1.4 Lesson 1
Certificate: |
Linux Essentials |
---|---|
Version: |
1.6 |
Topic: |
1 The Linux Community and a Career in Open Source |
Objective: |
1.4 ICT Skills and Working in Linux |
Lesson: |
1 of 1 |
Introduction
There was a time when working with Linux on the desktop was considered hard since the system lacked many of the more polished desktop applications and configuration tools that other operating systems had. Some of the reasons for that were that Linux was a lot younger than many other operating systems. That being said, it was easier to start by developing more essential command line applications and just leave the more complex graphical tools for later. In the beginning, since Linux was first targeted to more advanced users, that should not have been a problem. But those days are long gone. Today, Linux desktop environments are very mature, leaving nothing to be desired as regards to features and ease of use. Nevertheless, the command line is still considered a powerful tool used each and every day by advanced users. In this lesson we’ll take a look at some of the basic desktop skills you will need in order to choose the best tool for the right job, including getting to the command line.
Linux User Interfaces
When using a Linux system, you either interact with a command line or with a graphical user interfaces. Both ways grant you access to numerous applications that support performing almost any task with the computer. While objective 1.2 already introduced you to a series of commonly used applications, we will start this lesson with a closer look at desktop environments, ways to access the terminal and tools used for presentations and project management.
Desktop Environments
Linux has a modular approach where different parts of the system are developed by different projects and developers, each one filling a specific need or objective. Because of that, there are several options of desktop environments to choose from and together with package managers, the default desktop environment is one of the main differences among the many distributions out there. Unlike proprietary operating systems like Windows and macOS, where the users are restricted to the desktop environment that comes with their OS, there is the possibility to install multiple environments and pick the one that adapts the most to you and your needs.
Basically, there are two major desktop environments in the Linux world: Gnome and KDE. They are both very complete, with a large community behind them and aim for the same purpose but with slightly divergent approaches. In a nutshell, Gnome tries to follow the KISS (“keep it simple stupid”) principle, with very streamlined and clean applications. On the other hand, KDE has another perspective with a larger selection of applications and giving the user the opportunity to change every configuration setting in the environment.
While Gnome applications are based on the GTK toolkit (written in the C language), KDE applications make use of the Qt library (written in C++). One of the most practical aspects of writing applications with the same graphical toolkit is that applications will tend to share a similar look and feel, which is responsible for giving the user a sense of unity during their experience. Another important characteristic is that having the same shared graphical library for many frequently used applications may save some memory space at the same time that it will speed up loading time once the library has been loaded for the first time.
Getting to the Command Line
For us, one of the most important applications is the graphical terminal emulator. Those are called terminal emulators because they really emulate, in a graphical environment, the old style serial terminals (often Teletype machines) that were in fact clients that used to be connected to a remote machine where the computing actually happened. Those machines were really simple computers with no graphics at all that were used on the first versions of Unix.
In Gnome, such an application is called Gnome Terminal, while in KDE it can be found as Konsole. But there are many other choices available, such as Xterm. Those applications are a way for us to have access to a command line environment in order to be able to interact with a shell.
So, you should look at the application menu of your distribution of choice for a terminal application. Besides any difference between them, every application will offer you what is necessary to gain confidence in using the command line.
Another way to get into the terminal is to use the virtual TTY. You can get into them by pressing Ctrl+Alt+F#. Read F# as one of the function keys from 1 to 7, for example. Probably, some of the initial combinations might be running your session manager or your graphical environment. The others will show a prompt asking for your login name like the one bellow:
Ubuntu 18.10 arrelia tty3 arrelia login:
arrelia
in this case, is the hostname of the machine and tty3
is the terminal available after using the key combination above, plus the F3 key, like in Ctrl+Alt+F3.
After providing your login and password, you will finally get into a terminal, but there is no graphical environment in here, so, you won’t be able to use the mouse or run graphical applications without first starting an X, or Wayland, session. But that’s beyond the scope of this lesson.
