From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?B?5a6L5paH5q2m?= Subject: Re: A secure multimedia workstation Date: Thu, 5 Feb 2015 09:24:56 +0800 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40473) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YJBBi-0006X8-KU for guix-devel@gnu.org; Wed, 04 Feb 2015 20:25:00 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YJBBg-00063d-Vw for guix-devel@gnu.org; Wed, 04 Feb 2015 20:24:58 -0500 Received: from mail-qc0-x232.google.com ([2607:f8b0:400d:c01::232]:40008) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YJBBg-00063V-QB for guix-devel@gnu.org; Wed, 04 Feb 2015 20:24:56 -0500 Received: by mail-qc0-f178.google.com with SMTP id b13so4367681qcw.9 for ; Wed, 04 Feb 2015 17:24:56 -0800 (PST) In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Dirk Scheuring Cc: Guix-devel Hi! 2015-02-02 18:11 GMT+08:00 Dirk Scheuring : > > Hello all, > > my name is Dirk Scheuring, and I come out of the "conventional" world of > professional audio and video production and performance - a world which > is dominated by proprietary programs: Adobe Premiere, Logic Pro Audio, > Ableton Live, Traktor, Serato, to name a few "standards". Those are run > almost exclusively on Windows or Mac OS X. And a while ago, when Windows > 8 and OS X Lion came out, I, after more than 20 years as a user of both > Microsoft and Apple products, decided that I've had it with that. That > if I went furter that-a-way, I'd no longer be buying a computer as much > as I'd be leasing a supervised node on some giant corporation's > network. All my production and communication data there are pre-pwned > and will be monetized by...everybody but me, mostly, and it's all out of > my control. > > Furthermore, by now I've lost access to much of my production from the > past decades, because the data was recorded to SCSI hard disks, DAT > tapes, ZIP drives, Atari TOS floppies, and it exists in all kinds of > propretary file formats, like, for Akai, or Sequential Circuits > machines. If I still even have a copy at all. Which I don't, in many > cases. > > This situation sucks for an artist like me. I figured that the problem > was that I had failed to take control of my data production, > communication, and storage, for the last 25 years. And I decided that I > would take control /now/, and that the next 25 years must de different. > > So I looked for solutions to my problem, and I now think that a good > solution does not exist yet, but that it is possible for one to exist, > and that I could probably build it. But can I? Or would such a project > be too difficult for me to carry out? Please help me find an answer to > that question. > > Here's what I want to be able to do in, say, three years time: I want to > boot and install GNU Guix from a USB Stick, just the way it's done today > (1). I want that future build to work flawlessly on libreboot-certified > hardware (currently, that would be X60 and T60 Thinkpads (2), so that's > my target machine, one with at least 4GB RAM and a 240GB SSD). And by > default, that Guix build would offer functionality similar to KXStudio > (3), which is a Ubuntu-Debian-based distribution aimed at multimedia > producers; it has a realtime-enabled kernel, sets the jack2 audio server > running at startup, and offers audio and video production tools like > Ardour and Cinelerra-CV. So that would be part of the work: Re-packaging > the KXStudio packages and the Xfce-based interface for the Guix package > manager. Xfce itself seems to be mostly done already, if I understood > the list correctly. I also noticed, to my surprise and delight, that > jack2 and Ardour have recently been added. (4) Yes, Ricardo Wurmus did it. He's a musician too ;-) > > Also, I want to gitify all the things (5), out of the box. The user > should be able to use git, git-annex, vcsh, and other useful programs in git-annex seem require GHC and a lot of haskell libraries, I won't expect to have it Guix soon, but we can use Nix to install it. > that vein, to version-control, synchronize and back up everything, from > config files to all the media data formats they need. I aim for a > client-server-style system, which, by default, would install on a single > physical computer, but can easily be split for seperate server and > client hardware. The server architecture should make it easy to connect > hard discs/raids for backup, and to automate those as far as possible: > If I create a new MIDI file today, I want to be able to load and use it > in 25 years. Therefore, I want to be able to clone my whole system, data > and all, to a bootable disk, carry it over to the next generation of > libre hardware, and have it working there without a fuss. Sound like a deploy a cloud with something like NixOps to me. > > And encrypt all the things (there will be trade-offs, because media > production machines need to read and write data from/to disk /fast/, > which is not so easy if you also want to encrypt, but...I'd like to know > what is possible...) > > And lock down all the things: By default, the system should be able to > set itself up without a network connection. All communication to the > outside should be based on the decisions of the user. I would like to > discourage the use of the system for web mail, general surfing, and > socializing; I would like to encourage users to isolate their working > environment from the rest of their computer use, to enable only the > newslists, websites, and repositories necessary for media production, > patching/upgrading, and persistence, and to communicate via, e.g., Pond > (6). That is, there should be an awesome security meta-package for GNU > Guix, trying to minimize data leakage by default yet leaving the > ultimate responsibility and control to the user. A whitelist iptable rules? I have no idea. > > And though the default session should use Xfce, to make the transition > from proprietary systems as easy as possible for newbies, the user > should also be able to log in to an alternative interface, which would > be based on Guile Emacs and Guile-WM (7). What I hope for is described > in the Readme of the latter, in author Mark Witmer's "Even Crazier Wish > List": > > "Implement enough of a widget toolkit to actually run Guile Emacs inside > of Guile-WM all on Guile XCB. You would basically be running a > Lisp-machine at that point and all of your friends will be jealous." > > Yes. This is what I want, ultimately: A truly-free, user-friendly, > self-cloning, Guix-package-manager-using, turn-key software-based > Lisp Machine for media production, versioning, archiving, backup, and > comsec. For anybody who can start out by spending $ 200 - 300 on a used > Thinkpad plus upgrade parts on Ebay (add to that a used server and some > more disks for the full-blown client-server solution). > > Does this sound like a feasible project to you all? And what would it > take to make it real? I don't know how much work it need, but it does exciting and hit my heart. > > All the best, > > Dirk > > > (1) https://www.gnu.org/software/guix/manual/html_node/System-Installation.html#USB-Stick-Installation > (2) http://libreboot.org/docs/hardware/index.html > (3) http://kxstudio.sourceforge.net/ > (4) http://comments.gmane.org/gmane.comp.gnu.guix.devel/5809 > (5) http://penta.debconf.org/dc13_schedule/events/1025.en.html > (6) https://pond.imperialviolet.org/ > (7) https://github.com/mwitmer/guile-wm >