I’ve come across XZ files more than once, most recently when downloading Kali Linux. It should be a fairly common knowledge now, but some operating systems still don’t support is – so I decided to research and to document it.

What is XZ file?

XZ is a modern lossless compression algorithm, it’s more efficient that gzip and bzip2. Apparently, many Linux distros are using XZ for compressing their software packages or ISO images. XZ is an open-source format maintained via Tukaani Project – XZ.

Support for XZ in tar

Modern Linux distros (certainly Ubuntu 19.x and CentOS 7.x when I checked today) have xz utils package installed, which allows tar command to automatically unpack XZ files.

If xz-utils didn’t come preinstalled, you can install it like this in Ubuntu/Debian:

# apt install xz-utils

or like this in CentOS/Fedora/RedHat:

# yum install xz

gzip/gunzip Support for XZ in macOS

Although tar in macOS doesn’t support XZ format natively:

greys@mcfly:~/Downloads $ tar xzvf kali-linux-2020.1-rpi3-nexmon-64.img.xz
 tar: Error opening archive: Unrecognized archive format

… you can still use gunzip to decompress the XZ file in macOS:

greys@mcfly:~/Downloads $ ls -al kali-linux-2020*
-rw-r--r--@ 1 greys  staff      259647 30 Jan 22:57 kali-linux-2020-1.png
-rw-r--r--@ 1 greys  staff  1048328860 30 Jan 23:06 kali-linux-2020.1-rpi3-nexmon-64.img.xz
greys@mcfly:~/Downloads $ gunzip kali-linux-2020.1-rpi3-nexmon-64.img.xz
greys@mcfly:~/Downloads $ ls -ald kali-linux-2020.1-rpi3-nexmon-64.img
-rw-r--r--  1 greys  staff  6999999488 30 Jan 23:06 kali-linux-2020.1-rpi3-nexmon-64.img

xz-utils in macOS

If you insist on managing XZ files using xz utils, you’ll need to install them with brew:

… and then a whole bunch of XZ commands becomes available:

xz
xzcat
xzcmp
xzdec
xzdiff
xzegrep
xzfgrep
xzgrep
xzless
xzmore

See Also

• XZ utils website
• 7zip in Ubuntu
• How To Use 7zip

As promised, this is my very first annual summary of interesting things in my industry (Unix/Linux administration) and on my Unix Tutorial blog.

Please get in touch to arrange a technical consultation or book a training!

Unix Tutorial News

2019 has been a tremendous year for my blog: almost a million visits to my posts and pages, hundreds of interesting topics researched and even more planned for the year ahead.

Here are just some of the notable changes on Unix Tutorial:

• Unix Tutorial website now has a chat feature! This means you can ping me and ask a quick question or discuss a project you need help with
• Basic Unix Commands section is even closer to completion – still a few commands to document but shouldn’t take long now.
• Unix Tutorial page grew to 1500+ likes on Facebook
• Unix Reference pages were added – will keep focus on them going forward. Let me know if you want any of the topics there turned into an eBook!
• Unix Tutorial RU – Линукс администрирование по-русски – I launched a version of my blog for Russian speakers

Unix and Linux News

Quite a few great changes happened in 2019:

• Linux Kernel 5.0.0 got released in March
• IBM bought Red Hat for $34B – will be the best of two worlds going forward!
• Red Hat Enterprise Linux 8.0 was released – a massive push forward across the board – so many new things in it now! RHEL 8.1 followed in November
• Ubuntu 19.04 and Ubuntu 19.10 were released
• Kali Linux 2019.4
• Linux Mint 19.2 and 19.3 were released
• Debian 10 arrived in July
• macOS Catalina was released – am sporting it on all my Apple systems
• Raspberry 4 arrived – an impressive upgrade

