Rise of the Tomb Raider Coming to Linux This Month, phpMyAdmin New Release, Canonical’s Kernel Update for RPi 2 and More

News briefs for April 9, 2018.

Feral Interactive confirms: "Lara Croft is returning to Linux in Rise of the Tomb Raider later this month, shortly after macOS. Specs will be announced closer to launch. In the meantime, gear up for adventure with our Linux livestream tomorrow at 6PM BST / 10AM PDT on Twitch."

phpMyAdmin version 4.8.0 was released over the weekend. This release brings the usual bug and security fixes, and other major changes include "security enhancements, such as removing the PHP eval() function and authentication logging, a mobile interface to improve the interface when used with tablets or mobile phones, and two-factor authentication options."

Canonical released a "major Linux kernel update for Raspberry Pi 2" that addresses various security vulnerabilities. Among other things, 21 security vulnerabilities were fixed for linux-raspi2, "including a race condition that could lead to a use-after-free vulnerability in Linux kernel's ALSA PCM subsystem, and a use-after-free vulnerability in the network namespaces implementation." Update now if you haven't already. (Source: Softpedia News.)

FreeCAD 0.17 was released last week, marking the first release in two years, so it's certainly a major update. Along with several workbench improvements, "more than 6,800 revisions were added to FreeCAD's source code". See the changelog for all the details, and download it here.

A new major version of the HandBrake open-source video transcoder was released this weekend, v. 1.1.0. Updates include an improved user interface, new and improved official presets, improved Apple TV 4K support and more. See all the details on the GitHub page.

Phoronix reports on big changes in store for the Linux 4.17 kernel (expected to be stable mid-June), including "a huge DRM subsystem update", "initial NVIDIA Tegra 'Xavier' SoC support", "fixes for the Macintosh PowerBook 100 series" and much more.

Best Programming Language

Best Programming Language
Programming, python, Readers' Choice Awards
Carlie Fairchild Fri, 04/06/2018 - 14:23

Surprise—Python wins again!

Here's the breakdown (the contenders listed below were nominated by LJ readers via Twitter):

  • Python: 31%
  • C: 20%
  • C++: 14%
  • Other: 9%
  • Java: 8%
  • Perl: 7%
  • JavaScript: 4%
  • PHP: 3%
  • Ruby: 3%

Python wins Best Programming Language again this year in Linux Journal's annual Readers' Choice Awards. It's easy to use, powerful and versatile with a really large and active community. Having that supportive community ensures that developers of all skill levels easily can find the support and documentation they require, which feeds Python's popularity. It certainly helps that Python has something like a corporate sponsor. Python is recognized as an official language at Google, running on many of its internal systems and showing up in many Google APIs. In fact, Google's developer website offers free Python classes, videos and exercises.

Weekend Reading: Sysadmin 101

Weekend Reading: Sysadmin 101
Kyle Rankin
Kyle Rankin Fri, 04/06/2018 - 12:27

This series covers sysadmin basics. The first article explains how to approach alerting and on-call rotations as a sysadmin. In the second article, I discuss how to automate yourself out of a job, and in the third, I explain why and how you should use tickets. The fourth article covers some of the fundamentals of patch management under Linux, and the fifth and final article describes the overall sysadmin career path and the attributes that might make you a "senior sysadmin" instead of a "sysadmin" or "junior sysadmin", along with some tips on how to level up.

Sysadmin 101: Alerting

In this first article, I cover on-call alerting. Like with any job title, the responsibilities given to sysadmins, DevOps and Site Reliability Engineers may differ, and in some cases, they may not involve any kind of 24x7 on-call duties, if you're lucky. For everyone else, though, there are many ways to organize on-call alerting, and there also are many ways to shoot yourself in the foot.

