I’ve been mumbling a bit about the need for a “Conservative Box” that would be kind of like a Pirate Box with mesh networking and firewall to internet features.
Well, one of the things I love about the *Nix FOSS world (Unix like systems of Free and Open Source Software) is that it has millions of inhabitants and once a “need” shows up, usually a whole lot of them have seen it and some fairly large part of them will get busy on a solution to that need.
So it pays, a lot, to look around a little before you sink a lot of time into making something “new” to first discover if it already exists.
The first folks to “Feel the need” for a private space to “talk and share among themselves” away from “authority” were the song swappers. The “Music Pirates”. Many of the key technologies used for privacy and sharing today, were invented by them, for the purpose of swapping both legal and illegal pirated copies of copyrighted music and later videos.
Now partly the “Music Industry” is responsible for this as they tried to do fairly draconian (and also often illegal…) restraint of people sharing “content”. Essentially they forgot that “Air Time” on Radio caused increase sales. (At one time they tried to prevent playing music on air without a payment / license fee, then when they lost, found that the increased ‘air time’ made way more sales anyway and some even started paying to get played.)
Well the same effect extends to music swapping and even to the current trend of “online newspapers” trying to prevent reading / copy of text on their web pages. All that happens is the Greedy Ones don’t get the link shared, don’t get the copy of a snip and pointer to article, and don’t get the eyeballs or clicks, so don’t get the money. (They also create a laundry list of methods to bypass their attempts at blocking reading / copy of text… as I’ve demonstrated a few here from time to time…)
So we got Bittorrent and Blockchain and Encryption and VPN and a whole lot more. Some from the commercial world as products and others, like Bittorrent, from folks wanting to share files that others wanted to censor. Forgetting that the 12 year old kid on a bittorrent pirate copy of music will become the 20 something with too much cash wanting the Uber Super Duper Sound System and ALL NEW BESTEST EVER copies of their favorites spare no expense…
And the bits always flowed…
Pirate Box
I’ve mentioned this before, and this is just a reference for historical reason. They have a Wiki:
“https: //en.wikipedia.org/wiki/PirateBox”
A PirateBox is a portable electronic device, often consisting of a Wi-Fi router and a device for storing information, creating a wireless network that allows users who are connected to share files anonymously and locally. By design, this device is disconnected from the Internet.
The PirateBox was originally designed to exchange data freely under the public domain or under a free license.
What I’d not noticed was that it has been “discontinued”:
Introduced 2011
Discontinued 2019
Language English
My “best guess” would be that the need for it has waned as “other ways” of swapping have improved. Things like Bittorrent over a VPN and .onion net / Onion Routing / Tor services. Likely even more than that (like large email attachments on encrypted email and encrypted files on drop box sites and… Did I mention that the bits always flow?
So on my ToDo list for today is to download and archive copies of their last versions. “For that day”, should it ever arise, and as exemplar of a moment in tech history.
I find the supposed reason for the discontinuance a bit contrived / narrow:
The PirateBox was designed in 2011 by David Darts, a professor at the Steinhardt School of Culture, Education and Human Development at New York University under Free Art License. It has since become highly popular in Western Europe, particularly in France by Jean Debaecker, and its development is largely maintained by Matthias Strubel. The usage of the PirateBox-Concept turns slowly away from common local filesharing to purposes in education, concerning public schools or private events like CryptoParties, a crucial point also being circumvention of censorship since it can be operated behind strong physical barriers.
On 17 November 2019 Matthias Strubel announced the closure of the Pirate Box project, citing more routers having locked firmware and browsers forcing https.
You can just use a cheap SBC with WiFi dongle and skip retrofitting the software to a WiFi Router, and maybe I’m missing something but don’t see where https is an issue. But whatever… I’ll be snagging a new copy anyway. They even note this:
Raspberry Pi Setup
The PirateBox can be set up in Raspberry Pi. The steps can be followed in the reference article.Uses
Users connect to the PirateBox via Wi-Fi (using a laptop, for example) without having to learn the password. They can then access the local web page of the PirateBox to download or upload files, or access an anonymous chat room or forum. All such data exchanges are confined to the PirateBox’s local network and are not connected to the Internet.Several educational projects use the devices to deliver content to students allowing them to share by chat or forum. The PirateBox is also used in places where Internet access is rare or impractical.
