Re: Guidance required, Using guix or GNU/Linux, for secrecy, privacy.

[Aniket Patil]

Thank you very much Gary. This is very helpful.

On Sat, 7 Nov 2020 at 12:09 AM, Gary Johnson 
wrote:

> Aniket Patil  writes:
>
> > I don't know whether is this mailing list is appropriate to talk about
> this
> > subject or not, but I am going forward, please don't get me wrong.
>
> Hi Aniket,
>
>   While computer security and data privacy are topics that I imagine a
> number of Guix users are interested in, I imagine the full breadth of
> this conversation may be beyond the scope of the help-guix mailing list.
> However, insofar as Guix may be able to alleviate some of your concerns,
> I would think that's something that folks here could help you with.
>
> > I have been following Richard M. Stallman, Eric S. Raymond, Arron Swartz
> > for a long time. I know how to use and secure myself pretty much I would
> > say. But I don't feel secure and have that reliance on the internet while
> > using it. So I got X200 librebooted it, still using some proprietary wifi
> > card, hence non-free distro like arch is my main OS.
>
> Okay, stop right there. You can buy an inexpensive, fully
> libre-compliant USB wifi card from ThinkPenguin. Here's the link:
>
>
> https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-gnu-linux-tpe-n150usb
>
> Plug it into your X200, and you should hopefully be all set to install a
> fully free OS like GNU Guix, which uses the linux-libre kernel and
> therefore contains no proprietary firmware or binary blobs.
>
> > I want to get rid of this Google thing, I do have protonmail account,
> > but I don't think that is reliable either.
>
> Google mines your data for profit. If this bothers you, don't use their
> services. Perform a web search for "degoogle" and get to it.
>
> Protonmail has well-documented security practices. However, their email
> servers don't allow access over IMAP or POP3, which means you have to
> use their Javascript-based webmail interface. If you want to access your
> email locally, you have to install their proprietary protonmail-bridge
> application. There is no Guix package for this as its code is not free
> software.
>
> There are better free software and privacy-respecting alternatives for
> email hosting, such as disroot.org and riseup.net. Or you can install
> and administrate your own email server using Guix!
>
> > Recently, I read zimouns vlog
> >
> > " right, Google is evil, but the storage and the search features are
> really
> > useful. So, I am thinking to switch to notmuch  >,
> > but not enough time to configure it, yet. "
> >
> > So, is notmuch is reliable?
>
> For a good free software solution on Guix that gives you control of your
> data, I would recommend pairing offlineimap (which stores a local copy
> of all your IMAP-accessible emails on your machine in case you lose
> access to your email server or decide to bulk migrate your emails to a
> new email server) with a local mail indexer like mu or notmuch. I'm
> personally a big fan of mu and its Emacs interface mu4e. Of course,
> everyone has their favorite email client, so go with whatever makes you
> happiest when reading your mail.
>
> > I get paranoid after reading RMS, or Snowden. I think a lot about my
> > privacy and others as well. Hence I am asking this, and participating in
> > GNU projects and Free Software Projects. So coming to the point.
> >
> > How to or which email client shall I use or email service?
>
> I provided my suggestion above, but Guix comes with a wide variety of
> free software CLI, TUI, and GUI email clients. Pick your favorite and
> have fun.
>
> In terms of email security, there are a few simple rules to follow when
> setting yourself up:
>
> 1. Always connect to your email servers (IMAP, POP, SMTP) with SSL/TLS
>encryption enabled. This will ensure that no one between you and your
>email server can read your messages.
>
> 2. Whenever possible (and particularly with any sensitive content), it
>is good practice to encrypt your emails with GPG. This ensures that
>anyone administrating your email server can't read your emails while
>they are sitting in your remote folders. Unfortunately, in order to
>do this, you have to encrypt each such message with the GPG key of
>the person(s) you are sending it to. That means you have to invest
>some effort in collecting other people's GPG keys, and often in
>educating them about the purpose of email security as well. The FSF
>provides a nice introduction to this here:
>https://emailselfdefense.fsf.org
>
> > Recently I was browsing on TOR but I guess even TOR exposes my IP address
> > on the internet. So shall I use it with a VPN? If So Which VPN? I know
> > about WireGuard but it has a GPL2 license, not GPL3.
>
> TOR routes your network requests through a randomized series of
> intermediate servers, which can make it somewhere between very hard and
> impossible for your true IP address to be identified by the server you
> are connecting to. The 

Re: Guidance required, Using guix or GNU/Linux, for secrecy, privacy.

[Gary Johnson]

Aniket Patil  writes:

> I don't know whether is this mailing list is appropriate to talk about this
> subject or not, but I am going forward, please don't get me wrong.

Hi Aniket,

  While computer security and data privacy are topics that I imagine a
number of Guix users are interested in, I imagine the full breadth of
this conversation may be beyond the scope of the help-guix mailing list.
However, insofar as Guix may be able to alleviate some of your concerns,
I would think that's something that folks here could help you with.

