diff options
Diffstat (limited to 'research/computing/suckless')
-rw-r--r-- | research/computing/suckless/messaging.md | 103 | ||||
-rw-r--r-- | research/computing/suckless/sites.md | 90 | ||||
-rw-r--r-- | research/computing/suckless/virtual.md | 101 | ||||
-rw-r--r-- | research/computing/suckless/virtual/screenshot.png | bin | 0 -> 74886 bytes |
4 files changed, 294 insertions, 0 deletions
diff --git a/research/computing/suckless/messaging.md b/research/computing/suckless/messaging.md new file mode 100644 index 0000000..81c80a6 --- /dev/null +++ b/research/computing/suckless/messaging.md @@ -0,0 +1,103 @@ +[[!meta title="Mensageria Suckless"]] + +Quem não comunica se trumbica. Mas quem comunica também. Porque tá cheio de +sistema por aí que te afaga e te apedreja ao mesmo tempo. Oferece serviço de +vigilância gratuita que possui funcionalidade de comunicação. + +Aqui queremos a boa e velha mensageria suckless, que também é uma merda, mas é +uma merda menor do que o enlatado baseado em soluções proprietárias oferecido +pelas startups turbocapitalistas. + +Isto aqui é um esboço! Patches são bem vindos :) + +Requisitos +---------- + +* Seja independente de plataforma e independente de um computador móvel como + smartphones. + +* Sessão persistente: podem te enviar mensagem mesmo que você não esteja online. + Melhor ainda, que você conste como online mesmo que não esteja acessando a + mensageria. + +* Um mínimo de privacidade: conexão cifrada com o servidor, criptografia + ponta-a-ponta com negação plausível pra falar com os/as amiguinhos, sem logs. + +Ingredientes +------------ + +1. Conta shell num servidor com bom uptime e acesso SSH. + +2. Mutiplexador de terminal. + + É uma espécie de "gerenciador de janelas" para + a linha de comando que permite manter programas + rodando em background mesmo quando o terminal + é fechado. + + Ele permite que malandros deixem a mensageria + IRC rodando no servidor mesmo que não estejam + conectados via SSH. + + Exemplos: tmux e screen + +3. Cliente de IRC + + Exemplos: irssi e weechat + +Howto +----- + +Logando e instalando: + + ssh servidor-remoto + sudo apt install tmux irssi irssi-plugin-otr + +Criando uma sessão para o IRC: + + tmux + +Abrindo o cliente e se conectando no rolê: + + irssi + +Para sair da sessão sem encerrar a mensageria, digite Ctrl B D +(control sequence do tmux mais o comando "detach"). Depois é +só encerrar a shell do servidor remoto. + +Para se reconectar, basta + + ssh servidor-remoto tmux attach + +Básico do IRC +------------- + + /network add -nick <nick> -realname <realname> freenode + /server add -auto -ssl_verify -ssl_capath /etc/ssl/certs -network freenode chat.freenode.net 7000 + /save + /connect freenode + /join #canal + +Bônus +----- + +* Tor. +* Bitlbee. + +Privacidade +----------- + +Note que uma sessão persistente implica no cliente rodando num +servidor. Isso pode degradar sua privacidade, uma vez que o servidor +pode ser comprometido de várias formas. É importante ter consciência +disso. + +Da mesma forma que seu celular pode ser invadido, roubado e ter dados extraídos, +um servidor também é um ponto vulnerável na sua comunicação, especialmente +se for nele que as chaves criptográficas estiverem armazenadas. + +Assim, a sessão persistente de mensageria oferece um nível de segurança apenas +intermediário, servindo para a comunicação do dia-a-dia que não for sensível. + +Para comunicação sensível, o melhor é rodar o cliente de mensageria diretamente +a partir do seu [Console Físico Confiável](https://opsec.fluxo.info/specs/tpc). diff --git a/research/computing/suckless/sites.md b/research/computing/suckless/sites.md new file mode 100644 index 0000000..67149d5 --- /dev/null +++ b/research/computing/suckless/sites.md @@ -0,0 +1,90 @@ +[[!meta title="We are the static site generation!"]] + +# Current practice + +Currently [ikiwiki](http://ikiwiki.info) is adopted by the following reasons: + +1. There is a [Debian package](https://packages.debian.org/stable/ikiwiki). +2. It's flexible enough to support both local or remote side static compilation: + * Local compilation by calling the `ikiwiki` command directly. + * Remotelly by using a [git hook](http://ikiwiki.info/rcs/git/). + +When it's said **both** it means that you don't need to choose either of the two options: you can choose or both simultaneously. + +## Static site example + +Here comes the mandadoty "Hello world" example from the