Devices which can be converted to a PirateBox
Android (v2.3+) devices: unofficial porting allowing to run a PirateBox on some rooted Android devices (example: smartphone and tablet computer). PirateBox for Android is available from Google Play (since June 2014).
PirateBox Live USB: allows one to turn a computer temporarily into a PirateBox
Raspberry Pi
Chip
The key design element of the Pirate Box is that the WiFi and Pirate Box are NOT connected to the internet. No internet cops to bust you for sharing your favorite tunes with a friend.
I suspect the discontinuance may have more to do with legal exposures.
https://en.wikipedia.org/wiki/Digital_rights_management
Worldwide, many laws have been created which criminalize the circumvention of DRM, communication about such circumvention, and the creation and distribution of tools used for such circumvention. Such laws are part of the United States’ Digital Millennium Copyright Act, and the European Union’s Information Society Directive (the French DADVSI is an example of a member state of the European Union (“EU”) implementing the directive).
Yes, talking about how to make a copy of something can get you busted… Which, of course, is a horrible infringement on the RIGHTS of Fair Use. (Not to mention it really is a PITA for those of us chartered to make sure systems are regularly and reliably backed up and legitimate copies can be recovered…)
I found the “see also” of the Pirate Box wiki interesting:
See also
USB dead drop, a similar concept
FreedomBox, a project similar to the PirateBox (plug computer version)
Shoutr, a similar Android solution
Router (computing)
Sneakernet
Looks like a lot of folks are just making sure the bits can flow. The USB Dead Drop is amusing. A USB Drive is just stuck somewhere random and folks can stuff bits on / take them off. (Not sure I’d trust it without an isolated system and virus inspection, but then again, depends on the why of it all.)
And Pirate Box has a home page:
The website, downloads and everything else will continue running in 2020, but will be shut off at the end of 2020.
So better snag a copy while you can, if you want one. FWIW, it isn’t that complicated a thing, and recreating it from scratch is not that complicated. I’d not bother with a router / flashing. I’d just use an SBC, with WiFi built in or as a dongle, and then set up the sharing software.
https://piratebox.cc/raspberry_pi:diy
Raspberry Pi(rate)Box 1.1.4 is now available for download via BitTorrent! See our easy DIY instructions below for details on how to build your own Pi(rate)Box. And learn more about the PirateBox project here.
Gee… the software is being distributed via BitTorrent… wonder why ;-)
Though they do have an HTTPS download available:
https://www.khm.de/~sievers/piratebox_rpi2_1.1.4-11-05-2018.img.zip
But this is largely historical from my perspective. Useful history and background to preserve, but there’s something else that I think is far closer to what I’d proposed as a “Conservative Box”. One that does connect to the internet and does have “mesh network” abilities on their design goals, and is much more directly aimed at bypassing censorship.
That FreedomBox mentioned in the see also area.
FreedomBox
This project looks, to me, like exactly what a “Conservative Box” would be in our present political climate. A way to bypass censorship and just “talk amongst ourselves”.
“https: //en.wikipedia.org/wiki/FreedomBox”
FreedomBox is a free software home server operating system.
Launched in 2010, FreedomBox has grown from a software system to a commercial product.
So it is both a Free Software version, and now they have one you can just buy ready to go. Nice. I’m not keen on their hardware choices as they use a lot of boards with Chinese SOC System On Chip / CPU and such, like the Allwinner family, but it will work and isn’t that much of a risk, really. Or you can “roll your own” on your own hardware choice.
I also find some of their software choices for sharing a bit odd, but then again I’m new to this area of software / applications so maybe it makes sense. I also note they have intent to support some of the software I’ve heard of, like Mastodon, so maybe it’s just that these choices were around in 2012 and the new ones are, well, new.
