Posted on September 5, 2018 by — Leave a comment

GNOME 3.30 released & coming to Fedora 29

Today, the GNOME project announced the release of GNOME 3.30.

The release of the GNOME desktop is the default desktop environment in the upcoming release of Fedora 29 Workstation. GNOME 3.30 includes a wide range of enhancements, including:

Better performance in the overall desktop and system libraries
Numerous improvements to the Files, Web, and Boxes applications
A new Podcasts application to help manage and listen to podcasts

The new Podcasts application in GNOME 3.30

Application updates in GNOME 3.30

GNOME 3.30 includes some updates to many standard applications. Files has a combined search and file path bar interface, making searching more prominent and integrated into the navigation experience. Boxes can now connect to Windows Servers over RDP, resulting in a much better remote desktop experience.

Comparison of normal web view and reader mode

Web now includes a content reader mode. When viewing a compatible web page, Web can toggle between the normal view and the clean, minimal reader view. The minimal view strips out all extraneous menus, images, and content not related to the article or document, making for a more pleasant reading experience.

Upscale bitmap images with better results

Most images on the Web are small or medium sized, since otherwise users need to wait longer before their favorite web pages load. However, sometimes you need to find a larger version of an image, but the search doesn’t bear fruit. Any bitmap image can be scaled up or down in an image editor (such as Gimp). But obviously upscaling would not add any detail to the image. Instead, the result will usually be blurred, pixelated and noticeably stretched-up. In this brief roundup we’ll try to upscale bitmap images with a little better result.

There’s no magic in it, just a few advanced scaling algorithms that help produce better-looking pictures. Everything is open source and works great in Fedora. The results will be tested against the Cubic interpolation method, which Gimp applies by default.

Filters in ImageMagick

This is the most famous and widely used open source software for manipulating images from the command line. Fedora, like the majority of other Linux distributions, already includes ImageMagick. Fedora even installs it by default in Fedora Workstation. ImageMagick provides the convert command, which can also change dimensions of input images.

The trick is that convert supports filters, and ImageMagick provides a rich selection of such filters, some of which work really good for upscaling. You can check out the full list here. For instance, the point filter works well for upscaling pixel art and screen shots, as it preserves clarity and sharpness at the cost of emphasized pixels. Still, this can look better than the blurred results of the convenient Cubic algorithm.

Use it with the following syntax:

convert input.png -filter point -resize 600% output.png

The PNG file format as well as the 600% scaling factor are just examples.

Hiding pixels in Cubic is not really good for upscaling. Use something without anti-aliasing, such as the Point filter in ImageMagick.

Although it’s possible to get the same result in Gimp by choosing the None interpolation method, working with ImageMagick is sometimes easier. Not only it is installed in Fedora Workstation by default (Gimp is available, but not installed), it provides command-line tools which are ideal for scripting.

Xbrzscale

Xbrzscale is a command-line utility that implements the xBR scaling method. In brief, xBR is based on pattern recognition and interpolation, and it’s perfect for magnifying pixel art. xBRZ is an enhanced version of xBR, with a focus on preserving very small details. Therefore, xBRZ delivers pleasing results on both pixel art and photographic images, such as portraits.

In the following side-by-side comparison, the left part definitely looks preferable thanks to the superb clarity.

The Xbrzscale version features sharper edges and looks as if it had more details than the version to the right.

Install Xbrzscale in Fedora

To build this tool from source, you must install some prerequisites first:

sudo dnf -y install gcc-c++ SDL2-devel SDL2_image-devel

Let’s go ahead with Xbrzscale now:

git clone https://github.com/atheros/xbrzscale.git cd xbrzscale make

The command line syntax to upscale with this software is:

./xbrzscale X input.png output.png

…where X is the scale factor, a number within the range of 2 to 6.

Note that Xbrzscale always outputs PNG images, no matter what you feed it with. If the input file format is different, Xbrzscale will convert it to PNG.

Smilla Enlarger

Smilla Enlarger has a user-friendly graphical interface. It makes use of yet another different technology, this time based on fractal-based interpolation algorithms. The main goal is to produce sharper results when you upscale photographic images. The enlarged image usually preserves more details than the Cubic interpolation can.

Install Smilla Enlarger in Fedora

Again, start by installing the build dependencies:

sudo dnf -y install qt5-qtbase-devel

Now, build and run Smilla Enlarger:

git clone https://github.com/lupoDharkael/smilla-enlarger.git cd smilla-enlarger qmake-qt5 && make ./smilla-enlarger

The application window has numerous advanced controls and extra parameters that put a user in control of upscaling details.

Smilla Enlarger lets you choose a zoom factor, configure cropping and, more importantly, preview the result before hitting the Enlarge & Save button.

The upscale version of the sample image looks noticeably different from both the decent Xbrzscale version and the cubic-enlarged version.

Smill Enlarger adds a subtle amount of grain, which seems to effectively hide artifacts and make a picture look cleaner. Try this application on a photo to get the best results.

It’s hard to recommend the plethora of ImageMagick filters over Xbrzscale and Smilla Enlarger. The actual results will vary across different sorts of images, and of course different user preferences.

