I originally wrote this as a reply to a Reddit post but as I saved it, comments were blocked.

Yet Another Tech Blog
I originally wrote this as a reply to a Reddit post but as I saved it, comments were blocked.
At the behest of people like Bryan Lunduke and DTLive on YouTube, I have started using LBRY more and last night I even uploaded a few test videos of my own. I would eventually like to put up some of my own tutorial videos.
With that said, LBRY has some serious issues. So, let’s be frank. LBRY has no rules against hardcore porn or if they do, they are not enforced. That’s fine, and I don’t care. It’s not hard to find porn on YouTube also. However if a porn channel doesn’t flag their own content as mature, then it will be in your search results and there’s no way right now to flag it yourself. The suggestions that I got in the help forum (aka the discord server) was to report it to the #report-spam room which I did. Will that result in these channels being told to reflag their content? Who knows. It seems a little iffy.
I realize that this is a startup and there is only so much time and energy to put into such things for a small team. I am rooting for them to make LBRY a great alternative to YouTube.
OpenBSD is a new beast for me. I’m still learning, experimenting, and trying out new things. Yesterday I was able to create 3 onion services on it quite easily but it takes time to learn the correct order of operations and to learn how to find out why things don’t work when you think they should.
OpenBSD isn’t friendly to newbies. The developers, users, and management work to make the best and most secure OS that they can. When you work with OpenBSD, it is assumed that you have at least a moderate to advanced amount of Linux or Unix knowledge and experience before starting and that you know how to read documentation, man pages, etc. Don’t bother asking for help unless you’ve done your homework first. Here’s an unedited quote from a recent mailing list post:
> I never read
Please stop wasting our time then.
It will become obvious in a minute, but it’s important to set up your Tor onion services first and your web server later. We will be setting up 3 onion services with 3 completely different addresses that have completely different websites associated with them.
First install Tor:
pkg_add tor
Enable the tor service:
rcctl enable tor
Here is my torrc file. It can be a little hard to see, but I enabled separate logging and debugging for Tor when I was working through this. If you don’t, it can be hard to see why something isn’t working. For example, mine kept failing but I couldn’t get a good error as to why until I did this. The reason was because I hand’t actually created the /var/tor/ directories nor set them to the correct permissions. I didn’t see that until I starting watching those logs.
Here is how I set up the configuration for each site. These are the directories that I forgot to create. They contain the public and private keys and the hostname for each onion service.
HiddenServiceDir /var/tor/site1 HiddenServicePort 80 127.0.0.1:8080 HiddenServiceDir /var/tor/site2 HiddenServicePort 80 127.0.0.1:8081 HiddenServiceDir /var/tor/site3 HiddenServicePort 80 127.0.0.1:8082
Each onion service is running internally on port 8080, 8081, or 8082, etc. This is the port that the actual OpenBSD OS will see running. However, tor will be expecting traffic to come in on the standard http port 80. You might be wondering how this works. Tor will be advertising my onion service on port 80. That traffic will come in via tor and get translated to the internal port that the OS will use.
Once I had this running correctly, I finally started tor.
rcctl start tor
Once tor is up an running, check each HiddenServiceDir for the hostname of each onion service. You will need them to test the web server.
OpenBSD has it’s own web server that comes with the standard installation called httpd. This is not the same as the Apache httpd that comes with Redhat or Ubuntu. This is a secure minimalist webserver which might actually be ideal for Onion services.
By default, you can’t just start the httpd service and have it running with a default configuration like you can with Apache or Nginx. You actually need to create an /etc/httpd.conf file first. Here is mine.
