How to install setlock on Debian?

That’s the only question Google and IRC don’t answer – but after this post Google will.

About two hours wasted to find out the freaking stupid solution:

aptitude install daemontools-installer
build-daemontools

And hit ENTER for every question.

Setting up your first server

If you’re new to server management and use the terminal on GNU/Linux from time to time, this guide will hopefully come in handy for you to get started with your own server.

Unless you have good reasons to use another GNU/Linux distribution, I recommend you to install Debian. It has a lot of ready-to-install applications, is very stable and it’s perhaps the distribution with more tutorials around.

Please notice that this is a very basic tutorial and has only been tested on Debian.

Connect to your server

First of all, log in as root:
ssh root@123.123.123.123 # where 123.123.123.123 is your server's IP address

Some hosting providers disable ssh root access, so you will need to replace root by your user name. If this is the case, after you log in you should become root:

su -

Update your system

aptitude update
aptitude upgrade
aptitude dist-upgrade

Add your user

If your hosting provider disables root access, then you should skip this step.

adduser emacs

Replace emacs by VI VI VI if you don’t believe in Saint IGNUcius.

Sudo setup

sudo is a very useful utility, and I recommend you to use it.

First, let’s install it:

aptitude install sudo

Then, we add your user to the list of sudoers, by running visudo and then adding the following line at the end of the file emacs ALL=(ALL) ALL.

Now you become yourself:

su emacs -

Shared key ssh authentication

At this point you should use shared key ssh authentication, but for that there’s a great tutorial at ammonlauritzen.com.

Configuring the SSH daemon

Open /etc/ssh/sshd_config with your favorite text editor, say:

sudo nano /etc/ssh/sshd_config

And make sure the following lines are set this way, if not, add or modify them accordingly:
PermitRootLogin no
PasswordAuthentication no
X11Forwarding no
UsePAM no
AllowUsers emacs # separate two or more usernames by spaces

Finally, apply your modifications:
sudo /etc/init.d/ssh reload

Don’t log out yet, we need to check that you will be able to access your server via ssh (this is, that you didn’t break anything on the /etc/ssh/sshd_config file). To check if everything is OK, try to log in:
ssh emacs@123.123.123.123

If you’re able to access, then it’s well configured and you may close the second session. If not, then you should check your modifications and try again.

Setting up a basic firewall

We are going to setup a very basic firewall with the powerful netfilter/iptables. For this step you need to be root:
sudo -s

First, store the current iptables rules, in case something goes wrong with ours:
iptables-save > /etc/iptables.conf.old

Now, create the file /etc/iptables.conf and add the following contents:
# boring stuff for someone new to server administration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [495:60715]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# this is the port used by the SSH daemon
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT

Please pay attention to this line:
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

You should use a line similar for every open port that you want to be accessible from the Internet. This is, if you have a webserver, you should copy that line but replace “22” by “80” (or any other port):
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

This is how you “enable” ports.

Then we load the configuration (and don’t log out until we test it!):
iptables-restore < /etc/iptables.conf

Testing the rules

To test the rules, open another terminal and try to access your server:

ssh emacs@123.123.123.123

If you could access, then the rules should be OK. If not, reload the original rules until you find help:
iptables-restore < /etc/iptables.conf.old

Loading the rules when the server stars

If the rules we defined work, then our the firewall should be loaded when the server starts:

Create the file /etc/network/if-pre-up.d/iptables with the following contents:
#!/bin/bash
/sbin/iptables-restore < /etc/iptables.conf

Then make it executable:
chmod +x /etc/network/if-pre-up.d/iptables

We can now go back to our normal user:
exit

Your server is ready!

At this point, you are ready to start installing applications on your brand-new server!

What’s next?

I’ve seen the light: GNU/Linux Does Not Matter That Much

We freedomware advocates think that switching to a Freedom-respectful operating system (usually GNU/Linux) is the most important step when switching to freedomware, and therefore we focus on promoting these systems (myself included). However, I’ve found out that it does not matter that much.