Posted on August 27, 2018 by — Leave a comment

4 tips for better tmux sessions

The tmux utility, a terminal multiplexer, lets you treat your terminal as a multi-paned window into your system. You can arrange the configuration, run different processes in each, and generally make better use of your screen. We introduced some readers to this powerful tool in this earlier article. Here are some tips that will help you get more out of tmux if you’re getting started.

This article assumes your current prefix key is Ctrl+b. If you’ve remapped that prefix, simply substitute your prefix in its place.

Set your terminal to automatically use tmux

One of the biggest benefits of tmux is being able to disconnect and reconnect to sesions at wilI. This makes remote login sessions more powerful. Have you ever lost a connection and wished you could get back the work you were doing on the remote system? With tmux this problem is solved.

However, you may sometimes find yourself doing work on a remote system, and realize you didn’t start a session. One way to avoid this is to have tmux start or attach every time you login to a system with in interactive shell.

Add this to your remote system’s ~/.bash_profile file:

if [ -z "$TMUX" ]; then tmux attach -t default || tmux new -s default fi

Then logout of the remote system, and log back in with SSH. You’ll find you’re in a tmux session named default. This session will be regenerated at next login if you exit it. But more importantly, if you detach from it as normal, your work is waiting for you next time you login — especially useful if your connection is interrupted.

Of course you can add this to your local system as well. Note that terminals inside most GUIs won’t use the default session automatically, because they aren’t login shells. While you can change that behavior, it may result in nesting that makes the session less usable, so proceed with caution.

Use zoom to focus on a single process

While the point of tmux is to offer multiple windows, panes, and processes in a single session, sometimes you need to focus. If you’re in a process and need more space, or to focus on a single task, the zoom command works well. It expands the current pane to take up the entire current window space.

Zoom can be useful in other situations too. For instance, imagine you’re using a terminal window in a graphical desktop. Panes can make it harder to copy and paste multiple lines from inside your tmux session. If you zoom the pane, you can do a clean copy/paste of multiple lines of data with ease.

To zoom into the current pane, hit Ctrl+b, z. When you’re finished with the zoom function, hit the same key combo to unzoom the pane.

Bind some useful commands

By default tmux has numerous commands available. But it’s helpful to have some of the more common operations bound to keys you can easily remember. Here are some examples you can add to your ~/.tmux.conf file to make sessions more enjoyable:

bind r source-file ~/.tmux.conf \; display "Reloaded config"

This command rereads the commands and bindings in your config file. Once you add this binding, exit any tmux sessions and then restart one. Now after you make any other future changes, simply run Ctrl+b, r and the changes will be part of your existing session.

bind V split-window -h bind H split-window

These commands make it easier to split the current window across a vertical axis (note that’s Shift+V) or across a horizontal axis (Shift+H).

If you want to see how all keys are bound, use Ctrl+B, ? to see a list. You may see keys bound in copy-mode first, for when you’re working with copy and paste inside tmux. The prefix mode bindings are where you’ll see ones you’ve added above. Feel free to experiment with your own!

Use powerline for great justice

As reported in a previous Fedora Magazine article, the powerline utility is a fantastic addition to your shell. But it also has capabilities when used with tmux. Because tmux takes over the entire terminal space, the powerline window can provide more than just a better shell prompt.

If you haven’t already, follow the instructions in the Magazine’s powerline article to install that utility. Then, install the addon using sudo:

sudo dnf install tmux-powerline

Now restart your session, and you’ll see a spiffy new status line at the bottom. Depending on the terminal width, the default status line now shows your current session ID, open windows, system information, date and time, and hostname. If you change directory into a git-controlled project, you’ll see the branch and color-coded status as well.

Of course, this status bar is highly configurable as well. Enjoy your new supercharged tmux session, and have fun experimenting with it.

Photo by Pamela Saunders on Unsplash.

Posted on August 24, 2018 by — Leave a comment

5 cool music player apps

Do you like music? Then Fedora may have just what you’re looking for. This article introduces different music player apps that run on Fedora. You’re covered whether you have an extensive music library, a small one, or none at all. Here are four graphical application and one terminal-based music player that will have you jamming.

Quod Libet

Quod Libet is a complete manager for your large audio library. If you have an extensive audio library that you would like not just listen to, but also manage, Quod Libet might a be a good choice for you.

Quod Libet can import music from multiple locations on your disk, and allows you to edit tags of the audio files — so everything is under your control. As a bonus, there are various plugins available for anything from a simple equalizer to a last.fm sync. You can also search and play music directly from Soundcloud.

Quod Libet works great on HiDPI screens, and is available as an RPM in Fedora or on Flathub in case you run Silverblue. Install it using Gnome Software or the command line:

$ sudo dnf install quodlibet

Audacious

If you like a simple music player that could even look like the legendary Winamp, Audacious might be a good choice for you.

Audacious probably won’t manage all your music at once, but it works great if you like to organize your music as files. You can also export and import playlists without reorganizing the music files themselves.

As a bonus, you can make it look likeWinamp. To make it look the same as on the screenshot above, go to Settings / Appearance, select Winamp Classic Interface at the top, and choose the Refugee skin right below. And Bob’s your uncle!

Audacious is available as an RPM in Fedora, and can be installed using the Gnome Software app or the following command on the terminal:

$ sudo dnf install audacious

Lollypop

Lollypop is a music player that provides great integration with GNOME. If you enjoy how GNOME looks, and would like a music player that’s nicely integrated, Lollypop could be for you.