Software News

• Brave 1.0 browser got released – my primary browser that keeps blocking ads and trackers at an impressive rate
• VirtualBox 6.1 released – this is the must-have software on Linux and Windows platforms, such a great and stable desktop virtualization product
• tmux 3.0 arrived – I already upgraded tmux to 3.0a on my macOS systems to tmux 3.0a version
• Firefox established new release cycle so improved versions are made available much sooner now
• Homebrew 2.0.0 was released
• Perl 6 (can’t believe it’s been around since 2015!) was renamed into Raku
• Swift 5 was released by Apple
• Java SE 12 arrived
• HTTP/3 gained adoption and full support in Chrome and Firefox. Naturally, nginx led the way with an HTTP/3 module.
• Jekyll 4 arrived – I really like using it for my static sites so I upgraded my macOS systems to Jekyll 4
• Glimpse, a fork of GIMP graphics editor, finally became available

Scary Stuff

It didn’t always seem like it, but 2019 turned out to be a very scary year in terms of exploits, hardware and software vulnerabilities and hacks of major software repos

• Docker Hub was hacked and information about 190k users (including password hashes) got leaked in April
• PEAR (PHP) repository got hacked
• Even more hardware attacks got identified for both Intel and AMD processes
• GitHub, Bitbucket and GitLab all got affected by ransom attacks encrypting repositories
• In May Firefox had that incident with intermediary certificates which instantly blocked browser extensions in millions of browsers
• In September, Richard Stallman was forced to resign from Free Software Foundation

We live in exciting times. It’s been fun to try new products and services in 2019 and all the things indicate that 2020 will be even more impressive in terms of innovations and rapid adoption of new standards and technologies.

That’s it for the Year of 2019!

See Also

• Unix Tutorial Digest
• Past Unix Tutorial Digests
• Linux Commands
• Unix commands
• Basic Unix commands
• Basic Linux Commands
• Advanced Unix commands

Hey everyone, just wanted to wish you all a Happy New Year and to welcome you into 2020!

Unix Tutorial: 2019 in Numbers

2019 has been the greatest year in all of the UnixTutorial.org history: 970K views – that’s just one typical week shy of a whole 1 million post and page views!

I’m super thankful to everyone who stopped by and plan to make 2020 an even bigger success – for you and for me.

I made 258 posts last year, so it will be really great to do 300 or more in 2020.

Need Any Help?

Please get in touch or ask a question in chat widget, I would love to help you solve quick and not so quick Unix challenges.

I’m also looking for opportunities in training – so if you have a team of technical professionals looking for guidance with Unix/Linux administration – please get in touch to arrange a custom training program or just have me create or review a manual or technical guide.

See You Around

2020 will be an awesome year – THANK YOU and hope you see you on Unix Tutorial pages and my Facebook group.

Greetings from Germany!

We’re spending Christmas break away from Ireland this year, so most of the week has been pre-scheduled posts as I’m offline until we come back.

Want to take a moment and wish you a very happy Christmas! Great time to spend time with family and maybe catch up on RSS and ebook reading on some of the quiet wintery mornings.

Will be back soon, hope you’re all having a great time!

Want to try an experiment for a few weeks – added a live chat box on Unix Tutorial, so if I’m online you can ask me a question.

Feel free to ask anything and I’ll do my best to help out!

Disclaimer:

• this is just an experiment, I may take this down at any time
• for now it’s a free support and therefore a best effort service
• I’m in Dublin, Ireland – if you’re in a different time zone, I may be offline during your day time
• for now I plan to only help with basic Unix/Linux questions, so mostly advice and not actual technical support

See Also

• Unix Tutorial
• Unix Tutorial Digest
• Contact me

macOS has a very flexible and striving kernel modules ecosystem. There are so many granularities for integrating with OS kernel that modules are called extensions. Many third party software packages install their own kernel extensions in macOS.

