… and back to a triple boot system

I had installed the new and upcoming Debian 12 (aka “Bookworm”) on my machine, parallel to the stable version (Debian 11 aka “Bullseye”) and Windows 11 – so I had a triple boot operating system again since a while.

The Windows part is a bit controversial – since I have this new self-built machine with the AMD Ryzen 7 5700G processor, my Windows 10 offered to upgrade itself to Win11 which I did. But in recent times, more and more reports arrive saying that Microsoft is forcing ads upon its clients all over the place – I’m running it with a local account and haven’t seen them yet. But the day I will, it’ll be a “goner” as they say.

Anyway, I was also looking at Arch Linux again since that is always the latest and greatest (like Debian unstable aka “Sid”, it’s what they call a “rolling release”). First I tried some things in virt-manager and QVM/KEMU, but then I decided to overwrite my old stable Debian 11 with Arch. Went fine, except that both Arch and Debian have different ideas about where their respective /boot folders are mounted. They’re both of the EFI partition alongside Windows, but still – anyway, maybe that’s a good thing; at least they won’t overwrite each others’ kernels and/or firmware. But both run fine, even if at the moment I can’t start Arch from Debian’s grub or vice versa; doesn’t matter.

Once I damaged my Debian 12 part, accidentally deleted the firmware, so it wouldn’t boot. Didn’t matter the slightest bit since for Debian I’ll always have my /home and system parts on different partitions – so wipe it with the latest (RC2 at this time) installer – and I just saw that since today there’s even an RC3 installer – and all is well. Except of course a bit of manual labour with reinstalling Ardour and all, but even that could be remembered and more or less automated when using Debian; have done so in the past with saving and later restoring its list of installed packages…

Anyway, here’s a screenshot where I newly registered the only commercial program I’m using on Debian, it’s Sonarworks’ Reference 4 headphone correction which I use in the monitoring bus in Ardour:

Haven’t installed Ardour in Arch (yet) since at this moment they’re close – with version 7.3 in Debian’s “unstable” and 7.4.1 (or so) in Arch.

The only programs which I still use in Windows from time to time are the OM Workspace from the former Olympus guys, and Nik’s Silver Efex Pro2 which you could get for free from Google for the time they’ve owned it (sold by now to DXO, not sure what they’re going to do with it…). So it’s kind of a jump-through-the-hoops for photography, but for music I’m on Debian alone since long, like for everything else as well.

And now, from time to time, I’ll have a look at/into Arch again. Normally when you read about new program versions with new features somewhere, looking into Arch means that you’ll have that newest version already. And Debian will stay my main and stable machine once that Debian 12 will be made official on June 10th.

Oh, by the way: Arch is slim, as they say on their homepage. Unlike Debian or other distributions, it doesn’t come with LibreOffice or any other programs pre-installed, so it’s *you* who has to decide what’s needed. Together with the Gnome desktop plus Firefox, Thunderbird and a few goodies, even with all my Wikiloops albums copied onto it, it’s still less than 10GB as you can see here – one third of that is my data so far:

That blue and purple stuff is all music (with the purple bits being published albums, and the outer blue one being raw and unpublished songs in .wav form)…

Like always, thanks for reading.

A good one

Lots of my former colleagues preferred Google’s Chrome browser to alternatives due to its speed. And while on Android its more free siblings like Vanadium and Mulch (both based on the non-Google-“optimised” and open source Chromium browser) are also some of the most secure browsers (if set up accordingly), on desktops it’s different.

And what I found – to explain it to those who don’t know yet – is a web-based comic in pdf form about it, called “Contra Chrome”, by Leah Elliot. It’s a lot of pages, but worth your time in my opinion. Also available in German or other languages one page up, here

Found it via the browsers page of DivestOS Mobile, found that one via my friend William Beebe’s blog post.

Thanks to everyone involved in creating and sharing this, thanks to you for reading.

LXQt on Arch is awesome!

We have that old Lenovo Thinkpad SL500 which we’ve got for Mitchie short before moving to our current home. That was in 2008/2009, Zuleikha was just 4 when this machine was brand new.

It came with a Windows version called “Vista”, for those of you who still remember that – something NT-like, just an in-between younger than XP but older than Windows 7. The machine has a sticker for it, as well as for its processor from the Pentium-M “Centrino” aera, it’s an Intel Core 2 Duo T5670, 1800MHz in 65nm and up to 100°C, just two cores, nothing “hyper”threading on this one.

That machine was never really capable of running said “Vista” without throttling, it has only 2GB of main memory and was swapping even before the OS was fully loaded. So we installed Linux, and it ran just fine, for a while.