Apart from nice visual integration with the GNOME Shell, it woks nicely on HiDPI screens, and supports a dark theme.

As a bonus, Lollypop has an integrated cover art downloader, and a so-called Party Mode (the note button at the top-right corner) that selects and plays music automatically for you. It also integrates with online services such as last.fm or libre.fm.

Available as both an RPM in Fedora or a Flathub for your Silverblue workstation, install it using the Gnome Software app or using the terminal:

$ sudo dnf install lollypop

Gradio

What if you don’t own any music, but still like to listen to it? Or you just simply love radio? Then Gradio is here for you.

Gradio is a simple radio player that allows you to search and play internet radio stations. You can find them by country, language, or simply using search. As a bonus, it’s visually integrated into GNOME Shell, works great with HiDPI screens, and has an option for a dark theme.

Gradio is available on Flathub which works with both Fedora Workstation and Silverblue. Install it using the Gnome Software app.

sox

Do you like using the terminal instead, and listening to some music while you work? You don’t have to leave the terminal thanks to sox.

sox is a very simple, terminal-based music player. All you need to do is to run a command such as:

$ play file.mp3

…and sox will play it for you. Apart from individual audio files, sox also supports playlists in the m3u format.

As a bonus, because sox is a terminal-based application, you can run it over ssh. Do you have a home server with speakers attached to it? Or do you want to play music from a different computer? Try using it together with tmux, so you can keep listening even when the session closes.

sox is available in Fedora as an RPM. Install it by running:

$ sudo dnf install sox

Photo by Malte Wingen on Unsplash.

Posted on August 20, 2018 by — Leave a comment

Decentralize common Fedora apps with Cjdns

Are you worried about a few huge corporations controlling the web? Don’t like censorship on centralized social media sites like facebook and twitter? You need to decentralize! The internet was designed to be decentralized. Many common activities, from social media to email to voice calls, don’t actually require a centralized service.

The basic requirement for any peer to peer application is that the peers be able to reach each other. This is impossible today for most people using IP4 behind NAT (as with most household routers). The IP4 address space was exhausted over a decade ago. Most people are in “IP4 NAT Jail.”

Your device is assigned a private IP, and translated to the public IP by the router. Without port forwarding to a specific private IP, incoming TCP connections or UDP sessions can’t tell where to forward to, and are dropped. As a result, nothing can connect to your device. You must connect to various public servers to do anything. IP4 NAT Jail forces centralization.

The simplest solution to this problem is IPv6. However, most US consumer internet providers do not offer usable IPv6. For instance, if the IPv6 prefix changes every few days, the devices are not addressable except via a dynamic DNS server. Furthermore, on a mobile device like a laptop, most WiFi does not offer IPv6 either. So you can’t use Mobile IP6 to have a stable address.

You can work around this using a VPN like OpenVPN (included in Fedora) to a centralized server with a public IP4 — perhaps one you provide yourself by renting a Virtual Personal Server. But then packets to and from your device have to travel to and from the VPN server first. You can also use a tunnel broker like he.net.

If you and your peers already have stable IPv6 addresses, you can use these for the sample applications to be showcased. But most people need to use something else.

DNS is also essentially a centrally controlled service, so this article’s two sample applications avoid the use of DNS. Email and SIP applications have built-in address books that work just as well. Think of your stable IPv6 address as a “phone number.”

IPv6 Overlay Mesh VPN with Cjdns

The Cjdns package (included in Fedora) implements a global IPv6 mesh by connecting to several peers instead of a centralized server. Each node has a public/private key pair. The IPv6 is the truncated SHA512 hash of the public key, preventing spoofing.

Packets are end to end encrypted — relays can be untrusted.
Packets are source routed, allowing seamless upgrades of and experimentation with routing algorithms. (This is safe thanks to anti-spoofing.)
The data for routing comes from a Distributed Hash Table listing the peers of each node.
Peers can be explicitly configured as UDP tunnels, or auto-configured on ethernet via layer 2 protocol 0xfc00.

With Cjdns installed, you have a stable, “unspoofable” (standard cryptographic caveats apply) IPv6 address that can be used with any IPv6 ready application. Your recipient must also use the Cjdns protocol, but this isn’t much of an obstacle since it’s easier to install Cjdns than convince US ISPs to provide usable IPv6.

Install Cjdns

To install and enable the Cjdns service persistently, run these commands:

$ sudo dnf install cjdns cjdns-tools cjdns-selinux $ sudo systemctl enable --now cjdns

$ peerStats 18:03:14:56:c2:1e v20.0000.0000.0000.0019.681v1s7k3af1q2cf09txpw309zdf4q0mn7mtq0wr544dz98stwr0.k ESTABLISHED in 6kb/s out 15kb/s LOS 8 "outer"

This generates a /etc/cjdroute.conf file, pre-populated with random keys and passwords. If there’s already a Cjdns node on your LAN as above, you’re done. But more likely, there was no output from peerStats. In that case you now need to configure one or more UDP tunnels. First, you must discover the random UDP port used.

