From a22166f6e0750fbddf564f244bb96d94524296d4 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sun, 17 Jan 2021 15:26:04 -0300 Subject: Fix: cleanup and refactor --- research/computing/git.md | 101 +++++ research/computing/libreboot.md | 149 +++++++ research/computing/services.md | 468 +++++++++++++++++++++ research/computing/suckless.md | 58 +++ research/computing/suckless/messaging.md | 103 +++++ research/computing/suckless/sites.md | 90 ++++ research/computing/suckless/virtual.md | 101 +++++ research/computing/suckless/virtual/screenshot.png | Bin 0 -> 74886 bytes research/computing/thinkpad.md | 210 +++++++++ research/computing/token.md | 59 +++ 10 files changed, 1339 insertions(+) create mode 100644 research/computing/git.md create mode 100644 research/computing/libreboot.md create mode 100644 research/computing/services.md create mode 100644 research/computing/suckless.md create mode 100644 research/computing/suckless/messaging.md create mode 100644 research/computing/suckless/sites.md create mode 100644 research/computing/suckless/virtual.md create mode 100644 research/computing/suckless/virtual/screenshot.png create mode 100644 research/computing/thinkpad.md create mode 100644 research/computing/token.md (limited to 'research/computing') diff --git a/research/computing/git.md b/research/computing/git.md new file mode 100644 index 0000000..f59f38c --- /dev/null +++ b/research/computing/git.md @@ -0,0 +1,101 @@ +[[!meta title="Git"]] + +Git research and development. + +Barebones shared git repositories +--------------------------------- + +No gitolite, gitosis, gitlab or whatever involded. Only OpenSSH and git is needed. + +### Basic config + +If needed, create a host instance for your git server at your `~/.ssh/config`: + + Host git.project.org gitserver + HostName git.project.org + +Now make sure you can log into the server using key-based auth. + +### Server config + + sudo apt install git + sudo adduser git --home /var/git + sudo mkdir /var/git/repositories + sudo chown git. /var/git/repositories + sudo chmod 775 /var/git/repositories + sudo usermod -a -G git `whoami` # add yourself into the git group + +### Creating a repository + +At your computer: + + repo="name-your-project-here" + mkdir $repo + cd $repo + git init + git remote add origin ssh://gitserver/var/git/repositories/$repo.git + +Then do your regular stuff: create files, commit stuff, etc: + + touch test + git add . + git commit -m "Initial import" + +### Copy a bare git repo to the server + + cd .. + git clone --bare $repo $repo.git + scp -r $repo.git gitserver:/var/git/repositories/$repo.git + +### Making the repository shareable + +In the server: + + sudo chgrp -R git /var/git/repositories/$repo.git + sudo chmod 775 /var/git/repositories/$repo.git + + find /var/git/repositories/$repo.git/ -type f -exec sudo chmod 664 {} \; + find /var/git/repositories/$repo.git/ -type d -exec sudo chmod 775 {} \; + +Now make sure that the repository configuration has the following option at the `core` section: + + sharedRepository = group + +You can edit `/var/git/repositories/$repo.git/config` to add this config or just run +the following commands: + + git -C /var/git/repositories/$repo.git config core.sharedRepository group + +### Daily workflow + +From now on, you can work at your computer's local `$repo` as usual: + + cd $repo + git pull + touch another-test + git add . + git commit -m "Adds another-test" + git push # this sends changes back to your git server + +### Adding more users into the game + +You can add existing users to edit the repository given that: + +* They have accounts in the system. +* They are added into the `git` group. + +If they also use key-based auth they can seamlessly contribute to your repository +as if you were using a more complex repository manager like gitolite or a service +like gitlab. + +You can even try to implement some more complex access control by using different +groups for each project so you're not bound to the `git` group. + +### References + +- [How to make bare git repository group-writable after pushing?](http://stackoverflow.com/questions/15881104/how-to-make-bare-git-repository-group-writable-after-pushing). +- [Create Git bare / shared remote repository](http://pietervogelaar.nl/create-git-bare-shared-remote-repository/). +- [How to clone and share a Git repository over SSH](http://linuxaria.com/pills/how-to-clone-and-share-a-git-repository-over-ssh?lang=en) +- [Git - Getting Git on a Server](https://git-scm.com/book/en/v2/Git-on-the-Server-Getting-Git-on-a-Server). +- [Git - Setting Up the Server](https://git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server). +- The [utils-git](https://git.fluxo.info/utils-git/about/) repository for useful scripts and plugins. diff --git a/research/computing/libreboot.md b/research/computing/libreboot.md new file mode 100644 index 0000000..fa0ec98 --- /dev/null +++ b/research/computing/libreboot.md @@ -0,0 +1,149 @@ +[[!meta title="Libreboot"]] + +Also check the [additional references](https://links.fluxo.info/tags/libreboot). + +## Important note + +From [Libreboot – Installation instructions](https://libreboot.org/docs/install/index.html): + +> NOTE: if running flashrom -p internal for software based flashing, and you get +> an error related to /dev/mem access, you should reboot with iomem=relaxed +> kernel parameter before running flashrom, or use a kernel that has +> CONFIG_STRICT_DEVMEM not enabled. + +Or you might get errors like this: + + user@x60s:~/code/libreboot/libreboot_r20160907_util/flashrom/i686$ sudo ./flashrom_lenovobios_sst -p internal -r factory.bin + flashrom v0.9.9-unknown on Linux 4.9.0-2-686-pae (i686) + flashrom is free software, get the source code at https://flashrom.org + + Calibrating delay loop... OK. + Found chipset "Intel ICH7M". + Enabling flash write... Error accessing ICH RCRB, 0x4000 bytes at 0xfed1c000 + /dev/mem mmap failed: Operation not permitted + FAILED! + FATAL ERROR! + Error: Programmer initialization failed. + user@x60s:~/code/libreboot/libreboot_r20160907_util/flashrom/i686$ sudo ./flashrom_lenovobios_macronix -p internal -r factory.bin + +## Pre-compiled binaries + +[Get the latest stable release](https://libreboot.org/download.html), check integrity, etc. + +In my case I only needed these, which were the latest releases at the time of writing: + +* https://mirrors.peers.community/mirrors/libreboot/stable/20160907/SHA512SUMS +* https://mirrors.peers.community/mirrors/libreboot/stable/20160907/SHA512SUMS.sig +* https://mirrors.peers.community/mirrors/libreboot/stable/20160907/libreboot_r20160907_util.tar.xz +* https://mirrors.peers.community/mirrors/libreboot/stable/20160907/rom/grub/libreboot_r20160907_grub_x60.tar.xz + +Download and unpack bot libreboot util and rom tarballs. In this example I used the following paths: + +* `~/code/libreboot/libreboot_r20160907_util` +* `~/code/libreboot/roms/libreboot_r20160907_grub_x60` + +## Building from source + +Just if you need to: + + git clone https://notabug.org/libreboot/libreboot.git && cd libreboot + sudo ./oldbuild dependencies trisquel7 + ./download all + ./oldbuild module all + +## x60s + +This is how I've done. The actual procedure might change without notice :P + +### Overview + +* Backup the original firmware [like said](https://www.coreboot.org/Board:lenovo/x60/Installation#Back_up_the_original_proprietary_firmware). +* Then flash the new ROM as [said here](https://libreboot.org/docs/install/#flashrom_lenovobios). + +Note this [funny note](https://en.wikibooks.org/wiki/Libreboot/Install/ThinkPad_X60_and_T60) +on customized and solitary proprietary software: + +> While backing up the proprietary BIOS image might be construed as "endorsing" +> proprietary software: This BIOS image is unique to every motherboard. It will +> be impossible to restore the original BIOS once it is lost. Back it up now or +> you will lose it forever. Do not take this decision lightly. + +### BIOS Backup + + user@x60s:~/code/libreboot/libreboot_r20160907_util/flashrom/i686$ sudo ./flashrom_lenovobios_sst -p internal -r factory.bin + user@x60s:~/code/libreboot/libreboot_r20160907_util/flashrom/i686$ sudo ./flashrom_lenovobios_macronix -p internal -r factory.bin + +### Flashing + + user@x60s:~/code/libreboot/libreboot_r20160907_util$ sudo ./flash i945lenovo\_firstflash ../roms/libreboot_r20160907_grub_x60/x60_usqwerty_vesafb.rom + Mode selected: i945lenovo_firstflash + bucts utility version 'withoutgit' + Using LPC bridge 8086:27b9 at 0000:1f.00 + Current BUC.TS=0 - 128kb address range 0xFFFE0000-0xFFFFFFFF is untranslated + Updated BUC.TS=1 - 64kb address ranges at 0xFFFE0000 and 0xFFFF0000 are swapped + flashrom v0.9.9-unknown on Linux 4.9.0-2-686-pae (i686) + flashrom is free software, get the source code at https://flashrom.org + + Calibrating delay loop... OK. + Found chipset "Intel ICH7M". + Enabling flash write... WARNING: SPI Configuration Lockdown activated. + OK. + Found SST flash chip "SST25VF016B" (2048 kB, SPI) mapped at physical address 0xffe00000. + Reading old flash chip contents... done. + Erasing and writing flash chip... spi_block_erase_20 failed during command execution at address 0x0 + Reading current flash chip contents... done. Looking for another erase function. + spi_block_erase_52 failed during command execution at address 0x0 + Reading current flash chip contents... done. Looking for another erase function. + Transaction error! + spi_block_erase_d8 failed during command execution at address 0x1f0000 + Reading current flash chip contents... done. Looking for another erase function. + spi_chip_erase_60 failed during command execution + Reading current flash chip contents... done. Looking for another erase function. + spi_chip_erase_c7 failed during command execution + Looking for another erase function. + No usable erase functions left. + FAILED! + Uh oh. Erase/write failed. Checking if anything has changed. + Reading current flash chip contents... done. + Apparently at least some data has changed. + Your flash chip is in an unknown state. + Get help on IRC at chat.freenode.net (channel #flashrom) or + mail flashrom@flashrom.org with the subject "FAILED: "! + ------------------------------------------------------------------------------- + DO NOT REBOOT OR POWEROFF! + flashrom v0.9.9-unknown on Linux 4.9.0-2-686-pae (i686) + flashrom is free software, get the source code at https://flashrom.org + + Calibrating delay loop... OK. + Found chipset "Intel ICH7M". + Enabling flash write... WARNING: SPI Configuration Lockdown activated. + OK. + No EEPROM/flash device found. + Note: flashrom can never write if the flash chip isn't found automatically. + user@x60s:~/code/libreboot/libreboot_r20160907_util$ + +Then reboot the machine, passing "iomem=relaxed" into the kernel command line. Then run the +second flash: + + user@x60s:~/code/libreboot/libreboot_r20160907_util$ sudo ./flash i945lenovo\_secondflash ../roms/libreboot_r20160907_grub_x60/x60_usqwerty_vesafb.rom + Mode selected: i945lenovo_secondflash + flashrom v0.9.9-unknown on Linux 4.9.0-2-686-pae (i686) + flashrom is free software, get the source code at https://flashrom.org + + Calibrating delay loop... OK. + coreboot table found at 0x7be9f000. + Found chipset "Intel ICH7M". + Enabling flash write... OK. + Found SST flash chip "SST25VF016B" (2048 kB, SPI) mapped at physical address 0xffe00000. + Reading old flash chip contents... done. + Erasing and writing flash chip... Erase/write done. + Verifying flash... VERIFIED. + bucts utility version 'withoutgit' + Using LPC bridge 8086:27b9 at 0000:1f.00 + Current BUC.TS=1 - 64kb address ranges at 0xFFFE0000 and 0xFFFF0000 are swapped + Updated BUC.TS=0 - 128kb address range 0xFFFE0000-0xFFFFFFFF is untranslated + user@x60s:~/code/libreboot/libreboot_r20160907_util$ + +## Issues + +* [#870006 - xserver-xorg: X60 libreboot Xorg hangs reproducibly after upgrade to stretch - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870006). diff --git a/research/computing/services.md b/research/computing/services.md new file mode 100644 index 0000000..7b8286d --- /dev/null +++ b/research/computing/services.md @@ -0,0 +1,468 @@ +[[!meta title="Free and Open Source Services"]] + +This is a FOSS listing for service hosting. Staying on this list doesn't mean +that a given software is recommended or audited in the spirit of the [Franklin +Street Statement on Freedom and Network +Services](http://wiki.p2pfoundation.net/Franklin_Street_Statement_on_Freedom_and_Network_Services). + +What to look for when chosing: + +1. Portability: how easy is to export and import data into a service? +2. Maintenance: how easy is to install, upgrade, migrate and restore the service? +3. Security: how secure the service look like? How upstream handles security? What's the service security track record? +4. Stability: does the system is stable or is full of bugs? +5. Maturity: does the architecture and data model of the service changes very often? Are there a community and many developers? + +Sometimes is better not run a service than to do it poorly. + +Messaging +--------- + +Misc: + +* [Actor - Open-Source messaging with mobile apps](https://actor.im/). +* [Minds · GitHub](https://github.com/Minds). +* [WhisperSystems/TextSecure-Browser](https://github.com/WhisperSystems/TextSecure-Browser). +* [Chat simples](https://drupal.org/project/chatroom). +* [Let's Chat](https://sdelements.github.io/lets-chat/). +* [Crypptocat](https://crypto.cat/): not recommended due to a problematic architecture, review in the future. +* [Mumble](http://mumble.sourceforge.net). +* Asterisk/SIP: puppet-asterisk: [1](https://github.com/camptocamp/puppet-asterisk) e [2](https://github.com/AhmedElGamil/puppet-asterisk). +* [RTC quick start](http://www.rtcquickstart.org). +* [Secushare](http://secushare.org). +* [Retroshare](http://retroshare.sourceforge.net). +* [simpleWebRTC](http://simplewebrtc.com). +* [Kaiwa](http://getkaiwa.com/). +* [Tox](https://tox.im/). +* [CaliOpen](https://caliopen.org/). +* [ricochet-im - Anonymous peer-to-peer instant messaging](https://github.com/ricochet-im/ricochet). +* [BigBlue Button](http://www.bigbluebutton.org). +* [Rocket.Chat](https://rocket.chat/#!). +* [Mattermost](https://about.mattermost.com/). +* [Riot. Break through.](https://riot.im/). +* [Signal Server](https://github.com/whispersystems/signal-server). +* [Wire Server](https://github.com/wireapp/wire-server). +* [Katzenpost](https://katzenpost.mixnetworks.org/). +* [Zulip](https://zulipchat.com/). + +Jabber: + +* [ejabberd](http://packages.debian.org/stable/ejabberd) ([puppet-ejabberd](https://git.fluxo.info/?p=puppet-ejabberd.git)). +* [prosody](http://packages.debian.org/stable/prosody). +* [puppet-openfire](https://github.com/ghoneycutt/puppet-openfire). +* [jappix](https://jappix.com/). +* [jsxc - Real-time xmpp chat application with video calls, file transfer and encrypted communication](https://github.com/jsxc/jsxc/). + +IRC gateway: + +* [The Lounge](https://thelounge.chat). +* [qwebirc](http://www.qwebirc.org) ([puppet-qwebirc](https://git.fluxo.info/?p=puppet-qwebirc.git)). +* [iris](http://www.atheme.net/iris.html). +* [cgiirc](http://cgiirc.org). + +Bots (IRC, Jabber e StatusNET/Twitter): + +* Gateways with proprietary services: + * Twitter + * [twitterircbot](https://code.google.com/p/twitterircbot/). + * [python-twitter-bot](https://code.google.com/p/python-twitter-bot/). + * [Twitter IRC Bot](http://wiki.projectnerdhaus.com/Twitter_IRC_Bot). + * [TTYtter](http://www.floodgap.com/software/ttytter). + * [Rainbowstream](http://www.rainbowstream.org/). + * WhatsApp: + * [yowsup](https://github.com/tgalal/yowsup). +* [IRC](http://packages.debian.org/search?keywords=irc+bot&searchon=all&suite=stable§ion=all) + * [supybot](http://packages.debian.org/squeeze/supybot) ([handbook](http://supybook.fealdia.org/), [plugin doc index](http://ubottu.com/stdin/supydocs/plugins.html), [plugins interessantes](http://www.kreativekorp.com/software/supybot/), [default plugins](http://whatnwhat.blogspot.com.br/2011/06/list-of-default-supybot-plugins-along.html)). Ver também [documentação dos plugins](http://supybot.fr.cr/doc/use/plugins/index.html), [documentação do Limnoria](http://supybot.fr.cr/doc/index.html) e [artigo no IRC