From 6740f99f2a28f8ff7197693a039e3f6bf0367b88 Mon Sep 17 00:00:00 2001 From: Amolith Date: Fri, 27 Jan 2023 13:12:17 -0500 Subject: [PATCH] switch from org to markdown --- blog.org | 1540 ----------------- .../2020-03-09-creating-an-open-source-nas.md | 82 +- ...0-03-21-email-privacy-security-concerns.md | 168 +- content/posts/a-perfect-email-setup-for-me.md | 339 ++++ ...audacity-and-the-telemetry-pull-request.md | 373 ++++ ...email-can-be-pleasant-but-it-takes-work.md | 8 + content/posts/focus-intentionally.md | 51 +- .../freebsd-quirks-on-the-framework-laptop.md | 54 +- .../posts/making-yourself-overly-available.md | 13 + content/posts/stop-using-gmail.md | 5 + content/posts/the-new-paper.md | 251 +++ 11 files changed, 1183 insertions(+), 1701 deletions(-) delete mode 100644 blog.org create mode 100644 content/posts/a-perfect-email-setup-for-me.md create mode 100644 content/posts/audacity-and-the-telemetry-pull-request.md create mode 100644 content/posts/email-can-be-pleasant-but-it-takes-work.md create mode 100644 content/posts/making-yourself-overly-available.md create mode 100644 content/posts/stop-using-gmail.md create mode 100644 content/posts/the-new-paper.md diff --git a/blog.org b/blog.org deleted file mode 100644 index 689bf01..0000000 --- a/blog.org +++ /dev/null @@ -1,1540 +0,0 @@ -#+HUGO_BASE_DIR: ./ -#+HUGO_SECTION: posts -#+HUGO_AUTO_SET_LASTMOD: t -#+HUGO_FRONT_MATTER_FORMAT: yaml -#+ORG-HUGO-EXTERNAL-FILE-EXTENSIONS-ALLOWED-FOR-COPYING: nil - -* Meta :@Meta: -** TODO Focus intentionally -:PROPERTIES: -:EXPORT_FILE_NAME: focus-intentionally -:EXPORT_HUGO_CUSTOM_FRONT_MATTER: :toc true -:END: -I am too easily distracted. Sitting at my desk on an average day, I have movies, -TV shows, and YouTube videos, about a million different chat applications, my -email client, Steam, and a web browser with yet more chat apps plus social media -all within a couple keystrokes' reach. Along with whatever primary task I've set -out to do, I /also/ have a really chaotic brain and about a million other tasks -bouncing around in it. - -Putting all of this together results in terrible productivity and incessant -procrastination If my primary task is something I'm less-than-motivated to -accomplish. - -In a recent episode of /The Art of Manliness/, Brett McKay interviews Dr. BJ Fogg -about his new book, /Tiny Habits: The Small Changes That Change Everything/. One -of Dr. Fogg's statements in this episode stuck with me; when training yourself -to adopt new behaviours, there are three things that must factors that determine -your success: motivation, ability, and a prompt. A prompt is just something that -reminds you of the behaviour you're trying to adopt. The act of brushing your -teeth might be the prompt for flossing. The act of flossing might be the prompt -for making coffee. In my situation, the prompt is just needing to get work done -so we'll ignore that factor. Ability refers to how simple you find the task and -motivation is how motivated you are to accomplish it. These last two must -balance each other out; if your motivation to complete the task is low, your -ability must be high — the task must be easy, while if your ability is low, your -motivation must be rather high. - -*** Notes -- Close primary browser with a million tabs open and use Epiphany -- Close all the chat apps -- Disable notifications/enable Do Not Disturb mode on /both/ your phone /and/ - computer -- Take off your smart/fitness watch -- If you listen to music, make it something calming, not eclectic - -*** References -- [[https://www.artofmanliness.com/character/behavior/monotasking-podcast/][The Art of Manliness: Become a Focused Monotasker]] -- [[https://www.artofmanliness.com/character/habits/podcast-581-the-tiny-habits-that-change-everything/][The Art of Manliness: The Tiny Habits That Change Everything]] -** TODO Email can be pleasant, but like all good things, it takes work -:PROPERTIES: -:EXPORT_FILE_NAME: email-can-be-pleasant-but-like-all-good-things-it-takes-work -:EXPORT_HUGO_CUSTOM_FRONT_MATTER: :toc true -:END: -* Technology :@Technology: -** DONE (Ab)using mesh networks for easy remote support :Mesh__networking:Open__source:Remote__support: -CLOSED: [2021-11-01 Mon 02:51] -:PROPERTIES: -:EXPORT_FILE_NAME: abusing-mesh-networks-for-easy-remote-support -:EXPORT_HUGO_CUSTOM_FRONT_MATTER: :toc true -:END: -One of the things many of us struggle with when setting friends and -family up with Linux is remote support. Commercial solutions like -[[https://www.realvnc.com/][RealVNC]] and [[https://rustdesk.com/][RustDesk]] do exist and function very well, but are often more -expensive than we would like for answering the odd "I can't get Facebook -open!" support call. I've been on the lookout for suitable alternatives -for a couple years but nothing has been satisfying. Because of this, I -have held off on setting others up with any Linux distribution, even the -particularly user-friendly options such as [[https://linuxmint.com/][Linux Mint]] and [[https://elementary.io/][elementary OS;]] -if I'm going drop someone in an unfamiliar environment, I want to be -able to help with any issue within a couple hours, not days and -/certainly/ not weeks. - -[[https://linuxunplugged.com/421][Episode 421 of LINUX Unplugged]] gave me an awesome idea to use [[https://github.com/slackhq/nebula][Nebula,]] a -networking tool created by Slack, [[https://libvnc.github.io/][X11vnc,]] a very minimal VNC server, and -[[https://remmina.org/][Remmina,]] a libre remote access tool available in pretty much every Linux -distribution, to set up a scalable, secure, and simple setup reminiscent -of products like RealVNC. - -*** Nebula -The first part of our stack is Nebula, the tool that creates a network -between all of our devices. With traditional VPNs, you have a client -with a persistent connection to a central VPN server and other clients -can communicate with the first by going through that central server. -This works wonderfully in most situations, but there are a lot of -latency and bandwidth restrictions that would make remote support an -unpleasant experience. Instead of this model, what we want is a /mesh/ -network, where each client can connect directly to one another /without/ -going through a central system and slowing things down. This is where -Nebula comes in. - -In Nebula's terminology, clients are referred to as /nodes/ and central -servers are referred to as /lighthouses/, so those are the terms I'll use -going forward. - -Mesh networks are usually only possible when dealing with devices that -have static IP addresses. Each node has to know /how/ to connect with the -other nodes; John can't meet up with Bob when Bob moves every other day -without notifying anyone of his new address. This wouldn't be a problem -if Bob phoned Jill and told her where he was moving; John would call -Jill, Jill would tell him where Bob is, and the two would be able to -find each other - -With Nebula, nodes are Bob and John and Jill is a lighthouse. Each node -connects to a lighthouse and the lighthouse tells the nodes how to -connect with one another when they ask. It /facilitates/ the P2P -connection then /backs out of the way/ so the two nodes can communicate -directly with each other. - -It allows any node to connect with any other node on any network from -anywhere in the world, as long as one lighthouse is accessible that -knows the connection details for both peers. - -**** Getting started -The /best/ resource is [[https://github.com/slackhq/nebula][the official documentation,]] but I'll describe the -process here as well. - -After [[https://github.com/slackhq/nebula#1-the-nebula-binaries-or-distribution-packages-for-your-specific-platform-specifically-youll-need-nebula-cert-and-the-specific-nebula-binary-for-each-platform-you-use][installing the required packages,]] make sure you have a VPS with a -static IP address to use as a lighthouse. If you want something dirt -cheap, I would recommend one of the small plans from [[https://buyvm.net][BuyVM.]] I do have a -[[https://my.frantech.ca/aff.php?aff=3783][referral link]] if you want them to kick me a few dollars for your -purchase. [[https://www.hetzner.com/cloud][Hetzner]] (referral: ~ckGrk4J45WdN~) or [[https://www.netcup.eu/][netcup]] (referral: -~36nc15758387844~) would also be very good options; I've used them all and -am very comfortable recommending them. - -**** Creating a Certificate Authority -After picking a device with a static IP address, it needs to be set up -as a lighthouse. This is done by first creating a Certificate Authority -(CA) that will be used for signing keys and certificates that allow our -other devices into the network. The ~.key~ file produced by the following -command is incredibly sensitive; with it, anyone can authorise a new -device and give it access to your network. Store it in a safe, -preferably encrypted location. - -#+BEGIN_SRC bash - nebula-cert ca -name "nebula.example.com" -#+END_SRC - -I'll explain why we used a Fully-Qualified Domain Name (FQDN) as the -CA's name in a later section. If you have your own domain, feel free to -use that instead; it doesn't really matter what domain is used as long -as the format is valid. - -**** Generating lighthouse credentials -Now that we have the CA's ~.crt~ and ~.key~ files, we can create and sign -keys and certificates for the lighthouse. - -#+BEGIN_SRC bash - nebula-cert sign -name "buyvm.lh.nebula.example.com" -ip "192.168.100.1/24" -#+END_SRC - -Here, we're using a FQDN for the same reason as we did in the CA. You -can use whatever naming scheme you like, I just prefer -~.lh.nebula...~ for my lighthouses. The IP address can be on any -of the following private IP ranges, I just happened to use ~192.168.100.X~ -for my network. - -| IP Range | Number of addresses | -|-------------------------------+---------------------| -| 10.0.0.0 – 10.255.255.255 | 16 777 216 | -| 172.16.0.0 – 172.31.255.255 | 10 48 576 | -| 192.168.0.0 – 192.168.255.255 | 65 536 | - -**** Creating a config file -The next step is creating our lighthouse's config file. The reference -config can be found in [[https://github.com/slackhq/nebula/blob/master/examples/config.yml][Nebula's repo.]] We only need to change a few of -the lines for the lighthouse to work properly. If I don't mention a -specific section here, I've left the default values. - -The section below is where we'll define certificates and keys. ~ca.crt~ -will remain ~ca.crt~ when we copy it over but I like to leave the node's -cert and key files named as they were when generated; this makes it easy -to identify nodes by their configs. Once we copy everything over to the -server, we'll add the proper paths to the ~cert~ and ~key~ fields. - -#+BEGIN_SRC yaml - pki: - ca: /etc/nebula/ca.crt - cert: /etc/nebula/ - key: /etc/nebula/ -#+END_SRC - -The next section is for identifying and mapping your lighthouses. This -needs to be present in /all/ of the configs on /all/ nodes, otherwise they -won't know how to reach the lighthouses and will never actually join the -network. Make sure you replace ~XX.XX.XX.XX~ with whatever your VPS's -public IP address is. If you've used a different private network range, -those changes need to be reflected here as well. - -#+BEGIN_SRC yaml - static_host_map: - "192.168.100.1": ["XX.XX.XX.XX:4242"] -#+END_SRC - -Below, we're specifying how the node should behave. It is a lighthouse, -it should answer DNS requests, the DNS server should listen on all -interfaces on port 53, it sends its IP address to lighthouses every 60 -seconds (this option doesn't actually have any effect when ~am_lighthouse~ -is set to ~true~ though), and this lighthouse should not send reports to -other lighthouses. The bit about DNS will be discussed later. - -#+BEGIN_SRC yaml - lighthouse: - am_lighthouse: true - serve_dns: true - dns: - host: 0.0.0.0 - port: 53 - interval: 60 - hosts: -#+END_SRC - -The next bit is about [[https://en.wikipedia.org/wiki/Hole_punching_%28networking%29][hole punching]], also called /NAT punching/, /NAT -busting/, and a few other variations. Make sure you read the comments for -better explanations than I'll give here. ~punch: true~ enables hole -punching. I also like to enable ~respond~ just in case nodes are on -particularly troublesome networks; because we're using this as a support -system, we have no idea what networks our nodes will actually be -connected to. We want to make sure devices are available no matter where -they are. - -#+BEGIN_SRC yaml - punchy: - punch: true - respond: true - delay: 1s -#+END_SRC - -~cipher~ is a big one. The value /must/ be identical on /all/ nodes /and/ -lighthouses. ~chachapoly~ is more compatible so it's used by default. The -devices /I/ want to connect to are all x86 Linux, so I can switch to ~aes~ -and benefit from [[https://www.reddit.com/r/networking/comments/iksyuu/comment/g3ra5cv/?utm_source=share&utm_medium=web2x&context=3][a small performance boost.]] Unless you know /for sure/ -that you won't need to work with /anything/ else, I recommend leaving it -set to ~chachapoly~. - -#+BEGIN_SRC yaml - cipher: chachapoly -#+END_SRC - -The last bit I modify is the firewall section. I leave most everything -default but /remove/ the bits after ~port: 443~. I don't /need/ the ~laptop~ and -~home~ groups (groups will be explained later) to access port ~443~ on this -node, so I shouldn't include the statement. If you have different needs, -take a look at the comment explaining how the firewall portion works and -make those changes. - -Again, I /remove/ the following bit from the config. - -#+BEGIN_SRC yaml - - port: 443 - proto: tcp - groups: - - laptop - - home -#+END_SRC - -**** Setting the lighthouse up -We've got the config, the certificates, and the keys. Now we're ready to -actually set it up. After SSHing into the server, grab the [[https://github.com/slackhq/nebula/releases/latest][latest -release of Nebula for your platform,]] unpack it, make the ~nebula~ binary -executable, then move it to ~/usr/local/bin~ (or some other location -fitting for your platform). - -#+BEGIN_SRC bash - wget https://github.com/slackhq/nebula/releases/download/vX.X.X/nebula-PLATFORM-ARCH.tar.gz - tar -xvf nebula-* - chmod +x nebula - mv nebula /usr/local/bin/ - rm nebula-* -#+END_SRC - -Now we need a place to store our config file, keys, and certificates. - -#+BEGIN_SRC bash - mkdir /etc/nebula/ -#+END_SRC - -The next step is copying the config, keys, and certificates to the -server. I use ~rsync~ but you can use whatever you're comfortable with. -The following four files need to be uploaded to the server. - -- ~config.yml~ -- ~ca.crt~ -- ~buyvm.lh.nebula.example.com.crt~ -- ~buyvm.lh.nebula.example.com.key~ - -With ~rsync~, that would look something like this. Make sure ~rsync~ is also -installed on the VPS before attempting to run the commands though; -you'll get an error otherwise. - -#+BEGIN_SRC bash - rsync -avmzz ca.crt user@example.com: - rsync -avmzz config.yml user@example.com: - rsync -avmzz buyvm.lh.* user@example.com: -#+END_SRC - -SSH back into the server and move everything to ~/etc/nebula/~. - -#+BEGIN_SRC bash - mv ca.crt /etc/nebula/ - mv config.yml /etc/nebula/ - mv buyvm.lh* /etc/nebula/ -#+END_SRC - -Edit the config file and ensure the ~pki:~ section looks something like -this, modified to match your hostnames of course. - -#+BEGIN_SRC yaml - pki: - ca: /etc/nebula/ca.crt - cert: /etc/nebula/buyvm.lh.nebula.example.com.crt - key: /etc/nebula/buyvm.lh.nebula.example.com.key -#+END_SRC - -Run the following command to make sure everything works properly. - -#+BEGIN_SRC bash - nebula -config /etc/nebula/config.yml -#+END_SRC - -The last step is daemonizing Nebula so it runs every time the server -boots. If you're on a machine using systemd, dropping the following -snippet into ~/etc/systemd/system/nebula.service~ should be sufficient. If -you're using something else, check the [[https://github.com/slackhq/nebula/tree/master/examples/][the examples directory]] for more -options. - -#+BEGIN_SRC text - [Unit] - Description=nebula - Wants=basic.target - After=basic.target network.target - Before=sshd.service - - [Service] - SyslogIdentifier=nebula - ExecReload=/bin/kill -HUP $MAINPID - ExecStart=/usr/local/bin/nebula -config /etc/nebula/config.yml - Restart=always - - [Install] - WantedBy=multi-user.target -#+END_SRC - -We're almost done! - -**** Setting individual nodes up -This process is almost exactly the same as setting lighthouses up. All -you'll need to do is generate a couple of certs and keys then tweak the -configs a bit. - -The following command creates a new cert/key for USER's node with the IP -address ~192.168.100.2~. The resulting files would go on the /remote/ node -not yours. Replace ~HOST~ and ~USER~ with fitting values. - -#+BEGIN_SRC bash - nebula-cert sign -name "HOST.USER.nebula.example.com" -ip "192.168.100.2/24" -#+END_SRC - -The following command will create a /similar/ cert/key but it will be part -of the ~support~ group. The files resulting from this should go on /your/ -nodes. With the config we'll create next, nodes in the ~support~ group -will be able to VNC and SSH into other nodes. Your nodes need to be in -the ~support~ group so you'll have access to the others. - -#+BEGIN_SRC bash - nebula-cert sign -name "HOST.USER.nebula.example.com" -ip "192.168.100.2/24" -groups "support" -#+END_SRC - -On to the config now. This tells the node that it is /not/ a lighthouse, -it should /not/ resolve DNS requests, it /should/ ping the lighthouses and -tell them its IP address every 60 seconds, and the node at ~192.168.100.1~ -is one of the lighthouses it should report to and query from. If you -have more than one lighthouse, add them to the list as well. - -#+BEGIN_SRC yaml - lighthouse: - am_lighthouse: false - #serve_dns: false - #dns: - #host: 0.0.0.0 - #port: 53 - interval: 60 - hosts: - - "192.168.100.1" -#+END_SRC - -The other bit that should be modified is the ~firewall:~ section and this -is where the groups we created earlier are important. Review its -comments and make sure you understand how it works before proceeding. - -We want to allow inbound connections on ports 5900, the standard port -for VNC, and 22, the standard for SSH. Additionally, we /only/ want to -allow connections from nodes in the ~support~ group. Any /other/ nodes -should be denied access. - -Note that including this section is not necessary on /your/ nodes, those -in the ~support~ group. It's only necessary on the remote nodes that -you'll be connecting to. As long as the ~outbound:~ section in the config -on /your/ node allows any outbound connection, you'll be able to access -other nodes. - -#+BEGIN_SRC yaml - - port: 5900 - proto: tcp - groups: - - support - - - port: 22 - proto: tcp - groups: - - support -#+END_SRC - -The