List Kernel Extensions in macOS

Here’s how many kernel extensions my MacBook with macOS Catalina runs:

greys@MacBook-Pro:~ $ kextstat
Index Refs Address            Size       Wired      Name (Version) UUID 
    1  141 0xffffff7f80c3e000 0xc340     0xc340     com.apple.kpi.bsd (19.0.0) 4138A7E1-7AAC-46CC-A40D-B3CD34D42A0F
    2   12 0xffffff7f8106f000 0x5d00     0x5d00     com.apple.kpi.dsep (19.0.0) 28FFE9F3-6AA9-4B45-8083-5E1F8339A1B7
    3  171 0xffffff7f80c07000 0x25750    0x25750    com.apple.kpi.iokit (19.0.0) F32F3E6F-CA35-474E-A19D-DA902B7DF058
    4    0 0xffffff7f84153000 0x57e0     0x57e0     com.apple.kpi.kasan (19.0.0) D8CD3720-E2FA-4653-9782-75A7A305A795
    5  177 0xffffff7f80c2d000 0x10070    0x10070    com.apple.kpi.libkern (19.0.0) EF0ABB46-BDD6-43F7-BA12-94619B2FC0D8
    6  158 0xffffff7f80c00000 0x62e0     0x62e0     com.apple.kpi.mach (19.0.0) AE30D5D8-CC3C-491C-804D-297CD2CDE62A
    7   88 0xffffff7f80c54000 0x104c0    0x104c0    com.apple.kpi.private (19.0.0) 1F6F48E4-F657-406A-B278-F6D4E2175FD3
    8  100 0xffffff7f80c4b000 0x8200     0x8200     com.apple.kpi.unsupported (19.0.0) 5C7AA78C-E5AD-4D6A-97F5-42F9B3766819
    9    2 0xffffff7f80db9000 0x10000    0x10000    com.apple.kec.Libm (1) 9946AE67-6E42-30DF-8E4D-BA58C59B961E <5>
   10   11 0xffffff7f81699000 0xd8000    0xd8000    com.apple.kec.corecrypto (1.0) 827A0D77-211B-330E-8C84-A0DE01F13426 <8 7 6 5 3 1>

...

  233    1 0xffffff7f85713000 0x6000     0x6000     com.apple.driver.usb.serial (6.0.0) 57547DE4-80AD-3418-B964-2D6370E3C92A <102 28 6 5 3 1>
  234    0 0xffffff7f85719000 0x8000     0x8000     com.apple.driver.usb.cdc.acm (5.0.0) A5C845ED-E909-3B4A-8C20-F4013C9AA466 <233 107 106 105 102 28 6 5 3 1>

greys@MacBook-Pro:~ $ kextstat  | wc -l
     186

Show Third Party Kernel Extensions

It is so common for software to be installing kernel extensions in macOS, that some extensions stay running long after you stop using the software that brought them. Whether extensions stay or not highly depends on how you removed or upgraded the software (most installers are pretty good at tidying up).

If you exclude extensions starting with com.apple, you can see the third party ones:

greys@MacBook-Pro:~ $ kextstat  | grep -v com.apple
Index Refs Address            Size       Wired      Name (Version) UUID 
   17    0 0xffffff7f81075000 0xc000     0xc000     com.fsecure.XFENCE (1.8.88) 83DEF05D-E416-322C-871A-55308708CB27 <8 6 5 3 2 1>
   95    0 0xffffff7f810b0000 0x185000   0x185000   at.obdev.nke.LittleSnitch (5430) 7462BC7A-1330-3F92-A73F-3FBFE331C74A <8 6 5 3 1>
  139    0 0xffffff7f813b1000 0x6000     0x6000     com.acronis.fileprotector (1.5) F74F91DC-0D15-3880-B60A-81070629A1D5 <29 8 6 5 3 1>
  166    0 0xffffff7f8148f000 0x6000     0x6000     com.valvesoftware.SteamInput (3083.39.62) DED4413E-CD8E-3E56-B0AB-7B3B20ECE4BF <50 6 5 3>
  167    0 0xffffff7f8145e000 0x1e000    0x1e000    com.kaspersky.kext.klif (3.6.15a14) 86F2DE0E-8DBE-3DEA-B091-7E459F9739B9 <29 6 5 3 1>
  168    0 0xffffff7f8144c000 0xc000     0xc000     com.kairos.driver.DuetDisplay (1) 7620686C-E9CE-3C70-AA12-DC77DABA52DD <117 6 5 3>
  170    0 0xffffff7f812fb000 0x7000     0x7000     org.pqrs.driver.Karabiner.VirtualHIDDevice.v040600 (4.6.0) D92AF3AB-DDF6-3B68-B481-7297ABD9F291 <50 6 5 3 1>
  171    0 0xffffff7f80ff6000 0x5c000    0x5c000    com.kaspersky.nke (2.4.7a10) 5BA7A711-DA4B-3557-83EE-FABA43B43968 <19 8 6 5 3 1>
  172    0 0xffffff7f80ebc000 0x7000     0x7000     com.AmbrosiaSW.AudioSupport (4.1.4) no UUID <115 6 5 3 1>
  173    0 0xffffff7f80dac000 0x5000     0x5000     com.techsmith.TACC (1.0.3) 851BEDD1-1D12-3756-A948-978610078DEF <6 5 3>
  188    0 0xffffff7f855b6000 0x5000     0x5000     org.pqrs.driver.Karabiner.VirtualHIDDevice.v061000 (6.10.0) 4D004D1A-ED2F-3780-AD53-A10F286EC759 <50 6 5 3 1>

