Test { the like will often provide drivers, but choose from. So, you would have to ei-
data : u32 only in C/C++. So you have to either ther write a large chunk of your appli-
} rewrite them in Rust, if that has not al- cation from scratch in Rust or settle for
ready been done, or use the mixed lan- the mixed-language solution. Q Q Q
impl Test { guage facilities I have described. The
fn new() -> Test { more you do this, of course, the less ef- Author
Test{data: 0} fective the use of Rust will be in elimi- Andrew Malcolm
} nating that class of bugs that occur in (MIET, CEng) is a re-
} C/C++code. Consider for example, a tired hardware and
firmware engineer.
driver for an LTE (mobile) module, writ-
He maintains a keen
simply returns an instance of Test on the ten in C/C++, a TCP/IP stack, and an interest in engineering
stack that will be lost when it goes out of SSH server, which might make up a in general and building embedded projects.
scope. Stack overflow is not addressed by communications feature for a remote He is an avid user of Linux and all its
the Rust language and remains a problem data collector. It’s unlikely right now available open source and free engineer-
ing tools. While not tinkering with elec-
for embedded systems. The usual ap- that you would find complete implemen- tronics or software, he plays the bassoon
proach is to pre-fill the bottom of the tations of all of that in Rust, whereas in in local orchestras. He can be contacted at
stack with a known (canary) value and C/C++ you would have several to [email protected].
periodically check if that value has been
overwritten (see stack-check.rs [2]). Info
[1] Rust: https://www.rust-lang.org/ [9] ARM developer website:
Wrap Up [2] Source code for this article: https://developer.arm.com/
I've shown how to write an embedded https://linuxnewmedia.thegood.cloud/ Processors/Cortex-M4
Rust program, load it to a device, and s/5Rzx9tQW2FJ6N3Z [10] Rust thumbv7 target support:
check that it runs. I’ve also covered Rust [3] Rust installation: https://doc.rust-lang.org/nightly/rustc/
crates that assist with setting up the I/O https://www.rust-lang.org/tools/install platform-support/
peripherals, as well as shown how to catch thumbv7em-none-eabi.html
[4] STM32 NUCLEO-L476RG:
and deal with Rust panics and, with RTT https://www.st.com/en/ [11] Rust crates: https://crates.io/
in place, report back problems to the host. evaluation-tools/nucleo-l476rg.html [12] cortex_m_rt crate: https://docs.rs/
In production, a panic could log an [5] VS Code: https://code.visualstudio.com/
cortex-m-rt/latest/cortex_m_rt/
error and reboot for, say, an illegal array [13] probe.rs installation: https://probe.rs/
[6] rust-analyzer plugin: https://code.
reference. That’s preferable to the situa- docs/getting-started/installation/
visualstudio.com/docs/languages/rust
tion in C/C++, where these references [14] STM32L4xx HAL repository:
[7] NUCLEO-L476RG datasheet:
might go undetected, corrupting data or https://github.com/stm32-rs/
https://www.st.com/resource/en/
causing other unwanted behavior. If your stm32l4xx-hal
datasheet/stm32l476je.pdf
device is networked in any way, it presents [15] Install C compilers: https://learn.arm.
[8] NUCLEO-L476RG reference manual:
an attack surface to potential bad actors, com/install-guides/gcc/cross/
https://www.st.com/resource/en/
and here all the checks that Rust provides reference_manual/rm0351-stm32l47 [16] bindgen: https://rust-lang.github.io/
become even more valuable. xxx-stm32l48xxx-stm32l49xxx-and- rust-bindgen/
The current downside in adopting stm32l4axxx-advanced-armbased- [17] Embedded Rust: https://docs.
Rust is that it’s potentially a lot more 32bit-mcus-stmicroelectronics.pdf rust-embedded.org/book/collections/

62 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


MAKERSPACE Off-Grid File Sharing

MakerSpace
=[MZ̆NZQMVLTaÅTM[PIZQVO
NWZIZMUW\MTWKI\QWV

7Є\PM/ZQL
A battery-powered WiFi hotspot can provide useful services like
file sharing even when you're off the grid. A Pi Zero 2 W as the
hotspot with ownCloud installed does the trick. By Dave McKellar

I
am lucky enough to have access to Getting Started
my extended family’s remote It might sound easy, but it took me
cabin. It’s beautiful and remote about two weeks to figure this all out. I
(Figure 1), but there is no grid – no started with the goal of running Next-
electricity or Internet, not even by cell cloud on a device that uses the smallest
service. I set up a solar-powered WiFi amount of power possible, as power is
access point that hosts exactly one web- in short supply. I knew that the “W” in
site: a place to share files. This lets the Raspberry Pi Zero W meant built-in WiFi
different people who visit the cabin ex- and the “Zero” indicated a small, low-
change info with the next group who is power form factor. My first attempts
staying. It’s kind of fun, too: The shared with a Pi Zero W model (released in
data includes practical things like the 2017) showed that it was too slow, so I
new phone number of the fellow who ordered a Pi Zero 2 W (released in 2021).
delivers propane and playful things like It has four cores, and its speed is
photos of people swimming. adequate. Lead Image © Tithi Luadthong, 123rf.com

Figure 1: The cabin is located in an isolated area; its only power source is the solar panel.

64 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


Off-Grid File Sharing MAKERSPACE

predecessor, is still in development). The


official Raspberry Pi Imager [3] recom-
mends the 32-bit OS for the Pi Zero W
and the 64-bit version for the newer Pi
Zero 2 W. You initially boot into the
graphical environment. That’s cool, but I
found that running apt update from a
terminal window hung it. So I stayed in
the graphical environment just long
enough to enable SSH access and to tell
it to boot in console mode.
Since every project needs a snappy
name, I decided to call this “lodge” –
that’s what we call the cabin where it
lives, and that’s what I’ve named the ac-
cess point and some other resources that
I have set up.

ownCloud Setup
You can use the commands in Listing 1
to install and setup ownCloud like I did.
Connect your Pi to the local network via
an Ethernet cable and do not connect it
to any WiFi network – you’ll need the
WiFi to set up your own hotspot later. In
the terminal, log in on the Raspberry Pi
Zero via SSH and run sudo su to gain
admin access for all the following
commands.
Figure 2: The Raspberry Pi Zero 2 W connected to a monitor, keyboard First, use systemctl to disable Blue-
and mouse for development. tooth to save some power (line 1) –
don’t uninstall it because that will stop
I also bought two different cases to try. appliance, but I wanted more control. WiFi. Next, remove some packages we
Some have more openings than others, Ultimately, I selected a regular Raspberry aren’t going to use. I ran
and I wanted black to be low-key. Since Pi OS install with ownCloud instead of
this project only requires WiFi and no Nextcloud (ownCloud, Nextcloud's apt --installed list

HAT or buttons, I preferred the case with


fewer openings. You can attach a WiFi Listing 1: ownCloud Setup
antenna, but in my testing it wasn’t nec- 01 systemctl --now disable bluetooth
essary to cover the cabin. If you’re just 02 apt remove firefox chromium chromium-browser lynx vlc-\* pipewire pulseaudio
starting with the Pi Zero, I would recom- cups-\*
mend buying a kit: Mine came with an 03 apt install apache2 mariadb-server
HDMI adapter, a USB power cord with an 04 systemctl restart mariadb
on/off switch, and an SD card, among 05 apt remove php8-\*
other handy things. The Zero has two 06 wget https://packages.sury.org/php/apt.gpg -O /usr/share/keyrings/deb.sury.
USB ports: for power and, well, non- org-php.gpg
power uses. I bought a USB hub so I 07 echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://
could plug a keyboard and mouse into packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/
php-sury.list
the non-power USB port. I already had a
08 apt update
mouse, keyboard and HDMI monitor.
09 apt install php7.4 libapache2-mod-php7.4 php7.4 php7.4-cli php7.4-gd
With all this set up, I was able to use it
php7.4-mysql php7.4-curl php7.4-xml php7.4-zip php7.4-intl php7.4-mbstring
like a regular, albeit slightly slow desk- php7.4-common php7.4-readline
top computer (Figure 2). I read that the
10 a2enmod php7.4
typical power consumption of a Rasp-
11 wget https://download.owncloud.com/server/stable/owncloud-complete-latest.zip
berry Pi Zero 2 W is 350mA, making it
12 unzip owncloud-complete-latest.zip
one of the most energy-efficient options
13 mv owncloud /var/www/html/
of Raspberry Pi models [1].
14 chown -R www-data:www-data /var/www/html/owncloud/
For the software environment, NextPi
15 mysql -u root
[2] can turn your Pi into a Nextcloud

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 65


MAKERSPACE Off-Grid File Sharing

Listing 2: Database Setup added the SURY [4] repository, following


01 CREATE DATABASE owncloud; instructions that were helpfully provided
02 CREATE USER 'owncloud'@'localhost' IDENTIFIED BY 'your_password';
on GitHub [5] (lines 6--8). That allowed
03 GRANT ALL ON owncloud.* TO 'owncloud'@'localhost';
me to install ownCloud’s dependencies
with a longer apt command and enable
04 FLUSH PRIVILEGES;
Apache’s PHP module with a2enmod (lines
05 EXIT;
9-10). As there is no package for own-
Cloud, I downloaded a zip file with the
to see what’s installed and then got rid thread_cache_size = 1 in the config file binaries, extracted it and moved the con-
of the packages mentioned in line 2. To /etc/mysql/mariadb.conf.d/50-server.cnf tents to the right place (lines 11-13). Next,
run your website, you need to install and then restart the service (line 4). set the correct permissions by running
Apache as well as MariaDB (line 3) since At the time of writing, the latest own- chown on the ownCloud directory (line
ownCloud requires a database to keep Cloud version requires PHP 7.4, but Rasp- 14), create a database for ownCloud by
track of things. Since I am not expecting berry Pi OS comes with PHP 8, so I unin- running the mysql command-line client
concurrent users, it seems reasonable to stalled PHP 8 (line 5) – this command (line 15), and then entering the SQL
reduce the number of MariaDB threads will give you an error if PHP wasn’t al- commands from Listing 2, replacing your_
by setting max_connections = 2 and ready installed. For installing PHP 7.4, I password with a password of your choice –
make sure to write
that password down
or memorize it.
Finally you can
access ownCloud.
Open a web
browser and navi-
gate to http://rasp-
berrypi_ip/own-
cloud (where you
need to insert the
IP address of your
Raspberry Pi Zero)
and then follow
the on-screen in-
structions to com-
plete the own-
Figure 3: Enable an option in ownCloud so that you can set up users without email Cloud setup. It will
addresses. ask you the name

Figure 4: Change the login dialog so that your guests will not try to enter an email address.

66 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


Off-Grid File Sharing MAKERSPACE

of the database it should use. You’ve al- rewrite module (you will use this later) This makes captive portal [6] detec-
ready created a database named owncloud with the a2enmod rewrite command. For tion work. Recent smartphone and com-
and noted the password in the previous the name of this server, I’m using lodge. puter operating systems will check a
step. During this setup, you’ll need to local because that’s a proper fully quali- known non-secure URL when first con-
provide a username and password for fied domain name (FQDN), which will not necting to an access point to see if
the admin account that you also must require a DNS lookup to resolve. Set the they’re online. (For example, some ver-
remember. name of the server in the hostname file: sions of Windows check http://www.
I added a group called regular (via msftconnecttest.com/connecttest.txt
admin/Users/Groups/add group) and made echo lodge.local > /etc/hostname which returns Microsoft Connect Test.)
a user called user with password user on I first thought that returning anything
the same user and group management and add the IP address of that name by but the expected text would make the
page. By default, ownCloud asks for an appending a line to /etc/hosts: client OS detect a captive portal, but that
email address to validate a new user, but didn’t work. From experimenting, it ap-
you can click on the cog icon in the lower 10.42.0.1 lodge.local pears that the client OS requires an
left corner and enable the Set password HTTP redirect to reliably detect a captive
for new users option: That will replace the (You will remove this entry later.) At the portal, so that’s what this Apache direc-
email address input field with a password end of /etc/apache2/apache2.conf add: tive does. It needs to be a temporary redi-
field (Figure 3). As a minor tweak, I rect so that it’s done every time.
changed the prompt message in /var/www/ ServerName lodge.local You might ask: Why do you want the
html/owncloud/core/templates/login.php access point to be detected as a captive
so that it asks for Username instead of Now things are getting interesting. Re- portal? If it isn’t, the client OS will say
Username or email (Figure 4). member this server isn’t going to be on “no connection,” thereby misleading the
ownCloud will only allow users from the Internet. Later, when you set up the user. Yes, it’s true that this access point
certain trusted domains. Since my domain DNS, you’re going to redirect every do- has no connection to the Internet, but it
is lodge.local, I added it to file /var/ main (hostname) to here. However, that does have its own website. When a cap-
www/html/owncloud/config/config.php alone isn’t quite right. You need to tive portal is detected, the user will be in-
that defines an array called check what host the browser is asking structed to log in, upon which the user
trusted_domains. for. If it’s not your host, then you need will see the website, or more precisely,
to redirect the browser to your host. In whatever content you put in /var/www/
Setting Up the Web Server /etc/apache2/sites-enabled/000-de- html/index.html, replacing Apache’s de-
With Apache installed, now it’s time to fault.conf, add the code from Listing 3 fault page. Listing 4 shows a minimal
customize it. First, enable the Apache at the end of the file. Then restart HTML file that links to the ownCloud
Apache via: login page; Figure 5 shows the slightly
What About HTTPS? more polished version I’ve created for the
systemctl restart apache2 lodge (1) and how users can navigate
Do you want or need SSL/TLS? There
are two possible uses: to intercept
HTTPS requests to other websites and
Listing 3: Apache rewrite Rule
01 ServerName lodge.local
redirect them to your homepage, and
to present your homepage with HTTPS. 02

Here is the breakdown: 03 <If "%{HTTP_HOST} != 'lodge.local'">

1. I tried setting up SSL/TLS on Apache 04 RewriteEngine on


to intercept HTTPS URLs, but my cer-
05 RewriteRule ^/.*$ http://lodge.local/ [redirect=temporary,nocase,last]
tificate didn’t match and the browser
06 </If>
correctly told the user so. There used
to be a way for users to “accept the
risk,” but that isn’t offered anymore. Listing 4: Website (index.html)
So now it will just confuse people.
01 <!DOCTYPE html>
2. Because I don’t have a live connec- 02 Login as user <b>user</b> with password <b>user</b> <br>
tion, I cannot get a certificate from
03 <a href=/https/www.scribd.com/owncloud>OwnCloud</a>
Let’s Encrypt. So the only free option
is a self-signed certificate. But
browsers now complain about self- Listing 5: Hotspot Configuration
signed certificates, so HTTPS for my 01 nmcli con add type wifi ifname wlan0 con-name lodge autoconnect yes ssid lodge

homepage doesn’t seem so great. 02 nmcli con modify lodge 802-11-wireless.mode ap 802-11-wireless.band bg ipv4.