statically generated site realm: + + mkdir blog && cd blog + echo "Hello world..." > index.mdwn + ikiwiki --rebuild --exclude www . www + +That's it! You have a generated site sitting at your `www` subfolder which can be copied remotelly using `rsync`. + +## Version control + +It's a good pratice to keep your work under version control: + + git init + echo "/.ikiwiki" > .gitignore + echo "/recentchanges" >> .gitignore + echo "/www" >> .gitignore + git add . + git commit -m "Initial import" + +## Add a bit of sofistication + +* Use [this Makefile](/Makefile) as an starting point to refresh and publish your wiki by simply running `make web`. +* Use a [complete ikiwiki template](https://git.fluxo.info/?p=templates.git;a=tree;f=ikiwiki;h=HEAD) and change to your needs. +* If you're a automation junkie, try the [puppet-ikiwiki](https://git.fluxo.info/puppet-ikiwiki.git) module. + +## Theming + +Currently using [Ikiwiki](http://ikiwiki.info) with [Bootstrap](http://twitter.github.io/bootstrap/): + +* [Templates](https://github.com/tgpfeiffer/ikiwiki-bootstrap-template). +* [Bootswatch](http://bootswatch.com) themes. + +## Deployment + +You can create passwordless SSH keys and use [rrsync](http://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/) ([2](http://wiki.hands.com/howto/passphraseless-ssh/)) to restrict access. Then add an entry into your `~/.ssh/config`: + + Host blog.example.org blog + HostName blog.example.org + User blog + IdentityFile ~/.ssh/blog@blog.example.org + +Now simply run `make web_deploy` with the above mentioned `Makefile` do sync your static site! + +## Ikiwiki references + +* [Ikiwiki](http://ikiwiki.info). +* [Improving Ikiwiki style with Bootstrap](https://ceops.eu/posts/Improving%20Ikiwiki%20style%20with%20Bootstrap/). +* [How to have a nice design for ikiwiki](http://www2.tblein.eu/posts/How_to_have_a_nice_design_for_ikiwiki/). +* [gsliepen/ikistrap: Bootstrap 4 theme for ikiwiki](https://github.com/gsliepen/ikistrap/). + +# Alternatives + +* [The updated big list of static website generators for your site, blog or wiki](https://iwantmyname.com/blog/2014/05/the-updated-big-list-of-static-website-generators-for-your-site-blog-or-wiki). +* [Top Open-Source Static Site Generators - StaticGen](https://www.staticgen.com/). +* [Static Site Generators](https://staticsitegenerators.net/). +* [Static Site Generators at GitHub](https://github.com/skx/static-site-generators). +* [Replacing Jekyll with Pandoc and a Makefile](https://tylercipriani.com/2014/05/13/replace-jekyll-with-pandoc-makefile.html). +* [Brane Dump: Static Comments in Jekyll](http://www.hezmatt.org/~mpalmer/blog/2011/07/19/static-comments-in-jekyll.html). +* [Hyde](https://github.com/lakshmivyas/hyde/) ([package](https://packages.debian.org/stable/hyde)). +* [Gollum](https://github.com/gollum/gollum). +* [Hugo](https://gohugo.io/) ([pacote](https://packages.debian.org/stable/hugo)). +* [Amber](https://github.com/leapcode/amber). +* [Grav](http://getgrav.org/). +* [Hakyll](http://jaspervdj.be/hakyll/) ([package](https://packages.debian.org/sid/libghc-hakyll-dev)). +* [Jekyll](http://jekyllrb.com/) ([package](https://packages.debian.org/stable/jekyll)). +* [Static site generators for building web sites](https://lwn.net/Articles/541299/). +* [Pelican Static Site Generator, Powered by Python](http://blog.getpelican.com/) ([package](https://packages.debian.org/sid/python-pelican)). +* [Middleman: Hand-crafted frontend development](https://middlemanapp.com/). +* [Juvia: a commenting server similar to Disqus and IntenseDebate](https://github.com/phusion/juvia). +* [gitit](https://github.com/jgm/gitit/tree/master/). +* [Sphinx](http://sphinx-doc.org/) ([package](https://packages.debian.org/stable/python-sphinx)). +* [Utterson: a minimal static blog generator written using old-school unix tools (make, ksh, m4, awk, procmail and a pinch of elisp)](https://github.com/stef/utterson). +* [werc - A sane web anti-framework](http://werc.cat-v.org/). +* [cfenollosa/bashblog: A single Bash script to create blogs. Download, run, write, done!](https://github.com/cfenollosa/bashblog). +* [blogofile](https://packages.debian.org/stable/blogofile) diff --git a/research/computing/suckless/virtual.md b/research/computing/suckless/virtual.md new file mode 100644 index 0000000..51c01c1 --- /dev/null +++ b/research/computing/suckless/virtual.md @@ -0,0 +1,101 @@ +[[!meta title="Virtualized GUI