DAPS in a Container

DAPS is OpenSUSE’s “DocBook Authoring and Publishing Suite” that is used to build documentation for SUSE and OpenSUSE. It actually requires A LOT of dependencies when being installed and for that reason alone, it’s actually better to run it in a container. This is my image and how I use it.

docker run -v ~/myproject/:/home/user jsevans/daps:latest daps -d DC-project epub

Command Breakdown:

docker run – Run the command in the container:

-v ~/myproject/:/home/user – Maps a local directory called ~/myproject to a directory in the container called /home/user. /home/user is the default directory that is used by the daps command, so it is best to map this directory rather than needing any extra command line components.

jsevans/daps:latest – This is the image that I’ve created. It is based on OpenSUSE Tumbleweed but it is stable enough for this use. However, it is a large image ~1.2GB due to the number of dependencies.

daps -d DC-project epub – This is the actual command line argument for creating an EPUB ebook using DAPS. I use Asciidoc as my markup language since I don’t really want to learn docbook.

My Dockerfile:

FROM opensuse/tumbleweed
MAINTAINER Jason Evans <jsevans@opensuse.com>

RUN zypper refresh
RUN zypper --non-interactive in daps git

ENV HOME /home/user
RUN useradd --create-home --home-dir $HOME user \
&& chown -R user $HOME

WORKDIR $HOME
USER user

CMD [ "/usr/bin/daps" ]

What would you like to see most in minix?

I’m working on a couple of presentations and I wanted to share this nugget of joy with anyone who hasn’t actually read it.

Path: gmdzi!unido!fauern!ira.uka.de!sol.ctr.columbia.edu!zaphod.mps.
ohio-state.edu!wupost!uunet!mcsun!news.funet.fi!hydra!klaava!torvalds
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds)
Newsgroups: comp.os.minix
Subject: What would you like to see most in minix?
Summary: small poll for my new operating system
Keywords: 386, preferences
Message-ID: <1991Aug25.205708.9541@klaava.Helsinki.FI>
Date: 25 Aug 91 20:57:08 GMT
Organization: University of Helsinki
Lines: 20

Hello everybody out there using minix -

I'm doing a (free) operating system (just a hobby, won't be big and
professional like gnu) for 386(486) AT clones.  This has been brewing
since april, and is starting to get ready.  I'd like any feedback on
things people like/dislike in minix, as my OS resembles it somewhat
(same physical layout of the file-system (due to practical reasons)
among other things).

I've currently ported bash(1.08) and gcc(1.40), and things seem to work.
This implies that I'll get something practical within a few months, and
I'd like to know what features most people would want.  Any suggestions
are welcome, but I won't promise I'll implement them :-)

Linus (torvalds@kruuna.helsinki.fi)

PS.  Yes - it's free of any minix code, and it has a multi-threaded fs.
It is NOT protable (uses 386 task switching etc), and it probably never
will support anything other than AT-harddisks, as that's all I have :-(.

Linux newbies shouldn’t dual boot

If you lurk around many Linux support forums, you are bound to see the regular post that looks something like this:

Hi, I’m new to Linux. I tried to dual boot Windows and Ubuntu, now I can’t use my computer at all because it has errors. Help!!!

Troubleshooting Grub errors is difficult enough. Troubleshooting Grub errors when you know very little about how any of it works or when getting help from strangers on the internet is even more difficult to nearly impossible.

I offer 3 suggestions for newbs who want to learn Linux other than dual booting.

  1. Use a virtual machine. Download Virtualbox on any platform, and install Linux there. It is a little slower than a real computer, but it is safe. If something breaks, nothing is lost. Just start again.
  2. Use bootable live installations. OpenSUSE, Ubuntu, and others allow you to use their Linux distribution from a USB key without ever installing it. This is faster that a VM and when rebooted, it’s like it was never there.
  3. Get a dedicated Linux machine. I’m not talking about spending a ton of money on something new. A raspberry pi will do nicely. So would an old machine from Craigslist. Something that would be used only for Linux and that’s all.

