Pirate, Freedom, Conservative – Box

I’ve been mumbling a bit about the need for a “Conservative Box” that would be kind of like a Pirate Box with mesh networking and firewall to internet features.

Well, one of the things I love about the *Nix FOSS world (Unix like systems of Free and Open Source Software) is that it has millions of inhabitants and once a “need” shows up, usually a whole lot of them have seen it and some fairly large part of them will get busy on a solution to that need.

So it pays, a lot, to look around a little before you sink a lot of time into making something “new” to first discover if it already exists.

The first folks to “Feel the need” for a private space to “talk and share among themselves” away from “authority” were the song swappers. The “Music Pirates”. Many of the key technologies used for privacy and sharing today, were invented by them, for the purpose of swapping both legal and illegal pirated copies of copyrighted music and later videos.

Now partly the “Music Industry” is responsible for this as they tried to do fairly draconian (and also often illegal…) restraint of people sharing “content”. Essentially they forgot that “Air Time” on Radio caused increase sales. (At one time they tried to prevent playing music on air without a payment / license fee, then when they lost, found that the increased ‘air time’ made way more sales anyway and some even started paying to get played.)

Well the same effect extends to music swapping and even to the current trend of “online newspapers” trying to prevent reading / copy of text on their web pages. All that happens is the Greedy Ones don’t get the link shared, don’t get the copy of a snip and pointer to article, and don’t get the eyeballs or clicks, so don’t get the money. (They also create a laundry list of methods to bypass their attempts at blocking reading / copy of text… as I’ve demonstrated a few here from time to time…)

So we got Bittorrent and Blockchain and Encryption and VPN and a whole lot more. Some from the commercial world as products and others, like Bittorrent, from folks wanting to share files that others wanted to censor. Forgetting that the 12 year old kid on a bittorrent pirate copy of music will become the 20 something with too much cash wanting the Uber Super Duper Sound System and ALL NEW BESTEST EVER copies of their favorites spare no expense…

And the bits always flowed…

Pirate Box

I’ve mentioned this before, and this is just a reference for historical reason. They have a Wiki:

“https: //en.wikipedia.org/wiki/PirateBox”

A PirateBox is a portable electronic device, often consisting of a Wi-Fi router and a device for storing information, creating a wireless network that allows users who are connected to share files anonymously and locally. By design, this device is disconnected from the Internet.

The PirateBox was originally designed to exchange data freely under the public domain or under a free license.

What I’d not noticed was that it has been “discontinued”:

Introduced 2011
Discontinued 2019
Language English

My “best guess” would be that the need for it has waned as “other ways” of swapping have improved. Things like Bittorrent over a VPN and .onion net / Onion Routing / Tor services. Likely even more than that (like large email attachments on encrypted email and encrypted files on drop box sites and… Did I mention that the bits always flow?

So on my ToDo list for today is to download and archive copies of their last versions. “For that day”, should it ever arise, and as exemplar of a moment in tech history.

I find the supposed reason for the discontinuance a bit contrived / narrow:

The PirateBox was designed in 2011 by David Darts, a professor at the Steinhardt School of Culture, Education and Human Development at New York University under Free Art License. It has since become highly popular in Western Europe, particularly in France by Jean Debaecker, and its development is largely maintained by Matthias Strubel. The usage of the PirateBox-Concept turns slowly away from common local filesharing to purposes in education, concerning public schools or private events like CryptoParties, a crucial point also being circumvention of censorship since it can be operated behind strong physical barriers.

On 17 November 2019 Matthias Strubel announced the closure of the Pirate Box project, citing more routers having locked firmware and browsers forcing https.

You can just use a cheap SBC with WiFi dongle and skip retrofitting the software to a WiFi Router, and maybe I’m missing something but don’t see where https is an issue. But whatever… I’ll be snagging a new copy anyway. They even note this:

Raspberry Pi Setup
The PirateBox can be set up in Raspberry Pi. The steps can be followed in the reference article.

Uses
Users connect to the PirateBox via Wi-Fi (using a laptop, for example) without having to learn the password. They can then access the local web page of the PirateBox to download or upload files, or access an anonymous chat room or forum. All such data exchanges are confined to the PirateBox’s local network and are not connected to the Internet.

Several educational projects use the devices to deliver content to students allowing them to share by chat or forum. The PirateBox is also used in places where Internet access is rare or impractical.

Devices which can be converted to a PirateBox
Android (v2.3+) devices: unofficial porting allowing to run a PirateBox on some rooted Android devices (example: smartphone and tablet computer). PirateBox for Android is available from Google Play (since June 2014).
PirateBox Live USB: allows one to turn a computer temporarily into a PirateBox
Raspberry Pi
Chip

The key design element of the Pirate Box is that the WiFi and Pirate Box are NOT connected to the internet. No internet cops to bust you for sharing your favorite tunes with a friend.

I suspect the discontinuance may have more to do with legal exposures.

https://en.wikipedia.org/wiki/Digital_rights_management

Worldwide, many laws have been created which criminalize the circumvention of DRM, communication about such circumvention, and the creation and distribution of tools used for such circumvention. Such laws are part of the United States’ Digital Millennium Copyright Act, and the European Union’s Information Society Directive (the French DADVSI is an example of a member state of the European Union (“EU”) implementing the directive).