Presentations and Projects
The most important tool for presentations on Linux is LibreOffice Impress. It’s part of the open source office suite called LibreOffice. Think about LibreOffice as an open source replacement for the equivalent Microsoft Office. It can even open and save the PPT and PPTX files that are native to Powerpoint. But in spite of that, I really recommend you to use the native ODP Impress format. The ODP is part of the larger Open Document Format, which is a international standard for this kind of file. This is especially important if you want to keep your documents accessible for many years and worry less about compatibility problems. Because they are an open standard, it’s possible for anyone to implement the format without paying any royalties or licenses. This also makes you free to try other presentations software that you may like better and take your files with you, as it’s very likely they will be compatible with those newer softwares.
But if you prefer code over graphical interfaces, there are a few tools for you to choose. Beamer is a LaTeX class that can create slide presentations from LaTeX code. LaTeX itself is a typesetting system largely used for writing scientific documents at the academy, specially for its capacity to handle complex math symbols, which other softwares have difficulty to deal with. If you are at the university and need to deal with equations and other math related problems, Beamer can save you a lot of time.
The other option is Reveal.js, an awesome NPM package (NPM is the default NodeJS package manager) which allows you to create beautiful presentations by using the web. So, if you can write HTML and CSS, Reveal.js will bring most of the JavaScript necessary to create pretty and interactive presentations that will adapt well on any resolution and screen size.
Lastly, if you want a replacement for Microsoft Project, you can try GanttProject or ProjectLibre. Both are very similar to their proprietary counterpart and compatible with Project files.
Industry Uses of Linux
Linux is heavily used among the software and Internet industries. Sites like W3Techs report that about 68% of the website servers on the Internet are powered by Unix and the biggest portion of those are known to be Linux.
This large adoption is given not only for the free nature of Linux (as both in free beer and in freedom of speech) but also for its stability, flexibility and performance. These characteristics allow vendors to offer their services with a lower cost and a greater scalability. A significant portion of Linux systems nowadays run in the cloud, either on a IaaS (Infrastructure as a service), PaaS (Platform as a Service) or SaaS (Software as a Service) model.
IaaS is a way to share the resources of a large server by offering them access to virtual machines that are, in fact, multiple operating systems running as guests on a host machine over an important piece of software that is called a hypervisor. The hypervisor is responsible for making it possible for these guest OSs to run by segregating and managing the resources available on the host machine to those guests. That’s what we call virtualization. In the IaaS model, you pay only for the fraction of resources your infrastructure uses.
Linux has three well know open source hypervisors: Xen, KVM and VirtualBox. Xen is probably the oldest of them. KVM ran out Xen as the most prominent Linux Hypervisor. It has its development sponsored by RedHat and it is used by them and other players, both in public cloud services and in private cloud setups. VirtualBox belongs to Oracle since its acquisition of Sun Microsystems and is usually used by end users because of its easiness of use and administration.
PaaS and SaaS, on the other hand, build up on the IaaS model, both technically and conceptually. In PaaS instead of a virtual machine, the users have access to a platform where it will be possible to deploy and run their application. The goal here is to ease the burden of dealing with system administration tasks and operating systems updates. Heroku is a common PaaS example where program code can just be run without taking care of the underlying containers and virtual machines.
Lastly, SaaS is the model where you usually pay for a subscription in order to just use a software without worrying about anything else. Dropbox and Salesforce are two good examples of SaaS. Most of these services are accessed through a web browser.
A project like OpenStack is a collection of open source software that can make use of different hypervisors and other tools in order to offer a complete IaaS cloud environment on premise, by leveraging the power of computer cluster on your own datacenter. However, the setup of such infrastructure is not trivial.
Privacy Issues when using the Internet
The web browser is a fundamental piece of software on any desktop these days, but some people still lack the knowledge to use it securely. While more and more services are accessed through a web browser, almost all actions done through a browser are tracked and analyzed by various parties. Securing access to internet services and preventing tracking is an important aspect of using the internet in a safe manner.
Cookie Tracking
Let’s assume you have browsed an e-commerce website, selected a product you wanted and placed that in the shopping cart. But at the last second, you have decided to give it a second thought and think a little longer if you really needed that. After a while, you start seeing ads of that same product following you around the web. When clicking on the ads, you are immediately sent to the product page of that store again. It’s not uncommon that the products you placed in the shopping cart are still there, just waiting for you to decide to check them out. Have you ever wondered how they do that? How they show you the right ad at another web page? The answer for these questions is called cookie tracking.
