03.07.21

How To Deal With Your Raspberry Spy — Part V: All The Rest

Posted in BSD, Free/Libre Software, GNU/Linux at 2:19 am by Guest Editorial Team

By Gavin L. Rebeiro

Contents

Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge
2.2 Apparatus

3 Fundamentals

3.1 Communication
3.2 Kernel Ring Buffer
3.3 Drivers
3.4 Operating Systems
3.5 Special Files

4 Doing The Task

4.1 Preparing The Boot Media
4.2 Connecting Physical Components
4.3 Using Picocom
4.4 OS Installation

5 YOU ARE HERE ☞ Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: The final part of a series on liberating the Raspberry Spy from an untrustworthy OS that secretly adds Microsoft keys and proprietary software repositories of Microsoft (see Part I, Part II, Part III, and Part IV)

THIS part is mostly addenda.

Chapter 5: Thanks

We’d like to take the opportunity to thank you, the reader. We believe everyone deserves a computing education; however, the topics of computing freedom and how computing affects our basic human rights are neglected in computing education today; at E2EOPS PRESS we strive to change this. Our goal is to inform, educate, and inspire. Computing is also a lot of fun! We want everyone to experience the joys of computing. We hope you enjoyed this issue of our periodical as much as we enjoyed bringing it to you!

Our work requires research, equipment, and infrastructure to deliver. We strive for the best quality in all we do. If you would like to support us, there are several ways you can do so. Any support we get from you enables us to bring you the best we possibly can.

We distribute all our periodicals via peer-to-peer technology. There are things we publish that some people don’t want out in the open. Thus, if you can contribute to the peer-to-peer sharing, you would be helping us out immensely!

If you would like to support us by making a cash donation, we have a Paypal account that you can send donations to:

• https://www.paypal.com/donate?hosted_button_id=B5VPZJBKLL2S6

For those that like to use QR codes, you can use the following QR code to donate to our Paypal.

If you’d like to donate in some other way, you can send an email to donations@e2eops.io and have a chat with us about it.

For encrypted communications, you can use the OpenPGP Key provided in chapter 6.

And, as always, happy hacking!

Chapter 6: OpenPGP Key

At E2EOPS PRESS, we take your privacy seriously. If you want to send us an encrypted message, you can do so with the following OpenPGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBF7JMNYBDACeCfa+NpFSOUOyIKqdZdtIjEZCaLzBKQmnqLJo/5BZZiCrGK8+
MYUfBz6iiEqEJf7N0R6Kg/esyIEy35uYdiLr66fg/sEXHk5eW/9Hanex/Igk9nmg
1+eGo1sk/MQh7lUNydqOHVokhjcPHleUGiJE/F0MjDvs/xTN1HYf1uhmJOZbpL/D
oTcTssL1BB2b95QfuUViX7I/+Xoe4VSaxdVlVGGCSI8jAPqb+0PYX6N2yHllFaRI
8D4cQkKpP5z2Y9m65ALWsR0M6GBUIeYe4QzfBVwuPg7TAiSpZWDC3vPIWFsC1zbL
NT4y6bxjv9gE0S3GVXZC/bTHuVL3FNrStnMFX0z8E4c19vyo9TyTxXLKC7Qy/dWJ
Nf+3tbgNQ7yR8MBwciyQho9MltrIFTz+JXZj7xCM0QiYgTo4rBl9eczaGLZwlOJn
sybs3Ia0ZTfm5yQAQ3eJ4yKKkiCjADF6fq6AVgV0D36wgBiZnVa+zbSteamUM7L8
JN4rzqfm587d+/0AEQEAAbQgR2F2aW4gTC4gUmViZWlybyA8Z2xyQGUyZW9wcy5p
bz6JAdEEEwEKADsCGwMCHgECF4AFCwkIBwIGFQoJCAsCBBYCAwEWIQTHhRt/mdsE
uRCTt6QUP5lU/9Mq/wUCXyPcLAIZAQAKCRAUP5lU/9Mq/xtpC/9nEcxWrB5e3W1o
Xl8W9uumnwG5o2ZUYfHtQ+QVpkowdQgEFPLTBicWRPnb61eaT/60hkhH68Gb1oVZ
BHHN3YNF9qqQHqOT1iAuP0nidkHXUaz4Bbl0wR8brvY2aJO4l03sOWztQHkAoo+u
wNohHM1lwqKYN+HRWm+JyTRxw/YHkYI1Rz1aN9hUNTax1HqAm5fSq+R/VKyUZ9tI
2D93p2PK+c1SEJS1goBnlJu4HW2T7NA7oUboKG0J4h2yBV6WtSgskFEWqYEBzvxw
ZaWzooOnJRPc+CibhRuH9VJvegRCkwZcNuZfHBKkh+d30LaJJlpifnu9ADs0PkXx
HUsHlgMjUbzjztFEBmAjS8PvKOG2nJxcv362749/M6vI7KP7ktf4i+3wZLe8BC5y
hSAAQtLUBC/IratA+4NSI8lxDlNB+rrFTXzYTVGscJWlACCK4l0xaXNC0OBcRosH
oFMgSogrXrQ2SsSu8oeVOjx/HOd8tThrCKd2nd40iG5Z3fftzP+5AY0EXskw1gEM
ANpbLPGSE9gjT8aAkcK0gIhNwTwR/X9T1YCKViiOYALCzPfGYMQqATSe/J7o/ysO
+lAB0B3NExdIbwh3knhoEsXdx9zNz18q827aCdLJVuq9kizXoCkWchJ0QjgacvNe
0jGZ+o3ULIMmnWztGzNixZaAiwzalWghFuiX4pG0su8TYAN1T6DGvdb+F1rx0xo8
tb3T8RaO0VZyji3zBBNXD1ECU6dmi0AJ0zD0S5iRIXIn+QfRR2oJu9ZSR6En7PS1
b4bhJ2OnBE4ZQ3mS4aHPaeIWbeCeq8EuaVQNyv5jT3wD18DIRigOxl9XJFy1IDO+
A45hz9FwxULH1QH5bZXRmkYfcxkLMqoMci0+8XxobpmILjkSHeAo4PR8KTHpNUXf
I7rJLpufYRTHf5votrJmgbea5bfnAlSoOXMlN2XZ9oJimOTfyzItCSwb0pkghnW0
Hyo3kd5RbDcZrd6RSSVWo/41gr8SXatlkpbnEYjktFGe2Nxls6qZAgA/lqKrS9ti
7wARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+ZVP/TKv8FAl7JMNYCGwwF
CQPCZwAACgkQFD+ZVP/TKv9XAwv9Heor5YuZalOcXXiGCrqYNHuQJLbDvUpTK6wI
t9peV4t6E8oiqb0/0ezLGQSlP8RkBKUkhslVn5M6cDIxdCAlZxUIOjF1tJyHrTua
wEayHO5q84tixa00+x2/mmaDy0ddZXc4gITLgZjN4J3e9GUww4N3TUVJTZDPF+mP
eFd2HlGj3AHLtNEfsEw4HvYNNzexnom66gdDrrCIBxWRgUD2aRQKxQOquFQt2zYS
dgOXVS0eyaN81uqFHVh+tvyBKkrK8D/recaPcCXAFSv9UUcQA6jEFdC9WEjgHD7J
nRrCwOGBTZ7IvYO5+rpyh/w8k6eZYhUm3UdXYuPsxaCsSL+OW46DBP0C5sKrhxZK
thZOhll4ZYrfX1Vv4awBAB6iMZ0i+i39AQPmpvUviFGUfLkHEEsarHgPDchaOv1p
0xa11jUxU5nkqfiQj5A4h4TMP0q9tGdf1puxRZqwp8T0Jc9uQAm6wUMaaaugiXn+
BQfF5XIfOiXZx9DThhqYwO4WztdEuQINBF87rdYBEAC66OFgJa3p9d6Ets5A3NVm
XxXkCBmgIg1HG44bmKz3o2xudRP6o3bbmVI06cmfGAVmKJ0voAVsgHMsTg30iZb3
D/X9iRYTB/1suyYIgP9cRxltLLMTL4LycmrCRCnTJSMThA1V2d5brmmrWcOPmqnT
CdbOjUD5OWzGsfIkP0t+Ef4v94j574WAvpGYd7Wf5o30JKNfdOjdLOVFdp6lV9mM
FxebC1lZ6uRSeL77/XZJC4ZQ8TzhgsdgnE4M1sKvaDO+DTS3pu7+Dh+ORFQ9TQDP
ZuMBpln3UBa1evVR8bF9SgqjGo2Al8K590xGNJEHzj+BGqEKjOVN05uMoplByMdZ
pD2lRMdqgIqVXiNtBSBhv1oGQhu5fxW11Xv4Kh5BzuOMLS/0KT2cdlk06eCgWZqT
/IM5ipKYpJJgtkJ/0sU+hLq+jilAr3ZhmkxCim+9uYOZ93ypy7QiW8ldbsGEDh5S
KcU+qWGNEMHhNwuHY9ChO1hcWi/q5/mZTKXG60/q6RZRI2QxbuKsX3c8GbEea2jU
Q+v4zFp/x7G1aPRTRtqOssvBtIikBiKWBEOBwYwqpEjD6IfmWVh8wlJZx/tcBRGF
0FGpyieGAFINaQIjKURm7bHkn4bQwIZkmbAssA6ZHcl9u6/u60155K4ifuf7ChyK
8H5n6vJq4AUxQkA8kADvnwARAQABiQG8BBgBCgAmFiEEx4Ubf5nbBLkQk7ekFD+Z
VP/TKv8FAl87rdYCGyAFCQHhM4AACgkQFD+ZVP/TKv9Fwgv+P20Qu7USOJfaUVN4
I52GS6R8veww4aKY16ts3XlIUl3mqbH3KoB1T+YKuqoVrNCtGeXVD0AB+BJxxrQS
BFtYq4ZgPnSo7NQST6SWbWhzJmpfuhoInGb9l8v0mwD50DrOPjeZcX7TrQN4jWft
OJQkKviCYFCu36xa84FUYxTyvA5V4TpWAgPTUVBpf8BrI2Ktw3Wc1THHqcwIszec
Mr/mexDfdCa8G78u3rgX4kZPSGFwaGK339eqlb7rMtspkKQPPmm92lYdfV/icbvw
7iaMAirgYq72qzkuIV6GMUKsTa/1wkJ54yACaLXS9A3NXDVizErWHam9TG/ce/Ll
EPUsrXTesrhqZpaHHNxnfiQOXzocrldvvdYOxBeGfMQY7fftX8GgQwMjMi2kracr
hWc1mCSMSCerTWCtRfw0CK4Au6881rAAmXDwvjU586ezv1MdBqVmN7eOeeVVGdM1
/+S5QP//oK6MEkAS8y2ZP8A/3iMlYz+SBOUSD0AJ0RZEhkhr
=JMTx
-----END PGP PUBLIC KEY BLOCK-----

Appendix A: Malicious Hardware

While doing research for this issue, I often ran into USB-to-UART bridges of the “FTDI” variety. Upon further digging,
an ugly bit of history surfaced. The FTDI modules have a reputation for sabotaging people’s hardware.

Sadly, we live in a world where this sort of thing is the norm. Pay close attention to the products you buy. You need
to practice vigilance in order to defend your computing freedom. Remember, you have control over your wallet. Don’t support malicious actors, if you have the choice (in this case you almost certainly do).

Appendix B: Linux Kernel Source Tree Analysis

The directory trees rooted at /sys and /proc are mapping of Linux kernel data structures and interfaces; you can read up on these in the Linux kernel source tree from:

• linux/Documentation/filesystems/sysfs.rst
• linux/Documentation/filesystems/proc.rst

You don’t have a local, up-to-date, copy of the Linux kernel source tree? You really should. Note that some of this
documentation is hilariously out-of-date; use the git log on a file to see the last time parts of a file was given an up-date:

 $ git log -p filename

This should give you what you need. Since the Linux kernel is developed with Git, it pays dividends to learn at least
the fundamentals of Git.

