SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#1 Re: Feedback & Suggestions » The End ... The Beginning ... And THE NEW NAME » 2015-02-12 14:38:08

True. Maybe a clearer design then. Or a better name, but as I said, that's another debate that won't happen. I didn't keep the logo and most of the looks of crunchbang anyway, so it's not that important.

Nothing more to add.

#2 Re: Feedback & Suggestions » The End ... The Beginning ... And THE NEW NAME » 2015-02-12 14:00:20

Just one little thing before closing: The logo looks indeed better with a bigger swirl at small sizes.
OTOH that triangle bottle is better IMO because it's a universal symbol for lab work, chemistry and stuff (even if it's not a science/chemistry based distro, but that's a whole other debate). It's just much easier to recognize (I think I've seen this kind of icon for indicating danger of chemical products, for example).
The other item just looks too obscure in its meaning.
Of course if you put both side by side, by association you get a clear meaning. But if you ask a total stranger about what it means, even a child could tell you what that triangle bottle is. The other item? I highly doubt it.

My 2 cents again, just an opinion.

#3 Re: Feedback & Suggestions » The End ... The Beginning ... And THE NEW NAME » 2015-02-12 01:04:03

A few things to possibly improve that logo:
as a wallpaper, it's big enough, it looks good. At a small size, I can't even see the debian swirl.
I think the triangle bottle is enough on it's own, with a bigger or a few bigger swirl, or even a huge one, like a cloud (gotta experiment to see what looks good and which provides a stronger message).

My 2 cents, do what you want with it.

#4 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-12 00:57:36

Thanks for the additional info guys. Much, much appreciated.
There's a lot of work involved in simply understanding the tools involved.
Tor, VPN, Tails, PGP, what they are, how they work, how they interact (do I need so many layers), which tool for which context (like tor for unreadable communication, PGP for sensitive business data, or a private conversation (OTR, Cryptocat. This is info I found on the forum), security/privacy vs usability, etc. Still a ton of homework.

Right now, I understand that I can have free software over free firmware. With even free hardware (wifi, router, printer... ).
From there, it's about physical access to the machine. I can encrypt the whole disk with a foot long password that's probably fucking annoying to type every day. But I'm pretty sure there can be at least two other codes to create and remember.
But let's say it's acceptable for now. Maybe it is.
The second aspect is securing outside communication, or maybe preventing intrusion first (firewall, antivirus etc).
So, outside communication: End to end hard encryption, Tor, VPN, encrypted emails, CLI web browser with images on, some way to watch videos occasionally in a secure way (I don't care about being anonymous there though), GPG, Tails, etc.
Plus all this might slow down the browsing experience. I know that ghostery and stuff like that does.
And, less convenient, having others to behave the same way when sending me emails. Not gonna happen, and I don't need to (I mean it's not so vital that I have to annoy everyone with that).
I think I can set up text message verification for accessing my mail box (I think it's called double check or something).

Overall, many things about me, I don't care if it's known. Companies can send their ads, I don't care, I'm not a spender.
The government would get bored if they tracked my data. Mail communication, I don't care that much whether it's safe or not.
Though I don't mind going "ninja" and getting off their radar, just because I can, I don't care if they're tracking me for business as usual, or for evil reasons. If you try to take advantage of me, I'm gonna make your life harder.
What I create on my machine (scanned content, text, music, whatever) is strictly mine to know about.

Oh, I forgot about the kernel. Debian is based on the blob free linux kernel anyway. It should be enough, and more useable.
But certainly it's better if I can compile my own distro from the ground up. One principle I found very true is the less lines of code,
The less threats/bugs etc. So I feel like taking a minimal approach, as long as it's strong enough, and that the additional layer doesn't cost too much in usability vs what it brings in terms of privacy.

So yeah, still a shitload of homework just to understand what's going on, then some more homework to set all that up,
and then the daily practice habits (encryption, when, why, with which tool).

I'm not ready yet to go all free, for 2 reasons: I feel I need to be able to practice on OS and softwares that are mainly used professionally. Maybe I'll keep a dedicated machine for that, unplugged from the network. The other reason is I want to experience things like using an external screen, plugging in a camera, I mean anything that would require a driver. I know I need to select my hardware carefully.

That's starting to feel like a good roadmap smile .

--- EDIT ---

I was just watching a GITS episode where some activists/terrorists state that they fight for the right of choice/consent in getting cyborg parts, because of the way corporations use that as a way to leak data. That's very similar to the subject we're talking about here.