$ sudo grep bind /etc/cjdroute.conf // Port to bind the admin RPC server to. "bind": "127.0.0.1:11234", "bind": "0.0.0.0:26041", "bind": "[::]:26041", // Alternatively bind to just one device "bind": "all",

In this example, the random UDP port is 26041 for both IPv6 and IPv4. Your port will be different. Allow incoming sessions for this port.

$ sudo firewall-cmd --zone=public --add-port=26041/udp success $ sudo firewall-cmd --runtime-to-permanent success

Now you need to edit the config to add a peer. Hopefully, you are somewhat familiar with configs using JSON syntax. You must add an entry for a UDP peer using your favorite text editor, such as vim. Here is one provided on a VPS. Search for IPv4, and add the indicated stanza after connectTo, inside the braces:

$ sudo vim /etc/cjdroute.conf "168.235.90.18:26041": { "login": "fedora", "password":"zvkxv604fqx0zn9trhw5hjxwp3u4v2u", "publicKey":"lhj54c2xnczfurpw42d0h1bvc4qquclb4dw72q50tc83ucmm9zt0.k", "peerName":"nyc.gathman.org" },

For the changes to take effect, restart cjdns.

$ sudo systemctl restart cjdns $ peerStats 168.235.90.18:26041 v20.0000.0000.0000.0017.lhj54c2xnczfurpw42d0h1bvc4qquclb4dw72q50tc83ucmm9zt0.k ESTABLISHED in 0kb/s out 0kb/s "nyc.gathman.org" $ ping h.sea.gathman.org PING h.sea.gathman.org(h.sea.gathman.org (fceb:7fc0:c62c:9cd9:2971:e3ff:aee2:6e08)) 56 data bytes 64 bytes from h.sea.gathman.org (fceb:7fc0:c62c:9cd9:2971:e3ff:aee2:6e08): icmp_seq=1 ttl=42 time=87.6 ms

You can now ping any node in the global IPv6 mesh. CAUTION: All those nodes can now directly connect to your device. The default Fedora firewall will block all incoming connections be default — but be careful what you allow in. Be sure to consult the package README for additional security notes.

The fedora password to this nyc VPS may not be up indefinitely, so you need some more peers. Consult a list of public peers or peer with your Fedora friends.

Decentralize Email applications

You can decentralize almost any email client included in Fedora that supports IPv6, such as alpine or Thunderbird. This example uses mailx, a bare bones CLI mail client designed for teletypes. This makes configuration and use easy to show.

Similarly, you can use any of the MTAs supplied with Fedora, but this example uses opensmtpd, as it is simple, small, and secure. By default, opensmtpd stores incoming email in /var/spool/mail, which is perfect for personal decentralized use. You can, of course, use any mail store and client you prefer.

$ sudo dnf install mailx opensmtpd $ cat >~/.mailrc <<EOF set from="mylogin@[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678] (Real Name)" set smtp=localhost EOF

Of course, you need to use your own local login, IPv6 and name.

To receive email, you will need to edit the opensmtpd config in /etc/opensmtpd/smtpd.conf. Here is a sample. (Note this article may wrap some of the “preformatted” lines, so use your head):

# This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. # To accept external mail, replace with: listen on all listen on fc02:fefe:dead:beef:cafe:babe:1234:5678 hostname "[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678]" listen on localhost # If you edit the file, you have to run "smtpctl update table aliases" table aliases file:/etc/aliases # Uncomment the following to accept external mail for domain "example.org" #accept from any for domain "example.org" alias deliver to mbox accept from any for domain "[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678]" alias deliver to mbox accept for local alias deliver to mbox accept for any relay hostname "[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678]"

Use your actual Cjdns IP, of course. When the opensmtpd config is ready, start it so you can receive emails. If your recipient is offline, opensmtpd stores your letter and retries periodically.

$ sudo systemctl enable --now opensmtpd $ sudo firewall-cmd --zone=public --add-service=smtp $ sudo firewall-cmd --runtime-to-permanent

Now send the author a dex (decentralized) email:

$ mailx -s "Fedora Article" \ "stuart@[IPv6:fcbc:b27:be6f:94dd:4225:792:c988:8ace]" <<EOF > Great article! > EOF

That sends an email to the author’s nyc vps — so don’t be surprised if you get a reply!

Alpine is a full featured console email client. After you install and run it the first time, you can decentralize it by editing ~/.pinerc and changing these basic config items:

# Sets domain part of From: and local addresses in outgoing. user-domain=[IPv6:fc02:fefe:dead:beef:cafe:babe:1234:5678] # List of SMTP servers for sending mail. smtp-server=localhost

Decentralize SIP applications

Linphone call screen

Using Cjdns for your voice calls gives you privacy and authentication. You can use any sip client that supports IP6. This example uses the linphone app included in Fedora.

$ sudo dnf install linphone $ sudo firewall-cmd --zone=public --add-service=sip --add-port=7078/udp --add-port=9078/udp $ sudo firewall-cmd --runtime-to-permanent

Linphone network config screen

Run linphone on your desktop, and skip the account wizard. You don’t need logins and accounts with peer to peer. Select Options, Preferences and select Use IPv6 instead of IPv4 and Direct connection to internet. Enter your Cjdns IPv6 in Public IP address. Now select Options, Quit to completely exit linphone.

