Linux 101 with Leo_8472: Part 2: Browser

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am hardening Firefox with my father on his new Debian installation. Once again, I am hands off the actual machine. Let’s get started!

The popular Chrome browser by Google is literally made by a company that makes money by studying you to feed you ads you’re vulnerable to (ie: more likely to click on) or want you to see for some other reason (a political agenda they approve of). While this is shady and dishonorable, respectively, there’s little to keep them from aiding a government they wish to appease from targeting people on a basis for any sort of “wrong” thinking.

Consider: if logging in to a site online is like showing your face, the browser you use to visit that site is your car. Just as people can learn to recognize you by your car, websites can recognize you by your browser –even if you don’t log in– by all the individually nondescript details your browser shares by default.

Firefox markets itself as a privacy-respecting browser, and while they’re a less-offensive choice than the alternative, they’ve made some choices that chase cash and not all their defaults respect Grandpa Joe’s technical ignorance. Their default search engine is Google. They have a “privacy respecting” news headline service that tracks you locally on your machine (as I understand it) but ultimately will record your clicks and is subject to its own political bias.

Project Progress Review

Before diving into the main payload, I did guide my father through installing Debian again over his first install – this time using the LXDE desktop environment. It’s small, and we are planning on installing a different one anyway that isn’t included in the default lineup found in the installer.

When starting a software project is often best to check for updates. sudo apt-get update and my father’s account wasn’t in the sudoers group. I quickly found a command to fix that and talked him through logging in as root to take care of that. Once updated, we began working over Firefox using a guide by Chris Xiao [1].

Firefox Hardening

Firefox presents its user with an overwhelming number of options. Xiao’s guide [1] does a good job of maneuvering you through a number of options you may want to set if present, but in the end, it’s up to you to make the final call on each setting exposed to you. We neither followed all the steps suggested nor limited ourselves to it.

The guide starts off with the settings menu one might find by fiddling with the menu, where it was simple enough to read the guide and switch settings as we spotted them. It then followed in to the spooky scary deeper settings you only change when you’re okay with potential software breaks. My father compared it to the registry in Windows.

Closing thought:

I made a mistake. In a coming week, I plan on moving my father over to the “testing” branch of Debian. I don’t have the exact numbers in front of me, but his Firefox version is about 15 to 20 versions behind what I’m using on Manjaro (Firefox 92.0.1).

I will need to revisit this list.

Takeaway

Online privacy is largely a fleeting fantasy these days, but I believe it’s still worth working for.

Final Question

Where do you draw the line between privacy, functionality, and security?

Work Cited

[1] C. Xiao, “Yet Another Firefox Hardening Guide,” May 5, 2021 [Online]. Available: https://chrisx.xyz/blog/yet-another-firefox-hardening-guide/ [Accessed Sept. 26, 2021]

Linux 101 with Leo_8472: Part 1

Good morning from my Robotics Blog! This is Shadow_8472, and today I am talking my father through his first Linux install. Let’s get started!

Installing Linux isn’t as difficult as people think it is. If you ask me, the hardest part is the research. You need at least a little experience to know what your priorities in an operating system are or even could be, but you won’t get that experience without exploring the possibility space.

For this project, I’ll be helping my father install Linux. However, he will be the one at the controls and I’ll be “over the phone” from the same room, telling him what hardware to use, what software to download, and what commands to enter.

Step 1: Hardware

Linux doesn’t run in thin air, but it can run on otherwise low-spec hardware. For today’s project, we’ll be installing over my first Linux install — from before I really knew what I was doing — the hard disk drive originally from ButtonMash, my server/phototrunk workstation. For the rest of the system, we will be using his existing computer, ButtonMash’s hardware sister. I’ve selected one of my thumb drives to host our install media.

Very important: back up your data. THE LINUX INSTALLATION PROCESS DESTROYS ANY DATA IT TOUCHES. The USB we’re using is just outdated installation media for a previous system. I started talking my father through the backup process, going through a number of commands, but when I remembered an existing backup, I went and laid eyes on it before giving the final clearance to overwrite it.

This section went well, but I did have to fetch an extra SATA cable to install the drive with.

Step 2: Installation Media

Linux is often installed from some sort of installation media, usually a USB stick. Normally, I’d use the dd command and a setup where I won’t nuke a different drive by accident. I’d rather not risk an accident, though, so I spent a while searching for some sort of Linux USB flasher.

Turns out installing Linux from Windows is a well-documented rite of passage, and dd is what you’re expected to use when jumping from Linux to another Linux. I eventually dropped a question in the Engineer Man Discord and user localhost recommended Belena etcher, so we’ll be trying that. I chose Debian to install because I’ve had some success with it in the past, but to keep things fresh, I’ll be moving him to the testing branch.