It’s a frequent occurence that people ask me how to make sense of the Linux kernel. You need the following prerequisites:

• A familiarity with the C programming language. The syntax is easy to pick up for most people because a lot of the popular programming languages in use today are based on C. Most operating systems today are written in C; the same goes for embedded systems. If you don’t have a good grasp of C, you can kiss any hopes on working on this stuff goodbye. C is not as hard as people make it out to be; just look at real code and don’t waste your time on pointless exercises. Start with the smallest real-world programs you can find – like echo(1); once you get the simple stuff, get more ambitious and look at more complicated things. The following resource is also invaluable to the novice C programmer: C reference.

• To make sense of other people’s C code (particularly spaghetti), you need a good source code tagging system. I recommend GNU Global because it works well on most Bourne Shells. Using GNU Global will enable you to look up definitions for things like functions and structs in C code easily.

• You need to learn GNU Autotools to automate the workflow of building makefiles and such. The old “./configure && make && make install” ritual stems from GNU Autotools. Learn it and embrace it. You can build truly portable software once you learn the fundamentals of GNU Autotools. You won’t understand head nor tail of embedded programming with the Linux kernel (and several other things) unless you have a grasp on the rudiments of GNU Autotools.

• Whether you like it or not, Git is an essential part of Linux kernel development. Without a firm grasp of Git fundamentals, you won’t get anywhere. While you’re at it, you should look into the standalone utilities GNU diff and GNU patch; Git is essentially an abstraction on top of these tools.

You should now have enough pointers to begin acquiring knowledge about how to make sense of the Linux kernel (and a whole lot of other things). The aforementioned prerequisites abstract to OS and embedded development and being an effective operator of your computer. These are the tools you really need to know to get anywhere.

All of this stuff applies to several other things. Once you start learning them, you’ll see what I mean. It really isn’t a lot to take in. Knowledge of this stuff will last you a lifetime. Don’t fall for the IDE X or framework Y bullshit; those are moving targets and are deliberately broken to keep people reliant on the dictators for “support”. Educate yourself; it’s the only path to computing freedom. Become an operator; don’t be a mindless consumer.

Appendix C: Digital Multimeter Tests

As always, follow the instructions in the manual of your Digital Multimeter (DMM). RTFM extra carefully, otherwise you end up with magic smoke (why you were recommended spares).

There really are only two simple things you need to test on your UTUB:

• Voltage coming out of the UTUB TX and RX pins.

• Current from the TX and RX pins.

There’s not really much more to be said here. The one bit of general advice is to use a breadboard and some jump wires, if you have access to one; crocodile clip test leads for your DMM also make life easier. Basically, try making sure you don’t short circuit your UTUB by having DMM test leads too close to each other.

Make sure the test leads are plugged into the appropriate terminals of your DMM. Always make sure the fuse of a DMM terminal is sufficient for what you’re measuring.

You can find GPIO voltage specifications of the Raspberry Spy in the official GPIO guide. Make sure you cross-check with the right CPU model’s datasheet.

You may end up needing to buy some resistors to get the right voltage and current. You can find background information useful to the novice hardware hacker from the excellent Sparkfun tutorial on pull-up resistors; follow the appropriate links to fill out gaps in your knowledge. However, most UTUBs are usable out-of-the-box (OOTB) so you shouldn’t really have much issue here. But it doesn’t hurt (unless you zap yourself) to get a bit of electronics background knowledge since you’re playing around with wires and electricity!

Index

[Editor’s note: this corresponds to the PDF version of the document]

lsblk -f, 28
sd(4), 34
/dev/ttyUSB0, 23
/proc, 43
/sys, 43
FTDI, 41
apropos(1), 18
cmdline.txt, 29
config.txt, 29
console=fb, 29
cp210x, 23, 24
dmesg(1), 18-20, 22, 25
echo(1), 44
enable_uart=1, 29
grep(1), 20
lsmod(8), 20, 25
lspci -k, 26
lsusb -t, 26
mknod(1), 24
modinfo(8), 19, 20, 23
picocom(1), 17, 24, 32,
33, 35
ttyUSB0, 23, 24
usbcore, 23
usbserial, 23
DMM, 15
EHCI, 20
HCI, 20
idProduct, 25
idVendor, 25
jump wires, 14
kernel ring buffer, 18
KRB, 18
OHCI, 20
PCI, 20
QC, 15
textttmodinfo(8), 25
UART, 17
UTUB, 13, 14

03.06.21

How To Deal With Your Raspberry Spy — Part IV: Doing The Task

Posted in BSD, GNU/Linux, Hardware, Kernel at 7:59 pm by Guest Editorial Team

By Gavin L. Rebeiro

Contents

Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge
2.2 Apparatus

3 Fundamentals

3.1 Communication
3.2 Kernel Ring Buffer
3.3 Drivers
3.4 Operating Systems
3.5 Special Files

4 YOU ARE HERE ☞ Doing The Task

4.1 Preparing The Boot Media
4.2 Connecting Physical Components
4.3 Using Picocom
4.4 OS Installation

5 Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: We now spell out the steps taken to actually replace the Raspberry Pi OS with something more trustworthy (for background see Part I, Part II, and Part III)

We’ve now covered enough ground to make the installation of
NetBSD on our Raspberry Spy (over our UTUB) a relatively painless matter.

Let’s go through the process in little steps.

4.1 Preparing The Boot Media

I’m going to grab the appropriate NetBSD image by taking hints from the following:

NetBSD/evbarm on Raspberry Pi tells us everything we need to know to pick the right image. All the sections here related to booting are worth reading at least once. Also read sections about consoles and serial consoles at least once.

Raspberry Pi boot modes is useful if you want to dig deeper into the booting mechanisms of the Raspberry Spy. USB mass storage boot is particularly useful for booting off USB. Trust me, you don’t want to muck around with SD cards; they’re a nightmare.

NetBSD/evbarm can be referenced for general information about NetBSD on ARM boards.

The above links should give you a good idea of what’s going on and what needs to be done with regards to putting a NetBSD on a boot media that goes into a Raspberry Spy.

Let’s go through a concrete example.

My Raspberry Spy is of the model “3 B+” variety so I’m dealing with an ARM64 CPU architecture. We’ll follow along the instructions outlined in Installation procedure for NetBSD/evbarm; pay close attention to the section “NetBSD/evbarm subdirectory structure”; I follow these instructions as I explore Index of pub/NetBSD/NetBSD-9.1/evbarm-aarch64/.

I grab the appropriate image like so:

$ mkdir ~/Downloads/netbsd
$ cd ~/Downloads/minted
$ wget https://cdn.netbsd.org/pub/NetBSD/NetBSD-9.1/evb c
 → arm-aarch64/binary/gzimg/arm64.img.gz

Now that we’ve got the image, we can write it to our boot media. I’m going to assume you have an appropriate reader already plugged into your GNU/Linux box. I’ve got my USB thumb drive as “/dev/sdg” on my system. Use the right block device file on your system1. We base our procedure along the lines of “Installation for ARMv7 and AArch64 devices with U-Boot” section from Installation procedure for NetBSD/evbarm:

$ gzip --decompress --keep arm64.img.gz
# dd if=arm64.img of=/dev/sdg bs=1M conv=sync
 → status=progress
$ lsblk -f | grep sdg

We’re going to ignore the minutiae of writing to block devices, bootloaders, and other adjacent topics related to the utilities we just used; that’s left for another time. We care about learning how to use a serial console in this project so we must stay focused on our primary target.

We’re going to have a look at how to make a serial install possible via some editing of the “cmdline.txt” file that now resides in the boot media (on the boot partition which is of type “vfat”):

# mkdir /media/netbsd_image
# mount /dev/sdg1 /media/netbsd_image
# grep "console" < cmdline.txt
# root=ld0a console=fb
# grep "enable_uart" < config.txt
# enable_uart=1

The “console=fb” part is to get out OS image to use the HDMI output. We will get rid of that string from the file “cmdline.txt”. Who needs that anyway? One way to do it2:

# ed cmdline.txt
21
,p
root=ld0a console=fb
1
root=ld0a console=fb
s/console=fb//
,p
root=ld0a
wq
11
# echo ",p" | ed cmdline.txt
11
root=ld0a

Remember to check your edits!

We also ensure that “enable_uart=1” is set in the file “config.txt”:

# echo ",p" | ed config.txt
82
arm_64bit=1
kernel=netbsd.img
kernel_address=0x200000
enable_uart=1
force_turbo=0

Everything looks good! Additional useful information on the Raspberry Spy UART can be found in UART configuration. Pretty self-explanatory. That wasn’t so hard. Was it? Note that the following links document the files we’ve been messing around with:

The Kernel Command Line
config.txt

It’s a good idea to back up the state of your image, at this point3. We can now safely unmount our boot media and get on with the project:

# cd ~
# umount /media/netbsd_image

We change directory, before we unmount, so that we don’t get any “device busy” errors.

We’ve now got our boot media ready. Onwards!

4.2 Connecting Physical Components

Before you power up your UTUB, you should really check that the pins are working properly. The very basic test you should do is to check that the right voltage is being supplied. Check out Appendix C.

The pins on our UTUB and Raspberry Spy that we’re interested are the following:

• Raspberry Spy: Pin6 (Ground), Pin8 (GPIO14, TXD), Pin10 (GPIO15, RXD). You can find the layout in the official GPIO page.

• UTUB: I’ve got a CP2104 UTUB so I’ve got to only worry about the pins marked TX, RX, and GND. I have other pins on the module but they’re not relevant for this task.

We won’t be using any of the voltage pins on the boards because it’s more prone to errors. Just use the USB power supply that comes with your Raspberry Spy.

Don’t plug anything into power for the following sequence. Connect the jump-wires like so:

• Ground on UTUB to Ground (Pin6) on Raspberry Spy.

• TX on UTUB to RX (Pin10) on Raspbery Spy.

• RX on UTUB to TX on (Pin8) Raspberry Spy.

“We won’t be using any of the voltage pins on the boards because it’s more prone to errors.”Don’t make the rookie mistake of matching TX with TX and RX with RX; TX always goes to RX and RX always goes to TX. Keep this in mind, always, when working with UARTs. Colour-coding your jump-wires helps.

We’ll just go over the order of attaching the stuff to do with power on our devices:

• Attach the USB power adapter to the Raspberry Pi without plugging the adapter into the power outlet.

• Attach the UTUB to your GNU/Linux box.

• Attach your USB power adapter to your power outlet.

The logic for the above procedure is that you can ensure that your serial interface is up and running before you start getting input from your Raspberry Spy.

4.3 Using Picocom

Using picocom(1) is simple. All we need to do is select the correct baud rate and give the right device file as a parameter to picocom(1).

I’ll give you an extract from the manual page to enlighten you:

In effect, picocom is not an "emulator" per-se. It is a
simple program that opens, configures, manages a serial
port (tty device) and its settings, and connects to it
the terminal emulator you are, most likely, already
→ using
(the terminal window application, xterm, rxvt, system
console, etc).
When picocom starts it opens the tty (serial port)
given as its non-option argument. Unless the
--noinit option is given, it configures the port to
the settings specified by the option-arguments (or
to some default settings), and sets it to "raw"
mode. If --noinit is given, the initialization and
configuration is skipped; the port is just opened.
Following this, if standard input is a tty, picocom
sets the tty to raw mode. Then it goes in a loop
where it listens for input from stdin, or from the
serial port. Input from the serial port is copied
to the standard output while input from the standard
input is copied to the serial port. Picocom also
scans its input stream for a user-specified control
character, called the escape character (being by
default C-a). If the escape character is seen, then
instead of sending it to the serial-device, the
program enters "command mode" and waits for the next
character (which is called the "function
character"). Depending on the value of the function
character, picocom performs one of the operations
described in the COMMANDS section below.

