Piped: Watch YouTube videos

DV S I D
IN
+

D E
without getting tracked

ISSUE 294 – MAY 2025

Secure
Browsers
Privacy-focused solutions
for the surveillance age

Monitoring Nintendo Backup

Watch your processes with Keep your games alive
a simple Python script with the WIT suite
The State of Blockchain Nextcloud Apps
Extend your Nextcloud
Stats in Bash environment with
Using AWK to tease out powerful plugins
useful information
TERRIFIC
W W W. L I N U X - M A G A Z I N E . C O M
10 FOSS FINDS!
 EDITORIAL
Welcome

SIRI, SCHEDULE A MEETING

Dear Reader,
Fires were burning in Cupertino this March as news of an in- are reliable and steady, and this argues for slowing down
ternal meeting revealed consternation within Apple over the and making sure you get it right.
state of development for the Siri voice assistant. The situation As for these revolutionary new “convenience” features mak-
was described as “dire” in the headlines, although the meet- ing their way into the next generation of phones, not wishing
ing appears to have been more like a combination of a pep to sound like a hermit on a hillside (which, admittedly, I am), I
talk and an expectation-management exercise. Unfortunately, can’t help but be a bit amused that so-called “visionaries”
whoever leaked the news of the meeting leaked it to Bloom- such as Ray Kurzweil and Elon Musk imagine a future where
berg, who placed the article behind a paywall [1], so most of human brains incorporate elements of silicon technology to
the descriptions are from third parties [2], but it appears that form a super-charged hybrid thinking machine, when the
the “incredibly impressive” new features targeted for release real development appears to be more in the direction of
with iOS 19 “only work properly up to two thirds to 80 percent people offloading their thinking to external devices.
of the time” [3].
Despite the futuristic context, the real problem facing Siri and
It is embarrassing, of course, for this kind of thing to leak, but many other AI systems is the same issue that has plagued
I can’t believe it’s all that rare for companies to get behind commercial software development since its inception: mar-
on where they thought they would be and have to have an keting overpromising what engineering can deliver in the
all-hands meeting over it. Especially now, in this era of ar- available time. Apple has lived in this gray zone since its in-
tificial intelligence, when software managers are forced to ception. Early Apple employees used to talk about the “reality
use conventional time estimation techniques to guess how distortion field” that surrounded Steve Jobs. Actually, the
long it will take to develop very unconventional new features. company has been rather good at weathering such crises. In
Many of these new features appear to bring increased so- 2012, for instance, Siri faced a class-action suit from disgrun-
phistication to the sorts of tasks you can get Siri to do based tled users who felt the advertising for the iPhone 4S made
on voice commands – similar in spirit to the scene at the misleading claims about her intelligence [4]. The suit was dis-
beginning of Blade Runner when Harrison Ford's character missed on a technicality, but the impression remained, and
zooms in on an image by talking through it with his TV. The Apple eventually persisted and finessed their way through it.
new Siri is also supposed to be able to infer more from the Through the years, the company has stared down such crises
user’s context, including taking actions based on the contents by adeptly lowering expectations and simultaneously focus-
of the screen. The biggest problem isn’t that these features ing on development. I’m fairly confident they will find their
are late – it’s that they have already been announced (or way through this one in a similar manner. And if they don’t,
teased, anyway) in early advertising for the iPhone 16, and and Siri turns out to be just a little bit
it doesn’t look good to boldly go where no one has gone lower on the intelligence scale than
before and then have to take a sheepish step back. Still, it AI beauty-pageant rival Alexa,
seems the company will probably survive. I know this won’t something tells me that won’t be
sit well with the curators of Apple’s futuristic self-image, too much of a problem either.
but I’m not sure people even buy iPhones anymore for Apple will just give us something
their cutting-edge technology – they buy them because they else to covet.

Info
[1] “Apple’s Siri Chief Calls AI Delays Ugly and Embarrassing,
Promises Fixes,” Bloomberg (paywalled): https://www.
bloomberg.com/news/articles/2025-03-14/apple-s-siri-chief- Joe Casad,
calls-ai-delays-ugly-and-embarrassing-vpromises-fixes Editor in Chief
[2] “Leaked Apple Meeting Shows How Dire the Siri Situation
Really Is,” The Verge:
https://www.theverge.com/news/629940/apple-siri-robby-
walker-delayed-ai-features
[3] “All-Hands Siri Team Meeting Leaks to Bloomberg,” Daring
Fireball: https://daringfireball.net/linked/2025/03/14/all-hands-
siri-team-meeting-leaks-to-bloomberg
[4] Siri History on Wikipedia: https://en.wikipedia.org/wiki/Siri

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 3

 MAY 2025

ON THE COVER
32 Automated Process Monitoring 70 Ad-Free Videos
A homegrown Python app keeps tabs on the An alternative front end for YouTube videos
system and sends a warning if a process goes down. keeps you free of ad trackers.

36 Blockchain 76 Rescuing Nintendo Games

We all know about cryptocurrency – what else The Wiimms ISO Tools suite helps you migrate
can you do with it? We study some other your favorite games to more recent hardware.
potential uses for Blockchain.
88 Nextcloud Plugins
52 Bash Stats Extend your Nextcloud experience with ready-
Oh, the wonders you can uncover with one line made apps for mapping, microblogging, mind
of Bash. mapping, and more.

NEWS IN-DEPTH
8 News 28 Zen Browser
• CIQ Releases Security Hardened Version of Rocky Linux Zen Browser, an open source Firefox fork, promises users
• Gnome’s Dash to Panel Extension Gets a Massive Update greater convenience and improved data protection, along
• Blender App Makes It to the Big Screen with customizable display modes to help you stay focused
• Linux Mint Retools the Cinnamon App Launcher on your work.
• New Linux Tool for Security Issues
• Ubuntu 25.04 Coming Soon 32 Automated Process Monitoring
• Gnome Developers Consider Dropping RPM Support A simple Python script checks to see if a process is running
• openSUSE Tumbleweed Ditches AppArmor for SELinux and, if not, notifies the user via Telegram.

12 Kernel News 36 Blockchain

• Doing the Two-Step After all the hype, we look at where Blockchain is being
• Doing the Too-Much Step used today outside cryptocurrencies.

40 Command Line – Modernizing Commands

Many traditional commands now have modern
COVER STORY replacements. With tasksel, you can install all of them
in a single step.
18 Secure Browsers
Many users don’t realize that some of the leading web 44 Programming Snapshot – Go Animation
browsers collect user data without asking for permission. This Rather than using ho-hum bar graphs to display Internet
article looks at five secure alternatives for greater privacy. bandwidth usage, Mike Schilli enlists cartoon characters to
do the job. Along the way, you get a free introduction to
2D-gaming sprite technology.
REVIEW
52 Bash Stats
26 Distro Walk – Chimera Linux With just one line of Bash, you can use tools like AWK and
Chimera Linux combines core tools from diverse sources to gnuplot to quickly analyze and plot your data.
deliver a simple yet complete modern operating system.
56 DiffPDF
95 Back Issues 97 Call for Papers Most PDF viewers lack a function for comparing PDF files,
96 Events 98 Coming Next Month but DiffPDF shows you the differences at a glance.

4 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

18 Secure
Browsers
The Internet is much nosier
than it used to be, and many 67 Welcome
believe leading browsers like This month in Linux Voice.

Chrome and Firefox are part 69 Doghouse – Openness

of the problem. This month we There’s value in open software, hardware, and data in
what may seem like some of the most basic tools for
highlight some secure browser computer users.
alternatives that will help you
70 Ad-Free Videos
surf without leaving a trail. YouTube is slowly becoming less usable every year. Piped,
a privacy conscious YouTube front end, might be just
what you need to enjoy YouTube content once again.

MakerSpace 76 Rescuing Nintendo Games

The Nintendo Network went dark in 2024, but a thriving
60 Lua on OpenWrt, Pi, and PS Vita FOSS community continues to support the Wii platform
Lua is an interesting Python alternative for small embedded and other Nintendo devices. We’ll introduce you to some
machines that are not sufficiently powerful to run Python of the tools you can use to reclaim the magic.
scripts. We let an outdoor Pi send temperature data to a
PS Vita display. 82 FOSSPicks
Nate explores the top FOSS, including the shiny new
64 CO2 Sensors Zen Browser, a secure file eraser, an online office
Monitor your indoor air quality suite, and a very cool team combat game.
with an inexpensive CO 2
sensor. We look at three 88 Tutorial – Nextcloud Plugins
candidates to help you find Using apps to make Nextcloud more
the best solution. efficient and private.

@linux-magazine.com
TWO TERRIFIC DISTROS
@linuxpromagazine
DOUBLE-SIDED DVD!
Linux Magazine SEE PAGE 6 FOR DETAILS

@[email protected]

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 5

DVD
This Month’s DVD

Rocky Linux 9.5 and SystemRescue 11.03

Two Terrific Distros on a Double-Sided DVD!

Rocky Linux 9.5 SystemRescue 11.03

64-bit 64-bit
Rocky Linux is a nonprofit, community-based enterprise SystemRescue is one of the premier Live recovery
operating system. The project’s website describes it as tools for both desktop and server systems on Linux
“100-percent bug-for-bug compatible with Red Hat Enter- and Windows. Booted from a DVD or flash drive,
prise Linux.” SystemRescue contains a comprehensive set of tools
Rocky Linux 9.5 is focused mainly on security features ranging from standard editors and file managers
and upgrades. Its SELinux policy now allows the Qemu to disk partitioners and other basic system utilities,
Guest Agent to execute confined commands, while its including ddrescue, MemTest, and Rsync. System-
crypto-policies now control Java’s algorithm sections. Rescue supports common filesystems such as ext4,
Rocky Linux’s ca-certificates program provides trusted XFS, Btrfs, VFAT, NTFS, Samba, and NFS.
CA roots in the OpenSSL directory format. In addition, For a complete list of packages, see https://www.
both the OpenSSL TLS and the NSS cryptographic system-rescue.org/Detailed-packages-list/. All these
toolkits are upgraded. applications are supported by extensive documenta-
Other upgrades are included for Apache HTTP Server tion, including a Quick Start Guide, along with pages for
2.4.62 and Node.js 22, as well as system toolchain some of the more complex applications. Having a copy
components such as GCC 11.5 and Annobin 12.70; of SystemRescue close at hand and knowing how to
performance tools and debuggers such as GDB 14.2 use it can make recovery from a system crash much
and Valgrind 3.23.0; monitoring tools including PCP less painful.
6.2.2 and Grafana 10.2.6; container management util-
ities such as Podman 5.0; and compiler toolsets such
as GCC 14, LLVM 18.1.8, Rust 1.79.0, and Go 1.22. The
addition of the cockpit-file package in the web con- Defective discs will be replaced. Please send an email to
sole results in easier file management and provides [email protected].

basic web-based file navigation and commands. Although this Linux Magazine disc has been tested and is to the
best of our knowledge free of malicious software and defects,
Among known issues, the release notes mention that the Linux Magazine cannot be held responsible and is not liable for
Anaconda installer shows only empty pages when help any disruption, loss, or damage to data and computer systems
related to the use of this disc.
buttons are clicked.

6 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 NEWS
Updates on technologies, trends, and tools
THIS MONTH’S NEWS
08 • CIQ Releases Security
Hardened Version of
Rocky Linux
• Gnome’s Dash to Panel
Extension Gets a Massive
Update

09 • Blender App Makes It to

the Big Screen
• Linux Mint Retools the
Cinnamon App Launcher CIQ Releases Security-Hardened Version of
• More Online
Rocky Linux
10 • New Linux Tool for
Security Issues CIQ recently announced a new version of Rocky Linux with an awkward name but
• Ubuntu 25.04 Coming plenty of extra security. The name, Rocky Linux from CIQ – Hardened, certainly
Soon doesn’t roll off the tongue, but when you read about what the team has done to

11 • Gnome Developers
Consider Dropping RPM
this distribution, the name won’t matter.
Here’s the deal. Rocky Linux from CIQ – Hardened is delivered via a secure supply
chain and packages, pre-configured security, code-level hardening that blocks com-
Support
• openSUSE Tumbleweed mon exploits, automated security updates, enhanced threat detection, and support.
Ditches AppArmor for This is all done while maintaining API and ABI compatibility with the usual standards
SELinux applied to Enterprise Linux.
Other important features of Rocky Linux from CIQ – Hardened include system-
level hardening, accelerated risk management, strong access controls, and simple
deployment.
According to Gregory Kurtzer, CEO of CIQ, “The creation of Rocky Linux from CIQ
– Hardened was a direct result of the countless conversations I have had with secu-
rity-concerned IT executives.” He continues, “Organizations struggle to consistently
thwart security attacks across their Linux environments where even a single exploit
poses a major risk. Rocky Linux from CIQ – Hardened makes it harder for malicious
attackers to break into critical software infrastructure by providing a more secure
foundation and defense in depth while maintaining compatibility with the Enterprise
Linux standard.”
You can read more and sign up for a technical preview on the official Rocky Linux
from CIQ – Hardened site (https://ciq.com/products/rocky-linux/hardened/ ).

Gnome’s Dash to Panel Extension Gets a

Massive Update
Gnome fans know all too well about extensions. These tiny additions to the Gnome
desktop extend the functionality, feature set, and customization so users can wind
up with a desktop that is unique to them.
One such extension is Dash to Panel (https://extensions.gnome.org/extension/1160/
dash-to-panel/ ), which moved the Gnome Dash to a main panel at the bottom of the
display. This extension can make the desktop workflow a bit more efficient by reducing
the number of clicks required to launch an app.

8 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 NEWS
Linux News

The latest release of Dash to Panel has a new trick up its sleeve, one that a lot MORE ONLINE
of users will happily welcome. That feature makes it possible to use Dash to
Panel in dock mode. You can even set the margins to achieve a flowing panel/
dock look. Linux Magazine
You might be wondering, “Why not just use Dash to Dock?” One of the reasons www.linux-magazine.com
is because Dash to Panel offers a good number of customizations, such as grouping
apps with multiple windows together (so when you mouse over the app icon, the ADMIN Online
open windows will appear as previews so you can select the one you want), app http://www.admin-magazine.com/
icon badges, a new grayscale option for app icons, Intellihide remembering the last Core Linux Commands for HPC
state between reboots, and much more. • Jeff Layton
The latest release also includes Gnome 48 support and several visual tweaks, and Many people want to get into HPC but aren’t
per-monitor settings now behave more consistently across X11 and Wayland. You can sure how. We consider commands that would
check out the latest code for Dash to Panel on its official GitHub page (https://github. be a good starting point, especially if you
com/home-sweet-gnome/dash-to-panel), where you can read about the new features. want to build your own home system.

File Integrity Checks with AIDE

Blender App Makes It to the Big Screen • Matthias Wübbeling
If an attacker gains access to your systems,
You read it correctly, the open source 3D-creation software has made it to Hollywood. you need to quickly discover the attacker’s
In fact, a film that made use of Blender won an Oscar. The film in question is Flow, tracks to mitigate further damage. We show
which is an animated feature that follows the mystical journey of a cat and his friends. you how to monitor changes to files with the
According to Blender, the film is the very manifestation of Blender’s mission, Linux AIDE tool.
where “a small, independent team with a limited budget is able to create a story
Sizing Monster VMs
that moves audiences worldwide.”
• Wolfgang Weith
Recently, Francesco Siddi, COO of Blender, had an interview with Flow director
Massive, performance-hungry VMs require
Gints Zilbalodis. During that interview, Zilbalodis spoke about his migration to proper handling to meet their dynamic re-
Blender. quirements. We give you some rules to help
“After finishing my first feature, Away, I decided to switch to Blender in 2019, size these monsters properly.
mainly because of EEVEE. I started using the 2.8 beta or even alpha release,” he said.
“It took a while to learn some of the stuff, but it was actually pretty straightforward. Networking Linux on Azure
Many of the animators in Flow took less than a week to switch to Blender.” • Marcin Gastol
EEVEE stands for Extra Easy Virtual Environment Engine and is Blender’s real- We explore advanced networking strategies
tailored for Linux workloads on Azure.
time render engine that is focused on speed and interactivity.
Zilbalodis experimented with some game engines but found it difficult to create a Mini-Kubernetes Installations
workflow. For him, Blender was ideal and had every tool necessary to get the job done. • Martin Loschwitz
You can read the entire interview with Gints Zilbalodis in this official Blender blog If you want to try out Kubernetes or run it in
post: https://www.blender.org/user-stories/making-flow-an-interview-with-director- production, you have a number of options,
gints-zilbalodis/. even if you decide not to use the comprehen-
sive packages from established vendors.

Linux Mint Retools the Cinnamon App

Launcher
Sometimes change happens because it’s required. Sometimes change happens be-
cause it’s desired. Sometimes the twain shall meet and a change happens because
it’s both required and desired.
I believe that to be the case with the news from the official Linux Mint blog
(https://blog.linuxmint.com/?p=4811) about what’s coming for the Cinnamon appli-
cation menu. What the developers have designed isn’t a dramatic reinvention of the
app menu, but a sort of reconfiguring of the constituent parts.
Essentially, the redesign expands the side panel in the desktop menu such that it
shows the full name of pinned icons (launchers), but it also adds the standard home
folders (Home, Desktop, Documents, Music, Pictures, Videos, and Downloads). At
the same time, your username and avatar will be shown in the top-left corner of the
new menu.
Another change to the menu includes moving the screen lock, log out, and
shutdown buttons from the side panel to the bottom-right corner of the menu.
These are not game-changing reconfigurations, but they will go a long way to help
make the Cinnamon desktop menu a bit more efficient and give it a more modern

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 9

NEWS
Linux News

appearance. Up until now, the Cinnamon desktop menu was somewhat sparse and
looked a bit too old school for such a modern distribution.
This revamped menu will ship with Linux Mint 22.2 and the Cinnamon 6.6 desk-
top (as well as with any distribution that uses the latest version of Cinnamon).

New Linux Tool for Security Issues

Seal Security (https://www.seal.security/), a web-based security platform that pro-
vides advanced threat protection and incident response capabilities for individuals,
businesses, and organizations, is set to launch Seal OS.
According to the Seal OS website (https://www.seal.security/solutions/seal-os),
this new Linux tool will vulnerability-proof your Linux operating systems, so you can
deploy pristine, secure Linux images. Seal OS works like this:
1. Discovers vulnerabilities
2. Applies security patches
3. Deploys a new image
With Seal OS, you’ll be able to automate vulnerability remediation for your existing
Linux deployments while maintaining code security, compliance, and application
stability. You’ll be able to secure your Linux systems, installed packages, and leg-
acy and third-party apps, while staying compliant and within your service-level
agreement (SLA) and more. Seal OS can help your systems stay compliant with
FedRAMP, PCI DSS 4.0, NYDFS 500, and others.
At the moment, Seal OS will support Ubuntu, Debian, CentOS Stream, Oracle
Linux, Docker, Git, GitLab, RHEL, Alpine Linux, and Rocky Linux.
On the Seal OS announcement page, there’s no indication if Seal OS is an actual
Linux distribution or a back-end service that can be used to automate fixing security
vulnerabilities on Linux operating systems discovered on your network.
Currently, there is no alpha or beta to test, nor is there any indication as to when
the product will be released. You can, however, sign up for a mailing list on the Seal
OS page (https://www.seal.security/solutions/seal-os).

Ubuntu 25.04 Coming Soon

For those anxiously awaiting the next non-LTS release of Ubuntu, a plucky little
puffin has some exciting news. At the time of writing, Ubuntu 25.04 (Plucky Puffin)
is scheduled to be released on April 17 with quite a few notable features.
One of the more exciting (and under the hood) changes is the replacement of -O2
compiler optimizations with -O3. This should go a long way to boosting the execu-
tion speed of all apps. Also, Ubuntu 25.04 ships with the 6.14 kernel which provides
additional hardware support, better energy efficiency, and additional security
patches.
Another big update is Gnome 48. Not only does Gnome 48 further refine the re-
sponsiveness of the UI, but it also improves workflow and introduces a new Wellbe-
ing tracker that allows users to manage screen time.
Wayland support gets further improvements as the default display server for
smoother graphics and better HDPI support.
As for security, you’ll find enhanced encryption, better handling of Windows
BitLocker-encrypted disks, a redesigned Security Center Dashboard (for firewall,
updates, and vulnerability management), and the addition of Chrony for en-
crypted time sync.
Get the latest news Several other improvements include optimizations for the ZFS and Btrfs file-
systems, improved support for Snap and Flatpak, better support for OpenSC
in your inbox every smart cards in the Firefox Snap, refinements to the installer (with a focus on a
week better dual-boot experience), support for WPA-PSK-SHA256 WiFi in Netplan, and
much more.
Subscribe FREE Make sure to check the official Ubuntu site for the official download from April 17,
to Linux Update 2025. You can also read the official Plucky Puffin release notes here: https://dis-
bit.ly/Linux-Update course.ubuntu.com/t/plucky-puffin-release-notes/48687.

10 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 NEWS
Linux News

Gnome Developers Consider Dropping

RPM Support
We live in wild times, my friends. If the Gnome developers follow through with their
proposed plans to drop RPM support, these times are going to get even wilder.
Before you lose your Linux-loving mind, this doesn’t mean that the Gnome
desktop environment will only be available to install via Flatpak. However, it does
mean that the development team is considering removing support for RPMs
within Gnome Software.
That’s a mighty big change, but it’s one that’s been written all over the walls for
a while now. Many instances of Gnome Software (such as with Pop!_OS) already
default to Flatpak installations, so it should come as no surprise that the next step
in the evolution would be to make that the only option.
In one particular Fedora mailing list post (https://pagure.io/fedora-workstation/
issue/463#comment-955714), user tqcharm stated: “Since the consensus seems
to be that RPMs should be at the end of the priority list, what about decoupling
(removing) RPMs from Gnome Software completely?” The user continues to say,
“This might seem to be a step back, but it would make Gnome Software more
consistent between Workstation and Silverblue and support Fedora in its goal to
make Flatpaks the primary packaging option.”
That consistency is important, especially if Fedora wants to strengthen its brand
across all spins.
Red Hat engineer Michael Catanzaro affirmed tqcharm’s sentiment when he
stated in a reply (https://pagure.io/fedora-workstation/issue/463#comment-955741),
“Removing RPM applications is my long-term goal, but I’m not sure how quickly
we’ll be able to get there.”
There’s no definitive answer as to whether this will happen, but you can be sure
that if removing RPM support does happen it could divide the Fedora community.

openSUSE Tumbleweed Ditches AppArmor

for SELinux
OpenSUSE Tumbleweed is a rolling release that is as secure as any Linux distribu-
tion, and it offers plenty of tools for power users (such as YaST). For years it has
used AppArmor as its underlying security layer, but that is about to change.
As a bleeding-edge distribution, the Tumbleweed developers don’t mind making
dramatic changes, especially with the internals. One such dramatic change, which
was announced on the openSUSE Factory mailing list (https://lists.opensuse.org/ar-
chives/list/[email protected]/thread/G3W5NIY3OKRBHPHWTPY-
EUPSS4LKZN77N/ ), will be the move from AppArmor to SELinux for mandatory ac-
cess control.
SELinux will be set to enforcing mode on openSUSE Tumbleweed. However, if
you would like to stick with AppArmor, you can do so manually in the OS installer.
It's also important to note that existing installations will not be switched to SE-
Linux. Leap users don’t have anything to fear, because this move will not affect their
installations.
According to Cathy Hu (SELinux security engineer for SUSE), “We have tested
the change manually and automatically via openQA. However, if you encounter any
issues that could be related to SELinux, please feel encouraged to open a bug
(https://en.opensuse.org/openSUSE:Bugreport_SELinux) as it is really helpful to us.”
Many believe SELinux to be the superior security option, while some believe it can
be a bit too cumbersome.

QQQ

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 11

NEWS
Kernel News

Zack’s Kernel News

Doing the Two-Step kernel sources themselves would need
Sometimes developer conflicts are navi- to be modified – not necessarily in
gated with grace and poise. For example, terms of the code itself, but the code
Bart Van Assche recently invited public would need to be “annotated” to let
comment on something he’d been work- Clang know when and how to do its
ing on. Specifically, he pointed out that checks. Annotation is fun! It’s essen-
the Clang C compiler was capable of var- tially a code comment that gives the
ious compile-time tests – including mul- compiler hints as to how to proceed. A
tithreading safety tests – that could po- lot of languages support it nowadays,
tentially identify bugs in source code. To but annotation in some form or other
demonstrate this, he posted a patch con- goes back to the early days of comput-
taining fixes for almost 900 files in the ers. So, suggesting using it in Linux is
Linux kernel repository. His main ques- nothing new, although Bart’s specific
tion to the kernel developers was, should suggestion would involve adopting
Chronicler Zack Brown reports Clang’s compile-time thread safety Clang’s specific annotations wholesale
checks be enabled by default for the throughout the source tree.
on the latest news, views, Linux kernel? Bart explained, “Annotating struct
dilemmas, and developments Threads and thread safety are pretty in- mutex is a first step. Once struct mutex
within the Linux kernel sane topics, very easy to get wrong, and is annotated, driver contributors and/or
very difficult to debug. Threading simply maintainers can annotate structure
community. means that there are a bunch of programs members with GUARDED_BY() where
By Zack Brown all running at the same time (e.g., your this is considered useful. There are more
web browser, your file editor, your video synchronization objects that can be an-
player, and of course, a giant build of the notated with thread-safety attributes,
Linux kernel sucking up resources and e.g. spinlocks. This patch series only an-
making your movie skip frames). Modern notates struct mutex because annotating
operating systems run these threads “si- other synchronization objects too would
multaneously” by switching between have made this patch series too large.”
them so quickly that you never notice Marco Elver replied very diplomati-
only one of them is ever actually running cally, thanking Bart for describing what
at a given moment. But any time a thread he’d been working on. Marco explained
requests a bit of memory or some disk that the two of them had been working
space or any other resource on the sys- on this problem at the same time with-
tem, it needs to make sure that it and it out realizing it and that “only in recent
alone has access to that resource, even days learned we both have been working
though a thousand other threads may on bringing -Wthread-safety (aka.
make a thousand similar requests before Clang’s ThreadSafety Analysis, aka. Ca-
that one thread can finish using that re- pability analysis) to the Linux kernel. I
source. To solve this, there are many dif- have heard there have been prior at-
ferent types of “locks” including mutexes, tempts, but only recently did Clang
spinlocks, and others, whose job is to make -Wthread-safety properly work
prevent other threads from using a re- with C code.”
source for the duration of time it’s been Marco added, “we also realized there
Author claimed. Imagine trying to write kernel are 2 ways to bring this feature to the
The Linux kernel mailing list comprises features; never forgetting to lock the re- kernel.” One is the tree-wide approach
the core of Linux development activities. sources you need at the times you need that Bart had proposed in his patch. He
Traffic volumes are immense, often them, in the ways they need to be locked; said that “Adding support for more ‘ca-
reaching 10,000 messages in a week, and and then freeing them up again after- pabilities’ – initially primarily synchro-
keeping up to date with the entire scope wards. These Clang tests are a lifeline to nization primitives – becomes incredi-
of development is a virtually impossible help you get all that insanity right. bly hard after the first capability (cur-
task for one person. One of the few brave However, using Clang tests wouldn’t rently ‘mutex’ only). This approach
souls to take on this task is Zack Brown. be as easy as flipping a switch. The comes with all the known caveats of

12 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 NEWS
Kernel News

adding a new tree-wide static analysis bit of a middle ground. He felt that al- introduce new thread-safety attributes
to the kernel.” lowing maintainers to “opt in” would when useful to annotate kernel code. As
He went on to say, “In fact, what it simply result in many of them choosing an example, the Clang try_acquire_capa-
really is, is yet another dialect of C with never to do so. At the same time, he bility function attribute does not support
a ‘capability system’, with its own con- said, making the whole change all at functions that return pointers although
straints. I dislike Clang’s naming and once might be a bit much. As he ex- this is a common pattern in the Linux
the notion this is about ‘thread safety plained, “Opt-in just means some code kernel. I think that introducing a new
only’ – it’s not. It’s a simple capability will never get it. So I think we’ll need to function attribute to support functions
system, that can do much more.” eventually force all the useful capabili- that return pointers is a better solution
If one views the situation as proposing ties everywhere. Doing that step by step than trying to annotate such functions
to switch from one C dialect to another, by opt-in/opt-out for early adopters with any of the existing Clang thread-
Marco continued, then “we can’t change sounds fine.” safety attributes.”
the programming language (even if from Peter Zijlstra – admitting that he had a Marco was on board with that notion,
one C dialect to another) of the kernel lot of reading to do before he could re- saying, “Agreed – we can’t change the
overnight, a different approach might ally comment on the specifics of Clang existing semantics, but if absolutely
cause less friction.” behavior – asked if it were possible to necessary we could think about exten-
In his own proposal, Marco advocated, “stack” the various Clang annotations. sions (which I already started for some-
“A selective, incremental, and much less Specifically, he was thinking of some of thing else.”
intrusive approach. Maintainers of sub- his own code that needed both a mutex This led to a very brief technical dis-
systems opt in their modules or directo- and a spinlock to allow writing a piece cussion on the nature of supportable
ries into ‘capability analysis’ (via Make- of data, where either one or the other functions in the kernel, and the thread
file directive ‘CAPABILITY_ANALYSIS_ would suffice to allow reading the same ended.
foo.o := y’ or ‘CAPABILITY_ANALYSIS data. Peter’s question about stacking To me, this was a lovely example of
:= y’). Most (eventually all) synchroni- was regarding whether such require- two developers suddenly realizing that
zation primitives and more capabilities ments could be expressed as Clang they’ve been working on the same
(including ones that could track ‘irq dis- annotations. thing and that really in all likelihood
abled’, ‘preemption’ disabled, etc.) Marco replied yes and no. Yes, you only one of their efforts will be going
could be supported.” could stack Clang annotations, but, no, into the source tree. Instead of fighting
Finally, Marco suggested that “Com- it would not result in the subtle control about it, they each went out of their
bining approach #1 and #2 may some- Peter was hoping for. It would simply way to recognize the other and support
how be possible, but it is currently elud- mean someone would need to hold both the possibility that either approach
ing me. […] Depending on the feedback locks before performing any operation might legitimately be chosen. This
that results from these RFCs, I think we on the piece of data in question. Marco form of camaraderie is not necessarily
will be able to plan better which direc- did, however, add, “If you want the rules the most common thing to see on the
tion things should go.” to be more complex, the best way to ex- Linux Kernel Mailing List, but it’s not
In some Linux kernel development press that is with some helpers.” He unheard of either.
conversations, such a reply from Marco posted several possible helper functions
would result in a massive flame war that could be combined to do what Peter Doing the Too-Much Step
filled with enmity, oaths of vengeance, wanted. As the Linux kernel accepts more and
and an eventual resolution somewhere To which Peter replied, “Oh gawd, this more Rust code, the relationship between
years down the line that satisfied no one. is going to be a pain, isn’t it :/” the C developers and the Rust developers
Bart, however, replied, “Thank you Which on the face of it might seem undergoes a variety of painful transitions.
Marco for having explained clearly and negative, but Peter did seem to imply Remember, the Linux kernel – or at least
in detail what the possible paths are for that he expects this Clang testing sup- Linus Torvalds – did try at one point to
enabling thread-safety support in the port to actually happen. He wasn’t op- allow C++ into the kernel and ended up
Linux kernel. I agree that there are at posing it, at least not in that message. ripping it out again by the roots. Yet Rust
least two possible approaches (maybe In response to Peter, Marco said, “For is flooding the source tree with more and
there are even more possible complex locking patterns, yes. :-/ . more code all the time! There are bound
approaches?)” Which is why I’m proposing it to be opt- to be … opinions.
Bart affirmed that he preferred “en- in but relatively complete (most primi- Recently for example, there was a
abling the Clang compiler flag -Wthread- tives supported), so that either we have good old-fashioned Usenet-style flame
safety across the entire kernel,” but in time to work out how to deal with more war surrounding Rust in the kernel,
good spirits he ended with, “I’m looking complex patterns, or just leave some complete with f-bombs, social media
forward to the feedback from others things opted-out.” shaming, accusations of violations of the
about what their opinion is about how to Bart also replied to Peter, from the per- kernel developers’ Code of Conduct, and
enable thread-safety checking in the spective of his own proposal, saying, other things reminiscent of those glori-
Linux kernel.” “The Clang thread-safety annotations are ous early days. Although back then the
Christoph Hellwig was the first to used widely so behavior of existing attri- code of conduct amounted roughly to,
voice an opinion, essentially walking a butes must be preserved. I propose to “what, can’t you take it?”

