switch from org to markdown

This commit is contained in:
Amolith 2023-01-27 13:12:17 -05:00
parent d97176b3a3
commit 6740f99f2a
Signed by: Amolith
GPG Key ID: 8AE30347CE28D101
11 changed files with 1183 additions and 1701 deletions

1540
blog.org

File diff suppressed because it is too large Load Diff

View File

@ -1,35 +1,67 @@
---
layout: post
title: Creating an open source NAS
subtitle: Why use proprietary when FLOSS do tricc?
description: My process for building an open source NAS with a powerful single board computer and a couple of massive HDDs
tags: sysadmin hosting nas backups
description: My process for building an open source NAS with a powerful single board computer and a couple of large HDDs
tags: Sysadmin NAS Backups
date: 2020-03-09 23:43 -0400
cover: /assets/posts/disk.png
draft: true
---
A few months ago, I decided that I needed a NAS. I didn't want anything proprietary because this was going to store all of my data, my mother's, possibly some friends', as well as backups for *all* of my servers; I needed to know I had full control over every aspect of the system to ensure it was secure. To that end, I decided to build it with an SBC[^1] from [Pine64](https://www.pine64.org).
A few months ago, I decided that I needed a NAS. I didn't want anything
proprietary because this was going to store all of my data, my mother's,
possibly some friends', as well as backups for _all_ of my servers; I needed to
know I had full control over every aspect of the system to ensure it was secure.
To that end, I decided to build it with an SBC[^1] from
[Pine64](https://www.pine64.org).
# Parts
* [ROCKPro64](https://store.pine64.org/?product=rockpro64-4gb-single-board-computer) - $79.99
* [NAS Case](https://store.pine64.org/?product=rockpro64-metal-desktopnas-casing) - $44.99
* [SATA -> PCIe adapter & RAID controller](https://www.amazon.com/N-ORANIE-Controller-HyperDuo-Multiplier-88SE9230/dp/B07KYP5RRL) - $47.99
* [6 TB WD Red Pro](https://www.newegg.com/p/N82E16822234344) - $203.99
* [Heatsink w/ fan](https://store.pine64.org/?product=rockpro64-10mm-low-profile-heatsink-with-fan) - $5.29
* [Fan for the case](https://store.pine64.org/?product=fan-for-rockpro64-metal-desktopnas-casing) - $3.99
* Power supply: [US](https://store.pine64.org/?product=rockpro64-12v-5a-us-power-supply) or [EU](https://store.pine64.org/?product=rockpro64-12v-5a-eu-power-supply) - $12.99
* [16 GB eMMC Module](https://store.pine64.org/?product=16gb-emmc) - $15.95
* Any microSD card
- [ROCKPro64](https://store.pine64.org/?product=rockpro64-4gb-single-board-computer) -
$79.99
- [NAS
Case](https://store.pine64.org/?product=rockpro64-metal-desktopnas-casing) -
$44.99
- [SATA -> PCIe adapter & RAID
controller](https://www.amazon.com/N-ORANIE-Controller-HyperDuo-Multiplier-88SE9230/dp/B07KYP5RRL) -
$47.99
- [6 TB WD Red Pro](https://www.newegg.com/p/N82E16822234344) - $203.99
- [Heatsink w/
fan](https://store.pine64.org/?product=rockpro64-10mm-low-profile-heatsink-with-fan) -
$5.29
- [Fan for the
case](https://store.pine64.org/?product=fan-for-rockpro64-metal-desktopnas-casing) -
$3.99
- Power supply:
[US](https://store.pine64.org/?product=rockpro64-12v-5a-us-power-supply) or
[EU](https://store.pine64.org/?product=rockpro64-12v-5a-eu-power-supply) -
$12.99
- [16 GB eMMC Module](https://store.pine64.org/?product=16gb-emmc) - $15.95
- Any microSD card
**Total:** $415.18
To reduce the overall cost, you could go with a cheaper HDD; I got this one because I need reliability in the *very* long run but a more inexpensive disk is perfectly suitable. Without accounting for the drive, the NAS is ~$215 and very reasonably priced compared to most other options.
To reduce the overall cost, you could go with a cheaper HDD; I got this one
because I need reliability in the _very_ long run but a more inexpensive disk is
perfectly suitable. Without accounting for the drive, the NAS is ~$215 and very
reasonably priced compared to most other options.
# Assembly
Refer to [Pine64's wiki](https://wiki.pine64.org/index.php/NASCase) on assembling the case. I don't know if it was intentional or what but, for the HDDs, I was only given enough screws for one. For the cover, I still have three empty screw holes. It's not a huge deal but it would have been nice to have enough screws for everything.
Refer to [Pine64's wiki](https://wiki.pine64.org/index.php/NASCase) on
assembling the case. I don't know if it was intentional or what but, for the
HDDs, I was only given enough screws for one. For the cover, I still have three
empty screw holes. It's not a huge deal but it would have been nice to have
enough screws for everything.
# Software
I chose to go with [OpenMediaVault](https://openmediavault.org). However, I didn't use Pine64's image; there were a variety of errors when basic operations were run so I decided to use vanilla [armbian](https://www.armbian.com). Thankfully, they have an image for the [ROCKPro64](https://www.armbian.com/rockpro64/) and it worked flawlessly. The next step was getting OMV set up on it but, like a boss, they provide a script for that 😉
I chose to go with [OpenMediaVault](https://openmediavault.org). However, I
didn't use Pine64's image; there were a variety of errors when basic operations
were run so I decided to use vanilla [armbian](https://www.armbian.com).
Thankfully, they have an image for the
[ROCKPro64](https://www.armbian.com/rockpro64/) and it worked flawlessly. The
next step was getting OMV set up on it but, like a boss, they provide a script
for that 😉
```bash
wget https://raw.githubusercontent.com/OpenMediaVault-Plugin-Developers/installScript/master/install
@ -37,13 +69,21 @@ chmod +x install
sudo ./install
```
Additional setup info can be found in an [armbian guide](https://github.com/OpenMediaVault-Plugin-Developers/docs/blob/master/Adden-A-Installing_OMV5_on_Armbian.pdf) they've created.
Additional setup info can be found in an [armbian
guide](https://github.com/OpenMediaVault-Plugin-Developers/docs/blob/master/Adden-A-Installing_OMV5_on_Armbian.pdf)
they've created.
# Drivers
This posed a huge problem for me. Neither the "official" ROCKPro64 OMV image nor armbian included the driver for my RAID controller so I had to figure that out.
Huge shoutout to `fromport` in the `#openmediavault` channel on Freenode; they were a *massive* help with getting the driver situation sorted out.
This posed a huge problem for me. Neither the "official" ROCKPro64 OMV image nor
armbian included the driver for my RAID controller so I had to figure that out.
Check out [Secluded.Site](https://secluded.site), my personal webpage; I'll be using it for posts like this in the future and will try to leave this space for official announcements (like when backups have been automated using this very NAS 😉).
Huge shoutout to `fromport` in the `#openmediavault` channel on Freenode; they
were a _massive_ help with getting the driver situation sorted out.
Check out [Secluded.Site](https://secluded.site), my personal webpage; I'll be
using it for posts like this in the future and will try to leave this space for
official announcements (like when backups have been automated using this very
NAS 😉).
[^1]: Single Board Computer