All of these are safe alternatives. I suggest the first option though because it costs nothing except time and your data will be safe.

Proposing a new newsgroup: Internet History

I am thinking about making a formal proposal for one of two new
unmoderated groups. The group would either be comp.internet.history or
soc.history.internet. I think you can see where these two names could
possibly overlap.

The general idea of the new group is to discuss retro internet
technologies such as IRC, ftp sites, BBSs (telnet and otherwise), MUDS,
MOOs, and of course Usenet and others. We could also discuss the culture
that surrounded many of these technologies especially IRC and Usenet as
they were maturing. Many of use don’t consider these technologies to be
“retro” because we use them everyday and yet interest in them is waning
and in order for them to continue, fresh interest must be continually be
added.

I don’t know if anyone could possibly be interested, but the only way to
find out is to ask. If I get enough positive feedback, I’ll write up an
official CFD and submit it to the board. I won’t do anything if no one is
interested.

Why Stack Exchange is Broken (and Reddit too)

I’m going to begin this rant by saying that there are some things that that the Stack Exchange network is really good with: mainly, programming help.

However, it really sucks when it comes to providing help with a specific application where there is already a community. For the past year, I have been the #1 person to answer questions on tor.stackexchange.com. I’m not saying that to pat myself on the back; just to say that I have actually been doing this for a little while. However, I feel that many, if not most, of the questions should never have been there. Here’s what I mean:

  1. Nobody googles anything for themselves anymore. A huge number of questions have been answered time and time again and can be found by just searching.
  2. Nobody reads documentation or man pages.
  3. There are better places to ask the questions.

While #1 and #2 are annoying, it’s #3 that I want to focus on. For example, we get a lot of questions about running Tor relays. Many times, I will copy and paste from the documentation and answer their question. However that question should never have been there at all. It should have been posted to the tor-relays mailing list. That way more people who actually run relays can answer and give better insight. Also other newbies to the list can learn also and the person asking the question can actually be a part of the community.

When it comes to subreddits that are based on a specific application like Tor, take my 3 examples and multiple it by 1000x because it is a continual cycle of the same crap week after week. I had to leave before I flamed someone for asking the same stupid question for the 9th time in a row. I miss good netiquette.

Announcement

From news.groups.newgroups:

This is an official communication from the Big-8 Management Board. Please note that followups are set to news.groups.

After a careful review of the Big 8 Management Board’s activity and process, all remaining members of the Big 8 Management Board opted not to consider re-election and instead have voted to install two new volunteers as the new members of the Big 8 Management Board. These two volunteers are:

Tristan Miller Jason Evans

We believe these volunteers have the technical and social skills necessary to maintain the Big-8. Please give them your support while they develop their vision for the future mission and goals of the Big 8 Board.

Kathy Morgan, Chairperson Emeritus Bill Horne, former Chairperson

Advice for Newbies

I originally wrote this as a reply to a Reddit post but as I saved it, comments were blocked.

2867374530_5feabdfbce_bGive yourself little tasks and projects to do. Think of it as being like model kit building. You start with the easy kits like a plane with just a few pieces and as you get better you pick up new things like painting, sanding, and eventually making bigger better kits.
So, start with small things. For example, write a small program with a for-loop and get to know what all if the commands are really doing. This is your basic kit. Add in some variables. Add in user input, and keep going trying new things. Eventually, challenge yourself by learning how to work with a GUI. Sometimes your program will break. This isn’t a bad thing. It teaches you how to debug. What’s important is to take your time and experiment.
The same goes for aspiring system engineers. Learn how to create a virtual machine and install Linux in it. Then learn how to create a web server and then how to get PHP and MySQL working, etc.
A computer course can teach you how to write good code or what all of the system services do that you need but what’s most important is that you don’t give up and never lose your curiosity.

