Faith Goldy – I Love You…

Not in a creepy stalker kind of way, just as a Fellow Traveler “I feel your pain” kind of way….

I started writing this piece one day, but now as I’m about to finish, find Faith Goldy was fired by The Rebel. Shame on The Rebel for that. So I’ve added that bit in the text below.

Now, the big question, can I “repeat the chain” of connections that got me here for proper attribution…. (One doesn’t know they will need attribution until they reach the end of the chain… sometimes that’s too late…)

First, the attribution for the picture of the car heading into the crowd down below, and for the “The Rebel” update:

The picture is from:

https://amgreatness.com/2017/08/16/really-fault-charlottesville/

reached from a link here (h/t Another Ian):

https://chiefio.wordpress.com/2017/08/14/w-o-o-d-weekly-occasional-open-discussion/#comment-85924

That Faith was “let go” showed up from here:

https://www.therebel.media/why_we_had_to_say_goodbye_to_faith_goldy

Found from here:

http://www.smalldeadanimals.com/2017/08/reader-tips-3930.html#comment-1119598

I have no idea what was in the “offending” podcast:

I was upset that she went to the Charlottesville protests, despite my direction to her not to go in any capacity.

But we all screw up — you don’t throw someone overboard for making a mistake. Each of us are second chancers, our whole company is a second chance.

But then I saw the news that she went on a podcast from the Daily Stormer, and it was just too far. So we said goodbye.

To me, it looks more like the “editor” wanted to muzzle a “reporter” AND have exclusive control of them. Hard to be an independent journalist under those rules.

So given that Faith is now “out” there, I’m seeing my comments as more “supportive in time of need” than when first written. But back to the main thread…

Another Ian (H/T!) here:

https://chiefio.wordpress.com/2017/08/14/w-o-o-d-weekly-occasional-open-discussion/#comment-85838

Pointed at this article:

http://www.smalldeadanimals.com/2017/08/well-said.html

That mostly points here:

https://www.therebel.media/charlottesville_in_my_own_words

Which has a video and the text transcript of a very good “rant” about how the Racist Insensitive Left (my words…) is causing and exploiting various racial tensions for their own gain.

What’s the text? Hit the link… but a sampler:

Charlottesville, In My Own Words
Faith GoldyRebel Host

A candid response in the wake of my on-the-ground reports from the so-called Unite The Right rally in Virginia this weekend:

But before I begin, a word to the hundreds of individuals who reached out expressing concern and gratitude for my reports. I am now safe and sound, and I can’t take credit for having done anything extraordinary. I simply kept my camera rolling.

It breaks my heart that a young woman left her house on Saturday morning and will never return. It’s horrific. Her family is in my prayers.

And I condemn James Field’s alleged actions in the strongest possible terms. I thank God for having been spared from the carnage.

Now, a word to the growing chorus of haters who have called me every slanderous name, threatened to dox those closest to me, and many of whom have wished me dead:

You do not define me.

So, allow me to define myself:

I do not bathe in tears of white guilt. That does not make me a white supremacist.

I oppose state multiculturalism and affirmative action. That does not make me a racist.

I reject cultural relativism. That does not make me a fascist.

I think the false song of “social justice” has rotted the West from the inside out. But I have never called for violence against any of their adherents.

I love my country and want its borders protected. That does not make me Alt Right.

And for Pete’s sakes, I work for a Jewish boss and am a Christian advocate for the one-state solution for Israel— I am not a damn neo-Nazi.

When I said that the Charlottesville Statement was a thoughtful document, it was not an endorsement. It was my sense that there were grounds upon which to engage in conversation — NOT PHYSICAL COMBAT — with the Alt Right, something I made very clear in my interviews, even encouraging the left to make a rebuttal to the 20 point manifesto.
[…]

Clarity. Understanding of context. Understanding of cause. Unflinching resolve to support truth.

Faith: I love you. Unconditionally.

(Do realize I’m married. Very married. So at most we can gaze longingly at each other from afar… provided you like old, overweight and somewhat geek like guys.. who bring their wife to events..)

But I do love you, unconditionally and with all my being. (Hey, it’s a “guy thing”. Happens a couple of times a year, so don’t read too much into it… even though I would die defending you… it’s what guys do…)

The Video:

It looks like Rebel Media is somewhere I need to start watching. (UPDATE: Or maybe not… now that they have shown they toss honest good people under the PC bus…)

Is it really so hard to understand that:

We love our history, even the crazy uncle who did bad shit.

We love our country. No, we don’t want to be some kind of Euro Lite.

I can love other races, yet not want to have my kid raised in a stew of “white guilt” for no reason.

(My family tree includes a large dose of Irish. We Irish Mob were brought to America largely as “indentured servants” which was theoretically 1/2 step above “slave” as you theoretically could buy your freedom. The reality was that your “debt” to the “patron” was ever growing, not shrinking. BTW, the Germanic / English said we had tails, were lazy, and were sub-human… so just why ought I feel “white guilt” again? Oddly, the rest of the family tree includes a lot of poor sailor English and Germans via Amish who were also not “owners” of much of anything, let alone people.)

So I reject entirely the whole idea of “White Guilt”. Why ought I, from a lineage similarly subjugated, who never had any slaves, never advocated for same, and generally have been on the bottom of the “ladder of shit” for generations, take onto myself the sins of MY oppressors? Eh?

BTW, my grandchildren are 100% at this point “mixed race” of an unknown in the specifics mix. (Nobody has cared enough to sort it out…) My mother and father have a modest number of grandchildren and great grandchildren at this point. They are an odd mix. Near as I can tell, we have American Indian, Spanish, Puerto Rican (may include black to some degree), Irish German French Italian and English (who have been trying to kill each other for at least 1000 years) and some amount of “Unknown” in the grandchildren and great grand children. So just who am I supposed to be “racist” toward, eh? My Grandson who is racially mixed? My Grand Niece who has hair and eyes black as coal and a spirit that could light a bonfire?