environments"]] + +Can't or don't want to use [Qubes OS](https://www.qubes-os.org/)? Here comes a straightforward sollution +that, while not offering the same level of security, is practical enough to be implemented in the confort +of your current FOSS OS! + +A picture +--------- + +Could you spot the difference between the Tor Browser running in the host for the one inside the virtual machine? That's what we want to achieve! + +![Screenshot](screenshot.png) + +First things first +------------------ + +What you can do: + +1. Create a virtual machine image of the operating system of your choice like [this example](https://padrao.fluxo.info/boxes/). +2. Setup basic X11 environment with automatic login and startup programs. +3. Configure your hypervisor to hide icons and additional decorations around the virtual machine. +4. Setup key bindings on your window manager to start/resume and stop/suspend the virtual machine. + +Debian desktop +-------------- + +When using a debian virtual machine as a virtual desktop, consider the following: + + apt-get install lightdm ratpoison + +Make sure to configure `/etc/lightdm/lightdm.conf` with something like + + autologin-user=vagrant + autologin-user-timeout=0 + +If using VirtualBox, you might also want to try [virtualbox-guest-x11](https://packages.debian.org/stable/virtualbox-guest-x11). + +Features +-------- + +* Good security through isolation. +* Improved start/stop of your application by using virtual machine suspend/resume. +* Minor performance penalties while running the virtual machine. + +Limitations +----------- + +* Memory and disk consumption. +* Clipboard might still be available to the virtual environment, see [this discussion](http://theinvisiblethings.blogspot.com.br/2011/04/linux-security-circus-on-gui-isolation.html). + +Future +------ + +* This should be better documented! +* Automated expendable snapshots for one-time-use virtual machines. +* Automated recipes (puppet/ansible). +* Vagrant integration for fast provisioning of golden images. +* Alternatives to the VirtualBox hypervisor. + +References +---------- + +Applications: + +* [kvmx script](https://kvmx.fluxo.info). +* [vbox script](https://git.fluxo.info/vbox). +* [plymouth - Debian Wiki](https://wiki.debian.org/plymouth). +* [SPICE Project](http://www.spice-space.org/). + +Other implementations: + +* [Marco Carnut: Ambiente "Auto-Limpante" via Virtualização Ultra-Leve Descartável - Tempest Blog](http://blog.tempest.com.br/marco-carnut/ambiente-auto-limpante-via-virtualizacao-ultra-leve-descartavel.html). +* [Subgraph OS and Mail](https://subgraph.com/sgos/index.en.html). + +Tips: + +* If using Firefox, try to disable hardware graphics acceleration as it might impact performance and produce graphics artifacts. This behavior was seem on VMs running with qemu-kvm with SPICE. + +Spice and KVM: + +* http://www.linux-kvm.org/page/SPICE +* https://www.spice-space.org/spice-user-manual.html +* https://kuther.net/content/convert-virtualbox-kvmqemu +* http://www.ubuntugeek.com/how-change-display-resolution-settings-using-xrandr.html +* https://bugzilla.redhat.com/show_bug.cgi?id=1020393 +* https://people.freedesktop.org/~teuf/spice-doc/html/ch03.html +* http://askubuntu.com/questions/107228/how-to-resize-virtual-machine-disk#481887 +* http://wiki.qemu.org/Documentation/9psetup +* https://ask.fedoraproject.org/en/question/8080/shared-folder-with-qemu-kvm/ + +Mounting guest images: + +* [Mounting raw and qcow2 VM disk images](https://alexeytorkhov.blogspot.com.br/2009/09/mounting-raw-and-qcow2-vm-disk-images.html) using `losetup` or `qemu-nbd`. +* [guestmount](http://libguestfs.org/guestmount.1.html) from [libguestfs, a library for accessing and modifying VM disk images](http://libguestfs.org/). + +Image optimization: + +* [Tip: Making a disk image sparse | Richard WM Jones](https://rwmj.wordpress.com/2010/10/19/tip-making-a-disk-image-sparse/). +* [How to convert a non-sparse image to a sparse image – Patrick's Blog(2)](https://blog.laimbock.com/2013/10/31/how-to-convert-a-non-sparse-image-to-sparse/). + + ionice -c 3 nice -n 19 virt-sparsify --tmp /tmp --convert qcow2 --compress box.img box.new && mv box.new box.img diff --git a/research/computing/suckless/virtual/screenshot.png b/research/computing/suckless/virtual/screenshot.png Binary files differnew file mode 100644 index 0000000..f5541c4 --- /dev/null +++ b/research/computing/suckless/virtual/screenshot.png |