Musings of a *Nix Nerd

Time has flown by without a blog post, and it's about dang time to release a little something new. Over this post-free time, I have learned several things worthy of sharing. For starters, everyone loves music and it's mission critical for most people to have a music player so they can jam out when working. So let's make one!

Why Make a Music Player When There's So Many Good Ones?

I have over 7 terabytes of music, and every time I've attempted to load my entire playlist of music into popular apps, I wind up cranking an i9-9900K with 64 GB of RAM to nearly 100% usage and cause my system to freeze. Due to this, I figured I would write a simple, lightweight, terminal-based program that would provide the flexibility needed to listen to music without any extra bloat, and could be extensible with bash scripts using something like ncurses. Let me introduce you to what I have accomplished so far for this program!


So I've had lots of privacy scares in the past, with people trying to steal my identity, my banking info and so on. Over the past few years, I've grown fed up with this over time and have been looking for ways to hide my own personal information from theft, prevent telemarketing annoyance, and even gain the added benefit of making it just a little bit harder to be spied on by the government to preserve my own personal freedom.

Enter The PinePhone

What if I wanted a smartphone? I have been using a Google Pixel with a custom Android build for a while now, but I'm beginning to worry that's not enough. I've been hearing through my friends and online about this company called Pine64 that works on Open Source board designs for tech devices, such as smartphones, laptops, tablets and (recently) smartwatches.

So the Pine64 smartphone, or Pinephone, has pretty crappy hardware inside compared to a flagship smartphone. But given the $200 USD price point, I could buy three for the price of a “popular” phone. Also, it runs Linux as well as Android which means it supports the new and coming PureOS- a secured Linux build based on Debian. PureOS is actively made by the company Purism, who releases their own smartphone with this system. But can I run it on some cheap device?


In today's hyper-connected world, it grows increasingly important to have all devices that have an internet connection locked down- not for hiding data but to protect from having day-to-day life completely sabotaged. One may have already locked down their accounts and data about them online, but what if they want to “amp it up” to the next level?

The Problem

It's known that by using Windows or MacOS, you have agreed to Terms of Service that include the upload of their private files to their infrastructure- even if you didn't want it to go on the internet. In Microsoft-Land, this means all your files are scanned and uploaded to Microsoft's infrastructure where they can build a profile on you. Apple happens to engage in similar practices. On top of this, Windows is known for having the most viruses and rootkits in the world while MacOS currently has the record for the most adware in the world. Viruses and rootkits are basically system exploits, while adware is an attack on the web browser, forcing ads to pop up even if you have an ad blocker.

To add further discomfort, the leaks made by ex-CIA/NSA official Edward Snowden from years past verified that there is something called FISA court- a top secret US-based court of law that issues warrants for surveillance. Snowden took huge issues when he learned that the CIA and NSA built this program named XKeyScore, which behaves like a search engine that collects ALL information about people, including private things like Social Security Numbers and text messages. To do this, the FISA courts “rubber-stamped” (and still do) every surveillance request made by the CIA or NSA- allowing them to spy on U.S. Citizens without due process. Nowadays, laws have since been passed where FISA courts are irrelevant and the CIA and NSA can continue to do this.... And if the CIA and NSA are capable of gathering all the info you'd rather keep private, so is the stalker... or the creepy person next door... or the angry ex-husband/ex-wife...

Enter OpenBSD

OpenBSD began in 1995, where the founder Theo De Raadt took issue with the design approach of NetBSD- which traces it's ancestral roots all the way back to the original UNIX from the early 1980's. De Raadt was (and still is) a firm believer in correctness of code, extensive auditing of the code, and extreme levels of security. OpenBSD is widely considered to be the most secure Operating System on the planet, with the most bleeding edge technologies in cryptography and so on- to the point where some countries ban the OS for import even though that's unenforceable thanks to the internet. It is known for having sane and secure defaults in the installation, and several audits of the entire system's source code yearly. They are responsible for the invention of the applications sudo, openssl, libressl, ssh, pf, and pledge(). If familiar with any Linux/Unix command line, it's easy enough to notice that they invented some of the most common protocols utilized in locking down a system.

So let's get this set up on a laptop!


Odds are that if you're reading this blog, you own one of these: Router.png

These routers appear like closed-off boxes, with this “firmware” voodoo that you need to download and update it once every few months. However, what if it was possible to take apart a router image and discover how it works? Let's tear the D-Link DWR-956 Router's firmware apart and discover how it works.


