aboutsummaryrefslogtreecommitdiff
path: root/research/computing/suckless
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2021-01-17 15:26:04 -0300
committerSilvio Rhatto <rhatto@riseup.net>2021-01-17 15:26:04 -0300
commita22166f6e0750fbddf564f244bb96d94524296d4 (patch)
tree0cb541516bd13ec64d3eb3fc4d867fd86271d2a2 /research/computing/suckless
parent7f52a0acea5d766c0c25997df1dd907162db0407 (diff)
downloadblog-a22166f6e0750fbddf564f244bb96d94524296d4.tar.gz
blog-a22166f6e0750fbddf564f244bb96d94524296d4.tar.bz2
Fix: cleanup and refactor
Diffstat (limited to 'research/computing/suckless')
-rw-r--r--research/computing/suckless/messaging.md103
-rw-r--r--research/computing/suckless/sites.md90
-rw-r--r--research/computing/suckless/virtual.md101
-rw-r--r--research/computing/suckless/virtual/screenshot.pngbin0 -> 74886 bytes
4 files changed, 294 insertions, 0 deletions
diff --git a/research/computing/suckless/messaging.md b/research/computing/suckless/messaging.md
new file mode 100644
index 0000000..81c80a6
--- /dev/null
+++ b/research/computing/suckless/messaging.md
@@ -0,0 +1,103 @@
+[[!meta title="Mensageria Suckless"]]
+
+Quem não comunica se trumbica. Mas quem comunica também. Porque tá cheio de
+sistema por aí que te afaga e te apedreja ao mesmo tempo. Oferece serviço de
+vigilância gratuita que possui funcionalidade de comunicação.
+
+Aqui queremos a boa e velha mensageria suckless, que também é uma merda, mas é
+uma merda menor do que o enlatado baseado em soluções proprietárias oferecido
+pelas startups turbocapitalistas.
+
+Isto aqui é um esboço! Patches são bem vindos :)
+
+Requisitos
+----------
+
+* Seja independente de plataforma e independente de um computador móvel como
+ smartphones.
+
+* Sessão persistente: podem te enviar mensagem mesmo que você não esteja online.
+ Melhor ainda, que você conste como online mesmo que não esteja acessando a
+ mensageria.
+
+* Um mínimo de privacidade: conexão cifrada com o servidor, criptografia
+ ponta-a-ponta com negação plausível pra falar com os/as amiguinhos, sem logs.
+
+Ingredientes
+------------
+
+1. Conta shell num servidor com bom uptime e acesso SSH.
+
+2. Mutiplexador de terminal.
+
+ É uma espécie de "gerenciador de janelas" para
+ a linha de comando que permite manter programas
+ rodando em background mesmo quando o terminal
+ é fechado.
+
+ Ele permite que malandros deixem a mensageria
+ IRC rodando no servidor mesmo que não estejam
+ conectados via SSH.
+
+ Exemplos: tmux e screen
+
+3. Cliente de IRC
+
+ Exemplos: irssi e weechat
+
+Howto
+-----
+
+Logando e instalando:
+
+ ssh servidor-remoto
+ sudo apt install tmux irssi irssi-plugin-otr
+
+Criando uma sessão para o IRC:
+
+ tmux
+
+Abrindo o cliente e se conectando no rolê:
+
+ irssi
+
+Para sair da sessão sem encerrar a mensageria, digite Ctrl B D
+(control sequence do tmux mais o comando "detach"). Depois é
+só encerrar a shell do servidor remoto.
+
+Para se reconectar, basta
+
+ ssh servidor-remoto tmux attach
+
+Básico do IRC
+-------------
+
+ /network add -nick <nick> -realname <realname> freenode
+ /server add -auto -ssl_verify -ssl_capath /etc/ssl/certs -network freenode chat.freenode.net 7000
+ /save
+ /connect freenode
+ /join #canal
+
+Bônus
+-----
+
+* Tor.