History
The project was announced by Eben Moglen, Professor of Law at Columbia Law School, in a speech called “Freedom in the Cloud” at the New York ISOC meeting on February 2, 2010. In this speech, Moglen predicted the damage that Facebook would do to society: “Mr. Zuckerberg has attained an unenviable record: he has done more harm to the human race than anybody else his age.” In direct response to the threat posed by Facebook in 2010, Moglen argued that FreedomBox should provide the foundation for an alternative Web. As Steven J. Vaughan Nichols notes, “[Moglen] saw the mess we were heading toward almost 10 years ago … That was before Facebook proved itself to be totally incompetent with security and sold off your data to Cambridge Analytica to scam 50 million US Facebook users with personalized anti-Clinton and pro-Trump propaganda in the 2016 election.”On February 4, 2011, Moglen formed the FreedomBox Foundation to become the organizational headquarters of the project, and on February 18, 2011, the foundation started a campaign to raise $60,000 in 30 days on the crowdfunding service, Kickstarter. The goal was met on February 22, and on March 19, 2011, the campaign ended after collecting $86,724 from 1,007 backers. The early developers aimed to create and preserve personal privacy by providing a secure platform for building decentralized digital applications. They targeted the FreedomBox software for plug computers and single-board computers that can easily be located in individual residences or offices. After 2011, the FreedomBox project continued to grow under different leadership.
I find it funny that a project started as a rejection of Trump Supporters is in fact just what Trump Supporters need. Communication needs are non-partisan. Only censorship is partisan.
FreedomBox and Debian
FreedomBox is a Debian Pure Blend. All applications on FreedomBox are installed as Debian packages. The FreedomBox project itself distributes its software through Debian repositories.Depending on Debian for software maintenance is one of the reasons why FreedomBox outlasted many similar projects that used manual installation scripts instead. FreedomBox comes with automatic software updates powered by Debian.
In fact, it looks like all you really need to do is assure your box is configured right (and can get out through your router) and do an “apt-get install freedombox”.
As of April 2019, FreedomBox is packaged in custom operating system images for 11 single-board computers. The hardware currently put forward for use with the FreedomBox software is explained on the Hardware page. OSHW designs are preferred, like the Olimex A20 OLinuXino Lime 2 or the BeagleBone Black,. Closed-source boards like the DreamPlug, Cubietruck and the Raspberry Pi are possible options, while more are on the way. There is also a VirtualBox image. FreedomBox can additionally be installed over a clean Debian installation.
So what’s it do? Let’s visit their home page:
FreedomBox Logo
Run your digital services from your home
FreedomBox is a private server for non-experts: it lets you install and configure server applications with only a few clicks. It runs on cheap hardware of your choice, uses your internet connection and power, and is under your control.
As opposed to Pirate Box, who’s design goal is isolated from the internet and where they share in an isolated “pod” of WiFi, the FreedomBox is intended to be your own set of Social Media and similar servers ON the internet, but under your control and with some privacy included.
The directions for it are a bit “hand holdy” and aimed at a non-technical base. I guess that’s good. Maybe. Even if I’d just like the tech manual…
Biggest issue I see in it is that punching through your router firewall is a non-trivial task and they try to make it sound easy. I can do it fairly quickly as can any tech person (log onto router, set up port forwarding to box in DMZ network), but how many non-tech folks have ever logged onto their Telco router? Eh? But they do reference some other ways that I’m not familiar with, so maybe…
The applications they support are shown in an image, not a list:
I’ve generally not used this so I’m not familiar with them. Many are things who’s name I’ve heard, so there’s that…
It has facilities for running over a VPN, synchronizing files, using an I2P network (Invisible Internet Project – a censorship resistance overlay), text and voice chat, BitTorrent file swapping and more.
Your privacy in safe hands, yours!
Your digital life should not be in the hands of tech companies or governments. Keep it close to you. Literally!We’re building software for smart devices whose engineered purpose is to work together to facilitate free communication among people, safely and securely, beyond the ambition of the strongest power to penetrate. They can make freedom of thought and information a permanent, ineradicable feature of the net that holds our souls.
Eben Moglen (2010)
Software you can trust
FreedomBox is Free and Open Source Software and an official part of Debian, a well established GNU/Linux distribution. The project is supported by the non-profit FreedomBox Foundation.
