Linodas: Exploring a

DV S I D
IN
+

D E
Linux ransomware tool

ISSUE 289 – DECEMBER 2024

Coding
with
Save time with AI-assisted
programming

changedetection.io: Find Anki: Add audio and

out when a website updates video to your flashcards
Web Tricks: Add custom Retro-Gaming: Resurrect
features to a web page your favorite game from
with Tampermonkey an old CD
File Sharing Off the Grid: FABULOUS
Set up a Pi Zero as a hotspot 10 FOSS FINDS!
W W W. L I N U X - M A G A Z I N E . C O M
 EDITORIAL
Welcome

THANKS FOR ALL

THE ALLITERATION
Dear Reader,
“We should try to work with these guys. They are just or bank loan officer. Luckily, Shuttleworth was spending
getting started, but I think they might be going places, and his own money, so he could chase his zero-cost vision.
it will be good to make the connection.” These were the The fact that Ubuntu was always all free bought them a lot
words of Brian, my publisher, 20 years ago, when talking of credit with the community. Ubuntu has always had an
about an upstart new Linux that had recently appeared on ear to the aesthetic of their audience, like in 2010, when
the scene. This group had a way of looking like a commu- they released their October Maverick Meerkat version two
nity, but they were strangely more organized and directed weeks early just so they could claim it appeared on 10/10/10,
than the lovable but too-often chaotic community distros a date that corresponded to the binary form of the number
of the era. And the name of this newcomer? It was so 42, which is “The Answer to the Ultimate Question of Life,
unlikely, and yet so memorable – once you heard it, you the Universe, and Everything” in the Hitchhiker’s Guide to
couldn’t forget it: Ubuntu. When you asked them what the the Galaxy.
name meant, they would say, “It sort of means togetherness,
These days Ubuntu is looking and sounding a lot more
or ‘I can be me because you are you,’ but the concept is
corporate. You might even say they sound more like Red
too beautiful to translate directly into English.” It is hard
Hat, except they aren’t like Red Hat. They still give their
to believe that it as been 20 years since the first Ubuntu
whole distribution away for free without a lot of restrictive
release. (Yes, it is also hard to believe that I’ve been doing
licensing gymnastics. They don’t seem to mind when
this job for 20 years, but seriously, I had just started
other developers take their code and adapt it into other
when this happened – I guess that means this is my 20th
distros. And they still put out a sensible, stable Linux that
anniversary also.)
provides everything most users need without feeling clut-
There was so much excitement about Ubuntu in those first tered. If you want a lighter version, try Lubuntu or
few years. Although they were owned and backed by a Xubuntu, and if you’re looking for a different look and feel,
for-profit company, a lot of volunteers were working for try one of the other Ubuntu “flavors” based on alternative
them for free just for the chance to be part of something. desktops. (The KDE-based Kubuntu is included on this
But honestly, they didn’t act like a for-profit company. month’s DVD.)
They gave their full distribution away – not a scaled-down
I want to celebrate Ubuntu and thank them for the care
“community edition.” They flew volunteers to exotic
and excellence they’ve brought to the Linux community
meetups in cool European cities. And they really dreamed
through the years. And a special
big. I think they truly wanted to be as ubiquitous as
nod to Brian, who was right 20
Windows. They even had a crowd-funding effort to
years ago: They really were
launch a mobile phone project at one point, with the
going places. Good insight
dream of converging phone and PC technology.
Brian…I guess that’s why
We really did work with them, especially in those early you’re the publisher….
years. We were one of the first to distribute their DVD as
a covermount, and our very first special edition was an
Ubuntu special.
At the time Ubuntu and its parent company Canonical
appeared on the scene, several other Linux companies Joe Casad,
were vying for a piece of the Linux market. Most of these Editor in Chief
companies – Xandros, Linspire, and other names of the
past – had the general idea that, if Microsoft could charge
$250 for Windows, we ought to be able to charge at least
$25 for a fully operational and well-integrated version of
Linux. When I interviewed Ubuntu founder and self-de-
scribed “benevolent dictator” Mark Shuttleworth years
ago, he told me he had always believed the competitive
pressures of the Linux market would mean that these for-
profit distros would be in a “race to zero,” so he decided
he might as well start out at zero and build his business
model around it – a brilliant move, as it turns out, but not
one he could have easily explained to a venture capitalist

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 3

 DECEMBER 2024
ON THE COVER
26 changedetection.io
This cool tool will keep an eye on a web page
and alert you to changes.
32 Linodas
Do you think Linux is immune to ransomware?
We take you inside the Linux version of the
illusive DinodasRAT attack.
42 Tampermonkey
Many users don’t realize you can modify web
content on the fly as your browser reads it.
We’ll show you how.
NEWS
8 News
• The Gnome Foundation Struggling to Stay Afloat
• Thousands of Linux Servers Infected with Stealth Malware
Since 2021
• Halcyon Creates Anti-Ransomware Protection for Linux
• Valve and Arch Linux Announce Collaboration
• OSI and LPI Form Strategic Alliance
• AlmaLinux Unveils New Hardware Certification
Process
• Wind River Introduces eLxr Pro Linux Solution
• Juno Tab 3 Launches with Ubuntu 24.04
12 Kernel News
This month in Kernel News, Zack reports on when the
process is the feature.
COVER STORY
16 Write Code with AI
Artificial intelligence is increasingly supporting
programmers in their daily work. How effective are these
tools? What are the dangers? And how can you benefit
from AI-assisted development today?
REVIEW
22 Distro Walk – ArcoLinux
ArcoLinux, an Arch derivative, offers easier installs while
educating users about Arch Linux along the way.
4 DECEMBER 2024 ISSUE 289
64 Off-Grid File Sharing
You don’t need the Internet to share files. The next
time you’re off grid, stay connected using ownCloud
and a battery-powered Raspberry Pi Zero.
74 Anki
Part of training is memorization, and flashcards
are a popular tool for memorizing facts. We
introduce you to an app that lets you integrate
audio and visual cues into the flashcard format.
88 Legacy Video Games
You’ve kept those classic video game CDs from
your childhood in a drawer for all these years.
Isn’t it time you did something with them?
IN-DEPTH
26 Web Page Monitoring
Do you want an alert when a product is back in stock at your
favorite online store? With changedetection.io, you can stay
up-to-date on website changes.
32 Linodas
Cybercriminals are increasingly discovering Linux and
adapting malware previously designed for Windows
systems. We take you inside the Linux version of a famous
Windows ransomware tool.
38 Command Line – zoxide
Zoxide, a modern version of cd, lets you navigate long
directory paths with less typing.
42 Tampermonkey
Even small changes in a web page can improve the browsing
experience. Your preferred web browser provides all the tools
you need to inject JavaScript to adapt the page. You just
need a browser with its debugging tools, some knowledge
of scripting, and the browser extension Tampermonkey.
48 Programming Snapshot – Go Interfaces
Using the Go Interface mechanism, Mike demonstrates its
practical application with a refresh program for local
copies of Git repositories.
95 Back Issues 97 Call for Papers
96 Events 98 Coming Next Month
LINUX-MAGAZINE.COM
16 Coding with AI
Futurists predict a day when
computers will write the
computer programs. Are we there 71 Welcome
already? This month we separate This month in Linux Voice.

fact from hype to examine some 73 Doghouse – Stakeholders

of the popular AI-based coding The stakeholder approach of open source broadens
tools and explore what they can the pool of who can access, influence, and benefit
from information technologies.
(and can’t) do well.
74 Anki
Flashcards are a fast and effective way to memorize

MakerSpace
56 Embedded Rust
Rust, a potential successor to C/C++, claims to solve some
memory safety issues while maintaining high performance.
We look at Rust on embedded systems, where memory
safety, concurrency, and security are equally important.
pertinent facts for your next exam. Anki takes this
time-honored trick in a direction you never could
have imagined in the days of those classic 3x5 cards.
82 FOSSPicks
Nate explores some top FOSS tools, including the latest
Gnome desktop, a slick 3D model viewer, LibreQuake, a
neat currency converter, and much more.

64 Off-Grid File Sharing 88 Tutorial – Legacy Video Games

A battery-powered WiFi hotspot can provide useful services People born in the late ’80s and early ’90s often have
like file sharing even when you're off a sizeable collection of old video games gathering dust
the grid. A Pi Zero 2 W as the at home. Systems capable of executing these are,
hotspot with ownCloud however, becoming scarce. This article explores the
installed does the trick. options for archiving old PC games and
running them on modern systems.

@linux-magazine.com

@linux_pro
TWO TERRIFIC DISTROS
@linuxpromagazine
DOUBLE-SIDED DVD!
Linux Magazine SEE PAGE 6 FOR DETAILS

@linuxmagazine

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 5

DVD
This Month’s DVD

Kubuntu 24.10 and Kali Linux 2024.3

Two Terrific Distros on a Double-Sided DVD!

Kubuntu 24.10 Kali Linux 2024.3

“Oracular Oriole”
64-bit
Kubuntu 24.10, codenamed Oracular Oriole, is the
newest release of the popular KDE-based Ubuntu flavor
known as Kubuntu. The latest edition, which ships with
Linux kernel 6.11, will receive nine months of full support
until the next long-term support release in April 2025.
The new Kubuntu comes with the KDE Plasma 6.1
desktop, KDE Frameworks 5.116 and 6.6.0, and “many
updated KDE Gear applications.” The latest release is the
next step in the developers’ quest to replace the ancient
X11 graphics system with the more recent Wayland
compositor. In the new edition, Wayland is the default,
although X11 is still available as an option.
Plasma 6.1 comes with a new option for easy remote
access to other Plasma desktops. Also included are
enhanced capabilities for screen locking and desktop
customization. A new experimental feature called
“permissions prompting” offers “fine-grained control
over Snap applications permissions.”
64-bit
Based on Debian, Kali Linux is a security-directed
distribution. It is a popular choice for forensics,
penetration testing, and reverse engineering. Kali
Linux 2024.3 is the third release of the year.
The focus of Kali Linux 2024.3 is the update and
optimization of programming tools, including the
documentation. However, the release notes also
highlight what is not included because the update
and optimization are taking weeks to complete. An
important feature still to come is Python 3.12, whose
exclusion has also blocked other packages (for details,
see https://www.kali.org/blog/kali-linux-2024-3-release/).
If a temporarily excluded package interests you, check
the weekly updates to see if it is now available.

Defective discs will be replaced. Please send an email to [email protected].

Although this Linux Magazine disc has been tested and is to the best of our knowledge free of malicious software and defects, Linux Magazine
cannot be held responsible and is not liable for any disruption, loss, or damage to data and computer systems related to the use of this disc.

6 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 NEWS
Updates on technologies, trends, and tools
THIS MONTH’S NEWS
08 • The Gnome Foundation
Struggling to Stay Afloat
• Thousands of Linux
Servers Infected with
Stealth Malware Since
2021
09 • Halcyon Creates Anti-
Ransomware Protection
for Linux
• Valve and Arch Linux
Announce Collaboration
• More Online
10 • OSI and LPI Form Strategic
Alliance
• AlmaLinux Unveils New
Hardware Certification
Process
11 • Wind River Introduces
eLxr Pro Linux Solution
• Juno Tab 3 Launches with
Ubuntu 24.04
8 DECEMBER 2024 ISSUE 289
The Gnome Foundation Struggling to Stay Afloat
The Gnome Foundation has announced changes are underway due to some serious
financial issues (https://foundation.gnome.org/2024/10/07/update-from-the-
board-2024-10/ ). Their current budget was approved on October 1, and they have
been forced to make some very tough decisions to ensure long-term sustainability.
Those decisions include layoffs, most notably Caroline Henrikson, Creative Director,
and, Melissa Wu, Director of Community Development. The foundation also indicated
that, unless more funds are secured, they will have to make serious changes in how
they market, fundraise, and even attend events.
One area that did not see cuts is Gnome’s two major conferences, Gnome
Asia and GUADEC. Fortunately, these events are backed by corporate sponsorship,
so they have been spared (for the time being). The Gnome Foundation internship
programs and the group’s participation in Google Summer of Code are also not
impacted by the current cuts.
Part of the reason for these cuts is that the Gnome Foundation had been living off
a surplus of funds, but those funds dwindled until, in April 2024, Robert McQueen
(Gnome Foundation president) announced that the surplus was gone.
At the time of writing, the Gnome Foundation is currently searching for a new
executive director.
The Gnome Foundation is asking for community support by way of volunteering,
idea sharing, and donations (https://www.gnome.org/donate/ ).
Thousands of Linux Servers Infected with
Stealth Malware Since 2021
A strain of malware has been exploiting misconfigurations on Linux servers since
2021 and has been found to be quite challenging to remove. The malware has been
dubbed perfctl and, as you might expect, mines cryptocurrency.
The developers of this malware are as of yet unknown. They have created a mali-
cious piece of software that uses processes and file names that are either identical
or very similar to those already found in Linux environments.
To keep itself hidden, perfctl uses several tricks, one of which is to install many of
its components as rootkits, which by nature are harder to detect. Perfctrl also stops
all easily detected activities when a user logs in, uses a Unix socket over Tor for
communication, deletes the installation binary after the service is up and running,
manipulates the pcap_loop process by way of hooking to obfuscate the malware,
and suppresses error messages to avoid warnings during execution.
In regards to perfctl, Assaf Morag, a researcher for Aqua Security, said, “The main
impact of the attack is resource hijacking. In all cases, we observed a monero cryp-
tominer (XMRIG) executed and exhausting the server’s CPU resources. The
LINUX-MAGAZINE.COM
 NEWS
Linux News

cryptominer is also packed and encrypted. Once unpacked and decrypted it

communicates with cryptomining pools.” Morag continues, “To detect Perfctl MORE ONLINE
malware you look for unusual spikes in CPU usage, or system slowdown if the
rootkit has been deployed on your server. These may indicate cryptomining
activities, especially during idle times,” (https://www.aquasec.com/blog/perfctl-a- Linux Magazine
stealthy-malware-targeting-millions-of-linux-servers/ ). www.linux-magazine.com
To mitigate against perfctl, you should make sure all Linux servers are patched
for all known vulnerabilities, set noexec on /tmp and /dev/shm, disable unused ADMIN HPC
services, implement strict privilege management, isolate critical servers from the http://www.admin-magazine.com/HPC/
Internet or use firewalls to restrict outbound communication, and deploy runtime TUI Tools for Containers
protection. • Jeff Layton
Text-based user interface tools for a
development container.
Halcyon Creates Anti-Ransomware
Protection for Linux ADMIN Online
http://www.admin-magazine.com/
Halcyon’s goal is to defeat ransomware, and on October 1, the company announced A Feature-Rich Drop-In Replacement for
the general availability of Halcyon Linux. This new product offers protection against Microsoft Exchange
ransomware attacks targeting Linux systems. • Markus Feilner
According to Cynet, Linux ransomware attacks increased by 75 percent in 2023 Grommunio is a completely open source
and are expected to continue to climb as more bad actors target Linux deployments and fully compatible drop-in replacement
(https://www.cynet.com/ransomware/linux-ransomware-attack-anatomy-examples- for Microsoft Exchange that uncouples your
and-protection/ ). company from Microsoft's cloud strategy and
The Cynet report states, “While Linux ransomware only represents a small share its severe security and data protection issues.
of cyberattacks, there are several reasons to be concerned. As a Linux user, you Manage Software Apps Publicly and Privately
must not overlook ransomware even if it is not yet common on Linux-based sys- • Kevin Wittmer
tems. While Windows is the favorite for desktops, Linux dominates the market The WinGet client for the Windows Package
for supercomputers and servers. The Linux computing market is projected to Manager improves the software installation
grow to $22 billion by 2029.” experience for administrators, developers, and
To combat that, Halcyon Linux is powered via the Halcyon Anti-Ransomware users and provides a way to create and share
Platform and secures Linux-based systems with real-time visibility and detections, software in the WinGet package format for
integrated ransomware response, data exfiltration prevention, efficient performance, publishing to public and private repos.
cross-platform coverage, and 24/7/365 security analyst monitoring. RFID Technologies and Risks
Jon Miller, CEO and co-founder of Halcyon says of the new solution, “The fact • Tam Hanna
that Linux systems usually are always on and available means they provide the We look at various approaches to RFID asset
perfect beachhead for establishing persistence and moving laterally in a targeted tracking, provide an understanding of the
network, and they can be leveraged for data theft where the exfiltration is easily technologies and challenges involved, and
masked by normal network traffic.” cover some of the potential attack vectors.
Miller continues, “As more ransomware operators are developing the capability
Artificial Admin
to target Linux systems alongside Windows, it is imperative that organizations have
• Martin Loschwitz
the ability to keep pace with the expanded threat.”
AIOps brings artificial intelligence tools
At the moment, there is no indication about the pricing of the new platform, but into everyday administrative work, with
you can request a solutions brief at https://www.halcyon.ai/anti-ransomware/linux AI-supported automation of some admin
and a demo at https://www.halcyon.ai/get-a-demo. responsibilities.

Valve and Arch Linux Announce Collaboration

Arch Linux recently announced that it would be part of a collaboration with Steam
for two major projects. The projects in question are a build service infrastructure and
a secure signing enclave.
According to the Arch news release, “This opportunity allows us to address some
of the biggest outstanding challenges we have been facing for a while. The collabo-
ration will speed up the progress that would otherwise take much longer for us to
achieve and will ultimately unblock us from finally pursuing some of our planned
endeavors. We are incredibly grateful for Valve (https://www.valvesoftware.com/en/ )
to make this possible and for their explicit commitment to help and support
Arch Linux.”
The secure signing enclave is intended for the Arch team to use to sign packages
with a single signing key, instead of the current process (one person key per package).

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 9

NEWS
Linux News

Essentially, this collaboration will make it considerably easier for Arch Linux devel-
opers to do their jobs. Arch Linux project leader Levente Polyak stated (https://lists.
archlinux.org/archives/list/[email protected]/thread/RIZSKIBDSLY-
4S5J2E2STNP5DH4XZGJMR/ ), “These projects will follow our usual development and
consensus-building workflows. [RFCs] will be created for any wide-ranging changes.”
He continues, “Discussions on this mailing list as well as issue, milestone, and
epic planning in our GitLab will provide transparency and insight into the work. We
believe this collaboration will greatly benefit Arch Linux and are looking forward to
sharing further development on this mailing list as work progresses.”
This collaboration shouldn’t come as a surprise to anyone, given that SteamOS
3.0 is based on Arch Linux.
All projects funded by Valve will stick to Arch Linux’s development and consensus-
building workflows and will provide more transparency into the work being done.

OSI and LPI Form Strategic Alliance

During the OSPOs for Good event at the United Nations headquarters in New York City,
the Open Source Initiative (OSI, https://members.opensource.org/join/ ) and the Linux
Professional Institute (LPI, https://www.lpi.org/) confirmed a new alliance to address the
growing demand for employability from public and private organizations worldwide. This
will bring the two groups together to collaborate on technical education projects aimed
at increasing professional growth for both Linux and open source technologies.
The agreement bolsters LPI’s professional certification by ensuring that open
source licenses meet open source software requirements, and encouraging mem-
bers of the public to participate in the development and maintenance of open source
projects and achieve certifications.
This coming together will also help both LPI and OSI financially, because it means
they will be eligible to receive certain discounts and exclusive opportunities. However,
more importantly, both organizations will collaborate on initiatives that strengthen
the Linux and open source ecosystems.
According to Stefano Maffulli, Executive Director at OSI, “The global open source
movement has generated immeasurable economic value, yet the movement has
never been in greater need of educated professionals to drive the next leap forward
in open source understanding, innovation, and adoption.” Maffulli continues, “OSI
exists to both promote the Open Source Definition and to encourage the growth of
open source communities around the world. This partnership with LPI is one in a se-
ries of initiatives that will increase accessibility to the certifications and community
participation that open source needs to thrive.”
G. Matthew Rice, Executive Director at LPI, had this to say of the alliance: “It is
our mission to promote the use of open source by supporting the people who work
with it. A closer relationship with OSI makes a valuable contribution to this effort.
We are excited to open up new opportunities for people around the world – personally,
professionally, and in their communities.”

AlmaLinux Unveils New Hardware

Certification Process
If you’re looking for a new enterprise-grade server operating system and are con-
cerned about hardware compatibility, AlmaLinux offers a new certification process.
This new program will verify and certify hardware for the AlmaLinux OS.
Get the latest news The certification process is broken down into four steps:
• Submission of hardware for testing
in your inbox every • Rigorous testing by AlmaLinux or an authorized partner
week • Issuance of certification upon successful completion of tests
• Listing of certified hardware in AlmaLinux’s official catalog
Subscribe FREE There are also two certification levels:
to Linux Update • AlmaLinux Compatible: This is the basic level and confirms that the hardware
bit.ly/Linux-Update functions correctly with AlmaLinux OS.

10 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 NEWS
Linux News

• AlmaLinux Certified: This is a more rigorous certification process that

guarantees the hardware works and meets performance and reliability
standards.
According to benny Vasquez, chair of the AlmaLinux OS foundation, “The creation
of the Certification SIG and the program around it illustrates that AlmaLinux continu-
ally empowers its community and enables action based on the feedback from users
all around the world.” She continues, “Our users depend upon and appreciate the
interactive approach to governance that leads to ongoing advancements in the com-
munity. We’re committed to providing a clear and consistent path toward hardware
certification.”
For those who are concerned that the process will take an extended period, the
new AlmaLinux Hardware Certification takes just days to complete. To do this, the
process leverages an open source certification toolkit, developed by AlmaLinux OS
Foundation, that is built upon various open source hardware and software testing
projects and tools.
Read more about the new certification on the official AlmaLinux Hardware
Certification page: https://almalinux.org/certification/hardware-certification.

Wind River Introduces eLxr Pro Linux Solution

By delivering expert commercial support for the Debian-based open source eLxr
project (https://www.linux-magazine.com/Online/News/Debian-Based-eLxr-Distribution-
Announced-for-Edge-Deployments/(language)/eng-US), Wind River helps organizations
manage critical workloads across distributed environments with new levels of
efficiency and scalability.
This platform “empowers enterprises to adopt scalable, secure, and reliable Linux
solutions for cloud-to-edge deployments” with features such as:
• upstream-first approach: fully aligns with Debian’s open governance, ensuring
a free operating system that preserves software freedom
• cloud-native-ready: optimized for containerized workloads and supported
across a range of modern runtimes
• security-first: continuous security monitoring throughout package lifecycle
The open source eLxr project provides a secure and stable Linux distribution for
near-edge networks and workloads. And, as a founding member and leading contrib-
utor to the eLxr project (https://www.windriver.com/blog/Enriching-the-Edge-Cloud-
Continuum-with-eLxr), Wind River provides customers with comprehensive lifecycle
support to ensure your “Linux platform is always secure, up-to-date, and backed by
dedicated Wind River experts.”
Read more at Wind River: https://www.windriver.com/products/elxr-pro.

Juno Tab 3 Launches with Ubuntu 24.04

With a price of $699, the Tab 3 might be more expensive than the average Android
tablet, but you’d be hard-pressed to find a better option if you want a full-blown
Linux experience in tablet form.
The Juno Tab 3 is available with either the Debian-based Mobian Linux, Ubuntu
24.04, or Kubuntu 24.04. The specs include an Intel Alder Lake-N Celeron N100 CPU
with 4 cores, 4 threads, and a 1.10GHz clock speed (or 3.40GHz with Turbo); an Intel
UHD GPU; a 12.1" anti-glare IPS capacitive touch display at 2K 2160×1440, 60Hz
refresh rate, and 270min/330typ cd/ ; 16GB of RAM, WiFi 6; Bluetooth 5.0; a 2MP
front cam and 3.7MP rear cam; a 512GB SSD; and a 5000 mAh 38Wh 7.6V battery
with a 36W charger.
As far as ports are concerned, the Tab 3 offers plenty, with 1 micro SD, 1 micro
HDMI, 1 USB-C 3.1, 1 USB-C 3.1 with support for charging and video out, one
1.35mm DC, and one headphone jack.
You can bump up the storage to 1TB for $722 or up to 2TB for $799.
The Tab 3 is available to purchase now from the Juno Computers online store and
typically ships within 4-7 business days: https://junocomputers.com/us/product/
juno-tab-3/.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 11

NEWS
Kernel News
Zack’s Kernel News
Chronicler Zack Brown reports
on the latest news, views,
dilemmas, and developments
within the Linux kernel
community.
By Zack Brown
Author
The Linux kernel mailing list comprises
the core of Linux development activities.
Traffic volumes are immense, often
reaching 10,000 messages in a week, and
keeping up to date with the entire scope
of development is a virtually impossible
task for one person. One of the few brave
souls to take on this task is Zack Brown.
12 DECEMBER 2024 ISSUE 289
When the Process Is the
Feature
The Linux kernel development process
has undergone many changes through
the years. Linus Torvalds was the first to
understand how to run an open source
project. The GNU General Public License
(GPL) had existed for years, but the GNU
projects that used it were isolated, and
potential contributors were largely
turned away. Linus’s great innovation
was to encourage people of all skill lev-
els to chip in, resulting in such an in-
crease of development speed that pretty
soon the entire open source world burst
into existence. The Linux kernel was re-
ally where all of that started.
Since then, the kernel development
process has followed its own evolu-
tionary processes, with subsystem
maintainers feeding patches for inclu-
sion in the source tree up through
highly trusted “lieutenants” to Linus.
At a certain point, Linus also switched
from simply releasing new versions of
the kernel to using actual revision con-
trol, first the proprietary BitKeeper tool
and then Git, which Linus wrote himself
specifically to deal with the BitKeeper
owner revoking permission to use the
tool.
Among the many changes to kernel
development over the years, one of the
thorniest has been the struggle to bal-
ance stability with new development. It
seems to be widely accepted wisdom
that developers much prefer writing
new features than stabilizing and main-
taining those features over the long
term. Linus tried several approaches to
solving this dilemma. At one point, he
alternated between a very long develop-
ment cycle and a very long stabilization
cycle. But the period of stabilization
was quite painful for many, and he it-
erated quite a bit on finding a better
method.
His current approach involves each
kernel version having its own short
window of time for receiving new fea-
tures, followed by a series of “release
candidates” that in principle become
more and more stable, and then finally
he releases the new kernel version,
and the cycle begins again. These rela-
tively short cycles allow developers to
enjoy the fun part of development
while still taking the time to stabilize
their work and make it more reliable
for end users.
Recently during the Kernel’s usual
stabilization phase, Kent Overstreet,
the main developer of the bcachefs
filesystem, submitted a very big patch
for bcachefs. This is a new filesystem
that Linus accepted into the source tree
in 2024, although it is still flagged in
the kernel as being an experimental
feature.
Kent’s patch fixed a bunch of small
bugs, but then went on to do some more
major changes, which had originally
been intended for the next kernel’s
“merge window” (the time when new
features would be acceptable). Kent sent
them in this patch because he felt they
were important. However, Linus did not
like his approach.
Linus replied to his patch, saying:
“No, enough is enough. The last pull
was already big.
“This is too big, it touches non-
bcachefs stuff, and it’s not even remotely
some kind of regression.
“At some point ‘fix something’ just
turns into development, and this is that
point.”
Linux went on to say, “Nobody sane
uses bcachefs and expects it to be sta-
ble, so every single user is an experi-
mental site.” He concluded, “The
bcachefs patches have become these
kinds of ‘lots of development during
the release cycles rather than before
it’, to the point where I’m starting to
regret merging bcachefs. If bcachefs
can’t work sanely within the normal
upstream kernel release schedule,
maybe it shouldn’t *be* in the normal
upstream kernel.”
Kent, maybe feeling a bit blindsided
by Linus’s comments, strongly de-
fended the strengths of bcachefs. He
said, “Universal consensus has been
LINUX-MAGAZINE.COM

that bcachefs is _definitely_ more
trustworthy than brtfs, in terms of ‘will
this filesystem ever go unrecoverable or
lose my data’ – I’ve seen many reports
of people who’ve put it through the
same situations where btrfs [fails]. I’ve
ever seen people compare bcachefs’s
robustness in positive terms vs. /xfs/;
and that’s the result of a *hell* of a lot
of work with the #1 goal of having a
robust filesystem that _never_ loses
data.”
Although in the next breath, he did
add a public disclaimer: “Please don’t
rush out and switch to bcachefs just
yet. I still have a backlog of bugs and
issues – some of them serious, as in
your filessystem will go emergency
read only – and I don’t want people
getting bit. There’s still a ton to do; I’m
not taking EXPERIMENTAL off until at
least the fuzz testing for on disk cor-
ruption is in play.”
Kent also defended his work ethic
and development practices, saying,
“Look, I’ve been doing this for a long
time, I’ve had people running my code
in production for a long time, and I’m
working with my users on a daily basis
to address issues. I don’t throw code
over the wall; I do everything I can to
support it and make sure it’s working
well.” He added, “when I ship code,
I’m _always_ weighing ‘how much do
we want this’ vs. ‘risk of regression/
risk in general’ – I’m not just throwing
out whatever I feel like.”
Kent went on to say, “Look, this is the
filesystem you’re all going to want to be
running in – knock on wood – just a
year or two, because I’m working to
make it more robust and reliable than
xfs and ext4 (and yes, it will be).”
However, in terms of bcachefs’s reli-
ability, Linus replied plainly:
“I’ll believe that when there are major
distros that use it and you have lots of
varied use.
“But it doesn’t even change the issue:
you aren’t fixing a regression, you are
doing new development to fix some old
problem, and now you are literally edit-
ing non-bcachefs files too.
“Enough is enough.”
This attitude seemed to perplex Kent.
He replied:
“What is to be gained by holding back
fixes, if we’ve got every reason to believe
that the fixes are solid?
LINUX-MAGAZINE.COM
NEWS
Kernel News
“And yes, these _are_ solid, the
rhashtable stuff was done months ago
(minus the deadlock fix, that’s more re-
cent), and the rcu_pending stuff was
mostly done months ago as well, and
_heavily_ tested (including using it as re-
placement backend for kvfree_rcu, which
is the eventual goal there).
“And the genradix code is code that I
also wrote and maintain, and those are
simple patches.”
To which Linus merely quipped,
“What is to be gained by having release
rules and a stable development environ-
ment? I wonder.”
Linus then replied to his own quip a
few minutes later, saying:
“But seriously – thinking that ‘I
changed a thousand lines, there’s no
way that introduces new bugs’ is the
kind of thinking that I DO NOT WANT
TO HEAR from a maintainer.
“What planet ARE you from? Stop
being obtuse.”
Kent replied, “I’m not sending you
anything here that isn’t a fix for a real
issue.”
At this point, stepping back for a mo-
ment, Linus offered a more thorough
explanation of his thinking:
“Kent, bugs happen.
“The number of bugs that happen in
‘bug fixes’ is in fact quite high. You
should see the stable tree discussions
when people get heated about the re-
gressions introduced by fixes.
“This is, for example, why stable has
the rule of fixes being small (which does
get violated, but it is at least a goal: ‘It
cannot be bigger than 100 lines, with
context’), because small fixes are easier
to think about and hopefully they have
fewer problems of their own.
“It’s also why my ‘development happens
before the merge window’ rule exists.
“If you have to do development to fix
an old problem, it’s for the next merge
window. Exactly because new bugs hap-
pen. We want _stability_.
“The fixes after the merge window are
supposed to be fixes for regressions, not
‘oh, I noticed a long-standing problem,
and now I’m fixing that’.
“But obviously the same kind of logic
as for stable trees apply: if it’s a small ob-
vious fix that would be stable material
*anyway*, then there is no reason to
wait for the next release and then just
put it in the stable pile.
ISSUE 289 DECEMBER 2024 13
NEWS
Kernel News
“So I do end up taking small fixes,
because at that point it is indeed a ‘it
wouldn’t help to wait’ situation.
“But your pull requests haven’t been
‘small fixes’. And I admit, I’ve let it slide.
You never saw the last pull request, when
I sighed, did a ‘git fetch’, and went
through every commit just to see. And
then did the pull for real.
“This time I did the same. And came
to the conclusion that no, this was not a
series of small fixes any more.”
To Linus’s “bugs happen” comment,
Kent replied:
“I _know_.
“Look, filesystem development is as
high stakes as it gets. Normal kernel
development, you fuck up – you crash
the machine, you lose some work, you
reboot, people are annoyed but generally
it’s ok.
“In filesystem land, you can corrupt
data and not find out about it until
weeks later, or _worse_. I’ve got stories to
give people literal nightmares. Hell, that
stuff has fueled my own nightmares for
years. You know how much grey my
beard has now?
“Which is why I have spent many years
of my life building a codebase and devel-
opment process where I can work produc-
tively where I can not just catch but re-
cover from pretty much any fuckup
imaginable.
“Because peace of mind is priceless….”
At this point in the conversation, Carl
E. Thompson joined in, trying to bridge
the gap. He said:
“Kent, I’m not a kernel developer I’m
just a user that is impressed with
bcachefs, uses it on his personal systems,
and eagerly waits for new features. I am
one of the users who’s been using
bcachefs for years and has never lost any
data using it.
“However I am going to be blunt: as
someone who designs and builds
Linux-based storage servers (well, I
used to) as part of their job I would
never, ever consider using bcachefs pro-
fessionally as it is now and the way it
appears to be developed currently. It is
simply too much changed too fast with-
out any separation between what is
14 DECEMBER 2024 ISSUE 289
currently stable and working for cus-
tomers and new development. Your
work is excellent but *process* is
equally and sometimes even more im-
portant. Some of the other hats I’ve
worn professionally include as a lead
C/C++ developer and as a product re-
lease manager so I’ve learned from
very painful experience that large proj-
ects absolutely *must* have strict rules
for process. I’m sure you realize that.
Linus is not being a jerk about this.
Just a couple of months ago Linus had
to tell you the exact same thing he’s
telling you again here. And that wasn’t
the first time. Is your plan to just con-
tinue to break the rules and do what-
ever the heck you want until Linus
stops bothering you? I don’t think
that’s a good plan.
“Since I’m already being blunt I’m
going to be even more blunt: you have a
serious problem working with others. In
the past and in this thread I’ve read
where you seem to imply that other
kernel developers are gatekeeping and
resist some of your ideas because you’ve
created something that (in your opin-
ion) is already better in some ways than
some of things they’ve created. But from
where I’m sitting the problems you’ve
experienced are 90% because of *you*.
You’re an adult and you need to under-
stand that about yourself so you can do
something about it.”
Kent got the final word of the conver-
sation, replying:
“You guys are freaked out because
I’m moving quickly and you don’t have
visibility into my own internal process,
that’s all.
“I’ve got a test [cluster], a community
testing my code before I send it to
Linus, and a codebase that I own and
know like the back of my hand that’s
stuffed with assertions. And, the
changes in question are algorithmically
fairly simple and things that I have ex-
cellent test coverage for. These are all
factors that let me say, with confidence,
that there really aren’t any bugs in this
this pull request.
“Look, there will always be a natural
tension between ‘strict rules and
processes’ vs. ‘weighing the situations
and using your judgement’. There isn’t a
right or wrong answer as to where on the
spectrum we should be, we just all have
to use our brains.
“No one is being jerks here, Linus and
I are just sitting in different places with
different perspectives. He has a responsi-
bility as someone managing a huge proj-
ect to enforce rules as he sees best, while
I have a responsibility to support users
with working code, and to do that to the
best of my abilities.”
The discussion ended there. My own
take on the situation is that Linus gen-
erally prefers to win an argument
rather than enforce his position. He
may have a reputation for being mean
and bombastic, but I believe that look-
ing only at those snapshots tends to
miss what’s really going on. In general,
Linus loses patience when he feels the
other person has had something clearly
explained and is willfully refusing to
get the point.
So, since Kent seems to be honestly
disagreeing with Linus in this conver-
sation, I think it could go either way. I
wouldn’t be surprised if Linus, for ex-
ample, accepts another big patch from
Kent and gives him another reminder
that this needs to change. At the same
time, in this discussion, Linus did say
“enough is enough,” and that generally
indicates that he’s about to enforce the
rules. To me, it really could go either
way at this point.
Part of the problem is that many ker-
nel developers are really amazing, and
there can be a certain amount of arro-
gance that goes along with having such
amazing skills and abilities. Kent
would not be the first Linux developer
to feel that their contributions were
better and more carefully written than
other people’s and deserving of special
treatment. Part of Linus’s main discov-
ery of the principles of open source de-
velopment was to encourage people in
their contributions. In the spirit of fun,
I will say, if Linus turned developers
away simply because they were arro-
gant, he might have run out of contrib-
utors a long time ago. Q Q Q
QQQ
LINUX-MAGAZINE.COM
COVER STORY
Write Code with AI

Artificial intelligence as an aid for developers

Ghost Coder
Artificial intelligence is increasingly supporting programmers in their daily
work. How effective are these tools? What are the dangers? And how can
you benefit from AI-assisted development today? By Tim Schürmann

D
evelopers have been using artificial intelligence for suggestions while the developer is typing. The additions will
decades. Even text editors such as Kate offer syntax complete lines started by developers and typically even finish
highlighting and auto-completion. Under the hood, off whole functions. The snippets that GitHub Copilot [5]
these tools are based on pre-
defined rules. If the editor encounters
the for character string, for example, it
highlights the string in green. Modern AI
assistants are far smarter, opening up
completely new possibilities for
developers.
For instance, what happens if you
want to convert your existing program
code from C to the more modern Rust?
No problem for CodeConvert [1]. The
cloud service can translate source code
between many programming languages
(Figure 1). In addition to well-known
representatives such as Go and Python,
you can also translate code from more
exotic languages such as Ocaml, Cobol,
and Tcl. Other translators, such as Re-
fraction [2], Codeium [3], and Figstack
[4] also help you beam your code to dif-
ferent languages, but these tools can do
far more.
The translator tools use plugins to
connect to the development environ- Figure 1: In CodeConvert, you download the existing source code on
ment, monitor the programmer’s work in the left, press a button, and receive the counterpart in Rust or another
the background, and then make coding language on the right.

