Understanding the Digital World: My honest book review
I read a lot of books. I especially like to read books about computers, Linux, and the digital world we live in. I also enjoy reading books on the history of computing about and by and the people who helped make this digital world what it is today.
Imagine my excitement when I discovered the new second edition of an important book by Brian W. Kernighan, one of the leading figures in the creation of Unix, author or co-author of many influential books, and a professor of Computer Science at Princeton University. Understanding the Digital World combines computer history, technology, and personal story, along with discussions about how today's technology impacts our privacy.
More Linux resources Linux commands cheat sheet Advanced Linux commands cheat sheet Free online course: RHEL technical overview Linux networking cheat sheet SELinux cheat sheet Linux common commands cheat sheet What are Linux containers? Our latest Linux articlesKernighan teaches a course at Princeton each year, "Computers in Our World," intended for computer users who are not Computer Science majors. He wrote this book to bring much of the information contained in that course to the world at large.
Kernighan starts with an exploration of the technology itself. The title of Chapter 1 is, "What is a Computer?" Covering the CPU and how it works, he describes various forms of storage, including RAM, cache, disk, and other types of secondary storage, and how they all work together. After this overview of the hardware, he describes algorithms, how they are used to solve problems, and how they get incorporated into computer programs. In later chapters, Kernighan discusses the internet, the TCP/IP protocols that drive it, and some of the tools used to communicate using the internet.
He looks at the data about ourselves (stored on our computers) that gets transmitted across the internet—with or without our permission. Although there are references to security throughout the book, Kernighan spends a great deal of these latter chapters discussing the many ways in which our data is vulnerable and ways to implement at least some level of protection.
The parts that scared me most were the discussions about how organizations can track our movements on the internet—the effects of this (and tools such as data mining) on our online experiences. I am familiar with using tools like firewalls and strategies such as using good passwords and deleting or deactivating programs and daemons that I am not using. But the ease with which we can get spied upon (there is no more accurate word for it) is appalling no matter what actions we may take.
My first inclination after reading this book was to send it to the two of my grandkids that I am helping to build gaming computers. This book is a good way for them to learn how computers work at a level they can understand. They can also learn about the pitfalls (beyond those their parents have discussed with them) about how to be safe on the internet. I also suggested to their parents that they read it, too.
It is not all gloom and doom. Far from it. Kernighan manages to scare me while simultaneously ensuring that readers understand how to mitigate the threats he discusses. In the vast majority of his scenarios, I had already implemented many of the protections he covers.
This book has made me think more closely about how I work and play on the internet, the methods I use to protect my home network, and how I use my portable devices. Kernighan's level of paranoia is sufficient to ensure that readers pay attention while reassuring us that we can still use the internet, our computers, and other devices with a reasonable amount of safety so long as we take the appropriate precautions.
No! I am not going to tell you all of that. You'll get no spoilers from me.
Kernighan indicates to readers the sections that may get too technical, and you can skip over them. Still, overall this is a pretty easy read and accessible even for many non-technical readers. This was intentional on the author's part. So even if your technology quotient is fairly low, this book is still understandable. Despite the fact that he wrote the first edition of this book only five years ago, this second edition includes important new material that makes it even more applicable to today's technology and the lightning-fast dissemination of data. I found the new section on artificial intelligence quite enlightening.
I highly recommend this book to anyone who wants to learn more about how computers work and impact privacy and security in the modern world.
Brian W. Kernighan's second edition of Understanding the Digital World is worth a read for computer enthusiasts of any skill level.
Image by:opensource.com
Linux What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.How I run my blog on a Raspberry Pi
Like a lot of folks who enjoy tinkering with technology, I now have a small but growing collection of Raspberry Pi boxes around my house. I've used them for various projects: A PiHole network ad blocker, an OctoPi 3D print server, and a Minecraft server, among others.
However, the most custom project I've done is setting up a Raspberry Pi to act as a web server to host my own blog site, mandclu.com. I got the idea while researching for an interview I did a couple of years ago.
The project has evolved significantly since it started, so I thought it would be interesting to share.
More on Raspberry Pi What is Raspberry Pi? eBook: Guide to Raspberry Pi Getting started with Raspberry Pi cheat sheet eBook: Running Kubernetes on your Raspberry Pi Whitepaper: Data-intensive intelligent applications in a hybrid cloud blueprint Understanding edge computing Our latest on Raspberry Pi Why run my own web server?I started building websites a little over two decades ago. I used various hosting solutions at that time, including a (nearly) bare-metal Linode instance where I had to install and configure all the software myself.