The Major's answer?
Something like: "do you really think that a system that's never infected ever exists?"

The comparison with the human body/mind and infections is striking.
Good eating habits, exercising, no or little potentially harmful habits, rest/moderation, laughter, love, effort… Usually a good recipe against infection/health problems. But of course there's on guarantee.

A secure firmware/software setup, not too much lines of code (the less, the better), good browsing habits, and that's about it. Tons of long passwords (40 characters!), layer after layer of encryption software, that's overkill and counterproductive probably.

Anyway, thanks again for your help everyone.

#5 Re: Tutorials » Your Openbox session on Debian jessie or sid » 2015-02-11 23:33:43

That linuxbbq logo looks a bit weird (Tux in front of a huge fire). Either the penguin is burning in hell and is loving it,
or it decided that Goku's face was a comfortable place to take a break on.

Back on the more serious track: I didn't expect to have to rebuild what I'd consider basic functions. Which are very subjective anyway. It might be harder than expected, but interesting nonetheless.

#6 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-09 21:37:39

ferenc wrote:

well...

just use non-US programmes (apps) because NSA probably has no deals outside the USA... so, use Euro distributions, euro encryption apps...

Hey, you can use the Nort-Korean linux wink China has one too wink

I believe you are a little-bit over the edge. But my additional advice would be to just kompile the kernel on your own. But that's the end. Everything else is: you can start programming linux anew wink good luck.

Haha, good one. I'd totally feel safer with North Korea Linux or China Linux big_smile .

But seriously, yeah, compiling the kernel might also be a good learning experience. Also, it's as minimal as it gets (though a bit complicated for me right now). I'm not worried about Linux itself though, but what's under (BIOS/UEFI).
You might be right, I might be overdoing it. I probably don't risk much having my data leaked anonymously.
It's just that I can't stand such sneaky, inappropriate and imposed functionality.
Is it that extreme to want full privacy in your home? Isn't that insane instead to allow complete strangers a potential backdoor to use (or accessible mics and cams)?
I think it's such a basic right.

The only thing that might discourage me is the lack of practicality (if that's a word) of using strictly free software and firmware.
But I can already try on my current machine.

#7 Re: Feedback & Suggestions » The Beginning. » 2015-02-08 15:04:44

At first I thought it was Debian xfce, not Crunchbange xfce you were talking about, #! Die Hard. I suppose getting Debian xfce and removing useless stuff (to each user's judgement) can be a possibility). I guess it feels better to me to start fresh and add up a limited amount of stuff.

#8 Re: Feedback & Suggestions » The Beginning. » 2015-02-08 14:56:57

HELPME wrote:

why do we need a desktop environment?
cant we just make it all up from scratch as we go along? (lfs/dfs)
or this http://live.debian.net/
or this https://www.debian.org/CD/netinst/

also what are the goals?
.community-driven
.configurable
.lightweight
.foss

I like that. As for lfs/dfs vs netistall (aka vanilla debian), for a beginner like me I'd go vanilla.

So what is left is (in that order):
- Openbox install (I think there's a quick guide on Debian)
- Tint2 install
- Conky install
- Wifi config
- Maybe some other default system software, like for screenshots
- From there, the software choice is up to each user.
- The appearance: just copy/paste your config from your CB distro (hopefully it's that simple)
Done. Or am I supposedly missing something? Probably some other hardware compatibility tweaks.

Oh, and I suppose that the liveCD thing is to make it easy to install it again already configured, right?

One last thing: when it comes to updating to the next stable Debian, am I supposed to start all over again (like reinstalling the home partition and starting the process all over again every 6 months or every year)?

As for the community support, maybe a new branch in the debian forums makes sense. But it doesn't feel weird to keep this forum and this name, or another if Corenominal is THAT much against it. I suppose that the name referencing isn't such a big issue anyway. So another independent forum could be a possibility too, but what for? A guide for a specific debian install, and the support for it, that's pretty much it, if I'm not mistaken.

#10 Re: Feedback & Suggestions » The Beginning. » 2015-02-08 12:10:34

Ok ok, I see. It's the "Netinstall" lightweight version then. Thanks HELPME smile .

#11 Re: Feedback & Suggestions » The Beginning. » 2015-02-08 11:27:28

Quick side question: what's that vanilla Debian I keep reading about? When I google it, I find kernel.org (from Debian's site), which looks like the naked, vanilla kernel. I suppose we're talking about pureDebian instead, but I just wanted to be sure.
It looks like it's bloated with stuff I personally don't need, so I guess I only need to find a guide on this forum to "crunchbang it".