16 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 COVER STORY
Write Code with AI

expression from a description such as “all

valid email addresses” or deliver a match-
ing SQL query based on a paraphrased
description.

Hallucinations
If you believe the many videos and mar-
keting texts on the Internet, AI wizards
effortlessly pull complex code snippets
in countless languages out of their hats.
The providers try to outdo each other in
their claims. Refraction claims to support
56 programming languages, and Code-
ium supports more than 70. It all sounds
too good to be true. And, as anyone who
has tried out the tools in a larger project
will be aware, it often is.
The AI wizards are capable of writing
simple functions such as Bubblesort or
the Euclidean algorithm from Figure 3
quite reliably. They will even provide
new solutions or implement ideas that
Figure 2: In the Codeium Playground on the Codeium website, you can programmers might not have thought
test the AI wizard without any obligation, but only on a handful of of. However, if you need more complex
languages. code, you will often only see unusable
suggestions, some of which are not
outputs also stick to the coding conventions of the rest of the even recognizable as code (Figure 4).
document. AI coding thus goes far beyond conventional rule- Problems of this kind are due to the way the AI tools work:
based autocompletion. The source code of neural networks is generated in the back-
In order to autonomously complete a function, the wiz- ground, usually in the form of Large Language Models (LLM).
ards use the existing or surrounding code as a reference The programming wizards therefore use the same technology
point. Tabnine [6] is based on both the signature of a func- that powers ChatGPT. Unlike ChatGPT, however, the neural
tion and on a comment above it. Programmers can use hint networks are not simply trained with everyday knowledge from
lines to steer the AI to the right results. Keep in mind that Wikipedia but with existing source code. Tabnine and some of
many providers don’t bother describing the working meth- its competitors also offer to customize the resulting models for
ods of their AI tools. In the case of Codeium (Figure 2), for their customers. To do this, they train their models with the
example, it is unclear which lines the wizard takes into ac- private source code of the customer.
count when it generates code. In all cases, the neural networks will always suggest the kind
Most AI tools don’t just rewrite source code; you can also ex- of source code that they believe is most likely to match the ex-
plicitly ask them to solve a programming problem. You need to isting code. But when faced with complex code, the AI wizards
describe the task for the AI with a short sentence to immediately tend to go haywire. The resulting suggestions sometimes con-
see the matching code. For example, the AI wizards provide the sist of confusing instructions or are no longer fit for the pur-
complete code for sor algorithms or make suggestions relating to pose, although the code might require closer inspection to dis-
classes. Some tools, such as Refraction, can also derive a regular cover these issues (Figure 5).
Worse still: The generated source code can contain errors
and security vulnerabilities, for example, if the AI recom-
mends the use of an outdated API. The self-confidence that

Figure 3: Codeium completing the function for calcu- Figure 4: In other cases, there are either no sugges-
lating the greatest common divisor. tions or meaningless ones.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 17

COVER STORY
Write Code with AI

significantly more source code in C than

in less popular languages such as D or
Cobol. Thanks to the AI wizards’ greater
knowledge of C, the wizards can create
far more complex code in the C language,
whereas even simple situations in D will
lead to nonsensical solutions.
The various quirks of the leading AI
development tools mean that developers
walk away with widely differing experi-
ences. Some programmers no longer want
to be without their AI tools, and others
find them useless. Anyone interested in
these experiences will want to take a look
at the discussions on Reddit, such as the
thread on GitHub Copilot [8].

Legal Pitfalls
Another problem with the training data is
that AI users can never be sure whether
the source code generated on demand
Figure 5: Refraction generated code: Note that Refraction’s own code violates licenses, copyrights, or even pat-
audit feature immediately criticizes several items. ents. This problem is exacerbated if the
AI simply copies code snippets from the
the wizards appear to have tempts many developers to adopt training data and passes them off as its own. According to
the code without checking it carefully. In a blog post [7], GitHub, this happens with Copilot, especially if there isn’t very
developer Marcio Frayze shows how quickly bugs can slip much code in the programmer’s editor, or if the AI is asked for
through. very common solutions, such as a bubblesort algorithm. Source
code also often contains personal data, such as the email ad-
Exam Board dresses of the developers involved. Basically, this information
GitHub Copilot tries to mitigate these problems with filters. can also be found in the AI’s memory.
The filters scan the generated code snippet for common prob- GitHub tries to filter the output of email addresses, but you
lematic patterns. According to GitHub, potential problems in- can’t rule out the risk of some slipping through. And there is
clude SQL injections and hard-coded credentials. If Copilot de- duplicate detection to help prevent code copying. The GitHub
tects a problem, it blocks the suggestion or at least notifies the AI searches for the code snippet it has generated in all public
developer of the problem. Having said this, the AI wizard does GitHub repos. If it finds what it is looking for, it either blocks
not deploy any additional security measures. GitHub then rec- its proposal or reports the location and license. Developers can
ommends its other tools, such as GitHub
Advanced Security.
Programmers should always check the
auto-generated source code themselves.
GitHub Copilot and CodeConvert even
explicitly point this out in the small print
and in their FAQs. A second look is defi-
nitely recommended if a feature is still
tagged as beta or even experimental,
such as the Codeium Command function
in Codeium, which generates code that
matches a natural language description.
The quality of the suggestions largely
depends on the wizard’s knowledge base
and therefore on the training data. But
where the data comes from remains a
mystery throughout. It is only rarely that
providers cite a source. The notable ex-
ceptions include Tabnine and GitHub.
Both AIs learn from the source code in Figure 6: The AIs generate documentation relatively accurately. In this
publicly accessible repositories, including example, Codeium has written a correct comment for the task of
those on GitHub. However, there is computing the greatest common divisor.

18 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 COVER STORY
Write Code with AI

Figure 7: Refraction explaining the code in the center.

then decide for themselves whether the suggested code and comment with a short, appropriate, natural-language descrip-
license are suitable for their project. tion (Figure 6). Like many other candidates, the AI developed
Despite this, some worries remain when you use Copilot. by JetBrains [9] for its IDEs also automatically writes commit
Duplicate detection only works if the code snippet exists in a texts. Although all the AI-generated texts still require a little re-
public GitHub repository, is at least 150 characters in length, work, as many developers confirm, the generated comments
and the developer is working with Visual Studio Code. In the substantially speed up the documentation work.
small print, GitHub points out that you must always check for You can also ask AI wizards to explain existing code to you
yourself whether Copilot’s proposals infringe on the rights of (Figure 7). In this way, you can quickly find out what the func-
other parties. In the case of active duplicate detection, GitHub tion (written by a former member of staff who long since left
at least promises support for Copilot users who are accused of the company) actually does. You can even ask Codeium, Tab-
copyright infringement. GitHub does not specify how far this nine, GitHub Copilot, and others questions about the source
help extends.
Even given a check like this, there is
always the question of the license under
which the generated code proposal is
registered. GitHub itself explicitly
makes no copyright claims to the code
generated by Copilot; other providers
are tacit on the subject. This and all the
other problems do not exactly speak in
favor of using AI wizards. On the up-
side, the wizards are still useful for
some specific tasks.

Documentation
Many developers see the documentation
of their source code as a pesky chore.
But this is a task that the AI wizards
carry out with an astonishing accuracy.
All programmers have to do is ask Code-
ium, Refraction, and the like to explain a
function and the AI will provide a Figure 8: Codeium provides details of the Fmt package included in Go.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 19

COVER STORY
Write Code with AI
code – for example, how one function uses another or what
patterns a cryptic regular expression covers. Figstack also
determines the runtime of the source code in O notation.
These tools can also help newcomers master a new language
(Figure 8). You can tell the AI wizards to show you examples
and ask questions about the existing code. Some AIs offer
special assistance: Refraction will create an introduction to an
arbitrary programming topic on request, whereas JetBrains AI
guides you through the range of functions in the in-house IDEs.
However, the texts of the AI tools sometimes sound very much
like boring reference manuals, which is why many developers
prefer to switch to ChatGPT for this task.
Testing, Testing, 1, 2, 1, 2
The AI wizards also offer useful support for testing. More specif-
ically, they can automatically generate test cases or unit tests at
the push of a button. The AI developed by JetBrains for its IDE
is based on both the source code and the documentation. Refrac-
tion, in turn, automatically inserts debug texts into the code,
such as “All elements processed.” The AI derives the texts from
the names of functions, variables, and other elements, which is
why they often require some rework. Some AIs detect typical or
potential programming errors and alert you to them. These er-
rors can even happen while you are typing. Refraction even ex-
plains how the error occurred and how to remedy it. But none of
the AI assistants can guarantee completely error-free code.
When things have to be done quickly, spaghetti code with
variables whose names consist of just one letter is still com-
monplace. Some AI tools are capable of unraveling this mess of
code and formatting it in compliance with a style guide. In ad-
dition to optimized code, Refraction offers natural language im-
provement tips. For example, the AI complains about a lack of
input checking and meaningless variable names. Refraction,
Codeium, and others can automatically refactor the code (Fig-
ure 9). Refraction also automatically converts hard-coded
Figure 9: Refraction refactoring older Rust code while adapting it to current Rust versions at the same time.
20 DECEMBER 2024 ISSUE 289
strings and numbers into variables and adds missing types.
Once again, the quality of the results depends to a huge extent
on the complexity of the source code.
Payment Plans
Most smart programming aids are only available as commercial
cloud services, which the plugins for the development environ-
ments then consult. Alternatively, you can talk to the AI directly
in the browser, but this means that you have to constantly copy
the source code back and forth. Tabnine is one of the few pro-
viders that lets you host its models on-premises yourself.
Any free offers available are either time-limited or severely re-
stricted in terms of their feature set. Fees also vary considerably
among the services. Professional developers will pay at least
US$80 per year with Refraction, whereas GitHub Copilot charges
US$19 per user and month. Special conditions are often available
for students, teachers, and developers of open source projects.
Looking for open source programming wizards is like finding
a needle in a haystack, and they are also far more complex to
set up. As with Tabby [10] and FauxPilot [11], you typically
need to launch a server in a Docker container. Well-known
open source models often operate in the background. Tabby
uses Code Llama, StarCoder, or CodeGen, for example.
Some AI wizards let you query with an API – via OpenAPI in
the case of Tabby, for example. If you do not want to use Curl to
access these interfaces, you will need a matching client or a plu-
gin for your own IDE. Fortunately, the Tabby project itself pro-
vides some plugins. In the case of FauxPilot, you either have to
resort to plugins from third-party developers or use tricks to per-
suade the official Visual Studio code plugin for the GitHub Copi-
lot to cooperate (Figure 10). As an alternative to Tabby and Faux-
Pilot, you can install the Ollama framework [12] directly and use
it to run an open source model such as Code Llama locally. If
you decide to take this extremely bumpy path, you will find a
usable Visual Studio code plug-in in the form of Privy [13].
LINUX-MAGAZINE.COM

Figure 10: Some tools, such as GitHub Copilot, not only offer IDE
plugins but also support queries via a command-line tool.
Data Protection
In order to generate high-quality source code for different
languages, a wizard requires a large neural network and
huge amounts of training data. The required computing
power and financial resources are primarily the domain of
large corporations such as Google, Amazon, and Microsoft,
as well as players like OpenAI. Smaller providers of pro-
gramming tools, such as the former pioneer Kite [14], are
falling by the wayside or are increasingly forced to rely on
preparatory services by the global players. Refraction from
Portugal, for example, uses customized models from
OpenAI.
This reliance on background services leads to a data protec-
tion problem. In order to provide immediate suggestions, the
AI monitors the developer’s work and sends some of the
source code to the cloud for evaluation. If you let CodeConvert
translate all of your source code, for example, this means you
have sent the internals of your entire program to a company in
India. In most cases, the providers also receive further informa- [8] “GitHub Copilot – what’s your experience been like? Worth
tion. GitHub Copilot collects various metrics such as the errors
reported by the development environment and the features
enabled in it.
What happens to the data in the cloud is up to the provider.
In particular, the source code and therefore important internal
enterprise data could be incorporated into the AI as training
material. As a result, the wizards would then offer up your
company’s knowledge to other users. In the worst case, code
fragments could even appear there. Manufacturers deal with
this problem in different ways, and the pertinent details are
often hidden in the small print. GitHub Copilot, for example,
only guarantees for the business plan that the source code
sent to the cloud will not be used as training data. GitHub also Author
reserves the right to allow employees working on the Copilot
project to view the requests. These include employees of
Microsoft and OpenAI.
LINUX-MAGAZINE.COM
COVER STORY
Write Code with AI
Anyone considering running Tabnine
themselves or using an open source AI
such as Tabby for data protection rea-
sons will inevitably face issues with
this technology. Even if you no longer
have to train these models yourself,
running them still requires powerful
hardware. Ideally, your system will in-
clude a powerful NVIDIA graphics card
with plenty of memory that can be ad-
dressed via the CUDA interface. The
FauxPilot quick-start guide cites this
configuration as a mandatory
requirement.
Conclusions
Automatically generated tests and ref-
erences to best practices – according to
a survey of Go developers – is what
many programmers want from an AI
wizard [15]. And, at least with most
commercial services, these wishes are
likely to come true. But no AI is cur-
rently able to implement complex code
automatically. In practice, the wizards do their jobs primar-
ily as enhanced auto-completers, documentation aids, and
unit test generators. In these areas, the tools take tedious
routine work off the developer’s plate, although you still
need to double-check the results. Q Q Q
Info
[1] CodeConvert: https://www.codeconvert.ai
[2] Refraction: https://refraction.dev/
[3] Codeium: https://codeium.com/
[4] Figstack: https://www.figstack.com/
[5] GitHub Copilot: https://github.com/features/copilot
[6] Tabnine: https://www.tabnine.com/
[7] “What it was like to spend a month using GitHub Copilot and
why I plan to not use it (next month)”: https://dev.to/
marciofrayze/what-it-was-like-to-spend-a-month-using-
github-copilot-and-why-i-plan-to-not-use-it-next-month-3ao5
it?”: https://www.reddit.com/r/webdev/comments/11hmsqp/
github_copilot_whats_your_experience_been_like/
[9] JetBrains AI: https://www.jetbrains.com/ai/
[10] Tabby: https://tabby.tabbyml.com/
[11] FauxPilot: https://github.com/fauxpilot/fauxpilot
[12] Ollama: https://ollama.com/
[13] Privy: https://getprivy.dev/
[14] Kite: https://www.kite.com/blog/product/
kite-is-saying-farewell/
[15] Survey of AI assistants: https://go.dev/blog/survey2023h2/
Tim Schürmann is a freelance computer scientist and author.
Besides books, Tim has published various articles in magazines
and on websites.
ISSUE 289 DECEMBER 2024 21
REVIEW
Distro Walk – ArcoLinux

The experience of Arch Linux on the desktop

ArcoLinux
ArcoLinux, an Arch derivative, offers easier installs while well as explanations of the different fla-
vors and derivatives of ArcoLinux, but
educating users about Arch Linux along the way. By Bruce Byfield the most interesting menu item is the

T
suggested learning path [3] shown in
oday, Arch Linux is in the same ArcoLinux’s emphasis on education Figure 1. The learning path begins with
state as Debian around the turn of is obvious from the choice of a .info warnings like “You will break your sys-
the millennium – popular for its domain name. The distribution boasts tem […] This is normal. 15 minutes later
technical excellence, but with a more than 4,000 videos on YouTube [2] you are back on a newly installed OS.”
reputation for being difficult to install. and proclaims in all caps on its site: ArcoLinux suggests that users begin with
Even with detailed installation documenta- “You ask a question that concerns a mostly automatic install that provides
tion and the minimal archinstall script, everyone we make a video.” an Xfce desktop on which they can learn
the reputation remains. As a result, just Moreover, the project’s home site in- curated apps, system configuration and
as Debian spun off rivals like Ubuntu and cludes a Start Here top-level menu. The maintenance, page management, key-
MEPIS that feature easy installs, so Arch Start Here menu includes the usual links board shortcuts and aliases, and become
has spun off distributions like Endeav- to review, news, and testimonials, as comfortable using the terminal. Users
ourOS and Manjaro. Among Arch Linux’s
derivatives, ArcoLinux is unique [1]. As
much an open university as a distribution,
ArcoLinux takes its inspiration from Arch
Linux’s extensive documentation as well
as its technology and organization. In the
process, ArcoLinux offers beginners and
veterans alike the experience of installing
an Arch-like desktop version.
Lead Image © maxkrasnov, 123RF.com

Author
Bruce Byfield is a computer journalist and
a freelance writer and editor specializing
in free and open source software. In
addition to his writing projects, he also
teaches live and e-learning courses. In his
spare time, Bruce writes about Northwest
Coast art (http://brucebyfield.wordpress.
com). He is also co-founder of Prentice
Pieces, a blog about writing and fantasy Figure 1: Phase 1 of ArcoLinux’s learning path is designed to systemati-
at https://prenticepieces.com/. cally to turn novices into experts.

22 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 REVIEW
Distro Walk – ArcoLinux

Figure 2: The introductory installation stages include Figure 3: In the advanced installation, ArcoLinux
useful preinstall links. leaves the choice of apps to the user. Shown here is
the extensive list of desktops and window managers
can then move on to an advanced instal- users will only in- available during installation.
lation and other desktops, saving tiled stall a few times
desktops for last. From there, they can at most. However, ArcoLinux’s installa- ArcoLinux uses the Calamares in-
learn to create their own installation tion process warrants more detail than staller. What distinguishes ArcoLinux’s
images, how to install Arch Linux itself, usual because it is shaped by the goal of version (Figure 2) is the addition of the
and, finally, how to create their own educating users. Some users may want Advanced Installation option. The intro-
Arch Linux derivative distribution. Read- to begin with Home | Info to learn about ductory stages of the install emphasize
ing the summary of the eight phases pro- burning a .iso to a USB drive or a virtual education and ease of use, but the over-
vides a clear picture of what separates a machine. Download images are available all impression is of a graphical version of
newcomer from a knowledgeable Linux from the Download menu, where they an Arch Linux install – something that
user. The learning path contains obvious are all briefly described in terms of de- almost seems a contradiction in terms –
biases, such as the need to know the fault applications and services, as well and a tool that rivals the Debian installer
command line or the assumption that as ease of use. Some are characterized for comprehensiveness and user control.
tiled desktops are an advanced choice, by the type of kernel, others by the desk- It starts with a choice of graphics that in-
but probably few long-time Linux users top. Each of the downloads – Arconet, cludes pure open source or NVIDIA. It
would disagree with these biases. The ArcoPro, and ArcoPlasma – also has its then moves on to a choice of options to
overall effect is a summary for beginners own video that users can watch before update download mirrors, to partition
that, as far as I know, is unmatched any they install. with GParted, and to set screen
place else.
In following the learning path, users
can refer to other menu items. Although
the links are often obscurely named, the
Home menu contains detailed guidelines
for each phase, as well as a link to the
user forum. Users designing their own
installation images may also want to
refer to Home | ArcoLinux | Applications
for information about widgets, termi-
nals, and similar images. Unfortunately,
though, many of the items in the General
menu about configuration and hardware
are still placeholders, so following the
learning path may also require addi-
tional web searches. No doubt Arco-
Linux will get to these topics in time.

Installing ArcoLinux
When reviewing most distributions, I
generally try to keep the description of
the installation minimal. After all, most Figure 4: The default desktop for the ArcoPlasma flavor of ArcoLinux.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 23

REVIEW
Distro Walk – ArcoLinux
resolutions. Only then can users choose
an automatic easy install or an advanced
install in which every option is chosen
by the user. The advanced install is the
most secure choice, although ArcoLinux
does not mention the fact.
The easy install is similar to that of
many distributions. Although extensive
online help is provided, the advanced in-
stallation is best installed with a browser
at hand to help in making choices. The
advanced installation defaults to Ameri-
can English and includes the usual basics,
but many of its pages require some
knowledge. Otherwise, users may puzzle
over which kernel to install – the latest, a
hardened kernel, or half a dozen others.
The choices threaten to be even more
overwhelming in over 20 additional pages
of options for drivers, logins, office soft-
ware, fonts, theming, and graphics. Even
if you adopt the policy of leaving installa-
tion until later when in doubt, this is no
15-minute install. Most likely it will be
more like 45 minutes, but those who
value customization should appreciate
the freedom of choice (Figure 3).
ArcoLinux Applications
ArcoLinux’s desktop applications de-
pend on how the desktop is installed and
the choices made (Figure 4). The easy
installation’s curated applications are
mostly unexceptional. They vary with
the desktop chosen, especially among
the development apps. For instance,
choosing KDE Plasma also installs the
Plasma Engine Explorer and Plasma
Theme Explorer. Otherwise, the choices
are mostly typical of most distributions.
The main exceptions in the easy installa-
tion are the apps inherited from Arch
Linux. Chief among them are the Arch
Linux Tweak Tool (Figure 5), to which a
few ArcoLinux extras are added, and the
Arch Linux Kernel Manager. Both are
comprehensive administration apps that
would be useful in any distribution. In
addition, the ArcoLinux install includes
a welcome screen with a few basic utili-
ties, a guide to building custom install
images (Figure 6) and another for build-
ing Conky docks, and still another for
removing one or more desktops. All are
more comprehensive than the average
desktop app and deserve to be ported to
other distributions.
With an advanced installation, by
definition, the variation becomes more
24 DECEMBER 2024 ISSUE 289
Figure 5: The Arch Linux Tweak Tool is a comprehensive configuration tool.
personal. Many productivity categories free software, but ArcoLinux is an exam-
have multiple choices, but the most ple of how it should be done. While Ar-
varied are the dozens of choices for coLinux is probably unsuitable for abso-
desktop environments, which range lute beginners, it is ideal for beginners
from window managers to almost who aspire to become experts, and for
every desktop I have ever heard of, anyone who values customization and
and many I haven’t. A close second is freedom of choice. Q Q Q
the choice of web browsers. Where
some distributions offer two or three, Info
ArcoTool offers over two dozen, al- [1] ArcoLinux: https://www.arcolinux.info/
though some are only variations of the
[2] ArcoLinux videos: https://www.
same choice.
arcolinux.info/arcolinux-editions/
The State of the Project [3] Learning paths: https://www.arcolinux.
ArcoLinux could benefit from some reor- info/learning-path/
ganization. The
text on links could
be more descrip-
tive, and the site
can be hard to
navigate and not
just for the first
time. All the same,
ArcoLinux is an
ambitious project,
especially for a
small develop-
ment team. What
it does to make
Linux in general
and Arch Linux in
particular more
accessible is im-
pressive. Docu-
mentation is often Figure 6: The ArcoLinux Application Glade helps
a weak point in users to create their own install images.
LINUX-MAGAZINE.COM
IN-DEPTH
Web Page Monitoring

Get notified on website changes

Do you want to be alerted when a product is back in stock on your favorite online store? Do you
want to know when a website without an RSS feed gets an update? With changedetection.io,
you can stay up-to-date on website changes. By Koen Vervloesem

I
f you want to stay updated on
news from various websites, Really
Simple Syndication (RSS) [1] is a
great solution. Many websites offer
their news in an RSS feed, which is an
XML file with a specific format. You can
subscribe to these feeds and read the
content in RSS feed readers, which can
be graphical, command-line, or web-
based clients.
However, not all websites provide an
RSS feed, and RSS usage seems to have
diminished somewhat in recent years.
Moreover, not all websites offer their
content in the form of articles. Still, you
may want to know about changes on
these websites, such as the price of your
favorite product on an online store or a
new page in the table of contents of an
online document. Are you then doomed
to regularly visit all those websites
you’re interested in?
Lead Image © rendeeplumia, 123RF.com

With changedetection.io [2], you can

monitor arbitrary changes on web pages
and be notified in various ways. At first
glance, changedetection.io’s website
(Figure 1) seems to suggest it is a com-
mercial service that requires a monthly
subscription fee. However, changedetec-
tion.io is a completely open source proj- Figure 1: It takes some time to discover that changedetection.io is an
ect, with its source code [3] published open source project.

26 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 IN-DEPTH
Web Page Monitoring

under the Apache 2.0 license. The devel- $ sudo usermod -aG docker $USER two web pages as examples: the chan-
oper simply offers this solution as a sub- gelog of its own releases, and the
scription to fund development. Log out and log in again to apply the Hacker News homepage. Each of these
group membership. Next, create a data “change detection watches” gets its
Installing changedetection.io directory for the container: own row in a table. For each page, this
Changedetection.io is a Python program, table shows the last time it was checked
which you can install using Python’s $ mkdir changedetection as well as the last time it changed. If the
package manager pip. However, because page has a change that you haven’t
you probably want to run this continu- Then create a docker-compose.yml file viewed yet, the entire row is shown in
ously as a service, it makes sense to run with the content from Listing 1. bold. Clicking on the Diff button then
it in a Docker container. On Ubuntu Of course, you need to modify the shows the changes, with new lines in
24.04 LTS, install Docker and Docker path in the volume to match your user’s green and deleted lines in red. A click
Compose with home directory. Now, start changedetec- on Reset queues a new check of the
tion.io with: page if you don’t want to wait for the
$ sudo apt install docker.io docker-U next scheduled check. By default, pages
compose-v2 $ docker compose up -d are checked every three hours.
Each page can have one or more tags,
Then add your user to the docker group: If you run this on your desktop or such as Tech news or another general
laptop, simply category. These tags are also shown next
Listing 1: changedetection.io Docker Compose File visit http:// to the page in the change detection
01 version: '3.2'
localhost:5000 in watch table, and there are also tabs for
your web browser each tag. If you click on a tag, the table
02 services:
to access the user only shows pages with that tag, provid-
03 changedetection:
interface (Fig- ing a clearer overview if you have many
04 image: ghcr.io/dgtlmoon/changedetection.io
ure 2). If you run pages added to your watch. At the bot-
05 container_name: changedetection this on a server, tom right of the table, you can always
06 hostname: changedetection just replace local- mark all pages of the current tag as
07 volumes: host with its IP viewed, recheck them all, or get an RSS
08 - /home/koan/changedetection:/datastore address. feed with changes of these pages for you
09 ports:
to add to your RSS feed reader.
10 - 5000:5000
The Basics Each page also has two grayed-out
Changedetection. icons at the start of its row. Clicking on
11 restart: unless-stopped
io starts watching the first one pauses the checks for this

Figure 2: Changedetection.io starts watching two web pages as examples.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 27

IN-DEPTH
Web Page Monitoring
page, and clicking on the second one
stops notifying you of changes, but
keeps checking for them. A click on the
Edit button opens the settings for the
page’s change detection watch.
Basic Settings
Before adding pages, I’ll first cover some
of changedetection.io’s basic settings.
After clicking on Settings at the top right,
the General tab allows you to set the
time between checks (the default is three
hours), as well as other general settings.
This is where you can set a password on
changedetection.io. Click on Save at the
bottom if you change any of the settings.
In the Notifications tab (Figure 3), you
define how changedetection.io sends
you notifications when it detects a page
change. You can leave this field blank if
you’re content with regularly checking the
watch list manually or if you monitor the
changes in your RSS feed reader. But if you
want faster notifications, set this up here.
Changedetection.io uses Apprise [4]
for notifications. Apprise is a library that
supports sending notifications to more
Figure 3: Add Apprise URLs for notifications of detected changes.
28 DECEMBER 2024 ISSUE 289
than a 100 popular services, including
Telegram, Discord, Slack, Home Assis-
tant, Kodi, Pushbullet, and email. For
each of these services, Apprise defines
a URL. I’ll use sending emails with
Mailjet [5] as an example (for more ex-
amples, see the Apprise wiki [6]).
Enter one or more Apprise URLs in
changedetection.io’s Notification URL
List. For Mailjet, this looks like
mailtos://username:[email protected]
mailjet.com?from=Change%20DetectionU
<[email protected]>&to=U on Watch to add the watch with the de-
[email protected]&mode=ssl
This defines the notification as secure
SMTP, with a username and password
for login and a from and to email ad-
dress in SSL mode.
If you then click on Send test notifica-
tion, you should receive a notification
on all services you set up. If not, click
on Notification debug logs and try to
find out what went wrong. You can also
change the title and body of the notifica-
tions, but the defaults are often fine.
Don’t forget to click on Save at the bot-
tom to save your notification settings.
For now, you can ignore the other tabs of
changedetection.io’s settings.
Adding a New Change
Detection Watch
If you want to monitor a specific web
page for changes, you can simply add
the URL in the text box at the top,
under Add a new change detection
watch. Optionally, add one or more tags
(separated by a comma), and then click
fault settings or Edit | Watch to edit the
watch’s settings before adding it.
By default, changedetection.io
watches for web page text/HTML, JSON,
and PDF changes. However, if you select
Re-stock & Price detection for single prod-
uct pages, the program looks for signs of
a price or terms such as “in stock” or
“out of stock,” which lets you watch for
changes in prices or stock status. Note
that this only works if the page covers
one product.
There’s also a Chrome extension [7]
that works together with your change-
detection.io instance. Just add it to
Chrome, open your changedetection.io’s
Settings and go to the API tab. Then
open the extension from the toolbar and
click on Sync API Access. The extension
then automatically configures itself to
talk to your changedetection.io instance.
On any page, you can now click on the
extension icon in the toolbar, select
whether you want to detect normal
changes or stock and price changes, op-
tionally add one or more tags, and click
on Watch this website to add a change
detection watch (Figure 4).
Change Detection Watch
Settings
If you click on Edit | Watch when add-
ing a new watch or click on Edit for an
existing watch, you can modify various
settings specific to the change detection
watch. In the General tab, you can
change the title shown in the watch
table (by default the full URL), the tags,
and the time between checks if you
want something other than the global
settings. The Request tab allows you to
adjust how changedetection.io fetches
the web pages, which I’ll explain later.
For general web page changes, there
are settings to filter which parts of the
LINUX-MAGAZINE.COM

Figure 4: With changedetection.io’s Chrome extension, monitoring page changes becomes even easier.
page changedetection.io monitors for
changes. The Visual Filter Selector is ad-
vanced functionality that I’ll explain
later, and Filters & Triggers allows you to
remove HTML elements or select only
specific HMTL elements from the page.
For example, one of the web pages I’m
Figure 5: Trigger a change when the price drops below or rises above a
specific value.
LINUX-MAGAZINE.COM
watching has a footer showing how
many “bad” access attempts it has
blocked. Naturally, this triggers change
detections I’m not interested in. When
examining the web page’s HTML code, I
noticed that the main element contains
all the information I need, without the
ISSUE 289
IN-DEPTH
Web Page Monitoring
footer. So I added the XPath filter //main
to the CSS/JSONPath/JQ/XPath Filters
text box on this tab. Don’t forget to save
your changes.
For stock and price detection, the Re-
stock & Price Detection tab allows you to
adjust the watch’s behavior. For example,
you can specify whether you want to
know about any availability changes or
only when an out-of-stock product is back
in stock. You can also enable and disable
price monitoring, and you can even trigger
notifications when the price changes
below or above a set value (Figure 5).
For both types of change detection
watches, the Notifications tab allows you
to modify the behavior from using the
general notification settings to some-
thing custom for this watch. For in-
stance, you can disable notifications for
this watch or add another Apprise URL
for a custom notification. The Stats tab
simply shows some statistics of the
watch and allows you to download the
latest HTML version that changedetec-
tion.io has downloaded from the page to
debug any issues.
Using a Chromium/
JavaScript Server
By default, changedetection.io down-
loads the watched pages as plain HTML
DECEMBER 2024 29
IN-DEPTH
Web Page Monitoring

Listing 2: Docker Compose File for changedetection.io with a Chromium/JavaScript Server

01 version: '3.2' 15 playwright-chrome:

02 services: 16 condition: service_started

03 changedetection:
17 playwright-chrome:
04 image: ghcr.io/dgtlmoon/changedetection.io
18 image: dgtlmoon/sockpuppetbrowser:latest
05 container_name: changedetection
19 container_name: playwright-chrome
06 hostname: changedetection

07 volumes: 20 hostname: playwright-chrome

08 - /home/koan/changedetection:/datastore 21 environment:

09 ports:
22 - SCREEN_WIDTH=1920
10 - 5000:5000
23 - SCREEN_HEIGHT=1024
11 environment:
24 - SCREEN_DEPTH=16
12 - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000

13 restart: unless-stopped 25 - MAX_CONCURRENT_CHROME_PROCESSES=10

14 depends_on: 26 restart: unless-stopped

files using an HTTP client. This works To configure this, update your $ docker compose up -d

for many web pages and is fast. How-
ever, as soon as a page uses JavaScript to
render important parts of its content,
this simple HTTP client won’t see the
content. Fortunately, you can run a web
browser in a Docker container and let
changedetection.io use it to fetch the
watched pages.
docker-compose.yml file with the Docker
Compose file shown in Listing 2.
This adds a second container run-
ning a Chromium web browser and
lets changedetection.io’s container
wait until this container is started.
After these changes, restart Docker
Compose with:
In principle, you could now change
changedetection.io’s fetch method to
Playwright Chromium/Javascript via
‘ws://playwright-chrome:3000’ in its set-
tings, but the default fetch method is
much more efficient. It’s recommended
to only change the fetch method for indi-
vidual watches where the default
method doesn’t work.
You can make this change in the Re-
quest tab of the watch settings by chang-
ing the Fetch Method to Playwright Chro-
mium/Javascript via ‘ws://playwright-
chrome:3000’. Save your changes and
wait for the queued watch to be exe-
cuted. If all goes well, the change detec-
tion watch works now. However, some
websites (such as Amazon) detect that
you’re visiting them with a bot, so they
don’t show the desired content. You can
check this by clicking on Preview next to
the change detection watch. If you go to
the Screenshot tab, you’ll see what the
page looks like to the browser in the
container, and this often shows a CAPT-
CHA. There are solutions for this prob-
lem, such as Bright Data’s (paid) Scrap-
ing Browser [8], but that is beyond the
scope of this article.