certs, key, config, binary, and systemd service should all be copied -to the same places on all of these nodes as on the lighthouse. - -*** X11vnc -/Alright./ The hardest part is finished. Now on to setting ~x11vnc~ up on -the nodes you'll be supporting. - -All you should need to do is install ~x11vnc~ using the package manager -your distro ships with, generate a 20 character password with ~pwgen -s -20 1~, run the following command, paste the password, wait for ~x11vnc~ to -start up, make sure it's running correctly, press ~Ctrl~ + ~C~, then add the -command to the DE's startup applications! - -#+BEGIN_SRC bash - x11vnc --loop -usepw -listen -display :0 -#+END_SRC - -~--loop~ tells ~x11vnc~ to restart once you disconnect from the session. -~-usepw~ is pretty self-explanatory. ~-listen ~ is important; it -tells ~x11vnc~ to only listen on the node's Nebula IP address. This -prevents randos in a coffee shop from seeing an open VNC port and trying -to brute-force the credentials. ~-display :0~ just defines which X11 -server display to connect to. - -Some distributions like elementaryOS and those that use KDE and GNOME -will surface a dialogue for managing startup applications if you just -press the Windows (Super) key and type ~startup~. If that doesn't work, -you'll have to root around in the settings menus, consult the -distribution's documentation, or ask someone else that might know. - -After adding it to the startup application, log out and back in to make -sure it's running in the background. - -*** Remmina -Now that our network is functioning properly and the VNC server is set -up, we need something that connects to the VNC server over the fancy -mesh network. Enter [[https://remmina.org/][Remmina.]] This one goes on /your/ nodes. - -Remmina is a multi-protocol remote access tool available in pretty much -ever distribution's package archive as ~remmina~. Install it, launch it, -add a new connection profile in the top left, give the profile a -friendly name (I like to use the name of the person I'll be supporting), -assign it to a group, such as ~Family~ or ~Friends~, set the Protocol to -~Remmina VNC Plugin~, enter the node's Nebula IP address in the Server -field, then enter their username and the 20 character password you -generated earlier. I recommend setting the quality to Poor, but Nebula -is generally performant enough that any of the options are suitable. I -just don't want to have to disconnect and reconnect with a lower quality -if the other person happens to be on a slow network. - -Save and test the connection! - -If all goes well and you see the other device's desktop, you're done -with the VNC section! Now on to SSH. - -*** SSH -First off, make sure ~openssh-server~ is installed on the remote node; -~openssh-client~ would also be good to have, but from what I can tell, -it's not strictly necessary. You /will/ need ~openssh-client~ on /your/ node, -however. If you already have an SSH key, copy it over to -~~/.ssh/authorized_keys~ on the remote node. If you don't, generate one -with ~ssh-keygen -t ed25519~. This will create an Ed25519 SSH key pair. -Ed25519 keys are shorter and faster than RSA and more secure than ECDSA -or DSA. If that means nothing to you, don't worry about it. Just note -than this key might not interact well with older SSH servers; you'll -know if you need to stick with the default RSA. Otherwise, Ed25519 is -the better option. After key generation has finished, copy -~~/.ssh/id_ed25519.pub~ (note the ~.pub~ extension) from your node to -~~/.ssh/authorized_keys~ on the remote node. The file /without/ ~.pub~ is your -/private/ key. Like the Nebula CA certificate we generated earlier, this -is extremely sensitive and should never be shared with anyone else. - -Next is configuring SSH to only listen on Nebula's interface; as with -~x11vnc~, this prevents randos in a coffee shop from seeing an open SSH -port and trying to brute-force their way in. Set the ~ListenAddress~ -option in ~/etc/ssh/sshd_config~ to the remote node's Nebula IP address. -If you want to take security a step further, search for -~PasswordAuthentication~ and set it to ~no~. This means your SSH key is -/required/ for gaining access via SSH. If you mess up Nebula's firewall -rules and accidentally give other Nebula devices access to this machine, -they still won't be able to get in unless they have your SSH key. I -/personally/ recommend disabling password authentication, but it's not -absolutely necessary. After making these changes, run ~systemctl restart -sshd~ to apply them. - -Now that the SSH server is listening on Nebula's interface, it will -actually fail to start when the machine (re)boots. The SSH server starts -faster than Nebula does, so it will look for the interface before Nebula -has even had a chance to connect. We need to make sure systemd waits for -Nebula to start up and connect before it tells SSH to start; run -~systemctl edit --full sshd~ and add the following line in the ~[Unit]~ -section, above ~[Service]~. - -#+BEGIN_SRC text - After=nebula.service -#+END_SRC - -Even now, there's still a bit of a hiccup. Systemd won't start SSH until -Nebula is up and running, which is good. Unfortunately, even after -Nebula has started, it still takes a minute to bring the interface up, -causing SSH to crash. To fix /this/, add the following line directly below -~[Service]~. - -#+BEGIN_SRC text - ExecStartPre=/usr/bin/sleep 30 -#+END_SRC - -If the ~sleep~ executable is stored in a different location, make sure you -use that path instead. You can check by running ~which sleep~. - -When the SSH /service/ starts up, it will now wait an additional 30 -seconds before actually starting the SSH /daemon/. It's a bit of a hacky -solution but it works™. If you come up with something better, please -send it to me and I'll include it in the post! My contact information is -at the bottom of [[/][this site's home page.]] - -After you've made these changes, run ~systemctl daemon-reload~ to make -sure systemd picks up on the modified service file, then run ~systemctl -restart sshd~. You should be able to connect to the remote node from your -node using the following command. - -#+BEGIN_SRC bash - ssh USER@ -#+END_SRC - -If you want to make the command a little simpler so you don't have to -remember the IP every time, create ~~/.ssh/config~ on your node and add -these lines to it. - -#+BEGIN_SRC text - Host USER - Hostname - User USER -#+END_SRC - -Now you can just run ~ssh USER~ to get in. If you duplicate the above -block for all of the remote nodes you need to support, you'll only have -to remember the person's username to SSH into their machine. - -*** Going further with Nebula -This section explains why we used FQDNs in the certs and why the DNS -resolver is enabled on the lighthouse. - -Nebula ships with a built-in resolver meant specifically for mapping -Nebula node hostnames to their Nebula IP addresses. Running a public DNS -resolver is very much discouraged because it can be abused in terrible -ways. However, the Nebula resolver mitigates this risk because it /only/ -answers queries for Nebula nodes. It doesn't forward requests to any -other servers nor does it attempt to resolve any domain other than what -was defined in its certificate. If you use the example I gave above, -that would be ~nebula.example.com~; the lighthouse will attempt to resolve -any subdomain of ~nebula.example.com~ but it will just ignore ~example.com~, -~nebula.duckduckgo.com~, ~live.secluded.site~, etc. - -Taking advantage of this resolver requires setting it as your secondary -resolver on any device you want to be able to resolve hostnames from. -If you were to add the lighthouse's IP address as your secondary -resolver on your PC, you could enter ~host.user.nebula.example.com~ in -Remmina's server settings /instead of/ ~192.168.1.2~. - -But how you do so is beyond the scope of this post! - -If you're up for some /more/ shenanigans later on down the line, you could -set up a Pi-Hole instance backed by Unbound and configure Nebula as -Unbound's secondary resolver. With this setup, you'd get DNS-level ad -blocking /and/ the ability to resolve Nebula hostname. Pi-Hole would query -Unbound for ~host.user.nebula.example.com~, Unbound would receive no -answer from the root servers because the domain doesn't exist outside of -your VPN, Unbound would fall back to Nebula, Nebula would give it an -answer, Unbound would cache the answer, tell Pi-Hole, Pi-Hole would -cache the answer, tell your device, then your device would cache the -answer, and you can now resolve any Nebula host! - -Exactly how you do /that/ is */definitely/* beyond the scope of this post :P - -If you set any of this up, I would be interested to hear how it goes! As -stated earlier, my contact information is at the bottom of the site's -home page :) -** TODO FreeBSD quirks on the Framework laptop :FreeBSD:Framework: -:PROPERTIES: -:EXPORT_FILE_NAME: freebsd-quirks-on-the-framework-laptop -:EXPORT_HUGO_CUSTOM_FRONT_MATTER: :toc true -:END: -This is primarily intended for people new to FreeBSD. If you're already familiar -with it, [[https://wiki.freebsd.org/Laptops/Framework_Laptop][the wiki page]] will probably tell you everything you need. I had no idea -what I was doing so I had no idea what I was looking for! I had been beating my -head against a wall for about three hours before I decided to join ~#freebsd~ on -[[https://libera.chat/][Libera.Chat]]; the people there were friendly, helpful, and gave me tons of great -advice. I highly recommend popping in if you have any issues! - -*** The Handbook -Open [[https://docs.freebsd.org/en/books/handbook/][the handbook.]] Follow [[https://docs.freebsd.org/en/books/handbook/][the handbook.]] Read [[https://docs.freebsd.org/en/books/handbook/][the whole handbook.]] The developers -spend a /lot/ of time making sure it's the best resource available for learning -FreeBSD. In most cases, it will have an answer for any question related to -FreeBSD. - -That said, the Framework laptop is so new that it's not fully supported by the -current stable release, so for now, we'll need to diverge a bit. This guide is -really only applicable until the release of FreeBSD 13.1 and until ~drm-kmod~ hits -version 5.5+. Once those two criteria are met, following the handbook should be -entirely sufficient! - -*** The Source -In section 2.5.3 of the handbook/installer, make sure you tick the ~src~ box to -download the FreeBSD source code. It'll be necessary for building our graphics -drivers later on. - -*** The Graphics -This is where things are less-than-ideal at the moment. /Usually/, installing -[[https://cgit.freebsd.org/ports/tree/graphics/drm-kmod][graphics/drm-kmod]] would be sufficient, but the version in both FreeBSD's package -repos and in the ports tree is too old. At the time of writing, it's compatible -with Linux kernel 5.4 while the Framework's drivers are in Linux kernel 5.5+. -We'll need to clone the /sources/ for ~graphics/drm-kmod~, check out a more recent -branch, build the drivers, and use those instead. - -I'm not 100% certain whether the first step here is necessary but I don't feel -like reinstalling to check. - -1. Install ~graphics/drm-kmod~ with ~pkg install drm-kmod~ -2. Install ~devel/git~ with ~pkg install git~ -3. Clone ~drm-kmod~'s source with - #+BEGIN_SRC bash -git clone https://github.com/freebsd/drm-kmod - #+END_SRC -4. Check out the ~5.7-stable~ branch with - #+BEGIN_SRC bash -git checkout -b 5.7-stable --track remotes/origin/5.7-stable - #+END_SRC -5. Build the package with ~make~ -6. Uninstall ~drm-kmod~ and all of its dependencies with ~pkg remove drm-kmod~ - followed by ~pkg autoremove~ -7. Install the more up-to-date drivers with ~make install~ -8. Make sure the module works as expected with ~kldload /boot/modules/i915kms.ko~ -9. If you suddenly see grey in your terminal, it works! Go ahead and add it to - your boot config by appending the following line to ~/etc/rc.conf~ - #+BEGIN_SRC text -kld_load="/boot/modules/i915kms.ko" - #+END_SRC -10. Reboot and you should be able to start Xorg as the handbook describes! - -Again all of this information is available on [[https://wiki.freebsd.org/Laptops/Framework_Laptop][the FreeBSD wiki page for the -Framework laptop.]] The ~Graphics~ row in section 2 says /requires DRM-KMOD 5.5 or -higher. Fails to initialize with DRM-KMOD 5.4./ That's in reference to the -package we just built and installed. - -Hope this helps! - -** TODO A perfect email setup (for me) :Email:Workflow: -:PROPERTIES: -:EXPORT_FILE_NAME: a-perfect-email-setup-for-me -:EXPORT_HUGO_CUSTOM_FRONT_MATTER: :toc true -:END: - -I've never been satisfied with any of the email clients most people use. -I've tried [[https://www.thunderbird.net/en-GB/][Thunderbird,]] [[https://wiki.gnome.org/Apps/Evolution][Evolution,]] [[https://getmailspring.com/][Mailspring,]] [[https://support.apple.com/mail][Mail.app,]] [[https://roundcube.net/][Roundcube,]] -[[https://sogo.nu/][SOGo,]] [[https://wiki.gnome.org/Apps/Geary][Geary,]] and /many/ more. /None/ of them handle multiple accounts -particularly well because all of the emails associated with that account -are bound within it. Sure, you can make a new folder somewhere called -~TODO~ and move all of your actionable emails to that folder but, when you -go to move actionable emails from /another/ account into that folder, -you'll likely find that the client simply doesn't let you. If it does, -when you reply, it will likely be sent from the wrong account. This is a -limitation of the IMAP protocol; everything is /managed/ locally but -changes are pushed to the remote server and mixing things the way I want -leads to broken setups. - -Before I go any further, these are a few characteristics of my ideal -email tool. - -- Support for multiple accounts (obviously) -- /Native desktop application/ (*not* [[https://github.com/electron/electron][Electron]]) -- Has stellar keyboard shortcuts -- Doesn't require internet connectivity (other than downloading and - sending of course) -- Organisation can be done with tags - -*** Why tags? -Because they're better. Hierarchies are useful for prose and code but -not for files, emails, notes, or anything where an item may fit within -multiple categories. Imagine you get an email from your Computer Science -professor that includes test dates, homework, and information about -another assignment. In that same email, he asks every student to reply -with something they learned from the previous class as a form of -attendance. In a hierarchy, the best place for this might just be a ~TODO~ -folder /even though/ it would also fit under ~School~, ~CS~, ~Dates~, ~To read~, -and ~Homework~. Maybe you have a few minutes and want to clear out some -emails that don't require any interaction. In a tag-based workflow, this -would be a good time to open ~To read~, get that email out of the way, and -remove the ~To read~ tag. It would still show up under the other tags so -you can find it later and take the time to fully answer the professor's -question, add those dates to your calendar, and add the homework -assignments to your ~TODO~ list. Hierarchies can be quite cumbersome to -work with, especially when one folder ends up getting all the data. Tags -ensure that you only see what you want when you want it. Tags are more -efficient and they will remain my organisation system of choice. - -*** The tools -In short, the tools we will be using are... -+ [[https://isync.sourceforge.io/mbsync.html][~mbsync~]] to download our emails -+ [[https://notmuchmail.org/][~notmuch~,]] the primary way emails will be organised -+ [[https://afew.readthedocs.io/en/latest/][~afew~]] to apply initial ~notmuch~ tags based on subject, sender, recipient, etc. -+ [[https://neomutt.org/][NeoMutt]] to interact with those emails, reply, compose, add/remove - tags, etc. -+ [[https://marlam.de/msmtp/][~msmtp~]] for relaying our replies and compositions to our mail provider - -Yes, it's a lot. Yes, it's time-consuming to set up. Yes, it's worth it -(in my opinion). - -*** ~mbsync~ -As I said above, IMAP is limiting; we need to use some other method of -downloading our emails. There's an awesome piece of software called -[[https://isync.sourceforge.io/mbsync.html][mbsync]] which is built for exactly this purpose. Its configuration -can be rather daunting if you have as many accounts as I do (19) but -it's not /terrible/. - -The following sections are named *Near*, *Far*, and *Sync*. Near and Far are -terms mbsync uses to profile /how/ your emails are stored, /where/ they're -stored, and how to interact with them. In this guide, Far will our mail -provider's IMAP server and Near will be our local Maildir. - -**** Far -#+BEGIN_SRC text -IMAPAccount amo_ema -Host imap.nixnet.email -CertificateFile /etc/ssl/certs/ca-certificates.crt -SSLType STARTTLS -User amolith@nixnet.email -PassCmd "secret-tool lookup Title amolith@nixnet.email" - -IMAPStore amo_ema-remote -Account amo_ema -#+END_SRC - -**** Near -#+BEGIN_SRC text -MaildirStore amo_ema-local -SubFolders Verbatim -Path ~/new-mail/amo_ema/ -Inbox ~/new-mail/amo_ema/INBOX/ -#+END_SRC - -In the first block, ~localrepository~ and ~remoterepository~ tell OfflineIMAP where -to look for your emails. ~use_exa-local~ is an arbitrary naming scheme I use to -differentiate between the various local and remote accounts. It can easily be -swapped with something else. - -**** Sync -#+BEGIN_SRC text -Channel amo_ema -Far :amo_ema-remote: -Near :amo_ema-local: -SyncState * -Patterns * -Create Both -#+END_SRC - -The repository sections describe how the emails are stored or retrieved. -In the ~local~ block, you'll notice that the type is ~Maildir~. In this -format, each email is given a unique filename and stored in a hierarchy -of folders within your account. This is often how your emails are stored -on your provider's mail server. - -~pythonfile~ is used here to authenticate with the remote server. This can -be complicated and depends /entirely/ on how you manage your passwords. I -use [[https://keepassxc.org/][KeePassXC]] and love it. When I set OfflineIMAP up, however, it didn't -have ~libsecret~ compatibility. This would have made setup significantly -easier but, as it already just works™, I don't really see a reason to -change it. - -This new feature allows ~libresecret~-based applications to query -KeePassXC for your passwords or store them there on your behalf. CLI/TUI -applications that need a secure mechanism for background authentication -can use ~secret-tool lookup Title "TITLE_OF_PASSWORD"~ as the password -command. See [[https://github.com/keepassxreboot/keepassxc/pull/2726][the pull request]] for more details. Because this wasn't a -feature when I first set it up, I put my passwords in plaintext files -and encrypted them with the GPG key stored on my YubiKey. As