Yes, talking about how to make a copy of something can get you busted… Which, of course, is a horrible infringement on the RIGHTS of Fair Use. (Not to mention it really is a PITA for those of us chartered to make sure systems are regularly and reliably backed up and legitimate copies can be recovered…)

I found the “see also” of the Pirate Box wiki interesting:

See also

USB dead drop, a similar concept
FreedomBox, a project similar to the PirateBox (plug computer version)
Shoutr, a similar Android solution
Router (computing)
Sneakernet

Looks like a lot of folks are just making sure the bits can flow. The USB Dead Drop is amusing. A USB Drive is just stuck somewhere random and folks can stuff bits on / take them off. (Not sure I’d trust it without an isolated system and virus inspection, but then again, depends on the why of it all.)

Wall Net?  USB Dead Drop

Wall Net? USB Dead Drop

And Pirate Box has a home page:

https://piratebox.cc/

The website, downloads and everything else will continue running in 2020, but will be shut off at the end of 2020.

So better snag a copy while you can, if you want one. FWIW, it isn’t that complicated a thing, and recreating it from scratch is not that complicated. I’d not bother with a router / flashing. I’d just use an SBC, with WiFi built in or as a dongle, and then set up the sharing software.

https://piratebox.cc/raspberry_pi:diy

Raspberry Pi(rate)Box 1.1.4 is now available for download via BitTorrent! See our easy DIY instructions below for details on how to build your own Pi(rate)Box. And learn more about the PirateBox project here.

Gee… the software is being distributed via BitTorrent… wonder why ;-)

Though they do have an HTTPS download available:

https://www.khm.de/~sievers/piratebox_rpi2_1.1.4-11-05-2018.img.zip

But this is largely historical from my perspective. Useful history and background to preserve, but there’s something else that I think is far closer to what I’d proposed as a “Conservative Box”. One that does connect to the internet and does have “mesh network” abilities on their design goals, and is much more directly aimed at bypassing censorship.

That FreedomBox mentioned in the see also area.

FreedomBox

This project looks, to me, like exactly what a “Conservative Box” would be in our present political climate. A way to bypass censorship and just “talk amongst ourselves”.

“https: //en.wikipedia.org/wiki/FreedomBox”

FreedomBox is a free software home server operating system.

Launched in 2010, FreedomBox has grown from a software system to a commercial product.

So it is both a Free Software version, and now they have one you can just buy ready to go. Nice. I’m not keen on their hardware choices as they use a lot of boards with Chinese SOC System On Chip / CPU and such, like the Allwinner family, but it will work and isn’t that much of a risk, really. Or you can “roll your own” on your own hardware choice.

I also find some of their software choices for sharing a bit odd, but then again I’m new to this area of software / applications so maybe it makes sense. I also note they have intent to support some of the software I’ve heard of, like Mastodon, so maybe it’s just that these choices were around in 2012 and the new ones are, well, new.

History
The project was announced by Eben Moglen, Professor of Law at Columbia Law School, in a speech called “Freedom in the Cloud” at the New York ISOC meeting on February 2, 2010. In this speech, Moglen predicted the damage that Facebook would do to society: “Mr. Zuckerberg has attained an unenviable record: he has done more harm to the human race than anybody else his age.” In direct response to the threat posed by Facebook in 2010, Moglen argued that FreedomBox should provide the foundation for an alternative Web. As Steven J. Vaughan Nichols notes, “[Moglen] saw the mess we were heading toward almost 10 years ago … That was before Facebook proved itself to be totally incompetent with security and sold off your data to Cambridge Analytica to scam 50 million US Facebook users with personalized anti-Clinton and pro-Trump propaganda in the 2016 election.”

On February 4, 2011, Moglen formed the FreedomBox Foundation to become the organizational headquarters of the project, and on February 18, 2011, the foundation started a campaign to raise $60,000 in 30 days on the crowdfunding service, Kickstarter. The goal was met on February 22, and on March 19, 2011, the campaign ended after collecting $86,724 from 1,007 backers. The early developers aimed to create and preserve personal privacy by providing a secure platform for building decentralized digital applications. They targeted the FreedomBox software for plug computers and single-board computers that can easily be located in individual residences or offices. After 2011, the FreedomBox project continued to grow under different leadership.

I find it funny that a project started as a rejection of Trump Supporters is in fact just what Trump Supporters need. Communication needs are non-partisan. Only censorship is partisan.

FreedomBox and Debian
FreedomBox is a Debian Pure Blend. All applications on FreedomBox are installed as Debian packages. The FreedomBox project itself distributes its software through Debian repositories.

Depending on Debian for software maintenance is one of the reasons why FreedomBox outlasted many similar projects that used manual installation scripts instead. FreedomBox comes with automatic software updates powered by Debian.

In fact, it looks like all you really need to do is assure your box is configured right (and can get out through your router) and do an “apt-get install freedombox”.

