Now Is the Time to Start Planning for the Post-Android World

Google headquarters with Android statue

We need a free software mobile operating system. Is it eelo?

Remember Windows? It was an operating system that was quite popular in the old days of computing. However, its global market share has been in decline for some time, and last year, the Age of Windows ended, and the Age of Android began.

Android—and thus Linux—is now everywhere. We take it for granted that Android is used on more than two billion devices, which come in just about every form factor—smartphones, tablets, wearables, Internet of Things, in-car systems and so on. Now, in the Open Source world, we just assume that Android always will hold around 90% of the smartphone sector, whatever the brand name on the device, and that we always will live in an Android world.

Except—we won't. Just as Windows took over from DOS, and Android took over from Windows, something will take over from Android. Some might say "yes, but not yet". While Android goes from strength to strength, and Apple is content to make huge profits from its smaller, tightly controlled market, there's no reason for Android to lose its dominance. After all, there are no obvious challengers and no obvious need for something new.

However, what if the key event in the decline and fall of Android has already taken place, but was something quite different from what we were expecting? Perhaps it won't be a frontal attack by another platform, but more of a subtle fracture deep within the Android ecosystem, caused by some external shock. Something like this, perhaps:

Today, the Commission has decided to fine Google 4.34 billion euros for breaching EU antitrust rules. Google has engaged in illegal practices to cement its dominant market position in internet search. It must put an effective end to this conduct within 90 days or face penalty payments.

What's striking is not so much the monetary aspect, impressive though that is, but the following: "our decision stops Google from controlling which search and browser apps manufacturers can pre-install on Android devices, or which Android operating system they can adopt."

Weekend Reading: Gaming

Linux gaming

Games for Linux are booming like never before. The revolution comes courtesy of cross-platform dev tools, passionate programmers and community support. Join us this weekend as we learn about Linux gaming.

 

Crossing Platforms: a Talk with the Developers Building Games for Linux

In the last five years, the number of mainstream games released for Linux has increased dramatically, with thousands of titles now available. These range from major AAA releases, such as Civilization VI and Deus Ex: Mankind Divided, to breakout indie hits like Night in the Woods. For this article, K.G. Orphanides spoke to different developers and publishers to discover the shape of the Linux games market and find out what's driving its prodigious growth.

 

Would You Like to Play a Linux Game?

A look at several games native to Linux. There are, of course, tons of games for the Linux platform if you're willing to install Steam. For the sake of this article, however, Marcel Gagne want to show you some games that are available native to Linux—none of this firing up Java so you can play something on your Ubuntu, or Fedora, or Debian or whatever your personal flavor of Linux happens to be.

 

Two Portable DIY Retro Gaming Consoles

A look at Adafruit's PiGRRL Zero vs. Hardkernel's ODROID-GO.

 

Review: Thrones of Britannia

A look at the recent game from the Total War series on the Linux desktop thanks to Steam and Feral Interactive.

 

Meet TASBot, a Linux-Powered Robot Playing Video Games for Charity

Can a Linux-powered robot play video games faster than you? Only if he takes a hint from piano rolls...and doesn't desync.

 

Build Your Own Arcade Game Player and Relive the '80s!

In this old but gold Linux Journal article, Shawn Powers describes how to construct a fully functional arcade cabinet. When complete, you'll be able to play all the old coin-op games from your childhood in the coin-free luxury of your living room (or garage—depending on the tolerance of individual spouses).

 

 

Qt 5.12 LTS Beta Released, Yabits Now Available, Manjaro-Illyria and New Bladebook Coming Soon, First DNSSEC Rollover Next Week and Secret Text Adventure Game Found on Google.com

News briefs for October 5, 2018.

Qt 5.12 LTS beta was released this morning. Qt 5.12 will be a long-term supported release, and it'll be supported for three years. Improved performance and reduced memory consumption have been a focus for this version, and it also now provides the TableView control. See the Qt 5.12 wiki for an overview of all the new features.

Yabits, a new UEFI Coreboot payload alternative, made its debut last month. According to Phoronix, Yabits "aims to deliver the same UEFI x86_64 booting capabilities as TianoCore but with a much smaller code-base for environments like embedded systems and the cloud". Future plans for Yabits include "ARM support, Secure Boot capabilities, Graphical Output Protocol handling, and the ability to boot Windows".