Visual Filter Selectors and

Browser Steps
If you’re using a Chromium/JavaScript
server, you get even more possibilities,
for example, for filters. Instead of having
to look up the HTML source code and
construct the XPath expression, you can
just click on the Visual Filter Selector tab
Figure 6: Select the parts of the web page you want to monitor. of the watch’s settings. This shows the

30 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


web page, and when you hover over dif-
ferent parts of the page, you see a red
bounding box (Figure 6). Click on the
box to select the element you want to
use for change detection. This automati-
cally fills in the corresponding filter in
the Filters & Triggers tab. You can also
select multiple elements. Click on Save
to confirm the filter.
Another advantage of using the Chro-
mium/JavaScript server can be found in
the Browser Steps tab. By clicking on the
play button there, changedetection.io
creates a live connection to a web
browser, and you can interact with the
page from within this browser. You can
then perform actions such as clicking on
a cookie accept box or logging into the
website. After saving this, changedetec-
tion.io replays these steps every time be-
fore its change detection watch. You can
use this, especially in combination with
the Visual Filter Selector, to get alerts
about information shown only after log-
ging in, such as new invoices or private
messages. Of course, adjust the time
between checks appropriately: You don’t
want your account blocked because
changedetection.io logs in too
frequently.
Conclusion
Changedetection.io can be a great tool
for being notified of web page changes.
Once you have it running for a few
websites without an RSS feed, you’ll
likely add more and more change de-
tection watches. The filters and trig-
gers are quite powerful, and you can
even ask changedetection.io to extract
text from a page using regular
Author
Koen Vervloesem has been writing about
Linux and open source, computer security,
privacy, programming, artificial intelli-
gence, and the Internet of Things for more
than 20 years. He holds master’s degrees
in Computer Science Engineering and Phi-
losophy and is teaching Linux, Python,
and IoT classes. You can find more on his
website at koen.vervloesem.eu.
IN-DEPTH
Web Page Monitoring
expressions. Before you know it, you’ll
have this service constantly browsing
the web for you, notifying you of any-
thing you need to know. Q Q Q
Info
[1] RSS: https://www.rssboard.org/
rss-specification
[2] changedetection.io:
https://changedetection.io
[3] changedetection.io source code:
https://github.com/dgtlmoon/
changedetection.io
[4] Apprise:
https://github.com/caronc/apprise
[5] Mailjet: https://www.mailjet.com/
[6] Apprise wiki: https://github.com/
caronc/apprise/wiki
[7] Chrome extension:
https://chromewebstore.google.com/
detail/changedetectionio-website/
kefcfmgmlhmankjmnbijimhofdjekbop
[8] Bright Data’s Scraping Browser:
https://brightdata.com/products/
scraping-browser
IN-DEPTH
Linodas

Anatomy of a Linux backdoor attack

Through
the Back
Door
Cybercriminals are increasingly discovering Linux and adapting malware previously designed for
Windows systems. We take you inside the Linux version of a famous Windows ransomware tool.
By Thomas Boele

S
ince the beginning of the year,
security researchers from Check
Point Research (CPR) have been
investigating the activities of a
Chinese cyber espionage threat actor
focused on Southeast Asia, Africa, and
South America. The toolkit for this
threat actor includes the DinodasRAT [1]
cross-platform backdoor, also known as
XDealer, which was previously observed
in attacks by the Chinese group known
as LuoYu.
This article provides technical analysis
of the Linux version (v11) of DinodasRAT,
aka Linodas. The Linux edition appears
to be more sophisticated than the Win-
dows version and has a range of features
specially tailored to Linux servers. In

Photo by David Szweduik on Unsplash

Figure 1: Similarities in the function for identifying the operating system version between the Dinodas
example (left) and the open source code. © Check Point Software

32 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 IN-DEPTH
Linodas

Table 1: Strings of the Backdoor

Marker Discovered for the First Time Hashes
Linux_%s_%s_%u_V7 July 2021 3d93b8954ed1441516302681674f4989bd0f20232ac2b211f4b601af0fcfc13bbf-
830191215e0c8db207ea320d8e795990cf6b3e6698932e6e0c9c0588fc9eff

Linux_%s_%s_%u_V10 January 2023 15412d1a6b7f79fad45bcd32cf82f9d651d9ccca082f98a0cca3ad5335284e45

Linux_%s_%s_%u_V11 November 2023 6302acdfce30cec5e9167ff7905800a6220c7dda495c0aae1f4594c7263a29b2
ebdf3d3e0867b29e66d8b7570be4e6619c64fae7e1fbd052be387f736c980c8e
(embedded module)

Table 2: Comparing Linux and Windows Versions

Version Operating system Hash
Linux_%s_%s_%u_V11 Linux 6302acdfce30cec5e9167ff7905800a6220c7dda495c0aae1f4594c7263a29b2
Win_%s_%s_%u_V10 Windows 57f64f170dfeaa1150493ed3f63ea6f1df3ca71ad1722e12ac0f77744fb1a829

addition, the version under investigation
introduces a separate bypass module to
hide traces of malware in the system.
The execution of the system binary files
is modified by proxies.
Two samples with different internal
versions suggest that there were two dif-
ferent development teams or at least two
backdoors in different stages of develop-
ment communicating with the same C2
server. The Linux and Windows versions
rc.local.service file exists and writes
the code from Listing 1 to the file.
It then creates the following symlink.
/lib/systemd/system/rc.local.service U
--> /etc/systemd/system/

Dinodas Origins have overlapping command IDs that

Several clues indicate DinodasRAT was
originally based on the SimpleRemote [2]
open source project. SimpleRemote is a
remote access tool based on the Windows
remote access trojan Gh0st RAT [3], but it
has some additional improvements. Sim-
seamlessly support the same malware
functionality for different operating sys-
tems. The cybercriminals have im-
planted their work on Linux servers to
bolster their position on the network.
Security researchers found malware files
In the next step, the malware determines
whether the /etc/rc.local file exists
and, if it does, adds the following
character string:
#!/bin/bash

ilarities between SimpleRemote and an named ntfsys that pretend to be system [SELF_FILE_PATH] exit 0

older version of DinodasRAT include the
use of the same Zlib library (version
1.2.11) and some overlaps in the code
(Figure 1).
The developers of DinodasRAT re-
hashed parts of the source code and
added some additional open source code
from another repository. This code in-
cludes functions for handling INI files.
DinodasRAT uses encryption used in
QQ Messenger.
Independent Code Base
All examples of the cross-platform Dino-
dasRAT embed a string containing the
internal version of the backdoor. Some
or driver files in the context of the NTFS
filesystem.
As soon as the backdoor is executed, it
checks whether it has been launched for
the first time by requesting two argu-
ments: the letter d and the process ID of
the calling daemon. If it cannot find the
arguments, it calls the daemon function
and establishes its persistence on the
system. The backdoor then restarts itself.
It retrieves the process ID and its exec
self path and calls the system function
to run the [SELF_PATH] d [SELF_PID]
command.
Persistence Methods
Linodas then runs the chmod 777 com-
mand to make the /etc/rc.local file ex-
ecutable and evaluates whether the per-
sistence has been correctly written to
the file. Finally, the malware changes
the INI fields in the /lib/systemd/system/
rc.local.service file (Listing 2).
Listing 1: rc.local Activated via systemd
[Unit]
Description=/etc/rc.local Compatibility
ConditionFilelsExecutable=/etc/rc.local
After=network.target
[Service]

strings reflecting the development of the The persistence process is relatively ex- Type=forking

backdoor appear in Table 1.
The earliest version for Linux was first
spotted in the wild by security research-
ers in July 2021. Linodas has the same
logic as the Windows version, but it
adds a number of its own behaviors and
specifically targets Linux servers. The
latest Linodas version (v11) can also be
observed in a Windows version, which
communicates with the same C2 server
update.microsoft-setting[.]com (see
Table 2).
tensive and includes several Ubuntu ver- ExecStart/=etc/rc.local start
sions and Red Hat distributions. The first TimeoutSec=0
step is to determine the current operat-
RemainAfterExit=yes
ing system version by reading the /proc/
version and etc/lsb-release files and an-
alyzing the output. Then, based on the Listing 2: Changing INI Fields
data collected, persistence can be [Service]
achieved using one of the following
RemainAfterExit=no
methods.
[Install]
Method 1 (Ubuntu) – rc.local activated
WantedBy=multi-user.target
via systemd: The malware first checks
Alias=rc-local.service
whether the /lib/systemd/system/

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 33

IN-DEPTH
Linodas
Method 2 (Red Hat) – init.d script:
The backdoor calls up the command,
the output from which is analyzed by
Chkconfig, and attempts to execute it.
If the command is found and executed
correctly, it adds it to the PATH environ-
ment variable and continues with the
actual persistence. The malware
checks whether the file /etc/init.d/
[SELF_FILE_NAME] exists and then writes
the code from Listing 3 to it.
If the file has not been created, it
writes the same data to the /etc/ch.sh
file and executes the following
command:
mv /etc/ch.sh /etc/init.d/U
[SELF_FILE_NAME]
The malware then executes the chmod 777
command for the created file and checks
the persistence using the next call:
chkconfig --list | grep U
[SELF_FILE_NAME]
If the result does not contain 6:, the fol-
lowing two commands are used:
chkconfig --add [SELF_FLE_NAME] U
chkconfig zentao [SELF_FLE_NAME]
Method 3 (Red Hat) – rc.local: Persis-
tence takes place via the file /etc/rc.d/
rc.local. If the file exists, the backdoor
checks whether its self path exists in the
content – if not, it adds itself to the file
with the \n[SELF_PATH]\n string.
Listing 3: Modify /etc/init.d/[SELF_FILE_NAME]
#!/bin/sh
### BEGIN INIT INFO
# Provides: [SELF_FILE_NAME]
# Required Start: $local_fs $network
# Required Stop: $local_fs
# Default Start: 2 3 4 5
# Default Stop: 0 1 6
# Short Description: [SELF_FILE_NAME] service
# Description: [SELF_FILE_NAME] service daemon
### END INIT INFO
[SELF_FULL_ATH] restart
Listing 4: Unique Computer ID
Linux_[TIMESTAMP]_[MD5SUM]_[RANDOM NUMBER]_V11
Linux_20240310_11cb06d0bf454c3708a3658c2601ea16_40459_V11
34 DECEMBER 2024 ISSUE 289
Core Logic
After the malware has executed correctly
with two arguments, it moves on to the
actual logic. First, it runs a series of
checks, including root privileges, the
path/folder, and the process ID of the
calling daemon and saves them all in
global variables. The backdoor then
changes the timestamp of its file.
touch -d \"2010-09-08:*12:23:02\" U users. After the initial configuration, the
[SELF_FILE_PATH]
Now a configuration file based on the
hard-coded string /etc/.netsc.conf is
read. The configuration files for all ex-
amples are usually hidden files. From
the configuration file, the malware at-
tempts to read the imei field under the
para section. The field stands for the
bot ID generated for the infected com-
puter. If it is missing in the configura-
tion file, a unique computer ID is gen-
erated on the basis of computer param-
eters in five steps.
The first step is to determine the com-
puter’s MAC address. The malware runs
the ifconfig or ip command and extracts
the MAC address from the output; this de-
pends on the distribution. The malware
then calls the dmidecode command to ob-
tain the system’s SMIBIOS. After it has
combined the MAC address and the out-
put of dmidecode, it executes the md5sum
command. Finally, in the fourth and fifth
steps, the backdoor generates a random
number and a timestamp based on the
current time. All of the fields and an ex-
ample are shown
in Listing 4. After
it is generated, the
bot ID is saved in
the configuration
file and the config-
uration file time-
stamp is also
changed, as with
the executable file.
The backdoor
then enumerates
the system to de-
termine the distri-
bution, the exact
operating system
version, and the
system architec-
ture. All of these
values are stored
in global variables
and used later on when the backdoor
contacts C2 for the first time. The hard-
coded C2 address is parsed, stored in a
global structure, and the malware reads
two more configuration fields, mode and
checkroot, from the para section. The
mode field specifies the transport proto-
col to use: TCP or UDP. In contrast, the
checkroot field determines whether the
backdoor should monitor logged-in
backdoor generates several threads that
are used for monitoring and cleaning
up. It then initiates the connection to
the C2 server.
Monitoring and
Cleaning Up
The backdoor creates five threads that
are tasked with system monitoring,
downloading helper modules, and clean-
ing up old reverse shell connections.
Thread #1 handles monitoring of the
logged-in user. If the mode field in the
configuration or the global variable for
mode is set to 1, this thread monitors
logged-in users with the who command.
It analyzes the output and closes the C2
connection if the registered IP is not a
local IP or the C2 IP.
Thread #2 is responsible for monitor-
ing the C2 connection status. Each
time a valid request is made to the C2,
the time field in the global C2 connec-
tion structure is updated. If half an
hour has passed since the last request
to the C2 server, the thread closes the
connection to C2.
Thread #3 downloads and sets up the
filter module. The thread first uses a
variable to check whether the module
has already been downloaded. If this is
not the case, the thread again carries
out a few steps. It first checks whether
the file [SELF_PATH].so6 exists and com-
putes an Md5 hash of its content. It
then sends an encrypted request to C2,
in which it requests the Md5 hash of a
module available on the C2 server and
compares the received Md5 hash with
the existing one.
If the hash is different, the thread
makes another request to C2 and saves
the newly received file under the same
name. In the second-to-last step, it
reads the data from the /usr/lib/lib-
sysattr.so file; this was probably stored
at an earlier stage of the infection. This
file should contain a series of values
LINUX-MAGAZINE.COM
 IN-DEPTH
Linodas

separated by pipes (|) and includes a
series of instructions for executable
files to be replaced. The thread now
searches the system for each file listed
in the statement file and saves it as
[FILE_NAME].a.
Finally, the thread replaces the original
files with the newly obtained So6 filter
module and makes it executable. All of
these steps allow threat actors to put
wrappers around specific executable
system files.
Thread #4 monitors and logs logged-
in users. If a user is logged on to the
Linux machine and their IPv4 does not
match a local IPV4 or one of the C2s,
its details are logged and sent to the C2
server.
Thread #5 takes care of cleaning up
old reverse shell sessions. First of all, the
thread monitors reverse shell sessions. If
a reverse shell session is found that has
not been active for almost an hour, the
session is removed.
C2 Communication
Before C2 communication begins, two
global structures are checked: One
contains the configuration value that
specifies whether TCP or UDP should
be used when connecting to C2; the
other specifies whether C2 communi-
cation should be interrupted if there
are logged-in users. If one of these
checks fails, the malware does not es-
tablish communication with C2. If the
checks are successful, the backdoor
analyzes the C2 address and resolves a
C2 domain to IPv4 if necessary.
Next, the malware sets up a socket in
TCP or UDP mode, depending on the
configuration, and attempts to establish
a connection to the C2 server. If the con-
nection is successful, the malware starts
a thread to parse C2 commands. After

Table 3: Supported Functions

ID Description Parameters Existing in the
Windows version
0x02 List files and directories under a specific folder Name of the folder yes
0x03 List files and directories in a specific folder List of files or directories separated by && yes
0x05 Send files to C2 Request ID, file list separated by && yes
0x06 Terminate the “Send files” command – yes
0x08 Download a file from C2 and execute (if a flag is Execute flag, file name, file data, all separated by /t yes
activated)
0x09 Terminate the “Download files” command – yes
0x0E Update the C2 URL List of C2 URLs, separated by /t yes
0x0F Display logged-in users – yes
0x11 List running processes – yes
0x12 End process Process ID to be terminated yes
0x13 List executed services – yes
0x14 Start/stop service Service name, action type, separated by /t; action yes
types: 1 – Start service, 0 – Stop service, 2 – Stop
and delete service
0x18 Execute process and send back the response Process path to be executed yes
0x19 Make file executable and execute Receive multiple files to be executed, separated by /t yes
0x1A Start/stop/call up status of HTTP proxy Integer value no
0x1B Start reverse shell – yes
0x1C Undo shell restart – no
0x1D Undo shell termination – no
0x1E Write to reverse shell Binary values divided by 0x010x02 yes
0x27 Rename, copy, move file Action type, file path, new path yes
0x28 Send ok to C2 – yes
0x2B Change proxy connection type Integer value yes
0x2C Set proxy type Integer value yes
0x2D Change file transfer mode Integer, integer value yes
0x2E Auto-complete uninstall, remove persistence, – yes
terminate parent daemon and exit
0x31 Update a global integer value used as the UDP Integer value yes
packet length
0x32 Read file and return content File path, max. bytes to be read no
0x33 Write data to file File path, bytes to be written to a hexadecimal no
character string
0x34 Collect user activities from various files such as – no
/var/run/utmp, var/log/wtmp, var/log/lastlog
0x35 Analyze and send /usr/lib/libsysattr.a file – no
0x36 Analyze data and write to /usr/lib/ Fields separated by /t no
libsysattr.a file

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 35

IN-DEPTH
Linodas
this first connection to the C2 server has
been established and the C2 command
thread has been created, the backdoor
executes an infinite loop that is respon-
sible for sending a heartbeat to the C2
server. The heartbeat contains the fol-
lowing values, which are combined
and separated by \t: information about
the distribution, the system architec-
ture, the string root, the constant value
0xC, the UDP packet length 800, and a
custom path. If the request to C2 has
failed, the connection to C2 is re-estab-
lished; the heartbeat string is then gen-
erated and sent again.
Supported C2 Commands
Much like the Windows backdoor, the
Linux backdoor also supports a wide
range of functions. These functions are
all listed in Table 3. The table also
shows whether they are present in the
Windows version of the backdoor.
Filter Module
In Linodas v11, thread #3 is responsible
for downloading an additional module
that replaces all specified binaries in the
system. None of the previous versions
Figure 2: File identifiers for the filter module when it first appeared in
November 2023.
Figure 3: Diagram of the execution of a system binary wrapped by the
filter module, which changes its output in real time. © Check Point Software
36 DECEMBER 2024 ISSUE 289
support this function. The filter module
(Figure 2), which was obtained by
executing ntfsys (v11) from the C&C
server controlled by the actor, is stored
as ntfsys.so6.
The module has the task of control-
ling the execution of the binary files
and monitoring their output (Figure 3).
The module is started each time the
system attempts to use the replaced bi-
nary file, with or without parameters.
As soon as it is executed, the module
checks whether the configuration file
is in /usr/lib/libsysattr.a. This sepa-
rate configuration file is not down-
loaded together with the module. In-
stead, the threat actors drop it onto the
server using the Linodas reverse shell.
The module loads the ip and name
fields from the para section of the con-
figuration file. The module combines
all received parameters, separates them
with spaces, and checks whether the
original binary file with the name
[SELF_PATH].a exists. If not, it outputs
the bash shell and exits.
However, if the file exists, the mod-
ule executes it with the received argu-
ments and appends the string 2>&1.
This step merges the error output with
the standard output so that both can
be manipulated or viewed together.
While the module executes the sub-
routine, it reads parts of the output and
splits them line by line. Each line runs
through a filter process in which the
line that contains one of the values for
ip or name from the configuration is ig-
nored. If the line passes through the
filter, it is printed.
The threat actors probably deploy
this module as a rootkit to filter arbi-
trary values such as IP, username, pro-
cess name, or other artifacts from vari-
ous binaries in order to collect infor-
mation provided by commands such as
who, netstat, ps, in order to hide Lino-
das from monitoring attempts.
Conclusions
The Linux version of DinodasRAT ap-
pears in connection with Chinese APT
threat actors and has been used repeat-
edly since at least 2021. Although Lino-
das has numerous similarities with the
Windows version, the Linux malware
points to a separate and independent
development branch. Linodas intro-
duces add-on modules with separate
configuration files and additional C2
commands that focus on setting up
and controlling reverse shells, collect-
ing user activity from logs, and manip-
ulating local file contents. Q Q Q
Info
[1] DinodasRAT:
https://malpedia.caad.fkie.fraunhofer.
de/details/win.dinodas_rat
[2] SimpleRemote: https://github.com/
microsoft/SimpleRemote
[3] Gh0st RAT: https://malpedia.caad.fkie.
fraunhofer.de/details/win.ghost_rat
Author
Thomas Boele is an experienced tech
expert and recognized speaker. He has
more than 20 years of experience creating
go-to-market strategies for global IT
companies and start-ups by developing
and building pre-sales organizations in
high-growth environments with results-
oriented, supportive work cultures. Before
joining Check Point Software as Regional
Director, Sales Engineering CER/DACH,
he worked for companies such as Cisco,
3Com, NetApp, Riverbed, HPE SimpliVity,
Cohesity, and Twilio.
LINUX-MAGAZINE.COM
IN-DEPTH
Command Line – zoxide
A modern cd command
Smarter
Navigation
Zoxide, a modern version of cd, lets you navigate long directory paths with less typing.
By Bruce Byfield
I
n most shells, the main navigation
utility is cd (change directory).
Generally, cd is built into the shell,
which is why it does not have its
own man page like other commands.
The lack of a man page is usually not
noticed, because the bare cd is all that
most users need. However, when direc-
tories have multiple levels, cd can re-
quire tedious typing, especially when
you have to travel up the directory struc-
ture and down another branch. A mod-
ern version of cd, zoxide, changes all
that by using a database that, once set
up, requires the typing of only the last
directory in the path.
To get its results, zoxide relies on an
algorithm based on how often a direc-
tory is accessed. When first added to the
database, a directory is given a score of
1. Each time it is accessed, its score rises
by one. When a query is made, a direc-
tory adds 4 if accessed in the last hour
and 2 if accessed in the last day or last
week. The higher the value, the most
likely a directory is to be the one sought.
When the database reaches the maxi-
mum number of entries, it reassigns
the frequency of access and deletes any
directory that falls below 1.
38 DECEMBER 2024 ISSUE 289
Installation and
Configuration
Zoxide is available in many distribu-
tions, as well as on multiple platforms
and in multiple package formats. How-
ever, installing the package is just the
beginning. To be functional, zoxide re-
quires at least some configuration.
To start, users need to add zoxide to
their shell. In Bash, the line
eval "$(zoxide init bash)"
must be added to the end of ~/.bashrc.
This line can be added manually, or with
zoxide-init (more on this later). The
project’s GitHub page gives instructions
for other common shells. In order for
zoxide to deal with directory name con-
flicts, the fuzzy searcher fzf must be in-
stalled. Optionally, you can change the
default command z with cmd NAME, even
replacing the cd command. Directories
that are scored in searches can also be
set with --hook SETTING, with a choice of
none, prompt, or pwd.
Still another option is to integrate zox-
ide with other applications such as
Emacs, Vim, and neovim, as well as sev-
eral lesser-known file managers such as
felix and ranger, as outlined on the
GitHub page [1]. Usually, integration in-
volves the installation of a sub-project.
For example, for Vim and neovim inte-
gration, zoxide.vim must be added via
one of several package managers, and it
is used by a half dozen Vim commands.
Similarly, Emacs integration requires
zoxide.el and enables a dozen func-
tions, such as zoxide-cd and zox-
ide-open-with. Unfortunately, many
popular text editors, such as JOE, or
file managers like Dolphin or Caja, are
not yet supported.
Zoxide’s behavior can also be set with
environmental variables:
• _ZO_DATA_DIR: Specifies the directory in
which the database is stored. The de-
fault is $XDG_DATA_HOME or $HOME/.
local/share.
• _ZO_ECHO: When set to 1, z will display
Lead Image © alexandragl,, 123RF.com
the matched directory before navigat-
ing to it. With this variable, you do not
need to run pwd from the destination
for its complete path.
• _ZO_EXCLUDE_DIRS: Excludes the speci-
fied directories from the database.
/home is included by default. This fea-
ture can be useful for privacy and
security.
LINUX-MAGAZINE.COM

• _ZO_FZF_OPTS: Provides custom options
to pass to fzf during interactive selec-
tion. Useful options include case-sen-
sitivity, alternative ways of weighting
directories in search results, and as-
sorted display options. See man fzf for
the list of options.
• _ZO_MAXAGE: Limits the maximum
number of entries in the database.
The default is 10,000.
Using zoxide
All this lengthy configuration results in
the basic use of Zoxide being simple.
Type z PATH, and the final directory is
added to the database. The next time
you need to navigate to that directory,
you only need to type z DIRECTORY, no
matter how deep in the directory tree it
is buried. For instance, if you type
z /home/bb/creative
next time you only need to type z cre-
ative. Once zoxide is set up, you can
quickly add your most-used directories
to the database and simplify your fu-
ture navigation. When paths are simi-
lar, you can use zi as the basic com-
mand or press Space+Tab to choose
from a list (Figure 1).
As the database is populated, zoxide
will choose the highest ranked directory
by default. You can change this behavior
by searching for multiple directories in
the path, or by specifying a subdirectory
with /. As in cd, you can also move up
Figure 1: When directories contain similar names, zoxide provides a list
of alternatives to select from.
LINUX-MAGAZINE.COM
one directory with z .. or into the previ-
ous directory with z -.
For many users, no further informa-
tion is needed. However, zoxide’s data-
base can be edited by subcommands
placed after the basic command:
• zoxide add PATHS: Adds a path with a
ranking of 1, or adds 1 to the ranking
of a directory already in the database.
After either, the last updated field of
the entry is updated. Directories ex-
cluded by the _ZO_EXCLUDE_DIRS envi-
ronmental variable cannot be added.
This subcommand is a quicker way to
add directories than letting zoxide
learn from your navigation.
• -zoxide import --from FORMAT: The for-
mat is autojump or z for fasd, z.lua, or
zsh-z.
• -zoxide-init: Automatically initializes
a command shell to read it for use.
This action can also be done manually
in a text editor.
• -zoxide query KEYWORDS OPTIONS:
Searches the database for keywords.
Options for results are --all and
--exclude PATH. With fzf installed,
--interactive (-i) is enabled. With
--list (-l), all results are listed, not
just the most used, while --score (-s)
lists rankings, which can be manipu-
lated with zoxide-add.
• -zoxide remove PATHS: Deletes directo-
ries from the database. To permanently
remove a directory from the database,
specify it in the _ZO_EXCLUDE_DIRS
environment variable.
ISSUE 289
IN-DEPTH
Command Line – zoxide
Except for zoxide-query, none of the sub-
commands return feedback.
Alternative Navigation
If zoxide does not suit you, there are
other cd replacements, including auto-
jump, z.lua, and rupa/z. Many of these
alternatives are structured similarly to
zoxide, using a database and assigning
directories a score based on frequency
of use. Some, such as zsf, can be com-
bined with zoxide during configuration.
Data from some can be transferred to
zoxide. Keep in mind that zoxide has
the advantages of being simple to use
and easy to learn.
True, new users might wish for a
zoxide installer to replace the compli-
cated configuration process. More ad-
vanced users might wish for additional
features, such as associating a direc-
tory with a particular application.
However, once set up, zoxide in its
current form is a substitute for cd that
is only slightly more complicated.
Users might want to make zoxide an
alias of cd by adding alias z='cd' to
their shell configuration file. With zox-
ide, users will save thousands of key-
strokes, an improvement that is both
efficient and ergonomic. Q Q Q
Info
[1] zoxide:
https://github.com/ajeetdsouza/zoxide
Author
Bruce Byfield is a computer journalist and
a freelance writer and editor specializing
in free and open source software. In
addition to his writing projects, he also
teaches live and e-learning courses. In his
spare time, Bruce writes about Northwest
Coast art (http://brucebyfield.wordpress.
com). He is also cofounder of Prentice
Pieces, a blog about writing and fantasy at
https://prenticepieces.com/.
QQQ
DECEMBER 2024 39
IN-DEPTH
Tampermonkey
Customizing web content with Tampermonkey
Monkey Business
Even small changes in a web page can improve the browsing experience. Your preferred web
browser provides all the tools you need to inject JavaScript to adapt the page. You just need a
browser with its debugging tools, some knowledge of scripting, and the browser extension
Tampermonkey. By Reinhard E. Voglmaier
T
he browser has become a very
important component for inter-
acting with the Internet. In recent
years, browsers have evolved
from being just a tool for interacting
with static HTML to a comprehensive
part of the infrastructure. The modern
browser is a kind of operating system
within the operating system, with a com-
plete SDK for JavaScript, HTML, and
CSS, along with features such as a visual
debugger, a code inspector, options for
network and performance monitoring,
and much more. One interesting features
is that you can modify pages already
loaded into the browser with your own
scripts. The ability to customize web
pages is useful for:
• quick bug fixes for intranet
applications,
• fixing annoying behaviors of websites
or web applications,
• implementing security features for
users in the enterprise,
• adding convenient new features to
publicly available websites, such as
42 DECEMBER 2024 ISSUE 289
automation tools or similar functional-
ities, and
• providing easy access to AI-based
tools.
This flexibility and power push the
browser far beyond its original role of
simply rendering HTML.
Before I Start …
This article is intended for educational
purposes only. My goal is to show you
the power of the described technologies.
All information you will find here is al-
ready available on the Internet – links
are provided at the end of this article. As
with many tools used for programming,
these tools can also be used for illegal
activities. If you decide to experiment, it
is up to you to obey all applicable laws
and treat any websites in a way that is
compliant with their intended use.
Welcome to the DOM
One very exciting feature of today’s web
is the connection between the HTML
document and the scripts contained in
the document itself. You can consider
this construct as similar to the chicken-
and-egg question: The document con-
tains the script and the script can mod-
ify the document, including the script it-
self. The technology that allows this is
the DOM (Document Object Model) [1]
[2]. When a web page is loaded, the
browser constructs a DOM tree, which is
a hierarchical representation of the doc-
ument’s content. This tree structure al-
lows for efficient selection, addition, re-
moval, and modification of elements on
the web page. The DOM is not tied to
any programming language; however,
JavaScript is commonly used to interact
with the DOM.
Photo by Jamie Haughton on Unsplash
Style sheets (CSS) also are part of the
DOM. A style sheet describes how the doc-
ument will be displayed in the browser
(the font, the colors, and so forth). The
most interesting feature of the browser is
that the user can inject code into the DOM.
This code can interact with the HTML and
CSS part of the document. This feature
opens a world of possibilities.
LINUX-MAGAZINE.COM