I recently had a small account at a major hosting company that I used to serve a couple of personal projects. Over time, I've found that I'm less interested in using my time for freelance projects, so the cost was getting harder to justify. Because of the security measures built into their hosting platform, I also felt frustrated being limited by what tools I could use and how I could use them.
In short, I wanted to run my own server because it would be free, in the sense of free speech, free beer, and, as I would soon learn, free puppies.
Would I recommend that everyone host their own website? Absolutely not. It's been a fun project, and I've learned a ton along the way, but if my website was down for a few hours (or potentially longer) because of local power or network outage, I could live with that.
In a previous article, I discussed why I chose Drupal for my site. While I think it's a powerful and infinitely flexible solution, the steps below largely apply to any PHP-based CMS or development framework you might want to host.
A Raspberry Pi web server: The maiden voyageI bought a Raspberry Pi 4 with 4Gb of RAM for the project. I had seen some documentation that the quality of the MicroSD card you use with a Pi makes a significant difference for performance, so I also tried to source a decent card. All told, I was probably getting close to US$ 100, including a case and power adapter.
The first decision was what OS to use. CentOS seemed like the best choice for something exposed to the internet, so I decided to go with that. As it turns out, CentOS had some marked differences from any other flavor of Linux I've used, especially because it wanted to reset the permissions of all the server logs on every reboot. I eventually figured out how to handle that gracefully, but it added to the adventure.
Next, it was time to get the Pi set up to act as a web server. I know some super-smart DevOps folks who prefer to use Nginx as a web server for their projects, but I'm personally a lot more familiar with Apache. Also, Drupal implements some security controls using .htaccess files, so if going with Nginx, you would need to manage equivalent restrictions in the server configuration. But the truth is that more than anything else, I wanted to go with the devil I knew.
Fortunately, a quick search can bring up a variety of tutorials on how to install the remaining parts of a LAMP stack on CentOS (or your preferred flavor of Linux). Even better, modern package managers like Yum make the process relatively painless. Drupal also has a few PHP requirements of its own, so there was an extra step to make sure I met those. Finally, I like to use APCu as a PHP-native data cache to help speed up the delivery of PHP sites, so I made sure that it got installed and the PHP extension enabled.
While searching for answers for the miscellaneous hiccups, I came across an interesting add-on that made managing the Pi as a web server much easier: Cockpit. It provides an easy-to-use graphical interface to see the status of the machine and all its software: How it's running (or if it isn't). You can see when updates are available and run them, access logs, and more. It even includes its own command-line interface, so you can completely manage pretty much everything from the one interface.
Installing Drupal on Raspberry Pi
Getting Drupal itself installed is pretty straightforward if you know the intended process. If you haven't already, install the Composer PHP dependency manager. Then you can install Drupal in a couple of steps:
composer create-project drupal/recommended-project my_site_name_dirConfigure your web server to use the web directory within that install location (my_site_name_dir in the example above) as the document root for a virtual host (or a server block in Nginx).
If you try to access the virtual host, Drupal triggers the rest of the installation process for you.
I decided to create the site on my laptop, then push the site code to a Git repo on GitLab, and pull it down to the server from there, but that isn't strictly necessary if you're just looking to try out Drupal on your Pi.
Getting the word out (of the network)I now had my Raspberry Pi working as a web server and my Drupal site running well on top of it. Great! But no one outside my network could access it.
I went into my router's web UI and used port forwarding to make sure incoming web requests (ports 80 and 443) would get directed to the Pi. I did that in a couple of minutes. But how would people find the site?
I bought a domain name, and my registrar had its own utility for dynamic DNS, which is great because a drawback of using your home's internet connection is that home users typically don't have a static IP. After installing their utility and waiting for the DNS setup to resolve, users could reach my new website at mandclu.com.
Of course, the site also needed to allow for secure connections, so I also needed to add an SSL certificate. It used to be that this meant purchasing a certificate that would have cost more than the Pi itself and paying that again every year on renewal. Fortunately, Let's Encrypt achieves a similar result for free. You can even install the certbot to renew the certificate automatically.
My own Raspberry Pi web serverI was really happy with the result. Was it as fast as expensive, enterprise-grade hosting? Nope. But I could host my own site for free (or, more accurately, for the cost of the electricity to power the Pi), and I had complete freedom to configure the server any way I wanted.