Manjaro-Illyria 18.0 is coming soon. Appuals reports that eight updates have been released in this past week, including updates to the 4.19-rc6 kernel, NVIDIA 410.57 drivers added, Wine upgraded to 3.17, upstream fixes to Haskell and Python packages, a new "smooth bootup experience", and Deepin and GNOME package updates. In addition, the Manjaro team is also working on the Bladebook Fall 2018, which will run Manjaro KDE 18.0 preinstalled "with the Intel Apollo Lake Quad-Core HD APU, a fanless metal material, and utilize eMMC as its primary storage, although the dev states that additional M2-SSD could be possible." See https://manjaro.org/hardware for more information.

The first DNSSEC root key rollover will happen on October 11, 2018. See the Red Hat Blog post for what you need to know about the rollover.

Users have discovered a secret text adventure game hidden in Google.com. You need to be using Chrome, Firefox or Edge for it to work. See the story on The Verge for details.

Introducing Genius, the Advanced Scientific Calculator for Linux

Math

Genius is a calculator program that has both a command-line version and a GNOME GUI version. It should available in your distribution's package management system. For Debian-based distributions, the GUI version and the command-line version are two separate packages. Assuming that you want to install both, you can do so with the following command:


sudo apt-get install genius gnome-genius

If you use Ubuntu, be aware that the package gnome-genius doesn't appear to be in Bionic. It's in earlier versions (trusty, xenial and arty), and it appears to be in the next version (cosmic). I ran into this problem, and thought I'd mention it to save you some aggravation.

Starting the command-line version provides an interpreter that should be familiar to Python or R users.

Figure 1. When you start Genius, you get the version and some license information, and then you'll see the interpreter prompt.

If you start gnome-genius, you'll see a graphical interface that is likely to be more comfortable to new users. For the rest of this article, I'm using the GUI version in order to demonstrate some of the things you can do with Genius.

Figure 2. The GUI interface provides easy menu access to most of the functionality within Genius.

You can use Genius just as a general-purpose calculator, so you can do things like:


genius> 4+5
= 9

Along with basic math operators, you also can use trigonometric functions. This command gives the sine of 45 degrees:


genius> sin(45)
= 0.850903524534

These types of calculations can be of essentially arbitrary size. You also can use complex numbers out of the box. Many other standard mathematical functions are available as well, including items like logarithms, statistics, combinatorics and even calculus functions.

Along with functions, Genius also provides control structures like conditionals and looping structures. For example, the following code gives you a basic for loop that prints out the sine of the first 90 degrees:


for i = 1 to 90 do (
   x = sin(i);
   print(x)
)

As you can see, the syntax is almost C-like. At first blush, it looks like the semicolon is being used as a line-ending character, but it's actually a command separator. That's why there is a semicolon on the line with the sine function, but there is no semicolon on the line with the print function. This means you could write the for loop as the following:

Fedora 29 GNOME 3.30 Test Day Tomorrow, Kernel Update for Debian GNU/Linux 9 “Stretch”, Jigsaw Introduces Intra App to Prevent Censorship, Russian Subway Dogs Now Available for Linux and AT&T Releases Router Specs to the Open Compute Project

News briefs for October 4, 2018.

Tomorrow, October 5, 2018, is a Fedora 29 GNOME 3.30 Test Day. If you're interested in participating, see the wiki page. All you need is Fedora 29 (which you can grab from the wiki), and the event will be held in #fedora-test-day on Freenode IRC.

Debian released a kernel update for Debian GNU/Linux 9 "Stretch" that addresses several vulnerabilities. If you haven't done so already, update to version 4.9.110-3+deb9u5. See the security announcement for details. (Source: Softpedia News.)

Jigsaw, a cyber unit division owned by Google's parent company Alphabet, recently introduced Intra, a new app with the goal of protecting users from state-sponsored censorship. According to TechCrunch, Intra "aims to prevent DNS manipulation attacks" and that "by passing all your browsing queries and app traffic through an encrypted connection to a trusted Domain Name Server, Intra says it ensures you can use your app without meddling or get to the right site without interference."

The game Russian Subway Dogs, the "systemic arcade game inspired by the real life stray dogs of the Moscow metro", is getting a content update and also is now supported on Linux. It's available now on Steam, itch.io and Humble Bundle for $14.99 USD, and you can view the trailer here.