---

New name idea: what about Munchfart?

Ok, sorry for that one big_smile  (It would fit a stinkier, watered-down version of CB though).
I like the idea of keeping alive a debian-based openbox/tint2/conky that's compact, stable and mighty fast.
Does it take THAT much work to set up? I have no idea.
But if you want a name for it, what about something that's compact, stable, and mighty fast? Like Blitzturtle or something.
Or anything chess-related, if you like the dark side theme?

#12 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-08 10:58:30

Hi tknomanzr, what you write about The BIOS and UEFI are indeed secure enough for the the random outsider attack.
But you're not too far off when you say NSA. I'm thinking any tech company instead, who gathers anonymous information (at least Windows and Mac do that while asking, supposedly). Samsung does that on their smartphones (see Replicant). I don't see how that would be impossible on a laptop/desktop.

Mathematically nothing 100% unhackable? That's interesting. Though of course I suppose we're talking of very small percentages.
So I understand your argument about the higher up the chain vulnerabilities. And it's definitely a must to do something about it.
But just because it's a very low percentage risk (the firmwarestuff), I can't ignore that it's there for supposed assistance from the tech company, and I have no idea (nor a way to check) if my data is actually leaking to them or not. After all, even turning off AMT keeps it active in some way. How f*cked up is that?

What I'm doing right now is gathering more data on tech companies backdoors and rootkits in the BIOS/UEFI, in order to make a more rational decision. But logically, if I can't disable it and that the info about that stuf is well hidden, how can I trust companies to not grab my data?
For now I'll keep my machine and try to get used to strictly use free software and learn stuff on the way.
At the same time, I feel like trying to get an older machine, the equipment needed, and try to install Libreboot. It's interesting even from a learning experience for me.

---

On a bigger scale, I know that the leaked data is meaningless for the most part, and that it's used mostly for targeted advertising a product creation. One could say that it's ok to live in times where privacy is dead, it's not that bad. I personally don't like it at all. It's a matter of principle, and it's a huge and slow mind f*ck. It's the old dilemma, security vs freedom/privacy.
Man I feel like an apostle for free software, even though all I care about is fully owning my stuff.

Anyway, not much to add to this. Thanks for each of your input everyone, it helped me precise my goal (fully owning my stuff).

#13 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-06 21:19:42

Almost, huh? Unfortunately, one thing I have to accept is that there's no "zero risk".
I think the ME/AMT can allow access to the machine under the OS, so it essentially bypasses all the things you mentioned (encrypted disks and network communication). Maybe not the disk encryption I suppose, but I'm definitely not sure (like keylogging everything even before the OS starts with a malware rootkit).
I know I'm talking about very unlikely possibilities.  Plus I'm not even talking about securing truly sensitive data. Yet the fact that it's possible makes me uncomfortable.
On a smartphone, I'm accepting that it's a compromised machine, so I accept that written and verbal communication will be given away. Just like when using facebook. So I limit it's use.
On a computer, it's more personal. And I have more trust in free software for now.

Right now I have 2 possibilities:
To secure my modern machine and accept a tiny bit of risks. Essentially leaving a weakness as it is because it's unlikely that it will be used. What is likely though is getting anonymous data from me. It happens on Samsung smartphones right now, so... And I mean keylogging and sh*t.
Or to get an older free machine with fully free software and leave no stone unturned, thus putting more chances on my side in terms of privacy. Again, no zero risk though. But still better. Which doesn't prevent me from setting up what you mentioned.

Another possibility (when I'll have more cash) is to use proprietary software without any network connection on a dedicated machine (maybe even removing the wifi card), and use a fully free machine for everything related to network communication. Best of both worlds.

Man, I'm totally crazy. Ahem, I mean crazy to spend so much time on that sh*t big_smile .
After all, I'm still an idiot using torrents not legally without any encryption, so uh whatever. Not much to hide anymore.

Thanks again for your input everyone wink

#14 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-05 22:31:38

Hi ferenc, I'm not advising unrestrained paranoia for myself, that's why I want to understand computing better, and make more rational choices. Thanks for the info about LVM, this sounds promising.

I can only agree that I don't have the knowledge to see if free software actually leaks my info or not (but I'll check what I can check). In both ways it's a matter of trust. But for now, I'd rather trust paranoid individuals who check the code and don't have much to gain from it VS companies who build leaky software by design. Or install the software by default without making it obvious. Even if it's "only" to collect anonymous data, it's still done without asking, and I think that it's f*cked up.
From what I've read, even printers log info. I have a hard time trusting that kind of behavior, specially since it's hidden/not clearly indicated.