The version in Fedora doesn’t provide a way to configure your peer to peer contact, so you need to edit the config file. Find the [sip] section and change guess_hostname and contact:

$ vim ~/.linphonerc guess_hostname=0 contact="Real Name" <sip:mylogin@[fc02:fefe:dead:beef:cafe:babe:1234:5678]>

Now start linphone again, and add a Fedora friend with Cjdns to the addressbook using the same address syntax. Try a text message first, then give them a call.

Of course, there are many potential issues with audio and video in a VoIP app, which are not covered here. Usually, however, linphone just works. If you don’t have any friends, you can reach out to the author via dex email at the nyc node above.

Posted on August 17, 2018 by — Leave a comment

Lennart Jern: How Do You Fedora?

The Fedora Magazine recently interviewed Lennart Jern on how he uses Fedora. This is part of a series on the Fedora Magazine. This series profiles Fedora users and how they use Fedora to get things done. Contact us on the feedback form to express your interest in becoming a interviewee.

Who is Lennart Jern?

Lennart Jern is a Swedish-speaking Finn, who has been living in Umeå, Sweden, for about three years. He was born and raised in southern Finland where he obtained his master’s degree in applied mathematics. His time at university exposed Lennart’s true passion. “While at the university, I realized that computer science was really what I wanted to work with.” In order to follow his dream of working in computer science he moved to Sweden with his wife to pursue a master’s program in computer science. After a short while he had learned enough to land a job with a local startup. “I’m working with cloud/distributed systems, specifically with tools like kubernetes and OpenShift.”

Lennart’s first contact with Linux was in 2006. Some of the computers in his high school were running OpenSuse. He installed Ubuntu’s Hardy Heron in 2008 and has been using Linux ever since.

The Hobbit: An Unexpected Journey and Star Wars: The Force Awakens are his two favorite movies. Lennart likes simplicity. “I generally don’t like fancy food. Nothing beats a homemade pesto-mozzarella pizza.”

Self hosting is one of Jern’s hobbies. He hosts a private blog and a git service running on a cluster of Raspberry Pi computers. “For my blog I am using Jeckll and the git service is gogs.” The Raspberry PI cluster makes use of Kubernetes. Lennart uses several other open source tools to maintain the hosted environment. “I use for the self hosting environment are certbot for certificates, ansible for automation and parallelization of tasks.”

The Fedora Community

Lennart became active with the Fedora Community when his friend introduced him to Fedora. “A friend of mine, Ludvig, was running Fedora on his laptop and I got curious. I wanted to know more about the differences between Linux distros so I simply tried it out.” His friend, Ludvig, also convinced him to get involved with the open source world. “He was using Fedora when we were in high school, probably because it was what Linus Torvalds was using at the time.”

Lennart’s first interactions with the Fedora Community came when he was looking for solutions to issues with Pulse Audio. He found the community friendly and welcoming. “It is nothing to be afraid of, just try it! You don’t have to commit all your free time to it, nobody expects that. If you stumble across something that you can fix or report, do it! It will feel great!”

When asked what he would like people to know about Fedora Lennart was quick to mention stability. “I feel that many still have the impression of Fedora being a bleeding edge distro with problems and broken applications every new release. Bleeding edge might still be true, but I find Fedora very well polished and stable these days.” Lennart would also like to see Fedora more well know in Nordic countries.

What Hardware?

Jern has five machines running Fedora. One desktop, one laptop and three Raspberry Pi computers. The desktop is a custom computer with an AMD Ryzen 5 1600 CPU and 16 GB of ram. The desktop makes use of two graphics cards for multi seating. The video cards are both made by Asus. The first is a Radeon 6870 and the second is a Radeon RX 550. The laptop is a refurbished HP ProBook 430 G2. It is equipped with an Intel Core i5-4210U and 4 GB or ram. Two of the Rasberry Pi computers are model 3 B+ and the other is a model 3B.

What Software?

All of Lennart’s computers run Fedora 28. “The laptop and desktop are both on the Workstation edition while the raspberries have minimal installations.”

One of the raspberries (the model B) is still running ARMv7, while the other two are running the newer aarch64 images. Jern’s laptop and desktop are close to the base workstation edition. “I just add a couple of GNOME extensions specifically the Drop Down Terminal and the Dash to Dock extensions.” Notable applications that Lennart uses include:

Chrome as browser,
Atom as text editor/IDE,
Gedit or vim for ad hoc text editing,
Slack and Telegram for chatting.

Lennart also use git for version control, occasionally with gitg and meld as helping tools. He makes use of Gnome Boxes and vagrant for experimenting with things in virtual machines and docker for his container needs. “Finally, an important piece of software that I have come to rely on is pass and QtPass for password management.” Jern also uses syncthing for synchronizing files between my computers.

“When I’m done geeking around, I relax with some Steam games. And, when I do not need the full power of my desktop I let it contribute to the World Community Grid.“

Posted on August 13, 2018 by — Leave a comment

Convert file systems with Fstransform

Few people know that they can convert their filesystems from one type to another without losing data, i.e. non-destructively. It may sound like magic, but Fstransform can convert an ext2, ext3, ext4, jfs, reiserfs or xfs partition to another type from the list in almost any combination. More importantly, it does so in-place, without formatting or copying data anywhere. Atop of all this goodness, there is a little bonus: Fstransform can also handle ntfs, btrfs, fat and exfat partitions as well.