AT&T this week is releasing specifications for a cell site gateway router to the Open Compute Project. According to the press release, this "white box" blueprint will allow any hardware maker to build these routers, which will be installed at tens of thousands of cell towers during the next several years. These routers then will "eventually form the infrastructure that will enable not just phones and tablets to connect to our mobile 5G network, but new technologies like autonomous cars, drones, augmented reality and virtual reality systems, smart factories, and more".

Dealing with printk()

It's odd that printk() would pose so many problems for kernel development, given that it's essentially just a replacement for printf() that doesn't require linking the standard C library into the kernel.

And yet, it's famously a mess, full of edge cases, corner cases, deadlocks, race conditions and a variety of other tough-to-solve problems. The reason for this is, unlike printf(), the printk() system call has to produce reasonable behavior even when the entire system is in the midst of crashing. That's really the whole point—printk() needs to report errors and warnings that can be used to debug whatever strange and unexpected catastrophe has just hit a running system.

Trying to fix all the deadlocks and other problems at the same time would be too large a task for anyone, especially since each one is a special case defined by the particular context in which the printk() call appeared. But, sometimes a bunch of instances in a particular region of code can be addressed all together.

Sergey Senozhatsky recently tried to address some printk() deadlocks, although he acknowledged he wouldn't address any instances that were caused by the printk() code itself triggering a separate recursive printk() call. He wanted to concern himself with non-recursion-based deadlocks only.

Sergey focused on the console code, which was where printk() generally sent its output, and which was one place where printk() could deadlock. He added a very small safeguard to the code, but the result seemed to be that drivers all throughout the kernel would have to be updated to use the new safeguard.

His code was not met with universal acclaim. Alan Cox noticed that Sergey's safeguard added code to the "fast path"—a region of code that needed to be as fast and efficient as possible, because it was run all the time, many times per second. Slowing down the fast path would slow down the whole system. Alan suggested instead of this, it would be better for the kernel simply not to call printk() if the console code would be in a position to deadlock.

Sergey was not in any way satisfied, however. He pointed out that his patch solved real-world problems that users had reported experiencing directly. He didn't see how it would help anything simply to pull out the printk() instances that triggered the problem, especially if those instances were doing important work like reporting on the real reason the system was crashing and so on.

Sergey wanted to keep the printk() instances and implement the safeguards to protect them. However, at this point Linus Torvalds joined the discussion, saying:

The rule is simple: DO NOT DO THAT THEN.

Don't make recursive locks. Don't make random complexity. Just stop doing the thing that hurts.

Android Security Patch for October, Google Pixel Slate, Skype on Debian Vulnerability, PyTorch Beta 1.0 Released and XCOM 2: War of the Chosen – Tactical Legacy Pack Coming Soon to Linux

News briefs for October 3, 2018.

Google this week released the Android Security Patch for October 2018. Softpedia News reports that the patch fixes 26 vulnerabilities, the most severe of which could allow remote attackers to execute arbitrary code. See the Android Security Bulletin for more information.

Rumor has it that Google Pixel Slate will be the official name for the first detachable Pixelbook 2-in-1, which may be coming out soon. According to Appuals, a Google Pixel Slate benchmark was leaked recently and Android Police also mentioned in a tweet that "Google Pixel Slate is the name of Google's first Chrome OS tablet." Further details on the tablet are slim.

Skype on Debian is vulnerable to attack. On installation, the package automatically inserts Microsoft's apt repository, which means "after obtaining control of Microsoft's Debian apt repository, an attacker would be able to inject malicious content in various distro packages using the update system, as well as replace legitimate packages with maliciously crafted ones". See the Softpedia News post for more details and steps you can take to protect your computer after installing Skype.

A beta of PyTorch 1.0 has been released. Facebook recently open-sourced the Python-based project, which "provides developers with the power to seamlessly move from research to production in a single framework". ZDNet reports that the project now has many new supporters, and "with deeper cloud service support from Amazon Web Services (AWS), Google Cloud, and Microsoft Azure, and tighter integration with technology providers ARM, Intel, IBM, NVIDIA, and Qualcomm, developers can easily deploy PyTorch's ecosystem of compatible software, hardware, and developer tools."

Feral Interactive is releasing another game for Linux! XCOM 2: War of the Chosen - Tactical Legacy Pack, the expansion for the XCOM 2 award-winning strategy game, will be released for Linux and macOS soon after the Windows release on October 9, 2018. See this video for a gameplay overview.

What’s Your System’s Uptime?

Keep track of your system's uptime and downtime with the tuptime tool.

