I’m For Carson. V.P. is open…

The more I’ve looked at the candidates, the more I like Carson.

The turning point for me was a show, clearly filmed long before any presidential ambitions, documenting his successful separation of twins conjoined at the head. You get to see the man “doing what he does” and discussion of why he does it.

He flew to Africa (after some persuasion) to do the operation. It ran for something like 20 hours. At one point, they had a ‘pause’ when they ran into an issue of shared blood supply and how to partition it between two open brains… A lunch break, A prayer to God, and several hours later, it was a success. A rather touching scene of nurses doing a typically African Oh Yeah! dance down the hospital corridor. The humility of Dr. Carson saying ~’it was up to God to direct me’ and the triumph of something NEVER done ‘in the west’ or ‘by white doctors’ was palpable even if never voiced in the video. To some extent, the fact that it WAS done in Africa, and by a substantially black surgical team (the anesthesiologist was an Italian surname IIRC) yet that was NEVER brought up at all in the ‘show’ was in many ways refreshing. Here was a very modest hero simply saying that it isn’t about me…

Frankly, given that I’d be willing to trust my kids brains to this man, how can I not trust a bit of surgery on Washington D.C. to him?

The Other Point

Dr. Carson is soft spoken. So am I. I pains me a bit to say this as it is also true of me. Many times folks mistake polite and soft spoken for weak. I “had my doubts” that he was “up to the task” of being in the grill of a Putin or Soros.

Turns out that in an earlier phase of life, at about 14 years old, IIRC, he had been pissed off by “a friend” and pulled a knife and stabbed the guy.

Now two things. First off, I have a similar story (but I will never share it as there is no statute of limitations on it). It is a Very Grave Mistake to mistake polite and quite for weak. Yet I fell into that trap. His story let me see that.

Second, he stated it clearly, openly, without reservation. I’m quite certain he will NOT be going on an “Apology Tour” about it. He clearly understands the importance of honesty and the power of truth.

BTW, his knife broke on the guy’s very large belt buckle which is why nothing ever came of it. I doubt it is in any police record or that he had any ‘requirement’ to cop to it. It was just a truth. And the truth just is.

What it said to me was pretty simple. This guy is honest to a fault and not a wimp. Do not mistake educated, smart, and polite / quiet for wimp. Strange that of all people I would have to be reminded of that… I’m almost always on the other side of that issue…

I’d be happy to stand back to back with him in any dark alley against any comers. I’d be equally happy to be in a ‘discussion on our exit’ from any ‘Aw Shit’ country / circumstance as I think his negotiations and ‘talk talk’ are as good as his knife skills.

In short, I fundamentally and without reservation trust the man.

The Others

I like Rubio. A bit impulsive and not fully seasoned. Has a Kennedy aura around him. I’d be happy with him as president.

But in that dark alley, I suspect he would be much more focused on “how did I end up here?” than on ‘thrust and parry’…

I like Jeb Bush. But he is Establishment. A great governor, but in the alley he would not have a clue. If you think the world is not one giant F-off And Die alley, do a web search on The Great Game…

I like Cruz, in a sort of overly polished trying too hard to be President way.

I like Carly, largely as I would love to watch the Carly / Hillary cat fight ;-) Hey, a fella can dream ;-)

I really like Mike Huckabee – in a nice guy Uncle kind of way.

The list goes on. The Republicans have deep bench and I’d be OK with just about any of them. Rand Paul the champion of Libertarian Ideals. Jindal for being a clear thinker with a clue. Ted Cruz for being very competent and methodical. Right down the line not one of them is bad.

Compare Shrill Hillary of the “I have a vagina elect me! even if I lie a lot” vs the Socialist. And not much else on their bench…

FWIW, as a staunch Independent who only really wants government out of all our lives ( I really don’t want them telling me what to do with my body parts, what plants I can use, what to do with my money, archiving all my email and web searches, or to BOHICA to big businesses… ) it really pains me to be endorsing Carson instead of Paul… but, well, I like the man.

(Sidebar: If you do not know, BOHICA stands for Bend Over Here It Comes Again. I’d seen it for years before finding a translation. Then again, that was marginally pre-internet…)

In Conclusion

That’s basically it. I don’t really care if it is:

Carson / Carly – let the two ladies have a cat fight

Carson / Cruz – let the Cubano bring Hispanics and inside the beltway understanding

Carson / Rubio – let the Cubano bring some spice to the whole process and some clue on policy direction while being very fresh in a cultural way

Carson / Bush – Hey, the King Makers want their guy on deck just in case

Carson / whatever – you have 10 scenarios to work through…

What I want in a President is competence, courage, honesty, and humanity. Dr. Carson has all of those. And, I can trust him.

Feel free to advocate for your POV. Lord knows I’m not perfect in these things…

Subscribe to feed

Transportation Tea Leaves

The Dow Theory in a nutshell was that before you or I could go to a store and buy something, it had to be made. Before that, it had to have raw materials shipped to the factory. So by watching transports, you could spot a rising market first as the transports would get more business first, then the manufacturers, and eventually the retailers.

With that in mind, I find this chart a bit of a bother:

Dow Jones Industrial Av. vs D.J. Transportation Av. vs SPY 5 year weekly chart

DJIA is the actual Dow Jones Industrial Average (not the DIA Diamonds ETF that tracks it) and the DJTA is the Dow Jones Transporation Average. SPY is the ETF that tracks the S&P 500 stocks.

DJTA looks to have cleanly peaked and rolled over before the DJIA or SPY.

I only have one Simple Moving Average (SMA) on this chart. 40 weeks. With 5 trading days / week, that is the classical 200 day moving average. When a stock drops below that, it is in a bear market configuration. The DJTA is clearly below it.

DJIA and SPY are both in a ‘double top’ configuration right now. At this point it is an inflection point in market sentiment. IFF price pushes through that ‘resitance’ to a new all time high, things tend to rise for another round ( IMHO a month or two until The Fed raises rates and kills the party buzz of free money). IF price “failes to advance” and drops back down, the “double top” is in and it’s a bear market confirmation.

But the Transports have already done that… About 6 months ago.

We also know metals are way down and not budging. (One must mine and ship some copper prior to making blenders, cars, homes, or cell phones). Metals are NOT saying anything good at all. Partly that is a strong $US reflected in the price in $US, but partly it is just weak demand. Millennials are more interested in ‘experiences’ than in collecting a house full of stuff. China has hit the Economic Pause button. The Middle East is way too busy killing each other to think of buying things. Russia is embargoed for some (much?) stuff. The E.U. is driving itself to poverty (both fuel and economic via socialism and an influx of invaders migrants demanding Government Largess that is no longer fundable). The whole Emerging Market world is in sad shape ( Brazil is on the Socialist Rocks again, along with much of Latin America) with Africa slowly decaying back to pre-colonial tribalism. Add in that The Baby Boomers are at mid-retirement age. We are cashing out and downsizing more than buying stuff.