Thoughts on LBRY

At the behest of people like Bryan Lunduke and DTLive on YouTube, I have started using LBRY more and last night I even uploaded a few test videos of my own. I would eventually like to put up some of my own tutorial videos.

With that said, LBRY has some serious issues. So, let’s be frank. LBRY has no rules against hardcore porn or if they do, they are not enforced. That’s fine, and I don’t care. It’s not hard to find porn on YouTube also. However if a porn channel doesn’t flag their own content as mature, then it will be in your search results and there’s no way right now to flag it yourself. The suggestions that I got in the help forum (aka the discord server) was to report it to the #report-spam room which I did. Will that result in these channels being told to reflag their content? Who knows. It seems a little iffy.

I realize that this is a startup and there is only so much time and energy to put into such things for a small team. I am rooting for them to make LBRY a great alternative to YouTube.

Creating Onion Services on OpenBSD

OpenBSD is a new beast for me. I’m still learning, experimenting, and trying out new things. Yesterday I was able to create 3 onion services on it quite easily but it takes time to learn the correct order of operations and to learn how to find out why things don’t work when you think they should.

A word about OpenBSD

OpenBSD isn’t friendly to newbies. The developers, users, and management work to make the best and most secure OS that they can. When you work with OpenBSD, it is assumed that you have at least a moderate to advanced amount of Linux or Unix knowledge and experience before starting and that you know how to read documentation, man pages, etc. Don’t bother asking for help unless you’ve done your homework first. Here’s an unedited quote from a recent mailing list post:

> I never read

Please stop wasting our time then.

Setting up Tor

It will become obvious in a minute, but it’s important to set up your Tor onion services first and your web server later. We will be setting up 3 onion services with 3 completely different addresses that have completely different websites associated with them.

First install Tor:

pkg_add tor

Enable the tor service:

rcctl enable tor

Here is my torrc file. It can be a little hard to see, but I enabled separate logging and debugging for Tor when I was working through this. If you don’t, it can be hard to see why something isn’t working. For example, mine kept failing but I couldn’t get a good error as to why until I did this. The reason was because I hand’t actually created the /var/tor/ directories nor set them to the correct permissions. I didn’t see that until I starting watching those logs.

Here is how I set up the configuration for each site. These are the directories that I forgot to create. They contain the public and private keys and the hostname for each onion service.

HiddenServiceDir /var/tor/site1
HiddenServicePort 80 127.0.0.1:8080

HiddenServiceDir /var/tor/site2
HiddenServicePort 80 127.0.0.1:8081

HiddenServiceDir /var/tor/site3
HiddenServicePort 80 127.0.0.1:8082

Each onion service is running internally on port 8080, 8081, or 8082, etc. This is the port that the actual OpenBSD OS will see running. However, tor will be expecting traffic to come in on the standard http port 80. You might be wondering how this works. Tor will be advertising my onion service on port 80. That traffic will come in via tor and get translated to the internal port that the OS will use.

Once I had this running correctly, I finally started tor.

rcctl start tor

Once tor is up an running, check each HiddenServiceDir for the hostname of each onion service. You will need them to test the web server.

Setting up httpd

OpenBSD has it’s own web server that comes with the standard installation called httpd. This is not the same as the Apache httpd that comes with Redhat or Ubuntu. This is a secure minimalist webserver which might actually be ideal for Onion services.

By default, you can’t just start the httpd service and have it running with a default configuration like you can with Apache or Nginx. You actually need to create an /etc/httpd.conf file first. Here is mine.