## Site 1 server "tpsh5cb4zl73pwymkkuopl4roibk4envf6k3ybdcdzuhuztrytsnxxqd.onion" { listen on * port 8080 root "/htdocs/tpsh5cb4zl73pwymkkuopl4roibk4envf6k3ybdcdzuhuztrytsnxxqd.onion" } # Include additional MIME types types { include "/usr/share/misc/mime.types" } ## Site 2 server "ueaireabdst7uqupz5dlrt5vhltgid3wyz4esgwd7buug7nc2absawyd.onion" { listen on * port 8081 root "/htdocs/ueaireabdst7uqupz5dlrt5vhltgid3wyz4esgwd7buug7nc2absawyd.onion" } ## Site 3 server "r6udfh5el5bigkpnh7twtsx3j6w6cxmyexlaa23vacqugq7jo6hxlryd.onion" { listen on * port 8082 root "/htdocs/r6udfh5el5bigkpnh7twtsx3j6w6cxmyexlaa23vacqugq7jo6hxlryd.onion" }
The first things is the define the name of the url that traffic will be coming in on. I got this from the onion hostname that was generated by tor. Secondly, that hostname needs to be matched with the internal port number that tor will be sending traffic to. Finally you need to tell the web server where to find the actual html that make up that website. I used the complete onion name for that directory. That’s not actually necessary but to me it is helpful. Be careful: although the line of code says “root” it is not the compete directory. htdocs is actually under /var/www/.
You can test your web server’s configuration without actually starting it by running:
httpd -n
Once you get a “configuration OK” status, you can enable and start it
rcctl enable httpd rcctl start httpd
A really great resource for starting to work with this web server is here. I would suggest waiting 30 seconds or so after starting the web server to check the urls with the Tor Browser or you can check them directly using the internal ports with curl.
OpenBSD put security before performance.
OpenBSD believes in strong security. Our aspiration is to be NUMBER ONE in the industry for security (if we are not already there). Our open software development model permits us to take a more uncompromising view towards increased security than most vendors are able to. We can make changes the vendors would not make. Also, since OpenBSD is exported with cryptography, we are able to take cryptographic approaches towards fixing security problems.
Security is not privacy and it is certainly not anonymity and yet these things work well together. This focus makes OpenBSD the right match for those who want to use Tor and why I will always suggest that people avoid Windows or Macs for those who are serious about privacy because they put those platforms put user experience and sales before anything else on top of being closed source.
Chris Titus recently vlogged about an article showing that KDE 5.17 is now smaller than XFCE 4.14 in memory usage. The article says that in their tests, XFCE actually uses more RAM than KDE. I was very interested in this, but I couldn’t quite believe it and so I ran my own tests.
First of all, we need to compare apples to apples. I created an OpenSUSE VM using Vagrant with KVM/libvirt. It had 4 cores and 4192MB of RAM. This VM has no graphical interface at all. As soon as I got it up, I took the first “No X” measurement. After patching using zypper dup, I took the second “No X” reading. Every reading in this blog post was using the free -m command. I then shut down the VM and cloned it 3 times so each copy should be completely the same.
I installed the desktop environments into their respective VMs using the following commands:
zypper in -t pattern kde zypper in -t pattern xfce zypper in -t pattern gnome
After desktop environment was done, I then installed the lightdm display manager. This wasn’t actually necessary with Gnome because it installs gdm as a dependency.
After that, I started the display manager with:
systemctl set-default graphical && systemctl isolate graphical
Once I logging into the graphical environment, I ran xterm and then free -m for the first reading. I then rebooted each machine, and logged in for the second reading. I then installed and started libreoffice-writer. I created a new spreadsheet. That is the “Libreoffice” reading. Finally, I closed LibreOffice and took the third reading.
The results are a little surprising. The averages speak for themselves. KDE does use more than XFCE but not to a shocking amount. In fact, according to the average, only about 68MB. What’s really surprising is how much more Gnome uses than the either two — nearly 200MB more that KDE!
Finally, I also did a df -kh after installing libreoffice-writer on each. KDE is in fact that disk hog by a wide margin and that’s even comparing it to Gnome + gdm + lightdm.