Yet, as a “dark ash blond” hair color person with skin transparent due to the ‘red head gene’ so “VERY white”, I have no doubt that the RACISTS in ANTIFA would want to attack me. Would I drive my car into a crowd of them if assaulted? Can I get back to you on that?…. I haven’t thought through my “respond with all possible force to attacks” vs “WTF are they attacking me for?” paradigm…

Now look at this photo of the car in question about to ram folks. Gee, looks like almost all white faces to me. Just how is it RACIST for a WHITE guy to run over WHITE PEOPLE? There’s one guy in a hoodie that might be dark, but I can’t tell if that’s just the shadow of the hoodie. In a video I did see at lest ONE Black Guy running out of the crowd. One. Maybe other folks can find more. But it is quite clear the general ANTIFA Mob are almost all WHITE.

Car about to run over ANTIFA group

In the sprit of Full Disclosure:

My first crush was at about age 4. My Dad sold stuff “door to door” and I was doing a ‘ride along” in his Chevy Station Wagon (filled with stuff to deliver or sell). At one home, there were some kids playing in the back yard. An “older women” of about 5, was running in the yard. She had long braids down her back. She ran like the wind. Slim and athletic. And the sun made her skin glisten like ebony. She was blacker than black and I was in love. (Did I mention it’s a guy thing? Happens a couple of times month when young, a couple a year when older? Women think guys don’t really love them, but we do. It’s just that it happens so often…)

Two decades later, my “date” to the High School Reunion was a Chinese girl. I’d had a crush on her from about 5th grade to 12th. We were born one day apart, in the same country hospital, and had spent our first days one bassinet away from each other. I’d “made my move” prior to the reunion, only to be informed that she was “in love with a black guy”… so we went to the reunion together. Me as “cover” for her very “unacceptable to parents black boyfriend” and she as “Me with the hot Asian chick” to get back at all those clods from High School.

I had paid $50 (about $150 in current dollars) for an “Afro” hair doo prior.. so picture a blondish tech nerd with an Afro and an “Asian Babe” at the reunion… Yeah, it was worth it… even if she didn’t really want the white guy when a hot black stud was on offer… How she explained the Black Dude to her family was something I never investigated…

The Point? Well, pretty simple. The two Japanese Guys in my graduating class married / had the hots for, a German Blond local and an Italian Hottie Local. The Very White Prom Queen married a Black Guy from out of town. My story you have already heard. Basically, we were ALL getting in each others pants and nobody cared what color or language or race or ethnicity you were. My Social Studies teacher in high school was married to my 3rd or 4th grade teacher (I’m a bit fuzzy on exact year…). She was a red-head and he was Japanese. I didn’t realize he was Japanese until about my Junior year. Yeah, we were that race blind in my racist home town…

So “color me racist” as I think ANTIFA thugs ought to be arrested and put in prison for violence and incitement to riot. Call me racist as I’m very very white… just don’t do it when I’m with my Puerto Rican /Dutch mixed somewhat easily tanned-brown daughter-in-law (whom I love and is a great person) or my mixed race grand-kids.

Call me racist, just don’t ask about my two first loves. The Glistening Black Athlete nor that Lovely Chinese who rebuffed me for the Black Dude. That none of us gave a crap about race might taint the narrative…

That’s the thing that bothers me about the Antifa and related folks. They just don’t get it, really. MANY of us have actually lived the “multicultural” dream. We know they are weak tea driven from some kind of fake guilt.

I happen to know that a couple of “regulars” here have mixed race marriages. I’ve spent the night in the home of one (how we got back from the bar and then how more Scotch was applied and we lived is beyond me ;-) Yet the simple fact is that we are all “OK with that”. Conservative beliefs are very race blind.

One of the more conservative folks I’ve known was a black guy married to a Pilipino lady living in Texas… But they moved to a Korean USAF air base last I heard… (Can you say “really multicultural” ? I knew you could…) Tellas, if you are out there, I miss you bro!

My point? Two of my “closest friends” have been a Mexican Kid and a Black Guy. I grew up with the first one and worked with / hung out with the second. Yet because I am white other White ANTIFA assholes would attack me if I wanted to preserve our history, and talk about or understand that many on the Confederate side were loyal to their State and had no interest in slavery, one way or the other.

There is an attempt by the Left and the Democrats (who largely ran the Confederacy…) to make all things about the Confederacy and the Civil War things about race, and to use it as a ‘wedge issue’ to divide people. I refuse to be divided from my mix-race family nor from my multi-race collection of friends.

I also will remind folks that the War Between The States started as a States Rights issue. To prevent an overly strong oppressive Central Authority rising to power. Looking at D.C. now, I wish The South had won. Slavery was NOT an issue until the North was getting into trouble. Lincoln did NOT want to abolish slavery until he was losing. Then he made it an issue to gin up support for an unpopular war.

Slavery was also race blind. There were black slave OWNERS too. In other countries, various races were enslaved, including the raids by dark Muslims on Celtic and British villages.

But by the 1800s, slavery was dying out. It still isn’t quite dead, it lives on in parts of Africa and Asia, mostly. But the Roman style of a society based on a majority of slave labor was ending under its own weight globally. The British were losing control of their slave plantation islands as were the French and others. That, BTW, is why the Caribbean Islands and some in the Pacific have a large black population. It was going to die out in the USA too. “Civil” war or not. Most folks knew that. The economics of it were failing.

THE major impetus for the War Between The States was an economic / Central Authority one. The North wanted to economically dominate the South (and succeeded even if it did take a war). The Hamilton Central Power folks finally beat the Jefferson Libertarians. Using race as their motivator to rile up the folks on both sides to kill each other for them. The Confederate Statues are NOT promoting racism, they are promoting valiant freedom minded folks fighting what they saw as oppression by a financial elite who wanted to control their States. A fight I think is still worthy of promoting.

Now look at the economic and Central Authority bias of ANTIFA and their fellow travelers. They are PRO Central Authority, wanting a strong Socialist system to force their view of ‘fair’ economics on everyone (with Dear Leader and Friends Of Dear Leader making a bundle…) Golly, Hamiltonians. Look at those who are defending the Confederate Memory: They are for individual freedoms. And once again, race is the bait for the wedge. Backed and funded by George Soros, a strong Central Authority promoter pushing his Socialist Ideals globally via Color Revolutions.