Sysadmin 101: Automation

Here we cover systems administrator fundamentals. These days, DevOps has made even the job title "systems administrator" seem a bit archaic, much like the "systems analyst" title it replaced. These DevOps positions are rather different from sysadmin jobs in the past. They have a much larger emphasis on software development far beyond basic shell scripting, and as a result, they often are filled by people with software development backgrounds without much prior sysadmin experience. In the past, a sysadmin would enter the role at a junior level and be mentored by a senior sysadmin on the team, but in many cases currently, companies go quite a while with cloud outsourcing before their first DevOps hire. As a result, the DevOps engineer might be thrust into the role at a junior level with no mentor around apart from search engines and Stack Overflow posts.

Sysadmin 101: Ticketing

By ticketing, I'm referring to systems that allow sysadmins to keep track of tasks both internally and those requested by their coworkers or customers. There are many ways to get ticketing wrong so that it becomes a drain on an organization, so many sysadmins avoid or it use it begrudgingly. Also, ticketing approaches that work well for developers may be horrible for sysadmins, and vice versa. If you don't currently use a ticketing system, I hope by the end of this article, I've changed your mind. If you do use tickets, but you wish you didn't, I hope I can share how to structure a ticketing system that makes everything easier, not more difficult.

Sysadmin 101: Patch Management

Most Linux system administrators are no different from Windows sysadmins when it comes to patch management. Honestly, in some areas (in particular, uptime pride), some Linux sysadmins are even worse than Windows sysadmins regarding patch management. So in this article, I cover some of the fundamentals of patch management under Linux, including what a good patch management system looks like, the tools you will want to put in place and how the overall patching process should work.

Sysadmin 101: Leveling Up

In the past, a sysadmin would enter the role at a junior level and be mentored by a senior sysadmin on the team, but in many cases these days, companies go quite a while with cloud outsourcing before their first DevOps hire. As a result, the DevOps engineer might be thrust into the role at a junior level with no mentor around apart from search engines and Stack Overflow posts.


Matthew Garrett Calls on Symantec to Share Its Code, EFF Questions Google’s Work on Project Maven and More

News briefs for April 6, 2018.

Linux kernel developer, free software activist and Google engineer Matthew Garrett discovered that Symantec is using a Linux distro based on the QCA Software Development Kit (QSDK) project: "This is a GPLv2-licensed, open-source platform built around the Linux-based OpenWrt Wi-Fi router operating system" (if true, this means Symantic needs to share the Norton Core Router's code). So, Garrett tweeted "Hi @NortonOnline the Norton Core is clearly running Linux and the license requires you to distribute the kernel source code so where can I get it?" (Source: ZDNet.)

The EFF has questions and advice for Google regarding the company's work on "Project Maven", which is "a U.S. Department of Defense (DoD) initiative to deploy machine learning for military purposes". Read the "Google Should Not Help the U.S. Military Build Unaccountable AI Systems" post by Peter Eckersley and Cindy Cohn for more information.

Ubuntu 18.04 LTS (Bionic Beaver) final beta was released this morning. This release includes Ubuntu 18.04 LTS Desktop, Server and Cloudproducts, as well as Kubuntu, Lubuntu, Ubuntu Budgie, UbuntuKylin, Ubuntu MATE, Ubuntu Studio, and Xubuntu. Note that this version is still beta and not intended for use in production. The final release is scheduled for April 26. See the release notes for more details and download images.

Zilliqa recently announced its Testnet v1.0 release: codename Red Prawn. According to the press release, Zilliqa's is the "first blockchain platform to actually implement the technology of sharding, which has the potential to scale blockchain transaction speeds to match VISA."

openSUSE's Tumbleweed distro (a pure rolling-release version of openSUSE) had several snapshot releases this week, most notably with updates to KDE's newest point version of Plasma (5.12.4). The snapshots this week also included updates to gstreamer, Firefox and Digikam, among other things.

Tackling L33t-Speak

Tackling L33t-Speak
Dave Taylor Thu, 04/05/2018 - 09:00

How to script a l33t-speak translator.

My daughter and I were bantering with each other via text message this morning as we often do, and I dropped into a sort of mock "leet speak". She wasn't impressed, but it got me thinking about formulaic substitutions in language and how they represent interesting programming challenges.