> I have been following Richard M. Stallman, Eric S. Raymond, Arron Swartz
> for a long time. I know how to use and secure myself pretty much I would
> say. But I don't feel secure and have that reliance on the internet while
> using it. So I got X200 librebooted it, still using some proprietary wifi
> card, hence non-free distro like arch is my main OS.

Okay, stop right there. You can buy an inexpensive, fully
libre-compliant USB wifi card from ThinkPenguin. Here's the link:

https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-gnu-linux-tpe-n150usb

Plug it into your X200, and you should hopefully be all set to install a
fully free OS like GNU Guix, which uses the linux-libre kernel and
therefore contains no proprietary firmware or binary blobs.

> I want to get rid of this Google thing, I do have protonmail account,
> but I don't think that is reliable either.

Google mines your data for profit. If this bothers you, don't use their
services. Perform a web search for "degoogle" and get to it.

Protonmail has well-documented security practices. However, their email
servers don't allow access over IMAP or POP3, which means you have to
use their Javascript-based webmail interface. If you want to access your
email locally, you have to install their proprietary protonmail-bridge
application. There is no Guix package for this as its code is not free
software.

There are better free software and privacy-respecting alternatives for
email hosting, such as disroot.org and riseup.net. Or you can install
and administrate your own email server using Guix!

> Recently, I read zimouns vlog
>
> " right, Google is evil, but the storage and the search features are really
> useful. So, I am thinking to switch to notmuch ,
> but not enough time to configure it, yet. "
>
> So, is notmuch is reliable?

For a good free software solution on Guix that gives you control of your
data, I would recommend pairing offlineimap (which stores a local copy
of all your IMAP-accessible emails on your machine in case you lose
access to your email server or decide to bulk migrate your emails to a
new email server) with a local mail indexer like mu or notmuch. I'm
personally a big fan of mu and its Emacs interface mu4e. Of course,
everyone has their favorite email client, so go with whatever makes you
happiest when reading your mail.

> I get paranoid after reading RMS, or Snowden. I think a lot about my
> privacy and others as well. Hence I am asking this, and participating in
> GNU projects and Free Software Projects. So coming to the point.
>
> How to or which email client shall I use or email service?

I provided my suggestion above, but Guix comes with a wide variety of
free software CLI, TUI, and GUI email clients. Pick your favorite and
have fun.

In terms of email security, there are a few simple rules to follow when
setting yourself up:

1. Always connect to your email servers (IMAP, POP, SMTP) with SSL/TLS
   encryption enabled. This will ensure that no one between you and your
   email server can read your messages.

2. Whenever possible (and particularly with any sensitive content), it
   is good practice to encrypt your emails with GPG. This ensures that
   anyone administrating your email server can't read your emails while
   they are sitting in your remote folders. Unfortunately, in order to
   do this, you have to encrypt each such message with the GPG key of
   the person(s) you are sending it to. That means you have to invest
   some effort in collecting other people's GPG keys, and often in
   educating them about the purpose of email security as well. The FSF
   provides a nice introduction to this here:
   https://emailselfdefense.fsf.org

> Recently I was browsing on TOR but I guess even TOR exposes my IP address
> on the internet. So shall I use it with a VPN? If So Which VPN? I know
> about WireGuard but it has a GPL2 license, not GPL3.

TOR routes your network requests through a randomized series of
intermediate servers, which can make it somewhere between very hard and
impossible for your true IP address to be identified by the server you
are connecting to. The first TOR node that you connect through will know
your IP address, of course.

Guix provides the tor, tor-client, and torsocks packages.

Connecting to a VPN allows you to make network connections to remote
servers using an IP address originating from the VPN rather than from
your 

Re: Who has had success installing a Guix system on arm?

[Enrico Schwass via]

Hello,

I am eager to try it on my Pinebook Pro, but last time I bricked it for several 
days. If I can manage the installation I will post working instructions  on the 
appropriate pinebook pro board. But I will not  start before december. 

Hints welcome
Enno

Re: Who has had success installing a Guix system on arm?

[Tobias Geerinckx-Rice]

Jesse,

Jesse Gibbons 写道：
Has anyone in this mailing list successfully used the Guix 
system
on an armhf or aarch64 computer? If so would you mind sharing 
details, such as:


-> Which board did you get working with guix system (banana pi 
m2u,

   novena, beaglebone black, pine64-plus, etc.)?


I'm not much of an ARM person but did have success installing Guix 
System onto two Overdrives 1000 currently part of the Berlin build 
farm.  They aren't ‘boards’ but proper computers using UEFI, so 
GRUB just works.


-> Did you build natively or cross-build from a different 
system?


Both machines came with OpenSUSE installed, and were briefly 
borged into Guix Systems simply by installing Guix (using the 
official installer script) and running ‘guix system init /’.


That worked but didn't last long.  I booted an aarch64 Fedora 
installer image, installed Guix into the live environment using 
the same installer script, wiped & repartitioned the drives, wrote 
a basic system configuration and ran ‘guix system init /mnt’. 
That's the system still running today.


It must have been easy or it would have been more memorable.  :-)

I never (cross-)built anything custom.

-> What version of guix did you use? (what did guix describe 
say?)