View File

@ -1,118 +1,108 @@
---
layout: post
title: Email & Privacy/Security Concerns
title: Email & privacy/security concerns
date: 2020-03-21 01:46 -0400
draft: true
---
Plaintext email
---------------
## Plaintext email
Email is inerently insecure. By default, everything is sent in plaintext
from one server to the next with no encryption whatsoever. Servers can
encrypt mail in-transit by implementing SSL and TLS but that still
leaves copies of your data in plaintext on both servers. For example,
see [this email I sent to
Email is inerently insecure. By default, everything is sent in plaintext from
one server to the next with no encryption whatsoever. Servers can encrypt mail
in-transit by implementing SSL and TLS but that still leaves copies of your data
in plaintext on both servers. For example, see [this email I sent to
myself](https://bin.nixnet.services/?f76b8366e6b7a7b0#95skPFhsptkfyMH3i1n25ENZeUzrmYEUHzDVezaToGn).
At the very bottom, the content of my email is shown in the file for
anyone with access to the server to see. At first glance, this may not
seem like such a huge deal. It does, however, become a big deal when
you're conducting private business over email. If I so chose, I could
go to that directory and read everything you're saying and there's
nothing you could do about it. Any mail provider has this capability:
Gmail, Yahoo! Mail, Fastmail, the list goes on. Unless special measures
are taken to encrypt your emails *at rest*, this holds true in every
single case.
At the very bottom, the content of my email is shown in the file for anyone with
access to the server to see. At first glance, this may not seem like such a huge
deal. It does, however, become a big deal when you're conducting private
business over email. If I so chose, I could go to that directory and read
everything you're saying and there's nothing you could do about it. Any mail
provider has this capability: Gmail, Yahoo! Mail, Fastmail, the list goes on.
Unless special measures are taken to encrypt your emails _at rest_, this holds
true in every single case.
Encrypted email
---------------
## Encrypted email
Providers like [Protonmail](https://protonmail.com) and
[Tutanota](https://www.tutanota.com/) do exactly this and that is their
main draw. Mail to and from other users of the same platform (Protonmail
-> Protonmail, Tutanota -> Tutanota) is encrypted from end-to-end as
well as at rest so the only parties that can read it are the sender and
the receiver; the provider itself can't access them. However, the
benefit of at-rest encryption becomes absolutely meaningless the
*second* you communicate with someone on a server that *doesn't*
implement it. Protonmail -> Gmail is 100% insecure and Google is free
to perform whatever text analysis and user profiling they wish. NixNet
Mail will implement at-rest encryption in the near future but, even
then, there is no way to verify that that's *actually* the case unless
I gave everyone root access to my server at all times (security and
compliance ***nightmare***). The only viable solution is to take your
privacy into your own hands and encrypt emails yourself.
[Tutanota](https://www.tutanota.com/) do exactly this and that is their main
draw. Mail to and from other users of the same platform (Protonmail ->
Protonmail, Tutanota -> Tutanota) is encrypted from end-to-end as well as at
rest so the only parties that can read it are the sender and the receiver; the
provider itself can't access them. However, the benefit of at-rest encryption
becomes absolutely meaningless the _second_ you communicate with someone on a
server that _doesn't_ implement it. Protonmail -> Gmail is 100% insecure and
Google is free to perform whatever text analysis and user profiling they wish.
NixNet Mail will implement at-rest encryption in the near future but, even then,
there is no way to verify that that's _actually_ the case unless I gave everyone
root access to my server at all times (security and compliance **_nightmare_**).
The only viable solution is to take your privacy into your own hands and encrypt
emails yourself.
GPG encryption
--------------
## GPG encryption
"GPG" stands for "GNU Privacy Guard" and is a libre implementation
of "PGP" or "Pretty Good Privacy", originally created by [Phil
Zimmerman](https://en.wikipedia.org/wiki/Phil_Zimmermann). PGP was
eventually bought by Symantec and became Symantec Encryption Desktop and
GPG quickly became the most widely used implementation of [OpenPGP
standards](https://tools.ietf.org/html/rfc4880). GPG integration is
especially common in open source email clients such as
"GPG" stands for "GNU Privacy Guard" and is a libre implementation of "PGP" or
"Pretty Good Privacy", originally created by [Phil
Zimmerman](https://en.wikipedia.org/wiki/Phil_Zimmermann). PGP was eventually
bought by Symantec and became Symantec Encryption Desktop and GPG quickly became
the most widely used implementation of [OpenPGP
standards](https://tools.ietf.org/html/rfc4880). GPG integration is especially
common in open source email clients such as
[Thunderbird](https://www.thunderbird.net/) and
[Evolution](https://wiki.gnome.org/Apps/Evolution). It relies on
[public-key
cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) and
allows users to encrypt their emails with another user's public key.
The email would then be *de*crypted using the receiver's *private* key.
Take a look at this [encrypted email I sent to
[Evolution](https://wiki.gnome.org/Apps/Evolution). It relies on [public-key
cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) and allows
users to encrypt their emails with another user's public key. The email would
then be *de*crypted using the receiver's _private_ key. Take a look at this
[encrypted email I sent to
myself](https://bin.nixnet.services/?70f0ac93b8df9416#Fske8BYAVdoYzD76VgBb5AimRqm2yY8HgnpdcAzUwuD7).
As admin of the server, that is literally all I can see. The text
between `BEGIN PGP MESSAGE` and `END PGP MESSAGE` is the email body and
it just looks like a block of random characters to me. To the person
receiving the message, however, after decryption, they'll be able to
read it just like the plaintext one linked in the first section.
As admin of the server, that is literally all I can see. The text between `BEGIN
PGP MESSAGE` and `END PGP MESSAGE` is the email body and it just looks like a
block of random characters to me. To the person receiving the message, however,
after decryption, they'll be able to read it just like the plaintext one linked
in the first section.
If you want to learn more about GPG encryption and protecting your
privacy when using email, I recommend reading through [Email
Self-Defense](https://emailselfdefense.fsf.org/en/), a fantastic
resource from the Free Software Foundation.
If you want to learn more about GPG encryption and protecting your privacy when
using email, I recommend reading through [Email
Self-Defense](https://emailselfdefense.fsf.org/en/), a fantastic resource from
the Free Software Foundation.
***NOTE:*** Encrypting an email *does not* encrypt the metadata. When you
sign up for a new email service, send one to yourself and inspect the
headers to see if they obfuscate identifying details.
**_NOTE:_** Encrypting an email _does not_ encrypt the metadata. When you sign
up for a new email service, send one to yourself and inspect the headers to see
if they obfuscate identifying details.
Metadata
--------
## Metadata
Another thing to keep in mind with emails is metadata in the headers of
the emails. In Roundcube, you can view these by clicking `More` then
`View source`. In Thunderbird, just press `CTRL` + `U`.For other clients
and web UIs, you'll just have to look around for options to show
headers, view source, download, something like that. You can also take a
look at the [email I sent
Another thing to keep in mind with emails is metadata in the headers of the
emails. In Roundcube, you can view these by clicking `More` then `View source`.
In Thunderbird, just press `CTRL` + `U`.For other clients and web UIs, you'll
just have to look around for options to show headers, view source, download,
something like that. You can also take a look at the [email I sent
myself](https://bin.nixnet.services/?f76b8366e6b7a7b0#95skPFhsptkfyMH3i1n25ENZeUzrmYEUHzDVezaToGn).
I'll break down some of the lines and explain what they are. Some of it
is irrelevant to this and will be skipped though.
I'll break down some of the lines and explain what they are. Some of it is
irrelevant to this and will be skipped though.
`Return-Path: <amolith@nixnet.xyz> ` 👉 Address your reply will go to
`Delivered-To: amolith@nixnet.email ` 👉 Address the email was sent to
`To: Amolith <amolith@nixnet.email> ` 👉 The *displayed* receiver
`To: Amolith <amolith@nixnet.email> ` 👉 The _displayed_ receiver
`From: Amolith <amolith@nixnet.xyz> ` 👉 The *displayed* sender
`From: Amolith <amolith@nixnet.xyz> ` 👉 The _displayed_ sender
`Subject: Email demonstration ` 👉 Subject of the email
`Date: Sat, 23 Nov 2019 00:20:46 -0500 ` 👉 Timestamp at which the email
was sent. This does include the timezone and can be used to identify you
`Date: Sat, 23 Nov 2019 00:20:46 -0500 ` 👉 Timestamp at which the email was
sent. This does include the timezone and can be used to identify you
`User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 `
👉 Full user-agent the email application includes with the email. In this
case, it consists of the organisation, my display server, my operating
system and architecture, the HTML rendering engine, and the email client
and version. This can *really* be used to identify you.
`User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
Thunderbird/68.2.2 ` 👉 Full user-agent the email application includes with the
email. In this case, it consists of the organisation, my display server, my
operating system and architecture, the HTML rendering engine, and the email
client and version. This can _really_ be used to identify you.
The rest of it is server-side stuff that doesn't matter too much for
*this* document but will likely be discussed elsewhere in the future.
Together, all of this metadata can be used to identify people in a
conversation. Timezone (vague location), OS, email application,
correspondents, and client version. That last component could actually
be useful for determining whether or not the client is susceptible to
certain malware attacks
The rest of it is server-side stuff that doesn't matter too much for _this_
document but will likely be discussed elsewhere in the future. Together, all of
this metadata can be used to identify people in a conversation. Timezone (vague
location), OS, email application, correspondents, and client version. That last
component could actually be useful for determining whether or not the client is
susceptible to certain malware attacks