We use “C-a C-x” (Ctrl+a followed by Ctrl+x)4 to tell picocom(1) to exit; for more, RTFM; in particular, pay close attention to the “COMMANDS” section.

Make sure you’ve set up all the physical connections, as advised. It’s time to attach our UTUB to our GNU/Linux box and then make sure we invoke picocom(1) correctly:

# picocom --baud 115200 /dev/ttyUSB0
picocom v3.1

port is         : /dev/ttyUSB0
flowcontrol     : none
baudrate is     : 115200
parity is       : none
databits are    : 8
stopbits are    : 1
escape is       : C-a
local echo is   : no
noinit is       : no
noreset is      : no
hangup is       : no
nolock is       : no
send_cmd is     : sz -vv
receive_cmd is  : rz -vv -E
imap is         : 
omap is         :
emap is         : crcrlf,delbs
logfile is      : none
initstring      : none
exit_after is   : not set
exit is         : no

Type [C-a] [C-h] to see available commands
Terminal ready

It really is that simple. You’ve now got a serial terminal ready and listening.

4.4 OS Installation

Now that you’ve got a serial terminal operational, all we have to do to install NetBSD on the Raspberry Spy is to plug the USB power adapter into the power outlet. Keep a close eye on what goes on in the output of your serial terminal:

...
[   7.4246937] root device:
[  11.6252523] use one of: mue0 sd0[a-p] ddb halt reboot
[  11.6252523] root device: sd0
[  13.9755661] dump device (default sd0b):
[  15.7257992] file system (default generic):
...

You should be promoted to pick a root device. I pick “sd0” as it’s the first ’disk’ offered by NetBSD (which can only be my boot media)5. I go for the suggested defaults, for everything else. No need to overcomplicate things, at this point.

You will probably see your Raspberry Spy reboot once or twice during the OS install process. Just pass the same parameters for the boot device, and you should be good to go.

Eventually, you should be met with the following:

...
NetBSD/evbarm (arm64) (constty)
...

login:

If you login as “root”, you should have a nice login shell presented to you.

And we are done! You’ve successfully done some tinkering over a serial terminal. That wasn’t so hard. Was it? You can shutdown your device (halt the OS) like so:

# shutdown -p now
...
[   910.5814809] The operating system has halted.
[   910.5814809] Please press any key to reboot.

You can now disconnect the power supply from your Raspberry Spy. Then just send “C-a C-x” to picocom(1); after which, you should see:

...
Terminating...
Thanks for using picocom
#

Welcome to the world of serial terminals; hack your heart out!
____
1 The command lsblk -f should help you out here. Don’t wipe the wrong device by accident.
2 If you use another text editor, that’s fine. You really should learn ed(1) at some point though, especially if you want to get into embedded systems.
3 At least keep track of the files that you tweaked. If you use some sort of version-control-system, you get bonus points.
4 I don’t know why the manual doesn’t bother to explicitly mention that these are GNU-Emacs-style key sequences.
5 See the NetBSD sd(4) manpage for details.

How To Deal With Your Raspberry Spy — Part III: Fundamentals

Posted in BSD, Free/Libre Software, GNU/Linux at 6:12 am by Guest Editorial Team

By Gavin L. Rebeiro

Contents

Cover

Copyright

1 Acknowledgements

2 Introduction

2.1 Prerequisite Knowledge
2.2 Apparatus

3 YOU ARE HERE ☞ Fundamentals

3.1 Communication
3.2 Kernel Ring Buffer
3.3 Drivers
3.4 Operating Systems
3.5 Special Files

4 Doing The Task

4.1 Preparing The Boot Media
4.2 Connecting Physical Components
4.3 Using Picocom
4.4 OS Installation

5 Thanks

6 OpenPGP Key

A Malicious Hardware

B Linux Kernel Source Tree Analysis

C Digital Multimeter Tests

Summary: Following the introductory and preliminary parts (Part I and Part II) we dive deeper into the steps taken to replace the Raspberry Pi’s GNU- and Linux-based OS with something like NetBSD

Now that you know what you need to get started, let’s gently walk through an overview of the fundamental ideas and topics that we’ll be engaging and experimenting with.

The order of topics may seem strange at first but things should make sense as you move on.

3.1 Communication

If we want two computers to communicate, there needs to be some protocol that they both speak.

If we want two computers to communicate, there needs to be a physical medium over which they can communicate.

Almost all computers and their peripherals communicate over USB these days. But when it comes to getting into the nitty-gritty details, you will often find UART humbly serving the same purpose it has for decades of computing. Fortunately for us, almost every embedded system these days supports UART; this includes the Raspberry Spy.

“Why bother with this anachronistic technology? Glad you asked!”We’ll be using our UTUB to install a new OS on our Raspberry Spy over a serial interface (UART). The program that we’ll be using to do this serial communication is picocom(1).

Why bother with this anachronistic technology? Glad you asked! Once you know how to operate something like a UTUB and a program like picocom(1), you can “break into” several devices and modify them how you wish. Routers, motherboards,
embedded systems, etc. all tend to have some sort of serial interface on them. Once you learn the basics, you are equipped to liberate yourself and gain more computing freedom.

But wait. Isn’t all this embedded stuff way too difficult and only for “experts”? HOGWASH! You can do it too. Don’t
fall for the propaganda. You are perfectly capable of doing a bit of serial hacking to liberate your devices. You paid for them, after all. You should be able to do whatever you want with them (and you will). Onwards!

3.2 Kernel Ring Buffer

What on earth is a “kernel ring buffer” (KRB)? Ever heard of dmesg(1)? dmesg(1) is what you use to read the KRB. Not so scary now. Is it?

Why is the KRB important? Well: when you plug in (or out) a device, you can see the messages show up in the KRB. If you learn how to pay attention to the KRB, when you are working with hardware, you will become a lot better at trouble-shooting your own problems. Take strings you don’t understand and plop them into your favourite search engine; try the apropos(1) command as well.

As we progress with our project, we’ll see how to leverage dmesg(1) to our advantage. Learning proper use of dmesg(1)
is an essential skill if you want to improve and maintain your computing freedom; dmesg(1) allows you to demystify the inner workings of your computer and get clues on how to fix problems yourself.

3.3 Drivers

Say you plug in your mouse or keyboard into your computer; or even plug them out. The software responsible for translating the physical signals from the mouse or keyboard, to the intermediary physical devices, to the more abstract layers of your operating system (like stuff you see on the screen) is called the kernel; this is the “Linux” part of GNU/Linux.

The kernel is the layer of software that sits between the physical hardware and the more abstract levels of software that gives you an “operating system”. When you plug in or out your keyboard or mouse, the Kernel has programs which recognise those types of devices and then loads the appropriate software required to use those physical devices; such software are called “device drivers”.

All of the above is a bit vague. Let’s take a look at what this looks like in practice; I’m going to plug out and plug back in my mouse while staring at dmesg(1):

1   # dmesg --human --follow
2   ...
3   [Feb19 17:26] usb 7-4: USB disconnect, device number 2
4   [ +25.036175] usb 7-4: new low-speed USB device number
            → 4 using ohci-pci
5   [ +0.193047] usb 7-4: New USB device found, 
            → idVendor=0461, idProduct=4d81, bcdDevice= 2.00
6   [ +0.000006] usb 7-4: New USB device strings: Mfr=0,
            → Product=2, SerialNumber=0
7   [ +0.000004] usb 7-4: Product: USB Optical Mouse
8   [ +0.007570] input: USB Optical Mouse as 
            → /devices/pci0000:00/0000:00:16.0/usb7/7-4/7-4:1.0/0 c
            → 003:0461:4D81.0005/input/input18
9   [ +0.000303] hid-generic 0003:0461:4D81.0005: 
            → input,hidraw3: USB HID v1.11 Mouse [USB Optical
            → Mouse] on usb-0000:00:16.0-4/input0

We’ll briefly analyse this output and introduce a few important tools in the process.

The first thing to note is this string “using ohci-pci”. It’s time to bring in the Linux-specific tool modinfo(8); let’s take a look at what we’re dealing with:

1 $ modinfo ohci_pci
2   name:        ohci_pci
3   filename:    (builtin)
4   softdep:     pre: ehci_pci
5   license:     GPL
6   file:        drivers/usb/host/ohci-pci
7   description: OHCI PCI platform driver

That output is quite self-explanatory. We see the name of the kernel module; we see that its a builtin kernel module (which means it’s compiled into the kernel). “softdep” stands for soft dependency. We see that the license is GPL. We see the location in the kernel source tree this kernel module resides. And, finally, we see a short description of the kernel module.

I hope, at the point, you’ve realised that “kernel module” is synonymous with “driver”. See? Not that complicated.

So what does this have to do with our USB mouse? Well: when it comes to interfaces, there’s usually a few things that sit between your device and the userspace of your operating system. I’ll leave it as a research project for you to figure out what “HCI”, “OHCI”, “EHCI”, “PCI”, etc. mean.

The next crucial bit of driver information here is the “hid-generic” part; find out what this kernel module does with modinfo(8).

The next thing I want you to do is have a look at the output of the Linux-specific tool lsmod(8); Note the column headers. grep(1) through the lsmod(8) output for the following strings:

• usbhid
• hid_generic
• hid

The “USB HID v1.11 Mouse” from our dmesg(1) output should give us a good idea of what’s going on here. Don’t know what
“USB HID” means? Look it up. Find out what the above kernel modules do, from the stuff you’ve already learned so far.

Let’s take a look at some sample lsmod(8) output:

1 $ cat <(lsmod | head -n 1) <(lsmod | grep hid)
2 Module                     Size Used by
3 mac_hid               16384  0
4 hid_generic           16384  0
5 usbhid                57344  0
6 hid                  135168  2 usbhid,hid_generic

You’ve now got a bit of background knowledge to make sense of what’s going on when you plug things in and out of your GNU/Linux unit.

3.4 Operating Systems

We’re going to be a bit adventurous with our choice of OS to put on the Raspberry Spy. We’re going to go with NetBSD; this is a great OS for embedded systems and one you should be familiar with if you plan on doing any embedded work.

NetBSD is an OS with its own kernel and userspace. Thus, NetBSD runs the NetBSD kernel and NetBSD userspace utilities; this is in contrast to the Linux kernel and GNU userspace (GNU/Linux)1.

NetBSD is quite a beginner-friendly BSD because it has ample documentation; the fact that NetBSD has the primary focus of portability also means you can learn a great deal about portability from several perspectives.

A side note here. Avoid usage of package managers. They are bad for your freedom; to most people, package managers are entirely opaque systems that turn the computer operator into a mere consumer. Learn how to build your software from source code. This way you see all the dependencies2.

The opaque package manager is exactly how the Raspberry Spy Foundation smuggled in spyware into the Raspberry Spy. If you build all your programs from source code, you would be less vulnerable to these espionage tactics3.

You should be the operator of your computer, not a “user”. A “user” is effectively being “used” because they are treated like stupid consumers that get dictated to by other people. Don’t fall for this “user” trap. Be the operator of your computer; take back control; education is the true path to computing freedom.

Note that a lot of these operating systems we’re talking about follow some version of the POSIX specification (with varying degrees of compliance).

3.5 Special Files

It’s important to understand how special files relate to device drivers. What’s a special file? Glad you asked.