Belena etcher came without any sort of checksum, but Debian does. When given, always make sure to look for a checksum — especially for core applications like operating systems.

This section went smoothly aside from an overstuffed Downloads directory providing us with plenty of distractions and command line practice. Belena Etcher came in a .zip file, so we created a decompression chamber my father dubbed his Bombshelter. Once we were ready, Belena Etcher made it clear which drives were which as advertised. The only thing remotely worth complaining about was their self-promotion for premium and other products. Of note: they are multiplatform; if you’re looking to switch from Windows, they are a viable choice.

Step 3: Installation

Now for the main event and my father’s first important choice. Dual booting. When multiple bootable drives are present, the BIOS select which drive to boot and the bootloader on that drive can provide a list of operating systems to boot into. When I wanted to set up one of my computers for multiboot, I wasn’t able to configure it manually after physically disconnecting all drives I care about.

Debian 11 booted straight into an installer, where the graphical installation process mostly cared for itself. Overall, though, this step was a little harder. Names are hard, even for a computer. I know about Logical Volume Management (LVM), but not enough to recommend it for this particular project. When we tried it, it was looking to mess with the existing disk.

We had the option in terms of desktop environment to install, but as I plan on taking him to a place where he can further customize it, it doesn’t matter so much. I nudged him in the direction of trying KDE in the name of exposing him to something new, even though it’s typically a little heavier.

We had a some trouble getting the computer to boot into Debian proper. I suspected it was the GRUB list only outputing to VGA until we pulled up a BIOS level boot list and forced it to boot to the new Debian drive and the GRUB menu offered access to Debian or Mint.

As I feared, KDE was a bit slow.

Takeaway

Congratulations to my father on his first Linux install. I had more planned, but we simply ran out of time. I expect a part 2 to follow shortly where we’ll focus on getting from a point-and-click environment to something he can feel more comfortable in.

Final Question

Have you ever tried to pass on a skill to another person?

A Minecraft Server Sent Me Source Diving

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I am building a private Minecraft server for plugin testing. Let’s get started!

Minecraft Paper Server

Any sufficiently popular computer game will eventually attract someone with the ability and drive to modify it. Others will come along and make tools to lower the barrier of entry so even more people can customize their experiences. Barring legal action from parent companies or a drop in popularity, the cycle continues to the point someone with basic computer literacy can find the resources he needs to join the modding community as I did almost ten years ago after my friend introduced me to Minecraft Bukkit servers. Shortly afterwards, I had myself a Last Airbender inspired Minecraft server.

In the year I was gone from Minecraft, my mother and sister have been helping on the moderation team for DS9Fireblade on PhoenixCraft. DS9 has selected a number of plugins to manage the chaos that often accompanies publicly available servers, but it’s hard to master all the commands when you have to worry about not breaking stuff.

Server Building

Little has changed about the fundimentals of Minecraft server construction. A modded server provides a stable platform imitating the vanilla game while providing plugin or mod makers a space to hook into without interfering with other plugins.

DS9’s server is running Paper, a version of Spiggot from the Bukkit modded server family. Ideally, I would take the time to track down the exact version for 100% compatibility, but I was having trouble finding the download. I made the executive decision to just use the newest version of each piece of software and adjust things if needed.

I loaded the server onto ButtonMash even though it’s still technically on Photo Trunk duty until that project is done, idle as it is. I remembered a series of topics I covered a while ago on how Minecraft doesn’t do well with the default settings and that G1GC (Generation 1 Garbage Collection) makes things go more smoothly in terms of long-term problems. I wasn’t fond of doing all that research again, so I reviewed this sight [1] which I do not look forward to citing, but offers a a list of Java flags to use and what each one does.

Months of idling were not kind to Button’s RAM, as it was about maxed out with Xorg (graphical server), even when I closed everything. I rebooted. It defaulted to its internal Minecraft server drive I have slated for a future Linux install some day. Around ten minutes of digital technical taps to the BIOS and removing a bent thumb drive later, I got it back into Debian.

The server still refused to start. Java was up to date with the repositories at Java 11 but it wanted Java 16. I just so happen to have solved the exact same issue with a Minecraft client earlier week. I downloaded an appropriate version of GraalVM [2]. Since I don’t plan on this server going anywhere, I saved it within the server’s main directory and edited my serverstart command accordingly.