View File

@ -0,0 +1,339 @@
---
title: "A perfect email setup (for me)"
author: ["Amolith"]
lastmod: 2023-01-27T13:00:36-05:00
tags: ["Email", "Workflow"]
categories: ["Technology"]
draft: true
---
I've never been satisfied with any of the email clients most people use. I've
tried [Thunderbird,](https://www.thunderbird.net/en-GB/)
[Evolution,](https://wiki.gnome.org/Apps/Evolution)
[Mailspring,](https://getmailspring.com/)
[Mail.app,](https://support.apple.com/mail) [Roundcube,](https://roundcube.net/)
[SOGo,](https://sogo.nu/) [Geary,](https://wiki.gnome.org/Apps/Geary) and _many_
more. _None_ of them handle multiple accounts particularly well because all of
the emails associated with that account are bound within it. Sure, you can make
a new folder somewhere called `TODO` and move all of your actionable emails to
that folder but, when you go to move actionable emails from _another_ account
into that folder, you'll likely find that the client simply doesn't let you. If
it does, when you reply, it will likely be sent from the wrong account. This is
a limitation of the IMAP protocol; everything is _managed_ locally but changes
are pushed to the remote server and mixing things the way I want leads to broken
setups.
Before I go any further, these are a few characteristics of my ideal email tool.
- Support for multiple accounts (obviously)
- _Native desktop application_ (**not**
[Electron](https://github.com/electron/electron))
- Has stellar keyboard shortcuts
- Doesn't require internet connectivity (other than downloading and sending of
course)
- Organisation can be done with tags
## Why tags? {#why-tags}
Because they're better. Hierarchies are useful for prose and code but not for
files, emails, notes, or anything where an item may fit within multiple
categories. Imagine you get an email from your Computer Science professor that
includes test dates, homework, and information about another assignment. In that
same email, he asks every student to reply with something they learned from the
previous class as a form of attendance. In a hierarchy, the best place for this
might just be a `TODO` folder _even though_ it would also fit under `School`,
`CS`, `Dates`, `To read`, and `Homework`. Maybe you have a few minutes and want
to clear out some emails that don't require any interaction. In a tag-based
workflow, this would be a good time to open `To read`, get that email out of the
way, and remove the `To read` tag. It would still show up under the other tags
so you can find it later and take the time to fully answer the professor's
question, add those dates to your calendar, and add the homework assignments to
your `TODO` list. Hierarchies can be quite cumbersome to work with, especially
when one folder ends up getting all the data. Tags ensure that you only see what
you want when you want it. Tags are more efficient and they will remain my
organisation system of choice.
## The tools {#the-tools}
In short, the tools we will be using are...
- [`mbsync`](https://isync.sourceforge.io/mbsync.html) to download our emails
- [`notmuch`,](https://notmuchmail.org/) the primary way emails will be
organised
- [`afew`](https://afew.readthedocs.io/en/latest/) to apply initial `notmuch`
tags based on subject, sender, recipient, etc.
- [NeoMutt](https://neomutt.org/) to interact with those emails, reply,
compose, add/remove tags, etc.
- [`msmtp`](https://marlam.de/msmtp/) for relaying our replies and
compositions to our mail provider
Yes, it's a lot. Yes, it's time-consuming to set up. Yes, it's worth it (in my
opinion).
## `mbsync` {#mbsync}
As I said above, IMAP is limiting; we need to use some other method of
downloading our emails. There's an awesome piece of software called
[mbsync](https://isync.sourceforge.io/mbsync.html) which is built for exactly
this purpose. Its configuration can be rather daunting if you have as many
accounts as I do (19) but it's not _terrible_.
The following sections are named **Near**, **Far**, and **Sync**. Near and Far
are terms mbsync uses to profile _how_ your emails are stored, _where_ they're
stored, and how to interact with them. In this guide, Far will our mail
provider's IMAP server and Near will be our local Maildir.
### Far {#far}
```text
IMAPAccount amo_ema
Host imap.nixnet.email
CertificateFile /etc/ssl/certs/ca-certificates.crt
SSLType STARTTLS
User amolith@nixnet.email
PassCmd "secret-tool lookup Title amolith@nixnet.email"
IMAPStore amo_ema-remote
Account amo_ema
```
### Near {#near}
```text
MaildirStore amo_ema-local
SubFolders Verbatim
Path ~/new-mail/amo_ema/
Inbox ~/new-mail/amo_ema/INBOX/
```
In the first block, `localrepository` and `remoterepository` tell OfflineIMAP
where to look for your emails. `use_exa-local` is an arbitrary naming scheme I
use to differentiate between the various local and remote accounts. It can
easily be swapped with something else.
### Sync {#sync}
```text
Channel amo_ema
Far :amo_ema-remote:
Near :amo_ema-local:
SyncState *
Patterns *
Create Both
```
The repository sections describe how the emails are stored or retrieved. In the
`local` block, you'll notice that the type is `Maildir`. In this format, each
email is given a unique filename and stored in a hierarchy of folders within
your account. This is often how your emails are stored on your provider's mail
server.
`pythonfile` is used here to authenticate with the remote server. This can be
complicated and depends _entirely_ on how you manage your passwords. I use
[KeePassXC](https://keepassxc.org/) and love it. When I set OfflineIMAP up,
however, it didn't have `libsecret` compatibility. This would have made setup
significantly easier but, as it already just works™, I don't really see a reason
to change it.
This new feature allows `libresecret`-based applications to query KeePassXC for
your passwords or store them there on your behalf. CLI/TUI applications that
need a secure mechanism for background authentication can use `secret-tool
lookup Title "TITLE_OF_PASSWORD"` as the password command. See [the pull
request](https://github.com/keepassxreboot/keepassxc/pull/2726) for more
details. Because this wasn't a feature when I first set it up, I put my
passwords in plaintext files and encrypted them with the GPG key stored on my
YubiKey. As long as my key is plugged in, OfflineIMAP can authenticate and
download all my emails just fine. The process for using a GPG key _not_ stored
on a hardware token is pretty much the same and I'll talk about that process
instead.
These are the contents of my `~/.offlineimap.py`.
```python
#! /usr/bin/env python2
from subprocess import check_output
def get_pass(account):
return check_output(["gpg", "-dq", f" ~/.mail_pass/{account}.gpg"]).strip("\n")
```
This runs `gpg -dq ~/.mail_pass/use_exa.gpg` then strips the newline character
before returning it to OfflineIMAP. `-d` tells GPG that you're passing it a file
you want decrypted and `-q` tells it not to give any output other than the
file's contents. For a setup that works with this Python script, put your
passwords in plaintext files with the account name as the file name (e.g.
`use_exa`). You'll then encrypt it with `gpg -er <YOUR_KEY_ID> use_exa`. Running
`gpg -dq use_exa.gpg` should display your password. Repeat for every account and
store the resulting files in `~/.mail_pass/`.
The other option, `sync_deletes`, is whether or not to delete remote emails that
have been deleted locally. I enabled that because I want to have easy control
over how much remote storage is used.
Here's the next block again so you don't have to scroll up:
```text
[Repository use_exa-remote]
type = IMAP
remotehost = imap.example.com
starttls = yes
ssl = no
remoteport = 143
remoteuser = user@example.com
remotepasseval = get_pass("use_exa")
auth_mechanisms = GSSAPI, XOAUTH2, CRAM-MD5, PLAIN, LOGIN
maxconnections = 1
createfolders = True
sync_deletes = yes
```
This one's pretty self-explanatory. `type`, `remotehost`, `starttls`, `ssl`, and
`remoteport` should all be somewhere in your provider's documentation.
`remoteuser` is your email address and `remotepasseval` is the function that
will return your password and allow OfflineIMAP to authenticate. You'll want
enter the name of your password file without the `.gpg` extension; the script
takes care of adding that. Leave `auth_mechanisms` alone and the same for
`maxconnections` unless you know your provider won't rate limit you or something
for opening multiple connections. `sync_deletes` is the same as in the previous
block.
Copy those three blocks for as many accounts as you want emails downloaded from.
I have 510 lines just for `Account` and `Repository` blocks due to the number of
address I'm keeping track of.
## `notmuch` {#notmuch}
[`notmuch`](https://notmuchmail.org/) is _a fast, global-search, and tag-based
email system_. This what does all of our organisation as well as what provides
the "virtual" mailboxes NeoMutt will display later on. Configuration is
incredibly simple. This file goes in `~/.notmuch-config`.
```text
[database]
path=/home/user/mail/
[user]
name=Amolith
primary_email=user@example.com
[new]
tags=unread;new;
ignore=Trash;
[search]
exclude_tags=deleted;spam;
[maildir]
synchronize_flags=true
```
First section is the path to where all of your archives are, the `[user]`
section is where you list all of your accounts, `[new]` adds `tags` to mail
notmuch hasn't indexed yet and ignores indexing the `Trash` folder, and
`[search]` ignores mail tagged with `deleted` or `spam`. The final section tells
`notmuch` to add maildir flags which correspond with `notmuch` tags. These flags
will be synced to the remote server the next time OfflineIMAP runs and things
will be somewhat organised in your webmail interface.
After creating the configuration file, run `notmuch new` and wait for all of
your mail to be indexed. This could take a short amount of time or it could take
minutes up to an hour, depending on how many emails you have. After it's
finished, you'll be able to run queries and see matching emails:
```text
$ notmuch search from:user@example.com
thread:0000000000002e9d December 28 [1/1] Example User; Random subject that means nothing
```
This is not terribly useful in and of itself because you can't read it or reply
to it or anything. That's where the Mail User Agent (MUA) comes in.
## `afew` {#afew}
[`afew`](https://afew.readthedocs.io/en/latest/) is _an initial tagging script
for notmuch_. After calling `notmuch new`, `afew` will add tags based on headers
such as `From:`, `To:`, `Subject:`, etc. as well as handle killed threads and
spam. The official [quickstart
guide](https://afew.readthedocs.io/en/latest/quickstart.html) is probably the
best resource on getting started but I'll include a few tips here as well.
## NeoMutt {#neomutt}
## `msmtp` {#msmtp}
`msmtp` is what's known as a _Mail Transfer Agent_ (MTA). You throw it an email
and it will relay that to your mail provider's SMTP server so it can have the
proper headers attached for authentication, it can be sent from the proper
domain, etc. All the necessary security measures can be applied that prevent
your email from going directly to spam or from being rejected outright.
`msmtp`'s configuration is also fairly simple if a bit long, just like
OfflineIMAP's.
```text
# Set default values for all following accounts.
defaults
# Use the mail submission port 587 instead of the SMTP port 25.
port 587
# Always use TLS.
tls on
```
This section just sets the defaults. It uses port 587 (STARTTLS) for all SMTP
servers unless otherwise specified and enables TLS.
```text
account user@example.com
host smtp.example.com
from user@example.com
auth on
user user@example.com
passwordeval secret-tool lookup Title "user@example.com"
```
This section is where things get tedious. When passing an email to `msmtp`, it
looks at the `From:` header and searches for a block with a matching `from`
line. If it finds one, it will use those configuration options to relay the
email. `host` is simply the SMTP server of your mail provider, sometimes this is
`mail.example.com`, `smtp.example.com`, etc. I've already explained `from`,
`auth` simply says that a username and password will have to be provided, `user`
is that username, and `passwordeval` is a method to obtain the password.
When I got to configuring `msmtp`, [KeePassXC](https://keepassxc.org/) had just
released their `libsecret` integration and I wanted to try it. `secret-tool` is
a command line tool used to store and retrieve passwords from whatever keyring
you're using. I think KDE has `kwallet` and GNOME has `gnome-keyring` if you
already have those set up and want to use them; the process should be quite
similar regardless.
As mentioned above `secret-tool` stores and retrieves passwords. For retrieval,
it expects the command to look like this.
```text
secret-tool lookup {attribute} {value} ...
```
I don't know what `kwallet` and `gnome-keyring`'s attributes are but this can be
used with KeePassXC by specifying the `Title` attribute. If the password to your
email account is stored in KeePassXC with the address as the entry title, you
can retrieve it by simply running...
```text
secret-tool lookup Title "user@example.com"
```
If you have a different naming system, you'll have to experiment and try
different things; I don't know what KeePassXC's other attributes are so I can't
give other examples.
```text
passwordeval gpg -dq ~/.mail_pass/use_exa.gpg
```
Now that the whole block is assembled, copy/paste/edit for as many accounts as
you want to send email from.
## Summary {#summary}
## <span class="org-todo todo TODO">TODO</span> Pong fluffy when finished {#pong-fluffy-when-finished}