The first and most important step when switching to Freedomware is using formats and protocols defined as Open Standards, even under a Freedom-trampling system like Windows: Vendor lock-in is only possible by means of closed standards. They are the stone corner of the non-free software industry.

Why those who know about Freedomware, and support the idea, don’t make the switch? Aside their inability to follow their thoughts (the games excuse is included here), because switching from Windows+Office+MSNMessenger/Etc to GNU/Linux+OpenOffice.org+Pidgin+Etc seems like a huge step, only made by adventurous souls.

The most important things for them, their information and communications, are already locked-in, tied to a single vendor. Encouraging them to switch to a freedom-respectful operating system is an unwise recommendation, if you know they still rely on closed standards:

  1. If you say that they won’t be able to use the programs they were used to, but their free alternatives, you will fright them. Not to mention what they’ll think when they know that their MP3s, WMVs and .doc documents won’t play nice, and that their MSN Messenger sucks under GNU/Linux.
  2. If you help them to keep their files under closed formats and communicate through closed protocols, then, why on the earth do you want them to use a free operating system? Using a free operating system simply means that most of your software is free. It seldom means that the user is reluctant to use Freedom-trampling software, closed formats and/or closed protocols, again. Quick demonstration: Take a look at any community of the easy-to-use distros and you will find that these standards are widely used among the majority of these users (although this doesn’t mean that Gentoo users, for example, are all disciples of the Church of Emacs).

The only way to make safely the switch to a Freedom-respectful computing environment, with no turning back, is by getting rid of closed formats and protocols, before switching to a free operating system. Windows-GNU/Linux dual boots wouldn’t be necessary anymore.

These closed standards have always been a top-priority for non-free software vendors, unlike for us. Closed standards represent the Achilles’ heel of the non-free software industry. We must hit them there! Pay attention to this excerpt from a memo sent by Aaron Contorer, Microsoft general manager for C++ development, to Bill Gates:

“The Windows API is so broad, so deep, and so functional that most ISVs would be crazy not to use it. And it is so deeply embedded in the source code of many Windows apps that there is a huge switching cost to using a different operating system instead…
“It is this switching cost that has given the customers the patience to stick with Windows through all our mistakes, our buggy drivers, our high TCO, our lack of a sexy vision at times, and many other difficulties […] Customers constantly evaluate other desktop platforms, [but] it would be so much work to move over that they hope we just improve Windows rather than force them to move.
“In short, without this exclusive franchise called the Windows API, we would have been dead a long time ago.”

OK, that’s the root problem, but what’s the solution!?

We must put more effort into making people switch to open formats and open protocols, than the effort we put into encouraging them to switch to a freedom-respectful operating system like GNU/Linux. This is, our goal should be that people will get rid of closed formats and protocols before switching to a free operating system. Don’t expect them to make the switch after installing the free system! Or at least don’t get your hopes up if you ignore this (take the longer yet save path!).

The above might seem obvious to you at this point, and you might wonder, how are we supposed to do so effectively?

My proposal

We have to carry out three tasks to reach our goal:

  1. First and foremost, make people worry about the formats and protocols they rely on;
  2. Make it really easy for people to switch to unconstrained formats and protocols, under the current operating system, but also warn them that everything won’t be completely solved until they throw the non-free system away;
  3. And finally, make people switch to a freedom-respectful operating system, like GNU/Linux.

(Notice that nowadays most of us start with task #3, then some of us go further and make #1, but nearly we all forget about task #2)

These tasks should be performed separately and harmoniously, with one project for each of them. The good news is that we won’t have to start from scratch, as there are some existing efforts: GNU/Linux Matters is going to develop Unconstrained.info, a project that would meet the requirements of task #1, and it also maintains GetGNULinux.org, the project that already meets the requirements of task #3.

