Monthly Archives: April 2017

Endless OS: A Unique Take on Linux That’s Perfect for New Users | Linux.com


You may not have heard of Endless OS. It happens to be the platform that powers Endless Computers (which includes the uniquely shaped, Endless One). The operating system is not just limited to Endless hardware, though. In fact, you can install the OS on standard systems (or as a virtual machine) and discover a rather interesting take on Linux.

This is not your traditional, über-flexible, do everything Linux distribution. Endless OS is something different—an operating system that is truly ideal for those wanting to break ties with proprietary systems, but don’t want to face a steep learning curve (or any learning curve, for that matter). Endless OS is likely the easiest operating system platform you’ll ever experience.

Of course, that expanded user-friendliness comes at a cost. And, said cost is that Endless OS isn’t Linux like you’ve come to know and love. Upon installation, what you’ll find is an incredibly streamlined experience with limited power and flexibility. Forked from GNOME 3.8, Endless OS uses its own EOS Shell that is somewhat Android-like in its layout (Figure 1) and behavior.

EOS Shell offers a grid of applications and application folders, a search bar (that can be configured to search the internet, the App Center, the Documents folder, open the terminal, and even used as a calculator), and a panel that includes quick access to the App Center, quick launch icons, a system tray, and a Facebook sidebar (Figure 2).

Endless OS can easily be run from a USB drive or installed on your PC hardware. For testing purposes, I ran the latest iteration as a virtual machine on VirtualBox and found the experience quite pleasant enough to easily satisfy the average user. The platform is based on the latest Ubuntu LTS release and ships with kernel 4.8.0-46. Endless also ships with one of the better help centers you’ll find on any Linux distribution (Figure 3).

Let’s find out why you might want to make use of Endless OS and why you might not.

Why use Endless OS?

There is one very obvious answer to this question; that being, you have users that you want working with a version of Linux, but don’t want to hand over a desktop that would give them the normal power found in the flagship open source product. Take for instance the hobbled command line version of the apt package manager, found in Endless OS (this is done by design). Try to install an application from the terminal and you’ll quickly see how the operating system isn’t quite what you’re used to with Linux. The easiest way to get to the terminal is this:

  1. Click on the Endless icon in the bottom left corner of the desktop

  2. Click Settings

  3. Go to Search

  4. Click to enable Terminal in the Search Bar (Figure 4)


With this taken care of, type terminal in the desktop Search Bar and hit Enter on your keyboard. The terminal will open, ready to be used. Now, type sudo apt-get update and you shouldn’t be surprised by the results (Figure 5).

You can even try issuing the command sudo su and then issuing the same command…to find the same results. You might think this to be a sudo issue, however, if you issue a command like sudo nano /etc/resolv.conf, you are able to edit and save that file. Open up the App Center and you can install software to your heart’s content. Endless OS just doesn’t want you installing from the command line. Surprisingly (and oddly) enough, the App Center won’t even bother asking you for your user password before installing a piece of software from the App Center. Security issue? Possibly.

It is also incredibly easy to add folders, apps, and websites to the EOS Shell desktop. Let’s create a folder and then add apps to it. Right-click any blank spot on your desktop and click Add Folder. Select an icon to represent the folder and give the folder a name (Figure 6).

At this point, your folder is on the desktop. You can now drag app launchers into it. If the app launcher isn’t already on the desktop, right-click the desktop and select Add App. Locate the app to add, and click the Add to Desktop button. Do note that every app you install from the App Center will automatically install a launcher on the desktop.

So with Endless, what you have is a desktop environment that allows you to get your work done and does so without so much as a learning curve to be found. This is one Linux distribution that is about as user-proof as you will ever find within the realm of Linux. That, of course, is not say the likes of Ubuntu, Linux Mint, or Elementary OS, aren’t very user-friendly (they are); Endless OS just takes this ease of use to a new level.

Why not use Endless OS?

The answer to this question is simple: You want the usual power that comes along with Linux. When opting for Endless OS, you willingly use a Linux distribution that is incredibly user-friendly, but not nearly as flexible as the Linux you’re used to. For new users, that is not a problem. For seasoned users, this issue will quickly become a deal breaker.
Another issue that might turn off some users is that, out of the box, Endless OS is limited to the multimedia files it can play. MP3 files play fine. MP4 files (and many other video formats), require the purchase of a codec upgrade from the Endless Audio/Video Codecs page. This purchase ($3 USD) will add playback for the following file types:

So, if you happen to watch a lot of videos on your desktop, you’ll have to purchase the extra codec.