Finding your system's uptime is easy if the "beginning" means the last startup; the historical uptime command reports that information. But what happens if by "beginning" you mean the first startup ever of the system? Or the last 365 days? Or the last month?

Is there any way to have an accumulated uptime—or even better, a look at the whole system's life? For example, cars have odometers, and you can see the miles/kilometers since the first day. For computers, a tool was developed exactly for this task: tuptime.

tuptime reports the historical and statistical running and stopped time of your system, keeping track between restarts. Its main goals are:

  • Count system startups.
  • Register the first boot time (since installation).
  • Count intended and accidental shutdowns.
  • Show the uptime and downtime percentage since the first boot time.
  • Show the accumulated system uptime, downtime and total.
  • Show the longest, shortest and average uptime and downtime.
  • Show the current uptime.
  • Print a formatted table or list with most of the previous values.
  • Register used kernels.
  • Create reports since and/or until a given startup or timestamp.
  • Create reports in CSV format.

It works very simply. tuptime falls to the init manager for execution at startup and shutdown, and then into a cron task that launches regular executions in the meantime—there isn't any dæmon to worry about. Internally, it looks at the btime value (available in /proc/stat) and the uptime value (from /proc/uptime), and that's basically it.

The installation process is easy in Debian, Ubuntu and derivative distributions, using their respective package managers, and it should be available in all the official repositories. As prerequisites, it needs Python 3 and the SQLite library, which usually are included in core packages by default.

Once it's available on your system, you can get the information. It has three output formats: the default is a summary, and there also are table and list outputs to print the registered behavior.

Figure 1. Example tuptime Execution after Installation

The first execution reports the time since the system was booted, and the lines are self-explanatory (note that the date format is based on the system's locale settings):

Pulseway Announces Release of Pulseway 6.0, Feral Interactive’s Life Is Strange 2 Coming to Linux in 2019, Fedora 29 Achieves “Flicker-Free” Boot Experience, Red Hat’s Satellite 6.4 Now Available and Stratis 1.0 Is Out

News briefs for October 2, 2018.

Pulseway recently announced the release of Pulseway 6.0. This new version, known as Pulseway Scale, "empowers IT professionals to remotely monitor and manage IT systems with thousands of endpoints from a smartphone or tablet—anytime, anywhere—and easily take corrective action before clients are impacted". New capabilities include a new organization structure, simplified and faster deployment, seamless collaboration, enhanced agent security, and antivirus and OS patch management. For more info, visit https://www.pulseway.com/new.

Feral Interactive's Life Is Strange 2 is coming to Linux and macOS in 2019. This narrative adventure game is the next installment of 2015's BAFTA Award-winning Life Is Strange, originally developed by DONTNOD Entertainment and published by Square Enix on Windows and console. You can view the trailer here.

Fedora 29 has achieved a "flicker-free" boot experience. According to Phoronix, this was accomplished by "preserving the EFI frame-buffer and any initial system PC/motherboard logo all the way until fading to the GDM log-in screen for the desktop. This has required changes so the EFI frame-buffer wouldn't be messed up when the kernel starts, changes to the Plymouth boot handling, hiding the GRUB boot menu, and also making use of the Intel driver's 'fastboot' option that eliminates unnecessary mode-set operations."

Red Hat yesterday announced Satellite 6.4, "the latest version of Red Hat's infrastructure management solution", at AnsibleFest Austin. With this version, Red Hat Satellite will now "be enhanced with a deeper integration with Red Hat Ansible Automation technology for an automation-centric approach to IT management".

Stratis 1.0 was released last week. After two years of development, "Stratis 1.0 has stabilized its on-disk metadata format and command-line interface, and is ready for more widespread testing and evaluation by potential users. Stratis is implemented as a daemon—stratisd—as well as a command-line configuration tool called stratis, and works with Linux kernel versions 4.14 and up".

Shall We Study Amazon’s Pricing Together?

pricing gun

Is it possible to figure out how we're being profiled online?

This past July, I spent a quality week getting rained out in a series of brainstorms by alpha data geeks at the Pacific Northwest BI & Analytics Summit in Rogue River, Oregon. Among the many things I failed to understand fully there was how much, or how well, we could know about how the commercial sites and services of the online world deal with us, based on what they gather about us, on the fly or over time, as we interact with them.