The second task is by far the hardest one. The solution, in my opinion, is a software suite made up of the following well-integrated modules:

  1. A package manager, like those for GNU/Linux: It will make it easy for people to get started with Freedomware applications that support unconstrained formats and protocols. These programs must be stored on special repositories, so that we could disable support for constrained standards by default. This manager would only install Freedomware required to make the switch, excluding useful free add-ons for the operating system: Our goal is not to make people feel comfortable with their freedom-trampling operating system. Only the best Freedomware packages will be available, with no alternatives: It would make no sense to include both OpenOffice.org and Koffice (for example), we don’t want people to experiment with the free alternatives, just that they make the switch.
  2. A file format converter: An extremely easy to use Freedomware application to convert any file stored with a closed format into one stored with the best-suitable open format, preferably/optionally deleting the former file after the conversion. When the suite is being installed, it must configure the system to open those constrained-formats-based files with this converter.
  3. A Instant Messaging Migrator: The hardest to make module. It will help people migrate to open protocols such as Jabber or SIP. It would create a gratis Jabber account with any provider. Then, if allowed, it would let people’s contacts know that they are making the switch to an unconstrained and better messaging network (encouraging them to make the switch too). Finally, it would configure the pre-selected free IM client accordingly, making it ready to use.
  4. A tutor: A program, similar to a Help Center, that would advice people on unconstrained formats and protocols. It would provide guidance throughout the migration process. It would make sure that people keep in mind that they should switch to a free operating system once they get used to the new standards.

This suite must meet these requirements:

  • Be multi-platform: It must run on all the mainstream operating systems, including GNU/Linux (yes, haven’t you noticed the amount of GNU/Linux users tied to constrained formats and protocols?).
  • Be multilingual.
  • Be extremely easy to use.

Once Unconstrained.info and the liberation suite are ready, together with GetGNULinux.org, the final touch for us to be effective will be Animador.

In an ideal world…

… Organizations such as Mozilla, the FSF and the FFII will support GNU/Linux Matters with tasks #1 and #3, and the GNU project will take over task #2, with the support of all of us.

If everything fails, I’ll try my best to take over task #2 on behalf of GNU/Linux Matters.

On my part…

… I’ll try to make GNU/Linux Matters change its vision, according to this blog post.

On your part…

… This all sounds so beautiful, right? Well, we need you! And please don’t forget to comment on this blog post and spread the word about it if you find it useful.

PS: Got something to say? Talk about it on NXFD!

The Big Failure of the FSF

Explaining what freedom in computing is about, is also talk about the FSF and/or the GNU project; they’re nothing less than the flagship of the free software movement and they’ve made huge steps toward freedom in computing, but they have missed a key point: If the average computer user is not on our side, we’ll get nowhere.

Ours is a wonderful, well-founded philosophy, just like many others. So why would a friend of mine try to find out what yet another philosophy is all about? After all, there are many things that hurt societies and everyone doesn’t have enough time to support/learn about everything that’s going wrong nor how to solve it. Therefore, our most important concern must be how to approach people.

Getting people’s attention is even more important than trying to develop a free BIOS or a free flash player. The industry offers technology and people accept/reject it, this is how things work and this is why having people on our side is the way to go (instead of begging the industry for mercy). There would be no need to develop a free alternative to the Google Earth client in a Free Software-aware society, for example.

What’s worst, the Free Software Foundation doesn’t even seem to have a plan to solve this situation, after 23 years spreading the word about Freedom-respectful software: GNU.org is supposed to be the main resource on Free Software, but it is not aimed at everyday computer users. Let’s have a look at GNU.org:

  • A nerdy introduction:

    What is the GNU project? The GNU Project was launched in 1984 to develop a complete Unix-like operating system which is free software: the GNU system. Variants of the GNU operating system, which use the kernel called Linux, are now widely used; though these systems are often referred to as “Linux”, they are more accurately called GNU/Linux systems. GNU is a recursive acronym for “GNU’s Not Unix”; it is pronounced guh-noo, approximately like canoe.

  • It’s overloaded: It’s full of links everywhere and they mix resources for people to know what Free Software is all about and those for potential volunteers.
  • It provides no guidance on how to make the switch to a free computing environment.

It’s definitely not the place I’d recommend my friends to learn about Free Software, as you only get one chance to make a first impression and I wouldn’t waste it that way.