A mobile-like desktop experience

In the end, Endless OS is a desktop that offers a very mobile-like experience, while retaining a slight Linux flavor. New users can get up to speed without hesitation and seasoned Linux users might quickly grow frustrated with the lack of flexibility. All in all, however, Endless OS should be considered a very unique take on Linux that fills a gap for new users looking for a desktop platform that doesn’t hit them with too many options, offers a familiar desktop metaphor, and makes getting work done easy.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Improve Your Online Security with Tails | Linux.com


The popular image of online dangers is scary bad guys trying to steal our stuff. This image is accurate if you remember to include unfettered corporate interests as the scary bad guys.

Our protections against our good friends the telcos and cable companies have never been strong, and now they’re nearly non-existent. Repealing Broadband Privacy Rules, Congress Sides with the Cable and Telephone Industry sums it up beautifully: “Internet providers will be given new powers to harvest your personal information in extraordinarily creepy ways.” And buy and sell it with no oversight or accountability, and law enforcement will get their hands on it as surely as road apples draw flies.

What can we do about it? I believe that the best solution is legislative. I prefer technical solutions for protecting ourselves from hostile and predatory interests, but there aren’t many, and they’re incomplete. Internet access is a requirement for many routine aspects of our daily lives, and even if you avoid going online you have no knowledge or control of the information the vendors and service providers that you use are collecting and trading, or what people share about you on social media. Stores, electric and gas utilities, healthcare providers, tradespeople, private clubs, non-profit organizations, charitable groups, banks, insurance companies, and on and on. They all collect information about you, and many trade it freely. Of course, it’s not fair to assume that everyone is venal, but even when a vendor has a heart of gold they may be lacking in technical competence.

Don’t hold your breath waiting for meaningful laws to protect us. What can you do? You can secure your online communications and your web surfing to a degree with Tails, the forgetful Linux distribution. We’ll get back to this after a brief rant about “helpful” web browsers.

“Helpful” Web Browsers

The good nerds behind Firefox and Chrome try so hard to help us, and the harder they try the more annoying they become. First there were the nice discreet little color-coded padlocks in the URL bar (Figure 1).

I like those. They don’t get in the way, and they tell useful information. Useful, that is, if you have any idea what it all means. And even if you do, how do you know you can rely on it? Root certificate authorities have been hacked multiple times, including bigwigs Verisign and Microsoft.

Then Firefox and Chrome got downright hysterical, and make us jump through multiple hoops to enter sites they think are dangerous. Sometimes these warnings are useful, for example when a site is infected with malware, or has been hijacked. Most of the time they’re simply not SSL-enabled, and then we see something like Figure 2.

I appreciate the effort, but there is already excessive noise in normal computer use, and we are continually swatting away unhelpful notifications and warnings like annoying gnats. Many of these SSL defects are technicalities, like the domain name is not exactly correct. It’s all nutty anyway, because most of us are not security experts and have no idea how to evaluate if these warnings are meaningful.

Hide Yourself With Tails

Tails, the Amnesic Incognito Live System, is a nice live Linux distro that runs from removable media, like a USB stick, SD card, or DVD. Tails bundles a number of privacy tools into a polished Debian-based distro, including Tor (the Onion Router), HTTPS Everywhere, tools for controlling what information the Iceweasel web browser retains, NoScript, and other useful privacy tools.

To use Tails simply boot your Tails media. All the apps bundled in Tails are configured to route your traffic through Tor: email, Web surfing, instant messaging, the works. Tor foils traffic analysis by routing your online sessions through relays all over the world to hide your physical location, and to separate your identity from your online activities. Foiling traffic analysis is a substantial benefit, because marketers and government snoops rely on sophisticated traffic analysis to connect your identity to your online activities. You might have noticed how smartphones apps are especially greedy for your physical location; use the Tails Android app, Orbot. There is not a Tails app for iOS, but there is a Tor app for iOS.

Tor encrypts your session and hides your backtrail inside the Tor network of routers. After it leaves an exit node it’s back to whatever state it was when it left your computer, so if you’re surfing in the clear then it comes out in the clear. Encrypting your online sessions end-to-end is a separate problem, and Tails comes with a full complement of encryption tools: HTTP Everywhere to force SSL on sites that use SSL, OpenPGP for encrypting and digitally signing emails and documents, LUKS for disk encryption, OTR for instant messaging, and Nautilus Wipe for secure file deletion.