If you do want to create a self-signed method shared

certificate, you can find Raspberry Pi 03 nmcli con up lodge

compatible instructions online [8]. 04 nmcli con modify lodge connection.autoconnect yes

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 67


MAKERSPACE Off-Grid File Sharing

Figure 5: The homepage (left) contains instructions on how to log in to the local ownCloud service.

from there to the ownCloud login (2), the and in the [Resolve] section of its configu- systemctl start systemd-resolved

top folder in the shared filesystem (3), ration file /etc/systemd/resolved.conf I set
and the picture folder (4). This will send all requests to a DNS server
Note, I’ve only been dealing with the # Use dnsmasq running on port 5353 on this machine –
unencrypted HTTP protocol. For HTTPS, DNS=127.0.1.1:5353 you’ll see why in a second. Perhaps con-
see the “What About HTTPS?” box. fusingly, you will be using two different in-
and then start the service with stances of dnsmasq for two different tasks:
Creating the Hotspot
So far, I have not turned the Raspberry Pi
Zero into a WiFi access point. Listing 5
shows the necessary commands which,
again, you need to run with root privi-
leges. First use the Network Manager
command-line tool (nmcli) to create an
“open” (password-less) network (lines
1-3). Then make it auto-start at boot time
(line 4). I also add the command

nmcli con up lodge

to the /etc/rc.local script, just before


(not after!) the last line (exit 0). These
steps enable the WiFi chip, open a
hotspot with SSID lodge and give your Pi
an additional IP address of 10.42.0.1.
Being offline means requires an un-
usual configuration for DNS. I use sys-
temd-resolved for very little here: On my
machine, it exists simply to connect DNS
lookup requests to a different service
running on the Rasp Pi. I first install sys-
temd’s DNS resolver via
Figure 6: The lodge access point appears (left). It is recognized as a
apt install systemd-resolved captive portal allowing the user to sign in (right).

68 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


Off-Grid File Sharing MAKERSPACE

1. One instance runs as a regular dae- port=5353 my name on the homepage to inspire a
mon, controlled by systemctl and using address=/#/10.42.0.1 bit of confidence.
the configuration file /etc/dnsmasq.d/ If you’re interested in a more complex
lodge.conf. It will be doing DNS only. Now restart the dnsmasq service with solution that also grants access to the
2. Another instance is started by Network- Internet (where available), you can
Manager doing DHCP only. It does not systemctl restart dnsmasq check out dedicated captive portal solu-
read /etc/dnsmasq.conf or /etc/ tions, such as Nodogsplash [9] and
dnsmasq.d/lodge.conf; it starts on the fly you can also remove the lodge.local openNDS [10], but they were not
from parameters in the /etc/NetworkMan- entry from /etc/hosts now. The ad- needed for this project. Q Q Q
ager/system-connections/lodge.nmcon- dress= line will make the DNS server
nection (Network Manager format) and return 10.42.0.1 (the Raspberry Pi’s Info
/etc/NetworkManager/dnsmasq-shared.d/ WiFi IP address) as the answer to all [1] Raspberry Pi power supply documen-
lodge.conf (dnsmasq format) files. DNS queries. Try it: Running ping ex- tation: https://github.com/raspberrypi/
I also need to install the second dnsmasq ample.com should return a reply that documentation/blob/develop/
service. Run: starts with: documentation/asciidoc/computers/
raspberry-pi/power-supplies.adoc
apt install dnsmasq 64 bytes from lodge.local (10.42.0.1)
[2] NextPi:
https://github.com/sky321/nextpi
Then create a new file /etc/dnsmasq.d/ Finally, I will configure the instance of
[3] Raspberry Pi Imager:
lodge.conf with the following two lines: dnsmasq that’s started by NetworkMan-
https://www.raspberrypi.com/software/
ager; it deals with DHCP and hands out
IP addresses to clients that connect to [4] SURY: https://sury.org/
my hotspot. Create a file /etc/Network- [5] Adding the SURY repo:
Manager/dnsmasq-shared.d/lodge.conf https://gist.github.com/janus57/
and add this line: 37b079a383dd0507149bd94fd35053d1
[6] Captive portal: https://en.wikipedia.
dhcp-option=114,"http://lodge.local" org/wiki/Captive_portal
[7] RFC 8910
This will inform some WiFi clients
https://www.rfc-editor.org/rfc/rfc8910
about the captive portal mode, and it
[8] Self-signed certificates:
follows RFC 8910 [7]. It tries to achieve
https://peppe8o.com/self-signed-
the same goal as my redirect configura-
certificate-https-in-raspberry-pi-with-
tion of the Apache server. When this is
apache
all put in place, users should see the
lodge access point and be able to con- [9] Nodogsplash: https://github.com/
nect to it (Figure 6). nodogsplash/nodogsplash
[10] openNDS: https://github.com/
Conclusion openNDS/openNDS
So there you have it: a user-friendly
way for trading files via WiFi on low Author
power (Figure 7). Sometimes convinc- Dave McKellar earned a
ing people to use a project is the hard- Computer Science de-
est part. I am pleased to report that gree in the 1980s from
some extended family members have the University of Water-
loo, Canada. Since then,
told me that they’re using it – quite
he’s worked as a pro-
Figure 7: The Raspberry Pi sits in probably for things I never imagined. grammer for a variety of
a black case and is mounted to Some were initially reticent since they companies with Windows and Linux. He
the rafter (circled). It is attached didn’t know where the thing came enjoys canoeing near the remote cabin
to a power supply. from. In retrospect, I should have put mentioned in this article.

QQQ

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 69


INTRODUCTION LINUX VOICE

So many geeks are gamers. Many Linux users say their


first experience with computers was playing those classic
old computer games of the 1990s. And of course, many Doghouse – Stakeholders 73
who were born much later still relish the raw simplicity of Jon “maddog” Hall
those old-school games from the DOS space. If retro-gaming The stakeholder approach of open source
broadens the pool of who can access,
is your thing, or if you are curious about what to do with
influence, and benefit from information
those old gaming CDs and backup files that are taking technologies.
up space in your attic, you’ll enjoy
Anki 74
this month’s tutorial on legacy Marco Fioretti
video game preservation. Also in Flashcards are a fast and effective way
this month’s Linux Voice, scale to memorize pertinent facts for your next
up your memorization skills exam. Anki takes this time-honored trick in
a direction you never could have imagined
with the Anki flashcard in the days of those classic 3x5 cards.
system.
FOSSPicks 82
Nate Drake
Image © Olexandr Moroz, 123RF.com

Nate explores some top FOSS tools,


including the latest Gnome desktop, a
slick 3D model viewer, LibreQuake, a neat
currency converter, and much more.
Tutorial – Legacy Video Games 88
Rubén Llorente
People born in the late ’80s and early ’90s
often have a sizeable collection of old video
games gathering dust at home. Systems
capable of executing these are, however,
becoming scarce. This article explores the
options for archiving old PC games and
running them on modern systems.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 71


DOGHOUSE – STAKEHOLDERS LINUX VOICE

MADDOG’S
DOGHOUSE
The stakeholder approach of open source broadens the pool of who
Jon “maddog” Hall is an author,
educator, computer scientist,
and free software pioneer
who has been a passionate
can access, influence, and benefit from information technologies. advocate for Linux since 1994
when he first met Linus Torvalds
BY JON “MADDOG” HALL and facilitated the port of
Linux to a 64-bit system. He
serves as president of Linux
FOSS and economic models International®.

n 1999, I was honored to work with several groups of peo- DEC, Hewlett-Packard, and others. Some companies, like IBM,

I ple who were interested in helping make GNU/Linux a com-


mercial success. One group was the Linux Professional In-
stitute (LPI, www.lpi.org), who decided to implement a nonprofit
started long before computers as we think of them were devel-
oped, and IBM lent its wealth to going into the “computer field.”
Other companies may have famously started in garages but
certification group headquartered in Canada. reached out to investors who turned money into ownership.
The people instigating LPI came from a wide variety of back- If you wanted to program or start a company around system
grounds, but had significant experience in free and open source development, you either went to a university who had the hard-
software (FOSS) and various business backgrounds. Some were ware resources or you found investors to help you start the
more oriented toward commercial companies, and some were company.
more oriented toward community groups, but we all wanted the Today, however, the field has changed. Open hardware, free
same thing: quality, respected, high-value certifications which of- and open source software, open data, and social marketing have
fered a large number of options for learning the materials. changed the need for vast amounts of capital needed to start a
One aspect of LPI stood out. Because LPI was not a share- systems-solution business. People can develop great solutions
holder-based organization, an organization where people profited on inexpensive computers or through resources “in the cloud.”
from owning part of the organization, the founders cared more No longer do people buy just a piece of hardware or a piece of
about how LPI helped the community than making them a profit. software, but they purchase a total solution which can be as-
The founders were stakeholders, not shareholders. One of the sembled by a small group of people and solve the specific needs
other goals LPI had was to be a community-based organization of a specific customer. The creators of the solution can put all
where people who earned the certificates were also the people of the profits into their own pocket instead of the pockets of
who helped decide the future of LPI, along with the people who investors. The creators of the solution, not some disjointed
hired those certificate holders, and the ones who trained them. “stockholder” can determine the future of the organization.
If you study economics, you find there are many different eco- A concrete example of this has been the rise of the Odoo ERP
nomic and political models. Some of the most famous today system. An open source solution, Odoo runs on many different
are capitalism and socialism, with other offshoots of these operating systems. While there is a corporate component of
combining control structures with economics (communism, Odoo, there is also a vibrant community edition that is installed
democratic socialism, etc.). Many of these have been around a on thousands of new installations every day. Odoo has been fa-
long time but were dominated by feudalism, serfdom, slavery, vorably compared to other ERP systems sold by large commer-
etc., until more modern times forced those less-desirable mod- cial companies at much higher prices.
els into regression. Some people argue that these older eco- There is nothing that stops an individual from assembling a
nomic platforms still exist but are just hidden better. series of off-the-shelf components and putting together a low-
Capitalism started to emerge as a dominant force during the cost point-of-sale or ERP system for a local customer and sell-
age of mechanization. It took money to buy the machinery to ing it for a fraction of the cost of some other commercial sys-
automate production, and people who had money could now in- tems or from tailoring the Odoo system to exactly what their
vest to hire employees to run the machinery. To pay them back customer needs.
for their investment, the stock holders would both make divi- Of course, these customers will pay for the skills of the local de-
dends on their stock and see the value of the stock increase. velopers, and that is how the stakeholder system moves forward.
However, the employees often did not benefit from the value of This is sometimes known as an employee-owned cooperative,
the company increasing nor have much input as to how the where the employees have a direct stake in how the company
company was run. succeeds or fails, and open technologies allow these to occur
Information technology started much the same way. The first more and more every day. Direct contact with the customer
computers were physically large and expensive and logically by the developers means that, in effect, the customer also
small. They were designed and built by companies like IBM, becomes a direct stakeholder. Q Q Q

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 73


LINUX VOICE ANKI

Virtual flashcards with Anki

Learn It!
Flashcards are a fast and effective way to memorize pertinent facts for your
next exam. Anki takes this time-honored trick in a direction you never could
have imagined in the days of those classic 3x5 cards.