It did seem like the site started to show occasional slowdowns over time, but it was fast enough for the meager traffic I was getting (almost none), so it met my needs.
I enjoyed playing with the site styling and posting content when I felt inspired to write it. And then, the move came.
I moved homes at the end of 2020 (literally the last day of the year). One of the downsides of having your website hosted from a Pi box in your living room is that moving house means your website goes down for a while. In my case, a few weeks since having my pet project website back online wasn't a major priority.
Eventually, I got my web server Pi hooked up and plugged in again and was ready to add some new content. I was surprised to find that the site was running noticeably slower than I remembered. A great thing about being a web developer is that you make friends with lots of smart people, so I reached out to a friend who mentioned that MicroSD cards sometimes slow down over time under regular use.
Speeding up my web serverI decided it was time to to rebuild the server, so I made several changes. For starters, I had since bought an 8GB Pi 4 to use as a Minecrafter server, but then my son's interest in the game had fallen off, so I decided to use that hardware for the new version. Instead of a MicroSD for storage, I bought a low-capacity NVMe SSD and a USB 3 enclosure for it. Those two elements probably cost as much as I had previously spent on the Pi, MicroSD card, power supply, and case, but the server is still running really well nearly a year later.
Instead of just copying over everything I had previously installed, I decided to reinstall the software. Moving to the 8GB Pi 4 meant that I needed a 64-bit OS, which meant that Ubuntu server was my best option. There are more options today, but I've been really happy with Ubuntu, even though there was a new learning curve. Some directories are in different places. I had to get used to Apt instead of Yum for installing new packages, and so on. But the overall process was really the same, with a few minor differences in the steps themselves.
Another significant change I decided to make during the rebuild was to add Cloudflare as a content delivery network (CDN) to speed up the delivery of the site. In its most basic form, a CDN speeds up a website's delivery by keeping cached versions of the site's files at various local points of presence (PoP) distributed worldwide. Fortunately, Cloudflare has a free plan, so I decided to put that in front of my Pi-hosted website.
The resultThe upgraded version of the Pi web server clocks in fast. Like, really fast:
I've run speed tests on many different websites (admittedly, most of them were Drupal), and these are some of the best scores I've seen. It does help that the site is simple by design. If there were more images on the site, it would probably score a little lower, especially for mobile (where the Lighthouse test throttles bandwidth to simulate a slow 4G connection).
It's worth pointing out the accessibility scores as well—with no effort on my part. Another advantage of running my site on Drupal is being able to build on top of a framework already rigorously tested to be easily used on screen readers and other assistive technologies.
The only work I had to do to hit the best practices score was installing and configuring the free Security Kit module.
Build your own Raspberry Pi serverIf you've wanted to try Drupal for a personal web project, and especially if you happen to have an extra Raspberry Pi gathering dust, then I hope you'll try setting up your own server.
I set up a Raspberry Pi to act as a web server to host my personal blog on Drupal.
Image by:Dwight Sipler on Flickr
Drupal Raspberry Pi What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.How I use Drupal as an advanced blogging platform
A couple of years ago, I decided I wanted a place to post my thoughts and play around with some emerging web technologies.
More great content Free online course: RHEL technical overview Learn advanced Linux commands Download cheat sheets Find an open source alternative Explore open source resources Why Drupal?I make my living working with and evangelizing Drupal. So there's definitely some applicability to the saying, "when your only tool is a hammer, every problem looks like a nail."
In truth, I had considered using some static site solutions like Gatsby or Jekyll and then using free hosting options from GitHub or GitLab.
However, one of the things I enjoy about Drupal is how quickly I can create and adapt content structures and have the ability to draw on the considerable library of community-provided modules to extend its capabilities, all of which you can use for free.
Let me use a specific example to illustrate its flexibility. Initially, I wanted my site to be a blog, and there are a ton of options for that, including pure SaaS offerings like Medium. As I was working on it, however, it occurred to me that I could also use the site as a place to keep track of my various public speaking engagements.
Speaking of DrupalI maintain several Drupal modules that I share with the community. I have also had the privilege of working with some very smart people, so I regularly have specific ideas around how you can use Drupal for some everyday use cases in easy and powerful ways.
When I submit a session proposal to an open source conference, the organizers often want to see a list of my recent public speaking engagements. I used to keep track of that in various ways, including a Google Doc. Then I have to remember to keep the list up to date (invariably, I don't). Then if a particular conference wants the information in a different format, I have to adapt all the content myself: Add longer descriptions, video links, and more.