Wiki](http://www.irc-wiki.org/Supybot). + * [MeetBot](http://wiki.debian.org/MeetBot) ([manual](http://meetbot.debian.net/Manual.html#administrators), [instalação](https://altinukshini.wordpress.com/2011/09/10/how-to-setup-meetbot/)). + * [supybot-git](http://mueller.panopticdev.com/2011/08/supybot-git-ircbot-plugin-for-git.html) ([código](https://github.com/mmueller/supybot-git)), dependências: [python-mock](http://packages.debian.org/stable/python-mock) e [python-git](http://packages.debian.org/stable/python-git). + * [supybot-twitter](https://github.com/rubinlinux/supybot-twitter) (requer [python-twitter](http://packages.debian.org/jessie/python-twitter)). + * [gozerbot](http://packages.debian.org/squeeze/gozerbot). + * [rss2irc](http://packages.debian.org/wheezy/rss2irc). + * [blootbot](http://packages.debian.org/sid/blootbot). + * [kgb-bot](http://packages.debian.org/squeeze/kgb-bot) / [kgb-client-git](http://packages.debian.org/squeeze/kgb-client-git). + * [phenny](http://inamidst.com/phenny/). + * [Sopel](https://sopel.chat/). + * [Errbot](http://errbot.io/). + +Infostructure +------------- + +* [DNSCrypt](https://www.dnscrypt.org/). +* DNS-over-TLS like [hddemux](https://0xacab.org/dkg/hddemux). +* Dynamic DNS: + * [heartbeat](https://www.mirbsd.org/cvs.cgi/contrib/code/heartbeat/) ([sobre](https://www.mirbsd.org/permalinks/wlog-10_e20130520-tg.htm#e20130520-tg_wlog-10)). + * With nsupdate: [1](http://linux.yyz.us/nsupdate/), [2](http://linux.yyz.us/dns/ddns-server.html), [3](http://caunter.ca/nsupdate.txt), [4](http://www.rtfm-sarl.ch/articles/using-nsupdate.html), [5](https://github.com/skx/dhcp.io/). +* Keyserver: [puppet-onak](http://git.puppet.immerda.ch/?p=module-onak.git). +* OpenID Provider: + * [Run your own identity provider](http://wiki.openid.net/w/page/12995226/Run%20your%20own%20identity%20server). + * [php-openid](https://github.com/openid/php-openid). + * [simpleid](http://simpleid.koinic.net/). + * [OpenID URL](https://drupal.org/project/openidurl). + * [simplesamlphp](http://packages.debian.org/stable/web/simplesamlphp). +* Proxies and load balancing like [Deflect](http://wiki.deflect.ca). +* [Ethereum Frontier](https://www.ethereum.org/). +* Software repositories (apt, f-droid, etc). +* Censorship circunvention: + * [shadowsocks](https://github.com/shadowsocks/shadowsocks). + * [lantern](https://github.com/madeye/lantern). + * [meek](https://trac.torproject.org/projects/tor/wiki/doc/meek). + +Social networking +----------------- + +* [Fediverse](https://fediverse.party/) ecosystem. +* [Agorakit, a groupware for citizens](https://philippejadin.github.io/agorakit/). +* [Crabgrass](https://labs.riseup.net/code/projects/show/crabgrass). +* [Diaspora](https://github.com/diaspora/diaspora). +* [buddycloud](http://buddycloud.com/) ([desenvolvimento](https://buddycloud.org) / [pacote](http://packages.debian.org/sid/buddycloud-server)). +* [BuddyPress](http://wp-brasil.org/buddypress). +* [GNU social and GNU FM](https://gnu.io/) ([public instances](http://www.fediverse.org/)). +* [qvitter · GitHub](https://github.com/hannesmannerheim/qvitter). +* [kune.cc](http://kune.cc/). +* [Tent](http://tent.io). +* [Newebe](http://newebe.org). +* [Shapado](http://shapado.com) ([codigo](https://github.com/ricodigo/shapado), [mirror](https://gitorious.org/shapado)), like [other stackoverflow clones](http://meta.stackoverflow.com/questions/2267/stack-overflow-clones). +* [pump.io](http://pump.io). +* [Friendica](http://friendica.com). +* [StatusNet](http://status.net). +* [Incoma](https://github.com/Incoma/Incoma). +* [Sneer](https://github.com/klauswuestefeld/sneer). +* [Noosfero](http://noosfero.org/). +* [Mastodon](https://mastodon.social) ([public instances](https://instances.mastodon.xyz/)). +* Democracy: [Liquid Democracy](https://wiki.piratenpartei.de/Liquid_Democracy) / [Liquid Feedback](http://liquidfeedback.org). +* [Briar](http://briar.sourceforge.net). +* [Twister](http://twister.net.co/). +* [RedMatrix](https://redmatrix.me/). +* [Hubzilla](http://hubzilla.org/). +* [commento: A lightweight, open source, tracking-free comment engine alternative to Disqus](https://github.com/adtac/commento) +* Calendar: [Demosphere](https://demosphere.net/en/content/download) with [browser extension](https://demosphere.net/en/content/browser-extension). + +Timebanking +----------- + +* [GitHub - wadobo/timebank: Timebank is a web application in which users can exchange services using time as currency.](https://github.com/wadobo/timebank). +* [GitHub - hourbank/timebank](https://github.com/hourbank/timebank). +* [Timebanking Software Platforms - P2P Foundation](https://wiki.p2pfoundation.net/Timebanking_Software_Platforms). + +Maps +---- + +* [Ushahidi](http://www.ushahidi.com). + +Torrent +------- + +* [vivatorrent](https://svn.sarava.org/viewvc/vivatorrent/). + +Security and privacy +-------------------- + +* Tor (relay, bridge and exit nodes). +* VPN (encrypted proxies and tunnels). +* [ngrok - secure introspectable tunnels to localhost](https://ngrok.com/) ([client](https://packages.debian.org/stable/ngrok-client) / [server](https://packages.debian.org/stable/ngrok-server)). +* [Convergence Notary](https://github.com/moxie0/Convergence/wiki/Running-a-Notary). +* Webproxy for anonymous navigation with [anon-proxy](http://packages.debian.org/stable/anon-proxy). +* [I2P](http://www.i2p2.de/). +* [Freenet](https://mirror4.freenetproject.org). +* [Gnunet](http://packages.debian.org/stable/gnunet). +* [Cryptomail](cryptomail). +* [One-time secret](https://github.com/onetimesecret/onetimesecret). +* [sshuttle](https://github.com/apenwarr/sshuttle). +* [ssh-chat](https://github.com/shazow/ssh-chat). + +Access +------ + +* [iodine](https://wiki.koumbit.net/DnsTunnel) ([pacote](http://packages.debian.org/stable/iodine) / [puppet-iodine](https://labs.riseup.net/code/projects/shared-iodine)). +* [icmptx](http://packages.debian.org/stable/icmptx). +* [ptunnel](http://packages.debian.org/stable/ptunnel). +* [PageKite](https://pagekite.net) ([instruções](https://pagekite.net/wiki/Howto/GNULinux/ConfigureYourSystem/) e [pacote](https://packages.debian.org/stable/pagekite)). + +Office +------ + +* [Bloom](https://bloom.sh/): [a free and open source Google](https://www.kerkour.fr/blog/bloom-a-free-and-open-source-google/) ([code](https://gitlab.com/bloom42)). +* [Davros: Personal file storage server](https://github.com/mnutt/davros). +* [Wekan — open-source kanban](https://wekan.github.io/). +* [OpenPaaS - An open source Entreprise Social Platform](http://open-paas.org/). +* [ONLYOFFICE](http://onlyoffice.org/). +* [WebODF](http://www.webodf.org/). +* [eXo](http://www.exoplatform.com/). +* [Owncloud](http://owncloud.org). +* [Nextcloud](https://nextcloud.com/). +* [Seafile](https://github.com/haiwen/seafile). +* [Taiga](https://taiga.io). +* [Kolab](http://kolab.org/content/overview). +* [Open webOS](http://openwebosproject.org). +* [Feng Office](http://www.fengoffice.com/). +* [SocialCalc](https://www.socialtext.net/open/socialcalc) ([código](https://github.com/audreyt/socialcalc)). +* [OBM - Open Business Management](http://obm.org). +* [Etherpad](http://etherpad.org/) ([puppet-etherpad](https://git.fluxo.info/?p=puppet-etherpad.git)). +* [Ethercalc](http://www.ethercalc.org) ([código](https://github.com/audreyt/ethercalc)). +* [LastCalc Is Open Sourced](http://science.slashdot.org/story/12/03/10/186201/lastcalc-is-open-sourced). +* [COMT](http://www.co-ment.org/). +* [UNG Project](http://www.ung-project.org). +* [Libre Docs](http://libredocs.org). +* [Gitlab](http://gitlabhq.com) / [Gitorious](http://getgitorious.com) / [Gogs](http://gogs.io) / [klaus: the first Git web viewer that Just Works™](https://github.com/jonashaag/klaus) / [Gitea](https://gitea.io) / [sr.ht](https://meta.sr.ht/). +* [Flyspray](http://www.flyspray.org/): lightweight, web-based bug tracking system. +* [Teambox](http://teambox.com/) ([código](https://github.com/teambox/teambox)). +* Sobby / Infinote (gobby). +* [Pleft](https://github.com/sander/pleft) / [RdvZ](http://gpl.univ-avignon.fr/rdvz/) / [Nuages](http://nuages.domainepublic.net/nuages/) / [OpenSondage](https://github.com/leblanc-simon/OpenSondage). +* [Open-Xchange](http://news.slashdot.org/story/13/03/20/1433239/open-xchange-launches-open-source-browser-based-office-suite). +* [Apertium](http://www.apertium.org/): open source translation