BY MARCO FIORETTI nki is a multiplatform, open source digital libraries – called libxcb-xinerama0, libxcb-cursor0,

A version of paper flashcards that “makes


remembering things easy” [1] and “makes
memory a choice” [2]. You can run Anki on Linux,
and libnss3 – that you should be able to install from
the standard repositories of most Linux
distributions.
macOS, and Windows systems, as well as on Anki developers are not happy with the Anki
mobile devices [3]. packages available in the repositories of Linux dis-
Flashcards are a quick and easy way to memo- tributions and consequently won’t support them.
rize facts for academic tests and other training Instead they recommend users download the
scenarios. The two main reasons to try Anki are the branch they prefer from the Anki website and in-
sheer number of cards it can handle (more than stall it manually. At the time of writing, the Qt6
100,000, according to its developers), and how branch is recommended for most users because,
easy it is to embed all kinds of content in each while it still doesn’t support all the add-ons avail-
card, from audio and video to scientific formulas able for Anki, it has better support for HiDPI dis-
and musical scores. Anki also has many add-ons plays and the Wayland graphic subsystem.
and a web interface [4] that you can use to study After downloading the Anki archive in com-
your cards online or keep them synchronized pressed .zst format, you must expand it with this
across multiple devices. Personally, I also really like command (adapting it to the actual version of
that Anki saves and exports data in well-supported Anki you chose):
formats that make it easy to automatically create
or analyze as many flashcards as I want in many #> tar xaf anki-24.06.3-linux-qt6.tar.zst

different ways.
This will create a directory with the same name of
Installation and Upgrades the archive, containing the same or similar files
At the time of writing, there are two branches of shown in Listing 1.
Anki for Linux, one built with version 5 and one with The first and biggest file is the actual Anki exe-
version 6 of the same Qt graphic libraries that are cutable program, which is just over 100MB, and
the foundation of the KDE Desktop Environment. the second is the source code of its man page.
Both branches also depend on three external The install.sh and uninstall.sh scripts are those
you should run, with root privileges, to install or
Listing 1: Anki Archive Contents uninstall Anki for all the users of your system.
#> cd anki-24.06.3-linux-qt6/
By default, the first script will place all those
#> anki-24.06.3-linux-qt6$ ls files (including the uninstall.sh script!) in /usr/
local/share/anki, and then create a link to the Anki
anki executable in /usr/local/bin. After that, the script
anki.1 will set up the Anki man page and all the Anki en-
anki.desktop tries and icons in your system menus and desktop
anki.png background.
anki.xml
Alternatively, you may try Anki without installing
anki.xpm
anything, by just launching the executable file
install.sh
from the prompt, in the installation folder:
README.md
uninstall.sh
#> ./anki

74 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


ANKI LINUX VOICE

General Configuration movie of the 1980s?” would not. “Does avocado


On Linux systems, the default directory in contain vitamin C?” would be a better question
which Anki places all its files is $HOME/Anki. If than “What is the country of origin of avocados?”
you don’t like that setting, you can create an to study nutrition facts, but if you studied interna-
alias like this: tional trade, the opposite may be true.
Anki is based on a technique called spaced rep-
alias anki = "anki -b $HOME/.anki" etition [5], which is useful to study many topics,
especially those that – from foreign languages to
in your $HOME/.bashrc file, if you use the Bash shell, history, medicine, chemistry, software engineer-
or use similar settings in your preferred shell. ing, etc. – require learning and never forgetting a
With the installation procedure above, each user great quantity of facts or definitions.
of a Linux system will be able to create and use The basic concepts of spaced repetitions are
his or her own Anki flashcards in full privacy. If, for shown in Figure 1. The left side shows the “For-
whatever reason, multiple users should share the getting Curve,” how much you forget what you are
same Linux account, they can still work autono- studying, and how quickly. Without help, that may
mously by setting their own profile inside Anki, by be a lot, as shown with the red line. Repeating the
going to the File menu and choosing Switch Profile memorization of the same information after one
or, after the initial setup, launching Anki from the day would make the brain forget more slowly (left-
command line with their own profile using the -p most green curve), and by repeating it every day,
<PROFILE> switch. more and more data would go earlier into long-
Another way to use Anki with completely differ- term memory, and stay there.
ent settings and collections of cards may be to In practice, rereading every fact every day
launch it every time with a different base folder would be very time consuming and inefficient, and
(i.e., with a different -b option). Finally, you may this is where spaced repetition helps, as illustrated
change the language of the Anki user interface at in the right half of Figure 1 where box 1 contains
any time (which may be fun when using Anki to the cards you’d review every day, box 2 the ones to
learn foreign languages!) by simply specifying it review every other day, and so on. Using this
with the -l option (e.g., anki -l it for Italian). setup, if you pick a card from a box and remember
You can customize your installation of Anki in its content, you then move it to the closest box on
many other ways through the five tabs of the the right; if you fail, the card goes to the box on the
Anki Preferences panel, which is accessible by left. In this way, you make the optimal use of your
pressing Ctrl+P or selecting Tools | Preferences in time by seeing the data most that’s the most diffi-
the main menu. The Synching tab is useful only if cult to commit to memory more frequently than
you need to synchronize different copies of Anki the others.
on different devices, through the web interface. The actual flow of Anki review sessions is
The other four tabs configure general appear- more complex, but still based on the same prin-
ance, card reviews, card editing and browsing, ciple. In fact, every Anki card can be in one of
and data backups. The most important settings five states: new, learning, review, suspended, or
in the first two tabs are those that control buried, depending on how fresh that card is and
whether to hide or show the full interface while how frequently, and successfully, it has been
reviewing your cards and how to rate and moni- reviewed.
tor your performance. If you can answer a question correctly every
In the other two tabs, you can set how to paste time you see it, the time interval between succes-
text or images into your cards, how to search sive reviews of that question increases gradually. Figure 1: With spaced repe-
them, and the frequency and conservation time of If you fail, the same interval is decreased. In the tition, the things you have
automatic backups. Speaking of which, please worst case – which, by default, is when you fail the hardest time remember-
note that Anki only backs up card data! Any multi- answering a question eight times in a row – Anki ing are those you see most
media file embedded in your cards should be places it into suspended state. When that frequently.
backed up separately.

The Anki Way


The first thing to do when starting to use any
flashcard system is to choose your questions
wisely. Flashcards are made for questions that
have unambiguous answers and are actually use-
ful for gaining a full understanding of a topic.
Questions such as “Who is the human protagonist
of the movie Life of Pi?” (Pi, of course) would be
OK, whereas questions such as “What is the best

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 75


LINUX VOICE ANKI

When speaking with a French person, for example,


you should remember both that “ami” means
“friend” and that “friend” means “ami.” With flash-
cards, this means you should have two cards for
any term in the dictionary.
Anki handles this issue in a way that is as effi-
cient as it is badly documented on the website
(and half-hidden in the user interface). Each piece
of information you pass to Anki (e.g., who was the
first Roman Emperor) is stored not in a card, but
in a note that, depending on its type (more on this
later), may generate one or more cards whenever
you run a study session.
This is good, but it should be the very first
thing you read, in big letters, in the Anki start
screen, its homepage, and the first page of its
manual. Otherwise, people who download Anki
because it is a “flashcard program” will believe
they are creating cards when they are creating
Figure 2: The Anki editor is a basic HTML editor with just notes, and the mismatch will cause confusion, as
the functions you need to create efficient cards. proven by the fact that, in the 18 years since the
first release of Anki, “What are notes?” has been
happens, you have to decide whether to just re- a recurring question [6, 7].
move that question, if it’s not really essential, or In fact, by default, if you click the Add button at
change it to make it easier to memorize. the top of the Anki window, the program will show
The Power of Anki Notes you right away the panel shown in Figure 2: a sim-
Most things that you want to remember have ple but perfectly adequate HTML editor, with all
more than one (for lack of a better term) face. For the parameters set to create the simplest possi-
example, to pass an exam on Roman history, you ble Anki note that will generate only one card with
should be able to answer without hesitation both two sides, Front and Back.
this question: When studying, Anki will show you the front
Q. Who was the first Roman Emperor? side of that card (top part of Figure 3). Then,
A. Gaius Julius Caesar Augustus. when you click on Show Answer it will show the
Figure 3: This is what the and its opposite: other side (bottom of Figure 3), plus buttons to
question and answer created Q. Who was Gaius Julius Caesar Augustus? declare how easy it was to remember the
in Figure 2 look like when A. The first Roman Emperor.
studying Linux with Anki. This is even truer when studying languages:

Figure 4: The Anki card-review management panel, with


more options than most people will ever use.

76 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


ANKI LINUX VOICE

answer. The button you press will determine how Its only problem is the one I already mentioned: Fig-
much time will pass before Anki shows you that ure 2 actually creates one “Basic” note, that is a
card again. The intervals can be changed, of data structure which just by coincidence generates
course, and you can change the status and just one card with two sides, thus continuing (to-
many other parameters for each card in the gether with the lack of current, clear documenta-
More menu of Figure 4. tion) to hide the true power of Anki.
Besides text and images, you can insert math Until now, that is. I’ll show how to create a more
formulas in your cards by typing them in TeX for- sophisticated note that can generate two comple-
mat (e.g., \(\sqrt{x}\)" to add the square root of x) mentary cards by entering the corresponding data
selecting that text, and pressing the button labeled just once. For simplicity, the data will be French-to-
fx in Figure 2. Anki will add the formula, nicely type- English word pairs, for a French language course.
set with the MathJax system [8]. A similar proce- From the Anki main window click on Add, select
dure is available for chemical equations [9]. You Basic (and reversed card) as the note type, and then
may use LaTeX to insert the same type of content, click on Fields, as shown in the top left of Figure 5.
and even musical notation, but at least for formulas In the Fields pop-up window (bottom-right cor-
and equations, MathJax (which is integrated in ner of Figure 5), delete any preconfigured fields
Anki) would be a zero-setup solution more than ad- and add three new ones: one for French words,
equate to the task. one for their English equivalents, and (just as ex-
The interface of Figure 2 is very simple to use, ample) one for the corresponding page of your
even if you want to use audio or video in your cards. French-to-English dictionary.
Then, click on Cards to configure
the templates of all the cards that
Note type can generate. As you can
see in the top-left corner of Figure 6,
the note I chose has two card types:
The first is for what I will call “direct”
questions, which in my case would
ask the English translation of a
French word. The second would be
for the “inverse” question, French
terms for English words. For both
card types, you must define what to
show on the front and back sides.
Looking at the Back Template panel
of Figure 6, you can see that the back
(the answer side of each card of this
type) will have the same content as
the front side, followed by a two-line
answer containing the English
Figure 5: Configuration of an Anki note (not card!) for a specific topic
begins by defining its fields.

Figure 6: After note fields, you must configure the templates of the cards Figure 7: The same operation shown in Figure 6, but for the reverse ques-
that will display them. tion and answer of an Anki note.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 77


LINUX VOICE ANKI

others and never show the two cards of each note


back to back. Besides, you could further help your
memory by customizing every side of every card
in different ways, for example giving a blue back-
ground to English-to-French cards, and a red
background to French-to-English cards.

Cloze and Image Occlusion Notes


Two other very important note types are those for
Figure 8: Once the templates for all the cards of a note type “clozes” and “image occlusions.” The clozes are
are ready, you can generate as many of those notes (and notes in which you can select and hide the part or
cards) as desired. parts of text that constitute the answer to a ques-
tion. Instead of a basic Q&A card such as this:
translation of the French word and the corre- Q. What is the last name of the inventor of the
sponding page in the dictionary. Linux kernel?
Figure 7 shows, as you can see by comparing A. Torvalds.
the Card Type value with the one of Figure 6, the You can create a note whose card looks like this:
front and back template configuration of the other
type of card supported by the Basic (and reversed Linus [...] invented the Linux kernel.

card) note type: As expected, it’s the same struc-


ture, just with inverted fields. The answer is obviously the same in both cases,
When the template configurations are done, you but the cloze version allows you to add more con-
can click on the Add button in the main Anki win- text. Besides, you may use more clozes, hiding
dow as many times as desired and, after selecting more than one part of the text in the same card.
the right note type, enter all the French/English To create a cloze note, select the corresponding
word pairs you want to memorize with Anki. The note type in the same panel shown in Figure 5,
screenshot collage of Figure 8 shows the three write the whole text of the note in the Front field,
pairs I created for this tutorial: Bonjour/Hello, Ami/ and any additional text in the Back field. Then, se-
Friend and Merci/Thanks. The two screenshots in lect the text you want to elide and click on the […]
Figure 9 show how Anki creates two distinct cards button in the same panel. Assuming you had writ-
from the same Ami/Friend note. ten this sentence in the Front field:
Summing up, cards are what you actually use
when studying with Anki, but they are generated Linus Torvalds invented the Linux kernel.

on the fly from notes prepared in advance.


Thanks to this architecture, you can define and and then selected for clozing the word “Torvalds,”
update all the raw data about a fact just once, Anki will mark that word in this way:
but reuse every “side” it has only where and when
you actually need it. Linus {{c1:Torvalds}} invented the Linux kernel.

