Decentralized websites and more

“Cool idea, but to be of any use, it would need more functionality and more content” was my impression when I first looked into zeronet. Back then static web pages were all there was, and no UI support for any managing tasks. The next time I checked, probably more than half a year later, it had a blog engine, subscription on the welcome page, mail, chat, forums, wiki, boards and more. Blogs was what hooked me this time. The interesting feature was that you could subscribe, and have the news listed on the hello page. So I started to write new blog posts both on wordpress and on zeronet. True, wordpress has lots of more functionality than the zeronet blog engine. Some things are nice gimmicks, but none of it is really essential. ZeroBlog is really all you need.
Some people started to leave twister for zeronet, but I couldn’t quite understand why. For me, it filled another niche. They are both very nice in their own way.

How it works

To create a site, you can execute a python command on the commandline, or simply clone an existing zite. In both cases, a private key is generated that you need to later sign the content. Signing is really easy, but you better take good care for your private keys. Make sure not to share them, but do make backups for yourself. From the private key, a public key is derived and from that a BitCoin address. The BitCoin address serves as the unique identifier for your zite. If this identifier looks too complicated, you can register a shorter name on the NameCoin blockchain, and link it to your bitcoin address for the zite. Once you sign and publish your zite, you can give the address to your friends, or publish it where other people can pick it up. Whenever another zeronet user requests your address, he sends the query into the mesh. Whoever is closest, serves the files anonymously. Now the user who visited, becomes a seeder who also serves your content. No central server required. Now you can switch off all your computers, and your zite is available. Your zite stays online for as long as there is at least one other user seeding it.

Proxies

To visit zeronet sites, or simply zites as they are called, you should run the zeronet client. The software is written in python with few dependencies. So it is really easy to run. You can either run it locally, or on a personal server. Then just visit the entry page with the browser and navigate from there. But if you want to visit a zite without installing any software, there are also public proxies. There are many reasons why running the software is better than using these proxies, but I won’t go into the details now. And I don’t list the proxies here.

ZeroMe

Then came merger zites. I read about the concept before the release, and was really curious. Some things are not as easy to accomplish with a decentralized anonymous system as with a centralized architecture. But when I had my first play with ZeroMe, my reaction was “Wow this is what I have been waiting for”. I don’t use most social media because of the centralized architecture, and because they own all the data of the users and can make with it whatever they please. There have been decentralized social platforms before, but they were usually a hassle to install and maintain or not so great from a usability standpoint. Now with ZeroMe you choose a hub to store your data, an identity provider, and a presentation. So you have three orthogonal aspects to your experience.

Data Hub

You can subscribe to as many hubs as you wish, but store your data to only one of them per identity. They can be organized by region, language or interests. The more you subscribe to, the more data will be stored on your harddrive, and the more bandwidth will be consumed. You can also run your own hub, and use it only with your friends.

Identity

The identities existed for a while. You needed an identity to write a blog, to comment on other people’s blogs, to write and receive ZeroMail, to write to boards and chats and talks and wikis. Again different identity providers have different requirements. For ZeroId you have to register your handle on the namecoin blockchain. For Zeroverse you had to send a bitmessage. For KaffieId no external proof is required. You can maintain as many identities as you like. Some can be more credible, others totally anonymous.

Presentation

The official frontend is Me.ZeroNetwork.bit. But as it is all opensource. The first forks or clones started to appear. There is the darker themed Dark ZeroMe. There is ZeroMe Plus which adds some nice features.

Worst customer experience ever

The best notebook ever

I blogged about my attempts to buy a decent notebook here before. But let’s recap quickly. In the fall of 2013 I bought a Dell XPS13 Developer edition. When Dell shortly thereafter announced that they now accept BitCoin, I had the feeling I missed out on that opportunity. Nevertheless, it was the best computer I ever had. As it came with ubuntu preinstalled, there was no hassle with drivers. Everything just worked, it was lightning fast and gorgeous. But in February 2015 it was stolen.

Paying with BitCoin

I wanted to buy the same notebook again, but this time I wanted to pay with BitCoin. The option was not available for the Swiss market, but they expanded it to Canada and the UK. I really didn’t want to find out that it would be possible in Switzerland just after I ordered. Thus I decided to hold my breadth. The waiting became very long, as my ancient intermediary notebook was having thermal issues.