long as my -key is plugged in, OfflineIMAP can authenticate and download all my -emails just fine. The process for using a GPG key /not/ stored on a -hardware token is pretty much the same and I'll talk about that process -instead. - -These are the contents of my ~~/.offlineimap.py~. - -#+BEGIN_SRC python - #! /usr/bin/env python2 - from subprocess import check_output - def get_pass(account): - return check_output(["gpg", "-dq", f" ~/.mail_pass/{account}.gpg"]).strip("\n") -#+END_SRC - -This runs ~gpg -dq ~/.mail_pass/use_exa.gpg~ then strips the newline -character before returning it to OfflineIMAP. ~-d~ tells GPG that you're -passing it a file you want decrypted and ~-q~ tells it not to give any -output other than the file's contents. For a setup that works with this -Python script, put your passwords in plaintext files with the account -name as the file name (e.g. ~use_exa~). You'll then encrypt it with ~gpg --er use_exa~. Running ~gpg -dq use_exa.gpg~ should display -your password. Repeat for every account and store the resulting files in -~~/.mail_pass/~. - -The other option, ~sync_deletes~, is whether or not to delete remote -emails that have been deleted locally. I enabled that because I want to -have easy control over how much remote storage is used. - -Here's the next block again so you don't have to scroll up: - -#+BEGIN_SRC text -[Repository use_exa-remote] -type = IMAP -remotehost = imap.example.com -starttls = yes -ssl = no -remoteport = 143 -remoteuser = user@example.com -remotepasseval = get_pass("use_exa") -auth_mechanisms = GSSAPI, XOAUTH2, CRAM-MD5, PLAIN, LOGIN -maxconnections = 1 -createfolders = True -sync_deletes = yes -#+END_SRC - -This one's pretty self-explanatory. ~type~, ~remotehost~, ~starttls~, ~ssl~, and -~remoteport~ should all be somewhere in your provider's documentation. -~remoteuser~ is your email address and ~remotepasseval~ is the function that -will return your password and allow OfflineIMAP to authenticate. You'll -want enter the name of your password file without the ~.gpg~ extension; -the script takes care of adding that. Leave ~auth_mechanisms~ alone and -the same for ~maxconnections~ unless you know your provider won't rate -limit you or something for opening multiple connections. ~sync_deletes~ is -the same as in the previous block. - -Copy those three blocks for as many accounts as you want emails -downloaded from. I have 510 lines just for ~Account~ and ~Repository~ blocks -due to the number of address I'm keeping track of. - -*** ~notmuch~ -[[https://notmuchmail.org/][~notmuch~]] is /a fast, global-search, and tag-based email system/. This -what does all of our organisation as well as what provides the "virtual" -mailboxes NeoMutt will display later on. Configuration is incredibly -simple. This file goes in ~~/.notmuch-config~. - -#+BEGIN_SRC text - [database] - path=/home/user/mail/ - - [user] - name=Amolith - primary_email=user@example.com - - [new] - tags=unread;new; - ignore=Trash; - - [search] - exclude_tags=deleted;spam; - - [maildir] - synchronize_flags=true -#+END_SRC - -First section is the path to where all of your archives are, the ~[user]~ -section is where you list all of your accounts, ~[new]~ adds ~tags~ to mail -notmuch hasn't indexed yet and ignores indexing the ~Trash~ folder, and -~[search]~ ignores mail tagged with ~deleted~ or ~spam~. The final section -tells ~notmuch~ to add maildir flags which correspond with ~notmuch~ tags. -These flags will be synced to the remote server the next time -OfflineIMAP runs and things will be somewhat organised in your webmail -interface. - -After creating the configuration file, run ~notmuch new~ and wait for all -of your mail to be indexed. This could take a short amount of time or it -could take minutes up to an hour, depending on how many emails you have. -After it's finished, you'll be able to run queries and see matching -emails: - -#+BEGIN_SRC text - $ notmuch search from:user@example.com - thread:0000000000002e9d December 28 [1/1] Example User; Random subject that means nothing -#+END_SRC - -This is not terribly useful in and of itself because you can't read it -or reply to it or anything. That's where the Mail User Agent (MUA) comes -in. - -*** ~afew~ -[[https://afew.readthedocs.io/en/latest/][~afew~]] is /an initial tagging script for notmuch/. After calling ~notmuch -new~, ~afew~ will add tags based on headers such as ~From:~, ~To:~, ~Subject:~, -etc. as well as handle killed threads and spam. The official [[https://afew.readthedocs.io/en/latest/quickstart.html][quickstart -guide]] is probably the best resource on getting started but I'll include -a few tips here as well. - -*** NeoMutt -*** ~msmtp~ -~msmtp~ is what's known as a /Mail Transfer Agent/ (MTA). You throw it an -email and it will relay that to your mail provider's SMTP server so it -can have the proper headers attached for authentication, it can be sent -from the proper domain, etc. All the necessary security measures can be -applied that prevent your email from going directly to spam or from -being rejected outright. - -~msmtp~'s configuration is also fairly simple if a bit long, just like -OfflineIMAP's. - -#+BEGIN_SRC text - # Set default values for all following accounts. - defaults - - # Use the mail submission port 587 instead of the SMTP port 25. - port 587 - - # Always use TLS. - tls on -#+END_SRC - -This section just sets the defaults. It uses port 587 (STARTTLS) for all -SMTP servers unless otherwise specified and enables TLS. - -#+BEGIN_SRC text - account user@example.com - host smtp.example.com - from user@example.com - auth on - user user@example.com - passwordeval secret-tool lookup Title "user@example.com" -#+END_SRC - -This section is where things get tedious. When passing an email to -~msmtp~, it looks at the ~From:~ header and searches for a block with a -matching ~from~ line. If it finds one, it will use those configuration -options to relay the email. ~host~ is simply the SMTP server of your mail -provider, sometimes this is ~mail.example.com~, ~smtp.example.com~, etc. -I've already explained ~from~, ~auth~ simply says that a username and -password will have to be provided, ~user~ is that username, and -~passwordeval~ is a method to obtain the password. - -When I got to configuring ~msmtp~, [[https://keepassxc.org/][KeePassXC]] had just released their -~libsecret~ integration and I wanted to try it. ~secret-tool~ is a command -line tool used to store and retrieve passwords from whatever keyring -you're using. I think KDE has ~kwallet~ and GNOME has ~gnome-keyring~ if -you already have those set up and want to use them; the process should -be quite similar regardless. - -As mentioned above ~secret-tool~ stores and retrieves passwords. For -retrieval, it expects the command to look like this. - -#+BEGIN_SRC text -secret-tool lookup {attribute} {value} ... -#+END_SRC - -I don't know what ~kwallet~ and ~gnome-keyring~'s attributes are but -this can be used with KeePassXC by specifying the ~Title~ attribute. If -the password to your email account is stored in KeePassXC with the -address as the entry title, you can retrieve it by simply running... - -#+BEGIN_SRC text -secret-tool lookup Title "user@example.com" -#+END_SRC - -If you have a different naming system, you'll have to experiment and try -different things; I don't know what KeePassXC's other attributes are so -I can't give other examples. - -#+BEGIN_SRC text -passwordeval gpg -dq ~/.mail_pass/use_exa.gpg -#+END_SRC - -Now that the whole block is assembled, copy/paste/edit for as many -accounts as you want to send email from. - -*** Summary - -*** TODO Pong fluffy when finished -** TODO Audacity and the telemetry pull request :Open__source__culture:Audio__editing:Music:Drama: -:PROPERTIES: -:EXPORT_FILE_NAME: audacity-and-the-telemetry-pull-request -:EXPORT_HUGO_CUSTOM_FRONT_MATTER: :toc true -:END: - -Five days ago at the time of writing, [[https://github.com/crsib][Dmitry Vedenko]] opened a Pull -Request (PR) in [[https://github.com/audacity/audacity/pull/835][Audacity's GitHub repository]] entitled [[https://github.com/audacity/audacity/pull/835][/Basic telemetry -for the Audacity/.]] About two days later, all hell broke loose. That PR -now has over 3.3 thousand downvotes and more than one thousand comments -from nearly 400 individuals. I started reading the posts shortly after -they began and kept up with them over the following days, reading every -single new post. I recognise that few people are going to feel like -wading through over 1k comments so this is my attempt to provide a -summary of the PR itself using the community's code reviews along with a -summary of the various opinions conveyed in the comments. - -When I reference comments, I'll provide a footnote that includes a link -to the comment and a link to a screenshot just in case it's removed or -edited in the future. - -*** Audacity's acquisition - -I haven't been able to find /much/ information in this area so forgive me -if I'm scant on details. - -On 30 April, a company called [[https://mu.se/][Muse Group]] acquired [[https://www.audacityteam.org/][Audacity.]] According to -[[https://mu.se][their website]], Muse is the parent company behind many musical -applications and tools. It was founded by Eugeny Naidenov just days -before it acquired Audacity. Before all of this, Eugeny Naidenov founded -[[https://www.ultimate-guitar.com/][Ultimate Guitar]] (UG) in 1998. The service grew rather quickly and now -has over 300 million users. UG acquired [[https://deanzelinsky.com/][Dean Zelinsky Guitars]] in 2012, -[[http://agilepartners.com/][Agile Partners]] in 2013, [[https://musescore.org/][MuseScore]] in 2017, and [[http://trycrescendo.com/][Crescendo]] in 2018. Muse -Group was established in 2021 and it seems as if all of the services UG -acquired were (or will be) transferred to Muse Group, as well as UG -itself. Immediately following its establishment, Muse not only acquired -Audacity but also [[https://www.staffpad.net/][StaffPad.]] - -I say 30 April because that's when Muse published their [[https://mu.se/newsroom/tpost/6dhedma301-muse-group-acquires-audacity-expanding-c][press release]] -and when Martin Keary (Tantacrul) published a video entitled [[https://www.youtube.com/watch?v=RMWNvwLiXIQ][/I’m now in -charge of Audacity. Seriously./]] According to his comment,[fn:17] Martin -will help with proposing Audacity's roadmap and many of its future -features as well as working with the community. This has been his role -with MuseScore since he joined that project and he will be continuing it -here. - -~-----BEGIN PERSONAL OPINION-----~ - -Looking at [[https://www.martinkeary.com/][his website,]] I also suspect he will play a large role in -redesigning Audacity's interface. Considering that he was instrumental -in designing [[https://www.martinkeary.com/#/ubuntu-touch-os/][the best mobile interface I've ever had the absolute -pleasure of experiencing,]] I have high hopes that this is the case. - -~------END PERSONAL OPINION------~ - -*** Telemetry implementation -**** Implementation Basics - -A few days after the acquisition, a PR was opened that adds /Basic -telemetry for the Audacity/. This implementation collects "application -opened" events and sends those to Yandex to estimate the number of -Audacity users. It also collects session start and end events, errors -for debugging, file used for import and export, OS and Audacity -versions, and the use of effects, generators, and analysis tools so they -can prioritise future improvements. Sending this data would be optional -and the user would be presented with a dialogue the first time they -launch the application after installation or after they update to the -including release. This description was mostly copied directly from [[https://github.com/audacity/audacity/pull/835#issue-629891447][the -PR description itself.]] - -**** Frontend Implementation -This is fairly straightforward and a pretty standard UI for prompting -users to consent to analytics and crash logging. This section is -included because the community has strong opinions regarding the -language used and its design, but that will be discussed later. The -screenshot below is copied directly from the PR. - -[[~/repos/sites/secluded/static/assets/pngs/audacity-pr/consentdialogue.png][file:~/repos/sites/secluded/static/assets/pngs/audacity-pr/consentdialogue.png]] - -**** Backend Implementation -Many of the code reviews include the reviewer's personal opinion so I -will summarise the comment, provide the code block in question, and link -directly to the comment in a footnote.[fn:9] - -#+BEGIN_SRC c - if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n"))) - return false; -#+END_SRC -[[https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/libraries/lib-telemetry/TelemetryManager.cpp#L199-L200][Lines 199-200 of TelemetryManager.cpp]] save the user's unique client ID -to a file.[fn:8] This allows the analytics tool (in this case, Google -Analytics) to aggregate data produced by a single user. - -#+BEGIN_SRC c - def_vars() - - set( CURL_DIR "${_INTDIR}/libcurl" ) - set( CURL_TAG "curl-7_76_0") -#+END_SRC -[[https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L3-L6][Lines 3-6 of CMakeLists.txt]] "vendor in" libcurl.[fn:10] This is when an -application directly includes sources for a utility rather than making -use utilities provided by the system itself. - -#+BEGIN_SRC c - ExternalProject_Add(curl - PREFIX "${CURL_DIR}" - INSTALL_DIR "${CURL_DIR}" - GIT_REPOSITORY https://github.com/curl/curl - GIT_TAG ${CURL_TAG} - GIT_SHALLOW Yes - CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS} - ) -#+END_SRC -[[https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L29-L36][Lines 29-36 of CMakeLists.txt]] add curl as a remote dependency.[fn:11] -This means that the machine building Audacity from its source code has -to download curl during that build. - -#+BEGIN_SRC c - S.Id (wxID_NO).AddButton (rejectButtonTitle); - S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault (); -#+END_SRC -[[https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/src/telemetry/TelemetryDialog.cpp#L93-L94][Lines 93-94 of TelemetryDialog.cpp]] add buttons to the dialogue asking -the user whether they consent to data collection.[fn:12] ~SetDefault~ -focuses the button indicating that the user does consent. This means -that if the user doesn't really look at the dialogue and presses -Spacebar or Enter, or if they do so accidentally by simply bumping the -key, they unintentionally consent to data collection. If the user -desires, this can later be changed in the settings menu. However, if -they weren't aware what they were consenting to /or that they did -consent/, they won't know to go back and opt out. - -There are other problems with the code that include [[https://github.com/audacity/audacity/pull/835#discussion_r628816050][simple mistakes,]] -[[https://github.https://github.com/audacity/audacity/pull/835#discussion_r628774985][styling that's inconsistent with the rest of the project,]] [[https://github.com/audacity/audacity/pull/835#discussion_r628500849][unhandled -return values resulting in skewed data,]] [[https://github.com/audacity/audacity/pull/835#discussion_r628792423][use of inappropriate functions,]] -and [[https://github.com/audacity/audacity/pull/835#discussion_r628818054][spelling errors in the comments.]] I believe these are less important -than those above so they won't be discussed. - -*** Community opinions -There were many strong opinions regarding both the frontend and backend -implementations of this PR, from the wording of the dialogue and -highlighting the consent button to devices running something other than -Windows and macOS not being able to send telemetry and thus skewing the -data that /was/ collected. - -**** Opinions on the frontend - -Really, the only frontend here is the consent dialogue. However, there -are /many/ comments about it, the most common of which is probably that -the wording is not only too vague[fn:13] but also inaccurate.[fn:14] The -assertion that Google Analytics are not anonymous and any data sent can -be trivially de-anonymised (or de-pseudonymised) is repeated many times -over. Below are a few links to comments stating such. I searched for the -term /"anonymous"/, copied relevant links, and stopped when my scrollbar -reached halfway down the page. - -- [[https://github.com/audacity/audacity/pull/835#discussion_r628156527][r628156527]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-833969780][833969780]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-833969933][833969933]] -- [[https://github.com/audacity/audacity/pull/835#discussion_r627995927][r627995927]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-834358022][834358022]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-834377549][834377549]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-834382007][834382007]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-834385463][834385463]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-834405825][834405825]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-834531779][834531779]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-834546874][834546874]] -- [[https://github.com/audacity/audacity/pull/835#issuecomment-834638000][834638000]] - -The next most pervasive comment is regarding the consent buttons at the -bottom of the dialogue where users opt in or out.[fn:15] Many individuals call -this design a /dark pattern/. Harry Brignull, a UX specialist focusing on -deceptive interface practises, describes dark patterns as [[https://www.darkpatterns.org/][/tricks used -in websites and apps that make you do things that you didn't mean to/.]] -The dark pattern in this situation is the opt-in button being -highlighted. Many community members assert that users will see the big -blue button and click it without actually reading the dialogue's -contents. They just want to record their audio and this window is a -distraction that prevents them from doing so; it needs to get out of the -way and the quickest way to dismiss it is clicking that blue button. -Below is a list of some comments criticising this design. - - - [[https://github.com/audacity/audacity/pull/835#issuecomment-834286641][834286641]] - - [[https://github.com/audacity/audacity/pull/835#issuecomment-834358022][834358022]] - - [[https://github.com/audacity/audacity/pull/835#issuecomment-834399813][834399813]] - - [[https://github.com/audacity/audacity/pull/835#issuecomment-834479968][834479968]] - - [[https://github.com/audacity/audacity/pull/835#issuecomment-835250737][835250737]] - - [[https://github.com/audacity/audacity/pull/835#issuecomment-835253882][835253882]] - - [[https://github.com/audacity/audacity/pull/835#issuecomment-835291066][835291066]] - - [[https://github.com/audacity/audacity/pull/835#issuecomment-835445481][835445481]] - -Another issue that was brought up by a couple of individuals was the -lack of a privacy policy.