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 13

NEWS
Kernel News

It started – well, one could say it “(I understand this is very abstract and abstraction layer for the DMA coherent
started with the very first Rust patch – we can go into details and examples, if allocator as a separate component (which
when Abdiel Janulgue posted a patch you like.) it would be anyways) ourselves.
to “Add a simple dma coherent alloca- “So, in the end, Rust drivers would just “As explained previously, this compo-
tor rust abstraction,” based on work by end up with each of them including a nent is just a user of the DMA coherent
Andreas Hindborg and Wedson Al- copy of those abstractions, rather than allocator API (just like any other driver)
meida Filho. Direct Memory Access using the C APIs from all over the place and the reason we want this component
(DMA) is a way of bypassing the CPU within the driver. is because otherwise this abstraction
in order to access RAM directly. Net- “This wouldn’t help with what you ask layer would end up in every Rust driver
work cards, GPUs, and other hardware for, it would just duplicate the ‘problem’. that needs the DMA coherent allocator as
need to do this for performance pur- “If you don’t feel comfortable main- duplicated code, which for obvious rea-
poses. DMA-coherent memory is mem- taining the Rust abstraction (or just don’t sons isn’t desirable.
ory that is accessible by both those de- want to), that’s fine. I don’t think any- “Throughout this conversation I did
vices and the CPU itself, without need- one expects you to do that, we can take not see technical arguments or concerns
ing to go through the normal process care of that instead. against this, but I did recognize your op-
of synchronizing the cache. “From your perspective, I think you can position against Rust in the kernel and
Cached data is data that is held in just think of the Rust abstraction as a cross-language projects.
memory for a while before writing, to single driver calling into the DMA API.” “Being a maintainer myself, I think it
give the illusion that the write happened Christoph was having none of this, is outside the scope of a maintainer to re-
at blindingly fast speeds. If the cache however, and shot back, “Don’t force me strict the usage of a public kernel API for
isn’t synchronized to the hardware being to deal with your shiny language of the a certain entity arbitrarily and/or by per-
written to, there could be problems if day. Maintaining multi-language projects sonal preference, which, as it appears to
some other device tries to read the data is a pain I have no interest in dealing me, is the case here.”
off of that hardware. DMA-coherent with. If you want to use something that’s There were various other responses to
memory presents a consistent view of not C, be that assembly or rust you write Christoph, including Daniel Almeida
memory to all users, thus avoiding the to C interfaces and deal with the impe- who remarked bitterly, “this person
overhead of synchronization. dence mismatch yourself as far as I’m waited until v8 to give a single line NAK
Abdiel’s patch added a Rust interface concerned.” [negative acknowledgement]. This is not
that Rust code could use to allocate Danilo replied, “Again, no one asks very nice.”
DMA-coherent memory. you to deal with or maintain this piece Jason Gunthorpe made an effort to ex-
Christoph Hellwig, in the C camp, re- of Rust code. […] This is exactly what plain things from the C point of view, re-
plied, “No rust code in kernel/dma, we’re doing and proposing here, isn’t it? minding the Rust folks of “the recent
please.” We wrote a single piece of Rust code that event where Linus defered the MM pull
Miguel Ojeda asked what Christoph abstracts the C API for all Rust drivers, request and some C patches were
suggested doing instead of this to allo- which we offer to maintain ourselves.” dropped because of rust kbuild bugs.”
cate that memory, and Christoph replied, A little later, Danilo posted, “Since He went on:
“Keep the wrappers in your code instead there hasn’t been a reply so far, I assume “It seems to me the message is now
of making life painful for others.” that we’re good with maintaining the crystal clear, and the opposite of what
Danilo Krummrich took exception to DMA Rust abstractions separately. you claim.
Christoph’s characterization of the Rust Hence, the next version of this patch se- “All PRs [pull requests] to Linus must not
contributions as “your code.” He asked ries will have the corresponding main- break the rust build and the responsibility
if, instead of this simple abstraction, tainer entry.” for that falls to all the maintainers. If the
Christoph would prefer duplicating the Christoph replied that he was explic- Rust team is not quick enough to resolve
same functionality in every single driver itly saying no to this patch and this ap- any issues during the development window
in the kernel. To which Christoph re- proach. He said, “If you want to make then patches must be dropped before send-
plied, “Yes, interfaces to the DMA API Linux impossible to maintain due to a ing PRs, or Linus will refuse the PR.
should stay in readable C code and not cross-language codebase do that in your “Effectively this seems to imply that
in weird bindings so that it remains grep- driver so that you have to do it instead of patches changing some of the C API can-
pable and maintainable.” spreading this cancer to core subsys- not be merged by maintainers unless ac-
In response, Danilo said: tems. (where this cancer explicitly is a companied by matching Rust hunks.
“Rust drivers shouldn’t use C APIs di- cross-language codebase and not rust it- “If there are different instructions to
rectly, but rather use an abstraction of self, just to escape the flameware maintainers I would be interested to know.
the corresponding C API. brigade).” “Thus, I would not describe this situa-
“One reason for that is that some re- OK. That “cancer” reference will come tion as ‘rests entirely on the Rust side’s
quirements C APIs naturally have, can be back to haunt the discussion. shoulders’.”
abstracted in a way, that the Rust com- Danilo explained: At this point, Greg Kroah-Hartman
piler already ensures certain things and “I accept that you don’t want to be in- came into the discussion, saying:
hence drivers have less potential to pro- volved with Rust in the kernel, which is “That’s not the case, the one you point
duce errors. why we offered to maintain the Rust at above was a tooling issue that people

14 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 NEWS
Kernel News

missed due to the holidays. Fixing it up “If this rust middle-layer abstraction is event that Linus doesn’t chime in over
was simple enough and people did so unacceptable to you, could you perhaps the next two months, but I would very
and moved on. suggest a solution so that all rust device strongly suggest that it’s sent to Linus
“Once a core api changes in a tree and driver don’t end up with redundant dma (assuming he doesn’t jump in now) as a
it hits linux-next and that blows up a coherent allocator rust code? Could the separate pull request.”
rust build, obviously people should notice rust team do something about it?” Paolo also said, regarding Christoph’s
it then and the rust maintainers/develop- Christoph replied, “The common “cancer” comment, “I agree that it was
ers have said they will fix it up. ground is that I have absolutely no inter- borderline and probably on the wrong
“So the claim remains the same here. est in helping to spread a multi-language side of the edge. But I am happy for one
It’s just like staging, api changes to sub- code base. I absolutely support using that Christoph has since expanded be-
systems are allowed to break staging, Rust in new codebase, but I do not at all yond the “cancer” comment, because
and rust code, and maintainers do NOT in Linux.” that’s at least a technical argument, un-
have to fix them up there, that’s up to the Up until now the conversation – from like yours above.”
staging and rust maintainers/developers the Rust side at least – had seemed to be Paolo also said to Hector, “I have a
to do so.” relatively civil. At this point, however, question, which is unrelated to my opin-
Jason replied, “you seem to be saying Hector Martin said: ion of Rust for Linux: in what way do
that Linus should have accepted An- “If Linus doesn’t pipe up with an au- you think this tirade is actually helping?”
drew’s PR and left rust with build fail- thoritative answer to this thread, Miguel Hector replied, “There have already
ures?” He added that Greg’s statement and the other Rust folks should just been high-profile departures from the
“makes me think you expect Linus to merge this series once it is reviewed and Rust for Linux project due to the open
have merged Andrew’s PR and left the ready, ignoring Christoph’s overt attempt hostility of certain kernel maintainers.
rust build broken so that the rust main- at sabotaging the project. If Linus pulls The tension in the air is palpable, and
tainer/developers could fix it later?” it, what Christoph says doesn’t matter. If so is the lowering morale. I’m encour-
To which Greg said, “I can’t answer Linus doesn’t pull it, the R4L project is aging the people involved to stop play-
for Linus, sorry. But a generic ‘hey, essentially dead until either Linus or ing nice and start playing hardball in
this broke our working toolchain Christoph make a move. Everything else these cases, because playing nice does
builds’ is something that is much is beating around the bush. not work with some people. Taking the
much much different than ‘an api “Rust folks: Please don’t waste your high road only works with people who
changed so I now have to turn off this time and mental cycles on drama like want to cooperate and reach a solution
driver in my build’ issue.” this. It’s not worth your time. Either that works for everyone. People who
As for Danilo’s statement that the Linus likes it, or he doesn’t. Everything openly do not want to cooperate nor
Rust people would fix any problems else is distractions orchestrated by a sub- reach any sort of reasonable solution
that appeared in the proposed Rust ab- set of saboteur maintainers who are try- should be shunned and ignored, as is
stractions into DMA-coherent memory, ing to demoralize you until you give up, the case here.”
Christoph also replied, saying, “Which because they know they’re going to be on On the issue of the technical merits of
doesn’t help me a bit. Every additional the losing side of history sooner or later. his argument, Hector said:
bit that the another language creeps in No amount of sabotage from old en- “My argument above may not be
drastically reduces the maintainability trenched maintainers is going to stop the ‘technical’ in the technology sense, but
of the kernel as an integrated project. world from moving forward towards it is quite specific and objective: Chris-
The only reason Linux managed to sur- memory-safe languages. toph has made it *very* clear that he is
vive so long is by not having internal “FWIW, in my opinion, the ‘cancer’ not intending to reach any sort of work-
boundaries, and adding another lan- comment from Christoph would be able solution. He has decided that he
guage completely breaks this. You enough to qualify for Code-of-Conduct ac- doesn’t want Rust in the Linux kernel
might not like my answer, but I will do tion, but I doubt anything of the sort will and will do whatever he can to stop it,
everything I can do to stop this. This is happen.” which fundamentally clashes with the
NOT because I hate Rust. While not my Paolo Bonzini and Jason both jumped goals of the R4L project in an irreconcil-
favourite language it’s definitively one in to rein in the conversation at that mo- able way. He may have his own ‘techni-
of the best new ones and I encourage ment. Jason said to Hector, “Please don’t cal’ reasoning for this, but this is irrele-
people to use it for new projects where hijack this side thread. This is about vant, because there is no way to appeal
it fits. I do not want it anywhere near a Linus’s policy for merging C code that to his technical concerns and the tech-
huge C code base that I need to breaks Rust builds. You should put this nical goals of the R4L project
maintain.” comment on the branch with Christoph’s simultaneously.
Abdiel responded to this, saying: NAK.” (Hector then replied, “Sorry for “What he is doing is quite literally
“I do acknowledge your reservations the thread mishap. It’s kind of hard to the dictionary definition of ‘sabotage’.
about the possible maintenance burden redirect to the other branch now Since his goal is to sabotage the R4L
due to the introduction of a rust (or an- though….”) project, in its fundamental goal, no
other language) consumer of the dma- While Paolo also said to Hector, “Hold amount of purely technical discussion
api. But I was hoping that we could ar- your horses … I agree that they should will allow us to reach a workable solu-
rive at some sort of common ground? just merge the series in the unlikely tion. Therefore, the only possible

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 15

NEWS
Kernel News

reaction is social in nature: Ignore misbehavior and hostility towards their same way it sure as hell wasn’t the solu-
Christoph, and work around him.” efforts from others. tion to politics.
Simona Vetter also responded to Hec- “I’m tired of getting messages, pri- “Technical patches and discussions
tor’s initial post in the thread. She gave vately and publicly, from all kinds of peo- matter. Social media brigading – no
some links to Hector’s social media posts ple, saying they won’t touch the kernel thank you.”
(at least one of which now seems un- with a 10-foot pole due to the hostility Danilo also replied to Hector, offering
available). She said to him: and the baroque, regressive process. advice on alternatives to social media
“I do understand the frustration and “I’m tired of seeing people get away shaming:
temptation to just burn it all to the with using words like “cancer” to describe “Most importantly be *consistent* with
ground, heed the call of the sirens, or others’ work, with zero repercussion. good technical arguments, calmly focus
maybe for me more pick up goat farming “I’m tired of *politely and calmly* call- on your actual matter rather than esca-
in the Swiss Alps. But you can’t have it ing out hostile and unwelcoming behav- lating any surrounding details.
both and expect to also be part of and ior from maintainers and suggest ways to “Accept that sometimes things can’t be
contribute to the same community. And improve, only to be ignored and nothing reached directly, but additional work is
personally I don’t appreciate getting change (note: this refers to other in- needed to change the preconditions.
drenched in gasoline while I’m trying to stances, not this instance). “Goals aren’t reached by burning
quench flames on the ground. “I’m tired of having to spend hours or bridges, but by building them. Sometimes
“And this isn’t the first time or the days of my time to upstream simple you may not be able to build a bridge
second, by now it’s a pretty clear pat- things, because even the simplest of where you would like to. But you can still
tern over some years. And with the first changes [end] up in a bikeshed. look for alternative routes with and
I could explain why you react like that “I’m tired of having to manually for- within the community.
and you had my full understanding, mat code instead of using clang-format. “Surely, it does take time and energy,
but eventually that runs a bit thin as “I’m tired of drive-by nitpickers who but certainly there’s no shortcut.”
an excuse. Now I’m left with the un- send useless review comments on code Hector was not swayed, saying “I’ve
likely explanation that you just like they don’t take the time to understand. used up all my spoons for this, and
thundering in as the cavalry, fashion- “I’m tired of having to review patches clearly Linus doesn’t think there’s a
ably late, maximally destructive, be- in an email client, where I can’t even tell problem in this thread worth replying to
cause it entertains the masses on fedi which patches are for me to merge and other than myself, so I’m giving up on
or reddit or wherever. I have no idea not without writing complex filtering fighting for any change or being part of
what you’re trying to achieve here, I re- rules to correlate email bodies with ker- the kernel maintainer community.
ally don’t get it, but I am for sure fed nel subsystem paths, which I don’t have Whether the rest of the kernel commu-
up dealing with the fallout.” the time to write and maintain. nity chooses to continue to live in an
Dave Airlie added: “I’m tired of having to type a half ugly bubble or actually try to fix some of
“To back up Sima here, we don’t need dozen ‘b4’ commands just to send a these systemic issues, is up to them.”
grandstanding, brigading, playing to the change. However, Hector did not leave right
crowd, streamer drama creation or any of “And I’m tired of hearing things will away. He had quite a bit more to say, in-
that in discussions around this. get better if I just ‘trust the process’ or let cluding: “I do believe the fact that essen-
“The r4l team and drm maintainer people work from within, while nothing tially all high-level Linux kernel main-
team have this sort of thing in hand, it’s seems to have actually changed in years tainers and contributors are paid by cor-
not like we don’t understand the commu- despite endless discussion about these porations to do it is a major factor that
nity of the Linux kernel, and having this problems on the sidelines. has caused this community to become
first reaction to blow shit up and drama- “If shaming on social media does not wildly out of touch with what it means
tise it just isn’t helpful. work, then tell me what does, because to be a community FOSS project.”
“Being toxic on the right side of an ar- I’m out of ideas.” To which Greg KH replied:
gument is still toxic, please try and be At this point, Linus came into the con- “Please note, that ever since I started
better, and maybe take a step back and versation, saying to Hector: keeping track of this type of thing, way
consider: is what you are posting going to “How about you accept the fact that back in 2003 or so, it has been the case
help the discussion or just adding point- maybe the problem is you. that over 80% of the contributions come
less drama to it.” “You think you know better. But the from company-funded developers.
Hector replied: current process works. Which means it really goes back before
“I’m tired. “It has problems, but problems are a that as well.
“I’m tired of seeing positive, technically fact of life. There is no perfect. “And that’s good, it means that we
impressive kernel projects blockaded de- “However, I will say that the social have backing to do this properly, from the
layed by maintainers with no technical media brigading just makes me not want companies that [benefit] from it. To not
justification, and at best end up moving to have anything at all to do with your have that would make it much harder for
along at a glacial pace. approach. any of this to work properly at all.
“I’m tired of seeing important contribu- “Because if we have issues in the ker- “So don’t try to play the ‘you all work
tors and maintainers give up and throw nel development model, then social for companies’ card, that isn’t going to
the towel after enduring repeated media sure as hell isn’t the solution. The fly as obviously we all speak for ourselves

16 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 NEWS
Kernel News

here, and our companies _know_ they those are even more likely to use a ker- some extent the boundaries of what it
can’t tell us what to do, but they give us nel.org account). means to be a maintainer. Among other
insight into the problems that they have “More importantly, not being central- things, Linus said:
with Linux in order for us to help change ized was very much a basic tenet of git, “You are not forced to take any Rust
it to make it better for everyone. so *if* git.kernel.org were to become code, or care about any Rust code in the
“Because again, everyone has the same problematic, it’s very easy to move git re- DMA code. You can ignore it.
problems (individuals and companies), positories anywhere else. Very much by “But ‘ignore the Rust side’ automati-
and so solving it for one ‘group’, solves it design.” cally also means that you don’t have any
for everyone.” Hector was not letting it go. He replied, *say* on the Rust side.
The discussion continued. At one “For all intents and purposes, 85% cen- “You can’t have it both ways. You can’t
point Hector remarked, “for better or tralized might as well be fully centralized. say ‘I want to have nothing to do with
worse, much of Linux infra[structure] That is, any downtime on kernel.org will Rust’, and then in the very next sentence
*is* centralized – for example, the mail- affect the community effectively the same say ‘And that means that the Rust code
ing lists themselves, and a lot of the Git as downtime on a true central SPOF [sin- that I will ignore cannot use the C inter-
hosting.” gle point of failure] would.” faces I maintain’.
To which Linus then replied: The discussion continued in a variety “Maintainers who *want* to be in-
“The mailing lists are mostly on kernel. of different directions, but the initial volved in the Rust side can be involved
org, but the git hosting most certainly is patch and prospects of including it in the in it, and by being involved with it, they
not centralized in any way. source tree or of finding an alternative will have some say in what the Rust
“The kernel.org git repositories used to solution were no longer mentioned. bindings look like. They basically be-
be special in that I didn’t require signed My own view on the whole question come the maintainers of the Rust inter-
tags for them, because I trusted the user of Rust in the kernel would normally be faces too.
maintenance. But I was encouraging to compare it to other cases where an “But maintainers who are taking the ‘I
signed tags even back then, and once it outside person or group has tried to don’t want to deal with Rust’ option also
got to the point where most were signed force controversial code into the kernel. I then basically will obviously not have to
anyway, I just made it a rule. So now ker- wouldn’t say that is what is happening bother with the Rust bindings – but as a
nel.org isn’t special even in that respect. here, but it does remind me of such result they also won’t have any say on
“Now, kernel.org is very much _conve- cases – and my prediction in that case what goes on on the Rust side.
nient_. And you see that in the stats: of would be that the Rust folks, or any such “So when you change the C interfaces,
my pulls in the last year, 85% have been group, would ultimately need to con- the Rust people will have to deal with the
from kernel.org. But that is very much be- strain themselves to the kernel require- fallout, and will have to fix the Rust
cause it is convenient, not because it’s ments. If that meant, as Christoph said, bindings. That’s kind of the promise
centralized. that the two languages would need to be here: there’s that ‘wall of protection’
“But that still leaves the 15% that kept separate, then that would be essen- around C developers that don’t want to
aren’t kernel.org. tially the “law of the land.” deal with Rust issues in the promise that
“Since I did the stats, in case anybody However in this particular case, Linus they don’t *have* to deal with Rust.
is interested, the top non-kernel.org hosts came in later with a very different take, “But that ‘wall of protection’ basically
for my pulls are github.com, git.samba. and a fairly definitive “law of the land” goes both ways. If you don’t want to deal
org, gitlab.freedesktop.org, evilpiepirate. that went against what Christoph had with the Rust code, you get no *say* on
org, git.infradead.org and git.lwn.net advocated. the Rust code.
(and there’s a handful of other ones in In a long email, Linus discussed the “Put another way: the ‘nobody is forced
there). situation, including his hopes that the to deal with Rust’ does not imply ‘every-
”(And while I did the stats just for controversy might have worked itself out body is allowed to veto any Rust code’.”
*my* pulls, if you look at total merges into a productive solution for everyone. The discussion will undoubtedly con-
over-all, the non-korg repositories are ac- But finally he had felt the need to iden- tinue for a long time, and policies may
tually at 20% – I think my percentages tify the proper boundaries himself. always shift. But for the moment at least,
are higher simply because I tend to pull In fact, Linus defined a wide-ranging Linus apparently intends to give Rust a
from mostly top-level maintainers, and policy that, as he affirmed, redefined to lot more rope. Q Q Q

QQQ

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 17

COVER STORY
Secure Browsers

Comparing five privacy-friendly web browsers

Under the Radar

Many users don’t realize that some of the leading web browsers collect user data without
asking for permission. This article looks at five secure alternatives for greater privacy.

By Erik Bärwaldt

T
he functionality of graphical browsers is largely similar, and RPM package management, but you will also find Snap
but they differ greatly in terms of security. For example, and Flatpak packages [2].
some browsers, such as Google Chrome, are considered On the project page, the developers point to private search-
overly chatty when it comes to personal data and ing, integrated VPN access, and ad blocking. Brave also blocks
downright negligent with regard to user tracking, but other annoying cookie banners. Filtering this content significantly re-
browsers offer default configurations that make it difficult or duces the volume of data that needs to be transferred, making
impossible to identify users and track their behavior. This Brave particularly suitable for users who have limited Internet
article investigates some browsers that are known for pro- bandwidth. Brave also loads websites faster as a result, filter-
viding a high level of privacy. ing invasive tracking technologies such as cross-site trackers or
fingerprinting by default without you having to manually load
Security extensions.
Web browsers are generally considered to be far more secure After completing the install, you can launch Brave from the
today than they were even two decades ago. This improvement desktop menu. The application comes with a conventional user
is primarily due to the intensive efforts of developers to elimi- interface. Brave is no different from other web browsers in
nate vulnerabilities. Unfortunately, the spectrum of potential terms of appearance or controls, which means that switching
threats is greater due to new attack and tracking technologies, to Brave does not involve a learning curve.
which means that hardening a browser involves a variety of When you launch Brave for the first time, you can decide
measures. whether you want to make it the system’s default browser.
The developers’ efforts focus on three main areas. The You can also import existing settings, such as bookmarks, ex-
browsers themselves offer various options in the configuration tensions, or passwords, from other browsers in a separate
dialogs that make it more difficult to track web browsing be- dialog.
havior. Some of these configuration options are also aimed at In the next dialog, Brave prompts you to decide whether you
preventing invasive types of tracking. However, if the settings want to take part in the project’s Web Discovery Project by sub-
are too strict, the browser might fail to display some websites mitting anonymized search data. The Brave project uses the data
correctly. for a native search index and promises to anonymize the data.
The second approach is to use add-ons to block tracking and The project is intended to prevent the collection of personal
advertising. Ad blockers also have the pleasant side effect of data in the browser and search engine by major providers such
making websites easier to read by hiding intrusive advertising. as Google or Microsoft. As other search engines such as Duck-
The third security option is to make it more difficult to iden- DuckGo are dependent on Google and Bing to answer search
tify the client by obfuscating the connection between the client queries, they cannot completely prevent personal data being
and the web server. VPN connections or the Tor network are collected. To counter this, the Web Discovery Project is looking
useful for this option. (The Tor network is a global anonymous to achieve total independence from the well-known commer-
network based on the principles of onion routing, a technique cial providers.
designed to ensure that the user’s Internet activity is untrace- In the last step of the basic configuration, the routine
able.) Some browsers include built-in VPN or Tor access, which prompts you to decide whether you want to send telemetry
removes the need to install additional client software. data. Both options are enabled but can easily be disabled by
unchecking the boxes.
Brave Browser The application’s default interface then appears. Unlike the
The Chromium-based Brave browser [1], or Brave for short, is familiar web browsers, you will not initially see any tiles for
an open source application for all platforms. On Linux, pre- quick access to commercial websites. Instead, there are three
compiled binaries are available for distributions that use DEB continuously updated numerical values for blocked trackers

18 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

and ads, the bandwidth saved as a result of this, and the load- enable filters from a choice of pre-configured and regularly
ing time saved. updated standard lists.
Bottom center, you will find the input box for the Brave The Privacy and security group of the Settings menu offers
search engine. Brave also displays two radio buttons: Talk lets settings for preventing fingerprinting and various tracking
you start a video conference without additional application methods, managing access to hardware components such as
software. Rewards refers to tokens for private ads that you can cameras and microphones, and blocking the transmission of
purchase in Brave. location data.
Brave comes with a built-in ad blocker, which means you do Brave lets you use the Tor network to access the Internet
not need an additional add-on such as Ublock Origin or Ad- without additional software. By default, the browser always
block Plus. You can configure the ad blocker settings in the Set- opens private windows via the Tor network. Clicking on the
tings menu, including blocking third-party cookies and delet- hamburger menu top right in the program window reveals a
ing cookies after closing a page. You will also find some op- New private window with Tor option. In the settings menu’s
tions for blocking embedded social media posts (Figure 1). Privacy and Security group, you can also choose to use bridges
All of the settings are configured using selection boxes or and enable Snowflake mode [3], which means you can use the
sliders. The dialog lets you create your own filter lists and Tor network even in countries that block Tor.

Figure 1: You can easily block advertising and tracking technologies in Brave using the slider and selection box.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 19

COVER STORY
Secure Browsers

data have been re-

moved. Installation in-
structions for several
distributions are avail-
able on the project
page. LibreWolf is also
is available as a Flat-
pack and as a distribu-
tion-independent App-
Image package [5].
The browser comes
up with a conventional
interface featuring the
usual controls. The pre-
installed extensions and
privacy-friendly settings
are immediately appar-
ent. For example, the
Ublock Origin ad
Figure 2: Brave can access the Tor network. blocker is pre-installed,
and you will find Duck-
The new private window with Tor opens a new dark mode, DuckGo on the splash page instead of the input box for the
purple-colored Brave instance (Figure 2). A green message box Google search engine.
is displayed once the connection has been successfully estab- Due to the close relationship between the two browsers, the
lished. The software then displays a Tor button, which you can LibreWolf settings dialogs look very similar to the Firefox dia-
press if you want to leave the Tor network. logs. There are differences though; for example, in the Search
The functionality of the private window is similar to the dialog, where you can specify which search engine to use, you
standard window. Advertising and tracking blockers remain will find a number of candidates in the selection box, and most
in place. of them are privacy-friendly.
When I compared Brave access via the Tor network with In comparison with Firefox, some of the changes to the Pri-
conventional Internet access, I could hardly find any perfor- vacy & Security category are particularly apparent. The entire
mance differences. The integrated ad blocker works just as Firefox Data collection and Use group has been removed and
efficiently because it
uses the same filter
lists to reliably block
unwanted content. An-
noying cookie banners
are also largely a thing
of the past.
Brave also allows the
use of a VPN to tunnel
the browser’s connec-
tion to the Internet.
This function has not
yet been implemented
on Linux, although it
has been announced.
Brave VPN, which is
available on a subscrip-
tion basis, is a commer-
cial product.

LibreWolf
LibreWolf [4] is based
on Mozilla Firefox, al-
though all of Firefox’s
components for sending
telemetry data, crash re-
ports, and diagnostic Figure 3: Many options for saving personal data are disabled in LibreWolf.

20 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 COVER STORY
Secure Browsers

the Website Advertising Preferences, which “allow websites to Using Mullvad browser is roughly equivalent to using Tor
perform privacy-preserving ad measurement,” have been de- Browser but without using the Tor network. Mullvad does not
leted without replacement. Numerous other Firefox setting necessarily require VPN access.
options relating to local storage of personal data and sending After you complete the install, the Mullvad browser auto-
the data to the Internet are still available in LibreWolf, but matically adapts to the desktop language setting without any
they are disabled (Figure 3). special localization. The Settings menu is unusually simple.
Thanks to full compatibility with Firefox, LibreWolf can use You will recognize several options that you will be familiar
all extensions for the Mozilla browser. You can add extensions with from Firefox, such as the synchronization service, but
via the Mozilla [6] website using the same steps you would use the developers have removed other features, such as options
in Firefox. I recommend installing a Google Analytics blocker for saving authentication data. For this reason, you cannot
and the Privacy Badger add-on from the Electronic Frontier store payment data such as credit card numbers in Mullvad
Foundation (EFF). LibreWolf will also use Firefox themes Browser, and you cannot store passwords to auto-complete
without complaint. forms. Mullvad Browser uses letterboxing to restrict the dis-
You can add your own filter lists to the pre-installed Ublock play of web pages to certain sizes, which makes it difficult to
Origin if necessary, and you can enable additional lists if you identify users based on window or screen size.
frequently access websites abroad and want to prevent region- The list of alternative search engines in the Mullvad browser
specific advertising. is unusually extensive. By default, Mullvad relies on DuckDuckGo
LibreWolf does not integrate its own VPN service. To use the for search queries, but lesser-known search engines, such as
browser with a VPN, you need to install a native VPN client, Brave Search, Mullvad Leta, Startpage, or Mojeek can also be
which will then route all network traffic through the VPN tun- enabled at the push of a button. The list does not mention
nel. Alternatively, you could integrate an add-on from a public search engines with dubious privacy settings, such as Google
VPN service into the web browser. Note that many of the free or Bing.
providers are financed by advertising, which means that these Due to its full compatibility with Firefox, Mullvad Browser
extensions will potentially collect and pass on your personal can also use Firefox extensions. The Ublock Origin ad blocker,
data. It makes sense to think about using a commercial VPN NoScript, and the Mullvad Browser extension are pre-installed.
service that guarantees a high level of privacy. The Mullvad Browser extension lets you use DoH (DNS over
HTTPS) via a VPN. You will need access to the Mullvad VPN to
Mullvad Browser use this proxy service, however. Like all of the Swedish compa-
The Mullvad browser [7], which is the result of a cooperation ny’s services, Mullvad is optimized for data economy; you only
between the Swedish VPN provider Mullvad and the Tor proj- need to provide unavoidable personal data for setting up and
ect, is an option that is virtually unknown. Mullvad is based on billing. Without access to the Mullvad VPN, DoH remains
Firefox and is available as an open source product for several switched on but is not additionally tunneled through a VPN. In
popular platforms. You do not need to have a Mullvad VPN in this case, you use the extension to manually select a secure
place to download and install the web browser (Figure 4). DNS server from a list, to which the browser will then send the
Installation instructions for Debian, Ubuntu and its deriv- DNS queries.
atives, and Fedora are available from the manufacturer’s The Mullvad browser can alternatively use the Tor network.
website. The instructions describe how to integrate a sepa- You’ll need to download one of the Tor add-ons available for
rate repository to support regular, automatic updating of the Firefox.
web browser [8]. You
will also find a tarball
on GitHub and can in-
stall this tarball on any
distribution indepen-
dently of the package
manager [9].
On the project page,
Mullvad points out that
the browser was devel-
oped with the aim of
avoiding tracking and
fingerprinting. The de-
velopers have adopted
many elements from the
Firefox-based Tor
browser to enhance se-
curity. On top of this, all
of the telemetry settings
implemented in Firefox
have been removed. Figure 4: The Mullvad browser is also based on Mozilla Firefox.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 21

COVER STORY
Secure Browsers

When you start Pale

Moon, you’ll see a mod-
ern-looking browser
window featuring a se-
ries of links and a
search box (Figure 5).
DuckDuckGo is the de-
fault search engine.
Above the input box for
the search is a book-
mark bar and above the
bookmark bar is a con-
ventional control bar
with an address box
and a menu bar.
When you open the
general configuration
dialog in Tools | Set-
tings, you will see that
Figure 5: Pale Moon comes with a very colorful start page. it looks pretty much
like its counterpart in
Pale Moon older Firefox versions and the functionality is also similar.
Pale Moon [10] is available as open source software for all The options are less extensive than in other web browsers.
platforms. The browser uses the Goanna engine, a descen- For example, there are no settings for handling multimedia
dant of the Gecko engine used by Mozilla in Firefox and hardware such as cameras or microphones. The Privacy and
Thunderbird. Security tabs offer a number of important options for blocking
Pale Moon focuses on data protection and security: The malware, but you will need to enable most of them explicitly
browser does not contain any advertising or telemetric ap- by checking boxes.
plications and does not collect any other data about the Like any other modern web browser, you can extend Pale
user. Unlike the Mozilla original, the browser still supports Moon’s feature set by installing add-ons. Go to the Tools |
XUL- and NPAPI-based extensions, which it was possible to Add-ons menu to call up the internal Add-On Manager (Fig-
use in Firefox versions prior to v57. ure 6), which offers a convenient and categorized extension
You can download Pale Moon from the project website in search option.
the form of two tarballs [11]. One of the packages is designed Numerous extensions for the web browser appear in the
for GTK-2 environments and the other supports GTK-3-based Privacy & Security group, ranging from cookie management to
user interfaces. The linked Contributed builds of Pale Moon tools for blocking fingerprints and ad blockers. Clicking on an
site also offers several repositories for MX Linux, Debian, and add-on starts the installation dialog, which then adds the ex-
Ubuntu [12]. tension to the web browser after you confirm the prompt.
All of the variants
are designed for 64-bit
systems. The tarballs,
which you can install
independently of the
distribution, weigh in
at just under 40MB,
which grows to around
115MB after unpack-
ing. After you unpack,
change your directory
to the subfolder and
launch Pale Moon at
the prompt by typing
./palemoon. You can
manually add a
launcher for the
browser to your desk-
top menu if you would
prefer to launch from
the GUI. Figure 6: Pale Moon has its own add-on repository.

22 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 COVER STORY
Secure Browsers

that can only be reached via the

Tor network and end with
.onion.
The Tor browser is available for
Linux from the Tor Project website
as a tarball [14], weighing in at
about 120MB. Unpacking the ar-
chive in a subfolder will cost you
around 320MB of disk space.
Change to the newly created sub-
directory and launch the program
by typing ./start-tor-browser.
desktop.
The program launches with a
dialog you can use to open a con-
nection to the Tor network (Fig-
ure 7). Click on Connect to start a
routine that automatically config-
ures access. (Use the Settings dia-
logs to configure the browser to
Figure 7: The browser window first launches the Tor client and then opens a connect to the Tor network auto-
connection to the Tor network. matically at launch.)
The Tor browser’s configuration
Click on the Extensions tab, and the Add-On Manager dis- dialogs differ significantly from those in the original Firefox.
plays all installed extensions. You can then manage them using All telemetry settings are missing, and there are additional
the buttons to the right of each entry. options for the update routines. DuckDuckGo is the default
Pale Moon lacks the usual configuration dialogs for setting search engine, and the application only offers Startpage as an
search engines. Instead, you will find a separate search field alternative. Both search engines also search in the Onion
on the right in the address bar; the browser displays the active domain.
search engine on the left. You can click on the arrow button The Tor browser always runs in private mode; numerous set-
next to the search engine to open a context menu for setting tings for passwords and history are far more restrictive than in
the search engine. Pale Moon lists half a dozen alternative Firefox. In the Connection category, you can set a number of
search engines. options relating to the Tor network. The dialog lets you bridge
Various features now implemented in Firefox are conspicu- addresses and make settings for Internet access via a firewall
ously absent from Pale Moon. For example, all of the telemetry or a proxy server (Figure 8).
settings are missing; instead you
will find an optional sync service
across multiple devices, which you
have to explicitly enable by setting
up a new account.
The Pale Moon Sync service
works independently of Mozilla
and is not compatible with the
Mozilla synchronizer. Pale Moon
does not support WebRTC and
DRM for handling audio-visual
content, and there is no integrated
PDF viewer.