If you're not familiar with "leet speak" it's a variation on English that some youthful hackers like to use—something that obscures words sufficiently to leave everyone else confused but that still allows reasonably coherent communication. Take the word "elite", drop the leading "e" and change the spelling to "leet". Now replace the vowels with digits that look kind of, sort of the same: l33t.

There's a sort of sophomoric joy in speaking—or writing—l33t. I suppose it's similar to pig latin, the rhyming slang of East Londoners or the reverse-sentence structure of Australian shopkeepers. The intent's the same: it's us versus them and a way to share with those in the know without everyone else understanding what you're saying.

At their heart, however, many of these things are just substitution ciphers. For example, "apples and pears" replaces "stairs", and "baked bean" replaces "queen", in Cockney rhyming slang.

It turns out that l33t speak is even more formalized, and there's actually a Wikipedia page that outlines most of its rules and structure. I'm just going to start with word variations and letter substitutions here.

The Rules of L33t Speak

Okay, I got ahead of myself. There aren't "rules", because at its base, leet speak is a casual slang, so l33t and 733T are both valid variations of "elite". Still, there are a lot of typical substitutions, like dropping an initial vowel, replacing vowels with numerical digits or symbols (think "@" for "a"), replacing a trailing "s" with a "z", "cks" with "x" (so "sucks" becomes "sux"), and the suffixed "ed" becomes either 'd or just the letter "d".

All of this very much lends itself to a shell script, right? So let's test some mad skillz!

For simplicity, let's parse command-line arguments for the l33t.sh script and use some level of randomness to ensure that it's not too normalized. How do you do that in a shell script? With the variable $RANDOM. In modern shells, each time you reference that variable, you'll get a different value somewhere in the range of 1..MAXINT. Want to "flip a coin"? Use $(($RANDOM % 2)), which will return a zero or 1 in reasonably random order.

So the fast and easy way to go through these substitutions is to use sed—that old mainstay of Linux and UNIX before it, the stream editor. Mostly I'm using sed here, because it's really easy to use substitute/pattern/newpattern/—kind of like this:

word="$(echo $word | sed "s/ed$/d/")"

This will replace the sequence "ed" with just a "d", but only when it's the last two letters of the word. You wouldn't want to change education to ducation, after all.

Here are a few more that can help:

word="$(echo $word | sed "s/s$/z/")"
word="$(echo $word | sed "s/cks/x/g;s/cke/x/g")"
word="$(echo $word | sed "s/a/@/g;s/e/3/g;s/o/0/g")"
word="$(echo $word | sed "s/^@/a/")"
word="$(echo $word |  tr "[[:lower:]]" "[[:upper:]]")"

In order, a trailing "s" becomes a trailing "z"; "cks" anywhere in a word becomes an "x", as does "cke"; all instances of "a" are translated into "@"; all instances of "e" change to "3"; and all instances of "o" become "0". Finally, the script cleans up any words that might start with an "a". Finally, all lowercase letters are converted to uppercase, because, well, it looks cool.

How does it work? Here's how this first script translates the sentence "I am a master hacker with great skills":


That's a good start, but there's more you can do, something I'll pick up in my next article. Meanwhile, if you consider yourself a l33t expert, hit me up, let's talk about some additional letter, letter combination and word rules.

Subutai Blockchain Router v2.0, NixOS New Release, Slimbook Curve and More

News briefs for April 5, 2018.

Subutai recently announced that its Subutai Blockchain Router v2.0 is in production: "This broadband cloud router serves as a 'plug-and-play' cryptocurrency wallet and mining device with energy savings of 10x over traditional mining methods, and also allows users to share and rent their idle computer resources by registering their computers with the Subutai Bazaar."

NixOS released version 18.03 "Impala" yesterday. Highlights include "core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 -> 7, systemd: 234 -> 237"; "desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10 -> 5.12"; the Nix package manager now defaults to 2.0 and more.