The only good news is that car sales are up, near as I can tell. But that won’t last forever. It’s a binge on low gas prices and nearly free financing. As soon as demand is met, that door slams shut. Housing sales have tailed off already.

So just whom is going to buy stuff to get it manufactured and transported?

Looking at the indicators:

Volume was high in that early drop, then slowly faded into about Oct 2014 when a down spike caused a volume spike. Volume has risen during this downside run, and is not very strong on that little up tick at the end. A bit ambiguous, but not encouraging in any case.

DMI (down at the bottom) has “red on top” being bearish and with ADX (black line) dropping toward 20 on this upturn. Strength was higher on the down run than on the upturn. While ADX has inflected, DMI+ (red line) has not and has not cleanly crossed it yet. The down run is not confirmed broken until then.

MACD is clearly below zero. Bearish. Has been bearish (red on top) since that “failure to advance to the upside” 6 months back. Now it is ‘blue on top’ but below zero. That configuration is “counter trend rally in a dropping context”. MACD has to be above the zero line to be ‘bullish run’. So a nice trade upside, but sell at the SMA stack and buy back in later if the run continues. And price is almost touching the SMA line. I’d not be buying Transports here.

But if Transports aren’t “making it” with low gas / diesel / kerosene prices and Christmas Demand, what will?

To me this is looking more like “last call to exit” than “all aboard new rally”. I need to do a few more charts on things like individual sectors and such, but it just doesn’t look all rosy to me.

I suspect the best we can hope for is Obama calling up Yellen at The Fed and talking them into zero interest rates until the election and expand the balance sheet another $Trillion or 2 for The Budget Deal… (only 1/2 sarc;/)

So I guess I still don’t know if the Transports know something the Industrials and the Retailers haven’t heard yet.

But it is sure looking that way to me.

My Strategy Now

I’ve sold out of most stuff. Doing the “duck and cover” until a direction is clear Usually the government does all sorts of stuff to make the party of the sitting president look good in an election year. For the next 12 months, that ought to be the case and it usually lifts the market some.

But this government has been beating this horse for 7 years now. I don’t think it is going to get up and trot now…

China has “fixed things” there (yeah, right /sarc;) and yet reality has not budged. Yet More of the paper fix that doesn’t do much in the real world economy of making things for people to use. I’m sensing a ‘decoupling’ moment…

So until I see some life in metals (especially copper), a bit of upturn in Emerging Markets (including China) and transports booking some business, I’m not seeing much to warm my soul, or fatten my wallet.

Maybe I’m being too pessimistic. Or maybe I just look in my shrinking ‘discretionary spending’ wallet and think “I’ll pay the mortgage and buy groceries this month”… In that context, stocks in the IRA are not likely to go gangbusters… How far below zero can The Fed take interest rates to “juice the market” more, from this point anyway?

Subscribe to feed

Building A Nearly Tails Raspbian Pi

In a series of postings I’ve covered parts of this process. This is going to be a ‘summary to date’ of what I think is, so far, the ‘best practice’ to get close to a Tails like experience with a Raspberry Pi.

IMHO it is “good enough” as a first cut for most of the things I would ever do, or need. It isn’t enough, however, if the folks after you are Three Letter Agencies. Bet your life on Tails, bet your reputation on Tor with a Tor Browser, and bet your embarrassment level on this solution; nothing more…

With that caveat, it’s pretty darned secure.

The basic layout is a BerryBoot install of Debian onto an encrypted chip (using LUKS) with a TOR router and IceWeasel browser with a “private” window. When finished with a session (that by choosing the private browser window is not saving history anyway) you can further choose to ‘reset’ the system back to the starting point, erasing all changes.

The limitations:

1) The “reset” is at the Berryboot level. This has a squashfs file system with a ‘write layer’ over it that is saved back to the mini-SD card. Doing a ‘reset’ releases that ‘write layer’ but does not necessarily scrub it. Over time, the SD card will do wear leveling and scramble those bits, plus the next use will reuse some of those blocks making things more obscure; however: IN THEORY, someone of NSA level skills could get into the card and extract those blocks. The encryption is all that stands in their way; so you need to be comfortable that LUKS is strong enough. I think it is, but we’re off in the land of black ops here and it is always less than proven just what state of the art is for Agency limits.

2) Encryption is via a pass phrase to LUKS. There might be ways to scan your keyboard and pick it up. In particular, I’m using a Bluetooth keyboard. An NSA van with scanner can track my keystrokes. So I’m not betting my life on this. But the neighbor or your local police are less likely to be going to that extent and much more likely to be doing the “warrant and grab” and then extort the passphrase out of you with legal threats. Give someone that phrase, then it’s down to just that wear leveling and recycle of blocks on the SD card and are they skilled enough to suck out those ‘deleted’ blocks and put them back together.

3) It isn’t a TOR Browser. Private Session is pretty good and not keeping a lot of stray info around, but it isn’t as locked down as the TOR browser. You can, for example, watch YouTube videos and visit non-encrypted sites, put in passwords and account names, and generally leak information about who you are by being less than careful or running FLASH or Javascript that sucks identity information out of the browser. Now as long as you ARE a bit careful, they will just get that it is a Raspberry Pi with Debian at address 192.168.1.22 or whatever… and the TOR exit relay on the other end. Again, TLAs (Three Letter Agencies) and folks “with large staff” can find ways to inject code to do things that the TOR browser will prevent. I was able to compile the “Tor Bundle” only to find out it was just The Onion Router and not the browser. I’ve still not found where the TOR browser source is available (for 32 bit Linux). That’s a ‘dig here’ for anyone wanting to pitch in. Find the link for the source and I’ll attempt the compile / port. It wasn’t under the ‘source’ tab at the TOR site, near as I can tell.

4) If YOU are not careful, YOU can leak. Use this to login to a site with your login name and password, on an unencrypted link, and you give away identity information. See the TOR website for a list of behavioural things you need to accept for real secrecy and anonymity.

5) As this is a mildly unique combination of settings, and folks can customize more, the system “profile” is to some extent a ‘finger print’. The WiFi dongle can find ‘who is near’ and if that is pulled out via a virus or malware, give a general location. This is mitigated somewhat by the ‘reset’. Visit a porn site ‘honey pot’ that puts malware on the system and they may install a beacon saying “this box and this place”, but it gets erased at the reset to baseline. Don’t erase, you take your chances. If it is a drug deal, stick with Tails or pure TOR and TOR Browser. If it’s just ‘posing’ as a sockpuppet on some website, this is fine. And remember to do the ‘reset’ after visiting anywhere ‘questionable’…

The acutal ‘reset’ is done in Berryboot via a click of the ‘edit’ button at the top level, then choosing the ‘restore’ button after you highlight which operating system to ‘restore’ to the baseline image.

6) The OS has NOT been “locked down”. There’s a lot of stuff in here that likely ought to be removed and/or tightened.

OK, What Is It?