[fn:16] The consent dialogue links to one, but, at the -time of writing, one does not exist at [[https://www.audacityteam.org/contact/privacy-policy/][the provided URL.]] I have [[https://web.archive.org/web/20210510012924/https://www.audacityteam.org/contact/privacy-policy/][archived -the state of the page]] in case that changes in the future. - -**** Opinions on the backend - -#+BEGIN_SRC c - if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n"))) - return false; -#+END_SRC - -The issue many individuals take with this snippet is saving the -~ClientID~. Say an individual has an odd file that causes Audacity to -crash any time they try to open it. Say they attempt to open it a -hundred times. Without giving the client a unique ID, it could look like -there are 100 people having an issue opening a file instead of just the -one. However, by virtue of each installation having an entirely unique -ID, this telemetry /is not anonymous/. Anonymity would be sending -statistics in such a way that connecting those failed attempts to a -single user would be impossible. At best, this implementation is -/pseudonymous/ because the client is given a random ID, you don't have to -sign in with an account or something. - -#+BEGIN_SRC c - def_vars() - - set( CURL_DIR "${_INTDIR}/libcurl" ) - set( CURL_TAG "curl-7_76_0") -#+END_SRC - -Timothe Litt's comment gives a good description of why "vendoring in" -libcurl is a bad idea[fn:19] and Tyler True's comment gives a good -overview of the pros and cons of doing so.[fn:18] Many people take issue -with this /specifically/ because it's libcurl. Security flaws in it are -/very/ common and Audacity's copy would need to be /manually/ kept up to -date with every upstream release to ensure none of its vulnerabilities -can be leveraged to compromise users. If the Audacity team was going to -stay on top of all of the security fixes, they would need to release a -new version every week or so. - -#+BEGIN_SRC c - ExternalProject_Add(curl - PREFIX "${CURL_DIR}" - INSTALL_DIR "${CURL_DIR}" - GIT_REPOSITORY https://github.com/curl/curl - GIT_TAG ${CURL_TAG} - GIT_SHALLOW Yes - CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS} - ) -#+END_SRC -The problem with downloading curl at build-time is that it's simply -disallowed for many Linux- and BSD-based operation systems. When a -distribution builds an application from source, its build dependencies -are often downloaded ahead of time and, as a security measure, the build -machine is cut off from the internet to prevent any interference. -Because this is disallowed, the build will fail and the application -won't be available on those operation systems. - -Note, however, that these build machines would have the option to -disable telemetry at build-time. This means the machine wouldn't attempt -to download curl from GitHub and the build would succeed but, again, -telemetry would be disabled for anyone not on Windows or macOS. This -defeats the whole purpose of adding telemetry in the first place. - -#+BEGIN_SRC c - S.Id (wxID_NO).AddButton (rejectButtonTitle); - S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault (); -#+END_SRC - -There was a lot of feedback about the decision to highlight the consent -button but that was mentioned up in the frontend section; I won't rehash -it here. - -**** Broader and particularly well-structured comments -These are simply some comments I feel deserve particular attention. - -From SndChaser... -- [[https://github.com/audacity/audacity/pull/835#issuecomment-834037351][834037351]] -- - -*** The Audacity team's response - - ------------------ - -*** The privacy policy modification - -https://github.com/audacity/audacity/issues/1213#issuecomment-875274890 - -** TODO Catchy title about Supernote being "the new paper" :Supernote:Writing:Productivity:Organisation: -:PROPERTIES: -:EXPORT_FILE_NAME: something-about-supernote -:EXPORT_HUGO_CUSTOM_FRONT_MATTER: :toc true -:END: - -I like writing things down. I like the feel of the pen (preferably a -fountain pen) gliding smoothly over the paper, that nice solid feeling -of the tip against the table, seeing the ink dry as it flows from the -nib, accidentally swiping my hand through it before it's finished and -smearing a bit of ink across the page, then cursing under my breath as I -dab it up with a handkerchief or a napkin or something else nearby. I -also love that writing things by hand [[https://journals.sagepub.com/doi/abs/10.1177/0956797614524581][has an impact on memory and -improves retention.]] - -*** The problem -Unfortunately, I don't love keeping up with that paper. Across many -different classes, even with dedicated folders for each one, something -important inevitably gets lost. Notebooks are also bulky and can take up -a lot of space. I tried [[https://bulletjournal.com/][bullet journalling]] for about a month earlier -this year and, while the process was enjoyable, the maintenance was not. -My brain moves faster than my pen (even though I have terrible -handwriting) and I inevitably forget letters or even whole words. This -is a problem while writing in pen because white-out looks ugly and I -dislike wasting whole pages because of a couple mistakes. - -The obvious solution here is to get an iPad with an Apple Pen, right? -Right?? - -Wrong because Apple bad.[fn:2] - -*** The solution -Enter the world of ... what are they even called? E-ink notebooks? Paper -tablets? E-R/W?[fn:1] Do they even have a "device category" yet? I don't -know, but they solve my problem in a wonderful way. - -As the names suggest, these are devices that can /usually/ open and read -e-books (EPUBs, PDFs, etc.), annotate them, and create standalone pages -of notes as if they were full notebooks. The most well-known of these -devices is likely the [[https://remarkable.com/][reMarkable.]] They had a [[https://venturebeat.com/2019/10/08/remarkable-raises-15-million-to-bring-its-e-paper-tablets-to-more-scribblers/][hugely successful -crowdfunding campaign]] and produced the reMarkable 1, followed by [[https://blog.remarkable.com/remarkable-2-the-next-generation-paper-tablet-91b47d0080cb][the -reMarkable 2 in 2020.]] There are a few devices like these by now but -we'll look at the reMarkable first. - -*** The reMarkable -This device boasts all of the features I was looking for. It renders -digital content, from books and manuals to comics and manga, allows you -to mark those documents up as you would if they were physical media, -create full notebooks of hand written text, organise them, search, and, -if your handwriting is legible enough (mine certainly is not), perform -OCR on your notes and email a transcription to yourself. It even runs -Linux and the developers have opened SSH up so you can remote in and -tinker with it as much as you like. Because of this, there's a pretty -awesome [[https://github.com/reHackable/awesome-reMarkable][community of people creating third-party tools and integrations]] -that add even further functionality. My favourite is probably [[https://github.com/bordaigorl/rmview][rMview,]] a -really fast VNC client for the reMarkable that allows you to view your -device's screen on any computer. - -After watching all of [[https://www.youtube.com/c/MyDeepGuide][MyDeepGuide's]] [[https://www.youtube.com/playlist?list=PLsSI9-gaSSmiXwb7Vjk5Vb-nB41UTnrXd][extensive playlist on the -reMarkable,]] however, I decided to go with a different product. - -*** Enter the Supernote A5X -The [[https://www.supernote.com/#/product?type=SN-A5-X][Supernote A5X]] has all of the basic features the reMarkable has: -reading documents, writing notes, and organising your content. Its -implementation, on the other hand, seems to be much more polished. It -also lacks some features from the reMarkable while adding others. - -*** Operating System -While the reMarkable runs Codex,[fn:3] a /"custom Linux-based OS -optimised for low-latency e-paper"/, the Supernote just runs Android. -There are both benefits and detriments to this; on one hand, they're -running all of Android, bloated that it is, on a very lightweight -tablet. On the other, they don't have to develop and maintain a custom -operating system. This allows them to focus on other aspects that are -arguably more important so I don't actually mind that it runs Android. - -The only place that Android stands out is in system operations; file -transfer uses MTP and, when you swipe down from the top of the device, a -small bar appears similar to what was in early Android. This lets you -change WiFi networks, sync with the Supernote Cloud, take a screenshot, -search, and access the system settings. Nothing else about the device -really screams Android to me. - -*** Community -I don't usually browse Reddit but [[https://old.reddit.com/r/Supernote/][the Supernote community]] there is -fascinating. I haven't looked around enough to know exactly what his -relationship is with the company, but one of the members, [[https://old.reddit.com/user/hex2asc][u/hex2asc,]] -seems to represent Supernote in something of an official capacity. He's -incredibly active and usually responds to posts and questions within a -day or two. - -Before I purchased a Supernote, [[https://old.reddit.com/r/Supernote/comments/lhffyd/sync_targets_open_document_formats_and_crossnote/][I wrote a post]] asking about a couple of -things that concerned me: sync targets, open document formats, and -cross-note links. I don't really plan to write full documents on the -device but having the option to do so would still be nice. The other -features are absolutely killer for me as I would like to maintain a -Zettelkasten (I wrote about [[/vim-as-a-markdown-editor/][using Vim to do so]] last year but didn't end -up sticking with it) and manage document synchronisation with my own -Nextcloud server. The community was quick to respond and confirm that -Zettelkasten functionality would be implemented soon™. u/hex2asc -responded /the day after/ and said that WebDAV would be supported but not -earlier than May (September update: it's still not supported), ODF would -likely not be supported, and cross-note links were definitely a -possibility. Another community member has been avidly following the -subreddit and even put together an [[https://app-rm.roadmunk.com/publish/03e6dca3d769e2b7015f7f48a649cb3f75f44d9e][unofficial roadmap.]] - -*** Interfaces - -**** Home & Organisation - -***** TODO Record very short video about home/organisation - -**** Settings - -***** TODO Record very short video about settings - -**** Writing & Annotating - -The following images are screenshots of the full page above with the -possible UI variations while reading a book. This first one is default, -with the editing bar at the top. It is exactly the same as what's -displayed on the blank pages for hand writing full notes. From left to -right is the Table of Contents toggle, the pen tools (fineliner, -"fountain" pen,[fn:5] and highlighter), the erasers, lasso select tool, -undo/redo, context menu, palm rejection toggle, previous page, goto -page, next page, and exit. - -[[~/repos/sites/secluded/static/assets/pngs/supernote-reader-default.png]] - -You can hold your finger on that bar and drag it down to detach it from -the top. The default width exposes all the tools without whitespace. You -can move it around the screen by dragging the circle with a straight -line through the middle on the far left. - -[[~/repos/sites/secluded/static/assets/pngs/supernote-reader-medium.png]] - -If you tap that circle, the width shrinks and everything except the -pens, erasers, and undo/redo buttons are hidden. It can be dragged the -same was as in the previous image and tapping that circle will expand -the bar again. - -[[~/repos/sites/secluded/static/assets/pngs/supernote-reader-small.png]] - -The last mode is with the bar completely hidden. You achieve this just -by dragging it to the right edge of the screen. Once hidden, you can -swipe right to left from the edge and it will be revealed flush with the -right edge. - -[[~/repos/sites/secluded/static/assets/pngs/supernote-reader-minimal.png]] - -*** Experience -**** Reading content -I love e-ink. I think it looks beautiful and would love to have an e-ink -monitor.[fn:4] That said, the Supernote has an especially nice display -with 226 PPI (pixels per inch). The image below was taken with my -phone's camera so it's not very good. However, if you zoom in a bit, you -can see that the curved edges of some letters are /slightly/ pixellated. -Viewing with my naked eye at a comfortable distance, it does look better -/to me/ than some of my print books, however. - -[[~/repos/sites/secluded/static/assets/pngs/supernote-resolution.png]] - -/At the moment,/ I am pretty disappointed with Table of Contents detection -for ePUBs. A great many of my books seem to use a legacy ToC format that -the Supernote sees and tries/fails to read before attempting to read the -more up-to-date one. This is easily remedied by editing the ePUB in -[[https://calibre-ebook.com/][Calibre,]] going to Tools → Upgrade Book Internals → Remove the legacy -Table of Contents in NCX format. You might need to make a small change -to one of the HTML files and revert it before the save button is -enabled. After that, just copy it back over to the Supernote and -everything should work properly. - -**** Writing notes -I write notes as often if not /more/ often than I read and annotate books. -It's the main reason I purchased the device and I love the experience. -The Supernote doesn't /really/ feel like paper despite what their -marketing materials claim, though it doesn't feel /bad/ either. It's hard -to describe but I would say it's something like writing with a -rollerball pen on high-quality paper with a marble counter underneath: -incredibly smooth with but a little bit of texture so it doesn't feel -like writing on a glass display. - -While writing latency[fn:6] is noticeable, I really don't have a huge -issue with it. I write very quickly but find that the slight latency -actually makes writing /more/ enjoyable. It sounds weird and I'm not sure -why, but I /really/ like writing on the Supernote; it's wonderfully -smooth, pressure-sensitive, the latency makes things interesting, and -[[https://supernote.com/#/part?id=SP-04][the Heart of Metal pen]] feels good in my hand. - -**** Surfacing Content -While organisation is done using a regular filesystem hierarchy, the -Supernote does have other ways to search for and surface your notes. As -you're writing, you can use the lasso select tool and encircle a word. A -little dialogue pops up and gives you a few buttons for things you can -do with that selection: copy, move to another page, cut, add it to the -Table of Contents, or mark it as a key word. If you select the key word -icon, the Supernote does some incredible OCR[fn:7] on it and displays a -dialogue where you can add it to the note file as a tag. This dialogue -allows you to edit the word before adding it just in case the OCR was -wonky. Even with my terrible handwriting, I've found that it works very -well and I rarely have to make edits. - -*** TODO Ping Isi and Volpeon when finished -** TODO Making yourself overly available - -*** References -[[https://www.nytimes.com/2021/03/05/opinion/ezra-klein-podcast-cal-newport.html?showTranscript=1][Stop. Breathe. We Can’t Keep Working Like This.]] - -*** Notes -**** Get rid of information that isn't important -**** Escalate the info that is -**** Set /clear/ boundaries for when you are available -**** Enforce those with automatic DnD rules or use timers -**** With groups... -***** Specialisation is /good/ and should be /encouraged/ -***** /All/ of the above points apply with coworkers as well - -*** TODO Pong Jake when finished -** TODO Setting LXC up for local "cloud" development -** TODO Stop using Gmail! -* Education :@Education: -** TODO Homeschooling -* Music :@Music: -* Pipe Smoking :@Pipe__Smoking: -* Dungeons & Dragons :@Dungeons__and__Dragons: - -* Footnotes - -[fn:19] [[https://github.com/audacity/audacity/pull/835#issuecomment-834451187][Link to the comment]] and [[/assets/pngs/audacity-pr/privatelibcurl.png][link to the screenshot]] - -[fn:18] [[https://github.com/audacity/audacity/pull/835#issuecomment-834010117][Link to the comment]] and [[/assets/pngs/audacity-pr/vendorproscons.png][link to the screenshot]] - -[fn:17] [[https://github.com/audacity/audacity/pull/835#issuecomment-836069326][Link to the comment]] and [[/assets/pngs/audacity-pr/tantacrulrole.png][link to the screenshot]] - -[fn:16] [[https://github.com/audacity/audacity/pull/835#discussion_r627762185][Link to the comment]] and [[/assets/pngs/audacity-pr/missingprivacypolicy.png][link to the screenshot]] - -[fn:15] [[https://github.com/audacity/audacity/pull/835#issuecomment-834286641][Link to the comment]] and [[/assets/pngs/audacity-pr/darkpattern.png][link to the screenshot]] - -[fn:14] [[https://github.com/audacity/audacity/pull/835#discussion_r627764300][Link to the comment]] and the screenshot is the same as previous - -[fn:13] [[https://github.com/audacity/audacity/pull/835#discussion_r627756976][Link to the comment]] and [[/assets/pngs/audacity-pr/vaguedialogue.png][link to the screenshot]] - -[fn:12] [[https://github.com/audacity/audacity/pull/835#discussion_r628124998][Link to the review]] and [[/assets/pngs/audacity-pr/defaultconsentbutton.png][link to the screenshot]] - -[fn:11] [[https://github.com/audacity/audacity/pull/835#discussion_r628008821][Link to the review]] and [[/assets/pngs/audacity-pr/externaldependency.png][link to the screenshot]] - -[fn:10] [[https://github.com/audacity/audacity/pull/835#discussion_r628005925][Link to the review]] and [[/assets/pngs/audacity-pr/vendorcurl.png][link to the screenshot]] - -[fn:9] Note that because I am not a C programmer, these reviews might -not be entirely accurate and I wouldn't be able to catch the reviewer's -error. I am relying on other community members to catch issues and -comment on them; none of the reviews I link to have such comments so I'm -assuming they are correct. - -[fn:8] [[https://github.com/audacity/audacity/pull/835#discussion_r627993755][Link to the review]] and [[/assets/pngs/audacity-pr/writeanalyticsid.png][link to the screenshot]] - -[fn:7] /Optical Character Recognition/: the program looks at your -handwriting and tries to turn it into text. - -[fn:6] In this situation, latency refers to how long it takes for "ink" -to show up on the "page" after writing something. - -[fn:5] It's not really a fountain pen even though that's what they call -it; it's just pressure-sensitive. - -[fn:4] There does seem to be a group