Just say no to Soros, and ANTIFA, in their attempt at a Color Revolution and “take down” of Trump. Don’t take the Race Bait. See it for what it is. “The Russians Did It” failed as a strategy (and has mysteriously and suddenly dropped out of the news all over all at the same time…) just when Confederate Smearing As Trump Supporters hits the news 24 x7. Accident? I don’t think so.

In Conclusion:

I hope Faith Goldy gets picked up at a new outlet. Having only just found her voice at The Rebel, I have no idea where to look for more of her articles.

I wish well and hope for a bright future for her.

Subscribe to feed

Tired of Joyless, Crabby, Bitch-Slapping, Cranky, PissWater Leftists? Then Dance!

Men Without Hats – Safety Dance:

Ladytron – Seventeen (The Droyds Remix) The Neon Demon

Witches choreography – Ciara – Paint it black – Strip dance – Стрип-пластика в Харькове

Shakira – Ojos Así

One Night In Bangkok – FULL HD – REMIX DJ R&B

‘Time Warp’ Scene w/ Lyrics | The Rocky Horror Picture Show

(I claim the role of The Man With No Neck!)

Cuban Pete!

And, an earlier verion from Lucy and Desi:

Men At Work – Down Under

Why PC Crap is doomed to failure. It has no joy in life.

New Order – Blue Monday (Remix) tina

Subscribe to feed

Making A Pristine Build Builder

Making a secure and clean system on a box (or board) requires some amount of trust. To make that trust as small as possible, there are steps you can take. At the extreme end of things, you run your own sources server and compile from those known pristine sources to make a new box. Then your “trust” consists of trusting that the sources you downloaded and any updates are in fact clean. This depends on them not being intercepted via a “Man In The Middle” during download AND that the originator is trustworthy. A similar case exists if you are NOT building from source.

Now generally you can trust that the Unix / Linux community is just paranoid enough about Authority and Intruders that they put great effort into assuring their sources and their pre-compiled binary systems are pretty much clean. Unless you choose to be a Systems Programmer & Developer yourself, that is the article of trust you accept. Since it is known that there are “many eyes” looking over the code and any “random” can take a look, it is hard to do too much illicit and not get caught eventually.

For that reason, I have chosen to draw my “line of trust” at the system vendor for open source products. I simply can’t look at the sources for every line of the system. I must trust that someone else has. This is part of my disdain for “systemd”. It comes from ONE vendor and looks like maybe at most 2 or 3 guys know how it works, only one of them the main programmer, and I don’t trust his “style” of doing things. Centralized. Somewhat opaque. Red Hat sells a LOT to government; I could easily see them giving in to a request to put some special sauce inside systemd. So no, thank you very much… It is arcane enough that few folks will look at it, and fewer still understand it, and fewer still of them catch a subtle ‘trick’ hidden in it. Hard to hide such tricks in the small codes of The Unix Way. So my line of trust is drawn at the Devuan Developers. They have demonstrated the appropriate level of concern about such things.

So I need to be able to download copies of the Devuan binary image files, and stuff them onto media, to make my systems run. This means I have to put a another line of trust at “I trust my Build Box to do the Building”. So how do I make sure my Build Box is itself clean and not contaminating other systems built on it? It’s a two step process.

First, take a very clean chip with a Linux on it. Most any one will do. For example, running NOOBS and making a generic boot chip for the Raspberry Pi, or doing a ‘clean install’ onto a PC, or even just booting a Knoppix CD on a PC as it is “clean every time”. Using that is pretty much guaranteed to be clean system, you build your Build Builder system. This process picks up at that point. I’m assuming you have a newly made Linux chip you can stuff in a Raspberry Pi or similar system that can run a download from the web and do a couple of basic Linux commands like “file” and “dd”. I’d even be OK with using a Mac or Windows box to do this step, as then any infection on them would need to “cross architectures” to get into the build process, and that is very rare.

I’m leaving it up to you how to make your “bootstrap build box”. If in doubt, just do a NOOBS install on a Pi.

So, with a “most likely clean” bootstrap build system, we download a Pristine Image file from the vendor. In this case, I used the Devuan site directly. One could choose to use one of their mirrors, too. I just launched the FireFox-ESR browser and went to:

https://files.devuan.org/devuan_jessie/embedded/

where I clicked on the file name:

devuan_jessie_1.0.0_armhf_raspi2.img.xz            23-May-2017 11:14    172M

As noted in earlier discussions, the 64 bit build is still a bit buggier AND is quite a bit slower on lots of web pages open as it swaps a LOT more for the same pages. So I’m sticking with the 32 bit build for now (and likely for at least a year to come).

That download gives you an xz file, so you need to unpack that. This uses the unxz command.

unxz devuan_jessie_1.0.0_armhf_raspi2.img.xz

this gives you:

devuan_jessie_1.0.0_armhf_raspi2.img

as your Devuan image. There is also available the SHA checksum of the file and you can download them and compare to be assured nobody swapped the bits in your binary.

SHA256SUMS                          
SHA256SUMS.asc  

That lets you NOT trust your telco and other folks who might want to give you some bogus bytes. If really worried, you can download the checksums at one place (like Starbucks or the library) and your bits at another time at home. Your “attacker” would need to bugger both downloads to different IP addresses in different places at different times in order to pull off a “Man in the Middle” on the download itself. Personally, I’m willing to trust my https encrypted connection; but depending on “what is at stake” for you, draw your line of trust where you are comfortable.

OK, to summarize where we are at this point:

On a “pretty clean” new system, you download and unpack a trusted binary image from a trusted site and check the SHA code to assure it got there as the vendor intended. Now you don’t do any OTHER internet activity AT ALL with this system. It is ONLY for that one download and making the first Build Builder. If seriously concerned about “other web intrusions” via the browser, you can instead use a command like “curl” to do that download. This cuts out trusting the browser maker…

Next, you put that image onto a micro-SD chip. I use a Targus SD to USB adapter sold at Walmart. It’s cheap and it worked. Just put the SD card in it and put that into the USB connector of your system. Then, make sure it is NOT mounted. On Linux, it will usually mount it as something like:

/dev/sdd1          130798     21620    109178  17% /media/chiefio/BE59-395A

This means you need to unmount it so you can overwrite it.

umount /media/your-id/thatSDsystem

You will have a different user name, possibly root, and the particulars of the file system name change with the chip vendors.