To make one of these, follow these directions. (Yes, I’m using it now, logged into my site, and violating one of the rules of staying anonymous with it.)

First, get the Berryboot bootloader for the Raspberry Pi. It has the two features of an encrypted install and ability to reset to baseline squashfs state. It also very nicely lets you save an image on external media via a ‘backup’ command so you can make several ‘checkpoint’ copies if you like. The ability to merge changes in with the baseline squashfs and make a new squashfs later is exploited here to make a comfortable build to work with, then reset it to that baseline as needed.

The “zip” files to download are here:

http://www.berryterminal.com/doku.php/berryboot

Unzip it and follow their directions. Basically you put their collection of bootloader files onto a FAT32 formatted mini-SD card (for the Pi Model 2, or regular SD for the original Pi, but the original Pi is too slow for decent TOR browsing experience, or even straight IceWeasel IMHO)

Stick the chip in your Pi and boot it up. You will be presented with a “select destination drive” menu. At this point you could choose an external USB stick, or drive, but realize it will want to format the whole thing. In one test on one PNY stick, it didn’t want to encrypt it. So I’d stick with the mini-SD card. Select it and check the ‘encrypt’ box.

Type “YES” when it asks if you really want to do this. Then you give it your pass phrase three times. One to set it, one to verify you didn’t type it wrong, and one to open it again after the encryption is done.

From here on, at every boot, you must give that passphrase to get the chip to boot.

It then asks you what OS to install. I always put “Puppy” on as it is only 129 MB, takes all of 7 minutes on my wire, and gives me a 2nd operating system I can boot in an emergency to look over the other system if I have a problem. For best security it ought to be removed later ( Berryboot lets you do that with one click). Then I installed the latest Debian (Jessie). That took closer to an hour and a bit. Sometimes up to 2 hours if things are slow. I set it to ‘default’ by selecting it to highlight it then clicking the ‘default’ button.

Exit, and boot again. Enter the pass phrase

At this point I stick in a USB stick or drive with my build script on it and some model files for things like /etc/fstab just so I don’t have to do a lot of typing. My present build script would be cut way back for a ‘secure minimal browsing’ system, but I like having a lot of tools and options available. This one takes a full hour to run, so prune out things you won’t use. Like that “btfs and xfs” file system set and maybe the torrent server…

Here’s the result of the run notes:

And that's the end of my present install build process.
 

real	60m2.526s
user	7m17.920s
sys	4m55.160s


There was no build target for IceApe or Chromium present in Jessie

Yeah, it took an hour to run, but not much CPU at all. It is network limited.

I have install lines for both IceApe (as it is in the Wheezy release of Debian) and Chromium (as it was in this release, but buggy, and will likely come back when fixed). Neither worked tonight; but I like IceWeasel better anyway ;-)

Here is the present status of the build script.

pi@Ra2PiM2 /home/pi $ cat BuildIt_2Nov2015 
echo " "
echo "Do the BerryBoot install: "
echo " "
echo " https://www.berryterminal.com/doku.php/berryboot "
echo " "
echo "and choose the option of having disk encryption along with formatting the SD card"
echo "along with the Raspbian installation.  Then copy this script from an external SD"
echo "card or USB drive into your working directory (home directory or /media/pi/CardName"
echo " "
#
# In general, I'm encapsulating what all I did in these two postings as a script:
#
# https://chiefio.wordpress.com/2015/07/18/raspberry-pi-m2-unboxing-and-setup/
#
# https://chiefio.wordpress.com/2015/07/22/raspberry-pi-software-setup/
#
# If you didn't already change the password while running at first set up, change it
# When done, log in as 'pi' password 'raspberry'.  Change the password.
# passwd
# and respond with the new one when prompted.

echo "Also, to change the name of your machine, edit /etc/hostname and make it"
echo "what you like.  "
echo "Here, I'm going to just set mine by brute force write to the file."
echo " "
echo "echo 'Ra2PiM2' > /etc/hostname "
echo " "

echo "Ra2PiM2"> /etc/hostname 

echo " "
echo "Next, do the 'usual' update upgrade that brings you up to the present"
echo "repository status (need a network connection from here on out)"
echo " "
echo "You can either put 'sudo' in front of each of these commands, or just "
echo "'become root' which is what I usually do."
echo " "
echo "sudo bash"
echo " "
echo "then run this script with ./BuildIt (assuming you didn't change the name"
echo "and that you are 'in' the directory where it is located.)"
echo " "
echo "apt-get update"
echo "apt-get upgrade"
echo " "

apt-get update
apt-get upgrade

echo " "
echo "Start doing useful operational 'packages'. "
echo " "

# This gets the useful tools like "nslookup" for looking at Domain Names

echo " "
echo apt-get install dnsutils
echo " "

apt-get install dnsutils

echo " "
echo " VNC is a nice way to get a remote desktop.  It takes some configuring later."
echo " "

echo " " 
echo apt-get install tightvncserver
echo " "

apt-get install tightvncserver

echo " "
echo "I like wicd for an easier way to manage wireless devices and networks."
echo " "

echo " " 
echo apt-get install wicd
echo " "

apt-get install wicd

echo " "
echo "Scrot is a tool for taking screen shots by saying 'scrot' in a terminal"
echo " "

echo " " 
echo apt-get install scrot
echo " "

apt-get install scrot

# Normally I would install "build-essential" to get things like C compiler
# and some language tools, but they were already installed on the R.PiM2.

apt-get install build-essential

echo " "
echo "Some 'user land' useful things like browser options and Office / Mail tools."
echo " "
echo "Chromium is the 'chrome' browser from Google but in Linux land"
echo " "

echo " " 
echo apt-get install chromium
echo " "

apt-get install chromium

# IceApe is a "more free" version of IceWeasel that is a "more free" version of
# Firefox that is a rebranded Mozilla that is...   IceDove is the matching
# Thunderbird replacement minus the trademarks, non-free bits, etc.

echo " "
echo "Doing IceApe browser and IceDove mail reader"
echo " "

echo " " 
echo apt-get install iceape
echo apt-get install iceweasel
echo apt-get install icedove
echo " "

apt-get install iceape
apt-get install iceweasel
apt-get install icedove

echo " "
echo "GIMP is the photo editor ( 'photoshop Free'...) "
echo " "

echo " " 
echo apt-get install gimp
echo " "

apt-get install gimp

echo " "
echo "Don't forget Libreoffice - Microsoft?  We don't need no steenking MicroSoft..." 
echo " "

echo " " 
echo apt-get install libreoffice
echo " "

apt-get install libreoffice

# As I also wanted one of these to be a bittorrent server, I sometimes add
# the "transmission" bittorent code.

echo " "
echo "Adding the 'transmission' bit torrent server"
echo " "

echo " " 
echo apt-get install transmission transmission-daemon
echo " "

apt-get install transmission transmission-daemon

echo " "
echo "To get NTFS disks (like USB or an NTSB formatted SD card in adapter) to "
echo "work 'read write' instead of just 'read only', you need ntfs-3g"
echo " "

echo " " 
echo apt-get install ntfs-3g
echo " "

apt-get install ntfs-3g

# In Theory, this installed 2 VNC "viewers" so the R.Pi could use VNC to 
# get to other machines.  In practice, I found that one of them locked up
# my console when launched against my own machine as target (might be a 
# PIBKAC problem - Problem Is Between Keyboard And Chair - as the R.Pi
# isn't really expecting to drive 2 video sessions at once (the real one
# and the VNC one inside the real one...) so maybe all is fine and I just
# need to RTFM (Read The, er, "Friendly" Manual) before using software...

