33b5e5.com

Building apps. Playing music. Hacking things.

View the Project on GitHub

Void Linux

I’ve been testing Void Linux recently, and thought I’d take a few minutes to write about my experience. Void is an independent, open source Linux distribution with a unique package manager and an init system written from scratch. The Github repo is here.

Void uses a “rolling release” strategy; there are no specific releases or versions. You can update packages daily or whenever you chose, and you’ll always get the latest code. They use a continuous build system to produce packages as soon as changes are pushed.

Void’s new package manager is called xbps. I had no trouble picking up the syntax, and it seemed to handle dependencies and do everything else you’d expect a modern package manager to do, but I didn’t find it particularly notable or exceptional. The purported benefits are outlined here.

Where Void Linux really shines, and by far my favorite thing about it, is the init system, runit (“run it”). You can read more about runit here. Sometimes a screencap is worth a thousand words:

void1.png

That’s the running process tree from my Void Linux system. That’s it! That’s all that is running on my system. Admire the simplicity. I can explain what every process is doing there. Try that on a fresh install of Ubuntu!

As a result, the OS itself has a remarkably small footprint:

void2.png

The system is only using 33 MB of RAM. Incredible!

The underlying approach to managing services is genius. Basically, it’s just symlinks. If you look at the directory /var/service, you can see which services are enabled. If there’s a symlink there to an existing service in /etc/sv, that service will start at boot (and continue running under the management of runit). Need to disable a service? Just delete the symlink!

void3.png

Let’s take a look at a service configuration in /etc/sv. Here we’ve created a new service configuration for ntpd (network time protocol). It’s basically one line of Bash. It execs ntpd as the ntpd user. That’s it.

void4.png

With that in place, all you need to do is create a symlink in /var/service, and you’re done.

I’ll definitely be keeping an eye on Void Linux. I absolutely love runit. It’s such a nice anecdote to the over-engineered complexity of systemd, the init system used my the majority of popular distributions.

Unfortunately there are some chicken-and-egg issues preventing me from using Void in production systems. Namely, it’s not available as an install target on any of the hosting providers I use. I had to create a custom ISO image in order to install it on a VPS (custom ISOs are a nice feature over at Vultr, my favorite VPS host). Void also suffers from a lack of adoption (and a resulting lack of community support) at this early stage. Try Googling for solutions to problems with Void, and you’ll probably be disappointed. These problems should wane as time goes on and more people start to use Void.

I’d encourage anyone interested in a new approach to Linux to check it out!

2017/10/09 @ 22:22 | permalink



Secure DNS

I’ve been routing all the DNS queries from our house through Google’s secure “DNS over HTTPS” service for the past 3 months. It has worked extremely well. As Google explains: “Traditional DNS queries and responses are sent over UDP or TCP without encryption. This is vulnerable to eavesdropping and spoofing. DNS-over-HTTPS greatly enhances privacy and security between a client and a recursive resolver, and complements DNSSEC to provide end-to-end authenticated DNS lookups.” It feels good to secure DNS and keep all that sensitive data from the ISP (and from anyone else with a privileged position on the network).

There are a variety of DNS clients that have been created to interface with Google’s DNS over HTTPS API; I chose one written in Go called Dingo.

For enhanced performance, I wanted to also use dnsmasq. I hoped to place it in front of Dingo, since dnsmasq provides a local cache, preventing unnecessary lookups to Google for common records.

However, instead of using vanilla dnsmasq, I decided to use the popular Pi-hole software. Pi-hole provides some additional features on top of dnsmasq, such as network-level ad-blocking, easy whitelist/blacklist capability, and a nice dashboard.

Following are some rough notes on how I set everything up. You can replicate this setup on any old Linux box on your local network. A Raspberry Pi is sufficient.

  1. Install Pi-hole

  2. Install Dingo

  3. Temporarily run Dingo as follows:
    sudo ./dingo-linux-amd64 -gdns:auto
  4. You’ll probably want to setup Dingo to start at boot. I launch it inside tmux, via a single line in /etc/rc.local like:
    tmux new-session -d -s dingo '/root/dingo-linux-amd64 -gdns:auto'

    Then you can easily “attach” to the tmux window to see the output at any time:

    sudo tmux attach -t dingo
  5. I also added a pane to that same tmux window to show the pi-hole log. This works great in the same window since it’s already running as root. Although we haven’t configured Pi-hole yet, let’s go ahead and add the log pane anyway, with something like:
    tail -f /var/log/pihole.log

    Now we can easily see Pi-hole and Dingo output in real-time.