Purism

The selection of ultrabooks with linux pre-installed, that can be bought with BitCoin is not so large. If It has to have a backlit Swiss keyboard, it gets really difficult. But somehow I learned about purism. Their librem notebooks looked very good. As with most startups, the people were really approachable and helpful. I was ready to order their best machine, but they kept having delays. Delivery was always two months out. When it was pushed way back again, I decided I didn’t want to wait any longer, and re-targeted for the Dell.

UK

After a lot more than a year of waiting, and asking Dell to make the leap forward, I was ready to give up the Swiss keyboard. I was ready to order from the UK instead. I was ready to retrofit a Swiss keyboard myself, and pay double taxes. I found a service that would forward the parcel. But although BitCoin was listed as a payment option on the UK Dell website, the option was not available on the checkout screen. I reported this to Dell customer support and tried on a regular basis over the course of a month. Finally I gave up on the UK store.

US

The US store had a model with a 1TB SSD that was even better than the models offered in the European stores. So I went for that. All the mail forwarding services in the US either couldn’t process my card to cover their fees, or didn’t provide a phone number. But a domestic phone number was required for the order form at the Dell store. So I asked around if I could have my order delivered to somebody in the US, and he would forward it to me. A former co-worker who lives in California now agreed. I went ahead and placed the order to his address. Because I was really in need of the device, I chose the faster, more expensive delivery method. Shortly after I paid, I received an eMail stating that the formal order confirmation should follow in two days at the latest.

Black hole

That was the one and only, and the last communication I received from Dell. After a week I started to question why I didn’t receive the formal confirmation, and I found out that the order didn’t appear on the order status page. So I tried to contact Dell order support. In order to initiate a support session, one has to enter the order number. And because the order was not properly in the system, I couldn’t contact them. I tried different means to contact them almost on a daily basis. This week I could finally chat with a support representative. He couldn’t find my order in the system neither, and gave me an eMail address. So I wrote to what appears to be the main eMail address for customer support in the US. An automated response came immediately stating that a human would respond within 24 hours. Nobody ever did of course. I reached out to coinbase to ask about my transaction. They very quickly responded. They stated that on their side everything went through normally, and that Dell indeed received the money. Somebody on a forum suggested that the order might be canceled because of some obscure export regulations. But why a company would cancel an order on such a basis without ever notifying the customer is beyond me.
It has been almost a month now, that I have been desperately trying to find out, when I will receive the notebook that I really need. Dell didn’t even bother to tell me anything. How is that different from the worst scams and frauds out there on the internet? To me that was a lot of money that I sent. I thought of Dell as being trustworthy. No more…

Update September 8th 2016

Barton sent me a mail today stating that they found the problem. They made sure it doesn’t happen again. And the notebook should be delivered early next week. Looking forward…

Update September 22th 2016

The box with the precious new power machine was delivered to me today.
Hooray! Finally! Jay! So excited!
Now I know what I will do tonight… Setting it all up.

Game modding with pen and paper

I have lots of good memories from youth camps. Some involve playing Donkey Kong and Mario Brothers while sitting on trees. Another classic video game was Asteroids. When I recently read an article in a German magazine about building an Asteroids clone with an Arduino and an OLED, lots of old memories resurfaced. The source code was provided, and the build was simple. As the control was used as digital, I didn’t use an analog joystick. When I gave it to the kids to play, they didn’t share the same enthusiasm that I had back then. But that’s probably because they grow up with lots more tiny computers than we had. So I wanted to involve them some more, and give them a sense of how this thing works. I don’t know how well they understood, when I explained them the concept of a pixel.
So I grabbed pen and paper, read the source code and drew the pixel art. Next, I told them they could modify the images to their liking, but still preserve the mechanics of the game. It was essentially the spaceship with one frame, the asteroid with three frames and the explosion with four frames. Seven year old Levin understood immediately, and painted his versions. For five year old Noah it might be a bit early, but he also participated enthusiastically.
All I had to do was transform their paintings back into source code and load it onto the AtMega chip. Now they were hooked a lot more to the game than before.