+* Bitlbee.
+
+Privacidade
+-----------
+
+Note que uma sessão persistente implica no cliente rodando num
+servidor. Isso pode degradar sua privacidade, uma vez que o servidor
+pode ser comprometido de várias formas. É importante ter consciência
+disso.
+
+Da mesma forma que seu celular pode ser invadido, roubado e ter dados extraídos,
+um servidor também é um ponto vulnerável na sua comunicação, especialmente
+se for nele que as chaves criptográficas estiverem armazenadas.
+
+Assim, a sessão persistente de mensageria oferece um nível de segurança apenas
+intermediário, servindo para a comunicação do dia-a-dia que não for sensível.
+
+Para comunicação sensível, o melhor é rodar o cliente de mensageria diretamente
+a partir do seu [Console Físico Confiável](https://opsec.fluxo.info/specs/tpc).
diff --git a/research/computing/suckless/sites.md b/research/computing/suckless/sites.md
new file mode 100644
index 0000000..67149d5
--- /dev/null
+++ b/research/computing/suckless/sites.md
@@ -0,0 +1,90 @@
+[[!meta title="We are the static site generation!"]]
+
+# Current practice
+
+Currently [ikiwiki](http://ikiwiki.info) is adopted by the following reasons:
+
+1. There is a [Debian package](https://packages.debian.org/stable/ikiwiki).
+2. It's flexible enough to support both local or remote side static compilation:
+ * Local compilation by calling the `ikiwiki` command directly.
+ * Remotelly by using a [git hook](http://ikiwiki.info/rcs/git/).
+
+When it's said **both** it means that you don't need to choose either of the two options: you can choose or both simultaneously.
+
+## Static site example
+
+Here comes the mandadoty "Hello world" example from the statically generated site realm:
+
+ mkdir blog && cd blog
+ echo "Hello world..." > index.mdwn
+ ikiwiki --rebuild --exclude www . www
+
+That's it! You have a generated site sitting at your `www` subfolder which can be copied remotelly using `rsync`.
+
+## Version control
+
+It's a good pratice to keep your work under version control:
+
+ git init
+ echo "/.ikiwiki" > .gitignore
+ echo "/recentchanges" >> .gitignore
+ echo "/www" >> .gitignore
+ git add .
+ git commit -m "Initial import"
+
+## Add a bit of sofistication
+
+* Use [this Makefile](/Makefile) as an starting point to refresh and publish your wiki by simply running `make web`.
+* Use a [complete ikiwiki template](https://git.fluxo.info/?p=templates.git;a=tree;f=ikiwiki;h=HEAD) and change to your needs.
+* If you're a automation junkie, try the [puppet-ikiwiki](https://git.fluxo.info/puppet-ikiwiki.git) module.
+
+## Theming
+
+Currently using [Ikiwiki](http://ikiwiki.info) with [Bootstrap](http://twitter.github.io/bootstrap/):
+
+* [Templates](https://github.com/tgpfeiffer/ikiwiki-bootstrap-template).
+* [Bootswatch](http://bootswatch.com) themes.
+
+## Deployment
+
+You can create passwordless SSH keys and use [rrsync](http://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/) ([2](http://wiki.hands.com/howto/passphraseless-ssh/)) to restrict access. Then add an entry into your `~/.ssh/config`:
+
+ Host blog.example.org blog
+ HostName blog.example.org
+ User blog
+ IdentityFile ~/.ssh/blog@blog.example.org
+
+Now simply run `make web_deploy` with the above mentioned `Makefile` do sync your static site!
+
+## Ikiwiki references
+
+* [Ikiwiki](http://ikiwiki.info).
+* [Improving Ikiwiki style with Bootstrap](https://ceops.eu/posts/Improving%20Ikiwiki%20style%20with%20Bootstrap/).
+* [How to have a nice design for ikiwiki](http://www2.tblein.eu/posts/How_to_have_a_nice_design_for_ikiwiki/).