As of April 2019, FreedomBox is packaged in custom operating system images for 11 single-board computers. The hardware currently put forward for use with the FreedomBox software is explained on the Hardware page. OSHW designs are preferred, like the Olimex A20 OLinuXino Lime 2 or the BeagleBone Black,. Closed-source boards like the DreamPlug, Cubietruck and the Raspberry Pi are possible options, while more are on the way. There is also a VirtualBox image. FreedomBox can additionally be installed over a clean Debian installation.

So what’s it do? Let’s visit their home page:

https://www.freedombox.org/

FreedomBox Logo
Run your digital services from your home
FreedomBox is a private server for non-experts: it lets you install and configure server applications with only a few clicks. It runs on cheap hardware of your choice, uses your internet connection and power, and is under your control.

As opposed to Pirate Box, who’s design goal is isolated from the internet and where they share in an isolated “pod” of WiFi, the FreedomBox is intended to be your own set of Social Media and similar servers ON the internet, but under your control and with some privacy included.

The directions for it are a bit “hand holdy” and aimed at a non-technical base. I guess that’s good. Maybe. Even if I’d just like the tech manual…

Biggest issue I see in it is that punching through your router firewall is a non-trivial task and they try to make it sound easy. I can do it fairly quickly as can any tech person (log onto router, set up port forwarding to box in DMZ network), but how many non-tech folks have ever logged onto their Telco router? Eh? But they do reference some other ways that I’m not familiar with, so maybe…

The applications they support are shown in an image, not a list:

FreedomBox Applications

FreedomBox Applications

I’ve generally not used this so I’m not familiar with them. Many are things who’s name I’ve heard, so there’s that…

It has facilities for running over a VPN, synchronizing files, using an I2P network (Invisible Internet Project – a censorship resistance overlay), text and voice chat, BitTorrent file swapping and more.

Your privacy in safe hands, yours!
Your digital life should not be in the hands of tech companies or governments. Keep it close to you. Literally!

We’re building software for smart devices whose engineered purpose is to work together to facilitate free communication among people, safely and securely, beyond the ambition of the strongest power to penetrate. They can make freedom of thought and information a permanent, ineradicable feature of the net that holds our souls.

Eben Moglen (2010)
Software you can trust
FreedomBox is Free and Open Source Software and an official part of Debian, a well established GNU/Linux distribution. The project is supported by the non-profit FreedomBox Foundation.

Their list of features is a complex visual, but a few as a list:

FreedomBox provides file sharing like Dropbox. Your data stays with you. Your family and friends also benefit.

FreedomBox provides a secure, decentralized replacement for WhatsApp. Do group chats and audio/video calls from any device.

FreedomBox provides a VPN server. Connect securely to your devices at home from outside. Protect your browsing session when on untrusted networks.

FreedomBox provides a privacy enhancing proxy server.

FreedomBox can host a blog or a wiki. Host your personal website right from your home.
Share media and take backups from all devices on your home network.

FreedomBox can be your Network Attached Storage (NAS).

They have an online users manual, which I’ll be wandering through in the next couple of days. I’m downloading images for both the Raspberry Pi M3 and the Pine64 A64+, and I’m going to give it a test drive in a few days.

Frankly, it looks like they have already done all the things I’d want done. The bits I was thinking about, like Mastodon, are on their “soon” list. But I’ll know for sure after reading more of the manual and doing a test install.

https://wiki.debian.org/FreedomBox/Manual

FreedomBox: take your online privacy back

FreedomBox is a ready made personal server, designed with privacy and data ownership in mind. It is a subset of the Debian universal operating system and includes free software only. You can run it on a small, inexpensive and power-efficient computer box in your home that is dedicated for that use. It can also be installed on any computer running Debian or in a virtual machine.

In order to replace third-party communication services that are data mining your entire life, you will be able to host services yourself and use them at home or over the Internet through a browser or specialized apps. These services include chat and voice calls, webmail, file sharing and calendar, address book and news feed synchronization.
For example, to start using a private chat service, activate the service from the administration interface and add your friends as authorized users of the service. They will be able to connect to the service hosted on your FreedomBox, using XMPP chat clients such as Conversations on Android, Pidgin on Windows and Linux, or Messages on Mac OS, for encrypted communications.

FreedomBox is a product you can just buy, set up and use. Once installed the interface is easy to use, similar to a smart phone.
[…]
FreedomBox can also host a Wi-Fi access point, ad blocking proxy and a virtual private network (VPN). More advanced users can replace their router with a FreedomBox.

Then there’s that mesh networking thing. Where you can make ad-hoc networks if the Authorities shut down the Internet Spigots…

3. Advanced usage: Smart Home Router
FreedomBox runs in a physical computer and can route your traffic. It can sit between various devices at home such as mobiles, laptops and TVs and the Internet, replacing a home wireless router. By routing traffic, FreedomBox can remove tracking advertisements and malicious web bugs before they ever reach your devices. FreedomBox can cloak your location and protect your anonymity by “onion routing” your traffic over Tor. FreedomBox provides a VPN server that you can use while you are away from home to keep your traffic secret on untrusted public wireless networks and to securely access various devices at home.