Running hostile software in a container

Remember Skype, the once popular phone software? I used it a lot when we were traveling in South America, and international calls were insanely expensive. But I stopped using it when it was acquired by Microsoft, and they switched from a P2P model to centralized servers. From what I could observe, it gradually worsened from there, and I really thought I wouldn’t have to use it ever again. That was until somebody decided that we had to use Skype for Business instead of XMPP at work. There are a plethora of better alternatives. The one I use the most these days is Tox.

I use the Windows Workstation only for things that I can’t do on Linux. There is not much that falls into this category, besides VisualStudio compiling projects that involve MFC. There is Skype for Linux, but there is no official Skype for Business for Linux. So for a moment it looked like the Windows machine got a second task. But running an obfuscated malicious binary blob from Microsoft with known backdoors, that is online all the time on an operating system that can not be secured makes me uneasy. So I looked for a way to run it securely on Linux. The first thing I found was an open source implementation of the reverse engineered proprietary protocol as a plugin for Pidgin. That sounded good, but it didn’t work unfortunately. The second option was a closed source clone from tel.red. They provide their own apt repository with regular updates. That’s quite good actually, if you don’t care about closed source software, and the security of your device and data in general.

I learned about docker a while back, but only used it marginally so far. This was the first real use I had for it, so I started learning more about it. Copying and adapting a docker file is a lot easier than the articles I read so far made me believe. I found a couple of sites about packing Skype into a docker container, but none for Skype for Business. So I took one of the former ones and adapted it. To use my container, just follow these easy steps:

git clone https://github.com:ulrichard/docker-skype-business
cd docker-skype-business
sudo docker build -t skype .
sudo docker run -d -p 55555:22 --name skype_container skype
ssh-copy-id -p 55555 docker@localhost
ssh -X -p 55555 docker@localhost sky

The password for ssh-copy-id is “docker”.

Then log into sky with your credentials. You can do this every time, or you can store a configured copy of the container as follows:

docker commit skype_container skype_business

The next time, you just run it with:

sudo docker run -d -p 55555:22 skype_business
ssh -X -p 55555 docker@localhost sky

I left some pulseaudio stuff from the original container at least in the README file. I don’t intend to use it for anything but receiving chat messages. But if you want to, feel free to experiment and report back.

keepkey premium bitcoin hardware wallet

I’m always interested when a new hardware wallet is announced. Naturally also for the keepkey. In contrast to most competitors, they didn’t take pre-orders. Instead they began to accept orders only when the product was finished and they were ready to ship. When they announced that the devices were finished and could be ordered, I was disappointed to find out that the price was a lot higher than I anticipated. It costs more than twice as much as a trezor. Since it also looks very shiny, I jokingly called it the iKeepKey.

Fast forward a few months, I packaged a new version of the trezor python library for debian. Since I knew that electrum also has a plugin for the keepkey, I figured I could just as well package the keepkey library to make the usage with electrum a bit more convenient for the owners of these devices on debian and its derivatives. The only thing I could verify without a device was that the option for the keepkey appeared when creating a new wallet with hardware support in electrum. Before I committ the package to debian propper, I wanted to be sure everything worked. So I sent an eMail to keepkey, asking if they could test my experimental package. Within hours I had an answer offering to send me a device free of charge. I couldn’t have hoped for so much generosity, but of course I happily agreed.

Today the parcel was delivered. The device is as shiny and good looking as it appears on the photos. It has a big, nicely readable screen that shows effects and animations. To host the bigger screen it naturally has to be signifficantly bigger than a trezor. The premium appearance doesn’t stop at the device itself, but also the woven cable, and the leather sleeve for storing the seed restoration card are very slick. I don’t know how much for the internals, but at least for the protocol, the trezor was used as a starting point. This is surely a very good choice.

There are other hardware wallets that descend from the trezor. But there is a big and important difference. The keepkey seems to be the only one so far that is trustworthy. The chinese clones such as bwallet or ewallet look good at first. But some people or even satoshilabs themselves were quick to point out that they didn’t properly sign their firmwares and did not release their source code. Effectively stealing the previous work and putting users at risk. In contrast to this, keepkey really play by the rules for the benefit of their users.