Before you run it

There are certain caveats and limitations in Fstransform, so it is strongly advised to back up before attempting a conversion. Additionally, there are some limitations to be aware of when using Fstransform:

Both the source and target filesystems must be supported by your Linux kernel. Sounds like an obvious thing and exposes zero risk in case you want to use ext2, ext3, ext4, reiserfs, jfs and xfs partitions. Fedora supports all of that just fine.
Upgrading ext2 to ext3 or ext4 does not require Fstransform. Use the Tune2fs utility instead.
The device with source file system must have at least 5% of free space.
You need to be able to unmount the source filesystem before you begin.
The more data your source file system stores, the longer the conversion will last. The actual speed depends on your device, but expect it to be around one gigabyte per minute. The large amount of hard links can also slow down the conversion.
Although Fstransform is proved to be stable, please back up data on your source filesystem.

Installation instructions

Fstransform is already a part of Fedora. Install with the command:

sudo dnf install fstransform

Time to convert something

Converting one file system to another in-place can take a while

The syntax of the fstransform command is very simple: fstransform <source device> <target file system>. Keep in mind that it needs root privileges to run, so don’t forget to add sudo in the beginning. Here goes an example:

sudo fstransform /dev/sdb1 ext4

Note that it is not possible to convert a root file system, which is a security measure. Use a test partition or an experimental thumb drive instead. In the meantime, Fstransform will through a lot of auxiliary output in the console. The most useful part is the estimated time of completion, which keep you informed about how long the process will take. Again, few small files on an almost empty drive will make Fstransform do its job in a minute or so, whereas more real-world tasks may involve hours of wait time.

More file systems are supported

As mentioned above, it is possible to try Fstransform with ntfs, btrfs, fat and exfat partitions. These types are very experimental, and nobody can guarantee that the converion will flow perfect. Still, there are many success stories, and you can add your own by testing Fstransform with a sample data set on a test partition. Those additional file systems can be enabled by the use of the –force-untested-file-systems parameter:

sudo fstransform /dev/sdb1 ntfs --force-untested-file-systems

Sometimes the process may iterrupt with an error. Feel free to repeat the command again — it may eventually complete the conversion from second or third attempt.

Posted on August 10, 2018 by — Leave a comment

Image creation applications for Fedora

Feeling creative? There are a multitude of applications available for Fedora to aid your creativity. From digital painting, vectors, to pixel art there is something for everyone to get creative this weekend. This article highlights a selection of the applications available for Fedora for creating awesome images.

Vector graphics: Inkscape

Inkscape is a well known and loved Open Source vector graphics editor. SVG is the primary file format of Inkscape, so all your drawings will scale no-problems! Inkscape has been around for many years, so there is a solid community and mountains of tutorials and other resources for getting started.

Being a vector graphics editor, Inkscape is better suited towards simpler illustrations (for example a simple comics style). However, using vector blurs, some artists create some amazing vector drawings.

Install Krita from the Software application in Fedora Workstation, or use the following command in Terminal:

sudo dnf install inkscape

Digital Painting: Krita & Mypaint

Krita is a popular image creation application for digital painting, raster illustration, and texturing. Additionally, Krita is an active project, with a vibrant community — so lots of tutorials to get started. Krita features multiple brush engines, a UI with pop-up palletes, a wrap-around mode for creating seamless patterns, filters, layers, and much more.

Krita with artwork from the Pepper and Carrot webcomic (CC-BY 4.0)

Install Krita from the Software application in Fedora Workstation, or use the following command in Terminal:

sudo dnf install krita

Mypaint is another amazing digital painting application available for Fedora. Like Krita, it has multiple brushes and the ability to use layers.

Install Mypaint from the Software application in Fedora Workstation, or use the following command in Terminal:

sudo dnf install mypaint

Pixel Art: Libresprite

Libresprite is an application designed for the creation of pixel art and pixel animations. It supports a range of colour modes and exports to many formats (including animated GIF). Additionally, Libresprite has drawing tools designed for the creation of pixel art: the polygon tool, and contour & shading tools.

Libresprite is available to download from the Flathub application repository. To install, simply enable Flathub as a software source, and then install via the Software application.

Posted on August 8, 2018 by — Leave a comment

5 applications to manage your to-do list on Fedora

Effective management of your to-do list can do wonders for your productivity. Some prefer just keeping a to-do list in a text file, or even just using a notepad and pen. For users that want more out of their to-do list, they often turn to an application. In this article we highlight 4 graphical applications and a terminal-based tool for managing your to-do list.

GNOME To Do

GNOME To Do is a personal task manager designed specifically for the GNOME desktop (Fedora Workstation’s default desktop). When comparing GNOME To Do with some others in this list, it is has a range of neat features.

GNOME To Do provides organization of tasks by lists, and the ability to assign a colour to that list. Additionally, individual tasks can be assigned due dates & priorities, and notes for each task. Futhermore, GNOME To Do has extensions, allowing even more features, including support for todo.txt and syncing with online services such as todoist.

Install GNOME To Do either by using the Software application, or using the following command in the Terminal:

sudo dnf install gnome-todo

Getting things GNOME!