In the early 1940s during World War 2, a world renowned rock-'n-roll guitarist named Woody Guthrie mustered up the courage to paint a slogan on his guitar, that would forever change the way we view the world and influence many people's views on the subject of free speech. After the publishing of one of his wartime songs, Guthrie painted “THIS MACHINE KILLS FASCISTS” onto his guitar. But Why Would He? Guthrie believed that the battle Freedom of Speech and Censorship was more important than the war between Good and Evil itself. Enough history, why is this viewpoint relevant to society today?

This post is different, I recently downloaded a videogame I remembered playing from several years ago, called Return To Castle Wolfenstein. It's considered to be cult classic game, but I learned it was banned to own or sell in Germany and a couple other countries, due to it's use of the Nazi Swastika. This got me thinking on the topic of censorship as it relates to the world we live in, why hackers should care, and how we can tackle this issue.


What is true online? How can you find useful information online? How can you verify the truth of something online? How can you learn more about current events, people or organizations and only get the statistical numbers?

These are legitimate questions, and with the dawn of the “fake news” misnomer, it's increasingly important to know how to search for verifiable, empirical information that can be measured (so you can form your own opinions, instead of believing whatever is the latest fad). Due to this, I personally feel morally obligated to share introductory techniques and tools of the trade of Seeking– gathering useful and actionable information.

This blog post is dedicated to Francesco Vianello (1952-2009). May you continue to rest in peace, and may your wisdom continue to be useful to us all.

Getting Started

Before we begin to do some deep digging, we'll need to have a few programs at the ready. You MUST have a text editor, a way to edit spreadsheets, and Tor Browser. Tor Browser is important because it becomes harder to track your current location, allowing you to bypass location filters.


Ever since the revelations of Edward Snowden and learning about the fact that the United States Government implements and utilizes commercial-grade equipment to spy on society, there's been an ongoing battle for personal privacy. Most don't do this because they have things to hide, but because they have important things to protect, like their banking information or previous addresses. With the rise of major technology companies and governments at the helm of new technical innovations and controlling most people's everyday lives, it becomes people's responsibility to carefully handle their personal information- both online and offline. For those unfamiliar, this blog post seeks to provide a “quick start guide” on how one can protect their info from malicious actors, governments, and so forth.


This post has been long in coming. For those who haven't read the previous posts in this series, below are links to bring you up to speed.

In Part 1, we covered the basic mathematical information and technical information required to understand and begin to implement your own cryptography. Part 1: HERE

In Part 2, we set up a Cryptographically Secure Pseudo-Random Number Generator to be used by our cryptographic algorithms. Part 2: HERE

If you're stuck, the previous posts may help with bringing you up to speed. Now, let's add in the hashing algorithm!

Hashing? What's that?

A Hashing Algorithm is this carefully crafted program that takes a string as an input, performs a bunch of cryptographic functions on it, and spits out a fixed-length string that appears to be random. However, if you compute the hash again with the same string, you will achieve the same output.

A sample hashing function could be a simple XOR operator. You take random bytes to produce “entropy” for the hashing function, saving the information somewhere. Then you could just XOR the string with the saved random bytes, chopping the hash off at a fixed length. This is known to be highly insecure as performing an XOR against itself is effectively an inverse operation and will undo the work of creating a hash.


I was reading old blog posts and realized I didn't touch on a CRITICAL piece of the puzzle to understanding computing... How your device actually works. This post aims to remediate this and provide a “one-stop” guide from understanding the low-level circuitry to how that allows people to program on their devices.

No computers were harmed in the making of this post. No, seriously.

The Electronics

Everything in a computer is a 1 or a 0. Many people call this true or false, or even on or off. Whatever you may call it, it's the basis for boolean (digital) logic. When you use a series of true or false statements, you are making use of the binary number system. Instead of having a 10's, 100's, 1000's etc place there's powers of 2. so 11111111 would equal 255, because 1+2+4+8+16+32+64+128=255. This is similar to how we would calculate what 255 equals- 200 + 50 + 5 = 255.


For those who are unfamiliar with FreeBSD, it's a unique system that feels distinctly like the UNIX of old- because it is. Last post, we installed FreeBSD, got connected and installed some software. You might have even gotten a desktop working on your own, because it feels so much like Linux. However, the stock install is a bit RAM hungry and we aim to improve that.