of people interested in just such a -thing: /[[https://alexsoto.dev/challenges-building-an-open-source-eink-laptop.html][Challenges Building an Open-Source E Ink Laptop]]/ - -[fn:3]Taken from their [[https://support.remarkable.com/hc/en-us/articles/360006699537-About-reMarkable-2-][support page about the reMarkable 2;]] search the -page for /operating system/ and it should show up. - -[fn:2]I dislike Apple's operating system, their hardware, business -model, privacy practises, and much of what they stand for as a company. -Don't @ me. - -[fn:1]E-R/W is a play on media commonly being labelled as R/W when you -can read from it and write to it. diff --git a/content/posts/2020-03-09-creating-an-open-source-nas.md b/content/posts/2020-03-09-creating-an-open-source-nas.md index e861169..7999d9f 100644 --- a/content/posts/2020-03-09-creating-an-open-source-nas.md +++ b/content/posts/2020-03-09-creating-an-open-source-nas.md @@ -1,35 +1,67 @@ --- -layout: post title: Creating an open source NAS -subtitle: Why use proprietary when FLOSS do tricc? -description: My process for building an open source NAS with a powerful single board computer and a couple of massive HDDs -tags: sysadmin hosting nas backups +description: My process for building an open source NAS with a powerful single board computer and a couple of large HDDs +tags: Sysadmin NAS Backups date: 2020-03-09 23:43 -0400 cover: /assets/posts/disk.png draft: true --- -A few months ago, I decided that I needed a NAS. I didn't want anything proprietary because this was going to store all of my data, my mother's, possibly some friends', as well as backups for *all* of my servers; I needed to know I had full control over every aspect of the system to ensure it was secure. To that end, I decided to build it with an SBC[^1] from [Pine64](https://www.pine64.org). + +A few months ago, I decided that I needed a NAS. I didn't want anything +proprietary because this was going to store all of my data, my mother's, +possibly some friends', as well as backups for _all_ of my servers; I needed to +know I had full control over every aspect of the system to ensure it was secure. +To that end, I decided to build it with an SBC[^1] from +[Pine64](https://www.pine64.org). # Parts -* [ROCKPro64](https://store.pine64.org/?product=rockpro64-4gb-single-board-computer) - $79.99 -* [NAS Case](https://store.pine64.org/?product=rockpro64-metal-desktopnas-casing) - $44.99 -* [SATA -> PCIe adapter & RAID controller](https://www.amazon.com/N-ORANIE-Controller-HyperDuo-Multiplier-88SE9230/dp/B07KYP5RRL) - $47.99 -* [6 TB WD Red Pro](https://www.newegg.com/p/N82E16822234344) - $203.99 -* [Heatsink w/ fan](https://store.pine64.org/?product=rockpro64-10mm-low-profile-heatsink-with-fan) - $5.29 -* [Fan for the case](https://store.pine64.org/?product=fan-for-rockpro64-metal-desktopnas-casing) - $3.99 -* Power supply: [US](https://store.pine64.org/?product=rockpro64-12v-5a-us-power-supply) or [EU](https://store.pine64.org/?product=rockpro64-12v-5a-eu-power-supply) - $12.99 -* [16 GB eMMC Module](https://store.pine64.org/?product=16gb-emmc) - $15.95 -* Any microSD card + +- [ROCKPro64](https://store.pine64.org/?product=rockpro64-4gb-single-board-computer) - + $79.99 +- [NAS + Case](https://store.pine64.org/?product=rockpro64-metal-desktopnas-casing) - + $44.99 +- [SATA -> PCIe adapter & RAID + controller](https://www.amazon.com/N-ORANIE-Controller-HyperDuo-Multiplier-88SE9230/dp/B07KYP5RRL) - + $47.99 +- [6 TB WD Red Pro](https://www.newegg.com/p/N82E16822234344) - $203.99 +- [Heatsink w/ + fan](https://store.pine64.org/?product=rockpro64-10mm-low-profile-heatsink-with-fan) - + $5.29 +- [Fan for the + case](https://store.pine64.org/?product=fan-for-rockpro64-metal-desktopnas-casing) - + $3.99 +- Power supply: + [US](https://store.pine64.org/?product=rockpro64-12v-5a-us-power-supply) or + [EU](https://store.pine64.org/?product=rockpro64-12v-5a-eu-power-supply) - + $12.99 +- [16 GB eMMC Module](https://store.pine64.org/?product=16gb-emmc) - $15.95 +- Any microSD card **Total:** $415.18 -To reduce the overall cost, you could go with a cheaper HDD; I got this one because I need reliability in the *very* long run but a more inexpensive disk is perfectly suitable. Without accounting for the drive, the NAS is ~$215 and very reasonably priced compared to most other options. +To reduce the overall cost, you could go with a cheaper HDD; I got this one +because I need reliability in the _very_ long run but a more inexpensive disk is +perfectly suitable. Without accounting for the drive, the NAS is ~$215 and very +reasonably priced compared to most other options. # Assembly -Refer to [Pine64's wiki](https://wiki.pine64.org/index.php/NASCase) on assembling the case. I don't know if it was intentional or what but, for the HDDs, I was only given enough screws for one. For the cover, I still have three empty screw holes. It's not a huge deal but it would have been nice to have enough screws for everything. + +Refer to [Pine64's wiki](https://wiki.pine64.org/index.php/NASCase) on +assembling the case. I don't know if it was intentional or what but, for the +HDDs, I was only given enough screws for one. For the cover, I still have three +empty screw holes. It's not a huge deal but it would have been nice to have +enough screws for everything. # Software -I chose to go with [OpenMediaVault](https://openmediavault.org). However, I didn't use Pine64's image; there were a variety of errors when basic operations were run so I decided to use vanilla [armbian](https://www.armbian.com). Thankfully, they have an image for the [ROCKPro64](https://www.armbian.com/rockpro64/) and it worked flawlessly. The next step was getting OMV set up on it but, like a boss, they provide a script for that 😉 + +I chose to go with [OpenMediaVault](https://openmediavault.org). However, I +didn't use Pine64's image; there were a variety of errors when basic operations +were run so I decided to use vanilla [armbian](https://www.armbian.com). +Thankfully, they have an image for the +[ROCKPro64](https://www.armbian.com/rockpro64/) and it worked flawlessly. The +next step was getting OMV set up on it but, like a boss, they provide a script +for that 😉 ```bash wget https://raw.githubusercontent.com/OpenMediaVault-Plugin-Developers/installScript/master/install @@ -37,13 +69,21 @@ chmod +x install sudo ./install ``` -Additional setup info can be found in an [armbian guide](https://github.com/OpenMediaVault-Plugin-Developers/docs/blob/master/Adden-A-Installing_OMV5_on_Armbian.pdf) they've created. +Additional setup info can be found in an [armbian +guide](https://github.com/OpenMediaVault-Plugin-Developers/docs/blob/master/Adden-A-Installing_OMV5_on_Armbian.pdf) +they've created. # Drivers -This posed a huge problem for me. Neither the "official" ROCKPro64 OMV image nor armbian included the driver for my RAID controller so I had to figure that out. -Huge shoutout to `fromport` in the `#openmediavault` channel on Freenode; they were a *massive* help with getting the driver situation sorted out. +This posed a huge problem for me. Neither the "official" ROCKPro64 OMV image nor +armbian included the driver for my RAID controller so I had to figure that out. -Check out [Secluded.Site](https://secluded.site), my personal webpage; I'll be using it for posts like this in the future and will try to leave this space for official announcements (like when backups have been automated using this very NAS 😉). +Huge shoutout to `fromport` in the `#openmediavault` channel on Freenode; they +were a _massive_ help with getting the driver situation sorted out. + +Check out [Secluded.Site](https://secluded.site), my personal webpage; I'll be +using it for posts like this in the future and will try to leave this space for +official announcements (like when backups have been automated using this very +NAS 😉). [^1]: Single Board Computer diff --git a/content/posts/2020-03-21-email-privacy-security-concerns.md b/content/posts/2020-03-21-email-privacy-security-concerns.md index 0dd4fb1..1d57a3a 100644 --- a/content/posts/2020-03-21-email-privacy-security-concerns.md +++ b/content/posts/2020-03-21-email-privacy-security-concerns.md @@ -1,118 +1,108 @@ --- layout: post -title: Email & Privacy/Security Concerns +title: Email & privacy/security concerns date: 2020-03-21 01:46 -0400 draft: true --- -Plaintext email ---------------- +## Plaintext email -Email is inerently insecure. By default, everything is sent in plaintext -from one server to the next with no encryption whatsoever. Servers can -encrypt mail in-transit by implementing SSL and TLS but that still -leaves copies of your data in plaintext on both servers. For example, -see [this email I sent to +Email is inerently insecure. By default, everything is sent in plaintext from +one server to the next with no encryption whatsoever. Servers can encrypt mail +in-transit by implementing SSL and TLS but that still leaves copies of your data +in plaintext on both servers. For example, see [this email I sent to myself](https://bin.nixnet.services/?f76b8366e6b7a7b0#95skPFhsptkfyMH3i1n25ENZeUzrmYEUHzDVezaToGn). -At the very bottom, the content of my email is shown in the file for -anyone with access to the server to see. At first glance, this may not -seem like such a huge deal. It does, however, become a big deal when -you're conducting private business over email. If I so chose, I could -go to that directory and read everything you're saying and there's -nothing you could do about it. Any mail provider has this capability: -Gmail, Yahoo! Mail, Fastmail, the list goes on. Unless special measures -are taken to encrypt your emails *at rest*, this holds true in every -single case. +At the very bottom, the content of my email is shown in the file for anyone with +access to the server to see. At first glance, this may not seem like such a huge +deal. It does, however, become a big deal when you're conducting private +business over email. If I so chose, I could go to that directory and read +everything you're saying and there's nothing you could do about it. Any mail +provider has this capability: Gmail, Yahoo! Mail, Fastmail, the list goes on. +Unless special measures are taken to encrypt your emails _at rest_, this holds +true in every single case. -Encrypted email ---------------- +## Encrypted email Providers like [Protonmail](https://protonmail.com) and -[Tutanota](https://www.tutanota.com/) do exactly this and that is their -main draw. Mail to and from other users of the same platform (Protonmail --> Protonmail, Tutanota -> Tutanota) is encrypted from end-to-end as -well as at rest so the only parties that can read it are the sender and -the receiver; the provider itself can't access them. However, the -benefit of at-rest encryption becomes absolutely meaningless the -*second* you communicate with someone on a server that *doesn't* -implement it. Protonmail -> Gmail is 100% insecure and Google is free -to perform whatever text analysis and user profiling they wish. NixNet -Mail will implement at-rest encryption in the near future but, even -then, there is no way to verify that that's *actually* the case unless -I gave everyone root access to my server at all times (security and -compliance ***nightmare***). The only viable solution is to take your -privacy into your own hands and encrypt emails yourself. +[Tutanota](https://www.tutanota.com/) do exactly this and that is their main +draw. Mail to and from other users of the same platform (Protonmail -> +Protonmail, Tutanota -> Tutanota) is encrypted from end-to-end as well as at +rest so the only parties that can read it are the sender and the receiver; the +provider itself can't access them. However, the benefit of at-rest encryption +becomes absolutely meaningless the _second_ you communicate with someone on a +server that _doesn't_ implement it. Protonmail -> Gmail is 100% insecure and +Google is free to perform whatever text analysis and user profiling they wish. +NixNet Mail will implement at-rest encryption in the near future but, even then, +there is no way to verify that that's _actually_ the case unless I gave everyone +root access to my server at all times (security and compliance **_nightmare_**). +The only viable solution is to take your privacy into your own hands and encrypt +emails yourself. -GPG encryption --------------- +## GPG encryption -"GPG" stands for "GNU Privacy Guard" and is a libre implementation -of "PGP" or "Pretty Good Privacy", originally created by [Phil -Zimmerman](https://en.wikipedia.org/wiki/Phil_Zimmermann). PGP was -eventually bought by Symantec and became Symantec Encryption Desktop and -GPG quickly became the most widely used implementation of [OpenPGP -standards](https://tools.ietf.org/html/rfc4880). GPG integration is -especially common in open source email clients such as +"GPG" stands for "GNU Privacy Guard" and is a libre implementation of "PGP" or +"Pretty Good Privacy", originally created by [Phil +Zimmerman](https://en.wikipedia.org/wiki/Phil_Zimmermann). PGP was eventually +bought by Symantec and became Symantec Encryption Desktop and GPG quickly became +the most widely used implementation of [OpenPGP +standards](https://tools.ietf.org/html/rfc4880). GPG integration is especially +common in open source email clients such as [Thunderbird](https://www.thunderbird.net/) and -[Evolution](https://wiki.gnome.org/Apps/Evolution). It relies on -[public-key -cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) and -allows users to encrypt their emails with another user's public key. -The email would then be *de*crypted using the receiver's *private* key. -Take a look at this [encrypted email I sent to +[Evolution](https://wiki.gnome.org/Apps/Evolution). It relies on [public-key +cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) and allows +users to encrypt their emails with another user's public key. The email would +then be *de*crypted using the receiver's _private_ key. Take a look at this +[encrypted email I sent to myself](https://bin.nixnet.services/?70f0ac93b8df9416#Fske8BYAVdoYzD76VgBb5AimRqm2yY8HgnpdcAzUwuD7). -As admin of the server, that is literally all I can see. The text -between `BEGIN PGP MESSAGE` and `END PGP MESSAGE` is the email body and -it just looks like a block of random characters to me. To the person -receiving the message, however, after decryption, they'll be able to -read it just like the plaintext one linked in the first section. +As admin of the server, that is literally all I can see. The text between `BEGIN +PGP MESSAGE` and `END PGP MESSAGE` is the email body and it just looks like a +block of random characters to me. To the person receiving the message, however, +after decryption, they'll be able to read it just like the plaintext one linked +in the first section. -If you want to learn more about GPG encryption and protecting your -privacy when using email, I recommend reading through [Email -Self-Defense](https://emailselfdefense.fsf.org/en/), a fantastic -resource from the Free Software Foundation. +If you want to learn more about GPG encryption and protecting your privacy when +using email, I recommend reading through [Email +Self-Defense](https://emailselfdefense.fsf.org/en/), a fantastic resource from +the Free Software Foundation. -***NOTE:*** Encrypting an email *does not* encrypt the metadata. When you -sign up for a new email service, send one to yourself and inspect the -headers to see if they obfuscate identifying details. +**_NOTE:_** Encrypting an email _does not_ encrypt the metadata. When you sign +up for a new email service, send one to yourself and inspect the headers to see +if they obfuscate identifying details. -Metadata --------- +## Metadata -Another thing to keep in mind with emails is metadata in the headers of -the emails. In Roundcube, you can view these by clicking `More` then -`View source`. In Thunderbird, just press `CTRL` + `U`.For other clients -and web UIs, you'll just have to look around for options to show -headers, view source, download, something like that. You can also take a -look at the [email I sent +Another thing to keep in mind with emails is metadata in the headers of the +emails. In Roundcube, you can view these by clicking `More` then `View source`. +In Thunderbird, just press `CTRL` + `U`.For other clients and web UIs, you'll +just have to look around for options to show headers, view source, download, +something like that. You can also take a look at the [email I sent myself](https://bin.nixnet.services/?f76b8366e6b7a7b0#95skPFhsptkfyMH3i1n25ENZeUzrmYEUHzDVezaToGn). -I'll break down some of the lines and explain what they are. Some of it -is irrelevant to this and will be skipped though. +I'll break down some of the lines and explain what they are. Some of it is +irrelevant to this and will be skipped though. -`Return-Path: ` 👉 Address your reply will go to +`Return-Path: ` 👉 Address your reply will go to -`Delivered-To: amolith@nixnet.email ` 👉 Address the email was sent to +`Delivered-To: amolith@nixnet.email ` 👉 Address the email was sent to -`To: Amolith ` 👉 The *displayed* receiver +`To: Amolith ` 👉 The _displayed_ receiver -`From: Amolith ` 👉 The *displayed* sender +`From: Amolith ` 👉 The _displayed_ sender -`Subject: Email demonstration ` 👉 Subject of the email +`Subject: Email demonstration ` 👉 Subject of the email -`Date: Sat, 23 Nov 2019 00:20:46 -0500 ` 👉 Timestamp at which the email -was sent. This does include the timezone and can be used to identify you +`Date: Sat, 23 Nov 2019 00:20:46 -0500 ` 👉 Timestamp at which the email was +sent. This does include the timezone and can be used to identify you -`User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 ` -👉 Full user-agent the email application includes with the email. In this -case, it consists of the organisation, my display server, my operating -system and architecture, the HTML rendering engine, and the email client -and version. This can *really* be used to identify you. +`User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 +Thunderbird/68.2.2 ` 👉 Full user-agent the email application includes with the +email. In this case, it consists of the organisation, my display server, my +operating system and architecture, the HTML rendering engine, and the email +client and version. This can _really_ be used to identify you. -The rest of it is server-side stuff that doesn't matter too much for -*this* document but will likely be discussed elsewhere in the future. -Together, all of this metadata can be used to identify people in a -conversation. Timezone (vague location), OS, email application, -correspondents, and client version. That last component could actually -be useful for determining whether or not the client is susceptible to -certain malware attacks +The rest of it is server-side