Tails leaves no trace; it makes no changes to the host system. When you’re finished reboot and it’s as though you were never there. If you need persistent storage you can copy files to a USB stick, or enable persistent storage on your Tails USB stick or SD card.

The downside of Tails is that Tor is often slow. For us fortunate ones, this is an inconvenience. For many people, it is a small price to pay for a literal life-saver.

Another hurdle is downloading and installing it onto removable media, which is an easy task when you know how. Fortunately the good Tails people have written a top-quality howto that walks you through every step, and provides excellent copy-and-paste commands, so that even a novice should be able to set it up.

Trust?

In preparation for this article, I followed the Tails installation instructions and created a brand-new Tails USB stick. You might notice the same thing I did: It still comes down to trusting unknown people, the Debian maintainers, the maintainers of the Tails downloads, various distro maintainers, the GPG signing keys, the Tails web site… we still have to place our trust in somebody.

Additional Reading

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Working with Swagger | Linux.com


RESTful services have been popular for quite some time now. They are widely-used, primarily for improved performance, ease of use and maintenance. Swagger is a popular API for documenting your RESTful Web APIs. You need some way to document your RESTful services to know the endpoints and the different data models used in the request and response payloads. This article presents a discussion on how we can use Swagger to document our Web APIs easily.

What is Swagger? Why is it needed?

Swagger is a framework that can be used for describing and visualizing your RESTful APIs. Swagger provides a simple, yet powerful, way to represent your RESTful APIs so that the developers using those APIs can understand the endpoints and the request and response payloads in a much better way. The success of your API largely depends on proper documentation as proper documentation helps the developers understand ways to consume your API better. Here’s exactly where Swagger comes to the rescue.

Read more at DevX

Getting to Know GNOME (From a Unity Perspective) | Linux.com


Unless you’ve lost all network connections over the past couple of weeks, you know the big news: Canonical announced it was dropping Ubuntu Unity and returning to its GNOME roots. Whether you think this is good or bad news, it’s happening. When the official Ubuntu 18.04 is released, it will be all GNOME. For those that have been happily using Unity for years, will this translate to a lesser experience and a learning curve for the new Ubuntu desktop?

Not completely. Yes, there will be features missing (some of which you may have grown to love), but the GNOME desktop has become an incredibly solid and user-friendly experience, one that can go a long way to help you be productive… and do so in style.

I want to compare some of the similarities (and differences) between Unity and GNOME, so anyone concerned they’ll soon be on the market for a new Linux distribution can be rid of those fears. Hopefully, by the time you finish reading this, you’ll be excited for the upcoming changes to the Ubuntu desktop.

The Dash

We’ll start off with some good news. Both Unity and GNOME have a feature called the Dash. For those that have been working with the Unity Dash, you’ll be happy to know the GNOME Dash is just as powerful. Not only can you launch and manage all of your apps from the GNOME Dash, you can also search for documents, locate software to install (with GNOME Software integration), work with dynamic workspaces, and even add apps to a special Favorites launcher (that functions in similar fashion to the Unity Launcher). Even better, you can extend the functionality of the GNOME Dash by addings extensions (more on that in a bit).

A quick visual comparison of the two different Dashes (Figure 1) seems to point to the Unity’s Dash offering quite a bit more in the feature department (such as a very powerful search filtering tool). To some, those added features were one of Unity’s biggest failings; it tried to do too much. With GNOME, you get a simpler experience.

Launcher

If we take a look at default desktops, driven by both Unity and GNOME, we see a fairly stark difference (Figure 2). With the Unity desktop, you have a Launcher, where you can open the Dash and add application launchers. With GNOME, that feature is tucked within the Dash (in the form of the Favorites bar).

This being GNOME, of course, we can actually add a dock-like-feature with the help of an extension (more on that later). However, without that extension, to get to all of your applications, you must open the Dash (click on Applications in the upper left corner or clicking the Super key on your keyboard) and then click on the grid of dots at the bottom of the Favorites bar. As you can see (Figure 3), the GNOME Dash application listing offers a somewhat similar experience to that of Unity. The biggest difference is the inability to filter results (beyond All or Frequent).

While in the application listing, you can right-click an application icon and click Add to Favorites (Figure 4) to include that launcher in the Favorites bar.

Global and Heads Up Menu

We’re about to find out one of GNOME’s shortcomings. I’ll begin this by saying GNOME’s take on menus can be a bit confusing at first. With some applications, you’ll find two menus: The application menu and the Global menu. The application menu is the standard, straightforward menu found within an application. The Global menu is a menu found in the titlebar of an app. Sometimes that Global menu is the only menu for an app. Depending upon the application support for Global menu, that menu will either offer only options for various elements of the application window (such as New, Preferences, About), or it will serve as the full-blown application menu (in lieu of the standard toolbar menu). To make this a bit more clear, open up LibreOffice, and you’ll see a standard menu toolbar, as well as a Global menu (Figure 5).