Matthew Garrett wrote a blog post yesterday titled "Linux Kernel Lockdown and UEFI Secure Boot" to elaborate on the kernel lockdown feature being paired with UEFI SecureBoot, in response to discussion on the LKML.

The Slimbook Curve—a new cool-looking, all-in-one Linux PC with a 24" full-HD curved screen—is now available from Spanish company Slimbook. See the OMG Ubuntu post for specs and pricing info.

LibreOffice 6.0.3 is available for download. This is the third minor release of LibreOffice 6, and it has about 70 bug and regression fixes. This version "represents the bleeding edge in terms of features and as such is targeted at early adopters, tech-savvy and power users, while LibreOffice 5.4.6—provided as an alternative download option—is targeted at mainstream users and enterprise deployments."

Richard Stallman’s Privacy Proposal, Valve’s Commitment to Linux, New WordPress Update and More

News briefs for April 4, 2018.

Richard Stallman writes "A radical proposal to keep personal data safe" in The Guardian: "The surveillance imposed on us today is worse than in the Soviet Union. We need laws to stop this data being collected in the first place."

WordPress 4.9.5 was released yesterday. This is a security and maintenance release, and it fixes 28 bugs, so be sure to update right away. To download or view the changelog, go here.

Valve's Pierre-Loup Griffais writes about the company's commitment to Linux after de-listing Steam Machines (it's still available, just not from the main navigation bar on the site due to low traffic): "While it's true Steam Machines aren't exactly flying off the shelves, our reasons for striving towards a competitive and open gaming platform haven't significantly changed. We're still working hard on making Linux operating systems a great place forgaming and applications." He then went on to say "we're continuing to invest significant resources in supporting the Vulkan ecosystem, tooling and driver efforts. We also have other Linux initiatives in the pipe that we're not quite ready to talk about yet; SteamOS will continue to be our medium to deliver these improvements to our customers, and we think they will ultimately benefit the Linux ecosystem at large." (Source: Phoronix's "Valve Reaffirms Commitment To Linux, SteamOS").

Amazon announced the new Gadgets Skill API (beta), which will allow developers to build games for Echo Buttons.

The Fedora Project announced the release of Fedora 28 Beta. Features include Modular Repository for Fedora Server, 64-bit Arm is now a primary architecture for Fedora Server, the inclusion of GNOME 3.28, VirtualBox Guest Additions and more.

How Wizards and Muggles Break Free from the Matrix

How Wizards and Muggles Break Free from the Matrix
red pill
Doc Searls Wed, 04/04/2018 - 10:32

First we invented a world where everyone could be free. Then we helped build feudal castles on it, where everyone now lives. Now it's time to blow up those castles by giving everybody much better ways to use their freedom than they ever would enjoy in a castle.

I'm going to mix movie metaphors here. You'll see why.

In April 1999, a few weeks after The Matrix came out, the entire Linux Journal staff watched it in a theater not far from our headquarters at the time, in Seattle's Ballard neighborhood. While it was instantly clear to us that the movie was geek classic (hell, its hero was an ace programmer), it also was clear that the title subject—a fully convincing fake world occupied by nearly the whole human species—was an allegory (which Wikipedia calls "a metaphor whose vehicle may be a character, place or event, representing real-world issues and occurrences").

One obvious interpretation was religious. Neo was a Christ-like savior, resurrected by a character named Trinity, who played the Holy Spirit role after Neo got killed by the Satan-like Agent Smith—all while the few humans not enslaved by machines lived in an underground city called Zion.

When the second and third installments came out in the years that followed, more bits of the story seemed borrowed from other religions: Buddhism, Gnosticism and Hinduism. Since the Wachowski brothers, who wrote and directed the films, have become the Wachowski sisters, you also can find, in retrospect, plenty of transgender takes on the series.