View File

@ -0,0 +1,373 @@
---
title: "Audacity and the telemetry pull request"
author: ["Amolith"]
lastmod: 2023-01-27T13:00:37-05:00
tags: ["Open source culture", "Audio editing", "Music", "Drama"]
categories: ["Technology"]
draft: true
---
Five days ago at the time of writing, [Dmitry Vedenko](https://github.com/crsib)
opened a Pull Request (PR) in [Audacity's GitHub
repository](https://github.com/audacity/audacity/pull/835) entitled [_Basic
telemetry for the Audacity_.](https://github.com/audacity/audacity/pull/835)
About two days later, all hell broke loose. That PR now has over 3.3 thousand
downvotes and more than one thousand comments from nearly 400 individuals. I
started reading the posts shortly after they began and kept up with them over
the following days, reading every single new post. I recognise that few people
are going to feel like wading through over 1k comments so this is my attempt to
provide a summary of the PR itself using the community's code reviews along with
a summary of the various opinions conveyed in the comments.
When I reference comments, I'll provide a footnote that includes a link to the
comment and a link to a screenshot just in case it's removed or edited in the
future.
## Audacity's acquisition {#audacity-s-acquisition}
I haven't been able to find _much_ information in this area so forgive me if I'm
scant on details.
On 30 April, a company called [Muse Group](https://mu.se/) acquired
[Audacity.](https://www.audacityteam.org/) According to [their
website](https://mu.se), Muse is the parent company behind many musical
applications and tools. It was founded by Eugeny Naidenov just days before it
acquired Audacity. Before all of this, Eugeny Naidenov founded [Ultimate
Guitar](https://www.ultimate-guitar.com/) (UG) in 1998. The service grew rather
quickly and now has over 300 million users. UG acquired [Dean Zelinsky
Guitars](https://deanzelinsky.com/) in 2012, [Agile
Partners](http://agilepartners.com/) in 2013,
[MuseScore](https://musescore.org/) in 2017, and
[Crescendo](http://trycrescendo.com/) in 2018. Muse Group was established in
2021 and it seems as if all of the services UG acquired were (or will be)
transferred to Muse Group, as well as UG itself. Immediately following its
establishment, Muse not only acquired Audacity but also
[StaffPad.](https://www.staffpad.net/)
I say 30 April because that's when Muse published their [press
release](https://mu.se/newsroom/tpost/6dhedma301-muse-group-acquires-audacity-expanding-c)
and when Martin Keary (Tantacrul) published a video entitled [_Im now in charge
of Audacity. Seriously._](https://www.youtube.com/watch?v=RMWNvwLiXIQ) According
to his comment,[^fn:1] Martin will help with proposing Audacity's roadmap and
many of its future features as well as working with the community. This has been
his role with MuseScore since he joined that project and he will be continuing
it here.
`-----BEGIN PERSONAL OPINION-----`
Looking at [his website,](https://www.martinkeary.com/) I also suspect he will
play a large role in redesigning Audacity's interface. Considering that he was
instrumental in designing [the best mobile interface I've ever had the absolute
pleasure of experiencing,](https://www.martinkeary.com/#/ubuntu-touch-os/) I
have high hopes that this is the case.
`------END PERSONAL OPINION------`
## Telemetry implementation {#telemetry-implementation}
### Implementation Basics {#implementation-basics}
A few days after the acquisition, a PR was opened that adds _Basic telemetry for
the Audacity_. This implementation collects "application opened" events and
sends those to Yandex to estimate the number of Audacity users. It also collects
session start and end events, errors for debugging, file used for import and
export, OS and Audacity versions, and the use of effects, generators, and
analysis tools so they can prioritise future improvements. Sending this data
would be optional and the user would be presented with a dialogue the first time
they launch the application after installation or after they update to the
including release. This description was mostly copied directly from [the PR
description
itself.](https://github.com/audacity/audacity/pull/835#issue-629891447)
### Frontend Implementation {#frontend-implementation}
This is fairly straightforward and a pretty standard UI for prompting users to
consent to analytics and crash logging. This section is included because the
community has strong opinions regarding the language used and its design, but
that will be discussed later. The screenshot below is copied directly from the
PR.
{{< figure
src="~/repos/sites/secluded/static/assets/pngs/audacity-pr/consentdialogue.png"
link="~/repos/sites/secluded/static/assets/pngs/audacity-pr/consentdialogue.png"
> }}
### Backend Implementation {#backend-implementation}
Many of the code reviews include the reviewer's personal opinion so I will
summarise the comment, provide the code block in question, and link directly to
the comment in a footnote.[^fn:2]
```c
if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n")))
return false;
```
[Lines 199-200 of
TelemetryManager.cpp](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/libraries/lib-telemetry/TelemetryManager.cpp#L199-L200)
save the user's unique client ID to a file.[^fn:3] This allows the analytics
tool (in this case, Google Analytics) to aggregate data produced by a single
user.
```c
def_vars()
set( CURL_DIR "${_INTDIR}/libcurl" )
set( CURL_TAG "curl-7_76_0")
```
[Lines 3-6 of
CMakeLists.txt](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L3-L6)
"vendor in" libcurl.[^fn:4] This is when an application directly includes
sources for a utility rather than making use utilities provided by the system
itself.
```c
ExternalProject_Add(curl
PREFIX "${CURL_DIR}"
INSTALL_DIR "${CURL_DIR}"
GIT_REPOSITORY https://github.com/curl/curl
GIT_TAG ${CURL_TAG}
GIT_SHALLOW Yes
CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS}
)
```
[Lines 29-36 of
CMakeLists.txt](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/cmake-proxies/libcurl/CMakeLists.txt#L29-L36)
add curl as a remote dependency.[^fn:5] This means that the machine building
Audacity from its source code has to download curl during that build.
```c
S.Id (wxID_NO).AddButton (rejectButtonTitle);
S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault ();
```
[Lines 93-94 of
TelemetryDialog.cpp](https://github.com/crsib/audacity/blob/c9264d2478fe2af82aeb6e2a0295b00b3a27ce53/src/telemetry/TelemetryDialog.cpp#L93-L94)
add buttons to the dialogue asking the user whether they consent to data
collection.[^fn:6] `SetDefault` focuses the button indicating that the user does
consent. This means that if the user doesn't really look at the dialogue and
presses Spacebar or Enter, or if they do so accidentally by simply bumping the
key, they unintentionally consent to data collection. If the user desires, this
can later be changed in the settings menu. However, if they weren't aware what
they were consenting to _or that they did consent_, they won't know to go back
and opt out.
There are other problems with the code that include [simple
mistakes,](https://github.com/audacity/audacity/pull/835#discussion_r628816050)
[styling that's inconsistent with the rest of the
project,](https://github.https//github.com/audacity/audacity/pull/835#discussion_r628774985)
[unhandled return values resulting in skewed
data,](https://github.com/audacity/audacity/pull/835#discussion_r628500849) [use
of inappropriate
functions,](https://github.com/audacity/audacity/pull/835#discussion_r628792423)
and [spelling errors in the
comments.](https://github.com/audacity/audacity/pull/835#discussion_r628818054)
I believe these are less important than those above so they won't be discussed.
## Community opinions {#community-opinions}
There were many strong opinions regarding both the frontend and backend
implementations of this PR, from the wording of the dialogue and highlighting
the consent button to devices running something other than Windows and macOS not
being able to send telemetry and thus skewing the data that _was_ collected.
### Opinions on the frontend {#opinions-on-the-frontend}
Really, the only frontend here is the consent dialogue. However, there are
_many_ comments about it, the most common of which is probably that the wording
is not only too vague[^fn:7] but also inaccurate.[^fn:8] The assertion that
Google Analytics are not anonymous and any data sent can be trivially
de-anonymised (or de-pseudonymised) is repeated many times over. Below are a few
links to comments stating such. I searched for the term _"anonymous"_, copied