echo " "
echo "Some VNC Viewers for being the client instead of the server"
echo "I've not used either of these yet so have no clue about them in practice"
echo " "


echo " " 
echo apt-get install xtightvncviewer
echo apt-get install ssvnc
echo " "

apt-get install xtightvncviewer
apt-get install ssvnc

echo " "
echo "Want an NFS (Network File System) server so you can share disks with" 
echo "your internal network?  This will install the code, then you get to" 
echo "configure things like /etc/exports"
echo " "


echo " " 
echo apt-get install nfs-kernel-server
echo " "

apt-get install nfs-kernel-server

# prior to first use.  Or reboot.

# In your /etc/exports file, put something like:

# /etc/exports: the access control list for filesystems which may be exported
#		to NFS clients.  See exports(5).
#
# Example for NFSv2 and NFSv3:
# /srv/homes       hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check)
#
# Example for NFSv4:
# /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
# /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
#

# /YourFileSystem  *(rw,sync,fsid=0,no_root_squash)
# But without the # in front of YourFileSystem... and with your file system...

echo " "
echo "IF you has a partition named /media/data: "
echo "This adds it to the /etc/exports file so it is NFS mountable elsewhere"
echo " "
echo "echo '/media/data   *(rw,sync,fsid=0,no_root_squash,no_subtree_check)' >> /etc/exports"
echo " "

#echo "/media/data   *(rw,sync,fsid=0,no_root_squash,no_subtree_check)" >> /etc/exports

# Remember to do a 

echo " "
echo "Restarting the appropriate services so NFS will work"
echo " "
echo " " 
echo service rpcbind restart
echo service nfs-kernel-server restart
echo " "

service rpcbind restart
service nfs-kernel-server restart

# I did NOT make this box a static IP number.  You will need to
# make this your own server name and IP numbers, if you choose to do that.
#
# Here's my std /etc/network/interfaces file with leading # to make it comments.
#

echo " "
echo "Remember to make your /etc/network/interfaces file have a static IP#"
echo "If you are going to be using PXE boot and such"
echo " "

#auto lo
#iface lo inet loopback

#auto eth0
#allow-hotplug eth0
#iface eth0 inet static
#address 172.16.16.253
#netmask 255.255.255.0
#gateway 172.16.16.254
#dns-domain chiefio.home
#dns-nameservers 172.16.16.254 192.168.1.253 chose that 'add a 512 MB partition option' at build time192.168.1.1
#
#auto wlan0
#allow-hotplug wlan0
#iface wlan0 inet manual
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
#
#auto wlan1
#allow-hotplug wlan1
#iface wlan1 inet manual
#wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

# Don't forget to do a
# ifdown eth0
# wait a minute for it to quiet down
# ifup eth0

# As I want this to be a DNS server, DHCP server, and PXE server (uses a 
# tftp or "Trivial File Transfer Protocol" server, all of those can come in
# one package with dnsmasq.

echo " "
echo "Installing a light weight but effective DNS, DHCP and TFTP service"
echo " "

echo " " 
echo apt-get install dnsmasq 
echo " "

apt-get install dnsmasq 

echo " "
echo "Yes, it takes configuring.  See the file at"
echo " /etc/dnsmasq.conf"
echo " "

# Then I installed the Apache web server :

# http://www.raspipress.com/2012/09/tutorial-install-apache-php-and-mysql-on-raspberry-pi/

echo " " 
echo "Instlling the Apache Web Servier and related stuff"
echo " "

echo " " 
echo "apt-get install apache2 apache2-utils apache2-doc"
echo " "

apt-get install apache2 apache2-utils apache2-doc

# and yes, it takes some configuring and even web page building.
# See files in places like /etc/apache2/sites-available and more.

echo " " 
echo "apt-get install libapache2-mod-php5 php5 php-pear php5-xcache"
echo " "

apt-get install libapache2-mod-php5 php5 php-pear php5-xcache

#  From here on down are things I added over time from the last script.
# they are not yet well commented here.

#  Mysql database:

echo " " 
echo "apt-get install php5-mysql"
echo " "

apt-get install php5-mysql

echo " " 
echo "apt-get install mysql-server mysql-client"
echo " "

apt-get install mysql-server mysql-client

# TOR The Onion Router, and a monitor program that I'm not using yet.

echo " " 
echo "apt-get install tor monit"
echo " "

apt-get install tor monit

# The squid caching proxy

echo " " 
echo "apt-get install squid"
echo " "

apt-get install squid

# Some sound tools

echo " " 
echo "apt-get install alsa-utils"
echo " "

apt-get install alsa-utils

echo "Use amixer cset numid=3 2 to put sound on the HDMI output"
#amixer cset numid=3 2
amixer cset numid=3 1

modprobe snd_bcm2835

# Cryptographic bits, the logical volume manager, and a forensics tool.

echo " " 
echo "apt-get install cryptsetup lvm2 dcfldd"
echo " "

apt-get install cryptsetup lvm2 dcfldd

# Now we're going to install some totally optional file system types as I like to play with file sytems:

echo " " 
echo "apt-get install btrfs-tools xfsprogs hfsutils gparted"
echo " "

apt-get install btrfs-tools xfsprogs hfsutils gparted

echo " "
echo "apt-get install squashfs-tools unionfs-fuse "
echo " "

apt-get install squashfs-tools unionfs-fuse


echo " "
echo "The f2fs file systems didn't build last time.  How about this time?"
echo " "

#echo apt-get install ft2f

#
echo " "
echo "And that's the end of my present install build process."
echo " "
#
# There are several files to edit and configure.  Eventually I'll add a 
# "here script" to dump them from this script to where they belong, or 
# I'll just save a copy and have a 'save / restore' copy process.
#
# Once I get everything configured ;-)
pi@Ra2PiM2 /home/pi $ 

At the end of this script, reboot. That lets the various delayed install triggers do their thing. Then reboot again.

On this second reboot, choose the ‘edit’ option of Berry Boot and save a ‘backup’ copy of this finished system off to an external USB device. That’s the second button that saves it all with changes. Now you can install it as desired without going through all those steps. (Hold down the ‘add OS’ button and it gives you a choice of ‘from external media’).