The short answer was "not much". But none of the experts I talked to said "Don't bother trying." On the contrary, the consensus was that the sums of data gathered by most companies are (in the words of one expert) "spaghetti balls" that are hard, if not possible, to unravel completely. More to my mission in life and work, they said it wouldn't hurt to have humans take some interest in the subject.

In fact, that was pretty much why I was invited there, as a Special Guest. My topic was "When customers are in full command of what companies do with their data—and data about them". As it says at that link, "The end of this story...is a new beginning for business, in a world where customers are fully in charge of their lives in the marketplace—both online and off: a world that was implicit in both the peer-to-peer design of the Internet and the nature of public markets in the pre-industrial world."

Obviously, this hasn't happened yet.

This became even more obvious during a break when I drove to our AirBnB nearby. By chance, my rental car radio was tuned to a program called From Scurvy to Surgery: The History Of Randomized Trials. It was an Innovation Hub interview with Andrew Leigh, Ph.D. (@ALeighMP), economist and member of the Australian Parliament, discussing his new book, Randomistas: How Radical Researchers Are Changing Our World (Yale University Press, 2018). At one point, Leigh reported that "One expert says, 'Every pixel on Amazon's home page has had to justify its existence through a randomized trial.'"

I thought, Wow. How much of my own experience of Amazon has been as a randomized test subject? And can I possibly be in anything even remotely close to full charge of my own life inside Amazon's vast silo?

Linux Journal October 2018: Programming

programming issue

Welcome to the Programming issue, October 2018, of Linux Journal. This month we highlight programming languages new and old including Go, Rust, Clojure and Bash. Take a look at this month's complete line-up:

Featured articles in this issue include:

  • Understanding Bash: Elements of Programming** This article is available online now as a sneak peak in to our October issue.
  • Getting Started with Rust: Working with Files and Doing File I/O
  • Introductory Go Programming Tutorial
  • Creating Linux Command-Line Tools in Clojure

Additional articles:

  • Shall We Study Amazon's Pricing Together?
  • Review: System76 Oryx Pro Laptop
  • 3D-Printed Firearms Are Blowing Up
  • FOSS Project Spotlight: Tutanota, the First Encrypted Email Service with an App on F-Droid
  • Introducing Genius, the Advanced Scientific Calculator for Linux

Columns:

  • Kyle Rankin's Hack and /: Papa's Got a Brand New NAS: the Software
  • Shawn Powers' The Open-Source Classroom: Have a Plan for Netplan
  • Reuven M. Lerner's At the Forge: Automate Sysadmin Tasks with Python's os.walk Function
  • Dave Taylor's Work the Shell: Normalizing Filenames and Data with Bash
  • Zack Brown's diff -u: What's New in Kernel Development
  • Glyn Moody's Open Sauce: Now Is the Time to Start Planning for the Post-Android World

Subscribers, you can download your October issue now.

Not a subscriber? It’s not too late. Subscribe today and receive instant access to this and ALL back issues since 1994!

Want to buy a single issue? Buy the August magazine or other single back issues in the LJ store.

California Enacts Net Neutrality Law and the Justice Department Immediately Files a Lawsuit, Tim Berners-Lee Announces His New Project Solid, MS-DOS Source Code Now Available on GitHub, Haiku R1/beta1 Released and openSUSE Will Have a Summit at SCaLE

News briefs for October 1, 2018.

California enacts net neutrality law, and the Justice Department immediately files a lawsuit against California. Attorney General Jeff Sessions stated "Once again the California legislature has enacted an extreme and illegal state law attempting to frustrate federal policy. The Justice Department should not have to spend valuable time and resources to file this suit today, but we have a duty to defend the prerogatives of the federal government and protect our Constitutional order."

Tim Berners-Lee, creator of the world wide web, announces his new project Solid, "an open-source project to restore the power and agency of individuals on the web". He writes "Solid changes the current model where users have to hand over personal data to digital giants in exchange for perceived value. As we've all discovered, this hasn't been in our best interests. Solid is how we evolve the web in order to restore balance—by giving every one of us complete control over data, personal or not, in a revolutionary way."

MS-DOS source code is now available on GitHub. These are the same files that were originally released to the Computer History Museum in 2014. They were "(re)published in this repo to make them easier to find, reference-to in external writing and works, and to allow exploration and experimentation for those interested in early PC Operating Systems".

