A Brand Advertising Restoration Project

The GDPR is breaking advertising apart. 

Never mind the specifics of the regulation. Just look at the effects. Among those, two are obvious and everywhere: 1) opt-back-in emails and 2) "consent walls" in front of websites. Both of those misdirect attention away from how an entire branch of advertising ignored a simple moral principle that has long applied in the offline world: tracking people without their knowledge, approval or a court order is just flat-out wrong.

That branch of advertising is adtech. As I put it here a year ago: 

Let's be clear about all the differences between adtech and real advertising. It's adtech that spies on people and violates their privacy. It's adtech that's full of fraud and a vector for malware. It's adtech that incentivizes publications to prioritize “content generation” over journalism. It's adtech that gives fake news a business model, because fake news is easier to produce than the real kind, and adtech will pay anybody a bounty for hauling in eyeballs.

Real advertising doesn't do any of those things, because it's not personal. It is aimed at populations selected by the media they choose to watch, listen to or read. To reach those people with real ads, you buy space or time on those media. You sponsor those media because those media also have brand value.

The GDPR won't make adtech go away, but it will separate the advertising wheat from the adtech chaff.

The question then is whether advertisers and publishers can recover their lost taste for wheat. Lots of brands still like to advertise on the broadcast and print media that operate in the physical world. In fact, advertising there is still how most brands are made and sustained. In the online world, however, advertisers' appetite for data far outweighs their interest in branding there—with the exception of podcasting. Advertising on podcasts is growing rapidly. While there is data to be gained there, the main reason brands advertise on podcasts are old-fashioned sponsorship ones: brands supporting brands. 

Atari VCS Finally on Indiegogo, Free Software Directory Meet-up Tomorrow, Minifree Libreboot X200 Tablet Has Been FSF-Certified and More

News briefs for May 31, 2018.

The Atari VCS finally appeared on Indiegogo this week and already has $2,083,244 USD at the time of this writing (the goal was $100,000). The user interface is proprietary, but it's "built on an open source Linux OS so you can add your own software and apps to customize your own platform". The Indiegogo page also mentions that "a planned line of Atari VCS peripherals and accessories will let you build your own Game and Entertainment-Powered 'Connected Home' experience." It will include classic arcade games as well as modern titles and is expected to begin shipping in July 2019.

Join the Friday Free Software Directory IRC meet-up tomorrow, June 1, 12pm EDT to 3pm EDT. This week's theme is health software, and the meeting is on IRC in the #fsf channel on irc.freenode.org.

There's a new open-source framework for government projects: the Louisville Metro Government recently made its traffic data infrastructure available in the cloud and open-sourced the code, allowing other cities to build upon it, Route 50 reports. Louisville had won an Amazon Web Services grant last year to "merge its traffic data with Waze's and then run predictive analytics in the cloud to better time traffic signals to manage flow." More than 80 local, state and federal governments are now part of the Waze Connected Citizens Program, and the network is expanding to other open-source projects and is called the Open Government Coalition.

Redis 5.0 RC1 is out for testing this week, Phoronix reports. The biggest new feature is the Streams data type implementation, but 5.0 also offers new APIs, better memory reporting and more. See the Redis 5.0 RC1 announcement for all the details.

The Minifree Libreboot X200 tablet has been FSF-certified, which means "the product meets the FSF's standards in regard to users' freedom, control over the product, and privacy". The X200 tablet is a "fully free laptop/tablet hybrid that comes with Trisquel and Libreboot pre-installed. The device is similar to the previously certified Libreboot X200 laptop, but with a built-in tablet that enables users to draw, sign documents, or make handwritten notes."

Why You Should Do It Yourself

Bring back the DIY movement and start with your own Linux servers.

It wasn't very long ago that we lived in a society where it was a given that average people would do things themselves. There was a built-in assumption that you would perform basic repairs on household items, do general maintenance and repairs on your car, mow your lawn, cook your food and patch your clothes. The items around you reflected this assumption with visible and easy-to-access screws, spare buttons sewn on the bottom of shirts and user-replaceable parts.