Do also note where it came from. I got “/dev/sddx” but you might get /dev/sda or /dev/sdc or who knows. This matters a LOT as that is the target for your image. So, in my case, I’d use /dev/sdd as my target. Notice I’m not using the “1” or any other number. No partition numbers need apply, You are using the whole card.

So once it is unmounted, for sure, and you know the device name, for sure, issue the command:

dd bs=10M of=/dev/sdx if=/path/to/image/devuan_jessie_1.0.0_armhf_raspi2.img

It is rare, but some systems may not like the 10 Meg block size. If so, you can leave that out, or just make it some other number like 1M. Bigger is more efficient, until it doesn’t work ;-) You will also change the ‘x’ in that device name to the letter you got on your system for the SD card. DO NOT GET THAT WRONG as the target device will be overwritten and obliterated. Not a big deal if you followed the guidance to make a “one off” build box with a new or disposable system; but a very big deal if you do this on Your Only Office System…

This stuffs a Devuan Image onto the chip and you are now “good to go”. ALMOST.

Devuan does NOT (yet) grow the root file system to fill the SD card at boot time. So you have a 1.9 GB or so system on your chip. In my case, I used a 64 GB micro-SD card. That left about 60 GB unused and unusable. I discovered this when attempting to update and add programs to the system and ran out of disk…

There are many line commands to grow that file system. I find it MUCH easier to just use “GParted” on Debian / Devuan / Other Linux. It is the Graphical Partition Editor that lives under “preferences” in the menu of Debian for God Only Knows what reason. IF it isn’t there, do an “apt-get install gparted” to get it. Launch it. It takes a while to fondle all the disks (another reason to use a one-off bootstrap build box without disks) and present the images of partitions. The SD card ought to be the last one listed and have an ext4 partition of about 1.8 GB, and then the rest of the chip marked ‘unused’. Select the ext4 partition,

On the Pi, your working operating system has names for partitions like mmcbblk0p2 while the SD card ought to be named something like /dev/sda2. (sda1 ought to be type FAT and has the boot bits). Just right click on the ext4 partition, select resize/move from the dropdown, and set the empty bytes in “freespace following” to zero. You may need to click the cursor into another one of the size fields after typing so it updates the fields. Then click on the resize/move button. You might think you were done, but no. NOW you have to tell it to really do what you have queued up… A little ‘right arrow’ button up top turns green. Click it to actually do the resize. This can take a while to complete. When it is done, exit.

You can now mount that partition onto a Linux box (so I like using a Pi to do all this…) and I have an entry in my /etc/fstab file just for SD cards:

# The SD Card Generic                   <<<<<<<<<>>>>>>>>>
#

#LABEL=SD_ms            /SD/ms          vfat    rw,suid,dev,exec,noauto,async,noatime  0 0
#LABEL=SD_swap          swap            swap    sw,pri=10                              0 0
LABEL=SD_builder        /SD/ext         ext4    rw,suid,dev,exec,noauto,async,noatime  0 0

I make a directory /SD, and two sub directories /SD/ms and /SD/ext as mount points. Then I can mount the FAT partition, or the ext partition, as desired. Note I have the FAT partition commented out. Notice too that I added “labels” to those partitions when in GParted. It makes things much easier. There’s a “label” option in the menues. IF you chose to make a swap partition, then I’ve allowed for that in the fstab entry too. So mount the ext file system:

mount /SD/ext

and now you can put things in it that you will use later to finish the system build. Like a copy of the “Build Builder” script down below, or any particular configuration files you already know you want. Like /etc/network/interfaces or /etc/fstab copies. I made a directory Systems_Archive and put the stuff in there:

cd /SD/ext
mkdir Systems_Archives
cp /My/Home/Dir/Build_Builder Systems_Archive
cp /pristine/directory/devuan_jessie_1.0.0_armhf_raspi2.img Systems_Archive

Now, at this point, you have a clean, new, from the factory Devuan Image on a fully available SD card. You have your build script, your pristine binary image, and any other stuff you might want for configuration on it. Shut down and put this chip into your PI, boot it up. You will be met with a blank black screen and a login prompt. The root account has the default password of “toor”, so log in.

I immediately do two things. Change the root password with the passwd command, and “apt-get install file” as the “file” command lets you inspect disk partitions to know what’s on them before you do anything with them, like attempt to mount them.

root@Headend:/SD/ext/Systems_Archive# file /dev/sdd2
/dev/sdd2: block special (8/50)
root@Headend:/SD/ext/Systems_Archive# file -s /dev/sdd2
/dev/sdd2: Linux rev 1.0 ext4 filesystem data, UUID=01879285-fe5f-429d-8edf-63494a0563cc, volume name "SD_builder" (needs journal recovery) (extents) (large files) (huge files)
root@Headend:/SD/ext/Systems_Archive# 

You can see that using the -s option is the one you want. Here you also see how that Lable can be handy. It declares itself to be the “SD_builder” partition…

Ok, You have booted up, changed the password, and have in place a copy of the pristine image file and the build script. Next you run that build script to put all the other software you want in this running copy of the system in place on it. Like a windows environment. I used LXDE. So really it’s just “run the script, answer some questions about things like keyboard type, and reboot”, then you get your graphical login.

The Script

Here’s my Build Builder script. Notice all sorts of things are MISSING from it. No mysql data base, no apache server. I could likely cut it down even more, but this is what I find comfortable. Remember that the purpose of this chip is to just be a clean uncluttered AND ISOLATED USE CASE system just for building more systems in a clean and secure way. Think of it as a ‘clean room’ system when running. The ONLY time it ought to be reaching to the internet is to… well, maybe set the clock. I suspect it could be run with ethernet entirely shut off.