Haiku R1/beta1 has been released, nearly six years since its last release in November 2012. Because of the long gap between releases, this version has a significant amount of changes, the largest being the addition of a complete package management system. You can download Haiku from here.

openSUSE announces it will have a summit at SCaLE on March 8, 2019 (SCaLE runs March 7–10, 2019). The Call for Papers for the openSUSE Summit closes January 10, 2019. Visit the conference website for more information.

Weekend Reading: Containers

containers

The software enabling this technology comes in many forms, with Docker as the most popular. The recent rise in popularity of container technology within the data center is a direct result of its portability and ability to isolate working environments, thus limiting its impact and overall footprint to the underlying computing system. To understand the technology completely, you first need to understand the many pieces that make it all possible. Join us this weekend as we learn about Containers.

Before we get started, many ask what the difference is between a container and virtual machines? Editor Petros Koutoupis explains: Both have a specific purpose and place with very little overlap, and one doesn't obsolete the other. A container is meant to be a lightweight environment that you spin up to host one to a few isolated applications at bare-metal performance. You should opt for virtual machines when you want to host an entire operating system or ecosystem or maybe to run applications incompatible with the underlying environment.

Everything You Need to Know about Linux Containers, Part I: Linux Control Groups and Process Isolation

Truth be told, certain software applications in the wild may need to be controlled or limited—at least for the sake of stability and, to some degree, security. Far too often, a bug or just bad code can disrupt an entire machine and potentially cripple an entire ecosystem. Fortunately, a way exists to keep those same applications in check. Control groups (cgroups) is a kernel feature that limits, accounts for and isolates the CPU, memory, disk I/O and network's usage of one or more processes.

Everything You Need to Know about Linux Containers, Part II: Working with Linux Containers (LXC)

Part I of this Deep Dive on containers introduces the idea of kernel control groups, or cgroups, and the way you can isolate, limit and monitor selected userspace applications. Here, I dive a bit deeper and focus on the next step of process isolation—that is, through containers, and more specifically, the Linux Containers (LXC) framework.

Tor Browser for Android (Alpha) Now Available, Feral Interactive Announces Total War: THREE KINGDOMS Coming to Linux Spring 2019, Ubuntu 18.10 Cosmic Cuttlefish Final Beta Released, Four New openSUSE Tumbleweed Snapshots and More

News briefs for September 28, 2018.

The Tor Browser for Android (alpha) is now available. This mobile browser has the "highest privacy protections ever available and is on par with Tor Browser for desktop". You can download the alpha release from Google Play, or you can get the apk directly from here. You also will need Orbot, which is a proxy application to connect the Tor Browser for Android with the Tor network. (When the stable version is released early next year, you won't need to do this.)

In other Tor news, Tor is looking for a software developer for its anti-censorship team. If you're interested, see the Tor Project page for details and how to apply.

Feral Interactive announced that Total War: THREE KINGDOMS is coming to Linux and macOS in spring of 2019, shortly after the Windows release, which is scheduled for March 7, 2019. The game is the first of the Total War series to be set in ancient China. You can view the trailer here.

Ubuntu 18.10 (Cosmic Cuttlefish) final beta has been released. This release includes images not only for Ubuntu Desktop, Server and Cloud, but also for Kubuntu, Lubuntu, Ubuntu Budgie, UbuntuKylin, Ubuntu MATE, Ubuntu Studio and Xubuntu. To upgrade to Ubuntu 18.10 beta from Ubuntu 18.04, go here. See the release notes for more information.

This week brought four new openSUSE Tumbleweed snapshots that update packages like vim, Xen, Git and ImageMagick.

Sailfish 3 is coming soon. According to the Official Jolla Blog, it will be rolled out next month, with early access releases by the end of October. It will include many new features such as VPN improvements and MDM (Mobile Device Management) functionalities.

Understanding Bash: Elements of Programming

Bash

Ever wondered why programming in Bash is so difficult? Bash employs the same constructs as traditional programming languages; however, under the hood, the logic is rather different.

The Bourne-Again SHell (Bash) was developed by the Free Software Foundation (FSF) under the GNU Project, which gives it a somewhat special reputation within the Open Source community. Today, Bash is the default user shell on most Linux installations. Although Bash is just one of several well known UNIX shells, its wide distribution with Linux makes it an important tool to know.

The main purpose of a UNIX shell is to allow users to interact effectively with the system through the command line. A common shell action is to invoke an executable, which in turn causes the kernel to create a new running process. Shells have mechanisms to send the output of one program as input into another and facilities to interact with the filesystem. For example, a user can traverse the filesystem or direct the output of a program to a file.