Their list of features is a complex visual, but a few as a list:
FreedomBox provides file sharing like Dropbox. Your data stays with you. Your family and friends also benefit.
FreedomBox provides a secure, decentralized replacement for WhatsApp. Do group chats and audio/video calls from any device.
FreedomBox provides a VPN server. Connect securely to your devices at home from outside. Protect your browsing session when on untrusted networks.
FreedomBox provides a privacy enhancing proxy server.
FreedomBox can host a blog or a wiki. Host your personal website right from your home.
Share media and take backups from all devices on your home network.FreedomBox can be your Network Attached Storage (NAS).
They have an online users manual, which I’ll be wandering through in the next couple of days. I’m downloading images for both the Raspberry Pi M3 and the Pine64 A64+, and I’m going to give it a test drive in a few days.
Frankly, it looks like they have already done all the things I’d want done. The bits I was thinking about, like Mastodon, are on their “soon” list. But I’ll know for sure after reading more of the manual and doing a test install.
https://wiki.debian.org/FreedomBox/Manual
FreedomBox: take your online privacy back
FreedomBox is a ready made personal server, designed with privacy and data ownership in mind. It is a subset of the Debian universal operating system and includes free software only. You can run it on a small, inexpensive and power-efficient computer box in your home that is dedicated for that use. It can also be installed on any computer running Debian or in a virtual machine.
In order to replace third-party communication services that are data mining your entire life, you will be able to host services yourself and use them at home or over the Internet through a browser or specialized apps. These services include chat and voice calls, webmail, file sharing and calendar, address book and news feed synchronization. For example, to start using a private chat service, activate the service from the administration interface and add your friends as authorized users of the service. They will be able to connect to the service hosted on your FreedomBox, using XMPP chat clients such as Conversations on Android, Pidgin on Windows and Linux, or Messages on Mac OS, for encrypted communications.FreedomBox is a product you can just buy, set up and use. Once installed the interface is easy to use, similar to a smart phone.
[…]
FreedomBox can also host a Wi-Fi access point, ad blocking proxy and a virtual private network (VPN). More advanced users can replace their router with a FreedomBox.
Then there’s that mesh networking thing. Where you can make ad-hoc networks if the Authorities shut down the Internet Spigots…
3. Advanced usage: Smart Home Router
FreedomBox runs in a physical computer and can route your traffic. It can sit between various devices at home such as mobiles, laptops and TVs and the Internet, replacing a home wireless router. By routing traffic, FreedomBox can remove tracking advertisements and malicious web bugs before they ever reach your devices. FreedomBox can cloak your location and protect your anonymity by “onion routing” your traffic over Tor. FreedomBox provides a VPN server that you can use while you are away from home to keep your traffic secret on untrusted public wireless networks and to securely access various devices at home.It can also be carried along with your laptop and set up to offer its services on public networks at work, school or office. In the future, FreedomBox intends to deliver support for alternative ways of connecting to the Internet such as Mesh networking.
So not in the product yet, but on the devo calender.
But for now, for dispossed communities, just what’s needed, per their description.
4. Advanced usage: For Communities
The primary design goal of FreedomBox is to be used as a personal server at home for use by a single family and their friends. However, at the core, it is a server software that can aid a non-technical user to setup services and maintain them with ease. Security is automatically managed and many of the technical choices in system administration are taken care by the software automatically thereby reducing complexity for a non-technical user. This nature of FreedomBox makes it well-suited for hosting services for small communities like villages or small firms. Communities can host their own services using FreedomBox with minimal effort. They can setup Wi-Fi networks that span the entire area of the community and draw Internet connections from long distances. Community members can enjoy previously unavailable Internet connectivity, ubiquitous Wi-Fi coverage, free VOIP services, offline education and entertainment content, etc. This will also boost privacy for individuals in the community, reduce dependence on centralized services provided by large companies and make them resistant to censorship.