Through the years though, culture has changed toward one more focused on convenience. The microeconomic idea of "opportunity cost" (an idea that you can assign value to each course of action and weigh it against alternative actions you didn't take) has resulted in many people who earn a reasonable wage concluding that they should do almost nothing themselves.

The typical thinking goes like this: if my hourly wage is higher than the hourly cost of a landscaping service, even though that landscaping service costs me money, it's still cheaper than if I mowed my own lawn, because I could somehow be earning my hourly wage doing something else. This same calculation ends up justifying oil-change and landscaping services, microwave TV dinners and replacing items when they break instead of repairing them yourself. The result has been a switch to a service-oriented economy, with the advent of cheaper, more disposable items that hide their screws and vehicles that are all but hermetically sealed under the hood.

This same convenience culture has found its way into technology, with entrepreneurs in Silicon Valley wracking their brains to think of some new service they could invent to do some new task for you. Linux and the Open Source movement overall is one of the few places where you can still find this do-it-yourself ethos in place.

When referring to proprietary software, Linux users used to say "You wouldn't buy a car with the hood welded shut!" With Linux, you can poke under the hood and see exactly how the system is running. The metaphorical screws are exposed, and you can take the software apart and repair it yourself if you are so inclined. Yet to be honest, so many people these days would buy a car with the hood welded shut. They also are fine with buying computers and software that are metaphorically welded shut all justified by convenience and opportunity cost.

Chrome 67 Released, New Version of RaspAnd, SEGA Mega Drive and Genesis Classics Now Available for Linux and More

News briefs for May 30, 2018.

Chrome 67 has been released, and it includes several security fixes as well as default support for WebAuthn, which provides "a way to sign up to websites using biometrics like fingerprints or facial images stored in a smartphone, or USB hardware like Yubikey's authentication device", ZDNet reports. Chrome 67 also features new APIs for augmented and virtual reality.

RaspAnd developer Arne Exton announced yesterday the new version of his Android-based OS for the Raspberry Pi. This build is based on Android 7.1.2 Nougat, and Exton says "RaspAnd 7.1.2 Build 180529 can be used with the official Raspberry Pi 7 inch touchscreen and Big TV Screens." He also mentions that Bluetooth now works for the very first time and video performance in Kodi 18.0 has improved.

SEGA Mega Drive and Genesis Classics are now available for Linux. According to GamingOnLinux, they've also added new features, including two-player online multiplayer, leaderboards, challenge modes, VR support and more. In addition, they have also lowered the price to $29.99 for the whole collection, which is available on Steam.

LWN reports a large set of stable kernel updates this morning: "4.16.13 (272 patches), 4.14.45 (496 patches), 4.9.104 (329 patches), 4.4.134 (268 patches) and 3.18.111 (185 patches)".

Plex now supports podcasts, and according to the Engadget post, "It's also free, helps contain all your media—including photos, music, news and videos—in one place, and doesn't make passive aggressive subscription requests. In fact there isn't any subscription required at all."

The Fight for Control: Andrew Lee on Open-Sourcing PIA

When I learned that our new sister company, Private Internet Access (PIA), was opening its source code, I immediately wanted to know the backstory, especially since privacy is the theme of this month's Linux Journal. So I contacted Andrew Lee, who founded PIA, and an interview ensued. Here it is.

DS: What made you start PIA in the first place? Did you have a particular population or use case—or set of use cases—in mind?

AL: Primarily PIA was rooted in my humble beginnings on IRC where it had quickly become important to protect one's IP from exposure using an IRC bouncer. However, due to jumping around in various industries thereafter, I learned a lot and came to an understanding that it was time for privacy to go mainstream, not in the "hide yourself" type of sense, but simply in the "don't watch me" sense.

DS: Had you wanted to open-source the code base all along? If not, why now?

AL: We always wanted to open-source the code base, and we finally got around to it. It's late, but late is better than never. We were incredibly busy, and we didn't prioritize it enough, but by analyzing our philosophies deeply, we've been able to re-prioritize things internally. Along with open-sourcing our software, there are a lot of great things to come.