The card that comes with the keepkey, is about how to use it with a chrome browser plugin. I almost always prefer native applications over web apps. I try not to use chromium after a recent breach of trust. And it is not in the trisquel repositories anyway. So I want to operate it fully from within electrum. The last time I initialized a trezor, I’m pretty sure I had to use the firefox plugin. But in the meantime I noticed that the initialization part was added to the electrum plugin. So to initialize the keepkey in electrum I executed the following steps:

  • File -> New/Restore
  • provide a name for the new wallet
  • Select “Create a new wallet” and “Hardware Wallet”
  • Select “initialize a new or wiped device” and “KeepKey wallet”
  • Select your preferred use of pin and password
  • The keepkey shows some entropy information
  • Enter your new pin twice using the same method as known from trezor
  • Choose the number of words for your restore seed
  • Write down the words for the seed (very important to store securely)
  • And voila .. your keepkey electrum wallet is ready to use

Spending and everything I tested so far worked flawlessly. The operations work effectively the same way as with the trezor. But where appropriate it makes use of the bigger screen to show more information at once. So I guess I can start preparing my package for debian.

Here are some pictures to compare the size with other bitcoin hardware wallets:

HardwareWallets1 HardwareWallets2

let's encrypt

I never bought a commercial grade SSL certificate for my private website, but I used free ones before. Usually from startssl. While it worked, the process was cumbersome. And then when I wanted to renew, my browser showed a warning that their own certificate was out of order.

When the letsencrypt initiative (supported by mozilla and the electronic frontier foundation) announced it’s goal to make website encryption easier available we all cheered. Last week I finally received an eMail stating my domain was readily white-listed in the beta program. So I took some time and followed their process. It was not always self explanatory, but the ncurses program offered some help. Within a couple of minutes, I had a certificate ready to use. The only thing I did not like, was that if the process transmitted my private key to the server, there was no way of noticing other than actually read the code. I don’t think it did, but I prefer to be certain about these things.

To have my website protected, all I had to do was adding the file location that the utility program provided to the apache site configuration.

Now the bigger work was moving everything to my new server and adapt all the URL’s. Moving the blog was already more work than I expected. It was not a simple export and import. First I had to get the wordpress importer plugin working. The media files are not included in the exported file, and have to be moved manually. Some older blog posts still referenced the old gallery which I wanted to replace with piwigo for a while. So in addition to moving the piwigo gallery, I also had to move lots of photos from the old gallery, and adjust the references in the blog.

Some web apps are not moved yet and will follow. Finally I plan to redirect all http addresses to https.

On the nice side, I could use the new certificate to secure my new email server. I can’t remember when was the first time, but about once every two years I attempted to set up my own email server in the past. Setting up a web server is much simpler. But with the mail servers there was always some problem left that left me not confident enough to really use it. But this time I found a good tutorial that actually worked. It’s geard towards a raspberrypi running raspbian, but worked just fine on my nuc running ubuntu.

Verifying downloads

Last week I stumbled across a post from last year, where somebody described how it was impossible to download an important infrastructure program securely on Windows. My first reaction was of course to pity the poor souls that are still stuck with Windows. How easy is it to just type apt-get install and have all the downloading and validation and installation conveniently handled for you.

Today I was going to set up my new server. First I downloaded the current iso file from ubuntu.com. Before installing it onto an USB stick, I thought about this blog post again. Actually I should validate this ISO! I knew before, but I usually didn’t bother. So I gave it a try. I had to search a bit for it on the download page. The easiest is if you manually pick a mirror. Then you will find the hash sum files in the index page. Some websites along the way were encrypted, others were not. The downloads themselves were not. But that didn’t matter since the hashes were GPG signed. I don’t have to do this all too often, so I  just followed the community howto. My downloaded iso file was valid, so I moved on installing it.

The hardware is actually from computer-discount.ch. For quite some time I was searching for ways to buy computer equipment with BitCoin. The American big name tech companies that accept BitCoin either do it only outside of central Europe, or don’t deliver here. So I was quite excited to find this company from Ticino. The experience so far is very good.

connecting home securely

It has been probably close to a decade that I run a small server at home. At first it was only because I could not find a web hosting company that would serve my fcgi libwt apps at an affordable price. Then I added this blog to it. In the meantime I added a lot of other stuff as well. One of the more important things became ssh. Not only for remote shell sessions, but also for securely copying files and tunneling. In fact I use ssh tunnels instead of a more traditional VPN.