So here’s my script:

root@Headend:/SD/ext/Systems_Archive# cat Build_Builder 
echo " "
echo "Download a compressed image file from a Devuan Mirror such as"
echo "https://files.devuan.org/devuan_jessie/embedded/"
echo " "
echo "copy the downloaded Devuan PiM2 32 bit image to a work space"
echo "on local media, then uncompress it with:"
echo "unxz devuan_jessie_1.0.0_armhf_raspi2.img.xz"
echo " " 
echo " Once uncompressed, copy it to an SD card (assumed mounted at /dev/sdd)"
echo " " 
echo "With a command like: "
echo "dd bs=10M of=/dev/sdd if=/path/to/devuan_jessie_1.0.0_armhf_raspi2.img"
echo "It is now a runable Devuan with root:toor account:pasword"
echo "BUT: It's only about 1.9 GB for the file system.  Next use GPartd"
echo "Which for unknown reasons is under preferences in the Debian menus"
echo "Make sure the SD card is not mounted - do a df and look for it"
echo "Select the ext4 partition on the SD card and choose to expand or grow"
echo "it into the rest of the space on the card."
echo "You now have a runable Devuan.  Put it in the machine and boot it"
echo "Then run the rest of this script once logged into that chip as root"
echo " "
#
# In general, I'm encapsulating what all I did in these two postings as a script:
#
# https://chiefio.wordpress.com/2015/07/18/raspberry-pi-m2-unboxing-and-setup/
#
# https://chiefio.wordpress.com/2015/07/22/raspberry-pi-software-setup/
#
# and updating it for how to build a Pristine Build System

# If you didn't already change the password while booted up,
# when done, log in as 'root' password 'toor'.  Change the password.
# passwd
# and respond with the new one when prompted.
#
# To properly inspect disk partitions, you need the file command.  So as soon
# as booted, type in apt-get install file
# for use looking at partion types and content.  
# but if you didn't, or won't, I'll do it here:

echo " "
echo "apt-get install file"
echo " "

apt-get install file

echo " "
echo "Also, to change the name of your machine, edit /etc/hostname and make it"
echo "what you like.  "
echo "Here, I'm going to just set mine by brute force write to the file."
echo " "
echo "echo 'Builder' > /etc/hostname "
echo " "

echo "Builder"> /etc/hostname 

echo " "
echo "Next, do the 'usual' update upgrade that brings you up to the present"
echo "repository status (need a network connection from here on out)"
echo " "
echo "You can either put 'sudo' in front of each of these commands, or just "
echo "'become root' which is what I usually do.  Since only the root account"
echo "exists at the moment, the sudo is not needed here."
echo " "
echo "sudo bash"
echo " "
echo "then run this script with ./Build_Builder (assuming you didn't change the name"
echo "and that you are 'in' the directory where it is located.)"
echo " "
echo "apt-get update"
echo "apt-get upgrade"
echo " "

apt-get update
apt-get upgrade

echo " "
echo "Install LXDE desktop"
echo " "
echo "This takes a very long time, like about an hour, but installs a lot of" 
echo "other things, like Python and wicd, so gets them out of the way early"
echo " "
echo "apt-get install lxde"
echo " "

apt-get install lxde

echo " "
echo "Start doing useful operational 'packages'. "
echo " "

# This gets the useful tools like "nslookup" for looking at Domain Names

echo " "
echo apt-get install dnsutils
echo " "

apt-get install dnsutils

echo " "
echo "Scrot is a tool for taking screen shots by saying 'scrot' in a terminal"
echo " "

echo " " 
echo apt-get install scrot
echo " "

apt-get install scrot

# Normally I would install "build-essential" to get things like C compiler
# and some language tools, but they were already installed on the R.PiM2.
# Doing it on the Devuan just to be sure.

apt-get install build-essential

echo " "
echo "To get NTFS disks (like USB or an NTSB formatted SD card in adapter) to "
echo "work 'read write' instead of just 'read only', you need ntfs-3g"
echo " "

echo " " 
echo apt-get install ntfs-3g
echo " "

apt-get install ntfs-3g

echo " "
echo "Want an NFS (Network File System) server so you can share disks with" 
echo "your internal network?  This will install the code, then you get to" 
echo "configure things like /etc/exports.  Optional on a pritine build box."
echo " "


echo " " 
echo apt-get install nfs-kernel-server
echo " "

#apt-get install nfs-kernel-server

# prior to first use.  Or reboot.

# In your /etc/exports file, put something like:

# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#

# /YourFileSystem  *(rw,sync,fsid=0,no_root_squash)
# But without the # in front of YourFileSystem... and with your file system...

# Remember to do a 

#echo " "
#echo "Restarting the appropriate services so NFS will work"
#echo " "
#echo " " 
#echo service rpcbind restart
#echo service nfs-kernel-server restart
#echo " "

#service rpcbind restart
#service nfs-kernel-server restart

# To make the box a static IP number, you will need to
# make this your own server name and IP numbers in the file:
#
# Here's my /etc/network/interfaces file with leading # to make it comments.
# 
# I will make this a "dump these lines in to replace" in my running version.
#

echo " "
echo "Remember to make your /etc/network/interfaces file have a static IP#"
echo "If you are going to be using PXE boot and such"
echo " "

#auto lo
#iface lo inet loopback

#auto eth0
#allow-hotplug eth0
#iface eth0 inet static
#address 172.16.16.253
#netmask 255.255.255.0
#gateway 172.16.16.254
#dns-domain chiefio.home
#dns-nameservers 172.16.16.254 192.168.1.253 192.168.1.1
#
#auto wlan0
#allow-hotplug wlan0
#iface wlan0 inet manual
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
#
#auto wlan1
#allow-hotplug wlan1
#iface wlan1 inet manual
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

# Don't forget to do a
# ifdown eth0
# wait a minute for it to quiet down
# ifup eth0

# As I want this to be a DNS server, DHCP server, and PXE server (uses a 
# tftp or "Trivial File Transfer Protocol" server, all of those can come in
# one package with dnsmasq.

#For misc odd file system types you might want, you need to install them:
#apt-get install btrfs-tools xfsprogs f2fs-tools unionfs-fuse
#apt-get install hfsplus hfsutils
apt-get install squashfs-tools aufs-tools

#
echo " "
echo "And that's the end of my present install build process."
echo " "
#
# There are several files to edit and configure.  Eventually I'll add a 
# "here script" to dump them from this script to where they belong, or 
# I'll just save a copy and have a 'save / restore' copy process.
#
# Once I get everything configured ;-)

I’m going to be doing experiments with running from squashfs copies of /lib and /usr as just one more layer of paranoia. IF anything gets in, it can’t change the read-only copies in squashfs format, only the running bits are at risk. But if not doing that, you don’t need that last line with squashfs in it, or if doing things with Macs, you can un-comment the line with hfsplus and hfsutils.