The free e-book FreedomBox for Communities describes the motivation and provides detailed instructions to setup FreedomBox for this use case. Members of the FreedomBox project are involved in setting up Wi-Fi networks with free Internet connectivity in rural India. This e-book documents their knowledge and experiences.
Sure sounds like what’s needed. So hopefully when I set mine up it will live up to the hype / write-up. One hopes.
In Conclusion
As is so often the case, what you need from Linux / Unix is already there, or under construction. Because “you are not alone”. There are millions of people using this system, and somewhere in those millions are thousands with the same desires as you. Of them, a few say “I am somebody” and somebody has to do it, so they do.
With that, I’m now relieved of the need to create a “Conservative Box”, as it is just a sub-set of a “FreedomBox” and that project is already well along.
There’s a couple of applications I’d like to see added, and then Mesh Networking, but it would be better for me to put time into adding those to a Debian / Devuan build than to start a whole new project from scratch. So that’s the direction I’m heading.
First up will be a bring-up of FreedomBox on my hardware, then seeing about router config / DMZ port forwarding and all that sort of admin stuff. Once it’s up and visible, then I’ll try various applications (web hosting, chat, etc.) No idea how fast I’ll be about it. If any of y’all get antsy, you can always just order one and “run ahead of me” ;-)
Addendum:
What is in the Debian version:
https://wiki.debian.org/FreedomBox/Features
So looks pretty complete already. Diaspora, Mastodon or Gnu Social or Pleroma are the ones I was looking it, so coming, maybe… Then the mesh networking thing.
Does look like a few “teething problems” especially on the Raspberry Pi:
https://distrowatch.com/dwres.php?resource=ratings&distro=freedombox
Something similar here:
https://cheapskatesguide.org/articles/freedombox.html
When first set up, it takes some minutes to do auto-updates and such. They interrupted that process and it was “not good”, so be patient. Also had a failure of the initial launch of the configuration interface (“cockpit”) but worked past it.
I may start with the Pine64 instead of the Pi ;-)
Some of the observations where things I’d suspected, like a “point and click” interface not really giving a good Systems Admin full control experience (need to start over, not just edit and fix – common issue with ‘click to do foo’ approach). Also that the “it’s all easy and perfect” style of the write up was sellers puff… (it always is).
Other bits look like they just didn’t understand things as well as they think they did. Like the statement that the R.Pi is not preferred as it has binary blobs in the drivers. He interprets this as “won’t work with onboard WiFi” where it is instead just the usual complaint about binary blobs being non-free source code bits so not a preference.
He does a ‘dd’ to write the uSD card, but points it at a partition, then discovers you need to use the whole uSD card. Well duh, that’s how all .img files are written.
OTOH, that’s the kind of stuff a NOOBs user is likely to run into. So, OK, it doesn’t cover every possible NOOBs like issue. I’m OK with that.
So instead of letting it auto-run an update, crowbarred into the middle of it, screwed the pooch, and had to do a do-over.
Note to self: Boot it first time, then leave it alone while you get lunch. Another common thing with “automagically configures and updates” boxes. You must give them time to “do their thing”. But the documentation ought to warn of this and the process ought to put up a status spinning tortoise somewhere.. or something.
He then goes on to complain that you must install the applications you prefer and then configure them in ways that may not meet the ‘point and click’ claims. Kinda expected that, too.
OK, so it is NOT “as advertized” a 100% NOOBs friendly just click and be done and you will need some amount of Linux skills to have a clue when it goes a bit off the rails from your expectations. I’m OK with that as I’m not a complete NOOBy.
Essentially what it comes down to is they did a LOT of the selection of software and basic config choices, but do not have a 100% Point / Click way to do Systems Admin (another ‘well duh’ from my POV) and sometimes you trip over the automation during the bring up if you are impatient.
Well, OK. I’ll be patient and I’ll take notes and maybe write up a better “How To”.
Anyway, there’s some reviews and pointer at “the usual” problems to expect.