Tor Browser
The Tor browser [13] has become
very popular in recent years. The
Mozilla derivative is based on the
current Firefox Extended Support
Release (ESR) versions and has
been expanded to include inte-
grated client access to the Tor
network. It can therefore also
reach “onions,” that is, websites Figure 8: The Tor browser lets you configure access to the Tor network.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 23

COVER STORY
Secure Browsers

Table 1: Secure Web Browsers

Brave Browser LibreWolf Mullvad Browser Pale Moon Tor Browser
License MPL v2 MPL v2 MPL v2 MPL v2 BSD 3-clause
Base Chromium Firefox Firefox Legacy Firefox Firefox
Extension by add-ons yes yes yes yes yes
Default search engine Brave DuckDuckGo DuckDuckGo DuckDuckGo DuckDuckGo
Search engine changeable yes yes yes yes yes
Ad blocker yes yes (add-on) yes (add-on) yes (add-on) with add-on
Tracking protection yes yes yes yes yes
VPN access integrated no (in planning) no yes no no
Tor access integrated yes no no no yes
Tor access automatic configuration yes no no no yes
Telemetry available yes no no no no
Telemetry can be disabled yes no no no no

Although the Tor browser is compatible with popular Firefox Mullvad and Tor browsers with integrated VPN access and the
extensions, only the add-blocking NoScript plugin is installed ability to connect to the Tor network are particularly appealing
by default. You will probably want to add an ad blocker such to users with an increased need for protection. Q Q Q
as Ublock Origin from the Firefox add-on repo to reliably re-
move annoying advertising from websites. Info
Because the Tor browser loads each website you visited in [1] Brave Browser: https://brave.com
an isolated environment, trackers and advertisements have [2] Install Brave Browser:
no way of tracking users across multiple websites to spy on https://brave.com/linux/#release-channel-installation
user behavior. By default, the application also deletes all [3] Snowflake mode:
cookies and browsing history when a session is closed. https://support.torproject.org/censorship/what-is-snowflake/
Another countermeasure to prevent fingerprinting is the Tor [4] LibreWolf: https://librewolf.net
browser’s function for customizing browser and device infor-
[5] Install LibreWolf: https://librewolf.net/installation/
mation. The browser adopts settings frequently used on the
[6] Mozilla add-ons: https://addons.mozilla.org
Internet, which makes it difficult to uniquely identify users.
[7] Mullvad browser: https://mullvad.net/en/browser
The Tor network typically establishes a connection via three
nodes, which it changes at regular intervals. However, it may [8] Instructions for the Mullvad browser:
https://mullvad.net/en/download/browser/linux
be necessary to manually renew the connection through the
Tor network. To renews the connection, use the New identity [9] Mullvad browser on Github:
https://github.com/mullvad/mullvad-browser
option in the hamburger menu. The browser then launches
with a new identity, which ensures secure web browsing even [10] Pale Moon: https://www.palemoon.org
if the old identity is compromised. The Tor browser encrypts [11] Download Pale Moon:
data to make the content unreadable for third parties. https://www.palemoon.org/download.shtml
[12] Unofficial Pale Moon packages:
Conclusions https://www.palemoon.org/contributed-builds.shtml
The five web browsers described in this article offer a privacy- [13] Tor Browser: https://www.torproject.org/
conscious alternative for users who are wary of giving their [14] Download Tor Browser: https://www.torproject.org/download/
data to Chrome and Firefox. See Table 1 for a summary of perti-
nent features. Brave browser and LibreWolf are solid web navi- Author
gators for everyday use and counter all common technologies Bernhard Bablok retired from Allianz Technology SE as an SAP
used for spying on users. Pale Moon is useful both as a second HR developer. When he is not listening to music, riding his bike,
browser and for Internet access on older and less powerful com- or walking, he focuses on Linux, programming, and small com-
puters thanks to its extremely resource-frugal operation. The puters. You can reach him at [email protected].

QQQ

24 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

REVIEW
Distro Walk – Chimera Linux

A from-scratch distribution
with a diverse toolset

Chimera
Linux
Chimera Linux combines core tools from diverse sources to deliver
a simple yet complete modern operating system. By Bruce Byfield

I
n Greek mythology, the Chimera defining moment or incident that in- effort and infrastructural burden is a
was a monster with a lion’s body, a spired it? definite goal. I was experimenting with
goat’s head, and a snake for a tail. rewriting that tooling from scratch, and
It is an ideal name for a distribution
nina (q66): The goal is to rethink the way the distro grew around the tooling over
assembled from various parts of different
a Linux system works and is structured at the coming months. I left Void by the
operating systems and tools from diversethe low level. I was always unhappy with time the distro became capable of self-
sources, ranging from FreeBSD core toolshow big distros are often opaque (i.e., dif- hosting and it became focused too
and Clang Power Tools to Alpine’s apk- ficult to see what’s going on under the much on multiple projects.
tools package manager and systemd’s hood), clunky, and inflexible (i.e., difficult
logind. This fresh approach makes Chi- to adapt to different needs and slow to LM: What are the advantages and chal-
mera Linux (Figure 1) [1] stand out fromadopt modern enhancements in the com- lenges of building a distribution from
the dozens of distributions derived frompiler stack), while small distros are often scratch, both in the software and in the
a handful of long-established popular made with a specific idea or feature in distribution’s organization?
distributions. Here, nina (q66), Chimeramind and the rest of the system suffers due
to not having enough thought put into it,
Linux’s project leader, goes into techni- nina (q66): The main advantage is that
which limits its usability.
cal detail about this original distribution. you have nothing holding you back from
There wasn’t any particular defining realizing your ideas. You can make things
Linux Magazine (LM): What are the moment. It was something I had been how you want them without the rest of
goals of Chimera Linux? Was there was a toying with in my head for years before the distro needing adaptations, so you
the project have a lot of freedom. The challenges are
started. In early making good use of that freedom and the
2021, I was a Void total amount of work everything be-
Linux developer, comes – and, of course, managing a com-
and I was un- munity around a project of that scope is
happy with the a challenge as well, since it’s important
quality of its build to set a good example and foster the de-
tooling and infra- velopment of an environment that is fun,
structure. That’s safe, and welcoming. This is especially
something that I important as Chimera is a community,
feel like is a prob- free software space driven by volunteers,
Lead Image © kirillm, 123RF.com

lem in a lot of dis- not a product. We are building this for

tros, so creating ourselves and everyone else who wishes
tooling that is to become a part of it.
pleasant to work
with and mini- LM: What criteria were used to choose
mizes the amount Chimera’s toolkit? Can you give some
Figure 1: The Plasma edition of Chimera Linux. of maintainer examples?

26 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 REVIEW
Distro Walk – Chimera Linux

nina (q66): I wanted to explore using nina (q66): All distros integrate tools nina (q66): I firmly stood against the
various compiler-based security harden- from a variety of sources. That’s kind cryptocurrency stuff from some years
ing techniques that are uncommon in of what defines a Linux distribution. back, and I can’t help but see the same
usual desktop Linux, things like com- All the tooling that we use fits fairly patterns this time. There are many things
piler-based control flow integrity protec- well together. I don’t think it’s particu- that make AI a nonstarter from an ethi-
tion and deployment of relevant produc- larly more challenging here than any- cal standpoint, so definitely not.
tion-usable parts of the sanitizer stack. where else.
That led to choosing Clang as the system LM: Who is the intended audience for
compiler, as GCC is way behind on these LM: Chimera assembles applications Chimera?
features. Deploying those features led to from a variety of sources. Does it include
choosing FreeBSD as the source of core any original apps? nina (q66): Currently mostly power
tools, because it was the only thing I users, meaning people that can handle
could use that was feature-rich enough nina (q66): Yes, lots. Well, I dunno if something like Debian, Alpine, Arch, or
to be usable while allowing me to build “apps” is a good thing to call them, be- Void. The system is generally leaning
it with the strictest possible hardening cause they are mostly low-level pieces, towards the desktop. The expectation is
without being too much of a pain. I was but for example: that the user runs it on their worksta-
also already familiar with the FreeBSD • Since Dinit is just a core service man- tion or laptop. However, we have good
community, being a long-time user. Musl ager, we have a complete suite of ser- support for single-board computers,
was chosen because glibc doesn’t work vice definitions for early boot and for networking equipment, and servers.
with a pure Clang compiler-rt system other services to rely on. This includes People are even playing with putting it
runtime (it dynamically opens libgcc_s. lots of functionality that needed vari- on mobile devices, and the system is
so.1, which normally does not exist in ous tools, such as management of bin- flexible enough to be a slim container
such a system). Nothing else was quite fmt registration, monitoring of devices, base as well. Brand new as well as
usable enough, and Dinit was chosen for management of the hardware and soft- some very old hardware is supported
service management because it seemed ware clock, kernel modules, mount- where reasonably possible. We support
to be a promising base to build some- ing, sysctls, and zram. a lot of architectures, from common x86
thing that can rival the parts of systemd I • Turnstile is a new framework for track- and AArch64 to PowerPC/ppc64/
like (which involves contributing to ing login sessions, which is something ppc64le and RISC-V and perhaps soon
Dinit itself as well as building more new a lot of software needs. It enables LoongArch. No use case is out of the
tooling around it). clean management of the D-Bus ses- question.
sion bus, the /run/user directory, as
LM: The project’s FAQ gives a detailed well as user services. LM: What plans does Chimera have for
opinion of systemd. How does Chimera • Libdinitctl is an API for controlling the the future?
actually use systemd? Dinit service manager from code,
which is relied on in lots of places. nina (q66): We plan to continue to
nina (q66): Chimera doesn’t use sys- • CKMS is our framework for manage- work on tools that benefit everyone
temd, but it uses some isolated parts of ment of out-of-tree kernel modules. and to build a good, universal Linux
it. Obviously udev is one thing, as a • Bandicoot is our daemon/application system, centered around the idea of
modern linux system can’t really work for capturing crash dumps and in- achieving 90 percent with 10 percent of
without it, but I also found the specting them. resources. We plan to avoid becoming
tmpfiles.d and sysusers.d frameworks There are also many little tools all over corporate-controlled and continue to
really nifty because they let us declara- the place. be a good community and stay ethical.
tively express what would otherwise be Free software is a political movement
done with adhoc shell scripts, and they LM: What security features does Chi- and always has been, and I want to re-
are a factor in enabling support for mera have? mind everyone that they can contribute
things like stateless systems in which in their own way. It’s not only (or even
all data not shipped directly by pack- nina (q66): Its similar to most Linux dis- primarily) about code, and making
ages is considered ephemeral. For now, tros in this regard, but it is significantly someone’s life a little bit better is more
we also still use the logind component more hardened at build time. Most pack- important than any technical
through elogind, but we are working on ages are built to disallow signed integer achievement.
replacing it with a homegrown frame- overflows. Clang control-flow integrity
work, due to various limitations of (CFI) is used in many places, and obvi- Conclusion
elogind. We also provide systemd-boot ously all the more common stuff, such For those who want to learn more
as one of the bootloader choices, and as SSP, PIE, RELRO, etc. There are plans about Chimera Linux and the philoso-
related tooling like ukify for creation of to deploy AppArmor in the future. phy behind it, the project’s home page
unified kernel images. is rich in detail. Q Q Q
LM: Does Chimera have any plans for in-
LM: How does Chimera integrate tools corporating AI, as some distributions are Info
from such a variety of sources? starting to do? Why or why not? [1] Chimera Linux: https://chimera-linux.org/

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 27

IN-DEPTH
Zen Browser

A customizable browsing experience

Meditative Surfing
Zen Browser, an open source Firefox fork, promises users the binary of the same name at the
command line.
greater convenience and improved data protection, along with When Zen Browser launches for the
customizable display modes to help you stay focused on your first time after installation, it first displays
work. By Harald Zisler a welcome message and then asks you a
few questions about your desired set-

T
tings. Start off by specifying your choice
he newly developed Zen Currently, the program lacks the ability of colors and the theme for the interface.
Browser, a Mozilla Firefox fork, to display multiple tabs in a single line, You can then import the bookmarks from
makes switching from the origi- although the developers are looking to a previously used browser and choose
nal Firefox browser easier add this capability to Zen Browser’s fea- your preferred search engine (Google,
thanks to its almost identical controls. ture set in an upcoming version (see the DuckDuckGo, or Wikipedia). Then press
With low resource consumption and “Version Jump” box). For the time being, Next to move on to the next setting.
innovative display modes, such as Zen Browser lists tabs vertically in the The granular settings relating to the
compact and split mode, Zen Browser sidebar. Similar to Firefox, you can quit start page, the search engine, the down-
offers genuine added value to newcom- the program by closing the last tab. load folder for downloads, data protec-
ers and those looking for a Firefox Zen Browser runs on Linux (x86_64 tion (for search, cookies, and history),
alternative. and AArch64), macOS, and Windows, passwords, and so on can be set up in
Zen Browser behaves like the original although the relatively new program is the Settings menu. You will find every-
Firefox in many respects, including in not included in the package sources of thing pretty much where you left it in
the settings, among other things. popular distributions. You can down- Firefox. However, the Privacy & Security
Photo by Callum Shaw on Unsplash

load Zen Browser from the website [1] menu does not contain any settings re-
Version Jump as a tarball or AppImage, or you can garding data collection by the project.
grab an installer from Flathub. The easi- According to the developers, Zen
I tested the Zen Browser alpha version
est way to install is with the tarball; just Browser does not send any data home,
1.0.1-a.19 for this article. After the edi-
unpack the TAR.BZ2 archive, which which removes the need for a data pro-
torial deadline, the project released the
weighs in at around 94MB, into a di- tection setting.
beta version 1.7.4b, which I was unable
rectory of your choice. This creates a The Zen Browser project offers various
to cover for this issue.
zen/ folder from which you can launch color and menu schemes in the form of

28 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Zen Browser

desktop for comparison

purposes.
You can access the split
view for two or more pages in
various ways. If you already
have the desired tabs open,
you can hold down the Ctrl
key and left-click select sev-
eral individual tabs, hold
down the Shift key and click
Figure 1: Settings for compact mode. for a group of tabs, or right-
click to open a tab’s context
mods (extensions) to help you refine the While you are there, you can also config- menu and select Split Tabs. If you now
browser’s look [2]. If so desired, you can ure compact mode (Figure 1). open a new tab or a tab that has not
change the current scheme at any time You can use the keyboard to switch been added to the split view, it will be
by calling up the Settings | Zen Mods compact mode on and off by pressing superimposed on top. If you click on a
menu; the browser imposes virtually no the Ctrl+Alt+C keyboard shortcut. tab that is already in the split view, you
limits on the level of experimentation Other shortcuts offered in the Settings are taken to the split view of all associ-
users can enjoy here. menu might be intercepted by various ated tabs again.
window managers, so you may need Zen Browser does not currently offer
Compact Mode to define a different shortcut for the option of canceling the split view at
Zen Browser comes with a compact switching to prevent this from the push of a button. In testing, the pro-
mode that hides the sidebar (Hide Top happening. gram crashed because it couldn’t handle
Bar) and toolbar (Hide Tab Bar) to pro- the multiple mouse-click split actions.
vide more space for displaying the ac- Split Mode However, switching using the keyboard
tual web pages. You can define whether As a special feature, Zen Browser offers shortcut worked in all cases.
or not the browser should display the the option of displaying two or more web-
bar in question when you mouse over sites simultaneously. To do this, Zen Keyboard Shortcuts
the matching region. Browser arranges two tabs next to each Speaking of keyboard shortcuts, there
You can access compact mode by other (Figure 2) and, if necessary, further are various shortcuts that help speed up
right-clicking on the right in the toolbar tabs below. The split mode feature elimi- the process of working with the web
directly below the window bar and en- nates the annoying manual task of drag- browser. Most of them match the short-
abling or disabling the compact view. ging individual browser windows on the cuts in Mozilla Firefox (see Table 1 for a

Figure 2: Zen Browser offers a split view of two or more tabs.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 29

IN-DEPTH
Zen Browser

selection of shortcuts). You can change As a user, you will quickly become ac- Browser that I tested, there were occa-
the shortcuts in the Settings | Keyboard customed to the new display and han- sional program crashes, but these are –
Shortcuts if a shortcut conflicts with your dling options and not want to be without without a doubt – due to the early stage
window manager or some other them. In the alpha version of Zen of the application’s development. Q Q Q
application.
Table 1: Examples of Keyboard Shortcuts
Customization Action Shortcut
Various menu items can be added to the Windows and Tabs
toolbar. To do this, right-click on the New window Ctrl+N
toolbar and select Customize Toolbar in New tab Ctrl+T
the context menu. Zen Browser then Restore tab Shift+Ctrl+T
shows you all the available tools in the Close tab Ctrl+W
lower section. Simply drag and drop the Close window Shift+Ctrl+W
desired tool(s) into the toolbar and then Reload page Ctrl+R
press Done to apply the changes. End program Ctrl+Q
You have the option of using the
Special Views
mouse wheel to scroll through the open
Split view on Ctrl+Alt+G
tabs. However, there is currently no
Split view side by side Ctrl+Alt+V
menu item for enabling this function. In-
Split view one below the other Ctrl+Alt+H
stead, you need to open the internal pro-
Exit split view Ctrl+Alt+U
gram configuration page (about:config)
Compact view on/off Ctrl+Alt+C
in a new tab and enter toolkit.tabbox in
Navigation
the search line. You will see the toolkit.
Sidebar on/off Shift+Alt+B
tabbox.switchByScrolling line (Figure 3).
Web panel on Shift+Alt+P
Now you just need to double-click to
Bookmarks bar Shift+Ctrl+O
change the value of the option false to
true to activate scrolling. Jump to tab 1 to 8 Alt+1..8
Jump to last tab Alt+9
Conclusions
I have been working with Zen Browser
for some time now. From the outset, the
low system load generated by the pro-
gram has proven to be a positive feature.

Info
[1] Zen Browser: https://zen-browser.app
[2] Extensions: https://zen-browser.app/
mods

Author
Harald Zisler has been involved with
FreeBSD and Linux since the early 1990s.
He is the author of various articles and Figure 3: To change tabs using the mouse wheel, go to about:config to
books on technology and IT-related topics. configure this setting.

QQQ

30 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

IN-DEPTH
Automated Process Monitoring

Process monitoring with Python and Telegram

Keeping Watch
A simple Python script checks to see if a process is running and, if is available on the Snapstore. From the
command line, you can install it with apt
not, notifies the user via Telegram. By Andrea Ciarrocchi using the command

R
eliability is a crucial aspect of a In addition, you will need a Telegram sudo apt install telegram-desktop

computer system, especially for account and the Telegram messaging ap-
servers. Because continuous plication [2] installed on a smartphone See the box entitled “Why Telegram?”
active monitoring isn’t feasible, or PC. For Ubuntu users, the application for more on why I chose it for this task.
implementing mechanisms to alert
the system administrator in case of a Why Telegram?
malfunction can be very useful. This
The choice to use Telegram for notifica- free. Additionally, with a tool like Slack,
article explores how to develop a simple tions comes from considering the avail- I would face the risk of future changes
tool that monitors the status of a process able options, each with its strengths in the company’s plans regarding ser-
and sends a Telegram message in the and disadvantages. The desirable char- vice pricing and feature availability.
event of a crash. acteristics of a notification system in- Email is widely supported by all kinds of
clude freedom from third-party con- devices and is free from third-party in-
Prerequisites straints, especially when it comes to terference. However, to send emails re-
To follow the development of this proj- for-profit companies; ease of use and quires a complex initial setup to support
ect, you’ll need an integrated develop- implementation; and flexibility, mean- various formats and the different secu-
ment environment enabled for Python ing the ability to send notifications to rity standards adopted by servers. Alter-
programming and some basic knowl- both smartphones and desktop envi- natively, I could install an SMTP server
ronments. A simple system involves on my own PC. A good candidate is
edge of the Python language. On
sending a text string to a listening port Postfix [5], which is relatively simple to
Ubuntu, it is possible to download VS
on a device using an application such configure, free, and open source. How-
Code from the App Center by simply
as Ncat [3], which is also available on ever, installing an SMTP server for send-
finding the VS Code page in the App smartphones. However, mobile devices ing notifications seems inappropriate
Center and clicking the Install button. If often have dynamic IP addresses, and too resource-intensive. The best
you prefer to proceed with the installa- which is inconvenient for this kind of compromise is therefore provided by
tion via the command line, the VS Code implementation. Additionally, receiving Telegram, an application managed by a
documentation provides all the neces- a string does not automatically notify private company but currently free. A
Photo by David Taffet on Unsplash

sary details for completing the proce- the user. Finally, for security reasons, scenario in which Telegram becomes a
dure on various distributions [1]. I rec- you should set up a firewall to accept paid service seems unlikely. Its configu-
ommend installing the Pylance, Python, connections only from trusted sources, ration for our purpose requires just two
and Python Debugger extensions to increasing the complexity of this ap- instructions and a few lines of Python
make development easier. Simply click proach. The Slack [4] platform is effec- code. Moreover, Telegram works on var-
tive and quite easy to use. However, ious platforms, including Android and
on the extensions button (on the left
Slack requires registration for its vari- iPhone smartphones, as well as desktop
side), select the extension, and proceed
ous usage plans, only one of which is environments.
with the installation.

32 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Automated Process Monitoring

Setting up a Telegram Bot as parameters when running the script screen; otherwise, a warning message is
The first step is to create a Telegram bot, from the console. sent to a specified user on Telegram.
which you can control using a Python The first step is to handle the applica-
script to send notifications. After launch- Developing the Script tion arguments, which include the
ing Telegram, access the search function The monitoring script will check token provided by Telegram, the user
by clicking on the appropriate icon at the whether a process is running at user-de- ID, the name of the process to monitor,
top of the main screen. Search for the fined intervals. If the application is run- and the time interval expressed in min-
string BotFather and select the corre- ning, the script prints a log string on the utes (Listing 1).
sponding entry. Then type the following
commands: Listing 1: Arguments
01 import requests
/start
02 import time
/new bot
03 from datetime import datetime

04 import psutil
BotFather will guide you through the
05 import argparse
process of creating a new bot, prompt-
06
ing you to choose a name and a user-
07 try:
name for your bot. You will receive a
08 parser=argparse.ArgumentParser()
token that you can use to interact with
the bot via a script. At this point, I 09 parser.add_argument("token", help="Token assigned by Telegram when creating
your Bot", type=str)
need to retrieve the user ID of the per-
10 parser.add_argument("user_id",help="User ID on Telegram", type=str)
son to whom I will send the messages.
11 parser.add_argument("process_name",help="Name of the process to check
I can use the Get Chat ID bot for this
for",type=str)
purpose. Just click on the User button
12 parser.add_argument("interval",help="Minutes of interval between
and select the desired contact from the
checks",type=int)
list. Make a note of the token and the
13 args=parser.parse_args()
user ID, which you will need to specify
IN-DEPTH
Automated Process Monitoring

The essential part of the script con- running (Listing 2). Listing 3: Output
sists of a loop that repeats as long as The boolean vari- filezilla up and running at 2024-07-21 16:49:13.559405
the process under examination is able found is set to
filezilla up and running at 2024-07-21 17:19:13.616971
False at the begin-
ning of the iteration. filezilla up and running at 2024-07-21 17:49:13.621785

Then the script re- filezilla up and running at 2024-07-21 18:19:13.624988

trieves the list of ac- filezilla up and running at 2024-07-21 18:49:13.628092

tive processes. If the
Process filezilla is currently down
process specified by
the args.process_
name parameter is present in this list, ID provided by the Get Chat ID bot,
the script prints an informative note to process_name is the name of the pro-
the screen with the current date and cess you are monitoring, and interval
time. It then sets the variable found to is the time interval for performing the
True. At the end of each iteration, if the checks (in minutes). For example, run
process is not active, the script outputs the following command to check the
an alert string then sends the same status of the filezilla process every
message to the user specified by the 30 minutes:
args_user_id parameter using the Tele-
gram REST API. The application is python crashinspector.py U

then closed. The main function is en- 7237372881:AAEA-ZPF9WMRX5aNSa0U

closed in a try-except block, and in PoJDCiUePoNqu0Uk 17130319 U

case of an error, an informative mes- filezilla 30

sage is displayed (Figure 1).

Assuming that filezilla is terminated
Practical Example after about two and a half hours, the
Launch the script from the terminal with output will be similar to Listing 3.
the following syntax:
Conclusion
python crashinspector.py U When launched from the console, the
token:user_id process_name U script described in this article obtains
interval the list of running processes and
checks for an instance of the process.
Figure 1: The script sends the user where token is the token provided by If an instance of the process is active, a
a message if the process is down. BotFather, user_ID is the Telegram user string indicating the date and time of
the check is printed. The cycle contin-
Listing 2: The Loop ues in the same manner for the speci-
01 while True:
fied time interval. If the process is not
running during an iteration of the
02 found=False
cycle, the application prints a warning
03 for process in psutil.process_iter():
on the console and sends an alert mes-
04 if(process.name()==args.process_name):
sage via Telegram. Q Q Q
05 print(args.process_name +" up and running at " +str(datetime.now()))

06 found=True Info
07 [1] Visual Studio Code on Linux:
08 if(found==False): https://code.visualstudio.com/docs/
09 message = "Process " +args.process_name + " is currently down" setup/linux
10 print(message)
[2] Telegram Messenger:
11 url = f"https://api.telegram.org/bot{args.token}/sendMessage?chat_
https://telegram.org/
id={args.user_id}&text={message}"
[3] Ncat: https://nmap.org/ncat/),
12 requests.get(url).json()

13 quit() [4] Slack: www.slack.com

14 [5] Postfix: www.postfix.org

15 time.sleep(args.interval * 60)

16 Author
17 except Exception as e:
Andrea Ciarrocchi is a technology
enthusiast. Visit his homepage at
18 print(f"Error {type(e)}")
https://andreaciarrocchi.altervista.org.

34 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

IN-DEPTH
Blockchain

Practical blockchain applications

Blocked Out?
After all the hype, we look at where blockchain is being used today outside cryptocurrencies.
By Tim Schürmann

T
he success of Bitcoin not only Blockchain is still widely used in finance from around 2019, at blockchain hype’s
prompted numerous other cryp- today, primarily for managing and pro- peak. It is from this period that Google
tocurrencies, but it also put cessing cryptocurrencies. The city of still turns up blog posts from large com-
blockchain in the spotlight for Detroit, Mich., in the US recently made panies raving about blockchain and
the IT industry. Investors jumped on the headlines for using blockchain to do planning its introduction.
bandwagon, companies appointed this. Starting mid-year in 2025, Detroit
blockchain managers, and countless will be accepting payments in crypto- Fresh Fish
studies and pilot projects explored the currencies [1], enabling people without Around 2019, the logistics industry was
potential applications. But what remains bank accounts, in particular, to pay their among the first to jump on the block-
of the former hype? This article sets out fees and taxes. chain bandwagon. The idea was that it
on a surprisingly rocky path in the In Germany, IT service provider would make it possible to securely track
search for clues about where blockchain adesso [2] has collaborated with Frank- goods, containers, and pallets at any
is being used today. furt-based finance technology company time. Every supermarket customer
A blockchain stores data blocks in a SWIAT, using adesso as one of several would then be able to check the block-
strict sequence. Unlike in a conventional validators. Independent systems ensure chain to see which trawler caught the
database, these blocks are stored in a that the blockchain used has not been prawns in their delicious prawn cocktail
chain. In order to detect manipulation, subsequently modified and that all ac- and from which part of the sea. The
each newly added block contains a tions carried out on it comply with pre- middlemen in the chain would also al-
checksum of the previous block, while defined rules – in this case with SWIAT’s ways know where their goods were (sup-
other sophisticated techniques ensure blockchain. ply chain management). IBM was look-
that the entire data chain can be stored Detroit, adesso, and SWIAT are just ing to empower traceability of fresh food
Lead Image © Dmitry Sunagatov, Fotolia.com

in a decentralized or distributed manner. three examples from the world of fi- [3] with its Food Trust project (Figure 1).
Blockchain’s functionality makes it nance. The list of blockchain applica- The idea was that the IBM Food Trust
suitable for accounting: It is tamper- tions in this area goes on and on. But project would also be able to store doc-
proof and every change can be tracked, what about projects outside the financial uments and certificates in the block-
like a kind of distributed ledger. Block- sector? chain. Producers and intermediaries
chain is also ideal for storing individual Anyone searching the Internet for would thus simultaneously be able to
tokens that represent passwords, images, blockchain solutions will initially find comply with requirements imposed by
or currency units, for example. mainly feasibility studies along with a governments and environmental organi-
For this reason, the financial sector wide range of ideas for potential use zations. The Food Trust project was
jumped on the blockchain bandwagon. cases. The majority of these articles date used by several large food companies,

36 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Blockchain

including Australian vegetable whole- to ask the blockchain whether a parked And It’s Still Running!
salers Antonello Produce [4]. car had a parking permit for the parking SAP is still actively promoting block-
space currently occupied. If put into use, chain technology. SAP also did not
No Comment the solution could have made paper reply to discuss how they are using
I reached out to IBM to learn more about parking permits a thing of the past. blockchain, but a post on the SAP web-
the current status of the Food Trust proj- In the same year, Materna presented site mentions a few specific current use
ect. At the time of writing, I have yet to the Citizen Blockchain Project at the cases [11] including Velocity [12], a non-
receive an answer to my request. CeBIT trade fair. Citizens were asked to profit organization that collects school-
Blockchain was a big topic at Deutsche submit data from their air monitoring leaving certificates, diplomas, and other
Telekom in 2022 [5], but I also failed to stations to the blockchain set up by Ma- career-relevant information in a block-
receive a response when I reached out terna. Materna generated a particulate chain. When an application is submit-
to that company for an update. In 2022, matter map from the measurement data. ted, the company looking for a candidate
Deutsch Telekom splashed out on the The solution rewarded all submissions has access to the candidate’s current and
Celo [6], Polkadot [7], and Q [8] block- with tokens. Participants could then use complete career history. With the help of
chain networks through its Telekom these to make purchases in local stores the blockchain, Velocity looks to ensure,
Multimedia Messaging Service subsid- or an online store. The Citizen Block- among other things, that no false infor-
iary. While Celo and Q focus on financial chain, which is based on Ethereum, was mation is included on an applicant’s CV.
services, Polkadot attempts to connect also geared to support further similar Aside from financial applications,
different blockchains. In all three proj- projects. Materna even set up its own adesso uses blockchain as part of ades-
ects, Deutsche Telekom provided com- blockchain lab for research and soDraws [13], an electronic draw system
puting capacity via its Open Telekom implementation. for winning lottery numbers. Adesso-
Cloud, among other things. How I contacted the Materna press office to Draws selects the random numbers re-
Deutsche Telekom is investing in block- find out what has become of the two quired by betting service providers and
chain today and whether it is still in- projects (information regarding both transparently logs them in a blockchain,
volved in the projects remained unclear projects is no longer available on the allowing the winning draw to be trace-
due to the lack of a response. However, Materna website [10]), and again there able as well as tamper proof. According
Telekom MMS [9] now seems to have was no response. However, one thing is to the adesso website, an open source al-
more or less fully jumped on the AI certain, the city of Cologne continues to gorithm is used for the draw.
bandwagon. issue its legacy resident parking permits, Adesso – but you probably guessed this
which have to be placed on the already – did not provide any information
Officially Dropped windshield. on this or other projects. However, per
In 2018, German IT service provider Ma- After all the hype, interest in block- their website, the company has bundled
terna developed a blockchain for the city chain seems to have cooled off consider- its blockchain projects in its banking divi-
of Cologne that recorded all processes re- ably. With a little patience, however, you sion, making it clear that blockchain is
lating to residents’ parking. Both law en- can still find blockchain in practical use primarily at home there.
forcement officers and citizens were able cases outside the world of finance. Bosch is also actively driving for-
ward several blockchain projects. The
company did provide some insights
into its blockchain strategy. One area
of application is audit-proof evidence
management for vehicle fleets, which
is important for sustainability reports,
among other things. Evidence is kept
with the help of public, decentralized
identity systems, which in turn are
based on a blockchain. This allows the
associated EU requirements to be im-
plemented simultaneously. The solu-
tion also offers the advantage that in-
formation can be verified without hav-
ing to disclose further data.
Blockchain can also be found in the
Matter smart home standard [14]. The
Internet of Things (IoT) devices that fol-
low the Matter protocol encrypt their
communication. Tamper-proof certifi-
cates stored in a blockchain prevent ac-
cess from devices that have been com-
Figure 1: IBM Food Trust logs the transportation of food. promised by attackers.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 37

IN-DEPTH
Blockchain

The software company Krekeler also IBM Blockchain will also run in a Kuber- hazardous goods transportation moni-
utilizes blockchain’s immutability in netes cluster or, to be more precise, on a toring [28]. The focus on logistics is
Documentchain [15], a blockchain that system with Red Hat’s OpenShift. It can not surprising, because the Fraunhofer
allows authors and artists to store impor- either be booked in the IBM Cloud or Institute for Material Flow and Logis-
tant information about a file, such as its you can run it in your own data center. tics (IML), the Chair of Corporate Lo-
hash, in an audit-proof manner. In this IBM Blockchain still appears to be on gistics, and the Chair of Materials Han-
way, later manipulation of the file or the offer, but the associated tutorial [22] for dling and Warehousing were the orga-
authorship of an image can be clearly developers dates back to 2021. nizations involved in the Blockchain
proven. If required, Documentchain can Europe project.
be integrated into your own applications. Building Blocks However, Blockchain Europe has been
Two Fraunhofer Institutes [23] joined dormant for around a year. The last pub-
Flat Shapes forces with two chairs at Technical Uni- lication was a free guide [29] on the de-
In addition to ready-made blockchain versity Dortmund to launch a European velopment of blockchain-based business
applications, numerous frameworks and blockchain project, Blockchain Eu- models. Customs clearance [30] and the
blockchain implementations have rope [24]. Blockchain Europe’s members e-waybill [31] were taken over by the
sprung up in recent years. Solana [16] have developed several open source Open Logistics Foundation. According to
provides a complete blockchain platform components [25] that allow companies Max Austerjost, project manager at
along with its own protocol. Solana facil- to quickly and easily implement block- Blockchain Europe, the working group
itates the development of blockchain ap- chain applications, including Token responsible for the e-waybill has rejected
plications, but it also focuses on finan- Manager for storing and managing as- the blockchain approach and is looking
cial transactions and purchasing virtual sets, Authorization Module, and Light for “simpler” approaches. The working
goods, which primarily means unique Node Service (Figure 2) for connecting group for customs clearance, on the
digital objects, also known as non-fungi- physical devices to a blockchain and ex- other hand, is sticking with the block-
ble tokens (NFTs). However, companies ecuting certified transactions. chain, but it is currently still looking into
are not allowed to operate their own These three components were ulti- funding additional developers.
private Solana blockchain. mately used to create a blockchain-
IBM is different: The company offers based document repository. Like IBM, Future Prospects
a blockchain platform [17], IBM Block- the Blockchain Europe developers drew Despite the hype having died down,
chain, that companies can use to de- on existing software, using the Cosmos blockchain still seems to be popular. In
velop their own blockchain products. SDK [26] and the Tendermint [27] a survey conducted by the IT industry
Vertrax and Chateau Software have used framework based on it. association Bitkom [32] in fall 2023,
IBM Blockchain to track oil and gas de- In addition to the digital repository, blockchain continued to play a role in
liveries. The IPwe [18] platform, which there were plans to develop further ap- five percent of all start-up companies in
specializes in patent rights, has used plications (modules), including block- Germany, while 22 percent were still
IBM Blockchain to record who owns chain-based customs clearance, elec- looking into its use. In its press release,
which patent or intellectual property (IP) tronic waybills (e-waybills), and the city of Detroit actively called on
and at what time, resulting in a Global
Patent Registry (GPR), which, among
other things, simplifies the search for
patents and their owners.