+* [gsliepen/ikistrap: Bootstrap 4 theme for ikiwiki](https://github.com/gsliepen/ikistrap/).
+
+# Alternatives
+
+* [The updated big list of static website generators for your site, blog or wiki](https://iwantmyname.com/blog/2014/05/the-updated-big-list-of-static-website-generators-for-your-site-blog-or-wiki).
+* [Top Open-Source Static Site Generators - StaticGen](https://www.staticgen.com/).
+* [Static Site Generators](https://staticsitegenerators.net/).
+* [Static Site Generators at GitHub](https://github.com/skx/static-site-generators).
+* [Replacing Jekyll with Pandoc and a Makefile](https://tylercipriani.com/2014/05/13/replace-jekyll-with-pandoc-makefile.html).
+* [Brane Dump: Static Comments in Jekyll](http://www.hezmatt.org/~mpalmer/blog/2011/07/19/static-comments-in-jekyll.html).
+* [Hyde](https://github.com/lakshmivyas/hyde/) ([package](https://packages.debian.org/stable/hyde)).
+* [Gollum](https://github.com/gollum/gollum).
+* [Hugo](https://gohugo.io/) ([pacote](https://packages.debian.org/stable/hugo)).
+* [Amber](https://github.com/leapcode/amber).
+* [Grav](http://getgrav.org/).
+* [Hakyll](http://jaspervdj.be/hakyll/) ([package](https://packages.debian.org/sid/libghc-hakyll-dev)).
+* [Jekyll](http://jekyllrb.com/) ([package](https://packages.debian.org/stable/jekyll)).
+* [Static site generators for building web sites](https://lwn.net/Articles/541299/).
+* [Pelican Static Site Generator, Powered by Python](http://blog.getpelican.com/) ([package](https://packages.debian.org/sid/python-pelican)).
+* [Middleman: Hand-crafted frontend development](https://middlemanapp.com/).
+* [Juvia: a commenting server similar to Disqus and IntenseDebate](https://github.com/phusion/juvia).
+* [gitit](https://github.com/jgm/gitit/tree/master/).
+* [Sphinx](http://sphinx-doc.org/) ([package](https://packages.debian.org/stable/python-sphinx)).
+* [Utterson: a minimal static blog generator written using old-school unix tools (make, ksh, m4, awk, procmail and a pinch of elisp)](https://github.com/stef/utterson).
+* [werc - A sane web anti-framework](http://werc.cat-v.org/).
+* [cfenollosa/bashblog: A single Bash script to create blogs. Download, run, write, done!](https://github.com/cfenollosa/bashblog).
+* [blogofile](https://packages.debian.org/stable/blogofile)
diff --git a/research/computing/suckless/virtual.md b/research/computing/suckless/virtual.md
new file mode 100644
index 0000000..51c01c1
--- /dev/null
+++ b/research/computing/suckless/virtual.md
@@ -0,0 +1,101 @@
+[[!meta title="Virtualized GUI environments"]]
+
+Can't or don't want to use [Qubes OS](https://www.qubes-os.org/)? Here comes a straightforward sollution
+that, while not offering the same level of security, is practical enough to be implemented in the confort
+of your current FOSS OS!
+
+A picture
+---------
+
+Could you spot the difference between the Tor Browser running in the host for the one inside the virtual machine? That's what we want to achieve!
+
+![Screenshot](screenshot.png)
+
+First things first
+------------------
+
+What you can do:
+
+1. Create a virtual machine image of the operating system of your choice like [this example](https://padrao.fluxo.info/boxes/).
+2. Setup basic X11 environment with automatic login and startup programs.
+3. Configure your hypervisor to hide icons and additional decorations around the virtual machine.
+4. Setup key bindings on your window manager to start/resume and stop/suspend the virtual machine.