Kernel? What's a Kernel?

Like Linux, FreeBSD (and Windows and MacOS) all have an underlying Kernel. This is basically a loose term that describes all the underlying components that the user doesn't see day-to-day when utilizing an Operating System, such as firmware and drivers being loaded, support for multithreading, filesystem support, and so on. Because BSD has so much support for strange devices- like VAX machines of old- it's expected of users who wish to optimize their systems to purge unneeded support from their system.

Getting Started

Of course, you'll need a FreeBSD installation with the source code to follow along... :) However, we'll need some more details about our target system that we'll be rolling a custom Kernel for. So let's whip out a notepad or text editor and our trusty command line. The trusty dmesg command will come in handy, but it produces way too much output, so we can filter that with grep by doing something like dmesg | grep <search term>.

The laptop I did this on was an unmodded Thinkpad T460. I knew that it came with Intel Wireless, an Intel CPU, an SSD, and Intel Integrated Graphics, for starters. But what model?

So I ran dmesg | grep Wireless and got the following output:

iwm0: <Intel(R) Dual Band Wireless AC 8260> mem 0xredacted at device redacted

Note that I have censored the last bit of output for privacy, but it contains memory address and what part of the PCI bus it's connected to.

I took note of this and did similar commands to gather info on my hardware.

Backing Up

Since we're replacing our kernel, we want a backup of the last known good one. In FreeBSD, the current running kernel is located at /boot/kernel. So let's make a copy in /boot, so we can continue to use it if things go south!

Running cp -a /boot/kernel /boot/kernel.good will do the trick for this.

Config Time!

Now we get to prep our Kernel config file. To do so, cd /sys will take you to the /sys directory, where you'll see a few architecture names as directories: x86, x64, arm, etc. My ThinkPad T460 is a 64 bit x64 processor, so I ran cd x64.

Now, there's a folder in this directory called conf. That's where the config files are located- so cd conf and then run ls to view the available config files to start from.

Instead of altering the config files directly, it may be wise to make a copy of one. I picked the GENERIC config file and copied it into one in the same directory, naming it T460 (no file extensions!!!)

With this done, open the freshly copied config file in the text editor of your choice. In this config file, there's lots of comments, specifying what each option will compile into the kernel. Removing the line will remove the feature from your compiled kernel. Since my ThinkPad doesn't have a floppy disk or RAID controller that's easy enough to remove those. I know that I have Intel Wired and Wireless connections, so I can remove all support for other network cards if I so choose.

ATCHUNG! Read what each option enables support for before deleting the line, and make sure you're not removing things that are critical to the function of your hardware!

Once satisfied, save the new config and quit.

Updating the Source

First things first, we need to install and set up subversion (SVN) on FreeBSD to get the latest copy of the FreeBSD source tree. In order to install SVN and get it ready to rock, we just need to run pkg install ca_root_nss subversion.

Now with SVN installed, let's fetch a copy of the latest source tree. If you already have the source code installed, run svn update /usr/src/. If not, we need to fetch a copy by running svn checkout https://svn.freebsd.org/base/releng/12.1 /usr/src/ (replace the 12.1 with the version number of FreeBSD you installed.)

Awesome! We're ready to compile the kernel!

Compiling the Kernel

With your freshly updated copy of the FreeBSD source code, cd /usr/src to get into the source code. Since our config file is prepped, all you have to run is make KERNCONF=CONFIG buildkernel– swap out the word CONFIG for your kernel config name. This will take a bit to compile, so grab a coffee or something while waiting. When it finishes, you run make KERNCONF=CONFIG installkernel, again swapping out the word CONFIG for your actual config filename. When finished, reboot your system and test it out!


In the bootloader, you can switch back to the old kernel to resolve the issues in your config and re-attempt compiling the kernel until satisfied.

What Are The Benefits of Doing This?

On my ThinkPad T460, the stock system used about 1.7 gb of RAM. After the custom kernel, it's now using 800 Mb of RAM- to lower the usage even further, some tunable “knobs” in /etc/rc.conf, /etc/loader.conf and /etc/sysctl.conf prove useful as well.

Another interesting thing to note is that this Kernel config can be used to rebuild the ENTIRE SYSTEM as well, using the make KERNCONF=CONFIG buildworld and make KERNCONF=CONFIG installworld commands too.

Until next time!


Enter your email to subscribe to updates.