The server was a bit more cooperative after that. I signed the EULA and modified a comment about tacos supposedly being the best food (why is that even in there?). Once I confirmed the server was running I started adding plugins, starting with the modern bending plugin and following it up with tools from PhoenixCraft.

mv Goof

My workflow settled into a pattern of looking up a plugin from the list, going to the download page, copying the actual download link, then using wget to download it onto ButtonMash as I’m working over SSH. I wasn’t impressed when I had to rename each file as it came in, but I figured it wasn’t worth my time to immediately puzzle it out, but I made a Downloads directory to isolate incoming files so they didn’t get lost.

Things were going well until I found one that didn’t want to be downloaded via command line. I waited a few minutes, but it still said it was temporaily unavalible. I was able to download in Firefox though, so I saved it to GoldenOakLibry, my family’s network storage. Soon I was copying its containing directory over into plugins.

Oops.

The containing directory was gigabytes of information at the least. I at least knew my Unsteam games project was in there, but I also found an old backup from my laptop. The connections are all hard wire, but I didn’t feel like waiting an unknown amount of time for the half way point, so I canceled the command with CTRL+C to assess damages.

It had only really started: two visible files at the very least. They appeared to still be in their original spot, but I wanted to be sure. I looked up the mv command’s inner workings, but my search results were filled with helpful information for someone learning normal terminal operations, not an unusual situation like my own.

With few places left to turn, I went source code diving. The hardest part was finding the code, but dpkg -S is the tool for that job. I zeroed in on the mv source and found the exact file [3] on the Debian website, a file written in C. My mission at this point was to answer this basic question: does mv do anything to directory trees its moving between physical disks as it goes or does it copy everything and clean up at the end?

I found what appeared to be a loop structure at line 364 in main(), but it didn’t appear to be trying to traverse any sort of file system structure. Further study led me to line 173, in do_move() where it copies the file in question before flagging the whole thing for deletion on line 224. And with that, I had answered my own question: cleanup is done after everything is safely moved.

Takeaway

This post was entertaining to make. It was supposed to be a boring, but quick and easy job I didn’t need to research much for after a week of stalling for topics. It was also the first time I went looking into the Linux source code, and while it makes poor skimming material, it was insightful. Find In Page was my best friend.

Cleaning up in post makes sense though. Everything in Linux is a file, even directories that contain other files.

Final Question

Have you ever studied the laid out inner workings of anything?

Works Cited

[1] lechowski (I think… Author is unclear), <March 5 OR May 3> 2021. [Online]. Available: https://lechowski.info/gry/minecraft/modded-mc-and-memory-usage-history-crappy-graph [Accessed Sept. 12, 2021]

[2] GraalVM, 2018-2021. [Online]. Available: https://www.graalvm.org/ [Accessed Sept. 12, 2021]

[3] M. Parker, D. MacKenzie, and J. Meyering, “mv.c” 1986-2018. [Source code]. Available: https://sources.debian.org/src/coreutils/8.30-3/src/mv.c/ [Accessed Sept. 12, 2021]

By Continuing To Stay I Agree To What?!

Good Morning from my Robotics Lab! This is Shadow_8472, and today, I’ve been thinking long and hard about my policies towards current practices of data collection and how I’m going to balance privacy and functionality. Let’s get started!

Wakeup Reactions

My first reaction when thinking about data collection is that it’s all bad – overreaching companies look at where you’re going and what you’re doing and use that data to feed you ads and filter your social media feeds so you start thinking “correctly” according to some big boss at the top. I’m scared. Some people just give up trying because they feel it’s too late to stop the cyberpunk dystopia we’re quickly sinking into so it’s not worth it to even try. Others will go overdrive the other direction and redesign their whole lifestyle around having little to no online interaction.

I’d describe myself as somewhere in the middle. I’ve tried to take a reasonable stance; I only replace digital services with less invasive alternatives when they’re otherwise up for replacement. This strict of a policy has led me to go a year without a phone and to boycott Minecraft ever since they announced mandatory Microsoft accounts. Overall, I feel a little safer for my efforts, but I’d feel better if I could convince the rest of my family to take similar steps as they are able. At the same time, I feel a little more isolated than I should be.

Data Collection: the Good and the Bad

The truth about online data collection is that there are functions that logically won’t work if it doesn’t happen at all. Posting to a comments section implies permission to display said comment publicly. It may also subject it to moderation, and inclusion in site backups (it may show up again if site is rolled back to before user-end deletion). Sharing a photo may additionally require giving the service permission to “digitally manipulate” it to make a low resolution thumbnail. Ordering up a video from a streaming service requires it to know what you’re watching. All these things are fine, even though you are technically forgoing elements of privacy to allow things to work.