I don't remember.  Whatever was master soon before Jul 24 2019.

-> If the board you got working can boot from an internal (emmc) 
or

   external (microsd) drive, which one did you get working?


These machines have a 1TB 3.5" SATA drive.

-> Would you mind sharing the operating-system definition that 
was

   successful?


It's probably not useful for ‘boards’, but sure.

Kind regards,

T G-R



system.scm
Description: Binary data


signature.asc
Description: PGP signature

Re: Who has had success installing a Guix system on arm?

[Simon South]

Jesse Gibbons  writes:
> Has anyone in this mailing list successfully used the Guix system on
> an armhf or aarch64 computer?

Yes; I'm currently running up-to-date versions of Guix System on a
ROCK64 and a Pinebook Pro, both AArch64 systems from PINE64
(https://pine64.org/).

I wrote at the time about my experience getting the ROCK64 up and
running, including a sample operating-system definition:

https://lists.gnu.org/archive/html/help-guix/2020-04/msg00153.html

This is still essentially current, except there is no need for the
ridiculous dance involving moving a jumper around; turns out U-Boot
offers a command that makes it easy to start up from one device but
finish booting from another.

As others have noted, AArch64 support in Guix is generally quite good
now, but a certain amount of patience is required.

-- 
Simon South
si...@simonsouth.net

Guidance required, Using guix or GNU/Linux, for secrecy, privacy.

[Aniket Patil]

Hi,

"I asked this question on guix-devel, as per suggestions I got over there,
I am asking it again on help-guix".

I don't know whether is this mailing list is appropriate to talk about this
subject or not, but I am going forward, please don't get me wrong.

I have been following Richard M. Stallman, Eric S. Raymond, Arron Swartz
for a long time. I know how to use and secure myself pretty much I would
say. But I don't feel secure and have that reliance on the internet while
using it. So I got X200 librebooted it, still using some proprietary wifi
card, hence non-free distro like arch is my main OS. I want to get rid of
this Google thing, I do have protonmail account, but I don't think that is
reliable either. Recently, I read zimouns vlog

" right, Google is evil, but the storage and the search features are really
useful. So, I am thinking to switch to notmuch ,
but not enough time to configure it, yet. "

So, is notmuch is reliable?

I get paranoid after reading RMS, or Snowden. I think a lot about my
privacy and others as well. Hence I am asking this, and participating in
GNU projects and Free Software Projects. So coming to the point.

How to or which email client shall I use or email service?

Recently I was browsing on TOR but I guess even TOR exposes my IP address
on the internet. So shall I use it with a VPN? If So Which VPN? I know
about WireGuard but it has a GPL2 license, not GPL3.

What else can I do to secure myself?

TL;DR Just read the last questions.

Aniket.

Re: Writing Indian Languages on GNU/Linux

[Thien-Thi Nguyen]

() Aniket Patil 
() Thu, 5 Nov 2020 20:23:24 +0530

   I don't have much experience in writing Devnagari or Indian
   languages on GNU/Linux. I used to work with Google Input
   tools, which has some phonetic writing. If I type "Aniket" It
   would be "अनिकेत in my language". So it was phonetic, is there
   anything like this on GNU/Linux? I have heard of iBUS but
   haven't used it yet. So that I won't have to learn a new
   keymap.

Emacs has three input methods that i uesd to succesfullly type:
"aniket" and see "अनिकेत्".  They were:

 devanagari-aiba
 devanagari-itrans
 devanagari-kyoto-harvard

I don't know the difference between them, but maybe if you ask
on help-gnu-emacs AT gnu DOT org, there will be more info.

-- 
Thien-Thi Nguyen ---
 (defun responsep (query)   ; (2020) Software Libero
   (pcase (context query)   ;   = Dissenso Etico
 (`(technical ,ml) (correctp ml))
 ...))  748E A0E8 1CB8 A748 9BFA
--- 6CE4 6703 2224 4C80 7502


signature.asc
Description: PGP signature

Re: error at "aclocal -I m4" during packaging

[mbcladwell]

To update my previous email - by including  "bash" "bash-minimal" in  
the manifest and importing modules

(guix build utils) (guix build-system guile)

I get past the aclocal error and now the error is:

cat: build.err.cache.go: No such file or directory
make: *** [Makefile:79: obj/artanis/artanis.go] Error 1
make: *** Waiting for unfinished jobs
make: *** [Makefile:79: obj/artanis/cache.go] Error 1
make[1]: 'artanis/version.scm' is up to date.
make[1]: Leaving directory  
'/tmp/guix-build-artanis-fix-ssql-4.1.drv-0/artanis-fix-ssql'
command "make" "-j" "4"  
"MOD_PATH=/gnu/store/a7b5389pb4nycx9lwywirxslhvchb52c-artanis-fix-ssql-4.1/share/guile/site/2.2"  
"MOD_COMPILED_PATH=/gnu/store/a7$



So I am guessing that I am missing dependencies of the build system.   
What are they?
And I thought import was supposed to provide all dependencies and  
procedures utilized by the parent package.  Why isn't that happening?

Thanks
Mortimer