Desktop | Test No | RAM (MB) | Disk (GB) | Version |
No X | 1 | 54 | ||
No X | 2 | 58 | ||
Average | 56 | |||
Gnome | 1 | 471 | 3.34.2 | |
Gnome | 2 | 501 | ||
Gnome | 3 | 508 | ||
Gnome | Libreoffice | 547 | 1.9 | |
Average | 507 | |||
KDE | 1 | 327 | 5.17.4 | |
KDE | 2 | 284 | ||
KDE | 3 | 291 | ||
KDE | Libreoffice | 330 | 2.3 | |
Average | 308 | |||
XFCE | 1 | 216 | 4.14 | |
XFCE | 2 | 230 | ||
XFCE | 3 | 241 | ||
XFCE | Libreoffice | 272 | 1.8 | |
Average | 240 |
Let me show you what it looks like from the internet’s point of view when I go to a simple website using a normal Browser (Brave):
111.222.333.444 – – [18/Dec/2019:16:29:05 +0000] “GET / HTTP/1.1” 200 7094 “-” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36”
The 111.222.333.444 would be my IP address. With that, anyone can get a lot of information about. With just a simple google search, you can actually see in the general vicinity where an IP address originates from. For example, the public IP address for Google is 172.217.23.238. You can use services like https://whatismyipaddress.com/ to what company owns an IP and a map to where it is located. In this case, the IP for Google is probably in a datacenter in Kansas. When I look up my personal IP, the website shows a map of Prague and the company that I use for my internet provider.
What does this mean? To any website that I visit and I don’t say who I am, I am anonymous but I am trackable. My IP address and many other things about my computer and my browser give me an unique fingerprint. From the website that I run, if I wanted, I could see a list of every IP address that ever visited, where they come from, what kind of computer they use, what browser they use, what resolution their screen is, and a lot more. A law enforcement or legal organization can easily find out who I am personally by contacting my internet service provider and then I am no longer anonymous at all. Anonymity is a very tenuous concept online. It really isn’t difficult to find out who someone is in real life if you have the means to do so.
Now let’s change gears. You’re probably heard about Tor. I know I’ve written about it a lot here. Tor is a way to make yourself both anonymous and untrackable. Furthermore it makes your true IP address a secret so even law enforcement have a very hard time tracking down someone using it. Your ISP doesn’t know what you do online.
Let’s see what it looks like when visit my website using the Tor Browser:
45.66.35.35 – – [18/Dec/2019:16:49:41 +0000] “GET / HTTP/1.1” 200 7094 “-” “Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0”
The IP address is not mine. It belongs to an exit node which is run by a Tor volunteer. These IP addresses are publicly known and are often banned from many websites (we’ll talk about that later). Even though I am still running Linux, Tor Browser says that I am running Firefox on Windows 10. In fact every Tor Browser user appears to be running Windows 10 and they all have fake IP addresses.
If I do something that people don’t like, the best they could do it to contact and possibly ban the exit node but it is no simple feat to find someone using Tor. It takes a lot of big-government level money and resources to do so and even then it takes a lot of work.
Why is this important? Isn’t the amount of privacy that I have online enough? After all, if I log into Twitter or Reddit, I can create a new account and never tell anyone my real name. I am anonymous aren’t I?
To a point, you are anonymous but only on the most basic level. Again, it takes very little to pinpoint who you are in real life. Do one of these types of people sound like you? This list was written from a specific point of view. The thing that gets me most of all is that there are people in this world and perhaps in your country who are willing to use violence to keep opinions that they don’t like quiet. It is easy to keep quiet and hope not to get caught up. It is difficult to speak what you believe where the consequence could be loss of employment, injury, imprisonment, or even death. Anonymity isn’t cowardice. Sometimes it’s the only safe way to be heard.
Before I finish up, I have to talk about the negatives of anonymity. First and most obvious is that many online companies do not want you to be anonymous. They make money from giving you ads and tracking what you do. Do not be surprised if many website, including Google, stop working when using Tor. They have no reason to allow you to use their services if they can’t make money off of you and every reason to discourage it.
Secondly, bad people also use Tor. Not nearly as many as there are on the open internet, but they are there. Some are criminals. Some are merely trolls. A few do terrible things under the cover of anonymity online. Those are probably the stories that you have heard in the media and not about those who live under repressive regimes.
Not everyone agrees with me, but I believe that anonymity is important and it is crucial for safety online.