Got my 2nd, idle, Orange Pi One board out of the pile and plugged it in. (Using it now). The intent is to try making it a Pirate Box. We’ll see how that goes…
It’s a Quad Core H3 system. With 1/2 GB of memory. 461 MB left after video bit set aside. With chromium open with this one tab, I have 199 MB used. Odd as on other systems doing that runs about 500 MB. Clearly there ae memory squander options you can set when building Debian…
Anyone else remember running Linux in 64 MB of memory? I had an old Hitachi laptop (16 bit I think…) running Red Hat 5.2 in 16 MB.
Anyway, it’s a bit slow and all 4 cores spike up to about 80% a lot as I’m typing., plus the CPU is running 66 F even with a 1/2 inch / 1/2 inch heat sink on it. So “good enough” but just barely..
Dinky little thing, about 2 x 3 inches. But it does work… And it’s dirt cheap.
And it’s made in China, so there’s that… (i.e. not going to be used for anything really important).
Has only one USB spigot, so I need to use a USB Hub while I configure the WiFi Dongle (to have KB, Mouse, Dongle on it at the same time) but then shift to a remote access with just the WiFi dongle once that works.
It ought to be a nice “lowest end possible” test bed for a Pirate Box.
Well, I installed FreedomBox on the Pine64 A64+ and it went OK.
It is a bit quirky as described by others above. I also ran into the “go away kid you bother me, come back later I’m busy” on attempting to install an early Application. But it went away fairly quickly.
You do the install and everything from a browser on a different machine. That had some ‘sloth’ issues where the Odroid N2 browser was asking for a new page update faster than the slow Pine64 was ready to serve the page, so got a “not ready” message, then a few seconds later the page comes up.
Overall, it looks like it ought to work, BUT:
1) The “change ports on your router” to let things work has not gone away. You WILL need to have some skill at opening ports on your router and doing that kind of systems admin.
2) Clicks and pictures do not remove the minutia and detail of systems admin. I still don’t have a working WiFi Dongle and I’m pretty sure I can make it “go” a lot faster via a CLI then with their interface (wherever it is…). I’ve gone directly to the SBC, logged in as the “Admin User” that you must make at the Web Page, and I’m proceeding to set up my normal work environment so I can look under the covers and see what’s really going on.
3) Overall, there is a little bit of help from the “click and pick” web interface in that it tells you things like what ports on the router you need to open, or what else needs to be done. But really, it’s mostly just a pretty face on the normal “install and configure these Linux programs”. I’m somewhat of the opinion that a good write-up of how to do it in a regular Linux way, essentially a cook-book, would be just as good and in some ways better. (Then again, I’m comfortable with standard systems admin).
At this point I’m only about 2 hours into it, so we’ll see what happens with more exposure.
Your last two comments on Pirate Progress were good, E.M.. I have a decent picture of what’s going on with the hardware. On the software side, I understand in the most general way what you’re what you’re describing, but then you’ve just described what you’re doing in a general way.
Thanks for the commentary-on-the-go.
@H.R.: Nice to know. Thanks!
Well, got logged into a proper session at a terminal. The web interface services had lots of D wait states showing in htop and many process instances. Memory used about 700 out of 800 plus some total (the rest of it being video core assigned). No swap existed. This with only 2 apps installed and none running.
I tried setting up a SWAPFILE but it failed with “bad option”. They used a btrfs file system for the “snapshot” feature, but it forbids swap with snapshots on the same partition and they had only one big partition other than a dinky boot area… OK, everything slow as molasses in January, type 4 char, wait 4 seconds to see them, type a few more…. I plugged in a USB drive with a known swap partition and activated swap on it. Rapidly ran up to over 300 MB on swap and the “D” disk or other short term waits on processes went away. It became usable.
Decided to do a password change since I was su to root. Was greeted with a request for the LDAP manager password. WT? LDAP is big corporate stuff. So a slow high activity complicated file system and a complex fat authentication system layered on a uSD card? With NO swap while their complicated WEB interface management system spit out a dozen processes in D wait state…
This was just not well thought out for this scale hardware.