Figure 9: The two specular Thanks to this, if your brain remembered Eng-
cards generated by the sin- lish-to-French translations much more easily than and hide it whenever it presents you the correspond-
gle note created for the French-to-English ones, Anki could show you the ing card. To hide more words, just repeat the pro-
Ami/Friend word pair. French-to-English much more frequently than the cess. As in the French language example, it is possi-
ble to create multiple cards from the same note by
adding more clozes. A cloze note with this text:

{{c2:Linus}} {{c1:Torvalds}} invented the Linux

kernel.

will create two cards, the first hiding only “Tor-


valds” and the second will only hide “Linus,” be-
cause “Linus” has the successive cloze index (c2
instead of c1). If both words had the same index,
Anki would create only one card, hiding them both.
Image occlusion (IO) notes perform the same
task as clozes, but hide parts of images (instead of
sections of text) with a rectangle, ellipse, or polygon.
Quoting from the Anki documentation, this is “espe-
cially useful when studying material that heavily re-
lies on images, such as anatomy and geography.”

78 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


ANKI LINUX VOICE

To create IO notes, choose the corresponding Linux Distributions::Debian and one called Linux
note type, load into the note the image that should Distributions::Slackware would be two sub-
be occluded, and then use the additional buttons decks of the upper-level deck about Linux
that appear in the Anki note editor to hide as distributions.
many parts of the image as desired and also add That said, with Anki it is important to not get
captions. Then, click on the Image Occlusion Mode carried away with partitioning decks in smaller
button, to the left of the button with the cursor, to sub-decks, for the simple reason that the smaller
choose between Hide All, Guess One and Hide one, a deck is, the more predictable the order of its
Guess One. The first mode hides all the areas you cards become. You may end up memorizing the
masked and reveals them one at a time; the sec- order of the answers and find yourself unable to
ond only hides one area. remember all of them separately.
The right way to classify your notes in any way
Card and Note Maintenance you want without this problem is to give each of
Anki includes a card and note browser with two them tags (compare with the bottom of Figure 2),
separate views, one for notes and one for cards. which you can then organize into trees as desired
Both views, distinguishable by the different col- by dragging and dropping them onto each other in
ors of the view selector, are partially visible in the the browser shown in Figure 10.
collage in Figure 10, where you can also check
that the data I entered for the sample French lan- Anki Data Formats
guage course indeed produced three notes and At the beginning of this article, I observed that I
six cards. really like how Anki saves and exports its internal
As soon as you have more than a 100 notes, data, because it makes it easy to automatically
you should check the browser regularly to see create or analyze how many flashcards I want, in
how many notes or cards are in each state, many ways.
change the state, or add flags and tags to orga- Here is what I mean: Your Anki user profile con-
nize them better. The browser is also the place tains, besides a directory for compressed back-
where you can arrange cards or notes in different ups in ZIP format, another directory called collec-
orders, or search all the those that contain spe- tion.media and two files called collection.anki2
cific text, even saving the most frequent searches and collection.media.db2. They are nothing other
with custom names. than two single-file databases in the SQLite3 for-
mat that are fully supported on all operating
Anki Decks and Tags systems.
As powerful as notes are, if they were the only way This means that you can restore them with any
Anki had to organize content, things would get SQLite recovery tool if something bad happens
very messy as soon as you tried to study more (and if it does, Anki will let you know!). Besides, if
than one subject. you aren’t satisfied by all the reports that Anki gen- Figure 10: The Anki browser
In practice, this is no problem because Anki lets erates (see Figure 11), you can create your own by is the one-stop shop where
you assign any notes and their cards to one or directly querying those databases, even aggregat- you can keep all your notes
more decks, regardless of the note type, and also ing the statistics of multiple users! and cards under control.
tag them in any way desired.
Having one deck for every topic ensures that
when, for example, you need to refresh your mem-
ory about Linux administration, or whatever else
you need to know to pay the bills, Anki won’t dis-
tract you with questions about video game history
or any other hobby you may have.
Besides this obvious advantage, Anki decks have
an even bigger one if you build or customize them
yourself, rather than using decks made by some-
body else without any changes. When you assem-
ble a deck by choosing all the right questions as I
mentioned above, deciding which note is better for
memorizing each piece of information, how much
context it should have, and so on, you have already
started to learn and memorize, before having actu-
ally reviewed a single Anki card.
To make things even easier, each deck can
have as many sub-decks as desired, using two
colons as a level separator. That is, a deck called

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 79


LINUX VOICE ANKI

Equally interesting are Anki’s import and export Listing 2’s format is easy to decode: After a
capabilities, both accessible from the File main simple, self-explaining header, there is one note per
menu. You can export just one deck or all of your row, with tab-separated columns that contain note
user profile as ZIP archives, which you can share type, deck, fields, and tags. The reason why this
with other users with the .akpg (Anki package) makes me happy is that if this format is easy to
suffix for decks and .colpkg (Anki collection pack- read, it’s also easy to write! In other words, it would
age) for your whole profile. be quite easy, with the tons of text-processing tools
But you may also export (and subsequently im- available on Linux, to generate a separate deck for
port in any another Anki instance) all your notes in each student of a entire course, and that’s just one
plain-text format, and this is the part I really like. use case. Aren’t open formats wonderful?
To see what I mean, check out Listing 2, the Anki
export file of all the notes I created for this tutorial, Conclusions
telling Anki to include everything but the unique The distinction between cards and notes should re-
note identifier it uses internally. ally be explained better in the documentation and

Listing 2: Anki Notes Export, Plain-Text Format


#separator:tab
#html:true
#notetype column:1
#deck column:2
#tags column:8
Basic (and reversed card) Custom Study Session Bonjour Hello 12 languages
Basic (and reversed card) Custom Study Session Merci Thanks 35 languages
Basic (and reversed card) Custom Study Session Ami Friend 34 languages
Cloze anki-test-deck Linus {{c1::Torvalds}} invented the Linux kernel. Torvalds
Image Occlusion anki-test-deck {{c1::image-occlusion:ellipse:left=.4278:top=.1498:rx=.0692:ry=.042:oi=1}}<br>{{c0::image-o
cclusion:text:left=.2219:top=.3399:fill=rgb(0,0,0):text=Who's this?:scale=1.:fs=.0853:oi=1}}<br> "<img
src=""20240926_083104.jpg"">"

Figure 11: The only problem with the Anki statistics about your study may be how many of them there are.

80 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


ANKI LINUX VOICE

presented better in the interface. I hope this article really match your needs, or if you don’t regularly re-
helps to clear up this matter. In addition, the online fine the content of your decks.
documentation available at the time of writing With this advice in mind, I think anyone who
did not always match the Anki version I reviewed feels overwhelmed by how many things they
(24.06.3): For example, it listed different card should remember should at least give Anki a
states than the ones I saw in the Anki browser. serious try. Q Q Q
Anki has lots of add-ons of all sorts, but for a tool
like this I would recommend to not looking at them Info
before becoming really familiar with the note/card
[1] Anki: https://apps.ankiweb.net/
duality and all the basic functions, lest you find your-
self playing with gadgets and statistics more than [2] “Augmenting Long-Term Memory” by Michael
actually learning from your cards. I mean, notes. A. Nielsen, July 2018:
http://augmentingcognition.com/ltm.html
On the same note, as good as Anki is at manag-
ing flashcards, all its functions and all the statistics [3] AnkiDroid Flashcards: https://play.google.
in Figure 11 (and that’s just some of them!) will do com/store/apps/details?id=com.ichi2.anki
very little for you if you don’t get into the habit of [4] Anki web interface: https://ankiweb.net
using Anki regularly, with schedules configured to [5] Spaced repetition:
https://en.wikipedia.org/wiki/Spaced_repetition
The Author [6] “What is the difference between a card and a
note?” (2015): https://www.reddit.com/r/Anki/
Marco Fioretti (https:// comments/3x58fb/what_is_the_difference_
mfioretti.com) is a free- between_a_card_and_a_note/
lance author, trainer, and
researcher based in [7] “Note vs Card???” (2023): https://www.reddit.
Rome, Italy, who writes com/r/Anki/comments/17s355r/note_vs_card/
about digital rights issues [8] MathJax: www.mathjax.org
at https://mfioretti. [9] Chemical equations with MathJax:
substack.com. https://mhchem.github.io/MathJax-mhchem/
LINUX VOICE FOSSPICKS

FOSSPicks Nate explores some top FOSS tools, including the latest
Sparkling gems and new
releases from the world of
Free and Open Source Software

Gnome desktop, a slick 3D model viewer, LibreQuake,


and a neat currency converter. BY NATE DRAKE
Desktop environment

Gnome 47
n September 18, the redundant Videos folder. I also Gnome Calendar also contains numerous bug fixes and

O Gnome Community re-


leased the latest version
of the desktop, codenamed “Den-
noted that the Other Locations
bookmark is no longer there. All in-
ternal drives are listed in the side-
an improved layout for displaying event details. Some new
Gnome Circle apps have been added including the Mast-
odon client Tuba, which I reviewed last month, as well as the
ver.” The top-billed new “Accent bar instead. The release notes also currency converter Valuta, which is covered in this issue.
Colors” feature is underwhelming state that file searching has been Gnome also now works better with Remote Desktop
to Ubuntu users, given the OS has improved in that users will see an sessions, because these can now be automatically resumed
supported this since 2022. Still, info button if trying to search a even when cut off. Dialogs have been modified to work
it’s easy to access via Gnome set- location that isn’t indexed or a re- better with narrow screens and now display clearly defined
tings and was the first change I mote folder. This provides more buttons. When creating a new folder in Pictures, I noted that
made when testing Gnome 47 in contextual information, though it the dialogs also follow custom accent colors. Open and
a daily build of Ubuntu 24.10. doesn’t speed up the search. Save dialogs have received an upgrade and now support
The Nautilus file manager has A number of other Gnome zoom, reordering, preview, and even renaming files.
also been overhauled. Tradition- apps have also been updated. Special mention should also go to Gnome Control Cen-
ally, bookmarks to Home folder The Gnome Web browser, Epiph- ter, which has an upgraded Add User dialog. This now en-
locations such as Documents and any, has a new bookmarks side- forces the password requirements found in the configura-
Pictures couldn’t be removed. This bar to make bookmarks easier to tion file in /etc/security. When creating accounts, you
is now supported and I put it to search and navigate, as well as can still choose to set a password immediately or upon
good effect to remove the an auto-fill feature for forms. login. Gnome’s Disk Usage Analyzer also apparently has
a refreshed interface with a modernized file list, updated
icons, and a new look for the location bar. However, when
I checked the app against the version in my Ubuntu 24.04
virtual machine, I couldn’t noticed any appreciable differ-
ence beyond a slightly more compact interface.
Beneath the hood, Gnome’s online accounts feature now
supports automatically completing IMAP/SMTP configura-
tion details when users enter an email address. Email, Cal-
endar, and Contact Information have been added for Mi-
crosoft 365 accounts. Gnome now also includes an experi-
mental enhanced fractional display scaling feature to sup-
port legacy X11 apps. Users can also play VR games while
using Wayland desktop sessions. The release notes also
mention the addition of the “foundations for reliable and
1. Epiphany: New browser features include a sidebar for searching and loading hardware-accelerated screen sharing” required by the pro-
bookmarks. 2. New apps: Gnome comes with new Circle apps including the mighty prietary NVIDIA graphics driver.
Mastodon client Tuba. 3. Removable bookmarks: Nautilus now supports removing If you’re excited to test the latest Gnome, you can fire it
bookmarks to home folder locations like Videos. 4. Internal drives: Instead of list- up in a supported operating system like Ubuntu 24.10 or
ing Other Locations, Nautilus now displays all internal disks. 5. New dialogs: These Fedora 41. At the time of writing both these operating
now have a cleaner, improved layout and follow Gnome accent colors. 6. Informa- systems are in beta. Make sure to wait for the stable re-
tive search: Gnome now alerts users who try to search in non-indexed or remote lease if you want to use Gnome 47 as your daily driver.
locations. 7. Persistent connections: Remote login sessions that are disconnected
for any reason can now be resumed. 8. Accent colors: Although already supported Project Website
in Ubuntu, this feature is now simpler to access. https://release.gnome.org/47/