Also, you can ‘clone’ it in place. If you have the space on your card, do that. If not, repeat the Berryboot install but this time suck in the saved copy as your ‘base’ state. Now when you click ‘restore’ button up there next to backup, it will reset to this fully installed state and not to the raw unconfigured Debian.

To configure your browser to use TOR, click on the horizontal lines icon at the far right of IceWeaswel and pick “preferences”. In the network tab, click ‘settings’. Click the ‘manual proxy’ radio button. Then put 127.0.0.1 in the “SOCKS host” box and put 9050 in port number. Do not put any entries in the other proxy lines (HTTP, SSL, FTP). Do click the SOCKS v5 radio button.

That ought to do it. Test that you are getting to the TOR router here:

https://check.torproject.org/

In Conclusion

I know I glossed over the Berryboot options some, but they explain them pretty well. The basic notion is just to make a base system configured the way you like it, then save that off and make a clone of it that you use. When done with a session, reset to this base state with the restore button / feature in Berryboot.

Using TOR gives some degree of anonymity, and using a generic box adds more. Make it a portable pi via add on screen and / or in the Dongle Pi mode and you can use it with WiFi at a variety of hot spots to further disconnect folks from your identity (i.e. IP is not yours).

While this isn’t a full on TAILS, and while I still need to find the TOR Browser source to try a build of it, this does go a long ways toward both privacy and anonymity. It will also be more resilient to attack as it gets reset to the “base state” after any given session. (As long as you choose to do that… with the ‘restore’ button)

It is relatively secure even if the chip is captured, as it is encrypted. The micro-SD card is also small enough to easily hide just about anywhere. A ‘dd’ image of the card is also full of encrypted blocks, so can be put ‘in the cloud’ with some security. Though note that the Berryboot ‘backup’ button image is not encrypted so if you have sensitive stuff on it, encrypt it separately before cloud storage. The way I will use it has just a basic install with ‘my data’ on a removable USB device that will be encrypted in a different manner. You have choices here.

In short, it is pretty good anonymity, pretty good security, and fairly good at being amnesiac when you ask it to do so. Yet flexible enough to let you chose your levels of those things and / or save things off on USB sticks and drives.

Subscribe to feed

Fedora on Pi – a short note

I’m doing a test drive of the Berryboot Fedora install today. So far, I like it.

It is a MATE desktop, that is in many ways comfortable.

It didn’t ‘balk’ when I hand edited the /etc/passwd file to add the user “pi” with the same user id and group id as on Debian. I mounted my (now living on external disk) pi home directory and then logged in a ‘pi’. There’s all my stuff, and it works nicely.

Launched FireFox. It is a faster browser than the IceWeasel and IceApe clones on Debian. No idea why. Using IceWeasel on Debian (the newer) had slow spots and was just “an issue”. Even with squid running. With the IceAgeNow page open, it tends to consume most of a CPU (likely the way ads are done on that site. I have seen this on several browsers with them, so now I use them as a test case.) At present, I have my site, WUWT, and IceAgeNow all open AND I’m puting in a posting.

No type ahead. CPU is at 53% of one core. That’s a significant gain.

I did install Squid on it, and found that it installs with a different user ID, so I can’t just point it at the same cache directory on the external disk drive. No big deal, I’m just leaving it with the defaults for now.

Overall the system is clean and fast. It does have that “slightly stuffy” feeling of all things Red Hat. Crisp, but in a “you WILL do it my way” sort of way.

Yet it works, and from a first look, rather well. I suspect that the new Debian (Jessie) is having “issues” from trying to integrate systemd and message bus processes. Fedora was where it was developed and integrated from the start (only one of the reasons I’m not fond of systemd… it forces change in so much other stuff, all of which will take a good bit of tuning and debugging to get back to where they were prior to the conversion…) But “it is what it is” and Fedora looks to be using those basics better, for now.

It looks like some other folks like it too:

https://lists.fedoraproject.org/pipermail/arm/2015-February/009094.html

[fedora-arm] New Raspberry Pi 2 with ARM v7 processor
User Digital user0007 at yahoo.com
Sun Feb 22 17:40:19 UTC 2015
[…]

Fedora is running indeed on RPI2 – you may use Berryboot – Boot menu / OS installer for ARM devices (http://sourceforge.net/projects/berryboot/). The Berryboot web site is http://www.berryterminal.com/doku.php/berryboot It is needed to download 32.8MB zip file and to copy the unzipped files to a FAT or FAT32 formated microSD card. Then you may add to the Berryboot main menu the existing Fedora ARM 21 OS with MATE desktop. It is running very well, the desktop is nice and fast, Firefox v.33.1 is already pre-installed (Raspbian OS has only old Firefox version Iceweasel). Audio hardware should be added. The previous version included in Berryboot was Fedora 18 with xfce desktop – it was running very well too on RPI2.

I’ll be “living on Fedora” for a few days now. Mostly to see how it does with a wider range of things. See what the “build script” for it would need to be to get “all my usual tools” in place. It isn’t all that big a deal to do:

yum install squid

instead of

apt-get squid install

but knowing what is already in, and out, is the longer part of the process.

I’ve been using CentOS on the Antek/ASUS box, and it is just a slightly older Fedora with bit more QA and a package set more aimed at large data centers. The two are more alike than different.

But what I care about is the browser performance, mostly. This one is significantly smoother. (Hey, they both can be nearly identical, but if one is using 1.5 X the CPU, it hits 100% and bogs while the other doesn’t. As of now, I’ve not seen this Firefox hit 100%…)

I did mount a ‘real swap’ on it, and with just the browser and 2 terminal windows open I’ve got 16,052 blocks of swap already used. It’s a bit of a memory hog build. That may be where the extra speed comes from, a willingness to put more stuff in memory to save some cycles. On an all SD card system this would likely mean more SD card wear. As I really like having “real swap” this isn’t an issue for me. And as SD cards are cheap, just be ready to restore a backup if you run on an SD card for a year or two.

Ah! On clicking “save” during the draft of this article: the CPU usage for FireFox went to 117%, so more than one core. It is both ‘multicore aware” and efficient. Nice. IIRC, IceApe is not multicore aware yet, limiting on one core.

In Conclusion

So that’s the update from this posting. If you are a Fedora / RedHat fan, or just like MATE, it seems to be an industrial strength ‘re-mix’ for the ARM chip set. So far. (this is still early in the test drive).

Oh, and I’m running from a Class 4 card, so it is a reasonable speed chip, but not like a Class 10 Ultra at 30 MB/second. It’s not the chip that lets this be fast.

Now that my home directory is external, a lot of the ‘issues’ of living on another OS for a while go away. All must current stuff and projects come with me. That makes ‘variety testing’ easier. Don’t be surprised if I’m bouncing between distributions for a while. But, with that said, the ease of making postings on a real FireFox without pauses is likely to keep me here when posting. At least for now.

There is a reasonable selection of ‘the usual suspects’ installed. Libre Office and gparted and transmission all already in place. Didn’t see Gimp, though. So until I’m installing it now. “yum install gimp”.