greys@MacBook-Pro:~ $

This has been a useful exercise, cause I already see how some kexts are no longer needed – I’ll find out how to safely remove them and will create another post on Unix Tutorial later.

See Also

• macOS
• Automating macOS screenshots with Hazel
• macOS Catalina

I love reading man pages for even the most basic Unix commands like ls, because there’s always something interesting to learn. Today I discovered that it’s possible to sort ls output by file size.

Sort ls by file size

Simply add the capital S to command line options and you’ll see your output sorted by file size. Be sure to use long output form (-l option). I’m adding more command to the mix because I know that /usr/lib is a directory with quite a number of files:

greys@srv:/usr/bin $ ls -lS /usr/lib | more
total 492
-rwxr-xr-x  1 root 74688 Feb  1  2019 klibc-ae-2A4n9ZnfImcw9WIt7dF-3OvQ.so
-rw-r--r--  1 root 56480 Jan 14  2018 libdiscover.so.2.0.1
-rw-r--r--  1 root 22448 Aug 29  2016 libsupp.a
drwxr-xr-x 27 root 20480 Nov 24 01:00 python2.7
drwxr-xr-x 24 root 20480 Nov 26 22:12 x86_64-linux-gnu
-rw-r--r--  1 root 18336 Feb 26  2019 libau.so.2.10
drwxr-xr-x  3 root 12288 Sep 14 18:43 git-core
drwxr-xr-x 30 root 12288 Sep 14 18:44 python3.7
drwxr-xr-x 15 root 12288 Nov 26 22:12 systemd
drwxr-xr-x  2 root  4096 Aug 30 10:03 apparmor
drwxr-xr-x  5 root  4096 Aug 30 10:02 apt
drwxr-xr-x  2 root  4096 Aug 30 10:05 bfd-plugins

Reverse Sorting with ls command

Don’t know about you, but I prefer reverse sorting in most commands – this means largest objects are shown at the end of the output. The reason I do it this way is to avoid using pagers like more or less. Another reason is I can scroll up to explore further output of the ls command without having to rerun anything.

So here’s the same command run with the -r option for reverse output (I’m only showing last few lines):