Then there's the philosophical stuff. Prisoners in the Matrix believe the world they inhabit is real, much as prisoners in Plato's Allegory of the Cave believe the shadows they see on a wall are real, because they can't tell the source of light is a fire behind them. In Plato's story, one prisoner is set free to visit the real world. In The Matrix, that one prisoner is Neo, his name an anagram for "The One" whose job is to rescue everybody or at least save Zion. (Spoiler: he does.)

But I didn't buy any of that, because already I saw marketing working to turn the free and open online world into a commercial habitat where—as in the fictional Matrix—human beings were reduced to batteries for giant robotic machines that harvested human attention, which they then processed and fed back to humans again.

This was the base design of the world marketing wanted to make for us in the digital age: one where each of us were "targets", "captured", "acquired", "controlled", "managed" and "locked in", so personalized "content" and "experiences" could be "delivered" to our ears and eyeballs. Marketers talked like that long before the internet showed up, but with every eyeball suddenly addressable, personally, the urge to jack us into marketing's Matrix became irresistible.

In fact, one reason four of us posted The Cluetrain Manifesto on the web that very same month was that we wanted to make clear that the internet was for everybody, not just marketing.

But, popular as Cluetrain was (especially with marketers), marketing got engineering—including plenty of Linux wizards—to build a Matrix for us. We live there now. Unless you have your hardware and software rigged for absolute privacy while roaming about the online world (and can you really be sure?), you're in marketing's Matrix.

The obvious parts of that Matrix are maintained by Google, Facebook, LinkedIn, Twitter, Tumblr, Pinterest, Amazon and so on. Much more of it is provisioned by names you never heard of. To see what they're up to, equip your browser with a form of tracking protection that names sources of tracking files. (Examples are Baycloud Bouncer, Disconnect, Ghostery, Privacy Badger and RedMorph.) Then point your browser to the website of a publisher whose business side has been assimilated by the Agent Smith called "adtech"—The Los Angeles Times, for example. Then, check your tracking-protection tool's list of all the entities trying to spy on you.

Here are just some of the 57 suspects that Privacy Badger found for me on the LA Times index page:

  • yieldmo.com
  • trbas.com
  • trbimg.com
  • trbdss.com
  • steelhousemedia.com
  • teads.tv
  • trb.com
  • truste.com
  • revjet.com
  • rflhub.com
  • rubiconproject.com
  • steelhousemedia.com
  • moatads.com
  • ntv.io
  • openx.net
  • postrelease.com
  • keewee.co
  • krxd.net
  • mathtag.net
  • ml314.net
  • indexwww.com
  • ixiaa.com
  • ensighten.com
  • everesttech.net
  • tronc.com
  • sitescout.com
  • jquery.com
  • bootstrapcdn.com
  • bouncexchange.com
  • chartbeat.com
  • cloudfront.net
  • agkn.com
  • adsrvr.org
  • gomnit.com
  • responsiveads.com
  • postrelease.com

Many of those appear more than once, with different prefixes. I've also left off variants of google, doubleclick, facebook, twitter and other familiars.

Interesting: when I look a second, third or fourth time, the list is different—I suppose because third-party ad servers are busy trying to shove trackers into my browser afresh, as long as a given page is open.

When I looked up one of those trackers, "moatads", which I chose at random, most of the 1,820,000 search results were about how moatads is bad stuff. In order, this is the first page of search results:

  • Remove Moatads virus (Removal Guide) - Oct 2017 update - 2 Spyware
  • Moatads Malware Removal (What is moatads?) March 2018 Update ...
  • What is z.moatads.com? - Webroot Community
  • moatads.com
  • How to remove Moatads.com fully - It-Help.info
  • Uninstall Moatads virus (Uninstall Guide) - Oct 2017 updated
  • Moatads Malware Removal | Mobile Security Zone
  • Moatads Removal Guide | Spyware Techie
  • This keeps cropping up and is a real problem. How do i get rid of it..

The fourth item says the company behind moatads, moat.com, "measures real-time Attention Analytics over 33 billion times per day". And that's just one Matrix-builder.