tool. +* [Weblate - web-based translation](https://weblate.org/en/) ([code](https://github.com/WeblateOrg/weblate), [cli](https://packages.debian.org/sid/wlc)). +* [Amara - pculture/unisubs](https://github.com/pculture/unisubs): subtitling platform. +* [Seafile](http://seafile.com). +* [GONG](http://gong.es/). +* [ASCIIFlow Infinity](http://asciiflow.com/) ([code](https://github.com/lewish/asciiflow2). +* [eConvenor | Activists, get organised](https://econvenor.org/). +* [MindMup](https://github.com/mindmup). +* [Cryptpad](https://beta.cryptpad.fr/). +* [GNUKhata - Fast Feature rich Free accounting software](http://gnukhata.in/). +* [draw.io](https://github.com/jgraph/drawio). +* [helpy](https://github.com/helpyio/helpy/): helpdesk customer support application. +* [Zammad](https://zammad.org/): web-based, open source user support/ticketing solution. +* [Discourse](https://www.discourse.org/): "civilized discussion for your community". +* [mat2 web](https://dustri.org/b/mat2-for-the-web.html). + +Finance: + +* [Timestrap: time tracking and invoicing](https://github.com/overshard/timestrap). +* [ihatemoney - Account manager](https://ihatemoney.org/) ([code](https://github.com/spiral-project/ihatemoney)). +* [pretix](https://pretix.eu/about/en/): ticketing software that cares about your event—all the way. + +Conferences +----------- + +* [EasyChair Smart CFP](https://easychair.org/cfp/). +* [frab - conference management system](https://frab.github.io/frab/) with [ANGELSYSTEM - online tool for coordinating helpers and work shifts on large events](https://engelsystem.de/index_en.html). + +URL shorteners +-------------- + +* [ShURLy](https://drupal.org/project/shurly). +* [nanourl](http://nanourl.sourceforge.net/) ([pacote](http://packages.debian.org/squeeze/nanourl)). +* [naofo.de](https://github.com/pedromoraes/naofo.de). + +Pastebin +-------- + +* [EZCrypt](https://github.com/novaking/ezcrypt). +* [pastebinit](http://packages.debian.org/lenny/pastebinit). +* [pythin-pastebin](http://packages.debian.org/squeeze/python-pastebin). +* [rebbin](http://rebbin.berlios.de). +* [pastebin](http://github.com/weierophinney/pastebin). +* [rapaste](http://github.com/manveru/rapaste). +* [Perl-6-Pastebin](http://github.com/wolfman2000/Perl-6-Pastebin). +* [patchbin](http://github.com/ninjagod/patchbin). +* [spaste](https://spaste.com/source/). +* [pastebin.ca](http://github.com/slepp/pastebin.ca). +* [rapaste](https://github.com/manveru/rapaste). +* [giturl](https://github.com/whee/giturl). +* [pnopaste](http://sourceforge.net/projects/pnopaste) ([repositório](https://github.com/tpruvot/pnopaste), [pacote](http://packages.debian.org/squeeze/pnopaste)). +* [bpaste](http://sourceforge.net/projects/bpaste). +* [yanopaste](http://sourceforge.net/projects/yanopaste). +* [drupalbin](https://drupal.org/project/drupalbin). +* [zeropaste](https://github.com/edogawaconan/zeropaste). +* [ZeroBin](https://github.com/sebsauvage/ZeroBin). +* [d-note](https://pthree.org/2014/01/13/announcing-d-note-a-self-destructing-notes-application/). +* [PassLok Privacy](http://passlok.weebly.com). +* [0bin - encrypted pastebin](http://0bin.net/). +* [Client-side encrypted image/text/etc host web server](https://github.com/Upload/Up1) ([cli](https://gitlab.com/riseup/up1-cli-client-nodejs)). +* [Lutim - Let's Upload That Image](https://lut.im/) coupled with [Goblim, a mobile app to store and share pictures](http://www.gobl.im/). +* [PrivateBin](https://privatebin.info/) and [PrivateBin Directory](https://github.com/PrivateBin/PrivateBin/wiki/PrivateBin-Directory). + +Downloaders +----------- + +* [coquelicot](https://coquelicot.potager.org/). +* [filetea](http://packages.debian.org/wheezy/filetea). +* [jyraphe](http://home.gna.org/jyraphe/). +* [fipes](https://github.com/tOkeshu/fipes). +* [noattach](https://github.com/astro/noattach). +* [img.bi](https://img.bi/) ([código](https://github.com/imgbi)). +* [MediaCrush](https://github.com/MediaCrush/MediaCrush). +* [BurnBox](https://github.com/thingssimple/burnbox). +* [Up1](https://github.com/Upload/Up1). +* [FilePizza](https://github.com/kern/filepizza). + +RSS +--- + +* [Tiny Tiny RSS](http://tt-rss.org/redmine/projects/tt-rss/wiki). +* [Managin News](http://managingnews.com/). +* [selfoss](http://selfoss.aditu.de/). +* [NewsBlur](https://github.com/samuelclay/NewsBlur). + +Media managers +-------------- + +* [ResourceSpace](http://www.resourcespace.com/). +* [MediaGoblin](http://mediagoblin.org). +* [Zend.To](http://zend.to). +* [Pix](http://pix.toile-libre.org). +* [SparkleShare](http://sparkleshare.org). +* [StackSync](http://stacksync.org). +* [Baobáxia](https://github.com/RedeMocambos/baobaxia). +* [Syncany](https://www.syncany.org/). +* [PeerTube](https://github.com/Chocobozzz/PeerTube). +* [DTube](https://github.com/dtube). + +Image galeries +-------------- + +Dynamic: + +* [Grid, Guardian’s image management service](https://www.theguardian.com/info/developer-blog/2015/aug/12/open-sourcing-grid-image-service). +* [Comparison](https://en.wikipedia.org/wiki/Comparison_of_photo_gallery_software) +* [Gallery](http://galleryproject.org) (hibernating). +* [Piwigo](http://piwigo.org). +* [Coppermine](http://coppermine-gallery.net). +* [Zenphoto](http://www.zenphoto.org). +* [Plogger](http://www.plogger.org). + +Static: + +* [fgallery: a modern, minimalist javascript photo gallery](http://www.thregr.org/~wavexx/software/fgallery/) ([pacote](https://packages.debian.org/sid/fgallery)). +* [Sigal - Simple Static Gallery Generator — Sigal 1.1.0-dev documentation](http://sigal.saimon.org/en/latest/). +* [Static image gallery generator comparison (FOSS)](http://www.nico.schottelius.org/docs/static-image-gallery-generator-comparison/). +* [images - How to generate web picture gallery offline? (no php on server) - Super User](https://superuser.com/questions/190134/how-to-generate-web-picture-gallery-offline-no-php-on-server/309079#309079). + +Other +----- + +* [Blockstack, building the decentralized internet](https://blockstack.org/). +* [MonitoringScape](https://bigpanda.io/monitoringscape/): guide to the new, exciting world of modern monitoring. +* [Derefer Script PHP](http://www.naden.de/blog/derefer-script). +* [idno/Known · GitHub](https://github.com/idno/Known). +* [perma](https://github.com/harvard-lil/perma). +* [Koken](http://koken.me). +* [hotglue](http://hotglue.me) ([puppet-hotglue](https://git.fluxo.info/?p=puppet-hotglue.git)). +* [git-annex assistant](http://git-annex.branchable.com/assistant/). +* [Gopher](http://packages.debian.org/stable/pygopherd). +* [Fidonet](https://en.wikipedia.org/wiki/Fidonet). +* [Usenet](https://en.wikipedia.org/wiki/Usenet) ([Howto](http://tldp.org/HOWTO/Usenet-News-HOWTO/index.html), [papercut](http://packages.debian.org/stable/papercut)). +* [Namecoin](http://dot-bit.org) and other [DNS's alternatives](https://en.wikipedia.org/wiki/Alternative_DNS_root). +* [dename](https://github.com/andres-erbsen/dename). +* [BOINC](http://packages.debian.org/stable/boinc-client). +* [Aegir](http://www.aegirproject.org). +* [Huginn](http://www.wired.com/wiredenterprise/2013/03/hugin/) ([código](https://github.com/cantino/huginn)). +* [OpenPhoto](http://theopenphotoproject.org/). +* [Photographer.io](https://github.com/afternoonrobot/photographer-io). +* [Weblate](http://weblate.org/en/). +* [YaCy](http://yacy.net/). +* [searchx](https://github.com/asciimoo/searx) ([firefox search addon](https://addons.mozilla.org/en-US/firefox/addon/searx-0-9-0/)). +* [Bitcoin](http://packages.debian.org/sid/bitcoind). +* [Tahoe-LAFS](https://we.riseup.net/debian/tahoe). +* [Dark Market](https://github.com/darkwallet/darkmarket). +* [Mozilla Sync Server](https://docs.services.mozilla.com/howtos/run-sync-1.5.html). +* [AMBER](http://amberlink.org/). +* [Transparency Toolkit | Watching the watchers](https://transparencytoolkit.org). +* [TANIA - A free and open source farm management system for everyone.](http://gettania.org/). +* [Webrecorder pywb - Web Archiving Tools for All](https://github.com/webrecorder/pywb/) ([docs](https://pywb.readthedocs.io/en/latest/index.html)). +* [Lobsters - Computing-focused community centered around link aggregation and