82 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


FOSSPICKS LINUX VOICE

System cleaner

Czkawka
’ve always felt one of the previous version (6.10) is also

I blessings of Linux is that


the operating system
doesn’t need regular defrag-
available via Flathub. After in-
stalling libfuse2t64 I was able to
launch the Czkawka AppImage.
mentation or cleanups. Code The top pane allows you to set
tends to be designed efficiently Included Directories, such as
and commercial bloatware is your home folder. There are also The Czkawka interface is simple, offering options to locate large/
mercifully absent. Still, no mat- tabs for Excluded Directories, duplicate files and then compare or remove them.
ter which OS you use, you can which by default include key
experience poor performance system folders such as /run. started looking for similar images. The utility listed all of
due to duplicate or redundant You can use Item Configuration them in a split second.
files cluttering up your hard to allow certain extensions, as The main pane lists search results. There’s a conve-
drive. Czkawka, whose name well as exclude certain items. nient checkbox next to each file that you can click, and
derives from the Polish word For example, files in the Trash then you select one of the buttons to delete, move, or
for “hiccup,” tries to resolve this aren’t included in searches. save. If you select multiple files, you can also create sym-
in the same way as other de- The search options in the left- links or hard links. Hover over each button for a more de-
cluttering utilities like hand pane are all logical, such as tailed tooltip explanation of what it does. Special mention
BleachBit. the search for duplicate files, should go to the Compare button which opens a more de-
There’s both a command-line empty directories, and large files. tailed file view to check that the files really are duplicates.
version and a GUI version using You can use the arrow keys at
GTK4. The main GitHub page of- the top and bottom of the pane
fers precompiled binaries of the to see further options such as Project Website
latest version (7.0.0). The Similar Videos. I decided to get https://github.com/qarmin/czkawka

File visualization utility immediately using color cod-

see
ing: For example, comments
appeared in green and objects
in blue. I was particularly im-
pressed to see that the None at-
o quote the project tribute for objects appeared in

T page, the overall goal of


this utility is to offer a
“visually appealing way to view
a different shade of blue, mak-
ing assigned attributes easier
to read.
various file types directly in You’ll have similar joy with a
your console.” Of course there Markdown file. After installing
are many terminal apps per- Terminator, I had see load up a
fectly capable of doing this, sample file, which once again
such as the trusty vi and nano, makes good use of color coding.
but see goes above and beyond Main (h1) headings are in teal, Though it can’t always display animated images such as Nyan Cat,
by offering syntax highlighting. secondary (h2) headings are in see offers superb syntax highlighting for code and Markdown
It can also load images and hy- green, and so on. Regular text is documents.
perlinks where supported. gray, but I noted code and lists
See can be installed using a are highlighted in yellow. developer does caution that this feature isn’t
curl script. You can also down- I decided next to put see’s im- supported in every terminal program. The
load Linux binaries from the age-loading skills to the test. project page also states that see is still in the
project page or install the utility After trying to load a GIF of Nyan alpha stage, so these kinds of bugs are to be
using Cargo. The syntax for see Cat in my chosen terminal utility expected. The utility nevertheless offers an
is extremely simple. For in- (Terminator), the image only intuitive way to navigate code and Markdown
stance, to view the code for my loaded as a still frame. The same documents.
Python script adventure1.py, I thing happened in Guake. When
simply provided the filename using Gnome Terminal, bars ap- Project Website
after see. The code loaded peared across the image. The https://github.com/guilhermeprokisch/see

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 83


LINUX VOICE FOSSPICKS

RSS terminal reader

CAST-text
latforms such as Face- defaults to BBC News. However,

P book, Instagram, and Pin-


terest may have depre-
cated their RSS feeds in favor of
you can change this to other
RSS feeds using the -rss flag.
For instance, I was able to ac-
ad-filled, short-form videos, but cess Linux Magazine‘s feed
RSS isn’t dead. In fact, as a jour- running
nalist I find these types of web CAST-text displays the
feeds far superior when it comes cast-text -rss https://U title of RSS news feeds The project page lists ambi-
to assimilating large amounts of www.linux-magazine.com/rss/U in the left-hand pane. tious plans for future develop-
news. Developer Edi Piqoni feed/lmi_full Use the arrow keys to ment including importing non-
clearly feels the same way, hav- load the story text on RSS news feeds such as CNN.
ing developed this handy utility. Once the news loads you can the right. Still, this is another great exam-
I had no joy with the instruc- use the up and down arrow keys ple of a single program that does
tions to download and run CAST- to switch between story titles on one thing very well, so there’s no
text via Go. However, precom- the left-hand pane. The story text particular need for this. My only
piled binaries are available for a itself is displayed on the right. You complaint is that, despite trying
number of platforms including can use the right and left arrow to open the utility via the fish in-
Linux. After extracting the ar- keys to scroll up and down the ti- teractive shell, all the text re-
chive and using chmod a+x to tles. Scrolling via trackpad is also mained stubbornly black and
make the program executable, it supported. Press Enter at any time white.
can be run directly in the termi- to launch the corresponding news
nal. As an Englishman, I was de- article in your default browser. Use Project Website
lighted to see that CAST-text q to exit the utility. https://github.com/piqoni/cast-text

3D-model viewer

Exhibit
’ll never forget the first time I lists instructions on the GitHub

I tried to contend with 3D


models. I’d found a rendering
of some classic walkie-talkies as
page on how to clone and com-
pile from source.
After installing the Flatpak via
used in the TV series Stranger the terminal, I was gratified to
Things. I duly sent the files to a see that Exhibit had a dedicated
company that specialized in 3D icon in Ubuntu’s Activities. This Exhibit has a light foot-
printing, only to find they couldn’t saves having to run via the com- print but offers multiple edges and/or spheres and then
open them. It was only then I dis- mand line as I had to do for the viewing options includ- define their width. The Model tab
covered the plethora of formats other Flatpaks I reviewed for the ing grids and customiz- allows you to fine-tune the mate-
for 3D models, not to mention column this month. As a Gnome able backgrounds and rial and color of the model. I had
the various software and in- App, the user interface is well colors. the most fun with the Scene tab,
browser solutions for previewing spaced and simple to navigate. which lets you display the grid as
them. On first launch, you can click well as choose from one of a
Exhibit offers a lightweight so- Load to navigate to your chosen number of image backgrounds.
lution to do this. It’s powered by 3D model (in my case a render- You can also customize a back-
the same library as the F3D ing of the Scottish steam ship ground color. Exhibit also sup-
viewer, so it supports diverse MV Spartan). ports exporting models in PNG
model formats including FBX, Once the mode loads, Exhibit format.
glTF, OBJ, PLY, STL, STEP, USD, defaults to the Render tab. From
and Alembic. Binaries are cur- here you can toggle options such
rently available from Flathub as rendering and anti-aliasing. Project Website
only, though the developer also You can also enable showing https://github.com/Nokse22/Exhibit

84 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


FOSSPICKS LINUX VOICE

Voxel game engine certainly wasn’t true for my vir-


tual machine, which didn’t play

Minetest well with Minetest’s use of


OpenGL. But the Flatpak
opened immediately when run
ince 2010 the developers on my bare-metal install of

S of this voxel game-cre-


ation system have been
putting Mojang to shame
Ubuntu 24.04. Installs are also
available via OS repositories,
though the developers recom-
through offering a free and open mend adding the PPA to ensure
source alternative to Minecraft. you have the latest version.
Although the name has become RPM binaries are also available Minetest now promises superior rendering, volumetric lighting, cus-
synonymous with the Minetest for the likes of Fedora or tomizable wear bar colors, and faster custom map-loading times.
game itself, the software actually openSUSE.
offers a variety of titles. This in- On first launch you’re presented Minetest has also now introduced new APIs that can
cludes the more interactive Vox- with a browser listing the available take advantage of a separate mapgen thread. This means
eLibre, which offers monsters, games to install. After choosing Lua mapgen code will no longer be executed on the same
animals, and a greater range of Minetest, I was immediately able thread as the rest of the game, which should improve
options than its more sterile to join a server and promptly fell loading times for advanced/custom maps. The bone
sandbox twin. down a blocky ravine. Less inept override API can now apply overrides to the animation
The most recent version players may get a chance to expe- and interpolation of properties, which should allow mod-
(5.9.1) incorporates some excit- rience Minetest’s latest “god rays,” ders to create smoother procedural animations.
ing new features, including a also known as volumetric lighting. Most importantly, wear bar colors are now fully cus-
supposed improvement in ren- This ostensibly gives developers tomizable, meaning rainbow pickaxes can finally get the
dering performance. According greater artistic control of the envi- wear bar they deserve.
to the developers, this may ronment, though they must install
yield a significant improvement the relevant mod and enable the Project Website
on some hardware. This feature to use it. https://www.minetest.net/

Currency converter you can use the Preferences

Valuta
menu to switch to alternate
sources such as Moeda.info or
Google Finance, though the app
warns the latter is unstable. I
eaders of FOSSPicks will found proof of this after trying to

R know I’m a huge fan of


Gnome apps, given that
the code of conduct requires
display Bitcoin conversion rates
when the app initially failed to
load the current rate in USD.
they be both functional and offer Any changes you make to the
a simple, clean interface. This configuration are saved for when
app, which means “currency” in you relaunch the app, which I no- Valuta has a clean interface to convert and switch between
Italian and several other lan- ticed when exiting to resolve the currencies. As the app warns, Google Finance support is still buggy.
guages, is an excellent case in Bitcoin dilemma. On the plus
point. side, this means that Valuta also Bitcoin (BTC) and Litecoin (LTC)
Currently binaries are only saves any amounts you con- are also listed as-is, given they’re
available via Flathub. Still, upon verted. Upon clicking the drop- not issued by any one state.
first launch it’s clear why you down menu, there’s a search box Special mention should also
might opt for this over just for available currencies that’s go to the button in the center
googling “X USD in GBP” via useful if you know the country screen (keyboard shortcut
your browser. Simply enter your but not the name of their mone- Ctrl+S) that allows users to
chosen amount in the top field tary unit. For instance, typing quickly switch between curren-
and then choose the relevant “Kuwait” lists the country, its cies if they, like me, have a habit
currency from the available alpha-3 ISO code, and the cur- of entering the wrong values in
drop-down menu to begin. rency “KWD – Kuwaiti Dinar.” The the wrong fields.
By default Valuta uses the one exception to this I found was
open source Frankfurter API for the Peruvian Sol, which is listed Project Website
currency conversion. However, as just “Sol” for some reason. https://github.com/ideveCore/Valuta

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 85


LINUX VOICE FOSSPICKS

Free Quake engine content

LibreQuake
here are few gamers who beta. Like

T haven’t played id Soft-


ware’s 1996 sequel to the
first-person shooter Doom. Such
Freedoom, the
project fo-
cuses on raw
was Quake’s popularity that the data, and a
developers open sourced the compatible en-
game engine in 1997 under the gine is re-
terms of GPLv2. This allowed the quired for play.
gaming community to refine the The GitHub
code and add new features. page contains I only encountered two classes of LibreQuake’s monsters. While admittedly lethal, the
Forks appeared pretty much im- both the full graphics for both felt unfinished.
mediately. As with Doom, how- version of all
ever, the game assets were still playable level files, as well as a “not quite Quake but feels pretty
proprietary so someone would mod archive sufficient to get right.” This is clearly something
still need to legally purchase the LibreQuake working on most on the developers’ minds, given
original game files to take advan- modern source ports. the main website has a very
tage of any open source engine. I followed the site recommen- lengthy licensing section cau-
Retro gamers will be familiar dation and installed the open tioning creators not to simply im-
with how the community source engine QuakeSpasm, itate real Quake assets to avoid
squared this particular circle which from what I gleaned on copyright infringement. On first
with the Freedoom project. This Reddit is best for a hassle-free launch, the game presents a
involved releasing new IWAD vanilla play. The version of the Start portal that leads to a
(level) files containing third- engine in the Ubuntu Snap store choice of different “episodes.”
party graphics, music, and failed to launch, but I had no Upon entering the portal, the
sound effects. This effectively trouble installing it from the re- game acts as if you have com-
created an entirely free game positories via the terminal. pleted a level displaying scores.
provided it’s played using an Launching the game was as sim- You need to tap the space bar to
open source engine like Choco- ple as extracting the full Libre- load the level in question. The
late Doom. Quake archive, using cd to navi- end result is something of a
LibreQuake has similar aspira- gate to the directory and then mixed bag: Level layout itself is
tions. Since 2019 the developers running quakespasm -f. The en- well designed and the wall tex-
have focused on developing a gine automatically found the id1 tures are just so. WASD move-
free software drop-in replace- folder to load levels and assets. ment worked effortlessly, and
ment for Quake 1. Sadly it’s not As I was browsing the Quake items I picked up were added in-
as mature as Freedoom, given subreddit, I came across a poster stantly to the inventory.
the latest version (0.07) is still in who described LibreQuake as LibreQuake really falls down
though when it comes to ene-
mies. Admittedly I only played
Episode 2 in any depth. Still, the
first bad guys I encountered
were somewhat jerky. I wasn’t
quite sure what to make of the
second enemy, which seemed
to resemble a rainbow-colored
troll, it nonetheless dealt a
great deal of damage from
launching some kind of explo-
sive at my head. Currently
there’s also no in-game music,
though I noted QuakeSpasm
can play external files.