Open Source Base

IBM did not reinvent the wheel to de-
velop their blockchain platform. In the
background, IBM Blockchain uses the
open source Hyperledger Fabric frame-
work [19], which is primarily intended
for use by large corporations to set up
their own flexible blockchains.
The Hyperledger Fabric framework
provides the underpinnings for a surpris-
ing number of blockchain projects. In
fact, Materna also used the framework
for its resident parking solution men-
tioned earlier. Initially developed under
the umbrella of the Hyperledger Founda-
tion [20], the Hyperledger Fabric frame-
work is now part of the Linux Founda- Figure 2: Among other things, Blockchain Europe provides a
tion’s LF Decentralized Trust [21]. construction kit for logistics applications.

38 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Blockchain

entrepreneurs to submit ideas for further more of a niche product and that there is companies actively involved here, I can
possible applications for blockchain by often a lack of acceptance of the technol- only speculate as to the reasons behind
mid-December 2024 (no results had been ogy in this sector. With networking in this. It is very likely that there are simply
announced at the time of going to print). the mobility sector on the rise, Busch simpler and more established solutions
Blockchain also has a future at Bosch. sees the potential for products that can for most use cases.
In collaboration with Peaq [33], the fill the gap in the future. Max Austerjost cites another reason.
company is looking to introduce a De- Bosch brings this perspective to the He says that experience from various
centralized Physical Infrastructure GAIA-X 4 moveID project, part of the projects has shown that it is not techno-
(DePIN) device. This involves decentral- publicly funded European GAIA-X cloud logical feasibility but, instead, gover-
ized management of transport systems, infrastructure solution. GAIA-X 4 nance issues at the companies involved
energy networks, and other physical in- moveID aims to develop a decentralized that make it difficult to establish block-
frastructures based on blockchain. To- digital identity infrastructure for mobility chain solutions in practice, especially in
gether with start-up Fetch AI, Bosch has in Europe [34]. Bosch is significantly in- logistics. Nevertheless, many companies,
also set up a foundation to promote de- volved as the consortium leader and also and start-ups in particular, still have
centralized systems based on AI using relies on blockchain as a basis. blockchain on their radar, with some in-
blockchains and to promote an exchange teresting approaches. It remains exciting
in the industry. Conclusions and Outlook to see which applications blockchain
Bosch has also set its sights on mobil- Blockchain has firmly established itself will drive forward in the future. Q Q Q
ity applications. Peter Busch, Director of in the financial sector in particular. How-
the Mobility Strategy at Bosch, revealed ever, despite the wide range of potential Author
that blockchain is already being used applications and existing (open source) Tim Schürmann is a freelance computer
more widely in other industries, such as implementations, you still have to search scientist and author. Besides books, Tim
the financial sector. In the mobility sec- for use cases in other fields. Due to the has published various articles in maga-
tor, Busch says that applications are still lack of communication on the part of the zines and on websites.

Info
[1] Detroit use case: [19] Hyperledger Fabric: https://github.com/hyperledger/fabric
https://detroitmi.gov/news/detroit-become-largest-city-us- [20] Hyperledger Foundation: https://www.hyperledger.org/
accept-cryptocurrency-payments-taxes-other-fees
[21] LF Decentralized Trust: https://www.lfdecentralizedtrust.org/
[2] adesso and SWIAT collaboration: https://www.adesso.de/en/
[22] IBM Blockchain 101:
news/presse/adesso-and-swiat-facilitate-access-to-
https://developer.ibm.com/tutorials/cl-ibm-Blockchain-101-
blockchain-for-financial-institutions-with-swiat-access.jsp
quick-start-guide-for-developers-vbluemix-trs/
[3] IBM Food Trust: https://www.ibm.com/mysupport/s/topic/
[23] Fraunhofer Institutes:
0TO500000001y2FGAQ/blockchain-transparent-supply?
https://www.fraunhofer.de/en/institutes/institutes-and-
language=en_US&mhsrc=ibmsearch_a&mhq=food%20trust
research-establishments-in-germany.html
[4] Antonello Produce use case:
https://www.ibm.com/case-studies/antonello-produce [24] Blockchain Europe:
https://blockchain-europe.nrw/en/homepage-english/
[5] Deutsch Telekom use case:
https://www.telekom.com/en/company/details/blockchain- [25] Blockchain Europe source code:
technologie-und-die-telekom-1012528 https://git.openlogisticsfoundation.org/silicon-economy/
base/Blockchainbroker/digital-folder
[6] Celo: https://celo.org/
[26] Cosmos SDK: https://cosmos.network/
[7] Polkadot: https://polkadot.com/
[27] Tendermint: https://tendermint.com/
[8] Q: https://q.org/
[28] Blockchain Europe dangerous goods use case:
[9] Telekom MMS: https://www.telekom-mms.com/ (In German)
https://blockchain-europe.nrw/en/dangerous-goods/
[10] Materna: https://www.materna.de/en/
[29] Blockchain Europe guide: https://Blockchain-europe.nrw/
[11] SAP use case: https://www.sap.com/products/artificial- leitfaden-entwicklung-Blockchain-basierter-
intelligence/what-is-blockchain.html geschaeftsmodelle/ (In German)
[12] Velocity: https://www.velocitynetwork.foundation/ [30] Open Logistics Foundation customs blockchain:
[13] adessoDraws: https://www.adesso.de/en/ https://openlogisticsfoundation.org/foundation-projects/
adesso-branch-solutions/lotteriegesellschaften/ working-group-open-customs-Blockchain/
sonderthemen/adesso-draws/index.jsp
[31] Open Logistics Foundation electronic transport documents:
[14] Matter: https://csa-iot.org/all-solutions/matter/ https://openlogisticsfoundation.org/foundation-projects/
[15] Documentchain: https://documentchain.org/ working-group-electronic-transport-documents/
[16] Solana: https://solana.com [32] Bitkom 2023 survey: https://silicon-saxony.de/en/bitkom-
[17] IBM Blockchain: more-companies-are-dealing-with-blockchain-projects/
https://www.ibm.com/think/topics/blockchain [33] Peaq: https://www.peaq.network/
[18] IPwe use case: https://www.ibm.com/case-studies/ipwe [34] GAIA-X 4 moveID: https://moveid.org

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 39

IN-DEPTH
Command Line – Modernizing Commands

Installing modern
commands with tasksel

Modern
Times

Many traditional commands now have modern replacements. With tasksel, you can install all of
them in a single step. By Bruce Byfield

M
any basic Linux commands want to use, along with their chief ad- feature that was obviously not possible
date back to the beginnings vantages. Table 1 is by no means com- before color monitors, but is now com-
of Unix. In over 50 years, plete, so anyone interested in moderniz- monplace. Many commands, too, edit
many have changed only in ing their systems should explore the output and documentation for clarity
minor ways, such as supporting tera- commands listed as well as similar ones and conciseness, as well as to reflect to-
bytes as a measurement of memory. Yet in order to evaluate them. For many day’s hardware and use cases. Some,
distributions continue to include these modern commands, GitHub is the place too, provide line graphics despite run-
traditional commands by default, be- to start to learn more. Besides the advan- ning from the command line, making
cause they are familiar and good enough tages listed in Table 1, many of the com- them more accessible. Most are drop-in
for most purposes. mands listed share common traits. For replacements, except for options de-
In the past decade or so, replacement example, many color code their output signed for use with obsolete commands
commands have started to appear. A few so that directories and different types of and the limited memory of antique
are official updates, such as Debian’s apt files are identifiable at a glance – a computers.
(which tidies apt-get) or Fedora’s dnf
(which is meant to replace yum and its
obscure code). These updates replace
older software seamlessly, but many
other replacement commands remain
an option.
Any day now, I expect a new distribu-
Lead Image © adiruch, 123RF.com

tion to appear that installs some of the

modern replacements by default, but I fi-
nally got tired of waiting. I devised my
own simple hack to provide a thoroughly
modern set of commands with the help
of Debian’s tasksel [1] and its beginner-
friendly recipes.
Table 1 shows a list of some of the
modern replacements that users might Figure 1: The tasksel command-line interface.

40 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Command Line – Modernizing Commands

Working with tasksel (note the caret at the end) for the list tasksel recipe. Each recipe contains the
of Ubuntu-specific packages, such as fields shown in the example in Table 2.
After selecting the modernized com- kubuntu-full and ubuntu-mate-desktop. Save the recipe to /usr/share/tasksel/
mands you want to install, you need to Debian distributions install with descs/ or /usr/local/share/tasksel/
prepare a recipe for tasksel (aka task many tasksel recipes enabled. However, descs/ with a .desc extension. These
selection). Several decades old itself, you can also easily create your own directories can have subfolders to
tasksel is a little-known part of Debi-
an’s elaborate package management Table 1: A Partial List of Modern Commands
system, along with dpkg and apt. Most Traditional Modern Function Modern Advantage
Debian-based distributions use tasksel Command Command
apt, nala Debian pack- • Color functions
in their installer, where you may have
apt-get age manager • Concise output
seen it flash by on the screen in the
final stages of an installation, but not • Finds fastest mirror
all distros install tasksel by default. • Undo
• Parallel download
Ubuntu, for instance, does not. How-
bash kitty Terminal • Fast
ever, tasksel is generally available in
• Choice of interfaces
repositories and has several uses be-
• Extensible
sides in the installer. To start with, a cat bat File pager • Displays line numbers
recipe can be saved to reduce the time cd zoxide Change • Navigate to favorite directories with a few
to customize a new installation. In ad- directory keystrokes
dition, admins can use tasksel pack- • Works with all major shells
ages when installing multiple systems • Interactive directory selection
to ensure that each system is identical curl curlie Data transfer • Simpler interface
to the others. Moreover, if a minimal from URLs • Interactive health
net install is made, then tasksel can be • Customized config file with common
used to ensure that all installed pack- commands
ages are known to the admin – a basic • Works with JSON data
df duf Checks disk • Displays multiple devices
requirement for security.
space • Can select devices to display
Running tasksel requires root privi-
• Sorts multiple displays
leges. The bare command opens a com-
• Can display JSON data
mand-line interface (Figure 1) that lists diff delta File comparison • Displays line numbers
the recipes used during installation.
• More organized displays
Using
• Side-by-side view
• Compares directories
tasksel --list-task find fd (fd-find) Searches files • Supports regular expressions and glob
and directories • File type search path
displays the same information, prefac- • Works with .gitignore files
ing installed tasks with an i, and unin- • Can run command after file located
stalled tasks with a u (Figure 2).The grep rigrep Plain text • Faster
standard recipe is used only by the in- search • Searches on compressed files
staller, while the laptop package con- • Simple, customizable interface
sists of utilities that are useful on a history mcfly Records • Smart result prioritization
laptop, such as wireless tools and commands run • Track command exit status, timestamp, and
Bluetooth. Because tasksel has not execution directory
been updated since it started to use • Extensible
ls tree Displays files, • Visual representation of directories
meta-packages some years ago, the
directories • Select directories to display by number of files
--task-packages option only gives the
• Filter by device, last modification
meta-packages’ names, which is not lsd • Custom configuration file
very useful. However, if you install
• Custom display
apt-rdepends, you can see a package’s broot • Simple customizable displays
dependencies and recommendations. • Find and change to directory
You may also use the --test (-t) op- • Optional panels
tion before actually installing. Note • File previews
that in Ubuntu, either option only • Apply command on multiple files
shows Debian packages; to see Ubun- • Check Git status
tu’s tasksel packages requires the man tldr Documentation • Concise
workaround of entering • Examples
ping gping Tests availabil- • Graphs results
apt install task-name^ ity of hosts

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 41

IN-DEPTH
Command Line – Modernizing Commands

organize the tasksel recipes. For exam- tasksel install TASKSEL-NAME alias tree='ls'

ple, Ubuntu has subfolders for tasksel

recipes from Debian and Ubuntu-spe- To uninstall, run Alternatives
cific tasksel recipes. After saving the As an alternative, you could write a
file, to enable it, run as root tasksel remove TASKSEL-NAME Bash script that combines tasksel and
alias. I chose to present the procedure
When you are sure as I have because it is the easiest and
you want the mod- least intimidating option for inexperi-
ern command to enced users. More experienced users
replace the tradi- might consider the more long-term
tional one, you project of creating a custom install
might make the disc, using tasksel to do unattended in-
modern command stallations. While tasksel itself is get-
an alias for the tra- ting old, it is still an easy way to set up
ditional command. a system exactly as you want it with a
For instance, using minimum of effort. Q Q Q

Figure 2: Using tasksel from the command prompt.

Info
Table 2: A Sample Recipe [1] tasksel: https://wiki.debian.org/tasksel#Sample_use
Task: Modern commands
Relevance: 1 //Priority. 1 is high, 9 low Author
Description: This task provides a variety of modern commands. Bruce Byfield is a computer journalist and a freelance writer
and editor specializing in free and open source software. In
Key: // The software needed to install. Usually blank.
list addition to his writing projects, he also teaches live and
Packages:
e-learning courses. In his spare time, Bruce writes about
mcfly
Northwest Coast art (http://brucebyfield.wordpress.com). He is
fd-find
also co-founder of Prentice Pieces, a blog about writing and
tree
fantasy at https://prenticepieces.com/.

QQQ

42 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

IN-DEPTH
Programming Snapshot – Go Animation

Animated sprites show network throughput

Marathon
Runners
Rather than using ho-hum bar graphs to display
Internet bandwidth usage, Mike Schilli enlists cartoon
characters to do the job. Along the way, you get a free
introduction to 2D gaming sprite technology.
By Mike Schilli

T
he measured value in bits per to launch the daemon, which keeps a Now, a Go program could regularly re-
second for the data currently constant record of the throughput and trieve these values and display them in
pouring through my Internet con- stores the measured values in its own various ways. vnStat already comes with
nection provides information on binary database. After a little lead tools for interesting statistics (Figure 2),
whether my home network is working time, I can then query the number of but they still look a bit dull. How about
well or whether someone in the house- bits in the data flow over the past few using two cartoon characters as runners
hold is currently using an excessive minutes, hours, days, weeks, months, instead: one for the download count
amount of bandwidth. or even years. marching from right to left and the one
In a scenario where all of the data traf- Figure 1 shows the real-time output of for the upload marching in the opposite
fic flows through a central router such as the tool on the command line in re- direction, at a speed that matches the
my pfSense appliance, it is easy to aver- sponse to a request for the flow in both measured flow rate?
age the bit count over several seconds, directions. In Figure 1, the -i igb0 pa- Figure 3 shows the finished applica-
for example, using the genuinely helpful rameter selects the router’s WAN inter- tion. The Go program uses the Fyne
vnStat utility. To install the tool on my face, while -tr requests the utilization in framework to dynamically display the
pfSense router as a normal package in real time. runners. The runners not only move
typical FreeBSD style, I call vnStat normally listens for five seconds from left to right and vice versa, but also
before it outputs the averaged result. Add- animate their limbs as they run. This is
pkg install vnstat ing the unnamed 2 parameter shortens the achieved by overloading individual im-
time span to two seconds. The tool out- ages in quick succession like in a car-
and then puts the measured values for rx (receive, toon production – but more on this later.
download) and tx (transmit, upload) in
service vnstat start bits per second, kilobits per second, or Secure Without a Password
megabits per second depending on the For the Go program to be able to log into
order of magnitude of the measured value. the router’s user account without
Lead Image © Saniphoto, Fotolia.com

Author
Mike Schilli works as a
software engineer in the
San Francisco Bay Area,
California. Each month
in his column, which has
been running since 1997,
he researches practical applications of
various programming languages. If you
email him at [email protected] Figure 1: The vnstat command on the firewall displays the utilization in
he will gladly answer any questions. megabits per second.

44 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Programming Snapshot – Go Animation

interface, you will Flip Book

find the options Similar to a cartoon, you set the anima-
required to enable tion in motion by thumbing through the
SSH (Figure 4). individual frames like in a flip book. I
The Public Key was recently able to experience for my-
Only option tells self, at the Academy Museum of Motion
the daemon not to Pictures in Los Angeles, how much hard
accept a password work animated films took before the
for logins for secu- breakthrough of computer graphics.
rity reasons and Every frame was drawn by hand!
requires a public Each individual frame shows the char-
key instead. The acter in a state that differs only slightly
key file, with the from that of the previous frame. If the
appropriate per- next frame keeps moving the figure’s
missions config- limbs in the same direction, the illusion
ured, resides in of an animated cartoon figure is created
.ssh/authorized_ at a rate of several frames per second.
Figure 2: vnStat’s standard, plain tabular output. keys/ below the To remove the need for the program to
user directory on read dozens of frame files with individ-
entering a password and then call vnStat the router and gives the Go program ac- ual images from disk, all of the frames
in a shell, I need an SSH daemon to be cess to the shell. Using port 8022 instead are usually stored as tiles on a so-called
running on the FreeBSD system and of the standard port 22 is an additional sprite sheet. This means that the anima-
listening on a static port. This service gimmick, but you will then need to spec- tion program only needs to parse a single
is disabled by default, but if you go to ify the correct port separately later when file. It selects all the required frames by
System | Advanced and scroll down you open the SSH connection later by cropping the tiles at known locations,
quite a bit on the pfSense web setting the vnStat -p option. specifying the X/Y coordinates and the
height and width, which are also known.

Not Picasso
Artistically gifted readers should feel free
to draw their own sprites. If you are not
Picasso, though, it might be advisable to
download some freely available images
from freepik.com. The offset of the indi-
vidual frames from the edge of the sprite
sheet, and from each other, in the X and
Y directions can easily be determined as
pixel values by using a photo editor such
as Gimp (Figure 5). The animation pro-
gram (Listing 1) parses the downloaded
PNG file later, and then it proceeds to
Figure 3: Go and Fyne can be used to visualize downloads and uploads decode the compressed data and save
in a far more entertaining way. the image pixels in a Go standard library
structure of the image.Image type.
By way of an example, the second
frame in the second row of Figure 5
has an index number of 6, because the
indices start at zero and there are five
frames per row in the sprite. The
frame’s top left corner is located at the
X coordinate xOff + width + xPad while
the Y coordinate is yOff + height + yPad.
The NewSprite() constructor from line
18 in Listing 1 defines the coordinates
and dimensions of the individual im-
ages for this purpose.
The caller passes the reversed flag to
Figure 4: You can enable SSH for shell commands on pfSense with just a the constructor to define whether the ex-
few settings. tracted icon should run to the right or

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 45

IN-DEPTH
Programming Snapshot – Go Animation

left. To move to the left, the flipH() The extractIcon() function starting in sprite sheet contains the 10 images in
function starting in line 71 mirrors all line 59 extracts individual icons with two rows of five icons each (Figure 6).
icons horizontally after reading. index numbers that start at 0 in idx. The Based on the index number, the function
first performs an integer division and a
modulo operation to compute the row
and column of the desired frame. For ex-
ample, the icon with the index value of 8
is the second-to-last icon in the second
row, where row=1 and col=3 (remember
that indices start at 0).

Quirky Mirroring
The call of the Draw() function from the
Go image package used in line 67 of
Listing 1 has a minor quirk. After crop-
ping a single image, its coordinates do
Figure 5: The gaps between the individual images are used for cropping. not necessarily start at (0,0). Instead,
© topvectors, 123RF.com the variable with the partial image

Listing 1: sprite.go
01 package main 44
02 45 func loadPNG(path string) (image.Image, error) {
03 import ( 46 file, err := os.Open(path)
04 "image" 47 if err != nil {
05 "image/draw" 48 return nil, err
06 "image/png" 49 }
07 "os" 50 defer file.Close()
08 ) 51
09 52 img, err := png.Decode(file)
10 type Sprite struct { 53 if err != nil {
11 xOff, yOff int 54 return nil, err
12 width, height int 55 }
13 xPad, yPad int 56 return img, nil
14 columns int 57 }
15 reversed bool 58
16 } 59 func (s *Sprite) extractIcon(sheet image.Image, idx int)
17 image.Image {
18 func NewSprite(reversed bool) *Sprite { 60 col := idx % s.columns
19 return &Sprite{ 61 row := idx / s.columns
20 xOff: 313, yOff: 67, 62 x := s.xOff + col*(s.width+s.xPad)
21 width: 205, height: 258, 63 y := s.yOff + row*(s.height+s.yPad)
22 xPad: 27, yPad: 39, 64
23 columns: 5, 65 iconRect := image.Rect(x, y, x+s.width, y+s.height)
24 reversed: reversed, 66 icon := image.NewRGBA(iconRect)
25 } 67 draw.Draw(icon, iconRect, sheet, image.Point{x, y},
26 } draw.Src)

27 68 return icon

28 func (s *Sprite) Icons(file string) 69 }

([]image.Image, error) { 70
29 icons := []image.Image{} 71 func flipH(src image.Image) image.Image {
30 img, err := loadPNG(file) 72 bounds := src.Bounds()
31 if err != nil { 73 width := bounds.Dx()
32 return icons, err 74 height := bounds.Dy()
33 } 75 dst := image.NewRGBA(bounds)
34 76
35 for i := 0; i < 10; i++ { 77 for y := 0; y < height; y++ {
36 icon := s.extractIcon(img, i) 78 for x := 0; x < width; x++ {
37 if s.reversed { 79 flippedX := bounds.Max.X - 1 - x
38 icon = flipH(icon) 80 dst.Set(flippedX, bounds.Min.Y+y, src.At(bounds.
39 } Min.X+x, bounds.Min.Y+y))
40 icons = append(icons, icon) 81 }
41 } 82 }
42 return icons, nil 83 return dst
43 } 84 }

46 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Programming Snapshot – Go Animation

Cartoon Time
The GUI framework Fyne now has to
thumb through the 10 individual
cropped images in quick succession in-
side a container to create the illusion
of movement.
Listing 2 defines the Flicker structure in
line 10. It saves the frames as an array and
stores whether the runner should move to
the right or left in Reversed. The Load-
Sprite() function starting in line 21 later
Figure 6: The sprite sheet contains the individual images of the calls Icons() from Listing 1 to load the
animation in two rows of five icons each. © topvectors, 123RF.com frames from the file with the sprite sheet.
For Fyne to be able to display the frames,
retains a reference to the full sprite in line 77, to first iterate over all pixel NewImageFromImage now has to import each
image and sets an (X,Y) offset in its coor- rows based on the frame height and frame object. Line 33 of Listing 2 appends
dinates to the actual top-left corner of then over all columns based on the each new frame to the Frames array in the
the icon. frame width. The code then swaps the instance structure for later use.
The flipH() function starting in line pixels at opposite X values in each The cartoon character starts running
71 also needs to take this into account. image row. While doing so, it takes into when Animate() is called, starting in line
The assumption that the X and Y coor- account the X and Y offsets extracted 38. The runner’s starting speed is initially
dinates start at 0 when flipping results from the original image as Bounds(). set to 0.0. It can increase to a maximum
in an incorrect section. The correct ap- Note that these do not necessarily of 100.0 over the course of the run. The
proach is to use a double loop, starting match the indices of the for loop. goroutine launched concurrently starting

Listing 2: flicker.go
01 package main 33 f.Frames = append(f.Frames, canvasImage)

02 34 }
03 import ( 35 return nil
04 "fyne.io/fyne/v2"
36 }
05 "fyne.io/fyne/v2/canvas"
37
06 "fyne.io/fyne/v2/container"
38 func (f *Flicker) Animate() (*fyne.Container, chan
07 "time"
float64) {
08 )
39 ch := make(chan float64)
09
40 con := container.NewMax(f.Frames[0])
10 type Flicker struct {

11 Frames []*canvas.Image 41 speed := 0.0

12 Reversed bool 42 count := 0.0

13 } 43
14 44 go func() {
15 func NewFlicker(reversed bool) *Flicker {
45 for {
16 return &Flicker{
46 select {
17 Reversed: reversed,
47 case speed = <-ch:
18 }
48 speed = limiter(speed)
19 }

20 49 case <-time.After(100 * time.Millisecond):

21 func (f *Flicker) LoadSprite(spriteFile string) error { 50 count += speed / MaxSpeed * 2

22 s := NewSprite(f.Reversed) 51 frame := f.Frames[(int(count) % len(f.Frames))]

23 icons, err := s.Icons(spriteFile) 52 con.RemoveAll()
24 if err != nil {
53 con.Add(frame)
25 return err
54 frame.Refresh()
26 }
55 }
27
56 }
28 for i, img := range icons {

29 icon := s.extractIcon(img, i) 57 }()

30 canvasImage := canvas.NewImageFromImage(icon) 58

31 canvasImage.FillMode = canvas.ImageFillContain 59 return con, ch

32 canvasImage.SetMinSize(fyne.NewSize(100, 100)) 60 }

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 47

IN-DEPTH
Programming Snapshot – Go Animation

in line 44 enters an infinite loop with a right (upload) within their Fyne contain- the select statement (line 33). This then
select statement that normally waits for ers or in the opposite direction (down- goes ahead and sets the local speed vari-
the cartoon timer to kick in every 100ms load). Listing 3 encapsulates the code for able, persisted by closure, to the new
in line 49. advancing the runner in an object-ori- value and pushes the runner along
Line 50 increases the count counter to ented approach. accordingly.
reflect the defined speed in relation to the The NewMover() constructor expects the When the animation timer in line 41
maximum speed such that the display reverse flag, which specifies whether the expires after 10ms, the position pos of
advances two positions at full speed. next round is forward or backward. Its the graphic object obj to be moved is as-
The old frame is now removed from the Animate() function returns two parame- signed a new value. This reflects the dis-
Fyne con container and the new frame is ters similar to the sprite animator in List- tance covered in the meantime at the
inserted instead by a call to Add(). Re- ing 2: a Fyne container in which the speed and the direction of movement.
fresh() updates the display. This is done sprite is traveling and a channel through
10 times per second to create the illusion which the caller can influence the speed In and Out
of fluid movement. of the animation during live operation. If Line 46 defines what happens at the left
the caller later pushes a new floating- container boundary for the reverse
Runner Running point value into the channel, a concur- movement. In this case, pos has a clearly
The runners aren’t just moving their rent goroutine starting in line 28 reads it negative value and the moving object
limbs; they also advance from left to from the channel in the case branch of has already run beyond the left

Listing 3: mover.go
01 package main 39 obj.Show()
02 40 }
03 import ( 41 case <-time.After(10 * time.Millisecond):
04 "fyne.io/fyne/v2"
42 pos += float32(speed * direction / MaxSpeed)
05 "fyne.io/fyne/v2/container"
43 }
06 "time"
44
07 )
45 if m.Reverse {
08

09 type Mover struct { 46 if pos < -obj.Size().Width {

10 Reverse bool 47 pos = con.Size().Width

11 } 48 }
12 49 } else {
13 func NewMover(reverse bool) *Mover {
50 if pos > con.Size().Width {
14 return &Mover{
51 pos = -obj.Size().Width
15 Reverse: reverse,
52 }
16 }
53 }
17 }

18 54 obj.Move(fyne.NewPos(pos, (con.Size().Height-obj.
Size().Height)/2))
19 func (m *Mover) Animate(obj fyne.CanvasObject) (*fyne.
Container, chan float64) { 55 con.Refresh()

20 con := container.NewWithoutLayout(obj) 56 }
21 speed := MinSpeed 57 }()
22 ch := make(chan float64)
58
23 direction := 1.0
59 return con, ch
24 if m.Reverse {
60 }
25 direction = -1.0
61
26 }

27 62 const MaxSpeed = 100.0

28 go func() { 63 const MinSpeed = 0.0

29 pos := float32(0) 64
30 obj.Hide() 65 func limiter(speed float64) float64 {
31 for {
66 if speed > MaxSpeed {
32 select {
67 return MaxSpeed
33 case speed = <-ch:
68 } else if speed < MinSpeed {
34 speed = limiter(speed)
69 return MinSpeed
35 if !obj.Visible() {

36 if m.Reverse { 70 }

37 pos = con.Size().Width - obj.Size().Width 71 return speed

38 } 72 }

48 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Programming Snapshot – Go Animation

Listing 4: vnstat.go
01 package main 26 rx, err = toBits(match[2], match[3])

02 27 } else if match[1] == "tx" {

03 import ( 28 tx, err = toBits(match[2], match[3])

04 "fmt" 29 } else {

05 "github.com/dustin/go-humanize" 30 return rx, tx, fmt.Errorf("Unknown entry %s",

06 "math" match[1])

07 "os/exec" 31 }

08 "regexp" 32 if err != nil {

09 ) 33 return rx, tx, err

10 34 }

11 func vnstat() (float64, float64, error) { 35 }

12 rx := float64(0) 36 return rx, tx, nil

13 tx := float64(0) 37 }

14 38

15 cmd := exec.Command("ssh", "-p", "8022", 39 func toBits(str string, unit string) (float64, error) {
"[email protected]", "vnstat", "-i",
40 s := str + string(unit[0])
16 "igb0", "-tr", "2")
41 i, err := humanize.ParseBytes(s)
17 output, err := cmd.Output()
42 return float64(i), err
18 if err != nil {
43 }
19 return rx, tx, err
44
20 }
45 func toBitRate(bps float64) string {
21 rateRex := regexp.MustCompile(`(?m)^\s+([rt]x)\
46 return humanize.Bytes(uint64(bps)) + "it/sec"
s+([\d.]+)\s+(\S+)`)
47 }
22 matches := rateRex.FindAllStringSubmatch(string(out
put), 2) 48

23 49 func speedFromRate(x float64) float64 {

24 for _, match := range matches { 50 return math.Sqrt(x / 1000.0)

25 if match[1] == "rx" { 51 }

boundary of the container. This explains the current value, the display program Line 15 shows the command that uses
why line 47 causes it to slowly reappear needs to log in to the firewall via SSH SSH to connect to the IP address of the
at the right container boundary. and send the vnstat command. Listing 4 firewall on the defined port. The regular
Line 50 checks for the opposite case in handles this task in Go. expression starting in line 21 then
forward motion, causing the moving ob-
ject to reappear at the left boundary as
soon as it has cleared the container edge
on the right. The fact that Fyne pro-
cesses negative coordinates without
complaint and simply keeps clipping the
moved object, or lets it disappear en-
tirely, is definitely a big help here.
The limiter function starting in line 65
ensures that the speed limit of 100.0 isn’t
exceeded and that no negative speeds
pass through the channel either. Inciden-
tally, the MaxSpeed and MinSpeed con-
stants not only apply in Listing 2, but in
all five listings, because they all belong
to the main package.