Cookies are small files a website can save on your computer in order to store and retrieve some kind of information that can be useful for your navigation. They have been in use for many years and are one of the oldest ways to store data on the client side. One good example of their use are unique shopping card IDs. That way, if you ever come back to the same website in a few days, the store can remember you the products you’ve placed in your cart during your last visit and save you the time to find them again.
That’s usually okay, since the website is offering you a useful feature and not sharing any data with third parties. But what about the ads that are shown to you while you surf on other web pages? That’s where the ad networks come in. Ad networks are companies that offer ads for e-commerce sites like the one in our example on one side, and monetization for websites, on the other side. Content creators like bloggers, for example, can make some space available for those ad networks on their blog, in exchange for a commission related to the sales generated by that ad.
But how do they know what product to show you? They usually do that by saving also a cookie from the ad network at the moment you visited or searched for a certain product on the e-commerce website. By doing that, the network is able to retrieve the information on that cookie wherever the network has ads, making the correlation with the products you were interested. This is usually one of the most common ways to track someone over the Internet. The example we gave above makes use of an e-commerce to make things more tangible, but social media platforms do the same with their “Like” or “Share” buttons and their social login.
One way you can get rid of that is by not allowing third party websites to store cookies on your browser. This way, only the website you visit can store their cookies. But be aware that some “legitimate” features may not work well if you do that, because many sites today rely on third party services to work. So, you can look for a cookie manager at your browser’s add-on repository in order to have a fine-grained control of which cookies are being stored on your machine.
Do Not Track (DNT)
Another common misconception is related to a certain browser configuration better known as DNT. That’s an acronym for “Do Not Track” and it can be turned on basically on any current browser. Similarly to the private mode, it’s not hard to find people that believe they will not be tracked if they have this configuration on. Unfortunately, that’s not always true. Currently, DNT is just a way for you to tell the websites you visit that you do not want them to track you. But, in fact, they are the ones who will decide if they will respect your choice or not. In other words, DNT is a way to opt-out from website tracking, but there is no guarantee on that choice.
Technically, this is done by simply sending an extra flag on the header of the HTTP request protocol (DNT: 1
) upon requesting data from a web server. If you want to know more about this topic, the website https://allaboutdnt.com is good starting point.
“Private” Windows
You might have noticed the quotes in the heading above. This is because those windows are not as private as most people think. The names may vary but they can be called “private mode”, “incognito” or “anonymous” tab, depending on which browser you are using.
In Firefox, you can easily use it by pressing Ctrl+Shift+P keys. In Chrome, just press Ctrl+Shift+N. What it actually does is open a brand new session, which usually doesn’t share any configuration or data from your standard profile. When you close the private window, the browser will automatically delete all the data generated by that session, leaving no trace on the computer used. This means that no personal data, like history, passwords or cookies are stored on that computer.
Thus, many people misunderstand this concept by believing that they can browse anonymous on the Internet, which is not completely true. One thing that the privacy or incognito mode does is avoid what we call cookie tracking. When you visit a website, it can store a small file on your computer which may contain an ID that can be used to track you. Unless you configure your browser to not accept third-party cookies, ad networks or other companies can store and retrieve that ID and actually track your browsing across websites. But since the cookies stored on a private mode session are deleted right after you close that session, that information is forever lost.
Besides that, websites and other peers on the Internet can still use plenty other techniques in order to track you. So, private mode brings you some level of anonymity but it’s completely private only on the computer you are using. If you are accessing your email account or banking website from a public computer, like in an airport or a hotel, you should definitely access those using your browser’s private mode. In other situations, there can be benefits but you should know exactly what risks you are avoiding and which ones have no effect. Whenever you use a public accessible computer, be aware that other security threats such as malware or key loggers might exist. Be careful whenever you enter personal information, including usernames and passwords, on such computers or when you download or copy confidential data.