Almost certainly the development is happening on a big fat PC with 8 GB of memory and fast real disk, then moved to an SBC with little QA or testing. I certainly made the memory stress worse by running a windows login process (after a long install of lxde). But when doing things, beyond one terminal Window, swap ran up to over 600 MB, and that is more than LXDE takes… so it was already short of memory needing swap, not having it, and having process issues. Most likely why every other Web Admin page load had issues…
Now were it actually RUNNING a half dozen apps, like email, web server, vpn tunnels with encryption calculations, video chats: IMHO even without lxde running, it would crap its pants out of memory with no swap. Also constantly trying to checkpoint the btrfs file system with snapshots.
This is just crap.
OK design for a big workstation with corporate support team, BUT not right for a dinky SBC and a NOOBS admin on a Click ‘N Pray admin interface.
The good news is that it is just a Debian 10.7 under the covers. This is just a Click Based Admin layer on top of The Usual underneath. So, IMHO, a lighter weight install with admin decisions to match might be fine. Start with Debian on an ext file system, skip LDAP, have 1 GB Swap, and whatever else pops up…. then likely the sloth and sporadic failed page loads goes away.
I may give that a try later. I’m of the opinion that a clean, regular Linux Admin way, install of a focused set of apps, tested and shown to work on target hardware; would be a better solution. A “download and put on uSD card, edit a couple of parameter files, and go” would work better. A purpose built appliance build as opposed to a “kit of parts install by click admin” way.
” A “download and put on uSD card, edit a couple of parameter files, and go” would work better. A purpose built appliance build as opposed to a “kit of parts install by click admin” way.”
That is what this ” click and pray” guy looks for. I never really was a computer geek, I just want the Damn Thing to work so that I can…pg
@P.G.:
I’ve noticed a few “styles” of systems (and their programmers).
One, that tends to be me, is the “Make it a working fully functional and clean simple appliance. Then TEST it.” Also I tend to have an exact cook-book to follow that is also tested for the install, bring-up, and final configuration if any. Usually let you get under the hood and tinker if you like. BSD and old Linux were like this. SystemD not so much…
Another is the “Kitchen Sink:” folks. Often also the ones enamored of the Latest & Greatest thing with a gazillion configuration options and a load of “features” that 90% of everyone will never use, but you must know how to set, unset, or avoid. Because of that, they often are also “Kit of parts” folks with a laundry list of optional install targets and configuration choices. (Pottering and Pulse Audio come to mind…). These systems usually come with a bunch of “unexpected” issues as they can rarely be fully tested and certainly not on all likely hardware configurations. Their answer to this is usually adding MORE options and MORE install choices and MORE “kit of parts” to wade through (see SystemD admin files / scripts / blahblahbalh).
There’s also a “simple kit of parts” bunch who mostly give you a recipe to make your own simple appliance and test it. I do this in postings sometimes as I can’t “ship a product”, really. Yet… So I’ll post how to bring up a Devuan box, but include that you can choose LXDE or XCFE as desktop…
Then there’s the “Sealed Black Box” folks. Apple is like this. What’s in an iPhone? How can you change or fix it? Umm…. Chromebooks and Chromebox are a little better, but similar. Android is rather like the Chrome-Stuff. Open source and you CAN “roll your own” but most appliances using it are locked down. Similarly the Roku device. This is all FINE if it works right and if it does what you want. But usually comes with a significant price tag attached. See Microsoft Windows…
My impression of the FreedomBox folks is they are in the #2 slot. “Kitchen Sink” as a kit of parts with a load of complexity choices, and not well tested. As my style is more #1 “simple appliance” or #3 “SIMPLE kit of parts / script”, I’m most likely going to just disassemble the FreedomBox “kit” and use it as a guide to a more determinate “Roll your own” script, and make finished simple “appliance” images that can be shared if folks want them. (When I get one of these working, in theory, I’ll also have my own file sharing site so can, then, share things like system images…)
Anyway, that’s my view of it.
I’ll likely start with 2 simple appliances (likely on the same board / server). File sharing and a web server / blog.
Well, I was looking forward to trying out the Freedom box on a Raspberry Pi M3+ but after reading your issues with it, I’ll think I’ll wait. Thanks for posting your experience with it, and I”m glad you’re looking into other options and sharing the results with us!
The following steps must be followed exactly in order.