It can also be carried along with your laptop and set up to offer its services on public networks at work, school or office. In the future, FreedomBox intends to deliver support for alternative ways of connecting to the Internet such as Mesh networking.

So not in the product yet, but on the devo calender.

But for now, for dispossed communities, just what’s needed, per their description.

4. Advanced usage: For Communities

The primary design goal of FreedomBox is to be used as a personal server at home for use by a single family and their friends. However, at the core, it is a server software that can aid a non-technical user to setup services and maintain them with ease. Security is automatically managed and many of the technical choices in system administration are taken care by the software automatically thereby reducing complexity for a non-technical user. This nature of FreedomBox makes it well-suited for hosting services for small communities like villages or small firms. Communities can host their own services using FreedomBox with minimal effort. They can setup Wi-Fi networks that span the entire area of the community and draw Internet connections from long distances. Community members can enjoy previously unavailable Internet connectivity, ubiquitous Wi-Fi coverage, free VOIP services, offline education and entertainment content, etc. This will also boost privacy for individuals in the community, reduce dependence on centralized services provided by large companies and make them resistant to censorship.

The free e-book FreedomBox for Communities describes the motivation and provides detailed instructions to setup FreedomBox for this use case. Members of the FreedomBox project are involved in setting up Wi-Fi networks with free Internet connectivity in rural India. This e-book documents their knowledge and experiences.

Sure sounds like what’s needed. So hopefully when I set mine up it will live up to the hype / write-up. One hopes.

In Conclusion

As is so often the case, what you need from Linux / Unix is already there, or under construction. Because “you are not alone”. There are millions of people using this system, and somewhere in those millions are thousands with the same desires as you. Of them, a few say “I am somebody” and somebody has to do it, so they do.

With that, I’m now relieved of the need to create a “Conservative Box”, as it is just a sub-set of a “FreedomBox” and that project is already well along.

There’s a couple of applications I’d like to see added, and then Mesh Networking, but it would be better for me to put time into adding those to a Debian / Devuan build than to start a whole new project from scratch. So that’s the direction I’m heading.

First up will be a bring-up of FreedomBox on my hardware, then seeing about router config / DMZ port forwarding and all that sort of admin stuff. Once it’s up and visible, then I’ll try various applications (web hosting, chat, etc.) No idea how fast I’ll be about it. If any of y’all get antsy, you can always just order one and “run ahead of me” ;-)

Subscribe to feed

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in History, Tech Bits and tagged , , , , , . Bookmark the permalink.

16 Responses to Pirate, Freedom, Conservative – Box

  1. E.M.Smith says:

    Addendum:

    What is in the Debian version:

    https://wiki.debian.org/FreedomBox/Features

    FreedomBoxFeatures
    FreedomBox is a self-hosting server aimed at protecting your privacy and data ownership.

    Features
    Implemented
    Here is a list of user-facing features that have been implemented in FreedomBox. You can also check FreedomBox introduction and supported hardware related pages.

    Use Cases for User Applications
    FreedomBox makes it easy to:

    Chat with friends via your own chat servers
    The Matrix server allows secure, decentralized communication via text, voice and video. Files or pictures can also be shared. Coturn helps, if your FreedomBox is behind a router (NAT).

    An alternative standard is XMPP with similar features. You can host your own Ejabberd server and use the Web interface JSXC on your own FreedomBox as client.

    Mumble is your choice for pure real-time voice conferences.

    Remain connected to some external chat rooms while you’re absent; for IRC with Quassel, or with I2P.

    Read e-mails and news
    Check your email with the browser-based multilingual email client Roundcube.

    Read RSS news with Tiny Tiny RSS.

    Share files:
    Transfer large files via BitTorrent distributed file sharing with Deluge, Transmission, or with I2P.

    Share files peer-to-peer with MLDonkey

    Share content publicly or restricted to the users of listed allowed groups with Sharing

    Privately share text snippets and files with Bepasty.

    Locally with Samba.

    Share locally multimedia content (photos, videos, music, …) with MiniDLNA.

    Organize your e-books into collections with Calibre.

    Keep your data synchronized to your FreedomBox:

    Files: with Syncthing.

    Calendar and contacts: with Radicale.

    Surf securely the internet
    Filter incoming (e.g. ads) and outgoing web traffic with the proxy Privoxy.

    Escape search engine filter bubbles using a metasearch engine like Searx.

    Circumvent censorship using a socks5 proxy like Shadowsocks.

    Host your own website or blog:
    Host a personal or community wiki with MediaWiki.

    Publish a website or blog with Ikiwiki.

    Host regular websites:
    Each user has her own website.
    There can be a system-wide website with User Websites.

    Host your own web office apps:
    Collaboratively edit a text document with Infinoted.

    Share your source code with GitWeb

    Host a multiplayer block sandbox with Minetest.

    Connect securely to your FreedomBox services from the internet in order to publish services in untrusted networks or to to access through untrusted networks as if you were locally there.

    OpenVPN provides a virtual private network (VPN) service.

    WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.