In the above image, I’ve opened the Global menu associated with LibreOffice, where you can open a new file, gain access to the LibreOffice preferences window, get help with and quit the application.

However, open Rhythmbox (the default music player in GNOME) and you’ll see there is only one menu—the Global menu—which contains all of the Rhythmbox menu options (Figure 6).

The reason for this confusion is that not all applications have come on board with the Global menu system. I hope, now that Ubuntu is shifting back to GNOME, this will change so we’ll see a more consistent menu system for the desktop.

If there is one feature that power users will miss from Unity, it’s the Heads Up Display (HUD) menu. This allowed the user to hit the Alt key and bring up an overlay that would search an application’s menu. This made it incredibly easy to find the exact menu entry you wanted. Say, for example, you wanted to center text in a LibreOffice document. Type your text, highlight it, click the Alt key, type center, and then select Centered (Figure 7).

With the HUD, you could work within an application without having to take your hands from the keyboard—something quite important to those who regard efficiency over all else.

Extensions

Now we come to a part of the program where GNOME clearly outshines Unity: extendability. This has always been an issue with Unity—a certain lack of configuration options. With GNOME comes extensions. GNOME Extensions are small pieces of code, written by third-party developers, that extend the desktop in many and varied ways.

Let me show you how to easily gain a dock (similar to the Unity Launcher) with the help of the Dash To Dock extension. To do this, open up the Firefox browser and head over to the Dash To Dock page click the ON/OFF slider to the ON position and click Install (when prompted). The Dash To Dock extension will be added and you can now enjoy the Favorites bar as a standard desktop launcher (Figure 8).

Whenever you add an app launcher to Favorites, it will automatically show up on the Dock.

You’ll find a vast number of Extensions that can be added to the GNOME desktop.

Prepare for the change

At this point, it’s just a matter of waiting. April 2018 will see the first release of Ubuntu with GNOME as its official desktop. Of course, if you don’t want to wait, you can always download and install Ubuntu GNOME; however, I would not be surprised if, when Ubuntu releases 18.04, we’ll see a few added features to GNOME. My fingers are crossed for a HUD-like menu system. What about you?

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Probe Your Linux Sockets With ss | Linux.com


We all know and love netstat (network statistics), because it is a wonderful tool for viewing detailed network connection information. An interesting alternative is ss, socket statistics. ss is part of the iproute2 suite of network tools.

ss displays statistics about your network sockets, which includes TCP, UDP, RAW, and UNIX domain sockets. Let us briefly review what these are.

Transmission Control Protocol (TCP) is a fundamental networking protocol. It is part of the Internet protocol suite and operates in the transport layer. All networking transmissions are broken up into packets. TCP guarantees that all packets arrive, in order, and without errors. This requires a lot of back-and-forth communication, as this joke illustrates:

“Hi, I’d like to hear a TCP joke.”
“Hello, would you like to hear a TCP joke?”
“Yes, I’d like to hear a TCP joke.”
“OK, I’ll tell you a TCP joke.”
“Ok, I will hear a TCP joke.”
“Are you ready to hear a TCP joke?”
“Yes, I am ready to hear a TCP joke.”
“Ok, I am about to send the TCP joke. It will last 10 seconds, it has two characters, it does not have a setting, it ends with a punchline.”
“Ok, I am ready to get your TCP joke that will last 10 seconds, has two characters, does not have an explicit setting, and ends with a punchline.”
“I’m sorry, your connection has timed out. Hello, would you like to hear a TCP joke?”

User Datagram Protocol (UDP is simpler and has less overhead. It is a connection-less protocol with no error checking or correction mechanisms, and does not guarantee delivery. There are UDP jokes, too:

I would tell you a UDP joke but you might not get it.

A UDP packet walks into a bar.
A UDP packet walks into a bar.

RAW sockets are naked. TCP and UDP encapsulate their payloads, and the kernel manages all the packets. RAW sockets transport packets without encapsulating them in any particular protocol, so we can write applications that manage network packets. Some applications that take advantage of RAW sockets are tcpdump and nmap.

UNIX sockets, also called inter-process communication (IPC) sockets, are internal sockets that processes use to communicate with each other on your Linux computer.