stuff that doesn't matter too much for _this_ +document but will likely be discussed elsewhere in the future. Together, all of +this metadata can be used to identify people in a conversation. Timezone (vague +location), OS, email application, correspondents, and client version. That last +component could actually be useful for determining whether or not the client is +susceptible to certain malware attacks diff --git a/content/posts/a-perfect-email-setup-for-me.md b/content/posts/a-perfect-email-setup-for-me.md new file mode 100644 index 0000000..ab41443 --- /dev/null +++ b/content/posts/a-perfect-email-setup-for-me.md @@ -0,0 +1,339 @@ +--- +title: "A perfect email setup (for me)" +author: ["Amolith"] +lastmod: 2023-01-27T13:00:36-05:00 +tags: ["Email", "Workflow"] +categories: ["Technology"] +draft: true +--- + +I've never been satisfied with any of the email clients most people use. I've +tried [Thunderbird,](https://www.thunderbird.net/en-GB/) +[Evolution,](https://wiki.gnome.org/Apps/Evolution) +[Mailspring,](https://getmailspring.com/) +[Mail.app,](https://support.apple.com/mail) [Roundcube,](https://roundcube.net/) +[SOGo,](https://sogo.nu/) [Geary,](https://wiki.gnome.org/Apps/Geary) and _many_ +more. _None_ of them handle multiple accounts particularly well because all of +the emails associated with that account are bound within it. Sure, you can make +a new folder somewhere called `TODO` and move all of your actionable emails to +that folder but, when you go to move actionable emails from _another_ account +into that folder, you'll likely find that the client simply doesn't let you. If +it does, when you reply, it will likely be sent from the wrong account. This is +a limitation of the IMAP protocol; everything is _managed_ locally but changes +are pushed to the remote server and mixing things the way I want leads to broken +setups. + +Before I go any further, these are a few characteristics of my ideal email tool. + +- Support for multiple accounts (obviously) +- _Native desktop application_ (**not** + [Electron](https://github.com/electron/electron)) +- Has stellar keyboard shortcuts +- Doesn't require internet connectivity (other than downloading and sending of + course) +- Organisation can be done with tags + +## Why tags? {#why-tags} + +Because they're better. Hierarchies are useful for prose and code but not for +files, emails, notes, or anything where an item may fit within multiple +categories. Imagine you get an email from your Computer Science professor that +includes test dates, homework, and information about another assignment. In that +same email, he asks every student to reply with something they learned from the +previous class as a form of attendance. In a hierarchy, the best place for this +might just be a `TODO` folder _even though_ it would also fit under `School`, +`CS`, `Dates`, `To read`, and `Homework`. Maybe you have a few minutes and want +to clear out some emails that don't require any interaction. In a tag-based +workflow, this would be a good time to open `To read`, get that email out of the +way, and remove the `To read` tag. It would still show up under the other tags +so you can find it later and take the time to fully answer the professor's +question, add those dates to your calendar, and add the homework assignments to +your `TODO` list. Hierarchies can be quite cumbersome to work with, especially +when one folder ends up getting all the data. Tags ensure that you only see what +you want when you want it. Tags are more efficient and they will remain my +organisation system of choice. + +## The tools {#the-tools} + +In short, the tools we will be using are... + +- [`mbsync`](https://isync.sourceforge.io/mbsync.html) to download our emails +- [`notmuch`,](https://notmuchmail.org/) the primary way emails will be + organised +- [`afew`](https://afew.readthedocs.io/en/latest/) to apply initial `notmuch` + tags based on subject, sender, recipient, etc. +- [NeoMutt](https://neomutt.org/) to interact with those emails, reply, + compose, add/remove tags, etc. +- [`msmtp`](https://marlam.de/msmtp/) for relaying our replies and + compositions to our mail provider + +Yes, it's a lot. Yes, it's time-consuming to set up. Yes, it's worth it (in my +opinion). + +## `mbsync` {#mbsync} + +As I said above, IMAP is limiting; we need to use some other method of +downloading our emails. There's an awesome piece of software called +[mbsync](https://isync.sourceforge.io/mbsync.html) which is built for exactly +this purpose. Its configuration can be rather daunting if you have as many +accounts as I do (19) but it's not _terrible_. + +The following sections are named **Near**, **Far**, and **Sync**. Near and Far +are terms mbsync uses to profile _how_ your emails are stored, _where_ they're +stored, and how to interact with them. In this guide, Far will our mail +provider's IMAP server and Near will be our local Maildir. + +### Far {#far} + +```text +IMAPAccount amo_ema +Host imap.nixnet.email +CertificateFile /etc/ssl/certs/ca-certificates.crt +SSLType STARTTLS +User amolith@nixnet.email +PassCmd "secret-tool lookup Title amolith@nixnet.email" + +IMAPStore amo_ema-remote +Account amo_ema +``` + +### Near {#near} + +```text +MaildirStore amo_ema-local +SubFolders Verbatim +Path ~/new-mail/amo_ema/ +Inbox ~/new-mail/amo_ema/INBOX/ +``` + +In the first block, `localrepository` and `remoterepository` tell OfflineIMAP +where to look for your emails. `use_exa-local` is an arbitrary naming scheme I +use to differentiate between the various local and remote accounts. It can +easily be swapped with something else. + +### Sync {#sync} + +```text +Channel amo_ema +Far :amo_ema-remote: +Near :amo_ema-local: +SyncState * +Patterns * +Create Both +``` + +The repository sections describe how the emails are stored or retrieved. In the +`local` block, you'll notice that the type is `Maildir`. In this format, each +email is given a unique filename and stored in a hierarchy of folders within +your account. This is often how your emails are stored on your provider's mail +server. + +`pythonfile` is used here to authenticate with the remote server. This can be +complicated and depends _entirely_ on how you manage your passwords. I use +[KeePassXC](https://keepassxc.org/) and love it. When I set OfflineIMAP up, +however, it didn't have `libsecret` compatibility. This would have made setup +significantly easier but, as it already just works™, I don't really see a reason +to change it. + +This new feature allows `libresecret`-based applications to query KeePassXC for +your passwords or store them there on your behalf. CLI/TUI applications that +need a secure mechanism for background authentication can use `secret-tool +lookup Title "TITLE_OF_PASSWORD"` as the password command. See [the pull +request](https://github.com/keepassxreboot/keepassxc/pull/2726) for more +details. Because this wasn't a feature when I first set it up, I put my +passwords in plaintext files and encrypted them with the GPG key stored on my +YubiKey. As long as my key is plugged in, OfflineIMAP can authenticate and +download all my emails just fine. The process for using a GPG key _not_ stored +on a hardware token is pretty much the same and I'll talk about that process +instead. + +These are the contents of my `~/.offlineimap.py`. + +```python + #! /usr/bin/env python2 + from subprocess import check_output + def get_pass(account): + return check_output(["gpg", "-dq", f" ~/.mail_pass/{account}.gpg"]).strip("\n") +``` + +This runs `gpg -dq ~/.mail_pass/use_exa.gpg` then strips the newline character +before returning it to OfflineIMAP. `-d` tells GPG that you're passing it a file +you want decrypted and `-q` tells it not to give any output other than the +file's contents. For a setup that works with this Python script, put your +passwords in plaintext files with the account name as the file name (e.g. +`use_exa`). You'll then encrypt it with `gpg -er use_exa`. Running +`gpg -dq use_exa.gpg` should display your password. Repeat for every account and +store the resulting files in `~/.mail_pass/`. + +The other option, `sync_deletes`, is whether or not to delete remote emails that +have been deleted locally. I enabled that because I want to have easy control +over how much remote storage is used. + +Here's the next block again so you don't have to scroll up: + +```text +[Repository use_exa-remote] +type = IMAP +remotehost = imap.example.com +starttls = yes +ssl = no +remoteport = 143 +remoteuser = user@example.com +remotepasseval = get_pass("use_exa") +auth_mechanisms = GSSAPI, XOAUTH2, CRAM-MD5, PLAIN, LOGIN +maxconnections = 1 +createfolders = True +sync_deletes = yes +``` + +This one's pretty self-explanatory. `type`, `remotehost`, `starttls`, `ssl`, and +`remoteport` should all be somewhere in your provider's documentation. +`remoteuser` is your email address and `remotepasseval` is the function that +will return your password and allow OfflineIMAP to authenticate. You'll want +enter the name of your password file without the `.gpg` extension; the script +takes care of adding that. Leave `auth_mechanisms` alone and the same for +`maxconnections` unless you know your provider won't rate limit you or something +for opening multiple connections. `sync_deletes` is the same as in the previous +block. + +Copy those three blocks for as many accounts as you want emails downloaded from. +I have 510 lines just for `Account` and `Repository` blocks due to the number of +address I'm keeping track of. + +## `notmuch` {#notmuch} + +[`notmuch`](https://notmuchmail.org/) is _a fast, global-search, and tag-based +email system_. This what does all of our organisation as well as what provides +the "virtual" mailboxes NeoMutt will display later on. Configuration is +incredibly simple. This file goes in `~/.notmuch-config`. + +```text + [database] + path=/home/user/mail/ + + [user] + name=Amolith + primary_email=user@example.com + + [new] + tags=unread;new; + ignore=Trash; + + [search] + exclude_tags=deleted;spam; + + [maildir] + synchronize_flags=true +``` + +First section is the path to where all of your archives are, the `[user]` +section is where you list all of your accounts, `[new]` adds `tags` to mail +notmuch hasn't indexed yet and ignores indexing the `Trash` folder, and +`[search]` ignores mail tagged with `deleted` or `spam`. The final section tells +`notmuch` to add maildir flags which correspond with `notmuch` tags. These flags +will be synced to the remote server the next time OfflineIMAP runs and things +will be somewhat organised in your webmail interface. + +After creating the configuration file, run `notmuch new` and wait for all of +your mail to be indexed. This could take a short amount of time or it could take +minutes up to an hour, depending on how many emails you have. After it's +finished, you'll be able to run queries and see matching emails: + +```text + $ notmuch search from:user@example.com + thread:0000000000002e9d December 28 [1/1] Example User; Random subject that means nothing +``` + +This is not terribly useful in and of itself because you can't read it or reply +to it or anything. That's where the Mail User Agent (MUA) comes in. + +## `afew` {#afew} + +[`afew`](https://afew.readthedocs.io/en/latest/) is _an initial tagging script +for notmuch_. After calling `notmuch new`, `afew` will add tags based on headers +such as `From:`, `To:`, `Subject:`, etc. as well as handle killed threads and +spam. The official [quickstart +guide](https://afew.readthedocs.io/en/latest/quickstart.html) is probably the +best resource on getting started but I'll include a few tips here as well. + +## NeoMutt {#neomutt} + +## `msmtp` {#msmtp} + +`msmtp` is what's known as a _Mail Transfer Agent_ (MTA). You throw it an email +and it will relay that to your mail provider's SMTP server so it can have the +proper headers attached for authentication, it can be sent from the proper +domain, etc. All the necessary security measures can be applied that prevent +your email from going directly to spam or from being rejected outright. + +`msmtp`'s configuration is also fairly simple if a bit long, just like +OfflineIMAP's. + +```text + # Set default values for all following accounts. + defaults + + # Use the mail submission port 587 instead of the SMTP port 25. + port 587 + + # Always use TLS. + tls on +``` + +This section just sets the defaults. It uses port 587 (STARTTLS) for all SMTP +servers unless otherwise specified and enables TLS. + +```text + account user@example.com + host smtp.example.com + from user@example.com + auth on + user user@example.com + passwordeval secret-tool lookup Title "user@example.com" +``` + +This section is where things get tedious. When passing an email to `msmtp`, it +looks at the `From:` header and searches for a block with a matching `from` +line. If it finds one, it will use those configuration options to relay the +email. `host` is simply the SMTP server of your mail provider, sometimes this is +`mail.example.com`, `smtp.example.com`, etc. I've already explained `from`, +`auth` simply says that a username and password will have to be provided, `user` +is that username, and `passwordeval` is a method to obtain the password. + +When I got to configuring `msmtp`, [KeePassXC](https://keepassxc.org/) had just +released their `libsecret` integration and I wanted to try it. `secret-tool` is +a command line tool used to store and retrieve passwords from whatever keyring +you're using. I think KDE has `kwallet` and GNOME has `gnome-keyring` if you +already have those set up and want to use them; the process should be quite +similar regardless. + +As mentioned above `secret-tool` stores and retrieves passwords. For retrieval, +it expects the command to look like this. + +```text +secret-tool lookup {attribute} {value} ... +``` + +I don't know what `kwallet` and `gnome-keyring`'s attributes are but this can be +used with KeePassXC by specifying the `Title` attribute. If the password to your +email account is stored in KeePassXC with the address as the entry title, you +can retrieve it by simply running... + +```text +secret-tool lookup Title "user@example.com" +``` + +If you have a different naming system, you'll have to experiment and try +different things; I don't know what KeePassXC's other attributes are so I can't +give other examples. + +```text +passwordeval gpg -dq ~/.mail_pass/use_exa.gpg +``` + +Now that the whole block is assembled, copy/paste/edit for as many accounts as +you want to send email from. + +## Summary {#summary} + +## TODO Pong fluffy when finished {#pong-fluffy-when-finished} diff --git a/content/posts/audacity-and-the-telemetry-pull-request.md b/content/posts/audacity-and-the-telemetry-pull-request.md new file mode 100644 index 0000000..8a8ab3a --- /dev/null +++ b/content/posts/audacity-and-the-telemetry-pull-request.md @@ -0,0 +1,373 @@ +--- +title: "Audacity and the telemetry pull request" +author: ["Amolith"] +lastmod: 2023-01-27T13:00:37-05:00 +tags: ["Open source culture", "Audio editing", "Music", "Drama"] +categories: ["Technology"] +draft: true +--- + +Five days ago at the time of writing, [Dmitry Vedenko](https://github.com/crsib) +opened a Pull Request (PR) in [Audacity's GitHub +repository](https://github.com/audacity/audacity/pull/835) entitled [_Basic +telemetry for the Audacity_.](https://github.com/audacity/audacity/pull/835) +About two days later, all hell broke loose. That PR now has over 3.3 thousand +downvotes and more than one thousand comments from nearly 400 individuals. I +started reading the posts shortly after they began and kept up with them over +the following days, reading every single new post. I recognise that few people +are going to feel like wading through over 1k comments so this is my attempt to +provide a summary of the PR itself using the community's code reviews along with +a summary of the various opinions conveyed in the comments. + +When I reference comments, I'll provide a footnote that includes a link to the +comment and a link to a screenshot just in case it's removed or edited in the +future. + +## Audacity's acquisition {#audacity-s-acquisition} + +I haven't been able to find _much_ information in this area so forgive me if I'm +scant on details. + +On 30 April, a company called [Muse Group](https://mu.se/) acquired +[Audacity.](https://www.audacityteam.org/) According to [their +website](https://mu.se), Muse is the parent company behind many musical +applications and tools. It was founded by Eugeny Naidenov just days before it +acquired Audacity. Before all of this, Eugeny Naidenov founded [Ultimate +Guitar](https://www.ultimate-guitar.com/) (UG) in 1998. The service grew rather +quickly and now has over 300 million users. UG acquired [Dean Zelinsky +Guitars](https://deanzelinsky.com/) in 2012, [Agile +Partners](http://agilepartners.com/) in 2013, +[MuseScore](https://musescore.org/) in 2017, and +[Crescendo](http://trycrescendo.com/) in 2018. Muse Group was established in +2021 and it seems as if all of the services UG acquired were (or will be) +transferred to Muse Group, as well as UG itself. Immediately following its +establishment, Muse not only acquired Audacity but also +[StaffPad.](https://www.staffpad.net/) + +I say 30 April because that's when Muse published their [press +release](https://mu.se/newsroom/tpost/6dhedma301-muse-group-acquires-audacity-expanding-c) +and when Martin Keary (Tantacrul) published a video entitled [_I’m now in charge +of Audacity. Seriously._](https://www.youtube.com/watch?v=RMWNvwLiXIQ) According +to his comment,[^fn:1] Martin will help with proposing Audacity's roadmap and +many of its future features as well as working with the community. This has been +his role with MuseScore since he joined that project and he will be continuing +it here. + +`-----BEGIN PERSONAL OPINION-----` + +Looking at [his website,](https://www.martinkeary.com/) I also suspect he will +play a large role in redesigning Audacity's interface. Considering that he was +instrumental in designing [the best mobile interface I've ever had the absolute +pleasure of experiencing,](https://www.martinkeary.com/#/ubuntu-touch-os/) I +have high hopes that this is the case. + +`------END PERSONAL OPINION------` + +## Telemetry implementation {#telemetry-implementation} + +### Implementation Basics {#implementation-basics} + +A few days after the acquisition, a PR was opened that adds _Basic telemetry for +the Audacity_. This implementation collects "application opened" events and +sends those to Yandex to estimate the number of Audacity users. It also collects +session start and end events, errors for debugging, file used for import and +export, OS and Audacity versions, and the use of effects, generators, and +analysis tools so they can prioritise future improvements. Sending this data +would be optional and the user would be presented with a dialogue the first time +they launch the application after installation or after they update to the +including release. This description was mostly copied directly from [the PR +description +itself.](https://github.com/audacity/audacity/pull/835#issue-629891447) + +### Frontend Implementation {#frontend-implementation} + +This is fairly straightforward and a pretty standard UI for prompting users to +consent to analytics and crash logging. This section is included because the +community has strong opinions regarding the language used and its design, but +that will be discussed later. The screenshot below is copied directly from the +PR. + +{{< figure +src="~/repos/sites/secluded/static/assets/pngs/audacity-pr/consentdialogue.png" +link="~/repos/sites/secluded/static/assets/pngs/audacity-pr/consentdialogue.png" + +> }} + +### Backend Implementation {#backend-implementation} + +Many of the code reviews include the reviewer's personal opinion so I will +summarise the comment, provide the code block in question, and link directly to +the comment in a footnote.