relevant links, and stopped when my scrollbar reached halfway down the page.
- [r628156527](https://github.com/audacity/audacity/pull/835#discussion_r628156527)
- [833969780](https://github.com/audacity/audacity/pull/835#issuecomment-833969780)
- [833969933](https://github.com/audacity/audacity/pull/835#issuecomment-833969933)
- [r627995927](https://github.com/audacity/audacity/pull/835#discussion_r627995927)
- [834358022](https://github.com/audacity/audacity/pull/835#issuecomment-834358022)
- [834377549](https://github.com/audacity/audacity/pull/835#issuecomment-834377549)
- [834382007](https://github.com/audacity/audacity/pull/835#issuecomment-834382007)
- [834385463](https://github.com/audacity/audacity/pull/835#issuecomment-834385463)
- [834405825](https://github.com/audacity/audacity/pull/835#issuecomment-834405825)
- [834531779](https://github.com/audacity/audacity/pull/835#issuecomment-834531779)
- [834546874](https://github.com/audacity/audacity/pull/835#issuecomment-834546874)
- [834638000](https://github.com/audacity/audacity/pull/835#issuecomment-834638000)
The next most pervasive comment is regarding the consent buttons at the bottom
of the dialogue where users opt in or out.[^fn:9] Many individuals call this
design a _dark pattern_. Harry Brignull, a UX specialist focusing on deceptive
interface practises, describes dark patterns as [_tricks used in websites and
apps that make you do things that you didn't mean
to_.](https://www.darkpatterns.org/) The dark pattern in this situation is the
opt-in button being highlighted. Many community members assert that users will
see the big blue button and click it without actually reading the dialogue's
contents. They just want to record their audio and this window is a distraction
that prevents them from doing so; it needs to get out of the way and the
quickest way to dismiss it is clicking that blue button. Below is a list of some
comments criticising this design.
- [834286641](https://github.com/audacity/audacity/pull/835#issuecomment-834286641)
- [834358022](https://github.com/audacity/audacity/pull/835#issuecomment-834358022)
- [834399813](https://github.com/audacity/audacity/pull/835#issuecomment-834399813)
- [834479968](https://github.com/audacity/audacity/pull/835#issuecomment-834479968)
- [835250737](https://github.com/audacity/audacity/pull/835#issuecomment-835250737)
- [835253882](https://github.com/audacity/audacity/pull/835#issuecomment-835253882)
- [835291066](https://github.com/audacity/audacity/pull/835#issuecomment-835291066)
- [835445481](https://github.com/audacity/audacity/pull/835#issuecomment-835445481)
Another issue that was brought up by a couple of individuals was the lack of a
privacy policy.[^fn:10] The consent dialogue links to one, but, at the time of
writing, one does not exist at [the provided
URL.](https://www.audacityteam.org/contact/privacy-policy/) I have [archived the
state of the
page](https://web.archive.org/web/20210510012924/https://www.audacityteam.org/contact/privacy-policy/)
in case that changes in the future.
### Opinions on the backend {#opinions-on-the-backend}
```c
if (!inputFile.Write (wxString::FromUTF8 (ClientID + "\n")))
return false;
```
The issue many individuals take with this snippet is saving the `ClientID`. Say
an individual has an odd file that causes Audacity to crash any time they try to
open it. Say they attempt to open it a hundred times. Without giving the client
a unique ID, it could look like there are 100 people having an issue opening a
file instead of just the one. However, by virtue of each installation having an
entirely unique ID, this telemetry _is not anonymous_. Anonymity would be
sending statistics in such a way that connecting those failed attempts to a
single user would be impossible. At best, this implementation is _pseudonymous_
because the client is given a random ID, you don't have to sign in with an
account or something.
```c
def_vars()
set( CURL_DIR "${_INTDIR}/libcurl" )
set( CURL_TAG "curl-7_76_0")
```
Timothe Litt's comment gives a good description of why "vendoring in" libcurl is
a bad idea[^fn:11] and Tyler True's comment gives a good overview of the pros
and cons of doing so.[^fn:12] Many people take issue with this _specifically_
because it's libcurl. Security flaws in it are _very_ common and Audacity's copy
would need to be _manually_ kept up to date with every upstream release to
ensure none of its vulnerabilities can be leveraged to compromise users. If the
Audacity team was going to stay on top of all of the security fixes, they would
need to release a new version every week or so.
```c
ExternalProject_Add(curl
PREFIX "${CURL_DIR}"
INSTALL_DIR "${CURL_DIR}"
GIT_REPOSITORY https://github.com/curl/curl
GIT_TAG ${CURL_TAG}
GIT_SHALLOW Yes
CMAKE_CACHE_ARGS ${CURL_CMAKE_ARGS}
)
```
The problem with downloading curl at build-time is that it's simply disallowed
for many Linux- and BSD-based operation systems. When a distribution builds an
application from source, its build dependencies are often downloaded ahead of
time and, as a security measure, the build machine is cut off from the internet
to prevent any interference. Because this is disallowed, the build will fail and
the application won't be available on those operation systems.
Note, however, that these build machines would have the option to disable
telemetry at build-time. This means the machine wouldn't attempt to download
curl from GitHub and the build would succeed but, again, telemetry would be
disabled for anyone not on Windows or macOS. This defeats the whole purpose of
adding telemetry in the first place.
```c
S.Id (wxID_NO).AddButton (rejectButtonTitle);
S.Id (wxID_YES).AddButton (acceptButtonTitle)->SetDefault ();
```
There was a lot of feedback about the decision to highlight the consent button
but that was mentioned up in the frontend section; I won't rehash it here.
### Broader and particularly well-structured comments {#broader-and-particularly-well-structured-comments}
These are simply some comments I feel deserve particular attention.
From SndChaser...
- [834037351](https://github.com/audacity/audacity/pull/835#issuecomment-834037351)
-
## The Audacity team's response {#the-audacity-team-s-response}
---
## The privacy policy modification {#the-privacy-policy-modification}
<https://github.com/audacity/audacity/issues/1213#issuecomment-875274890>
[^fn:1]:
[Link to the
comment](https://github.com/audacity/audacity/pull/835#issuecomment-836069326)
and [link to the screenshot](/assets/pngs/audacity-pr/tantacrulrole.png)
[^fn:2]:
Note that because I am not a C programmer, these reviews might not be
entirely accurate and I wouldn't be able to catch the reviewer's error. I am
relying on other community members to catch issues and comment on them; none
of the reviews I link to have such comments so I'm assuming they are
correct.
[^fn:3]:
[Link to the
review](https://github.com/audacity/audacity/pull/835#discussion_r627993755) and
[link to the screenshot](/assets/pngs/audacity-pr/writeanalyticsid.png)
[^fn:4]:
[Link to the
review](https://github.com/audacity/audacity/pull/835#discussion_r628005925) and
[link to the screenshot](/assets/pngs/audacity-pr/vendorcurl.png)
[^fn:5]:
[Link to the
review](https://github.com/audacity/audacity/pull/835#discussion_r628008821) and
[link to the screenshot](/assets/pngs/audacity-pr/externaldependency.png)
[^fn:6]:
[Link to the
review](https://github.com/audacity/audacity/pull/835#discussion_r628124998) and
[link to the screenshot](/assets/pngs/audacity-pr/defaultconsentbutton.png)
[^fn:7]:
[Link to the
comment](https://github.com/audacity/audacity/pull/835#discussion_r627756976)
and [link to the screenshot](/assets/pngs/audacity-pr/vaguedialogue.png)
[^fn:8]:
[Link to the
comment](https://github.com/audacity/audacity/pull/835#discussion_r627764300)
and the screenshot is the same as previous
[^fn:9]:
[Link to the
comment](https://github.com/audacity/audacity/pull/835#issuecomment-834286641)
and [link to the screenshot](/assets/pngs/audacity-pr/darkpattern.png)
[^fn:10]:
[Link to the
comment](https://github.com/audacity/audacity/pull/835#discussion_r627762185)
and [link to the screenshot](/assets/pngs/audacity-pr/missingprivacypolicy.png)
[^fn:11]:
[Link to the
comment](https://github.com/audacity/audacity/pull/835#issuecomment-834451187)
and [link to the screenshot](/assets/pngs/audacity-pr/privatelibcurl.png)
[^fn:12]:
[Link to the
comment](https://github.com/audacity/audacity/pull/835#issuecomment-834010117)
and [link to the screenshot](/assets/pngs/audacity-pr/vendorproscons.png)