Choosing the Right Password
One of the most difficult situations any user faces is choosing a secure password for the services they make use of. You have certainly heard before that you should not use common combinations like qwerty
, 123456
or 654321
, nor easily guessable numbers like your (or a relative’s) birthday or zip code. The reason for that is because those are all very obvious combinations and the first attempts an invader will try in order to gain access to your account.
There are known techniques for creating a safe password. One of the most famous is making up a sentence which reminds you of that service and picking the first letters of each word. Let’s assume I want to create a good password for Facebook, for example. In this case, I could come up with a sentence like “I would be happy if I had a 1000 friends like Mike”. Pick the first letter of each word and the final password would be IwbhiIha1000flM
. This would result in a 15 characters password which is long enough to be hard to guess and easy to remember at the same time (as long as I can remember the sentence and the “algorithm” for retrieving the password).
Sentences are usually easier to remember than the passwords but even this method has its limitations. We have to create passwords for so many services nowadays and as we use them with different frequencies, it will eventually be very difficult to remember all the sentences at the time we need them. So what can we do? You may answer that the wisest thing to do in this case is creating a couple good passwords and reuse them on similar services, right?
Unfortunately, that’s also not a good idea. You probably also heard you should not reuse the same password among different services. The problem of doing such a thing is that a specific service may leak your password (yes, it happens all the time) and any person who have access to it will try to use the same email and password combination on other popular services on the Internet in hope you have done exactly that: recycled passwords. And guess what? In case they are right you will end up having a problem not only on just one service but on several of them. And believe me, we tend to think it’s not going to happen to us until it’s too late.
So, what can we do in order to protect ourselves? One of the most secure approaches available today is using what is called a password manager. Password managers are a piece of software that will essentially store all your passwords and usernames in an encrypted format which can be decrypted by a master password. This way you only need to remember one good password since the manager will keep all the others safe for you.
KeePass is one of the most famous and feature rich open source password managers available. It will store your passwords in an encrypted file within your file system. The fact it’s open source is an important issue for this kind of software since it guarantees they will not make any use of your data because any developer can audit the code and know exactly how it works. This brings a level of transparency that’s impossible to reach with proprietary code. KeePass has ports for most operating systems, including Windows, Linux and macOS; as well as mobile ones like iOS and Android. It also includes a plugin system that is able to extend it’s functionality far beyond the defaults.
Bitwarden is another open source solution that has a similar approach but instead of storing your data in a file, it will make use of a cloud server. This way, it’s easier to keep all your devices synchronized and your passwords easily accessible through the web. Bitwarden is one of the few projects that will make not only the clients, but also the cloud server available as an open source software. This means you can host your own version of Bitwarden and make it available to anyone, like your family or your company employees. This will give you flexibility but also total control over how their passwords are stored and used.
One of the most important things to keep in mind when using a password manager is creating a random password for each different service since you will not need to remind them anyway. It would be worthless if you use a password manager to store recycled or easily guessable passwords. Thus, most of them will offer you a random password generator you can use to create those for you.
Encryption
Whenever data is transferred or stored, precautions need to be taken to ensure that third parties may not access the data. Data transferred over the internet passes by a series of routers and networks where third parties might be able to access the network traffic. Likewise, data stored on physical media might be read by anyone who comes into possession of that media. To avoid this kind of access, confidential information should be encrypted before it leaves a computing device.
TLS
Transport Layer Security (TLS) is a protocol to offer security over network connections by making use of cryptography. TLS is the successor of the Secure Sockets Layer (SSL) which has been deprecated because of serious flaws. TLS has also evolved a couple of times in order to adapt itself and become more secure, thus it’s current version is 1.3. It can provide both privacy, and authenticity by making use of what is called symmetric and public-key cryptography. By saying that, we mean that once in use, you can be sure that nobody will be able to eavesdrop or alter your communication with that server during that session.
The most important lesson here is recognizing that a website is trustworthy. You should look for the “lock” symbol on the browser’s address bar. If you desire, you can click on it to inspect the certificate that plays an important role in the HTTPS protocol.
TLS is what is used on the HTTPS protocol (HTTP over TLS) in order to make it possible to send sensitive data (like your credit card number) through the web. Explaining how TLS works goes way beyond the purpose of this article, but you can find more information on the Wikipedia and at the Mozilla wiki.