The last OS I had on it (Mitchie has a much newer machine by now which is pretty much taken over by Zuleikha tho) was Debian 11 with the XFCE desktop. That ran pretty well unless you tried to start a few tabs in Firefox and at the same time have Thunderbird open – these programs are getting bigger like our average cars do, so I was looking for something slimmer again.

I first tried LXQt on the new and soon to be released Debian 12¹, and while it installed just fine (thanks to the Debian developers now allowing “non-free” firmware for the WiFi and so on), it had a few issues. First it also installed lots of stuff from the KDE Plasma desktop which I didn’t really want or need. Plus some things like screengrab didn’t even work at all, so for a screenshot I had to take my camera! Excuse the bad quality and lighting, but it looked like this:

I know – I should have issued a bug report to the Debian devs, but I just wanted to try and see LXQt, and while even Debian unstable didn’t have the current version 1.3.0 (both have 1.2.0 instead), I assumed that that bug was probably dealt with “upstream” as they say in dev circles, so I didn’t bother.

I looked at Fedora again which has a LXQt spin of their current version 38 – but that one’s a “Live Image”, and guess what? Wouldn’t even boot on a machine with only 2GB of RAM! So much for “Enterprise-class” (and -developed) Linux; nothing is really tested for end users like us… so if you’re a private person like me, don’t bother with anything “Enterprise” – it’s a waste of time in my (repeated) experience.

In the end I decided to go the slim route, and installed Arch with LXQt as its only desktop. And that one’s a thing of beauty, with its Clearlooks theme:

And as you can see, screengrab worked just fine on LXQt 1.3.0 and on Arch.

Using pacman I then installed both Firefox and also Chromium, and while Firefox got the CPU fan spinning again, Chromium seems to be a little slimmer (tho bigger in download size).

Anyway, just trying to figure out how to keep old machines working, and this one surely looks and feels quite wonderful.

Like always, thanks for reading.

¹ In fact on Debian 12 I tried a combination of LXQt, XFCE, and Cinnamon to make first choices – but while the installation went well (kudos), they all influenced each other with placing desktop icons around on each others’ desktops, so that wasn’t any kind of ‘pure’ experience. And since Arch gave me lots of options as well (the Budgie desktop for instance), I looked at these in a virtual machine on my desktop later. Nice but not as lightweight was my impression…

Containers are good, but…

Recently I have been reading a lot about computer and other hardware (phones for instance) security, and believe it or not, at this moment I think that GrapheneOS on a recent Android phone (it only supports Google’s Pixel devices because of their Titan M chips) is the most secure environment you can run right now – at least as a private person.

The problem with computers start at the kernel, and though Linux or the BSD family of operating systems are better than anything Microsoft or Apple, they are not without faults. A recent Linux kernel has probably thousands of kernel bugs, and the BSDs are only slightly better in that regard.

So what is the solution? The already mentioned GrapheneOS takes the Android approach of process and syscall isolation, with “sandboxing” as much as possible, and in this regard it might even beat Apple’s iPhones which are also quite good. On desktop and notebook computers, it’s the monolithic kernels which are the base of the problem; if an “application” (a program as we called them during my time) gets affected by an attacker, it’s relatively easy for them to break out of the program’s environment, and to take over everything, often with root rights (especially on Windows, tho it’s getting better).

When a few years ago Docker was the next big thing, my reply to it was that this wasn’t anything new – Solaris or the BSD family had containers or “jails” since I could think, so what was the fuzz about? Big Tech wants people and companies to move back to the “cloud”, and there these concepts are really needed, and so Docker and Kubernetes are now really big.

And what about the home desktops and notebooks?

Well there are interesting developments like for instance gVisor or Google’s “Fuchsia” operating system with its “Zircon” microkernel, and Daniel Micay – head of GrapheneOS – thinks that this is the future. But they’re not ready for everything yet, each isolation layer takes its toll (and will probably introduce more and newer bugs as well), and so for realtime processing like we need it for making (recording) music for instance, that’s a no go – maybe we’ll have to really separate the whole (“bare metal”) machines from the internet for these tasks?

Whatever it will be, that will be interesting to follow. Oh, and in the meantime, I’ll have it all, like a Windows 10 *and* a FreeBSD 13.2 on my Debian 12, like here:

At the same time, on another screen:

And while writing this, these “throw away” virtual machines you see in my first screenshot are history already – don’t need them anymore…

As always, thanks for reading.

This is fun…

Some two days ago, I installed the new and upcoming (not yet ready) version 12 of Debian GNU/Linux, codenamed “Bookworm”, and wrote about it here already.

