all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: 宋文武 <iyzsong@gmail.com>
To: Dirk Scheuring <scheuring@gmail.com>
Cc: Guix-devel <guix-devel@gnu.org>
Subject: Re: A secure multimedia workstation
Date: Thu, 5 Feb 2015 09:24:56 +0800	[thread overview]
Message-ID: <CAHZE2pfMSTkAkDpb2HdxHDmxuKaPkJ72vYgzJVgNGDXtGaFXmg@mail.gmail.com> (raw)
In-Reply-To: <CALvC8ZCsdOnTsvWQ4y3xMD_c+nuK6c-p0a1Lj8z-GdH_zPv7ag@mail.gmail.com>

Hi!

2015-02-02 18:11 GMT+08:00 Dirk Scheuring <scheuring@gmail.com>:
>
> Hello all,
>
> my name is Dirk Scheuring, and I come out of the "conventional" world of
> professional audio and video production and performance - a world which
> is dominated by proprietary programs: Adobe Premiere, Logic Pro Audio,
> Ableton Live, Traktor, Serato, to name a few "standards". Those are run
> almost exclusively on Windows or Mac OS X. And a while ago, when Windows
> 8 and OS X Lion came out, I, after more than 20 years as a user of both
> Microsoft and Apple products, decided that I've had it with that. That
> if I went furter that-a-way, I'd no longer be buying a computer as much
> as I'd be leasing a supervised node on some giant corporation's
> network. All my production and communication data there are pre-pwned
> and will be monetized by...everybody but me, mostly, and it's all out of
> my control.
>
> Furthermore, by now I've lost access to much of my production from the
> past decades, because the data was recorded to SCSI hard disks, DAT
> tapes, ZIP drives, Atari TOS floppies, and it exists in all kinds of
> propretary file formats, like, for Akai, or Sequential Circuits
> machines. If I still even have a copy at all. Which I don't, in many
> cases.
>
> This situation sucks for an artist like me. I figured that the problem
> was that I had failed to take control of my data production,
> communication, and storage, for the last 25 years. And I decided that I
> would take control /now/, and that the next 25 years must de different.
>
> So I looked for solutions to my problem, and I now think that a good
> solution does not exist yet, but that it is possible for one to exist,
> and that I could probably build it. But can I? Or would such a project
> be too difficult for me to carry out? Please help me find an answer to
> that question.
>
> Here's what I want to be able to do in, say, three years time: I want to
> boot and install GNU Guix from a USB Stick, just the way it's done today
> (1). I want that future build to work flawlessly on libreboot-certified
> hardware (currently, that would be X60 and T60 Thinkpads (2), so that's
> my target machine, one with at least 4GB RAM and a 240GB SSD). And by
> default, that Guix build would offer functionality similar to KXStudio
> (3), which is a Ubuntu-Debian-based distribution aimed at multimedia
> producers; it has a realtime-enabled kernel, sets the jack2 audio server
> running at startup, and offers audio and video production tools like
> Ardour and Cinelerra-CV. So that would be part of the work: Re-packaging
> the KXStudio packages and the Xfce-based interface for the Guix package
> manager. Xfce itself seems to be mostly done already, if I understood
> the list correctly. I also noticed, to my surprise and delight, that
> jack2 and Ardour have recently been added. (4)
Yes, Ricardo Wurmus did it. He's a musician too ;-)
>
> Also, I want to gitify all the things (5), out of the box. The user
> should be able to use git, git-annex, vcsh, and other useful programs in
git-annex seem require GHC and a lot of haskell libraries, I won't expect
to have it Guix soon, but we can use Nix to install it.
> that vein, to version-control, synchronize and back up everything, from
> config files to all the media data formats they need. I aim for a
> client-server-style system, which, by default, would install on a single
> physical computer, but can easily be split for seperate server and
> client hardware. The server architecture should make it easy to connect
> hard discs/raids for backup, and to automate those as far as possible:
> If I create a new MIDI file today, I want to be able to load and use it
> in 25 years. Therefore, I want to be able to clone my whole system, data
> and all, to a bootable disk, carry it over to the next generation of
> libre hardware, and have it working there without a fuss.
Sound like a deploy a cloud with something like NixOps to me.
>
> And encrypt all the things (there will be trade-offs, because media
> production machines need to read and write data from/to disk /fast/,
> which is not so easy if you also want to encrypt, but...I'd like to know
> what is possible...)
>
> And lock down all the things: By default, the system should be able to
> set itself up without a network connection. All communication to the
> outside should be based on the decisions of the user. I would like to
> discourage the use of the system for web mail, general surfing, and
> socializing; I would like to encourage users to isolate their working
> environment from the rest of their computer use, to enable only the
> newslists, websites, and repositories necessary for media production,
> patching/upgrading, and persistence, and to communicate via, e.g., Pond
> (6). That is, there should be an awesome security meta-package for GNU
> Guix, trying to minimize data leakage by default yet leaving the
> ultimate responsibility and control to the user.
A whitelist iptable rules? I have no idea.
>
> And though the default session should use Xfce, to make the transition
> from proprietary systems as easy as possible for newbies, the user
> should also be able to log in to an alternative interface, which would
> be based on Guile Emacs and Guile-WM (7). What I hope for is described
> in the Readme of the latter, in author Mark Witmer's "Even Crazier Wish
> List":
>
> "Implement enough of a widget toolkit to actually run Guile Emacs inside
> of Guile-WM all on Guile XCB. You would basically be running a
> Lisp-machine at that point and all of your friends will be jealous."
>
> Yes. This is what I want, ultimately: A truly-free, user-friendly,
> self-cloning, Guix-package-manager-using, turn-key software-based
> Lisp Machine for media production, versioning, archiving, backup, and
> comsec. For anybody who can start out by spending $ 200 - 300 on a used
> Thinkpad plus upgrade parts on Ebay (add to that a used server and some
> more disks for the full-blown client-server solution).
>
> Does this sound like a feasible project to you all? And what would it
> take to make it real?
I don't know how much work it need, but it does exciting and hit my heart.
>
> All the best,
>
> Dirk
>
>
> (1) https://www.gnu.org/software/guix/manual/html_node/System-Installation.html#USB-Stick-Installation
> (2) http://libreboot.org/docs/hardware/index.html
> (3) http://kxstudio.sourceforge.net/
> (4) http://comments.gmane.org/gmane.comp.gnu.guix.devel/5809
> (5) http://penta.debconf.org/dc13_schedule/events/1025.en.html
> (6) https://pond.imperialviolet.org/
> (7) https://github.com/mwitmer/guile-wm
>

  reply	other threads:[~2015-02-05  1:25 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-02 10:11 A secure multimedia workstation Dirk Scheuring
2015-02-05  1:24 ` 宋文武 [this message]
2015-02-07 23:08 ` Ludovic Courtès
2015-02-09 17:33   ` Dirk Scheuring
2015-02-09 17:55     ` David Thompson
2015-02-09 18:23     ` Andreas Enge
2015-02-10 15:21       ` Dirk Scheuring
2015-02-10 15:45         ` Ricardo Wurmus
2015-02-10 15:56         ` Ludovic Courtès
2015-02-10 18:37         ` Andreas Enge
2015-02-11  8:25           ` Dirk Scheuring

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAHZE2pfMSTkAkDpb2HdxHDmxuKaPkJ72vYgzJVgNGDXtGaFXmg@mail.gmail.com \
    --to=iyzsong@gmail.com \
    --cc=guix-devel@gnu.org \
    --cc=scheuring@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.