I’ve also not yet tested sound. That will be later today. It ought to work, though. We’ll see what happens on a youtube video…

All in all, it is looking like a decent release.

Subscribe to feed

Berryboot to USB – Not Impressed

Color me “not impressed” with Raspbian from a USB stick.

To see how it might be useful, I’ve done an install. ( 4 different OSs on one stick. Arch, Debian, Puppy, and the PXE boot loader).

This is the listing for the /boot partition on the SC card:

pi@raspberrypi ~ $ ls /boot
bcm2708-rpi-b.dtb       cmdline.txt   kernel_rpi2_aufs.img  start.elf
bcm2708-rpi-b-plus.dtb  config.txt    LICENSE.berryboot     start_x.elf
bcm2709-rpi-2-b.dtb     fixup_cd.dat  overlays              uEnv.txt
berryboot.img           fixup.dat     shared.tgz
bootcode.bin            fixup_x.dat   start_cd.elf

Not much on the card. Just the stuff hauled over from the BBoot loader area and a boot kernel image.

Here’s the df so you can see the “disk” used:

pi@raspberrypi ~ $ df
Filesystem     1K-blocks    Used Available Use% Mounted on
dev               431696       0    431696   0% /dev
none            15464360 1857056  12798708  13% /
tmpfs             441376       0    441376   0% /dev/shm
tmpfs             441376   11556    429820   3% /run
tmpfs               5120       4      5116   1% /run/lock
tmpfs             441376       0    441376   0% /sys/fs/cgroup
/dev/mmcblk0p1   3860600   35380   3825220   1% /boot
tmpfs              88276       0     88276   0% /run/user/1000
/dev/sda1       15464360 1857056  12798708  13% /media/pi/berryboot

The / (root) partition and /media/pi/berryboot are both the same thing and they are the USB stick. I used a 16 GB PNY stick that I bought about a year ago.

First off, attempting to install “encrypted” failed on the disk format. No idea why. Unclicking the ‘encrypted’ box and all went fine.

So no real benefit to the user desiring privacy, IMHO.

Next up, in ‘typical’ web browser use, it has occasional significant pauses.

The USB stick seems to be VERY much slower than my Class 10 SD cards. I’ve not seen speed ratings on most USB Sticks ( my Monster brand does brag and is very fast ;-) so I might try an install to one of theirs “someday”…) and we’ve already identified that PNY “has issues” on lots of writes. So it might just be the particular stick I’m using.

But the long and short of it is that the thing is a bit annoying to use. Not quite painful, but you are reminded that it is lurking nearby…

Notice that /boot takes only 35.4 MB of space. This means that if you have some old 512 MB or even 128 MB SD cards you can use them for the boot part that stays on the R.Pi and give them a new life. I’m going to re-do this test “someday” with a fast Class 10 SD card in the USB adapter (replacing the stick) and see if that makes a difference. And see if it will encrypt.

Also note that I put 4 OSs into 1.8 GB of space used on the stick. It doesn’t take a giant stick to make this go. I may go looking for another Monster stick and see if I can get their fast one (80 MB / sec?) in an 8 GB size. It’s a USB 3.0, so likely a lot faster than this 2.0 from a so-so maker… even in a 2.0 port.

So I’ve not completely written off the USB stick booting (and maybe even a real USB disk booting… once I have one where the mandatory whole disk formatting doesn’t cause me grief…), but I’m just not feeling the love or seeing much benefit from it at the moment.

With that, I’m going to shutdown this one and go back to my regular chip. (Yes, I’m posting this from the USB install Raspbian).

Subscribe to feed

EMP – A Summary Starting Point

Electro-Magnetic Pulse kills electronics and wounds many kinds of electrical gear. Some, like large transformers; die from a major pulse, 3 years to replace (when things are working properly and they will not be working properly).

On another thread, a discussion broke out on this topic. This link goes to the top of that discussion chain (so I can find it again in the future…)

https://chiefio.wordpress.com/2015/10/23/amdahls-law-gustafsons-robots-and-jobs/#comment-64924

It is the point where Carrington Event was mentioned and started the discussion.

There are two major kinds of EMP to worry about. The first is solar induced. It will be a bad day for things plugged into the power grid or network cables, but otherwise modestly easy to survive. The major issue making it uniquely difficult is that it is usually hemispheric and sometimes global in scope. You don’t get much help from anyone else in the world when it happens. And it WILL happen. Absolutely 100% guaranteed. We just have no idea when. We have a sample size of one well observed to guess from.

It is the main “design point” for my preparations. Basically, almost all the cars survive along with any electronics and electrical gear not plugged in at the time or with good discharge protection. (Things like large data centers where the entry point power conditioning equipment will likely die, but save the rest of the shop in the process).

So I have some basic computer gear and communications gear in ‘Faraday cage’ like protective wrappings along with some battery operated radios and batteries. “Camping” stoves and fuel. Kerosene lamps and a few gallons of kerosene. Some LED flashlights. You get the idea. Same stuff you need to survive after a hurricane or major earthquake. (In fact, mine is mostly my ‘quake kit’ with some electronics wrapped in paper/plastic then foil in metal cans).

I’m not going to put much more about it here, other than to remind folks that for about $20 you can get a small portable ‘inverter’ that makes enough power to light a nice light, charge your cell phone and laptop, and run a radio. Plug into your car or just wire it straight to the battery and you have several days of modest power.

There’s an example here:

https://chiefio.wordpress.com/2011/02/17/minimalist-emergency-power/

I always travel with at least one of these. I have a 100 W minimum, that fits in a small backpack pocket, the 300 W in the picture that fits in the glove box, a 1000 W unit that cost $70 at Costco some years back stored in the garage, and another one or two. They are cheap and work well. It is amazing how much can be done with just 100 W of AC from one of these. (Though my laptop took 250 W to run, a Raspberry Pi needs just 5 W …)

All of this gear, being physically small and not plugged in ought to survive any solar event. Even my 1000 W Honda Generator ought to survive. Just too small to couple to the low frequency long wavelengths of a solar EMP.

The bigger (harder) problem is a nuclear EMP event. These are both much stronger in power and voltages induced, and have different frequency spikes. Small size is not nearly as much protection. (It isn’t clear what form an actual pulse would take as the sample we have is small and from 1/2 century ago, so some guessing is involved…)

I’ve generally not ‘prepared’ for this simply because the only real ‘risk’ was the USSR, and it went away… But times change. Now we have Iran on course to get a nuke in under a decade, though it is reasonable to speculate they have a couple already. North Korea has them. For both of these countries, ‘delivery systems’ didn’t exist. That, too, has changed. They both now have missiles intended to reach the USA, but IMHO much more importantly, they are claiming some of these are for space research and for putting satellites on orbit.

So pretty much in the next 5 years to a decade we enter a no-mans-land. There will be two countries who absolutely hate us, have vowed to destroy us, and will have the means to do so. Add to that the Russians getting globally uppity again, and the USA now playing “Chicken” with some Chinese islands (and them being fully able to launch orbital nukes) and it’s not getting better…

Why the emphasis on Orbital?