Distribution | Forum | Wiki | Community | Membership | Bug Reporting | Mailing List | Chat |
MX Linux | Yes | Technical Only | No | No | Yes | No | No |
Manjaro | Yes | Yes | No | No | Forum Only | Yes | Yes |
Mint | Yes | No | Yes | No | Upstream or Github | No | IRC |
elementary | Stack Exchange | No | No | No | Yes | No | Slack |
Ubuntu | Yes | Yes | Yes | Yes | Yes | Yes | IRC |
Debian | Yes | Yes | Yes | Yes | Yes | Yes | IRC |
Fedora | Yes | Yes | Yes | Yes | Yes | Yes | IRC |
Solus | Yes | No | Yes | No | Yes | No | IRC |
openSUSE | Yes | Yes | Yes | Yes | Yes | Yes | IRC |
Zorin | Yes | No | No | No | Forum Only | No | No |
deepin | Yes | Yes | No | No | Yes | Yes | No |
KDE neon | Yes | Yes | Yes | No | Yes | Yes | IRC |
CentOS | Yes | Yes | Yes | No | Yes | Yes | IRC |
ReactOS* | Yes | No | Yes | No | Yes | Yes | Webchat |
Arch | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
ArcoLinux | Yes | No | No | No | No | No | Discord |
Parrot | Yes | Debian Wiki | No | No | Forum Only | No | IRC/Telegram |
Kali | Yes | No | Yes | No | Yes | No | IRC |
PCLinuxOS | Yes | No | No | No | Forum Only | No | IRC |
Lite | Yes | No | Yes | Yes | Yes | No | No |
*All are Linux distributions except ReactOS
This is the top 20 active projects distributions according to distrowatch.org in the past 12 months.
Only well-funded corporate sponsored Linux distributions (Fedora, Ubuntu, OpenSUSE) have all categories checked. That doesn’t mean that anyone is getting paid. I believe this means that employees are probably the chief contributors and that means there are more people putting in resources to help.
Some distributions are “Pat’s distribution”. Pat’s group owns it and Pat doesn’t want a steering committee or any other say in how the distro works. Though contributions by means of bug reports may be accepted.
A few distributions “outsource” resources to other distributions. Elementary allows Stack Exchange to provide their forum. Parrot Linux refers users to the Debian wiki. Mint suggests that you put in bug reports with the upstream provider unless it is a specific Mint create application.
There are a few Linux distributions that leave me scratching my head. How is this in the top 20 distros on distrowatch? There’s nothing here and the forum, if there is one, is nearly empty. Who uses this?
Do you want to donate your time, make friends, and really help make a Linux distribution grow? Look at Fedora, Ubuntu, OpenSUSE, or Arch. These communities have ways to help you make this happen.
Do you want to just install a free OS on your machine and not worry about what goes into it until something breaks? Check out a Linux distribution with an active and friendly support community. Sometimes the more avenues the better. Sometimes you only need one really good and helpful forum.
Explicitly declare on your website what you want from the people who use your distribution and how they can help! Maybe you just need funding so you can quit your day job and do this full time. Maybe you really need well written bug reports and testers. Say so and help them help you!
Did I miss something? Did I say that you have no chat but you have a thriving community on IRC? Then let me know and I will update this blog post! Also, make sure that it is visible on your page and not hidden away.
I’ve got too many email addresses.
I have:
The goal is to change all of the services, mailing lists, etc that I use to point to a single email account either directly or through aliases so that all of my email is in one place with the exception of my work email which should always stay separate. Also, to get people to only email me at the one account.
to be continued…
From their website:
Bedrock Linux is a meta Linux distribution which allows users to utilize features from other, typically mutually exclusive distributions. Essentially, users can mix-and-match components as desired. For example, one could have:
- The bulk of the system from an old/stable distribution such as CentOS or Debian.
- Access to cutting-edge packages from Arch Linux.
- Access to Arch’s AUR.
- The ability to automate compiling packages with Gentoo’s portage
- Library compatibility with Ubuntu, such as for desktop-oriented proprietary software.
- Library compatibility with CentOS, such as for workstation/server oriented proprietary software.
All at the same time, all working together like one, largely cohesive operating system.
So, what is this thing? Bedrock Linux is a package manager compatibility overlay. Ever wanted to use CentOS or Arch packages on your Debian system? Bedrock Linux will let you do that.
A stratos in Bedrock Linux is a package management overlay. For example, if you want to add a CentOS Strata, you run:
$ sudo brl fetch centos
The BRL app will then download yum and it’s required apps and libraries into the overlay. Once it’s done you can then yum install whatever you want.