Listing 1: manifest.json
{ const btn =
"manifest_version":2,
"version":"1.0",
"name":"Hello World",
"content_scripts":[
{ porary. When you restart the browser,
"matches":["*://*.perl.org/*"],
"js":["main.js"]
}
]
}
Extending the Browser
Integrating code into the DOM is easy.
Consider the classic “Hello World” ex-
ample to demonstrate this process. You
need one file called manifest.json (List-
ing 1) and at least one program file.
manifest.json outlines several details,
such as the plugin’s name, version,
and, important to us, the URLs of the
web pages where the plugin should be
inserted (in this case, all URLs of the
domain perl.org).
The second file you need contains the
script you wish to inject. The script is
defined in the js parameter of the mani-
fest.json file. In this example, the script
Figure 1: Tampermonkey asks you to accept privacy conditions.
LINUX-MAGAZINE.COM
Listing 2: main.js
document.createElement('button');
btn.textContent = "Clickme";
btn.onclick = function() {
alert("Hello World!");
}
alert("JavaScript loaded!");
document.body.appendChild(btn);
is called main.js (Listing 2). The script is
located in the same directory as the
manifest file.
The script doesn’t do much, but it illus-
trates very well what is possible. You add
a button to all pages matching the do-
main perl.org. You also define a new Ja-
vaScript function to be executed when
the button is pressed. For simplicity, this
function only executes the alert function.
Now you just need to load the exten-
sion into your browser. Open the link
about:debugging#/runtime/this-firefox.
Click on the button Load Temporary
Add-on and load the manifest.json file.
From now on, all pages from the domain
perl.org opened with this browser in-
stance will contain a brand-new Clickme
button. You have successfully changed
the DOM and added a function that is
ISSUE 289
IN-DEPTH
Tampermonkey
executed when the user clicks the
Clickme button. Look online if you’re in-
terested in learning more about creating
extensions [3] [4].
Permanence
So far, the plugin you created is only tem-
you have to load it again. With the help
of the Node.js framework and a function
called web-ext, you can create a perma-
nent extension. Now that you understand
the basic process, I’ll show you an easier
way to achieve the same result: using an
extension such as Tampermonkey [5].
How Tampermonkey Helps
Tampermonkey lets you permanently
load a user-defined extension into your
browser. You can use Tampermonkey to
inject JavaScript code into the DOM to
be executed in the context of the loaded
web page. Tampermonkey is based upon
Greasemonkey [6], which currently only
works in the Firefox browser. Tamper-
monkey, on the other hand, works with
the most common web browsers, and it
has a huge user community. The exam-
ples in this article were produced on the
Firefox web browser on Linux Mint, but
they work also on other browsers, as
DECEMBER 2024 43
IN-DEPTH
Tampermonkey
well as on other operating systems. You
can also use different browser extensions
if they are available for your browser.
Installing the
Tampermonkey Extension
Tampermonkey is quite easy to install. In
Firefox, select Addons and themes then
choose Extensions in the menu on the left.
Search for Tampermonkey, and click on
the Tampermonkey icon to install. The
provider of the extension asks you to ac-
cept the necessary conditions regarding
privacy (Figure 1); you should read this
text carefully then choose which permis-
sions you give to the provider. Monitoring
network traffic, you will notice that the
provider of the extension is notified not
only that you install his extension, but
every time you use it. Once you accept
these conditions, the extension will install.
Let’s Play
When you open Tampermonkey for the
first time, it kindly asks if you will allow
sending anonymous statistics about its
usage home to its developer. It is up to
you whether you allow or disallow this.
After that, you can write a new user
script. Click on Create a new script ....
Tampermonkey creates a skeleton for
your new user script and displays it in
the Tampermonkey editor. You will find
the same meta information you config-
ured in the manifest file in the previous
example. I will reuse the "Hello, World"
Figure 2: Execute a script with Tampermonkey.
44 DECEMBER 2024 ISSUE 289
example I created before as a plugin. In videos using the Invidious front end [7].
Figure 2, you see the script, which you Of course, Google is not happy about the
just need to save using the menu that presence of an alternative open source
opens when you click on File. The result front end for YouTube that doesn’t allow
is the same as before, which gives a cer- Google’s tracking, and they have de-
tain confidence that what you did before manded that the developers take down
is working correctly. Invidious. Over the past few months,
Google has been actively working to
Same Play with AI … shut down Invidious, so by the time you
For a more challenging example, there read this, this example might not give
are people who prefer to access YouTube the result shown here. In this case,
Listing 3: Substitute YouTube Links
// ==UserScript==
// @name Replace YouTube Links on DuckDuckGo
// @namespace http://tampermonkey.net/
// @version 0.1
// @description Replaces YouTube links with invidious.private.coffee in
DuckDuckGo search results
// @author Your Name
// @match https://*.duckduckgo.com/*
// @grant none
// ==/UserScript==
(function() {
'use strict';
// Function to replace YouTube URLs with invidious.private.coffee
function replaceYouTubeLinks() {
const links = document.querySelectorAll('a[href*="www.youtube.com"]');
links.forEach(link => {
link.href = link.href.replace
("www.youtube.com", "invidious.private.coffee");
});
}
})();
LINUX-MAGAZINE.COM
 IN-DEPTH
Tampermonkey

Listing 4: Substitute YouTube Links 2.0 are very powerful tools. You should
// ==UserScript==
know what you are doing – otherwise
// @name Replace YouTube Links on DuckDuckGo things could get complicated very fast.
// @namespace http://tampermonkey.net/
// @version 0.2 Another Way
// @description Replaces YouTube links with invidious.private.coffee in In the world of programming, the saying
DuckDuckGo search results goes, “There is more than one way to do
// @author Your Name
it!” I will show you a third way to get a
// @match https://*.duckduckgo.com/*
script up and running. If you open the
// @grant none
Tampermonkey extension, you will see in
// ==/UserScript==
the menu the option Find New Scripts.
This option opens a new menu contain-
(function() {
ing links that bring you to websites offer-
'use strict';
ing tons of ready-to-use user scripts. You
// Function to replace YouTube URLs with invidious.private.coffee
can perform a search to look for a script
function replaceYouTubeLinks() {
that fits your needs. But be prepared:
const links = document.querySelectorAll('a[href*="www.youtube.com"]'); These scripts might or might not work.
links.forEach(link => { Someone could have written the script for
link.href = link.href.replace a different extension, such as Greasemon-
("www.youtube.com", "invidious.private.coffee"); key, or for a different version of the exten-
}); sion you are using. Also, as the previous
}
example showed, timing could have an
impact on the operations. You should
// wait until the page has been loaded
therefore understand what you are doing
window.addEventListener('load', replaceYouTubeLinks);
before you use one of these scripts.
})();

Explore the DOM

though, I’m just using this example as a When I tried again, the search brought When you look at the text you get from
way of showing how to substitute links up links to Invidious instead of YouTube. a web server, you’re sure to be con-
in the result list of a search engine with The updated version of the script is in fused by the complexity of some pages.
something different. Listing 4. The browser’s SDK can help. In
Suppose you don’t want to take the You can even substitute links to a func- Firegox, go to the element on the web
time to write the code yourself. You can tion that is executed when the user clicks page you’re planning to change and
take your preferred AI chat tool (in this it. For example, this function could con- right-click with your mouse. A menu
example, www.phind.com) and ask the sult a blacklist of links that should be opens; the last choice in the menu is
friendly bot to do the following: “Please avoided and inform the user if a match is Inspect. Click on Inspect and the inter-
write a user script that replaces YouTube found. Again, ask your preferred AI chat- face to this SDK opens (Figure 3).
with the site name invidious.private. bot to deliver you the code. When you hover your mouse over the
coffee in all search results of Duck- Please allow me one comment: Your HTML code on the page itself, the cor-
DuckGo.” Phind delivers a neat little browser, JavaScript, and Tampermonkey responding element is highlighted. This
script (Listing 3) that contains all the
information necessary to make Tamper-
monkey happy. Tampermonkey per-
forms syntax checks and complains if it
detects syntax errors. Save the script
and perform a search with Duck-
DuckGo; for examples, look for Tam-
permonkey installation tutorials.
My first attempt at this hack didn’t ap-
pear to work; all video links to YouTube
were unchanged. It turns out timing is
critical: when the script executed, the
page was not completely loaded, there-
fore it was impossible to substitute the
links contained in it. Adding a simple
event listener fixed the problem:

window.addEventListener('load', U
replaceYouTubeLinks); Figure 3: Inspecting an HTML page using the browser’s built-in SDK.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 45

IN-DEPTH
Tampermonkey
feature helps you to find the element in
the DOM you want to change.
Test Your Code
The browser SDK helps you test your
code. Consider the "Hello, World" exam-
ple. Open the SDK by pressing F12. Once
the SDK is open, click on the Console
tab. In the console, you can now enter
the code you want to test. Start typing in
the program from Listing 2. As you type
in the line const btn = document.
createElement('button');, you will no-
tice (after you enter the dot after docu-
ment) that the SDK offers you autocom-
pletion, which is very helpful. Once
you finish the definition of the button,
you can explore what you created using
JavaScript or insert the newly created
button on the web page using the line:
"document.body.appendChild(btn);” (Fig-
ure 4). Your newly created button will
pop up on the web page.
3D Furniture Models
Modeling your home can be a little
tricky. You will find some excellent open
source programs that will help you, such
as Blender. But also, many furniture ven-
dors provide 3D models of their prod-
ucts. IKEA, for example, offers a lot of
products as 3D models together with an
online tool to visualize them.
If you explore the DOM for these
pages, you will find that a little Java-
Script program (Listing 5) is used to
open a 3D file with the extension .glb –
a royalty-free method of encoding 3D
data. A tool such as Blender can easily
use this data to help you model your
home. Look at the web page of an IKEA
product with 3D modeling and you will
discover that the View in 3D button calls
a script that contains, as a parameter, the
3D model you would like to download.
With this information, you can easily
download the model. You can then im-
port the model directly into Blender.
However it is not very convenient to
have to right-click on the HTML area of
the SDK in order to find out the URL of
the .glb file. A little user script can assist
you. You know the name of the function
and can search for it in the DOM with
the help of the function document.query-
Selector. Once you find the function,
you just need to use the URL in its pa-
rameters to discover where to get the
3D model.
46 DECEMBER 2024 ISSUE 289
Figure 4: Executing the JavaScript example in the console.
Now that you know how to get the scripts. That is not a good idea at all.
URL of the 3D model, you just need to Install user scripts only if you com-
create a clickable button that will let you pletely understand what these scripts
download this URL (Figure 5). You can are doing. Do not use scripts that con-
use the JavaScript function tain code you do not fully understand.
"createElement('button')" for this step. Script code performing harmful opera-
The user script that performs this mir- tions on your behalf could be obfus-
acle is available on GitHub [8]. I recom- cated in a way that is difficult to per-
mend that you download the script and ceive unless you look carefully and
read it carefully – you will learn a lot know what you are looking at. The
from a very short bit of code. most secure scripts are those you de-
velop and test yourself. The same sug-
Cybersecurity gestion holds for extensions.
Downloading a user script you found on Instead of trusting the scripts on the
the Internet into Tampermonkey can be distribution site of your browser, why
quite dangerous. As I have mentioned not create your own extension? It is eas-
before, the user scripts you install can ier than you may think. You can write
run on every page you load into your the code in JavaScript, just as you do
browser. Every script can control all with user scripts.
communication between your browser You could also choose to use Tamper-
and the contacted servers. They act on monkey in a sandbox for development
your behalf and can do things on your purposes, once you have developed a ro-
behalf that you might not even notice. bust user script, and then convert the
Obviously, the same holds for every ex- whole application to the form of an
tension you install into your browser. extension.
Therefore, it is important to only in- BTW: I hope you do not perform on-
stall scripts you trust, as well as to in- line banking with your regular browser
stall only browser extensions you trust. and instead use a specially hardened
Extensions should only be installed browser for this purpose.
from the official distribution of your
browser provider.
You will find Listing 5: Fetching 3D Models
statements on the <script type="application/json" id="pip-xr-viewer-model">
Internet telling
{"productId":"<productId>",
you that tools
such as Tamper- "productName":"<productName>",
monkey allow
people with no "url":"<Url 3D Model>"}
coding experience
</script>
to use powerful
LINUX-MAGAZINE.COM

Law and Ethics
Before concluding this article, I want to
invite you to consider a few things. Your
web browser is obviously your property,
whereas the web server you are contact-
ing with your browser belongs to some-
one else. I am not a lawyer, and the law
in the field of informatics is rather com-
plex. I think that processing data you ob-
tained from the Internet on your browser
is one thing. Constructing a web page to
hack into a web server or modifying a
page to present to another user – or to
masquerade as the original web server –
is something entirely different. It is your
responsibility to act in accordance with
applicable legislation.
I have no idea how copyright applies
to websites. In many cases, a copyright
notice is listed somewhere on the site
with terms of usage. I suggest consider-
ing one ethical perspective. Some sites
rely on ads; without them, these sites
could not stay online. Consider this
when trying to implement functionalities
such as ad blockers.
Conclusions
Using Tampermonkey to write user
scripts for web pages is a great way to
enhance and personalize the browsing
Figure 5: Downloading a 3D model: The button in the lower right
labeled Download 3D was added by the script.
LINUX-MAGAZINE.COM
experience. The most interesting advan-
tages are:
• Enhancing web pages – Tampermon-
key enables users to modify the con-
tent of web pages to add custom func-
tionality ranging from simple DOM
manipulations to making AJAX calls.
This flexibility allows for a wide
array of enhancements, such as
cleaning up websites, adding export
to PDF buttons, displaying word
counts, and much more.
• Customization and personalization –
By creating and utilizing user scripts,
individuals can tailor their browsing
experience to meet a specific need.
Whether that need is improving the
usability of frequently visited sites or
adding new functionalities, Tamper-
monkey scripts can significantly en-
hance the overall web-browsing
experience.
• Learning opportunity – Writing user
scripts with Tampermonkey can serve
as an excellent learning opportunity
for both beginners and experienced
programmers. Tampermonkey pro-
vides insights into web-page struc-
tures, JavaScript, and the DOM.
Obviously all this comes with a price: se-
curity. You must trust the supplier of the
ISSUE 289
IN-DEPTH
Tampermonkey
Tampermonkey extension. Alternatively,
you can use open source extensions
such as Violentmonkey [9]. You could
also choose to write your own extension,
which is not very difficult. The same
holds for the scripts. You can develop
your own, let AI tools help you in writ-
ing scripts, or download entire scripts
from trusted Internet sources.
Tampermonkey stands out as a valu-
able tool for enhancing the web brows-
ing experience through user scripts. Ease
of use makes Tampermonkey accessible
to a wide audience. However, users
should remain mindful of legal issues
and security considerations when em-
ploying custom scripts. Q Q Q
Info
[1] The DOM W3 Schools: https://www.
w3schools.com/js/js_htmldom.asp
[2] Introduction to the DOM:
https://developer.mozilla.org/en-US/
docs/Web/API/Document_Object_
Model/Introduction
[3] Firefox Extension Workshop:
https://extensionworkshop.com/
[4] How to Write Your Own Browser Ex-
tension:
https://www.freecodecamp.org/news/
write-your-own-browser-extensions
[5] Tampermonkey:
https://www.tampermonkey.net/
[6] Greasemonkey: https://github.com/
greasemonkey/greasemonkey
[7] Invidious: https://invidious.io/
[8] IKEA 3D Model Downloader:
https://github.com/apinanaivot/
IKEA-3D-Model-Download-Button
[9] Violentmonkey:
https://violentmonkey.github.io/
Author
Reinhard E. Voglmaier
discovered his love for
computer science while
writing his diploma thesis
at the Max Planck Insti-
tute for Extraterrestrial
Physics in Germany. He started his career
as IT project manager and subsequently
took on the role of intranet manager in a
pharmaceutical company, overseeing web
services and addressing cybersecurity
concerns. Following his retirement, he
continues to lead the expert charter GRC
in Digital Health for ISACA Germany and
is engaged in a computer linguistics proj-
ect at the University of Innsbruck.
DECEMBER 2024 47
IN-DEPTH
Programming Snapshot – Go Interfaces
Go program updates local copies
of Git repositories
In
Harmony
Using the Go Interface mechanism, Mike demonstrates
its practical application with a refresh program for local
copies of Git repositories. By Mike Schilli
V
acation time is travel time! I
like to take my laptop with me
on long-haul flights. After all,
the best ideas for new articles
always come to me at the worst possi-
ble times. But, without an Internet con-
nection, neither Google nor ChatGPT
work, and GitHub is also out of reach
for code ideas. Even the stuff I wrote
previously is stashed away in Git reposi-
tories, and – worse still – the copies on
my laptop are not always up to date.
That’s really annoying, because it
means duplicating the work, which I
want to avoid, or at least pesky integra-
tion and potential conflict-resolution
tasks later, when I look to reconcile the
texts I checked in while I was up in the
air with an out of sync repository.
Wouldn’t it be great to fire up a pro-
gram on my laptop before the plane
takes off to update the local copies of
all my checked-out Git repositories? It
would need to sync the existing clones
on the laptop with the latest cloud
Author
Mike Schilli works as a
software engineer in the
San Francisco Bay Area,
[email protected]
:git/bondy.git
California. Each month
in his column, which has
been running since 1997,
he researches practical applications of
various programming languages. If you
email him at
[email protected]
tories; it can also
he will gladly answer any questions.
48 DECEMBER 2024 ISSUE 289
version until Git reported
“up-to-date,” as well as clone
repositories I previously only
checked out on my home computer on
my laptop to deliver all the resources I
can access at home.
Meta Format
Now the little helper can’t read my mind
(yet) and simply load everything that I
think is important. That’s why I went for
a meta file, as shown in Figure 1, to
specify the repositories and define the
directory names in each new develop-
ment environment. It contains an array
in YAML format whose elements under
the keywords dir and url contain the
clone directory and the URL of a reposi-
tory I want to clone. Because this is
GitHub repository metadata, the format,
for historical reasons, should be called
GitHub Meta Format (GMF), because I
wrote it in Perl 15 years ago and intro-
duced it in my column [1]. Fast forward
to today, and there’s an opportunity to
rewrite it in Go and at the same time
demonstrate Go’s
cool interface Listing 1: repos.gmf
mechanism for 01 - dir: bondy
plugin-based
02 url:
architecture!
03 - type: github-user-repos
The meta for-
mat can do more 04 user: mschilli
than simply target 05 - type: ssh-user-repos
individual reposi- 06 host: shared01.somehoster.com
07 path: git
define entire
collections in one fell swoop (e.g., “all
GitHub repos belonging to this user” or
“all subdirectories on a host with an SSH
connection”). I want the GMF parser in
Go to read these individual entries or
collections from the GMF file one after
the other and create matching objects
from them, all of which are then capable
of using the Expand() method, from
which the directories to be cloned –
along with their URLs – are extracted.
Later, the GMF parser will go through
all the entries in the YAML file in Listing
1 and call the Expand() method for each
one. There is not much to do in the first
entry in lines 1 and 2, because the YAML
element already specifies the Git URL
and the clone directory, so Expand() sim-
ply passes the combination to the clon-
ing tool that then runs.
The second entry in Listing 1, starting
in line 3, uses the github-user-repos type
to reference the repositories of a GitHub
Lead Jörg_Stöber © Author, 123RF.com
LINUX-MAGAZINE.COM

user. This means that Expand(), in this
case, needs to perform a search on
GitHub, obtain the user’s repositories,
and generate the results: a list of Git
URLs and their clone directories. The
third entry in Listing 1, starting in line 5,
of the ssh-user-repos type, tells Expand()
to use SSH to log into the specified host,
list the Git directories there, and return a
list of the directories as a result.
No Spaghetti Code
The parser calls Expand() three times, but
each time it achieves the result in a dif-
ferent way. Of course, Expand() could
find the currently correct algorithm in a
forest of if-else branches, but this is
confusing, not to mention difficult to test
for correctness, expand, and maintain.
In object-oriented terms, it makes more
sense to write the solution to the
problem as different classes whose
Figure 1: The API call for a user’s repositories
returns JSON.
LINUX-MAGAZINE.COM
Programming Snapshot – Go Interfaces
Expand() methods do different things.
The entries in the YAML file give me a
list of different objects whose Expand()
methods do the right thing as a function
of the type. A loop then iterates across
the objects and calls their Expand() meth-
ods while blissfully ignoring the actual
object types.
Multifaceted in Go
In object-oriented programming, this pro-
cess is known as polymorphism, which
comes from the Greek word for “many
forms.” What this translates to is that an
identifier (i.e., a variable containing an
object) can accept instances of different
classes that all use the same method. Al-
though the methods trigger different ac-
tions as a function of the type currently in
use, they have the same name and deliver
the results in the same format.
Unfortunately, Go is committed to
strict types, and
the same variable
can never store
different types.
This is where the
Go interface type
enters the scene;
it determines
which functions a
variable of a spe-
cific type offers.
Variables of type
interface can
then be stored in
Figure 2: Every Github respository lists its own clone
URL, which is reported by the API.
ISSUE 289
IN-DEPTH
arrays or passed around like others, and
whatever calls their methods is given the
desired results, regardless of the actual
object type under the hood.
One Plugin for Every Task
To allow the GMF parser in Listing 2 to
collectively process the entries of differ-
ent types, the parser defines the PluginIf
type, starting in line 17; the type has
three functions. Applicable() checks
whether the plugin can actually process
the current GMF entry from the meta
file. If this returns true, the main pro-
gram calls the plugin’s Expand() function
to obtain an array of cloneable reposito-
ries. If false is returned, the main program
moves on and tries the next plugin.
What the call to Expand() does now de-
pends on the plugin. The plugin for sin-
gle entries with a repository URL and
clone directory, like in line 1 of Listing 1,
just returns an array with a single ele-
ment – a variable of the Cloneable type
containing these values. The code for
this simple plugin is shown later in List-
ing 4. What all plugins have in common
is that they offer a constructor (e.g., New-
GMFEntry()), which returns an object of
the type in question that the main pro-
gram can use later on to call the func-
tions standardized in the interface.
Plugin Wanted
If the GMF parser later reads a YAML
entry, this is returned as a GMFMetaEntry
DECEMBER 2024 49
IN-DEPTH
Programming Snapshot – Go Interfaces

type variable; FindPlugin(), starting in starting in line 23, contains three plu- Starting in line 28, the for loop then
line 22 of Listing 2, then rummages gin elements, all of which it creates by iterates through all the known plugins,
through all known plugins to find the using New...() to call their calling the Applicable() function for
right one. The plugins array slice, constructors. each one until true is returned. In

Listing 2: gmf.go
01 package main 33 return nil, errors.New("No applicable plugin found")

02 34 }

03 import ( 35

04 "errors" 36 func NewGitmeta() *Gitmeta {

05 "os" 37 return &Gitmeta{

06 ) 38 Cloneables: []Cloneable{},

07 39 }

08 type Cloneable struct { 40 }

09 URL string 41

10 Dir string 42 func (g *Gitmeta) AddGMF(f *os.File) error {

11 } 43 entries, err := g.parseGMF(f)

12 44 if err != nil {

13 type Gitmeta struct { 45 return err

14 Cloneables []Cloneable 46 }

15 } 47 for _, e := range entries {

16 48 p, err := g.FindPlugin(e)

17 type PluginIf interface { 49 if err != nil {

18 Applicable(e GitMetaEntry) bool 50 return err

19 Expand(e GitMetaEntry) ([]Cloneable, error) 51 }

20 } 52 cloneables, err := p.Expand(e)

21 53 if err != nil {

22 func (g *Gitmeta) FindPlugin(m GitMetaEntry) 54 return err

(PluginIf, error) { 55 }
23 plugins := []PluginIf{ 56 for _, cloneable := range cloneables {
24 NewGMFEntry(), 57 g.Cloneables = append(g.Cloneables, cloneable)
25 NewGMFGithubUser(), 58 }
26 NewGMFSSH(), 59 }
27 } 60 return nil

28 for _, plugin := range plugins { 61 }

29 if plugin.Applicable(m) { 62

30 return plugin, nil 63 func (g *Gitmeta) AllCloneables() []Cloneable {

31 } 64 return g.Cloneables

32 } 65 }

Listing 3: parser.go
01 package main 17

02 18 func (g *Gitmeta) parseGMF(f *os.File)

03 import ( ([]GitMetaEntry, error) {
04 "gopkg.in/yaml.v2"
19 records := []GitMetaEntry{}
05 "io/ioutil"
20 data, err := ioutil.ReadAll(f)
06 "os"
21 if err != nil {
07 )

08 22 return records, err

09 type GitMetaEntry struct { 23 }

10 URL string `yaml:"url"` 24 err = yaml.Unmarshal(data, &records)

11 Type string `yaml:"type"`
25 if err != nil {
12 Dir string `yaml:"dir"`
26 return records, err
13 User string `yaml:"user"`
27 }
14 Path string `yaml:"path"`

15 Host string `yaml:"host"` 28 return records, nil

16 } 29 }

50 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


Figure 3: One Gitmeta entry is all you need for all of a user’s GitHub repositories.
line 30, FindPlugin returns the reference
found in this way to the caller, or it re-
ports an error in line 33 if it failed to
find a suitable plugin.
The GMF parser in Listing 2 is now
object-oriented itself; line 36 defines its
constructor. As the instance data, the
Gitmeta structure in line 13 contains an
array slice of Cloneable types, each of
which contains repositories to be cloned
into their target directories (Figure 2).
The AddGMF() function starting in line 42
expects a file descriptor for an open
GMF file and calls parseGMF() (shown
later in Listing 3) to read the file’s
YAML content; this returns an array
slice of GitMetaEntry structures.
Worker Assigned
In line 48 FindPlugin() then then checks
each array slice element to find the right
processor, while the call to Expand() in
line 52 allows the plugin to discover
which actual repositories of the Cloneable
type the current entry actually points to.
The for loop starting in line 56 ap-
pends each match to the Cloneables in-
stance array, while the exported
LINUX-MAGAZINE.COM
Programming Snapshot – Go Interfaces
AllCloneables() function in line 63 does
no more than return the previous results
to the caller as an array slice.
Listing 3 defines which entries are
permitted as elements of the long list of
entries in the YAML file. An entry can
specify a type. If this is missing, you are
looking at a simple repository definition
consisting of the URL and its target
directory.
The Go GitMetaEntry type defines all
permitted field names of the entries in
the .gmf file starting in line 9. In addi-
tion to the optional entry type, an
entry can contain the URL and Dir fields
for a single entry, or the user for a
GitHub repository (Figure 3), or the
host and path for an SSH host that
stores Git repositories.
The parseGMF() function starting in line
18 expects an open file descriptor, reads
YAML data from it, converts the YAML
configuration into a list of GitMetaEntry ob-
jects, and passes these back to the caller.
Simple Plugin
To get started, the plugin in Listing 4 is
dedicated to simple entries that
ISSUE 289
IN-DEPTH
contain the URL and target directory of
a repository to be cloned. Like its big
brothers later, it is object-oriented and
defines the NewGMFEntry() constructor
in line 5; the constructor returns a
structure that acts as the instance data
container, in typical Go style. In this
simple case, the structure remains un-
populated; later, it will be used by the
caller as a reference for calling further
plugin functions.
The Applicable() function starting in
line 9 checks whether the repository’s
YAML definition includes a field named
Type. If this field is missing, it’s a case
for the plugin; the function returns true
because e.Type == "" in line 10 evalu-
ates to true. Generating and returning a
list of structures from the YAML entry
in Expand() in this simple case is merely
a formality; line 15 adds a single entry
to the array slice of Cloneables. This
concludes my first plugin!
Plugin for GitHub
What about a more advanced plugin,
like one that fetches all repos in a us-
er’s GitHub account? Listing 5 shows
DECEMBER 2024 51
IN-DEPTH
Programming Snapshot – Go Interfaces

Listing 4: gmf-entry.go the plugin I built for this, following the previously used
01 package main
pattern.
It also comes with a constructor in line 18 which returns an
02
empty GMFGithubUser type structure to the caller. The Applica-
03 type GMFEntry struct {}
ble() interface function starting in line 22 examines the entry’s
04
type field and volunteers to take care of the entry if it finds the
05 func NewGMFEntry() GMFEntry { github-user-repos string there. Later, Expand(), starting in line
06 return GMFEntry{} 26, calls the githubProjectsOfUser() helper function from line
07 } 39 to contact the GitHub API and lists the specified user’s re-
08
positories in JSON format.
As you can see from Figure 1, what is returned in JSON is a
09 func (g GMFEntry) Applicable(e GitMetaEntry) bool {
jumble of data that lists all of the user’s repositories with all
10 return e.Type == ""
kinds of parameters, such as whether it is a fork of another
11 }
project. Because the cloning tool is only interested in original
12 repositories, line 57 discards all forks. Finally, Expand() returns
13 func (g GMFEntry) Expand(e GitMetaEntry) ([]Cloneable, a list of Cloneable structures to the main program.
error) {

14 return []Cloneable{ Plugin for SSH

15 {URL: e.URL, Dir: e.Dir}, The plugin for Git repositories located in a specific directory on
a host accessible via ssh is shown in Listing 6. It also checks
16 }, nil
the type specified in YAML within Applicable(). If it matches, it
17 }
calls the helper function sshGitDirs() from line 39 in Expand()

Listing 5: gmf-ghuser.go
01 package main 34 clones = append(clones, Cloneable{URL: repo.SSHURL,

02 Dir: repo.Name})

03 import ( 35 }

04 "encoding/json" 36 return clones, nil

05 "fmt" 37 }

06 "net/http" 38

07 ) 39 func githubProjectsOfUser(user string)

([]Repository, error) {
08
40 results := []Repository{}
09 type Repository struct {
41 url :=
10 Name string `json:"name"`
"https://api.github.com/users/" + user + "/repos"
11 Fork bool `json:"fork"`
42 resp, err := http.Get(url)
12 SSHURL string `json:"ssh_url"`
43 if err != nil {
13 HTMLURL string `json:html_url"`
44 return results, err
14 }
45 }
15
46 defer resp.Body.Close()
16 type GMFGithubUser struct {}
47
17
48 if resp.StatusCode != http.StatusOK {
18 func NewGMFGithubUser() GMFGithubUser {
49 return results, fmt.Errorf("Status %s", resp.Status)
19 return GMFGithubUser{}
50 }
20 }
51
21
52 var repos []Repository
22 func (g GMFGithubUser) Applicable(e GitMetaEntry) bool {

23 return e.Type == "github-user-repos" 53 if err :=

json.NewDecoder(resp.Body).Decode(&repos); err != nil {
24 }
54 return results, err
25
55 }
26 func (g GMFGithubUser) Expand(e GitMetaEntry)
([]Cloneable, error) { 56 for _, repo := range repos {

27 clones := []Cloneable{} 57 if !repo.Fork {

28 res, err := githubProjectsOfUser(e.User) 58 results = append(results, repo)

29 if err != nil { 59 }

30 return clones, err 60 }

31 } 61

32 62 return results, err

33 for _, repo := range res { 63 }

52 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 IN-DEPTH
Programming Snapshot – Go Interfaces

Listing 6: gmf-ssh.go
01 package main 31 URL: fmt.Sprintf("%s:%s/%s", e.Host, e.Path, dir),

02 32 Dir: ldir,

03 import ( 33 })

04 "bufio" 34 }
05 "bytes" 35
06 "fmt" 36 return clones, nil
07 "os/exec"
37 }
08 "strings"
38
09 )
39 func sshGitDirs(host string, path string) ([]string,
10 error) {
11 type GMFSSH struct {} 40 results := []string{}
12
41 cmd := exec.Command("ssh", host, "ls", path+"/*/
13 func NewGMFSSH() GMFSSH { config")

14 return GMFSSH{} 42 output, err := cmd.Output()

15 } 43 if err != nil {
16 44 return results, err
17 func (g GMFSSH) Applicable(e GitMetaEntry) bool {
45 }
18 return e.Type == "ssh-user-repos"
46
19 }
47 reader := bytes.NewReader(output)
20
48 scanner := bufio.NewScanner(reader)
21 func (g GMFSSH) Expand(e GitMetaEntry) ([]Cloneable,
49 for scanner.Scan() {
error) {
50 line := scanner.Text()
22 clones := []Cloneable{}
51 parts := strings.Split(line, "/")
23 res, err := sshGitDirs(e.Host, e.Path)
52 if len(parts) > 2 {
24 if err != nil {

25 return clones, err 53 results = append(results, parts[len(parts)-2])

26 } 54 }

27 55 }

28 for _, dir := range res { 56

29 ldir := strings.TrimSuffix(dir, ".git") 57 return results, err

30 clones = append(clones, Cloneable{ 58 }

Listing 7: gitmeta.go
01 package main 20 }

02 21

03 import ( 22 gmf.AddGMF(f)

04 "fmt" 23 usr, err := user.Current()

05 "os" 24 if err != nil {

06 "os/user" 25 panic(err)

07 "path/filepath" 26 }

08 ) 27 gitDir := filepath.Join(usr.HomeDir, "git")

09 28 err = os.Chdir(gitDir)

10 func main() { 29 if err != nil {

11 if len(os.Args) != 2 { 30 panic(err)

12 panic(fmt.Errorf("usage: %s repos.gmf", 31 }
os.Args[0])) 32

13 } 33 for _, c := range gmf.AllCloneables() {

14 cfg := os.Args[1] 34 err := cloneOrUpdate(c, gitDir)

15 35 if err != nil {

16 gmf := NewGitmeta() 36 panic(err)

17 f, err := os.Open(cfg) 37 }

18 if err != nil { 38 }

19 panic(err) 39 }

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 53

IN-DEPTH
Programming Snapshot – Go Interfaces

starting at line 21. sshGitDirs() runs ssh Starting with the paths to the config loop then checks these, starting in line 33,
on the command line, which runs an ls files inside the repositories that have calling cloneOrUpdate() from Listing 8
command on the remote host to list the been found, line 53 truncates them to in each case.
Git repositories under the specified path. their last two parts and adds this relative This function in turn expects a Clone-
It is assumed that ssh is configured with directory name to the end of the results able struct and the path under which all
a key pair and works without manual string array slice. Back in Expand(), line 29 Git clones are stored. Prior to this, the
password entry. trims the frequently used .git suffix to main program has set gitPath to the git
create the name I directory in the current user’s home di-
Listing 8: clone.go want the Git clon- rectory; if you want something else, you
01 package main
ing tool to use for will need edit this section.
02
the local copy. There are now two options for the ac-
Line 31 then cob- tual cloning process: Either the directory
03 import (
bles together the with the clone already exists and only
04 "os"
URL for the repos- needs to be updated with git pull. Or it
05 "os/exec"
itory from the does not yet exist, and git clone in
06 "path"
hostname, the line 13 of Listing 8 creates a new local
07 ) path, and the re- copy of the remote repository.
08 pository’s direc-
09 func cloneOrUpdate(c Cloneable, gitPath string) error { tory. The result is Bringing It All Together
10 fullPath := path.Join(gitPath, c.Dir) a list of Cloneable To build a binary from all of the listings
11 _, err := os.Stat(fullPath) structures. in this issue, follow the usual steps:
12 if os.IsNotExist(err) {

13 cmd := exec.Command("git", "clone", c.URL, fullPath)

And … git mod init gitmeta

14 _, err := cmd.CombinedOutput()
Action! git mod tidy

The main pro- go build

15 if err != nil {
gram in Listing 7
16 return err
now has to read This defines a new Go module, resolves
17 }
the name of the all the dependencies on external librar-
18 }
GMF file to be ies, and links everything to create an ex-
19 err = os.Chdir(fullPath) processed from ecutable. Now you just need to quickly
20 if err != nil { the command line create a .gmf file with all the repositories
21 return err in main(), open you want to clone before you set off on
22 } the file, and send vacation! Q Q Q
23 it to the parser by
24 cmd := exec.Command("git", "pull")
calling AddGMF(). Info
25 _, err = cmd.CombinedOutput()
If successful, a [1] “Manage Git Repositories with a
list of Cloneable Meta Directory” by Mike Schilli,
26 return err
structures is re- Linux Magazine, issue 118, Septem-
27 }
turned; the for ber 2010, pp. 50-55

QQQ

54 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

MAKERSPACE Embedded Rust
Rust, a potential successor to C/C++, claims to solve some memory safety issues while
maintaining high performance. We look at Rust on embedded systems, where memory
safety, concurrency, and security are equally important. By Andrew Malcolm
F
or decades, C and increasingly
C++ have been the languages
of choice for microcontroller de-
velopment, with assembler re-
served for optimizations and start-up code.
Most vendors provide free development
IDEs, and most of these use GNU compil-
ers under the hood. Some of the IDEs
come with initialization code and generate
device configuration code (choosing I/O
functionality, etc.), so a device can be
configured in a point-and-shoot manner
letting you concentrate on writing applica-
tion code. Similarly, manufacturers of I/O
devices such as sensors and wireless mod-
ules supply drivers and example code.
C/C++ is an easy-to-learn language, but
it’s also easy to abuse and to write buggy
code. Embedded code is expected to run
unattended, often in hostile environments
where code updates are difficult if not im-
possible. Increasingly, these devices are In-
ternet-connected. While this means easier
code updates, it requires a significant
amount of extra effort to do well, and iron-
ically this very connectivity lays the device
open to nefarious access attempts. I know
that there are tools available that help to
minimize the risk of bad code getting into
a product, and it is certainly not easy to
consider rewriting large legacy codebases in
another language, but I think that Rust [1]
has come far enough and has sufficient
advantages over C/C++ to be considered
56 DECEMBER 2024 ISSUE 289
MakerSpace
Make your microcontroller apps
safe and secure with Rust
Rust on a Device
for new code and for re-writing critical
sections of existing code as a stepping
stone to a full Rust implementation.
With that being said, this article is
intended as a “getting started” guide:
Adoption of Rust is a big step in a com-
mercial environment, and one of the
best ways to evaluate a new language
is to try it! In today’s world of low-cost
development boards and free software
tools, all it takes is a little time and de-
termination. Then you can base your
decisions on some real-life experience.
There will be a lot of code in this arti-
cle – many of the following listings have
a filename – and you can get all those
files from our download area [2].
Setting Up a Development
Environment
I’m going to assume you’ve installed
Rust and its associated tools and got be-
yond a simple “hello world” program. If
not, you can follow the instructions on
the Rust website [3] to get started. I’d
encourage you to become familiar with
the rudiments of Rust by writing code
for your Linux platform before moving
on to an embedded environment. I will
use an STM32 development board, spe-
cifically the NUCLEO-L476RG [4] (Fig-
ure 1), but you could use almost any
development board, though it’s useful if
the board has at least one LED and a
push button. A little later, I’ll show how
to check if Rust supports a particular
processor and/or architecture. STM32
devices are ARM Cortex based, and Rust
has excellent support for that architec-
ture. This particular NUCLEO develop-
ment board, in common with many such
boards, has an on-board programmer
(typically another microcontroller), so a
USB cable hooked up to you Linux box is
all you need to download, run, and
debug code on the board.
Development in Rust requires only the
Rust toolchain and an editor. I’m going
to be using VS Code [5] with the rust-
analyzer plugin [6], as this has excellent
support for Rust with code completion,
syntax highlighting, and so on, but there
are other solutions out there.
Cross Compiling
You’ll need the datasheet [7] and reference
manual [8] for the chosen microcontroller.
From the start, you can see that the micro-
controller has an ARM 32-bit Cortex-M4
Photo by Lucas van Oort on Unsplash
32-bit processor with hard floating-point
support. You can use this information to
tell Rust what to cross compile to. Visit
ARM’s developer website [9] for more de-
tails: specifically the ARMv7E-M architec-
ture and Thumb instruction set. Armed
(no pun intended) with this information,
you can visit Rust’s platform support page
and find the thumbv7 target support [10].
LINUX-MAGAZINE.COM

By default, your Rust installation only provides support for the Cortex core and
supports your host architecture, Linux. To includes linker instructions to ensure our
add support for your target, simply type: code is properly located in the target
memory [12]. You can add this crate as a
rustup target add thumbv7em-none-eabihf dependency with
Typing rustup show will confirm the sup- cargo add cortex-m-rt
ported targets. To start a project, type:
this should add a dependency line to
cargo new nucleo-l476rg-primer Cargo.toml.
Now you can add the entry-point direc-
Change your directory to the directory tive and a function that never returns. Your
created in that command and start VS code should look like this (main-01.rs):
Code by typing code . (with a dot for the
current directory at the end). You should #![no_std]
see a source subdirectory and a Cargo.toml #![no_main]
file; you can ignore the other files and extern crate cortex_m;
directories for now. Open the main.rs file use cortex_m_rt::entry;
in the source directory. You need to tell the
compiler not to include the standard li- #[entry]
brary and that your program does not fn entry_point() -> !{
have the usual entry point. We use the loop {
#![no_std] and #![no_main] directives for } [target.thumbv7em-none-eabihf]
this. Later you will add another directive } rustflags = ["-C", "link-arg=-Tlink.x"]
to tell the compiler where the entry point
is, and that can be a function with any
In order for the linker to know where to
name of your choice (including, oddly
locate your code, you need to provide
enough, main). the cortex-m-rt crate with a memory lay-
At this point you need support from
out file that it adds to the linker script.
an external library. There is a registry
Looking at the memory map in the
of available libraries (known as crates
STM32L476 datasheet (page 103), you
in Rust) [11]. The cortex_m_rt crate
see that there is 128KB of internal
RAM located at
0x20000000. Look-
ing more closely at
the datasheet
(page 20), the
SRAM is divided
into 96KB mapped
at address
0x20000000
(SRAM1) and
32KB located at
address
0x10000000 with
hardware parity
check (SRAM2),
so SRAM1 is the
one you need. I
will return to
SRAM2 later.
There is also
1MB internal FLASH
at 0x08000000.
With some digging
in the reference
manual (at page
Figure 1: The NUCLEO-L476RG is an STM32 develop- 393), you can find
ment board. © st.com that at reset the
LINUX-MAGAZINE.COM
Embedded Rust MAKERSPACE
processor will jump to an entry in the in-
terrupt vector table located at the begin-
ning of FLASH. This is taken care of in the
start-up code, so all you have to tell the
linker is where to find the memory. Add
memory.x with the following lines in the
root of your project directory:
MEMORY
{
RAM : ORIGIN = 0x20000000, LENGTH = 96K
FLASH : ORIGIN = 0x08000000, LENGTH = 1024K
}
The linker also needs to know the target
microcontroller so you need to add an-
other file, config.toml, in a new .cargo
directory:
[build]
target = "thumbv7em-none-eabihf"
This saves you from having to pass these
arguments on the command line. The
file link.x that rustflags refers to is
generated by Cargo, and memory.x is
included in it. If you attempt to control
memory layout by adding statements to
memory.x, they may clash with those in
link.x and lead to some puzzling error
messages. If you want finer control over
memory layout, use the Rust flags to
point to your own linker script.
To help VS Code’s Rust analyzer, you
need to add a further configuration file,
which will ensure that it applies checks
to the target architecture instead of the
host. Otherwise you will get some
strange messages. In a directory called
.vscode add the settings.json file from
the source code file collection.
If you try to compile the code now with
cargo build, you’ll get an error: The com-
piler will complain about a missing panic
handler. As you may know, Rust may
panic when something bad happens, such
as an out-of-bounds array reference. In a
desktop application, this would cause the
program to terminate and print an infor-
mative error message. On an embedded
system, that’s impossible, so for the mo-
ment, we’ll add a default handler which
just stops the processor in an infinite loop.
To add the handler, run
cargo add panic-halt
ISSUE 289 DECEMBER 2024 57
MAKERSPACE Embedded Rust

and add the line

use panic_halt as _;

to main.rs immediately below the exist-

ing use statement. The code should now
build without errors, and the binaries
for your target should be in the target
subdirectory. You can install some fur-
ther tools to check their validity. Run
the following commands:
rustup component add llvm-tools
cargo install cargo-binutils
Figure 2: Cargo can copy the binary to the target machine.
board, which in turn manages program- To complete the project configuration,
ming the microcontroller. You can no you can add the chip information to an
longer install cargo embed directly as it Embed.toml file in the project’s root
is now part of a project called probe-rs. folder, so you don’t have to provide all
Follow the instructions at the project the details every time:
website [13], which just amounts to run-
ning a curl command. Let’s first check [default.general]

that probe-rs supports our target: chip = "STM32L476RGTx"

This installs the standard LLVM tools

and a wrapper that Cargo uses to call $ probe-rs chip list | grep STM32L476 [default.rtt]

them. If you type ... enabled = false

STM32L476RCTx

cargo size -- -Ax STM32L476RETx [default.reset]

STM32L476RGTx halt_afterwards = false

you will get some information about ...

how the code is laid out in memory (see
Listing 1). It shows that the vector table
is located at the start of the flash mem-
ory, the program code (.text) 0x400
bytes later, and it’s all of 0x8c bytes in
size. Any variables (.data) would be lo-
cated in RAM, though in this case, with
the program being so simple, the .data
segment has zero size.
The output shows it supports many vari-
ants of the STM32L476, including our
target. Now connect the target board to
a USB socket on your host. The power
LED should light. Type probe-rs list
and you should see that it has detected
the target board. Your output may vary,
depending on the exact configuration:
Then typing cargo embed will be enough to
program and run your code on the target.
Runtime Debugging
Before diving into programming the mi-
crocontroller’s I/O, I’ll deal with a debug-
ging technique which allows you to print
data back to your host’s console. The first
step is to add another crate with

Programming the Target The following debug probes were found: cargo add rtt-target

To program your microcontroller with [0]: STLink V3 -- 0483:3753:0006002737U

this code, you need one further tool, 56501320303658 (ST-LINK) (which provides a feature called real-time
cargo embed. This tool talks over USB to transfer, RTT) and a new statement to the
the companion processor on the target Let’s try programming the target: program:

Listing 1: Output of “Cargo Size” cargo embed --chip STM32L476RGT use rtt_target::{rprintln, rtt_init_U

print};
nucleo-l476rg-primer :
section size addr You should see an output similar to that in
.vector_table 0x400 0x8000000 Figure 2 – success: Your code runs! Note Modify the Embed.toml file you created
.text 0x8c 0x8000400 that the proper launch command was cargo above, and set enabled to true in the de-
.rodata 0 0x800048c embed and not cargo run, which would at- fault.rtt section. Then you can add
.data 0 0x20000000 tempt to run your program on the host. some print statements to your code (see
.gnu.sgstubs 0 0x80004a0 source code file main-02.rs). This will
.bss 0 0x20000000 fail to link, producing an undefined sym-
.uninit 0 0x20000000 bol error. You can fix it by adding a fea-
.debug_abbrev 0x11ab 0x0 ture to the cortex-m crate. Change the
.debug_info 0x223c7 0x0 appropriate line in Cargo.toml to this:
.debug_aranges 0x1348 0x0
.debug_ranges 0x195f0 0x0 [dependencies]
.debug_str 0x3b4da 0x0 cortex-m = { version = "0.7.7", U
.comment 0x40 0x0
features = critical-section-single-core"] }
.ARM.attributes 0x3a 0x0
.debug_frame 0x4154 0x0
Modify main.rs so that it looks like Fig-
.debug_line 0x1f26e 0x0
Figure 3: Real-time transfer lets ure 3 (main-03.rs). This should clear
.debug_loc 0x29 0x0
you see output from the embed- your terminal and print a list of ascend-
Total 0x9cc75
ded device (main-03.rs). ing numbers. As this data is exchanged

58 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


via in-memory buffers, it is very fast.
Embedded debugging is a whole topic in
itself, and sometimes there is no substi-
tute for a full gdb-type debugger, but
print statements like this will answer
many questions such as “did my code
reach this point?” or “what is the value
of this register?” without interrupting
what can be time-sensitive code. Press
Ctrl+C to return to the command line.
Configuring I/O Pins and
Internal Clocks
With vendor IDEs, you configure I/O pins
for a user interface. For instance, you can
make port A pin 5 an output (it’s con-
nected to an LED) and port C pin 13 an
input (it’s connected to a push button).
The IDE will generate the appropriate C/
C++ code for you and add it to your proj-
ect’s startup code. Rust doesn't offer this
option, but of course, you can examine
the microcontroller data sheet, figure out
what values to write to what register, and
dispense entirely with the IDE approach.
I’ve annotated the code in Figure 4
(main-04.rs) with references to the man-
ual, to show how I found the values. I
have now managed to make the LED
blink using only direct register writes. If
you are very familiar with this approach,
possibly coming from an assembler or
C/C++ background, this may work for
you, though I think in all but the most
trivial cases it’s tiresome and error-
Figure 4: Make it blink – with direct register
access (main-04.rs).
LINUX-MAGAZINE.COM
Embedded Rust MAKERSPACE
prone. That’s a matter of taste though. cargo remove stm32l4
For a higher-level approach, like that cargo add stm32l4xx_hal
provided by ST’s hardware abstraction cargo clean
layer (HAL), you have the choice of two
levels available in Rust crates. For the cur- Change Cargo.toml again, replacing
rent device, one popular crate is stm32l4
which you can add via cargo add stm32l4. stm32l4xx-hal = "0.7.1"
Repeat the earlier test and make the LED
flash using this approach. First modify with
your Cargo.toml file to specify the exact
microcontroller in use. Change stm32l4xx-hal = { version = "0.7.1", U
features = ["rt", "stm32l476"] }
stm32l4 = "0.15.1"
Now change main.rs into the version in
to Figure 6 (main-06.rs). Compile and run
it. I’ve added an input for a push but-
stm32l4 = { version = "0.15.1", U ton, but otherwise the result is the
features = ["stm32l4x6"] } same – this code is more concise and
easier to read.
Then change main.rs to look like Figure 5
(main-05.rs). The stm32l4 crate sticks Setting Up the Microcontoller
closely to the register names in the data- Clock Tree
sheet, so with a bit or careful study it By default, the STM32 processor runs
should be clear what’s happening. For in- off an internal RC clock at 4MHz, so
stance, odr is the output data register, so you are not getting its best perfor-
odr5 refers to bit 5, which is the bit that mance. The delays I’ve added are clock
controls pin 5 of that particular port, in this dependent. If you set up the clock cor-
case port A. For example, it should be clear rectly with
what the following in line 27 is doing.
let mut flash = peripherals.FLASH.U
gpioa.odr.modify(|_, w| U constrain();
w.odr5().clear_bit()) let mut pwr = peripherals.PWR.U
constrain(&mut rcc.apb1
You can step up a level and use a HAL rcc.cfgr.sysclk(80.MHz()).freezeU
crate. Run these commands: (&mut flash.acr, &mut
Figure 5: Register access via peripheral access crate
(main-05.rs).
ISSUE 289 DECEMBER 2024 59
MAKERSPACE Embedded Rust
(main-07.rs), the LED should blink much
faster. This still uses the internal 4MHz
clock, but via a PLL, which increases the
system clock frequency to 80MHz. If
your board has an external crystal
(usually 8MHz), you can use that as
the primary clock source, and your sys-
tem clock frequency will be much
more stable (see below). However, using
cortex_m::asm::delay is clock dependant,
so it’s time to use a proper delay mech-
anism that runs from sysclk. This is
shown in Figure 7 (main-08.rs). In that
version, the LED flashes at a more accu-
rate one-second period.
If you set the clock to 40MHz, you’ll
notice that the code does not run.
What’s going on? Let’s improve our
panic handling to see if there is a panic
occurring. Replace the line
use panic_halt as _;
with
use core::panic::PanicInfo;
run
panic!("testing panic handler");
before the end of the loop, and add this
panic handler at the end of the file:
#[inline(never)]
#[panic_handler]
fn panic(_info: &PanicInfo) -> ! {
Figure 6: I/O access with an abstraction layer
(main-06.rs).
60 DECEMBER 2024 ISSUE 289
rprintln!("{}", _info);
loop {}
} you’ll notice they are not available, as
The modified version outputs something
like this:
panicked at .cargo/registry/src/index.U
crates.io-6f17d22bba15001f/U
stm32l4xx-hal-0.7.1/src/rcc.rs:719:13:
assertion failed: pllconf.n >= 8
So you can see the the PLL configuration
is not correct, and an assertion in the clock
configuration has failed. There are limits to
the frequencies that can be generated. If
you set the clock frequency to 64MHz, the
code will run again. Note that the LED
period stays the same – this is all sorted
out internally. If you want to use an exter-
nal crystal (usually an 8MHz crystal),
which is known as the HSE clock source,
you can set it up as shown in Listing 2.
Next Steps
So far, I have created a very simple Rust
program running on a microcontroller.
I’ve dealt with clock configuration and
toggling an I/O pin. The stm32l4xx_hal
repository [14] has an examples folder
demonstrating how to set up and use the
various I/O facilities of the STM32, such
as I2C, SPI, UARTS, and USB. The crate
documentation is another good source
for details on how to use this library.
The “Working with Legacy Code” box
shows how to integrate old C code.
Figure 7: A proper delay mechanism is derived from
sysclk (main-08.rs).
Memory Management
If you try to use a String or Vec type,
they are part of the standard library and
I have disabled it with #![no_std]. This
leads to a thorny topic for embedded sys-
tems: memory allocation. Many projects
avoid memory allocation altogether or re-
strict its use to initialization, as there is a
risk of the heap becoming full or so frag-
mented that it cannot allocate any further
space. In order to use strings and vectors
in embedded Rust, you can use the alloc
crate. This comes as part of the distribu-
tion, so there is no need to change Cargo.
toml. However, if you use this crate and
attempt to create a string like this:
extern crate alloc;
use alloc::string::String;
...
let s = String::from("I am a string U
allocated on the heap");
you will get a compile time error. You
have to supply your own allocator, as the
alloc crate only supplies the types, but no
implementation of the heap allocator. The
excellent Embedded Rust book [17] shows
how to implement a simple allocator that
never frees up memory. Of course, that
might cause problems in some circum-
stances, but if you carefully instrument
the allocation, it may work for you. Alter-
natively, you can look for a more sophisti-
cated allocator at crates.io. I’ll give the
simple approach a try. First, modify
LINUX-MAGAZINE.COM
 Embedded Rust MAKERSPACE

memory.x so that it looks like in Listing 2: Setting Up an External Crystal

Listing 3 (memory-v2.x).
The STM32L476 has a second
RAM bank, 8K in size, so I’ll put
the heap there. The allocator is a
modified version of the one sug-
gested in the book, which takes
the heap location from memory.x. Copy
allocator.rs from the source code collec-
tion to your source directory; it defines a
public initializer function init_alloc()
that you can call from your code. A mini-
mal test program is shown in Figure 9. If
you run it, you should see the following
output:
let clocks = rcc.cfgr.
hse(8.MHz(), hal::rcc::CrystalBypass::Disable,hal::rcc::ClockSecuritySystem::Disable).
pll_source(PllSource::HSE).
sysclk(80.MHz()).freeze(&mut flash.acr, &mut pwr);
heap start: 0x10000000
heap end: 0x10008000
heap initialised
alloc request of 35 bytes
I am a string allocated on the heap
This shows that the heap is located at the
correct memory location, and each
allocation is logged as it happens. If you
restrict the size of the heap and try to
over-allocate from it, you’ll get a panic, so
at least the allocator will not die silently
or corrupt data.
It’s important to note that variables
are normally allocated on the stack.
Some data types have new() factory

Working with Legacy Code

It is often not a realistic prospect to rewrite a project from
scratch in a new language. If you have an existing codebase
that’s well tested and trusted, it may be better to retain this code
in a library which is linked into new Rust code. Let’s look at an
example library that I wrote some time ago. It consists of a sin-
gle method that rewrites the rules of mathematics. Here’s the
source code (wonky_math_library.c):
is considered an “unsafe” operation, which explains the re-
quired use of the unsafe keyword in line 15.
For a more complex library, generating the prototype bindings
by hand would soon get tedious. Thankfully, Rust provides a
tool called bindgen [16] that aids in this process. You can also au-
tomate building the C library from a Rust build script. Simply
add build.rs with the following lines to the root of your project:

#include <stdint.h> use std::process::Command;

int32_t wonky_add(int32_t a, int32_t b) fn main() {
{ Command::new("sh")
return a+b+1; .arg("-c")
} .arg("cd wonky_math_library && make")
.output()
To link this into your Rust code, you need to cross compile it for the .expect("failed to execute process");
ARM Cortex architecture. Create a directory off the root of your }
project called wonky_math_library. From there, create wonky_math_
library.c with the above code, and Makefile containing these lines:
Now, if you change your C file, it will be updated and linked with
the Rust program.
all:

arm-none-eabi-gcc -c -mcpu=cortex-m4 U
wonky_math_library.c -o wonky_math_library.o

arm-none-eabi-ar rs libwonky_math_library.a U
wonky_math_library.o

If you don’t have these C compilers installed, follow the in-

structions online [15]. You will need to add linker arguments
to config.toml, so Rust knows how to link to the library:

[target.thumbv7em-none-eabihf]

rustflags = ["-C", "link-args=-Tlink.x U

-Lwonky_math_library -lwonky_math_library"]

In order to call your library from Rust, you must define its
prototype:

extern "C"
{
pub fn wonky_add(a : i32, b: i32)-> i32;
}

and then you can call it. Figure 8 shows a simple, complete pro-
gram that demonstrates this; the output at the host terminal is
“Calling wonky_add to compute 2+2. Answer = 5” – clearly, I have
some work to do on my math library! Calling external functions Figure 8: Calling C/C++ code from Rust (main-10.rs).

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 61

MAKERSPACE Embedded Rust
Listing 3: memory.x (Updated)
01 /* Define memory regions */
02 MEMORY
03 {
04 RAM : ORIGIN = 0x20000000, LENGTH = 96K
05 RAM2 : ORIGIN = 0x10000000, LENGTH = 32K
06 FLASH : ORIGIN = 0x08000000, LENGTH = 1024K
07 }
08
09 /* heap */
10 _heap_start = ORIGIN(RAM2);
11 _heap_end = ORIGIN(RAM2) + LENGTH(RAM2);
methods, but the name is a little mis-
leading as they don’t work in the same
way as in C/C++. For instance,
struct Test {
data : u32
} rewrite them in Rust, if that has not al-
impl Test {
fn new() -> Test {
Test{data: 0}
} nating that class of bugs that occur in
} C/C++code. Consider for example, a
simply returns an instance of Test on the
stack that will be lost when it goes out of
scope. Stack overflow is not addressed by
the Rust language and remains a problem
for embedded systems. The usual ap-
proach is to pre-fill the bottom of the
stack with a known (canary) value and
periodically check if that value has been
overwritten (see stack-check.rs [2]).
Wrap Up
I've shown how to write an embedded
Rust program, load it to a device, and
check that it runs. I’ve also covered Rust
crates that assist with setting up the I/O
peripherals, as well as shown how to catch
and deal with Rust panics and, with RTT
in place, report back problems to the host.
In production, a panic could log an
error and reboot for, say, an illegal array
reference. That’s preferable to the situa-
tion in C/C++, where these references
might go undetected, corrupting data or
causing other unwanted behavior. If your
device is networked in any way, it presents
an attack surface to potential bad actors,
and here all the checks that Rust provides
become even more valuable.
The current downside in adopting
Rust is that it’s potentially a lot more
62 DECEMBER 2024 ISSUE 289
/* Main SRAM */
/* Additional SRAM */
/* Flash memory */
work to build an equivalent applica- Figure 9: This program uses an
tion. Crates.io offers many helpful li- allocator to access a second RAM
braries, but they are not all highly de- bank (main-11.rs).
veloped. Vendors of sensor chips and
the like will often provide drivers, but choose from. So, you would have to ei-
only in C/C++. So you have to either ther write a large chunk of your appli-
cation from scratch in Rust or settle for
ready been done, or use the mixed lan- the mixed-language solution. Q Q Q
guage facilities I have described. The
more you do this, of course, the less ef- Author
fective the use of Rust will be in elimi- Andrew Malcolm
(MIET, CEng) is a re-
tired hardware and
firmware engineer.
driver for an LTE (mobile) module, writ-
He maintains a keen
ten in C/C++, a TCP/IP stack, and an interest in engineering
SSH server, which might make up a in general and building embedded projects.
communications feature for a remote He is an avid user of Linux and all its
data collector. It’s unlikely right now available open source and free engineer-
ing tools. While not tinkering with elec-
that you would find complete implemen- tronics or software, he plays the bassoon
tations of all of that in Rust, whereas in in local orchestras. He can be contacted at
C/C++ you would have several to [email protected].
Info
[1] Rust: https://www.rust-lang.org/ [9] ARM developer website:
[2] Source code for this article: https://developer.arm.com/
https://linuxnewmedia.thegood.cloud/ Processors/Cortex-M4
s/5Rzx9tQW2FJ6N3Z [10] Rust thumbv7 target support:
[3] Rust installation: https://doc.rust-lang.org/nightly/rustc/
https://www.rust-lang.org/tools/install platform-support/
thumbv7em-none-eabi.html
[4] STM32 NUCLEO-L476RG:
https://www.st.com/en/ [11] Rust crates: https://crates.io/
evaluation-tools/nucleo-l476rg.html [12] cortex_m_rt crate: https://docs.rs/
[5] VS Code: https://code.visualstudio.com/
cortex-m-rt/latest/cortex_m_rt/
[13] probe.rs installation: https://probe.rs/
[6] rust-analyzer plugin: https://code.
docs/getting-started/installation/
visualstudio.com/docs/languages/rust
[14] STM32L4xx HAL repository:
[7] NUCLEO-L476RG datasheet:
https://github.com/stm32-rs/
https://www.st.com/resource/en/
stm32l4xx-hal
datasheet/stm32l476je.pdf
[15] Install C compilers: https://learn.arm.
[8] NUCLEO-L476RG reference manual:
com/install-guides/gcc/cross/
https://www.st.com/resource/en/
reference_manual/rm0351-stm32l47 [16] bindgen: https://rust-lang.github.io/
xxx-stm32l48xxx-stm32l49xxx-and- rust-bindgen/
stm32l4axxx-advanced-armbased- [17] Embedded Rust: https://docs.
32bit-mcus-stmicroelectronics.pdf rust-embedded.org/book/collections/
LINUX-MAGAZINE.COM
MAKERSPACE Off-Grid File Sharing

MakerSpace
=[MZ̆NZQMVLTaÅTM[PIZQVO
NWZIZMUW\MTWKI\QWV

7Є\PM/ZQL
A battery-powered WiFi hotspot can provide useful services like
file sharing even when you're off the grid. A Pi Zero 2 W as the
hotspot with ownCloud installed does the trick. By Dave McKellar

I
am lucky enough to have access to
my extended family’s remote
cabin. It’s beautiful and remote
(Figure 1), but there is no grid – no
electricity or Internet, not even by cell
service. I set up a solar-powered WiFi
access point that hosts exactly one web-
site: a place to share files. This lets the
different people who visit the cabin ex-
change info with the next group who is
staying. It’s kind of fun, too: The shared
data includes practical things like the
new phone number of the fellow who
delivers propane and playful things like
photos of people swimming.
Getting Started
It might sound easy, but it took me
about two weeks to figure this all out. I
started with the goal of running Next-
cloud on a device that uses the smallest
amount of power possible, as power is
in short supply. I knew that the “W” in
Raspberry Pi Zero W meant built-in WiFi
and the “Zero” indicated a small, low-
power form factor. My first attempts
with a Pi Zero W model (released in
2017) showed that it was too slow, so I
ordered a Pi Zero 2 W (released in 2021).
It has four cores, and its speed is
adequate. Lead Image © Tithi Luadthong, 123rf.com

Figure 1: The cabin is located in an isolated area; its only power source is the solar panel.

64 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 Off-Grid File Sharing MAKERSPACE

predecessor, is still in development). The

official Raspberry Pi Imager [3] recom-
mends the 32-bit OS for the Pi Zero W
and the 64-bit version for the newer Pi
Zero 2 W. You initially boot into the
graphical environment. That’s cool, but I
found that running apt update from a
terminal window hung it. So I stayed in
the graphical environment just long
enough to enable SSH access and to tell
it to boot in console mode.
Since every project needs a snappy
name, I decided to call this “lodge” –
that’s what we call the cabin where it
lives, and that’s what I’ve named the ac-
cess point and some other resources that
I have set up.