For the simple reason of where you set off a nuke to make the best EMP.

This map is from this site:

http://www.shtfplan.com/emergency-preparedness/super-emp-capable-of-disabling-power-grid-across-lower-48-states_06202011

Most folks will look at that and notice the circles cover the whole lower 48. Some will notice the outer ring is only 30% to 50% of peak. Others will note it is ‘grid damage’ the article is talking about and not all damage; and many things not grid connected will have different percentage rings. Others, me among them, will note that at a 50% risk band, even a foil wrapped cardboard box inside some plastic bags inside a metal garbage can will be highly likely to survive. (Alternating layers of conductor and insulator, with one layer of iron to keep out the magnetic component, shields things very well.)

There’s a good discussion of how to protect things here:

http://www.futurescience.com/emp/EMP-Sitemap.html

with personal steps here:

http://www.futurescience.com/emp/emp-protection.html

But what I want to point out is one small number on that graphic.

“Height of blast: 298 miles”

That’s orbital height. From about 100 miles to 400 miles is prime space to put up a variety of orbital communications and survey gear. Some, like both Russian and some USA gear, powered by nuclear power.

Unless we grabbed one to open it up and look inside, we can not tell really if that radiation from it is due to it having a nuclear power supply, or a bomb.

So an Iran, Korea, China, Russia, whoever… can just have a ‘scientific’ space program launching some satelites that don’t do much other than radio back some pretty mundane measurement data or photos. We can’t really say much to stop it, and attempting to take one down would likely end badly…

Now, at any time, they can set it to detonate on the next pass over the USA.

As Larry pointed out in the other comment thread, the most effective scenario is to have a few of them and set them off in a couple of waves.

I personally don’t think anyone that seriously contemplated an EMP attack would limit the attack to a single warhead, as no matter how small that device was, it would be surely interpreted as an act of war, and the consequence would be total retaliation (if the source of the attack was known) and our ability to retaliate remained.

The bad news is that of all attack scenarios EMP is the most likely to have considerable doubt about the source if the attacker wanted to execute the attack in the proper way.

My personal planning assumption is a 4 device attack with three devices positioned to bracket most key regions of the country (east, central/mountain and west coast with locally high field strength) and with a 4th super EMP “cleanup device” detonated at altitude to blanket the entire country. Possibly with some time delay after the primary strike to allow reserve and backup systems to come on line before hitting them too.

Also realize that once on orbit, a nuke could also be let drift out with little ‘signature’ to observe it (i.e. no rocket thrust), and if coated in Radar Absorbent Material and mat black (i.e. stealth designed) it would be nearly impossible to see that event from the ground, while assets on orbit would have trouble being ‘tasked’ to observe every one of those satellites 24 / 7 for a couple of years of ‘nothing happening’. That, then, raises the specter of an EMP happening when we can not point at any source at all. Do you just nuke “all the usual suspects” then?

So while I have little worry about solar EMP causing the end of society as we know it, and no real worries about nuclear EMP over the last 20 years. Starting about 2020 it is a whole different situation. ( I personally hope to be in a position to ‘live on my own’ then, out of an urban context, but who knows. I might still be right here as the spouse prefers malls to a well and dirt.)

So that is the “worst possible scenario”, IMHO. A few nukes on orbit that we can’t finger, and then a staccato of EMPS as they pass overhead. No launch in the last year or two pre-event to point at. Maybe a year back some vague smudge on a long put away image of what someone thought might have been an object near one of ‘their’ satellites, but again not actionable. What do you do then?

With that pattern, you have near 100% destruction of the power grid and most everything plugged into it. Even small devices are mostly fried. Some folks, like me, taking stuff out of deep storage can have some lights on, and a radio to listen to??? Who? Radio Moscow? The BBC? Telling us we’re now a 1700s rural agrarian society again? Except almost everyone is in cities with no working water supply, fuel supply, food supply, heat, cooling, lighting, or communications. Hopeless? Not quite, but mostly. That’s why I put it outside my ‘design goal’ for my preparation plans. (At that point, we hunker down with the earthquake water barrels, the stored food ration, and some ‘defense’ and hope to just be among the last ones standing in 4 weeks…)

Unfortunately, this isn’t a “paranoid ideation”. Were I running the “get America” planning group in Iran or North Korea, it is exactly what I would do. Stealth, deception, surprise attack, and utter collapse. Our nuclear subs can completely destroy them, but how do you know which ones to destroy? And then what?

One can hope we have far better satellite tracking abilities and some way to sniff out the nuclear signature of “boom stuff” vs “nuclear power module”. One can hope we know when the nuke is put on orbit and can neutralize it ( say run a pencil sized IR laser through it on orbit…).

“But hope is not a strategy. -E.M.Smith”… Yet I can only hope our military has more than hope to work with. Otherwise this too is a ‘will happen’.

With that, I ‘hope’ we can move the EMP discussion to this thread ;-)

Subscribe to feed

Shrinking NOOBS on Pi

I’d made a NOOBS install onto a 64 GB mini-SD card some 1/2 year back. Then, I’d expected that to be the ‘whole system’. And, for a while, it was. I filled it with about 50 GB of software archives and temperature data stuff and then some. But time passes.

This last 6 months, I’ve moved all the data off of an ‘old’ Western Digital USB drive. It was “only” 111 GB and I’m buying TB sized drives now. So “what’s the point”? of a drive like that…

It got a reformat to have a 2 GB swap partition and the rest ‘user space’ as ext4 file system (journalling and not prone to data loss). Moving data over, and adding Real Swap ™ to the Pi was a pretty nice step forward. It did need a powered hub, but I had one for that purpose.

So my 64 GB mini-SD card was about 7 GB full. The rest, empty blocks.

Aside from just generally being a ‘waste of space’, I could use that 64 GB chip for other things.

But a NOOBS install is simple to do, but complicated on the SD card. There were something like 7 partitions and about 6 ‘unallocated’ spaces between them. (No idea why, but they seem to like leaving 4 MB gaps between partitions). Then there were the three file system types to sort out. FAT16, FAT32, EXT4 (and on some older ones, other EXT types).

I put it off. The Raspberry Pi boot process is “different” and complicated in some ways. It starts on a FAT file system, then moves to the EXT one, and devices are not all the usual /dev/sdxn pattern. Those mmcblk0px ones… (I think that decodes to ‘multi media card, block, card#, partition#) Yes, I know, using ‘sd’ for SCSI Disk is also a bit arcane since it isn’t a scsi disk either…

But today I “bit the bullet” and did the deed. This page was helpful. Largely in getting me the ambition to “go for it”.

http://sysmatt.blogspot.com/2014/08/backup-restore-customize-and-clone-your.html

It is very useful, but IMHO a bit more complicated than needed. He uses command line ‘gparted’ for example, when there is a nice GUI one. He uses ‘dmesg’ to search the message log for the mount information of the “destination SD card” (while being a bit unclear about was he looking for source or destination card…). Why not just stick it in the USB adapter, have it auto mount, and do a ‘df’ to see the device in the listing? I do that all the time.

But clearly his goal was to make a script of it. So command line is better than the graphics tools for that goal.

My goal was a ‘one off’. So I read it for ‘what do you do’, then did something similar but different.

In the end, it was very easy.

Insert destination SD card. Note /dev/sd? identifier. Open graphical ‘gparted’ from the Menu:Preferences drop down. (Why it’s hidden there I have no idea… if not installed, do an apt-get install gparted.) Look at the two chip layouts (running, to be cloned, and destination). Format and make partitions on the destination that are what you need. (A FAT16 first partition of 60 MB with label boot, and a ‘rest of space’ EXT4 with label root then quit.) Remember to set the flags on the FAT16 to have ‘lba’ set.

He has several warnings about cloning from an active file system, then does it. I just shutdown, put in a different boot system chip, moved the 64 GB to the USB adapter. Sucked out the ‘goods’. Swapped in the 8GB and stuffed them back. Shutdown, swap chips, reboot. I’m using it now to make this posting.

He used an interesting command to do the copy. I’m pretty sure with my approach some simpler ones could be done. As he was running on a live system, he needed to not span file systems and go into places with things like ramdisks or ./proc processes. As mine was not active, I think that didn’t matter (but on the off chance there was a symbolic link and not knowing how they might be handled, I set the ‘one filesystem’ directive).

To copy out from the original /boot /root and /data partitions, I just used the regular defaults you get when the USB adapter shows up.

/media/pi/boot
/media/pi/data
/media/pi/root

like this:

rsync -av --one-file-system /media/pi/boot /Pi_Archive_dir/Pi_64GB 

(where the destination directory is whatever you want, I used a Pi_Archive and sub-directory named for the chip)

The only really tricky bit is remembering to NOT put a trailing slash on /media/pi/root so that rsync will actually create the directory named root and everything doesn’t end up in one pot…

Repeat for /media/pi/root and if you made a 512kB ‘data’ partition when doing NOOBS, for that one as well (if you put any data in it… it is intended for passing data between different OS types).

Then I unmounted those /media… devices, took that chip out, and put in the 8 GB destination chip. Now you ‘stuff it back’ with almost the same commands.

rsync -av --one-file-system /Pi_Archives_dir/Pi_64GB/boot/ /media/pi/boot
rsync -av --one-file-system /Pi_Archives_dir/Pi_64GB/root/ /media/pi/root

I chose to do an ‘unmount /media/pi/boot’ and instead mounted them in /mnt/Testing/boot and /mnt/Testing/root just so it was even less likely I’d get the name wrong and hit something else automouted in /media; but that isn’t essential)

Note that there is a trailing / on the ‘from’ directory. That way it does NOT create the boot or root directories. The stuff needs to be ‘top level’ of the partitions… If you cd into the ‘from’ directory first, the commands become much easier to type:

cd /Pi_Archives_dir/Pi_64GB

rsync -av --one-file-system ./boot/ /media/pi/boot

All that is left is that there are two places where the number on the mccblk0pX matters. Those have changed, so you need to edit them. cd /media/pi/root/etc and edit fstab. For me, these had been 6 and 7 partitions:

proc            /proc           proc    defaults          0 0
/dev/mmcblk0p1  /boot           vfat    defaults          0 2
/dev/mmcblk0p2  /               ext4    defaults,noatime  0 1

Now you can see that they are p1 and p2. Similarly, cd /media/pi/boot (or /mnt/Testing/boot if you do the remount like I did) and edit cmdline.txt

dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait

Here, root changed from mmcblk0p7 to mmcblk0p2 and everything else stays the same. Save it and exit.

Shutdown. Swap chips. Reboot. Done.

Really pretty easy once you realize that the goal is not to clone the whole NOOBS environment and all the other OSs installed that you decided to never use again ;-)

Besides, I have a ‘dd’ whole chip clone for that if I ever want one back.

So “Honey! I Shrunk The Chip!” and it’s working fine.

In Conclusion

Now on the ‘someday’ list is to do the same thing for the Pi.B+ board doing DNS and bittorrent as I’ve moved all that 50+ GB off to a hard disk there also. That will recover another (relatively expensive) high speed 64 GB Sandisk chip.

Maybe someday, IFF I think it is worth the time, I’ll suck out dedicated chips for the minor OSs on those big chips. I think there are 2 or 3 of them. I basically never use them, but it would be nice to, for example, pull out the Puppy4 install from the bittorent machine chip as I’m pretty sure it will fit on to a 2 GB chip. (That one is a Berryboot chip with even more partitions and maybe a slightly different set of steps / partitions needed. We’ll see…)

Why not just download a new one from The Net? Well, I like to keep old copies of OSs. Sometimes a catastrophic failure in the new one shows up, or you get an old board that no longer works with the oldest online releases, and it’s nice to just pull what works out of a box. Less likely to be an issue with the Raspberry Pi then with the 1001 PC Clone Types… but a habit is a habit for a reason. Besides, in some cases I’ve already customized these a bit. Even if rarely used.

The major lesson here was pretty simple, really. Under all the Berryboot and NOOBS and all, there are just 2 partitions that really matter. Boot and Root. One FAT16, the other EXT4. Make those, copy the stuff over, and go.

So now I have a ‘minimal chip’ with a few layers of stuff out of the way. No greeting boot selector, just “BAM!” right into booting the OS. No wasted space on the chip (for unused partitions, for recovery partitions, for NOOBS or Berryboot processes, for ‘unallocated). It just boots and goes. And with zero need to reinstall software, copy over all my configs or custom bits one by one, nor copy the ‘stuff’ in the user home directory. Launch the browser and it even knew which tabs I’d had open last time ;-)

I still have about 1.9 GB of free space in /root so can add more ‘stuff’ over time, but as I’m moving more “stuff” onto ‘yankable’ USB sticks, it is more likely to shrink than grow. Next step is to make a LUKS encrypted stick and “move onto it”. At that point one tug and all of ‘my stuff’ is encrypted and likely to stay that way… Yes, eventually I’m going to get to a fully encrypted thing… this is more ‘retrofit’ to the old system than ‘how to build new’… the ‘build new’ is that Berryboot with built in encryption and ‘reset’ features. In fact, the ‘stick’, once done, will likely be moved onto that base system. I’m pretty sure that I could just have made the destination partition here a LUKS partition and, once mounted, copy into it as above. Then have /root encrypted. (Guess what I’m doing this weekend ;-)

If you made a big chip your home, with lots of OSs on it you test drove, but never use, now you know how to pull out what you want and leave the rest behind.

If anyone wants more detailed “how to” than the above, just ask, and I’ll put up more examples.

Subscribe to feed