Let’s take a look at our friend dmesg(1) as we plug in our UTUB:

1  [Feb22 12:13] usb 7-1: new full-speed USB device number
    → 3 using ohci-pci
2  [ +0.202882] usb 7-1: New USB device found,
    → idVendor=10c4, idProduct=ea60, bcdDevice= 1.00
3  [ +0.000006] usb 7-1: New USB device strings: Mfr=1,
    → Product=2, SerialNumber=3
4  [ +0.000003] usb 7-1: Product: CP2104 USB to UART
    → Bridge Controller
5  [ +0.000003] usb 7-1: Manufacturer: Silicon Labs
6  [ +0.000003] usb 7-1: SerialNumber: 010C48B4
7  [ +0.024088] usbcore: registered new interface driver
    → usbserial_generic
8  [ +0.000010] usbserial: USB Serial support registered
    → for generic
9  [  +0.003272] usbcore: registered new interface driver
    → cp210x
10 [  +0.000025] usbserial: USB Serial support registered
    → for cp210x
11 [  +0.000081] cp210x 7-1:1.0: cp210x converter detected
12 [  +0.010528] usb 7-1: cp210x converter now attached to
    → ttyUSB0

Bit of a mouthful. Let’s break it down into pieces that we can actually digest:

• Take a look at the Linux kernel modules usbcore, usbserial, and cp210x with modinfo(8). Not so scary now. Is it?

• Next, have a look at the line “usb 7-1: cp210x converter now attached to ttyUSB0”. You should understand all the lines leading up to this one; however, we need to do a bit of digging to find out what this whole “ttyUSB0” business is about. We’ll look into some other helpful things in the process.

Here we have a special file called ttyUSB0; So uh where is this file? Let’s see:

1  $ find / -name "ttyUSB0" 2> /dev/null
2  /dev/ttyUSB0
3  /sys/class/tty/ttyUSB0
4  /sys/devices/pci0000:00/0000:00:16.0/usb7/7-1/7-1:1.0/t c
       → tyUSB0
5  /sys/devices/pci0000:00/0000:00:16.0/usb7/7-1/7-1:1.0/t c
       → tyUSB0/tty/ttyUSB0
6  /sys/bus/usb-serial/devices/ttyUSB0
7  /sys/bus/usb-serial/drivers/cp210x/ttyUSB0

The path we really want here is “/dev/ttyUSB0”4. Time to do a quick check:

1  $ ls -al /dev/ttyUSB0
2  crw-rw---- 1 root dialout 188, 0 Feb 22 12:13
      → /dev/ttyUSB0

The “c” in “crw-rw–” tells us that this is a character file. The “188, 0” tells us that the “major” and “minor” number, respectively, of this special “character file”. These files are created with mknod(1). The following can be a useful pointer, when you are lost:

1  $ file --mime /dev/ttyUSB0
2  /dev/ttyUSB0: inode/chardevice; charset=binary

Good stuff. We’re getting somewhere. To find a full list of what these major and minor numbers refer to, we can have a look in the Linux kernel source tree:

1  $ less linux/Documentation/admin-guide/devices.txt
2 ...
3  188 char       USB serial converters
4           0 = /dev/ttyUSB0     First USB
                    → serial converter
5           1 = /dev/ttyUSB1     Second USB
                    → serial converter
6             ...
7 ...

That’s that part demystified. Isn’t learning great? Now you know where to get the right numbers if you want to use mknod(1) manually on GNU/Linux systems5.

Now what does all of this mean? We essentially have “cp210x” which is a discrete Linux kernel module; this Linux kernel module is then “attached” to the special file ttyUSB0; it’s this special file ttyUSB0 that the program picocom(1) will be attached to, in order to perform serial communications.

You can also see where the different parameters like “idVendor” and “idProduct” come from by taking a look at the appropriate path in the Linux kernel source tree:

1  find ./ -regex ".*cp210x.*"
2  ./drivers/usb/serial/cp210x.c
3  $ less drivers/usb/serial/cp210x.c
4  ...
5  { USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs
        → factory default */
6  ...

On GNU/Linux systems, you should also take a look at the path /usr/share/misc/usd.ids:

1  $ less /usr/share/misc/usb.ids
2  ...
3  10c4 Silicon Labs
4  ...
5           ea60 CP210x UART Bridge
6  ...

Now let’s have a look at what it looks like when we pull out our UTUB:

1  $ dmesg --human --follow
2  ...
3  [Feb22 15:45] usb 7-1: USB disconnect, device number 3
4  [ +0.000384] cp210x ttyUSB0: cp210x converter now
       → disconnected from ttyUSB0
5  [ +0.000164] cp210x 7-1:1.0: device disconnected

There you have it! You should understand what’s going on in that output, with your new knowledge of Linux kernel internals. Remember, tools like lsmod(8), modinfo(8), and dmesg(1) are the first things you should look at when you plug things in and out of your GNU/Linux box. This stuff is incredibly simple, if you know where to look; now you know where to look! No need to be afraid.

Finally, we have the commands:

 $ lscpi -k

and

 $ lsusb -t

You now know enough to figure out yourself what you get from lspci -k and lsusb -t6.

You now have a healthy dose of knowledge injected into your grey matter to enable you to handle special files on GNU/Linux systems7.
_____
1 Technically, there’s also different bootloaders to worry about but we’re going to ignore bootloaders for now as we have enough to deal with. It’s also very unfair to GNU to just call it “userspace”; GNU gave the world things like the GNU Compiler Collection and GNU Autotools – things without which much of software today wouldn’t exist; there seems to be mass amnesia in the computing world around this, whether it be deliberate or not. And guess what? GNU was about freedom, first and foremost.
2 i.e., how much junk the software you want to use depends on. It’s a great way to filter out bloatware. You will also be able to learn to spot “common denominator” programs software of a certain type depends on. Often, this will enable you to refine your criteria for a program in order to find exactly what you need – opposed to what you think you need (or what others make you think you need).
3 However, don’t think you’re entirely immune, if you compile everything from source. Much has been infiltrated at the source code level.
4 The other paths are just as interesting. See Appendix B for details on the specifics.
5 A skill every GNU/Linux operator should have.
6 Don’t know what the options mean? RTFM.
7 Some of this special file handling knowledge applies to other POSIX-like operating systems as well, with minor details changed.

11.25.20

The Non-Technical (or Lesser Technical) Software User That Wants Software Freedom

Posted in BSD, Free/Libre Software, GNU/Linux at 12:44 pm by Guest Editorial Team

Open Letter to Figosdev from Mogz (a reply to this one)

Duck with Slinky

Summary: Assuming that Free software should care about what users — not only developers — really want (and need) it’s important to understand how they view the current situation (with growing waves of corporate takeover and compromises, even expulsions)

First, thank you very much for posting your open letter, and for registering my genuine concern that free software succeed, and for apologies. I really appreciate that a lot, and thank you for taking the time to respond in detail. I apologize also, for the delay in response (ill health delayed me finding your letter). Very interesting to also read your commendable history of contributing, and past posts. Reading the quotes and your responses is bringing more clarity to my questions and concerns, so thank you for that.

For example, I realise that I need to make it clearer that part of what I’m addressing is a resource loop-hole, non-tech users who deeply care about privacy/freedoms. More about that later.

Winter Fun seriesI understand what you’re saying regarding [Alex] Oliva [who] won’t fork, thus Linux won’t be fixed, and that integral large packages (perl, python) can’t be forked, and too few devs to fork halfbuzz, plus the Gnu Project aren’t making the effort to fork what they could. It was actually a relief to read things in your response that nobody else ever says, such as most devs don’t care about users/freedoms, about having contributed to bad projects, who is fine with mixing with github … that makes the list a lot shorter regarding who/what to give energy and time to, also. I don’t find it depressing to have a clear bullet-list that shortens my own list, so I can double down on what IS positive. Stopping paying attention to users/devs who ignore problems, who don’t take things seriously, for example, is very uplifting to realise further, too; no more writing to some main linux youtubers (nb not gardner) and receiving no responses, for example! To read that you too are fed up with the attitude to users is very heartening, as nobody says this stuff. No longer feeling like some kind of lone crazy person, lol. And when people see mirrored their own real feelings, they definitely feel they can relate, and it can move them to be part of things.

“I see BSD is being pointed to as the ‘bunker’, but that is a big step for any non-tech people.”There’s been an unnerving journey of realising what’s going on, but, if the only people talking about this stuff are saying it’s all too rotten to fix, that has to be looked at seriously, along with my own experiences, observations and concerns to date. A main thing I live by is that there’s a time comes when stepping out and away from something becomes critical; that frees up energies for what is timely and important to move onto, and to not step away would jeopardize what CAN be safeguarded and built in the new space. As long as everything’s been examined and understood fully before taking such a clear step, better to observe from a distance and be doing something positive with life, rather than go down with the ship.

You asked directly what sort of hope I want to see … really clear bottom-line summary about how things are, which the letter from you is already covering more. Also, what people can do, and HOW (for non-techs), in order to maintain the freedom/privacy/values that are so important.

I don’t mean about coddling infants, as you reference, but those who don’t have any tech DNA yet want to get on the BSD ship/into the new place, to support free software, respect, privacy, care about users, but know they just can’t get their head around that without clear instruction. The corporate are dumbing people down by the year, ‘bread and circuses’, ‘leave it to us’, ‘we make your life easy’ (as we siphon off ALL your data and make money) … they want people’s energies, power, everything, whereas what I mean is what empowers people, the ladder that can get them into that place, where they can then do what they do best, contributing in other ways. You can’t give a jet to someone and expect them to fly it, but if they’re a passenger on the jet, they could be a doctor, a lawyer, anything non-tech, but still play a critical part.

“If the talk all the time is about values and who/what cares about users, then let’s care about the users, actively and practically, helping them to find a ‘bunker’ and batten down those hatches, as they wait for the albeit large tornado to pass, and meanwhile can do what they can in the ‘bunker’ to hatch something new.”I see BSD is being pointed to as the ‘bunker’, but that is a big step for any non-tech people. Can there be a beginner series on running an easily installable BSD, to get non-tech people started? Are there a few people willing to do that? Are there any very beginner tutorials anywhere already, all in one place and up to date? How many non-tech users, who deeply care about privacy/freedoms, read Techrights? Are most of them lurkers, since privacy/being offline is so important to them? I have many questions, lol. If a series were done, it could be shared all across the Linux places? So even non-techs, who could number far more than realised, can take part? adding important numbers of people who really care. There’s a very vocal part to Linux, and it tends to be those pushing for Wayland and the corporate and gaming … no wonder those who care about the freedoms, or are non-tech, may often be found increasingly offline, but will be reading articles, and wondering HOW to function and, in parallel, how to add to the numbers actively making important shifts.

Don’t get me wrong; I’m talking about bringing more on board those who care about the values. I have no ability or desire to code, or become more tech … I want only to support the freedoms, values, respect, the space where people can be themselves and as happy as possible. That is the only reason I crossed over to Linux. I leave the technical aptitude to those who practice that so well, who have that DNA, while I do what I do best.

So many new users have come over in the last year. People who care and want to contribute tend to want a clear list to get on with, to know how serious things are, at the same time as beginner instruction on HOW to exit from Linux. They’re the sort of people we want, who care about privacy/freedom/respect/values, so how do we get them to the ‘bunker’, even if that ‘bunker’ is e.g. at first a non-ideal BSD install, but at least a starting place to learn, and with clear tutorials as a main priority? Get everyone who cares to the best place possible, where they can function and have a foundation that doesn’t feel like shifting sands; then the new can come through when possible.