[^fn:2] + +```c + if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n"))) + return false; +``` + +[Lines 199-200 of +TelemetryManager.cpp](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/libraries/lib-telemetry/TelemetryManager.cpp#L199-L200) +save the user's unique client ID to a file.[^fn:3] This allows the analytics +tool (in this case, Google Analytics) to aggregate data produced by a single +user. + +```c + def_vars() + + set( CURL_DIR "${_INTDIR}/libcurl" ) + set( CURL_TAG "curl-7_76_0") +``` + +[Lines 3-6 of +CMakeLists.txt](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L3-L6) +"vendor in" libcurl.[^fn:4] This is when an application directly includes +sources for a utility rather than making use utilities provided by the system +itself. + +```c + ExternalProject_Add(curl + PREFIX "${CURL_DIR}" + INSTALL_DIR "${CURL_DIR}" + GIT_REPOSITORY https://github.com/curl/curl + GIT_TAG ${CURL_TAG} + GIT_SHALLOW Yes + CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS} + ) +``` + +[Lines 29-36 of +CMakeLists.txt](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L29-L36) +add curl as a remote dependency.[^fn:5] This means that the machine building +Audacity from its source code has to download curl during that build. + +```c + S.Id (wxID_NO).AddButton (rejectButtonTitle); + S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault (); +``` + +[Lines 93-94 of +TelemetryDialog.cpp](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/src/telemetry/TelemetryDialog.cpp#L93-L94) +add buttons to the dialogue asking the user whether they consent to data +collection.[^fn:6] `SetDefault` focuses the button indicating that the user does +consent. This means that if the user doesn't really look at the dialogue and +presses Spacebar or Enter, or if they do so accidentally by simply bumping the +key, they unintentionally consent to data collection. If the user desires, this +can later be changed in the settings menu. However, if they weren't aware what +they were consenting to _or that they did consent_, they won't know to go back +and opt out. + +There are other problems with the code that include [simple +mistakes,](https://github.com/audacity/audacity/pull/835#discussion_r628816050) +[styling that's inconsistent with the rest of the +project,](https://github.https//github.com/audacity/audacity/pull/835#discussion_r628774985) +[unhandled return values resulting in skewed +data,](https://github.com/audacity/audacity/pull/835#discussion_r628500849) [use +of inappropriate +functions,](https://github.com/audacity/audacity/pull/835#discussion_r628792423) +and [spelling errors in the +comments.](https://github.com/audacity/audacity/pull/835#discussion_r628818054) +I believe these are less important than those above so they won't be discussed. + +## Community opinions {#community-opinions} + +There were many strong opinions regarding both the frontend and backend +implementations of this PR, from the wording of the dialogue and highlighting +the consent button to devices running something other than Windows and macOS not +being able to send telemetry and thus skewing the data that _was_ collected. + +### Opinions on the frontend {#opinions-on-the-frontend} + +Really, the only frontend here is the consent dialogue. However, there are +_many_ comments about it, the most common of which is probably that the wording +is not only too vague[^fn:7] but also inaccurate.[^fn:8] The assertion that +Google Analytics are not anonymous and any data sent can be trivially +de-anonymised (or de-pseudonymised) is repeated many times over. Below are a few +links to comments stating such. I searched for the term _"anonymous"_, copied +relevant links, and stopped when my scrollbar reached halfway down the page. + +- [r628156527](https://github.com/audacity/audacity/pull/835#discussion_r628156527) +- [833969780](https://github.com/audacity/audacity/pull/835#issuecomment-833969780) +- [833969933](https://github.com/audacity/audacity/pull/835#issuecomment-833969933) +- [r627995927](https://github.com/audacity/audacity/pull/835#discussion_r627995927) +- [834358022](https://github.com/audacity/audacity/pull/835#issuecomment-834358022) +- [834377549](https://github.com/audacity/audacity/pull/835#issuecomment-834377549) +- [834382007](https://github.com/audacity/audacity/pull/835#issuecomment-834382007) +- [834385463](https://github.com/audacity/audacity/pull/835#issuecomment-834385463) +- [834405825](https://github.com/audacity/audacity/pull/835#issuecomment-834405825) +- [834531779](https://github.com/audacity/audacity/pull/835#issuecomment-834531779) +- [834546874](https://github.com/audacity/audacity/pull/835#issuecomment-834546874) +- [834638000](https://github.com/audacity/audacity/pull/835#issuecomment-834638000) + +The next most pervasive comment is regarding the consent buttons at the bottom +of the dialogue where users opt in or out.[^fn:9] Many individuals call this +design a _dark pattern_. Harry Brignull, a UX specialist focusing on deceptive +interface practises, describes dark patterns as [_tricks used in websites and +apps that make you do things that you didn't mean +to_.](https://www.darkpatterns.org/) The dark pattern in this situation is the +opt-in button being highlighted. Many community members assert that users will +see the big blue button and click it without actually reading the dialogue's +contents. They just want to record their audio and this window is a distraction +that prevents them from doing so; it needs to get out of the way and the +quickest way to dismiss it is clicking that blue button. Below is a list of some +comments criticising this design. + +- [834286641](https://github.com/audacity/audacity/pull/835#issuecomment-834286641) +- [834358022](https://github.com/audacity/audacity/pull/835#issuecomment-834358022) +- [834399813](https://github.com/audacity/audacity/pull/835#issuecomment-834399813) +- [834479968](https://github.com/audacity/audacity/pull/835#issuecomment-834479968) +- [835250737](https://github.com/audacity/audacity/pull/835#issuecomment-835250737) +- [835253882](https://github.com/audacity/audacity/pull/835#issuecomment-835253882) +- [835291066](https://github.com/audacity/audacity/pull/835#issuecomment-835291066) +- [835445481](https://github.com/audacity/audacity/pull/835#issuecomment-835445481) + +Another issue that was brought up by a couple of individuals was the lack of a +privacy policy.[^fn:10] The consent dialogue links to one, but, at the time of +writing, one does not exist at [the provided +URL.](https://www.audacityteam.org/contact/privacy-policy/) I have [archived the +state of the +page](https://web.archive.org/web/20210510012924/https://www.audacityteam.org/contact/privacy-policy/) +in case that changes in the future. + +### Opinions on the backend {#opinions-on-the-backend} + +```c + if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n"))) + return false; +``` + +The issue many individuals take with this snippet is saving the `ClientID`. Say +an individual has an odd file that causes Audacity to crash any time they try to +open it. Say they attempt to open it a hundred times. Without giving the client +a unique ID, it could look like there are 100 people having an issue opening a +file instead of just the one. However, by virtue of each installation having an +entirely unique ID, this telemetry _is not anonymous_. Anonymity would be +sending statistics in such a way that connecting those failed attempts to a +single user would be impossible. At best, this implementation is _pseudonymous_ +because the client is given a random ID, you don't have to sign in with an +account or something. + +```c + def_vars() + + set( CURL_DIR "${_INTDIR}/libcurl" ) + set( CURL_TAG "curl-7_76_0") +``` + +Timothe Litt's comment gives a good description of why "vendoring in" libcurl is +a bad idea[^fn:11] and Tyler True's comment gives a good overview of the pros +and cons of doing so.[^fn:12] Many people take issue with this _specifically_ +because it's libcurl. Security flaws in it are _very_ common and Audacity's copy +would need to be _manually_ kept up to date with every upstream release to +ensure none of its vulnerabilities can be leveraged to compromise users. If the +Audacity team was going to stay on top of all of the security fixes, they would +need to release a new version every week or so. + +```c + ExternalProject_Add(curl + PREFIX "${CURL_DIR}" + INSTALL_DIR "${CURL_DIR}" + GIT_REPOSITORY https://github.com/curl/curl + GIT_TAG ${CURL_TAG} + GIT_SHALLOW Yes + CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS} + ) +``` + +The problem with downloading curl at build-time is that it's simply disallowed +for many Linux- and BSD-based operation systems. When a distribution builds an +application from source, its build dependencies are often downloaded ahead of +time and, as a security measure, the build machine is cut off from the internet +to prevent any interference. Because this is disallowed, the build will fail and +the application won't be available on those operation systems. + +Note, however, that these build machines would have the option to disable +telemetry at build-time. This means the machine wouldn't attempt to download +curl from GitHub and the build would succeed but, again, telemetry would be +disabled for anyone not on Windows or macOS. This defeats the whole purpose of +adding telemetry in the first place. + +```c + S.Id (wxID_NO).AddButton (rejectButtonTitle); + S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault (); +``` + +There was a lot of feedback about the decision to highlight the consent button +but that was mentioned up in the frontend section; I won't rehash it here. + +### Broader and particularly well-structured comments {#broader-and-particularly-well-structured-comments} + +These are simply some comments I feel deserve particular attention. + +From SndChaser... + +- [834037351](https://github.com/audacity/audacity/pull/835#issuecomment-834037351) +- + +## The Audacity team's response {#the-audacity-team-s-response} + +--- + +## The privacy policy modification {#the-privacy-policy-modification} + + + +[^fn:1]: + [Link to the + comment](https://github.com/audacity/audacity/pull/835#issuecomment-836069326) + and [link to the screenshot](/assets/pngs/audacity-pr/tantacrulrole.png) + +[^fn:2]: + Note that because I am not a C programmer, these reviews might not be + entirely accurate and I wouldn't be able to catch the reviewer's error. I am + relying on other community members to catch issues and comment on them; none + of the reviews I link to have such comments so I'm assuming they are + correct. + +[^fn:3]: + [Link to the + review](https://github.com/audacity/audacity/pull/835#discussion_r627993755) and + [link to the screenshot](/assets/pngs/audacity-pr/writeanalyticsid.png) + +[^fn:4]: + [Link to the + review](https://github.com/audacity/audacity/pull/835#discussion_r628005925) and + [link to the screenshot](/assets/pngs/audacity-pr/vendorcurl.png) + +[^fn:5]: + [Link to the + review](https://github.com/audacity/audacity/pull/835#discussion_r628008821) and + [link to the screenshot](/assets/pngs/audacity-pr/externaldependency.png) + +[^fn:6]: + [Link to the + review](https://github.com/audacity/audacity/pull/835#discussion_r628124998) and + [link to the screenshot](/assets/pngs/audacity-pr/defaultconsentbutton.png) + +[^fn:7]: + [Link to the + comment](https://github.com/audacity/audacity/pull/835#discussion_r627756976) + and [link to the screenshot](/assets/pngs/audacity-pr/vaguedialogue.png) + +[^fn:8]: + [Link to the + comment](https://github.com/audacity/audacity/pull/835#discussion_r627764300) + and the screenshot is the same as previous + +[^fn:9]: + [Link to the + comment](https://github.com/audacity/audacity/pull/835#issuecomment-834286641) + and [link to the screenshot](/assets/pngs/audacity-pr/darkpattern.png) + +[^fn:10]: + [Link to the + comment](https://github.com/audacity/audacity/pull/835#discussion_r627762185) + and [link to the screenshot](/assets/pngs/audacity-pr/missingprivacypolicy.png) + +[^fn:11]: + [Link to the + comment](https://github.com/audacity/audacity/pull/835#issuecomment-834451187) + and [link to the screenshot](/assets/pngs/audacity-pr/privatelibcurl.png) + +[^fn:12]: + [Link to the + comment](https://github.com/audacity/audacity/pull/835#issuecomment-834010117) + and [link to the screenshot](/assets/pngs/audacity-pr/vendorproscons.png) diff --git a/content/posts/email-can-be-pleasant-but-it-takes-work.md b/content/posts/email-can-be-pleasant-but-it-takes-work.md new file mode 100644 index 0000000..657b5d9 --- /dev/null +++ b/content/posts/email-can-be-pleasant-but-it-takes-work.md @@ -0,0 +1,8 @@ +--- +title: "Email can be pleasant, but like all good things, it takes work" +author: ["Amolith"] +lastmod: 2023-01-27T13:00:36-05:00 +categories: ["Meta"] +draft: true +toc: true +--- diff --git a/content/posts/focus-intentionally.md b/content/posts/focus-intentionally.md index 82d8e14..ca783f0 100644 --- a/content/posts/focus-intentionally.md +++ b/content/posts/focus-intentionally.md @@ -1,10 +1,9 @@ --- title: "Focus intentionally" -author: ["Amolith"] +author: Amolith lastmod: 2022-04-23T21:12:29-04:00 categories: ["Meta"] draft: true -toc: true --- I am too easily distracted. Sitting at my desk on an average day, I have movies, @@ -18,32 +17,30 @@ Putting all of this together results in terrible productivity and incessant procrastination If my primary task is something I'm less-than-motivated to accomplish. -In a recent episode of _The Art of Manliness_, Brett McKay interviews Dr. BJ Fogg -about his new book, _Tiny Habits: The Small Changes That Change Everything_. One -of Dr. Fogg's statements in this episode stuck with me; when training yourself -to adopt new behaviours, there are three things that must factors that determine -your success: motivation, ability, and a prompt. A prompt is just something that -reminds you of the behaviour you're trying to adopt. The act of brushing your -teeth might be the prompt for flossing. The act of flossing might be the prompt -for making coffee. In my situation, the prompt is just needing to get work done -so we'll ignore that factor. Ability refers to how simple you find the task and -motivation is how motivated you are to accomplish it. These last two must -balance each other out; if your motivation to complete the task is low, your -ability must be high — the task must be easy, while if your ability is low, your -motivation must be rather high. +In a recent episode of _The Art of Manliness_, Brett McKay interviews Dr. BJ +Fogg about his new book, _Tiny Habits: The Small Changes That Change +Everything_. One of Dr. Fogg's statements in this episode stuck with me; when +training yourself to adopt new behaviours, there are three things that must +factors that determine your success: motivation, ability, and a prompt. A prompt +is just something that reminds you of the behaviour you're trying to adopt. The +act of brushing your teeth might be the prompt for flossing. The act of flossing +might be the prompt for making coffee. In my situation, the prompt is just +needing to get work done so we'll ignore that factor. Ability refers to how +simple you find the task and motivation is how motivated you are to accomplish +it. These last two must balance each other out; if your motivation to complete +the task is low, your ability must be high — the task must be easy, while if +your ability is low, your motivation must be rather high. +## Note -## Notes {#notes} +- Close primary browser with a million tabs open and use Epiphany +- Close all the chat apps +- Disable notifications/enable Do Not Disturb mode on _both_ your phone _and_ + computer +- Take off your smart/fitness watch +- If you listen to music, make it something calming, not eclectic -- Close primary browser with a million tabs open and use Epiphany -- Close all the chat apps -- Disable notifications/enable Do Not Disturb mode on _both_ your phone _and_ - computer -- Take off your smart/fitness watch -- If you listen to music, make it something calming, not eclectic +## References - -## References {#references} - -- [The Art of Manliness: Become a Focused Monotasker](https://www.artofmanliness.com/character/behavior/monotasking-podcast/) -- [The Art of Manliness: The Tiny Habits That Change Everything](https://www.artofmanliness.com/character/habits/podcast-581-the-tiny-habits-that-change-everything/) +- [The Art of Manliness: Become a Focused Monotasker](https://www.artofmanliness.com/character/behavior/monotasking-podcast/) +- [The Art of Manliness: The Tiny Habits That Change Everything](https://www.artofmanliness.com/character/habits/podcast-581-the-tiny-habits-that-change-everything/) diff --git a/content/posts/freebsd-quirks-on-the-framework-laptop.md b/content/posts/freebsd-quirks-on-the-framework-laptop.md index aa087a9..29e90d3 100644 --- a/content/posts/freebsd-quirks-on-the-framework-laptop.md +++ b/content/posts/freebsd-quirks-on-the-framework-laptop.md @@ -9,26 +9,27 @@ toc: true --- This is primarily intended for people new to FreeBSD. If you're already familiar -with it, [the wiki page](https://wiki.freebsd.org/Laptops/Framework_Laptop) will probably tell you everything you need. I had no idea -what I was doing so I had no idea what I was looking for! I had been beating my -head against a wall for about three hours before I decided to join `#freebsd` on -[Libera.Chat](https://libera.chat/); the people there were friendly, helpful, and gave me tons of great -advice. I highly recommend popping in if you have any issues! - +with it, [the wiki