DS: People always wonder if open-sourcing a code base affects a business model. Our readers have long known that it doesn't, and that open-sourcing in fact opens more possibilities than leaving code closed. But it would be good to hear your position on the topic, since I'm sure you've thought about it.

AL: Since Private Internet Access is a service, having open-source code does not affect the business' ability to generate revenue as a company aiming for sustainable activism. Instead, I do believe we're going to end up with better and stronger software as an outcome.

DS: Speaking of activism, back in March, you made a very strong statement, directly to President Trump and Congress, with a two-page ad in The New York Times, urging them to kill off SESTA-FOSTA. I'm curious to know if we'll be seeing more of that and to hear what the response was at the time.

AL: Absolutely! We ran a few newspaper campaigns, including one for the Internet Defense League. It's a very strong place to mobilize people for important issues for society. As a result of the campaign, many tweets from concerned Americans were received by President Trump. I would say it was a success, but from here it's up to our President. Let's hope he does the right thing and vetoes it. That said, if the bill is signed in its current form [which it was after this interview was conducted], the internet is routing, and the cypherpunks have the power of the crypto. We will decentralize and route around bad policy.

Rocket.Chat, Nitrux Linux and More. It’s Cooking with Linux (without a Net)

Please support Linux Journal by subscribing or becoming a patron.

Today on "Cooking with Linux without a Net", I cover (and install) @RocketChat , show you another Linux distribution you've never heard of (Nitrux Linux), and hunt rootkits and perform security audits. Oh, and I crash and burn too. Much fun was had, so watch and enjoy.

Emacs 26.1 Released, Linux 4.17-rc7, GNOME Foundation Receives Anonymous Donation and More

News briefs for May 29, 2018.

Emacs 26.1 was released yesterday. New features include limited form of concurrency with Lisp threads, support for optional display of line numbers in the buffer, use of double buffering to reduce flicker on the X Window System, redesign of Flymake, support for 24-bit colors on text terminals and lots more.

Linus Torvalds had these remarks over the weekend on Linux 4.17-rc7: "This week we had the whole 'spectre v4' thing, and yes, the fallout from that shows up as part of the patch and commit log. But it's not actually dominant: the patch is pretty evenly one third arch updates, one third networking updates, and one third "rest". He also mentioned "The bulk of it is really pretty trivial one-liners, and nothing looks particularly scary. Let's see how next week looks, but if nothing really happens I suspect we can make do without an rc8."

The GNOME Foundation recently received a pledge for $1,000,000 over the next two years from an anonymous donor. The Foundation plans to use the funds "to increase staff to streamline operations and to grow its support of the GNOME Project and the surrounding ecosystem."

KDE Connect Development Sprint took place last week, and the developers worked on the ability to send SMS from the desktop, making the Run Commands interface more discoverable, improving the functionality of multimedia controls ("now it's possible to display album art from your desktop on your Android devices") and more.

A new desktop environment option has arrived. The Jade Desktop is built on Python, HTML5, CSS and JavaScript and uses GTK with WebKit2, Phoronix reports. For more info, see Sparky Linux, which is offering the new desktop to its users.

The Korora Project and BackSlash Linux are ceasing development due to time constraints and financial issues, respectively, It's FOSS reports. The Korora project is taking a sabbatical (the developers aren't saying how long that will be), and the BackSlash Linux distro is asking for donations to help get started again.

Generating Good Passwords, Part II

Passwords. They're the bane of computer users and a necessary evil, but they have risks and challenges associated with them. None of the choices are great. If it's up to your memory, you'll end up using the same password again and again. Use a password manager like 1Password, and you're reliant on its database security and portability. Two-factor? Um, can I borrow your phone for a minute?

Still, having complex and random passwords is definitely more secure than having a favorite phrase or variation you've been using for years. You know what I mean, just own it; you've been using the same PIN and password forever, right?

Last time, I built a script that could produce a random character from one of a set of character sets. For example, a random uppercase letter can be produced like this:


uppercase="ABCDEFGHIJKLMNOPQRSTUVWXYZ"

${uppercase:$(( $RANDOM % ${#uppercase} )):1}

Add lowercase and a constrained set of punctuation and some rules on how many of each you want, and you can make some pretty complicated passwords. To start, let's just focus on a random sequence of n uppercase letters.