Discovery

Static IP addresses are expensive in Switzerland. So I used dyndns from the start. At first the free offering, and then switched to a paid plan long before they discontinued the free offering. Just last week I received a note that they grabed the annual fee from my (scheduled to be deactivated) credit card. Generally I strongly dislike services that automatically grab money from my accounts. They didn’t even mention that the fee doubled. That’s one side of the story, the other is that dyndns is an American company. They could take my domain name hostage without even telling me.  So there has to be a better alternative. In fact there is one. It’s good technology wise, but not generally available to the unintroduced yet.

DyName for namecoin

I wrote about namecoin in a previous blog post. One of its main uses is a censorship resistant domain name registration. And the simple python script from DyName is to namecoin what dyndns and ddclient are to traditional domain names. Just prepare your registered name to include a dd entry, edit your config file, and call the script periodically from cron. That way you separate the private key where your name is registered from the hot wallet on the server. My provider used to reassign new ip addresses more frequently, now it’s about once every two months I would guess. The transition with namecoin was very smooth the last two times. I have a script that queries namecoin for the current ip address and then connects. There are dns resolvers and browser plugins or even public dns servers that would resolve namecoin domains. My experience with them was not as smooth as with the namecoin core itself. But I’m sure these parts will improve as well. So, with namecoin we have high confidence, that the ip address is correct that we are connecting to, but it can’t protect against man in the middle attacks. SSH has means to protect from that. The ssh client has a list of known ip addresses or host names and corresponding key fingerprints. But after an ip address change, there is no entry for the new destination, so ssh prints an error message and refuses to connect until you accept to add a new entry to your known_hosts file.

ssh known hosts

When you search for the error with your preferred search engine, you’ll find advices to delete offending lines in your known_hosts file. This of course is not what we need here. Just accepting to add a new entry the next time you connect would circumvent the protection against MITM that ssh provides. Since we already have the key fingerprint from the previous address, there is another more secure solution. If you have only one entry in your known_hosts file, you can skip the next few lines. Maybe you know which fingerprint is valid, for example because the file already contains a couple of lines with the same key fingerprint because the ip address changed a couple of times, and you just accepted it.

If you are not sure, which fingerprint you need, ask the server what it provides:

$ ssh-keyscan 85.3.164.135
# 85.3.164.135 SSH-2.0-OpenSSH_6.7p1 Ubuntu-5ubuntu1
85.3.164.135 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7WE5vtqSxUnQRX5CjOzEzUAdewqHRV5MXcSCQcylcKanpnDHRE4yVlEn770MFP6EfJ61ukdNYMDnSO9eoRiZY=

Now search for this fingerprint in your known_hosts file, and copy the whole line. On the new line, you replace the first hash with the actual new ip address in clear text. You could leave it like that, but you can also hash it with the following command.

$ ssh-keygen -H -f ~/.ssh/known_hosts

After writing all this I started wondering if it would be possible to keep the host key on an external hardware device like a NitroKey or a YubiKey. I already keep my client key for authenticating to the ssh server on one of these.  That’s something to find out in a future post maybe.

ubuntu phone will be great, but it is not yet

The BQ Aquaris ubuntu phone that I waited for so eagerly was delivered today. Full of anticipation I unpacked it and switched it on. After playing with it for a while the excitement turned into dissatisfaction. I hate to say it, but on a phone the solid base and polished user experience is not enough, some basic functionality is required as well. Rough edges are much harder to work around on a phone than on a computer with a regular keyboard. Let’s face it, most people who opt for ubuntu phone want to some degree escape the freedom hating ecosystems prevalent on the big platforms. Yet instead of welcoming users with freedom loving functionality, the phone is loaded with Google, Facebook and Twitter apps.
As long as you don’t expect anything from it, it’s a pleasant experience. Knowing that it’s based on debian packages gives me great comfort. The touch interface and the settings dialogs are very nice. Yet it is lacking basic PIM and email functionality.

Phone

Nowadays one could consider the phone functionality not the most important part of a smartphone anymore. I first had to have my SIM card cut to the smaller form factor. Text messages seem to work nicely. Phone calls work fine. MMS messages were automatically configured to look up on a website by the carrier. I don’t know if the phone would support them propperly, but that’s a feature that I rarely use anyway.