page](https://wiki.freebsd.org/Laptops/Framework_Laptop) will +probably tell you everything you need. I had no idea what I was doing so I had +no idea what I was looking for! I had been beating my head against a wall for +about three hours before I decided to join `#freebsd` on +[Libera.Chat](https://libera.chat/); the people there were friendly, helpful, +and gave me tons of great advice. I highly recommend popping in if you have any +issues! ## The Handbook {#the-handbook} -Open [the handbook.](https://docs.freebsd.org/en/books/handbook/) Follow [the handbook.](https://docs.freebsd.org/en/books/handbook/) Read [the whole handbook.](https://docs.freebsd.org/en/books/handbook/) The developers -spend a _lot_ of time making sure it's the best resource available for learning -FreeBSD. In most cases, it will have an answer for any question related to -FreeBSD. +Open [the handbook.](https://docs.freebsd.org/en/books/handbook/) Follow [the +handbook.](https://docs.freebsd.org/en/books/handbook/) Read [the whole +handbook.](https://docs.freebsd.org/en/books/handbook/) The developers spend a +_lot_ of time making sure it's the best resource available for learning FreeBSD. +In most cases, it will have an answer for any question related to FreeBSD. That said, the Framework laptop is so new that it's not fully supported by the current stable release, so for now, we'll need to diverge a bit. This guide is -really only applicable until the release of FreeBSD 13.1 and until `drm-kmod` hits -version 5.5+. Once those two criteria are met, following the handbook should be -entirely sufficient! - +really only applicable until the release of FreeBSD 13.1 and until `drm-kmod` +hits version 5.5+. Once those two criteria are met, following the handbook +should be entirely sufficient! ## The Source {#the-source} @@ -36,15 +37,15 @@ In section 2.5.3 of the handbook/installer, make sure you tick the `src` box to download the FreeBSD source code. It'll be necessary for building our graphics drivers later on. - ## The Graphics {#the-graphics} This is where things are less-than-ideal at the moment. _Usually_, installing -[graphics/drm-kmod](https://cgit.freebsd.org/ports/tree/graphics/drm-kmod) would be sufficient, but the version in both FreeBSD's package -repos and in the ports tree is too old. At the time of writing, it's compatible -with Linux kernel 5.4 while the Framework's drivers are in Linux kernel 5.5+. -We'll need to clone the _sources_ for `graphics/drm-kmod`, check out a more recent -branch, build the drivers, and use those instead. +[graphics/drm-kmod](https://cgit.freebsd.org/ports/tree/graphics/drm-kmod) would +be sufficient, but the version in both FreeBSD's package repos and in the ports +tree is too old. At the time of writing, it's compatible with Linux kernel 5.4 +while the Framework's drivers are in Linux kernel 5.5+. We'll need to clone the +_sources_ for `graphics/drm-kmod`, check out a more recent branch, build the +drivers, and use those instead. I'm not 100% certain whether the first step here is necessary but I don't feel like reinstalling to check. @@ -56,27 +57,32 @@ like reinstalling to check. ```bash git clone https://github.com/freebsd/drm-kmod ``` + 4. Check out the `5.7-stable` branch with ```bash git checkout -b 5.7-stable --track remotes/origin/5.7-stable ``` + 5. Build the package with `make` 6. Uninstall `drm-kmod` and all of its dependencies with `pkg remove drm-kmod` followed by `pkg autoremove` 7. Install the more up-to-date drivers with `make install` -8. Make sure the module works as expected with `kldload /boot/modules/i915kms.ko` +8. Make sure the module works as expected with `kldload +/boot/modules/i915kms.ko` 9. If you suddenly see grey in your terminal, it works! Go ahead and add it to your boot config by appending the following line to `/etc/rc.conf` ```text kld_load="/boot/modules/i915kms.ko" ``` + 10. Reboot and you should be able to start Xorg as the handbook describes! Again all of this information is available on [the FreeBSD wiki page for the -Framework laptop.](https://wiki.freebsd.org/Laptops/Framework_Laptop) The `Graphics` row in section 2 says _requires DRM-KMOD 5.5 or -higher. Fails to initialize with DRM-KMOD 5.4._ That's in reference to the -package we just built and installed. +Framework laptop.](https://wiki.freebsd.org/Laptops/Framework_Laptop) The +`Graphics` row in section 2 says _requires DRM-KMOD 5.5 or higher. Fails to +initialize with DRM-KMOD 5.4._ That's in reference to the package we just built +and installed. Hope this helps! diff --git a/content/posts/making-yourself-overly-available.md b/content/posts/making-yourself-overly-available.md new file mode 100644 index 0000000..2dd3018 --- /dev/null +++ b/content/posts/making-yourself-overly-available.md @@ -0,0 +1,13 @@ +\*\* TODO Making yourself overly available + +\*\*\* References +[[https://www.nytimes.com/2021/03/05/opinion/ezra-klein-podcast-cal-newport.html?showTranscript=1][Stop. Breathe. We Can’t Keep Working Like This.]] + +**\* Notes +\*\*** Get rid of information that isn't important \***\* Escalate the info that is +\*\*** Set /clear/ boundaries for when you are available \***\* Enforce those with automatic DnD rules or use timers +\*\*** With groups... +**\*** Specialisation is /good/ and should be /encouraged/ +**\*** /All/ of the above points apply with coworkers as well + +\*\*\* TODO Pong Jake when finished diff --git a/content/posts/stop-using-gmail.md b/content/posts/stop-using-gmail.md new file mode 100644 index 0000000..d8ca697 --- /dev/null +++ b/content/posts/stop-using-gmail.md @@ -0,0 +1,5 @@ +--- +title: "Stop using gmail" +date: 2023-01-27T13:04:33-05:00 +draft: true +--- diff --git a/content/posts/the-new-paper.md b/content/posts/the-new-paper.md new file mode 100644 index 0000000..f1e3d70 --- /dev/null +++ b/content/posts/the-new-paper.md @@ -0,0 +1,251 @@ +--- +title: 'Catchy title about Supernote being "the new paper"' +author: ["Amolith"] +lastmod: 2023-01-27T13:00:37-05:00 +tags: ["Supernote", "Writing", "Productivity", "Organisation"] +categories: ["Technology"] +draft: true +toc: true +--- + +I like writing things down. I like the feel of the pen (preferably a fountain +pen) gliding smoothly over the paper, that nice solid feeling of the tip against +the table, seeing the ink dry as it flows from the nib, accidentally swiping my +hand through it before it's finished and smearing a bit of ink across the page, +then cursing under my breath as I dab it up with a handkerchief or a napkin or +something else nearby. I also love that writing things by hand [has an impact on +memory and improves +retention.](https://journals.sagepub.com/doi/abs/10.1177/0956797614524581) + +## The problem {#the-problem} + +Unfortunately, I don't love keeping up with that paper. Across many different +classes, even with dedicated folders for each one, something important +inevitably gets lost. Notebooks are also bulky and can take up a lot of space. I +tried [bullet journalling](https://bulletjournal.com/) for about a month earlier +this year and, while the process was enjoyable, the maintenance was not. My +brain moves faster than my pen (even though I have terrible handwriting) and I +inevitably forget letters or even whole words. This is a problem while writing +in pen because white-out looks ugly and I dislike wasting whole pages because of +a couple mistakes. + +The obvious solution here is to get an iPad with an Apple Pen, right? Right?? + +Wrong because Apple bad.[^fn:1] + +## The solution {#the-solution} + +Enter the world of ... what are they even called? E-ink notebooks? Paper +tablets? E-R/W?[^fn:2] Do they even have a "device category" yet? I don't know, +but they solve my problem in a wonderful way. + +As the names suggest, these are devices that can _usually_ open and read e-books +(EPUBs, PDFs, etc.), annotate them, and create standalone pages of notes as if +they were full notebooks. The most well-known of these devices is likely the +[reMarkable.](https://remarkable.com/) They had a [hugely successful +crowdfunding +campaign](https://venturebeat.com/2019/10/08/remarkable-raises-15-million-to-bring-its-e-paper-tablets-to-more-scribblers/) +and produced the reMarkable 1, followed by [the reMarkable 2 in 2020.](https://blog.remarkable.com/remarkable-2-the-next-generation-paper-tablet-91b47d0080cb) +There are a few devices like these by now but we'll look at the reMarkable +first. + +## The reMarkable {#the-remarkable} + +This device boasts all of the features I was looking for. It renders digital +content, from books and manuals to comics and manga, allows you to mark those +documents up as you would if they were physical media, create full notebooks of +hand written text, organise them, search, and, if your handwriting is legible +enough (mine certainly is not), perform OCR on your notes and email a +transcription to yourself. It even runs Linux and the developers have opened SSH +up so you can remote in and tinker with it as much as you like. Because of this, +there's a pretty awesome [community of people creating third-party tools and +integrations](https://github.com/reHackable/awesome-reMarkable) that add even +further functionality. My favourite is probably +[rMview,](https://github.com/bordaigorl/rmview) a really fast VNC client for the +reMarkable that allows you to view your device's screen on any computer. + +After watching all of [MyDeepGuide's](https://www.youtube.com/c/MyDeepGuide) +[extensive playlist on the +reMarkable,](https://www.youtube.com/playlist?list=PLsSI9-gaSSmiXwb7Vjk5Vb-nB41UTnrXd) +however, I decided to go with a different product. + +## Enter the Supernote A5X {#enter-the-supernote-a5x} + +The [Supernote A5X](https://www.supernote.com/#/product?type=SN-A5-X) has all of +the basic features the reMarkable has: reading documents, writing notes, and +organising your content. Its implementation, on the other hand, seems to be much +more polished. It also lacks some features from the reMarkable while adding +others. + +## Operating System {#operating-system} + +While the reMarkable runs Codex,[^fn:3] a _"custom Linux-based OS optimised for +low-latency e-paper"_, the Supernote just runs Android. There are both benefits +and detriments to this; on one hand, they're running all of Android, bloated +that it is, on a very lightweight tablet. On the other, they don't have to +develop and maintain a custom operating system. This allows them to focus on +other aspects that are arguably more important so I don't actually mind that it +runs Android. + +The only place that Android stands out is in system operations; file transfer +uses MTP and, when you swipe down from the top of the device, a small bar +appears similar to what was in early Android. This lets you change WiFi +networks, sync with the Supernote Cloud, take a screenshot, search, and access +the system settings. Nothing else about the device really screams Android to me. + +## Community {#community} + +I don't usually browse Reddit but [the Supernote +community](https://old.reddit.com/r/Supernote/) there is fascinating. I haven't +looked around enough to know exactly what his relationship is with the company, +but one of the members, [u/hex2asc,](https://old.reddit.com/user/hex2asc) seems +to represent Supernote in something of an official capacity. He's incredibly +active and usually responds to posts and questions within a day or two. + +Before I purchased a Supernote, [I wrote a +post](https://old.reddit.com/r/Supernote/comments/lhffyd/sync_targets_open_document_formats_and_crossnote/) +asking about a couple of things that concerned me: sync targets, open document +formats, and cross-note links. I don't really plan to write full documents on +the device but having the option to do so would still be nice. The other +features are absolutely killer for me as I would like to maintain a Zettelkasten +(I wrote about [using Vim to do so](/vim-as-a-markdown-editor/) last year but +didn't end up sticking with it) and manage document synchronisation with my own +Nextcloud server. The community was quick to respond and confirm that +Zettelkasten functionality would be implemented soon™. u/hex2asc responded _the +day after_ and said that WebDAV would be supported but not earlier than May +(September update: it's still not supported), ODF would likely not be supported, +and cross-note links were definitely a possibility. Another community member has +been avidly following the subreddit and even put together an [unofficial +roadmap.](https://app-rm.roadmunk.com/publish/03e6dca3d769e2b7015f7f48a649cb3f75f44d9e) + +## Interfaces {#interfaces} + +### Home & Organisation {#home-and-organisation} + +#### TODO Record very short video about home/organisation {#record-very-short-video-about-home-organisation} + +### Settings {#settings} + +#### TODO Record very short video about settings {#record-very-short-video-about-settings} + +### Writing & Annotating {#writing-and-annotating} + +The following images are screenshots of the full page above with the possible UI +variations while reading a book. This first one is default, with the editing bar +at the top. It is exactly the same as what's displayed on the blank pages for +hand writing full notes. From left to right is the Table of Contents toggle, the +pen tools (fineliner, "fountain" pen,[^fn:4] and highlighter), the erasers, +lasso select tool, undo/redo, context menu, palm rejection toggle, previous +page, goto page, next page, and exit. + +{{< figure +src="~/repos/sites/secluded/static/assets/pngs/supernote-reader-default.png" >}} + +You can hold your finger on that bar and drag it down to detach it from the top. +The default width exposes all the tools without whitespace. You can move it +around the screen by dragging the circle with a straight line through the middle +on the far left. + +{{< figure +src="~/repos/sites/secluded/static/assets/pngs/supernote-reader-medium.png" >}} + +If you tap that circle, the width shrinks and everything except the pens, +erasers, and undo/redo buttons are hidden. It can be dragged the same was as in +the previous image and tapping that circle will expand the bar again. + +{{< figure +src="~/repos/sites/secluded/static/assets/pngs/supernote-reader-small.png" >}} + +The last mode is with the bar completely hidden. You achieve this just by +dragging it to the right edge of the screen. Once hidden, you can swipe right to +left from the edge and it will be revealed flush with the right edge. + +{{< figure +src="~/repos/sites/secluded/static/assets/pngs/supernote-reader-minimal.png" >}} + +## Experience {#experience} + +### Reading content {#reading-content} + +I love e-ink. I think it looks beautiful and would love to have an e-ink +monitor.[^fn:5] That said, the Supernote has an especially nice display with 226 +PPI (pixels per inch). The image below was taken with my phone's camera so it's +not very good. However, if you zoom in a bit, you can see that the curved edges +of some letters are _slightly_ pixellated. Viewing with my naked eye at a +comfortable distance, it does look better _to me_ than some of my print books, +however. + +{{< figure +src="~/repos/sites/secluded/static/assets/pngs/supernote-resolution.png" >}} + +_At the moment,_ I am pretty disappointed with Table of Contents detection for +ePUBs. A great many of my books seem to use a legacy ToC format that the +Supernote sees and tries/fails to read before attempting to read the more +up-to-date one. This is easily remedied by editing the ePUB in +[Calibre,](https://calibre-ebook.com/) going to Tools → Upgrade Book Internals → +Remove the legacy Table of Contents in NCX format. You might need to make a +small change to one of the HTML files and revert it before the save button is +enabled. After that, just copy it back over to the Supernote and everything +should work properly. + +### Writing notes {#writing-notes} + +I write notes as often if not _more_ often than I read and annotate books. It's +the main reason I purchased the device and I love the experience. The Supernote +doesn't _really_ feel like paper despite what their marketing materials claim, +though it doesn't feel _bad_ either. It's hard to describe but I would say it's +something like writing with a rollerball pen on high-quality paper with a marble +counter underneath: incredibly smooth with but a little bit of texture so it +doesn't feel like writing on a glass display. + +While writing latency[^fn:6] is noticeable, I really don't have a huge issue +with it. I write very quickly but find that the slight latency actually makes +writing _more_ enjoyable. It sounds weird and I'm not sure why, but I _really_ +like writing on the Supernote; it's wonderfully smooth, pressure-sensitive, the +latency makes things interesting, and [the Heart of Metal +pen](https://supernote.com/#/part?id=SP-04) feels good in my hand. + +### Surfacing Content {#surfacing-content} + +While organisation is done using a regular filesystem hierarchy, the Supernote +does have other ways to search for and surface your notes. As you're writing, +you can use the lasso select tool and encircle a word. A little dialogue pops up +and gives you a few buttons for things you can do with that selection: copy, +move to another page, cut, add it to the Table of Contents, or mark it as a key +word. If you select the key word icon, the Supernote does some incredible +OCR[^fn:7] on it and displays a dialogue where you can add it to the note file +as a tag. This dialogue allows you to edit the word before adding it just in +case the OCR was wonky. Even with my terrible handwriting, I've found that it +works very well and I rarely have to make edits. + +## TODO Ping Isi and Volpeon when finished {#ping-isi-and-volpeon-when-finished} + +[^fn:1]: + I dislike Apple's operating system, their hardware, business model, privacy + practises, and much of what they stand for as a company. Don't @ me. + +[^fn:2]: + E-R/W is a play on media commonly being labelled as R/W when you can read + from it and write to it. + +[^fn:3]: + Taken from their [support page about the reMarkable + 2;](https://support.remarkable.com/hc/en-us/articles/360006699537-About-reMarkable-2-) + search the page for _operating system_ and it should show up. + +[^fn:4]: + It's not really a fountain pen even though that's what they call it; it's + just pressure-sensitive. + +[^fn:5]: + There does seem to be a group of people interested in just such a thing: + _[Challenges Building an Open-Source E Ink + Laptop](https://alexsoto.dev/challenges-building-an-open-source-eink-laptop.html)_ + +[^fn:6]: + In this situation, latency refers to how long it takes for "ink" to show up + on the "page" after writing something. + +[^fn:7]: + _Optical Character Recognition_: the program looks at your handwriting and + tries to turn it into text.