“Those good at tech can do an incredible contribution by distilling what they know into a simple clear set of tutorials.”I can’t possibly be the only privacy-conscious and non-tech person on Linux?! So please don’t mistake any of what I say as me trying to get personal help for me; I know ‘go offline’ is my answer, if there’s no other way, but I’ve believed for a long time that there must be many users similar to myself, but who won’t speak up or ask … that’s been a theme in my life, and anyone’s life who can’t stand by and say nothing, when it comes to the crunch … and there’s always others afterwards who say they agreed! Those people can read and ACT independently, no head above the parapet stuff, via clear tutorials, and that shifts things away from the negative corporate who treat Linux as their resource to mine, and it really matters that the corporate, and corporate-supporting, lose the numbers and influence, and any kind of attention. Providing very clear tutorials would end up being very low-maintenance overall, once the tutorials are done. Gathering those in one place is also very important, rather than lots of bits everywhere that may be old or new, accurate or not. I understand you will have your own life and commitments, so my question is an open one, about if there are people who would do tutorials.

To jump to covering the depression part a bit more … it is definitely not about avoiding the real truth, which ends up freeing people up to go where IS positive. If others are reading messages mainly pointing out what is depressing, they can get the message nobody else is going to do anything, and everything’s too difficult, which makes their fight harder, and makes getting involved just about impossible. It can seize them up. ‘Let’s all be depressed together’ doesn’t work, in this instance, except briefly at the start, to know we’re all on the same page.

Just to reference the ‘not enough work/effort is going in’ too … that can’t be where things stop, and is certainly not what’s written on my page. If the talk all the time is about values and who/what cares about users, then let’s care about the users, actively and practically, helping them to find a ‘bunker’ and batten down those hatches, as they wait for the albeit large tornado to pass, and meanwhile can do what they can in the ‘bunker’ to hatch something new. Rolling over and saying we’re defeated is what the corporate want … no freedoms, privacy, respect, happiness, stable space to function, etc. There’s loads can be done about shifting across to BSD, that can bring in a lot more people that normally can’t, or have tried, to be involved in the movement. Such articles can add to the already very good truthful articles, and inspire people, and article writers, helping to generate momentum in shifting across to BSD, making it doable, if that is the definite consensus about where we all need to be going.

Those good at tech can do an incredible contribution by distilling what they know into a simple clear set of tutorials. Just as with drawing on how many non-tech users there are out there, those with tech ability not sharing what they know would be a big loss. It’s uncomfortable to be asking regarding doing this initial outlay, but if it brings in lots of non-techs who care about what matters, and the move across to BSD can gain big momentum, that could buoy everyone up and really achieve something productive. I’d rather it be me rattling off all the tutorials, but that’s a complete non-starter. I can follow very clear tutorials and be part of the shift, supporting the freedoms, caring about users, and I can contribute art to the cause. There’s no way I would put these ideas on the table if I wasn’t willing to contribute something in kind, and I know I would regret it later if I didn’t ask now.

Would expanding the range of articles be something useful to do? … focusing on other things e.g. those stepping away and how they’re doing it, those dropping big tech and how great that is, those who left working for big tech and how they’re doing better things now, how hyperbolaBSD is coming along/interview … after the critical tutorials about how to cross over! Articles from non-techs who’ve been able to go to BSD via the tutorials? How many more users does BSD have this year? By all means, the clear truth, but also articles that cover the features of the better place we all want to inhabit. Just throwing out some ideas, in case anything is useful.

“And, as you rightly say, covering the difference between open source and free software is very important; another tutorial!”Let’s also remember that the corporate psychopaths have many blind spots, not caring about or being able to recognise the things we do, thus not able to come up with the appropriate solutions either … yes, they read and watch, and their answer to everything seems to be ‘shut them down’/’invade their space’, never dialogue or connect, but there are far more non-psychopaths in the world than psychopaths, otherwise there wouldn’t have been 30 years of Linux before this corporate/psychopathic stuff started to rear it’s head. The tech sites that promote the corporate etc want us to believe there aren’t enough good people out there to make a difference, and such as Red Hat, showing their cards the very next morning like that, wasn’t very bright, so not crediting them with lots of real wisdom seems a wise thing to do!

Interesting to read the work you’ve done. I too worked with the homeless, but in non-tech ways. Background of lots of carework, then art (digital). I didn’t know about your remastering tool! It would be great to see the article about that, and maybe others reading, or just finding, TechRights don’t know about it also.

“Art can certainly lift people, get things expressed, be very unifying (in the traditional pre-PC/diversity way), and literally brightens up the world.”Thank you again for your response, and it’s refreshing to dialogue and get clearer on things, my wish being that all kinds of users can be involved, including non-techs, as, beyond all the ‘stuff’, I’m certain there are doable things that can really shift things along more in the direction we want to go, and the more numbers the better and faster things can shift.

The more I think about this, the more I think creating that place we need involves bringing in all types of user and very clear and basic documentation, as numbers and the how-to are integral to that creation. Potential new users today, who’ve just realised they need to make a shift, could see a set of BSD tutorials that are actually easier to understand than Linux documentation, and just go straight to BSD, for example. People need to be informed, included, and to have the tools, then the numbers just keep rising, along with those good at tech, and that new space takes shape. And, as you rightly say, covering the difference between open source and free software is very important; another tutorial! lol.

I agree that a non-corporate community/usergroup(s) is very important; no egos, no diversity, no PC, but just basically be decent, which I think would be there, when people are making effort to do something because they care about people being free and are all working together on the same page. None of your ‘giafam’s okay’ half-hearteds! It would also need to be solidly private/encrypted, so no big tech can get in and threaten or harm people. Maybe we’re all watching to see which of the new communities pan out better, but there needs to be one secure one we all know of and go to, yes? Gathering information, tutorials, whatever is the ladder to get more people on board, and into a new space. Information and energy frittered everywhere doesn’t seem to be working for Linux as well as it could now, so one central place is definitely important. Some direction on that I feel is important too, so users know what is the best place, where are people at, etc. I can’t access the Slated site, but understand what you’re saying about big tech’s agenda and the ways they try to take people’s freedom and power.

“My conclusion, when trying various non-systemd distros, was that it was all about enclaves and either deliberate or broken-tech barriers, which, despite relating to them wanting their own space, made it impossible to take part in moving away from systemd.”I haven’t heard Free Culture spoken of, and need to look up Lessig, for sure, so thanks for pointing me that way. Art can certainly lift people, get things expressed, be very unifying (in the traditional pre-PC/diversity way), and literally brightens up the world. Creative people tend to have plenty of ideas and inspiration to draw on, to apply to real world issues, too, so I look forward to reading more about Free Culture and what others are doing with that at this point. Great to hear that there is openness to free-as-in-freedom art being a good contribution, too! I need to balance what I do with health issues, but am used to working around that, and would be able to reliably contribute art, for sure; my pleasure.

I couldn’t agree more about Devuan too. My conclusion, when trying various non-systemd distros, was that it was all about enclaves and either deliberate or broken-tech barriers, which, despite relating to them wanting their own space, made it impossible to take part in moving away from systemd. Every non-systemd distro I tried that week ended up the same. So thanks for not recommending Devuan, lol. I run Anarchy and Mate, not ideal but as lean as possible, at this point, so fully agree with tidying up a small distro. Debian seems a massive monolith, and definitely looks like an overwhelming amount for anyone to take on. Getting away from the problems is definitely good. Am up for the adventure, for getting away from the dark, to somewhere where things can get done, in freedom and stability.

From this self-advocator, who will never stop championing what enables people to have choice and freedom, and who doesn’t feel quite as out in the forest as I did, thanking you again for not being one of those who shunned, and instead is refreshingly direct and fair, signing off for now.

11.01.20

Ashtrays of Human Rights and Tech Rights

Posted in BSD, Debian, GNU/Linux, Kernel at 10:29 am by Dr. Roy Schestowitz

Travellers

Summary: The way things are going, especially so far this year, we’re going to have to become a lot more active (in the activism sense) and campaign for better society; repression has soared during the COVID-19 pandemic and further exacerbated due to Donald Trump’s fear of losing the election, only to be held belatedly accountable for his crimes (he already jokes aloud about having to escape the US in case he loses the impending election)

THIS coming week chaos and violence are predicted in — and for — the United States (we’ll spare the links; there’s no lack of them). We’ve already taken note of which corporate candidate is less harmful and which one is less harmless (double negation because we’re excited about neither candidate).

“2020 was an extraordinarily scary year for the “tech rights” of people; privacy is increasingly being framed as a health hazard…”The world is going in a very negative direction, putting aside the health crisis. People tend to focus on human rights aspects, such as asylum-seeking and race-baiting. We try to remain focused on technology because it’s a subject we understand better and are suitably equipped to comment on.

2020 was an extraordinarily scary year for the “tech rights” of people; privacy is increasingly being framed as a health hazard (some places go as far as banning cash payments as if coins or banknotes are the most potent infection vector, not people speaking to each other’s face in some pub with uncovered beverages/drink glasses). It was Halloween yesterday and not a single family/child knocked on our door (eerily unusual) because we’re going into lock-down in a few days and people don’t trust each others’ palms (or even objects that touched those palms). This sort of “new normal” makes organising for change a lot harder, except digitally.

Linus PaulingSome readers might choose to feel or actually be “offended” by the view that next week (or later this week, if Sunday is judged to be a week’s first day) we still won’t know who becomes/remains president in the US. No inauguration date until January and maybe no decision on the matter until then, either…

These are dark times, both politically and technologically. There’s a correlation between those two things (e.g. misuse/abuse of technology to enable human rights violations, as IBM did ~85 years ago in Germany and a century ago in America). Companies that wish to be seen as racially “woke” are anything but… it’s just smoke and mirrors.

To the best of our understanding, our server maintainer is applying to leave the US (for Europe). She’s not the first. To some, the last straw was Bush with his illegal wars; to others, Trump is more than they can chew.

Linus Torvalds, a Finnish citizen, was naturalised in the US more than a decade ago (to the best of our knowledge he’s still a dual-national). He moved pretty much all of Linux to the US-based fake ‘nonprofit’ (called after his main project, which is in turn named after him).

The other day an associate reminded us of what OpenBSD received for opposing illegal wars (OpenBSD is the other famous OS founded by a South African, originally). To quote Australian press:

The US Defense Advanced Research Projects Agency (DARPA) has stopped providing funding for a project which involves OpenBSD, apparently because OpenBSD lead developer Theo de Raadt made statements which could be considered anti-war to a Canadian newspaper.

OpenBSD is one of a number of free Unices which are increasingly being used on servers due to their reputation for security. NetBSD and FreeBSD are two others; they all have a common base in a project which began at the University of California in Berkeley and had the name Berkeley Sofwtare Distribution.

A good part of the $US2.3 million grant from DARPA, the research and development arm of the US military who in 1970 set up what evolved into the internet, has already been used by de Raadt even though he was not very happy about the source.

Canada’s Globe and Mail quoted him as saying: “I actually am fairly uncomfortable about it, even if our firm stipulation was that they cannot tell us what to do. We are simply doing what we do anyways – securing software – and they have no say in the matter. I try to convince myself that our grant means a half of a cruise missile doesn’t get built.”

The money was provided to the Portable Open-Source Security Enhancements project run at the University of Pennsylvania.

It’s no secret that today’s Pentagon, which drops bombs as frequently as British people nowadays check their so-called ‘phone’, favours Linux. Linus Torvalds is no Linus Pauling (whose mugshot is shown above).

'Trump’s Military Drops a Bomb Every 12 Minutes, and No One Is Talking About It' and 'Brits Now Check Their Mobile Phones Every 12 Minutes'

10.24.20

Look How Many Tux I Give!

Posted in BSD, Free/Libre Software, GNU/Linux, Kernel at 2:41 am by Guest Editorial Team

By figosdev

Hyperbola GNU/Linux
By Márcio Alexandra Silva Delgado (coadde), CC BY-SA 4.0

Summary: “Long live rms, long live (Hyperbola) GNU/BSD, and happy hacking.”