From here, let's recap: privacy is my concern. I want a "Fort Knox" machine, as much as possible. So free software seems more appropriate for me. And hopefully I don't sound too much like a tin foil hat dude. I'm not supporting unfounded, "conspiration theory" info. I like rationality.
The OS choice? Pure Debian will do. The ME and AMT at the BIOS level? That's bothersome. I'm thinking of selling my better machine just to get an older one that's fully free. Privacy and convenience don't seem to go hand in hand anyway. That also means giving up on the possibility to install proprietary software. At least for now.
Ok from there, with a good foundation, I can access the web properly. Firewalls, VPNs, Tor, all that stuff I need to understand and learn. But you see how this comes as an upper layer. What I'm saying is: even with a firewall, VPN and LVM etc., if I have literally a trojan horse in my machine that's made by design legally... well, that's checkmate. Unless my machine (which can be seen on networks even when off) is so strongly guarded from the outside that whatever is recorded don't go out anyway. But I'm not sure I understand how this works yet. Maybe I should learn how to hack my own machine to improve my privacy.

Also, regarding my behavior: TV, I watch it so rarely anyway. I might go minimal for most browsing tasks (maybe a CLI browser, maybe with images). I don't know really. It has to remain somewhat convenient (maybe there are acceptable sacrifices). Also I want to keep browsing to a minimum. I see myself wasting time on the web too often instead of making a meaningful use of it.

#15 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-04 23:51:17

Ah, too bad neutral . Well, I'll try to rebuild it then. Thanks for the quick answer hhh.

#16 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-04 23:07:02

By the way, if I choose to use Crunchbang exclusively with free software, I suppose it's better not to launch the install script?
What about the compatibility issues? Is it only a matter of choosing compatible hardware if I want to avoid non-free drivers/blobs?

#17 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-04 10:41:25

Well, since my goal is to have a secure firmware (no leaks, backdoors, no monitoring etc…) that can run any OS (at the very least Win and Linux distros), just like what's inside was worth that much money:
1-Closing my eyes: I just keep going with my current setup while using free softs on CB, and putting in practice the content of the "paranoid guide" thread, and just hoping that the breach will never be used. Personally I'm not comfortable with that, it's a matter of principle.

2-Owning 2 machines: I'm tempted to be lazy and buy an older machine with less intrusive firmware (I mean Management Engine, but no firmware), like an x60 and I try to install Libreboot by myself (easier than coreboot I think). Core/Libreboot on newer machines doesn't prevent the firmware in being active, but I'm not sur I understand how it works. Anyway, the true drawback is that it doesn't run Windows for now (ant least not 7, which I use in order to study it. Or maybe having a universal tool that can communicate with Windows devices. But I can live without the latter). The other true drawback is that I'll sell a more powerful machine to buy an older, less capable one. For now it's ok, but what about the future machines? Most likely they will all be (potentially) spying devices.

3-Trying that secureboot thing, even if I suspect it limits how I use my machine (need more reading). But I should be able to flash it from Windows in Virtualbox. At least I hope so. Would that make me unavailable on networks, even when my machine is off? Not convinced yet. After all, it's a solution offered by the same dudes who put that sh*t in my machine without asking. But I'll still check this possibility.

I like the 2nd, & 3rd solution (if it's truly effective).  Thanks mynis01 and tknomanzr for your input, another possibility for me to check.


Again, I'm not enough knowledgeable on computing, so I might make a big deal out of not much. Yet, to me at least, it's not asking too much to have a machine that is not full of holes by design.


Thanks again everyone smile , I learned a lot!

#18 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-03 21:04:10

*sigh*... Looks like I'll need to try the coreboot route :
https://forums.lenovo.com/t5/Security-M … d-p/824749

Oh well... better that having a backdoor.

EDIT-------------------

WTF?? Coreboot ain't useful either...
http://www.coreboot.org/Intel_Managemen … ity_issues

EDIT-------------------

Alright, pad & pen then. It sucks to be enslaved by technology. It's like having a dog leash or something.
Oh well, I'll keep looking for a way to use it completely on my terms.

Thanks again, that was instructive 8) .

#19 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-03 20:43:16

AnInkedSoul, many thanks for you help smile .