Speed Trap
But how does the GUI know how fast the
bits are flowing through the line to my
ISP? As I mentioned at the beginning,
there is a vnStat process busy measuring
and recording on the firewall. To obtain Figure 7: Runner speed as a function of the bit throughput.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 49

IN-DEPTH
Programming Snapshot – Go Animation

separates the tool’s return values shown However, the bitrate moves through drama of the race: If the runner only runs
at the beginning (Figure 1). It extracts several dimensions during operation. If four times faster when the bitrate is one-
two values, rx and tx, which are each there is hardly any activity, it could thousand-times faster, that doesn’t look
available as floating-point numbers with bumble along at 1 kbps, but at full load very realistic.
units, for example 1.3 Mbps. it can be 10,000 times more than that at Instead, Listing 4 in line 50 uses the
The toBits() function starting in a full 10 Mbps. To avoid the runner al- Sqrt() square root function from the Go
line 39 converts this into machine- most coming to a complete standstill math package, which allows for greater
readable bits per second using the when the line is idle, I want it to at least running speed fluctuations. If line 50 di-
humanize package from GitHub. Con- bumble along at a speed of 1 in case of 1 vides the X value by 1,000 and then
versely, toBitRate() starting in line 45 kbps of bandwidth being used. At the takes the square root, the conversion
converts a bit value back into a hu- full load of 10 Mbps, it’s supposed to be handles the desired distribution rela-
manly-readable string, which the GUI running at a speed of 100. Figure 7 tively well as shown in Figure 7.
later uses for display purposes. shows the mapping function.
A mapping function suitable for these Show Time!
Scaling number ranges, which extend over sev- Now the main program (Listing 5) just
The runner is moving forward at a virtual eral dimensions, is difficult to describe in has to combine all the components
speed between 0 (standstill) and 100 (full a linear way – you would normally want covered so far and display the result
sprint), depending on how many bits per to use something like a logarithmic func- on screen. Before that, the auxiliary
second are flowing across the line. tion. Unfortunately, this detracts from the mkPanel() function starting in line 16

Listing 5: marathon.go
01 package main 35 panel := container.NewVBox(meter, mvCon)

02 36 return panel, throttle

03 import ( 37 }

04 "fyne.io/fyne/v2" 38

05 "fyne.io/fyne/v2/app" 39 func main() {

06 "fyne.io/fyne/v2/canvas" 40 myApp := app.New()

07 "fyne.io/fyne/v2/container" 41 myWindow := myApp.NewWindow("Bandwidth Marathon")

08 "fyne.io/fyne/v2/theme" 42 down, downUpdate := mkPanel(true)

09 "fyne.io/fyne/v2/widget" 43 up, upUpdate := mkPanel(false)

10 "os" 44

11 "time" 45 border := canvas.NewRectangle(theme.DisabledColor())

12 ) 46 dual := container.NewVBox(down, up)

13 47 all := container.NewMax(border, dual)

14 const SpriteFile = "sprite.png" 48 myWindow.SetContent(all)

15 49 myWindow.Resize(fyne.NewSize(float32(800),

16 func mkPanel(isDownload bool) (*fyne.Container, float32(300)))

func(float64)) { 50

17 ava := NewFlicker(isDownload) 51 go func() {

18 err := ava.LoadSprite(SpriteFile) 52 for {

19 if err != nil { 53 rx, tx, err := vnstat()

20 panic(err) 54 if err != nil {

21 } 55 panic(err)

22 avaCon, avaCh := ava.Animate() 56 }

23 avaCon.Resize(fyne.NewSize(100, 100)) 57 upUpdate(tx)

24 mv := NewMover(isDownload) 58 downUpdate(rx)

25 mvCon, mvCh := mv.Animate(avaCon) 59 time.Sleep(3 * time.Second)

26 meter := widget.NewLabel("") 60 }

27 61 }()

28 throttle := func(v float64) { 62

29 meter.Text = toBitRate(v) 63 myWindow.Canvas().SetOnTypedKey(

30 meter.Refresh() 64 func(ev *fyne.KeyEvent) {

31 avaCh <- speedFromRate(v) 65 os.Exit(0)

32 mvCh <- speedFromRate(v) 66 })

33 } 67 myWindow.ShowAndRun()

34 68 }

50 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Programming Snapshot – Go Animation

Listing 6: build.sh fastest wins. But if the bitrate measured the panels on top of each other. The
$ go mod init marathon
by the tool changes, there are two chan- concurrent goroutine starting in line 51
nels competing to be served: the flip- then enters an infinite loop, which uses
$ go mod tidy
book channel and the moving box chan- vnstat() to retrieve the latest measured
$ go build
nel. The solution is provided by the values for rx and tx from the firewall
throttle() function starting in line 28, and passes them to two functions, upUp-
gathers what belongs together for a which the code defines within the mk- date() and downUpdate(), one for each
connection direction: the flipbook of a Panel() function. transmission direction, for display pur-
runner (NewFlicker()), its animation Ultimately, the function is returned to poses. After a three-second pause, the
container (avaCon), and the update the caller like a normal value. The caller next round commences.
channel (avaCh). can call it by reference later and pass it Before ShowAndRun() in line 67 enters
NewMover() bundles the container the newly measured value. Under the the main event loop of the Fyne frame-
into a box that moves in the direction hood, the function then passes the value work, the SetOnTypedKey() callback in
of the connection in sync with the bi- on to the two listener channels and re- line 63 ensures that the GUI application
trate thanks to the Animate() function. freshes the digital display in meter. It’s shuts down gracefully when the user
Last but not least, line 26 adds a digital handy to have a programming language presses a key.
display of the upload and download that handles functions like normal The familiar command sequence from
speeds to the panel as text in the meter variables. Listing 6 builds the marathon binary from
widget. The main() program starting in line 39 all five listings, which it expects to find
If you inject a value into a channel in now needs to open a new Fyne applica- in the same directory. Before the first call,
Go, only one receiver is allowed to pick tion and hand the two newly created it must have SSH access via public key
it up at any given time – if several receiv- panels over to the main window for lay- to the router where vnStat is installed
ers are listening, the one that accesses it out. A container of VBox type arranges and running. Let the race begin! Q Q Q

QQQ
IN-DEPTH
Bash Stats

Using Bash one-liners for stats

Bash Out Some Stats

With just one line of Bash you can use tools like AWK and gnuplot a CSV file, as well as some additional
AWK features.
to quickly analyze and plot your data. By Pete Metcalfe In the min and max calculation in List-

T
ing 2, variables are predefined and de-
ypically when I’m looking to do for creating an SQL SELECT-style state- faulted with the -v option. An if state-
some data analysis, I’ll import ment in AWK is: ment can be used to check and set vari-
the data files into Pandas ables on a row-by-row basis. The aver-
DataFrames or an SQL database. awk -F, 'condition {U age calculation uses a two-step pass.
During a recent project, I was happily print column_numbers}' filename The first pass totalizes column $2 into a
surprised to learn that I could do a lot variable called sum. An END statement
of basic statistics with only one line of Figure 2 shows an example comparing defines the end of the first step, and
Bash code. an SQL SELECT statement
For simple applications, Bash tools such with an equivalent AWK Listing 1: Basic Stats Using sort and bc
as sort and bc (the arbitrary precision cal- statement. The first pa- $ # Basic stats using sort and bc
culator) can be used to find maximums, rameter in the AWK line is $ data=(3 4 18 7 2 19 15)
minimums, averages, and sums from ar- -F,, which sets the col-
$
rays or columns of data (Listing 1). umn format separator as a
$ # Find the Max value in an array
For CSV data files, a single line of Bash comma. In AWK, the con-
$ printf "%s\n" "${data[@]}" | sort -n | tail -n 1
that combines AWK [1] and gnuplot [2] ditions (or the WHERE state-
19
can be used to view statistics or graph a ment) come first, followed
column of data (Figure 1). by print to output the re-
$ # Find the Min value in an array
In this article, I will cover using AWK quired columns.
to filter and extract data from CSV files Unlike SQL, AWK uses $ printf "%s\n" "${data[@]}" | sort -n | head -n 1

and then turn to gnuplot to gather statis- column numbers instead 2

tics and present charts. of column names, so $1 for

the first column, $2 for the $ # Sum up an array
Photo by Carlos Muza on Unsplash

Mimicking SQL SELECT second column, and so on. $ IFS="+" ; bc<<<"${data[*]}"

Statements While this wouldn’t be 68
Both a Linux command-line tool and a my first choice, AWK can
programming language, AWK can be be used to do stats on a $ # Average from an array, with 2 decimals
used for data extraction and reporting. column of data. Listing 2
$ sum=$(IFS="+" ; bc<<<"${data[*]}")
AWK can work directly on CSV files and shows an example of how
$ bc <<<"scale=2; ${sum}/${#data[@]}"
output results based on both column to get some basic stats on
9.71
and row filtering conditions. The syntax the second ($2) column of

52 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Bash Stats

available. The sta [3] tool is an excellent

utility for finding basic stats on a column
of data. Listing 3 uses AWK to send col-
umn $5 data to sta.
Now that you know how to filter and
extract data from a CSV file, the next
step is to use gnuplot to do some ad-
vanced statistics and charting.

gnuplot
Gnuplot’s statistical option can be used
as a standalone tool or integrated with
Bash commands. To use gnuplot with
CSV files, the data separator will need to
be set before the stats can be calculated:

$ gnuplot

gnuplot> set datafile separator ','

gnuplot> # Get stats on a column 3 in U

a file

gnuplot> stats 'filename.csv' using 3

Gnuplot natively supports data filtering

by rows and columns. However, the fil-
tering syntax is not as user friendly or as
complete as AWK. To pipe AWK results
to gnuplot, you can use

Figure 1: Use Bash for stats and plotting data on a graph. awk -F, 'condition {print column}' U
filename | gnuplot -e 'stats "<cat" '

then the second step prints the average piped to sort and head to find the maxi-
result. For complex AWK scripts, multi- mum value: Listing 2: Basic Stats Using AWK
ple steps can be defined within BEGIN $ # Use AWK to get stats on a CSV file
and END blocks. $ awk -F, '{print $2}' numbers.csv | U $ cat numbers.csv
The beauty of AWK is that it can filter sort -n | tail -n1
Monday, 1.1
or preprocess the data for other Bash 9.81 Tuesday, -3.6
commands. For example, AWK can be Wednesday, 9.81
used to extract column $2 data from a It should be noted that there are several Thursday, 6.0
CSV file, and then the results can be statistical command-line methods
$ # find a min, use a large starting
value

$ awk -F, -v min=9999 '{if ($2<min)

min=$2} END {print min}' numbers.csv

-3.6

$ # find a max, use a small starting

value

$ awk -F, -v max=-9999 '{if ($2>max)

max=$2} END {print max}' numbers.csv

9.81

$ # find the sum of row 2

$ awk -F, '{ sum += $2 } END {print

sum }' numbers.csv

13.31

$ # find the average of row 2

$ awk -F, '{ sum += $2 } END {print

sum/NR }' numbers.csv

3.3275
Figure 2: Use AWK like an SQL SELECT statement.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 53

IN-DEPTH
Bash Stats

The gnuplot -e option is used to execute Figure 3 shows a statistical example then the result can be used/printed
a string of statements, and the "<cat" that compares similar AWK/gnuplot based on the prefix_stat. For example,
parameter defines that the input data is commands and results with an SQL to get the median value of a column, you
piped. statement. The gnuplot stats option re- would use
turns a fairly com-
Listing 3: Using AWK with sta plete list of calcu- gnuplot -e 'stats "<cat" name "TEMPS" U
$ # Use AWK with the sta utility
lations. To extract nooutput; print TEMPS_median'

$ awk -F, '{print $5}' london_weather.csv | sta

a specific stat
value, the output If two columns are passed to the stats
N min max sum mean sd sderr
is given a variable command, calculations such as slope, in-
15336 -6.2 37.9 235987 15.3878 6.5555 0.0529
name prefix and tercept, and correlation will be returned.

Visualizing with gnuplot

Like the earlier stats example, one-line
statements can be created that pipe AWK
output to a gnuplot chart. The syntax for
an AWK/gnuplot line chart is

awk -F, 'condition {print column}' U

csvfile | gnuplot -p -e U
'plot "<cat" w l'

The gnuplot persist option, -p, keeps

the plot open after the statement is ex-
ecuted, and w l stands for a chart with
lines.
Figure 4 shows an example of an
AWK/gnuplot call that creates a line
chart. For comparison, the equivalent
SQL SELECT statement with a DB Browser
line plot is also shown.
Gnuplot offers a good variety of chart
types. For example, Figure 5 shows a box
plot, which can help identify outlier
data. In my project, I could see that July
had some skewing of high temperature
Figure 3: Get detailed stats with gnuplot. values.

Add Statistics to a Plot

Gnuplot offers the ability to include stats
on a plot using

gnuplot> plot 'filename' using U

column options, stat1 options, U
stat2 options, stat3 option ...

Figure 6 show how to put stats on a jitter

plot. Here, multiple gnuplot statements
were passed by the execute (-e) option.
A semicolon (;) is used to separate each
statement in the text string.
To get the required presentation, jit-
ter plots may need some tweaking of
xrange, overlap, pt (point type 7=cir-
cle), and ps (point size). The jitter plot
in Figure 6 uses a setting of (0):1,
which configures the first column of
Figure 4: Create complex AWK/gnuplot statements that are equivalent data to be positioned around 0 on the
to SQL, but that can also plot data in graphs. X-axis.

54 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
Bash Stats

Figure 5: Create a box plot to show data outliers.

In Figure 6, stats were given a prefix The Y-average

name of JULY. The mean (JULY_mean), (JULY_mean_y) and Figure 6: Show stats on a jitter plot.
the first quartile (JULY_lo_quartile), the f(x) function
and the third quartile (JULY_up_quar- are added to the line plot with line can also be used with SQL query
tile) were added to the plot with a line widths (lw) of 5. Using this one rather output.
width (lw) of 3. long statement, I was able to see that For quick stats and visual checks of
there was a slight increase in July tem- CSV data, a AWK/gnuplot solution is a
Linear Regression peratures over the past 15 years. good addition to your data toolkit. Q Q Q
While linear regression in languages
like R or Python is straightforward, it Summary Info
can be a challenge in SQL. Gnuplot AWK can be used to extract and format [1] AWK: https://www.gnu.org/software/
stats will do a linear regression calcu- data similar to an SQL SELECT query gawk/manual/html_node/Getting-
lation when two columns are defined. statement. The filtered results from AWK Started.html
If there is only a single column of data, can be piped to different command-line [2] gnuplot: http://www.gnuplot.info/
a linear regression can be done against tools such as sort, sta, or gnuplot to do [3] sta: https://github.com/simonccarter/sta
a row index by referencing to row 0 statistical
(Listing 4). calculations.
Similar to what was done in the earlier Gnuplot is an
jitter plot, linear regression stats can be extremely power-
included on a line chart. Figure 7 shows a ful tool for data
combination of raw data, a curve fit, and analysis and visu-
the Y-mean. A gnuplot linear function of alization, making
it ideal for small
y =m*x +b Bash scripts. Typ-
ically gnuplot is
is created that uses the stat variable used with a CSV
JULY_slope for m and JULY_intercept for b. data file, but it

Listing 4: Linear Regression with gnuplot

gnuplot># Do a linear regression based on a row index

gnuplot>stats 'july.csv' using 0:1

...

Linear Model: y = 0.001489 x + 22.74

Slope: 0.001489 +- 0.0002746

Intercept: 22.74 +- 0.2062

Correlation: r = 0.1488
Figure 7: Create a curve fit in gnuplot.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 55

IN-DEPTH
DiffPDF

Compare PDF documents with DiffPDF

Subtle
Differences
Most PDF viewers lack a function for comparing PDF files, but DiffPDF
shows you the differences at a glance. By Erik Bärwaldt

D
iffer tools, which compare two prompt. For an overview of parameters, load the comparison document. You will
files and visually highlight the use the diffpdf --help command. The still only see a note, telling you to start
differences between them, exist graphical version also comes with a help the comparison by pressing the button.
for many file and archive for- function that explains the tool’s individ- If you accidentally select the same file
mats. These programs are particularly ual functions. twice, DiffPDF displays a warning telling
useful if you have two or more versions On first launch, a three-pane program you that it Cannot compare a file to
of a file and cannot see the differences window pops up. When loaded, the files itself.
immediately. Many of these comparison to be compared appear in the two larger Alternatively, you can drag and drop
tools are command-line-based and re- panes on the left and in the middle. the files to be compared from the file
quire knowledge of an extensive set of Above this, there is a single line with the browser into the window segments. The
parameters. If you need to compare PDF fields for the file names and paths. You user instructions are identical to those
files, DiffPDF [1], with its graphical user can see the actual controls in the third displayed for manual file selection in the
interface, compares both the text compo- window segment on the far right. The dialog. Now press Compare in the Ac-
nents of two PDF files as well as the em- Controls tab and the matching dialog are tions section bottom right to load the
bedded images for differences. shown at the top. The Actions dialog is two documents into a slightly smaller
According to the original developer, located in another tab line at the bottom. view in the corresponding window seg-
the free version of DiffPDF is no longer However, you will not find a menubar or ments. The differences are highlighted in
under active maintenance due to the a buttonbar. red (Figure 1).
European Union’s 2024 Cyber Resilience On the left-hand side of the view, you
Act [2]. As a result, the binary package Using the Program will find red vertical bars at the points
Photo by Sumner Mahaffey on Unsplash

is no longer available on the DiffPDF Start by loading the two files you want where DiffPDF has identified differences.
website. Instead, you need to download to compare. To do so, select File #1 top You can adjust the width of these mark-
it from your distribution’s repository. left. DiffPDF then opens a file manager ers to suit your needs after clicking on
You will find DiffPDF in the repositories to let you browse to the directory of the Options on the right below the Compare
of most of the popular distributions [3] first file and load it. This file is not button and entering a larger numerical
and can conveniently install it with your shown in the window segment for the value in the Rule width input field in the
distribution’s package manager. Doing time being; instead you will see a dialog.
so creates a starter in the main menu. prompt relating to selecting the second In the Highlighting tab in the same
You can also run the software at a file. Now click on File #2 and select and window, you can make further changes

56 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 IN-DEPTH
DiffPDF

making the change,

both documents
will be zoomed
with the new
setting.

Comparison
Modes
DiffPDF offers
three different
comparison modes,
which you can set
in the Compare se-
lection box in the
Controls tab top
right. By default,
DiffPDF uses a
word-for-word
comparison, but it
alternatively sup-
ports character-for-
character and vi-
sual modes. Visual
Figure 1: The differences immediately catch the eye thanks to color highlighting. mode is used to
compare images in
the PDFs. You can
to the appearance if necessary. For ex- respective pair of pages in the View se- use this function, say, to make sure that
ample, you can change the highlighting lection field in the Controls tab top right. individual charts or images are up to
color by choosing an entry from the se- You can then use the Previous and Next date when evaluating statistical data.
lection list and alter the opacity of the buttons to scroll through the documents The character-for-character compari-
color-highlighted background to improve page by page. If the pages are so small son, on the other hand, enables com-
readability. that you cannot clearly see the differ- parison of PDF documents based on
To view the individual pages of multi- ences on screen, you can zoom in by se- logographic writing systems, including
page documents opposite each other in lecting a larger value in the Zoom field. Chinese Hànzì and Japanese Kanji.
the window segments, select the As soon as you click Compare again after The Zoning tab bottom right in the
program window is
where you define
range numbers,
which the app then
includes in the
comparison, as well
as the horizontal
and vertical toler-
ances (Figure 2).
You can define col-
umns here, for ex-
ample. A little effort
put into customiza-
tion can help to re-
duce the false posi-
tive rate, especially
for tables. In the
case of single-col-
umn continuous
text, DiffPDF pro-
vides the individual
areas with a small
frame and an as-
Figure 2: You can use area numbering to improve the overview. cending number,

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 57

IN-DEPTH
DiffPDF

which helps you to find certain para- Conclusions DiffPDF is still a good choice for users
graphs more quickly and improves the DiffPDF is a handy program for compar- who frequently need to compare PDF
overview. For multipage documents, the ing two PDF files. The software is intui- files, regardless of the desktop environ-
numbering restarts on each page. tive in its use and can be adapted to in- ment they use. Q Q Q
DiffPDF compares the documents page dividual requirements thanks to its
by page. This is why it tags document wide-ranging configuration options. This Info
parts as different if they exist in both is a massive benefit for users with visual [1] DiffPDF: http://www.qtrac.plus.com/
files but on different pages. The number impairments in particular. On a simple diffpdf.html
of differences found is shown in red in scale, the application can also be used [2] Cyber Resilience Act:
the log data, which you will find bottom for version documentation if you want or https://www.bsi.bund.de/EN/Themen/
right below Log. The log also tells you need to continuously add to and edit a Unternehmen-und-Organisationen/
the number of pages where DiffPDF PDF file and document the individual Informationen-und-Empfehlungen/
found differences. versions including the differences be- Cyber_Resilience_Act/cyber_resil-
tween them. ience_act_node.html
Documentation If you are using the program on a [3] Package overview:
You can save the individual comparisons GTK-based desktop such as Gnome, https://pkgs.org/search/?q=diffpdf
for documentation purposes by using the Mate, or Cinnamon, please note that the
Save as option in the Actions tab bottom Author
changes you make to DiffPDF’s visual
right. In the configuration dialog, you appearance, which is based on the Qt
Erik Bärwaldt is a self-employed IT
need to specify whether you want the framework, may not take effect. Be-admin and technical author living in the
routine to save all pages or just the cur- cause these minor annoyances play aUnited Kingdom. He writes for several IT
rent page and whether the program very small role in terms of functionality,
magazines.
should save just
one of the two com-
pared pages or both
pages side by side.
After specifying a
file name and a
path, the applica-
tion saves the con-
tent as a PDF file
that you can then
open with any stan-
dard PDF viewer
(Figure 3). DiffPDF
does not save the
control and config-
uration dialogs dis-
played in the pro-
gram window on
the right. Instead, it
limits the content
to the results of the
current compari-
son, including all
visual highlighting. Figure 3: The comparison results can be saved for documentation purposes.

QQQ

58 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

MAKERSPACE Lua on OpenWrt, Pi, and PS Vita

MakerSpace
Use a Raspberry Pi plus a temperature
sensor to talk to a PS Vita Display

Show the Outside

Temperature
Lua is an interesting Python alternative for small embedded machines that are not sufficiently
powerful to run Python scripts. Create Lua socket client/server scripts to send outside
temperatures between a Pi and a PS Vita display. By Pete Metcalfe

T
he Lua programming language performance test that compares startup
[1] is often viewed as mainly a times. Next, I’ll look at some good applica-
video game scripting language, tion fits for Lua, and I’ll finish with a small
because many popular games home project that uses a Raspberry Pi Zero
such as Angry Birds, Roblox, and World W that sends weather data to a PlayStation
of Warcraft use it. But Lua scripts run (PS) Vita handheld gaming console.
extremely fast, making Lua a good option Before jumping into a Lua solution,
for many small embedded systems it’s important to consider the pros and
where Python isn’t supported or may cons. On the positive side, systems like
have performance issues. laptops and Raspberry Pis can have
In this article, I’ll introduce Lua by let-
Lua initial call-ups 10 times faster than
ting it fight Python in a simple with Python. For very low-end systems
with memory
Listing 1: Test Startup Times on Lua and Python constraints, you
01 #!/usr/bin/bash
may see Lua
02 # Run timing test for Lua
starting more
than 30 times
03 start=$EPOCHREALTIME
faster than Py-
04 lua -e "print('Hello from Lua')"
thon. On the neg-
05 end=$EPOCHREALTIME
ative side, Lua
06 runtime1=$( echo "$end - $start" | bc -l )
doesn’t have the
07 echo -e "Execution time for Lua: $runtime1 seconds\n" vast libraries,
08 documentation,
or user support
Lead Image © Hermin Utomo, 123RF.com

09 # Run timing test for Python3

10 start=$EPOCHREALTIME that is available

11 python3 -c "print('Hello from Python')" for Python. For
12 end=$EPOCHREALTIME small embedded
13 runtime2=$( echo "$end - $start" | bc -l ) systems that only
14 echo -e "Execution time for Python: $runtime2 seconds\n"
require base func-
tionality Lua can
15
be a good fit.
16 timediff=$( echo "scale=2; $runtime2/$runtime1" | bc -l )
However, for
17 echo "Lua starts $timediff times faster than Python"
large or complex

60 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 Lua on OpenWrt, Pi, and PS Vita MAKERSPACE

Figure 1: This OpenWrt/Lua web page lets you monitor USB ports.

coding projects Python will typically is based on Lua and the LuCI frame- function call (which runs a command
be the better choice. work. You can install Python on Open- cmd with error recovery enabled) and a
Wrt systems, but due to Lua’s speed and
Lua vs. Python Startup Test the fact that it’s preinstalled, Lua is an read('*a')

Listing 1 is a Bash script that compares option that should be considered. Lua
the startup times between Lua and can also be useful for connecting com- read-all call that retrieves the output of
Python. mand-line tools or as an alternative to the command cmd.
Startup times will vary based on hard- Bash scripts. Custom web pages can use OpenWrt’s
ware, available memory, and back- There are many hardware applications web server by adding files to the /www/
ground CPU activity. For laptops and where Lua can be used to monitor or cgi-bin directory. Figure 1 shows a Rasp-
Raspberry Pi 4 modules, Lua tends to be change device settings. Listing 2 is a Lua berry Pi 4 with a USB light being toggled
up to 10 times faster than Python. On CGI web script that shows USB devices by the Lua web page.
lower-end platforms like a Raspberry Pi and power settings, and it toggles the
B+ or an Arduino Yún, both running power on USB port 3. This example uses Handheld Gaming Consoles
OpenWrt, Lua can be 30 times faster. the output from two command-line Most of the older Sony and Nintendo
Fast initial startup is especially useful tools: lsusb lists the USB devices, and handheld gaming consoles support Lua,
for web pages. I’ve created a Bash script uhubctl lets you view and toggle USB so you can use the original or today’s
that checks whether Lua is a worthwhile power. retro handheld units as Internet of Things
fit for your project’s hardware (see List- Lua runs external programs through a (IoT) monitoring devices. Some of these
ing 1). For longer running applications, combination of an handhelds support a stackless version of
Lua performance can be further en- Python 2.x. While these Python ports
hanced by using LuaJIT [2], a Lua just- assert(io.popen("cmd")) were often excellent proofs of concept,
in-time (JIT) compiler.
Listing 2: Show USB Devices and Power
OpenWrt and Lua 01 #!/usr/bin/lua
OpenWrt [3] is a networking-focused 02 -- showusb.lua - show USB devices and power, then toggle power on port 3
operating system that runs on over
03 print("Content-type: text/html; charset=utf-8\n\n")
2,000 different embedded devices.
04 print("<h1>OpenWrt/Lua - USB Example</h1><hr>")
OpenWrt is most commonly used on
05
routers, but it can also revitalize many
06 -- use lsusb to show USB devices
older pieces of equipment thanks to its
extremely lean design. For example, 07 f = assert(io.popen("lsusb"))

you can load OpenWrt on the original 08 print("<h2>USB Device Info</h2>")

Raspberry Pi B+ or lower-end Pi Zero 09 print("<pre>" .. assert(f:read('*a')) .. "</pre><hr>" )

W modules, and they’ll perform aston- 10

ishingly well. See the OpenWrt instal- 11 -- toggle power on USB port 3 then show status
lation pages for instructions and down- 12 f = assert(io.popen("uhubctl -l 1-1 -p 3 -a toggle"))
load files for your specific 13 f = assert(io.popen("uhubctl | grep 'hub 1-1' -A4"))
hardware [4].
14 print("<h2>USB Port Power Status</h2>")
OpenWrt does not provide a desktop
15 print("<pre>" .. assert(f:read('*a')) .. "</pre><hr>" )
GUI; instead, it uses a web interface that

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 61

MAKERSPACE Lua on OpenWrt, Pi, and PS Vita

Figure 3: Raspberry Pi Zero W with a BME280 atmo-

spheric sensor.

probably pushing picked a Sony PS Vita that supports WPA

the specs on the wireless networking. Homebrew applica-
Pi Zero W, be- tions can be installed on the PS Vita
cause we had using the VitaDB Downloader tool, and
some tempera- the VitaShell utility lets you access the
tures below -20°C PS Vita’s filesystem via USB or FTP con-
(-4°F). nections (Figure 4). The Lua Player Plus
Lua presently Vita repository [8] includes about 20
doesn’t have a na- code samples; one of them is a socket
Figure 2: Lua runs on these Nintendo DS and Sony tive BME280 sen- client. I modified that socket example to
PSP devices. sor library mod- include larger fonts and a timer compo-
ule, so I down- nent [9]. To run a custom Lua simply
they unfortunately lack documentation or loaded an example in C [7] and used add it to the ux0:data/lpp-vita directory.
user examples. The Lua ports for the the temperature value as the message Figure 5 shows the game console dis-
handheld world have many full-featured sent from the Pi’s TCP socket server playing the outside temperature as mea-
offerings that include documentation, script (Listing 3). Note that this script sured by the Raspberry Pi.
samples, and user-created games. (outside.lua) needs access to network
Figure 2 shows two popular gaming ports so you have to run it with sudo. Summary
handhelds, the Nintendo DS and the Sony There are many different WiFi enabled As always, it’s important to know
PlayStation Portable (PSP), both of which gaming consoles that could be used – I which options are available and their
support WiFi and Lua programming. Un-
fortunately, you cannot get WPA2 WiFi
security with them since they are too old,
but they do support WEP and open con-
nections. (Note: the new retro gaming
clones available on the market will proba-
bly support WPA2). The latest Nintendo
handheld, the Switch, does not support
Homebrew [5] applications, so custom
Python or Lua coding is not possible.
However, you can buy FUZE4 Nintendo
Switch, a coding application, in the My
Nintendo Store [6].

Raspberry Pi + PS Vita
Example
For this article, I put a Raspberry Pi
Zero W with a BME280 atmospheric Figure 4: Lua Player Plus Vita, VitaDB Downloader, and VitaShell are
sensor in a plastic box (Figure 3). I was Homebrew applications for the PS Vita.

62 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 Lua on OpenWrt, Pi, and PS Vita MAKERSPACE

Python. Some areas that might benefit

from using Lua are:
• Replacing Bash scripts: Bash has poor
support for floating-point numbers,
and the Bash syntax can be quite diffi-
cult to read. Lua can be a good alter-
native for creating system tools.
• Networking tools: Because of Lua’s
lightweight design, it could be a
good choice for messaging queue
(AMQP or MQTT), Modbus, or
socket server interfaces. It’s worth
noting that Lua is the script language
used in Redis [10] and the NMAP
Scripting Engine (NSE) [11].
• Web pages: Lua’s fast initial startup
times make it an excellent option for
Figure 5: The Sony PS Vita displays the IoT sensor data. user interfaces.
• Game consoles: You can use Lua to re-
specific benefits and drawbacks. Lua noticeable difference in startup times. purpose your old gaming handheld
will run much faster than an equivalent However, there are vast collections of li- into an IoT monitoring device. Q Q Q
Python script, with the biggest braries and user documentation for
Info
Listing 3: Sending the BME280 Temperature Value [1] Lua: https://www.lua.org/
01 #!/usr/bin/lua [2] LuaJIT: http://luajit.org/
02 -- outside.lua
[3] OpenWrt: https://openwrt.org/
03 local socket = require("socket")

04 -- create a TCP socket and bind it to the local host, on port 100
[4] OpenWrt download page:

05 local server = assert(socket.bind("*", 100))

https://firmware-selector.openwrt.org/
06 -- find out which port the OS chose for us [5] Homebrew:
07 local ip, port = server:getsockname() https://switch.hacks.guide/
08 print ("Starting TCP socket server on: " .. ip .. " port: " .. port) [6] FUZE4 Nintendo Switch:
09 https://www.nintendo.com/us/store/
10 -- loop forever waiting for clients products/fuze4-nintendo-switch-
11 while 1 do switch/
12 -- wait for a connection from any client
[7] BME sensor C example:
13 local client = server:accept()
https://github.com/bitbank2/bme280
14 client:settimeout(2)

15
[8] Lua Player Plus Vita:
16 -- receive the line and print the message
https://github.com/Rinnegatamante/
17 local line, err = client:receive()
lpp-vita
18 print(line) [9] Lua source code for PS Vita Display:
19 https://linuxnewmedia.thegood.cloud/
20 -- send the temperature to the socket client s/5Rzx9tQW2FJ6N3Z
21 f = assert(io.popen("/home/pete/outside/bme280"))
[10] Redis: https://redis.io/
22 result = assert(f:read('*a'))
[11] NSE:
23 msg = result .. " C\n"
https://nmap.org/book/man-nse.html
24 print(msg)

25 if not err then client:send(msg) end

Author
26 -- done with client, close the object
You can investigate more neat projects
27 client:close()
by Pete Metcalfe and his daughters at
28 end
https://funprojects.blog.