In 2007, I removed my last copy of Windows.

Now, 13 years later, I will remove my last copy of GNU/Linux. Why the hell not?

For the full context of this decision, let’s travel magically to the:

Early 1990s: I’m using a 9600 bps modem in Windows 3.x to go on bulletin boards (BBS). Someone tells me I should get an “Internet” account with a university, using “telnet”. Within 10 years or so I’ll watch a friend telnet into her uni to get her homework, but at the time I don’t know what a telnet client is.

Mid 90s: I read about “Linux” in the newspaper. (Newspapers were big, grey, cheaply printed stacks of paper folded into plastic bags, which teenagers would throw at your home from cars or bicycles). I also read about Internet cafes. I go around looking for an Internet cafe that doesn’t run on Macs, because I want my first time online to be on a PC. I don’t use an Internet cafe until 2004, but my first time on the Web is on a PC, some time before 1998.

Late 90s: I have a tomsrtbt floppy, which technically allows me to run Busybox (or something similar) with the Linux kernel. I learn how to mount DOS partitions, copy files, write text to a file, and do very little else with it. I want to copy my tomsrtbt disk, but it’s > 2 mb which for a DOS user, is extremely confusing. I knew there were specially formatted floppies that allowed that sort of thing, but I was not familiar with the process for creating one. I don’t have abundant Internet access.

“The only way to really remove Internet Explorer (rather than just removing it from the list of installed programs) is to not install it in the first place.”2000-2002: I purchase Red Hat for about $30, though perhaps unsurprisingly it does not boot after trying to install it on my 486. Someone gives me my first Windows 95 machine. I tell them I can fix it, they say “keep it, I have a new one.” It’s a mini tower, which I either carry home or take on the bus.

I’ve learned how to install 95 and 98 from the compressed files on the install CD. This means I can install from a hard drive and floppy, without worrying about booting from CD or whether the CD/drive is working. Not everything has a good CD drive these days, so this is useful. It’s possible all the installations are legit, as I’ve collected enough (valid) licenses and keys and I still like DOS and Windows 3.x a lot.

The only way to really remove Internet Explorer (rather than just removing it from the list of installed programs) is to not install it in the first place. I make custom install files for Windows 95 without Internet Explorer. You have to alter checksums to do this, but it’s easier than it sounds. Also, pretty tedious.

I purchase Mandrake for $5 and it installs, but I don’t know how to become root (ha) and I can’t seem to write to any files (I never created users for tomsrtbt, so I was used to being root like in DOS).

“The 2.x kernel is SO MUCH faster than 3.x, but the 3.x kernel supports more hardware.”I get Windows (95) down to 10mb, 5 compressed. That’s right. Control Panel doesn’t work, the GUI barely loads, but until it does there is no ATAPI support for my DOS-based CD writing program. I’m running Caldera OpenDOS and getting online with Arachne, but I boot (from a floppy) into 95 (yes, with the GUI — You have to edit MSDOS.SYS) to write CDs.

My girlfriend is amazed by what can be done without Windows, and tells me “You should make this available on more computers!” I explain that the license doesn’t make that possible, and I’m eager for a day when I can run “Linux” with a GUI (with a Web browser).

2003: I get a Windows 98 machine. I start working on what is probably my first programming language.

2004: Instead of tomsrtbt I now have Pygmy Linux, which chainloads from 32-bit DOS. I don’t use it for anything at all, I’m just trying it.

2005: I get Ubuntu, but it’s too slow for practical use, taking minutes to boot on the low-end Pentium I’m using. I try removing packages, but they’re all tied to other packages (Not too familiar with APT yet). I start trying various distros on CD, on a friend’s desktop which is more powerful than mine. I still use dial-up, they have high-speed connection.

I keep looking for a distro that can use my external 56k modem to connect to my ISP, I even look for an ISP that this will work with. No luck. I can get online with Windows or even DOS, but nothing else. As I’m trying to figure this out, about 800 people ask me if I’m trying to do this with a “winmodem” (I know what it is).

“With a faster, portable, wifi-capable machine with a like-new CD writer, I am trying more distros.”2006: DSL starts on my Pentium II. Due to some weird issue with the CD drive, it takes 7-15 minutes to boot (then it’s alright). I look for a graphical upgrade to Pygmy Linux that chainloads from 32-bit DOS. I read about (but never find) Monkey Linux.

While searching for that I learn of Puppy Linux, including a version designed to chainload from DOS. Puppy runs graphically on my equipment, though it doesn’t like most of my hardware. The 2.x kernel is SO MUCH faster than 3.x, but the 3.x kernel supports more hardware. I stick with 2.x, and don’t even have SATA support (but I don’t have SATA hardware either).

I invest in a wireless cardbus adapter and a wired Ethernet cardbus adapter, neither of which are supported, but I hold onto them — thinking I might find support for them eventually.

I get a used P4 laptop running XP. For the first time, I’m going to places where I can use wifi. I customise the heck out of XP, replacing standard Windows features with freely licensed software, as I did with Windows 98. I replace the Windows shell with something like BB4Win.

With a faster, portable, wifi-capable machine with a like-new CD writer, I am trying more distros.

2007-2008: DSL replaces Windows 98 on my Pentium II, Xubuntu replaces Windows XP, letting me use my cardbus wifi adapter (but not the built-in adapter). I start using high-speed Internet all the time. I try countless distros. I get a USB-based wifi adapter (“How neat, it can add wifi to either a laptop or a desktop”). But nothing I run supports it. I throw it in a drawer.

2007 is the year I finally go Windows-free, using GNU/Linux with high-speed Internet.

2009: Curious about OLPC, I am eager to try out Sugar. I try Sugar-on-a-Stick, I go to a Linux user group where I happen to play with an XO-1 in person, I see one other XO-1 in a museum, and because they have Sugar included, I try out Trisquel with Sugar. Pippy, a tool designed to help Year 4 students and later get introduced to Python, reminds me of QB and I start learning Python.

Trisquel is the first FSF-approved distro I try. It’s also the first distro I try that supports my (Atheros) USB wifi adapter. Of course several of the other distros I’ve used only fail to support it because of release cycles and my own upgrade timeline, but an impression is made: you really don’t need non-free drivers for consumer hardware. Trisquel works!

2009-2011: I start having drive trouble due to power management issues, and when I read about it I find that you can mitigate the thing killing my hardware by changing hdparm settings. But it’s not announced to much fanfare, and as I read about the various responses to the issue for various distros, I get pretty pissed off.

Ubuntu doesn’t care, Debian releases an immediate fix — not just a command-line workaround, they make the fix the default from that point onward. Other distros make excuses about how the fix might not work on everything.

“Although I’ve given money to Devuan, and money and equipment to related projects, I am increasingly unhappy with the cult-like abuse from some community leaders and at least one official team member.”On top of this, Debian is getting the non-free crap out of their kernel as of 6.0. I start favouring Debian for the level of quality and responsibility they demonstrate. I still favour a blob-free kernel.

2012-2014: I’m running Debian and giving away free machines with Debian pre-installed, with sources. I’m writing a curriculum for a night class on refurbishing machines with Debian. My girlfriend and I make Debian logo Christmas ornaments with a laminator. My monitor has a Debian logo sticker over its own logo. I raise well over 100 dollars for SPI, Inc. and I’m happy, even thrilled to be promoting GNU/Linux with real free software and real hardware. I don’t tend to use non-free repos or non-free drivers, I also discourage others from running either.

I notice systemd coming in when rc.local stops running after an upgrade. I mostly run stable but I have one machine running testing, because testing is notoriously stable for what it is, and I want a heads up on what Debian has coming down the line.

I start reading about systemd, and exploring my options. I try Debian GNU/Kfreebsd and read about Devuan. I stop giving away Debian machines, not wanting to saddle anybody with that. The most reliable and responsible operating system, which based on its history really had me thinking I’d never need to find another distro, has jumped the shark and said “FUCK YOU” to everybody. Alright then, fuck you too.

“The idea of automated remasters (OLPC also uses that idea for creating their own distro) is that instead of distributing a new ISO every time you make a few changes, you just distribute a custom remaster script instead.”2015: In February or March, my Debian testing machine (also the one I use the most) now runs the pre-alpha of Devuan. While I wait for Devuan to mature and gain a sources ISO/single download like Debian has so I can start giving Devuan machines away (with sources, like I did for Debian) I start working on an alternative to my PC refurbishing curriculum. Without a distro I can recommend to everybody, I start working on a cross-platform programming language — trying to make a language that is more practical than Logo and easier to learn than BASIC. It’s just an experiment, I don’t worry about how outlandish the goal is. I know the actual thing is going to be modest, and that’s the idea.

I start introducing it to people in person, and within a year it is what I wanted — a language that lets me explain and introduce coding basics to people who had trouble with BASIC or Python. People I’d talked to about coding for years who tended to glaze over and not be able to explain anything I had told them, could now point to code and tell me what it did. I consider that a victory.

The language is called fig, and it was included in the best Devuan derivative I knew. Devuan did not yet have a Live CD, but there was a live Devuan derivative (I tried two of those) and the maintainer went to go work on Devuan Live officially. It was one of the better decisions Devuan made; he was the best person for that role.

2016-2017: Although I’ve given money to Devuan, and money and equipment to related projects, I am increasingly unhappy with the cult-like abuse from some community leaders and at least one official team member. I distance myself from Devuan, using fig to make automated remasters of Puppy Linux, Refracta, Tiny Core, Trisquel 8 and Debian 9 — among others.

“But although I still have nice things to say about Dyne and its founder, I do not believe in or recommend Devuan.”Originally this is not called Fig OS, but I am encouraged by some Puppy fans to move from the Puppy name (because it’s a turn off to people who think “Puppy” sounds less serious) and from the Refracta dev who is concerned it might confuse people further (Refracta already refers to remastering tools and a distro that is made with them). So I actually settle on “Fig OS”, and then “Distro-libre” as I add more source distros.

The idea of automated remasters (OLPC also uses that idea for creating their own distro) is that instead of distributing a new ISO every time you make a few changes, you just distribute a custom remaster script instead. The download is measured in kb instead of gb, plus it’s 100% source code and you get a line-by-line “receipt” of every change made to the base system.

I design it not just for one distro family, but try to keep it as flexible as possible. Originally it can mix Devuan-based Refracta with Ubuntu/Puppy-based Tahr — if you use Puppy, you know it’s more accurate to say this is like mixing Devuan with Puppy than Devuan with Ubuntu. Devuan is multi-user. Puppy Tahr has so much of Ubuntu stripped out.

The automated remaster of Trisquel 8 replaces systemd with upstart, creating a bootable Live ISO that boots Trisquel without systemd. I’m very proud of that. This was at a time when Trisquel had pretty much abandoned the idea of users having a choice about subservience to corporations. That’s a shame, when they were once the flagship distro of the FSF, and the one that convinced me that fully-free distros were possible and even practical. It’s not just that they don’t fix this — they don’t even care!

The automated remaster of Debian 9.5 also creates a bootable Live ISO that boots with sysvinit. While Devuan certainly does more, and there was a time (when it looked like Devuan might gain more volunteers) that I agreed with their level of overkill, at one point later on I was starting to think MX was a better thing to support than Devuan. I have had positive experiences with the leader of Dyne and I still this Dyne is a good organisation — that’s a pretty big deal these days, when this timeline is coming up on 2019.

But although I still have nice things to say about Dyne and its founder, I do not believe in or recommend Devuan. That team ought to split up (Dyne should abandon it for better things) and go their separate ways. Whatever “Devuan” is will be better without it being Devuan. The maintainers may disagree, but they’re also wrong. The biggest problem with Devuan is Devuan. It’s largely the same problem that Debian had, minus enough volunteers.