discussion](https://github.com/lobsters/lobsters). + +Streaming +--------- + +* [Rhinobird.tv](https://github.com/rhinobird). +* [Libresonic: Media streaming software](https://github.com/Libresonic/libresonic). +* [Airsonic](https://airsonic.github.io/). +* [Icecast](http://icecast.org/). +* [CherryMusic](https://github.com/devsnd/cherrymusic). +* [Koel](https://github.com/phanan/koel). +* [mStream](https://github.com/IrosTheBeggar/mStream). + +Mobilization +------------ + +* [Zylum](https://github.com/peacenews/ecosystem). +* Crowdfunding: [Catarse](https://github.com/danielweinmann/catarse.git). +* Mobilization, campaigns and petitions tool. +* Anonymous publishing platform like ([GlobaLeaks](http://globaleaks.org), [DeaDrop](http://deaddrop.github.io/) or similar). +* Poll system similar to [lembrador](https://lembrador.sarava.org): [dudle](http://dudle.mister-muffin.de/about.cgi), [croodle](https://github.com/jelhan/croodle). +* Scheduler: [Framadate](http://framadate.org/) and [Makemeeting](https://drupal.org/project/makemeeting). +* [LimeSurvey](http://www.limesurvey.org). +* [Loomio](https://github.com/loomio/loomio). + +Email +----- + +* Virtual accounts: + * [Postfix Admin](http://sourceforge.net/projects/postfixadmin). + * [Ratuus](http://www.ratuus.org). + * [VBoxAdm](http://www.vboxadm.net). + * [Modoboa](http://modoboa.org/en). + * [ViMbAdmin](https://github.com/opensolutions/ViMbAdmin). +* Web clients: + * [RainLoop](http://www.rainloop.net/). + * [Roundcube](http://www.roundcube.net). + * [Mailpile](http://www.mailpile.is/). + * [Petmail](https://github.com/warner/petmail). + * [Pixelated](https://pixelated-project.org). + * [Whiteout](https://github.com/whiteout-io/mail-html5). + * [N1](https://github.com/nylas/N1). +* Migration: + * [Gmvault](http://gmvault.org). + +Bookmarks +--------- + +* [SemanticScuttle](http://semanticscuttle.sourceforge.net/). +* [QStode](https://github.com/piger/qstode). +* [Bookie](https://github.com/bookieio/Bookie). +* [wallabag: a self hostable application for saving web pages](https://wallabag.org/en). +* [prismo](https://gitlab.com/mbajur/prismo). + +Libraries +--------- + +* [Evergreen ILS | Evergreen – Open Source Library Software](http://evergreen-ils.org/). +* [Koha - Open Source ILS - Integrated Library System](http://www.koha.org/). +* [Library Simplified](http://www.librarysimplified.org/). + +Turn-key appliances +------------------- + +* [Sandstorm](https://sandstorm.io/). +* [FreedomBox](https://freedomboxfoundation.org). +* [Mail-in-a-Box - Firefox (Private Browsing)](https://mailinabox.email/). +* [LEAP](https://leap.se). +* [Enigmabox](http://wiki.enigmabox.net). +* [Streisand](https://github.com/jlund/streisand). + +P2P / Serverless +---------------- + +* [Bitmessage](https://bitmessage.org) (apparently with [problems](http://www.chronicles.no/2013/08/bitmessage-crackdown.html)). +* [Torchat](https://code.google.com/p/torchat/). +* [Cryptosphere](http://cryptosphere.org/). +* [WebTorrent - Streaming browser torrent client](https://webtorrent.io/). + +CMS +--- + +* [Droplets](http://dropplets.com/). +* [StrongLink](https://github.com/btrask/stronglink). + +Geo +--- + +* [QGIS](http://qgis.org/en/site/). +* [GeoServer](http://geoserver.org/). + +Radio +----- + +* [OpenWebRX](https://sdr.hu/openwebrx) ([código](https://github.com/simonyiszk/openwebrx)). + +References +---------- + +* [Servers - Platforms - PRISM Break](https://prism-break.org/en/categories/servers/). +* [Indie Web Projects](http://indiewebcamp.com/projects). +* [Alternative Internet](https://github.com/rossjones/alternative-internet). +* [Overview of projects working on next-generation secure email](https://github.com/OpenTechFund/secure-email). +* [alternativeTo](https://alternativeto.net). +* [Social Media Alternatives Project (S-MAP)](http://www.socialmediaalternatives.org/). +* [Awesome-Selfhosted](https://github.com/Kickball/awesome-selfhosted). diff --git a/research/computing/suckless.md b/research/computing/suckless.md new file mode 100644 index 0000000..853f2c8 --- /dev/null +++ b/research/computing/suckless.md @@ -0,0 +1,58 @@ +[[!meta title="The suckless agenda"]] + + Laws of Computer Programming: + 1. Any given program, when running, is obsolete. + 2. Any given program costs more and takes longer. + 3. If a program is useful, it will have to be changed. + 4. If a program is useless, it will have to be documented. + 5. Any given program will expand to fill all available memory. + 6. The value of a program is proportional the weight of its output. + 7. Program complexity grows until it exceeds the capability of + the programmer who must maintain it. + + -- fortune(6) + +# Subpages + +[[!inline pages="page(suckless*)" archive="yes"]] + +# Guiding principles + +Suckless: future-proof, present-friendly. + +* [The Critical Engineering Manifesto](https://criticalengineering.org). +* [Software rot - Wikipedia, the free encyclopedia](https://en.wikipedia.org/wiki/Software_rot). +* [The Mutt E-Mail Client](http://www.mutt.org/): "All mail clients suck. This one just sucks less". +* [The Future Programming Manifesto](http://alarmingdevelopment.org/?p=893). +* [Unix philosophy - Wikipedia, the free encyclopedia](https://en.wikipedia.org/wiki/Unix_philosophy). +* [KISS principle - Wikipedia, the free encyclopedia](https://en.wikipedia.org/wiki/KISS_principle). +* [suckless.org software that sucks less](http://suckless.org/). +* [principles - IndieWebCamp](http://indiewebcamp.com/principles). +* [Reduce, reuse, recycle](https://en.wikipedia.org/wiki/Waste_hierarchy): + * Reduce: favor the simplest solutions and focus attention on specific problems; + * Reuse: work from experience and favor examples of current practice; + * Recycle: encourage modularity and the ability to embed. [reference](https://en.wikipedia.org/wiki/Microformat#Design_principles). + +## Contributions to the agenda + + Though a program be but three lines long, someday it will have to + be maintained. + + -- The Tao of Programming + +* [Security Specs](https://manual.fluxo.info/specs). +* [Static site generation](/static). +* [Metadot](https://metadot.fluxo.info) to manage dotfiles along with [a locally-installable applications repository](https://inception.fluxo.info). + +## Stuff currently being observed + +* [Neovim](http://neovim.io). + +## I should not install a software if + +I can solve my problem using: + +* A terminal and the related userland. +* A text editor like `vim`. +* A version control system like `git`. +* A clean data format like markdown, yaml, dot or CSV. diff --git a/research/computing/suckless/messaging.md b/research/computing/suckless/messaging.md new file mode 100644 index 0000000..81c80a6 --- /dev/null +++ b/research/computing/suckless/messaging.md @@ -0,0 +1,103 @@ +[[!meta title="Mensageria Suckless"]] + +Quem não comunica se trumbica. Mas quem comunica também. Porque tá cheio de +sistema por aí que te afaga e te apedreja ao mesmo tempo. Oferece serviço de +vigilância gratuita que possui funcionalidade de comunicação. + +Aqui queremos a boa e velha mensageria suckless, que também é uma merda, mas é +uma merda menor do que o enlatado baseado em soluções proprietárias oferecido +pelas startups turbocapitalistas. + +Isto aqui é um esboço! Patches são bem vindos :) + +Requisitos +---------- + +* Seja independente de plataforma e independente de um computador móvel como + smartphones. + +* Sessão persistente: podem te enviar mensagem mesmo que você não esteja online. + Melhor ainda, que você conste como online mesmo que não esteja acessando a + mensageria. + +* Um mínimo de privacidade: conexão cifrada com o servidor, criptografia + ponta-a-ponta com negação plausível pra falar com os/as amiguinhos, sem logs. + +Ingredientes +------------ + +1. Conta shell num servidor com bom uptime e acesso SSH. + +2. Mutiplexador de terminal. + + É uma espécie de "gerenciador de janelas" para + a linha de comando que permite manter programas + rodando em background mesmo quando o terminal + é fechado. + + Ele permite que malandros deixem a mensageria + IRC rodando no servidor mesmo que não estejam + conectados via SSH. + + Exemplos: tmux e screen + +3. Cliente de IRC + + Exemplos: irssi e weechat + +Howto +----- + +Logando e