    Learn how to use each application:
    Offline Manual
    Online resources
    Community support
    Forums
    Mailing List
    IRC channel
    Other features and solutions

    Use Cases for the System Owner
    FreedomBox makes it easy to:

    Invite friends to use your box:
    Grant FreedomBox accounts and access privileges to users (See Users and Groups).

    Use a single login for FreedomBox Interface, XMPP, Ikiwiki and SSH.

    Share infrastructure resources:
    Provide DNS service for your local network with bind.

    Connect storage devices (See Storage).

    Provide a secure linux (including python3, etc) console accessible through SSH.

    Connect your FreedomBox to the world:

    Access your FreedomBox from the public Internet via Pagekite, Tor, or DNS.

    Obtain a certificate for your domain from Let’s Encrypt.

    Manage network connections over Ethernet, Wi-Fi, or PPPoE (See Networks).

    Control your FreedomBox:

    Customize it:
    Configure system name and interface language (See Configure).

    Configure time zone and network time service (See Date and Time).

    Know what’s happening in your box:
    Run diagnostic tests (See Diagnostics).

    View which services are allowed through the firewall (See Firewall).

    Watch storage consumption in each device (See Storage).

    from a web interface with Cockpit.

    Solve and prevent troubles:
    Upgrade software packages automatically (See Software Upgrades).

    View disk information or expand a partition (See Disks).

    Create and restore filesystem snapshots (See Snapshots).

    Backup your data with Borg (See Backups).

    Configure local access to FreedomBox (See Service Discovery).

    Learn how to administer your box:
    Offline Manual
    Online resources
    Community support
    Forums
    Mailing List
    IRC channel

    Planned
    These features are planned for upcoming releases.

    Run your own federated social networking server (diaspora*)

    Host your photos and videos (?MediaGoblin)

    Run your micro-blogging social network (GNU Social, Mastodon, Pleroma)

    Email server
    Scheduled backups
    Manage and share your bookmarks (Shaarli)

    So looks pretty complete already. Diaspora, Mastodon or Gnu Social or Pleroma are the ones I was looking it, so coming, maybe… Then the mesh networking thing.

  2. E.M.Smith says:

    Does look like a few “teething problems” especially on the Raspberry Pi:

    https://distrowatch.com/dwres.php?resource=ratings&distro=freedombox

    Version: 2019-07-10
    Rating: 10
    Date: 2020-04-29
    Votes: 1

    This is an amazingly ambitious project to put cloud services and privacy/security tools in the hands of noob and the developers are pulling it off. Very clean and easy to use interface provides powerful tool like self hosted encrypted chat to the user. Freedombox is under very active development with new features being released almost weekly. This is more than a distro. It is a necessary tool kit for every house hold.

    Was this review helpful? Yes No
    Version: 2019-07-10
    Rating: 9
    Date: 2019-10-04
    Votes: 1

    Setup is a snap. I would like to see a way to format drives ,but I can do that from cmd. Nice work!

    Was this review helpful? Yes No
    Version: 2019-07-10
    Rating: 8
    Date: 2019-09-30
    Votes: 1

    I’ve tried Freedombox testing on Raspberry Pi 3B. Cockpit doesn’t run.
    Generally well suited but need’s some touch.

    Was this review helpful? Yes No
    Version: 2019-07-10
    Rating: 9
    Date: 2019-09-30
    Votes: 0

    Great distro. I have it running on ARM FreedomBox hardware (no-blobs). I also had the distro briefly running on a Pi 2B and a regular i5 PC (installed from base Debian and added the FreedomBox main FreedomBox package. Mostly everything works. I did, initially, get the Cockpit white-screen-of-death but after I configured the box (added domain name and added a Lets Encrypt cert) and rebooted, the Cockpit interface just works.

    Something similar here:

    https://cheapskatesguide.org/articles/freedombox.html

    When first set up, it takes some minutes to do auto-updates and such. They interrupted that process and it was “not good”, so be patient. Also had a failure of the initial launch of the configuration interface (“cockpit”) but worked past it.

    I may start with the Pine64 instead of the Pi ;-)

    Some of the observations where things I’d suspected, like a “point and click” interface not really giving a good Systems Admin full control experience (need to start over, not just edit and fix – common issue with ‘click to do foo’ approach). Also that the “it’s all easy and perfect” style of the write up was sellers puff… (it always is).

    Other bits look like they just didn’t understand things as well as they think they did. Like the statement that the R.Pi is not preferred as it has binary blobs in the drivers. He interprets this as “won’t work with onboard WiFi” where it is instead just the usual complaint about binary blobs being non-free source code bits so not a preference.

    He does a ‘dd’ to write the uSD card, but points it at a partition, then discovers you need to use the whole uSD card. Well duh, that’s how all .img files are written.

    I tried re-copying the disk image using “sudo dd if=freedombox-stable-nonfree_buster_raspberry3-armhf.img of=/dev/sdd1 bs=4096 conv=notrunc,noerror”. That produced the same results. Then, I removed the 8 GB ext4 partition from the SD card and recopied the FreedomBox image onto it using “sudo dd if=freedombox-stable-nonfree_buster_raspberry3-armhf.img of=/dev/sdd bs=4096 conv=notrunc,noerror”. That worked. The Raspberry Pi booted successfully. So, you must copy the FreedomBox image onto an unpartitioned SD card.

