By default MNT Reform2 laptop comes with Debian SID image. At least that's what I got with my DYI kit. The image comes on SD card, and by default the boot switch on SoM is set to boot from SD Card. SID is fairly bleeding edge, however I still feeling myself awkward working on Debian, even though the bleeding edge is one of the reasons I'm in favour of Arch Linux. Since I have NVME which is considerably faster than SDCard, I decided to combine migration to NVME drive with migration to Arch Linux. Also as there is no boot security so far, the migration will be to encrypted LUKS2 partitions (FDE).
Despite my frequent ranting at Purism - don't take me wrong, I fully appreciate what they are doing. I just didn't like their communication strategy. Which finally improved and entered a state where I can say - yea ok, I understand.
Other than that - their work at GTK/Gnome (libhandy which is now libadwaita, phosh/phoc, various userspace apps) is enormous, their effort at mainlining imx8m is impressive, all together allow me now using pinephone and MNT Reform2 laptop. This article is a demonstration of how the effort in kernel helps on MNT Reform.
Christmas time is full of surprises, one of them was a new mobile device I got a Christmas morning, despite all the chip shortage and whatnot problems. The device is powered by NXP i.MX8MQ industrial SoC which combines 4 Arm A53 cores, 1 Arm M4F core and 1 Vivante GC7k Lite video core. And no, it is not Librem5 device which is supposed to be powered by the same SoC.
More...Mon Dec 27 17:27:42 2021Upd.: Tue Dec 28 17:33:56 2021
So having secure boot enabled with unified kernel image is great, but how to integrate it into OS lifecycle management? And how to do it without compromising the security? The simplicity at one place causes complexity at another.
Tinfoil session 1: Enabling secure boot vector on linux
While being a strong proponent of security and privacy I for long neglected one particular security vector on my laptops - secureboot, relying on compensating controls I put in place. SecureBoot was pushed on me by Microsoft so I naturally reflexly rejected it. Now however is a time to reconsider the stance, especially in view of much higher pressure on privacy and as result much deeper penetration of foreing networked compute elements around us (this is the place we put our tinfoil hat on).
I never though I'd come to this point, but here we are. Now I'll describe how I came to this point and how I migrated my GKR data to KPXC.
Why I did it? Mainly because it just stopped working as it used to be. And I didn't manage (didn't have passion?) to make it working again as it has been before.
Yes, you read it correct, we're still speaking about pinephone. Librem5 is still out there. Not in here. Regardless, Pine64 started selling CE upgrade for the braveheart and as soon as I figured that I decided to upgrade one of mine pine phones with 3GB. The upgrade is delievered as a new mainboard and for braveheart owners there's a discount. This week the board finally arrived to my post-office and they decided it's too big for them to deliver it (they always do it regardless of the size and weight, that's the way they work).
More...Sun Dec 6 23:11:34 2020Upd.: Sat May 22 14:18:36 2021
Aeons ago I've ordered a phone. A Librem Phone. Librem5 to be precise. It was all well forgotten history when all of a sudden last spring I got notification it has been delayed.
After that glorious event I've started monitoring the progress of the almost finishing development with greater interest which also led me to know there appered to be another project promising to deliver mainline linux phone in about half a year. The price tag was ridiculously low (comparing to L5) so I just gave it a shot - just in case.
Now last week you can imagine the degree of my bewilderment when I've received sealed envelop stating the customs office awaits for my decision on how to proceed with some electronic shipment to me, which clearly need tax clearance (if I want to proceed with the shipment).
More...Sat Feb 29 13:01:44 2020Upd.: Wed Mar 4 17:23:48 2020
Once upon a time I've made XBMC based HTPC... And as any proper HTPC mine should also have a remote control.
Since my TV is Sony, the choice was obvious - Sony PS3 BD BT Remote - both remotes are almost the same which makes HTPC looks aesthetic.
Then however I've realised that despite being recognized as a generic HID keyboard, keys mapped to buttons aren't seen by Xorg (XInput to be precise). Second issue i found was related to battery power. Don't know how PS3 is properly handling it but I solved the problem by suspending the HID via explicit teardown of BT link.
More...Tue Oct 6 22:01:43 2009Upd.: Sun Mar 5 13:33:03 2017
Nowdays we're all concerned about environment and our impact on it. At the same time security concerns do not allow our conscience to agree on these cloud bells and whistles.
Luckily we have now available at the consumer segment low profile and power consumption platforms like Raspberry PI and others. Compare 1-2W of raspberry to at least 10-20W of any other HTPC. Such platforms however have certain resource restrictions.