That's easily done:


while [ ${#password} -lt $length ] ; do
   letter=${uppers:$(( $RANDOM % ${#uppers} )):1}
   password="${password}$letter"
done

Remember that the ${#var} notation produces the length of the current value of that variable, so this is an easy way to build up the $password variable until it's equal to the target length as specified in $length.

Here's a quick test run or two:


$ sh makepw.sh
password generated = HDBYPMVETY
password generated = EQKIQRCCZT
password generated = DNCJMMXNHM

Looks great! Now the bigger challenge is to pick randomly from a set of choices. There are a couple ways to do it, but let's use a case statement, like this:


while [ ${#password} -lt $length ] ; do
  case $(( $RANDOM % 4 )) in
     0 ) letter=${uppers:$(( $RANDOM % ${#uppers} )):1}  ;;
     1 ) letter=${lowers:$(( $RANDOM % ${#lowers} )):1}  ;;
     2 ) letter=${punct:$((  $RANDOM % ${#punct}  )):1}  ;;
     3 ) letter=${digits:$(( $RANDOM % ${#digits} )):1}  ;;
  esac
  password="${password}$letter"
done

Since you're basically weighing upper, lower, digits and punctuation the same, it's not a huge surprise that the resultant passwords are rather punctuation-heavy:


$ sh makepw.sh
password generated = 8t&4n=&b(B
password generated = 5=B]9?CEqQ
password generated = |1O|*;%&A;

These are all great passwords, impossible to guess algorithmically (and, yeah, hard to remember too, but that's an inevitable side effect of this kind of password algorithm).

Privacy Plugins

Protect yourself from privacy-defeating ad trackers and malicious JavaScript with these privacy-protecting plugins.

Although your phone is probably the biggest threat to your privacy, your web browser is a close second. In the interest of providing you targeted ads, the web is littered with technology that attempts to track each site you go to via a combination of cookies and JavaScript snippets. These trackers aren't just a privacy threat, they are also a security threat. Because of how ubiquitous these ad networks are, attackers have figured out ways to infiltrate some of them and make them serve up even more malicious code.

The good news is that a series of privacy plugins work well with Firefox under Linux. They show up as part of the standard list of approved add-ons and will help protect you against these kinds of threats. Many different privacy plugins exist, but instead of covering them all, in this article, I highlight some of my personal favorites—the ones I install on all of my browsers. Although I discuss these plugins in the context of Firefox, many of them also are available for other Linux browsers. Because all of these plugins are standard Firefox add-ons, you can install them through your regular Firefox add-on search panel.

Privacy Badger

The EFF has done a lot of work recently to improve privacy and security for average users online, and its Privacy Badger plugin is the first one I want to cover here. The idea behind Privacy Badger is to apply some of the tools from different plugins like AdBlock Plus, Ghostery and others that inspect third-party JavaScript on a page. When that JavaScript comes from a known tracking network or attempts to install a tracking cookie on your computer, Privacy Badger steps in and blocks it.

If so many other plugins do something similar, why re-invent the wheel with Privacy Badger? Well, the downside to many of the other tools is that they often require user intervention to tweak and tune. Although it's great for people who want to spend their time doing that, average users probably rather would spend their time actually browsing the web. Privacy Badger has focused on providing similar protection without requiring any special tweaking or tuning. As you browse the web, it keeps track of these different sites, and by observing their behavior, decides whether they are tracking you.

Weekend Reading: Ansible

Ansible logo

I've written about and trained folks on various DevOps tools through the years, and although they're awesome, it's obvious that most of them are designed from the mind of a developer. There's nothing wrong with that, because approaching configuration management programmatically is the whole point. Still, it wasn't until I started playing with Ansible that I felt like it was something a sysadmin quickly would appreciate.

Part of that appreciation comes from the way Ansible communicates with its client computers—namely, via SSH. As sysadmins, you're all very familiar with connecting to computers via SSH, so right from the word "go", you have a better understanding of Ansible than the other alternatives.