“If you’re calling yourself a “hacker” because you’re allegedly out to playfully subvert a corrupt authoritarian tech industry, but you conflate a couple of minor interruptions by the person who created the movement you belong to with a safety threat of some kind, maybe you’re NOT a hacker.”Then in 2018: Microsoft purchases GitHub.

MOTHER. FUCKER.

Also, a bunch of traitors stab rms in the back by pretending a question or two asked out of turn by the president of the organisation makes LibrePlanet “unsafe”. Holy George Fucking Orwell! If you’re calling yourself a “hacker” because you’re allegedly out to playfully subvert a corrupt authoritarian tech industry, but you conflate a couple of minor interruptions by the person who created the movement you belong to with a safety threat of some kind, maybe you’re NOT a hacker. Maybe the word “shill” or simply “tool” is better. Perhaps you’re really a fascist, disguised with the trappings of the left.

What a great year. But 2019 gets even better!

2019: Free Software projects, not interested in tech industry hegemony, start leaving GitHub in droves.

But NO! They actually gravitate TOWARDS the incredible suckage, coinciding with bribes from their new masters. Oh, we can’t say “masters” anymore. MASTERS, MASTERS, MASTERS! What the actual fuck, people?

RMS, who in fact called Epstein a “serial rapist”, defends a deceased colleague on a mailing list that both individuals used to contribute to (and rms still did) but it’s not the attacks on the deceased colleague that are considered inappropriate for the list (obviously that’s fine) it’s the defence that draws the wrath of the shill industry, who then make money assassinating rms and saying he “defended Epstein.” The tech press is full of liars and scumbags that might as well have worked for Joseph fucking Goebbels. (Oh, fuck you too, Mike).

“I started installing FreeBSD, OpenBSD and NetBSD on various machines.”GNOME, MIT, SFC and FSFE and even traitors inside the FSF all dogpile rms, who then steps down from the FSF. Some of these same individuals also attacked him at LibrePlanet, over NOTHING — you can watch the actual non-incident. They were simply waiting for the best opportunity to make a fuss. Seriously, that’s all it ever was.

Shortly after, someone hacks his personal website (which by the way, was not hosted by the FSF) to make it look like he was no longer the leader of the GNU Project either.

This reminds me (on a lesser scale, obviously) of when Faux News faked the Bush Jr. victory by running a clip saying he won the election before he won.

At some point in the past two years, I talked to rms about the possibility of a fully-free distro based on BSD. By sheer coincidence (but I’m very pleased) in 2019, Hyperbola announced the first FSF-approved distro to switch from the Linux kernel to a Fully-free distribution based on OpenBSD.

2020: Eager to get away from as much of this crap as possible, away from the shills, from init systems that Microsoft controls the contributions to (with their Code of Conduct and their bans of accounts from several entire countries, and their absolutely monopoly-level power that comes with owning GitHub, which we were warned against creating for years) I decided not to wait for Hyperbola, even though I love what they’re doing (and you should, too).

“I mean they tried to have a coup in the GNU Project in 2019, and that hasn’t even stopped in 2020.”I started installing FreeBSD, OpenBSD and NetBSD on various machines. I am still running GNU/Linux on ONE machine; I didn’t plan for BSD to take over my workflow as quickly (or as smoothly) as it eventually did. You can see the kind of stuff I went through getting rid of Windows.

OpenBSD 6.8 is out, and since I’ve just upgraded all my other machines (along with other work, etc.) from GNU/Linux to OpenBSD 6.7 (I have one machine running NetBSD, and I don’t recommend FreeBSD because it’s doing far too much with GitHub compared to the other two) I am looking for what I should install 6.8 on. I am talking about this week, not next year. Of course I also want to run HyperbolaBSD, but I’m getting familiar with what’s upstream right now, before HyperbolaBSD is even ready.

What’s the appeal/common sense justification of BSD? Among some other notable advantages, when people want to fork BSD, they just do. They don’t spend years begging someone else to or keeping fingers crossed — they just do it. It’s been done several times by small teams of people. Just based on that, you’d think it was easier than forking OpenOffice!

“Hyperbola wants you to be free, they didn’t fork Linux — instead they’re making BSD free, because that’s easier.”When Free Software has as many threats as it does today, threats the FSF basically ignores, leaving us to fend for ourselves (and even challenge their overly, obsessively conservative bullshit — don’t get me wrong, Open Source is still MUCH worse, but the FSFE and SFC have already fallen to Open Source; SFC is now a gateway to OSI and basically to hell, NOT to freedom) we need more autonomy or we are simply going to be taken over, the way GNU is gradually being taken over.

I mean they tried to have a coup in the GNU Project in 2019, and that hasn’t even stopped in 2020. GNU needs to be salvaged. Fortunately, Hyperbola is setting good examples on how to do just that. The FSF is just getting closer and closer to GitHub, doing big-budget-style videos promoting things like Jitsi (Guess who controls Jitsi? Not the FSF!) Free Cloud Foundation? That’s going to make IBM very happy! You’ll be able to talk to at least 150 people about it on the GitHubiverse!

If it isn’t even forkable, it’s debatable that it’s really free. Linux is demonstrably non-forkable — nobody is forking it, nobody is going to fork it, people fork BSD instead, repeatedly. The whole thing, kernel and all. Hyperbola wants you to be free, they didn’t fork Linux — instead they’re making BSD free, because that’s easier. BSD-libre! GNU/BSD, even. And fuck you again Debian, for trying to kill exactly that.

This is the thing that the FSF doesn’t seem to understand. For purposes of freedom, GNU/Linux is no longer viable. It is a corporate shitshow of DRM, sellouts and mountains of Big Tech fuckery. Yes, there are some (VERY) nice things about the kernel, but they’re not making us free, they’re making us subservient to GIAFAM and especially to Microsoft — the biggest corporate enemy of Free Software in both history and the world. An enemy that spends years lying about “love” — about LOVE!

So it can spy on people and help literally kill for profit — not simply by letting people use their code as some Open Source fakes whinge about (your dumb license won’t stop the DOD anyway, as they don’t have to honour copyright or patents) but actually getting contracts worth billions to make war (not “Love”). That’s why “fake” is the right thing to call these shills who pretend to give a shit who lives and dies in other countries (along with what it does to the environment).

“So now we are using “ethics” to reinforce a monopoly.”United Nations: “You know, we think these are war crimes that you’re committing.”

Various Countries: “But?”

United Nations: “But also we are concerned that your actions are destroying the sustainability of the human race itself.”

Various Countries: “Is that all?”

United Nations: “No. What we want to talk about right now is the license for the software running your drone systems…”

Various Countries: “Oh, NO! Don’t worry, we’re switching right back to Windows for that! War tribunals and the end of sustainability are bad enough, without VIOLATING SOFTWARE LICENSES!”

Great plan! People often talk about how munitions are even more dangerous because they’re not as “precision” as people say they are, occasionally taking out wedding parties when they want to get “just one!” terrorist, but that’ll all be “Better with Windows!” Mayyyyybe Coraline just thought JEDI would be more “ethical” if we could use licenses to ensure only Microsoft had a product they were legally allowed to sell for such purposes (Put that in your intake and smoke it, Bezos!)

So now we are using “ethics” to reinforce a monopoly. Or were we using “love” to create weapons systems? All this marketing gets confusing! I guess that’s why Windows is Linux is Winning! Now pay up, Android, you think all this “love” comes for free?

The FSF sits idly by while Microsoft and GitHub (and their own GNU contributors) and GNOME (as usual?) lie to you about the viability of this dystopian future we are already living in. Some of these people are not “mistaken” — they are actually lying to you. Two-legged Zoom spying bad, Four-legged GitHub spying good? Doubleplus WTF? The FSF just sits there, like nobody knows better. Well one guy, but OMG, He Said…

“For a minute it looked like rms was done; but he’s still fighting, we can be thankful for that. He’s not going to win against the FSF though — it will still be years still before the FSF does a course correction, away from this mess that started TWO YEARS ago.”“Free Software is bigger than Jesus!”

No, that was John Lennon. Remember folks, what rms said! Burn all your copies of the GPL! (This sort of bullshit is SO old and SO STUPID…)

Hyperbola GNU/Linux logoFor a minute it looked like rms was done; but he’s still fighting, we can be thankful for that. He’s not going to win against the FSF though — it will still be years still before the FSF does a course correction, away from this mess that started TWO YEARS ago. FIVE years if you count the systemd power grab — and you should. Corporate hegemony is always a problem, even GPL-(2 only!)-licensed corporate hegemony.

So anyway, bye bye, Linux. I’ll see you on underpowered trinkets and tablets, I’m sure.

Now get the fuck off my PC. We’re done here, penguinshit.

Long live rms, long live (Hyperbola) GNU/BSD, and happy hacking.

Licence: Creative Commons CC0 1.0 (public domain)

10.07.20

Hyperbola is the Gnu GNU

Posted in BSD, Free/Libre Software, GNU/Linux at 9:23 am by Guest Editorial Team

By figosdev

Hyperbolas as declination lines on a sundial
Credit: Piotrus | CC BY-SA 3.0 | Source photo

Summary: The kernel or distro that Richard M. Stallman likely envisioned for the GNU Project, plus Linux and BSD as assessed by figosdev (who uses both)

Apologies in advance to the Hyperbola devs; this is not an effort to promote them and if it were, I’m sure they would be embarrassed. My impression of them is they are sincerely too modest to think of themselves as the centre for what’s left of the Free Software movement. All they’re trying to do is build Hyperbola. I will advocate that they should do more, though not by themselves.

However, they are doing things (in their effort, not their attitude) like the centre of what’s left of the Free Software movement.

If I was eager to promote Hyperbola, the first thing I would do is find someone who could do a better job of it than I could. I only talk about this because of how crucial it is to the future of Free Software.

The FSF (the actual organisation, not the office) has become rickety, and caved in. RMS insists it’s safe to go back, but this is uncharacteristically optimistic of him. It has a new roof, which I don’t trust either — because the rest of the building is still falling apart. So I see the fixes as being of symptoms, not overall structural integrity. Also the new roof sucks, but at least I’ve heard people vouch for it.

“We know GNU is under attack, because it was already attacked last year.”If this were just a response to the news and upheaval of the past year, I would be sure I was overreacting. The thing is though, I predicted that collapse. I’ve watched this thing for years, very closely, and I warned this would happen. Maybe next time I make a prediction it won’t happen; I don’t have a time machine. We know the FSF has enough money, so if we are talking about the state of their survival, then we are talking about the mission, not the budget. I don’t even trust people who focus on the budget (so I think it’s a bit cynical that of all people, the treasurer was put in charge — when people are saying the F$F is all about money now, not freedom).

Their video campaigns look bigger than past efforts, but it’s to promote things like Jitsi that are controlled by Microsoft. You can still find essays that talk about how OpenWatcom is non-free, but the FSF is going to keep steering you towards clown-computing and GatesHub, no matter what.

That doesn’t look good for the future of GNU. We know GNU is under attack, because it was already attacked last year. They tried to make it look like it didn’t have a project leader. Given the number of high-profile software projects trying to “restructure” to shut out their leaders, it’s difficult to pretend there is no pattern — but the GNU project was attacked repeatedly, at the same time the FSF was. Those attacks have not stopped, they haven’t ended. GNU is under constant attack from people trying to dismantle it — people who move parts of the GNU Project to GatesHub are traitors, and people who move parts of GNU away from GatesHub are (probably) heroes.

People who believed in the FSF are leaving, even those who support rms. They will probably be happy, as I am, that rms has not quit. He continues to fight for your freedom. The FSF continues to pretend they do.

But the FSF does not recognise most of the threats that have undermined them for years, including the problems that unseated their president. People realise more and more that Mozilla and Linux have nothing to do with freedom, that telemetry and mass surveillance are anti-freedom, that the FSF doesn’t have the power to fix these things.