Being tired of background noise caused by active cooling on HTPC, moved it off to Raspberry PI (B+).
As time moves forward there appears plethora of mobile apps for any platform doing convenient remote control of Kodi and its library. Hence I've actually stopped using PS3 BD BT remote.
Nevertheless recently decided to dust it off and connect again (using BT dongle on RPI)
More...Fri Oct 30 15:20:31 2015Upd.: Sat Nov 14 14:11:16 2015
Back to our business. On 11 Oct a patch to enable DNSSEC protected DANE CERTs was merged to StrongSWAN's upstream so now you can have interoperability between racoon and strongswan if you need to use CERTs for easy deployment.
The approach is pretty the same, only with StrongSWAN you have additional DNSSEC validation (racoon blindly trusts underlying DNSSEC implementation).
Life goes on, everythng changes. With new bluez tree fakehid was completely wiped out from bluetoothd userspace. Now, thanks to David Dillow ps3bt code lives in HID kernel code since commit 5844c1cdb630b537a2ecdf74dab2985e51dc1bd9. Let see how it works...
More...Sat Nov 10 23:17:31 2012Upd.: Sat Oct 5 15:16:20 2013
Since future has come, we need to pace ahead and utilize its merits. One of the benefits of having DNSSEC is independence in making own certs (with DANE) and simplified roll-out of those certs (with CERT RR).
If you use some system for long enough, passing through various release upgrades, installing and uninstalling packages - basically living and using - your system might start be bloated with various remnants of dependencies, unneeded packages, dragging back some relicts or even blocking some new deps. Very unpleasant fact.
More...Sat Jan 26 17:57:42 2013Upd.: Sat May 25 10:04:36 2013
To be honest - I'm absolutely not an authority to teach how to do things right in GUID Partition Table. But I did it wrong, and I corrected it, so maybe someone will find it useful.
While working on jack IPv6 network stack I've trapped onto bizarre getaddrinfo() behaviour - it was returning me address families in wrong order for passive nameless request. It appears people were trapping onto this bug since 2009 (at least that far I found references to this behaviour in mail-lists).
More...Mon Mar 4 00:06:35 2013Upd.: Sat Mar 9 11:05:16 2013
What if we want to set jack to be system service? I know, I know, I read all the fine manuals and a reason behind avoiding system sound daemon, whether it is pulse or jack. But hey - this is my PC, don't tell me what I cannot do!
More...Sun Feb 3 02:14:31 2013Upd.: Sat Feb 9 21:31:57 2013
In such a small setup something like pim or mospf is just too much, however i found
that igmpproxy is just too little for me. So I'm using smcroute. This daemon is for static
multicast routing which is just what I need for my single-router home setup. One minor issue though -
startup for this piece of software is really poor.
More...Sun Feb 21 18:59:02 2010Upd.: Sat Feb 9 14:51:46 2013
Quality of service may be not as critical part of home network as connectivity and security, however could really help of you're using some realtime services like VoIP
The same approach is used here for QoS setup, script below simply applies predifened set of tc rules:
More...Sun Feb 21 18:51:22 2010Upd.: Sat Feb 9 14:51:35 2013
If you're using dhcp for both ipv4 and ipv6 on ubuntu with wifi/wpa_supplicant you might have faced with weird issue with ifdown trying to release v6 (or v4, depends on ordering) lease and it finally hangs - since previous address family already brought interface down.
More...Fri Dec 28 12:27:32 2012Upd.: Sat Feb 9 14:50:45 2013
Once upon a time I've made XBMC based HTPC... oh, sorry, you know that story, do you?
Well, next thing I found was that pulseaudio was not working (it is really poorly documented, and that time I didn't have a clue how to deal with it). So I removed pulse leaving XBMC on pure ALSA. Which was working perfectly till it became too limited for me and my audio preferences. This was a time I got acquainted with JACK.
Now I can handle easily and conveniently pulseaudio, after breaking my head through scattered across the internet information, but it is the subject for another story. Because first we need to bind together XBMC and JACK using...
More...Fri Jun 15 11:43:12 2012Upd.: Sat Feb 9 14:47:33 2013
Well, you know my attitude to the wierd "complex" stuff guys are tending to make from
pure, clean and perfect by itself iptables rules. I really can't get it. So here it is.
More...Sun Feb 21 18:10:52 2010Upd.: Sat Dec 22 21:51:27 2012