Have multiple versions of the same package? Use:
$ strat [stratus name] [packagename]
For example with the Nano editor:
tux@debian:~$ strat arch nano -V GNU nano, version 4.2 (C) 1999-2011, 2013-2019 Free Software Foundation, Inc. (C) 2014-2019 the contributors to nano Email: nano@nano-editor.org Web: https://nano-editor.org/ Compiled options: --enable-utf8 tux@debian:~$ strat debian nano -V GNU nano, version 2.7.4 (C) 1999..2016 Free Software Foundation, Inc. (C) 2014..2016 the contributors to nano Email: nano@nano-editor.org Web: https://nano-editor.org/ Compiled options: --disable-libmagic --disable-wrapping-as-root --enable-utf8 tux@debian:~$ strat centos nano -V GNU nano version 2.3.1 (compiled 04:47:52, Jun 10 2014) (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc. Email: nano@nano-editor.org Web: http://www.nano-editor.org/ Compiled options: --enable-color --enable-extra --enable-multibuffer --enable-nanorc --enable-utf8
It’s not as easy as it sounds. In order to install Bedrock Linux, you must have a compatible base OS. Here is the list that’s currently on the website:
Distro | Hijack -able |
Fetch -able |
Maintainer |
---|---|---|---|
Alpine Linux | Yes | Yes | paradigm |
Arch Linux | Yes | Yes | paradigm |
CentOS | Known issues | Yes | paradigm |
Clear Linux | Mixed reports | Experimental support | N/A |
CRUX | Known issues | No | N/A |
Debian | Yes | Yes | paradigm |
Devuan | Needs investigation | Yes | paradigm |
Elementary OS | Yes, but limited testing | No | N/A |
Exherbo | Yes | In development | Wulf C. Krueger |
Fedora | Yes | Yes | paradigm |
Gentoo Linux | Yes | Yes | paradigm |
GoboLinux | Known issues | No | N/A |
GuixSD | Needs investigation | No | N/A |
Manjaro | Yes, but pamac/octopi broken | No | N/A |
Mint | Needs investigation | No | N/A |
MX Linux | Known issues | No | N/A |
NixOS | Known issues | No | N/A |
OpenSUSE | Yes | Experimental support | N/A |
OpenWRT | Needs investigation | Experimental support | N/A |
Raspbian | Yes | Yes | paradigm |
Slackware Linux | Known issues | Experimental support | N/A |
Solus | Yes | Experimental support | N/A |
Ubuntu | Yes | Yes | paradigm |
Void Linux | Yes | Yes | paradigm |
Hijack-able distros are suitable base installations. Fetch-able distros can be used as overlays.
However this isn’t entirely true or at least not up to date. My first attempt was with OpenSUSE Tumbleweed. After installing, it failed to boot. My second attempt was with Fedora 30. Same resume. It worked on the third try with vanilla Debian. Finally, while Fedora is listed as fetch-able, I couldn’t install it because the brl application couldn’t find a suitable mirror.
Yes! It’s a very interesting project, but don’t do it on any machine where you need your data to be protected. A spare VM is the ideal platform until it becomes more stable.
What is OpenSUSE Tumbleweed?
OpenSUSE Tumbleweed is a cutting-edge Linux distribution from the OpenSUSE team. It uses the latest versions of software applications and the Linux kernel for those who want to see what will be coming up in other Linux distributions in 6-months to a year or more from the time that they appear in Tumbleweed. This means that there are bugs; lots of them. Things break, This is the price that you pay for having the very cutting edge or software technology.
What did Bryan Lunduke actually say?
Let’s break down his complaints. There are only two.
The first complaint is an application stack that doesn’t actually have anything directly to do with Tumbleweed. I never used it. It was going by the wayside when I started using OpenSUSE as my daily OS of choice. The source code is still out there and maybe it should be forked and brought back to life. I don’t know. I can’t argue with this point because it is a red herring and has nothing to do the OpenSUSE Tumbleweed distribution.
The second list of complaints is pretty vague, but his complaint is basically that YaST has issues that are causing it to bring does the entire distribution as a whole.
What is YaST?
YaST (Yet Another Setup Tool) is a set of system management tools that are grouped together in a single management application called YaST though they can be installed and run separately as needed.