I also left in a long block with the nfs and network interfaces stuff, but commented out. Just so it’s documented how to do it if, for some reason, you needed it. I’m not going to be doing that on my Build Builder.

After The Script

I’m now making a clean backup of the chip at this stage. Just a “dd” into an archive. I can now recover to this very clean state at any time. In the process, I have only really trusted my bootstrap builder to be mostly clean and my vendor to have clean images. I’ve slightly trusted my telco to not send me to a bogus site with fake binaries (but I know ways to fix / test that if needed). Not a very large circle of trust for this chip / system.

This chip may need some configuration, or may not. Building systems depends a lot on being root, so I don’t really need to add any non-root users. IF you feel more comfortable NOT being root all the time, add one and use “su” to become root as needed.

At this point, I’m just going to be slamming that pristine Devuan “image” file onto two more SD cards. Upsizing them to use the whole card, running my basic user system build script on them, adding my “usual user” account and any network customizations and security enhancements, and then using them for dedicated purposes.

1) Dirty Driver: A basic Devuan on an 8 GB (or maybe smaller) chip for the purpose of doing general web browsing of anywhere. Crap crawls into the chip, I don’t care. After it is built, but before first use, I’ll “dd” an image of it into Systems_Archive. Then after each use, I’ll ‘dd’ that image back onto the card. Flushing any bad bits as I go. Bits only flow one way, from the pristine saved image onto the Dirty Driver card.

2) Financial Stuff: A basic Devuan used for things like any online activity for any site with money involved. Like Paypal or online banking (that I don’t like, but I’m getting pushed into it). NEVER for any general purpose web activity.

The Dirty Driver will only be used on the Telco Router network side, so never exposed to my interior network. IF it ever gets infected with anything, it can only hit the Roku on the TV (which seems immune) and the Telco router (that isn’t my problem). But it is most likely going to be flushed before anything bad has time to happen.

The Financial Stuff system will only be used on my private network side and ONLY for 2 or 3 particular sites. As they are highly trusted, this lets me limit my circle of trust to only them. Isolated from the un-trusted stuff on the Dirty Driver. I may, or may not, re-flash this system from the saved image, depending on my level of concern.

The Build Builder just sits on the shelf, never talking to anyone. Never being exposed. Only booted to put those trusted bits onto system cards to go into other systems.

MAYBE, in a year or so, a new updated binary downloaded to it and repeat the system build process, but really, I could just re-flash the chips with their saved image, do an apt-get update and apt-get upgrade, then “dd” that updated image back to Systems_Archive as the new image. Since that would start from a re-flashed chip, the history of use and exposure would be unable to crawl back up with the update copy; as that is only trusting the Devuan vendor site.

In this way, I’ve got clean isolated and most likely safe and pristine system images to use. Any “bad thing” that crawls in can NOT get into my off line disks, nor can it get back “upstream” into my build process. It gets flushed out before the next use. I’ve also put a hard wall between my Interior Office Work on my Daily Driver, my Financial Transactions, and my Dirty Driver exposures. Fire breaks and firewalls all around. Minimized circle of trust on the build process, and isolated circles of trust on Financial, Lab Work, and Public Internet uses.

And that, boys and girls, is a big part of how I keep my systems clean and healthy in a hostile world.

Subscribe to feed

W.O.O.D. – Weekly Occasional Open Discussion

I’m going to try a new type of posting.
A semi-regular Weekly Occasional (i.e. if I forget and skip one, no big) Open Discussion.

Tips just grows too big in a month and with way too many videos to load fast on the small gear I’m using (Raspberry Pi or the MacBook running from a slow SD Card based system). Much of Tips, though, isn’t so much Tips as just discussing news of the day (or week).

So the whole idea here is to put actual Tips in the Tips pages (things that are interesting, but not really likely to generate immediate discussion- like, say, a pointer to a paper on limitations of averaging temperatures; while putting things likely to be discussion points here (like the recent news events or political bonfires).

Then, if folks DO want to discuss something in Tips, they can just put a link to that comment here and start discussing… No need to load all of Tips every time you want to make a comment.

So use “Tips” for “Oooh, look at the old shiny thing!”
and “W.O.O.D” for “Did you see WTF just happened?! What did you think about it?”

Examples:

Tips would have things like the links by Sabretoothed to UV light and health, or old papers on ocean circulation in an archive.

WOOD would have things like the discussion topic of Charlottesville and the Antifa caused riot. Or the pointers to recent postings at Pointman or Small Dead Animals for real time discussion.

One other difference: Tips is a chain from month to month, I close the last one when I open a new one. The WOOD postings will be left open for ongoing discussion on a topic until they naturally age closed (currently set to several months).

Subscribe to feed

Notes on Devuan on Disk on R.Pi Model 3

Some long long time ago I’d played with putting R.Pi Debian OS file systems on Real Disk. Then that whole SystemD(amned) thing came along and I got side tracked. I’m now very comfortable with Devuan as my Daily Driver. I remember it was nice using Real Disk, for the few minutes I played with it…

Well, time passes and I’ve been “cleaning up” my disk farm. Along the way, realized that disk had old Debian stuff on it, and I had a newly updated Devuan… So basically I scrubbed it and reformatted / repartitioned and put copies of the Devuan filesystem name space on it.

Well, it’s noticeably “snappier”.

There was a brief moment when mysql wasn’t starting. Then I realized I’d accepted the default RWXR-XR-X permissions on the ‘new’ /tmp on disk, and it needs to be world writable for things to use /tmp… So it’s now RWXRWXRWX (or mode 777) and all is well.

I did the copy “old school” with a scriptlette I’ve used for decades. There are a dozen more efficient ways now, but I’ve become very comfortable that this works without any odd permissions, ownership, links, whatever issues… The command is named “cpdir” in my bin.