    OTOH, that’s the kind of stuff a NOOBs user is likely to run into. So, OK, it doesn’t cover every possible NOOBs like issue. I’m OK with that.

    I thought perhaps installing the Cockpit Server administration package would help. So, I tried that. It began to install and then this error message popped up: “Error installing application: Error during installation E: Could not get lock /var/lib/dpkg/lock-frontend – open (11: Resource temporarily unavailable) E: Unable to acquire the dpkg frontend lock (/var/lib/dpkg/lock-frontend), is another process using it?”

    I was not concurrently installing another package. Was the FreedomBox automatically updating itself? Why, when I had the latest version? I tried SSHing into the FreedomBox and rebooting. Apparently some kind of upgrade had been occurring, because after a reboot, the FreedomBox had two new applications, and the Cockpit application icon was now appearing under the “Home” page, instead of the “Apps” page, meaning it had been installed.

    So instead of letting it auto-run an update, crowbarred into the middle of it, screwed the pooch, and had to do a do-over.

    Note to self: Boot it first time, then leave it alone while you get lunch. Another common thing with “automagically configures and updates” boxes. You must give them time to “do their thing”. But the documentation ought to warn of this and the process ought to put up a status spinning tortoise somewhere.. or something.

    He then goes on to complain that you must install the applications you prefer and then configure them in ways that may not meet the ‘point and click’ claims. Kinda expected that, too.

    OK, so it is NOT “as advertized” a 100% NOOBs friendly just click and be done and you will need some amount of Linux skills to have a clue when it goes a bit off the rails from your expectations. I’m OK with that as I’m not a complete NOOBy.

    Essentially what it comes down to is they did a LOT of the selection of software and basic config choices, but do not have a 100% Point / Click way to do Systems Admin (another ‘well duh’ from my POV) and sometimes you trip over the automation during the bring up if you are impatient.

    Well, OK. I’ll be patient and I’ll take notes and maybe write up a better “How To”.

    Anyway, there’s some reviews and pointer at “the usual” problems to expect.

  3. E.M.Smith says:

    Got my 2nd, idle, Orange Pi One board out of the pile and plugged it in. (Using it now). The intent is to try making it a Pirate Box. We’ll see how that goes…

    It’s a Quad Core H3 system. With 1/2 GB of memory. 461 MB left after video bit set aside. With chromium open with this one tab, I have 199 MB used. Odd as on other systems doing that runs about 500 MB. Clearly there ae memory squander options you can set when building Debian…

    Anyone else remember running Linux in 64 MB of memory? I had an old Hitachi laptop (16 bit I think…) running Red Hat 5.2 in 16 MB.

    Anyway, it’s a bit slow and all 4 cores spike up to about 80% a lot as I’m typing., plus the CPU is running 66 F even with a 1/2 inch / 1/2 inch heat sink on it. So “good enough” but just barely..

    Dinky little thing, about 2 x 3 inches. But it does work… And it’s dirt cheap.

    And it’s made in China, so there’s that… (i.e. not going to be used for anything really important).

    Has only one USB spigot, so I need to use a USB Hub while I configure the WiFi Dongle (to have KB, Mouse, Dongle on it at the same time) but then shift to a remote access with just the WiFi dongle once that works.

    It ought to be a nice “lowest end possible” test bed for a Pirate Box.

  4. E.M.Smith says:

    Well, I installed FreedomBox on the Pine64 A64+ and it went OK.

    It is a bit quirky as described by others above. I also ran into the “go away kid you bother me, come back later I’m busy” on attempting to install an early Application. But it went away fairly quickly.

    You do the install and everything from a browser on a different machine. That had some ‘sloth’ issues where the Odroid N2 browser was asking for a new page update faster than the slow Pine64 was ready to serve the page, so got a “not ready” message, then a few seconds later the page comes up.

    Overall, it looks like it ought to work, BUT:

    1) The “change ports on your router” to let things work has not gone away. You WILL need to have some skill at opening ports on your router and doing that kind of systems admin.

    2) Clicks and pictures do not remove the minutia and detail of systems admin. I still don’t have a working WiFi Dongle and I’m pretty sure I can make it “go” a lot faster via a CLI then with their interface (wherever it is…). I’ve gone directly to the SBC, logged in as the “Admin User” that you must make at the Web Page, and I’m proceeding to set up my normal work environment so I can look under the covers and see what’s really going on.

    3) Overall, there is a little bit of help from the “click and pick” web interface in that it tells you things like what ports on the router you need to open, or what else needs to be done. But really, it’s mostly just a pretty face on the normal “install and configure these Linux programs”. I’m somewhat of the opinion that a good write-up of how to do it in a regular Linux way, essentially a cook-book, would be just as good and in some ways better. (Then again, I’m comfortable with standard systems admin).

    At this point I’m only about 2 hours into it, so we’ll see what happens with more exposure.