instalando: + + ssh servidor-remoto + sudo apt install tmux irssi irssi-plugin-otr + +Criando uma sessão para o IRC: + + tmux + +Abrindo o cliente e se conectando no rolê: + + irssi + +Para sair da sessão sem encerrar a mensageria, digite Ctrl B D +(control sequence do tmux mais o comando "detach"). Depois é +só encerrar a shell do servidor remoto. + +Para se reconectar, basta + + ssh servidor-remoto tmux attach + +Básico do IRC +------------- + + /network add -nick -realname freenode + /server add -auto -ssl_verify -ssl_capath /etc/ssl/certs -network freenode chat.freenode.net 7000 + /save + /connect freenode + /join #canal + +Bônus +----- + +* Tor. +* Bitlbee. + +Privacidade +----------- + +Note que uma sessão persistente implica no cliente rodando num +servidor. Isso pode degradar sua privacidade, uma vez que o servidor +pode ser comprometido de várias formas. É importante ter consciência +disso. + +Da mesma forma que seu celular pode ser invadido, roubado e ter dados extraídos, +um servidor também é um ponto vulnerável na sua comunicação, especialmente +se for nele que as chaves criptográficas estiverem armazenadas. + +Assim, a sessão persistente de mensageria oferece um nível de segurança apenas +intermediário, servindo para a comunicação do dia-a-dia que não for sensível. + +Para comunicação sensível, o melhor é rodar o cliente de mensageria diretamente +a partir do seu [Console Físico Confiável](https://opsec.fluxo.info/specs/tpc). diff --git a/research/computing/suckless/sites.md b/research/computing/suckless/sites.md new file mode 100644 index 0000000..67149d5 --- /dev/null +++ b/research/computing/suckless/sites.md @@ -0,0 +1,90 @@ +[[!meta title="We are the static site generation!"]] + +# Current practice + +Currently [ikiwiki](http://ikiwiki.info) is adopted by the following reasons: + +1. There is a [Debian package](https://packages.debian.org/stable/ikiwiki). +2. It's flexible enough to support both local or remote side static compilation: + * Local compilation by calling the `ikiwiki` command directly. + * Remotelly by using a [git hook](http://ikiwiki.info/rcs/git/). + +When it's said **both** it means that you don't need to choose either of the two options: you can choose or both simultaneously. + +## Static site example + +Here comes the mandadoty "Hello world" example from the statically generated site realm: + + mkdir blog && cd blog + echo "Hello world..." > index.mdwn + ikiwiki --rebuild --exclude www . www + +That's it! You have a generated site sitting at your `www` subfolder which can be copied remotelly using `rsync`. + +## Version control + +It's a good pratice to keep your work under version control: + + git init + echo "/.ikiwiki" > .gitignore + echo "/recentchanges" >> .gitignore + echo "/www" >> .gitignore + git add . + git commit -m "Initial import" + +## Add a bit of sofistication + +* Use [this Makefile](/Makefile) as an starting point to refresh and publish your wiki by simply running `make web`. +* Use a [complete ikiwiki template](https://git.fluxo.info/?p=templates.git;a=tree;f=ikiwiki;h=HEAD) and change to your needs. +* If you're a automation junkie, try the [puppet-ikiwiki](https://git.fluxo.info/puppet-ikiwiki.git) module. + +## Theming + +Currently using [Ikiwiki](http://ikiwiki.info) with [Bootstrap](http://twitter.github.io/bootstrap/): + +* [Templates](https://github.com/tgpfeiffer/ikiwiki-bootstrap-template). +* [Bootswatch](http://bootswatch.com) themes. + +## Deployment + +You can create passwordless SSH keys and use [rrsync](http://www.guyrutenberg.com/2014/01/14/restricting-ssh-access-to-rsync/) ([2](http://wiki.hands.com/howto/passphraseless-ssh/)) to restrict access. Then add an entry into your `~/.ssh/config`: + + Host blog.example.org blog + HostName blog.example.org + User blog + IdentityFile ~/.ssh/blog@blog.example.org + +Now simply run `make web_deploy` with the above mentioned `Makefile` do sync your static site! + +## Ikiwiki references + +* [Ikiwiki](http://ikiwiki.info). +* [Improving Ikiwiki style with Bootstrap](https://ceops.eu/posts/Improving%20Ikiwiki%20style%20with%20Bootstrap/). +* [How to have a nice design for ikiwiki](http://www2.tblein.eu/posts/How_to_have_a_nice_design_for_ikiwiki/). +* [gsliepen/ikistrap: Bootstrap 4 theme for ikiwiki](https://github.com/gsliepen/ikistrap/). + +# Alternatives + +* [The updated big list of static website generators for your site, blog or wiki](https://iwantmyname.com/blog/2014/05/the-updated-big-list-of-static-website-generators-for-your-site-blog-or-wiki). +* [Top Open-Source Static Site Generators - StaticGen](https://www.staticgen.com/). +* [Static Site Generators](https://staticsitegenerators.net/). +* [Static Site Generators at GitHub](https://github.com/skx/static-site-generators). +* [Replacing Jekyll with Pandoc and a Makefile](https://tylercipriani.com/2014/05/13/replace-jekyll-with-pandoc-makefile.html). +* [Brane Dump: Static Comments in Jekyll](http://www.hezmatt.org/~mpalmer/blog/2011/07/19/static-comments-in-jekyll.html). +* [Hyde](https://github.com/lakshmivyas/hyde/) ([package](https://packages.debian.org/stable/hyde)). +* [Gollum](https://github.com/gollum/gollum). +* [Hugo](https://gohugo.io/) ([pacote](https://packages.debian.org/stable/hugo)). +* [Amber](https://github.com/leapcode/amber). +* [Grav](http://getgrav.org/). +* [Hakyll](http://jaspervdj.be/hakyll/) ([package](https://packages.debian.org/sid/libghc-hakyll-dev)). +* [Jekyll](http://jekyllrb.com/) ([package](https://packages.debian.org/stable/jekyll)). +* [Static site generators for building web sites](https://lwn.net/Articles/541299/). +* [Pelican Static Site Generator, Powered by Python](http://blog.getpelican.com/) ([package](https://packages.debian.org/sid/python-pelican)). +* [Middleman: Hand-crafted frontend development](https://middlemanapp.com/). +* [Juvia: a commenting server similar to Disqus and IntenseDebate](https://github.com/phusion/juvia). +* [gitit](https://github.com/jgm/gitit/tree/master/). +* [Sphinx](http://sphinx-doc.org/) ([package](https://packages.debian.org/stable/python-sphinx)). +* [Utterson: a minimal static blog generator written using old-school unix tools (make, ksh, m4, awk, procmail and a pinch of elisp)](https://github.com/stef/utterson). +* [werc - A sane web anti-framework](http://werc.cat-v.org/). +* [cfenollosa/bashblog: A single Bash script to create blogs. Download, run, write, done!](https://github.com/cfenollosa/bashblog). +* [blogofile](https://packages.debian.org/stable/blogofile) diff --git a/research/computing/suckless/virtual.md b/research/computing/suckless/virtual.md new file mode 100644 index 0000000..51c01c1 --- /dev/null +++ b/research/computing/suckless/virtual.md @@ -0,0 +1,101 @@ +[[!meta title="Virtualized GUI environments"]] + +Can't or don't want to use [Qubes OS](https://www.qubes-os.org/)? Here comes a straightforward sollution +that, while not offering the same level of security, is practical enough to be implemented in the confort +of your current FOSS OS! + +A picture +--------- + +Could you spot the difference between the Tor Browser running in the host for the one inside the virtual machine? That's what we want to achieve! + +![Screenshot](screenshot.png) + +First things first +------------------ + +What you can do: + +1. Create a virtual machine image of the operating system of your choice like [this example](https://padrao.fluxo.info/boxes/). +2. Setup basic X11 environment with automatic login and startup programs. +3. Configure your hypervisor to hide icons and additional decorations around the virtual machine. +4. Setup key bindings on your window manager to start/resume and stop/suspend the virtual machine. + +Debian desktop +-------------- + +When using a debian virtual machine as a virtual desktop, consider the following: + + apt-get install lightdm ratpoison + +Make sure to configure `/etc/lightdm/lightdm.conf` with something like + + autologin-user=vagrant + autologin-user-timeout=0 + +If using VirtualBox, you might also want to try [virtualbox-guest-x11](https://packages.debian.org/stable/virtualbox-guest-x11). + +Features +-------- + +* Good security through isolation. +* Improved start/stop of your application by using virtual