LibreQuake’s textures and weapons work flawlessly. Currently there are five levels – press the Project Website
space bar to load after entering a portal. https://librequake.queer.sh/

86 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


FOSSPICKS LINUX VOICE

Hosted hypervisor

VirtualBox
ince 2008, Oracle’s cross- for a newly created VM. This pres-

S platform virtual machine


(VM) manager has been a
godsend for developers, hobby-
ents dedicated Basic and Expert
tabs. In short, the Basic mode re-
moves options for more advanced
ists, and even tech journalists settings such as serial ports and
such as myself for running guest VM folders. VirtualBox’s Prefer-
VMs. The latest version, Virtual- ences have similarly been updated VirtualBox now comes with an overhauled UI offering a limited Basic
Box 7.1, was released on Sep- with more advanced options such mode that removes advanced VM settings and preferences.
tember 9 and is described on the as setting proxies removed from
main website as a major update. the Basic tab. recording feature has been overhauled, making it
Sadly, nested virtualization is There’s good news for Linux much more efficient.
still not supported so I wasn’t able users, because VirtualBox now If you’re accessing Linux using a recent macOS host, ARM
to test all features in my Ubuntu finally supports sharing clip- virtualization for Linux and BSD VMs is now supported. NAT
24.04 VM. Still, the version 7.1 .deb board data on Wayland ses- now also comes with a new engine with IPv6 support. The
package installed without issue. sions for both hosts and guests Oracle VirtualBox Extension Pack, which is necessary for
On first launch, it’s clear to see on the OS. File transfers are certain features such as RDP support and disk encryption,
what Oracle describes as the also now supported between has been updated to use Personal Use and Evaluation Li-
“modernized” look and feel. The UI, Linux and Windows hosts/ cense (PUEL). The evaluation option has been removed,
which now uses Qt 6.5.3, presents guests, once the newly up- meaning the license terms must be agreed to immediately
a choice between “Basic” and “Ex- graded “Guest Additions” are in- on use. VirtualBox itself remains FOSS under GNU GPLv3.
pert” modes. I wasn’t able to see stalled. If you do choose to do
much difference between the two this, you’ll discover that the en- Project Website
until launching the Settings menu coding pipeline for the screen https://www.virtualbox.org/

File permissions viewer

Concessio
’m of the belief that if you’ve file permissions work in Unix

I never encountered a file per-


missions error, you’ve never
used Linux. True, there may be
systems.
The help section begins by ex-
plaining the principal parties to
experienced Unix programmers whom permissions are assigned
out there who always know their (Users, Groups, and Others). It
chmod from their chown and can re- then discusses the types of per- While the interface is basic, Concessio is perfect for working out
solve permissions issues in a missions (Read, Write, and Exe- what file and folder permissions to assign in the terminal.
flash. For the rest of us, there’s cute) as well as explaining how
Concessio. these can be represented both symbolic format. The default setting is 664, which al-
Developer Ronnie Nissan as a string of 10 characters or lows the owner and group to read and write to the file
notes on his GitHub page that numerically using three digits. but not execute. Others can only read the file. If this isn’t
the purpose of this app is to While this is obvious to experi- to your liking, you can make use of the toggle buttons
“Understand File Permissions.” enced Linux users, Concessio beside each party to change the permissions. For in-
Currently it’s compiled only as a details how the positioning of stance, you can toggle read, write, and execute to all
Flatpak. On first launch, I no- characters matters when it parties to give the famous 777 or rwxrwxrwx. There’s a
ticed that this Gnome App was comes to assigning permissions. copy dialog next to both sets of values to allow you to
faithful to the project’s goal of It also provides an example of a easily paste into the terminal. The Open button at the
offering apps with a simple in- chmod command. top left allows you to access a file and view its current
terface. If you’re new to Linux, I If you return to the Concessio permissions.
recommend first launching main screen at this stage, you’ll
Concessio’s help page, which see an example of file permis- Project Website
discusses in more detail how sions in both numeric and https://github.com/ronniedroid/concessio

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 87


LINUX VOICE TUTORIAL – LEGACY VIDEO GAMES

Preserving legacy video games

Bringing Back the ’90s


People born in the late ’80s and early ’90s often have a sizeable collection of old
video games gathering dust at home. Systems capable of executing these are,
however, becoming scarce. This article explores the options for archiving old PC
games and running them on modern systems.

h, the late ’90s! The time just before the

A
BY RUBÉN LLORENTE
break of the new millennium was the Why Make the Effort
golden age of video games, at least for
Many retro games are still available for pur-
nostalgic microchip heads such as myself. This
chase in one form or another. It’s therefore
era represents a sweet spot in which computers worth considering why you should make a
were powerful enough to represent 3D environ- backup of an old retail version of a game,
ments, display decent graphics, and play high- considering you could just buy it again for
quality soundtracks. Still, the video game indus- less than $5 if the CD you have were to break.
try had not evolved yet into the greedy machine The GOG.com [1] store maintains an enor-
it eventually became, inventing aggressive mon- mous catalog of retro PC games, and they
etization schemes and coming up with in-game support the available titles so they can run
purchases, loot boxes, or intrusive digital rights on modern operating systems. The over-
management (DRM) mechanisms. Back then, whelming majority of their games are DRM-
the usual way of obtaining a video game for free. Why aren’t these an option?
your PC or game console was to (gasp!) walk up The main reason is that what is often found
Figure 1: A collection of PC to a store and purchase a physical copy. A PC for sale is not exactly the retail version you
video games from the late game would take the form of a CD (or many, for have, and the retail version you have is actu-
1990s and early 2000s. large titles) which contained all the required ally not for sale at all. This is especially no-
Many of these titles are not data to install the software and play. No Internet ticeable when you purchased non-English-
available in retail form any- connection was required. language games as a kid: The studio that de-
more due to licensing and I am the sort of person who keeps old stuff veloped the game back then may no longer
trademark issues. around forever and does not toss it into the trash hold the rights for the translations, which
means Spanish, French, etc., versions of the
game aren’t available anywhere for purchase.
If you have a retail version in your language,
you may as well treat it as irreplaceable.
Quite often, studios which released a game
back in the late 1990s or early 2000s ended
up releasing one or more modern, updated
versions later. The newer version is usually
easy to find, because old versions are
dropped and all effort goes into supporting
the most recent one. An example that comes
to mind is Imperivm III, a game which was
very popular in Spain. The HD remaster is still
for sale, but no seller carries the original any-
more. These upgraded versions may contain
gameplay changes you are not on board
with, however, so if you liked the old iteration
of the game, the only way to ensure you can
play it in the future is to archive it yourself.

88 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


TUTORIAL – LEGACY VIDEO GAMES LINUX VOICE

bin so long as it is in working order. Therefore, I suitable for the task, but fear not, because I will ex-
have a meaningful collection of PC games in a amine useful alternatives in this article.
vault (Figure 1). While reorganizing my storage
space, it occurred to me that many of these Backing Up
games aren’t easily playable on modern comput- The gold standard for backing up a CD into an
ers – the ones I can realistically obtain – despite image is, without any shadow of doubt, cdrdao [3].
being in an excellent state of preservation. This It can generate an image from any healthy CD
thought immediately set me on a quest to find out
how to enjoy these gems from the golden age and
how to preserve them for the future (for more on Copy Protection
why, see the “Why Make the Effort” box). By the end of the ‘90s, the video game industry had entered the dark
ages. Reproducing and distributing illegal copies of CDs at scale had
The Problems become cheap, and publishers considered that it was time to prevent
There are two tasks to complete when you decide users from making full copies of the games. Copy protection was born.
to archive a video game for posterity. The first is (See more about PlayStation games in the “What About PlayStation
saving each title in question in a format that is Games?” box.)
easy to replicate (for backup purposes) and also There were many copy protection mechanisms for CDs. Some of them
easy to run the game from. The second is pre- were crude, such as pressing the retail copies of the game with large
serving or simulating a system capable of running amounts of defective sectors. The idea was that domestic optical read-
the game in question, because you often can’t in- ers would error out while trying to make a backup image and encounter-
stall a game from 1995 on a modern operating ing so many broken sectors. Other anti-copy mechanisms were a bit
system (OS) directly. smarter, and CDs would be pressed with a small number of defective
Saving an early game CD to your hard drive is sectors with manipulated error-correction data. When playing the game
not a complex task. Publishers of old games from the original CD, the game would scan the CD for the defective sec-
weren’t worried about people making full copies of tors, whose position was known, and refuse to play if such sectors
the games. Instead, they were concerned about weren’t present. However, when trying to image or copy the CD, regular
having the games ripped, stripped of their music CD copying software would locate the bad sectors, check the manipu-
and cinematics, compressed, and distributed in a lated error correction data, interpret the bad sector as an accidental
degraded form through illegal channels. This scratch, and correct it. Therefore, any backup copy of the game would
means anti-piracy safeguards were fairly unintru- lack the defective sectors and refuse to run.
sive and didn’t prevent the user from making legiti- The most cunning anti-copy mechanisms would analyze the geometry
mate backups. Such protections could require you of the CD and use data position measurements (DPM). In a nutshell,
to keep the CD in your optical reader while you DPM allows the game to map physical sectors on the CD by measuring
played and implement some simple checks to en- how long it takes the optical reader to move from a specific sector to an-
sure you actually had the CD (such as looking for other specific sector. The game then refuses to run if the topology de-
a file in the CD or checking the CD label). Such tected this way does not match the topology of the original CD. Retail
mechanisms cause no problem if you own a retail CDs are pressed rather than burned, and domestic CD burners cannot
copy or intend to play from a legitimate backup. replicate specific topologies, which makes producing a working copy im-
possible with domestic equipment. In addition, common image formats
Most Linux users will immediately think that back-
such as ISO or BIN/CUE pairs don’t contain the topology information
ing up such a game is as simple as putting the CD
necessary to fool copy protection.
in the tray and executing as root:
The good news is that distribution of games via physical media is con-
# dd if=/dev/cdrom of=game_image.img
sidered obsolete these days, so there has been no meaningful develop-
ment in CD copy protection for a long time. Meanwhile, software solu-
tions have developed in order to beat these primitive forms of DRM. The
The command above will generate a raw image of
bad news is that breaking copy protection might be illegal in your juris-
the CD, which will act as an ISO file for all intents
diction and even giving instructions to do so may be forbidden.
and purposes. This, however, will be insufficient
when archiving games whose CDs use complex Fortunately, many game publishers have realized it makes no sense to
or non-standard structures. For example, many keep enforcing CD copy protection and are giving their customers alter-
natives to keep playing games bought in the ‘90s. For example, the pop-
games would be sold in multitrack CDs, with one
ular Warcraft III and its expansion received official no-CD patches from
track containing the video game itself and the rest
Blizzard that allowed its users to bypass CD checks, which in turn made
of the tracks containing the music (such as Age
it possible to play Warcraft III from a backup image created with conven-
of Rifles in Figure 2). The dd command cannot
tional legal tools. On the other hand, Valve will deliver many old titles to
recognize these arrangements and will often fail
you via Steam as long as you have the serial number that’s glued to the
to produce a good copy. On the other hand, many box of the original copy. It isn’t ideal, but it might be an option.
commercial games, especially around the early
If you wonder if any of your games use anti-copy mechanisms, or want
2000s, were manufactured specifically so that it
to know if there are official patches from the manufacturer, the PCGam-
was impossible to save or clone its CD (see the
ingWiki [2] is likely to offer that information.
“Copy Protection” box). Therefore, dd is not

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 89


LINUX VOICE TUTORIAL – LEGACY VIDEO GAMES

are less popular and therefore are not as well


supported as CUE is. Therefore, I find it more
convenient to use cdrdao to produce a BIN/TOC
pair and then use a converter, toc2cue, to trans-
form it into a BIN/CUE pair.
Generating a BIN/TOC pair from a CD you have
in the tray is as easy as running

$ cdrdao read-cd --datafile game.bin U


--driver generic-mmc-raw:0x20000 U
--device /dev/cdrom U
--read-raw game.toc

This procedure is likely to throw warnings about


incorrigible errors in subchannel data. These are
harmless and may be safely ignored as long as
cdrdao reports saving the image was successful.
The switches used in the above command are
explained on Table 1. The flag 0x20000, passed to
the driver, is of special importance because of an
Figure 2: Using cdrdao to create a BIN/TOC pair from an Age of Rifles CD. The CD fea- outstanding quirk. BIN/TOC pairs produced by
tures a multitrack setup: The first track contains the game itself while the rest of the cdrdao contain audio tracks which follow the
tracks contain audio. same byte order (endianness [4]) as the physical
CD. According to the documentation of toc2cue,
that does not have copy protection mechanisms
incorporated. You may install cdrdao (alongside What About PlayStation Games?
the auxiliary tools I will use) into a fresh Devuan
system by issuing the following command as Video games published for the original Play-
root: Station (also known as PSX or PlayStation
One) were often distributed as hybrid CDs with
# apt install cdrdao a data track and a number of audio tracks,
much like some PC games. Cdrdao can be
As explained earlier, ISO images are often not used to back these games up, with the same
enough to keep a proper backup. When it comes method as with PC games. Sadly, using an
to open formats, the best option is to save the image generated this way to burn a copy of
CD to the hard drive as a BIN/CUE pair. This im-
the game to a new CD is unlikely to produce a
plies producing a backup consisting of two files:
copy you can play in a real PlayStation.
a binary (BIN) file and a CUE file. The binary file
will be a raw image containing the data included Commercial PlayStation games often abused
in the original CD. The CUE is an index that lists the standards to incorporate crude copy pro-
the available data and music tracks, and the po- tection mechanisms, and a physical PlaySta-
sition of such tracks within the binary image. tion will refuse to execute a game that does
Both files are all you need when dealing with not look perfectly legit. Back in the day this led
regular CDs. to gamers to perform illegal modification on
However, cdrdao does not produce BIN/CUE their game consoles in order to play either
pairs out of the box. Instead, it produces a BIN backups or outright bootleg copies. Fortu-
file and a table of contents (TOC). The TOC is nately, images created with cdrdao may be
actually quite similar in function to the CUE file
played legally using a PSX emulator such as
as far as this article is concerned, but TOC files
PCSX-Reloaded [4].