The interesting thing for me as a hobby musician is that Debian now changed its default audio setup to pipewire, so while I’m still reading about its configuration – I did have some experience with it from a former Arch installation already – for now I simply started Ardour (Debian now has version 7.3) using this command line:

PIPEWIRE_LATENCY=128/48000 pw-jack ardour

And it runs nicely and without any hiccups (like xruns), with next to no CPU usage in an empty Ardour template (only 3 channel plugins plus Sonarworks in the monitoring section). With the Gnome environment (now version 43) set to dark mode, it looks like that:

Cool. Can’t wait to make some music with this new setup.

Like always, thanks for reading.

About phone (and desktop) security

I know at least one former colleague who really cared about privacy and security concerning his mobile phone. And this morning, I’ve heard an interesting interview with Gabe, one of the developers of GrapheneOS, using NewPipe on GrapheneOS on my late brother’s Pixel 3a device – that looked like this:

That’s one and a half hours of a really interesting interview, so it’s really worth it. And I can confirm how secure those mentioned Titan M chips are, not even Google could hack or circumvent those, so if I wouldn’t have been able to guess my brother’s passcode, that device of his would have been an expensive paperweight.

I also liked how Gabe gave lots of credits to Apple because of their long-term support of their iPhones and devices, but yes, with the Pixel 6 and newer, things are improving on the Android side as well.

About desktop security: it’s actually worse than this, the same interviewer has some other interesting videos about that, or tips how to use Tor on your phone.

Recommended listening. And like always, thanks for reading.

Back to a triple boot, added Debian 12, and a lighter theme again…

The headline basically says it all. I had to slightly shrink one of the partitions, then I installed “Bookworm”, and switched both my environment and also my web page back to a lighter theme for now. So my desktop looks like this now:

Like always, thanks for reading.

P.S.: added a dark/light mode switcher which floats in the bottom right of the page. Enjoy.

Testing Testing

Due to the installation of GrapheneOS on the Pixel 3a, and thinking about security in general – also on the desktop – I switched Debian back to using Wayland instead of X.Org. That works well, unless you have to work with screen capturing which would additionally require pipewire.

And because I also make music with my PC and until now heavily rely on Jack, I decided to try Debian’s upcoming version named “Bookworm”, or, in repository talk, “testing”. So I set up a virtual machine to try it. In case you’ll also want to do that, you can find the installer here.

So, after staring up a virtual machine with that installer, you’re greeted with something like this:

I decided to *not* use the selected Grahical Install but the “normal” and old-fashioned Install just below it. That’s text (ncurses) based, and looks like this while working:

And, after downloading some stuff which was not included or newer than in the downloaded installer, you’re rebooting into it like this:

And, after a few seconds, you’ll see the few initial (one time) configuration steps, like this:

And that’s pretty much it – takes some 10 minutes from starting the installer until here, and most of that time is spent downloading stuff you don’t already have.

And yes, my first check was whether screen capture works with Wayland (and now pipewire), which it does. Further checks will have to be done elsewhere, since audio recording is pretty much a realtime task, and thus not very well suited inside of virtual machines.

But anyway, I’m looking forward to using the upcoming “Bookworm” – when it moves from “testing” into “stable” later this year. Looking at the open RC (release-critical) bugs, it might already be more stable than stable… 😉

Like always, thanks for reading.

Most popular on XDA

Well this is interesting. Over at XDA Developers, there’s an article about the “Most popular custom ROMs for Android in 2023“. And of course on top of that list there just had to be LineageOS, as it’s probably the most popular custom ROM anywhere, not only on the XDA developers’ site.

What’s more interesting than that is the place 2 of the list, which is PixelExperience, or PE in short. And that’s interesting because it supports lots of vendors, and it turns their devices basically into almost original Pixel phones (minus the hardware like Titan chips of course). Haven’t tried it yet, but for the Pixel 3a like for many others there’s Android 13 available.

Until now, and both on the Google Nexus 5 and now on the Pixel 3a, I have tried /e/OS, LineageOS, and most recently now, GrapheneOS – so I’ve had basically every possible experience with and without Google services like microG or even the original ones (also on original phones). And all of these have their virtues, and also their different goals. While some of these ROMs simply prolong the lifespan of your device, others try to avoid Google and are built more on security aspects like application sandboxing and memory isolation. All valid reasons to try something different than a Google or Apple (or Samsung or any other) device.

I find all of that interesting. If the 3a (or the 4a) were still my “daily drivers”, then I’d be glad that I have choices, and would try and check if GrapheneOS and the app from my bank like each other. If not, I’d probably try PixelExperience – or any other one which supports the devices longer than Google does. The 3a is out of support since a while, the 4a will soon be, and so on… and anything is better than throwing devices away, isn’t it?

Thanks for reading.