...
drwxr-xr-x  2 root  4096 Aug 30 10:04 discover
drwxr-xr-x  2 root  4096 Aug 30 10:04 dbus-1.0
drwxr-xr-x  2 root  4096 Nov  3 20:02 console-setup
drwxr-xr-x  2 root  4096 Aug 30 10:05 compat-ld
drwxr-xr-x  2 root  4096 Nov 10 06:04 chrony
drwxr-xr-x  2 root  4096 May 24  2019 binfmt.d
drwxr-xr-x  2 root  4096 Aug 30 10:05 bfd-plugins
drwxr-xr-x  5 root  4096 Aug 30 10:02 apt
drwxr-xr-x  2 root  4096 Aug 30 10:03 apparmor
drwxr-xr-x 15 root 12288 Nov 26 22:12 systemd
drwxr-xr-x 30 root 12288 Sep 14 18:44 python3.7
drwxr-xr-x  3 root 12288 Sep 14 18:43 git-core
-rw-r--r--  1 root 18336 Feb 26  2019 libau.so.2.10
drwxr-xr-x 24 root 20480 Nov 26 22:12 x86_64-linux-gnu
drwxr-xr-x 27 root 20480 Nov 24 01:00 python2.7
-rw-r--r--  1 root 22448 Aug 29  2016 libsupp.a
-rw-r--r--  1 root 56480 Jan 14  2018 libdiscover.so.2.0.1
-rwxr-xr-x  1 root 74688 Feb  1  2019 klibc-ae-2A4n9ZnfImcw9WIt7dF-3OvQ.so
greys@srv:~ $

That’s it for today – hope you’ve learned something new today.

See Also

• ls command
• Colours in ls output
• bat – syntax highlight
• more command
• List SELinux contexts with ls

It’s Black Friday, meaning there’s lots of great deals online – hardware, software and hosting.

Here’s just a few things I really liked:

• Online.net (where I rent a few dedicated hosts) have 50-70% discounts on great servers
• WP Engine have 5 months free for new customers – Cyber Weekend
• Tunnel Bear VPN have a Black Friday discount – added to yearly plan means $49.99 instead of $119.88 per year

Have a great weekend!

Just as I published last Unix Tutorial Digest on November 5th, RHEL 8.1 release got shipped – think this is a great incremental release bringing a number of key improvements to the Red Hat Enterprise Linux 8.

RHEL 8 Release Cadence

Red Hat announced that going forward Red Hat Enterprise Linux OS will be receiving regular updates every 6 months. Since RHEL 8 release was in May 2019, this current RHEL 8.1 update is right on time, 6 months after.

RHEL 8.1 Improvements I Want To Try

There’s a number of great improvements in this release:

• Live Kernel Patching with kpatch
• SELinux profiles for containers and tbolt for Thunderbolt devices – will be cool to try on my RHEL 8 PC
• Perhaps try RHEL 7.6 in-place upgrade to RHEL 8.1
• Review rhel-system-roles and specifically the new storage role added in RHEL 8.1
• LUKS2 online re-encryption
• RHEL 8 Web Console
  • firewall zones management
  • Virtual Machines configuration

I also want to try Red Hat Universal Base Image for RHEL 8 – it’s been around since initial release in May, I just never got the chance to have a look.

See Also

• Red Hat Enterprise Linux 8.1 release notes
• RHEL 8 Reference
• Red Hat Linux
• Hello, world with podman
• Docker software

Since reinstalling certain software packages on my Linux desktop, Linux laptop and Macbook a few times in the past months, I’m positively in love with the Homebrew project. Today I’ll share my understanding of its basic deployment modules: casks vs formulae.

What Homebrew does

Homebrew project is the magic behind brew command – it’s a software manager that assists with source-code and binary distributions of various software projects.

Specifically, brew is popular on macOS platform where most of software is traditionally installed using graphical user interface (GUI) or via AppleScript automation. Recent versions of macOS exposed a number of relevant interfaces via command line, but average user (and most of advanced users/developers) still had to resort to some enterprise level proprietary delivery and installation mechanism.

With the arrival of Homebrew, things got much easier. A typical software installation is now simpler and quite comparable to the number of steps required in other Unix and Unix-like operating systems:

1. You enable relevant software repo
2. You install software package

With brew, first install is similar:

1. You install Homebrew
2. You install software package

But later things get even simpler:

1. You simply use brew to install software package

This is mostly due to the fact that Homebrew supports both standard and third-party software using its own centralised approach to software packaging. Application owners define a formula for installing their software, get in touch with Homebrew team to add it to the project, and going forward things happen pretty much automatically.

In Linux world, many software packages are still distributed independently or have to make their way into a specific application/software store – so many small projects are hard to find.

brew formula

Each Open Source package integrated with Homebrew is configured using a brew formula. It’s a Ruby language based configuration file that explains how the software can be downloaded from GitHub or similar repository and then compiled.