(cd ${1-.} ; tar cf - .) | (cd ${2-/tmp} ; tar xvf - )

So just saying:

cpdir /usr  /new/usr

does it all (if you forget the second $2 argument, it defaults to tossing the copy in /tmp rather than dumping junk in your current working directory; which is very important since it defaults to using your current working directory to copy from… That is how I tested it, BTW.)

Then just add a line in /etc/fstab so that the new copy overlays the old name space on the memory card at boot time. That way, you CAN boot just off the card using the ‘old bits’; or if the disk is working right, this new copy will overlay.

The only real complication is that if you “update” or “upgrade” or add programs, you need to do it with the overlay unmounted, then recopy to the overlay to keep things matching. One could also just upgrade the overlay, then if it is icky, unmount it and copy the last version back onto it… only coping to the memory card once proven to be a ‘keeper’. So there’s a bit of operational complexity at upgrades, but in exchange you get built in ‘fall back’ on ooopsies.

Here’s a bit of the /etc/fstab:

LABEL=SG15_swap         swap            swap    sw,pri=1024                     0 0
#LABEL=SG15_tmp         /SG15/tmp       ext4    rw,suid,dev,exec,auto,async     0 2
LABEL=SG15_tmp          /tmp            ext4    rw,suid,dev,exec,auto,async     0 1
#LABEL=SG15_Climate     /SG15/Climate   ext4    rw,suid,dev,exec,auto,async     0 3
LABEL=SG15_Climate      /Climate        ext4    rw,suid,dev,exec,auto,async     0 3
#LABEL=SG15_var         /SG15/var       ext4    rw,suid,dev,exec,auto,async     0 2
LABEL=SG15_var          /var            ext4    rw,suid,dev,exec,auto,async     0 2
#LABEL=SG15_lib         /SG15/lib       ext4    rw,suid,dev,exec,auto,async     0 2
LABEL=SG15_lib          /lib            ext4    rw,suid,dev,exec,auto,async     0 2
#LABEL=SG15_usr         /SG15/usr       ext4    rw,suid,dev,exec,auto,async     0 2
LABEL=SG15_usr          /usr            ext4    rw,suid,dev,exec,auto,async     0 2

Note that I’ve commented out the /SG15/tmp (and similar) entries. Those are used for putting a new copy onto that slice of disk. Presently the /tmp mount point is active (no leading # to make it a comment) so it is in use as the active /tmp.

Also you can see that I’ve set the priority on the swap space with pri=1024. You can make those any integers. I tend to use powers of 2 just because I’m in that mode when on the computer anyway ;-) To be really “hard core” about it, I could tune the ‘swappiness’ settings at boot time to be more swap happy with real disk, but I’m not that in need of speed, yet…

It works well. Better than well.

Now I’ve not had time or opportunity to measure improvement nor even sort out which file system did the improving. Or most of it. But here’s where I put bits of system on a Seagate drive:

Filesystem      1K-blocks      Used Available Use% Mounted on
/dev/sdb3        61665068     53324  58449632   1% /tmp
/dev/sdb5        61665068   6879220  51623736  12% /Climate
/dev/sdb6         8191416   1220460   6535144  16% /var
/dev/sdb7         1998672    163456   1713976   9% /lib
/dev/sdb8         8191416   3013172   4742432  39% /usr

My home directory is on a different drive, so no head seek issues with home dir activity vs system. I’ve got swap on both disks with equal priority (so system can choose least busy) and that priority is higher than the ‘swap file’ on the SD card.

The /Climate is where I’m playing with compiling models, so when I do that there will be a bit of contention with system stuff… then again, I’m using ‘distcc’ so it will be spread over two other cards.

Now when loading a program to run, it comes from disk, and temp files go to disk, and libraries are loaded from disk, and home directory “chatty Cathy” stuff (ALL those browser cache files and crap) go to disk.

Not only is SD card wear reduced (hopefully to near zero) but writes are done ONLY to the data blocks involved, unlike the SD card that writes a whole giant chunk, and oh so slowly at that….

I’ve said at times that the Model 3 was “good enough” as a desktop box. As I remember it, I’d used the disk prior on a Model 2, and while it sped things up, it was a slow board inherently. This seems even more of a speed up. Like the disk is letting the chip get more done.

I’ll need to figure out some benchmarks to measure it, but for now, I’m not going back!

I also set aside a 40 GB partition for a future direct install of the whole OS onto the disk.

/dev/sdb1        41022688     49176  38859976   1% /SG15/Devuan

But it is empty at the moment. Once done, that would leave only the boot code on the SD card. I’ve done this with a different disk for some other operating systems (LFS, Slackware, Gentoo, etc.) and it isn’t all that hard. Just didn’t have the time to deal with it today. But that’s the next step I’m going to take.

Doing it as different partitions for known large chunks is a quick and easy way to do it, and lets me characterize which bits need it the most. Eventually, though, I suspect I’ll just be in the one disk partition and direct boot to it. For now, I wanted the ‘easy fall back’ and flexibility of different partitions for different things.

So, that’s it for this little note. I’m happy. Things are faster. SD card wear is reduced, and write times much faster for /tmp and similar things. I’ll add notes below if anything interesting pops up as I take it for the Test Drive of daily use.

Subscribe to feed

The Ocean, By Other Means – Air Temperatures

Somewhere along the line I heard the quote that “The air heat is just the oceans by other means” (or something close to that). Well, it’s pretty obvious if you have an instinctive grasp of specific heats, but I got to wondering about how to make it clear to folks without 3 or 4 years of chemistry classes…

So it occurred to me, one could show how much ocean equals all the air above it, clear to space, in terms of heat capacity. That ought to give an intuitive grasp.

So the atmosphere weighs about 14.5 pounds (or 1 BAR) per square inch. (Yes, I’m mixing weight and pressure units. It doesn’t matter for this purpose). How far down in the ocean is the same weight (pressure) of water? In this case my old scuba diving units make it easy. 33 feet or 10 meters.

https://oceanservice.noaa.gov/facts/pressure.html

Yes, I’m ignoring the tiny bits past the decimal point. We’re finding an intuitive rule of thumb, not measuring gold ingots… I’m also going to ignore the small change of specific heat with air density…

Ok, but water holds more heat per unit weight (or more precisely, mass) than does air. How much? (Or what are their specific heat values?) Well, air is about 1, and water is about 4.

http://www.engineeringtoolbox.com/air-properties-d_156.html

http://www.engineeringtoolbox.com/sea-water-properties-d_840.html

So we need about 1/4 that depth of water to hold the same heat as one atmosphere of air, or about 8.25 feet or 2.5 meters. Hardly enough to float a small boat.