QQQ

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 63

MAKERSPACE CO2 Sensors

MakerSpace
Three inexpensive CO2 sensors compared

;VQЅVO\PM)QZ
Monitor your indoor air quality with an inexpensive CO2
sensor. We look at three candidates to help you find the best
solution. By Bernhard Bablok

I
n the winter, you spend a lot of friendly, this article focuses on three
time indoors, making it important inexpensive solutions: the Winsen MH-
to keep an eye on C02 concentra- Z19C [1], the ScioSense ENS160 [2],
tions. In contrast to sensors for and the Sensirion SCD40 [3].
measuring temperature and humidity, The latter sensor from brand manufac-
CO2 sensors are quite expensive, with turers such as Adafruit, Pimoroni, or
prices consistently in the double-digit SparkFun are really expensive, costing
range. This quickly adds up if you want between $40 and $80. AliExpress gives
to monitor more than one room. To you cheaper options with prices below
make C02 monitoring more budget $15, but those come with the added
thrill of not knowing whether parts will
even work.

Infrared Measurement
The Winsen MH-Z19C (Figure 1) consists
of a small box measuring approximately
13.3mm x 26mm x 4.4mm. It measures
the CO2 value using the non-dispersive
infrared method (NDIR). Two versions of
the sensor are available: one with a nor-
mal pinout and one with a cable connec-
tion and a pin spacing of 1.25mm. If you
don’t relish the prospect of crimping con-
nections, you will want to opt for the pin-
out version. Besides the MH-Z19C, there
are other older models on the market,
such as the MH-Z19B, MH-Z14, or MH-
Lead Image © vladnikon, 123RF.com

Z18, which have similar but not identical

functions and specifications.
The CO2 level can be read out via
PWM, ADC, or UART. The temperature
is only available via UART, but that’s ir-
relevant as these values are useless any-
Figure 1: The Winsen MH-Z19C CO2 sensor uses the NDIR method to way. All pins have the usual voltage
measure values. output of 3.3V, while the supply voltage

64 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 CO2 Sensors MAKERSPACE

Small Measuring Chamber

The third candidate, the SCD40 by Swit-
zerland-based Sensirion, uses the NDIR
method like the Winsen MH-Z19C, but
has its own patented photoacoustic ver-
sion. This allows for a very compact de-
sign (Figure 4). The sensor is controlled
via I2C. Sensirion provides excellent
documentation and sample code for its
sensors on GitHub [6].
With its minimum measuring interval
of five seconds, the SCD40 is a good
choice for continuous operation; the first
Figure 2: Buck-boost converters deliver a constant voltage. measurement is available after five sec-
onds. In my tests, I found that this value
is 5V. The UART is used for configura- not deliver any values, or – if it does – the was too high, but later measurements
tion tasks. Numerous libraries for all values are incorrect. There’s a data sheet, (after 10 seconds) were sufficiently pre-
common programming languages are but it does not document all of the sen- cise. Ten seconds seems to be an accept-
available for this simple interface. In sor’s commands. However, resourceful able compromise between accuracy and
this respect, using the sensor is developers have provided a remedy in the power consumption in battery mode.
unproblematic. form of detailed documentation [5]. However, this only applies to the CO2
In contrast to this, the power supply value. The SCD40 also measures temper-
poses a challenge. According to the man- VOC Instead of CO2 ature and humidity. For both, it takes
ufacturer’s data sheet, the module re- While the MH-Z19C measures the CO2 around two minutes to achieve stable val-
quires an input voltage of between 4.9V content of the air directly, the ENS160 ues, which are then surprisingly accurate.
and 5.1V. In other words, you are limited by ScioSense takes a different tack. It
to a maximum deviation of two percent determines an equivalent CO2 (eCO2) Test Results
from the 5V setpoint as a safety margin. value from the concentration of vola- Detailed documentation, data sheets,
As a tutorial impressively demonstrates, tile organic compounds (VOC). The and examples of wiring and program-
ensuring the correct voltage is important logic behind this is simple: People not ming are available on the Internet for all
[4]. The voltage from some popular USB only produce CO2 when they exhale, three candidates. For this article, I’ve fo-
power supplies or from the 5V/VBUS pin but also emit other organic substances cused on comparing the actual sensors.
of a microcontroller or a Raspberry Pi is in the process. The CO2 value can My collection of sensors includes the
neither accurate nor stable enough for therefore be determined indirectly from SCD40/SCD41 models (four sensors) and
this use case. the VOC value. the ENS160 (five sensors) from various
Buck-boost converters offer a solution You can control the ENS160 via SPI or sources, as well as a single MH-Z19C.
(Figure 2): They supply a fixed output I2C (Figure 3). The pin strip at the top is
voltage over a wide voltage input range. the contact for SPI, while the lower one
With the low currents (80 mA on aver- is for I2C. The I2C pin strip is easier to
age) required by the sensor, the compo- wire, and most drivers use this protocol.
nents are not expensive. But two-percent One special feature of the ENS160 is the
accuracy still remains a challenge. obligatory initialization time. After the
The flashing LEDs on the MH-Z19C are very first time it is turned on, it takes the
a bit annoying, at least in the dark. The sensor 48 hours to switch to normal
jury is still out on whether the red diode operation.
in the measuring
chamber is genu-
inely necessary,
but the additional
green one is defi-
nitely superfluous.
Fortunately, it can
be masked. Due to
its design, the sen-
sor requires a
warmup time of
just over one min-
ute. Before the Figure 4: The SCD40 uses a
warmup, it does Figure 3: The ENS160 can be contacted using SPI or I2C. patented photoacoustic process.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 65

MAKERSPACE CO2 Sensors

Figure 5 shows the measurement results temperature and humidity (Figure 5, Info
of one candidate from each camp in a di- center and bottom). While the SCD40 [1] Winsen MH-Z19C:
rect comparison. got almost identical values for these pa- https://shop.winsen-sensor.com/
The SCD40 and MH-Z19C are very rameters, the temperature readings from products/winsen-co2-sensor-series?
much alike in terms of CO2 measurement, the MH-Z19C were significantly off. variant=43743936086208
although accuracy differences are appar- [2] ScioSense ENS160: https://www.
ent. At 1,000 ppm the deviation is in the Conclusions adafruit.com/product/5606
order of ±100 ppm, increasing to ±150 The Sensirion SCD40 is clearly supe-
[3] Sensirion SCD40: https://www.
ppm at 2,000 ppm. The SCD41 is nomi- rior to the Winsen MH-Z19C in terms
amazon.com/dp/B0D9WLFWKS
nally slightly more accurate, but this does of function and handling. The Scio-
[4] Voltage dependence of the MH-Z19C:
not justify its significantly higher price. Sense ENS160 does not deliver what its
https://emariete.com/en/sensor-co2-
The results are also typical for my other data sheet promises. In my tests, I was
mh-z19b/#Imprescindible_Estabilizar_
SCD40 sensors: I had directly imported unable to confirm the correlation be-
la_alimentacion_del_MH-Z19C
two of them from various sellers in China. tween VOC and CO2, which is elabo-
The ENS160 was completely out of rately documented with four graphs on [5] MH-Z19C documentation:
line in the test. If you wanted to be char- two pages of the data sheet, even https://revspace.nl/MHZ19
itable, you could say that it sort of re- though I tried it with five different [6] SCD40 documentation:
flected the tendency of the CO2 content ENS160 sensors. (This does not say https://github.com/Sensirion/info
of the air, but the absolute values it de- anything about the ENS160’s ability to [7] Indoor air quality:
livered were simply unusable. The sam- measure VOC.) https://www.umweltbundesamt.de/en/
ple used for the measurement shown in While you may attempt to measure as topics/health/environmental-impact-
Figure 5 was actually one of the more re- accurately as possible, bear in mind that on-people/indoor-air-hygiene
liable ones. Other ENS160 sensors that I CO2 values play more of a qualitative
have used in the past, did not even show than a quantitative role. Unsurprisingly, Author
the kind of weak correlation with the there is even a DIN standard for this [7]. Bernhard Bablok is retired. When he is not
measured values of the competitor sen- It classifies indoor air quality up to 800 listening to music, riding his bike, or walk-
sors that you can see in the upper graph. ppm CO2 as good, up to 1,000 ppm as ing, he focuses on Linux, programming,
I also used an AHT20 sensor that pro- medium, up to 1,400 ppm as moderate, and small computers. You can reach him
vided reference measurements for and anything above that as poor. Q Q Q at [email protected].

Figure 5: CO2 levels, temperature, and humidity as measured by the various CO2 sensors.

66 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 INTRODUCTION LINUX VOICE

Nintendo has a place in the hearts of so many gamers.

Even if you don’t play those iconic games today, you
might have a distant memory of running home from school
(or running home from the office) to the loving arms of
Doghouse – Openness 69
your Nintendo device. Gamers were shocked when the Jon “maddog” Hall
company shut down the Nintendo Network, the online There’s value in open software, hardware,
home for Wii U and Nintendo 3DS systems. But the open and data in what may seem like some of
source community is always at work on an answer. This the most basic tools for computer users.
month we tell you about WIT, a tool- Ad-Free Videos 70
set for manipulating Wii and Rubén Llorente
YouTube is slowly becoming less usable
GameCube ISO images to keep
every year. Piped, a privacy conscious
your games alive for another YouTube front end, might be just what you
era. Also in this month’s Linux need to enjoy YouTube content once again.
Voice, we introduce you to a Rescuing Nintendo Games 76
privacy-focused front end Daniel LaSalle
for YouTube videos, and The Nintendo Network went dark in 2024,
we show you how to add but a thriving FOSS community continues to
support the Wii platform and other Nintendo
Image © Olexandr Moroz, 123RF.com

plugins to extend your devices. We’ll introduce you to some of the

Nextcloud configuration. tools you can use to reclaim the magic.
FOSSPicks 82
Nate Drake
Nate explores the top FOSS, including the
UJKP[PGY<GP$TQYUGTCUGEWTGƒNGGTCUGT
CPQPNKPGQHƒEGUWKVGCPFCXGT[EQQNVGCO
combat game.
Tutorial – Nextcloud Plugins 88
Marco Fioretti
Using apps to make Nextcloud more
GHƒEKGPVCPFRTKXCVG

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 67

 DOGHOUSE – OPENNESS LINUX VOICE

MADDOG’S DOGHOUSE
There’s value in open software, hardware, and data in what may seem like
some of the most basic tools for computer users. BY JON “MADDOG” HALL

Open data
he world is in a large amount of turmoil these days and word processor. Second, there was often significant data lost

T sometimes it can be overwhelming. We wonder what

we can do to make a difference in what is going on, and
sometimes are depressed in our feelings of helplessness.
along the way.
As a result, the International Organization of Standardization
(ISO) decided to create a standard for text format interchange
Fortunately for many of us we have free software, open that would allow data to be read in and written out by any word
hardware, and open data, tools we can contribute to and utilize processor in a standard way. Eventually this became known as
to help, in each person’s way, to make things better. the Open Document Format (ODF), and all of the vendors were
While many of us are familiar with free software and to a cer- encouraged to contribute to it. Because it was open, and used in
tain extent open hardware, sometimes we forget about the con- some Open Source word processors, it was relatively easy to
cept of open data, data that is free to use, modify, and distribute implement the standard and standard features.
to others under formats that are open and free to use. One of the vendors involved was Microsoft, and they con-
One issue related to this is document formats, which I be- tributed their format called OOXML, a very complex format,
came aware of during the early days of the GIF standard. covering many issues of Microsoft Word formats over a long
Seemingly innocent enough, it was a standard created to allow period of time.
digital pictures to be stored across a wide variety of devices. Eventually ISO accepted both the ODF and the OOXML stan-
Early digital cameras stored pictures in GIF format, often com- dards. Because I tend to use a lot of word processors across
pressing them so people could fit the images on relatively (by multiple platforms, I tend to use and store documents in ODF
today’s standards) modest storage mediums. Many camera format, which Microsoft word processors can read. If you start
companies gleefully used the GIF format to store the images with an OOXML format there is no guarantee that an ODF word
taken. Unfortunately, the GIF format used a compression tech- processor will be able to render it correctly.
nique that had a patent on it. While this was not necessarily a Unfortunately, there is more to word processing than just the
stopping point for cameras, since the camera company could format of storing the text. The thoughtful use of free and open
license the GIF patent, it did create problems for software fonts – particularly in presentations and in legal documents
companies (and particularly free software) in implementing the where pagination is important – and attention to the initial and
de-compression technique, because often the distribution that continued use of ODF to create and store your documents will
contained the software might not be used or even installed. give you the greatest compatibility over time.
Soon after that, the JPEG compression technique was While I am at it, the “openness” of the format for the data is
developed, allowing camera companies to switch over from limited if the data itself is not licensed in an open way, so I will re-
GIF. Years later the patent on the GIF compression technique mind people of the importance of Creative Commons [1] licens-
ran out and GIFs as we know them came back into style. ing for your creative works, and to make sure that the data you
Along the same lines were the issues around codecs used use is properly licensed – and, if required, properly attributed.
for music. MP3, MP4, and other formats for storing audio had At the time of writing, the Digital Freedom Foundation [2]
licensing limitations that particularly affected free software. is having their annual Document Freedom Day [3] on the last
Fortunately, the OGG formats were developed that allowed Wednesday in March. This is an opportunity for freedom-
audio to be stored in a flexible and royalty-free way. minded people to tell the general public about the importance
Another major issue that came up with formats was with the of software and data freedom [4]. Q Q Q
format for storing formatted text. Various text-formatting tools
existed, and often each vendor had their own text format that Info
contained all the tools to explicitly format the text document –
[1] Creative Commons licensing: https://creativecommons.org/
but that would be incompatible with other vendors.
Eventually a couple of vendors had gained such market share [2] Digital Freedom Foundation: https://digitalfreedoms.org/en/
that smaller vendors would try to read (and sometimes write) [3] Document Freedom Day: https://digitalfreedoms.org/en/dfd
the format of another vendor. There were two problems with
[4] “Document Freedom Day: Empowering the Digital World
this. First, sometimes you had to use a third word processor in
the middle to make the conversion you needed: Converting with Open Standards,” LibreOffice: https://blog.
from your original proprietary system to another proprietary documentfoundation.org/blog/2025/01/27/
system required an extra conversion in between using that third document-freedom-day-2025/

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 69

LINUX VOICE AD-FREE VIDEOS

Privacy-conscious YouTube front end

Ad Busters
YouTube is slowly becoming less usable every year. Piped, a privacy conscious
YouTube front end, might be just what you need to enjoy YouTube content once again.

ouTube is, beyond any shadow of doubt, surrender to the will of the tech giant. Unfortu-

Y
BY RUBÉN LLORENTE
the most popular video hosting site on the nately, the obliteration of ad-blocking technology
Internet. While alternatives exist, YouTube is an integral part of YouTube’s strategy. First
has no serious contender, to the point the videos blood in the war on ad blockers was drawn when
you want to watch might be only available on it YouTube attempted to make videos unavailable
because their creators don’t bother to upload to ad blocker users in 2023 [1]. Google Chrome
them elsewhere. The ground is laid for a danger- EPWSTVSTSWIHEREXXIWXEXMSRQIGLERMWQɄũ
ous Internet monoculture. ORS[REW;IF)RZMVSRQIRX-RXIKVMX]Ʉ?AũXLEX
YouTube has been attempting to boost its deep down, was just a fancy way of letting web-
profitability quite aggressively for a number of site owners decide if a given web browser was
years, surely aware that their dominant position to be accepted or rejected. According to the
will keep video consumers engaged in their plat- popular Internet theory, the goal was to ensure
form even if subjected to massive advertising only authorized web browsers without ad block-
pressure. As a result, watching videos over You- IVWGSYPHYWI+SSKPIWIVZMGIWɄũMRGPYHMRK
Tube has become an exercise in masochism, YouTube.
with an ever-increasing flow of advertisements Software projects designed specifically to in-
blasting out of your screen. The alternative is teract with YouTube in, let’s say, extraofficial
purchasing a YouTube Premium plan, which the ways, have also become a target for takedown
company labels as a “subscription service that notices and threatening letters. On June 2023,
lets you watch and listen to YouTube and You- Invidious, a popular FOSS YouTube front end, re-
Tube Music without interruptions.” Considering ceived a cease-and-desist notice from YouTube’s
the way advertisements are being pushed into legal department [3].
your brain with the free service, you would think I personally don’t have a problem with advertise-
they are attempting to break your will and to con- ment-based business models as a concept. On
vince you of jumping on the paid service rather the other hand, when you build a service around
Figure 1: A public Invidious than enduring the torture of continuous advertisements, you also need to accept the audi-
instance. Invidious is very advertising. ence still has the right to ignore your advertise-
resource intensive and a bit Ad blockers are the main defense left for ments. TV stations don’t ban you from their ser-
unstable. users who can’t afford a paid plan but won’t vices if you take a quick trip to the bathroom dur-
ing a publicity break. The fact YouTube does not
want to acknowledge this is a bit disturbing, to
say the least.

Back to Sanity
There are a number of options for getting an ad-
free YouTube experience without bending your
knee to Google. You could, for example, install a
FOSS YouTube client such as FreeTube [4] on
your desktop, or NewPipe [5] on your Android
phone. Alternatively, you could use a third-party
front end run by volunteers. There’s a number of
public Invidious instances you can visit with your
trusty web browser that will let you watch You-
Tube without ad breaks (Figure 1).

70 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 AD-FREE VIDEOS LINUX VOICE

The third option, which is the one I am covering

in this article, is running your own private front
end for use by your friends and family. This is by
far the hardest option, but it has a number of ad-
vantages. From a privacy perspective, it is better
than using a personal client such as NewPipe,
because individual clients give your IP to You-
Tube and can still allow them to profile you.
Meanwhile, a shared front end will mix your own
queries for videos with those of the other users
of the instance, making it harder for YouTube to
extract information from any individual user. On
the other hand, a private instance is more reliable
than a public instance hundreds of people are
trying to use. Public instances are often barred
access by YouTube, which causes them to suffer Figure 2: A public Piped
frequent downtimes which last until they obtain article, the most important feature your router instance.
new, non-blocked IP addresses. A private in- must support is port forwarding, so requests from
stance just does not generate enough traffic for the Internet can reach your Piped service. I also run
YouTube to notice and is not listed on any direc- a DNS server on my router, which is quite conve-
tory YouTube might check. nient for a low-traffic network.
My reverse proxy is a relayd instance which
Enter Piped runs on an OpenBSD host (Figure 3). I chose re-
There are not that many front ends to pick from layd because it is very easy to deploy. The reverse
for our project. Invidious, previously mentioned, proxy acts as a TLS accelerator in order to ensure
is the most popular one. It is fiercely developed people can connect to the service over an en-
and has the best documentation. It is also easy crypted connection. I use the Let’s Encrypt ser-
to deploy. On the other hand, Invidious uses too vice to obtain my TLS certificates, and the certifi-
many resources and is a bit unstable, to the cates themselves are renewed automatically
point they recommend setting a cronjob for re- using OpenBSD’s native certificate bot.
starting the service every hour. Another candi-
date is ViewTube, which looks great on paper,
but their documented Docker deployments
didn’t work on my testing Debian 12
environment.
My chosen solution is Piped [6], a YouTube front
end licensed under the AGPLv3 license. It has
many moving parts, and it is therefore harder to
set up than Invidious. Piped is designed to work
behind a reverse proxy, which suits me fine be-
cause I already have one at home. To try Piped
out before installing it, just visit any of the public
instances (Figure 2). Just remember that, like
public Invidious instances, they might have up-
time problems or get blocked every now and then.

Service Architecture
The goal of this article is to teach you how to de-
ploy a private Piped instance in a home network.
Therefore, a public, Internet routable, static IP ad-
dress is required. If that is not an option, you may
rent a dedicated server or a virtual private server
(VPS) from a hosting provider.
The core component of my home LAN is a mid-
tier professional router. My ISP subscription grants
me a single traditional IP (this is an IPv4 and not
IPv6), so the router performs networks address Figure 3: Piped is designed to work behind a reverse proxy.
translation (NAT) between the Internet and my A reverse proxy is a convenient way of hosting multiple web
local area network (LAN). For the purposes of this services from a single public IP.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 71

LINUX VOICE AD-FREE VIDEOS

Installing Piped
Counterintuitively, setting up Piped itself is the
easiest part. Set a Debian 12 server (in my
home lab I use a virtual machine) and ensure a
regular user exists. For this example I will refer
to the debian user. Because I will be using
docker-compose for deploying Piped, I will have
Figure 4: An automatic con- to install it by running the following commands
figuration script is included Piped itself runs well on a Debian 12 host. Piped as root:
with Piped. Each of the core has a number of different components, but the good
services needs its own host- news is you don’t need to know about them: You can # apt update

name. just use the official Docker deployment and be done # apt upgrade

with it. In case you’re curious, the different services # apt install -y docker-compose

that make a Piped server are a service front end

(piped-frontend), a back end (piped-backend), a By default, root privileges are needed in order to
proxy (piped-proxy), a database (PostgreSQL), and deploy a service using docker-compose, which is
an integrated reverse proxy (NGINX). The integrated quite unfortunate. The way around this is to grant
reverse proxy does not negate the need for an exter- sufficient permissions to the debian user in order
nal one. A caching service (Varnish) is also included. to launch docker-compose without superuser
The amount of RAM the Piped host needs de- rights. This can be achieved by adding the debian
pends on the load you expect it to take. For testing user to the Docker group by running the following
I would not go lower than 2GB, and for serving a command as root:
small group of friends I would set 3GB as the bare
minimum. # usermod -aG docker debian

Listing 1: /etc/relayd.conf Now comes the interesting part. I will fetch Piped
01 # BEGIN DEFINITION OF HOSTS
from GitHub using Git. For that, I will log on as the
02 debian user and clone the repository using
03 table <piped> { 192.168.90.40 }
04 table <acme> { 127.0.0.1 } $ git clone U
05 https://github.com/TeamPiped/Piped-Docker
06 # BEGIN DEFINITION OF PROTOCOLS
07
Piped comes with a configuration script. I’ll move
08 http protocol "http" {
into the repository I just cloned and run it:
09
10 # Set recommended tcp options
$ cd Piped-Docker
11 tcp { nodelay, socket buffer 65536, backlog 100 }
12 $ ./configure-instance.sh

13 # Update headers passed to the http services behind

14 match request header set "X-Forwarded-For" value "$REMOTE_ADDR" The script might be a bit confusing because it
15 match request header set "X-Forwarded-Port" value "$SERVER_PORT" asks for three hostnames, one for each of the
16 match request header set "X-Forwarded-By" value "$SERVER_ GSVIWIVZMGIWũJVSRXIRHFEGOIRHERHTVS\]
ADDR:$SERVER_PORT"
In this example, all of the services reside in the
17
same host, but they cannot be assigned the
18 pass request quick header "Host" value "piped.operationalsecurity.es"
forward to <acme>
same hostname. Trying to use a given hostname
19 pass request quick header "Host" value "api.operationalsecurity.es" for more than one of the services will result in a
forward to <acme> broken deployment. Pick hostnames that make
20 pass request quick header "Host" value "proxy.operationalsecurity.es" sense to you (see Figure 4 for an example) and
forward to <acme>
use them with the configuration script. If you
21
have not done so, register the appropriate do-
22 return error
main with an Internet domain registrar, create an
23 }
24
25 # BEGIN DEFINITION OF RELAYS Listing 2: /etc/httpd.conf
26 01 server "default" {
27 relay "www" { 02 listen on * port 8080
28 listen on 192.168.90.30 port 80 03 location "/.well-known/acme-challenge/*" {
29 protocol "http" 04 root "/acme"
30 forward to <acme> port 8080 05 request strip 2
31 forward to <piped> port 8080 06 }
32 } 07 }

72 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 AD-FREE VIDEOS LINUX VOICE

A record for each of the services, and point it to With a recently generated certificate, I can en-
your public address. able TLS in my relayd instance by appending the
I also like to set a DNS resolver on the router, but contents of Listing 5 to relayd’s configuration file:
the steps necessary for setting it up depend on the
device. In essence, what you must do is set up a Listing 3: /etc/acme-client.conf
DNS server in your router and add an A record for 01 authority letsencrypt {
each of the three services, pointing them all to the 02 api url "https://acme-v02.api.letsencrypt.org/directory"
reverse proxy (IP 192.168.90.30 in the example). 03 account key "/etc/acme/letsencrypt-privkey.pem"
Then configure the DHCP service in your router to 04 }
instruct the computers in your LAN to use the DNS 05
hosted by the router. This step might be optional or 06 domain piped.operationalsecurity.es {
RSXũWSQIGSRWYQIVKVEHIVSYXIVW[MPPPIX]SYEG- 07 alternative names { api.operationalsecurity.es proxy.
cess web services hosted in your LAN without tak- operationalsecurity.es }

ing any extra steps, but some others don’t seem to. 08 domain key "/etc/ssl/private/piped.operationalsecurity.es.key"

The final step is deploying Piped. This can be 09 domain full chain certificate "/etc/ssl/piped.operationalsecurity.

done by running the following command as the es.crt"

debian user from within the Piped-Docker 10 sign with letsencrypt

directory: 11 }

$ docker-compose up -d
Listing 4: /etc/daily.local
01 #Randomize the hour at which the service is run
Setting Up relayd 02 sleep $((RANDOM % 2048))
Relayd is shipped with OpenBSD’s default install. 03
Its configuration file is located at /etc/relayd.conf. 04 acme-client piped.operationalsecurity.es
Check Listing 1 for a functional example. 05 ocspcheck -N -o /etc/ssl/piped.operationalsecurity.es.ocsp /etc/ssl/

Because I haven’t generated my TLS certifi- piped.operationalsecurity.es.crt

cates yet, I can’t have a TLS configuration. The ex- 06

07 rcctl reload relayd > /dev/null
ample file shown in Listing 1 commands relayd to
send any traffic addressed to the front end, back
end, or proxy service to an httpd server that I will Listing 5: Append to /etc/relayd.conf
have running in the same OpenBSD host. This 01 http protocol "https" {
httpd server is the one acme-client (the Let’s En- 02
crypt certificate bot) will use to create and renew 03 tls keypair "piped.operationalsecurity.es"
my certificates. The configuration of the httpd 04
daemon is located at /etc/httpd.conf, and you 05 # Update headers passed to the httpd servers

can see an example in Listing 2. 06 match request header set "X-Forwarded-For" value "$REMOTE_ADDR"

Once both files are set in place, I enable and run 07 match request header set "X-Forwarded-Port" value "$SERVER_PORT"

both relayd and httpd by running the next 08 match request header set "X-Forwarded-By" value "$SERVER_
ADDR:$SERVER_PORT"
commands:
09 match request header set "Keep-Alive" value "$TIMEOUT"
10
# rcctl enable httpd relayd
11 # Set recommended tcp options
# rcctl start httpd relayd 12 tcp { nodelay, socket buffer 65536, backlog 100 }
13
The next step is configuring acme-client. Its con- 14 tls { no tlsv1.0, ciphers "HIGH:!aNULL" }
figuration file is located at etc/acme-client.conf 15

(Listing 3). 16 pass request quick header "Host" value "piped.operationalsecurity.es"

Once the certificate bot is configured, I ensure forward to <piped>

17 pass request quick header "Host" value "api.operationalsecurity.es"
my router is forwarding connections from ports
forward to <piped>
80 and 443 on its public interface to my relayd in-
18 pass request quick header "Host" value "proxy.operationalsecurity.es"
stance and run: forward to <piped>
19
# acme-client piped.operationalsecurity.es 20 return error
# ocspcheck -N -o /etc/ssl/U 21 }

piped.operationalsecurity.es.ocsp U 22

/etc/ssl/piped.operationalsecurity.es.crt 23 relay "wwws" {

24 listen on 192.168.90.30 port 443 tls
25 protocol "https"
I recommend using a cronjob to renew your cer-
26 forward to <piped> port 80
tificates before they expire. An example /etc/
27 }
daily.local job is shown in Listing 4

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 73

LINUX VOICE AD-FREE VIDEOS

Figure 5: Piped allows importing and exporting subscriptions and playlists.

Reloading the configuration will have relayd lis- if you delete your cookies. This is inconvenient
ten to incoming connections on port 443 with TLS for privacy-minded folks like myself who have
enabled and proxy requests to our Piped instance: their browsers set to wipe cookies and history
on exit. This is not a deal-breaker, but it is far
# rcctl reload relayd from ideal.
Piped supports the popular SponsorBlock and
The Actual Experience DeArrow functionalities. SponsorBlock uses a
Piped lets users create accounts in order to man- community database to identify sponsored adver-
age their subscriptions and playlists (Figure 5). tising that is part of the videos you are watching
Account information (including subscriptions) can and skips it automatically. Testing shows the ser-
be exported and imported from the user dash- vice works as intended. DeArrow, on the other
board. Because I have no YouTube account, I hand, replaces clickbait video titles and thumb-
haven’t checked if there is an easy way to import nails with alternatives suggested by the commu-
subscriptions from a YouTube account into a nity, which are often more helpful than the official
Piped instance, but a quick search online sug- ones. Sadly, DeArrow seems broken in the current
gests the yt2alt tool might help achieve this. iteration of Piped.
User preferences are stored in cookies in your The good news is that the core functionality of
browser, instead of in the server (Figure 6). This Piped works without flaws. You can actually
means that preferences such as theme, lan- watch YouTube videos without having to endure a
guage, preferred codec, and the like will be lost barrage of advertisements.

Figure 6: Preferences are stored in a client-side cookie only.

74 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 AD-FREE VIDEOS LINUX VOICE

Conclusion Info
Piped has rough edges but works for the most
part. If you are willing to go through the hassle of [1] “YouTube Tests Disabling Videos for People
deploying it and don’t mind its current flaws, you Using Ad Blockers,” The Verge: https://www.
will end up with a YouTube front end which is suf- theverge.com/2023/6/29/23778879/youtube-
ficiently functional for regular user cases. videos-disabling-ad-blockers-detection
That said, alternative front ends such as
[2] Web Environment Integrity on Wikipedia:
Piped and Invidious are temporary Band-Aids at
https://en.wikipedia.org/wiki/Web_Environ-
best. At the end of the day, YouTube keeps its
dominant position as a video provider and may ment_Integrity
break FOSS front ends at any time without prior [3] “YouTube Legal Team Contacted Us,” Invidi-
warning. The world is in sore need of a FOSS ous at GitHub: https://github.com/iv-org/
video platform that can rival YouTube’s grip on invidious/issues/3872
the market. Q Q Q
[4] FreeTube:
https://github.com/FreeTubeApp/FreeTube
The Author
[5] NewPipe: https://newpipe.net
Rubén Llorente is a mechanical engineer
whose job is to ensure that the security [6] Piped: https://github.com/TeamPiped/Piped
measures of a small clinic’s IT infrastructure [7] yt2alt at GitHub:
are both legally compliant and safe. In https://github.com/iBicha/yt2alt
addition, he is an OpenBSD enthusiast and [8] yt2alt support, Piped on GitHub: https://
a weapons collector.
github.com/TeamPiped/Piped/issues/3339

QQQ
LINUX VOICE RESCUING NINTENDO GAMES

Keep your Wii games working with WIT

Game On!
The Nintendo Network went dark in 2024, but a thriving FOSS community continues
to support the Wii platform and other Nintendo devices. We’ll introduce you to some
of the tools you can use to reclaim the magic.

t is hard to imagine a gaming enthusiast who describes how to integrate your Nintendo infra-

I
BY DANIEL LASALLE
has not fallen in love with Nintendo at least structure into this new community-driven FOSS
once in their life. But everything comes with a environment.
price tag, even love. When one of the parties in a To get the most from this article, it would be
love affair starts expressing their love via unholy best if you already have your own homebrewed
acts, the other party must question the validity of Wii console, most probably an external physical
that relationship. enclosure (such as a USB or Compact Flash
Nintendo holds quite the reputation [1] when it storage unit) alongside all of the Nintendo phys-
comes to the kind of love that it often demon- ical games. This article was powered by the
strates (or doesn’t demonstrate) toward its fan- Ubuntu 24.10 experience, however, the steps
base. Even when some non-profitable community are similar for any system on which you can in-
project shows potential, it seems that the project stall the suite of Wiimms ISO Tools.
is received as a blow [2] to Nintendo pride rather
than as a show of endorsement [3] and grateful- Wiimms ISO Tools
ness [4] from a kind and loving community. Wiimms ISO Tools (WIT) is a niche project that ac-
One could argue that a second golden age for the tually celebrated more than 15 years of existence
Wii console began the moment its creator decided [11] in September 2024. Even though the WIT proj-
it was time to pull [5] the plug in order to make way ect does not particularly benefit from its rapid roll-
for their latest money maker. This decision stunned out cycles [12], it is a safe bet that it will forever be
the world, but some saw it as an opportunity for in- maintained because of the pivotal role it holds and
novation, and the Wii crowd offered strong signals the numerous spheres of influences it came to be-
of reassurance to the vendor that the Wii heritage come a part of. Or to put it differently: WIT’s arrival
would be well preserved on their watch. With this is what helped create most of the other tools
noble goal of offering eternal support to the gam- claiming to do the same job. WIT is not only the
ing community, great initiatives [6] [7] were put reference when it comes to managing the Game-
into place. Cube and Wii (aka Dolphin) ecosystems, it is also
The Pretendo [8] social gaming network has the foundation of many subsequent software
only been around for a few months now, but it tools. A look at the WIT documentation [13] re-
is already acting as a backbone of this “niiw” veals that you are in the presence of a unique soft-
community, replacing the Nintendo Network, ware project, and the bar has been set quite high
which the company shut down in 2024. Other when it comes to long-term support.
great minds came together to develop their What exactly is WIT? The short answer is it is a
own applications using the Wii Application Dis- suite of tools for allowing all possible types of in-
tribution (WAD) file format [9]. All of these teractions between the Nintendo Dolphin [14] en-
tools and add-ons are available under Libre- vironment and its physical, logical, and operational
Shop [10], which is also fueled by passionate assets. Such operations include container manip-
members of the Wii community. ulations (such as formatting, repairing, recovering,
The best reason for having your Wii “home- and truncating). A similar level of depth applies to
brewed” is to digitally port all of your physical games images (such as conversion, dumping, and
games. Porting your games increases their acces- un/packing).
sibility and also diminishes the chances of dam- The longer (and much more exciting) answer is
aging any of their precious medias. This article that WIT was first published in 2009 simply as

76 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 RESCUING NINTENDO GAMES LINUX VOICE

“Wiimm”, from the developer nick. Wiimm was unlock features that otherwise would be unavail-
strictly developed to handle the GameCube gener- able, which in turn allows you to develop cheats
ation and had a less complex tool layout. The and mods for any of your favorite Wii games. The
suite we know today evolved over the spawn of result of your hard work can then be imported via
the next two decades. Although WIT relies on four the CheatManager homebrew application [15].
distinct binaries, wdf, wfuse, wwt, and wit, it is capa- Welcome to the next level. The CheatManager
ble of casting its magic at both the container and homebrew application enables this gaming expe-
file levels. rience, but only if you dare.
Each of these four tools is revolutionary in its
own way as the tools fill a big gap in what other- wfuse: The Browser
wise would be a sea of undocumented technical The simplest tool in the WIT suite, wfuse allows
standards. Some even unlock new features, users to mount (and unmount) their WBFS con-
which in turn create the ability to softmod (such tainers at will. The WBFS filesystem uses Filesys-
as installing a custom theme) or to hardmod tem in Userspace (FUSE), which allows the user
(such as making the LED use any color from the to attach it to the system. You’ll need to attach
spectrum of color), thus helping to replace the WBFS filesystem in order to properly manage
some of those old boring default vendor-locked the library of digital assets..
settings. Anything having to do with features The usage is simple: wfuse followed by the path
can be accounted for via the LibreShop of the source mount and destination. In my case,
application. the command will be:

wdf: The Packager $ sudo wfuse /dev/sda1 /mnt/wii

The wdf utility is a packaging (and depackaging)

tool that supports the Compact ISO (CISO), the In the case of an nonexisting destination path,
Dolphins GameCube Zip (GCZ), the Wii Disc File add the -c (or --create) switch prior to the desti-
(WDF1 and 2), the Wii ISO Archive (WIA), the Ex- nation folder. Once you’re done interacting with
tracted File System (FST) file, and the Wii Backup the WBFS container, you can combine the wfuse
File System (WBFS), as well as the plain ISO file command with the -u (or --umount) switch. In
format. You can also use wdf to work with the my case:
Gecko Code Type (GCT) image format. For read-
ers familiar with what a game trainer is, the GCT $ sudo wfuse -u /mnt/wii

format acts like it. For those who don’t know

what a trainer is, it is a small and simple patch of As you have probably already figured out, a sudoer
code applied on top of a game allowing you to account is required when invoking the wfuse

Figure 1: Use the -h option for help with the wfuse command.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 77

LINUX VOICE RESCUING NINTENDO GAMES

Backing Up a Game
Wanting to create backups of your game collection certainly is Other methods exist for scrubbing Nintendo games images,
an honorable goal, but rest assured that Nintendo doesn’t make but the one I will be exploring in this article is converting from
it easy to own your own data. Luckily for us, it is not impossible! the ISO to the WBFS file format, as scrubbing is one of its fea-
Begin by analyzing what comes immediately after the physi- ture. For now, no matter which format you decide to use in the
cal disc barrier following the extraction step. After success- long run, keep in mind that once games have been transferred
fully transferring the retail collection into ISO format, the first to a WBFS container, they will always be presented similarly;
thing you will notice is how all of the Wii games have the therefore, it makes no difference if they were originally stored
same exact size (Listing 1). as .CISO, .WIA, .WBFS, or any other format.
This type of format is referred to as unscrubbed disc images. In Listing 3, a Wii game’s content is located under the path
Of course, none of the games actually use all of that space wbfs/slot, located at the root of the WBFS container. Even
and, in most cases, the dead space is anywhere from 5 per- though the id and title folders exist, they are really symlinks
cent up to 95 percent of what is reported by the ISO size. You pointing back to the content of wbfs/slot/<NUMBER>, so space is
can use the wit ISOSIZE option to get the actual size. Doing so not wasted printing their contents. That <NUMBER> folder will
will reveal what the scrubbed image will look like (Listing 2). contain both the scrubbed ISO and its exploded content.