The modules allow the user to easily control most administrative functions that might be needed. Not all of the modules are the same though. Some such as the printer and scanner modules suck. Other modules like the Software Management module are great. I consider this to be on par with Debian’s Synaptic package management tool which is freaking amazing. If unevenness in the quality of the modules is the reason why he dislikes it so much, then it’s not a completely wrong reason but it’s not a really good one either.
I say that it’s a given that some of the modules are out of date or need a fresh new rewrite, but that’s not specifically what he is saying. He keeps his complaints vague and oddly personal. I’m not privy to much of the inner-workings of the OpenSUSE distribution but I’ve seen from social media that there is some bad blood there between him and folks in OpenSUSE and I really hope this isn’t just a rant against them instead of really against the distribution.
With that aside, let’s talk about the real issue with YaST and any GUI based configuration tool. It is yet another level of abstraction away from actually working with the operating system. For example, YaST has an module called HTTP Server. If you run it, it will set up Apache and any modules like PHP for you and will give you some basic options for tuning it without actually needing to work with the command line or configuration files directly. If someone told me that they had been a system administrator for 5 years but they had only ever used YaST, I wouldn’t hire them because many times things break and they can’t be fixed with YaST. Tools like YaST should mainly be a time saver not a replacement for good configuration and I think that’s what it is currently.
Even with my own genuine complaints above, they don’t really co-inside with Bryan Lunduke’s complains (it’s ugly, cumbersome, hard to use, stupid, and bloated) because I can’t see all of that. It’s no more ugly than any other tool (besides real nerds care about function over form). Granted, some of the modules are cumbersome and hard to use, but not all of them. It’s “stupid, stupid and it’s stupid” what the heck is that supposed to mean? Use your words Lunduke! Don’t just emote. “It’s bloated.” There are currently 183 total YaST modules. Many will never be used by an end user because they are only used during installation. However if you were to install them all, it would take up 176MiB which would average out to .96MiB per module. There are some required Ruby libraries that I’m not taking into account here, but this really isn’t what I would call bloat. You can even uninstall the modules that you don’t want without causing a huge fuss.
Let’s Wrap Up
Bryan Lunduke is wrong when he says that OpenSUSE Tumbleweed is one of the worst distros out right now. He is wrong when he says that YaST is dragging down the entire distro. YaST has problems, but they aren’t what he says they are.
A Gigglescore is a ratio score of price to performance for single-board-computers like the LattePanda or Raspberry Pi. A lower Gigglescore means a better value for the money. A higher one is worse. You can see more here: https://gigglescore.com/
My LattePanda:
sudo ./benchmark.sh 149
Repository 'openSUSE-Leap-15.0-Non-Oss' is up to date.
Repository 'openSUSE-Leap-15.0-Oss' is up to date.
Repository 'openSUSE-Leap-15.0-Update' is up to date.
Repository 'openSUSE-Leap-15.0-Update-Non-Oss' is up to date.
All repositories have been refreshed.
Category5.TV SBC Benchmark v1.1
Powered by sysbench 1.0.11
Number of threads for this SBC: 4
Performing CPU Benchmark… WARNING: the --test option is deprecated. You can pass a script name or path on the command line without any options.
576.760 events per second. Price: Ģ930.02 per unit.
Performing RAM Benchmark… WARNING: the --test option is deprecated. You can pass a script name or path on the command line without any options.
3,625,781.466 events per second. Price: Ģ0.15 per unit.
Performing Mutex Benchmark… WARNING: the --test option is deprecated. You can pass a script name or path on the command line without any options.
6.873 events per second. Price: Ģ7.80 per unit.
Total Giggle cost of this board: Ģ1,397.58
Giggles (Ģ) are a cost comparison that takes cost and performance into account. While the figure itself is not a direct translation of a dollar value, it works the same way: A board with a lower Giggle value costs less for the performance.
If a board has a high Giggle value, it means for its performance, it is expensive. Giggles help you determine if a board is better bang-for-the-buck, even if it has a different real-world dollar value. Total Giggle cost does not include I/O since that can be impacted by which SD card you choose. Lower Ģ is better.
Being that the suggested retail price is currently $149, we get a Gigglescore of 1,397.58. This is right between the Raspberry Pi 3 B+ and the ODROID XU4 in terms of value for the dollar.