Contacts

When opening the contacts app, I was greeted with the question if I wanted to sync with Google. Hell no! If I did, I would have stayed with Android. But that seems to be the only option other than having a standalone address book and typing in everything by hand. I could not find an option to sync my CardDAV address book. Lots of people complained badly about this, so it got medium priority. There is a complicated workaround using evolution sync. That way I got my address book synced from the commandline. An entry in crontab keeps it synced.

Calendar

Basically the same as contacts, except that the calendar app was not pre-installed and had to be fetched from the app store. I configured syncevolution from the commandline the same way as the address book, including crontab. But the calendar does not properly synchronize. It pushes appointments I create on the phone. But it doesn’t fetch them from the server. I will have to do some more debugging here.

Email

There doesn’t seem to be a standard email client. Instead it ships with a GMail app. People complained that there was no IMAP support whatsoever. At least I could find an email client in the app store called Dekko. The bad thing however is that instead of connecting to the email server it just hangs for an hour. When I try it without encryption, it appears to work. I can send mails, but it won’t fetch them. Another IMAP account works well, just not the one that is most important for me. Mails from my main account were fetched exactly once. Before and after that, all I get is the following error message: “Too many invalid IMAP commands”
Update: It took some manual editing of the config file to get it finally working.  Now I’m looking forward to support for notificatoin about new mails, but that is less important in comparison.

Bluetooth

Connecting to the Jabra headphones was simple as always, and the sound quality is good. But I didn’t manage to connect any of the four bluetooth keyboards I tried. Also the yubikey does not work as an external keyboard, so at first I thought it might be a general HID problem. But when I connect a USB keyboard, that works.

BitCoin

The BitCoin client from the app store is not usable for real life. It doesn’t work with qr codes, and has no key backup functionality. I can work around the missing key backup, by manually copying the file “/home/phablet/.local/share/org.sambull.bitcoin-app/ubc.wallet” to a safe place, but qr code reading is really a must. Even if there was a qr reader app, pasting in the bitcoin app is missing.  I might have to resort to a web wallet for some time.
There is a webapp for coinbase already in the store, so I tried this one first. I can scan the qr code from out of the browser by automatically launching the camera app. The picture is then uploaded to the server for the qr code reading. This seems to be common practice, but of course it is way inferior to having an app where you can move your camera until it successfully reads the qr code. But after I enter the amount and click “next”, I get a white screen, and the web app won’t respond any more. A coinbase support representative told me he had the same with safari mobile, and using the back button helped. There is no back button in the webapp, so I tried it in the browser. “Back” landed me on another white page, and “forward” led to an error message.
The next web wallet I tried was xapo. Since I use their debit card, it would be convenient. But their send page has no qr functionality.
So I moved on to greenaddress. I almost succeeded. If it wasn’t due to the defunct email. They sent me a 2FA code to my main email address, which unfortunately doesn’t work on the phone yet.

XBMC remote control

I was releaved to find more than one XBMC remote in the app store, and some are even better than what I had on Android.

News

The rss reader and the news scope make for a pleasant appearance. They find my preferred rss feeds without needing the exact URL For podcasts, I had to install PodBird. It works fine for audio podcasts. It also downloads video files, but won’t play them.

Apps

I seem to remember that they planned to be able to run android apps on ubuntu phone. But it appears those plans were abandoned a long time ago. Hence naturally for a new platform the selection of available apps is very sparse. Seems I will have to live without some apps I used frequently on Android such as SBB, 20min, MeteoSwiss… All this information and functionality is also available on the respective websites. The apps are just more convenient.

APT

Part of the reason why I wanted a ubuntu phone is the underlying debian package system. I maintained an ubuntu chroot system image on my android phone so that I could perform some tasks on a full blown shell. But it always was quirky at some points and a second class citizen all along. So I wanted the ubuntu shell to be a first class citizen. Indeed you can start a terminal which behaves very well. The keyboard is missing tab and arrow keys though. You have access to apt, or so it seems at first. when you actually want to install something you see error messages about some lock files. To get around that, one needs to enable developer mode in the phone settings and remount the root file system as readwrite. But then came something disturbing:

$sudo mount -o remount,rw /
$sudo apt-get update
$sudo apt-get install git tig nmap htop pcsc-tools gpgsm gnupg-agent
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
Package git is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'git' has no installation candidate
E: Paket tig kann nicht gefunden werden.
E: Paket nmap kann nicht gefunden werden.
E: Paket htop kann nicht gefunden werden.
E: Paket pcsc-tools kann nicht gefunden werden.