Now the Earth is only 2/3 oceans, so that would be about 12 feet of the ocean to equal ALL of the air, even that over land too. Call it obout 3.75 meters or 375 cm of ocean. Just about two people deep.

So, to offset a 1 C rise in air temperatures, only a little more cold deep ocean needs to be overturned by wind and tides. Conversely, even a minor change to lighter winds or tides would let the air warm a degree C.

Consider just how deep the oceans are, thousands of meters, and you can see it would take a very precise knowledge of exact ocean temperatures and depths to prove any air temperature change was not just due to minor variations in the ocean.

About rain & ice

But Wait, There’s More!

As I remember it, the heat of fusion of water is about 80. (Someone can check me on that)

https://en.wikipedia.org/wiki/Enthalpy_of_fusion

So about 1/80th that much water turning to ice would be the same. Call it 1.8 inches or about 5 cm.

Now that seems pretty small to me. Maybe I’ve blown a calculation somewhere… but I don’t think so…

So when a few feet of ice form over the arctic ocean, that is one heck of a lot of air equivalent heat getting radiated out to space.

The heat of vaporization is even bigger. The Specific Heat of Vaporization for water being about 540.

https://www.khanacademy.org/science/biology/water-acids-and-bases/water-as-a-solid-liquid-and-gas/a/specific-heat-heat-of-vaporization-and-freezing-of-water

So our 375 cm of ocean divided by 540 = 0.7 cm of rain. So to completely remove 1 C of temperature rise in the air would require 3/4 cm of ocean to evaporate, rise to the top of the troposphere, dump that heat to space (it can radiate out through the stratosphere just fine) as it condenses to a small cloud, then fall back to earth as rain. Call it 1/4 inch of rain.

So that’s all it would take to cause 1 C global increase in warming (1/4 inch less rain) or to reduce the globe 1 C (1/4 inch more rain). Do we even know how much global rain changes year to year or decade to decade?

Now I’ve done this all “off the cuff” and only one pass, and those numbers look mighty small to me, so definitly needs a cross check. Still, I think it isn’t too far wrong.

33 feet /4 / 540 ×12 = .183 inches.
Water ft./ air equiv. ht. / Sp. Ht. V. X ft. Per inch.
Seems to cross foot.

So provided I didn’t mess up too badly, those are some human sizes for water vs air on Earth. Measuring air temperature is exactly wrong for finding global heat. It’s the ocean and the rains…

Subscribe to feed

WTF? – Whiskey Tango Foxtrot

The movie, Whiskey Tango Foxtrot, that is…

Just watched this on Amazon Prime. Having Tina Fey in it, I’d have not bought a ticket to see it, figuring that being from SNL she’d have a biased left POV. Now I must confess, it’s not that way at all. That bias was 100% wrong.

This is a docudrama based “on a true story” about Kim Baker…that turns out to be Kim Barker:

http://www.wbur.org/artery/2016/03/17/kim-barker-whiskey-tango-foxtrot

With a wink, Kim Barker, author of the memoir “The Taliban Shuffle” — inspiration for the new Tina Fey film “Whiskey Tango Foxtrot” — says of the film: “I had nothing to do with it.” This signals Barker’s capacity for delivering a one-liner which states a fact while also raising a smile. As her memoir consistently exhibits, she can be dryly funny while also as seriously probing and truthful as her subject, the war in Afghanistan, warrants.

Based on her five years as a war reporter in Afghanistan and Pakistan (2004-2009), her memoir is written, as she recounted in an interview in Boston on a recent visit, in a way that would draw in readers with its light touch but teach them something significant along the way.

Michiko Kakutani wrote that Barker depicted herself “as a kind of Tina Fey character” in her 2011 review of the book in The New York Times. Fey got wind of the review and a couple of weeks after it appeared, according to Barker, Fey had plans well underway with Paramount Pictures and producer Lorne Michaels to do a film based upon it.

After seeing funny trailers, but before actually seeing the film, Barker wondered whether screenwriter Robert Carlock and directors Glenn Ficarra and John Requa, all well known for their accomplishments with film and television humor, were going to carry that tone through the entire film. In the end she thinks “they managed a balance between the humor, the sadness and the dark parts really well,” and Barker was very happy with the result.

In fact, I found the film very compelling. Not at all related to the half dozen beers consumed during the watching; that was just “being in the moment” and “matching the ambiance”, OK?

http://www.imdb.com/title/tt3553442/

I have no idea if it is right, or wrong, or what the experience there was. I do know it comes off as authentic. I now feel like I’ve “been there, done that”; at least as a correspondent. As it was from a correspondent POV, then it succeeded. I’m highly likely to watch it again.

Realize that is “High Praise Indeed!” from me. Usually if I’ve watched something once “I’ve got it” and a repeat does little for me. In this case, I think there are things to give more depth and savor a bit..

Not at all a “Political Message Movie”, it is more an exploration of what drives a woman, bored with her life writing “copy” for others, to run off to a war zone and “be among them”.

I found myself “falling for” Kim Baker, Kim Barker, Tammy Fey, whoever that brave woman was….

She “wants a change” and stays faithful to her “boy friend” until that turns out to not be such a great idea. She is a “Nooby” embedded with Marines, who sort of tolerate her, until she shows she’s more than deserving of respect.

Along the way, it illustrates the conflict between a Hyper Conservative Islam and those there to provide space for it to exist in peace; along with showing how the stresses of doing that lead to an “outside the envelope” culture among those at the far edges of Western Society and how they invent a free swinging release.

Is it “real”? Does it show what it is actually like? I have no idea. It does give a sense of it all, though. Probably distorted as all single person views are distorted.

Yet I loved it. I loved the Tina Fey portrayal of the character. I loved Kim Barker by proxy.

No big political message shoved down your throat. Just “This is what life is like Over There” and a good dose of WTF? quasi-reality.

Well worth watching, probably twice for me.

Subscribe to feed