By default MNT Reform2 laptop comes with Debian SID image. At least that's what I got with my DYI kit. The image comes on SD card, and by default the boot switch on SoM is set to boot from SD Card. SID is fairly bleeding edge, however I still feeling myself awkward working on Debian, even though the bleeding edge is one of the reasons I'm in favour of Arch Linux. Since I have NVME which is considerably faster than SDCard, I decided to combine migration to NVME drive with migration to Arch Linux. Also as there is no boot security so far, the migration will be to encrypted LUKS2 partitions (FDE).
Despite my frequent ranting at Purism - don't take me wrong, I fully appreciate what they are doing. I just didn't like their communication strategy. Which finally improved and entered a state where I can say - yea ok, I understand.
Other than that - their work at GTK/Gnome (libhandy which is now libadwaita, phosh/phoc, various userspace apps) is enormous, their effort at mainlining imx8m is impressive, all together allow me now using pinephone and MNT Reform2 laptop. This article is a demonstration of how the effort in kernel helps on MNT Reform.
Christmas time is full of surprises, one of them was a new mobile device I got a Christmas morning, despite all the chip shortage and whatnot problems. The device is powered by NXP i.MX8MQ industrial SoC which combines 4 Arm A53 cores, 1 Arm M4F core and 1 Vivante GC7k Lite video core. And no, it is not Librem5 device which is supposed to be powered by the same SoC.
More...Mon Dec 27 17:27:42 2021Upd.: Tue Dec 28 17:33:56 2021
So having secure boot enabled with unified kernel image is great, but how to integrate it into OS lifecycle management? And how to do it without compromising the security? The simplicity at one place causes complexity at another.
Tinfoil session 1: Enabling secure boot vector on linux
While being a strong proponent of security and privacy I for long neglected one particular security vector on my laptops - secureboot, relying on compensating controls I put in place. SecureBoot was pushed on me by Microsoft so I naturally reflexly rejected it. Now however is a time to reconsider the stance, especially in view of much higher pressure on privacy and as result much deeper penetration of foreing networked compute elements around us (this is the place we put our tinfoil hat on).
I never though I'd come to this point, but here we are. Now I'll describe how I came to this point and how I migrated my GKR data to KPXC.
Why I did it? Mainly because it just stopped working as it used to be. And I didn't manage (didn't have passion?) to make it working again as it has been before.
Nowdays we're all concerned about environment and our impact on it. At the same time security concerns do not allow our conscience to agree on these cloud bells and whistles.
Luckily we have now available at the consumer segment low profile and power consumption platforms like Raspberry PI and others. Compare 1-2W of raspberry to at least 10-20W of any other HTPC. Such platforms however have certain resource restrictions.
I've recently bought probably the best laptop I've ever had - Lenovo E130, with probably, the worst OS I ever had - windows 8. Initially, knowing Czech distribution is in any case one of the worst in the world - I didn't bother much, and bough whatever model was available in local shops (you don't have a choice in Czech Republic really, never, only crappiest things available).
More...Tue May 7 23:46:31 2013Upd.: Mon Jun 10 23:16:25 2013
If you use some system for long enough, passing through various release upgrades, installing and uninstalling packages - basically living and using - your system might start be bloated with various remnants of dependencies, unneeded packages, dragging back some relicts or even blocking some new deps. Very unpleasant fact.
More...Sat Jan 26 17:57:42 2013Upd.: Sat May 25 10:04:36 2013
While working on jack IPv6 network stack I've trapped onto bizarre getaddrinfo() behaviour - it was returning me address families in wrong order for passive nameless request. It appears people were trapping onto this bug since 2009 (at least that far I found references to this behaviour in mail-lists).
More...Mon Mar 4 00:06:35 2013Upd.: Sat Mar 9 11:05:16 2013
If you're using dhcp for both ipv4 and ipv6 on ubuntu with wifi/wpa_supplicant you might have faced with weird issue with ifdown trying to release v6 (or v4, depends on ordering) lease and it finally hangs - since previous address family already brought interface down.
More...Fri Dec 28 12:27:32 2012Upd.: Sat Feb 9 14:50:45 2013