View File

@ -0,0 +1,8 @@
---
title: "Email can be pleasant, but like all good things, it takes work"
author: ["Amolith"]
lastmod: 2023-01-27T13:00:36-05:00
categories: ["Meta"]
draft: true
toc: true
---

View File

@ -1,10 +1,9 @@
---
title: "Focus intentionally"
author: ["Amolith"]
author: Amolith
lastmod: 2022-04-23T21:12:29-04:00
categories: ["Meta"]
draft: true
toc: true
---
I am too easily distracted. Sitting at my desk on an average day, I have movies,
@ -18,22 +17,21 @@ Putting all of this together results in terrible productivity and incessant
procrastination If my primary task is something I'm less-than-motivated to
accomplish.
In a recent episode of _The Art of Manliness_, Brett McKay interviews Dr. BJ Fogg
about his new book, _Tiny Habits: The Small Changes That Change Everything_. One
of Dr. Fogg's statements in this episode stuck with me; when training yourself
to adopt new behaviours, there are three things that must factors that determine
your success: motivation, ability, and a prompt. A prompt is just something that
reminds you of the behaviour you're trying to adopt. The act of brushing your
teeth might be the prompt for flossing. The act of flossing might be the prompt
for making coffee. In my situation, the prompt is just needing to get work done
so we'll ignore that factor. Ability refers to how simple you find the task and
motivation is how motivated you are to accomplish it. These last two must
balance each other out; if your motivation to complete the task is low, your
ability must be high — the task must be easy, while if your ability is low, your
motivation must be rather high.
In a recent episode of _The Art of Manliness_, Brett McKay interviews Dr. BJ
Fogg about his new book, _Tiny Habits: The Small Changes That Change
Everything_. One of Dr. Fogg's statements in this episode stuck with me; when
training yourself to adopt new behaviours, there are three things that must
factors that determine your success: motivation, ability, and a prompt. A prompt
is just something that reminds you of the behaviour you're trying to adopt. The
act of brushing your teeth might be the prompt for flossing. The act of flossing
might be the prompt for making coffee. In my situation, the prompt is just
needing to get work done so we'll ignore that factor. Ability refers to how
simple you find the task and motivation is how motivated you are to accomplish
it. These last two must balance each other out; if your motivation to complete
the task is low, your ability must be high — the task must be easy, while if
your ability is low, your motivation must be rather high.
## Notes {#notes}
## Note
- Close primary browser with a million tabs open and use Epiphany
- Close all the chat apps
@ -42,8 +40,7 @@ motivation must be rather high.
- Take off your smart/fitness watch
- If you listen to music, make it something calming, not eclectic
## References {#references}
## References
- [The Art of Manliness: Become a Focused Monotasker](https://www.artofmanliness.com/character/behavior/monotasking-podcast/)
- [The Art of Manliness: The Tiny Habits That Change Everything](https://www.artofmanliness.com/character/habits/podcast-581-the-tiny-habits-that-change-everything/)