I’ve talked with Stallman about this and he knows they haven’t been approaching everyday computer users the right way (he told me many people say that it’s not easy to know how to make the switch by following GNU.org and they wanted to change that). Anyways, redesigning the whole GNU.org website wouldn’t be enough, as there are other features of the FSF that make it harder to have the average computer user on our side:

  • Their strictness: On one hand, they expect people to make the switch to a fully free computing environment in one go by only recommending fully free distributions, but we all know that people fear unknown things, so if you spread the word about the wonderful Free Software philosophy and the only option you give to make the switch is using a fully free operating system, you are making it harder for people to take Free Software seriously because there must be a trasition period. On the other hand, they put much effort into making people understand that “GNU/Linux” is the right name of the operating system.
  • Lack of interest in the average computer user: The FSF has only been focused on two important, but not-so-useful target audiences: Techies and politicians. Techies are definitely useful to make software, but how could you rely on techies to do marketing? Politicians, on the other hand, rule a nation/state/whatever, but they go and come, so you shouldn’t rely on a given politician/party; focusing on the population is a safe bet, though.

However, it’s very unlikely that the FSF is going to change and I understand their position and their crucial role in the free software movement, so I’ll keep supporting them. But then, a fork organization is urgently required to meet the need for an effective advocacy for Freedom-respectful software among everyday computing users and this is why GNU/Linux Matters exists.

PS: This blog post’s aim is not to blame the FSF and promote GLM, but to express how disappointed I’m in the poor effort to spread the word about free software on behalf of the Free Software Foundation.

PPS: This blog post does not represent the position of GNU/Linux Matters, just like the rest of the website.

“Non-free” and “proprietary” are OK, but it is Freedom-depriving software

While English is the de facto language for technical documentation, it’s a headache when it comes to using the two key words of the free software philosophy: Free and non-free. I mean, to explain what free software is all about, we should also explain what we mean by “free”.

This is so true, that English-speaking people had to borrow a word from another language to work around this ambiguity. Now the “Free as in Freedom, not as free beer” issue is resolved by using a single word: Libre. But, what’s the antonym of Libre? Non-libre? No, it’s non-free or proprietary! (non-libre is seldom used); what a muddle.

Also, both “non-free” and “proprietary” miss the point, just like open-source does in a similar sense; on one hand, “non-free” means that something is not free (yes, I’m a genius!), so we’re back to the starting point, as we have to explain what we mean by “non-free” (a non-gratis-bear or a non-libre-person?) and “non-free” is not an strong term; on the other hand, “proprietary” means that something has one or more owners, that’s it. We need an strong, offending term.

What about “Freedom-depriving software”? It’s the perfect term to refer to software like Microsoft’s. It’s not ambiguous in English, it’s simple and it’s offending (just what they deserve). We can say “Windows is a Freedom-depriving software” and everyday computer users will get what we mean.

PS: English already has a word that perfectly defines the contrary of “Free as in Freedom”: Privative. But people may argue that this is the worst solution because “privative” is an unusual word… And that would be a valid point.

Testing, testing… 1, 2, 3… Testing

Well, it looks like I finally got a blog!

I will use it to talk about what’s going on behind-the-scenes with my contributions to the free software movement, mainly by means of GNU/Linux Matters. I want to let people know that we’re alive! That behind those cool but static websites there are people moving forward, getting ready to effectively defend Freedom in computing. Yes, we already have a blog, but I believe that a personal touch would be great as well. I look forward to seeing more people at GLM blogging about what’s happening under the hood.

But that’s not it. I’m studying computing, so you might think that I’ll blog about computing-related stuff; if so, you’re right. I love software and I wish I could only care about it, without worrying about whether it’s free or not… Every single piece of software must be free as in Freedom. Unfortunately, in the real world, most computing systems are powered by privative software.

I hope you enjoy it!

PS: You might wonder what’s “privative software”. I’ll explain it later, but in the mean time you can read dylunio’s brief explanation.