Clearly there is no Architect or Oracle building this Matrix, or it wouldn't suck so bad. That's to our advantage, but we're still stuck in an online world where spying is the norm rather than the exception, and personal autonomy is mostly contained within the castles of giant service providers, "social networks" and makers of highly proprietary gear.

Way back in 2013, Shoshana Zuboff called on us to "be the friction" against "the New Lords of the Ring". In later essays, she labeled the whole spying-fed advertising system both surveillance capitalism and The Big Other. If things go according to plan, her new book, The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power, will come out soon. (Here's the Amazon link.)

People are already fighting back, whether they know it or not. PageFair's 2017 Adblock Report says at least 11% of the world's population is now blocking ads on at least 615 million devices. GlobalWebIndex says 37% of all the world's mobile users were blocking ads by January of 2016 and another 42% wanted to do so as well. Statista says the number of mobile-phone users in the world would reach 4.77 billion at some point this past year. Combine those last two numbers, and you get more than 1.7 billion people blocking ads already—a sum exceeding the population of the Western Hemisphere. All of which is why I called ad blocking the world's biggest boycott, way back in 2015. Today I'd rather think of it as a slave revolt.

But we need to be more than freed slaves. We need to be, as Shoshana says, masters of our own lives and of all the relationships we have online.

In The Matrix, Morpheus asks the still-captive Neo if he believes in fate. "No", says Neo, "because I don't like the idea that I'm not in control of my life."

We can't be in control of our lives as long as those lives are lived within corporate castles and we lack the tools for mastery over our virtual bodies and minds online.

It doesn't matter if Facebook, Google and the rest have no malicious intent, or if they really do want to "bring the world closer together", or "organize the world's information and make it universally accessible and useful", or "develop services that significantly improve the lives of as many people as possible". We need to be free and independent agents of our selves.

That can't happen inside the client-server systems we've had online since 1995 and earlier—systems that might as well be called slave-master. It can't happen as long as we always have to click "accept" to the terms and conditions of the online world's defaulted slave-master system. It can't happen as long as everything useful in the online world requires a login and a password. Each of those norms are walls in what Morpheus calls "a prison for your mind".

We have to think and work outside the walls in those prisons (formerly castles). And it isn't enough to free ourselves. To switch movie metaphors, it's time for the wizards to free the muggles. Here's a punch list of what we need to do:

At the end of The Matrix trilogy, Neo succeeds at stopping the viral Agent Smith program from destroying both the machine and human worlds. But there is no vision of what all the people jacked into the Matrix would do once they were free—or if freedom was in the cards at all. In fact, all Neo does is save Zion and leave the rest of humanity living in the same old Matrix: a machine-maintained illusory existence where their only true purpose was to power the Matrix as batteries.

That bulleted list above is a set of visions missed by both The Matrix and the Harry Potter movies. All of them give everybody far more power than even the wizards of the world—our readers and writers—now possess.

Fortunately, the internet isn't Hogwarts. Though it's a product of wizardry, everybody—wizards included—live and think inside its walls. But digital technology and the internet were designed for freedom, and not just for more enslavement on the industrial model.

So let's finish making online civilization something better than the digital feudal system we have now.

[Note: an ancestor of this article appeared on the Linux Journal website in January 2018.]

Caption This

Caption This
Amazon Echo plugged in to hamburger
Carlie Fairchild Wed, 04/04/2018 - 10:14

Each month, we provide a cartoon in need of a caption. You submit your caption, we choose three finalists, and readers vote for their favorite. The winning caption for this month's cartoon will appear in the May issue of Linux Journal.


To enter, simply type in your caption in the comments below or email us, publisher@linuxjournal.com.

Five Reasons to Switch to Flash Storage

By now you have heard your peers raving about flash storage. But perhaps you have not made the switch from your enterprise HDD storage solution yet, because of nagging questions you may have, about the cost of flash storage or its technical capabilities. Well here is a quick look at five compelling reasons why you should switch your enterprise storage from HDD to flash.