About the BIOS, most of your arguments make sense to me.
First, unfortunately, that feature is supported on my machine. The possible good news is that I can turn it of from the inside.
But I need to do more reading to be sure that it totally cuts access from the outside.
Second, yeah, I'm not a war reporter nor a celebrity, It's unlikely that some random person would try to access my computer.
On the other hand, monitoring it is much more likely, and even if it's anonymous data, I hate the idea of being "tricked".
Now indeed, it's not a high percentage threat, yet it's a hole in the bucket. So, not urgent, but fundamental, at least to me.
Last, if disabling AMT isn't enough, I'll get more info on installing coreboot, or wait for it to become more manageable.

Bottom line : I'll (thanks to you) stick to crunchbang, I'll try disabling AMT (looks like there's no way to do it remotely, so that's promising).
If that's not enough, I might attempt the risky coreboot install. Just because I hate the idea of being used/tricked. And because if I want to share my data, I want to do it because I decided to do so (even if it's not a high percentage threat).

#20 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-02 20:24:36

Thanks Anaconda, nice link indeed.
It doesn't seem to adress the BIOS as a possible threat since it's now an updatable software.
But I sure have a lot to learn from it anyway.
--------------------------------
Hi johnraff, thanks, will do so next time. Or right now, if I can transfer the second half of the thread somewhere more appropriate. Do I need to ask a mod ?
--------------------------------
They are easy to avoid, just make sure your software sources do not list non-free or contrib.
AnInkedSoul, thanks, I don't get exactly how to check and identify the nature of the sources, but it's enough for me to go and find out. I guess the most troublesome would be things like wifi and printers (though I've read about libre ways to get that to work somehow).
As for changing the BIOS to Coreboot, yeah that seems really challenging. Libreboot isn't available for my machine unfortunately.
So if privacy isn't the main issue, I'd rather skip that step.

flashed? No flashing required as far as I know. It is a feature of some CPUs that they can be remotely managed or some such thingy.

But isn't that a valid concern ? I thought that was one of the goals of core/libreboot : to replace the "new" BIOS that can be upgraded. The fact that earlier BIOS weren't updatable made them similar to hardware (safe).

pencil and paper are pretty safe
Yeah, eventually that's still the best. I just hoped that going paper free AND keep my privacy fully was possible. Mail encryption is kinda pointless if whatever I type can be/is recorded in a "blackbox" on my own machine.
On the other hand, it might force me to think more, and write less. Not a bad thing.

If I sound a bit ignorant on the matter, it's because I am. I took several days to gather information, but I still don't have an accurate picture of the subject.

#21 Re: Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-01 23:56:25

Any idea? A hint, a clue? I'm truly out of ideas, besides asking the same questions on other forums as well.

#22 Feedback & Suggestions » A couple of suggestions, a couple of questions, and a whole lotta love » 2015-02-01 18:58:39

El Cruncho
Replies: 28

Hi Everyone,

I'm fairly new to more complex computing.
I know my way around Windows and OSX, and now on Linux.
But I still have tons of things to learn on each.

I like Crunchbang. It's just great.
I have a couple of suggestions that should be included by default (if it's manageable of course) :
- a working "all caps" key for numpad activation
- auto unmounting external hard drives, not just ejecting. A possibility (not tested yet): I found a couple of lines to type in the terminal to unmount. I know nothing about scripting, but hopefully I can automate that action when I clic on the eject icon.
1-unmount
2-sudo su
3-echo 1 > /sys/block/sdb/device/delete (don't ask me what this means) 

I've also recently got interested in the issue of privacy. To my understanding, Debian (and thus, Crunchbang) is all free/libre software. Yet, it allows non-free blobs, compared to Trisquel.
Is it actually a concern in terms of privacy (not from a moral nor a political stance)?
My current take is that IF it's a concern in terms of privacy, all I need is to learn about and stay away from non-free blobs in Debian's repository. I have a hard time getting clear information on that.

Also, is the UEFI BIOS (on my Lenovo X230, or any other non-free BIOS) another concern in terms of privacy ? Would coreboot a real improvement in this regard, even with it's non-free blobs?
My current understanding is that non-free BIOS ultimately can be flashed with some intrusive software remotely. Highly unlikely, but why would I allow it if I can avoid it?

My only concern is privacy. I don't want software that allows unauthorized remote access to my machine (as unlikely as it is, but it's a matter of fully owning my stuff). Like on any smartphone (Replicant OS is a good start, but it's not there yet).

Thanks in advance, Crunchbang rocks.


El Cruncho

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.
Server: acrobat

Debian Logo