File and E-mail Encryption With GnuPG
There are plenty of tools for securing emails but one of the most important of them is certainly GnuPG. GnuPG stands for GNU Privacy Guard and it is an open source implementation of OpenPGP which is an international standard codified within RFC 4880.
GnuPG can be used to sign, encrypt, and decrypt texts, e-mails, files, directories, and even whole disk partitions. It works with public-key cryptography and is widely available. In a nutshell GnuPG creates a pair of files which contain your public and private keys. As the name implies, the public key can be available to anyone and the private key needs to be kept in secret. People will use your public key to encrypt data which only your private key will be able to decrypt.
You can also use your private key to sign any file or e-mail which can be validated against the corresponding public key. This digital signage works analogous to the real world signature. As long as you are the only one who posses your private key, the receiver can be sure that it was you who have authored it. By making use of the cryptographic hash functionality GnuPG will also guarantee no changes have been made after the signature because any changes to the content would invalidate the signature.
GnuPG is a very powerful tool and, in a certain extent, also a complex one. You can find more information on its website and on Archlinux wiki (Archlinux wiki is a very good source of information, even though you don’t use Archlinux).
Disk Encryption
A good way to secure your data is to encrypt your whole disk or partition. There are many open source softwares you can use to achieve such a purpose. How they work and what level of encryption they offer also varies significantly. There are basic two methods available: stacked and block device encryption.
Stacked filesystem solutions are implemented on top of existing filesystem. When using this method, the files and directories are encrypted before being stored on the filesystem and decrypted after reading them. This means the files are stored on the host filesystem in an encrypted form (meaning that their contents, and usually also their file/folder names, are replaced by random-looking data), but other than that, they still exist in that filesystem as they would without encryption, as normal files, symlinks, hardlinks, etc.
On the other hand, block device encryption happens below the filesystem layer, making sure everything that is written to a block device is encrypted. If you look to the block while it’s offline, it will look like a large section of random data and you won’t even be able to tell what type of filesystem is there without decrypting it first. This means you can’t tell what is a file or directory; how big they are and what kind of data it is, because metadata, directory structure and permissions are also encrypted.
Both methods have their own pros and cons. Among all the options available, you should take a look at dm-crypt, which is the de-facto standard for block encryption for Linux systems, since it’s native in the kernel. It can be used with LUKS (Linux Unified Key Setup) extension, which is a specification that implements a platform-independent standard for use with various tools.
If you want to try a stackable method, you should take a look at EncFS, which is probably the easiest way to secure data on Linux because it does not require root privileges to implement and it can work on an existing filesystem without modifications.
Finally, if you need to access data on various platforms, check out Veracrypt. It is the successor of a Truecrypt and allows the creation of encrypted media and files, which can be used on Linux as well as on macOS and Windows.
Guided Exercises
-
You should use a “private window” in your browser if you want:
To browse completely anonymous on the Internet
To leave no trace on the computer you’re using
To activate TLS to avoid cookie tracking
In order to use DNT
To use cryptography during data transmission
-
What is OpenStack?
A project that allows the creation of private IaaS
A project that allows the creation of private PaaS
A project that allows the creation of private SaaS
A hypervisor
An open source password manager
-
Which of the below options are valid disk encryption softwares?
RevealJS, EncFS and dm-crypt
dm-crypt and KeePass
EncFS and Bitwarden
EncFS and dm-crypt
TLS and dm-crypt
-
Select true or false for dm-crypt device encryption:
Files are encrypted before being written to the disk
The entire filesystem is an encrypted blob
Only files and directories are encrypted, not symlinks
Don’t require root access
Is a block device encryption
-
Beamer is:
An encryption mechanism
A hypervisor
A virtualization software
An OpenStack component
A LaTeX presentation tool
Explorational Exercises
-
Most distributions come with Firefox installed by default (if yours doesn’t, you will have to install it first). We are going to install a Firefox extension called Lightbeam. You can do that by either pressing Ctrl+Shift+A and searching for “Lightbeam” on the search field that will be shown on the tab opened, or by visiting the extension page with Firefox and clicking on the “Install” button: https://addons.mozilla.org/en-GB/firefox/addon/lightbeam-3-0/. After doing this, start the extension by clicking on its icon and start visiting some webpages on other tabs to see what happens.