Here’s a formula for htop command:

class Htop < Formula
  desc "Improved top (interactive process viewer)"
  homepage "https://hisham.hm/htop/"
  url "https://hisham.hm/htop/releases/2.2.0/htop-2.2.0.tar.gz"
  sha256 "d9d6826f10ce3887950d709b53ee1d8c1849a70fa38e91d5896ad8cbc6ba3c57"
  revision 1

  bottle do
    cellar :any
    sha256 "c06ff60960f64f5c8395f53d7419cbcce2a22ee87f0cb0138352c8a88111d21c" => :catalina
    sha256 "77aa302765353b4085dcad52356d3264183e06310dda8d5bac64642299ea2902" => :mojave
    sha256 "0ebfb655b91566ba31f8effc94d642a43305ff95bdc9b30b46fadc132e2ced0c" => :high_sierra
    sha256 "ed93b86f011de155c5d261b8c9cc9cb81fd0017667bf3ebe26ee090716bcd650" => :sierra
  end

  head do
    url "https://github.com/hishamhm/htop.git"
 
    depends_on "autoconf" => :build
    depends_on "automake" => :build
    depends_on "libtool" => :build
  end
 
  depends_on "pkg-config" => :build
  depends_on "ncurses" # enables mouse scroll
 
  def install
    system "./autogen.sh" if build.head?
    system "./configure", "--prefix=#{prefix}"
    system "make", "install"
  end
 
  def caveats; <<~EOS
    htop requires root privileges to correctly display all running processes, so you will need to run `sudo htop`.
    You should be certain that you trust any software you grant root privileges.
  EOS
  end
 
  test do
    pipe_output("#{bin}/htop", "q", 0)
  end
end

brew install

Installing software from brew formulae is easy:

$ brew install htop

brew cask

brew cask is an extension to standard brew based software management, it’s a type of formula that documents the process of installing a graphical application (and not entirely coincidentally closed-source software).

Similar to brew formula, cask defines where software can be downloaded and what dependenices it has, but specification is so flexible that you can even download binary packages from developer websites. If it’s a paid project, you’ll probably get a chance to download a trial copy (that you later can enable using a valid serial number for that software).

Here’s brew cask for my password manager of choice, 1Password:

cask '1password' do
  version '7.4'
  sha256 'e6b26726d2e67fa33f0a3dadd84fab8d7a2b0a7b281b3d55a62cd7b226080f91'

  url "https://c.1password.com/dist/1P/mac#{version.major}/1Password-#{version}.zip"
  appcast "https://app-updates.agilebits.com/product_history/OPM#{version.major}"
  name '1Password'
  homepage 'https://1password.com/'
 
  auto_updates true
  depends_on macos: '>= :sierra'
 
  app "1Password #{version.major}.app"
 
  zap trash: [
               "~/Library/Application Scripts/2BUA8C4S2C.com.agilebits.onepassword#{version.major}-helper",
               "~/Library/Application Scripts/com.agilebits.onepassword#{version.major}",
               "~/Library/Application Scripts/com.agilebits.onepassword#{version.major}-launcher",
               '~/Library/Application Scripts/com.agilebits.onepasswordnativemessaginghost',
               "~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword#{version.major}-helper",
               "~/Library/Containers/com.agilebits.onepassword#{version.major}",
               "~/Library/Containers/com.agilebits.onepassword#{version.major}-launcher",
               '~/Library/Containers/com.agilebits.onepasswordnativemessaginghost',
               '~/Library/Group Containers/2BUA8C4S2C.com.agilebits',
               '~/Library/Logs/1Password',
               "~/Library/Preferences/com.agilebits.onepassword#{version.major}.plist",
             ]
end

brew cask install

Installing brew casks is easy:

$ brew cask install 1password

That’s all I wanted to explain today. Let me know if you have any questions!

See Also

• Homebrew
• Install Docker with brew
• Install Brave browser with brew
• Homebrew project
• brew command is missing
• Homebrew in Linux