Although Bash is primarily a command interpreter, it's also a programming language. Bash supports variables, functions and has control flow constructs, such as conditional statements and loops. However, all of this comes with some unusual quirks. This is because Bash attempts to fulfill two roles at the same time: to be a command interpreter and a programming language—and there is tension between the two.

All UNIX shells, including Bash, are primarily command interpreters. This trait has a deep history, stretching all the way to the very first shell and the first UNIX system. Over time, UNIX shells acquired the programming capabilities by evolution, and this has led to some unusual solutions for the programming environment. As many people come to Bash already having some background in traditional programming languages, the unusual perspective that Bash takes with programming constructs is a source of much confusion, as evidenced by many questions posted on Bash forums.

In this article, I discuss how programming constructs in Bash differ from traditional programming languages. For a true understanding of Bash, it's useful to understand how UNIX shells evolved, so I first review the relevant history, and then introduce several Bash features. The majority of this article shows how the unusual aspects of Bash programming originate from the need to blend the command interpreter function seamlessly with the capabilities of a programming language.

System76 Launching a New Open-Source Computer, Krita 4.1.3 Released, the Hyperledger Project Gains 14 New Members, Distro Maintainers Need to Merge Kernel Security Fixes Faster and Java 11 Now Available

News briefs for September 27, 2018.

System76 is launching a new open-source computer, which will be available for pre-order next month. Before announcing the finalized hardware, the company will be releasing a four-part animation each week with "design updates hidden within a game portion of the story". That story will contain "different worlds, each representing an antithesis to open source ideals. These themes are utilized to draw attention to the importance of open source in the evolution of technology". If you're interested, you can sign up here to follow the saga and receive updates leading up to the pre-order.

Krita 4.1.3 was released today. The team reports there are about 100 fixes, so update soon. This version features a new welcome screen, and several improvements, including working with selections and exporting EPUBs, and much more. Also, here's a reminder that Krita's Squash the Bugs fundraiser is still live.

Fourteen new members have joined The Linux Foundation's Hyperledger open-source blockchain project. According to the press release, new members include "BetaBlocks, Blockchain Educators, Cardstack, Constellation Labs, Elemential Labs, FedEx, Honeywell International Inc., KoreConX, Northstar Venture Technologies, Peer Ledger, Syncsort and Wanchain".

Google Project Zero researcher Jann Horn claims that distro maintainers need to merge kernel security fixes quicker. ZDNET quotes Horn regarding Debian and Ubuntu: "Debian stable ships a kernel based on 4.9, but as of 2018-09-26, this kernel was last updated 2018-08-21. Similarly, Ubuntu 16.04 ships a kernel that was last updated 2018-08-27. Android only ships security updates once a month."

Java 11 is now available. There are several changes and updates with this release, so see the release notes for all the changes. You can download it from here.

Take Your Git In-House

gitlab logo

If you're wary of the Microsoft takeover of GitHub, or if you've been looking for a way to ween yourself off free public repositories, or if you want to ramp up your DevOps efforts, now's a good time to look at installing and running GitLab yourself. It's not as difficult as you might think, and the free, open-source GitLab CE version provides a lot of flexibility to start from scratch, migrate or graduate to more full-fledged versions.

In today's software business, getting solid code out the door fast is a must, and practices to make that easier are part of any organization's DevOps toolset. Git has risen to the top of the heap of version control tools, because it's simple, fast and makes collaboration easy.

For developers, tools like Git ensure that their code isn't just backed up and made available to others, but nearly guarantees that it can be incorporated into a wide variety of third-party development tools—from Jenkins to Visual Studio—that make continuous integration and continuous delivery (CI/CD) possible. Orchestration, automation and deployment tools easily integrate with Git as well, which means code developed on any laptop or workstation anywhere can be merged, branched and integrated into deployed software. That's why version control repositories are the future of software development and DevOps, no matter how big or small you are, and no matter whether you're building monolithic apps or containerized ones.

Getting Started with Git

Git works by taking snapshots of code on every commit, so every version of contributed code is always available. That means it's easy to roll back changes or look over different contributors' work.

If you're working in an environment that uses Git, you can do your work even when you're offline. Everything is saved in a project structure on your workstation, just as it is in the remote Git repository, and when you're next online, your commits and pushes update the master (or other) code branch quickly and easily.