With that in mind, I've written a few articles exploring how to take advantage of Ansible. It's a great system, but when I was first exposed to it, it wasn't clear how to start. It's not that the learning curve is steep. In fact, if anything, the problem was that I didn't really have that much to learn before starting to use Ansible, and that made it confusing. For example, if you don't have to install an agent program (Ansible doesn't have any software installed on the client computers), how do you start?

Ansible, Part I: the Automation Framework That Thinks Like a Sysadmin

How to get started with Ansible. Shawn tells us the reason Ansible was so difficult for him at first was because it's so flexible with how to configure the server/client relationship, he didn't know what he was supposed to do. The truth is that Ansible doesn't really care how you set up the SSH system; it will utilize whatever configuration you have. This article will get you set up.  

Ansible, Part II: Making Things Happen

Finally, an automation framework that thinks like a sysadmin. Ansible, you're hired.

Ansible is supposed to make your job easier, so the first thing you need to learn is how to do familiar tasks. For most sysadmins, that means some simple command-line work. Ansible has a few quirks when it comes to command-line utilities, but it's worth learning the nuances, because it makes for a powerful system.

Ansible, Part III: Playbooks

Playbooks make Ansible even more powerful than before.

OpenSUSE 15 Leap Released, Facebook and Google Already Face GDPR Complaints, GNOME 3.29.2 and More

News briefs for May 25, 2018.

OpenSUSE 15 Leap, the "project's latest non-rolling-release, enterprise-geared distribution", was released today. This new version "brings a new partitioner, makes use of Firewalld for its firewall, a new look, various new enterprise features, support for NextCloud, atomic updates support via Kubic, and much more. The GNOME version of openSUSE Leap 15 is also using Wayland by default while their KDE Plasma 5.12 LTS desktop continues using an X.org session default." For more details on all the new features, visit the OpenSUSE News site.

Facebook and Google are already facing GDPR complaints due to "forced consent". TechCrunch reports that Max Schrems has filed complaints against Facebook, Instagram, WhatsApp and Android. Regarding Facebook, Schrems commented "In the end users only had the choice to delete the account or hit the 'agree'-button—that's not a free choice, it more reminds of a North Korean election process."

If you have a NETGEAR router, see the security advisory for steps you can take to protect yourself against the VPNFilter malware.

GNOME 3.29.2 was released yesterday. This is the second unstable release in the 3.30 cycle and is primarily for testing and hacking.

GamingOnLinux reports that Paradox has confirmed its new game Imperator: Rome! will be supported for Linux.

FOSS as a Part of a Corporate Sustainability Plan

Free and open-source software is a critical part of your company's supply chain. Here's why and how you can include it in your corporate sustainability plan.

In 1983 the United Nations convened a commission of 22 people to investigate the question of the worldwide environmental and social impact of human development. Four years later, in 1987, the commission released Our Common Future, more commonly known as the Brundtland Report in honour of Gro Harlem Brundtland, chairperson of the commission. This report detailed the very real socio-environmental issues facing humanity. One of its recommendations was for governments, organizations and companies to start engaging in what it called sustainable development. That is, "...development that meets the needs of the present without compromising the ability of future generations to meet their own needs".

Since then there's been steep growth in the number of corporations that maintain and operate according to a corporate sustainability plan. These plans encompass environmental as well as social aspects of doing business. They encompass actions within an organization—such as natural resource usage, diversity and inclusion, and fair treatment of employees—as well as those external to the organization—such as the sustainability operations of their entire supply chain as well as the overall impact the corporation has on the Earth and its inhabitants.

The Benefits of Sustainability

A sustainability plan impacts every facet of an organization's operations and can take a fair bit of effort to implement and maintain. If that's the case, why are more corporations putting these plans into action every year? While it would be nice to think that this occurs for entirely altruistic reasons—taking care of the Earth and its inhabitants is simply the right thing to do, after all—the fact of the matter is that studies repeatedly show that properly implemented corporate sustainability plans are very good for the bottom line.