Before GNOME To Do existed, the go-to application for tracking tasks on GNOME was Getting things GNOME! This older-style GNOME application has a multiple window layout, allowing you to show the details of multiple tasks at the same time. Rather than having lists of tasks, GTG has the ability to add sub-tasks to tasks and even to sub-tasks. GTG also has the ability to add due dates and start dates. Syncing to other apps and services is also possible in GTG via plugins.

Install Getting Things GNOME either by using the Software application, or using the following command in the Terminal:

sudo dnf install gtg

Go For It!

Go For It! is a super-simple task management application. It is used to simply create a list of tasks, and mark them as done when completed. It does not have the ability to group tasks, or create sub-tasks. By default, Go For It! stored tasks in the todo.txt format, allowing simpler syncing to online services and other applications. Additionally, Go For It! contains a simple timer to track how much time you have spent on the current task.

Go For It is available to download from the Flathub application repository. To install, simply enable Flathub as a software source, and then install via the Software application.

Agenda

If you are looking for a no-fuss super simple to-do application, look no further than Agenda. Create tasks, mark them as complete, and then delete them from your list. Agenda shows all tasks (completed or open) until you remove them.

Agenda is available to download from the Flathub application repository. To install, simply enable Flathub as a software source, and then install via the Software application.

Taskwarrior

Taskwarrior is a flexible command-line task management program. It is highly customizable, but can also be used “right out of the box.” Using simple commands, you can create tasks, mark them as complete, and list current open tasks. Additionally, tasks can be tagged, added to projects, searched and filtered. Furthermore, you can set up recurring tasks, and apply due dates to tasks.

This previous article on the Fedora Magazine provides a good overview of getting started with Taskwarrior.

Install Taskwarrior with this command in the Terminal:

sudo dnf install task

Posted on August 3, 2018 by — Leave a comment

How to use Fedora Server to create a router / gateway

Building a router (or gateway) using Fedora Server is an interesting project for users wanting to learn more about Linux system administration and networking. In this article, learn how to configure a Fedora Server minimal install to act as an internet router / gateway.

This guide is based on Fedora 28 and assumes you have already installed Fedora Server (minimal install). Additionally, you require a suitable network card / modem for the incoming internet connection. In this example, the DrayTek VigorNIC 132 NIC was used to create the router.

Why build your own router

There are many benefits for building your own router over buying a standalone box (or using the one supplied by your internet provider):

Easily update and run latest software versions
May be less prone to be part of larger hacking campaign as its not a common consumer device
Run your own VMs or containers on same host/router
Build OpenShift on top of router (future story in this series)
Include your own VPN, Tor, or other tunnel paths along with correct routing

The downside is related to time and knowledge.

You have to manage your own security
You need to have the knowledge to troubleshoot if an issue happens or find it through the web (no support calls)
Costs more in most cases than hardware provided by an internet provider

Basic network topology

The diagram below describes the basic topology used in this setup. The machine running Fedora Server has a PCI Express modem for VDSL. Alternatively, if you use a Raspberry Pi with external modem the configuration is mostly similar.

Initial Setup

First of all, install the packages needed to make the router. Bash auto-complete is included to make things easier when later configuring. Additionally, install packages to allow you to host your own VMs on the same router/hosts via KVM-QEMU.

dnf install -y bash-completion NetworkManager-ppp qemu-kvm qemu-img virt-manager libvirt libvirt-python libvirt-client virt-install virt-viewer

Next, use nmcli to set the MTU on the WAN(PPPoE) interfaces to align with DSL/ATM MTU and create pppoe interface. This link has a great explanation on how this works. The username and password will be provided by your internet provider.

nmcli connection add type pppoe ifname enp2s0 username 00xxx5511yyy0001@t-online.de password XXXXXX 802-3-ethernet.mtu 1452

Now, set up the firewall with the default zone as external and remove incoming SSH access.

firewall-cmd --set-default-zone=external firewall-cmd --permanent --zone=external --remove-service=ssh

Add LAN interface(br0) along with preferred LAN IP address and then add your physical LAN interface to the bridge.

nmcli connection add ifname br0 type bridge con-name br0 bridge.stp no ipv4.addresses 10.0.0.1/24 ipv4.method manual nmcli connection add type bridge-slave ifname enp1s0 master br0

Remember to use a subnet that does not overlap with your works VPN subnet. For example my work provides a 10.32.0.0/16 subnet when I VPN into the office so I need to avoid using this in my home network. If you overlap addressing then the route provided by your VPN will likely have lower priority and you will not route through the VPN tunnel.

Now create a file called bridge.xml, containing a bridge definition that virsh will consume to create a bridge in QEMU.

cat > bridge.xml <<EOF <network>     <name>host-bridge</name>     <forward mode="bridge"/>     <bridge name="br0"/> </network> EOF

Start and enable your libvirt-guests service so you can add the bridge in your virtual environment for the VMs to use.

systemctl start libvirt-guests.service systemctl enable libvirt-guests.service

Add your “host-bridge” to QEMU via virsh command and the XML file you created earlier.

virsh net-define bridge.xml

virsh net-start host-bridge virsh net-autostart host-bridge

Add br0 to internal zone and allow DNS and DHCP as we will be setting up our own services on this router.

firewall-cmd --permanent --zone=internal --add-interface=br0 firewall-cmd --permanent --zone=internal --add-service=dhcp firewall-cmd --permanent --zone=internal --add-service=dns