Most Git users (even newbies) use the Git command-line tools to clone, commit and push changes, because it's easy, and for nearly 28-million developers, GitHub has become the de facto remote Git-based repository for their work. In fact, GitHub has moved beyond being just a code repository to become a multifaceted code community featuring 85-million projects. That's a lot of code.

GitLab is gaining popularity as a remote code repository too, but it's smaller and bills itself as more DevOps-focused, with CI/CD tool included for free. Both repositories offer free hosted accounts that allow users to create a namespace, and start contributing and collaborating right away. The graphical browser interfaces offered by the GitHub- and GitLab-hosted services make it easy to manage projects and project code, and also to add SSH keys, so you easily can connect from your remote terminal on Linux, Windows or Mac.

Cisco Confirms 88 Products Vulnerable to FragmentStack Bug, KDE neon Rebased on Ubuntu 18.04 LTS, GNOME 3.30.1 Released, Rust Announces Version 1.29.1 and Mozilla Launches Firefox Monitor

News briefs for September 26, 2018.

Cisco confirms that 88 of its products that rely on the Linux kernel are vulnerable to the FragmentStack bug. According to ZDNet, "the bug can saturate a CPU's capacity when under a low-speed attack using fragmented IPv4 and IPv6 packets, which could cause a denial-of-service condition on the affected device." Affected products include "Nexus switches, Cisco IOS XE software, and equipment from its lines of Unified Computing and Unified Communications brands, several TelePresence products, and a handful of wireless access points."

The KDE neon team announces the rebase of its packages onto Ubuntu 18.04 LTS "Bionic Beaver" and encourages users to upgrade now. You also can download a clean installation from here.

GNOME 3.30.1 has been released. This release contains only bugfixes. If you want to compile it, you can use the BuildStream project snapshot. See the list of updated modules and changes here.

The Rust Team yesterday announced Rust 1.29.1. This new version fixes a security vulnerability in the standard library "where if a large number was passed to str::repeat, it could cause a buffer overflow after an integer overflow. If you do not call the str::repeat, function you are not affected." See the release notes on GitHub for all the details.

Mozilla yesterday launched Firefox Monitor, a free service that alerts you if you've been part of a data breach. Enter your email at Firefox Monitor for a basic scan.

Support for a GNSS and GPS Subsystem

Recently, there was a disagreement over whether a subsystem really addressed its core purpose or not. That's an unusual debate to have. Generally developers know if they're writing support for one feature or another.

In this particular case, Johan Hovold posted patches to add a GNSS subsystem (Global Navigation Satellite System), used by GPS devices. His idea was that commercial GPS devices might use any input/output ports and protocols—serial, USB and whatnot—forcing user code to perform difficult probes in order to determine which hardware it was dealing with. Johan's code would unify the user interface under a /dev/gnss0 file that would hide the various hardware differences.

But, Pavel Machek didn't like this at all. He said that there wasn't any actual GNSS-specific code in Johan's GNSS subsystem. There were a number of GPS devices that wouldn't work with Johan's code. And, Pavel felt that at best Johan's patch was a general power management system for serial devices. He felt it should not use names (like "GNSS") that then would be unavailable for a "real" GNSS subsystem that might be written in the future.

However, in kernel development, "good enough" tends to trump "good but not implemented". Johan acknowledged that his code didn't support all GPS devices, but he said that many were proprietary devices using proprietary interfaces, and those companies could submit their own patches. Also, Johan had included two GPS drivers in his patch, indicating that even though his subsystem might not contain GNSS-specific code, it was still useful for its intended purpose—regularizing the GPS device interface.

The debate went back and forth for a while. Pavel seemed to have the ultimate truth on his side—that Johan's code was at best misnamed, and at worst, incomplete and badly structured. Although Johan had real-world usefulness on his side, where something like his patch had been requested by other developers for a long time and solved actual problems confronted by people today.

Finally Greg Kroah-Hartman put a stop to all debate—at least for the moment—by simply accepting the patch and feeding it up to Linus Torvalds for inclusion in the main kernel source tree. He essentially said that there was no competing patch being offered by anyone, so Johan's patch would do until anything better came along.

Pavel didn't want to give up so quickly, and he tried at least to negotiate a name change away from "GNSS", so that a "real" GNSS subsystem might still come along without a conflict. But with his new-found official support, Johan said, "This is the real gnss subsystem. Get over it."