RIP Robin “Roblimo” Miller

Linux Journal has learned fellow journalist and long-time voice of the Linux community Robin "Roblimo" Miller has passed away. Miller was perhaps best known by the community for his role as Editor in Chief of Open Source Technology Group, the company that owned Slashdot, SourceForge.net, freshmeat, Linux.com, NewsForge, and ThinkGeek from 2000 to 2008. He went on to write and do video interviews for FOSS Force, penned articles for several publications, and authored three books, The Online Rules of Successful Companies, Point & Click Linux!, and Point & Click OpenOffice.org, all published by Prentice Hall.

As Marcel Gagne so perfectly summarized, "Robin was one of those people who could make you laugh while teaching you a thing or two."

Roblimo, you will be missed. 

An FUQ for the GDPR

Today is Privmas Eve: the day before Privmas, aka GDPR Day: the one marked red on the calendars of every company in the world holding an asset the GDPR has suddenly made toxic: personal data. The same day—25 May—should be marked green for everyone who has hated the simple fact that harvesting personal data from everybody on the internet has been too damned easy for too damned long for too damned many companies, and governments too.

Whether you like the GDPR or not (and there are reasons for both, which we'll get into shortly), one thing it has done for sure is turn privacy into Very Big Deal. This is good, because we've had damned little of it on the internet and now we're going to get a lot more. That's worth celebrating, everybody. Merry Privmas! 

To help with that, and because 99.99x% of GDPR coverage is about what it means for the fattest regulatory targets (Facebook, Google, et al.), here's an FUQ: Frequently Unasked (or Unanswered) Questions about the GDPR and what it means for you, me and everybody else who wants to keep personal data personal—or to get back personal data those data farmers have already harvested. (The GDPR respects both.)

A note before we begin: this is a work in progress. It's what we know about what's now possible in a world changed by the GDPR. And "we" includes everybody. If you want to help, weigh in. Here goes...

Bottom line, what does the GDPR mean for the "natural persons" it also calls "data subjects"?

It means we're in charge now: at least of ourselves—and of our sides of relationships with the corporate entities we deal with.

No, the GDPR doesn't say that specifically, but both the letter and the spirit of the GDPR respect privacy as a fundamental human right. Since rights are something we exercise as individuals, and not just a something good corporate behavior allows us to enjoy, we should be able to provide it for ourselves as well.

Don't we have enough privacy tools already with crypto, onion routing, VPNs and so on?

No, we don't.

Those are all forms of protection against exploitation by others. We need tools that create private spaces around us on the net, much as clothing (the original privacy tech) does for us in the natural world. We need ways to signal to others what's okay and what's not okay, and to know easily when those signals are being respected and when they are not. We need ways to move about the net anonymously, and to submit identifiers only on a need to know basis, and then in ways we control.

Parrot 4.0 Now Available, Eudora Email Code Open-Sourced, Firefox Now Offers Two-Step Authentication and More

News briefs for May 24, 2018.

Parrot 4.0 is now available for download. Parrot is a "GNU/Linux distribution based on Debian Testing and designed with Security, Development and Privacy in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own software or protect your privacy while surfing the net." New features of this "milestone" version include netinstall images, Docker templates, Linux kernel 4.16 and several other bugfixes and changes. See the release notes for more information.

Historic Eudora email code has been open-sourced by the Computer History Museum, The Register reports: "it fell into neglect after Qualcomm stopped selling it in 2006, and a follow-up version was poorly received in 2007. Under this latest deal, Qualcomm is to donate all IP—copyright code, trademarks and domain names—over to the museum."

Mozilla began offering two-step authentication for Firefox this week. If you enable it, you'll need to use an additional security code to log in. Mozilla is using the authentication standard TOTP (Time-based One-Time Password) to implement this feature. If you don't see a "Two-step authentication" panel in your Preferences, see this page for further instructions on how to enable it.

Kata Containers 1.0 was released this week. This first release "completes the merger of Intel's Clear Containers and Hyper's runV technologies, and delivers an OCI compatible runtime with seamless integration for container ecosystem technologies like Docker and Kubernetes." Visit the Kata Containers page for more info and links to the GitHub and install guide.