## Site 1

server "tpsh5cb4zl73pwymkkuopl4roibk4envf6k3ybdcdzuhuztrytsnxxqd.onion" {
listen on * port 8080
root "/htdocs/tpsh5cb4zl73pwymkkuopl4roibk4envf6k3ybdcdzuhuztrytsnxxqd.onion"
}

# Include additional MIME types
types {
include "/usr/share/misc/mime.types"
}

## Site 2

server "ueaireabdst7uqupz5dlrt5vhltgid3wyz4esgwd7buug7nc2absawyd.onion" {
listen on * port 8081
root "/htdocs/ueaireabdst7uqupz5dlrt5vhltgid3wyz4esgwd7buug7nc2absawyd.onion"
}

## Site 3

server "r6udfh5el5bigkpnh7twtsx3j6w6cxmyexlaa23vacqugq7jo6hxlryd.onion" {
listen on * port 8082
root "/htdocs/r6udfh5el5bigkpnh7twtsx3j6w6cxmyexlaa23vacqugq7jo6hxlryd.onion"
}

The first things is the define the name of the url that traffic will be coming in on. I got this from the onion hostname that was generated by tor. Secondly, that hostname needs to be matched with the internal port number that tor will be sending traffic to. Finally you need to tell the web server where to find the actual html that make up that website. I used the complete onion name for that directory. That’s not actually necessary but to me it is helpful. Be careful: although the line of code says “root” it is not the compete directory. htdocs is actually under /var/www/.

You can test your web server’s configuration without actually starting it by running:

httpd -n

Once you get a “configuration OK” status, you can enable and start it

rcctl enable httpd

rcctl start httpd

A really great resource for starting to work with this web server is here. I would suggest waiting 30 seconds or so after starting the web server to check the urls with the Tor Browser or you can check them directly using the internal ports with curl.

Final thoughts:

OpenBSD put security before performance.

OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than most vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems.

Security is not privacy and it is certainly not anonymity and yet these things work well together. This focus makes OpenBSD the right match for those who want to use Tor and why I will always suggest that people avoid Windows or Macs for those who are serious about privacy because they put those platforms put user experience and sales before anything else on top of being closed source.

Posted in Tor

KDE vs XFCE vs Gnome

Chris Titus recently vlogged about an article showing that KDE 5.17 is now smaller than XFCE 4.14 in memory usage. The article says that in their tests, XFCE actually uses more RAM than KDE. I was very interested in this, but I couldn’t quite believe it and so I ran my own tests.

First of all, we need to compare apples to apples. I created an OpenSUSE VM using Vagrant with KVM/libvirt. It had 4 cores and 4192MB of RAM. This VM has no graphical interface at all. As soon as I got it up, I took the first “No X” measurement. After patching using zypper dup, I took the second “No X” reading. Every reading in this blog post was using the free -m command. I then shut down the VM and cloned it 3 times so each copy should be completely the same.

I installed the desktop environments into their respective VMs using the following commands:

zypper in -t pattern kde


zypper in -t pattern xfce


zypper in -t pattern gnome

After desktop environment was done, I then installed the lightdm display manager. This wasn’t actually necessary with Gnome because it installs gdm as a dependency.

After that, I started the display manager with:

systemctl set-default graphical && systemctl isolate graphical

Once I logging into the graphical environment, I ran xterm and then free -m for the first reading. I then rebooted each machine, and logged in for the second reading. I then installed and started libreoffice-writer. I created a new spreadsheet. That is the “Libreoffice” reading. Finally, I closed LibreOffice and took the third reading.

The results are a little surprising. The averages speak for themselves. KDE does use more than XFCE but not to a shocking amount. In fact, according to the average, only about 68MB. What’s really surprising is how much more Gnome uses than the either two — nearly 200MB more that KDE!

Finally, I also did a df -kh after installing libreoffice-writer on each. KDE is in fact that disk hog by a wide margin and that’s even comparing it to Gnome + gdm + lightdm.

Desktop Test No RAM (MB) Disk (GB) Version
No X 1 54
No X 2 58
Average 56
   
Gnome 1 471 3.34.2
Gnome 2 501
Gnome 3 508
Gnome Libreoffice 547 1.9
Average 507
   
KDE 1 327 5.17.4
KDE 2 284
KDE 3 291
KDE Libreoffice 330 2.3
Average 308
   
XFCE 1 216 4.14
XFCE 2 230
XFCE 3 241
XFCE Libreoffice 272 1.8
Average 240