View File

@ -9,26 +9,27 @@ toc: true
---
This is primarily intended for people new to FreeBSD. If you're already familiar
with it, [the wiki page](https://wiki.freebsd.org/Laptops/Framework_Laptop) will probably tell you everything you need. I had no idea
what I was doing so I had no idea what I was looking for! I had been beating my
head against a wall for about three hours before I decided to join `#freebsd` on
[Libera.Chat](https://libera.chat/); the people there were friendly, helpful, and gave me tons of great
advice. I highly recommend popping in if you have any issues!
with it, [the wiki page](https://wiki.freebsd.org/Laptops/Framework_Laptop) will
probably tell you everything you need. I had no idea what I was doing so I had
no idea what I was looking for! I had been beating my head against a wall for
about three hours before I decided to join `#freebsd` on
[Libera.Chat](https://libera.chat/); the people there were friendly, helpful,
and gave me tons of great advice. I highly recommend popping in if you have any
issues!
## The Handbook {#the-handbook}
Open [the handbook.](https://docs.freebsd.org/en/books/handbook/) Follow [the handbook.](https://docs.freebsd.org/en/books/handbook/) Read [the whole handbook.](https://docs.freebsd.org/en/books/handbook/) The developers
spend a _lot_ of time making sure it's the best resource available for learning
FreeBSD. In most cases, it will have an answer for any question related to
FreeBSD.
Open [the handbook.](https://docs.freebsd.org/en/books/handbook/) Follow [the
handbook.](https://docs.freebsd.org/en/books/handbook/) Read [the whole
handbook.](https://docs.freebsd.org/en/books/handbook/) The developers spend a
_lot_ of time making sure it's the best resource available for learning FreeBSD.
In most cases, it will have an answer for any question related to FreeBSD.
That said, the Framework laptop is so new that it's not fully supported by the
current stable release, so for now, we'll need to diverge a bit. This guide is
really only applicable until the release of FreeBSD 13.1 and until `drm-kmod` hits
version 5.5+. Once those two criteria are met, following the handbook should be
entirely sufficient!
really only applicable until the release of FreeBSD 13.1 and until `drm-kmod`
hits version 5.5+. Once those two criteria are met, following the handbook
should be entirely sufficient!
## The Source {#the-source}
@ -36,15 +37,15 @@ In section 2.5.3 of the handbook/installer, make sure you tick the `src` box to
download the FreeBSD source code. It'll be necessary for building our graphics
drivers later on.
## The Graphics {#the-graphics}
This is where things are less-than-ideal at the moment. _Usually_, installing
[graphics/drm-kmod](https://cgit.freebsd.org/ports/tree/graphics/drm-kmod) would be sufficient, but the version in both FreeBSD's package
repos and in the ports tree is too old. At the time of writing, it's compatible
with Linux kernel 5.4 while the Framework's drivers are in Linux kernel 5.5+.
We'll need to clone the _sources_ for `graphics/drm-kmod`, check out a more recent
branch, build the drivers, and use those instead.
[graphics/drm-kmod](https://cgit.freebsd.org/ports/tree/graphics/drm-kmod) would
be sufficient, but the version in both FreeBSD's package repos and in the ports
tree is too old. At the time of writing, it's compatible with Linux kernel 5.4
while the Framework's drivers are in Linux kernel 5.5+. We'll need to clone the
_sources_ for `graphics/drm-kmod`, check out a more recent branch, build the
drivers, and use those instead.
I'm not 100% certain whether the first step here is necessary but I don't feel
like reinstalling to check.
@ -56,27 +57,32 @@ like reinstalling to check.
```bash
git clone https://github.com/freebsd/drm-kmod
```
4. Check out the `5.7-stable` branch with
```bash
git checkout -b 5.7-stable --track remotes/origin/5.7-stable
```
5. Build the package with `make`
6. Uninstall `drm-kmod` and all of its dependencies with `pkg remove drm-kmod`
followed by `pkg autoremove`
7. Install the more up-to-date drivers with `make install`
8. Make sure the module works as expected with `kldload /boot/modules/i915kms.ko`
8. Make sure the module works as expected with `kldload
/boot/modules/i915kms.ko`
9. If you suddenly see grey in your terminal, it works! Go ahead and add it to
your boot config by appending the following line to `/etc/rc.conf`
```text
kld_load="/boot/modules/i915kms.ko"
```
10. Reboot and you should be able to start Xorg as the handbook describes!
Again all of this information is available on [the FreeBSD wiki page for the
Framework laptop.](https://wiki.freebsd.org/Laptops/Framework_Laptop) The `Graphics` row in section 2 says _requires DRM-KMOD 5.5 or
higher. Fails to initialize with DRM-KMOD 5.4._ That's in reference to the
package we just built and installed.
Framework laptop.](https://wiki.freebsd.org/Laptops/Framework_Laptop) The
`Graphics` row in section 2 says _requires DRM-KMOD 5.5 or higher. Fails to
initialize with DRM-KMOD 5.4._ That's in reference to the package we just built
and installed.
Hope this helps!

View File

@ -0,0 +1,13 @@
\*\* TODO Making yourself overly available
\*\*\* References
[[https://www.nytimes.com/2021/03/05/opinion/ezra-klein-podcast-cal-newport.html?showTranscript=1][Stop. Breathe. We Cant Keep Working Like This.]]
**\* Notes
\*\*** Get rid of information that isn't important \***\* Escalate the info that is
\*\*** Set /clear/ boundaries for when you are available \***\* Enforce those with automatic DnD rules or use timers
\*\*** With groups...
**\*** Specialisation is /good/ and should be /encouraged/
**\*** /All/ of the above points apply with coworkers as well
\*\*\* TODO Pong Jake when finished

View File

@ -0,0 +1,5 @@
---
title: "Stop using gmail"
date: 2023-01-27T13:04:33-05:00
draft: true
---