Visualizing Molecules with EasyChem

Introducing EasyChem, a program that generates publication-quality images of molecular structures.

Chemistry is one of the heavy hitters in computational science. This has been true since the beginning, and it's no less true today. Because of this, several software packages specifically target this user group. Most of these software packages focus on calculating things within chemistry, like bond energies or protein folding structures. But, once you've done the science portion, you need to be able to communicate your results, usually in the form of papers published in journals. And, part of the information you'll need to disseminate is imagery of the molecules from your work. And, that's where EasyChem, this article's subject, comes into play.

EasyChem helps generate publication-quality images of molecular structures. It should be available in the package management repositories for most distributions. In Debian-based distributions, you can install it with the following command:


sudo apt-get installed easychem

Once it's installed, you can start it either from your GUI's menu system or from the command prompt. When it first starts, you get a blank canvas within which to start your project.

Figure 1. You get a blank workspace when you first start EasyChem.

One of the first things you'll want to check is whether the option to have helpful messages is turned on. You can check this by clicking Options→Learning messages. With this selected, you'll get helpful information in the bottom bar of the EasyChem window.

Let's start with a simple molecule like benzene. Benzene is a ring of six carbon atoms, with every other bond a double bond. You can create this structure by using the options at the bottom of the draw window. Making sure that the "Add bonds" option is selected, select the "Simple" bond from the drop-down of "Bond type". If you now place the mouse pointer somewhere in the window and click and drag, you'll get a single bond drawn. To get a ring, you need to hold down the Ctrl key, and then click and drag. This will draw a ring structure for you.

You can set the number of atoms to use in the ring with the "Ring size" option in the bottom left of the window. The default is six, which is what you'll want for your benzene ring.

To get the alternating bond types, select the "Edit" option at the bottom, and then you'll be able to select individual bonds and change their types. When you select one of the bonds, you'll see a new pop-up window where you can change the details, such as the type of bond, along with the color and the relative width if it is a multiple bond.

VPNFilter Malware Attacks Routers, Mitigations for Spectre Variant 4, OnePlus 6 Phone and More

News briefs for May 23, 2018.

There's a new type of malware called VPNFilter, which has "has infected at least half a million home and small business routers including those sold by Netgear, TP-Link, Linksys, MicroTik, and QNAP network storage devices". This code is intended to "serve as a multipurpose spy tool, and also creates a network of hijacked routers that serve as unwitting VPNs, potentially hiding the attackers' origin as they carry out other malicious activities". See the story on Wired for all the details.

Canonical released an update to address 13 security vulnerabilities, including the new Spectre Variant 4, for Ubuntu 18.04 LTS, Ubuntu 17.10, Ubuntu 16.04 LTS, and Ubuntu 14.04 LTS. Canonical notes that "to fully mitigate Spectre Variant 4, users must also update the processor microcode firmware". See the security announcement for more info, and update now.

Also yesterday, Greg Kroah-Hartman released updates for the Linux 4.9.102, 4.14.43, and 4.16.11 kernels for Spectre Variant 4 mitigation. Update now. (Source: Phoronix.)

Mark Shuttleworth created a stir this week with his keynote at the OpenStack Summit in Vancouver due to his competitive comments about VMware and Red Hat. See the ServerWatch story for details.

The OnePlus 6 unlocked phone is now available for $529. See Android Central for specification and a review of the new phone.

Cooking With Linux (without a net): Really tiny Linux distributions, old DOS games, and more

Please support Linux Journal by subscribing or becoming a patron.

It's Tuesday, and it's time for Cooking With Linux (without a net) where I do some live Linuxy and open source stuff, live, on camera, and without the benefit of post video editing therefore providing a high probability of falling flat on my face. Today, it's teeny tiny Linux time where I'll show you some of the smallest fully graphical distributions out there, play some old abandoned games, DOS emulation, and visit browser based Linux. Basically, a grab bag of Linux and open source goodies. Oh, and wine.

Tor Hidden Services

Why should clients get all the privacy? Give your servers some privacy too!