Figure 2: The Raspberry Pi Zero 2 W connected to a monitor, keyboard
and mouse for development.
I also bought two different cases to try.
Some have more openings than others,
and I wanted black to be low-key. Since
this project only requires WiFi and no
appliance, but I wanted more control.
Ultimately, I selected a regular Raspberry
Pi OS install with ownCloud instead of
Nextcloud (ownCloud, Nextcloud's
ownCloud Setup
You can use the commands in Listing 1
to install and setup ownCloud like I did.
Connect your Pi to the local network via
an Ethernet cable and do not connect it
to any WiFi network – you’ll need the
WiFi to set up your own hotspot later. In
the terminal, log in on the Raspberry Pi
Zero via SSH and run sudo su to gain
admin access for all the following
commands.
First, use systemctl to disable Blue-
tooth to save some power (line 1) –
don’t uninstall it because that will stop
WiFi. Next, remove some packages we
aren’t going to use. I ran
apt --installed list

HAT or buttons, I preferred the case with

fewer openings. You can attach a WiFi
antenna, but in my testing it wasn’t nec-
essary to cover the cabin. If you’re just
starting with the Pi Zero, I would recom-
mend buying a kit: Mine came with an
HDMI adapter, a USB power cord with an
on/off switch, and an SD card, among
other handy things. The Zero has two
USB ports: for power and, well, non-
power uses. I bought a USB hub so I
could plug a keyboard and mouse into
the non-power USB port. I already had a
mouse, keyboard and HDMI monitor.
With all this set up, I was able to use it
like a regular, albeit slightly slow desk-
top computer (Figure 2). I read that the
typical power consumption of a Rasp-
berry Pi Zero 2 W is 350mA, making it
one of the most energy-efficient options
of Raspberry Pi models [1].
For the software environment, NextPi
[2] can turn your Pi into a Nextcloud
Listing 1: ownCloud Setup
01 systemctl --now disable bluetooth
02 apt remove firefox chromium chromium-browser lynx vlc-\* pipewire pulseaudio
cups-\*
03 apt install apache2 mariadb-server
04 systemctl restart mariadb
05 apt remove php8-\*
06 wget https://packages.sury.org/php/apt.gpg -O /usr/share/keyrings/deb.sury.
org-php.gpg
07 echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://
packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/
php-sury.list
08 apt update
09 apt install php7.4 libapache2-mod-php7.4 php7.4 php7.4-cli php7.4-gd
php7.4-mysql php7.4-curl php7.4-xml php7.4-zip php7.4-intl php7.4-mbstring
php7.4-common php7.4-readline
10 a2enmod php7.4
11 wget https://download.owncloud.com/server/stable/owncloud-complete-latest.zip
12 unzip owncloud-complete-latest.zip
13 mv owncloud /var/www/html/
14 chown -R www-data:www-data /var/www/html/owncloud/
15 mysql -u root

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 65

MAKERSPACE Off-Grid File Sharing
Listing 2: Database Setup
01 CREATE DATABASE owncloud;
02 CREATE USER 'owncloud'@'localhost' IDENTIFIED BY 'your_password';
03 GRANT ALL ON owncloud.* TO 'owncloud'@'localhost';
04 FLUSH PRIVILEGES;
05 EXIT;
to see what’s installed and then got rid
of the packages mentioned in line 2. To
run your website, you need to install
Apache as well as MariaDB (line 3) since
ownCloud requires a database to keep
track of things. Since I am not expecting
concurrent users, it seems reasonable to
reduce the number of MariaDB threads
by setting max_connections = 2 and
Figure 3: Enable an option in ownCloud so that you can set up users without email
addresses.
Figure 4: Change the login dialog so that your guests will not try to enter an email address.
66 DECEMBER 2024 ISSUE 289
added the SURY [4] repository, following
instructions that were helpfully provided
on GitHub [5] (lines 6--8). That allowed
me to install ownCloud’s dependencies
with a longer apt command and enable
Apache’s PHP module with a2enmod (lines
9-10). As there is no package for own-
Cloud, I downloaded a zip file with the
thread_cache_size = 1 in the config file binaries, extracted it and moved the con-
/etc/mysql/mariadb.conf.d/50-server.cnf tents to the right place (lines 11-13). Next,
and then restart the service (line 4). set the correct permissions by running
At the time of writing, the latest own- chown on the ownCloud directory (line
Cloud version requires PHP 7.4, but Rasp- 14), create a database for ownCloud by
berry Pi OS comes with PHP 8, so I unin- running the mysql command-line client
stalled PHP 8 (line 5) – this command (line 15), and then entering the SQL
will give you an error if PHP wasn’t al- commands from Listing 2, replacing your_
ready installed. For installing PHP 7.4, I password with a password of your choice –
make sure to write
that password down
or memorize it.
Finally you can
access ownCloud.
Open a web
browser and navi-
gate to http://rasp-
berrypi_ip/own-
cloud (where you
need to insert the
IP address of your
Raspberry Pi Zero)
and then follow
the on-screen in-
structions to com-
plete the own-
Cloud setup. It will
ask you the name
LINUX-MAGAZINE.COM
 Off-Grid File Sharing MAKERSPACE

of the database it should use. You’ve al-
ready created a database named owncloud
and noted the password in the previous
step. During this setup, you’ll need to
provide a username and password for
the admin account that you also must
remember.
I added a group called regular (via
admin/Users/Groups/add group) and made
a user called user with password user on
the same user and group management
page. By default, ownCloud asks for an
email address to validate a new user, but
you can click on the cog icon in the lower
left corner and enable the Set password
for new users option: That will replace the
email address input field with a password
field (Figure 3). As a minor tweak, I
changed the prompt message in /var/www/
html/owncloud/core/templates/login.php
so that it asks for Username instead of
Username or email (Figure 4).
ownCloud will only allow users from
certain trusted domains. Since my domain
is lodge.local, I added it to file /var/
www/html/owncloud/config/config.php
that defines an array called
trusted_domains.
Setting Up the Web Server
With Apache installed, now it’s time to
customize it. First, enable the Apache
What About HTTPS?
Do you want or need SSL/TLS? There
are two possible uses: to intercept
HTTPS requests to other websites and
redirect them to your homepage, and
to present your homepage with HTTPS.
rewrite module (you will use this later)
with the a2enmod rewrite command. For
the name of this server, I’m using lodge.
local because that’s a proper fully quali-
fied domain name (FQDN), which will not
require a DNS lookup to resolve. Set the
name of the server in the hostname file:
echo lodge.local > /etc/hostname
and add the IP address of that name by
appending a line to /etc/hosts:
10.42.0.1 lodge.local
(You will remove this entry later.) At the
end of /etc/apache2/apache2.conf add:
ServerName lodge.local
Now things are getting interesting. Re-
member this server isn’t going to be on
the Internet. Later, when you set up the
DNS, you’re going to redirect every do-
main (hostname) to here. However, that
alone isn’t quite right. You need to
check what host the browser is asking
for. If it’s not your host, then you need
to redirect the browser to your host. In
/etc/apache2/sites-enabled/000-de-
fault.conf, add the code from Listing 3
at the end of the file. Then restart
Apache via:
systemctl restart apache2
Listing 3: Apache rewrite Rule
01 ServerName lodge.local
02
This makes captive portal [6] detec-
tion work. Recent smartphone and com-
puter operating systems will check a
known non-secure URL when first con-
necting to an access point to see if
they’re online. (For example, some ver-
sions of Windows check http://www.
msftconnecttest.com/connecttest.txt
which returns Microsoft Connect Test.)
I first thought that returning anything
but the expected text would make the
client OS detect a captive portal, but that
didn’t work. From experimenting, it ap-
pears that the client OS requires an
HTTP redirect to reliably detect a captive
portal, so that’s what this Apache direc-
tive does. It needs to be a temporary redi-
rect so that it’s done every time.
You might ask: Why do you want the
access point to be detected as a captive
portal? If it isn’t, the client OS will say
“no connection,” thereby misleading the
user. Yes, it’s true that this access point
has no connection to the Internet, but it
does have its own website. When a cap-
tive portal is detected, the user will be in-
structed to log in, upon which the user
will see the website, or more precisely,
whatever content you put in /var/www/
html/index.html, replacing Apache’s de-
fault page. Listing 4 shows a minimal
HTML file that links to the ownCloud
login page; Figure 5 shows the slightly
more polished version I’ve created for the
lodge (1) and how users can navigate

Here is the breakdown: 03 <If "%{HTTP_HOST} != 'lodge.local'">

1. I tried setting up SSL/TLS on Apache 04 RewriteEngine on

to intercept HTTPS URLs, but my cer-
05 RewriteRule ^/.*$ http://lodge.local/ [redirect=temporary,nocase,last]
tificate didn’t match and the browser
06 </If>
correctly told the user so. There used
to be a way for users to “accept the
risk,” but that isn’t offered anymore. Listing 4: Website (index.html)
So now it will just confuse people.
01 <!DOCTYPE html>
2. Because I don’t have a live connec- 02 Login as user <b>user</b> with password <b>user</b> <br>
tion, I cannot get a certificate from
03 <a href=/https/www.scribd.com/owncloud>OwnCloud</a>
Let’s Encrypt. So the only free option
is a self-signed certificate. But
browsers now complain about self- Listing 5: Hotspot Configuration
signed certificates, so HTTPS for my 01 nmcli con add type wifi ifname wlan0 con-name lodge autoconnect yes ssid lodge

homepage doesn’t seem so great. 02 nmcli con modify lodge 802-11-wireless.mode ap 802-11-wireless.band bg ipv4.

If you do want to create a self-signed method shared

certificate, you can find Raspberry Pi 03 nmcli con up lodge

compatible instructions online [8]. 04 nmcli con modify lodge connection.autoconnect yes

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 67

MAKERSPACE Off-Grid File Sharing

Figure 5: The homepage (left) contains instructions on how to log in to the local ownCloud service.

from there to the ownCloud login (2), the and in the [Resolve] section of its configu- systemctl start systemd-resolved

top folder in the shared filesystem (3), ration file /etc/systemd/resolved.conf I set
and the picture folder (4). This will send all requests to a DNS server
Note, I’ve only been dealing with the # Use dnsmasq running on port 5353 on this machine –
unencrypted HTTP protocol. For HTTPS, DNS=127.0.1.1:5353 you’ll see why in a second. Perhaps con-
see the “What About HTTPS?” box. fusingly, you will be using two different in-
and then start the service with stances of dnsmasq for two different tasks:
Creating the Hotspot
So far, I have not turned the Raspberry Pi
Zero into a WiFi access point. Listing 5
shows the necessary commands which,
again, you need to run with root privi-
leges. First use the Network Manager
command-line tool (nmcli) to create an
“open” (password-less) network (lines
1-3). Then make it auto-start at boot time
(line 4). I also add the command

nmcli con up lodge

to the /etc/rc.local script, just before

(not after!) the last line (exit 0). These
steps enable the WiFi chip, open a
hotspot with SSID lodge and give your Pi
an additional IP address of 10.42.0.1.
Being offline means requires an un-
usual configuration for DNS. I use sys-
temd-resolved for very little here: On my
machine, it exists simply to connect DNS
lookup requests to a different service
running on the Rasp Pi. I first install sys-
temd’s DNS resolver via
Figure 6: The lodge access point appears (left). It is recognized as a
apt install systemd-resolved captive portal allowing the user to sign in (right).

68 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


1. One instance runs as a regular dae-
mon, controlled by systemctl and using
the configuration file /etc/dnsmasq.d/
lodge.conf. It will be doing DNS only.
2. Another instance is started by Network-
Manager doing DHCP only. It does not
read /etc/dnsmasq.conf or /etc/
dnsmasq.d/lodge.conf; it starts on the fly
from parameters in the /etc/NetworkMan-
ager/system-connections/lodge.nmcon-
nection (Network Manager format) and
/etc/NetworkManager/dnsmasq-shared.d/
lodge.conf (dnsmasq format) files.
I also need to install the second dnsmasq
service. Run:
apt install dnsmasq
Then create a new file /etc/dnsmasq.d/
lodge.conf with the following two lines:
Figure 7: The Raspberry Pi sits in
a black case and is mounted to
the rafter (circled). It is attached
to a power supply.
LINUX-MAGAZINE.COM
Off-Grid File Sharing
port=5353
address=/#/10.42.0.1
Now restart the dnsmasq service with
systemctl restart dnsmasq
you can also remove the lodge.local
entry from /etc/hosts now. The ad-
dress= line will make the DNS server
return 10.42.0.1 (the Raspberry Pi’s
WiFi IP address) as the answer to all
DNS queries. Try it: Running ping ex-
ample.com should return a reply that
starts with:
64 bytes from lodge.local (10.42.0.1)
Finally, I will configure the instance of
dnsmasq that’s started by NetworkMan-
ager; it deals with DHCP and hands out
IP addresses to clients that connect to
my hotspot. Create a file /etc/Network-
Manager/dnsmasq-shared.d/lodge.conf
and add this line:
dhcp-option=114,"http://lodge.local"
This will inform some WiFi clients
about the captive portal mode, and it
follows RFC 8910 [7]. It tries to achieve
the same goal as my redirect configura-
tion of the Apache server. When this is
all put in place, users should see the
lodge access point and be able to con-
nect to it (Figure 6).
Conclusion
So there you have it: a user-friendly
way for trading files via WiFi on low
power (Figure 7). Sometimes convinc-
ing people to use a project is the hard-
est part. I am pleased to report that
some extended family members have
told me that they’re using it – quite
probably for things I never imagined.
Some were initially reticent since they
didn’t know where the thing came
from. In retrospect, I should have put
ISSUE 289
MAKERSPACE
my name on the homepage to inspire a
bit of confidence.
If you’re interested in a more complex
solution that also grants access to the
Internet (where available), you can
check out dedicated captive portal solu-
tions, such as Nodogsplash [9] and
openNDS [10], but they were not
needed for this project. Q Q Q
Info
[1] Raspberry Pi power supply documen-
tation: https://github.com/raspberrypi/
documentation/blob/develop/
documentation/asciidoc/computers/
raspberry-pi/power-supplies.adoc
[2] NextPi:
https://github.com/sky321/nextpi
[3] Raspberry Pi Imager:
https://www.raspberrypi.com/software/
[4] SURY: https://sury.org/
[5] Adding the SURY repo:
https://gist.github.com/janus57/
37b079a383dd0507149bd94fd35053d1
[6] Captive portal: https://en.wikipedia.
org/wiki/Captive_portal
[7] RFC 8910
https://www.rfc-editor.org/rfc/rfc8910
[8] Self-signed certificates:
https://peppe8o.com/self-signed-
certificate-https-in-raspberry-pi-with-
apache
[9] Nodogsplash: https://github.com/
nodogsplash/nodogsplash
[10] openNDS: https://github.com/
openNDS/openNDS
Author
Dave McKellar earned a
Computer Science de-
gree in the 1980s from
the University of Water-
loo, Canada. Since then,
he’s worked as a pro-
grammer for a variety of
companies with Windows and Linux. He
enjoys canoeing near the remote cabin
mentioned in this article.
QQQ
DECEMBER 2024 69
 INTRODUCTION LINUX VOICE

So many geeks are gamers. Many Linux users say their

first experience with computers was playing those classic
old computer games of the 1990s. And of course, many Doghouse – Stakeholders 73
who were born much later still relish the raw simplicity of Jon “maddog” Hall
those old-school games from the DOS space. If retro-gaming The stakeholder approach of open source
broadens the pool of who can access,
is your thing, or if you are curious about what to do with
influence, and benefit from information
those old gaming CDs and backup files that are taking technologies.
up space in your attic, you’ll enjoy
Anki 74
this month’s tutorial on legacy Marco Fioretti
video game preservation. Also in Flashcards are a fast and effective way
this month’s Linux Voice, scale to memorize pertinent facts for your next
up your memorization skills exam. Anki takes this time-honored trick in
a direction you never could have imagined
with the Anki flashcard in the days of those classic 3x5 cards.
system.
FOSSPicks 82
Nate Drake
Image © Olexandr Moroz, 123RF.com

Nate explores some top FOSS tools,

including the latest Gnome desktop, a
slick 3D model viewer, LibreQuake, a neat
currency converter, and much more.
Tutorial – Legacy Video Games 88
Rubén Llorente
People born in the late ’80s and early ’90s
often have a sizeable collection of old video
games gathering dust at home. Systems
capable of executing these are, however,
becoming scarce. This article explores the
options for archiving old PC games and
running them on modern systems.

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 71


MADDOG’S
DOGHOUSE
The stakeholder approach of open source broadens the pool of who
can access, influence, and benefit from information technologies.
BY JON “MADDOG” HALL
FOSS and economic models
n 1999, I was honored to work with several groups of peo-
I ple who were interested in helping make GNU/Linux a com-
mercial success. One group was the Linux Professional In-
stitute (LPI, www.lpi.org), who decided to implement a nonprofit
certification group headquartered in Canada.
The people instigating LPI came from a wide variety of back-
grounds, but had significant experience in free and open source
software (FOSS) and various business backgrounds. Some were
more oriented toward commercial companies, and some were
more oriented toward community groups, but we all wanted the
same thing: quality, respected, high-value certifications which of-
fered a large number of options for learning the materials.
One aspect of LPI stood out. Because LPI was not a share-
holder-based organization, an organization where people profited
from owning part of the organization, the founders cared more
about how LPI helped the community than making them a profit.
The founders were stakeholders, not shareholders. One of the
other goals LPI had was to be a community-based organization
where people who earned the certificates were also the people
who helped decide the future of LPI, along with the people who
hired those certificate holders, and the ones who trained them.
If you study economics, you find there are many different eco-
nomic and political models. Some of the most famous today
are capitalism and socialism, with other offshoots of these
combining control structures with economics (communism,
democratic socialism, etc.). Many of these have been around a
long time but were dominated by feudalism, serfdom, slavery,
etc., until more modern times forced those less-desirable mod-
els into regression. Some people argue that these older eco-
nomic platforms still exist but are just hidden better.
Capitalism started to emerge as a dominant force during the
age of mechanization. It took money to buy the machinery to
automate production, and people who had money could now in-
vest to hire employees to run the machinery. To pay them back
for their investment, the stock holders would both make divi-
dends on their stock and see the value of the stock increase.
However, the employees often did not benefit from the value of
the company increasing nor have much input as to how the
company was run.
Information technology started much the same way. The first
computers were physically large and expensive and logically
small. They were designed and built by companies like IBM,
LINUX-MAGAZINE.COM
DOGHOUSE – STAKEHOLDERS LINUX VOICE
Jon “maddog” Hall is an author,
educator, computer scientist,
and free software pioneer
who has been a passionate
advocate for Linux since 1994
when he first met Linus Torvalds
and facilitated the port of
Linux to a 64-bit system. He
serves as president of Linux
International®.
DEC, Hewlett-Packard, and others. Some companies, like IBM,
started long before computers as we think of them were devel-
oped, and IBM lent its wealth to going into the “computer field.”
Other companies may have famously started in garages but
reached out to investors who turned money into ownership.
If you wanted to program or start a company around system
development, you either went to a university who had the hard-
ware resources or you found investors to help you start the
company.
Today, however, the field has changed. Open hardware, free
and open source software, open data, and social marketing have
changed the need for vast amounts of capital needed to start a
systems-solution business. People can develop great solutions
on inexpensive computers or through resources “in the cloud.”
No longer do people buy just a piece of hardware or a piece of
software, but they purchase a total solution which can be as-
sembled by a small group of people and solve the specific needs
of a specific customer. The creators of the solution can put all
of the profits into their own pocket instead of the pockets of
investors. The creators of the solution, not some disjointed
“stockholder” can determine the future of the organization.
A concrete example of this has been the rise of the Odoo ERP
system. An open source solution, Odoo runs on many different
operating systems. While there is a corporate component of
Odoo, there is also a vibrant community edition that is installed
on thousands of new installations every day. Odoo has been fa-
vorably compared to other ERP systems sold by large commer-
cial companies at much higher prices.
There is nothing that stops an individual from assembling a
series of off-the-shelf components and putting together a low-
cost point-of-sale or ERP system for a local customer and sell-
ing it for a fraction of the cost of some other commercial sys-
tems or from tailoring the Odoo system to exactly what their
customer needs.
Of course, these customers will pay for the skills of the local de-
velopers, and that is how the stakeholder system moves forward.
This is sometimes known as an employee-owned cooperative,
where the employees have a direct stake in how the company
succeeds or fails, and open technologies allow these to occur
more and more every day. Direct contact with the customer
by the developers means that, in effect, the customer also
becomes a direct stakeholder. Q Q Q
ISSUE 289 DECEMBER 2024 73
LINUX VOICE ANKI
Virtual flashcards with Anki
Learn It!
Flashcards are a fast and effective way to memorize pertinent facts for your
next exam. Anki takes this time-honored trick in a direction you never could
have imagined in the days of those classic 3x5 cards.
BY MARCO FIORETTI nki is a multiplatform, open source digital
A version of paper flashcards that “makes
remembering things easy” [1] and “makes
memory a choice” [2]. You can run Anki on Linux,
macOS, and Windows systems, as well as on
mobile devices [3].
Flashcards are a quick and easy way to memo-
rize facts for academic tests and other training
scenarios. The two main reasons to try Anki are the
sheer number of cards it can handle (more than
100,000, according to its developers), and how
easy it is to embed all kinds of content in each
card, from audio and video to scientific formulas
and musical scores. Anki also has many add-ons
and a web interface [4] that you can use to study
your cards online or keep them synchronized
across multiple devices. Personally, I also really like
that Anki saves and exports data in well-supported
formats that make it easy to automatically create
or analyze as many flashcards as I want in many
different ways.
Installation and Upgrades
At the time of writing, there are two branches of
Anki for Linux, one built with version 5 and one with
version 6 of the same Qt graphic libraries that are
the foundation of the KDE Desktop Environment.
Both branches also depend on three external
Listing 1: Anki Archive Contents
#> cd anki-24.06.3-linux-qt6/
#> anki-24.06.3-linux-qt6$ ls
anki
anki.1
anki.desktop
anki.png
anki.xml
anki.xpm
install.sh
README.md
uninstall.sh
74 DECEMBER 2024 ISSUE 289
libraries – called libxcb-xinerama0, libxcb-cursor0,
and libnss3 – that you should be able to install from
the standard repositories of most Linux
distributions.
Anki developers are not happy with the Anki
packages available in the repositories of Linux dis-
tributions and consequently won’t support them.
Instead they recommend users download the
branch they prefer from the Anki website and in-
stall it manually. At the time of writing, the Qt6
branch is recommended for most users because,
while it still doesn’t support all the add-ons avail-
able for Anki, it has better support for HiDPI dis-
plays and the Wayland graphic subsystem.
After downloading the Anki archive in com-
pressed .zst format, you must expand it with this
command (adapting it to the actual version of
Anki you chose):
#> tar xaf anki-24.06.3-linux-qt6.tar.zst
This will create a directory with the same name of
the archive, containing the same or similar files
shown in Listing 1.
The first and biggest file is the actual Anki exe-
cutable program, which is just over 100MB, and
the second is the source code of its man page.
The install.sh and uninstall.sh scripts are those
you should run, with root privileges, to install or
uninstall Anki for all the users of your system.
By default, the first script will place all those
files (including the uninstall.sh script!) in /usr/
local/share/anki, and then create a link to the Anki
executable in /usr/local/bin. After that, the script
will set up the Anki man page and all the Anki en-
tries and icons in your system menus and desktop
background.
Alternatively, you may try Anki without installing
anything, by just launching the executable file
from the prompt, in the installation folder:
#> ./anki
LINUX-MAGAZINE.COM

General Configuration
On Linux systems, the default directory in
which Anki places all its files is $HOME/Anki. If
you don’t like that setting, you can create an
alias like this:
alias anki = "anki -b $HOME/.anki"
in your $HOME/.bashrc file, if you use the Bash shell,
or use similar settings in your preferred shell.
With the installation procedure above, each user
of a Linux system will be able to create and use
his or her own Anki flashcards in full privacy. If, for
whatever reason, multiple users should share the
same Linux account, they can still work autono-
mously by setting their own profile inside Anki, by
going to the File menu and choosing Switch Profile
or, after the initial setup, launching Anki from the
command line with their own profile using the -p
<PROFILE> switch.
Another way to use Anki with completely differ-
ent settings and collections of cards may be to
launch it every time with a different base folder
(i.e., with a different -b option). Finally, you may
change the language of the Anki user interface at
any time (which may be fun when using Anki to
learn foreign languages!) by simply specifying it
with the -l option (e.g., anki -l it for Italian).
You can customize your installation of Anki in
many other ways through the five tabs of the
Anki Preferences panel, which is accessible by
pressing Ctrl+P or selecting Tools | Preferences in
the main menu. The Synching tab is useful only if
you need to synchronize different copies of Anki
on different devices, through the web interface.
The other four tabs configure general appear-
ance, card reviews, card editing and browsing,
and data backups. The most important settings
in the first two tabs are those that control
whether to hide or show the full interface while
reviewing your cards and how to rate and moni-
tor your performance.
In the other two tabs, you can set how to paste
text or images into your cards, how to search
them, and the frequency and conservation time of
automatic backups. Speaking of which, please
note that Anki only backs up card data! Any multi-
media file embedded in your cards should be
backed up separately.
The Anki Way
The first thing to do when starting to use any
flashcard system is to choose your questions
wisely. Flashcards are made for questions that
have unambiguous answers and are actually use-
ful for gaining a full understanding of a topic.
Questions such as “Who is the human protagonist
of the movie Life of Pi?” (Pi, of course) would be
OK, whereas questions such as “What is the best
LINUX-MAGAZINE.COM
ANKI LINUX VOICE
movie of the 1980s?” would not. “Does avocado
contain vitamin C?” would be a better question
than “What is the country of origin of avocados?”
to study nutrition facts, but if you studied interna-
tional trade, the opposite may be true.
Anki is based on a technique called spaced rep-
etition [5], which is useful to study many topics,
especially those that – from foreign languages to
history, medicine, chemistry, software engineer-
ing, etc. – require learning and never forgetting a
great quantity of facts or definitions.
The basic concepts of spaced repetitions are
shown in Figure 1. The left side shows the “For-
getting Curve,” how much you forget what you are
studying, and how quickly. Without help, that may
be a lot, as shown with the red line. Repeating the
memorization of the same information after one
day would make the brain forget more slowly (left-
most green curve), and by repeating it every day,
more and more data would go earlier into long-
term memory, and stay there.
In practice, rereading every fact every day
would be very time consuming and inefficient, and
this is where spaced repetition helps, as illustrated
in the right half of Figure 1 where box 1 contains
the cards you’d review every day, box 2 the ones to
review every other day, and so on. Using this
setup, if you pick a card from a box and remember
its content, you then move it to the closest box on
the right; if you fail, the card goes to the box on the
left. In this way, you make the optimal use of your
time by seeing the data most that’s the most diffi-
cult to commit to memory more frequently than
the others.
The actual flow of Anki review sessions is
more complex, but still based on the same prin-
ciple. In fact, every Anki card can be in one of
five states: new, learning, review, suspended, or
buried, depending on how fresh that card is and
how frequently, and successfully, it has been
reviewed.
If you can answer a question correctly every
time you see it, the time interval between succes-
sive reviews of that question increases gradually. Figure 1: With spaced repe-
If you fail, the same interval is decreased. In the tition, the things you have
worst case – which, by default, is when you fail the hardest time remember-
answering a question eight times in a row – Anki ing are those you see most
places it into suspended state. When that frequently.
ISSUE 289 DECEMBER 2024 75
LINUX VOICE ANKI
Figure 3: This is what the
question and answer created
in Figure 2 look like when
studying Linux with Anki.
76 DECEMBER 2024
Figure 2: The Anki editor is a basic HTML editor with just
the functions you need to create efficient cards.
happens, you have to decide whether to just re-
move that question, if it’s not really essential, or
change it to make it easier to memorize.
The Power of Anki Notes
Most things that you want to remember have
more than one (for lack of a better term) face. For
example, to pass an exam on Roman history, you
should be able to answer without hesitation both
this question:
Q. Who was the first Roman Emperor?
A. Gaius Julius Caesar Augustus.
and its opposite:
Q. Who was Gaius Julius Caesar Augustus?
A. The first Roman Emperor.
This is even truer when studying languages:
ISSUE 289
When speaking with a French person, for example,
you should remember both that “ami” means
“friend” and that “friend” means “ami.” With flash-
cards, this means you should have two cards for
any term in the dictionary.
Anki handles this issue in a way that is as effi-
cient as it is badly documented on the website
(and half-hidden in the user interface). Each piece
of information you pass to Anki (e.g., who was the
first Roman Emperor) is stored not in a card, but
in a note that, depending on its type (more on this
later), may generate one or more cards whenever
you run a study session.
This is good, but it should be the very first
thing you read, in big letters, in the Anki start
screen, its homepage, and the first page of its
manual. Otherwise, people who download Anki
because it is a “flashcard program” will believe
they are creating cards when they are creating
notes, and the mismatch will cause confusion, as
proven by the fact that, in the 18 years since the
first release of Anki, “What are notes?” has been
a recurring question [6, 7].
In fact, by default, if you click the Add button at
the top of the Anki window, the program will show
you right away the panel shown in Figure 2: a sim-
ple but perfectly adequate HTML editor, with all
the parameters set to create the simplest possi-
ble Anki note that will generate only one card with
two sides, Front and Back.
When studying, Anki will show you the front
side of that card (top part of Figure 3). Then,
when you click on Show Answer it will show the
other side (bottom of Figure 3), plus buttons to
declare how easy it was to remember the
Figure 4: The Anki card-review management panel, with
more options than most people will ever use.
LINUX-MAGAZINE.COM

answer. The button you press will determine how
much time will pass before Anki shows you that
card again. The intervals can be changed, of
course, and you can change the status and
many other parameters for each card in the
More menu of Figure 4.
Besides text and images, you can insert math
formulas in your cards by typing them in TeX for-
mat (e.g., \(\sqrt{x}\)" to add the square root of x)
selecting that text, and pressing the button labeled
fx in Figure 2. Anki will add the formula, nicely type-
set with the MathJax system [8]. A similar proce-
dure is available for chemical equations [9]. You
may use LaTeX to insert the same type of content,
and even musical notation, but at least for formulas
and equations, MathJax (which is integrated in
Anki) would be a zero-setup solution more than ad-
equate to the task.
The interface of Figure 2 is very simple to use,
even if you want to use audio or video in your cards.
Figure 5: Configuration of an Anki note (not card!) for a specific topic
begins by defining its fields.
Figure 6: After note fields, you must configure the templates of the cards
that will display them.
LINUX-MAGAZINE.COM
ANKI LINUX VOICE
Its only problem is the one I already mentioned: Fig-
ure 2 actually creates one “Basic” note, that is a
data structure which just by coincidence generates
just one card with two sides, thus continuing (to-
gether with the lack of current, clear documenta-
tion) to hide the true power of Anki.
Until now, that is. I’ll show how to create a more
sophisticated note that can generate two comple-
mentary cards by entering the corresponding data
just once. For simplicity, the data will be French-to-
English word pairs, for a French language course.
From the Anki main window click on Add, select
Basic (and reversed card) as the note type, and then
click on Fields, as shown in the top left of Figure 5.
In the Fields pop-up window (bottom-right cor-
ner of Figure 5), delete any preconfigured fields
and add three new ones: one for French words,
one for their English equivalents, and (just as ex-
ample) one for the corresponding page of your
French-to-English dictionary.
Then, click on Cards to configure
the templates of all the cards that
Note type can generate. As you can
see in the top-left corner of Figure 6,
the note I chose has two card types:
The first is for what I will call “direct”
questions, which in my case would
ask the English translation of a
French word. The second would be
for the “inverse” question, French
terms for English words. For both
card types, you must define what to
show on the front and back sides.
Looking at the Back Template panel
of Figure 6, you can see that the back
(the answer side of each card of this
type) will have the same content as
the front side, followed by a two-line
answer containing the English
Figure 7: The same operation shown in Figure 6, but for the reverse ques-
tion and answer of an Anki note.
ISSUE 289 DECEMBER 2024 77
LINUX VOICE ANKI
Figure 9: The two specular
cards generated by the sin-
gle note created for the
Ami/Friend word pair.
78 DECEMBER 2024
Figure 8: Once the templates for all the cards of a note type
are ready, you can generate as many of those notes (and
cards) as desired.
translation of the French word and the corre-
sponding page in the dictionary.
Figure 7 shows, as you can see by comparing
the Card Type value with the one of Figure 6, the
front and back template configuration of the other
type of card supported by the Basic (and reversed
card) note type: As expected, it’s the same struc-
ture, just with inverted fields.
When the template configurations are done, you
can click on the Add button in the main Anki win-
dow as many times as desired and, after selecting
the right note type, enter all the French/English
word pairs you want to memorize with Anki. The
screenshot collage of Figure 8 shows the three
pairs I created for this tutorial: Bonjour/Hello, Ami/
Friend and Merci/Thanks. The two screenshots in
Figure 9 show how Anki creates two distinct cards
from the same Ami/Friend note.
Summing up, cards are what you actually use
when studying with Anki, but they are generated
on the fly from notes prepared in advance.
Thanks to this architecture, you can define and
update all the raw data about a fact just once,
but reuse every “side” it has only where and when
you actually need it.
Thanks to this, if your brain remembered Eng-
lish-to-French translations much more easily than
French-to-English ones, Anki could show you the
French-to-English much more frequently than the
ISSUE 289
others and never show the two cards of each note
back to back. Besides, you could further help your
memory by customizing every side of every card
in different ways, for example giving a blue back-
ground to English-to-French cards, and a red
background to French-to-English cards.
Cloze and Image Occlusion Notes
Two other very important note types are those for
“clozes” and “image occlusions.” The clozes are
notes in which you can select and hide the part or
parts of text that constitute the answer to a ques-
tion. Instead of a basic Q&A card such as this:
Q. What is the last name of the inventor of the
Linux kernel?
A. Torvalds.
You can create a note whose card looks like this:
Linus [...] invented the Linux kernel.
The answer is obviously the same in both cases,
but the cloze version allows you to add more con-
text. Besides, you may use more clozes, hiding
more than one part of the text in the same card.
To create a cloze note, select the corresponding
note type in the same panel shown in Figure 5,
write the whole text of the note in the Front field,
and any additional text in the Back field. Then, se-
lect the text you want to elide and click on the […]
button in the same panel. Assuming you had writ-
ten this sentence in the Front field:
Linus Torvalds invented the Linux kernel.
and then selected for clozing the word “Torvalds,”
Anki will mark that word in this way:
Linus {{c1:Torvalds}} invented the Linux kernel.
and hide it whenever it presents you the correspond-
ing card. To hide more words, just repeat the pro-
cess. As in the French language example, it is possi-
ble to create multiple cards from the same note by
adding more clozes. A cloze note with this text:
{{c2:Linus}} {{c1:Torvalds}} invented the Linux
kernel.
will create two cards, the first hiding only “Tor-
valds” and the second will only hide “Linus,” be-
cause “Linus” has the successive cloze index (c2
instead of c1). If both words had the same index,
Anki would create only one card, hiding them both.
Image occlusion (IO) notes perform the same
task as clozes, but hide parts of images (instead of
sections of text) with a rectangle, ellipse, or polygon.
Quoting from the Anki documentation, this is “espe-
cially useful when studying material that heavily re-
lies on images, such as anatomy and geography.”
LINUX-MAGAZINE.COM

