Migrating MNT Reform to ArchLinux

By default MNT Reform2 laptop comes with Debian SID image. At least that's what I got with my DYI kit. The image comes on SD card, and by default the boot switch on SoM is set to boot from SD Card. SID is fairly bleeding edge, however I still feeling myself awkward working on Debian, even though the bleeding edge is one of the reasons I'm in favour of Arch Linux. Since I have NVME which is considerably faster than SDCard, I decided to combine migration to NVME drive with migration to Arch Linux. Also as there is no boot security so far, the migration will be to encrypted LUKS2 partitions (FDE).

Wed Feb 2 22:37:48 2022

A piece of Librem5 on my MNT Reform2

Despite my frequent ranting at Purism - don't take me wrong, I fully appreciate what they are doing. I just didn't like their communication strategy. Which finally improved and entered a state where I can say - yea ok, I understand. Other than that - their work at GTK/Gnome (libhandy which is now libadwaita, phosh/phoc, various userspace apps) is enormous, their effort at mainlining imx8m is impressive, all together allow me now using pinephone and MNT Reform2 laptop. This article is a demonstration of how the effort in kernel helps on MNT Reform.

Wed Jan 19 21:28:56 2022

Mobile i.MX8MQ Device

Christmas time is full of surprises, one of them was a new mobile device I got a Christmas morning, despite all the chip shortage and whatnot problems. The device is powered by NXP i.MX8MQ industrial SoC which combines 4 Arm A53 cores, 1 Arm M4F core and 1 Vivante GC7k Lite video core. And no, it is not Librem5 device which is supposed to be powered by the same SoC.

Mon Dec 27 17:27:42 2021 Upd.: Tue Dec 28 17:33:56 2021

Tinfoil session 2: Recovering secure boot vector

So having secure boot enabled with unified kernel image is great, but how to integrate it into OS lifecycle management? And how to do it without compromising the security? The simplicity at one place causes complexity at another.

Mon Dec 20 18:21:12 2021

Tinfoil session 1: Enabling secure boot vector on linux

While being a strong proponent of security and privacy I for long neglected one particular security vector on my laptops - secureboot, relying on compensating controls I put in place. SecureBoot was pushed on me by Microsoft so I naturally reflexly rejected it. Now however is a time to reconsider the stance, especially in view of much higher pressure on privacy and as result much deeper penetration of foreing networked compute elements around us (this is the place we put our tinfoil hat on).

Mon Nov 29 23:17:42 2021

Migrating from Gnome-Keyring to KeepasXC

I never though I'd come to this point, but here we are. Now I'll describe how I came to this point and how I migrated my GKR data to KPXC. Why I did it? Mainly because it just stopped working as it used to be. And I didn't manage (didn't have passion?) to make it working again as it has been before.

Wed Nov 10 21:12:55 2021

Small footprint web server

Nowdays we're all concerned about environment and our impact on it. At the same time security concerns do not allow our conscience to agree on these cloud bells and whistles.

Luckily we have now available at the consumer segment low profile and power consumption platforms like Raspberry PI and others. Compare 1-2W of raspberry to at least 10-20W of any other HTPC. Such platforms however have certain resource restrictions.

Sun Nov 15 23:11:47 2015

Fuck you, Lenovo

I've recently bought probably the best laptop I've ever had - Lenovo E130, with probably, the worst OS I ever had - windows 8. Initially, knowing Czech distribution is in any case one of the worst in the world - I didn't bother much, and bough whatever model was available in local shops (you don't have a choice in Czech Republic really, never, only crappiest things available).

Tue May 7 23:46:31 2013 Upd.: Mon Jun 10 23:16:25 2013

Package cleanup: tiny hints

If you use some system for long enough, passing through various release upgrades, installing and uninstalling packages - basically living and using - your system might start be bloated with various remnants of dependencies, unneeded packages, dragging back some relicts or even blocking some new deps. Very unpleasant fact.

Sat Jan 26 17:57:42 2013 Upd.: Sat May 25 10:04:36 2013

GPT - doing things right

To be honest - I'm absolutely not an authority to teach how to do things right in GUID Partition Table. But I did it wrong, and I corrected it, so maybe someone will find it useful.

Wed May 8 23:41:10 2013

Glibc IPv6 bug

While working on jack IPv6 network stack I've trapped onto bizarre getaddrinfo() behaviour - it was returning me address families in wrong order for passive nameless request. It appears people were trapping onto this bug since 2009 (at least that far I found references to this behaviour in mail-lists).

Mon Mar 4 00:06:35 2013 Upd.: Sat Mar 9 11:05:16 2013

ifupdown and dhclient for ipv6

If you're using dhcp for both ipv4 and ipv6 on ubuntu with wifi/wpa_supplicant you might have faced with weird issue with ifdown trying to release v6 (or v4, depends on ordering) lease and it finally hangs - since previous address family already brought interface down.

Fri Dec 28 12:27:32 2012 Upd.: Sat Feb 9 14:50:45 2013


Here I'm just listing some upstart scripts I've written to manage tasks not assumed by default configuration


I dont want to use some weird bloatware just to install couple of rules I need to protect my machine. So here we go...

Sat Jan 10 02:04:21 2009 Upd.: Wed Dec 19 00:21:33 2012
© ruff 2011