Dumping Sockets

Now we get to the fun part, dumping sockets! This is not quite as much fun as dumping a load from a backhoe, but it has its charms. These commands print the current state of TCP, UDP, RAW, and UNIX sockets respectively:

$ ss -ta
$ ss -ua
$ ss -wa
$ ss -xa

See how your UNIX sockets are verbose and numerous. If your Linux distribution uses systemd you’ll see it all over the place. This little incantation counts all the systemd lines:

$ ss -xa | grep systemd | wc -l
53

ss -a dumps everything. Let’s take a look at what the columns mean.

$ ss | less
Netid State    Recv-Q Send-Q Local Address:Port           Peer Address:Port                
u_seq ESTAB    0      0      @0002b 25461                 * 25462                
u_str ESTAB    0      0      @/tmp/dbus-C3OhS7lOOc 28053             * 22283   
udp   ESTAB    0      0      127.0.0.1:45509              127.0.1.1:domain               
tcp   ESTAB    0      0      192.168.0.135:40778          151.101.52.249:http 
tcp   LAST-ACK 1      1      192.168.0.135:60078          192.229.173.136:http
tcp   LISTEN   0      80     127.0.0.1:mysql                 *:*
tcp   LISTEN   0      128    :::ssh                         :::*

Netid displays the socket type and transport protocol.

State is the socket state, which are the standard TCP states. You’ll see ESTAB and LISTEN the most.

Recv-Q and Send-Q display the amount of data queued for receiving and sending, in bytes.

Local Address:Port is the open socket on your computer, and Peer is the address of the remote connection, if there is one.

Cool Examples

It’s always good to check for open ports. This shows all listening sockets:

$ ss -l

Seeing all the UNIX sockets isn’t necessary when you’re concerned about anything that might be open to the outside world, so this displays only listening TCP, UDP, and RAW sockets:

$ ss -tuwl
Netid  State      Recv-Q Send-Q  Local Address:Port    Peer Address:Port                
raw    UNCONN     0      0              :::ipv6-icmp   :::*                                                                                             
udp    UNCONN     0      0               *:bootpc      *:* 
tcp    LISTEN     0      80      127.0.0.1:mysql       *:*                                      
tcp    LISTEN     0      128             *:ssh         *:*                                       
tcp    LISTEN     0      128            :::http        :::*                    

UNCONN, unconnected, is the same as LISTEN. This example shows that pings are not blocked, bootpc is listening for DHCP assignments, MySQL is listening for local connections only, and SSH and HTTP are open to all requests, including external. *:* means all IPv4 addresses, and :::* means all IPv6 addresses.

You can see which processes are using sockets, which can be quite enlightening. This example shows the activity generated by a bit of Web surfing:

$ ss -tp
State      Recv-Q Send-Q         Local Address:Port       Peer Address:Port                
ESTAB      0      918            192.168.0.135:49882      31.13.76.68:https 
users:(("chromium-browse",pid=2933,fd=77))
ESTAB      0      0              192.168.0.135:60274      108.177.98.189:https 
users:(("chromium-browse",pid=2933,fd=114))
FIN-WAIT-1 0      619            192.168.0.135:57666      208.85.40.50:https                
ESTAB      0      0              192.168.0.135:52086      31.13.76.102:https                 
users:(("chromium-browse",pid=2933,fd=108))
SYN-SENT   0      1              192.168.0.135:46660      52.84.50.246:http                  
users:(("firefox",pid=3663,fd=55))
SYN-SENT   0      1              192.168.0.135:46662      52.84.50.246:http                  
users:(("firefox",pid=3663,fd=66))

Want to see the domain names? Add -r, for “resolve”:

$ ss -tpr
State      Recv-Q Send-Q    Local Address:Port     Peer Address:Port                
ESTAB      0      0         studio:48720           ec2-50-18-192-250.
us-west-1.compute.amazonaws.com:https   users:(("firefox",pid=3663,fd=71))
ESTAB      0      0         studio:57706            www.pandora.com:https                 
users:(("firefox",pid=3663,fd=69))
ESTAB      0      0          studio:49992           edge-star-mini-shv-01-
sea1.facebook.com:https      users:(("chromium-browse",pid=2933,fd=77))

Use the -D [filename] to dump your results into a text file, or use tee so you can see the output in your terminal and also store it in a file:

$ ss -tpr | tee ssoutput.txt

The more you know about TCP/IP, the more tools like ss will work effectively for you. The fine man ss contains a lot of useful examples, and if you install the iproute2-doc package you’ll find more help.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.