  5. H.R. says:

    Your last two comments on Pirate Progress were good, E.M.. I have a decent picture of what’s going on with the hardware. On the software side, I understand in the most general way what you’re what you’re describing, but then you’ve just described what you’re doing in a general way.

    Thanks for the commentary-on-the-go.

  6. E.M.Smith says:

    @H.R.: Nice to know. Thanks!

    Well, got logged into a proper session at a terminal. The web interface services had lots of D wait states showing in htop and many process instances. Memory used about 700 out of 800 plus some total (the rest of it being video core assigned). No swap existed. This with only 2 apps installed and none running.

    I tried setting up a SWAPFILE but it failed with “bad option”. They used a btrfs file system for the “snapshot” feature, but it forbids swap with snapshots on the same partition and they had only one big partition other than a dinky boot area… OK, everything slow as molasses in January, type 4 char, wait 4 seconds to see them, type a few more…. I plugged in a USB drive with a known swap partition and activated swap on it. Rapidly ran up to over 300 MB on swap and the “D” disk or other short term waits on processes went away. It became usable.

    Decided to do a password change since I was su to root. Was greeted with a request for the LDAP manager password. WT? LDAP is big corporate stuff. So a slow high activity complicated file system and a complex fat authentication system layered on a uSD card? With NO swap while their complicated WEB interface management system spit out a dozen processes in D wait state…

    This was just not well thought out for this scale hardware.

    Almost certainly the development is happening on a big fat PC with 8 GB of memory and fast real disk, then moved to an SBC with little QA or testing. I certainly made the memory stress worse by running a windows login process (after a long install of lxde). But when doing things, beyond one terminal Window, swap ran up to over 600 MB, and that is more than LXDE takes… so it was already short of memory needing swap, not having it, and having process issues. Most likely why every other Web Admin page load had issues…

    Now were it actually RUNNING a half dozen apps, like email, web server, vpn tunnels with encryption calculations, video chats: IMHO even without lxde running, it would crap its pants out of memory with no swap. Also constantly trying to checkpoint the btrfs file system with snapshots.

    This is just crap.

    OK design for a big workstation with corporate support team, BUT not right for a dinky SBC and a NOOBS admin on a Click ‘N Pray admin interface.

    The good news is that it is just a Debian 10.7 under the covers. This is just a Click Based Admin layer on top of The Usual underneath. So, IMHO, a lighter weight install with admin decisions to match might be fine. Start with Debian on an ext file system, skip LDAP, have 1 GB Swap, and whatever else pops up…. then likely the sloth and sporadic failed page loads goes away.

    I may give that a try later. I’m of the opinion that a clean, regular Linux Admin way, install of a focused set of apps, tested and shown to work on target hardware; would be a better solution. A “download and put on uSD card, edit a couple of parameter files, and go” would work better. A purpose built appliance build as opposed to a “kit of parts install by click admin” way.

  7. p.g.sharrow says:

    ” A “download and put on uSD card, edit a couple of parameter files, and go” would work better. A purpose built appliance build as opposed to a “kit of parts install by click admin” way.”
    That is what this ” click and pray” guy looks for. I never really was a computer geek, I just want the Damn Thing to work so that I can…pg

  8. E.M.Smith says:

    @P.G.:

    I’ve noticed a few “styles” of systems (and their programmers).

    One, that tends to be me, is the “Make it a working fully functional and clean simple appliance. Then TEST it.” Also I tend to have an exact cook-book to follow that is also tested for the install, bring-up, and final configuration if any. Usually let you get under the hood and tinker if you like. BSD and old Linux were like this. SystemD not so much…

    Another is the “Kitchen Sink:” folks. Often also the ones enamored of the Latest & Greatest thing with a gazillion configuration options and a load of “features” that 90% of everyone will never use, but you must know how to set, unset, or avoid. Because of that, they often are also “Kit of parts” folks with a laundry list of optional install targets and configuration choices. (Pottering and Pulse Audio come to mind…). These systems usually come with a bunch of “unexpected” issues as they can rarely be fully tested and certainly not on all likely hardware configurations. Their answer to this is usually adding MORE options and MORE install choices and MORE “kit of parts” to wade through (see SystemD admin files / scripts / blahblahbalh).

    There’s also a “simple kit of parts” bunch who mostly give you a recipe to make your own simple appliance and test it. I do this in postings sometimes as I can’t “ship a product”, really. Yet… So I’ll post how to bring up a Devuan box, but include that you can choose LXDE or XCFE as desktop…

    Then there’s the “Sealed Black Box” folks. Apple is like this. What’s in an iPhone? How can you change or fix it? Umm…. Chromebooks and Chromebox are a little better, but similar. Android is rather like the Chrome-Stuff. Open source and you CAN “roll your own” but most appliances using it are locked down. Similarly the Roku device. This is all FINE if it works right and if it does what you want. But usually comes with a significant price tag attached. See Microsoft Windows…

    My impression of the FreedomBox folks is they are in the #2 slot. “Kitchen Sink” as a kit of parts with a load of complexity choices, and not well tested. As my style is more #1 “simple appliance” or #3 “SIMPLE kit of parts / script”, I’m most likely going to just disassemble the FreedomBox “kit” and use it as a guide to a more determinate “Roll your own” script, and make finished simple “appliance” images that can be shared if folks want them. (When I get one of these working, in theory, I’ll also have my own file sharing site so can, then, share things like system images…)

    Anyway, that’s my view of it.