To create IO notes, choose the corresponding
note type, load into the note the image that should
be occluded, and then use the additional buttons
that appear in the Anki note editor to hide as
many parts of the image as desired and also add
captions. Then, click on the Image Occlusion Mode
button, to the left of the button with the cursor, to
choose between Hide All, Guess One and Hide one,
Guess One. The first mode hides all the areas you
masked and reveals them one at a time; the sec-
ond only hides one area.
Card and Note Maintenance
Anki includes a card and note browser with two
separate views, one for notes and one for cards.
Both views, distinguishable by the different col-
ors of the view selector, are partially visible in the
collage in Figure 10, where you can also check
that the data I entered for the sample French lan-
guage course indeed produced three notes and
six cards.
As soon as you have more than a 100 notes,
you should check the browser regularly to see
how many notes or cards are in each state,
change the state, or add flags and tags to orga-
nize them better. The browser is also the place
where you can arrange cards or notes in different
orders, or search all the those that contain spe-
cific text, even saving the most frequent searches
with custom names.
Anki Decks and Tags
As powerful as notes are, if they were the only way
Anki had to organize content, things would get
very messy as soon as you tried to study more
than one subject.
In practice, this is no problem because Anki lets
you assign any notes and their cards to one or
more decks, regardless of the note type, and also
tag them in any way desired.
Having one deck for every topic ensures that
when, for example, you need to refresh your mem-
ory about Linux administration, or whatever else
you need to know to pay the bills, Anki won’t dis-
tract you with questions about video game history
or any other hobby you may have.
Besides this obvious advantage, Anki decks have
an even bigger one if you build or customize them
yourself, rather than using decks made by some-
body else without any changes. When you assem-
ble a deck by choosing all the right questions as I
mentioned above, deciding which note is better for
memorizing each piece of information, how much
context it should have, and so on, you have already
started to learn and memorize, before having actu-
ally reviewed a single Anki card.
To make things even easier, each deck can
have as many sub-decks as desired, using two
colons as a level separator. That is, a deck called
LINUX-MAGAZINE.COM
ANKI LINUX VOICE
Linux Distributions::Debian and one called Linux
Distributions::Slackware would be two sub-
decks of the upper-level deck about Linux
distributions.
That said, with Anki it is important to not get
carried away with partitioning decks in smaller
sub-decks, for the simple reason that the smaller
a deck is, the more predictable the order of its
cards become. You may end up memorizing the
order of the answers and find yourself unable to
remember all of them separately.
The right way to classify your notes in any way
you want without this problem is to give each of
them tags (compare with the bottom of Figure 2),
which you can then organize into trees as desired
by dragging and dropping them onto each other in
the browser shown in Figure 10.
Anki Data Formats
At the beginning of this article, I observed that I
really like how Anki saves and exports its internal
data, because it makes it easy to automatically
create or analyze how many flashcards I want, in
many ways.
Here is what I mean: Your Anki user profile con-
tains, besides a directory for compressed back-
ups in ZIP format, another directory called collec-
tion.media and two files called collection.anki2
and collection.media.db2. They are nothing other
than two single-file databases in the SQLite3 for-
mat that are fully supported on all operating
systems.
This means that you can restore them with any
SQLite recovery tool if something bad happens
(and if it does, Anki will let you know!). Besides, if
you aren’t satisfied by all the reports that Anki gen- Figure 10: The Anki browser
erates (see Figure 11), you can create your own by is the one-stop shop where
directly querying those databases, even aggregat- you can keep all your notes
ing the statistics of multiple users! and cards under control.
ISSUE 289 DECEMBER 2024 79
LINUX VOICE ANKI

Equally interesting are Anki’s import and export
capabilities, both accessible from the File main
menu. You can export just one deck or all of your
user profile as ZIP archives, which you can share
with other users with the .akpg (Anki package)
suffix for decks and .colpkg (Anki collection pack-
age) for your whole profile.
But you may also export (and subsequently im-
port in any another Anki instance) all your notes in
plain-text format, and this is the part I really like.
To see what I mean, check out Listing 2, the Anki
export file of all the notes I created for this tutorial,
telling Anki to include everything but the unique
note identifier it uses internally.
Listing 2’s format is easy to decode: After a
simple, self-explaining header, there is one note per
row, with tab-separated columns that contain note
type, deck, fields, and tags. The reason why this
makes me happy is that if this format is easy to
read, it’s also easy to write! In other words, it would
be quite easy, with the tons of text-processing tools
available on Linux, to generate a separate deck for
each student of a entire course, and that’s just one
use case. Aren’t open formats wonderful?
Conclusions
The distinction between cards and notes should re-
ally be explained better in the documentation and

Listing 2: Anki Notes Export, Plain-Text Format

#separator:tab
#html:true
#notetype column:1
#deck column:2
#tags column:8
Basic (and reversed card) Custom Study Session Bonjour Hello 12 languages
Basic (and reversed card) Custom Study Session Merci Thanks 35 languages
Basic (and reversed card) Custom Study Session Ami Friend 34 languages
Cloze anki-test-deck Linus {{c1::Torvalds}} invented the Linux kernel. Torvalds
Image Occlusion anki-test-deck {{c1::image-occlusion:ellipse:left=.4278:top=.1498:rx=.0692:ry=.042:oi=1}}<br>{{c0::image-o
cclusion:text:left=.2219:top=.3399:fill=rgb(0,0,0):text=Who's this?:scale=1.:fs=.0853:oi=1}}<br> "<img
src=""20240926_083104.jpg"">"

Figure 11: The only problem with the Anki statistics about your study may be how many of them there are.

80 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM


presented better in the interface. I hope this article
helps to clear up this matter. In addition, the online
documentation available at the time of writing
did not always match the Anki version I reviewed
(24.06.3): For example, it listed different card
states than the ones I saw in the Anki browser.
Anki has lots of add-ons of all sorts, but for a tool
like this I would recommend to not looking at them
before becoming really familiar with the note/card
duality and all the basic functions, lest you find your-
self playing with gadgets and statistics more than
actually learning from your cards. I mean, notes.
On the same note, as good as Anki is at manag-
ing flashcards, all its functions and all the statistics
in Figure 11 (and that’s just some of them!) will do
very little for you if you don’t get into the habit of
using Anki regularly, with schedules configured to
The Author
Marco Fioretti (https://
mfioretti.com) is a free-
lance author, trainer, and
researcher based in
Rome, Italy, who writes
about digital rights issues
at https://mfioretti.
substack.com.
ANKI LINUX VOICE
really match your needs, or if you don’t regularly re-
fine the content of your decks.
With this advice in mind, I think anyone who
feels overwhelmed by how many things they
should remember should at least give Anki a
serious try. Q Q Q
Info
[1] Anki: https://apps.ankiweb.net/
[2] “Augmenting Long-Term Memory” by Michael
A. Nielsen, July 2018:
http://augmentingcognition.com/ltm.html
[3] AnkiDroid Flashcards: https://play.google.
com/store/apps/details?id=com.ichi2.anki
[4] Anki web interface: https://ankiweb.net
[5] Spaced repetition:
https://en.wikipedia.org/wiki/Spaced_repetition
[6] “What is the difference between a card and a
note?” (2015): https://www.reddit.com/r/Anki/
comments/3x58fb/what_is_the_difference_
between_a_card_and_a_note/
[7] “Note vs Card???” (2023): https://www.reddit.
com/r/Anki/comments/17s355r/note_vs_card/
[8] MathJax: www.mathjax.org
[9] Chemical equations with MathJax:
https://mhchem.github.io/MathJax-mhchem/
LINUX VOICE FOSSPICKS

FOSSPicks Nate explores some top FOSS tools, including the latest
Sparkling gems and new
releases from the world of
Free and Open Source Software

Gnome desktop, a slick 3D model viewer, LibreQuake,

and a neat currency converter. BY NATE DRAKE
Desktop environment

Gnome 47
n September 18, the redundant Videos folder. I also Gnome Calendar also contains numerous bug fixes and

O Gnome Community re-

leased the latest version
of the desktop, codenamed “Den-
noted that the Other Locations
bookmark is no longer there. All in-
ternal drives are listed in the side-
an improved layout for displaying event details. Some new
Gnome Circle apps have been added including the Mast-
odon client Tuba, which I reviewed last month, as well as the
ver.” The top-billed new “Accent bar instead. The release notes also currency converter Valuta, which is covered in this issue.
Colors” feature is underwhelming state that file searching has been Gnome also now works better with Remote Desktop
to Ubuntu users, given the OS has improved in that users will see an sessions, because these can now be automatically resumed
supported this since 2022. Still, info button if trying to search a even when cut off. Dialogs have been modified to work
it’s easy to access via Gnome set- location that isn’t indexed or a re- better with narrow screens and now display clearly defined
tings and was the first change I mote folder. This provides more buttons. When creating a new folder in Pictures, I noted that
made when testing Gnome 47 in contextual information, though it the dialogs also follow custom accent colors. Open and
a daily build of Ubuntu 24.10. doesn’t speed up the search. Save dialogs have received an upgrade and now support
The Nautilus file manager has A number of other Gnome zoom, reordering, preview, and even renaming files.
also been overhauled. Tradition- apps have also been updated. Special mention should also go to Gnome Control Cen-
ally, bookmarks to Home folder The Gnome Web browser, Epiph- ter, which has an upgraded Add User dialog. This now en-
locations such as Documents and any, has a new bookmarks side- forces the password requirements found in the configura-
Pictures couldn’t be removed. This bar to make bookmarks easier to tion file in /etc/security. When creating accounts, you
is now supported and I put it to search and navigate, as well as can still choose to set a password immediately or upon
good effect to remove the an auto-fill feature for forms. login. Gnome’s Disk Usage Analyzer also apparently has
a refreshed interface with a modernized file list, updated
icons, and a new look for the location bar. However, when
I checked the app against the version in my Ubuntu 24.04
virtual machine, I couldn’t noticed any appreciable differ-
ence beyond a slightly more compact interface.
Beneath the hood, Gnome’s online accounts feature now
supports automatically completing IMAP/SMTP configura-
tion details when users enter an email address. Email, Cal-
endar, and Contact Information have been added for Mi-
crosoft 365 accounts. Gnome now also includes an experi-
mental enhanced fractional display scaling feature to sup-
port legacy X11 apps. Users can also play VR games while
using Wayland desktop sessions. The release notes also
mention the addition of the “foundations for reliable and
1. Epiphany: New browser features include a sidebar for searching and loading hardware-accelerated screen sharing” required by the pro-
bookmarks. 2. New apps: Gnome comes with new Circle apps including the mighty prietary NVIDIA graphics driver.
Mastodon client Tuba. 3. Removable bookmarks: Nautilus now supports removing If you’re excited to test the latest Gnome, you can fire it
bookmarks to home folder locations like Videos. 4. Internal drives: Instead of list- up in a supported operating system like Ubuntu 24.10 or
ing Other Locations, Nautilus now displays all internal disks. 5. New dialogs: These Fedora 41. At the time of writing both these operating
now have a cleaner, improved layout and follow Gnome accent colors. 6. Informa- systems are in beta. Make sure to wait for the stable re-
tive search: Gnome now alerts users who try to search in non-indexed or remote lease if you want to use Gnome 47 as your daily driver.
locations. 7. Persistent connections: Remote login sessions that are disconnected
for any reason can now be resumed. 8. Accent colors: Although already supported Project Website
in Ubuntu, this feature is now simpler to access. https://release.gnome.org/47/

82 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 FOSSPICKS LINUX VOICE

System cleaner

Czkawka
’ve always felt one of the previous version (6.10) is also

I blessings of Linux is that

the operating system
doesn’t need regular defrag-
mentation or cleanups. Code
tends to be designed efficiently
and commercial bloatware is
mercifully absent. Still, no mat-
ter which OS you use, you can
experience poor performance
due to duplicate or redundant
files cluttering up your hard
drive. Czkawka, whose name
derives from the Polish word
for “hiccup,” tries to resolve this
in the same way as other de-
cluttering utilities like
BleachBit.
There’s both a command-line
version and a GUI version using
GTK4. The main GitHub page of-
fers precompiled binaries of the
latest version (7.0.0). The
available via Flathub. After in-
stalling libfuse2t64 I was able to
launch the Czkawka AppImage.
The top pane allows you to set
Included Directories, such as
your home folder. There are also
tabs for Excluded Directories,
which by default include key
system folders such as /run.
You can use Item Configuration
to allow certain extensions, as
well as exclude certain items.
For example, files in the Trash
aren’t included in searches.
The search options in the left-
hand pane are all logical, such as
the search for duplicate files,
empty directories, and large files.
You can use the arrow keys at
the top and bottom of the pane
to see further options such as
Similar Videos. I decided to get
The Czkawka interface is simple, offering options to locate large/
duplicate files and then compare or remove them.
started looking for similar images. The utility listed all of
them in a split second.
The main pane lists search results. There’s a conve-
nient checkbox next to each file that you can click, and
then you select one of the buttons to delete, move, or
save. If you select multiple files, you can also create sym-
links or hard links. Hover over each button for a more de-
tailed tooltip explanation of what it does. Special mention
should go to the Compare button which opens a more de-
tailed file view to check that the files really are duplicates.
Project Website
https://github.com/qarmin/czkawka

File visualization utility immediately using color cod-

see
ing: For example, comments
appeared in green and objects
in blue. I was particularly im-
pressed to see that the None at-
o quote the project tribute for objects appeared in

T page, the overall goal of

this utility is to offer a
“visually appealing way to view
various file types directly in
your console.” Of course there
are many terminal apps per-
fectly capable of doing this,
such as the trusty vi and nano,
but see goes above and beyond
by offering syntax highlighting.
It can also load images and hy-
perlinks where supported.
See can be installed using a
curl script. You can also down-
load Linux binaries from the
project page or install the utility
using Cargo. The syntax for see
is extremely simple. For in-
stance, to view the code for my
Python script adventure1.py, I
simply provided the filename
after see. The code loaded
a different shade of blue, mak-
ing assigned attributes easier
to read.
You’ll have similar joy with a
Markdown file. After installing
Terminator, I had see load up a
sample file, which once again
makes good use of color coding.
Main (h1) headings are in teal, Though it can’t always display animated images such as Nyan Cat,
secondary (h2) headings are in see offers superb syntax highlighting for code and Markdown
green, and so on. Regular text is documents.
gray, but I noted code and lists
are highlighted in yellow. developer does caution that this feature isn’t
I decided next to put see’s im- supported in every terminal program. The
age-loading skills to the test. project page also states that see is still in the
After trying to load a GIF of Nyan alpha stage, so these kinds of bugs are to be
Cat in my chosen terminal utility expected. The utility nevertheless offers an
(Terminator), the image only intuitive way to navigate code and Markdown
loaded as a still frame. The same documents.
thing happened in Guake. When
using Gnome Terminal, bars ap- Project Website
peared across the image. The https://github.com/guilhermeprokisch/see

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 83

LINUX VOICE FOSSPICKS
RSS terminal reader
CAST-text
latforms such as Face-
P book, Instagram, and Pin-
terest may have depre-
cated their RSS feeds in favor of
ad-filled, short-form videos, but
RSS isn’t dead. In fact, as a jour-
nalist I find these types of web
feeds far superior when it comes
to assimilating large amounts of
news. Developer Edi Piqoni
clearly feels the same way, hav-
ing developed this handy utility.
I had no joy with the instruc-
tions to download and run CAST-
text via Go. However, precom-
piled binaries are available for a
number of platforms including
Linux. After extracting the ar-
chive and using chmod a+x to
make the program executable, it
can be run directly in the termi-
nal. As an Englishman, I was de-
lighted to see that CAST-text
3D-model viewer
Exhibit
’ll never forget the first time I
I tried to contend with 3D
models. I’d found a rendering
of some classic walkie-talkies as
used in the TV series Stranger
Things. I duly sent the files to a
company that specialized in 3D
printing, only to find they couldn’t
open them. It was only then I dis-
covered the plethora of formats
for 3D models, not to mention
the various software and in-
browser solutions for previewing
them.
Exhibit offers a lightweight so-
lution to do this. It’s powered by
the same library as the F3D
viewer, so it supports diverse
model formats including FBX,
glTF, OBJ, PLY, STL, STEP, USD,
and Alembic. Binaries are cur-
rently available from Flathub
only, though the developer also
84 DECEMBER 2024
defaults to BBC News. However,
you can change this to other
RSS feeds using the -rss flag.
For instance, I was able to ac-
cess Linux Magazine‘s feed
running
cast-text -rss https://U
www.linux-magazine.com/rss/U
feed/lmi_full
Once the news loads you can
use the up and down arrow keys
to switch between story titles on
the left-hand pane. The story text
itself is displayed on the right. You
can use the right and left arrow
keys to scroll up and down the ti-
tles. Scrolling via trackpad is also
supported. Press Enter at any time
to launch the corresponding news
article in your default browser. Use
q to exit the utility.
lists instructions on the GitHub
page on how to clone and com-
pile from source.
After installing the Flatpak via
the terminal, I was gratified to
see that Exhibit had a dedicated
icon in Ubuntu’s Activities. This
saves having to run via the com-
mand line as I had to do for the
other Flatpaks I reviewed for the
column this month. As a Gnome
App, the user interface is well
spaced and simple to navigate.
On first launch, you can click
Load to navigate to your chosen
3D model (in my case a render-
ing of the Scottish steam ship
MV Spartan).
Once the mode loads, Exhibit
defaults to the Render tab. From
here you can toggle options such
as rendering and anti-aliasing.
You can also enable showing
ISSUE 289
CAST-text displays the
title of RSS news feeds The project page lists ambi-
in the left-hand pane. tious plans for future develop-
Use the arrow keys to ment including importing non-
load the story text on RSS news feeds such as CNN.
the right. Still, this is another great exam-
ple of a single program that does
one thing very well, so there’s no
particular need for this. My only
complaint is that, despite trying
to open the utility via the fish in-
teractive shell, all the text re-
mained stubbornly black and
white.
Project Website
https://github.com/piqoni/cast-text
Exhibit has a light foot-
print but offers multiple edges and/or spheres and then
viewing options includ- define their width. The Model tab
ing grids and customiz- allows you to fine-tune the mate-
able backgrounds and rial and color of the model. I had
colors. the most fun with the Scene tab,
which lets you display the grid as
well as choose from one of a
number of image backgrounds.
You can also customize a back-
ground color. Exhibit also sup-
ports exporting models in PNG
format.
Project Website
https://github.com/Nokse22/Exhibit
LINUX-MAGAZINE.COM
 FOSSPICKS LINUX VOICE

Voxel game engine certainly wasn’t true for my vir-

tual machine, which didn’t play

Minetest well with Minetest’s use of

OpenGL. But the Flatpak
opened immediately when run
ince 2010 the developers on my bare-metal install of

S of this voxel game-cre-

ation system have been
putting Mojang to shame
through offering a free and open
source alternative to Minecraft.
Although the name has become
synonymous with the Minetest
game itself, the software actually
offers a variety of titles. This in-
cludes the more interactive Vox-
eLibre, which offers monsters,
animals, and a greater range of
options than its more sterile
sandbox twin.
The most recent version
(5.9.1) incorporates some excit-
ing new features, including a
supposed improvement in ren-
dering performance. According
to the developers, this may
yield a significant improvement
on some hardware. This
Ubuntu 24.04. Installs are also
available via OS repositories,
though the developers recom-
mend adding the PPA to ensure
you have the latest version.
RPM binaries are also available
for the likes of Fedora or
openSUSE.
On first launch you’re presented
with a browser listing the available
games to install. After choosing
Minetest, I was immediately able
to join a server and promptly fell
down a blocky ravine. Less inept
players may get a chance to expe-
rience Minetest’s latest “god rays,”
also known as volumetric lighting.
This ostensibly gives developers
greater artistic control of the envi-
ronment, though they must install
the relevant mod and enable the
feature to use it.
Minetest now promises superior rendering, volumetric lighting, cus-
tomizable wear bar colors, and faster custom map-loading times.
Minetest has also now introduced new APIs that can
take advantage of a separate mapgen thread. This means
Lua mapgen code will no longer be executed on the same
thread as the rest of the game, which should improve
loading times for advanced/custom maps. The bone
override API can now apply overrides to the animation
and interpolation of properties, which should allow mod-
ders to create smoother procedural animations.
Most importantly, wear bar colors are now fully cus-
tomizable, meaning rainbow pickaxes can finally get the
wear bar they deserve.
Project Website
https://www.minetest.net/

Currency converter you can use the Preferences

Valuta
menu to switch to alternate
sources such as Moeda.info or
Google Finance, though the app
warns the latter is unstable. I
eaders of FOSSPicks will found proof of this after trying to

R know I’m a huge fan of

Gnome apps, given that
the code of conduct requires
they be both functional and offer
a simple, clean interface. This
app, which means “currency” in
Italian and several other lan-
guages, is an excellent case in
point.
Currently binaries are only
available via Flathub. Still, upon
first launch it’s clear why you
might opt for this over just
googling “X USD in GBP” via
your browser. Simply enter your
chosen amount in the top field
and then choose the relevant
currency from the available
drop-down menu to begin.
By default Valuta uses the
open source Frankfurter API for
currency conversion. However,
display Bitcoin conversion rates
when the app initially failed to
load the current rate in USD.
Any changes you make to the
configuration are saved for when
you relaunch the app, which I no-
ticed when exiting to resolve the
Bitcoin dilemma. On the plus
side, this means that Valuta also
saves any amounts you con-
verted. Upon clicking the drop-
down menu, there’s a search box
for available currencies that’s
useful if you know the country
but not the name of their mone-
tary unit. For instance, typing
“Kuwait” lists the country, its
alpha-3 ISO code, and the cur-
rency “KWD – Kuwaiti Dinar.” The
one exception to this I found was
the Peruvian Sol, which is listed
as just “Sol” for some reason.
Valuta has a clean interface to convert and switch between
currencies. As the app warns, Google Finance support is still buggy.
Bitcoin (BTC) and Litecoin (LTC)
are also listed as-is, given they’re
not issued by any one state.
Special mention should also
go to the button in the center
screen (keyboard shortcut
Ctrl+S) that allows users to
quickly switch between curren-
cies if they, like me, have a habit
of entering the wrong values in
the wrong fields.
Project Website
https://github.com/ideveCore/Valuta

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 85

LINUX VOICE FOSSPICKS
Free Quake engine content
LibreQuake
here are few gamers who
T haven’t played id Soft-
ware’s 1996 sequel to the
first-person shooter Doom. Such
was Quake’s popularity that the
developers open sourced the
game engine in 1997 under the
terms of GPLv2. This allowed the
gaming community to refine the
code and add new features.
Forks appeared pretty much im-
mediately. As with Doom, how-
ever, the game assets were still
proprietary so someone would
still need to legally purchase the
original game files to take advan-
tage of any open source engine.
Retro gamers will be familiar
with how the community
squared this particular circle
with the Freedoom project. This
involved releasing new IWAD
(level) files containing third-
party graphics, music, and
sound effects. This effectively
created an entirely free game
provided it’s played using an
open source engine like Choco-
late Doom.
LibreQuake has similar aspira-
tions. Since 2019 the developers
have focused on developing a
free software drop-in replace-
ment for Quake 1. Sadly it’s not
as mature as Freedoom, given
the latest version (0.07) is still in
LibreQuake’s textures and weapons work flawlessly. Currently there are five levels – press the
space bar to load after entering a portal.
86 DECEMBER 2024
beta. Like
Freedoom, the
project fo-
cuses on raw
data, and a
compatible en-
gine is re-
quired for play.
The GitHub
page contains I only encountered two classes of LibreQuake’s monsters. While admittedly lethal, the
both the full graphics for both felt unfinished.
version of all
playable level files, as well as a “not quite Quake but feels pretty
mod archive sufficient to get right.” This is clearly something
LibreQuake working on most on the developers’ minds, given
modern source ports. the main website has a very
I followed the site recommen- lengthy licensing section cau-
dation and installed the open tioning creators not to simply im-
source engine QuakeSpasm, itate real Quake assets to avoid
which from what I gleaned on copyright infringement. On first
Reddit is best for a hassle-free launch, the game presents a
vanilla play. The version of the Start portal that leads to a
engine in the Ubuntu Snap store choice of different “episodes.”
failed to launch, but I had no Upon entering the portal, the
trouble installing it from the re- game acts as if you have com-
positories via the terminal. pleted a level displaying scores.
Launching the game was as sim- You need to tap the space bar to
ple as extracting the full Libre- load the level in question. The
Quake archive, using cd to navi- end result is something of a
gate to the directory and then mixed bag: Level layout itself is
running quakespasm -f. The en- well designed and the wall tex-
gine automatically found the id1 tures are just so. WASD move-
folder to load levels and assets. ment worked effortlessly, and
As I was browsing the Quake items I picked up were added in-
subreddit, I came across a poster stantly to the inventory.
who described LibreQuake as LibreQuake really falls down
though when it comes to ene-
mies. Admittedly I only played
Episode 2 in any depth. Still, the
first bad guys I encountered
were somewhat jerky. I wasn’t
quite sure what to make of the
second enemy, which seemed
to resemble a rainbow-colored
troll, it nonetheless dealt a
great deal of damage from
launching some kind of explo-
sive at my head. Currently
there’s also no in-game music,
though I noted QuakeSpasm
can play external files.
Project Website
https://librequake.queer.sh/
ISSUE 289 LINUX-MAGAZINE.COM

Hosted hypervisor
VirtualBox
ince 2008, Oracle’s cross-
S platform virtual machine
(VM) manager has been a
godsend for developers, hobby-
ists, and even tech journalists
such as myself for running guest
VMs. The latest version, Virtual-
Box 7.1, was released on Sep-
tember 9 and is described on the
main website as a major update.
Sadly, nested virtualization is
still not supported so I wasn’t able
to test all features in my Ubuntu
24.04 VM. Still, the version 7.1 .deb
package installed without issue.
On first launch, it’s clear to see
what Oracle describes as the
“modernized” look and feel. The UI,
which now uses Qt 6.5.3, presents
a choice between “Basic” and “Ex-
pert” modes. I wasn’t able to see
much difference between the two
until launching the Settings menu
File permissions viewer
Concessio
’m of the belief that if you’ve
I never encountered a file per-
missions error, you’ve never
used Linux. True, there may be
experienced Unix programmers
out there who always know their
chmod from their chown and can re-
solve permissions issues in a
flash. For the rest of us, there’s
Concessio.
Developer Ronnie Nissan
notes on his GitHub page that
the purpose of this app is to
“Understand File Permissions.”
Currently it’s compiled only as a
Flatpak. On first launch, I no-
ticed that this Gnome App was
faithful to the project’s goal of
offering apps with a simple in-
terface. If you’re new to Linux, I
recommend first launching
Concessio’s help page, which
discusses in more detail how
LINUX-MAGAZINE.COM
for a newly created VM. This pres-
ents dedicated Basic and Expert
tabs. In short, the Basic mode re-
moves options for more advanced
settings such as serial ports and
VM folders. VirtualBox’s Prefer-
ences have similarly been updated
with more advanced options such
as setting proxies removed from
the Basic tab.
There’s good news for Linux
users, because VirtualBox now
finally supports sharing clip-
board data on Wayland ses-
sions for both hosts and guests
on the OS. File transfers are
also now supported between
Linux and Windows hosts/
guests, once the newly up-
graded “Guest Additions” are in-
stalled. If you do choose to do
this, you’ll discover that the en-
coding pipeline for the screen
file permissions work in Unix
systems.
The help section begins by ex-
plaining the principal parties to
whom permissions are assigned
(Users, Groups, and Others). It
then discusses the types of per-
missions (Read, Write, and Exe-
cute) as well as explaining how
these can be represented both
as a string of 10 characters or
numerically using three digits.
While this is obvious to experi-
enced Linux users, Concessio
details how the positioning of
characters matters when it
comes to assigning permissions.
It also provides an example of a
chmod command.
If you return to the Concessio
main screen at this stage, you’ll
see an example of file permis-
sions in both numeric and
FOSSPICKS LINUX VOICE
VirtualBox now comes with an overhauled UI offering a limited Basic
mode that removes advanced VM settings and preferences.
recording feature has been overhauled, making it
much more efficient.
If you’re accessing Linux using a recent macOS host, ARM
virtualization for Linux and BSD VMs is now supported. NAT
now also comes with a new engine with IPv6 support. The
Oracle VirtualBox Extension Pack, which is necessary for
certain features such as RDP support and disk encryption,
has been updated to use Personal Use and Evaluation Li-
cense (PUEL). The evaluation option has been removed,
meaning the license terms must be agreed to immediately
on use. VirtualBox itself remains FOSS under GNU GPLv3.
Project Website
https://www.virtualbox.org/
While the interface is basic, Concessio is perfect for working out
what file and folder permissions to assign in the terminal.
symbolic format. The default setting is 664, which al-
lows the owner and group to read and write to the file
but not execute. Others can only read the file. If this isn’t
to your liking, you can make use of the toggle buttons
beside each party to change the permissions. For in-
stance, you can toggle read, write, and execute to all
parties to give the famous 777 or rwxrwxrwx. There’s a
copy dialog next to both sets of values to allow you to
easily paste into the terminal. The Open button at the
top left allows you to access a file and view its current
permissions.
Project Website
https://github.com/ronniedroid/concessio
ISSUE 289 DECEMBER 2024 87
LINUX VOICE TUTORIAL – LEGACY VIDEO GAMES
Preserving legacy video games
Bringing Back the ’90s
People born in the late ’80s and early ’90s often have a sizeable collection of old
video games gathering dust at home. Systems capable of executing these are,
however, becoming scarce. This article explores the options for archiving old PC
games and running them on modern systems.
BY RUBÉN LLORENTE
Figure 1: A collection of PC
video games from the late
1990s and early 2000s.
Many of these titles are not
available in retail form any-
more due to licensing and
trademark issues.
88 DECEMBER 2024
h, the late ’90s! The time just before the
A
break of the new millennium was the
golden age of video games, at least for
nostalgic microchip heads such as myself. This
era represents a sweet spot in which computers
were powerful enough to represent 3D environ-
ments, display decent graphics, and play high-
quality soundtracks. Still, the video game indus-
try had not evolved yet into the greedy machine
it eventually became, inventing aggressive mon-
etization schemes and coming up with in-game
purchases, loot boxes, or intrusive digital rights
management (DRM) mechanisms. Back then,
the usual way of obtaining a video game for
your PC or game console was to (gasp!) walk up
to a store and purchase a physical copy. A PC
game would take the form of a CD (or many, for
large titles) which contained all the required
data to install the software and play. No Internet
connection was required.
I am the sort of person who keeps old stuff
around forever and does not toss it into the trash
ISSUE 289
Why Make the Effort
Many retro games are still available for pur-
chase in one form or another. It’s therefore
worth considering why you should make a
backup of an old retail version of a game,
considering you could just buy it again for
less than $5 if the CD you have were to break.
The GOG.com [1] store maintains an enor-
mous catalog of retro PC games, and they
support the available titles so they can run
on modern operating systems. The over-
whelming majority of their games are DRM-
free. Why aren’t these an option?
The main reason is that what is often found
for sale is not exactly the retail version you
have, and the retail version you have is actu-
ally not for sale at all. This is especially no-
ticeable when you purchased non-English-
language games as a kid: The studio that de-
veloped the game back then may no longer
hold the rights for the translations, which
means Spanish, French, etc., versions of the
game aren’t available anywhere for purchase.
If you have a retail version in your language,
you may as well treat it as irreplaceable.
Quite often, studios which released a game
back in the late 1990s or early 2000s ended
up releasing one or more modern, updated
versions later. The newer version is usually
easy to find, because old versions are
dropped and all effort goes into supporting
the most recent one. An example that comes
to mind is Imperivm III, a game which was
very popular in Spain. The HD remaster is still
for sale, but no seller carries the original any-
more. These upgraded versions may contain
gameplay changes you are not on board
with, however, so if you liked the old iteration
of the game, the only way to ensure you can
play it in the future is to archive it yourself.
LINUX-MAGAZINE.COM

