From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dirk Scheuring Subject: A secure multimedia workstation Date: Mon, 2 Feb 2015 11:11:23 +0100 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:48296) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIDyZ-0003fv-1Z for guix-devel@gnu.org; Mon, 02 Feb 2015 05:11:28 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YIDyX-0001bD-7m for guix-devel@gnu.org; Mon, 02 Feb 2015 05:11:26 -0500 Received: from mail-we0-x233.google.com ([2a00:1450:400c:c03::233]:38075) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YIDyW-0001b3-TJ for guix-devel@gnu.org; Mon, 02 Feb 2015 05:11:25 -0500 Received: by mail-we0-f179.google.com with SMTP id q59so38021964wes.10 for ; Mon, 02 Feb 2015 02:11:23 -0800 (PST) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org Hello all, my name is Dirk Scheuring, and I come out of the "conventional" world of professional audio and video production and performance - a world which is dominated by proprietary programs: Adobe Premiere, Logic Pro Audio, Ableton Live, Traktor, Serato, to name a few "standards". Those are run almost exclusively on Windows or Mac OS X. And a while ago, when Windows 8 and OS X Lion came out, I, after more than 20 years as a user of both Microsoft and Apple products, decided that I've had it with that. That if I went furter that-a-way, I'd no longer be buying a computer as much as I'd be leasing a supervised node on some giant corporation's network. All my production and communication data there are pre-pwned and will be monetized by...everybody but me, mostly, and it's all out of my control. Furthermore, by now I've lost access to much of my production from the past decades, because the data was recorded to SCSI hard disks, DAT tapes, ZIP drives, Atari TOS floppies, and it exists in all kinds of propretary file formats, like, for Akai, or Sequential Circuits machines. If I still even have a copy at all. Which I don't, in many cases. This situation sucks for an artist like me. I figured that the problem was that I had failed to take control of my data production, communication, and storage, for the last 25 years. And I decided that I would take control /now/, and that the next 25 years must de different. So I looked for solutions to my problem, and I now think that a good solution does not exist yet, but that it is possible for one to exist, and that I could probably build it. But can I? Or would such a project be too difficult for me to carry out? Please help me find an answer to that question. Here's what I want to be able to do in, say, three years time: I want to boot and install GNU Guix from a USB Stick, just the way it's done today (1). I want that future build to work flawlessly on libreboot-certified hardware (currently, that would be X60 and T60 Thinkpads (2), so that's my target machine, one with at least 4GB RAM and a 240GB SSD). And by default, that Guix build would offer functionality similar to KXStudio (3), which is a Ubuntu-Debian-based distribution aimed at multimedia producers; it has a realtime-enabled kernel, sets the jack2 audio server running at startup, and offers audio and video production tools like Ardour and Cinelerra-CV. So that would be part of the work: Re-packaging the KXStudio packages and the Xfce-based interface for the Guix package manager. Xfce itself seems to be mostly done already, if I understood the list correctly. I also noticed, to my surprise and delight, that jack2 and Ardour have recently been added. (4) Also, I want to gitify all the things (5), out of the box. The user should be able to use git, git-annex, vcsh, and other useful programs in that vein, to version-control, synchronize and back up everything, from config files to all the media data formats they need. I aim for a client-server-style system, which, by default, would install on a single physical computer, but can easily be split for seperate server and client hardware. The server architecture should make it easy to connect hard discs/raids for backup, and to automate those as far as possible: If I create a new MIDI file today, I want to be able to load and use it in 25 years. Therefore, I want to be able to clone my whole system, data and all, to a bootable disk, carry it over to the next generation of libre hardware, and have it working there without a fuss. And encrypt all the things (there will be trade-offs, because media production machines need to read and write data from/to disk /fast/, which is not so easy if you also want to encrypt, but...I'd like to know what is possible...) And lock down all the things: By default, the system should be able to set itself up without a network connection. All communication to the outside should be based on the decisions of the user. I would like to discourage the use of the system for web mail, general surfing, and socializing; I would like to encourage users to isolate their working environment from the rest of their computer use, to enable only the newslists, websites, and repositories necessary for media production, patching/upgrading, and persistence, and to communicate via, e.g., Pond (6). That is, there should be an awesome security meta-package for GNU Guix, trying to minimize data leakage by default yet leaving the ultimate responsibility and control to the user. And though the default session should use Xfce, to make the transition from proprietary systems as easy as possible for newbies, the user should also be able to log in to an alternative interface, which would be based on Guile Emacs and Guile-WM (7). What I hope for is described in the Readme of the latter, in author Mark Witmer's "Even Crazier Wish List": "Implement enough of a widget toolkit to actually run Guile Emacs inside of Guile-WM all on Guile XCB. You would basically be running a Lisp-machine at that point and all of your friends will be jealous." Yes. This is what I want, ultimately: A truly-free, user-friendly, self-cloning, Guix-package-manager-using, turn-key software-based Lisp Machine for media production, versioning, archiving, backup, and comsec. For anybody who can start out by spending $ 200 - 300 on a used Thinkpad plus upgrade parts on Ebay (add to that a used server and some more disks for the full-blown client-server solution). Does this sound like a feasible project to you all? And what would it take to make it real? All the best, Dirk (1) https://www.gnu.org/software/guix/manual/html_node/System-Installation.html#USB-Stick-Installation (2) http://libreboot.org/docs/hardware/index.html (3) http://kxstudio.sourceforge.net/ (4) http://comments.gmane.org/gmane.comp.gnu.guix.devel/5809 (5) http://penta.debconf.org/dc13_schedule/events/1025.en.html (6) https://pond.imperialviolet.org/ (7) https://github.com/mwitmer/guile-wm