    I’ll likely start with 2 simple appliances (likely on the same board / server). File sharing and a web server / blog.

  9. Pinroot says:

    Well, I was looking forward to trying out the Freedom box on a Raspberry Pi M3+ but after reading your issues with it, I’ll think I’ll wait. Thanks for posting your experience with it, and I”m glad you’re looking into other options and sharing the results with us!

  10. jim2 says:

    The following steps must be followed exactly in order.

    Disable the rule called demo-server-reset-trigger in AWS EventBridge
    Create a new instance with tag:Name = demo-instance
    Create new user account on the instance called demo with a valid password
    Associate elastic IP address to the new instance
    Install TT-RSS
    Set host name to freedombox
    Set domain name to demo.freedombox.org
    Disable automatic updates
    Add own ssh key to root user
    Login via ssh as root
    Modify /etc/security/access.d/50freedombox.conf to remove sudo and admin groups (This is a robust way to disable shell access, but Cockpit login won’t work anymore!)
    Modules to disable

    Cockpit
    SSH
    Power

    Now install apps – (no proxies)

    Create one blog and one wiki in Ikiwiki
    Have one feed in tt-rss e.g. planet.debian.org
    Install Matrix Synapse

    Remove “shutdown” and “restart” options in the user dropdown menu (base.html)
    Edit file /usr/lib/python3/dist-packages/plinth/settings.py to comment out the section on password validators
    Start plinth and set password to “demo”
    Restore password validators section in settings.py
    Shut down the server
    Create image (AMI) from the instance with name demo-server
    Enable the rule called demo-server-reset-trigger in AWS EventBridge

    https://salsa.debian.org/freedombox-team/freedombox/snippets/277

  11. E.M.Smith says:

    @Pinroot:

    I think it is well worth the playing time, so would encourage you to see if it “has issues” on the Pi M3+, or not. It is quite possible the different board images have somewhat different builds.

    Also, knowing you need swap for anything big and / or with added “apt-get install task-lxde-desktop” windowing login, you could just stick with the regular shell login (or add that swap before adding windowing system…) and avoid my particular experience.

    At boot, it puts up a “Login:” prompt on the monitor plugged into the board, but you MUST go to the web page on another box first to make a login to use. Then you can come back, log in, sudo bash, and have a root shell so as to do “whatever you want” from that point forward.

    Alternatively, what I think is likely best, is just do a Devuan/ Debian / Ubuntu install of your liking, perhaps even Raspian wold have it, and then do the “apt-get install freedombox” and get the system config you like with the FreedomBox admin / apps layer on top of it (but where you can easily bypass it as you have root access…)

    Let’s just say I’ve not scrubbed my image yet. More play to come ;-)

    @Jim2:

    Interesting…

    I note that they completely bypass their “click and pray” admin system to do that particular demo set-up…

    I’d thought about doing an AWS or similar instance (on their ‘free’ tier) and may yet, but prefer the idea of not touching AWS… Amazon being an information sponge too…

    I wonder if any other Cloud Server Providers have a free tier?…

    I’d expect it to be more tested and run better on x86 / AMD64 VMs than on ‘some random low use SBC’ like the Pine64 A64+.

    OTOH, it IS a free tier ;-)

  12. Weetabix says:

    Caveat: I have little to no experience with any of this, but a healthy interest.

    It seems like a pirate box might be a good solution if you want some sort of IoT things going in your house that are not connected to the internet. I’d have to think of what IoT things I wanted, though. ;-)

  13. jim2 says:

    Microsoft has some free cloud dev services, I believe.

  14. jim2 says:

    So CIO, do you think FreedomBox has its own LDAP server?

    https://salsa.debian.org/freedombox-team/freedombox/-/issues/2012

  15. E.M.Smith says:

    @Jim2: Maybe…

    @Weetabix:

    There are 3 main problems with IoT things:

    1) They spy on you (Nobody needs to know what is in my fridge, or when I have my AC on or have had the heat off for 4 days…).

    2) Then can serve as a Bridge for other devices to get to the internet / send data out (as seen in the election where a “smart thermostat” was bridging a Dominion box to China).

    3) They can directly let hackers into your network / home via compromise.

    Being on a Pirate Box stops all of those.

    What it does not do is let the “Phone Home” service that the IoT device demands in order to operate, function.

    So you are likely to have a Smart Thermostat that sulks, a fridge that complains at you, and a TV that can’t get media to show you.

    The alternative is a “DMZ” ( I have a “TV Zone” for the televisions, for example). That lets the Phone Home and Media Download happen, but prevents “infection” of anything else on my network (#3). It does not prevent #1 or #2. Not buying that kind of device serves that purpose for me ;-)

  16. jim2 says:

    On second thought, it’s probably a cloud-based LDAP server. Putting something like FreedomBox on AWS is kind of asinine in the first place.

Anything to say?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.