I added a content type (a customizable template for structured storage) on my Drupal site called Talk. By default, it had a title and description, so I added fields for the schedule, location, and a link to the video.
Image by:
(Martin Anderson-Clutz, CC BY-SA 4.0)
Drupal has robust media handling out of the box, so when a video of one of my talks gets posted online, all I have to do is copy and paste the URL into my site. I can display that as a link or an embedded video player. For better performance, I also added a community module that allows the site to lazy load the video players.
I recently realized that I often post the slides from my talks to SlideShare, so I added a field to keep track of those links. That change took less than a minute to implement. Now, if someone wants to revisit the content, they can find a page on my site with all the information: When it happened, the description, a video, and the slides.
Drupal also includes a powerful visual query builder called Views, great for generating content lists to meet specific needs in a point-and-click interface. I used Views to create lists of upcoming and past talks, including small video players for the past talks and full-sized players if visitors click through to the details. If a conference requires my speaking experience in a specific format, I can easily create a new View to provide precisely the information they need, in the format they need it, with just a few clicks.
Key Drupal featuresAnother great thing about creating a site with Drupal is that you get to build on the work of one of the most engaged open source communities in the world. And they've built in some impressive capabilities, which my site benefits from.
PerformanceThey built Drupal to use multiple layers of caching for better performance. It also supports BigPipe progressive rendering, allowing even complex pages to start rendering in the browser right away.
AccessibilityThe Drupal community put a ton of work into the spiffy new Olivero theme. It not only looks beautiful but got built for easy navigation by screen readers and other assistive technologies. Upon review, the National Federation of the Blind gushed that the team "knocked it out of the park." For my site, I worked out a way to override Olivero and make some minor stylistic changes without directly editing the theme. That allowed me to give my site some unique flavor while ensuring I can update it painlessly as Drupal continues to evolve.
My favorite Drupal modulesWhile Drupal is incredibly flexible out of the box, the possibilities are endless when you start to add from the immense library of modules available from the community, all for free. Here are a few that make my site better.
Smart DateThis provides an intuitive, easy-to-use widget for entering dates, designed to align with the UX of typical calendar applications. It handles timezones elegantly. And it also allows for the natural language formatting of date ranges: Outputting "9-10AM on Tuesday, Feb 15" instead of "9:00AM Tuesday, Feb 15 - 10:00AM Tuesday, Feb 15" for example.
BlazyBy default, Drupal adds the loading="lazy" HTML attribute to img tags, but all browsers don't support this. Also, my site loads multiple video players on the home page, which can cause a performance hit. The Blazy module adds support for multiple lazy loading libraries and can lazy load video players.
PathautoDrupal long could create SEO-friendly URLs like /node/123 based on the numerical ID of a piece of content. Pathauto expands the sophistication of the automatically generated URLs to include text, such as the type of content, how you categorized it, and the title (/articles/blog/composable-date-formatter-drupal). You can use this for creating breadcrumbs as well.
If I wanted to get serious about SEO, I could add the automatic generation of various meta tags using the Metatag module, and also add meta tags so content looks better when shared on social media. If I wanted to get really serious about SEO, I could also add the Real-time SEO module to help me aggressively optimize for specific keywords. But, I doubt I'll ever take it that seriously.
Final thoughtsAre you interested in giving Drupal a try? There are one-click demos available at Simplytest.me or DrupalPod you can use to test out Drupal with a cloud-hosted IDE (if you want to get your hands dirty). In another article, I'll discuss a low-cost (basically free, once it's up and running) way to host your Drupal site.
Drupal is a flexible and powerful blogging platform that I enjoy customizing to suit my needs.
Image by:Opensource.com
Drupal What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.Manage Linux users' home directories with systemd-homed
The entire systemd concept and implementation have introduced many changes since it began to replace the old SystemV startup and init tools. Over time, systemd has been extended into many other segments of the Linux environment.
One relatively new service, systemd-homed, extends the reach of systemd into the management of users' home directories. The feature enforces human user access only and restricts system users in the User ID (UID) range between 0 and 999. I support the systemd plan to take over the world, but I wondered if this was a bit excessive. Then I did some research.