Since many DHCP clients including Windows and Linux don’t take into account the MTU attribute in DHCP, we will need to allow TCP based protocols to set MSS based on PMTU size.

firewall-cmd --permanent --direct --add-passthrough ipv4 -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Now we reload the firewall to take permanent changes into account.

nmcli connection reload

Install and Configure DHCP

DHCP configuration depends on your home network setup. Use your own desired domain name and and the subnet was defined during the creation of br0. Be sure to note the MAC address in the config file below can either be capture from the command below once you have DHCP services up and running or you can pull it off the label externally on the device you want to set to static addressing.

cat /var/lib/dhcpd/dhcpd.leases

dnf -y install dhcp vi /etc/dhcp/dhcpd.conf

option domain-name "lajoie.org"; option domain-name-servers 10.0.0.1; default-lease-time 600; max-lease-time 7200; authoritative; subnet 10.0.0.0 netmask 255.255.255.0 { range dynamic-bootp 10.0.0.100 10.0.0.254; option broadcast-address 10.0.0.255; option routers 10.0.0.1; option interface-mtu 1452; } host ubifi { option host-name "ubifi.lajoie.org"; hardware ethernet f0:9f:c2:1f:c1:12; fixed-address 10.0.0.2; }

Now enable and start your DHCP server

systemctl start dhcpd systemctl enable dhcpd

DNS Install and Configure

Next, install bind and and bind-utils for tools like nslookup and dig.

dnf -y install bind bind-utils

Configure your bind server with listening address (LAN interface in this case) and the forward/reverse zones.

$ vi /etc/named.conf

options { listen-on port 53 { 10.0.0.1; }; listen-on-v6 port 53 { none; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; secroots-file "/var/named/data/named.secroots"; recursing-file "/var/named/data/named.recursing"; allow-query { 10.0.0.0/24; }; recursion yes; forwarders {8.8.8.8; 8.8.4.4; }; dnssec-enable yes; dnssec-validation yes; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; include "/etc/crypto-policies/back-ends/bind.config"; }; controls { }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; view "internal" { match-clients { localhost; 10.0.0.0/24; }; zone "lajoie.org" IN { type master; file "lajoie.org.db"; allow-update { none; }; }; zone "0.0.10.in-addr.arpa" IN { type master; file "0.0.10.db"; allow-update { none; }; }; };

Here is a zone file for example and make sure to update the serial number after each edit of the bind service will assume no changes took place.

$ vi /var/named/lajoie.org.db

$TTL 86400 @ IN SOA gw.lajoie.org. root.lajoie.org. ( 2018040801 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NS gw.lajoie.org. IN A 10.0.0.1 gw IN A 10.0.0.1 ubifi IN A 10.0.0.2

Here is a reverse zone file for example and make sure to update the serial number after each edit of the bind service will assume no changes took place.

$ vi /var/named/0.0.10.db

$TTL 86400 @ IN SOA gw.lajoie.org. root.lajoie.org. ( 2018040801 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) IN NS gw.lajoie.org. IN PTR lajoie.org. IN A 255.255.255.0 1 IN PTR gw.lajoie.org. 2 IN PTR ubifi.lajoie.org.

Now enable and start your DNS server

systemctl start named systemctl enable named

Secure SSH

Last simple step is to make SSH service listen only on your LAN segment. Run this command to see whats listening at this moment. Remember we did not allow SSH on the external firewall zone but this step is still best practice in my opinion.

ss -lnp4

Now edit the SSH service to only listen on your LAN segment.

vi /etc/ssh/sshd_config

AddressFamily inet ListenAddress 10.0.0.1

Restart your SSH service for changes to take effect.

systemctl restart sshd.service

<!–

Optional WiFi Configuration

In this optional section we have the configuration for Wireless AP and 4G WAN. I used Ubiquiti wireless in my setup as I needed multi AP and seamless handover. For WiFi you probably want WPA2 pre-shared key, RSN security protocol, and CCMP group as shown below. We also set the AP to run as 5GHz band via “802-11-wireless.band a”.

dnf install NetworkManager-wifi nmcli connection add type wifi ifname wlp6s0 con-name ap0 autoconnect yes ssid HOMENET 802-11-wireless.mode ap 802-11-wireless.band a 802-11-wireless-security.proto rsn 802-11-wireless-security.pairwise ccmp 802-11-wireless-security.group ccmp 802-11-wireless-security.psk xxxxxxxxx 802-11-wireless-security.key-mgmt wpa-psk ipv4.method shared

Optional 4G Configuration

Now install wwan support and if you have a WWAN USB modem like me that needs to be switched to modem mode vs. storage.

dnf install NetworkManager-wwan ModemManager

Enable and start the ModemManager

systemctl start ModemManager  systemctl enable ModemManager

Plug your device in and make sure ModemManager and NetworkManager both see the wwan device.

mmcli -M nmcli dev

If you don’t see your device I recommend you go to this link and open a bug report.

Now configure your 3GPP WAN connection and reload to make sure everything auto-starts.

nmcli connection add type gsm con-name Telekom gsm.apn web.vodafone.de ifname ttyUSB0

Since we have the default zone for our firewall set to external, this wwan interface will be put into the correct zone.–>

Thank you

Thanks and please leave a comment below if you have any ideas, edits or questions.