Listing 1: Unscrubbed Images Listing 2: Scrubbed Images

$ ls -lha $ wit ISOSIZE
total 13.2G ISO
drwxrwxr-x 2 dan dan 4.0K Jan 6 22:11 . MiB filename
drwxrwxr-x 3 dan dan 4.0K Jan 6 22:11 .. -----------------------------------------------------------
-rw-rw-r-- 1 dan dan 4699979776 Dec 26 2015 mybackup1.iso 2340 ./mybackup1.iso
-rw-rw-r-- 1 dan dan 4699979776 May 7 2007 mybackup2.iso 1993 ./mybackup2.iso
-rw-rw-r-- 1 dan dan 4699979776 Nov 16 2012 mybackup3.iso 889 ./mybackup3.iso
$ -----------------------------------------------------------
5222 MiB (5 GiB) in 3 files

Listing 3: Browsing a Mounted WBFS container

# alias ll='ls -alF' dr-xr-x--- 4 root disk 0 Dec 20 17:04 part/
# pwd # cd part/
/mnt/wii # ll
# cd wbfs/ total 0
# ll dr-xr-x--- 4 root disk 0 Dec 20 17:04 .
total 0 dr-xr-x--- 3 root disk 0 Dec 20 17:04 ..
dr-xr-x--- 5 root disk 0 Dec 20 17:04 . dr-xr-x--- 5 root disk 0 Dec 20 17:04 0.0
dr-xr-x--- 3 root disk 0 Dec 20 17:04 .. dr-xr-x--- 5 root disk 0 Dec 20 17:04 0.1
dr-xr-x--- 2 root disk 0 Dec 20 17:04 id lr-xr-x--- 1 root disk 0 Dec 20 17:04 data -> 0.1/
-r--r----- 1 root disk 305 Dec 20 17:04 info.txt lr-xr-x--- 1 root disk 0 Dec 20 17:04 main -> 0.1/
dr-xr-x--- 43 root disk 0 Dec 20 17:04 slot lr-xr-x--- 1 root disk 0 Dec 20 17:04 update -> 0.0/
dr-xr-x--- 2 root disk 0 Dec 20 17:04 title # ll 0.1/ -lsa
# cd slot/ total 0
# ll dr-xr-x--- 5 root disk 0 Dec 20 17:04 .
total 0 dr-xr-x--- 4 root disk 0 Dec 20 17:04 ..
dr-xr-x--- 43 root disk 0 Dec 20 17:04 ./ -r--r----- 1 root disk 2560 Dec 20 17:04 cert.bin
dr-xr-x--- 5 root disk 0 Dec 20 17:04 ../ dr-xr-x--- 2 root disk 0 Dec 20 17:04 disc
dr-xr-x--- 3 root disk 0 Dec 20 17:04 0/ dr-xr-x--- 4 root disk 0 Dec 20 17:04 files
dr-xr-x--- 3 root disk 0 Dec 20 17:04 1/ -r--r----- 1 root disk 98304 Dec 20 17:04 h3.bin
dr-xr-x--- 3 root disk 0 Jun 1 2010 2/ -r--r----- 1 root disk 265 Dec 20 17:04 info.txt
# cd 0 -r--r----- 1 root disk 107 Dec 20 17:04 setup.bat
# ll -r--r----- 1 root disk 92 Dec 20 17:04 setup.sh
total 0 -r--r----- 1 root disk 216 Dec 20 17:04 setup.txt
dr-xr-x--- 3 root disk 0 Dec 20 17:04 ./ dr-xr-x--- 2 root disk 0 Dec 20 17:04 sys
dr-xr-x--- 43 root disk 0 Dec 20 17:04 ../ -r--r----- 1 root disk 676 Dec 20 17:04 ticket.bin
-r--r----- 1 root disk 2339754624 Dec 20 17:04 disc.iso -r--r----- 1 root disk 520 Dec 20 17:04 tmd.bin
-r--r----- 1 root disk 68 Dec 20 17:04 info.txt #

78 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 RESCUING NINTENDO GAMES LINUX VOICE

library (Figure 1). See the box entitled “Backing Up referencing, such as cutting a file at 2GB, by using
a Game” for more on how games are stored on the --splize-size 2G command argument.
Nintendo systems.
Nintendo? On Guard!
wwt: The Interactor Now that you know what WIT is and what you can
Wiimms WBFS Tool (or wwt for short) is the man- do with it, it is time to put it into practice. Listing 6
aging tool for all interaction with the WBFS con- shows how to attach an external USB storage
tainers (see Listing 4). component and prepare it “the Nintendo way,”
Known as the WBFS manager, wwt is responsible which means by first creating an exFAT partition
for everything that has to do with cloning, creating, on it using fdisk and then giving it that WBFS coat,
repairing, and verifying WBFS objects, in addition to using the wwt format command.
applying some crude data operations on files and You can use the wwt dump command to see the
data partitions. You can also invoke wwt to add, ex- contents of the partition (Figure 2). Listing 7 shows
tract, list, recover, and truncate WBFS content. how to convert a game dumped in ISO format into
Some of the most notable wwt options would WBFS and add it to the storage unit. The last step
be listing (specifying list or ls), adding (speci- on my Ubuntu system is to unmount the manager
fying -a ADD file.iso or -a ADD --re-
cursive .) and removing (via the re- Listing 4: Using wwt
move option) any files located in a $ sudo wwt check
WBFS container. Listing 5 shows the ***** wwt: Wiimms WBFS Tool v3.01a r0 x86_64 - Dirk Clemens - 2024-08-13 *****
output of the ll and llll options.
CHECK /dev/sda1

wit: The Author

On top of this suite reigns wit, the bi- $ sudo wwt find -l

nary that allows the manipulation of

type wbfs d.usage size file (sizes in MiB)
GameCube backups, Wii backups, and
-----------------------------------------------
WBFS containers. Some things you
BLOCK -- 0 953870 /dev/nvme0n1
can do include changing the game re- BLOCK -- 0 1 /dev/nvme0n1p1
gion, ID6, ID8, and disc title (via the BLOCK -- 0 953870 /dev/sda
ID6, ID8, and RENAME switches, respec- BLOCK WBFS 0 953870 /dev/sda1
tively). Also, wit supports image com-
parison, extraction, and conversion. $ sudo wwt space

When the need to patch a DOL(phin)

file arrives, you can also rely on wit's size used used% free discs file (sizes in MiB)
--------------------------------------------------------------
many options.
953856 16 0% 953840 0/500 /dev/sda1
You should default to the wit con-
vert (or cv) command when the need $
for scrubbing arises. Another
method for scrubbing is to convert
to the WBFS file format. To do so, Listing 5: Listing with wwt
type something like: $ sudo wwt ll

$ wit copy mybackup1.iso --wbfs --dest . ID6 MiB Reg. 3/500 discs (10 GiB)
-------------------------------------------------------------------------------

This command creates the file my- 112233 2340 USA My backup 1

backup1.wbfs in the present working di- 122331 1993 USA My backup 2

rectory. You can also combine wit 223311 889 USA My backup 3
-------------------------------------------------------------------------------
using edit and --id to change the
Total: 3/500 discs, 110656 MiB ~ 10 GiB used, 999184 MiB ~ 999 GiB free.
metadata of the library. For example,
the following command $ sudo wwt llll
ID6 m-date m-time MiB Reg. 3/500 discs (10 GiB)
$ wit edit mybackup1.wbfs --id ABCD01 ------------------------------------------------------------------
112233 2010-04-20 20:21:22 2340 USA My backup 1

sets the ID6 value to ABCD01 for the 122331 ---------- --:--:-- 1993 USA My backup 2

disc image. 223311 2005-09-08 13:33:37 889 USA My backup 3

If you are working with filesystem ------------------------------------------------------------------

Total: 3/500 discs, 110656 MiB ~ 10 GiB used, 999184 MiB ~ 999 GiB free.
limitation, you can split your game by
specifying the --split switch. It is
$
possible to enforce even more specific

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 79

 LINUX VOICE RESCUING NINTENDO GAMES

Listing 6: Preparing /dev/sda for WBFS

$ lsblk $ sudo wwt format --force /dev/sda1
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS ***** wwt: Wiimms WBFS Tool v3.01a r0 x86_64 - Dirk Clemens -
loop0 7:0 0 37.7G 0 loop /mnt/1 2024-08-13 *****
sda 8:80 0 931.5G 0 disk FORMAT BLOCK DEVICE /dev/sda1 [932 GiB, hss=512]
nvme1n1 259:0 0 931.5G 0 disk ** 1 file formatted.
??nvme1n1p1 259:1 0 1M 0 part / $ sudo wwt find
$ sudo fdisk /dev/sda /dev/sda1
$ sudo wwt analyze
Welcome to fdisk (util-linux 2.40.2).
Changes will remain in memory only, until you decide to write them. ANALYZE /dev/loop0
Be careful before using the write command.
ANALYZE /dev/nvme1n1

Command (m for help): p ANALYZE /dev/nvme1n1p1

Disk /dev/sda: 931.51 GiB, 1000204886016 bytes, 1953525168 sectors
Disk model: 100T1R0A-68A4W0 ANALYZE /dev/sda
Units: sectors of 1 * 512 = 512 bytes ---------------------------------------------------------------
Sector size (logical/physical): 512 bytes / 512 bytes HD SECTORS WBFS SECTORS DISCS (all values in hex)
I/O size (minimum/optimal): 512 bytes / 33553920 bytes WBFS total sec total sec max inode
Disklabel type: dos NAME magic vrs num size num size num size ADDITIONAL
Disk identifier: 0xe65e18b3 INFORMATION
---------------------------------------------------------------

Command (m for help): n INODE-TIM: ok 1 747065b0 200 e8e0 1000000 1f4 600 2025-01-04
14:50:11
Partition type
n=500
p primary (0 primary, 0 extended, 4 free)
INODE-CNT: ok 1 74706d71 200 e8e0 1000000 1f4 600 2024-12-13
e extended (container for logical partitions)
23:00:44
Select (default p):
n=498
Partition number (1-4, default 1):
---------------------------------------------------------------
First sector (2048-1953525167, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-1953525167,
ANALYZE /dev/sda1
default 1953525167):
---------------------------------------------------------------
HD SECTORS WBFS SECTORS DISCS (all values in hex)
Created a new partition 1 of type 'Linux' and of size 931.5 GiB.
WBFS total sec total sec max inode
NAME magic vrs num size num size num size ADDITIONAL
Command (m for help): t
INFORMATION
Selected partition 1
---------------------------------------------------------------
Hex code or alias (type L to list all): 07
HEADER: ok 1 747065b0 200 e8e0 1000000 1f4 600 WBFS header
Changed type of partition 'Linux' to 'HPFS/NTFS/exFAT'. scanning
INODE-TIM: ok 1 747065b0 200 e8e0 1000000 1f4 600 2025-01-04
Command (m for help): w 14:50:11
The partition table has been altered. n=500
Calling ioctl() to re-read partition table. ---------------------------------------------------------------
Syncing disks.
$

Listing 7: wit, wwt, and wfuse in Action

$ sudo wit copy mybackup1.iso --wbfs --dest . --progress --long Total: 1/500 discs, 2340 MiB ~ 2 GiB used, 911267 MiB ~
***** wit: Wiimms ISO Tool v3.01a r0 x86_64 - Dirk Clemens - 2024-08-13 ***** 911 GiB free.

1 object scanned, 1 supported file found.

* COPY/SCRUB 1/1 ISO:mybackup1.iso -> WBFS:./mybackup1.wbfs $ sudo wfuse -u /mnt/wii

2248 MiB copied in 0:07, 325.2 MiB/sec wfuse: Wiimms FUSE Tool v3.01a r0 x86_64 - Dirk Clemens

$ sudo wwt -a ADD mybackup1.wbfs - 2024-08-13

***** wwt: Wiimms WBFS Tool v3.01a r0 x86_64 - Dirk Clemens - 2024-08-13 wfuse umount /mnt/wii

***** $ sudo wwt find -l

WBFSv1 #1/1 opened: /dev/sda1

- ADD 1/1 [223311] WBFS:mybackup1.wbfs/#0 type wbfs d.usage size file (sizes in MiB)

* WBFS #1: 1 disc added. -----------------------------------------------

$ sudo wwt llll BLOCK -- 0 953870 /dev/nvme0n1

BLOCK -- 0 1 /dev/nvme0n1p1

ID6 m-date m-time MiB Reg. 1/500 discs (2 GiB)

-------------------------------------------------------------------- $

112233 2010-04-20 20:21:22 2340 USA My backup 1

--------------------------------------------------------------------

80 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 RESCUING NINTENDO GAMES LINUX VOICE

using the wfuse command. Only then can do, but one cannot help but better than most. Better documentation means a
will I be able to plug the storage unit feel very optimistic about the WIT less intimidating learning curve when attempting
back into my Wii console and confirm suite and its quite refined use to step into the rabbit hole of long-lost, vendor-
the success of my operation. cases. I must admit though that I locked standards. Q Q Q
But before attempting any of that couldn’t help but feel somewhat
funky stuff, make sure that every- overtaken at times by all of the Info
thing is already in place on your aliases, sub-aliases, and available
[1] Nintendo hates people who pay their hard
system by issuing the command options. Of course, the great vari-
earned money purchasing their products:
which wit. command. If nothing ety of options could also be cele- https://www.gamesradar.com/former-
shows up, go ahead and install wit brated because it shows that this pokemon-lawyer-explains-why-nintendo-
by invoking: suite of tools is only the result of goes-after-so-many-fan-games-no-one-likes-
such fine craftmanship forged over suing-fans/
$ sudo apt install wit -y the course of time. [2] Great fan-made projects some execs did not
The maturity of any tool should al- want the world to benefit from: https://www.
cbr.com/most-infamous-nintendo-fan-game-
Conclusion ways be considered in the context
shutdowns/
When a vendor isn’t helping, there of the documentation it provides. In [3] Trademark mongering? https://www.reddit.
are only so many things a savant that respect, WIT nails it and does it com/r/nintendo/comments/vptk4a/why_is_
nintendo_so_against_fan_made_projects/
[4] Nintendo does not have a great reputation
with its fanbase: https://8bitpickle.com/
video-games/why-does-nintendo-
hate-their-fans/
[5] RIP Nintendo 3DS and Wii U:
https://en-americas-support.nintendo.com/
app/answers/detail/a_id/63227/~/
announcement-of-discontinuation-of-online-
services-for-nintendo-3ds-and-wii-u
[6] The backbone of the Wii renaissance: the Open
Shop Channel: https://oscwii.org/
[7] A WAD to enable Dual Shock 3 game control-
lers: https://www.wiibrew.org/wiki/Sixaxis
[8] Pretendo:
https://pretendo.network/
[9] A WAD to enable support for USB game con-
trollers: https://github.com/xerpi/fakemote
[10] The LibreShop, powered by the community:
https://oscwii.org/library/app/libreshop
[11] First ever announcement of WIMM:
https://gbatemp.net/threads/wwt-wit-
wiimms-wbfs-iso-tools.182236/
[12] WIT support: https://github.com/Wiimm/
wiimms-iso-tools
[13] WIT official website:
https://wit.wiimm.de/
[14] Dolphin emulator: https://wiki.dolphin-emu.
org/index.php?title%3D
[15] CheatManager:
https://www.wiibrew.org/wiki/CheatManager

The Author
Daniel LaSalle saw his first keyboard at the
tender age of eight and was fascinated from
the get-go with this wide new world. Daniel
has been using technology nearly every day
of the five decades since. In 2014, he found
the guts to commit to a monogamous part-
nership with Linux and regrets nothing.
Figure 2: Combining wwt alongside the dump option gives a view of the WBFS container.

QQQ

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 81

LINUX VOICE FOSSPICKS

FOSSPicks Nate explores the top FOSS, including the shiny new Zen
Sparkling gems and new
releases from the world of
Free and Open Source Software

Browser, a secure file eraser, an online office suite, and a very

cool team combat game. BY NATE DRAKE

Slow Open Source?

As I was scrolling r/opensource this month, I happened across a are volunteers who can only contribute in their free time. As much as
link to a post by open source developer Lukasz Gornicki entitled his article put things into perspective, back when I was working in tech
“Stop Blaming Open Source Slowness.” In it, he talks about how the support, I found customers would often ask, “Why doesn’t [proprietary
slow pace at which open source projects change can seem frustrat- product] do X?” I’d often know open source apps that could easily solve
ing. User demand sometimes even leads to quick fixes like patches
their dilemma but was forbidden from mentioning them.
or temporary forks to the detriment of the overall development
process. Lukasz concludes by encouraging end users to make feature re-
Lukasz gently reminds readers that there are two principal types of quests to the right people. However, he also reminds developers that
open source developer. One type is those that are employed full time they should fix code the right way by sending changes upstream and
by a company who will prioritize their employer’s needs. The other type then drive them until they’ve been merged.

Web browser By way of disclaimer, Zen After I installed it via left by default, but you can

Zen Browser is currently in beta, so I

don’t recommend using it for
anything mission critical. How-
Flathub, the browser
launched and prompted
me to choose a favorite
easily switch them to the
other side of the window.
You can also access the
played across the main ever, it can be installed as a color and a light or dark default workspace from

S page of this latest Firefox

ESR fork is the motto
“Welcome to a calmer Internet.”
Flatpak. The main site also has
links to an AppImage version
and a tarball of the source code.
theme. You can then con-
figure layout options to
display one, multiple, or
the tab section and create
more to further organize
open windows. The
collapsed toolbars. Next, browser is compatible with
Zen prompted me to im- Firefox add-ons but also
port existing data. When I has a dedicated Zen Mods
chose this option, it failed section. From here, I was
to recognize the browsing able to add a more snazzy
data already saved in address bar as well as an
Firefox. However, because animated snowflake
the browser is a fork of overlay.
Mozilla’s browser, you can Being based on Firefox,
fix this by signing in via Zen theoretically enjoys
the Sync service at a later the same protection
stage. I was particularly against tracking cookies
impressed to see that Zen and fingerprinting as its
offers users a choice of parent browser. I put this to
1. Workspaces: Users can add tabs to the default workspace and create alternative search engine, including the test using the Elec-
workspaces. 2. Vertical tabs: Like the Chromium-based Brave, Zen browser adopts the privacy-friendly alter- tronic Frontier Founda-
a vertical format for tabs. 3. Search engine: During setup you can choose between native DuckDuckGo. tion’s Cover Your Tracks
Google, DuckDuckGo, eBay, and Wikipedia. 4. Zen Mods: Similar to Firefox add-ons. Like Chromium-based tool, which showed that
Install to improve Zen’s look and functionality. 5. Release Notes: These appear on Arc and Brave, Zen adopts Zen had partial protection
first launch and list all available Zen fixes and features. 6. Compact buttons: a vertical approach to tabs. against tracking but a
Click here to access settings, switch workspaces, or view download progress. These are displayed on the unique fingerprint.
7. Browser protection: Because Zen is based on Firefox ESR, it enjoys the same
anti-tracking protection. 8. Zen Settings: From here, you can sync data from your Project Website
Firefox account and manage add-ons. https://zen-browser.app/

82 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 FOSSPICKS LINUX VOICE

Podcast client

CPod
his podcast client was recommend readers make a

T originally named “cumu-

lonimbus.” Developer
Zachary Guard provides a link
habit of doing this, because it
raises security issues.
Once the app did launch, I ex-
on the project GitHub page to a perienced the “terrific” part
glowing review titled “A Terrific promised in the aforemen-
Podcast Client with a Terrible tioned review. The toolbar on
Name.” I stumbled across the the left is easy to navigate, and Despite not playing well with Wayland, CPod greatly simplifies
latest version of the app (with you can start searching for your managing and playing multiple podcasts.
its truncated name) in the chosen podcasts immediately. I
Ubuntu Snap store. As the did this to find some public do- The Settings section is very straightforward and al-
download page warns, the main audio books recorded for lows you to configure basic features such as the down-
Snapcrafters community does the LibriVox project. More pop- load directory for offline episodes. From here you can
not actively maintain its code. ular podcasts like those of Joe also switch between light and dark themes, as well as
This caused a glitch when I first Rogan and Mel Robbins are configure downloading and removal of queued epi-
tried to launch it in my Ubuntu also available. Once sub- sodes. Despite the command-line trickery I had to em-
24.10 virtual machine, because scribed, you can return to the ploy to get CPod running, this is why I decided to in-
it hadn’t been updated to play home screen to view a list of clude it in this month’s FOSSPicks. Unlike other pod-
nicely with Wayland. As a tem- available episodes and play or cast clients I’ve encountered, it’s very simple to
porary workaround I ran xhost download these as you see fit. configure.
+SI:localuser:root to allow the CPod also supports queues, so
root user to display desktop ap- you can play podcasts in a spe- Project Website
plications. However, I don’t cific order. https://github.com/snapcrafters/cumulonimbus/

Command-line utility

BobRossQuotes
n 2020, my doctor diag- PBS. However, if all you need is

I nosed me with hyperten-

sion and instructed me to
measure my blood pressure
a life-affirming quote from the
man himself, you can just in-
stall this feel-good terminal
every day and record the re- app. It’s currently available in
sults. One month he noted that the Ubuntu Snap store. The
my BP had dropped quite con- project GitHub page notes that, Experience uplifting quotes from Bob about happy little trees,
siderably. Though at first I because it’s written in Python, clouds, and animals with this terminal app.
couldn’t account for it, I remem- you can also install it via pip
bered that each evening after install bobross==1.1 and then scheme as I did to have the quotes appear
dinner I’d started watching The run it with pip: bobross. in a more appealing way.
Joy of Painting with Bob Ross. Assuming you installed the Readers may feel this app is too trivial to
After 30 minutes of hearing Snap version as I did, you only trouble with or that they prefer to watch
about happy little trees and need to open your chosen ter- videos of Bob Ross in action instead. How-
clouds, Bob indirectly did won- minal emulator and run bo- ever, I’ve found it buoys me up greatly each
ders to help me stave off a brossquotes. This displays an time I log in to read a quote from the mas-
stroke. ASCII rendition of Bob along ter artist. Plus, I can avoid all the annoying
Of course, for those who with a useful nugget of wisdom, ads on free streaming platforms. Remem-
want to experience the show it- such as how humans need to ber, everyone needs a friend.
self, there’s an official YouTube treat animals with kindness.
channel. You can also watch The text is rendered in the ter-
episodes free of charge on plat- minal’s default theme, though Project Website
forms such as Pluto TV and you can adjust the color https://github.com/kz6fittycent/BobRossQuotes

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 83

LINUX VOICE FOSSPICKS

Audio file editor

Ear Tag
ccording to the project tracks and chose Identify Se-

A GitHub page, this

Gnome Circle app is de-
signed to be a simple audio file
lected Files from the main
menu. This relies on Music-
Brainz to load track information.
tag editor. It’s available from Files without metadata can also
Flathub and versions exist in the be automatically identified using
repositories of most major Linux the AcoustID service. While Ear
distros such as Ubuntu, Debian, Tag had no joy with my chosen Ear Tag can automatically identify tracks. You can also edit album
and Manjaro. Developer knuxify album, this is hardly surprising, and track metadata like the title and artist.
points out that it stands apart because it was one compiled for
from similar editors in that it archive.org, not for music retail individual tracks, you can also add more
doesn’t require a dedicated stores. specific data such as the track number and
music folder. Indeed, after in- Nevertheless, selecting all the the title of the piece, as I did for “Rondo alla
stalling the Flatpak, I noted that tracks allowed me to specify the Turca” from Mozart’s Piano Sonata No. 11 in
you can simply drag-and-drop a name of the album, as well as A major, K. 331. The Save button features
file or folder containing music to the author. By default, you can prominently but while it will store specific
open it automatically. also add music genre, release tags, it won’t apply to Ear Tag itself. In other
The music album I chose was date, and suitable comments. words, if you close then relaunch the app, it
from the Internet Archive and You can even select Add Tag to will prompt you once again to choose a
featured 50 of Mozart’s greatest enter more detailed information, music file or folder.
compositions. I mention this be- like the name of the conductor
cause, after loading the album or the identity of the person who Project Website
into Ear Tag, I selected all the encoded the music. If you select https://apps.gnome.org/EarTag/

Wikipedia timeline viewer

WikiTimeline
eveloper Wenzheng Li’s summaries sometimes aren’t

D latest creation har-

nesses Gemini AI to
transform Wikipedia articles
entirely factual. The plus button
at the bottom right of the page
allows users to edit the Wikipe-
into multiple interactive time- dia sources used. The example I
lines. The project GitHub page had chosen was for timelines of
contains detailed instructions the lives of the three Renais- WikiTimeline uses Gemini to generate summaries of events and then
on how to deploy the software sance artists: Leonardo da displays them on an interactive timeline.
with a Gemini API key and Ver- Vinci, Michelangelo, and Ra-
cel KV storage. He has also phael. Fellow millennial readers The timeline itself contains options to
thoughtfully provided a demo of can probably guess which Re- zoom in or out. This is useful for analyzing
the software in action, which is naissance artist I decided to articles on people or events that occurred
available at https://wiki-time- add next! This gave me a good far apart. You can click and drag on time-
line.com/. chance to view how flexible the lines to move forward or back in time, as
I took advantage of this to interface is. Although the Teen- well as load specific events by clicking on
view an example timeline. These age Mutant Ninja Turtles are all them directly. The Customize Timeline op-
are helpfully displayed in neat the same age, the real Donatello tion lets you fine-tune options like the time-
rows along the bottom of the died closer to the time the other line font, as well as color schemes. There’s
main window. Users can click three artists were born, causing even a Reader View, which displays events
on the right arrow to view signif- the timelines to zoom out. Each in text format, grouped by article.
icant events in the correspond- time you choose to Update Time-
ing Wikipedia articles, though line, the program needs around Project Website
the project page warns that AI 10-15 seconds. https://github.com/wenzhenl/wikitimeline

84 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 FOSSPICKS LINUX VOICE

Secure file eraser

File Shredder
his app was built by de- launch users can drag files to be

T veloper Alan Beveridge.

As an official Gnome
app, it’s referred to as File Shred-
erased into the main window or
click to add them manually, as I
did for some ebooks of Sherlock
der, although Alan seems to call Holmes from Project Gutenberg.
it Raider on its GitHub page. This You can then select Shred All for
is also reflected in the URL on your chosen files. From examin-
Gnome’s website. Regardless of ing the source code it seems File Shredder (Raider) lets users select one or more files to be over-
what you call it, it’s designed to that this isn’t actually done via written by three passes of random data.
securely erase sensitive files. As the shred command. The magic
the project page notes, the pro- happens in corrupt.c, which ini- configuration to search for .txt files, it
cess of overwriting files repeat- tializes a corrupt object with the was unable to carve the one that had just
edly with random data doesn’t al- file path to be shredded and been erased by File Shredder. I’ve chalked
ways work these days due to number of passes to perform. this down as a success, but this was
wear-leveling functions on SSDs. By default the script overwrites using a virtual hard disk in VirtualBox, so
Conventional wisdom is that files with three passes of ran- real-world performance may differ. Unlike
Linux users should fully encrypt dom data. other secure file-erasing utilities I’ve used,
their hard drives so bad actors When I did this with two small the app doesn’t seem to let users choose
cannot attempt to retrieve frag- text files, File Shredder said it had a specific algorithm for erasing data such
ments of sensitive information. been successful. I then decided to as the Gutmann method.
Nevertheless, I decided to put it to the test using everyone’s
take File Shredder for a spin by favorite digital forensics tool, scal- Project Website
installing it via Flathub. On first pel. After modifying scalpel’s https://apps.gnome.org/Raider/

Team combat game

Pixelpusher
his game is currently only If you are this inept, your over-

T available as an AppImage
via itch.io under the BSD
3-Clause License. However, it has
seer will eventually spawn more
drones. The same applies to
enemy overseers, meaning the
an official page on Steam that onus is on you to destroy all its
says (at the time of writing) the drones before it can respawn
title will be officially released on them. Should you lose patience
the platform in March. as I did, you can ram one over- Players control the movement of drones with the mouse and use the
The main page describes Pix- seer into another to obliterate overseer dash using WASD to destroy enemies.
elpusher as a “drone-based team them. The tutorial also walks
combat game” that’s best played players through extra weapons in After checking out the official Dis-
with a two-button mouse. This their arsenal, such as using left cord server, I noted a recent YouTube
was clear to me when I fired up shift to unleash a torrent of review, which describes this game as
the in-game tutorial, because drones towards the cursor in a a “clone” of Arras.io. This is a 2D
drones are controlled by moving “psionic storm.” Though I had shooter where players control armies
the mouse. The player can also great fun with the single-player of tanks, defeat other players, and
change the position of the “Over- mode, Pixelpusher also supports level up. YouTuber Masterico claims
seer” using WASD. Players can a multiplayer “capture the flag” he switched to Pixelpusher because
attack enemy drones by moving game for a combination of up to it “takes drone tanks from Arras.io
their own drones into them. How- 32 people and bots. You can host and refines its combat to the maxi-
ever, as I found out the hard way, this yourself if you wish, using mum level.” I’m inclined to agree.
any of your drones that crash Pixelpusher’s dedicated server
into an enemy overseer are im- software available from https:// Project Website
mediately destroyed. aetup.itch.io/pixelpusher-server. https://aetup.itch.io/pixelpusher

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 85

LINUX VOICE FOSSPICKS

Online office suite

OnlyOffice
his online office suite watermarking, file

T started in 2009 as a col-

laboration between devel-
opers based in Latvia and Russia
indexing, and
copy protection.
The main
for team collaborations. It’s since screen offers an
snowballed into the SaaS platform option for Migra-
we know today. OnlyOffice is avail- tion Data. This
able for installation on private net- seems crucial to
works under the open source GNU me, because
Affero General Public License most people likely
(AGPL). The developers also offer already have an OnlyOffice supports multiple rooms. VDRs offer extra security with watermarking and
software for editing documents online office solu- copy protection.
offline, but for the sake of conve- tion. After choos-
nience, I’ve focused on the version ing Google Workspace, I was huge variety of files, including in
available directly on the main web- prompted to upload a ZIP backup Open Document and Microsoft
site. After signing up, you’ll see file of all Workspace content. This Office formats. However, it only
that its offerings are fairly similar seems confusing because, pre- supports editing PDF and Micro-
to Google Workspace in that even sumably, it wouldn’t be impossi- soft Office files (e.g., DOCX).
the free DocSpace Startup plan in- ble for OnlyOffice to link some- Nevertheless, the changelog re-
cludes unlimited users but only one’s Google account to copy the veals some exciting updates for
2GB of disk space. files across to the platform. In the latest OnlyOffice (8.3.0).
You’ll also benefit from up to fairness, there are extra import These include support for files
12 “rooms.” This concept seems configuration options once the created in the Hancom format
to be unique to OnlyOffice so I ZIP is uploaded. (HWP and HWPX), as well as Ap-
probed further. Upon login, I The Documents section con- ple’s .pages format. OnlyOffice
noted that you can create one of tains samples of the various file now supports changing the sheet
several types of these virtual types you can create in OnlyOf- and/or paragraph direction to
rooms. For instance, the Public fice. The word processing docu- right to left (RTL) in all text docu-
room lets you share documents ment doubles as a summary of ments and spreadsheets. The
for viewing, editing, or comment- key OnlyOffice features. Here I spreadsheet editor also now sup-
ing. Crucially, you can also learned that the platform “works ports Apple’s .numbers format and
embed said documents into a with all the popular file types with- comes with an upgraded function
web interface. I was also in- out formatting loss.” After visiting wizard. OnlyOffice’s PDF editor
trigued by the Virtual Data Room the project GitHub page, I saw can now support stamp annota-
(VDR), which supports that OnlyOffice can indeed open a tions and has improved OCR.
Special mention should also
go to OnlyOffice’s presentation
software, which is clearly in-
spired by the likes of MS Power-
Point and LibreOffice Impress.
Like the other OnlyOffice pro-
grams, it now supports the cor-
responding Apple file format
(.key). It also sports a new De-
sign tab, which now houses the
tools for themes, colors, and
slide sizes. The Start Slideshow
button has also been added to
the Quick Access toolbar, mak-
ing presentations much easier
to launch.