Hyperbola has even less power, but they make no excuses — they fight.

“Hyperbola has even less power, but they make no excuses — they fight.”And instead of saying “we don’t have the power” as their excuse, Hyperbola makes decisions that matter — so if they can’t fork the Linux kernel, they will do what the FSF did long ago — which is use a Free Software kernel that works and can be maintained. Hurd is led by a traitor, while Hyperbola grabs a kernel long-downstream from a kernel that was upstream of the one rms chose to base Hurd on. (OpenBSD isn’t based on Mach, though unlike Linux they have a common ancestor).

In the earlier days of GNU, bold decisions were made to keep the project viable. Today, BAD decisions are made to make the project more popular.

Hyperbola is doing it right. And if you want to save Free Software, if you want the movement to outlive its founder, bold (but GOOD) decisions will need to be made. Look to Hyperbola for inspiration. The future of GNU may not be under a single umbrella — though I’m not unaware of the good reasons that GNU was. Those reasons are important. But if GNU falls, what’s important is that we are not empty-handed in terms of hope for the future.

In 2017 (or early 2018) when we talked about the erosion at the FSF, their failure seemed more hypothetical, destined by principle, but even if the writing was on the wall it seemed a bit crazy to consider it — even with good reason to. It was so far-fetched.

GNU isn’t doing better in 2020 than the FSF was doing in 2017. In fact it’s doing worse. So I think it’s possible for GNU to collapse in the next 5 years — I usually give these things 5 years and they usually happen faster. But it’s more important to save GNU than the FSF.

GNU is the only thing holding the GPL up. Sure there’s a lot of other GPL software, but most of it is on GitHub. Without GNU, Copyleft will have no (sincere) champion, no flagship. It will have support, but that will fall apart as organisations like SFC exploit it — it will have more exploiters undermining it than supporters keeping it viable.

GNU is the last stand for Free Software (as Free Software) before it collapses. What collapse looks like is just a long, steady timeline of erosion without renewal.

On a software front, Hyperbola can shore up some defenses and set good examples for the next generation of Free Software. But if that doesn’t happen, GNU will go the way of the FSF and take Free Software with it. GNU IS going that way, slowly. The big question in all of this, is what people are going to rally behind. Nobody knows the answer to that — only what will happen if they don’t.

“On a software front, Hyperbola can shore up some defenses and set good examples for the next generation of Free Software.”We desperately need more projects taking examples from Hyperbola. I doubt they want to be a giant umbrella project, but even if you don’t do work “under” Hyperbola, you ought to be doing work LIKE Hyperbola. You will learn more about how to ensure the future of Free Software from watching them than you will from watching the GNU Project. Which isn’t to say you shouldn’t watch both — what’s happening in the GNU Project is really horrible.

Salvaging and preserving and bolstering the GNU Project is of greater importance than ANYTHING the FSF is doing. The F$F is DONE. Free Software is not, yet. RMS is not, yet. Hyperbola is not, yet.

GNU is dangerously close.

But GNU is still the best example there was — it is vital for it to continue. GNU was built on top of UNIX and ultimately on top of the GPL, and Hyperbola will be as well.

GNU had humble beginnings, and Hyperbola does as well.

We should be measuring projects by their integrity, not their fame or fortune. On matters of integrity, Hyperbola is building a foundation as GNU loses one.

I am not saying we should replace GNU. I’m saying we should salvage it, save it, and the FSF will not do it. Many of the people in charge of GNU will not do it.

So whatever Hyperbola inspires us to do, we ought to have a plan in place for when GNU does collapse — so that most of it is alright either way. I think Hyperbola could do that on their own, but it’s just as well if someone as principled as Hyperbola does it.

I give a vote of no confidence to Trisquel and its leadership, who have spent years letting IBM and GitHub take over. The same goes for most FSF-approved distros. I don’t want to say “every distro except Hyperbola” as I do not follow every FSF-approved distro as much as I have followed Trisquel, but Trisquel is done, too. Trisquel has gone from being a flagship of Free Software (10 years ago) to a mockery of itself. As far as software freedom goes, it’s as stupid and backwards as the Ubuntu it’s based on.

“The uglier option is that Free Software dies. That does not preclude the option of putting it back together, but it’s more work and will set us back for decades instead of years.”Devuan is also done — the project has no integrity at all, and Dyne (an organisation that does seem to care about your freedom, led by FSF-approved-distro creator Denis Roio) should pull the plug on it and let Devuan fend for itself. Debian is even worse; Roy should find a better distro to use (but that’s just my opinion).

But I will hold out the possibility that SOME other currently FSF-approved distro besides Hyperbola is up to assisting this task, I simply don’t know which one it would be. We have to stop thinking of freedom in terms of the resources these groups/developers have, and think instead in terms of what they do with the resources they have. Quite often what they do is make compromise after compromise until something becomes a joke, and in hindsight you could have told them so — but you wanted to believe, because they had the means (though not the will).

We’ve all made that sort of mistake before, leading to misplaced trust — it simply has to be something we try much harder to stop doing. We can’t afford more compromises, we need to put Free Software back together while we still can.

The uglier option is that Free Software dies. That does not preclude the option of putting it back together, but it’s more work and will set us back for decades instead of years.

Stop putting faith in things that have no direction, led by people with no spine. We are so far set back (except in terms of available source — but in terms of almost everything else) that we need to start thinking like the beginnings of the GNU Project, not the present — if we want it to have a future.

Hyperbola is not merely a good example, it is a fully-free operating system with a future. That’s what we need, but we also need to save GNU — if we want the GPL to survive. Hyperbola is already helping with that.

“Hyperbola is not merely a good example, it is a fully-free operating system with a future.”Stop supporting projects that make constant excuses for compromising your freedom, and focus on the (very few) that do things right. You’ll have far fewer choices in the short run, but you’ll have more freedom (and with it, more choices) later, if you do this now.

And I am sorry for the bother Hyperbola will get because of this, if anybody listens that is. These are things that need to be said, about things that need to be done, and Hyperbola will manage. The rest of us need to manage, too.

Long live rms and GNU, and happy hacking.

Licence: Creative Commons CC0 1.0 (public domain)

09.22.20

Erosion of Free Speech and Tolerance of Opposing Viewpoints in Free Software Communities

Posted in BSD, Deception, Free/Libre Software, GNU/Linux, Microsoft at 12:05 am by Dr. Roy Schestowitz

“It is by the goodness of God that, in this country, we have three benefits: freedom of speech, freedom of thought, and the wisdom never to use either.” –Mark Twain

Computer lecture

Summary: The concept of free speech is being reinvented by oversensitive people who nowadays expand the list of exclusions/exemptions (from scope of ‘permissible’ speech) to politics and criticism of large and highly abusive corporations

THERE is this old and pseudo-philosophical conundrum about free speech in general, e.g. tolerating the intolerant. Or questions like, are we tolerant for not tolerating speech that we perceive to be inherently intolerant?

“Having received about 40,000 comments in this blog, there are many that I strongly dislike; but we never censored comments, not even ones with racial slurs in them.”The subject isn’t new. The debate isn’t unprecedented. There are, however, things that can be said in the context of free-as-in-freedom software.

Free speech absolutists have to be quite tolerant (and no, we’re not talking about nazis who disguise themselves as “free speech”) because they need to not necessarily respect but let words be spoken/written/published despite loathing those words. Cultural differences too are a factor.

Having received about 40,000 comments in this blog, there are many that I strongly dislike; but we never censored comments, not even ones with racial slurs in them. Those are just a reflection of what society is and we draw the line at physical threats (those are a special case and there are well-established laws for dealing with them, even restraining orders and arrests).

A speakerYesterday in IRC someone brought up Gab; well, Gab isn’t an ordinary site because there are many violent cults there, ones that seek to implement ethnic cleansing and death threats are commonplace there. So put Gab aside as a special case. What’s special about it isn’t mere racial/ethnic agitation but its uniquely violent nature (including members proceeding to mass murder, based on things that inspired them in Gab, legitimising those acts). The management of Gab obviously does not condone such violence and it cooperated with authorities when it had to; but those who block Gab (e.g. Fediverse factions) have some legitimate grounds for doing so, noting the large proportion of violent (in nature, explicitly) output emitted from there.

So again, just to clarify, when we speak about free speech we do not include (within scope) every single utterance of nonsense, especially not calls for genocide. There have long been laws for dealing with these, aside from the realms of speech alone (many murders are preceded by threats, whether it’s domestic violence or disputes over drugs; there’s an interest in prevention of lethal/fatal violence).

Some hours ago Derek Taylor (also known as DistroTube) published this video/view entitled “If You Support Free Software, You Should Support Gun Rights” (similar to the sorts of things ESR likes to say) and last week he published a video that uses words like “virtue-signalling”, “social justice warriors” etc. (coming across like part of a group that’s widely perceived to be intolerant). I’ve spoken Derek Taylor online but not offline (he’s in the US, very far from here) and I largely agree with him on many technical things (I strongly disagree with his older stance regarding Torvalds and Stallman — a stance he may have changed since). But in Daily Links there’s no reason not to include this “pro-gun” video, even if many of us do not share his views. The feature image for that video is of him holding a rifle. Stay classy, eh?

It’s truly regretful that, putting “wings” aside (the political duality — a superficial binary standard), a certain polarity in the Free software world now deems people or classifies people as either “left” or “right” (some go further and simplify with “anti-Trump” or “pro-Trump”). This is partly the reason why ESR, both co-founder of the OSI and for a period of time chief of the OSI, got banned by the OSI earlier this year (‘canceled’ from mailing lists, at least). His views on Free software — oh, sorry… Open Source — licensing did not seem to matter because his choice of words seemed political on the ‘wrong’ side of politics. This isn’t the way to have an healthy and productive debate about software and ethical issues. Sure, we don’t all agree about politics. And if ESR thinks that there’s “vulgar” form of “Marxism” somewhere, let him say it. One doesn’t have to agree with him. To outright ban him (from his own creation) says a lot about the lack of will to come up with a counter-argument. This is to be expected somewhere like China. Do we really wish to go down this route?

What I find a lot more concerning, personally at least, is censorship of people not for the ‘wrong’ political worldviews (the people who suffer the most from it call it ‘wrongthink’ or similar terms) but for criticising bad corporations. Here’s an example that is very new and very disturbing:

bsd.network

Language of dictators: “if you give me lip about this, especially as a “joke”, you’ll get blocked and/or lose your account” (and he’s not joking! Not tongue-in-cheek a statement!)

As an associate of ours put it: “In the bsd.network link [...] we see what CoCs are really about.”

We recently saw the same thing in Rust/Mozilla/Reddit (banning Microsoft critics).

In an act of recognition and solidarity we recently reproduced many articles from Daniel Pocock, whom I believe got in trouble for doing ‘too much’ complaining about corporate influence if not takeover by large corporations such as Google and Microsoft (both pay Debian and the FSFE) — two companies which his technical work (SIP etc.) seeks to make obsolete.

Dig a little deeper into the context of the above quip/toot and find this (pinned even):

bsd.network CoC

So the CoC seems to have been magically extended to, “do not criticise Microsoft” (an OpenBSD sponsor by the way; this is no secret). Do we want to go down this route of making it impermissible to criticise large corporations and oligarchs, especially those who pay us? If so, isn’t that just bribery for silence? Are we enforcing politeness here or merely covering up misconduct and censorious behaviour?

« Previous entries Next Page » Next Page »

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channels: Come and chat with us in real time

New to This Site? Here Are Some Introductory Resources

No

Mono

ODF

Samba logo






We support

End software patents

GPLv3

GNU project

BLAG

EFF bloggers

Comcast is Blocktastic? SavetheInternet.com



Recent Posts