View File

@ -0,0 +1,251 @@
---
title: 'Catchy title about Supernote being "the new paper"'
author: ["Amolith"]
lastmod: 2023-01-27T13:00:37-05:00
tags: ["Supernote", "Writing", "Productivity", "Organisation"]
categories: ["Technology"]
draft: true
toc: true
---
I like writing things down. I like the feel of the pen (preferably a fountain
pen) gliding smoothly over the paper, that nice solid feeling of the tip against
the table, seeing the ink dry as it flows from the nib, accidentally swiping my
hand through it before it's finished and smearing a bit of ink across the page,
then cursing under my breath as I dab it up with a handkerchief or a napkin or
something else nearby. I also love that writing things by hand [has an impact on
memory and improves
retention.](https://journals.sagepub.com/doi/abs/10.1177/0956797614524581)
## The problem {#the-problem}
Unfortunately, I don't love keeping up with that paper. Across many different
classes, even with dedicated folders for each one, something important
inevitably gets lost. Notebooks are also bulky and can take up a lot of space. I
tried [bullet journalling](https://bulletjournal.com/) for about a month earlier
this year and, while the process was enjoyable, the maintenance was not. My
brain moves faster than my pen (even though I have terrible handwriting) and I
inevitably forget letters or even whole words. This is a problem while writing
in pen because white-out looks ugly and I dislike wasting whole pages because of
a couple mistakes.
The obvious solution here is to get an iPad with an Apple Pen, right? Right??
Wrong because Apple bad.[^fn:1]
## The solution {#the-solution}
Enter the world of ... what are they even called? E-ink notebooks? Paper
tablets? E-R/W?[^fn:2] Do they even have a "device category" yet? I don't know,
but they solve my problem in a wonderful way.
As the names suggest, these are devices that can _usually_ open and read e-books
(EPUBs, PDFs, etc.), annotate them, and create standalone pages of notes as if
they were full notebooks. The most well-known of these devices is likely the
[reMarkable.](https://remarkable.com/) They had a [hugely successful
crowdfunding
campaign](https://venturebeat.com/2019/10/08/remarkable-raises-15-million-to-bring-its-e-paper-tablets-to-more-scribblers/)
and produced the reMarkable 1, followed by [the reMarkable 2 in 2020.](https://blog.remarkable.com/remarkable-2-the-next-generation-paper-tablet-91b47d0080cb)
There are a few devices like these by now but we'll look at the reMarkable
first.
## The reMarkable {#the-remarkable}
This device boasts all of the features I was looking for. It renders digital
content, from books and manuals to comics and manga, allows you to mark those
documents up as you would if they were physical media, create full notebooks of
hand written text, organise them, search, and, if your handwriting is legible
enough (mine certainly is not), perform OCR on your notes and email a
transcription to yourself. It even runs Linux and the developers have opened SSH
up so you can remote in and tinker with it as much as you like. Because of this,
there's a pretty awesome [community of people creating third-party tools and
integrations](https://github.com/reHackable/awesome-reMarkable) that add even
further functionality. My favourite is probably
[rMview,](https://github.com/bordaigorl/rmview) a really fast VNC client for the
reMarkable that allows you to view your device's screen on any computer.
After watching all of [MyDeepGuide's](https://www.youtube.com/c/MyDeepGuide)
[extensive playlist on the
reMarkable,](https://www.youtube.com/playlist?list=PLsSI9-gaSSmiXwb7Vjk5Vb-nB41UTnrXd)
however, I decided to go with a different product.
## Enter the Supernote A5X {#enter-the-supernote-a5x}
The [Supernote A5X](https://www.supernote.com/#/product?type=SN-A5-X) has all of
the basic features the reMarkable has: reading documents, writing notes, and
organising your content. Its implementation, on the other hand, seems to be much
more polished. It also lacks some features from the reMarkable while adding
others.
## Operating System {#operating-system}
While the reMarkable runs Codex,[^fn:3] a _"custom Linux-based OS optimised for
low-latency e-paper"_, the Supernote just runs Android. There are both benefits
and detriments to this; on one hand, they're running all of Android, bloated
that it is, on a very lightweight tablet. On the other, they don't have to
develop and maintain a custom operating system. This allows them to focus on
other aspects that are arguably more important so I don't actually mind that it
runs Android.
The only place that Android stands out is in system operations; file transfer
uses MTP and, when you swipe down from the top of the device, a small bar
appears similar to what was in early Android. This lets you change WiFi
networks, sync with the Supernote Cloud, take a screenshot, search, and access
the system settings. Nothing else about the device really screams Android to me.
## Community {#community}
I don't usually browse Reddit but [the Supernote
community](https://old.reddit.com/r/Supernote/) there is fascinating. I haven't
looked around enough to know exactly what his relationship is with the company,
but one of the members, [u/hex2asc,](https://old.reddit.com/user/hex2asc) seems
to represent Supernote in something of an official capacity. He's incredibly
active and usually responds to posts and questions within a day or two.
Before I purchased a Supernote, [I wrote a
post](https://old.reddit.com/r/Supernote/comments/lhffyd/sync_targets_open_document_formats_and_crossnote/)
asking about a couple of things that concerned me: sync targets, open document
formats, and cross-note links. I don't really plan to write full documents on
the device but having the option to do so would still be nice. The other
features are absolutely killer for me as I would like to maintain a Zettelkasten
(I wrote about [using Vim to do so](/vim-as-a-markdown-editor/) last year but
didn't end up sticking with it) and manage document synchronisation with my own
Nextcloud server. The community was quick to respond and confirm that
Zettelkasten functionality would be implemented soon™. u/hex2asc responded _the
day after_ and said that WebDAV would be supported but not earlier than May
(September update: it's still not supported), ODF would likely not be supported,
and cross-note links were definitely a possibility. Another community member has
been avidly following the subreddit and even put together an [unofficial
roadmap.](https://app-rm.roadmunk.com/publish/03e6dca3d769e2b7015f7f48a649cb3f75f44d9e)
## Interfaces {#interfaces}
### Home &amp; Organisation {#home-and-organisation}
#### <span class="org-todo todo TODO">TODO</span> Record very short video about home/organisation {#record-very-short-video-about-home-organisation}
### Settings {#settings}
#### <span class="org-todo todo TODO">TODO</span> Record very short video about settings {#record-very-short-video-about-settings}
### Writing &amp; Annotating {#writing-and-annotating}
The following images are screenshots of the full page above with the possible UI
variations while reading a book. This first one is default, with the editing bar
at the top. It is exactly the same as what's displayed on the blank pages for
hand writing full notes. From left to right is the Table of Contents toggle, the
pen tools (fineliner, "fountain" pen,[^fn:4] and highlighter), the erasers,
lasso select tool, undo/redo, context menu, palm rejection toggle, previous
page, goto page, next page, and exit.
{{< figure
src="~/repos/sites/secluded/static/assets/pngs/supernote-reader-default.png" >}}
You can hold your finger on that bar and drag it down to detach it from the top.
The default width exposes all the tools without whitespace. You can move it
around the screen by dragging the circle with a straight line through the middle
on the far left.
{{< figure
src="~/repos/sites/secluded/static/assets/pngs/supernote-reader-medium.png" >}}
If you tap that circle, the width shrinks and everything except the pens,
erasers, and undo/redo buttons are hidden. It can be dragged the same was as in
the previous image and tapping that circle will expand the bar again.
{{< figure
src="~/repos/sites/secluded/static/assets/pngs/supernote-reader-small.png" >}}
The last mode is with the bar completely hidden. You achieve this just by
dragging it to the right edge of the screen. Once hidden, you can swipe right to
left from the edge and it will be revealed flush with the right edge.
{{< figure
src="~/repos/sites/secluded/static/assets/pngs/supernote-reader-minimal.png" >}}
## Experience {#experience}
### Reading content {#reading-content}
I love e-ink. I think it looks beautiful and would love to have an e-ink
monitor.[^fn:5] That said, the Supernote has an especially nice display with 226
PPI (pixels per inch). The image below was taken with my phone's camera so it's
not very good. However, if you zoom in a bit, you can see that the curved edges
of some letters are _slightly_ pixellated. Viewing with my naked eye at a
comfortable distance, it does look better _to me_ than some of my print books,
however.
{{< figure
src="~/repos/sites/secluded/static/assets/pngs/supernote-resolution.png" >}}
_At the moment,_ I am pretty disappointed with Table of Contents detection for
ePUBs. A great many of my books seem to use a legacy ToC format that the
Supernote sees and tries/fails to read before attempting to read the more
up-to-date one. This is easily remedied by editing the ePUB in
[Calibre,](https://calibre-ebook.com/) going to Tools → Upgrade Book Internals →
Remove the legacy Table of Contents in NCX format. You might need to make a
small change to one of the HTML files and revert it before the save button is
enabled. After that, just copy it back over to the Supernote and everything
should work properly.
### Writing notes {#writing-notes}
I write notes as often if not _more_ often than I read and annotate books. It's
the main reason I purchased the device and I love the experience. The Supernote
doesn't _really_ feel like paper despite what their marketing materials claim,
though it doesn't feel _bad_ either. It's hard to describe but I would say it's
something like writing with a rollerball pen on high-quality paper with a marble
counter underneath: incredibly smooth with but a little bit of texture so it
doesn't feel like writing on a glass display.
While writing latency[^fn:6] is noticeable, I really don't have a huge issue
with it. I write very quickly but find that the slight latency actually makes
writing _more_ enjoyable. It sounds weird and I'm not sure why, but I _really_
like writing on the Supernote; it's wonderfully smooth, pressure-sensitive, the
latency makes things interesting, and [the Heart of Metal
pen](https://supernote.com/#/part?id=SP-04) feels good in my hand.
### Surfacing Content {#surfacing-content}
While organisation is done using a regular filesystem hierarchy, the Supernote
does have other ways to search for and surface your notes. As you're writing,
you can use the lasso select tool and encircle a word. A little dialogue pops up
and gives you a few buttons for things you can do with that selection: copy,
move to another page, cut, add it to the Table of Contents, or mark it as a key
word. If you select the key word icon, the Supernote does some incredible
OCR[^fn:7] on it and displays a dialogue where you can add it to the note file
as a tag. This dialogue allows you to edit the word before adding it just in
case the OCR was wonky. Even with my terrible handwriting, I've found that it
works very well and I rarely have to make edits.
## <span class="org-todo todo TODO">TODO</span> Ping Isi and Volpeon when finished {#ping-isi-and-volpeon-when-finished}
[^fn:1]:
I dislike Apple's operating system, their hardware, business model, privacy
practises, and much of what they stand for as a company. Don't @ me.
[^fn:2]:
E-R/W is a play on media commonly being labelled as R/W when you can read
from it and write to it.
[^fn:3]:
Taken from their [support page about the reMarkable
2;](https://support.remarkable.com/hc/en-us/articles/360006699537-About-reMarkable-2-)
search the page for _operating system_ and it should show up.
[^fn:4]:
It's not really a fountain pen even though that's what they call it; it's
just pressure-sensitive.
[^fn:5]:
There does seem to be a group of people interested in just such a thing:
_[Challenges Building an Open-Source E Ink
Laptop](https://alexsoto.dev/challenges-building-an-open-source-eink-laptop.html)_
[^fn:6]:
In this situation, latency refers to how long it takes for "ink" to show up
on the "page" after writing something.
[^fn:7]:
_Optical Character Recognition_: the program looks at your handwriting and
tries to turn it into text.