When people write privacy guides, for the most part they are written from the perspective of the client. Whether you are using HTTPS, blocking tracking cookies or going so far as to browse the internet over Tor, those privacy guides focus on helping end users protect themselves from the potentially malicious and spying web. Since many people who read Linux Journal sit on the other side of that equation—they run the servers that host those privacy-defeating services—system administrators also should step up and do their part to help user privacy. Although part of that just means making sure your services support TLS, in this article, I describe how to go one step further and make it possible for your users to use your services completely anonymously via Tor hidden services.

How It Works

I'm not going to dive into the details of how Tor itself works so you can use the web anonymously—for those details, check out https://tor.eff.org. Tor hidden services work within the Tor network and allow you to register an internal, Tor-only service that gets its own .onion hostname. When visitors connect to the Tor network, Tor resolves those .onion addresses and directs you to the anonymous service sitting behind that name. Unlike with other services though, hidden services provide two-way anonymity. The server doesn't know the IP of the client, like with any service you access over Tor, but the client also doesn't know the IP of the server. This provides the ultimate in privacy since it's being protected on both sides.

Warnings and Planning

As with setting up a Tor node itself, some planning is involved if you want to set up a Tor hidden service so you don't defeat Tor's anonymity via some operational mistake. There are a lot of rules both from an operational and security standpoint, so I recommend you read this excellent guide to find the latest best practices all in one place.

Without diving into all of those steps, I do want to list a few general-purpose guidelines here. First, you'll want to make sure that whatever service you are hosting is listening only on localhost (127.0.0.1) and isn't viewable via the regular internet. Otherwise, someone may be able to correlate your hidden service with the public one. Next, go through whatever service you are running and try to scrub specific identifying information from it. That means if you are hosting a web service, modify your web server so it doesn't report its software type or version, and if you are running a dynamic site, make sure whatever web applications you use don't report their versions either.

Examining Data Using Pandas

You don't need to be a data scientist to use Pandas for some basic analysis.

Traditionally, people who program in Python use the data types that come with the language, such as integers, strings, lists, tuples and dictionaries. Sure, you can create objects in Python, but those objects typically are built out of those fundamental data structures.

If you're a data scientist working with Pandas though, most of your time is spent with NumPy. NumPy might feel like a Python data structure, but it acts differently in many ways. That's not just because all of its operations work via vectors, but also because the underlying data is actually a C-style array. This makes NumPy extremely fast and efficient, consuming far less memory for a given array of numbers than traditional Python objects would do.

The thing is, NumPy is designed to be fast, but it's also a bit low level for some people. To get more functionality and a more flexible interface, many people use Pandas, a Python package that provides two basic wrappers around NumPy arrays: one-dimensional Series objects and two-dimensional Data Frame objects.

I often describe Pandas as "Excel within Python", in that you can perform all sorts of calculations as well as sort data, search through it and plot it.

For all of these reasons, it's no surprise that Pandas is a darling of the data science community. But here's the thing: you don't need to be a data scientist to enjoy Pandas. It has a lot of excellent functionality that's good for Python developers who otherwise would spend their time wrestling with lists, tuples and dictionaries.

So in this article, I describe some basic analysis that everyone can do with Pandas, regardless of whether you're a data scientist. If you ever work with CSV files (and you probably do), I definitely recommend thinking about using Pandas to open, read, analyze and even write to them. And although I don't cover it in this article, Pandas handles JSON and Excel very well too.

Creating Data Frames

Although it's possible to create a data frame from scratch using Python data structures or NumPy arrays, it's more common in my experience to do so from a file. Fortunately, Pandas can load data from a variety of file formats.

Before you can do anything with Pandas, you have to load it. In a Jupyter notebook, do:


%pylab inline
import pandas as pd

For example, Python comes with a csv module that knows how to handle files in CSV (comma-separated value) format. But, then you need to iterate over the file and do something with each of those lines/rows. I often find it easier to use Pandas to work with such files. For example, here's a CSV file:


a,b,c,d
e,f,g,h
"i,j",k,l,m
n,o.p,q

You can turn this into a data frame with: