Gentoo – Love Hate Relationship

Gentoo Penguin

Gentoo Penguin,_South_Georgia.jpg

The world’s fastest Penguin… and the namesake of the Gentoo Linux Distribution intended to indicate their goal of a very fast running Linux.

So pretty much all of yesterday went into installing Gentoo into a Virtual Machine. It’s a love / hate relationship now…

On the one hand, it gives me full control of all those things I want to see and control. On the other hand, I have to look at and deal with all those things AND with the consequences of my choices. So what Makes Gentoo different?

It has a package manager, sort of… Gentoo is installed from a small core of software that you boot up. A portable kernel, some ‘fetching tools’, and things needed to compile software. From that point forward, you fetch batches or packages of compressed source code and do a ‘compile and install’ on it. You get to do things like leave out of the kernel support for file systems that you will never use. You also get to set the things that you want it to do, and potentially screw them up. The overall process is like package based systems, but with source code in the package not precompiled binaries. This lets you assure that the sources being compiled are in fact the ones you looked at or validated as not buggered, but it also can take a fairly long time to compile a whole operating system (and you are still depending on a community to have looked at those sources).

Overall, it went reasonably OK. Lots of “geek stuff” to do and a very familiar set of “geeky output” to look at / ignore ;-) Everything went reasonably well, other than that the disk formatting / sectoring step didn’t work ( that bit of code either didn’t work or wasn’t found – I forget which). But I did the whole install into one disk sector on the virtual disk. At the end of the day it would not boot up.

Why? Unclear at this point. At 2 am I was just too sleepy to continue pushing it. In a day or two I’ll come back to it with a clear new focus and see if it is more obvious then. I think it is just that the “disk” will not mount / be found at boot time. I may well have incorrectly specified the name of the sector. I was looking at both “Grub” and “Lilo” (in the end using Lilo – Linux Loader – as I’m more familiar with it) and was ‘guessing’ a bit as to ought it be sda or sda1 or even sda0 as the ‘sector’ name when there was no re-sectoring done.

As an install onto bare hardware (real disks and real compute hardware) it would be about the same as an ‘old school’ install from sources, but with some more convenient and easier “package” control / processes. For an extra secure system, you would want your own sources / package archive and point those package fetch steps at those validated sources.

Why Bother?

Couple of reasons:

1) Native compiled code can take advantage of all the hardware ‘tricks’ on that given CPU / motherboard. It will be significantly faster. Different CPUs have different hardware abilities (often added for performance) that are often not used by a ‘generic’ kernel.

2) You can leave out code you know you will never use, or that might be a security issue. So leaving out support for wireless connectivity on a computer with no wireless hardware, or simply leaving out ALL networking support in the kernel to build a system ‘provably secure’ against network based attacks. It can be made all of smaller, faster, and more secure this way.

3) Code left out is code that can not introduce bugs.

4) Compile options can be set to make the executables smaller, or larger and faster. (Such as memory allocation flags). You can customize for “fit on the old x486” or “use extra memory to go faster on my 4 GB box”. It is more of what you want, less of what you don’t; with the emphasis on you.

5) The source code archive can be secured from tampering. This is mostly useful to large organizations with the staff to deal with looking at a lot of source code. It still has some value to the “lone independent” in that you can get a copy of the source code (from an “innocent” location) and unless the sources have been “buggered for all” know that you are not being ‘targeted’. Then if desired, particular programs can have a ‘diff’ done comparing them to older versions to see “what changed” and show up any “suspects”. (Heck, just a gross byte count by module will show up large virus / spyware insertions. Most Linux programs don’t grow a lot once made.)

6) Customizations can be done. Special drivers for special hardware. Making changes to encryption tables in encryption code (not recommended for the novice, but can screw up ‘expectations’ if done well). “Roll your own” encrypted things (like, say, an encrypted pipe) or make code memory resident only (for speed or security). I’ve seen some releases that have a ‘special’ encrypted RAM disk for storing encryption keys, for example, to make recovery from RAM even harder.

7) It is somehow satisfying to look at a nice code archive and think “That is MY operating system” ;-)

and a few more…

In Conclusion

Gentoo looks like a well done fast and configurable solution, with some added attraction for security minded folks. It worked well from the CD .iso image even in Virtual Box (but that’s not a full system) and I generally like what I’ve seen.

It is NOT for the “newbie”. As an experienced Linux / Unix systems admin I was comfortable with “old friends” like reading the output of cc and the loader, of editing by hand config files like /etc/conf.d/modules and /etc/lilo.conf (though it uses a strange little editor called ‘nano’… I had to do a “emerge nvi” to get a decent vi editor… ;-) (For those not familiar with it, vi is a cryptic ‘visual editor’ that has strange keystroke driven commands. Having learned those, though, the ‘fingers just do it’ and I don’t have to think about it…)

Some of the commands are new to me, but not particularly hard. Instead of the ‘old school’ “make” command, it uses “emerge”. OK, not a big deal. There are a couple of such things, along with the usual ‘screwing around with where admin files live’ that happens between Unix, Solaris, System V (almost Unix…), Linux releases. (So /etc/conf or /etc/conf.d or just /etc/ or /etc/fstab vs /etc/vfstab or…)

Even if I don’t get the virtual machine version running, I’m highly likely to set up a desktop box using it. (I have a spare 10 GB disk I can put in one of my old White Box machines). As it is configurable for x486 up to multicore processors (default is 8 core limit, but you can override it) AND since it is compiled can easily be ported to all sorts of processors (including the ARM family) it is highly attractive as an option for a Raspberry Pi “backend” device and maybe even as the “disposable browser / email” box. Being able to make small, fast, dedicated builds for it is very attractive. I also saw one page with a topic of a cross compile where the target was an ARM chip set.

So it is, in essence, a tech guys environment; but with enough directions (and reliable enough processes) that even a “tech wannabe” could give it a go. But not for the “first time Linux trial”…

Some Links:

Not endorsing any particular one, just keeping track of them:

A guide book to how to install Gentoo:

1. About the Gentoo Linux Installation

1.a. Introduction


First of all, welcome to Gentoo. You are about to enter the world of choices and performance. Gentoo is all about choices. When installing Gentoo, this is made clear to you several times — you can choose how much you want to compile yourself, how to install Gentoo, what system logger you want, etc.

Gentoo is a fast, modern metadistribution with a clean and flexible design. Gentoo is built around free software and doesn’t hide from its users what is beneath the hood. Portage, the package maintenance system which Gentoo uses, is written in Python, meaning you can easily view and modify the source code. Gentoo’s packaging system uses source code (although support for precompiled packages is included too) and configuring Gentoo happens through regular textfiles. In other words, openness everywhere.

It is very important that you understand that choices are what makes Gentoo run. We try not to force you onto anything you don’t like. If you feel like we do, please bugreport it.

How is the Installation Structured?

The Gentoo Installation can be seen as a 10-step procedure, corresponding to chapters 2 – 11. Every step results in a certain state:

After step 1, you are in a working environment ready to install Gentoo
After step 2, your internet connection is ready to install Gentoo
After step 3, your hard disks are initialized to house your Gentoo installation
After step 4, your installation environment is prepared and you are ready to chroot into the new environment
After step 5, core packages, which are the same on all Gentoo installations, are installed
After step 6, you have compiled your Linux kernel
After step 7, you have written most of your Gentoo system configuration files
After step 8, necessary system tools (which you can choose from a nice list) are installed
After step 9, your choice of bootloader has been installed and configured and you are logged in into your new Gentoo installation
After step 10, your Gentoo Linux environment is ready to be explored

When you are given a certain choice, we try our best to explain what the pros and cons are. We will continue then with a default choice, identified by “Default: ” in the title. The other possibilities are marked by “Alternative: “. Do not think that the default is what we recommend. It is however what we believe most users will use.

Sometimes you can pursue an optional step. Such steps are marked as “Optional: ” and are therefore not needed to install Gentoo. However, some optional steps are dependent on a previous decision you made. We will inform you when this happens, both when you make the decision, and right before the optional step is described.

An “Alternative Installation” method:

1. About this document

If the standard boot-from-CD install method doesn’t work for you (or you just don’t like it), help is now here. This document serves to provide a repository of alternative Gentoo Linux installation techniques to those who need them. Or, if you prefer, it serves as a place to put your wacky installation methods. If you have an installation method that you yourself find useful, or you have devised an amusing way of installing Gentoo, please don’t hesitate to write something up and post it on Bugzilla.

2. Booting the Install CD with Smart BootManager

Download Smart BootManager available from Linux source or binary format and windows .exe versions are available as well as many language packs. However, at this time, the preferred method would be to use the binary format, as the source will not compile with newer versions of NASM.

Either compile the package from source or just grab the binary. There are several options that can be utilized while creating your boot floppy, as seen below.

Discussion of Gentoo on ARM chips.

Gentoo ARM Cross Compile Overlay

This is an effort to create an overlay to support cross compiling Gentoo for the ARM target (beagleboard/overo/openmoko etc ) and also provide a binary repo of the packages that have already been cross compiled for ARMv7a architecture. I have also started tracking the Openembedded Kernel i.e linux-omap-2.6 Kernel + OE patches in a git repository.

To give you an idea what kind of things are involved, here’s a snippet from a bit further down the page. You can “cookbook it” by just doing this kind of thing by rote, but once something goes ‘bump in the night’ and you are off page, well, that’s were newbies turn into new hackers…

Setting up you Environment

emerge -av git layman crossdev crossdev-wrappers

layman -L

should show you a “gentoo-arm” overlay.

layman -a gentoo-arm

Now you should be able to use the overlay. Setup your crossdev environment with:

crossdev -t armv7a-softfloat-linux-gnueabi

The above example is for an OMAP3xxx processor (ARM Cortex A8). Replace with your ARM architecture or just arm- for generic ARM. Check here for other architectures link. Once the above command completes (it sets up your cross compile toolchain etc).

emerge-wrapper –init

This sets up your /usr/armv7a-softfloat-linux-gnueabi/ . All the packages you emerge will now go here, and this will be your root filesystem. Remember there will be some files copied in by default. This requires you to set FEATURES=“-collision-protect” in your make.conf file. These files are technically not needed if you emerge the virtual/os-headers and glibc as the first packages along with baselayout. (YMMV).

(or where old hackers knock the rust off the old skill sets… So I'm learning what "layman" is and "emerge" is a new "Gentoo-ism" for me as well.)

Another guy’s ideas on installation:

Always nice to have some commentary from folks who have done it.

So you want to install Gentoo Linux.

The first thing you want to know is that its a very hands on Linux distribution, its not easy.

Gentoo takes a long time to install because you’re building everything from source and it’s being built for YOUR computer.

This guide is set up for a very basic Linux system, nothing else like kde or gnome, thats up to you.

It’s setup not to give you to much information, but enough to make the right choices needed to get the system up and running.

The Official Gentoo Linux install guide is HERE

But its way to much information for most people.

This one you shouldn’t use.

The new 2007.0 handbook uses a “install” script though X or a text based installer.

Lots of people have had issues with the new setup on the CD, so thats why I’ve made this one.

Basic guide lines:

Where the “this one” is a link to the 2007 guide and the “official” one is 2008. Some of their package locations are links that are out of date, but still informative as to naming.

FWIW, I was “cookbooking” some of this and didn’t notice that I’d gotten x86 base with 64 bit Stage3 so at the time I was to do a “chroot” into the new environment, it failed due to the executables being a non-match… That little “what is that x86 in the name for” oversight cost me about an hour… or two…

LOTS of packages of sources for various releases:

For example, here are the “Stage3” x86 listings:

[DIR] hardened/                                          03-Oct-2012 19:27    -   
[   ] stage3-i486-20121002.tar.bz2                       03-Oct-2012 17:06  141M  
[   ] stage3-i486-20121002.tar.bz2.CONTENTS              03-Oct-2012 17:06  2.9M  
[   ] stage3-i486-20121002.tar.bz2.DIGESTS               03-Oct-2012 17:06  716   
[TXT] stage3-i486-20121002.tar.bz2.DIGESTS.asc           03-Oct-2012 19:27  1.6K  
[   ] stage3-i686-20121002.tar.bz2                       03-Oct-2012 17:07  141M  
[   ] stage3-i686-20121002.tar.bz2.CONTENTS              03-Oct-2012 17:07  2.9M  
[   ] stage3-i686-20121002.tar.bz2.DIGESTS               03-Oct-2012 17:07  716   
[TXT] stage3-i686-20121002.tar.bz2.DIGESTS.asc           03-Oct-2012 19:27  1.6K  

Choice of 486 vs Pentium class. Going to the supplied parent directories gives a lot more choices.

Including choices of more “current” vs slightly older releases. Going up even higher gives more options:

Index of /releases/x86
[ICO] Name Last modified Size Description
[DIR] Parent Directory –
[DIR] 10.1/ 10-Oct-2009 11:23 –
[DIR] 11.0/ 08-Mar-2011 02:20 –
[DIR] 11.2/ 07-Aug-2011 14:40 –
[DIR] 12.0/ 01-Jan-2012 18:26 –
[DIR] 12.1/ 31-Mar-2012 18:01 –
[DIR] autobuilds/ 07-Oct-2012 08:27 –
[DIR] current-iso/ 11-Jul-2012 20:28 –
[DIR] current-stage3/ 03-Oct-2012 14:27 –

SO you can even reach back to a 2009 era vintage
(for that old vintage hardware ;-)

Going just one step higher gives even more CPU type options, for use on that “variety hardware” you got at the University Yard Sale:

Index of /releases
[ICO]	Name	Last modified	Size	Description
[DIR]	Parent Directory	 	-
[DIR]	alpha/	08-Aug-2009 19:47 	-
[DIR]	amd64/	31-Mar-2012 23:14 	-
[DIR]	arm/	08-Aug-2009 19:47 	-
[DIR]	hppa/	08-Aug-2009 19:47 	-
[DIR]	ia64/	08-Aug-2009 19:47 	-
[DIR]	mips/	28-Apr-2011 15:38 	-
[DIR]	ppc/	08-Aug-2009 19:47 	-
[DIR]	s390/	25-Aug-2009 17:37 	-
[DIR]	sh/	08-Aug-2009 19:47 	-
[DIR]	snapshots/	15-Apr-2009 21:08 	-
[DIR]	sparc/	08-Aug-2009 19:47 	-
[DIR]	x86/	31-Mar-2012 23:14 	- 

Notice that ARM is clearly on the list, but so are some other interesting options.
ia64 for 64 bits.
ppc for old PowerPC chip Macs.
Even sparc for that old Sun Server in the garage ;-)

The various “Live CDs” to start from
(including full release downloads for “live DVDs”):

1. Installation media

Gentoo Linux is available free over the Internet. You can download Gentoo Linux (weekly autobuilds) from the appropriate iso and architecture link below.

Please consult our Gentoo Handbooks for more information on what to download, how to install Gentoo, and how to verify the validity of our media.

    alpha: iso stages
    amd64: iso stages
    arm:       stages
    hppa:      stages
    ia64:  iso stages
    ppc/ppc64: iso stages
    s390/s390x:    stages
    sh:        stages
    sparc: iso stages
    x86:   iso stages

If you prefer to select a local mirror yourself, see Gentoo Mirrors.

Where all of those have ‘live links’ on the “iso” and “stages” parts. The “iso” gives the bootable CD, then “stages” has the source for the add-ons.

And, the “big lumps”:

3. Other media

Gentoo 12.1

LiveDVD (released April 1, 2012)
(up to 3.6 gigabytes depending on arch)
amd64 x86

Gentoo 12.0

LiveDVD (released January 1, 2012)
(up to 3.6 gigabytes depending on arch)
amd64 x86

Gentoo 11.2

LiveDVD (released August 7, 2011)
(up to 2.8 gigabytes depending on arch)
amd64 x86

Gentoo 11.0

LiveDVD (released March 8, 2011)
(up to 2.6 gigabytes depending on arch)
amd64 x86

Gentoo DVDs and CDs

If you simply don’t have the ability to download the large DVD or CD images, then you may wish to purchase a Gentoo DVD or CD.

Don’t know that most of us would need 2.6 GB of “Stuff”, but it will be a pretty complete operating system… I’ll likely try one “someday” when the box that has a DVD reader in it is not the one that is also “Linux Hostile”… (i.e. my HP g6 laptop).

LiveCDs beyond just the build environment:

Thanks to Cpasjuste and stonersmurf, we now have three Live-CDs!

See First Steps for a step-by-step tutorial on running them.

Note: Samsung drives are supported on the Gentoo LiveCD BETA v2, only.

Gentoo Minimal 2006.1 Get it from here!

This LiveCD is based on the minimal Gentoo Live-CD, so it doesn’t offer X. But download size is reasonable at around 90MB.

Gentoo LiveCD BETA Get it from here!

This LiveCD is based on the BETA Gentoo LiveCD. It includes our framebuffer driver and a Gnome Desktop environment. Download size is around 600MB.

Gentoo LiveCD BETA v2 Get it from here!

md5 sum , Release Notes

It is the second revision of the Gentoo LiveCD BETA including the latest kernel updates for the Xbox 360. Download size is around 621MB.

So, got an old xBox 360 laying around? Want to play a whole ‘nother kind of game? ;-)

And, there’s even a dedicated wiki site for Gentoo:

With that, I think I’ve put enough “stuff” here. If, in 6 months, I decide to make that old ‘white box’ into a new class of cross compiler server, or whatever, I won’t have to rediscover all this stuff again…

For now, I’m likely to just download one of those 600 ish MB isos and give it a try. I’ve done the whole ‘compile and install’ thing, and it wasn’t too bad, so I got the main answer I was looking for: This is a pretty darned good candidate for a Raspberry Pi or Bagleboard or similar SBC. If I have size, performance, or ‘odd hardware’ issues, I can get into the sources and fix them. Lots of tools, and a pretty good developer community.

Hacker Heaven… and hell… can’t have one without the other ;-)

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Tech Bits and tagged , , , . Bookmark the permalink.

49 Responses to Gentoo – Love Hate Relationship

  1. E.M.Smith says:

    BTW, I found the process of concentrated focus for hours with strict perfection needed to be very cathartic and healing from the “Rage Boy” aspects of what reading the Koran induced. Since it does zero good to be “mad at the machine” and a Zen like center works best, it tends to move me that way…

  2. p.g.sharrow says:

    Sounds like you may have found the right tool set. Even more scary I almost understand what you are describing to create a build. This sounds like the “good old days” of Linux pre version one. I’m glad you are the one breaking trail. pg

  3. As usual I am awestruck. If Chiefio can’t make Gentoo behave what chance do I have?

    My rescue disk uses Gentoo. When I get into serious trouble I boot from the Gentoo “Rescue CD” and it provides some excellent utilities such as “gparted” that reminds me of “Partition Magic” version 8 in good old Windoze. Hard to find programs like that these days. My “User Friendly” Gentoo rescue disk has a few little quirks to remind me that I am not worthy of it. After booting up it presents me with a command prompt that is just great for people who can remember the right commands. Sadly I can’t.

    For simpletons who need some kind of “GUI” type [startx] and then hit “Enter” button. You get a command prompt that accepts “bash” commands just like the “Terminal” you are familiar with in Gnome. Most of the time I just type “gparted” and hope for the best.

  4. j ferguson says:

    Creeping up the Coosaw (6.0 knots through the water, 7.2k over the bottom, well it is the flood). Yesterday’s madness was installing virtualbox, then win98 as guest, on ubuntu 12.04 – I was procrastinating about changing the blown oil-cooler.

    Why win98? because i had the cd. I’d forgotten that you couldn’t boot from the cd. VirtualBox was not able to see a boot track, so no-joy. So I downloaded boot-floppy image that someone was kind enough to post on the web, and then everything worked – sorta. I got blue screen errors, but persisted and now it works, all 480×640 of it. yippee.

    then i discovered that guest-addition doesn’t work with win<2000. so i can pull the stuff i want in from our mi-fi network, or make images of the folders which have it.

    i wonder if this thing will host cp/m. I think i can still find a SASI drive with cp/m from my BBS days.

    i replaced the oil cooler.

    Gentoo? I think I'll wait for Genthree.

  5. adolfogiurfa says:

    @E.M. What kind of reward/profit, if any, would get the creators of this OS?, Or is it just for “hobby” they made it?. How do you see the future of OS in general for world wide use?

  6. Reminds me of dual-booting Slackware on the Win95a machine at work. I was fed up with getting the BSOD, and although the later 95b didn’t suffer from this very much for me, I still found Linux useful.

    Despite having used a lot of command-line machines, I do prefer a GUI that encapsulates all the required switches rather than having to key in foo –h to find out what foo actually will do when I push it. Especially as it was sometime man foo or foo -help instead for some programs. If you’re using a command a lot, then you know the switches needed, but if you use it once in a while you tend to forget the finer points.

    On the Zen attitude to making systems work, I instead found it very cathartic to swear at Windoze when it for example tells me to “shut down properly next time” when the system crashed without me doing anything. I really got to hate the Windoze programmers who treated the user like a dummy with snide comments on how to Get It Right Next Time when it was their fault it failed. Buck-passers.

    At the moment I’m running Ubuntu 10.04 (Gnome UI) since I know where everything is and I don’t want to relearn where things are in order to have something “prettier” or a clear desktop except when I’m working. I may change this when the support for this dies, or just install Gnome or KDE instead of Unity. Over the years the UI has become more pretty and less quick. Not really a major problem on a reasonably modern machine (this one is around 4 years old) except where they’ve put in programmed delays for task-bar appearing after the cursor hits the top or bottom of the screen, and it moves smoothly (and slowly) into view. Another delay before it disappears, too – almost getting me annoyed enough to hack the source code. It used to just appear and disappear with the right trigger-points, but it’s prettier (and a second slower) now. I think the Linux programmers keep trying to compete with Windoze and Apple for prettiness, whereas I want to just have a quick response.

    Oops, got into a bit of a rant there….

    These days I want the OS to just work and run my programs. Having to spend a few hours each time there’s an upgrade just to put things back to where they were is just wasting time.

  7. E.M.Smith says:


    2 things: But first “Don’t Panic!”… it’s not that I can’t make it work….

    1) I’m doing a particularly hard environment. A Virtual Machine with no specifications (they may exist, but I’ve not gone looking… yes, I’m like that…) The particular issue I ran into involves making partitions on a physical disk. I doubt that the VM supports that feature.

    2) I’m not done yet. That was just how far I got on one evening. Likely a trivial fix ( I think I just guessed wrong on sda vs sda0 vs sda1 for the partition name… maybe I will read the manual page ;-)

    I suspect that just following the ‘cookbook’ on real hardware would have worked fine as written.

    @J. Ferguson:

    Ah the joys of working in an engine compartment on a pitching boat…. Remind me sometime to tell about fixing the throtle cable to the diesel as the wind slowly blew me toward the rocks on Angle Island… (Tides were wrong for my dumpy boat to do enough v-made good into the wind to avoid the rocks…)


    Why some of my boxes are still running Red Hat 7.6 or some such. I know were everything is…

    Yes, there are folks enthralled with the “Look and Feel”. It’s part of the barn raising culture to have folks who love one area concentrate on it. So the GUI folks love the graphics… and I get transparent terminal windows that let you see what’s behind it because it’s ‘way cool’ even though it makes reading the damn text harder… and I go searching for how to turn off the ‘cool’ transparency…

    So after a half decade (decade?) of not upgrading, I’m now doing a ‘search cycle’ to see what the choices look like these days. What I like, what I don’t. What has graphics that offend enough to stay away… The GUIs have multiplied worse than rabbits. At least a 1/2 dozen systems now, with dozens (hudreds?) of skins on them. Sigh….

    But may as well do a decent job of the search now, and be ‘set’ for another decade ;-)

    Besides, it’s getting my skill set up to date in the process.


    In the begining, the OS was always “home grown”. They guys who made the first machines had to make it too. Then companies tried to “own the space” playing various games with proprietary operating systems (and making $Billions in the process – see Gates for example).

    Some of us got tired of it (and the crappy code they pass off os ‘good’) and started going back to the “DIY” roots. Linus started it in a big way (though others were doing ‘similar but different’ such as those of us using BSD Berkeley Standard Distribution at the time).

    From that point on, litterlly Millions Of Hackers, Crackers, Systems Admins, and whoever wants to help have all “chipped in” in the largest Global Barn Raising ever. The Open Source Community (long history on that too).

    THE major ethos is that we all contribute what we can, and all benefit from the actions of the group. Even if all you do is use it and complain about bugs. “Testing” the Microsoft way ;-)

    Some folks DO manage to get some money out of it (often via donation buttons on sites, sometimes via selling ‘support’ packages – i.e. rent a geek; sometimes via a 2 tier process where the source code is free, but a premade set of CDs is $20 and a computer preinstalled is also sold at higher prices). Red Hat is based on that kind of model and they are a public company making money.

    Some distributions are done by folks as a hobby. Others as a “thesis” project. (Mosix, the self assembling Single System Image cluster was originally a project of one guy, who later at the move to multi-core CPUs took Mosix into a private company (though the last public release is still free).

    As to the CrashBang folks: I don’t know their exact motivation. One can likely find it at their site. As to the Gentoo folks: They wanted a ‘build from source’ for some of the same reasons I do, so made it. It’s now a community effort from those like minded folks.

    Future of OS? A real time non-stop encrypted distribulted redundant system. (Oh, and some fool will eventually graft automated intrusion tools onto it, it will infect systems globally, become self aware, and take over the world. But I’m hoping that’s not for at aleast another 100 years… Note the lack of a smiley face…)

    Before then, ever larger chunks of the world will move onto Linux and Linux like systems. We’ve now gone past critical mass. Germany commited the government to being all Linux not too long ago. I even ran into a public distribution in Turkey. Several government agencies listed as using it. Mexico as an education project (red…. something… redescolar?) Scholor Net. Putting up computer labs nation wide for secondary education. ALL Linux. They “did the math” and just the license fees to Microsoft was several times the NATIONAL budget available. Using Linux, all software was free, it ran on MUCH smaller hardware, and the whole thing was several factors lower costs, with better performance.

    Once you start turning out MILLIONS of people world wide trained on something, and contributing to the Barn Raisng… well, it’s hard to compete with “free”…

    Oh, and expect a giant boost in China. As Microsoft builds in ever more user hostile copy prevention, more Chinese will just move onto Linux. Haven’t looked at Chinese distributions, but I’m pretty sure there will be many of them…

    For me, I still kept a Windows Box around for things where the file format was tied to them. As of a couple of years ago, I’m free of that. Open Office cut the last ties. I bought the HP Laptop in a rush, planning to make it dual boot Linux almost immediately. I ought to have check the model against the Linux Laptops list first. I was about to dump it when I found that using Virtual Box lets me use Linux without much trouble (though a bit slow).

    So I eventually see the world dividing into those who use OS Appliances, that will be built on a Unix / Linux like base (Mac O/S on the Mach kernel is one, Android is another, there are more), those who use it without hiding it under layers of “Flash and dazzle” (like me, and other hardcore Linux users), and a dying segment of pure proprietary software. Microsoft will be the last to die, and will likely migrate their “look and feel” onto a hidden Linux core at some point and try not to mention it…


    Yes, I’ve got that feeling too… (deliberately ambigous as to which one ;-)

    I like the source code aspect, I like the ability to point at my own source archive (after some work / vetting). I like the multi-architechture and efficiency choices. Looks like it is a ‘guaranteed path to completion’ even if a high workload one. (I’ll still be trying out ‘low workload fast solutions tha may be one slice short of a loaf… as they can be used while wating for the better solution).

    FWIW, right now I’m using #! Linux (Pronounced and sometimes typed “Crash Bang Linux”) with the IceWeasel browser (default). Discovered that there is this tiny little box at the upper edge a little bit (3 icons and time) from the right side that said “GB”. If you clidk on it, it rotates through GB, US, DE, and FR. Changed it to US and the special characters map right on the keyboard. Nice.

    It also does not have the ‘runaway FireFox process’ behaviour of some other releases (even though IceWeasel is just a rename on FireFox for legal reasons.)

    That LiveCD also booted and worked on both my test boxes (the Evo with a Windoz with a blown boot block and the HP Vectra that dual boots Win 2000 / Redhat something old wiht GIStemp). So it is now my “default web browser” platform.

    As of now, I’m booting off LiveCD to do any web browsing. No more worries about “what site or dingus tries to stick it’s digital trongue down my throat” or what virus tries to crawl on to the CD…

    Still working out how to ‘save state’ and things like upload bookmarks. (Not hard, just haven’t even looked at the choices yet, like, ‘can I mount a USB drive” or whatever…)

    I’ve also downloaded a dozen other LiveCD releases and a few whole release istall images. Such fun ;-)

    Along the way, my love of distributed computing has tried ot take over, so I’ve humored it a bit and let it learn about what happened to Mosix and Parallel Knoppix. There’s several options now for making your own cluster of computers. One even does it (did it? I think it’s a dead project now) using IPSEC tunnels between hosts, so you could do private distrubuted computing on a public network / cluster. The work they did on shared private file systems is interesting. In theory, a few folks could ‘join’ their machines (with trust certs et. al.) with secure tunnels and share one file system (so all files can be shared all the time) along with being able to distribulte compute loads. Guess what “Phase 3” is going to be ;-)

    Yup. A stackable set of Raspberry Pi boards that can “cluster up” to act as one large system if desired, sharing a filesystem and process space; then you can choose to join in with others “out there” if desired. Add new nodes? Just plug in network and power, stick in the SD Card clone and go…

    Oh, and played a bit with Friend To Friend file sharing systems.
    There’s one for Windows that’s dirt simple to use and looks like it would work ‘well enough’:

    Not perfect. Not my long term solution. But looks like it works very well, for now.

    (My two issues are: 1) It is on top of Widows (though Linux versions are available) 2) in all cases it uses Java. As we just saw, Java has a hole in it… so not fond of that. Java is “pretty good” but the present relase ‘has issues’. So I’d use it now, but keep looking for better. IF I had anyone I needed to work with / share with secretly. Which, for reasons beyond my ken, I don’t. Go figure. I’d like to have a reason to do “Cloak and Daggar” as I really like playing with the toys; but what I do just isn’t interesting enough to need it. Sigh.)

    So then the brain ran off to one of it’s favorite ideas: Making a distributed cluster computer that is all connected via VPN tunnels and has a distributed redundant file system. ANY node can go down, and the missing data (as in a RAID box) gets recreated on other nodes. ANY node can go down, and the cluster keeps on going… Nobody can see what it’s doing (as everything is encrypted) without capturing a system that is up and running. (So put them on a deadman switch that chops power… BTW, found a paper on that recovering data from RAM. Need to freeze the RAM inside 2 minute and as short as 30 seconds for new chips or the data evaporates… not real worrked…)

    At any rate, that’s for “Phase 4” ;-)

    First get secure and private computing. Then secure and private web browsing / email and file exchange. (pretty much ‘good enough’ on both right now; just ‘integration / polish / QA / testing’ to go) and blend up a Distribution with those things all set. After that, add in “secure distributed computing” and finally “secure distributed non-stop data and processing”.

    And then an individual who has been ‘vetted’ can just walk up to a box anywhwere, stick in the boot token (CD, USB stick, whatever) present their digital credentials to the system, and proceed to go anywhere, move any files, see their (encrypted with another key if desired) data, and do it all leaving only an encrypted “fuzz” of data movement in any snooping systems.

    Probably a couple of years to that point working alone (even leveraging off of all the excellent work being done by like minded folks building all the parts I’m picking up to bolt together). Oh well, such is life.

  8. p.g.sharrow says:

    @ EMSmith; Before you can build a barn you must gather the tools and get familiar with them. Sooner or later you will be “discovered” by someone that needs a barn. This barn will be needed and you may be the unique mix of abilities and attitude to guide this effort. First the design specs, which you seem to have thought out very well, indeed. Being, not married to specific hardware will be best in the long run. The need to learn a software system one more time is doable for me, I just don’t want to do it every 3 or 4 years as I have had to with Windoz / Dos, along with driver upgrades every time a printer dies and must be replaced.
    You are right MSWindoz is a dead end and I need to get off this road. I have 2 programs that require windoz to operate that I must support at present. One machine can be dedicated for that at present. I am looking forward to your progress reports. pg

  9. E.M.Smith says:

    Well, it’s been an interesting day (or is it two now?…. that’s part of how you know it was an interesting time…)

    I’ve been sucked into the rat hole of “secure and anonymous” lawbreaking downloaders… Seems they, being sued by the RIAA (or some such) and having ISPs (like Comcast) shooing “fail” packets into their bittorrent streams and throttling their rates… have been busy building all the tools needed to securely, and PRIVATELY, download files, do peer to peer file swapping, torrent downloads, email, all sorts of stuff. So I’ve been ‘coming up to speed’ on what is already done.

    Along the way, I learned to use “bittorrent” (and then promptly downloaded a few dozen gigs of Linux software including a dozen different distributions ;-) Yes, I’ve never used Bittorrent until now. It’s fairly easy to set up (near trivial) and seems to work well. Has an ‘encrypt’ option for network traffic (to confuse the ISP snooping for bittorrent traffic to disrupt – the basic structure of bittorrent does NOT anonymize the downloader – your IP and machine are ‘known’ and shown to anyone getting a file from you or from whom you are getting a file). Which promptly lead to a dozen projects by folks to make the same functionality, but where they can’t be identified nor sued… (a project for “tomorrow”… to dig though the dead and living projects for interesting source code to re-use).

    At any rate, also along the way, I decided I wanted to have a little ‘bittorrent server’ of my own (off of the laptop) and a place to generally ‘screw around’ and leave on the internet as desired.

    I also have an old Toshiba Satellite 2535CDS – that’s a 233 MHZ x86 with 4 GB hard disk and about 92 MB of memory. With Windows 95. The screen on it died a few years back, so I’d plugged in a monitor and sucked the data out, then into the ‘boneyard’ it went…

    Well, today, out it came. I’m using it to type this. Out of a dozen ‘liveCDs’ only a couple could now work on this “small” hardware. (somewhere I have some old CDs that worked better ;-)

    But one, Mijnpup, worked fine (as would all the Puppy family). It has a nice tool that let me dump the hard disk to the USB drive (that has a 4 gb SD card ‘chip’ in it). Does a “dd” into a compress. Mounted that on the new laptop, and could see the files inside fine (with yet another free bit of software… z7Z or some such) So back at the Toyshiba…

    After a few tries to get various things to ‘boot then install’ (having downloaded LOTS of LiveCDs but not many / any plain ‘install’ CDs…) and having some of them not recognize various things, like, oh, the keyboard or network PCMCIA card… I finally found that DSL Damn Small Linux was happy with all the parts, could boot into the RAM even after setting aside a Ram Disk, and would then do an install. It didn’t have a disk partition program on the CD that I could find in 2 minutes of looking (and the cfdisk on Puppy would exit when I launched it) so I just went ahead and let it format / take the whole disk…

    So as of now, it’s a nice, working, if very small, Linux box. A bit slow on x-windows and with FireFox launched, but not too bad, all things considered. Certainly enough for a box that’s just mostly going to be serving / downloading random files from the internet.

    So that’s why there’s no posting today…. I got sucked off into ‘geek land’… I noticed it was time for dinner when the spouse asked… ;-) don’t think I had breakfast or lunch… unless you count coffee and tea… maybe I had a bowl of chili? Not sure… Hey, it’s a geek thing…

    So, long story longer: One bit of “junk” is no longer junk. It’s now a VERY small footprint file server for a slow network / internet connection that can be scrubbed and restored as needed. (Which reminds me, next thing to do is to make an image of it in this more or less pristine condition…)


    Yes, the first part of the process is “tool admiration” with the occasional “trial”. I’m now pretty much at the point where I can start digging some trenches and putting in some forms…. I’ve also got a few ‘bits of kit’ that work well all by themselves (so using the ‘barn’ analogy, I’ve got some feeders set up and some chicken wire and poles around the chickens… just no walls and roof yet, so not completely varmint proof…

    FWIW, one of the really really nice things about Linux / Unix (for most things) is that much of the core stuff I learned in the ’70s and ’80s is still there. So /etc/fstab (or on some warped systems /etc/vfstab) still tells you what file systems to mount. “swapon” was on this linux and I was able to add a ‘swap file’ just like I last did about a decade (or more?) ago. I did have to peek at the man page (manual) to be reminded the exact steps… So once you start a transition to Linux, you find that at the next MS release, it’s easier to do more Linux then to deal with the MS changes.

    FWIW, the “liveCD” is generally a fairly painless way to get familiar with it. So I ran at least 3 different “distributions” in this machine and never touched the Win95 install once… For very old machines, use DSL Linux; for medium old / small use Puppy or Mijnpup. Medium sized move up to Slax or Knoppix. On Big Fat New Hardware, there’s a bunch of them from Ubuntu LiveCDs to Mint to Debian to Scientific Linux (Red Hat Enterprise without the fees…) to…

    The Windowz emulation has gotten quite good and most old programs run under Wine (the SuseLinux Wine was quite good last time I tried it a decade back). (WINdows Emulator). Then there are the releases that come with a virtual machine built in so you can just install Windoz in a VM inside the Linux… It can be a gradual transition ;-)

    Though, frankly, my favorite method is still to just get an old “piece of junk” being disposed and give it a new life. Heck, folks are dumping single core 1 Ghz machines now with 1 GB memory! As I’m presently running about about 1/5 of that… well, lets just say you match a light weight release with hardware like that and it just flies…

    So next “tech” posting will likely be a brief summary of “things settled to date”, like proposed hardware, software OS, software Apps, overall architecture, things ‘found and discarded’ (like BitBlinder that looked like a way cool anonymous bittorrent for peer to peer file exchange in an encrypted tunnel… until I found it required a ‘subscription’ and the project had died and the source archive was nowhere to be found anymore… so moved on…)

    All for “another day”.

    At this point it’s just going to be “shutdown the laptop”, pour some cognac in a glass ;-) and take a tech-break…

  10. Em – Wine Is Not Emulation… I liked that recursive acronym, but I suppose they’ve reworked it. Thanks for the tests and the telling – I still have some old boxes and just haven’t had the time/inclination to get the really old systems running something useful. I used to design and layout boards on a 586 233MHz machine (the software would run on a 386) and it seemed pretty quick then, but the OS bloat made it unusable.

    It seems that the DSL may be a good match to the Raspberry Pi with a recompile.

  11. j ferguson says:

    sometimes running what it came with isn’t so bad. it’s hard to believe that we used to think Sperry 286’s (relabeled Mitsubishis, from the wonderful folks who brought us Pearl Harbor) were lightning quick for AutoCad, mostly because they had a slide switch which allowed the processor clock to be upped from 4.4 mHz to 6 mHz, thus reducing the regen time from over a minute on some designs to 45 seconds.

    Wine seems to evolve. Things that ran on it in Ubuntu 9.10, don’t run in 12.04 (Gnome).
    oops, time to get under way – Savanna Herb River to new Teakettle, today – about 50 nauts.

    more later.

  12. E.M.Smith says:


    Yeah… technically, it’s not. But getting into the weeds of why an emulated Windows environment is not a Windows emulator was more detail than I wanted to explore at the moment….

    At present, I have three “preferred candidates” for the Pi. DSL with recompile (they have the sources carefully hidden in plain sight…. you can send $7 for a cd; or dig around in a few archives where the pieces are there, but not the integration such that you can say “make”… so I’ve started the download / assemble process. Thus the excursion into Bittorrent and related…), Arch Linux (that I’ve not explored by saw hints it was being done by others already), and Gentoo that is known to be widely portable and on ARM chips (thus the exploring ‘difficulty’ in the V.Box).

    Exploring all three ‘in parallel’ until one pulls out ahead. DSL is based on a Knoppix core, so does better hardware detection of “old stuff”, but likely harder to port to ARM (as it will be expecting lots of old PC parts). I’m mostly using it as a fast, easy, working, boot-and-go disposo system on old hardware at the moment. So it’s a “useful for general browsing and such” on the 1/2 dead laptop. I’m also exploring how hard is it (or not) do do things like save state in a secure way (it has a built in ‘backup’ process). So nice feature set, but probably ‘best’ for non-ARM targets. Then again, I’m of the opinion that while the Pi is the ultimate target, having a Very Similar Product that’s a cd you stick in your generic old laptop with disposable wireless dongle at StarBucks is less “noticed” than a guy with a shoe box full of Pi and wires… So I’m seeing it as a primary track for a non-ARM CD based “release”. It’s pretty close to that already. (Needs a re-mix with an encrypted filesystem by default, encrypted backup, encrypted USB store, OneSwarm installed, VPN installed, etc. Not hard, just a bunch of package adds and burn a new CD, then test…) Probably best for most folks as most folks are not interested in boards in shoeboxes ;-)

    I’d recommend giving it a try on those old “dead” machines. It is working well for me in a very constrained environment.

    Gentoo was not all that hard to do a complete install (rather like ‘the old days’ that I know best ;-) it was only the oddity of the V.B. that got in the way of the disk layout. (Haven’t tried to ‘fix’ that yet… been doing other things… but likely an easy fix). It’s most likely the end point for the Pi. Full source control and known to work on ARM, along with very diverse package set AND a large developer community testing that packages (including on ARM). But more work, so a longer path. Which means I’m using the “half dead” laptop (HDLT?) and CDs as the exploration package to find out “what software packages are needed?”. Tried to do a Gentoo install into the HDLT last night… it didn’t recognize the CD… so I likely need to make a boot floppy (or something ;–)

    That just leaves Arch as the very unexplored option. I know it’s on ARM, but don’t know much more than that. I think it’s aimed more at the embedded systems folks. (So lots of folks looking at the source code closely… they still care… but not a lot of desktop environment support ;-) I’ll likely look at it next week some time. Have to catch up on other things, like my own blog, first ;-)

    Puppy is a nice LiveCD, but less compact than DSL and needs slightly more power than the HDLT provides for a decent ‘experience’. Has more “stuff” already in it, so more complete (especially for the Mjinpup version) and likely more comfortable on slightly larger machines…

    Sidebar: On my shelf is an old book about Slackware with a 7.x ? system in it (now they are at 14.x) it runs in something like 16 MB of memory ;-) So I ‘have options’ if I want to go even smaller…. Oh, and I’ve still got my Red Hat 5.2 original “Professional” release. Used it to turn an old Hitachi Lap Top with 16 MB into a router… For a year or three it sat on my desktop and routed my ‘office cluster’ to the corporate network. Had a nice “blinky light” on the network dongle…. so I’d know if traffic was happening I didn’t request…. (Hey, when you have the keys to ALL the city, you aren’t paranoid, someone IS out to get you…) Found it the other day (while looking for old small HW to use as a testbeds) and discovered that it had died in storage. It tried to boot up, but the keyboard and mouse were dead. Figured it was likely EOL time at last, so didn’t bother trying to hook up external KB / Mouse… Doubt many folks have an old 16 MB system with maybe a x486 in it… But that Red Hat 5.2 did run in it, and would put up a graphical desktop (if you were not too picky about speed…) so that somewhat sets a lower bounds for ‘what I have on the shelf’…

    In short, if you need an “old release” for your “old hardware” and can’t find one, well, I’ve got some old and small stuff and could be talked into putting up an image of the disks somewhere…

    @J. Ferguson:

    Exactly. Part of why I despise auto-updating. It mandates your system will become broken as code bloat consumes it. So I have some very old systems, stuck as an island in time, that still work Just Fine as is. (Like my GIStemp system where it is “period correct” in that the hardware and software are both from the ’80s ish era so all ‘play well together’…)

    FWIW, I’ve sketched out a generic “Paranoid Computing Office” layout that I’m “building toward”. On the “someday” schedule is to make a picture of the layout and post it. For now, a ‘word picture’. Starting from the internet:

    First up is the Telco Router / Firewall – the Wall Wart or lozenge they give you. Most do an OK job of some kinds of firewalling… and provide 1 to 4 ‘spigots’ of internal network (usually NAT Network Address Translation to 192.168.x.x internally).

    I would add an (optional) internal firewall with optional packet inspection, filtering, routing just behind it (and perhaps another layer of NAT, though sometimes double NATing can cause issues…). Commercial product or Linux Firewall as desired. That is what the old Hitachi was doing for me… though I’d only done primitive filtering on it. Need a ‘new old toy’ now… may be the ultimate fate of the HDLT.

    Before getting to the ‘inside’… Back on that Telco Router, you stick some generic old POS PC (Piece Of Sh…) with a generic OS on it. Oddly, there’s a “Damn Vulnerable Linux” release for purposes of testing cracker SW that might be a nice ‘target’. At any rate, you can make a “Honey Pot” that just sits there as an attractive target. Get up in the morning, before turning on or connecting any OTHER machines, check out the Honey Pot. Traffic going to /from it? Process Table / Report showing CPU being used by something? It’s been hacked… your firewall was not good enough… Shut it down, format the disk low level, re-install from CD/Backup, and leave it off. Boot up your other “kit” and do you daily work (knowing you have a FW exposure – so maybe disconnect from the network until you fix that… a good practice anyway is to only connect when you WANT to be connected…so a hub with a ‘disconnect’ button on the uplink is nice… the “swap uplink” works for that as it swaps Trans / Rec wires.)

    At the end of the day, swap back… And inspect your FW to see just what is getting through, and inspect the Honey Pot to see how the attack proceeded. (It can be helpful to have it logging all sorts of stuff to write only media. We actually uncovered on sly fellow via an old TTY printout of the console logs. He erased the appropriate lines from the digital copy, but could not erase the paper…) Then figure out how to stop it.

    IFF your honeypot is not hacked, just leave the process monitor up and running while you do your daily work. IF it starts showing unexpected activity, you have an early warning to ‘disconnect’ the internal network and start watching / cleaning / inspecting / etc…. This has a small risk in that you are letting the “bad guy” inside onto the Honeypot. For this reason, it is generally placed in a special network (called a DMZ … yes, DeMilatarized Zone), just after the Telco router and just before your internal Firewall. That way the “bad guy” sees and attacks it first, before finding a way through the harder target of the internal firewall. Do NOT leave it up and running during a ‘connected and working’ time unless you have such an internal firewall (and it is of some quality).

    Next comes the internal HUB. A way to break out the one router spigot for all the internal boxes. That has the internal FireWall plugged into it.

    OK, inside that firewall you have the “Private Side” hub. Off of this is a File Server. (Kind of optional, but there are long term reasons why it’s a good idea…). The OS for the File Server is “read only” so a new boot and it is clean. This has encrypted file systems on it (that may further contain encrypted containers placed by a workstation). It has special tools (like Bittorrent / OneSwarm and TCFS a networked cryptographic file system for the purpose of getting / distributing data in a relatively secure way. Why the double layers of encryption? In a “power down”, the whole filesystem reverts to encrypted. (Inside 2 minutes or so, the RAM is also drained – so anyone at the door has to make it TO the file server, find the RAM, and freeze it inside 2 minutes… put it in a hidden closet and inside a locked ventilated box… and it’s more than 2 minutes to get to the ram … so ALL the data “bricks”). Individual bits of data can be ‘served’ out to anyone, anywhere as a container of data that is itself also encrypted. They, then, can mount that container on their system (such as with TrueCrypt) and open / work on it. In transit, and when the FileServer is up and running, that data is STILL protected from inspection. (Do it using TCFS and you have a third level… belt, suspenders, hands on waistband…)

    OK, the “workstation” has a bootable CD in it (or a lockable USB dongle). Boot the workstation and you have a clean environment. Preferably a ‘hardened’ one, but that’s for a later effort. For now it is just “new each time” and so clean at boot. This makes it a race condition to any system cracker. They must identify the target, crack into it, and begin an exploit before you notice them (and you will have a process monitor running, right?…) As this machine will be rebooted at least daily, that’s a hard hill to climb (especially as they must get through 2 firewalls, and ignore the honeypot on the way…) Boot it up and do your daily stuff.

    If desired, it can be plugged directly into the Telco Router for casual browsing / whatever. Slightly more exposure to attack, but hey, do you really care if you are browsing Yahoo News? And you can see if anything “odd” starts to happen as the Old Laptop slows down, has disk accesses start unexpectedly (the OS is on the CD, remember? The disk isn’t in use…) or the process monitory shows a CPU spike of unexplained origin. Nice way to test how ‘hardened’ that LiveCD release might be. Don’t like what is happening? Hit reboot ;-)

    Finally, there are “finesse points”.

    I like to have a “log server”. A very stupid box with just about everything ‘turned off’ so no remote access is possible EXCEPT, that various other systems write log data into it. We used to have a WORM robot for this (Write Once Read Many) and I suppose I could find a way to do that with writable DVDs… for now it will likely just be some other ‘old box’ with a duplicate log file that gets periodically dumped to “something”… if not a printer or WORM, perhaps that old tape drive I’ve got in a box… Not a priority at this point and more important for more commercial applications…

    There can be an internal Secure Compute Environment. For my prior work, this was the Cray Supercomputer (yes, I’ve done all the above stuff on really good big hardware, not just one only HDLTs ;-). This machine has a connection to the ‘private network’ and you can optionally put an even more restrictive internal firewall router between those two. So allowing things like “outbound initiated” connections, but not inbound. This machine also has a nice big physical disconnect button. (or just pull the cable.). IF you do not not need connectivity Right Now, shut it off. This can be as simple as only booting up that internal firewall when you want to talk to the private net. This machine can also be set up such that it has “chroot” partitions on it. This is going a bit “over the top”, but you can make the machine schitzo. A login originating from one network (the “private side”) gets an automatic chroot (change root) into a restricted 1/2 of the machine. Login from the “secure side” – what? You thought “private” was secure? Hey, we’re talking serous levels of onion here ;-) – and you can see things like the host OS and “secret” projects. In this way, even if someone DOES get into the Private Side, cracks the (volatile rebooting) workstation or (from CD only) file server and manages to crack a login on the Secure Compute Environment… they find themselves in “chroot jail”. If, by then, you have not detected the “crack”, well then, you are just not paying attention and nothing can help you…

    Oh, and needless to say the Secure Compute Environment has a lot of communications tools shut off, a lot of software of limited use shut off, boots a locked OS (only unlocked for updates), has encrypted file systems on it, and likely has individual project data in encrypted containers INSIDE that file system, so only decrypted during active use. So if you forget and log off, but leave the server up and it gets cracked, they get a nice big encrypted container to chew on and likely don’t get anywhere… Besides, as it is going to be BIG, being a large archive, say 500 MB, it will take a LONG time pegging your firewall / router / uplink to get the whole damn thing moved out… and it is useless if they just get part of it. So you really ought to notice if the “blinky lights” are all going gangbusters and you are doing nothing….

    Finally, all this is on a ‘deadman switch’ power connection of sorts. Do something like put a wall wart timer that must be ‘reset’ to keep power on in 4 hour chunks. Have a ‘kill switch’ just after that. Now you must consciously CHOOSE to leave it all up overnight. Worst case, it crashes and you need to reboot (from those nice CDs… locked USBs). Someone rings the doorbell, or breaks the door down, you hit the ‘Kill Switch’. Now it’s a race condition for anyone with a spray can of coolant to figure out WHAT RAM to cool, in which box, where? Get it opened, and cooled. Having a locked door to the computer room / closet helps with this, as you can be on a ‘disposo LiveCD laptop’ and hit reboot… crash the rest. Now they ask “Where are your computers?” and you hand them the laptop… that has been rebooting with the ‘test ram’ option of the bios set… By the time they find the door, break it, find the boxes, open them.. etc… the RAM is pretty much dead.

    So that’s the overall approach.

    Why doing this? Partly because I’m bored technically. Partly to ‘refresh’ the skilz. (releases and software ‘moves on’ so must I). Partly because given the current Police State habits of ‘raid and take all hardware’ first, ask questions later, AND because this can be done based on nothing other than traffic TO your IP number (so if your kid does something, or the neighbor using your wireless – trivial to crack BTW, or one of your boxes is compromised so a cracker is doing it and you don’t know, or you become “politically incorrect” or…) EVERYTHING can be legally stolen, searched, AND archived forever to be used against you. I’m not fond of that… Given the “existence proof” of “Tallbloke and the Constable” where he was simply contacted on his blog by a random and “got hit” with a police raid… well, “Victory favors the well prepared”.

    Besides, the number of Day Zero vulnerability reports is just too high to be safe on a single image box (Windows is worst, LInux second, then Mac that’s actually pretty well secured but still vulnerable to things like the Java crack). So time for “defense in depth”. That, and the hardware is so cheap it’s worth it and not that hard to do. Heck, I’m still using old junk laying around the office ;-)

    Oh, and a couple of side notes: I’m likely going to be using Virtual Machines for some things. I’m making a USB stick with DSL on it that boots QEMU under Windows. So I can use my Windows Laptop or other Windows box for a Linux without needing to install Virtual Box … adding yet another layer… I’m also likely to be running some of the particular ‘internal services’ inside of virtual machines. Partly to get good at it, partly to add another layer of obfuscation. There’s a whole lot more detail too, but that will have to wait ‘for another day’.

    Anyone wanting to ‘play along at home’: I’d suggest starting with a DSL bootable CD or a Mijnpup bootable CD; and then exploring Virtual Machines… Oh, and put Truecrypt on your box… I’m going to explore various ‘Open Source’ encryption systems under Linux, too, but for now Truecrypt looks like a very easy and working solution. (As of now, my main files are all inside Truecrypt volumes that are NOT mounted as filesystems when I’m browsing. So my data is “locked up in a BIG lump” when I have connectivity, and only unlocked when it can’t go anywhere. Knock on the door, I crash the power button and the volumes are locked up again… VERY easy first level of security.)

    Isn’t paranoia fun? ;-)

    “I’m not paranoid. I’m the SysAdmin. They ARE out to get me!”

    It’s been true as long as I’ve run shops…

  13. EM – again thanks for leading the way here. I think I still have some early Slackware CDs here, and Mandrake from before it slowed down and became unusable. The old boxes may yet get another lease of life.

    It’s going to be a while, though. At the moment my head is full of LENR and plasma as BobN and I, with the aid now of Pete (another ex-Xerox guy) test out crackpot ideas to see what really works. It looks like a good time to get some cheap energy….

    The main problem with such paranoia on data security is that you need to keep track of all the passphrases. Also if you don’t keep adequate backups, a simple miswrite can screw up a whole data volume or possibly a whole serverload if it’s really bad. Good for professional use, where that’s your job keeping the data safe, but normal home users tend to forget the backups till after the crash. I only backup once a week or so now, for example, but then the data is copied in several countries now so at most I’d lose a day or so of the file I’m working on. A crash would be a minor inconvenience and my memory is not that bad yet.

    One thing about adding extra layers of security, as well, is that a compiler bug could get magnified. The Windows C compiler used to have a problem with malloc where it didn’t release all memory allocated when it came time to close the process. Thus memory leak and system crash after time. Possibly a better answer, rather than add more layers of security software, is to hide the computer and the storage really well. Maybe with what’s being mooted in the way of printable and wearable logic, this will become easier in future.

  14. E.M.Smith says:


    Per “hiding it”… “security by obscurity” is helpful, but insufficient. The Constable can spend an infinite amount of time and money taking apart every single place you have ever visited (and depending on the particular size of the ‘issue’ may well do so).

    Per “keeping passphrases”: Yup, that’s the big problem. My solution is to have a “method” that lets me recreate the passphrase. So things like “Titles of Startrek books”. The spouse has 600 of them (!) so lots of choices, but ‘searchable if desperate’. As long as you don’t tell folks the METHOD, you have a small search space and they have a large one. A similar method is to have a personal notebook that is simply encoded. So you could have a list of ISBN number and then some digits. They could stand for page, paragraph, sentence, and length. Anyone reading it, just gets some numbers. For you, it’s a road map to a string of characters. Also, one can use things like the serial number off the bottom of the coffee maker or the VIN on your car(s) or various concatenations of them.

    Finally, one can have a pendrive with an encrypted file on it (that has a reasonably memorable passphrase) in which you put a ‘key fob’ with the various keys on it. Now you have a small memory space needed, but large keys in use. The chip can be taken from the pendrive (if you have the kind with removable chips) and secreted in all sorts of places when not in use. Now a physical search has to be VERY detailed to find it at all, and intelligent enough to realize what it is. (So put it in with a dozen in the photo bag with the camera and, well, only someone like me would check them all…) Alternatively (and in some ways my favorite) put the keyring, fully encrypted, inside a file that is placed on a hidden internet cloud computer. You have what looks like a photo or binary executable file (really an encrypted container) that sits physically nowhere. Yet is available to you everywhere. So some “security by obscurity” and some “strong encryption”, and you need to know two bits of info: Where to get the hidden keyring and the passphrase for it. (So you could use “To be or not to be; that is the question, weather it is knobler to…” with the deliberate misspelling / grammar to bust dictionary attacks while ‘they’ have have a long hard key search…

    So yes, it is a problem, but it isn’t a really hard one. Adjust the level of ‘care’ and effort to your actual risk.

    Per backups: One of the very nice things about Linux is that backups can be done in an automated way in a script. They can be done into compressed files too, so can go anywhere. It’s not hard at all, really. Does take some storage. So I’d sink (what is it, about $100 now?) some money into a 2 TB USB drive on the file server and a script would fire up when I’m usually logged on to do a backup. ( dd if=/ of=/backups though you can also do ‘just changes’ with other methods). As the data being backed up is all encrypted, you can have a load of encrypted stuff flying all over and hiding what really matters…

    At any rate, that’s detail for another day.


    I got DSL on a Pendrive launched in QEMU on my Windows laptop. Worked fine… up until I launched Firefox. Got “the usual” runs at 100% CPU bug. So a bit more debugging on that, and a change of config most likely (or install Opera onto DSL…) and I’ll have a USB plugin that can go into a windows box and ‘click click’ launch a fresh environment, isolated from Windowz. Only exposure being keyloggers and net traffic sniffers. Good enough for typical day to day junk.

  15. E.M.Smith says:

    I probably ought to add that if you want to give DSL a trial, it can be easily downloaded ( 50 MB or so) and put on a CD, stick CD in a machine and boot. If it doesn’t work, you just do a reboot. If it does work, you get to play (after picking keyboard, language, etc.) has most of them for the current release.
    ought to start a download for an iso image to burn to CD for most uses. (the USB / pendrive version is and there are others in that directory.)

    doesn’t do anything to the system, the disk drive, or much of anything else. Runs in small boxes (obviously) and detected all my 15+ year old hardware including a 3Com pcmcia modem / ethernet card with a dongle ….)

    There are other choices for other countries: (Austria) also rsync and FTP (Quebec, Canada) (Belgian) (Belgian)

    along with more mirrors and even a bittorrent link on the higher directory:


    So pretty quick and easy to get and try. Not much risk in it either.

  16. jim2 says:

    I don’t know if DoxBox has been mentioned, but I’ve used it to run StarTrek 25th anniversary and Descent (I believe it was the first release). When my son was younger, he and I loved to play networked descent. We used walkie talkies since we were in different rooms. When I talked to him, he would rotate so that his vehicle faced mine. What a hoot that was :)

  17. E.M.Smith says:


    No, no mention of DoxBox ( I don’t even know what it is…)

    a web search on it only gives DosBox (that is also unknown to me):

    could you elaborate?

  18. jim2 says:

    It is a DOS emulator – you can use it to run old DOS programs. From the information tab on the web site you referenced …
    DOSBox is a DOS-emulator that uses the SDL-library which makes DOSBox very easy to port to different platforms. DOSBox has already been ported to many different platforms, such as Windows, BeOS, Linux, MacOS X…

    DOSBox also emulates CPU:286/386 realmode/protected mode, Directory FileSystem/XMS/EMS, Tandy/Hercules/CGA/EGA/VGA/VESA graphics, a SoundBlaster/Gravis Ultra Sound card for excellent sound compatibility with older games…

    You can “re-live” the good old days with the help of DOSBox, it can run plenty of the old classics that don’t run on your new computer!

    DOSBox is totally free of charge and OpenSource.

    Check our “Downloads” section for the most recent DOSBox version

  19. jim2 says:

    Oh, I didn’t notice the X where the S should have been. ADD strikes again!

  20. adolfogiurfa says:

    @E.M.: You are and have been a programmer all your life, as you have told us, then you are the best qualified person to find the way for de-programming ourselves. Watch this:

  21. P.G. Sharrow says:

    @EMSmith: found this on foxnews:
    Don’t know if this covers anything new to you, but, it is a fairly extensive article on stuxnet and flame spyware. pg

  22. Chiefio said: “Per backups: One of the very nice things about Linux is that backups can be done in an automated way in a script.”

    That is how I used to do it until I discovered “Ubuntu One”. Now, every time I save anything it backs up into the “Cloud”. Better still it also “Synchs” to my laptop. This greatly simplifies my life as it keeps my laptop and main (desktop) computers synchronized and backed up.

  23. “Ubuntu One” fills up ones “/” directory by putting copies of files to be backed up into the “/tmp” folder, so your computer gets really sluggish. You can fix this by mounting “/tmp” in its own (hefty) partition. Alternatively one can reboot from time to time.

  24. Jim2 – thanks for the Dosbox heads-up. I thought I’d tried it before, but it actually runs my layout software from 1996 – thought I’d have to have a real DOS machine to run it. If it accepts the dongle (and if it still works) that saves a lot of hassle searching out equivalent software.

  25. jim2 says:

    So, given DosBox, you can now play Zork again. :)

  26. jim2 says:

    Simon – you probably already know this, but you can fine tune the configuration file per app. It can make a lot of difference in the way the app runs. Not sure if there are configuration settings for serial or parallel ports.

  27. Jim2 – Looks like the ability to run a dongle is not planned, even in the personal variants. I may need to download the source. A little project for later.

  28. jim2 says:

    With Dosbox, you can also play Zork again. :)

    REPLY:[ No idea why, but they were in the SPAM queue ( a place I don’t often check ). No idea why. -E.M.Smith]

  29. jim2 says:

    Simon – check out this conversation … another app with a dongle was made to work.

  30. E.M.Smith says:


    The Network backups are useful, but as a hard core sysadmin (Paranoid? Not me, I’m the sysadmin; they ARE out to get me!) I’m always a bit worried that the “cloud” might not be a secure as I’d like. ( i.e. is it encrypted with strong encryption with a couple of dozen character long string that is NEVER passed ‘in the clear’ to the encryption process?)

    /tmp gets zeroed out on reboots, so if you reboot, you are dropping files. Have they been backed up yet?… /tmp is ‘world readable’ and typically also ‘world writable’, so that also implies anyone (and any software and any virus and any…) can zero your backups, and perhaps read them, or rewrite them as something else… unless they got the permissions set just right. I’d be incredibly nervous about that on a multi-user system (unless the data are encrypted prior to putting the lump there for upload). Frankly, it smells a bit of ‘slap-dash’ to me. A properly done backup system would be making a compressed encrypted lump in a hidden directory writable and readable ONLY by the backup software (and root) and then THAT would be sent up (inside an encrypted VPN pipe) to the offsite storage. At no time would your data be visible un-encrypted outside your box, or to any other users on your box. The backup script also ought to check file system ‘fullness’ and clean up after itself… @

    (I managed a project that got 4 software patents for backup software… It was put in production at Apple and did the backups of hundreds of Engineering machines – Macs and Unix – for several years… Like “Carbonite” but about 15 years ago ;-) so I know a bit about how to do backups.)


    Nearly 2 hours(!) of video? Maybe later… (I’ve spent all day trying different releases of Linux on the old Toyshiba Lap Top. Now installing Slakware 9.1 for the 2nd time… I’ve just discovered that a whole lot of old, fast, small Linux releases are “evaporating” from the public square and the ability to run very old (all of 15 years…) hardware is becoming hard even in Linux Land… so I’m also downloading and packratting a variety of Linux Archives too…)


    Didn’t know about mini-me-Flame… but not surprised. Part of why I’m a strong advocate of non-windows platforms (Linux, Unix, Mac,…) is the vastly lower load of “threat” material. As those viruses were deliberately aimed at MS boxes, they do nothing to the Linux boxes of the world.

    That is also why I have my “data” stuck inside of encrypted (LARGE) containers. Unless that USB drive has a 200 GByte size, it can’t take any of my data. As I only decrypt it when the network is disconnected, the entire lump has to crawl up the wire to be used (so there will be a LOT of blinking lights and frankly the probability that I shut down prior to much being sent is rather large…) Even then they get an encrypted bucket of junk…

    This is also why I periodically check things like:

    1) How full is my disk? (If filling, and I’m not doing it, why?…. who?…)
    2) How used is my CPU / Memory? (If running a lot or lots of memory used, and I’m not doing it, why?…who?…)
    3) What is my network activity? (If I’m not doing it, why? … who?…. part of why I shut off the ‘auto update’ features on everything).

    You will also note that the virus installed itself as a MS update. Part of why I like to install from CDs and then lock down the system and tend to shut off MS “updates”.

    Basically: Be aware of what your box does, when, and why. When that changes, investigate until it is understood as OK.

    So it goes…

    At any rate, that’s the kind of thing that I’m “building a system against”; as it has become very clear that MicroSoft is NOT going to make a secure system (has not, ever, doesn’t show much interest in it, and does things that clearly are conducive of intrusions…)

    Oh Well….


    S or X or whatever… No worries ;-) (Hey, they almost sound the same to me, and Dox might be closer to truth ;-)

    Time to go change Slackware CDs ;-)

  31. E.M.Smith says:

    It really is amazing some times what a little perspective brings…

    I’m typing this from a Konqueror browser on Slackware 9.1 release from my Toyshiba Pentium MMX 233 Mhz processor old laptop.

    What’s amazing to me is two fold:

    1) I got it all to work. I ended up hand editing files for network configuration (which is in an ‘odd’ place in /etc/rc.d/rc.init1.conf or some such) and doing various odd things to get it to talk to the internet. (One of which was change an old 3Com PCMCIA card for an old somebody else card that it liked… Xircom…. something… that I can’t check right now as it’s in the box being used…)

    2) The other is that while I really like this particular retro-windows manager – a KDE theme that reminds me a bit of Apple and a bit of ‘something else’…) the simple fact is that things are Pig Slow.

    How is it that Damn Small Linux can be quite acceptably fast and have a nice look and feel, while what is SUPPOSED to be a ‘old hardware friendly’ distribution (Slackware) can be painfully bloated and slow?

    Right now I’ve got a browser open and nothing else (other than the ‘top’ process monitor) running. 70 MEG of “stuff” is swapped out. WTF? That’s 93 Meg just to run an old not very fancy browser? AND another 70 Meg on swap? I’m sorry, but that’s just crazy. Especially since both Puppy and DSL were not even using all of memory WITH a RAM disk installed(!) and were much faster.


    OK, I didn’t want to learn the strange arcania of DSL / Puppy with all the strange things they do and odd packages and all… BUT, a generic “period correct” Slackware (with reputation of being ‘old and small friendly’) is acting like a pig in comparison. For that, I’m willing to “study up” on what the DSL / Puppy folks have done.

    It’s likely a week or two ‘time suck’, so may be put off for a week… I have some other things to catch up…

    OK, points:

    1) I’m happy I could do a Slackware install from old CDs, and that I HAD an old 9.1 set in the archives as the “world” has moved on and they are not available for download anywhere I looked…

    2) I’m very happy I could figure out how to make it all go, even though some of the administrative files were moved for… for… for what reason again?….

    3) I did a download and unpack of Opera (that took also installing bzip2 to uncompress unpack it) and then found it (even though a 2010 vintage 32 bit version) wasn’t happy. Still, all the needed skilz were still in the old cranium.

    4) Software is a moving river. You can never cross the same river twice. (Or, some assert, even once…) I have to choose between ‘period correct’ that runs on my old POS (Piece Of Shi…) hardware but can’t handle modern web browsers (that are the only thing that works with web pages today, loaded with new crap as they are); OR, a new whiz-bang shrunken toy OS that also works on this hardware, but doesn’t have 50% of the “parts”… As bloat happened, what was included was reduced. So I can be “good browsing” but limited everything else, or I can be “familiar old friend that does a lot”, but not browsing. The two time lines are orthogonal…

    All because the developers have decided to develop more for Big Hardware than small, and not cared about the past. So there are ‘break points’ where things break. (Like libraries and GTK tool kits and…) The “new” ones could be made resource light, but they are not. The old ones could be kept up to date, but they are not.

    I fear Linux is slowly catching MicroSoft Disease…. Stay on the Upgrade Path or die a slow withering death… but if you stay on it, be prepared to change hardware with the seasons….

    OK, what’s next?

    The idea behind trying things on the old POS Lap Top was to see what hardware constraints did to the software available. A Raspberri Pi is NOT a lot of fancy new 4 core UnObtanium Processor with 2000 TB of memory… So releases that “have issues” on a Pentium III 233 MHz are likely to “have issues” on an ARM chip as well. “Going Retro” for small memory and low CPU suck breaks the major software of interest – browsers.

    The main conclusion is that “technique” matters. I need to learn what DSL and Puppy do to fit in a small footprint and still have big performance while running modern browsers. Then integrate that with “whatever” onto the Raspberri Pi (or equivalent like BeagleBoard).

    Oddly, trying to run Knoppix on this box was very frustrating. It was a slow pig in comparison to DSL. Why is that Odd? Because DSL is built on a Knoppix core… somebody has some optimizing somewhere…

    At this point I’m going to scrub Slackware from the box, and then re-install DSL while I try to figure out why Gentoo would not install to it. (The CD doesn’t even try… so something in the way the Gentoo CD is made that fails to give the install prompt).

    I’m down to 3 candidates: Gentoo, DSL, Puppy on small limited hardware.

    At this point, I’ve not investigated Arch. IIRC, both Arch and Gentoo are ‘in progress’ ports to Raspberry Pi. So while I’m going to put DSL back on this platform and “learn what they have done”, I’m going to also evaluate Arch and figure out how to get Gentoo here as a ‘trial’ (perhaps via USB drive…)

    Well, that’s what I learned today… Old Software can be a bit fun and interesting, but it’s better to be in an old canoe with a new gas motor mounted on the hull…

  32. jim2 says:

    EM —
    1. I think my Zork post is stuck in moderation.
    2. Something you might find useful, old software:
    3. Old versions of Linux, might be helpful:

  33. jim2 says:

    EM – I think two or three of my posts are stuck in moderation.

  34. jim2 says:

    EM – Have you taken a look at TinyCore?

  35. jim2 says:

    Here’s another approach to a minimal OS:

  36. E.M.Smith says:


    I saw them, but had not had time to ‘follow up’. So as of now all I know is there name…. any ‘review’? (It can suck up a couple of days to assess a release and if someone else has already done it… well, that’s 2 days I can use for other things, like new postings ;-)

    BTW, I also had seen another release name that was, er, “interesting”… so in the interest of “completion” I did a quick look at their site.

    Ah, the world of Linux… global… diverse… customized to all sorts of desires… there’s even a release aimed at a particular sub-culture:

    Yes, “Satanic”…


    Dark and light Gnome themes with a blood-soaked feel.

    Nice to know if I ever need a gift for, er, um… come to think of it, I don’t know who… but it’s there if ever the “need” arises…. Maybe selected bits of it for the Dexter crowd… (wonder if anyone has made a “Dexter” theme Linux… but it would ‘sell’…)

    Back on Small Linux:

    The basic problem is that some basic libraries (like GTK) had a seismic shift about the same time the 2.6 kernel was rolled out for higher end processors. While I have gotten 2.6 to work on the Toy-LT it is a bit of a pig in itself. Yet I’m not all that interested in doing a ‘back port’ of all the libraries needed by the newer releases of browsers onto a 2.4 kernel…

    But a casual inspection of DSL looks like that’s part of what they did. (They also did a lot of other “slick” stuff, but along the way also did what looks like ‘gratuitous change’ in many ways, including a shift to a scripting language I’ve never seen before… not all THAT interested in learning Yet Another Scripting Language as I’ve been through a 1/2 dozen now and they are starting to blend… not bad when reading, a bitch when writing a script; as mixing C Shell syntax with Borne Shell syntax doesn’t work… Korn and BASH share a lot with sh, but not all. Then there’s…) So it makes sense to leverage off that kind of base.

    That means that most likely but not necessarily, what I’m looking for is a 2.4 kernel (likely with modules galore rather than monolithic) with recent libraries ported. Though perhaps an efficiency build of 2.6 with modularity would also work. (Don’t know enough about kernel builds to chose between those two approaches… yet…)

    So I’ll take a look at Linux From Scratch, but if you happen to know those things about it… would be nice. (Part of what makes Gentoo interesting to me is that it is all ‘built from source’ on your machine, which makes such tuning and customizing easier as you can set compiler flags and all; yet it uses all the features of YOUR processor, not tossing out high performance special instructions you have in favor of less efficient generic code…)

    At any rate, that’s were I’m at. Modular 2.4 kernel built with efficiency in mind works well. Running it in a small RAMdisk seems to be a viable feature (as evidenced by the folks doing it like DSL / Puppy) and then just package selection for low memory footprint / high efficiency (so the Midori browser on SliTaz as an example, instead of “Pudgy FireFox”… )

    One other “bit of bother”: DSL and Puppy are designed and intended to run from a CD Live disk. Great! Just the kind of “not subject to infection” media I want!… Except while they both have ‘instal to disk’ options, they are “not preferred” or “experimental” and generally it like swimming up stream (lots of niggling little ‘issues’ pop up). As I’m looking at a non-CD target hardware, running from ‘not a CD’ matters… Unfortunately, the Toy-LT doesn’t support boot from USB, so I need an intermediary step to get there (boot media like floppy or disk). I’d figured to “just boot from disk for now” and then launch from USB later. Turned out that was not as easy as the “install to disk” menu item seemed to indicate… (thus the detour into Slackware…)

    OK, enough complaining from me… time to get back to work on it…

    I’ll likely just re-install DSL, and maybe try running it from a USB drive with a boot floppy as a kludge, and then take a look at Linux From Scratch. I’d like to get a ‘usable enough’ environment on the Toy-LT that I can download ‘trials’ directly to it (and skip the download to this box, burn a CD, move to the other box…) partly because I just burned my last CD ;-)

    But I’ve now got about 60 GB of various Linux releases on my disk ;-) 20 GB in the Virtual Box library of .iso files and 50 GB in my new Bittorrent library… At about 100 GB I need to think about which of them I want to keep on disk and which to burn to DVD and put on the shelf… The long term end point for the Toy-LT is as a torrent server with a TB of so of slow USB disk plugged into it loaded with a canonical set of old, small, and odd Linux Distributions / Releases on it. (Disk speed doesn’t matter when you are throttled by the uplink speed). All in cost about $100 for the disk + my time and not much else. But that’s a project “for another day”… (but when it comes, I get back a 100 GB or so on the HP laptop…)

    Ah, well, life in Geekville

  37. jim2 says:

    Sorry, I haven’t implemented any small Linux distros. I just happened to run across them.

  38. E.M.Smith says:


    Fished them out of the SPAM queue. Maybe be a product name tickling something in the WordPress keyword bucket… Perhaps ‘the Z word’? Who knows…

    Yes, I’ve downloaded and booted TinyCore. It boots fast and easy. AND includes just about nothing else… So if you just want a ‘shell’, hey, no problem… It’s a bit too spartan… but if I wanted to ‘build up a system from scratch’, it’s a nice starting point. Just add all the packages you want…

    So which is easier: Adding in to TinyCore all that is desired but not there; or trimming DSL / Puppy back while ‘adjusting’ it to run not-from-CD? Such is the world of customized software…

    I was ‘gung ho’ for DSL until I went to download the source tree… and found it splattered all over. They DO say they will send a source CD if you send a check via snail mail… and there are chunks of sources in various places on the download sites. Is it ALL the sources? Do you get to do the “integration” yourself? Maybe and probably… Will the CD be a buildable tree, or just the same directories in a pile? I expect so… the overall ‘attitude’ vibe picked up is “We will honor the GPL, but only as far as ‘the letter’ and not the spirit. We built this thing and are making money from it, you want to horn in.” That was why I went looking ‘elsewhere’ (and will continue to look ‘elsewhere’ even while using DSL). Most likely I’ll just figure out the ‘key bits’ and retro them onto a different build tree. (Small memory use flags, 2.4 kernel. Built on top of Knoppix as a hardware abstraction layer, RAMdisk, squashfs file system I think, etc.) More work than I wanted, and when done will turn me into a significant competitor to DSL instead of a contributor to it, but that’s the way being stingy with GPL (public ‘free’ license) leads…

    Lots of stuff in DSL are done to steer you to them (like the browser opening 2 pages on their site one of which is a money beg). If you could “roll your own”, the first thing most folks will do is remove those things… so they have strong ‘incentive’ to ‘encourage’ you to run from the CD only… IMHO, of course.

    At any rate, I think I’m narrowing in on the “specs”. So looking at other candidates can be more focused now. (Instead of ‘download and try anything saying small and fast’ I can look for use of 2.4 kernel, modular kernel, hardware abstraction layer, RAMdisk, etc. and ‘score’ the probability better.)

    For now, time for morning tea and scrub Slackware from the Toy-LT, revert to DSL… or maybe I’ll just run from the CD of it for a while and see how it does with a different system on the disk at the same time. See if giving it a bit of swap partition helps, and how to point it at the USB drive at boot… I’ve got a nice 8 GB chip ready to go for that… I’d feel like I was making more progress and fooling around with distributions less if I got it to boot of the USB…

    I wonder what day it is?… hacking code is like that, several days run together and you lose ‘time sync’ with the rest of the world… maybe I’ll watch the morning news with tea and toast while installing DSL or Puppy to USB and get back in touch with the world… my calendar button says it’s Thursday. Wonder what happened to Tuesday…

  39. E.M.Smith says:

    From the wiki on Puppy, it looks like that’s the better direction to head (as opposed to DSL) for making my own variation.

    It has a system to make your own “puppy” from other system binaries ( “woof”) and it has full support for the things I need to do. Including floppy to boot USB, USB creation, and even a port to ARM / Raspberry Pi.

    The tool Woof can build a Puppy Linux distribution from the binary packages of other Linux distributions.

    All sounds great… but often there’s some “sellers puff” in such things and the reality can be less than stellar. So we “test and evaluate” prior to a “commit”. Still, having an automated “build light and small” tool is a BIG feature, even if it needs some tuning.

    From that Woof link:

    The Linux distributions that Woof can use as the foundation for a Puppy Linux distribution:

    T2 SDE

    So as Debian is the core from which both Knoppix and DSL are built (and Ubuntu), and Puppy is pretty small and adaptable too, it looks a whole lot like it lets me “play” with Debian, Slackware and Arch. Likely that Debian direct will be workable. Or perhaps a Slackware built for smaller hardware… though doing an Arch test is clearly needed as they have an ARM port:

    Arch Linux ARM

    Arch Linux ARM is a distribution of Linux for ARM computers. We are aimed at ARMv5 platforms like plug computers, OXNAS-based ARMv6 PogoPlugs, Cortex-A8 platforms such as the BeagleBoard, and Cortex-A9 and Tegra platforms like the PandaBoard and TrimSlice. However, it can run on any device that supports ARMv5te or ARMv7 instruction sets. Our collaboration with Arch Linux brings users the best platform, newest packages, and installation support.

    So a “very reasonable path” would be a “puppy” build of ARCH for the Toy-LT, then when comfortable that it does what’s needed on small hardware, the “same” build for ARM (Beagleboard or Raspberry Pi). Looks to me like it ‘leverages’ the work of others as much as possible, while still having options to step in and customize as needed. (such as leaving out software with security holes you can drive a truck through, or adding things like TOR and Tor Browser as ‘standard’)

    Back at the Puppy wiki:

    Unlike some other OSes, Puppy Linux does not mount (i.e. prepare to read from/write to) hard drives nor connects to the network automatically. This reduces the odds that a bug or even intentionally added incompatible software corrupts the contents of a hard drive.[10] Puppy Linux can also run on ARM platform and also on a single board computer such as Raspberry Pi.

    The wiki specifically references the R-Pi, so that’s a good thing…

    Wonder if it would be considered “rude” to use DSL to download the Puppy tools ;-)

    (The reality is that I have a couple of Puppy LiveCDs already, so can boot one of them and see if it builds a USB system easily on the Toy-LT, or not…)

    OK, looks like my day is ‘planned’… Grooming Puppies ;-)

  40. jim2 says:

    EM – the Linux from Scratch has “books” with step-by-step instructions. I haven’t read the entire book, but there it is. There is also a “hardened” version. If I weren’t studying Seam and related tech for work, this looks like a great way to get intimate with Linux.

  41. E.M.Smith says:

    @Jim2: I’ve been “intimate with Linux” for many years now… in fact, starting with BSD before Linux…



    And people wonder why I keep a half dozen computers laying around… “Compatibility Hell” is why…

    OK, I’d burned a “Puppy” CD and it worked. I’d chosen Mijnpup as it had a FireFox browser. Figured “the other stuff ought to be there”. It isn’t. I’d done this some many days ago and mostly did the testing in the Virtual Box environment.

    OK, I’ve since burned a dozen other CDs of other releases and tried them. Along the way, ran out of CD media.

    So I’m figuring I’ll just ‘move on’ to doing that USB Boot part of the process. The old Toy-LT doesn’t support USB boot, but no problem, Puppy lets you make a boot floppy… so in goes the Mijnpup CD and I boot up.

    First off, it doesn’t work with either of the old network cards I have. ( 3Com and Xircom) DSL works with them though.

    OK, I’ll just make that “boot floppy” and boot the newer bigger more support for old hardware Puppy that I’ve downloaded… and put on USB drive.

    Turns out Mijnpup doesn’t have that “make a boot floppy” code. But, it tells you, no problem, just click this button and a download / install from the internet will happen… which would be FINE, IFF the networking worked…

    So I’ve got some choices (again…)

    1) Go buy some more writable CDs.
    2) Figure out how to make a floppy on another machine.
    3) Move On to some other part of the project or other OS “idea”.
    4) Try making a custom “puppy” via the VM on this laptop.
    5) Try booting up one of my other older machines that still has a floppy drive and use it, maybe even use it’s network card, if Mijnpup likes it.
    6) Pick up a 6 pack and watch mindless TV…

    All because folks abandon things.

    The new laptop has no floppy drive. They are ‘passe’…. No PCMCIA slot either. It’s all USB now. The old laptop has USB, but it was ‘new’ then, so very limited support, like not booting from the BIOS. The various distributions have different ideas about what cards to support (built in, or PCMCIA) so some things work, some don’t. I’ve got DVD on the new laptop, and a giant pile of blank writable DVDs, but the old machines don’t have a DVD drive.

    Finding out how to align all the various “systems” so that none of the “holes” line up is a nice art to have, but I really wish it didn’t get exercised so often…

    I’m leaning strongly toward #6…

    What I’ll likely do instead is get one of my Old White Box PCs out of the garage. Probably the one with THE most generic and common network card in it and that has ALL possible drives stuffed into it. (Even has an old 5 1/4 inch really floppy floppy disk drive!) It’s my “glue box” that usually lets me get rid of some of the holes in the map… It can boot several different OS types and read / write several different media along with having a few interface cards in it, so can be part of several networks. I’d rather not have to do that, though. It’s a big box and takes space I don’t have free right now. Maybe I’ll just go buy some CDs instead… Throw money at the problem…

    I suppose I could try to find a floppy image and then put it onto a USB drive to put onto a real floppy… but IF I’m at the store buying a 6 pack I might as well just pick up some CDs and “don’t worry, be happy!”…

    Oh Well… it could be worse. Once I was at a remote site doing a “site bring up”. The Name Brand Router (of about 5 figures price) was “having issues” and not making the connection to the Telco. Turned out particular feature software was not on the box. Got on the old cell phone (and I do mean old… one of those ‘smaller than a purse but about the size of a princess dial phone handset’ ones…) to the Vendor. No Problem, they say, just download the software from our Website… This being “the early days” of such things, there was no “Wireless connectivity”. I got to explain to this idiot vendor that putting a CD in the ‘kit’ with the software would have been much better, as my job with this router AS IT WAS ADVERTIZED FOR USE, was to bring up the internet connection. Until it was up, BY DEFINITION I had no internet connectivity… An hour drive, a download, an hour drive, a while doing the configs, internet was up… Never used that router again… But it really was a giant dose of stupid to have a router designed and marketed for ‘internet connectivity’ where the software isn’t included and must be downloaded from the internet you don’t have yet… Just glad I was not 3 days from Nowhere Alaska… (Why didn’t I prep the equipment at the office before going out? Because the client bought it and it was delivered to their site. I was just the install monkey…)

    OK, enough rant. Back to work… but I really wish folks would think about downstream dependencies when they decide to leave things out / deprecate them…

  42. EM – reminds me of the first white box PC I had (Z80, CP/M) where you had to write the bios, assemble it, burn it into the EPROM and reassemble the box before you could use it. Somewhat of a steep learning-curve, and I used the box at work to write the assembly code and get the rest sorted. Funny thing is that that 4MHz Z80 was just as quick editing files as my current 2GHz AMD64.

    All the routers I’ve bought in the last 10 years or so told me to download the latest software from their website, but did in fact work out of the box.

    DD the bootfloppy as the first sectors on whatever boot device you want, then copy the other files on?

  43. jim2 says:

    EM – In case you don’t know, there is a USB device you can plug add-in cards to. I don’t know how many flavors there are, but there it is.

  44. E.M.Smith says:

    @Simon Derricutt:

    What the hardware / Moore’s Law giveth, the software / MicroSloth taketh away ;-)

    First machine I ever used / programmed was an Altair Mits 8800 something with the Intel 8080 CPU. Had to assemble it from parts. First program I wrote was in assembler, entered via toggle switches (as it had no other input) and was about 10 lines. It copied itself from low memory all the way up to high memory. Then, stepping through memory by hand, I could display it on the “blinky lights” of the register. That let me verify that all of memory was working right, and that the CPU worked (as the program ran)…

    At least I’m not down at at that level…


    “Somewhere” in my kit is a multi-way USB adapter that takes various cards, including SD, and also takes a CF card. Somewhere else I have a 8 GB hard disk “Compact Flash” card that’s a real hard disk (with some old version of Linux on it ;-) On my ‘to do’ list is organize that pile of junk and find those bits…. ;-)

    The links for USB floppies are interesting, but I’m more likely to just buy some more writable CDs ;-) Then again, you never know when you might need a floppy drive ;-)

    FWIW, the GIStemp box also has a floppy drive and a CD / DVD reading drive, so I can likely burn a Puppy DVD, and use that box to write a floppy…. It’s already set up and running, I just need to clear the desk enough for the keyboard… (i.e. move the Toy-LT out of the way…)

    Eventually I’ll just ‘give in’ and do what I likely ought to have done ot begin with: Buy a couple of Raspberry Pi and BeagleBoards and just develop on them for them…

  45. tckev says:

    Good luck with your endeavors, it sounds really interesting.

    I’ve tried Sabayon, a distro based on Gentoo, but had quite a few problems with it recognizing hardware correctly. That was a while ago ( about 2 years) so I may give Gentoo go soon.
    I’m currently running a Fedora remix which works well but I still have some other hardware issues, strange as I use a bog-standard IBM laptop (what is it with touchpads and wireless set-ups?).

    One distro you may like to look at is Qubes, it advertises that it is big on security. It certainly looks impressive and seems to be going in the same direction as you. Unfortunately there appears to be installation and set-up issues with some potential users but these are being worked on and hopefully will be fixed soon.
    More info at –
    and overview of the architecture –

    Click to access arch-spec-0.3.pdf

  46. E.M.Smith says:


    Thanks, I’ll take a look. Might want to look at CentOS. It’s Red Hat Enterprise, but with the parts Red Hat charges for added by volunteers. I’ve just downloaded a dozen versions ;-)

    I’ve got Sabayon downloaded, but not tried it yet. For laptops, the video hardware and wireless chips are often “cutting edge” so Linux drivers not around until a year or two later…

    Eventually the laptop makers will figure out this is a dumb decision and support Linux early.

Comments are closed.