More for sysadmins Enable Sysadmin blog The Automated Enterprise: A guide to managing IT with automation eBook: Ansible automation for Sysadmins Tales from the field: A system administrator's guide to IT automation eBook: A guide to Kubernetes for SREs and sysadmins Latest sysadmin articles What is systemd-homed?The systemd-homed service supports user account portability independent of the underlying computer system. A practical example is to carry around your home directory on a USB thumb drive and plug it into any system which would automatically recognize and mount it. According to Lennart Poettering, lead developer of systemd, access to a user's home directory should not be allowed to anyone unless the user is logged in. The systemd-homed service is designed to enhance security, especially for mobile devices such as laptops. It also seems like a tool that might be useful with containers.
This objective can only be achieved if the home directory contains all user metadata. The ~/.identity file stores user account information, which is only accessible to systemd-homed when the password is entered. This file holds all of the account metadata, including everything Linux needs to know about you, so that the home directory is portable to any Linux host that uses systemd-homed. This approach prevents having an account with a stored password on every system you might need to use.
The home directory can also be encrypted using your password. Under systemd-homed, your home directory stores your password with all of your user metadata. Your encrypted password is not stored anywhere else thus cannot be accessed by anyone. Although the methods used to encrypt and store passwords for modern Linux systems are considered to be unbreakable, the best safeguard is to prevent them from being accessed in the first place. Assumptions about the invulnerability of their security have led many to ruin.
This service is primarily intended for use with portable devices such as laptops. Poettering states, "Homed is intended primarily for client machines, i.e., laptops and thus machines you typically ssh from a lot more than ssh to, if you follow what I mean." It is not intended for use on servers or workstations that are tethered to a single location by cables or locked into a server room.
The systemd-homed service is enabled by default on new installations—at least for Fedora, which is the distro that I use. This configuration is by design, and I don't expect that to change. User accounts are not affected or altered in any way on systems with existing filesystems, upgrades or reinstallations that keep the existing partitions, and logical volumes.
Creating controlled usersTraditional tools such as useradd create accounts and home directories that systemd-homed does not manage. Therefore, if you continue to use the conventional user management tools, the home directories on your home directories are not managed by systemd-homed. This is also the case with the non-root user account created during a new installation.
The homectl commandThe homectl command creates user accounts that systemd-homed manages. Using the homectl command to create a new account generates the metadata needed to make the home directory portable.
The homectl command man page has a good explanation of the objectives and function of the systemd-homed service. However, reading the homectl man page is quite interesting, especially the Example section. Of the five examples, three show how to create user accounts with specific limits imposed, such as a maximum number of concurrent processes or a maximum amount of disk space.
In a non-homectl setup, the /etc/security/limits.conf file imposes these limits. The only advantage I can see to this is that it adds a user and applies the limits with a single command. With the traditional method, the sysadmin must configure the limits.conf file manually.
LimitationsThe only significant limitation I am aware of is that it is not possible to access a user home directory remotely using OpenSSH. This limitation is due to the current inability of PAM to provide access to a home directory managed by homectl. Poettering seems doubtful that this can be overcome. This issue would prevent me from using systemd-homed for my home directory on my primary workstation or even my laptop. I typically log into both computers remotely several times per day using SSH, so this is a showstopper for me.
The other concern I can see is that you still need a Linux computer for use with a USB thumb drive with your home directory on it, and that computer needs to have systemd-homed running.
It is optionalYou don't have to use it, however. I plan to continue using the traditional tools for user management to support my workflow. The default for the few distros I have some little knowledge of, including Fedora, is for the systemd-homed service to be enabled and running. You can disable and stop the systemd-homed service without impacting traditional user accounts.
Final thoughtsSysadmins can use the systemd-homed service for a secure form of management of roaming users' home directories. It is useful on portable devices like laptops and can be especially useful for users who carry a thumb drive containing only their home directories to plug it into any convenient Linux computer.
The primary limitation of using systemd-homed is that it is impossible to log in remotely using SSH. And even though the systemd-homed is enabled by default, it does not affect home directories created with the useradd command. I do need to point out that—like many systemd tools—systemd-homed is optional. So I just stopped and disabled the service.
If I need to take my home directory in a package smaller than my laptop, I can just use a live USB with persistent storage.
Resources- https://systemd.io/HOME_DIRECTORY/
- https://www.freedesktop.org/software/systemd/man/homectl.html
- https://www.freedesktop.org/software/systemd/man/systemd-homed.service.html
- https://wiki.archlinux.org/title/Systemd-homed
Sysadmins can use the systemd-homed service for a secure form of management of roaming users' home directories.
Image by:Opensource.com
Sysadmin Linux What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.