bin so long as it is in working order. Therefore, I
have a meaningful collection of PC games in a
vault (Figure 1). While reorganizing my storage
space, it occurred to me that many of these
games aren’t easily playable on modern comput-
ers – the ones I can realistically obtain – despite
being in an excellent state of preservation. This
thought immediately set me on a quest to find out
how to enjoy these gems from the golden age and
how to preserve them for the future (for more on
why, see the “Why Make the Effort” box).
The Problems
There are two tasks to complete when you decide
to archive a video game for posterity. The first is
saving each title in question in a format that is
easy to replicate (for backup purposes) and also
easy to run the game from. The second is pre-
serving or simulating a system capable of running
the game in question, because you often can’t in-
stall a game from 1995 on a modern operating
system (OS) directly.
Saving an early game CD to your hard drive is
not a complex task. Publishers of old games
weren’t worried about people making full copies of
the games. Instead, they were concerned about
having the games ripped, stripped of their music
and cinematics, compressed, and distributed in a
degraded form through illegal channels. This
means anti-piracy safeguards were fairly unintru-
sive and didn’t prevent the user from making legiti-
mate backups. Such protections could require you
to keep the CD in your optical reader while you
played and implement some simple checks to en-
sure you actually had the CD (such as looking for
a file in the CD or checking the CD label). Such
mechanisms cause no problem if you own a retail
copy or intend to play from a legitimate backup.
Most Linux users will immediately think that back-
ing up such a game is as simple as putting the CD
in the tray and executing as root:
# dd if=/dev/cdrom of=game_image.img
The command above will generate a raw image of
the CD, which will act as an ISO file for all intents
and purposes. This, however, will be insufficient
when archiving games whose CDs use complex
or non-standard structures. For example, many
games would be sold in multitrack CDs, with one
track containing the video game itself and the rest
of the tracks containing the music (such as Age
of Rifles in Figure 2). The dd command cannot
recognize these arrangements and will often fail
to produce a good copy. On the other hand, many
commercial games, especially around the early
2000s, were manufactured specifically so that it
was impossible to save or clone its CD (see the
“Copy Protection” box). Therefore, dd is not
LINUX-MAGAZINE.COM
TUTORIAL – LEGACY VIDEO GAMES LINUX VOICE
suitable for the task, but fear not, because I will ex-
amine useful alternatives in this article.
Backing Up
The gold standard for backing up a CD into an
image is, without any shadow of doubt, cdrdao [3].
It can generate an image from any healthy CD
Copy Protection
By the end of the ‘90s, the video game industry had entered the dark
ages. Reproducing and distributing illegal copies of CDs at scale had
become cheap, and publishers considered that it was time to prevent
users from making full copies of the games. Copy protection was born.
(See more about PlayStation games in the “What About PlayStation
Games?” box.)
There were many copy protection mechanisms for CDs. Some of them
were crude, such as pressing the retail copies of the game with large
amounts of defective sectors. The idea was that domestic optical read-
ers would error out while trying to make a backup image and encounter-
ing so many broken sectors. Other anti-copy mechanisms were a bit
smarter, and CDs would be pressed with a small number of defective
sectors with manipulated error-correction data. When playing the game
from the original CD, the game would scan the CD for the defective sec-
tors, whose position was known, and refuse to play if such sectors
weren’t present. However, when trying to image or copy the CD, regular
CD copying software would locate the bad sectors, check the manipu-
lated error correction data, interpret the bad sector as an accidental
scratch, and correct it. Therefore, any backup copy of the game would
lack the defective sectors and refuse to run.
The most cunning anti-copy mechanisms would analyze the geometry
of the CD and use data position measurements (DPM). In a nutshell,
DPM allows the game to map physical sectors on the CD by measuring
how long it takes the optical reader to move from a specific sector to an-
other specific sector. The game then refuses to run if the topology de-
tected this way does not match the topology of the original CD. Retail
CDs are pressed rather than burned, and domestic CD burners cannot
replicate specific topologies, which makes producing a working copy im-
possible with domestic equipment. In addition, common image formats
such as ISO or BIN/CUE pairs don’t contain the topology information
necessary to fool copy protection.
The good news is that distribution of games via physical media is con-
sidered obsolete these days, so there has been no meaningful develop-
ment in CD copy protection for a long time. Meanwhile, software solu-
tions have developed in order to beat these primitive forms of DRM. The
bad news is that breaking copy protection might be illegal in your juris-
diction and even giving instructions to do so may be forbidden.
Fortunately, many game publishers have realized it makes no sense to
keep enforcing CD copy protection and are giving their customers alter-
natives to keep playing games bought in the ‘90s. For example, the pop-
ular Warcraft III and its expansion received official no-CD patches from
Blizzard that allowed its users to bypass CD checks, which in turn made
it possible to play Warcraft III from a backup image created with conven-
tional legal tools. On the other hand, Valve will deliver many old titles to
you via Steam as long as you have the serial number that’s glued to the
box of the original copy. It isn’t ideal, but it might be an option.
If you wonder if any of your games use anti-copy mechanisms, or want
to know if there are official patches from the manufacturer, the PCGam-
ingWiki [2] is likely to offer that information.
ISSUE 289 DECEMBER 2024 89
LINUX VOICE TUTORIAL – LEGACY VIDEO GAMES
Figure 2: Using cdrdao to create a BIN/TOC pair from an Age of Rifles CD. The CD fea-
tures a multitrack setup: The first track contains the game itself while the rest of the
tracks contain audio.
that does not have copy protection mechanisms
incorporated. You may install cdrdao (alongside
the auxiliary tools I will use) into a fresh Devuan
system by issuing the following command as
root:
# apt install cdrdao
As explained earlier, ISO images are often not
enough to keep a proper backup. When it comes
to open formats, the best option is to save the
CD to the hard drive as a BIN/CUE pair. This im-
plies producing a backup consisting of two files:
a binary (BIN) file and a CUE file. The binary file
will be a raw image containing the data included
in the original CD. The CUE is an index that lists
the available data and music tracks, and the po-
sition of such tracks within the binary image.
Both files are all you need when dealing with
regular CDs.
However, cdrdao does not produce BIN/CUE
pairs out of the box. Instead, it produces a BIN
file and a table of contents (TOC). The TOC is
actually quite similar in function to the CUE file
as far as this article is concerned, but TOC files
Table 1: cdrdao Flags
--datafile Defines the output BIN file.
--driver Chooses a driver and passes options to said driver if necessary. generic-mmc-raw with
the 0x20000 option is a sane choice.
--device Select an optical reader, such as /dev/cdrom or /dev/sr0.
--read-raw Copy data as-is, including Layered Error Correction (LEC) information.
90 DECEMBER 2024 ISSUE 289
are less popular and therefore are not as well
supported as CUE is. Therefore, I find it more
convenient to use cdrdao to produce a BIN/TOC
pair and then use a converter, toc2cue, to trans-
form it into a BIN/CUE pair.
Generating a BIN/TOC pair from a CD you have
in the tray is as easy as running
$ cdrdao read-cd --datafile game.bin U
--driver generic-mmc-raw:0x20000 U
--device /dev/cdrom U
--read-raw game.toc
This procedure is likely to throw warnings about
incorrigible errors in subchannel data. These are
harmless and may be safely ignored as long as
cdrdao reports saving the image was successful.
The switches used in the above command are
explained on Table 1. The flag 0x20000, passed to
the driver, is of special importance because of an
outstanding quirk. BIN/TOC pairs produced by
cdrdao contain audio tracks which follow the
same byte order (endianness [4]) as the physical
CD. According to the documentation of toc2cue,
What About PlayStation Games?
Video games published for the original Play-
Station (also known as PSX or PlayStation
One) were often distributed as hybrid CDs with
a data track and a number of audio tracks,
much like some PC games. Cdrdao can be
used to back these games up, with the same
method as with PC games. Sadly, using an
image generated this way to burn a copy of
the game to a new CD is unlikely to produce a
copy you can play in a real PlayStation.
Commercial PlayStation games often abused
the standards to incorporate crude copy pro-
tection mechanisms, and a physical PlaySta-
tion will refuse to execute a game that does
not look perfectly legit. Back in the day this led
to gamers to perform illegal modification on
their game consoles in order to play either
backups or outright bootleg copies. Fortu-
nately, images created with cdrdao may be
played legally using a PSX emulator such as
PCSX-Reloaded [4].
LINUX-MAGAZINE.COM

the tool I will use to convert the TOC file to CUE
format, applying the converter directly will result
in a backup with a reversed byte order. Failing to
account for the endianness swap with mixed-
mode CDs (the ones which combine data and
audio tracks) will result in the game’s soundtrack
producing static noise instead of actual music.
The 0x20000 flag forces cdrdao to make an image
using a swapped byte order so you will have a
good backup after you apply toc2cue:
$ toc2cue game.toc game.cue
cdrdao is not capable of dealing with DVDs, but
DVDs themselves didn’t become a common distri-
bution platform for software until a bit later than
the period I am focusing on. Publishers who
wanted to distribute a big game would rather ship
the game split across multiple CDs than press it
into a single DVD. In most cases, games distrib-
uted as DVDs can be backed up directly with dd,
as in the first example in the article. Some online
resources will suggest you use isosize in order to
avoid generating overgrown images (see “The iso-
size Method” box), but my tests suggest this is not
necessary.
Playing Your MS-DOS Games
Once your games are backed up, the next step is
to figure out a way to run them. Saving your
games will be useless if you have no platform to
enjoy them on later.
MS-DOS games are actually quite easy to play in
a modern system, because MS-DOS itself has been
studied in-depth by FOSS developers. A modern
clone of MS-DOS exists in the form of FreeDOS [6],
for example, so you could execute DOS games na-
tively on it. There are also DOS emulators that run
on modern operating systems. Among these, DOS-
Box is the most popular. DOSBox is a specialized
tool for running DOS games, and it has reached
such a level of maturity that commercial software
vendors often distribute old DOS applications bun-
dled with DOSBox. This emulator has also given
birth to many forks that are worth a look. See the
“DOSBox Forks” box for more information.
Installing DOSBox in Devuan is as easy as
# apt install dosbox
DOSBox has many interesting features, such as
the ability to interface with MIDI software devices,
but for the sake of brevity I will touch only on the
Listing 1: ~/example.conf
01 [autoexec]
02 IMGMOUNT E ~/game.cue -t iso
03 MOUNT C ~/DOSGAMES
LINUX-MAGAZINE.COM
TUTORIAL – LEGACY VIDEO GAMES LINUX VOICE
basic steps required to run a game. Once it is in-
stalled, the next step is to create a folder to use as
your MS-DOS directory:
$ mkdir ~/DOSGAMES
A crude approach for loading a game with DOS-
Box consists of passing DOSBox a configuration
file through the command line containing instruc-
tions to mount the BIN/CUE pair of the game. See
Listing 1 for an example.
Notice that line 2 in Listing 1 mounts a BIN/
CUE pair in order to let DOSBox simulate that the
game CD is in the tray. Remember to place the
BIN file in the same folder in which the CUE file
resides, and don’t rename either file after cre-
ation in order to avoid breaking the pair. Line 3
mounts the ~/DOSGAMES directory as drive C:. In
order to run the game, just launch DOSBox:
$ dosbox -conf example.conf
The isosize Method
Common wisdom online seems to be that, if you try to use dd as in the
first example given in this article, dd will dump all the data contained in
the DVD. If there is any empty space by the end of the DVD (i.e., the DVD
is not full), then dd will append all the empty space to the end of the
image, meaning that if you have 3GB worth of data on the disk, dd will
create a 4GB file anyway. Allegedly, the way to prevent this from happen-
ing is by instructing dd to only transfer the data you need.
The first step would be to calculate the amount of data in the DVD:
$ isosize -d 2048 /dev/cdrom
This instruction would give you the number of 2048-byte-sized blocks of
available data on the disk. You’d take note of this number, and then issue:
$ dd if=/dev/cdrom of=image.iso bs=2048 count=$blocks
You’d have to substitute $blocks by the number of blocks obtained from
isosize.
Tests performed on my machines show that dd alone will transfer just
the required data into the image without the need for passing it a num-
ber of blocks manually, which suggests to me the above advice is badly
outdated. However, this advice is so prevalent that I consider it deserv-
ing of being left here for reference.
DOSBox Forks
DOSBox is a popular piece of software that follows a, to put it mildly,
conservative approach to development. It has a reputation for rarely ac-
cepting outside contributions, and its development cycle is very slow.
As a result, many DOSBox forks have appeared. For example, DOSBox-X
[7] is a variant with a deep feature set, capable of running even on early
Windows operating systems. In fact, the developers’ stated goal is “to
eventually make DOSBox-X a complete emulation package that covers
all pre-2000 DOS and Windows 9x-based system scenarios.”
Feel free to check the list of forks offered by DOSBox Staging [8].
ISSUE 289 DECEMBER 2024 91
LINUX VOICE TUTORIAL – LEGACY VIDEO GAMES
Figure 3: DOSBox will offer
you a classic MS-DOS envi-
ronment on a modern oper-
ating system. You can
mount your BIN/CUE images
and then install your games
as if you were running a real
MS-DOS system.
Figure 4: Age of Rifles (1996)
running within DOSBox.
92 DECEMBER 2024
You will be offered a DOS prompt. From the prompt
you may install and run the game as you would in a
traditional DOS system (Figures 3 and 4).
While DOSBox is quite capable of running most
popular games, workarounds and special settings
might occasionally be required. The support sta-
tus of games is documented [9]. If you are having
trouble with a game, it is often worth checking the
official DOSBox wiki [10] for games known to run.
Problematic titles are likely to have detailed in-
structions for playing them.
Playing Classic Windows Titles
Playing Windows games from the pre-Windows
XP era is more complex than playing MS-DOS
games, and while there are many options, most
of them come with caveats and are not com-
pletely satisfactory.
The most obvious solution for playing games
designed for Windows 95 or 98 is to acquire or
ISSUE 289
build a period accurate machine, install Win-
dows on it, and run your games natively. This
may work for you, but old computers and com-
ponents are in a finite supply, and retro ma-
chines are getting a bit too pricey. I have found
that most pre-Windows XP era games can be
coerced into running on Windows 7 by leverag-
ing Windows’ compatibility settings, so if you
have an old (but not ancient) computer laying
around, this might be the best short-term solu-
tion. The Windows ecosystem has plenty of
wrappers and compatibility layers designed to
run old software. For example, you may use a
wrapper such as dgVoodoo for running old games
that are not compatible with modern versions of
Direct3D. However, this is Linux Magazine, and if
you are reading this, you may appreciate a
Linux-centric approach.
The traditional way of running alien programs
under Linux is to install Windows in a virtual ma-
chine and run the applications from there. This
solution is lacking because virtualization solutions
such as VirtualBox or Qemu/KVM either can’t
emulate GPUs with 3D acceleration or make the
process too intrusive against the physical host to
be practical. Worst yet: Modern hypervisors don’t
support running old operating systems officially,
so you are on your own if you try.
A popular Linux option is running games in
Wine. In case you don’t know, Wine, which
stands for “Wine Is Not an Emulator,” is a com-
patibility system for running Windows programs
natively on Linux. Wine is very complex and al-
lows you to select the Windows target version
for every application you intend to run, which in-
cludes pre-Windows XP versions. At first sight,
this looks like a promising solution. However, I
have found that running certain games requires
a lot of work, and you may need to become very
familiar with the tool to put it to good use. Wine
documents the applications known to run well
(or not!) in a publicly accessible database, in
which you may often find hints for executing
problematic titles [11].
Enter 86Box
As a solution, I find 86Box to be sufficient for
early Windows 95 and 98 games. 86Box is a pro-
gram capable of emulating old computers up to
the BIOS level and beyond. It lets you build a retro
virtual machine to your liking, selecting the com-
ponents you need from a vast menu of options.
Its focus is on emulation accuracy, and it’s often
recommended for people who want an authentic
experience without using a real retro computer.
Disadvantages are still many. The price you pay
for experiencing an authentic Windows 9x ma-
chine is also experiencing its many woes, such as
installing Windows, searching for drivers, and
LINUX-MAGAZINE.COM

Figure 5: 86Box requires a ROM pack in order to run and will
suggest a download link to retrieve one. If you are running
the AppImage, the pack will be loaded from the roms folder
in the working directory from which 86Box was invoked.
remembering why you like Linux so much. On the
other hand, 86Box performs emulation on the
software layer only, as opposed to Qemu/KVM,
which leverages your CPU’s virtualization fea-
tures. As such, 86Box pays a heavy performance
penalty – which won’t be noticeable when emulat-
ing low capacity computers, but will be when em-
ulating a powerful machine without a beefy physi-
cal CPU in your host.
86Box is available in many package types, in-
cluding AppImage [12]. I recommend creating a
dedicate folder if you intend to use the AppImage
version, because 86Box is a bit messy and will
use the current working directory to store its con-
figuration data. Therefore, to save yourself the
trouble just download the AppImage to a dedi-
cated empty folder, open a terminal, switch to
that directory, and execute 86Box from there.
In order for 86Box to function, you will need to
provide the appropriate ROMs for any hardware
component you want to build your virtual PC with.
This means you will have to obtain a ROM for the
motherboard, the video adapter, etc. When started
for the first time, 86Box will offer a download link
to retrieve the official ROM collection from GitHub
if ROMs are not present (Figure 5).
A primitive machine will be launched by default
after invoking 86Box (assuming ROMs are pres-
ent), but chances are you will have to build an en-
tirely different virtual PC. You may select the com-
ponents you want your virtual computer to have
from Tools | Settings, which is a very tricky task.
There are many pieces of hardware to pick from
and the difference is not obvious for a novice. As a
rule of thumb, remember that emulating a power-
ful computer is much harder than emulating a
primitive one, so when in doubt, try to build the
less-powerful machine that can run your games.
As of 2024, it is said that a Pentium II CPU with an
early Voodoo graphics card is the most powerful
combination that can be emulated, in practice, by
86Box running on a modern consumer-grade
CPU. If you get stuck, check with the VOGONS [13]
community and see which virtual hardware con-
figuration people are using.
The final step is installing the operating system
alongside the necessary drivers. Windows 98 Sec-
ond Edition is a safe pick, as long as you have a le-
gitimate installation CD and boot disk laying
around. Installing Windows on 86Box is no
LINUX-MAGAZINE.COM
TUTORIAL – LEGACY VIDEO GAMES LINUX VOICE
different than installing it on a real machine and
the process is sufficiently documented. Don’t for-
get to install the Windows drivers for your virtual
computer!
Performance for games is sufficient as long
as you are using a good CPU in your host and
the games you run are not very demanding. As
a reference, I used an Intel Core i5-2467M dur-
ing my tests. Keep also in mind that some
games run better than others on different hard-
ware platforms, so feel free to experiment. Cer-
tain titles will misbehave on virtual computers
that can cope with more demanding games
(Figures 6 and 7).
Conclusions
Archiving old PC games is easier than it seems,
at least up to the age in which copy protection
became prevalent. On the other hand, preserv-
ing the platforms those games can be run on is
complex.
DOSBox and its forks make it possible to run
DOS games without need for a dedicated MS-DOS
machine. Therefore, storing images of your CDs
and keeping a copy of DOSBox is all you need to
ensure your DOS games remain playable.
Reproducing an early Windows platform for
your Windows games takes effort. Wine is com-
plex and results are mixed, but when it works, it
offers the best performance. Modern hypervisors
such as VirtualBox are not designed for retro
games and will likely not support pre-Windows
NT versions of Windows. 86Box offers great em-
ulation fidelity, at the cost of performance and
great complexity. In fact, DOSBox-X might be an
adequate choice if you are willing to sacrifice
Figure 6: Krush, Kill ‘N Destroy 2 (KKND2) works fine in a 86Box machine, with a virtual Intel
Pentium 90MHz!
ISSUE 289 DECEMBER 2024 93
LINUX VOICE TUTORIAL – LEGACY VIDEO GAMES

accuracy for performance, because this DOSBox

fork can be pressed into running early Windows. The Author
An often unmentioned fact is that many popular Rubén Llorente is a me-
games of the past have modern FOSS engines chanical engineer whose
available. For example, games such as DOOM and job is to ensure that the
Diablo have free software engines you may install security measures of the
on Linux or BSD. Original game assets (music, IT infrastructure of a
audio, graphics) are required for these free alter- small clinic are both law
natives to run. As long as you have a backup of compliant and safe. In
the game and one of these engines available, you addition, he is an OpenBSD enthusiast and a
will be able to play these titles natively without weapons collector.
performance penalties. Q Q Q

Info
[1] GOG.com: https://www.gog.com [9] DOSBox list of supported applications:
[2] PCGamingWiki: https://www.dosbox.com/comp_list.php?
https://www.pcgamingwiki.com/wiki/Home letter=a
[3] cdrdao: https://cdrdao.sourceforge.net/ [10] DOSBox wiki:
[4] Endianness: https://www.dosbox.com/wiki/GAMES
https://en.wikipedia.org/wiki/Endianness
[11] Wine application database:
[5] PCSX-Reloaded: https://ps1emulator.com/
https://appdb.winehq.org/
[6] FreeDOS: https://www.freedos.org/
[12] 86Box releases at GitHub:
[7] DOSBox-X: https://dosbox-x.com/
https://github.com/86Box/86Box/releases
[8] DOSBox forks:
https://github.com/dosbox-staging/ [13] VOGONS retro community:
dosbox-staging/wiki/DOSBox-forks https://www.vogons.org/

Figure 7: Master of Dimensions, a graphic adventure from 1996, does not run so well for me. Notice the dismal emulation speed, at 58 percent.

QQQ

94 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 SERVICE
Back Issues

LINUX Order online:

NEWSSTAND https://bit.ly/Linux-Magazine-catalog

Linux Magazine is your guide to the world of Linux. Monthly issues are packed with advanced technical
articles and tutorials you won't find anywhere else. Explore our full catalog of back issues for specific
topics or to complete your collection.

#288/November 2024
Smart Home
If you listen to megavendors like Google and Amazon, the only path to a smart home is
through the cloud, but the Linux community has a better way. We'll show you some open
source smart home tools with no cost and no spying.
On the DVD: Rocky Linux 9.4 and MX Linux MX-23.3

#287/October 2024
Ollama
Many Linux users are intrigued by Large Language Model (LLM) tools like ChatGPT, but if you
really want to be methodical about testing and experimenting, why get tangled in the cloud?
Ollama lets you run LLMs locally on a home computer.
On the DVD: Debian 12.6 and Clonezilla 3.1.3-16

#286/September 2024
Git Ready
The Git version control system is an integral part of the Linux environment. If you’re looking
for a better foundation in Git, or if you already know the basics and are ready to start building
Git into your own custom apps, we’ll make you Git ready.
On the DVD: openSUSE Leap 15.6 and Tails 6.4

#285/August 2024
Kernel Expoilts
Is Linux secure? Only if you keep up with the patches. This month we take a close look at how
intruders attack unsafe versions of the Linux kernel through known and well-publicized exploits.
We’ll show you how to set up your own out-of-date kernel to practice on, and we’ll introduce
you to some of the tools and techniques attackers use to gain root access.
On the DVD: AlmaLinux 9.4 Boot DVD and Fedora Workstation 40 Live

#284/July 2024
Laptop Security
In the scary world of the Internet, “more secure than Windows” still isn’t secure enough. If
you want to keep your traveling systems safe from the clutches of the espionage economy,
you’ll need some extra help. We show you how to outfit your laptop with the extra defenses
you’ll need for life on the road.
On the DVD: Ubuntu Budgie 24.04 LTS and Rescuezilla 2.5

#283/June 2024
AI Tools
Everyone is fascinated with AI right now, but at the end of all the articles and interviews and
research, it is fair to ask, what can I do with it really? This month we highlight some AI-based
tools that will help you build your own chatbot, sharpen photo images, and more.
On the DVD: Nobara 39 and Manjaro 23.14 Gnome

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 95

SERVICE
Events

FEATURED EVENTS
Users, developers, and vendors meet at Linux events around the world.
We at Linux Magazine are proud to sponsor the Featured Events shown here.
For other events near you, check our extensive events calendar online at
https://www.linux-magazine.com/events.
If you know of another Linux event you would like us to add to our calendar,
please send a message with all the details to [email protected].

FOSDEM 2025 State of Open Con 2025 KickStart Europe

Date: February1-2,2025
Location: Brussels, Belgium
Website: https://fosdem.org/2024/
FOSDEM is a free event for software
developers to meet, share ideas, and
collaborate. Every year, thousands of
developers of free and open source
software from all over the world gather
at the event in Brussels. You don't need
to register. Just turn up and join in!
Date: February 4-5, 2025
Location: Brussels, Belgium
Website: https://stateofopencon.com/
Save the date for the UK’s open
technology conference focused on open
source software, open hardware, open
data, open standards, and AI openness.
SOOCon provides an opportunity for
people to come together and have a joint
learning experience with some of the
world’s leading open source experts.
Date: February 4-5,2025
Location: Amsterdam, Netherlands
Website: https://www.kickstartconf.eu/
KickStart Europe is the Annual Strategy &
Networking conference on trends and
investments in tech and digital
infrastructure. By bringing together an
array of industry professionals at the start
of the year, KickStart Europe helps to
explore the emerging trends and
technology shaping the digital industry
and digital infrastructure of cloud,
nnectivity and data centers.

Events
SC24 Nov 17-22 Atlanta, Georgia https://sc24.supercomputing.org/
Open Source Monitoring Conf. Nov 19-21 Nuremberg, Germany https://osmc.de/
PyCon AU 2024 Nov 22-26 Melbourne, Australia https://2024.pycon.org.au/
Cephalocon Dec 4-5 Geneva, Switzerland https://events.linuxfoundation.org/cephalocon/
Open Source Experience Dec 4-5 Paris, France https://dev.events/conferences/
open-source-experience-3nlxf4ch
KubeCon + CloudNativeCon Dec 11-12 IndiaDelhi, India https://events.linuxfoundation.org/
CodeMash Jan 14-17 Sandusky, Ohio https://codemash.org/
FOSDEM 2025 Feb 1-2 Brussels, Belgium https://fosdem.org/2024/
State of Open Con '25 Feb 4-5 London, United Kingdom https://stateofopencon.com/
Kickstart Europe 2025 Feb 4-5 Amsterdam, Netherlands https://www.kickstartconf.eu/
SCaLE 22x March 6-9 Pasadena, California https://www.socallinuxexpo.org/scale/22x/
FOSS Backstage March 10-11 Berlin, Germany https://25.foss-backstage.de/
SUSECON 25 March 10-14 Orlando, Florida https://www.suse.com/susecon/event-details/
CloudFest 2025 March 17-20 Europa-Park, Germany https://www.cloudfest.com/
Images © Alex White, 123RF.com

KubeCon + CloudNativeCon April

Apr 1-4
1-4 London, United Kingdom https://events.linuxfoundation.org/
Europe 2025
PyCon US 2025 May 14-22 Pittsburgh, Pennsylvania https://www.python.org/events/python-events/1507/
Open Source Summit June 23-25 Denver, Colorado https://events.linuxfoundation.org/
North America
Linux Security Summit June 26-27 Denver, Colorado https://events.linuxfoundation.org/
North America

96 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM

 SERVICE
Contact Info / Authors

Contact Info
Editor in Chief
Joe Casad, [email protected]
WRITE FOR US
Linux Magazine is looking for authors to write articles on Linux and the tools of
Associate Editor
the Linux environment. We like articles on useful solutions that solve practical
Amy Pettle
problems. The topic could be a desktop tool, a command-line utility, a network
Copy Editor
Aubrey Vaughn monitoring application, a homegrown script, or anything else with the potential
News Editor to save a Linux user trouble and time. Our goal is to tell our readers stories they
Jack Wallen haven’t already heard, so we’re especially interested in original fixes and hacks,
MakerSpace Editor new tools, and useful applications that our readers might not know about. We
Hans-Georg Eßer also love articles on advanced uses for tools our readers do know about – stories
Managing Editor that take a traditional application and put it to work in a novel or creative way.
Lori White
We are currently seeking articles on the following topics for upcoming cover
Localization & Translation
Ian Travis themes:
Layout • Cool Rasp Pi Projects
Dena Friesen, Lori White • Linux Shortcuts and Hacks
Cover Design • System Rescue
Lori White
Cover Image Let us know if you have ideas for articles on these themes, but keep in mind that
© pitinan and raptorcaptor, 123RF.com our interests extend through the full range of Linux technical topics, including:
Advertising • Security
Jessica Pryor, [email protected] Advanced Linux tuning and configuration
•
Marketing Communications
• Internet of Things
Gwen Clark, [email protected]
Linux New Media USA, LLC • Networking
4840 Bob Billings Parkway, Ste 104 • Scripting
Lawrence, KS 66049 USA • Artificial intelligence
Publisher • Open protocols and open standards
Brian Osborn
If you have a worthy topic that isn’t on this list, try us out – we might be interested!
Customer Service / Subscription
For USA and Canada: Describe your idea in 1-2 paragraphs and send it to: [email protected].
Email: [email protected]
Phone: 1-866-247-2802
(Toll Free from the US and Canada) Authors
For all other countries:
Email: [email protected] Thomas Boele 32 Andrew Malcolm 56
www.linux-magazine.com Zack Brown 12 Dave McKellar 64
While every care has been taken in the content of the
magazine, the publishers cannot be held responsible Bruce Byfield 6, 22, 38 Vincent Mealing 71
for the accuracy of the information contained within
it or any consequences arising from the use of it. The Joe Casad 3 Mike Schilli 48
use of the disc provided with the magazine or any
material provided on it is at your own risk. Mark Crutch 71 Tim Schürmann 16
Copyright and Trademarks © 2024 Linux New Media Nate Drake 82 Koen Vervloesem 26
USA, LLC.
No material may be reproduced in any form Marco Fioretti 74 Reinhard Voglmaier 42
whatsoever in whole or in part without the written
permission of the publishers. It is assumed that all Jon “maddog” Hall 73 Jack Wallen 8
correspondence sent, for example, letters, email,
faxes, photographs, articles, drawings, are supplied Rubén Llorente 88
for publication or license to third parties on a non-
exclusive worldwide basis by Linux New Media USA,
LLC, unless otherwise stated in writing.

            
Linux is a trademark of Linus Torvalds.
   
        

              
All brand or product names are trademarks of their    

   !       

respective owners. Contact us if we haven’t credited   !"#
"#  "  !#   $!  %& 
 !
$%%&' ( )(
  

your copyright; we will always correct any oversight.   *$%%%%)+,  (

#$&  ' (  #   " 
#$)& *' (#   ! !
Printed in Nuremberg, Germany by Kolibri Druck. ,  -% &.  & /
"
#$+&  " ,  -  .    
0 1.   ,++&%% *2 3 45  *    
Distributed by Seymour Distribution Ltd, United !6 6 %73(8- 
!8 3& 82-!"9 #$/&    " 
  ! !
#

0 1.   ,++&%% *: +' & &% &; & 6% %%
Kingdom 45  *%)&
"   , #  
 ""
0, # 

!6 6 %73(8- 
!8 3& 82-!" $& ' ( "
!
Represented in Europe and other territories by:
" 1% +0 1.   ,++&%%% *%)&8 $)&*' ( ! !
Sparkhaus Media GmbH, Bialasstr. 1a, 85625 <+ &8 +  <+ &
$+&    " 
  ! !
Glonn, Germany. 6& 4% & 8!6 6 %73(8- 
!8 3& 82-
$/&0, #    ! !
!"
Linux Magazine (Print ISSN: 1471-5678, Online = 0 % +8!6 6 %73(8- 
!8 3& 82-!" "  0, #  "
!
 &>) 8!6 6 %73(8- 
!8 3& 82-!"
ISSN: 2833-3950, USPS No: 347-942) is published
!43 & 3+ ?-,808!6 6 %73(8
"  , #   !!
monthly by Linux New Media USA, LLC, and dis- - 
!8 3& 82-!"9- 7) +&%-. &7) %+    ! , # 

!
;1:86  %% &
8; 8;&1 ( " 
tributed in the USA by Asendia USA, 701 Ashland

2 3 6 +) +&%8 &  %8 +4 )&- & (: +&%
 !
     ""@ ""@
Ave, Folcroft PA. Application to Mail at Periodicals 43   &: + 
&   & & * ,1   *6 +%8
 &  %8 & )&- & %  1    
Postage Prices is pending at Philadelphia, PA and
 - %: %  ) ++& .& + 
1 )%      
additional mailing offices. POSTMASTER: send ad-
       
#"      $2&3     $21 &
dress changes to Linux Magazine, 4840 Bob Billings
$%% * &0&    -. 1&!
"   , # $20&3     $21 &
$ & *( )   * &1  *& %)+  )%* &1% & +
Parkway, Ste 104, Lawrence, KS 66049, USA. 1. ;3 0 &786% %% &8!"#
"#!    $4  -    $1##(1 55&

LINUX-MAGAZINE.COM ISSUE 289 DECEMBER 2024 97

NEXT MONTH
Issue 290

December 6
Issue 290 / January 2024

Alternative
Office Suites
Most Linux distributions come bundled with the LibreOffice
suite, but Linux is all about choice, and a number of other
options exist in the wild. If you’re getting restless and want to
explore the contenders for word processing, accounting, and
presentations, look for next month’s issue, where we study
some of the leading office alternatives.

Also inside:
• Weather Cam
• Metadata in Digikam
• Bash Tricks for Web Maintenance
• Manage Your VPNs with WireGuard Easy
• And much more!
Please note: Articles could change before the next issue.

BE THE FIRST TO SEE WHAT'S NEXT

Image © gerain0812, 123RF.com

The Linux Magazine Preview is a monthly

email newsletter that gives you a sneak
peek at the next issue, including links to
articles posted online.
Sign up at: https://bit.ly/Linux-Update

98 DECEMBER 2024 ISSUE 289 LINUX-MAGAZINE.COM