machine suspend/resume. +* Minor performance penalties while running the virtual machine. + +Limitations +----------- + +* Memory and disk consumption. +* Clipboard might still be available to the virtual environment, see [this discussion](http://theinvisiblethings.blogspot.com.br/2011/04/linux-security-circus-on-gui-isolation.html). + +Future +------ + +* This should be better documented! +* Automated expendable snapshots for one-time-use virtual machines. +* Automated recipes (puppet/ansible). +* Vagrant integration for fast provisioning of golden images. +* Alternatives to the VirtualBox hypervisor. + +References +---------- + +Applications: + +* [kvmx script](https://kvmx.fluxo.info). +* [vbox script](https://git.fluxo.info/vbox). +* [plymouth - Debian Wiki](https://wiki.debian.org/plymouth). +* [SPICE Project](http://www.spice-space.org/). + +Other implementations: + +* [Marco Carnut: Ambiente "Auto-Limpante" via Virtualização Ultra-Leve Descartável - Tempest Blog](http://blog.tempest.com.br/marco-carnut/ambiente-auto-limpante-via-virtualizacao-ultra-leve-descartavel.html). +* [Subgraph OS and Mail](https://subgraph.com/sgos/index.en.html). + +Tips: + +* If using Firefox, try to disable hardware graphics acceleration as it might impact performance and produce graphics artifacts. This behavior was seem on VMs running with qemu-kvm with SPICE. + +Spice and KVM: + +* http://www.linux-kvm.org/page/SPICE +* https://www.spice-space.org/spice-user-manual.html +* https://kuther.net/content/convert-virtualbox-kvmqemu +* http://www.ubuntugeek.com/how-change-display-resolution-settings-using-xrandr.html +* https://bugzilla.redhat.com/show_bug.cgi?id=1020393 +* https://people.freedesktop.org/~teuf/spice-doc/html/ch03.html +* http://askubuntu.com/questions/107228/how-to-resize-virtual-machine-disk#481887 +* http://wiki.qemu.org/Documentation/9psetup +* https://ask.fedoraproject.org/en/question/8080/shared-folder-with-qemu-kvm/ + +Mounting guest images: + +* [Mounting raw and qcow2 VM disk images](https://alexeytorkhov.blogspot.com.br/2009/09/mounting-raw-and-qcow2-vm-disk-images.html) using `losetup` or `qemu-nbd`. +* [guestmount](http://libguestfs.org/guestmount.1.html) from [libguestfs, a library for accessing and modifying VM disk images](http://libguestfs.org/). + +Image optimization: + +* [Tip: Making a disk image sparse | Richard WM Jones](https://rwmj.wordpress.com/2010/10/19/tip-making-a-disk-image-sparse/). +* [How to convert a non-sparse image to a sparse image – Patrick's Blog(2)](https://blog.laimbock.com/2013/10/31/how-to-convert-a-non-sparse-image-to-sparse/). + + ionice -c 3 nice -n 19 virt-sparsify --tmp /tmp --convert qcow2 --compress box.img box.new && mv box.new box.img diff --git a/research/computing/suckless/virtual/screenshot.png b/research/computing/suckless/virtual/screenshot.png new file mode 100644 index 0000000..f5541c4 Binary files /dev/null and b/research/computing/suckless/virtual/screenshot.png differ diff --git a/research/computing/thinkpad.md b/research/computing/thinkpad.md new file mode 100644 index 0000000..e873c74 --- /dev/null +++ b/research/computing/thinkpad.md @@ -0,0 +1,210 @@ +[[!meta title="ThinkPad"]] + +Esta é uma pesquisa em andamento sobre [ThinkPads](https://en.wikipedia.org/wiki/ThinkPad). + +## Política + +É sempre bom lembrarmos das origens das linhagens técnicas. Como o Fusca, que +foi [concebido pelo Porsche para ser um carro resistente e de fácil +manutenção](https://hackaday.com/2016/05/03/volkswagen-beetle-the-most-hackable-car/). + +Aqui segue um brainstorm (ou thinkstorm?) que pode ser desenvolvido com mais +propriedade. + +### Think + +[De onde vem o slogan THINK](/books/history/ibm-holocaust): + + NCR salesmen wore dark suits, the corporation innovated a One Hun- + dred Point Club for agents who met their quota, and The Cash stressed "clean + living" as a virtue for commercial success. One day during a pep rally to the + troops, Watson scrawled the word THINK on a piece of paper. Patterson saw + the note and ordered THINK signs distributed throughout the company. + Watson embraced many of Patterson's regimenting techniques as indispens- + able doctrine for good sales. What he learned at NCR would stay with him + forever. + + -- do livro IBM and The Holocaust, pág. 42 + + Large pictures of Watson in the weekly company publication, Business + Machines, regularly sported headlines proclaiming even his ordinary accom- + plishments, such as "Thomas J. Watson Opens New Orleans Office." The ever- + present equating of his name with the word THINK was more than an + Orwellian exercise, it was a true-life indoctrination. The Watson mystique + was never confined to the four walls of IBM. His aura was only magnified by + his autocratic style + + -- do livro IBM and The Holocaust, pág. 47 + +Esse aí é o DNA da IBM. Não é de se estranhar que tenha sido tão fácil para a +Apple capitalizar em cima dos hobbystas da computação pessoal e se colocar como +uma alternativa humanizadora ao "Grande Irmão" de gigantes da computação +monolítica como a IBM. + +Não há como operacionalizar um império se nao houver uma classe mínima de escribas, +sejam corporativos ou estatais e que sejam encorajados a pensar dentro dos limites +e ditames do regime. + +Mais um ponto pra tese de que nazismo não foi só baseado no arcaísmo da "terra e +sangue" mas também numa racionalidade técnica. Havia pensamento, inteligência e +estratégia, mas para todos os propósitos irracionais, boçais, torpes e banais, +mostrando que mesmo na sapiência pode haver a demência. + +### A Classe dos Escribas + +O ThinkPad é um equipamento de produtividade feito para ajudar a pensar +estrategicamente. Talvez seja o melhor computador pra isso pelo seu design +potencializador da simbiose humano-máquina. + +É um ápice dos PCs conhecidos como laptops ou notebooks, funcionando muito bem +para o processamento da linguagem escrita. Daí que é muito confortável para o +público letrado que produz código. + +### A nova ideologia + +> O lance é... +> Na nova ideologia, o slogan mudou +> Nao eh mais **THINK** +> Mas sim **INTERACT** +> Daí que as recentes linhagens técnicas tem outro design +> Pra facilitar uma interação instantânea, não para pensar + +Não que o slogan anterior tenha sido abolido, mas ele é minoritário numa indústria +da computação onde a maior parte dos consumidores não está sendo tratada como +classe pensadora, mas como meros terminais de interação entre o mundo e as +"nuvens" computacionais (o antigo "mainframe" do paradigma totalitário +clássico). + +O Pad está para o THINK assim como o Pod está para o INTERACT. + +Não é à toa que a IBM é uma empresa do século passado apesar de ainda ter uma +certa preponderância em IA e Big Data. Mas sua identidade de uma empresa de +pesquisadores ligados às ciências duras tem sido suplantada pouco a pouco pela +lógica das neo doctons como Google e Apple. + +Não é à toa que a IBM vendeu a linha ThinkPad para a chinesa Lenovo, que +prontamente alterou diversos aspectos desses PCs para que sejam mais +interativos. + +Como será que a atual classe dos escribas se portará? Permanecerá como estamento +THINK ou será absorvido pela massa INTERACT conforme funções de escrita sejam +absorvidas por agentes como "IAs"? Haverá necessidade de uma vasta classe de +escribas no novo império que está a se desenhar? + +### Libertando o design + +Assim como o Fusca, o ThinkPad é de fácil manutenção ("serviceable"). Suas +peças são de fácil instalação e existem manuais detalhados para conserto. + +Decorre que é um hardware favorito de boa parte da comunidade hacker que +entendeu que, de certo modo, já passamos pela época de esplendor dos PCs e e +que o melhor que fizeram até hoje foram ThinkPads. + +Possivelmente, a comunidade do hardware livre fará a engenharia reversa de todo +esse rolê. E talvez aí haja uma semente para a difusão de uma computação que +incentive tanto o pensamento quanto a interação de forma emancipatória. Uma máquina +de pensar popular e acessível como alternativa às tecnotoxinas totalitárias +do turbocapitalismo. + +Texto escrito a partir de um ThinkPad, máquina surgida nas contradições. + +## Critérios de escolha + +Ok, chega de groselha. Bora falar de hardware. + +Bons critérios para escolha de modelos: + +1. Facilidade no acesso a componentes, especialmente unidade de armazenamento. +2. Conector de energia comum. +3. Bom teclado e trackpoint. + +Exemplos: T430, x200, x201, x230. + +## Modelos + +Esta seção inclui modelos "homologados" e também em pesquisa. + +### X62 - 51NB + +* [ThinkPad X62](https://geoff.greer.fm/2017/07/16/thinkpad-x62/). +* [X62 Laptop Review](https://www.notebookcheck.net/X62-Laptop-Review.211598.0.html). +* [Accept the fourth batch of X62 motherboard, New orders](https://m.facebook.com/notes/lcdfans/-accept-the-fourth-batch-of-x62-motherboard-new-orders/1877823262484777/?