-
What is the most important thing when using a password manager?
-
Use your web browser to navigate to https://haveibeenpwned.com/. Find out the purpose of the website and check if your email address was included in some data leaks.
Summary
The terminal is a powerful way to interact with the system and there are lots of useful and very mature tools to use in this kind of environment. You can get to the terminal by looking for a graphical one at your desktop environment menu or pressing Ctrl+Alt+F#.
Linux is largely used in the tech industry to offer IaaS, PaaS and SaaS services. There are three main hypervisors which play an important role in supporting those: Xen, KVM and Virtualbox.
The browser is an essential piece of software in computing nowadays, but it’s necessary to understand some things to use it with safety. DNT is just a way to tell the website that you do not want to be tracked, but there is no guarantee on that. Private windows are private only to the computer you’re using but this can allow you to escape from cookie tracking exactly because of that.
TLS is able to encrypt your communication on the Internet, but you have to be able to recognize when it’s in use. Using strong passwords is also very important to keep you safe, so the best idea is to delegate that responsibility to a password manager and allow the software to create random passwords to every site you log into.
Another way to secure your communication is to sign and encrypt your files folders and emails with GnuPG. dm-crypt and EncFS are two alternatives to encrypt whole disks or partitions that use respectively block and stack encryption methods.
Finally, LibreOffice Impress is a very complete open source alternative to Microsoft Powerpoint but there are Beamer and RevealJS if you prefer to create presentations using code instead of GUIs. ProjectLibre and GanttProject can be the right choice if you need a Microsoft Project replacement.
Answers to Guided Exercises
-
You should use a “private window” in your browser if you want:
To browse completely anonymous on the Internet
To leave no trace on the computer you’re using
X
To activate TLS to avoid cookie tracking
In order to use DNT
To use cryptography during data transmission
-
What is OpenStack?
A project that allows the creation of private IaaS
X
A project that allows the creation of PaaS
A project that allows the creation of SaaS
A hypervisor
An open source password manager
-
Which of the below options are valid disk encryption softwares?
RevealJS, EncFS and dm-crypt
dm-crypt and KeePass
EncFS and Bitwarden
EncFS and dm-crypt
X
TLS and dm-crypt
-
Select true or false for dm-crypt device encryption:
Files are encrypted before being written to the disk
T
The entire filesystem is an encrypted blob
T
Only files and directories are encrypted, not symlinks
F
Don’t require root access
F
Is a block device encryption
T
-
Beamer is:
An encryption mechanism
A hypervisor
A virtualization software
An OpenStack component
A LaTeX presentation tool
X
Answers to Explorational Exercises
-
Most distributions come with Firefox installed by default (if yours doesn’t, you will have to install it first). We are going to install a Firefox extension called Lightbeam. You can do that by either pressing Ctrl+Shift+A and searching for “Lightbeam” on the search field that will be shown on the tab opened, or by visiting the extension page with Firefox and clicking on the “Install” button: https://addons.mozilla.org/en-US/firefox/addon/lightbeam. After doing this, start the extension by clicking on it’s icon and start visiting some webpages on other tabs to see what happens.
Remember those cookies we said that can share your data with different services when you visit a website? That’s exactly what this extension is going to show you. Lightbeam is a Mozilla experiment that tries to reveal the first and third party sites you interact with upon visiting a single URL. This content is usually not visible to the average user and it can show that sometimes a single website is able to interact with a dozen or more services.
-
What is the most important thing when using a password manager?
When using a password manager, the most important thing to have in mind is memorizing your master password and use a unique random password for each different service.
-
Use your web browser to navigate to https://haveibeenpwned.com/. Find out the purpose of the website and check if your email address was included in some data leaks.
The website maintains a database of login information whose passwords were affected by a password leak. It allows searching for an email address and shows if that email address was included in a public database of stolen credentials. Chances are that your email address is affected by one or the other leak, too. If that is the case, make sure you have updated your passwords recently. If you don’t already use a password manager, take a look at the ones recommended in this lesson.