Table 1: cdrdao Flags


--datafile Defines the output BIN file.
--driver Chooses a driver and passes options to said driver if necessary. generic-mmc-raw with
the 0x20000 option is a sane choice.

--device Select an optical reader, such as /dev/cdrom or /dev/sr0.


--read-raw Copy data as-is, including Layered Error Correction (LEC) information.

90 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


TUTORIAL – LEGACY VIDEO GAMES LINUX VOICE

the tool I will use to convert the TOC file to CUE basic steps required to run a game. Once it is in-
format, applying the converter directly will result stalled, the next step is to create a folder to use as
in a backup with a reversed byte order. Failing to your MS-DOS directory:
account for the endianness swap with mixed-
mode CDs (the ones which combine data and $ mkdir ~/DOSGAMES

audio tracks) will result in the game’s soundtrack


producing static noise instead of actual music. A crude approach for loading a game with DOS-
The 0x20000 flag forces cdrdao to make an image Box consists of passing DOSBox a configuration
using a swapped byte order so you will have a file through the command line containing instruc-
good backup after you apply toc2cue: tions to mount the BIN/CUE pair of the game. See
Listing 1 for an example.
$ toc2cue game.toc game.cue Notice that line 2 in Listing 1 mounts a BIN/
CUE pair in order to let DOSBox simulate that the
cdrdao is not capable of dealing with DVDs, but game CD is in the tray. Remember to place the
DVDs themselves didn’t become a common distri- BIN file in the same folder in which the CUE file
bution platform for software until a bit later than resides, and don’t rename either file after cre-
the period I am focusing on. Publishers who ation in order to avoid breaking the pair. Line 3
wanted to distribute a big game would rather ship mounts the ~/DOSGAMES directory as drive C:. In
the game split across multiple CDs than press it order to run the game, just launch DOSBox:
into a single DVD. In most cases, games distrib-
uted as DVDs can be backed up directly with dd, $ dosbox -conf example.conf

as in the first example in the article. Some online


resources will suggest you use isosize in order to The isosize Method
avoid generating overgrown images (see “The iso-
size Method” box), but my tests suggest this is not Common wisdom online seems to be that, if you try to use dd as in the
necessary. first example given in this article, dd will dump all the data contained in
the DVD. If there is any empty space by the end of the DVD (i.e., the DVD
Playing Your MS-DOS Games is not full), then dd will append all the empty space to the end of the
Once your games are backed up, the next step is image, meaning that if you have 3GB worth of data on the disk, dd will
to figure out a way to run them. Saving your create a 4GB file anyway. Allegedly, the way to prevent this from happen-
games will be useless if you have no platform to ing is by instructing dd to only transfer the data you need.
enjoy them on later. The first step would be to calculate the amount of data in the DVD:
MS-DOS games are actually quite easy to play in
$ isosize -d 2048 /dev/cdrom
a modern system, because MS-DOS itself has been
studied in-depth by FOSS developers. A modern This instruction would give you the number of 2048-byte-sized blocks of
clone of MS-DOS exists in the form of FreeDOS [6], available data on the disk. You’d take note of this number, and then issue:
for example, so you could execute DOS games na- $ dd if=/dev/cdrom of=image.iso bs=2048 count=$blocks

tively on it. There are also DOS emulators that run You’d have to substitute $blocks by the number of blocks obtained from
on modern operating systems. Among these, DOS- isosize.
Box is the most popular. DOSBox is a specialized Tests performed on my machines show that dd alone will transfer just
tool for running DOS games, and it has reached the required data into the image without the need for passing it a num-
such a level of maturity that commercial software
ber of blocks manually, which suggests to me the above advice is badly
vendors often distribute old DOS applications bun-
outdated. However, this advice is so prevalent that I consider it deserv-
dled with DOSBox. This emulator has also given
ing of being left here for reference.
birth to many forks that are worth a look. See the
“DOSBox Forks” box for more information.
Installing DOSBox in Devuan is as easy as DOSBox Forks
# apt install dosbox DOSBox is a popular piece of software that follows a, to put it mildly,
conservative approach to development. It has a reputation for rarely ac-
DOSBox has many interesting features, such as cepting outside contributions, and its development cycle is very slow.
the ability to interface with MIDI software devices,
As a result, many DOSBox forks have appeared. For example, DOSBox-X
but for the sake of brevity I will touch only on the
[7] is a variant with a deep feature set, capable of running even on early
Windows operating systems. In fact, the developers’ stated goal is “to
Listing 1: ~/example.conf
01 [autoexec]
eventually make DOSBox-X a complete emulation package that covers
02 IMGMOUNT E ~/game.cue -t iso
all pre-2000 DOS and Windows 9x-based system scenarios.”
03 MOUNT C ~/DOSGAMES Feel free to check the list of forks offered by DOSBox Staging [8].

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 91


LINUX VOICE TUTORIAL – LEGACY VIDEO GAMES

build a period accurate machine, install Win-


dows on it, and run your games natively. This
may work for you, but old computers and com-
ponents are in a finite supply, and retro ma-
chines are getting a bit too pricey. I have found
that most pre-Windows XP era games can be
coerced into running on Windows 7 by leverag-
ing Windows’ compatibility settings, so if you
have an old (but not ancient) computer laying
around, this might be the best short-term solu-
tion. The Windows ecosystem has plenty of
wrappers and compatibility layers designed to
run old software. For example, you may use a
wrapper such as dgVoodoo for running old games
that are not compatible with modern versions of
Direct3D. However, this is Linux Magazine, and if
you are reading this, you may appreciate a
Figure 3: DOSBox will offer Linux-centric approach.
you a classic MS-DOS envi- The traditional way of running alien programs
ronment on a modern oper- You will be offered a DOS prompt. From the prompt under Linux is to install Windows in a virtual ma-
ating system. You can you may install and run the game as you would in a chine and run the applications from there. This
mount your BIN/CUE images traditional DOS system (Figures 3 and 4). solution is lacking because virtualization solutions
and then install your games While DOSBox is quite capable of running most such as VirtualBox or Qemu/KVM either can’t
as if you were running a real popular games, workarounds and special settings emulate GPUs with 3D acceleration or make the
MS-DOS system. might occasionally be required. The support sta- process too intrusive against the physical host to
tus of games is documented [9]. If you are having be practical. Worst yet: Modern hypervisors don’t
trouble with a game, it is often worth checking the support running old operating systems officially,
official DOSBox wiki [10] for games known to run. so you are on your own if you try.
Problematic titles are likely to have detailed in- A popular Linux option is running games in
structions for playing them. Wine. In case you don’t know, Wine, which
stands for “Wine Is Not an Emulator,” is a com-
Playing Classic Windows Titles patibility system for running Windows programs
Playing Windows games from the pre-Windows natively on Linux. Wine is very complex and al-
XP era is more complex than playing MS-DOS lows you to select the Windows target version
games, and while there are many options, most for every application you intend to run, which in-
of them come with caveats and are not com- cludes pre-Windows XP versions. At first sight,
pletely satisfactory. this looks like a promising solution. However, I
Figure 4: Age of Rifles (1996) The most obvious solution for playing games have found that running certain games requires
running within DOSBox. designed for Windows 95 or 98 is to acquire or a lot of work, and you may need to become very
familiar with the tool to put it to good use. Wine
documents the applications known to run well
(or not!) in a publicly accessible database, in
which you may often find hints for executing
problematic titles [11].

Enter 86Box
As a solution, I find 86Box to be sufficient for
early Windows 95 and 98 games. 86Box is a pro-
gram capable of emulating old computers up to
the BIOS level and beyond. It lets you build a retro
virtual machine to your liking, selecting the com-
ponents you need from a vast menu of options.
Its focus is on emulation accuracy, and it’s often
recommended for people who want an authentic
experience without using a real retro computer.
Disadvantages are still many. The price you pay
for experiencing an authentic Windows 9x ma-
chine is also experiencing its many woes, such as
installing Windows, searching for drivers, and

92 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


TUTORIAL – LEGACY VIDEO GAMES LINUX VOICE

different than installing it on a real machine and


the process is sufficiently documented. Don’t for-
get to install the Windows drivers for your virtual
computer!
Figure 5: 86Box requires a ROM pack in order to run and will Performance for games is sufficient as long
suggest a download link to retrieve one. If you are running as you are using a good CPU in your host and
the AppImage, the pack will be loaded from the roms folder the games you run are not very demanding. As
in the working directory from which 86Box was invoked. a reference, I used an Intel Core i5-2467M dur-
ing my tests. Keep also in mind that some
remembering why you like Linux so much. On the games run better than others on different hard-
other hand, 86Box performs emulation on the ware platforms, so feel free to experiment. Cer-
software layer only, as opposed to Qemu/KVM, tain titles will misbehave on virtual computers
which leverages your CPU’s virtualization fea- that can cope with more demanding games
tures. As such, 86Box pays a heavy performance (Figures 6 and 7).
penalty – which won’t be noticeable when emulat-
ing low capacity computers, but will be when em- Conclusions
ulating a powerful machine without a beefy physi- Archiving old PC games is easier than it seems,
cal CPU in your host. at least up to the age in which copy protection
86Box is available in many package types, in- became prevalent. On the other hand, preserv-
cluding AppImage [12]. I recommend creating a ing the platforms those games can be run on is
dedicate folder if you intend to use the AppImage complex.
version, because 86Box is a bit messy and will DOSBox and its forks make it possible to run
use the current working directory to store its con- DOS games without need for a dedicated MS-DOS
figuration data. Therefore, to save yourself the machine. Therefore, storing images of your CDs
trouble just download the AppImage to a dedi- and keeping a copy of DOSBox is all you need to
cated empty folder, open a terminal, switch to ensure your DOS games remain playable.
that directory, and execute 86Box from there. Reproducing an early Windows platform for
In order for 86Box to function, you will need to your Windows games takes effort. Wine is com-
provide the appropriate ROMs for any hardware plex and results are mixed, but when it works, it
component you want to build your virtual PC with. offers the best performance. Modern hypervisors
This means you will have to obtain a ROM for the such as VirtualBox are not designed for retro
motherboard, the video adapter, etc. When started games and will likely not support pre-Windows
for the first time, 86Box will offer a download link NT versions of Windows. 86Box offers great em-
to retrieve the official ROM collection from GitHub ulation fidelity, at the cost of performance and
if ROMs are not present (Figure 5). great complexity. In fact, DOSBox-X might be an
A primitive machine will be launched by default adequate choice if you are willing to sacrifice
after invoking 86Box (assuming ROMs are pres-
ent), but chances are you will have to build an en-
tirely different virtual PC. You may select the com-
ponents you want your virtual computer to have
from Tools | Settings, which is a very tricky task.
There are many pieces of hardware to pick from
and the difference is not obvious for a novice. As a
rule of thumb, remember that emulating a power-
ful computer is much harder than emulating a
primitive one, so when in doubt, try to build the
less-powerful machine that can run your games.
As of 2024, it is said that a Pentium II CPU with an
early Voodoo graphics card is the most powerful
combination that can be emulated, in practice, by
86Box running on a modern consumer-grade
CPU. If you get stuck, check with the VOGONS [13]
community and see which virtual hardware con-
figuration people are using.
The final step is installing the operating system
alongside the necessary drivers. Windows 98 Sec-
ond Edition is a safe pick, as long as you have a le-
gitimate installation CD and boot disk laying Figure 6: Krush, Kill ‘N Destroy 2 (KKND2) works fine in a 86Box machine, with a virtual Intel
around. Installing Windows on 86Box is no Pentium 90MHz!

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 93


LINUX VOICE TUTORIAL – LEGACY VIDEO GAMES

accuracy for performance, because this DOSBox


fork can be pressed into running early Windows. The Author
An often unmentioned fact is that many popular Rubén Llorente is a me-
games of the past have modern FOSS engines chanical engineer whose
available. For example, games such as DOOM and job is to ensure that the
Diablo have free software engines you may install security measures of the
on Linux or BSD. Original game assets (music, IT infrastructure of a
audio, graphics) are required for these free alter- small clinic are both law
natives to run. As long as you have a backup of compliant and safe. In
the game and one of these engines available, you addition, he is an OpenBSD enthusiast and a
will be able to play these titles natively without weapons collector.
performance penalties. Q Q Q

Info
[1] GOG.com: https://www.gog.com [9] DOSBox list of supported applications:
[2] PCGamingWiki: https://www.dosbox.com/comp_list.php?
https://www.pcgamingwiki.com/wiki/Home letter=a
[3] cdrdao: https://cdrdao.sourceforge.net/ [10] DOSBox wiki:
[4] Endianness: https://www.dosbox.com/wiki/GAMES
https://en.wikipedia.org/wiki/Endianness
[11] Wine application database:
[5] PCSX-Reloaded: https://ps1emulator.com/
https://appdb.winehq.org/
[6] FreeDOS: https://www.freedos.org/
[12] 86Box releases at GitHub:
[7] DOSBox-X: https://dosbox-x.com/
https://github.com/86Box/86Box/releases
[8] DOSBox forks:
https://github.com/dosbox-staging/ [13] VOGONS retro community:
dosbox-staging/wiki/DOSBox-forks https://www.vogons.org/

Figure 7: Master of Dimensions, a graphic adventure from 1996, does not run so well for me. Notice the dismal emulation speed, at 58 percent.