__tn__=H-R). + +### X201 e X201i + +* [Detailed specifications - ThinkPad X201, X201s](https://support.lenovo.com/br/en/solutions/pd010141). +* [Category:X201 - ThinkWiki](http://www.thinkwiki.org/wiki/Category:X201) + +### X210 + +* [ThinkPad X210](https://geoff.greer.fm/2019/03/04/thinkpad-x210/). + +### X220 + +* [X220 no ThinkWiki](https://www.thinkwiki.org/wiki/Category:X220). +* [Lenovo Thinkpad X220 - iFixit](https://www.ifixit.com/Device/Lenovo_Thinkpad_X220). +* [Downloads](https://pcsupport.lenovo.com/br/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x220/downloads). +* Problemas: + * Não consegui iniciar um sistema com GRUB em modo FDE (Full Disk Encryption). Notas do ThinkWiki sobre "On booting": + * The X220 cannot/will not boot GPT disks using Legacy BIOS, you must setup UEFI. + * The X220 will not boot /efi/*/*.efi unless "signed"(?) into BIOS, you have to copy it to /efi/boot/bootx64.efi. + * Disabling the BIOS setting "USB UEFI BIOS Support" disables *all* USB booting, ie, both UEFI and legacy BIOS. + +### X230 + +* [x230 no ThinkWiki](https://www.thinkwiki.org/wiki/Category:X230). +* [Lenovo ThinkPad x230 - iFixit](https://www.ifixit.com/Device/Lenovo_Thinkpad_x230). +* [Downloads](https://pcsupport.lenovo.com/br/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x230/downloads). +* [Battery calibration issues (and tips for fixing): when battery starts to suddenly drop its level](https://www.reddit.com/r/thinkpad/comments/2fworf/battery_calibration_issues_and_tips_for_fixing/). + * Exemplo: deixar por uns dias rodando a cada inicialização: `tlp setcharge 99 100`. + +### X250 + +* [ThinkPad X250 Ultrabook Laptop](https://www3.lenovo.com/us/en/laptops/thinkpad/x-series/x250/). +* [X250 no ThinkWiki](https://www.thinkwiki.org/wiki/Category:X250). +* [Manual de Serviço](https://download.lenovo.com/pccbbs/mobiles_pdf/x250_hmm_en_sp40f30022.pdf). +* Problemas: + * Oficialmente só suporta até 16GB de RAM. + * "Any internal component replacement or upgrade (including hard disk and expansion cards) requires opening the back cover. (ThinkWiki)" + +### T430 e T430i + +* [T430 no ThinkWiki](https://www.thinkwiki.org/wiki/Category:T430). +* [Detailed Specifications - ThinkPad T430, T430i](https://support.lenovo.com/br/en/solutions/pd024705). +* Bateria do Thinkpad T430i - FRU P/N 45N1001, ASM P/N 45N1000. + +### T440 + +* [T440 no ThinkWiki](https://www.thinkwiki.org/wiki/Category:T440). +* Problemas: + * [Buttonless Touchpad](https://www.thinkwiki.org/wiki/Buttonless_Touchpad). + +## Memória + +* [Memory Compatibility - Notebooks](https://support.lenovo.com/br/en/solutions/pd012623#x). + +## Firmware livre + +* [Libreboot – Hardware compatibility list](https://libreboot.org/docs/hcl/). + +# Firmware oficial + +* http://www.thinkwiki.org/wiki/Installing_Gentoo_on_a_ThinkPad_X220 +* https://bbs.archlinux.org/viewtopic.php?id=122352 +* http://www.thinkwiki.org/wiki/UEFI_Firmware +* https://raw.githubusercontent.com/ksergey/thinkpad/master/geteltorito.pl + +Exemplo: + + perl ../../geteltorito.pl g2uj32us.iso > g2uj32us.hybrid.iso + +## Referências + +* [Thinkpads Forum - Index page](https://forum.thinkpads.com/). +* [ThinkWiki](https://www.thinkwiki.org/wiki/ThinkWiki). +* [ThinkPad - Reddit](https://www.reddit.com/r/thinkpad/). +* [fluxo de links » Tags (Rótulos): thinkpad](https://links.fluxo.info/tags/thinkpad). +* [Lenovo: retro thinkpad](http://blog.lenovo.com/tag/retro+thinkpad). +* [Lenovo Laptop Repair - iFixit](https://www.ifixit.com/Device/Lenovo_Laptop). +* [IBM Laptop Repair - iFixit](https://www.ifixit.com/Device/IBM_Laptop). +* [CPU-Upgrade](http://www.cpu-upgrade.com). diff --git a/research/computing/token.md b/research/computing/token.md new file mode 100644 index 0000000..9901faa --- /dev/null +++ b/research/computing/token.md @@ -0,0 +1,59 @@ +[[!meta title="Tokens USB"]] + +Sobre tokens criptográficos USB. + +## Gnuk + +* [Free Software Initiative of Japan - gnuk](http://www.fsij.org/category/gnuk.html) +* [Gnuk Documentation — Gnuk Documentation 1.0 documentation](http://www.fsij.org/doc-gnuk/) +* [Gnuk - Noisebridge](https://noisebridge.net/wiki/Gnuk). +* [FST-01 - Seeed Wiki](http://wiki.seeed.cc/FST-01/). +* [Questions - FST-01 Q&A Forum](http://no-passwd.net/askbot/questions/). +* [Programming the FST-01 (gnuk) with a Bus Pirate + OpenOCD](https://www.earth.li/~noodles/blog/2015/08/program-fst01-with-buspirate.html). +* [Gnuk Token and GnuPG scdaemon](https://fosdem.org/2018/schedule/event/hwenablement_gnuk_token_and_gnupg_scdaemon/). +* [FST-01 gnuk firmware update via USB](https://raymii.org/s/tutorials/FST-01_firmware_upgrade_via_usb.html). +* [Gnuk source code](https://salsa.debian.org/gnuk-team/gnuk/gnuk). +* Threat modeling: + * [How safe is Gnuk against side channel attacks, USB sniffer, or electron/tunneling microscope? - FST-01 Q&A Forum](http://no-passwd.net/askbot/question/33/how-safe-is-gnuk-against-side-channel-attacks-usb/). + * [How does Gnuk protect against attacks to extract private keys? - FST-01 Q&A Forum](http://no-passwd.net/askbot/question/32/how-does-gnuk-protect-against-attacks-to-extract/). + * [What types of risk are more likely? What's "best practice" against that? - FST-01 Q&A Forum](http://no-passwd.net/askbot/question/68/what-types-of-risk-are-more-likely-whats-best/). + +## Safenet eToken E5110 + +No Debian, instale o [MUSCLE](https://pcsclite.alioth.debian.org/): + + sudo apt install libccid pcsc-tools pcscd pcscd libpcsclite1 + +Plugue a parada e execute: + + opensc-tool --list-readers + +## SafeNet Authentication Client + +Para uso no mundo corporativo e institucional, como OAB e afins. Você não vai +querer usar os drivers proprietários a não ser que seja forçado, certo? + +Curioso que no fim das contas a OAB conseguiu seu lugar ao sol no mercado +da certificação digital apesar da implantação do modelo governamental escolhido +para o certificado raíz brasileiro, história contada no livro +[Leviatã Eletrônico](http://www.scielo.br/scielo.php?script=sci_arttext&pid=S1517-45222010000300013). + +Enfim, pra usar o eToken E5110 pra assinar documentos no navegador você +precisará de drivers específicos e proprietários. + +Aparentemente a [Gemalto comprou a SafeNet](http://www.gemalto.com/press/Pages/Gemalto-to-acquire-SafeNet,the-worldwide-leader-in-data-and-software-protection.aspx) +e depois ficou muito mais difícil para baixar o driver do eToken E5110, que além de ser proprietário ainda ficou privativo! +Maluco fez [até script](https://gist.github.com/dex4er/1354710) pra automatizar essa zica. +[Aqui](https://site.solutinet.com.br/2015/manuais/instaladores/) há versões recentes das bibliotecas e do cliente de autenticação +proprietário (dica [daqui](https://diadialinux.wordpress.com/2017/03/02/instalar-etoken-alladin-usar-sites-do-governo-com-certificado-digital-e-assinar-documentos-pdf/)). + +Referêcias: + +* [Token-Based Authentication | SafeNet eToken 5110 USB Authenticator](https://safenet.gemalto.com/multi-factor-authentication/authenticators/pki-usb-authentication/etoken-5110-usb-token/) +* [Guia](http://poddarprofessional.com/demo/DIGITAL%20SIGNATURE/UTILITIES/E-token%20Drivers%20For%20LINUX/eToken_PKI_Client_Linux_4_55_Reference_Guide.pdf). +* [eToken Pro 72k and Linux - r3blog](https://r3blog.nl/index.php/etoken-pro-72k/). +* [Install SafeNet eToken PRO on Ubuntu 14.04 LTS](https://www.vleeuwen.net/2015/05/install-safenet-etoken-pro-on-ubuntu-14-04-lts). + +## Misc + +* [ImperialViolet - Security Keys](https://www.imperialviolet.org/2017/08/13/securitykeys.html). -- cgit v1.2.3