Disable the rule called demo-server-reset-trigger in AWS EventBridge
Create a new instance with tag:Name = demo-instance
Create new user account on the instance called demo with a valid password
Associate elastic IP address to the new instance
Install TT-RSS
Set host name to freedombox
Set domain name to demo.freedombox.org
Disable automatic updates
Add own ssh key to root user
Login via ssh as root
Modify /etc/security/access.d/50freedombox.conf to remove sudo and admin groups (This is a robust way to disable shell access, but Cockpit login won’t work anymore!)
Modules to disable
Cockpit
SSH
Power
Now install apps – (no proxies)
Create one blog and one wiki in Ikiwiki
Have one feed in tt-rss e.g. planet.debian.org
Install Matrix Synapse
Remove “shutdown” and “restart” options in the user dropdown menu (base.html)
Edit file /usr/lib/python3/dist-packages/plinth/settings.py to comment out the section on password validators
Start plinth and set password to “demo”
Restore password validators section in settings.py
Shut down the server
Create image (AMI) from the instance with name demo-server
Enable the rule called demo-server-reset-trigger in AWS EventBridge
https://salsa.debian.org/freedombox-team/freedombox/snippets/277
@Pinroot:
I think it is well worth the playing time, so would encourage you to see if it “has issues” on the Pi M3+, or not. It is quite possible the different board images have somewhat different builds.
Also, knowing you need swap for anything big and / or with added “apt-get install task-lxde-desktop” windowing login, you could just stick with the regular shell login (or add that swap before adding windowing system…) and avoid my particular experience.
At boot, it puts up a “Login:” prompt on the monitor plugged into the board, but you MUST go to the web page on another box first to make a login to use. Then you can come back, log in, sudo bash, and have a root shell so as to do “whatever you want” from that point forward.
Alternatively, what I think is likely best, is just do a Devuan/ Debian / Ubuntu install of your liking, perhaps even Raspian wold have it, and then do the “apt-get install freedombox” and get the system config you like with the FreedomBox admin / apps layer on top of it (but where you can easily bypass it as you have root access…)
Let’s just say I’ve not scrubbed my image yet. More play to come ;-)
@Jim2:
Interesting…
I note that they completely bypass their “click and pray” admin system to do that particular demo set-up…
I’d thought about doing an AWS or similar instance (on their ‘free’ tier) and may yet, but prefer the idea of not touching AWS… Amazon being an information sponge too…
I wonder if any other Cloud Server Providers have a free tier?…
I’d expect it to be more tested and run better on x86 / AMD64 VMs than on ‘some random low use SBC’ like the Pine64 A64+.
OTOH, it IS a free tier ;-)
Caveat: I have little to no experience with any of this, but a healthy interest.
It seems like a pirate box might be a good solution if you want some sort of IoT things going in your house that are not connected to the internet. I’d have to think of what IoT things I wanted, though. ;-)
Microsoft has some free cloud dev services, I believe.
So CIO, do you think FreedomBox has its own LDAP server?
https://salsa.debian.org/freedombox-team/freedombox/-/issues/2012
@Jim2: Maybe…
@Weetabix:
There are 3 main problems with IoT things:
1) They spy on you (Nobody needs to know what is in my fridge, or when I have my AC on or have had the heat off for 4 days…).
2) Then can serve as a Bridge for other devices to get to the internet / send data out (as seen in the election where a “smart thermostat” was bridging a Dominion box to China).
3) They can directly let hackers into your network / home via compromise.
Being on a Pirate Box stops all of those.
What it does not do is let the “Phone Home” service that the IoT device demands in order to operate, function.
So you are likely to have a Smart Thermostat that sulks, a fridge that complains at you, and a TV that can’t get media to show you.
The alternative is a “DMZ” ( I have a “TV Zone” for the televisions, for example). That lets the Phone Home and Media Download happen, but prevents “infection” of anything else on my network (#3). It does not prevent #1 or #2. Not buying that kind of device serves that purpose for me ;-)
On second thought, it’s probably a cloud-based LDAP server. Putting something like FreedomBox on AWS is kind of asinine in the first place.