QQQ

94 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


SERVICE
Back Issues

LINUX Order online:

NEWSSTAND https://bit.ly/Linux-Magazine-catalog

Linux Magazine is your guide to the world of Linux. Monthly issues are packed with advanced technical
articles and tutorials you won't find anywhere else. Explore our full catalog of back issues for specific
topics or to complete your collection.

#288/November 2024
Smart Home
If you listen to megavendors like Google and Amazon, the only path to a smart home is
through the cloud, but the Linux community has a better way. We'll show you some open
source smart home tools with no cost and no spying.
On the DVD: Rocky Linux 9.4 and MX Linux MX-23.3

#287/October 2024
Ollama
Many Linux users are intrigued by Large Language Model (LLM) tools like ChatGPT, but if you
really want to be methodical about testing and experimenting, why get tangled in the cloud?
Ollama lets you run LLMs locally on a home computer.
On the DVD: Debian 12.6 and Clonezilla 3.1.3-16

#286/September 2024
Git Ready
The Git version control system is an integral part of the Linux environment. If you’re looking
for a better foundation in Git, or if you already know the basics and are ready to start building
Git into your own custom apps, we’ll make you Git ready.
On the DVD: openSUSE Leap 15.6 and Tails 6.4

#285/August 2024
Kernel Expoilts
Is Linux secure? Only if you keep up with the patches. This month we take a close look at how
intruders attack unsafe versions of the Linux kernel through known and well-publicized exploits.
We’ll show you how to set up your own out-of-date kernel to practice on, and we’ll introduce
you to some of the tools and techniques attackers use to gain root access.
On the DVD: AlmaLinux 9.4 Boot DVD and Fedora Workstation 40 Live

#284/July 2024
Laptop Security
In the scary world of the Internet, “more secure than Windows” still isn’t secure enough. If
you want to keep your traveling systems safe from the clutches of the espionage economy,
you’ll need some extra help. We show you how to outfit your laptop with the extra defenses
you’ll need for life on the road.
On the DVD: Ubuntu Budgie 24.04 LTS and Rescuezilla 2.5

#283/June 2024
AI Tools
Everyone is fascinated with AI right now, but at the end of all the articles and interviews and
research, it is fair to ask, what can I do with it really? This month we highlight some AI-based
tools that will help you build your own chatbot, sharpen photo images, and more.
On the DVD: Nobara 39 and Manjaro 23.14 Gnome

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 95


SERVICE
Events

FEATURED EVENTS
Users, developers, and vendors meet at Linux events around the world.
We at Linux Magazine are proud to sponsor the Featured Events shown here.
For other events near you, check our extensive events calendar online at
https://www.linux-magazine.com/events.
If you know of another Linux event you would like us to add to our calendar,
please send a message with all the details to [email protected].

FOSDEM 2025 State of Open Con 2025 KickStart Europe


Date: February1-2,2025 Date: February 4-5, 2025 Date: February 4-5,2025
Location: Brussels, Belgium Location: Brussels, Belgium Location: Amsterdam, Netherlands
Website: https://fosdem.org/2024/ Website: https://stateofopencon.com/ Website: https://www.kickstartconf.eu/
FOSDEM is a free event for software Save the date for the UK’s open KickStart Europe is the Annual Strategy &
developers to meet, share ideas, and technology conference focused on open Networking conference on trends and
collaborate. Every year, thousands of source software, open hardware, open investments in tech and digital
developers of free and open source data, open standards, and AI openness. infrastructure. By bringing together an
software from all over the world gather SOOCon provides an opportunity for array of industry professionals at the start
at the event in Brussels. You don't need people to come together and have a joint of the year, KickStart Europe helps to
to register. Just turn up and join in! learning experience with some of the explore the emerging trends and
world’s leading open source experts. technology shaping the digital industry
and digital infrastructure of cloud,
nnectivity and data centers.

Events
SC24 Nov 17-22 Atlanta, Georgia https://sc24.supercomputing.org/
Open Source Monitoring Conf. Nov 19-21 Nuremberg, Germany https://osmc.de/
PyCon AU 2024 Nov 22-26 Melbourne, Australia https://2024.pycon.org.au/
Cephalocon Dec 4-5 Geneva, Switzerland https://events.linuxfoundation.org/cephalocon/
Open Source Experience Dec 4-5 Paris, France https://dev.events/conferences/
open-source-experience-3nlxf4ch
KubeCon + CloudNativeCon Dec 11-12 IndiaDelhi, India https://events.linuxfoundation.org/
CodeMash Jan 14-17 Sandusky, Ohio https://codemash.org/
FOSDEM 2025 Feb 1-2 Brussels, Belgium https://fosdem.org/2024/
State of Open Con '25 Feb 4-5 London, United Kingdom https://stateofopencon.com/
Kickstart Europe 2025 Feb 4-5 Amsterdam, Netherlands https://www.kickstartconf.eu/
SCaLE 22x March 6-9 Pasadena, California https://www.socallinuxexpo.org/scale/22x/
FOSS Backstage March 10-11 Berlin, Germany https://25.foss-backstage.de/
SUSECON 25 March 10-14 Orlando, Florida https://www.suse.com/susecon/event-details/
CloudFest 2025 March 17-20 Europa-Park, Germany https://www.cloudfest.com/
Images © Alex White, 123RF.com

KubeCon + CloudNativeCon April


Apr 1-4
1-4 London, United Kingdom https://events.linuxfoundation.org/
Europe 2025
PyCon US 2025 May 14-22 Pittsburgh, Pennsylvania https://www.python.org/events/python-events/1507/
Open Source Summit June 23-25 Denver, Colorado https://events.linuxfoundation.org/
North America
Linux Security Summit June 26-27 Denver, Colorado https://events.linuxfoundation.org/
North America

96 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


SERVICE
Contact Info / Authors

Contact Info
Editor in Chief
Joe Casad, [email protected]
WRITE FOR US
Linux Magazine is looking for authors to write articles on Linux and the tools of
Associate Editor
the Linux environment. We like articles on useful solutions that solve practical
Amy Pettle
problems. The topic could be a desktop tool, a command-line utility, a network
Copy Editor
Aubrey Vaughn monitoring application, a homegrown script, or anything else with the potential
News Editor to save a Linux user trouble and time. Our goal is to tell our readers stories they
Jack Wallen haven’t already heard, so we’re especially interested in original fixes and hacks,
MakerSpace Editor new tools, and useful applications that our readers might not know about. We
Hans-Georg Eßer also love articles on advanced uses for tools our readers do know about – stories
Managing Editor that take a traditional application and put it to work in a novel or creative way.
Lori White
We are currently seeking articles on the following topics for upcoming cover
Localization & Translation
Ian Travis themes:
Layout • Cool Rasp Pi Projects
Dena Friesen, Lori White • Linux Shortcuts and Hacks
Cover Design • System Rescue
Lori White
Cover Image Let us know if you have ideas for articles on these themes, but keep in mind that
© pitinan and raptorcaptor, 123RF.com our interests extend through the full range of Linux technical topics, including:
Advertising • Security
Jessica Pryor, [email protected] Advanced Linux tuning and configuration

Marketing Communications
• Internet of Things
Gwen Clark, [email protected]
Linux New Media USA, LLC • Networking
4840 Bob Billings Parkway, Ste 104 • Scripting
Lawrence, KS 66049 USA • Artificial intelligence
Publisher • Open protocols and open standards
Brian Osborn
If you have a worthy topic that isn’t on this list, try us out – we might be interested!
Customer Service / Subscription
For USA and Canada: Describe your idea in 1-2 paragraphs and send it to: [email protected].
Email: [email protected]
Phone: 1-866-247-2802
(Toll Free from the US and Canada) Authors
For all other countries:
Email: [email protected] Thomas Boele 32 Andrew Malcolm 56
www.linux-magazine.com Zack Brown 12 Dave McKellar 64
While every care has been taken in the content of the
magazine, the publishers cannot be held responsible Bruce Byfield 6, 22, 38 Vincent Mealing 71
for the accuracy of the information contained within
it or any consequences arising from the use of it. The Joe Casad 3 Mike Schilli 48
use of the disc provided with the magazine or any
material provided on it is at your own risk. Mark Crutch 71 Tim Schürmann 16
Copyright and Trademarks © 2024 Linux New Media Nate Drake 82 Koen Vervloesem 26
USA, LLC.
No material may be reproduced in any form Marco Fioretti 74 Reinhard Voglmaier 42
whatsoever in whole or in part without the written
permission of the publishers. It is assumed that all Jon “maddog” Hall 73 Jack Wallen 8
correspondence sent, for example, letters, email,
faxes, photographs, articles, drawings, are supplied Rubén Llorente 88
for publication or license to third parties on a non-
exclusive worldwide basis by Linux New Media USA,
LLC, unless otherwise stated in writing.
            
Linux is a trademark of Linus Torvalds.    
        
              
All brand or product names are trademarks of their       !       

respective owners. Contact us if we haven’t credited   !"#"#  "  !#   $!  %&  !
$%%&' ( )(
  

your copyright; we will always correct any oversight.   *$%%%%)+,  (
#$&  ' (  #   " 
#$)& *' (#   ! !
Printed in Nuremberg, Germany by Kolibri Druck. ,  -% &.  & /"
#$+&  " ,  -  .    
0 1.   ,++&%% *2 3 45  *    
Distributed by Seymour Distribution Ltd, United !6 6 %73(8- !8 3& 82-!"9 #$/&    "   ! !
#

0 1.   ,++&%% *: +' & &% &; & 6% %%
Kingdom 45  *%)&
"   , #   ""
0, # 

!6 6 %73(8- !8 3& 82-!" $& ' ( " !
Represented in Europe and other territories by:
" 1% +0 1.   ,++&%%% *%)&8 $)&*' ( ! !
Sparkhaus Media GmbH, Bialasstr. 1a, 85625 <+ &8 +  <+ &
$+&    "   ! !
Glonn, Germany. 6& 4% & 8!6 6 %73(8- !8 3& 82-
$/&0, #    ! !
!"
Linux Magazine (Print ISSN: 1471-5678, Online = 0 % +8!6 6 %73(8- !8 3& 82-!" "  0, #  " !
 &>) 8!6 6 %73(8- !8 3& 82-!"
ISSN: 2833-3950, USPS No: 347-942) is published !43 & 3+ ?-,808!6 6 %73(8
"  , #   !!
monthly by Linux New Media USA, LLC, and dis- - !8 3& 82-!"9- 7) +&%-. &7) %+    ! , #  !
;1:86  %% & 8; 8;&1 ( " 
tributed in the USA by Asendia USA, 701 Ashland 2 3 6 +) +&%8 &  %8 +4 )&- & (: +&%
 !
     ""@ ""@
Ave, Folcroft PA. Application to Mail at Periodicals 43   &: + &   & & * ,1   *6 +%8
 &  %8 & )&- & %  1    
Postage Prices is pending at Philadelphia, PA and  - %: %  ) ++& .& + 1 )%      
additional mailing offices. POSTMASTER: send ad-        
#"      $2&3     $21 &
dress changes to Linux Magazine, 4840 Bob Billings $%% * &0&    -. 1&!
"   , # $20&3     $21 &
$ & *( )   * &1  *& %)+  )%* &1% & +
Parkway, Ste 104, Lawrence, KS 66049, USA. 1. ;3 0 &786% %% &8!"#"#!    $4  -    $1##(1 55&

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 97


NEXT MONTH
Issue 290

December 6
Issue 290 / January 2024

Alternative
Office Suites
Most Linux distributions come bundled with the LibreOffice
suite, but Linux is all about choice, and a number of other
options exist in the wild. If you’re getting restless and want to
explore the contenders for word processing, accounting, and
presentations, look for next month’s issue, where we study
some of the leading office alternatives.

Also inside:
• Weather Cam
• Metadata in Digikam
• Bash Tricks for Web Maintenance
• Manage Your VPNs with WireGuard Easy
• And much more!
Please note: Articles could change before the next issue.

BE THE FIRST TO SEE WHAT'S NEXT


Image © gerain0812, 123RF.com

The Linux Magazine Preview is a monthly


email newsletter that gives you a sneak
peek at the next issue, including links to
articles posted online.
Sign up at: https://bit.ly/Linux-Update

98 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

You might also like