+
+Debian desktop
+--------------
+
+When using a debian virtual machine as a virtual desktop, consider the following:
+
+ apt-get install lightdm ratpoison
+
+Make sure to configure `/etc/lightdm/lightdm.conf` with something like
+
+ autologin-user=vagrant
+ autologin-user-timeout=0
+
+If using VirtualBox, you might also want to try [virtualbox-guest-x11](https://packages.debian.org/stable/virtualbox-guest-x11).
+
+Features
+--------
+
+* Good security through isolation.
+* Improved start/stop of your application by using virtual machine suspend/resume.
+* Minor performance penalties while running the virtual machine.
+
+Limitations
+-----------
+
+* Memory and disk consumption.
+* Clipboard might still be available to the virtual environment, see [this discussion](http://theinvisiblethings.blogspot.com.br/2011/04/linux-security-circus-on-gui-isolation.html).
+
+Future
+------
+
+* This should be better documented!
+* Automated expendable snapshots for one-time-use virtual machines.
+* Automated recipes (puppet/ansible).
+* Vagrant integration for fast provisioning of golden images.
+* Alternatives to the VirtualBox hypervisor.
+
+References
+----------
+
+Applications:
+
+* [kvmx script](https://kvmx.fluxo.info).
+* [vbox script](https://git.fluxo.info/vbox).
+* [plymouth - Debian Wiki](https://wiki.debian.org/plymouth).
+* [SPICE Project](http://www.spice-space.org/).
+
+Other implementations:
+
+* [Marco Carnut: Ambiente "Auto-Limpante" via Virtualização Ultra-Leve Descartável - Tempest Blog](http://blog.tempest.com.br/marco-carnut/ambiente-auto-limpante-via-virtualizacao-ultra-leve-descartavel.html).
+* [Subgraph OS and Mail](https://subgraph.com/sgos/index.en.html).
+
+Tips:
+
+* If using Firefox, try to disable hardware graphics acceleration as it might impact performance and produce graphics artifacts. This behavior was seem on VMs running with qemu-kvm with SPICE.
+
+Spice and KVM:
+
+* http://www.linux-kvm.org/page/SPICE
+* https://www.spice-space.org/spice-user-manual.html
+* https://kuther.net/content/convert-virtualbox-kvmqemu
+* http://www.ubuntugeek.com/how-change-display-resolution-settings-using-xrandr.html
+* https://bugzilla.redhat.com/show_bug.cgi?id=1020393
+* https://people.freedesktop.org/~teuf/spice-doc/html/ch03.html
+* http://askubuntu.com/questions/107228/how-to-resize-virtual-machine-disk#481887
+* http://wiki.qemu.org/Documentation/9psetup
+* https://ask.fedoraproject.org/en/question/8080/shared-folder-with-qemu-kvm/
+
+Mounting guest images:
+
+* [Mounting raw and qcow2 VM disk images](https://alexeytorkhov.blogspot.com.br/2009/09/mounting-raw-and-qcow2-vm-disk-images.html) using `losetup` or `qemu-nbd`.
+* [guestmount](http://libguestfs.org/guestmount.1.html) from [libguestfs, a library for accessing and modifying VM disk images](http://libguestfs.org/).
+
+Image optimization:
+
+* [Tip: Making a disk image sparse | Richard WM Jones](https://rwmj.wordpress.com/2010/10/19/tip-making-a-disk-image-sparse/).
+* [How to convert a non-sparse image to a sparse image – Patrick's Blog(2)](https://blog.laimbock.com/2013/10/31/how-to-convert-a-non-sparse-image-to-sparse/).
+
+ ionice -c 3 nice -n 19 virt-sparsify --tmp /tmp --convert qcow2 --compress box.img box.new && mv box.new box.img
diff --git a/research/computing/suckless/virtual/screenshot.png b/research/computing/suckless/virtual/screenshot.png
new file mode 100644
index 0000000..f5541c4
--- /dev/null
+++ b/research/computing/suckless/virtual/screenshot.png
Binary files differ