Project Website
The OnlyOffice presentation editor has moved the themes, colors, and slide size tools to the new Design tab. https://www.onlyoffice.com/

86 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 FOSSPICKS LINUX VOICE

Ambient sound generator

Blanket
fter my therapist recently the interface is very clean and

A diagnosed me with
ADHD, I’ve been driven to
distraction searching YouTube
well spaced out. The main win-
dow offers various options for
ambient noise including rain,
for supposed videos that will play storms, and white noise. I was
the perfect sound to soothe the mildly puzzled by the “coffee
mind and help me focus. I must shop” option, as when I work in
admit that after poring over Starbucks I stick in my head- Blanket can play multiple ambient background noises. You can
claims about binaural beats and phones to drown out such adjust volume levels for these individually.
isochronic tones, I discovered noises. But variety is the spice
that the scientific community is of life. If you have a particular instance, I cranked up rain sounds
divided on this topic. Still, ADHD ambient noise you enjoy, you to full while leaving white noise at 50
or not, plenty of people use re- can also choose Add to load it percent (default). From here, you
cordings of music or ambient here. Supported formats in- can also adjust the master volume
noise to block out external clude MP3, OGG, and AAC. as well as Reset Sounds to stop all
sounds to help them focus. When you select a specific am- ambient noise from playing. The
Developer Rafael Mardojai bient noise it will be highlighted. main menu offers an option to keep
has built Blanket for the pur- This is important because you Blanket running when closed. You
pose of improving focus and can choose more than one can also launch Preferences to have
productivity with ambient sound to play at a time. The pop- the app autostart in the background.
noise. It’s currently available for up volume dialog at the bottom
install via Flathub. As you’d ex- of the screen allows you to select Project Website
pect from a Gnome Circle app, sound levels for these. For https://apps.gnome.org/Blanket/

Astronomy visualization platform

Gaia Sky
his amazing app has On first launch, Gaia Sky help-

T been developed as part

of the framework of the
European Space Agency’s Gaia
fully begins in our own solar sys-
tem. You can use C to toggle to a
more cinematic mode. The tool-
mission to chart about one bil- bar along the left contains help-
lion stars in our galaxy. Clearly ful camera options, including the
the European Space Agency are ability to toggle various galactic
keen to make Gaia Sky as uni- phenomena such as stars, The toolbar on the left can be used to toggle different galactic phe-
versally available as possible, clouds, and even galaxies. You nomena, as well as grid lines.
given that it’s available for Win- can also adjust the angle of your
dows, macOS, and Linux. It can field of view, as well as camera searching for “Uranus,” at which
also be installed via a DEB pack- speeds. There’s a helpful readout point the map jumped to that
age, AppImage, AUR image, or on the bottom right presenting planet. As atmospheric as this
Flatpak. After installing the app both the camera location and the is, I felt disappointed that I
in my Ubuntu virtual machine virtual coordinates of the mouse wasn’t viewing astral bodies via
via Flathub, I was informed that pointer. a VR headset, which is sup-
users need to install a dataset Having read other online re- ported in Gaia Sky. Because it’s
to make use of it. There’s a base views, I discovered it is possible trained on real-time data, I doubt
dataset of around 83MB, which I to search for and navigate to there’s a more accurate way for
chose along with a high-defini- specific areas of the galaxy. I us non-astronauts to explore the
tion texture pack. Other large couldn’t see any obvious search galaxy.
datasets are available depend- menu, but holding Ctrl+F pulled
ing on how many stars you feel up a suitable dialog. Amusing no Project Website
like browsing. one but myself, as usual, I began https://gaiasky.space/

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 87

LINUX VOICE TUTORIAL – NEXTCLOUD PLUGINS

Extend your Nextcloud environment

Plug It In
Using apps to make your Nextcloud work more efficient and private.
n a previous installment of this tutorial [1], keep their data, work, and online life under one

I
BY MARCO FIORETTI
-ɄHIWGVMFIHLS[XSFYMPHERHGSRJMKYVI roof without distractions, information overload,
Nextcloud as a fully self-hosted cloud hub and privacy invasions. Second, these apps are all
that individuals or small groups can use to store actively maintained and compatible with the ver-
files, edit office documents, communicate sion of Nextcloud I described in the previous tuto-
through chats and video calls, and access web- rial (version 30.0.5). The apps are also easy to in-
mail. This month, I will show how to make your stall, even for first-time Nextcloud administrators
online work even more private and efficient thanks with limited time and resources.
to Nextcloud’s extensive gallery of plugins or (as Nextcloud also provides app bundles that offer
they’re called these days) apps. a collection of apps for a specific purpose such as
I’ll introduce you to some Nextcloud apps that education, public service, or social sharing. The
fit two criteria: First, they help ordinary web users app bundles are great, but they are aimed at pro-
fessionals or large groups with full-time profes-
Great but Much Less Usable sional administrators, so I won’t cover them in this
article.
While writing this tutorial, I came across a few apps I’m sure many cur- The “Great but Much Less Usable” box lists a
rent or potential Nextcloud users would love, but for one reason or an- few more apps that I believe would be very im-
other, these apps aren’t usable without advanced administrator skills portant for all Nextcloud users if they were more
and non-negligible configuration efforts. I’ll list a few of these promising actively maintained or easier to integrate in
but problematic apps in hopes of stimulating more developers and Nextcloud.
users to get involved with these projects. Finding and installing an app is easy: All you
The first thing that would benefit Nextcloud users is real-time communica- have to do as Nextcloud administrator is to
tion between people with a Nextcloud account and everybody else. The click on your icon in the top-right corner, select
Nextcloud Talk app is great, but as of early 2025, it only handles chats and Apps, and then click again on the hamburger
calls among users of one or more Nextcloud installations. It is not possible menu button to choose which category of apps
to, for example, email a Nextcloud Talk video conference link to people the to browse. When you find an app that you want,
way you do with Zoom. Nextcloud does have an app for the Jitsi videocon- click on its icon to read what it does and
ference platform, but even that is just a client for external Jitsi servers. whether it’s compatible with your version of
Nextcloud. If you like what you see, click on
Another area in which Nextcloud could stand to benefit is document ed-
Download and Enable.
iting. For example, even the LibreSign app, which can digitally sign PDF
In most cases, you will have to do some extra
documents and annotations, is just a front end to a server that does the
configuration. If so, click again on your avatar,
real work.
then click on Administration Settings, and scroll
It would also be great to be able to write Markdown documents with live down through the administration menu: if you find
preview, but on Nextcloud 30 this is not possible because it requires an a new entry corresponding to the app you just en-
app that isn’t compatible with that Nextcloud version. Integration with abled, click it and follow the instructions. If there
HedgeDoc, the in-browser Markdown editor and online publishing sys- is no such entry, select the very last entry of the
tem, has the same problem. Ditto for ebook reading: Nextcloud has two menu, Additional Settings, and check if the app
or three eBook apps, but none of them worked on my Nextcloud. added its own section.
The last service that would really help if it were functional is an app that The base directory of every Nextcloud installa-
offers migration from Google Drive to Nextcloud. Unfortunately, the tion includes a command-line tool called occ that
Nextcloud app created for this very purpose is outdated and cannot be you can use to configure and manage Nextcloud,
installed because it depends on another app called files_external that including enabling or disabling apps. The occ util-
will freeze your Nextcloud install until you disable it from the command ity is sometimes the only way to fix your Next-
line with the occ command. cloud when a broken app or some other bug
makes the web interface crash.

88 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 TUTORIAL – NEXTCLOUD PLUGINS LINUX VOICE

On to the apps now: If your Nextcloud in-

stance will serve absolute novices, find the In-
tros app in the Dashboard category and enable
it. The Intros app will play some tutorials the
first time any of your users start certain apps.
Administrators can disable any tutorial they
consider unnecessary and also create custom
tutorials using JSON files.

Must-Have Nextcloud Apps

Maps are wonderful, really useful tools, even
more so when they are digital. That’s why we’ve
all come to depend so much (too much if you
ask me) on Google Maps. Luckily, Nextcloud of-
fers two ways to get rid of this dependence, or
at least diminish it. The first one is the basic
Nextcloud Maps app shown in Figure 1, which
you also can use to get routing directions and
export them as GPX tracks for your GPS
devices.
Even more powerful, at least in principle, is the Figure 1: Nextcloud Maps cannot completely replace the Google ones, but they’re quite
app that embeds OpenStreetMap (OSM) inside useful all the same.
Nextcloud as shown in Figure 2. I say in principle
because this app requires much more work and
resources to really use all its features, some of
which may not even be needed. To get all the
possible types of routing information shown in
Figure 2 – directions by foot, car, or bike – you
need to install your own Open Source Routing
Machine (OSRM) server [2], a server that can
generate directions from one point to another
by querying the OSM database, or have access
to one ran by a third party. If you have the skills
and resources to handle it, another option is to
use OSM with MapLibre [3] to generate 3D ver-
sions of the OSM map.
Besides proprietary maps, another thing we’re
having way too much of for our own good is the
current species of for-profit, hysteria-generating
machines known as social media. We’re a long
way from getting free from those cages, but Next-
cloud can directly support two of the most prom- Figure 2: You can also embed OpenStreetMap, but enabling all its services is a much bigger job.
ising ways to do it.
One is the microblogging network called Mast-
odon [4], which is really easy to embed in Next-
cloud thanks to the app with the same name.
Enable it and your users will get (see Figure 3)
both their timeline and notifications in their
Nextcloud dashboard. The only thing they need
to know to get there is that (see the right side of
Figure 3) they must provide only their Mastodon
instance address (e.g., https://mastodon.social),
instead of their full Mastodon URL (e.g., https://
mastodon.social/@YOURNAME).
The other way Nextcloud can help its users
break free from social media, which in my opinion
also is the most important by far, is with getting
news from media or other organizations, includ- Figure 3: Your Mastodon timeline and notifications can greet you every time you log in to
ing magazines’ websites or even personal blogs. Nextcloud.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 89

LINUX VOICE TUTORIAL – NEXTCLOUD PLUGINS

Another crucial need of every web user – in

these days of search engines making themselves
useless with AI-generated garbage – is to keep
bookmarks of interesting websites in a way that
is fully private and independent from any single
browser or device. Luckily, there is a Nextcloud
app for that, too (Figure 5): Similar to the News
app, you can use the Bookmark app to collect
and organize bookmarks in folders and tag them
as desired. Clicking on the three dots to the right
of each bookmark opens the drop-down menu in
the bottom-right corner of Figure 5, and selecting
the Details entry will show its description, which
will look like the red-border box I overlapped in
the same figure.
Figure 4: RSS lets you stay informed online, and Nextcloud supports it. As you can see in Figure 5, the app can find bro-
ken links or duplicate bookmarks. From the set-
Since 1999, the most efficient, less invasive, less tings window (not visible in Figure 5), you can also
stressful tool to do that is with the protocol called import bookmarks generated with Firefox or other
Really Simple Syndication (RSS) [5]. With RSS, browsers. Beware, though! The Bookmarks app
news sources regularly update feeds (lists of their truncates (at time of writing, at least) the descrip-
latest headlines) that everyone can download, as- tion of every bookmark it imports to about 1,000
semble, and read as one list of more or less catego- characters, and the only way to change this is to
rized news, whenever they want, at their own pace, hack the source code.
without distractions or being tracked. To learn how, The Bookmark app can also archive copies of
please check out my RSS tutorial [6]. the pages you bookmark, but be careful with that,
To make all your users download and browse too, because it may increase significantly both the
RSS feeds inside Nextcloud, enable the News database load and the disk space consumed by
app shown in Figure 4 and let each of user con- your Nextcloud installation.
figure it as desired. With just a few clicks (see The most powerful feature of Nextcloud Book-
Figure 4), your users will be able to organize all marks, however, is the capability to share book-
the feeds they want in different categories and marks among the users of the same Nextcloud
browse titles and read excerpts in a compact but installation.
simple interface. The News app can also import After reading this, you may be surprised to know
whole lists of feeds from other RSS applications, that on my own Nextcloud, I disabled both the
as long as they are in the Outline Processor News and Bookmarks apps right after generating
Markup Language (OPML) format that was cre- the two screenshots I have just explained. This is
ated for the purpose of making RSS readers in- not because I think they aren’t good. Indeed, those
teroperable [7]. two apps do seem to me the easiest way to

Figure 5: With Nextcloud, you can save, share, and even archive copies of the websites you need to remember.

90 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 TUTORIAL – NEXTCLOUD PLUGINS LINUX VOICE

provide everyone with self-hosted bookmarks and

RSS reading, which I consider (seriously!) basic
rights of every web user.
The reason I am not using those apps is simply
that, when I finally set up my own Nextcloud
years ago, I had already customized other free
software tools, to serve the specific needs of
my freelance writing.
But never mind me! What really matters here
is that it took me just a few minutes to embed
those two self-made custom interfaces inside
my Nextcloud, thanks to another great app that
everybody could use to embed (almost) any
other third-party service.
The app I am talking about is the one called
External Sites. Inside its simple configuration
panel, shown in Figure 6, the administrator can
define the URL of any external website, assign it
a name, and restrict its visibility only to certain
groups of users. Once a website has been con-
figured there, all the authorized users will see in
their interface a new entry or icon with the name
defined in Figure 6. That link can be in the top
header, as in the figure, but also in the footer or
in each user’s Settings menu. Figure 6: Nextcloud administrators can embed almost any other website in their installation.
In all cases, clicking on that link will open the
corresponding website inside the main Nextcloud Figure 8 shows that you can use the same app
window. Figure 7 shows how I use this app to to draw flow diagrams or organization charts.
embed my own RSS aggregator (1) and the Nextcloud, however, also supports the creation of
Shaarli bookmark manager (2) in my Nextcloud. mind maps for educational or research purposes,
Now, I’ll move on to talking about working and as well as Kanban boards for tasks and workflows
studying in Nextcloud. I have already shown in the management.
first tutorial how Nextcloud can provide what’s The Nextcloud Mind Map app’s documentation
basically an online, light version of LibreOffice to is in Japanese, but the user interface is easy
manage texts, spreadsheets, and slideshows that enough that this should not be a problem. Fig-
is more than adequate for single users or small YVIɄMR[LMGL-GVIEXIHEWEQTPIQMRHQETSJ
groups. some of the main components of every Linux

Figure 7: Nextcloud apps? No, just two external websites embedded into Nextcloud.

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 91

LINUX VOICE TUTORIAL – NEXTCLOUD PLUGINS

system, shows almost everything this app can do.

The interface consists of the three tabs titled
Idea, Appearance, and View. The Idea tab (shown
in Figure 8) is the place to actually create or edit
mind maps. Working there, users can quickly add
nodes, both standalone or as parents, children, or
siblings of already existing nodes.
Each node can have its own color plus text, im-
ages, or links that explain its meaning, plus a priority
and a progress/advancement level. Right-clicking on
a node opens the most complex part of the inter-
face, which is easier than it looks in Figure 9. The pie
menu in the center contains the functions you need
to edit the node or move it around. The toolbar on
top, besides hosting the Undo and Redo buttons, al-
lows you to set the priority and progress status of a
note, while the two buttons below are for importing a
Figure 8: The LibreOffice clone you can run inside Nextcloud supports diagrams too! node from other diagrams or exporting its content,
depending on its nature, in several text or image for-
mats. In any moment, you can see and navigate the
overall layout of the mind map in the sub-window in
the bottom-left corner.
The other two tabs of this Nextcloud mind map-
per serve to configure the appearance, (the look
and feel of a mind map) and view it without risking
altering it.
There are many more Nextcloud apps that de-
serve a detailed description, but here I only have
space for one more: the Deck shown in Figure 10,
which is the Nextcloud version of the Kanban
system for inventory management and work or-
ganization (to learn the basics of Kanban
boards, check out their Wikipedia page [8] or my
tutorial for Wekan, an open source Kanban pro-
gram for Linux desktops [9]). Working in the
Deck, you can keep all your tasks in one board
or create one separate board for each project or
activity (e.g., Hobbies, Work, Home Improve-
Figure 9: Mind mapping Nextcloud-style is intuitive and light on resource use. ment, and so on).

Figure 10: Organize your work, alone or in teams, with the Nextcloud Deck.

92 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 TUTORIAL – NEXTCLOUD PLUGINS LINUX VOICE

Inside each board you can create columns of

Info
notes with Markdown descriptions, comments
from your team, images, attached files, labels, [1] “Nextcloud Private Server” by Marco Fioretti,
priorities, and due dates. The sharing tab allows Linux Magazine, issue 293, April 2025, p.88,
you to add users or even groups to your boards, https://www.linux-magazine.com/Issues/
and the timeline shows everything that has hap- 2025/293/An-easy-online-home-for-you-and-
pened (or should happen), according to your your-friends
boards.
[2] OSRM: https://wiki.openstreetmap.org/wiki/
All in all, the Nextcloud Deck has enough to
Open_Source_Routing_Machine
make most people who need Kanban boards
happy, with two caveats. The first is that exporting [3] MapLibre: https://maplibre.org/
and importing Kanban boards with this app is [4] “A Deep Dive into Mastodon” by Paul Brown,
harder and more limited than necessary. Accord- Linux Magazine, issue 269, April 2023, p. 28,
ing to the Deck Export/Import page [10], at time of https://www.linux-magazine.com/index.php/
writing you can only export all the boards you cre- Issues/2023/269/Mastodon/(language)/
ate, not just one, as one single JSON file. Besides, eng-US
only the administrator can export or import that
[5] RSS is still needed:
file in another Nextcloud Deck (and only at the
https://stop.zona-m.net/2019/09/rss-is-still-
command line) using the already mentioned occ
tool ,as in these examples: great.-and-needed.-more-now-than-ever/
[6] “Homegrown RSS Aggregator” by Marco Fio-
#> occ deck:export userid > userid-deck-§§ retti, Linux Magazine, issue 271, June 2023, p.
export.json 88, https://www.linux-magazine.com/Issues/
#> occ deck:import userid-deck-export.json 2023/271/Good-News
[7] OPML: https://opml.org/
The other issue with Deck is that (again, according
to its own GitHub documentation at time of writ- [8] Kanban on Wikipedia:
ing) it’s “not yet ready for intensive usage. A lot of https://en.wikipedia.org/wiki/Kanban
database queries are generated when the number [9] “Wekan” by Marco Fioretti, Linux Magazine,
of boards, cards, and attachments is high.” That issue 251, October 2021, p. 88,
said, I didn’t notice any slowdown while using https://www.linux-magazine.com/Issues/
Deck, so it’s likely that this could be a problem only 2021/251/Visual-Aid
for teams working on complex projects with lots
[10] Deck Export/Import:
of tasks.
https://github.com/nextcloud/deck/blob/
main/docs/export-import.md
Conclusions
Configuring Nextcloud with all the functions I pre- [11] Percloud:
sented in this and the previous tutorial is enough https://mfioretti.com/2018/02/calicut-
to make it really useful for lots of people. If the personal-clouds-to-replace-corporate-
apps I mention in the “less usable stuff” box controlled-platforms/
worked, it would be even more useful. I will also
take advantage of this space to repeat a call I’ve The Author
been making for a decade now [11]: The biggest
app that is missing in Nextcloud and similar proj- Marco Fioretti (https://
ects is the offer, by hosting providers, of “personal, mfioretti.com) is a free-
permanent clouds” that integrate email servers, lance author, trainer, and
Nextcloud, and a few other services in one pack- researcher based in
age that’s really easy to use. Even so, Nextcloud is Rome, Italy, who writes
already great, and the more Linux users help their about digital rights issues
friends, family, and colleagues to use it, the better at https://mfioretti.
it will be for everybody. Q Q Q substack.com.

QQQ

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 93

 SERVICE
Back Issues

LINUX Order online:

NEWSSTAND https://bit.ly/Linux-Magazine-Library

Linux Magazine is your guide to the world of Linux. Monthly issues are packed with advanced technical
articles and tutorials you won't find anywhere else. Explore our full catalog of back issues for specific
topics or to complete your collection.

#293/April 2025
Trojan Horse
We’re all taught to fear Trojan horse programs, but what are they really? This month we steal a
look inside to show how attackers use Trojans to stash their nefarious code in ordinary
applications.
On the DVD: Debian 12.9 Live Gnome and Arch Linux 2025.02.01

#292/March 2025
What Comes After Git?
Git is practically part of the woodwork in open source circles, but can we do better? The Pijul
developers think we can. This month we look at the ambitious Pijul project and the effort to
build a next-generation version management system based on patches rather than snapshots.
On the DVD: AlmaLinux 9.5 and Manjaro Gnome 24.2

#291/February 2025
Optimizing Linux
All the classic Linux distros are optimized for some abstract “general purpose” use case that no
one matches exactly. If you want to get better performance out of your system, you’ll need to
tune it yourself. This month we study some steps for tweaking system and network performance.
On the DVD: Linux Mint 22 Cinnamon Edition and EndeavourOS Neo

#290/January 2025
LibreOffice Alternatives
LibreOffice is the reigning king of the Linux desktop, but some users would rather explore
the other offerings before opting for the perennial default office suite. We explore some of
the leading contenders.
On the DVD: Fedora 41 Live Workstation and Manjaro Xfce 24.1.1

#289/December 2024
Coding with AI
Futurists predict a day when computers will write the computer programs. Are we there
already? This month we separate fact from hype to examine some of the popular AI-based
coding tools and explore what they can (and can’t) do well.
On the DVD: Kubuntu 24.10 and Kali Linux 2024.3

#288/November 2024
Smart Home
If you listen to megavendors like Google and Amazon, the only path to a smart home is
through the cloud, but the Linux community has a better way. We'll show you some open
source smart home tools with no cost and no spying.
On the DVD: Rocky Linux 9.4 and MX Linux MX-23.3

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 95

SERVICE
Events

FEATURED EVENTS
Users, developers, and vendors meet at Linux events around the world.
We at Linux Magazine are proud to sponsor the Featured Events shown here.
For other events near you, check our extensive events calendar online at
https://www.linux-magazine.com/events.
If you know of another Linux event you would like us to add to our calendar,
please send a message with all the details to [email protected].

Linux App Summit PyCon US 2025 ISC High Performance 2025

Date: April 25-26, 2025 Date: May 14-22, 2025 Date: June 10-13, 2025
Location: Tirana, Albania Location: Pittsburgh, Pennsylvania Location: Hamburg, Germany
Website: https://linuxappsummit.org/ Website: https://us.pycon.org/2025/ Website: https://isc-hpc.com/
The Linux App Summit (LAS) brings the At PyCon US 2025, you will find an ISC 2025 is the 40th anniversary of the
global Linux community together to amazing program filled with pre- world’s leading forum for advancing the
learn, collaborate, and help grow the conference tutorials and sponsor application of high performance
Linux application ecosystem. Through presentations, 90+ of our community’s computing in academia, government, and
talks, panels, and Q&A sessions, we en- best talks, brilliant keynote speakers, the private sector. The goal of this annual
courage attendees to share ideas, make posters on display, a lively Expo Hall event is to foster a global exchange of
connections, and join our goal of building filled with our incredible Sponsors’ knowledge, innovation, and collaboration
a common app ecosystem. booths, and our famed lightning talks in the field.
on each main conference day.

Events
stackconf 2025 April 29-30 Munich, Germany https://stackconf.eu/
OpenSearchCon April 20-May1 Amsterdam, Netherlands https://events.linuxfoundation.org
KubeCon + CloudNativeCon China April 20-May1 Hong Kong, China https://events.linuxfoundation.org
Regional SDC Denver April 30 Denver, Colorado https://www.sniadeveloper.org/denver
JAX Mainz May 5-9 Mainz, Germany https://jax.de/mainz-en/
PyCon US 2025 May 14-22 Pittsburgh, Pennsylvania https://www.python.org/events/python-events/1507/
DORS/CLUC 30 May 21-23 Zagreb, Croatia https://www.dorscluc.org/
Flock to Fedora 2025 June 6-8 Praque, Czech Republic https://fedoramagazine.org
ISC High Performance 2025 June10-13 Hamburg, Germany https://isc-hpc.com/
June 2025 FreeBSD Developer June 11-12 Ottawa, Canada https://freebsdfoundation.org
Summit
BSDCan 2025 June 11-14 Ottawa, Ontario https://www.bsdcan.org/2025/
KubeCon + CloudNativeCon June 16-17 JapanTokyo, Japan https://events.linuxfoundation.org/
OpenSouthCode 2025 June 20-21 Málaga, Spain https://www.opensouthcode.org/conferences/open-
southcode2025
Open Source Summit June 23-25 Denver, Colorado https://events.linuxfoundation.org/
North America
Images © Alex White, 123RF.com

Linux Security Summit June 26-27 Denver, Colorado https://events.linuxfoundation.org/

North America
GUADEC July 24-29 Brescia, Italy https://events.gnome.org/event/259/
Linux Security Summit Europe Aug-28-29 Amsterdam, Netherlands https://events.linuxfoundation.org/
JAX London Oct 6-9 London, United Kingdom https://jaxlondon.com/
DrupalCon Vienna 2025 Oct 14-17 Vienna, Austria https://events.drupal.org/vienna2025
PyTorch Conference 2025 Oct 22-23 San Francisco, California https://events.linuxfoundation.org/

96 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM

 SERVICE
Contact Info / Authors

Contact Info
WRITE FOR US
Editor in Chief Linux Magazine is looking for authors to write articles on Linux and the
Joe Casad, [email protected] tools of the Linux environment. We like articles on useful solutions that
Associate Editor
Amy Pettle solve practical problems. The topic could be a desktop tool, a command-
Copy Editor line utility, a network monitoring application, a homegrown script, or
Aubrey Vaughn anything else with the potential to save a Linux user trouble and time.
News Editor
Jack Wallen
Our goal is to tell our readers stories they haven’t already heard, so we’re
MakerSpace Editor especially interested in original fixes and hacks, new tools, and useful ap-
Hans-Georg Eßer plications that our readers might not know about. We also love articles on
Managing Editor advanced uses for tools our readers do know about – stories that take a
Lori White
Localization & Translation traditional application and put it to work in a novel or creative way.
Ian Travis We are currently seeking articles on the following topics for upcoming
Layout
Dena Friesen, Lori White cover themes:
Cover Design
Dena Friesen
• Internet Privacy
Cover Image • Alternative FOSS Version Control Systems (not Git)
© korkut82 and gl0ck33, 123RF.com
Advertising • Cool Rasp Pi Projects
Jessica Pryor, [email protected]
Let us know if you have ideas for articles on these themes, but keep in
Marketing Communications
Gwen Clark, [email protected] mind that our interests extend through the full range of Linux technical
Linux New Media USA, LLC topics, including:
4840 Bob Billings Parkway, Ste 104
Lawrence, KS 66049 USA Security
•
Publisher
Brian Osborn • Advanced Linux tuning and configuration
Customer Service / Subscription • Internet of Things
For USA and Canada:
Email: [email protected] • Networking
Phone: 1-866-247-2802 • Scripting
(Toll Free from the US and Canada)
• Artificial intelligence
For all other countries:
Email: [email protected] • Open protocols and open standards
www.linux-magazine.com
If you have a worthy topic that isn’t on this list, try us out – we might be
While every care has been taken in the content of the
magazine, the publishers cannot be held responsible interested!
for the accuracy of the information contained within
it or any consequences arising from the use of it. The Please don’t send us articles about products made by a company you
use of the disc provided with the magazine or any work for, unless it is an open source tool that is freely available to every-
material provided on it is at your own risk.
Copyright and Trademarks © 2025 Linux New Media
one. Don’t send us webzine-style “Top 10 Tips” articles or other superfi-
USA, LLC. cial treatments that leave all the work to the reader. We like complete so-
No material may be reproduced in any form lutions, with examples and lots of details. Go deep, not wide.
whatsoever in whole or in part without the written
permission of the publishers. It is assumed that all Describe your idea in 1-2 paragraphs and send it to: [email protected].
correspondence sent, for example, letters, email,
faxes, photographs, articles, drawings, are supplied Please indicate in the subject line that your message is an article proposal.
for publication or license to third parties on a non-
exclusive worldwide basis by Linux New Media USA,
LLC, unless otherwise stated in writing.
Linux is a trademark of Linus Torvalds.
Authors
All brand or product names are trademarks of their
respective owners. Contact us if we haven’t credited Bernhard Bablok 64 Jon “maddog” Hall 69
your copyright; we will always correct any oversight.
Printed in Nuremberg, Germany by be1druckt GmbH. Erik Bärwaldt 18, 56 Daniel LaSalle 76
Distributed by Seymour Distribution Ltd, United
Kingdom Zack Brown 12 Rubén Llorente 70
Represented in Europe and other territories by:
Sparkhaus Media GmbH, Bialasstr. 1a, 85625 Bruce Byfield 6, 26, 40 Vincent Mealing 67
Glonn, Germany.
Linux Magazine (Print ISSN: 1471-5678, Online
Joe Casad 3 Pete Metcalfe 52, 60
ISSN: 2833-3950, USPS No: 347-942) is published
monthly by Linux New Media USA, LLC, and dis- Andrea Ciarrocchi 32 Mike Schilli 44
tributed in the USA by Asendia USA, 701 Ashland
Ave, Folcroft PA. Application to Mail at Periodicals Mark Crutch 67 Tim Schürmann 36
Postage Prices is pending at Philadelphia, PA and
additional mailing offices. POSTMASTER: send ad- Nate Drake 82 Jack Wallen 8
dress changes to Linux Magazine, 4840 Bob Billings
Parkway, Ste 104, Lawrence, KS 66049, USA. Marco Fioretti 88 Harald Zisler 28

LINUX-MAGAZINE.COM ISSUE 294 MAY 2025 97

NEXT MONTH
Issue 295
Available Starting
May 9
Issue 295 / June 2025

Grub Tricks
The grub2 boot loader is a staple of the Linux ecosystem.
It is so easy to press the button and watch it go that
many users don’t ever look closely at how to customize
and adapt the system startup process. Next month we
show you some tricks with grub2.
Also inside:
• Build a Custom Linux Distro for Niche Applications
• Onion OS: Play with Linux on Retro Handheld
Gaming Consoles
• Rust in the Linux Kernel
• Ultra-light Web Apps with Streamlit
• And much more!
Please note: Articles could change before the next issue.

BE THE FIRST TO SEE WHAT'S NEXT

Image © ifh, 123RF.com

The Linux Magazine Preview is a monthly

email newsletter that gives you a sneak
peek at the next issue, including links to
articles posted online.
Sign up at: https://bit.ly/Linux-Update

98 MAY 2025 ISSUE 294 LINUX-MAGAZINE.COM