  6. Configure Pi-hole to query Dingo instead of your upstream DNS servers. Edit /etc/dnsmasq.d/01-pihole.conf to add the first line and comment out the other two, like:

    server=127.0.0.1#32000
    #server=8.8.8.8
    #server=8.8.4.4

    Note: port 32000 is the default port for Dingo.

  7. Now you just need to configure the machines on your LAN to use the IP address of this Dingo/Pi-hole box for DNS. I chose to do this for all hosts at once by modifying the DHCP config on my router. I just hand out the IP of this Dingo/Pi-hole box as the primary DNS server, leaving my router/gateway IP as the secondary, just in case the Dingo/Pi-hole box goes offline.

Here’s an optional modification to have the Pi-hole blackhole bad hosts to 0.0.0.0 instead of its default LAN IP. Using 0.0.0.0 was quicker and more reliable; the LAN IP caused clients to experience slow load times at news.google.com and other sites.

sudo vi /opt/pihole/gravity.sh

Search for the function “gravity_hostFormat()” (currently at line 302), and modify it like:

# Only IPv4
# First line is the original, second line is modified to use 0.0.0.0 for blocking.
#cat ${piholeDir}/${eventHorizon} | awk -v ipv4addr="$IPV4_ADDRESS" '{sub(/\r$/,""); print ipv4addr" "$0}' >> ${piholeDir}/${accretionDisc}
cat ${piholeDir}/${eventHorizon} | awk -v ipv4addr="0.0.0.0" '{sub(/\r$/,""); print ipv4addr" "$0}' >> ${piholeDir}/${accretionDisc}

Unfortunately, edits to /etc/dnsmasq.d/01-pihole.conf and /opt/pihole/gravity.sh will be lost when the Pi-hole software is updated, so you’ll want to avoid manually updating Pi-hole, or keep these notes handy.

2017/07/17 @ 19:27 | permalink



ZX Spectrum

At the end of tape from Radiohead’s OK Computer OKNOTOK 1997-2017 bonus material there is a ZX Spectrum program.


The ZX Spectrum is an 8-bit personal home computer released in the United Kingdom in 1982 by Sinclair Research. It was manufactured in Dundee, Scotland, in the now closed Timex factory.

h/t: Engadget

2017/07/15 @ 06:27 | permalink



Baofeng BF-F8HP

I recently picked up a Baofeng BF-F8HP from Amazon. It’s an interesting little handheld radio made by Baofeng in Beijing. It can transmit or receive on 136-174 MHz (VHF) and 400-520 MHz (UHF) bands at 8 watts, and receive on 65-108 MHz (FM).

Interestingly it also has the ability to transmit “touch tones” (DTMF) using the keypad. This is likely how the air-raid sirens were hacked in Dallas. Although the hack is reminiscent of Captain Crunch and an older era of analog hacking, it’s still relevant because we rely on analog RF signals for emergency communications and infrastructure.

Despite its widespread availability, the BF-F8HP is technically out of spec in the US, and certain uses of this radio may be against FCC regulations (including out-of-spec or over-powered transmissions, not to mention hacking air-raid sirens).

I’m using it to receive RF transmissions in the area, and to experiment with the intersection of modern tech and older analog RF tech.

2017/07/06 @ 04:46 | permalink



Ripple

This is a stunningly beautiful rendition of Ripple. Put together by Playing For Change, it was filmed and recorded in the US, Israel, Italy, Congo, Argentina and Ghana and features an international cast of talented musicians.

2017/06/24 @ 05:30 | permalink



How To Install Linux on Windows 10

Here’s the easy, distilled way to install Microsoft’s new Linux subsystem for Windows 10.

This method utilizes Canonical’s “Ubuntu on Windows” image which provides a fully working Bash shell and package manager. The installer is bundled with Windows 10.

1) Enable “Developer Mode” under Settings > Update & Security > For Developers.

low1.png

2) Enable “Windows Subsystem for Linux (Beta)” under Control Panel > Programs > Turn Windows Features On or Off.

low2.png

3) Open a Command Prompt and run “lxrun /install /y”.

low3.png

4) That’s it. Now just run Bash from the Start Menu. You’ll drop into a root shell with a working apt package manager and what looks like an Ubuntu 14.04 image.

low4.png

2017/05/02 @ 23:20 | permalink