WTF is going on here! A repository that is missing crucial packages? Mixing repositories with ubuntu propper is probably not a great idea. I don’t know yet what to do about that.
People on IRC confirmed that rather than changing the root filesystem, it’s better to have a chroot of ubuntu proper for the additional tools. This is what I had on android and hoped it would no longer be necessary on ubuntu phone.

GPG

gpg and gpg-agent were already installed. Udev is running as well. So after adding an udev rule and configuring the gpg-agent, I was able to use my YubiKey neo in OpenPGP mode for ssh authentication and similar tasks. This is great news, as it was one of the soar points with my old phone.

GPS

The phone comes with a mapping app pre installed. It looks decent, if finds the addresses, displays maps and calculates routes, everything online as it appears. What it does not however, is displaying the current position, which is crucial if you want to use it for navigation. On the internet I found people claiming that the GPS on the Aquarius doesn’t work at all, or very badly. There is some commandline program for analyzing GPS reception, which I plan to try.
Update: The utility confirmed that the GPS is not able to get a fix, not even on a mountain with clear sky.

SPOT Connect

The SPOT Connect is a satellite messenger that I use for cross country paragliding. In contrast to other live tracking systems it also works in areas without GSM reception, as it transmits the current location directly to the GlobalStar satellite network. They have an app to control it for Android and iOS, but not yet for ubuntu. I told them two years ago that it would be nice to be able to start tracking on the device itself without having to do it in the app. Now that I just lost that app support, I asked them again what options I have. But as with lots of big companies, I have the impression the support staff has a database with answers and no means to escalate feature requests or even bug reports from customers. Then I remembered a site that I found two years ago when I got the device, where a guy reverse engineered parts of the comms protocol. And sure enough I got the python utility running inside my chroot environment on the phone. That allows me to send custom ok messages, but I have yet to find out how to start tracking.

libreboot and trisquel

Last month I saw somebody on the fsfe mailing list talk about an OpenMoko phone. As I had one of those collecting dust in the drawer, I asked if anybody was interested. Promptly I got an offer to exchange it for a Lenovo X60 notebook with libreboot. I didn’t need another notebook, but libreboot seemed interesting enough, so I agreed. It came preinstalled with trisquel gnu linux, and with a docking station. I’m not sure if I heard about that distribution before. It is based on ubuntu, but includes only the free open libre stuff. The default desktop is gnome3. Since it’s a good fit with libreboot, I kept trisquel. The first impression was that it runs extremely well for such an old device. I was also amazed how rounded and complete a full on libre distro can be these days. Gone are the days where the compromises you had to make for freedom were hard to justify. The first thing, friends ask is about flash. But I don’t miss it at all, I mean html5 has been around for a while. At first, I started to install games for the kids. They run a lot better than on my old Atom netbook. As it’s my first device with a fingerprint reader, I had a little play installing this option for logging in, fully aware that it’s not that secure. The only two things that are not so optimal are sound and heat. Neither the speakers nor the headphones give any sign of live, event hough the operating system seems to have recognized the sound card. This is not such a big deal, as the bluetooth headphones still work perfectly. The other issue is that it heats up a lot under full load. And when the core temperature hits 100°C it just switches off. This happened a couple of times when the BitCoin BlockChain synchronized. And it still happens once every second day.

Then, my XPS13 was stolen, and I needed something to fill the gap until I have a proper replacement. I must say it does the job well. I miss the XPS13 a lot, but at least I have something I can work on. And who knows how long it takes before I have an XPS13 again. They recently announced a new version with tiny bezels around the screen, bigger SSD and newer processors. But the new developer edition is not available yet, and the old version is not available any more. When it becomes available, I want to pay it with BitCoin, which also is not available yet. Dell accepts BitCoin payments in the US, Canada and the UK. I hope they will soon roll out worldwide, or at least to the rest of Europe. Once I can order on my terms, I will still have to wait about a month for delivery.