The bulk of applications of data collection exist in a huge gray zone between acceptable and unacceptable. That video streaming service can make more appealing suggestions by building up a profile on you, observe that all your peers are into MoneyBuck’s Capitalist Island Adventure let’s plays (not a real game so far as I can tell), and guess that you might be too! The same technology and permissions can be used to track your interest in candidates for the Yellow-flag political party and with the way things are set up, it only takes a few lines of fine print you will never see, unless you actively look for them and they can sell their profile on you to some other company who prefers you vote Orange-flag and –with another line or two of fine text you won’t likely ever see or understand– will slowly change what it shows you to make you more sympathetic to the Orange-flag party while it hides pro-Yellow-flag stuff from people already in the Orange-flag camp.

In extreme, real-life cases, they’re essentially digitally harvesting your organs to profile you for profit in a not-illegal black market. Their model of you is perfectly legal because you technically give consent to the fine print of a web page they’ll only serve up when asked specialy.

Struggles of the Privacy Resistance Movement

Privacy tools exist. Many people give up hope anyway presumably because their go-to information sites often have built their business models around the user data market – places with a vested interest in hiding tools designed to assist in undermining abusive data collection policies.

Some jurisdictions have passed laws requiring opt-out options. It’s a start, but in my experience, there’s still a lot of room for sites and services to avoid unintentionally informing users of their rights and/or make it annoying or inconvenient for users wishing to exercise them. More than once, I’ve seen an opt-out popup revert on page refresh. For user accounts, expect instructions on how to find the opt-out controls to be buried behind at least a few layers of “Please see our X for more information” worth of of tiny type.

Minecraft and Microsoft Accounts

I don’t think of Microsoft in a positive light anymore. Their announcement trailer for account migration was honestly more than a little offensive because it left me with the message that my concerns in particular could be bribed away with a cape. They can burn my cape for all I care. It wouldn’t look good with my player skin anyway. I’ve been vocal about rejecting the terms of service for a Microsoft account.

However, I’d be lying if I said I didn’t miss playing Minecraft. If I want to keep playing, there will come a time when I’ll need to migrate. I’m still not happy about getting an account, but how much of a privacy backslide is it really? What steps can I take to tell them, “I said, ‘No!’” in a way they will understand?

I reached out to the folks at tos;dr [Terms of Service; Didn’t Read]. Their whole thing is annotating terms of service documents and highlighting potentially objectionable or commendable phrases they find embedded in the legalese. But they only have so many resources. In the end, they’re good to sound the alarm and not so good for pressing forward. I wasn’t able to get anything conclusive straight from them.

As migration propaganda was pushed through my family’s Minecraft launchers, I managed to talk my family into slogging through the tiny type. A lot of it sounded pretty good. Sugary even. Alarmingly calm. One document led to another led to three more and the web went on. It was not a fun read. Only as we were coming to the end of a document chain did we find that this Privacy Dashboard they mentioned several times [1] was effectively a partial red herring; I’ll need to talk to a human being somewhere in their system to exercise my full rights. {Writer’s note: I really wanted a direct quote, but it’s late, and “Learn more” is the enemy of “Find on Page.” Consequently, I don’t know if I’m on the right page.} With all the tricks I’ve seen so far, I half-expect their staffed privacy department to be severely understaffed to the point where it barely exists, legally speaking.

I may not agree with everything I’ve seen, but there’s nothing stopping me from minimizing my contact with them. I’ll only make an account once it’s absolutely necessary. I’ll only ever use Linux when playing because it doesn’t have all the mysterious collection nodes requiring additional policies on data collection from Windows, Mac, and some other names I don’t recognize or remember. The official launcher with its ads for their other games will only be my last-resort option after days of trying to get a chosen 3rd party launcher working. Finally, I’ll lock down my account once it’s made with their Privacy Dashboard for what that’s worth while I at least try to go the final step and clamp it down hard through a live agent. If I am going to accept their terms of service, it will be on MY terms.

Takeaway

Too few people care about data collection practices and the people who do are burdened with the alarmingly rational feeling of Big Tech watching them, even if they make a hobby or career out of researching how to be as nondescript online as they might be while walking a dog. Privacy should not be something Grandpa Joe needs to worry about after little Jimmy the computer nerd tips him off. On the other hand, it’s easy to get overenthusiastic about reclaiming privacy and cut yourself off socially instead. Each person has his or her own balance point, but it’s all too often privacy by intervention instead of by default.

Final Question

Have you ever boycotted anything to seemingly no avail?

Work Cited

[1] Microsoft, “Microsoft Privacy Statement” Microsoft, July 2021.[Online]. Available: https://privacy.microsoft.com/en-us/privacystatement [Accessed Sept. 6, 2021]