It is often said that art imitates life… this is very, very true. Throughout modern times, people have told tales of darkness and dystopian futures, built upon the fears that they held in their present day existence. You can see it in books, film, television, comics, and so on. Mary Shelley built the Frankenstein tale upon death, resurrection, and electricity. The film Metropolis dealt with class warfare. The Time Machine showed a future in which humanity splits between cannibalistic overlords and dependent sheep.
The harsh reality of the world we live in today, is that there were warnings of what could come if we were not careful, and we didn’t pay heed. We live in a blend of 1984, Brave New World, They Live, and the Twilight Zone’s Obsolete Man. Big Brother is watching, history goes down the Memory Hole, we are learning New Speak, we are becoming Obsolete… we are not wearing our Sunglasses, and we are too Hedonistic and Entertained to care. More specifically, we have allowed ourselves to be manipulated by entertainment and the media, while not learning from it, or seeing through the propaganda.
In addition to ignoring the parables, metaphors, analogies, etc, of our entertainment; we failed to listen to the direct, plain-spoken warnings of our ancestors. Like a moody teenager, we scoffed at the lessons we were being taught, and believed we knew better, and that “it won’t happen to us!”, while we descended down the path we were warned against. We are becoming the ineffectual slaves we have seen in history and entertainment.
We look to the government to save us and provide for us, giving up our independence, liberty, and lives as payment. We allow our peace officers to become militarized, government enforcers. We do these things in a quest for a mythological Utopia called “Safety”. We cannot ever be completely safe. Being human, and living life, requires risk. Liberty requires self-determination, self-constraint, and self-control. Only the dead have no earthly concerns.
What are our concerns? Safety and convenience. We need cars that can drive themselves, so that we can “reduce accidents” caused by human error. Put control in someone else’s hands, we don’t want to be accountable.
We need Smart Devices that integrate within our lives because it is “easier”. Yeah, it makes every detail of our lives easily monitored, tracked, and cataloged… but hey, at least our refrigerator can tell us when we are low on milk.
Why use cash, when we can, not only have someone else hold all of our money, but we can carry cards instead. In fact, what is easier than plastic cards? Smart Phones. Scan that QR Code, turn on location tracking, post your intimate details, film every aspect of your life. Isn’t it convenient?
Can you imagine going back in time and telling Stalin, Hitler, or Mao, “I know a way that you can manipulate, control, spy-on, and collect data on everyone. What’s more, I can get them to not only eagerly cooperate, but they will happily pay good money to make it happen”. You then go about describing the world you live in today... Horrifying, right?
I know, I know… you live in the “freest” country in the world. The horrors of Nazi Germany, or Communist Russia/China can’t happen here! Welcome to the Matrix.
For those of you that see my point, or are intrigued enough to fancy a Red Pill, allow me to offer some solutions to help pry some of the icy fingers of tyranny from your throat.
There are a myriad of solutions to our problems. Some solutions will require massive change, great effort, and perhaps even (I pray not) revolution. There are, however, some simple things you can do to, at the very least, unplug from the Matrix and begin your own, personal rebellions.
In addition to many other things, I am a former IT Manager with many years experience dealing with computers. “Computers? What does liberty have to do with computers?” You may ask. Simple. Computers are where most of us get our work done; how we communicate; how we store our information; how we access the Internet; and often, how we enjoy entertainment. Computers are not just the desktops, and laptops we have… they are also the Smart Phones, tablets, and netbooks we employ; but, for the purpose of this writing, I will be focusing on our desktops and laptops.
Having a computer system that runs Windows or Mac is about as private and secure as having a stalker in the shower with you holding a smartphone. If you wish to have any hope of actual privacy, security, and control over your desktop/laptop then you will want to ditch anything to do with Microsoft or Apple (the same goes with Google, Amazon, etc… but that is a discussion for another time).
I understand that the majority of the world are accustomed to either PC’s (running Windows) or Macs, but it is not hard to switch to Linux. Yes, Linux has had a reputation of being for Geeks, overly complicated, not for newbies, etc. Even if this was once true, it is absolutely untrue today. Linux has now been around for decades, and has evolved in a beautiful, wonderful way.
To help ease your apprehensions, let me assure you that Linux Distributions range from very user friendly to Geek-only levels of complexity. Ironically, did you know that Android is built upon Linux? In fact, over 80% of Smart Phones run off of Linux. Did you know that the Mac OS and Linux are built upon (or derived from) Unix? You have no problem using your Android or Apple Phones and Tablets, and there are Linux Distributions you can use easily as well.
For those of you who are interested in what I am saying, but are afraid to take the leap. I would suggest easing your way into the Linux world, and then perhaps, one day, you can delve down deep into what I offer later in the text.
One of the many awesome things about Linux is that the OS is FREE. You can download, install, and use it for free. Another awesome thing about Linux is that it is Open Source (https://opensource.org/ and https://opensource.com/resources/what-open-source) meaning the code is open and available for any of us to review and improve. Here is the cherry on the ice cream… dependent on the Linux Distribution you use, you can even revive old, outdated systems and make use of them again!
For the Newbies (you can download these OS’s or order a CD/DVD):
If you require starting off with the “press your face here” simplicity of a tablet/phone-like interface, you can go with Ubuntu (https://www.ubuntu.com/).
If you want something that is similar to a Windows 7 interface, go with Linux-Mint (https://www.linuxmint.com/)
Both of the above Distributions are based upon Debian Linux. If you would like to go to the heart of the matter, you can go directly with Debian (https://www.debian.org/) where you can do everything from building your own desktop from the ground up, to having a Windows 95/98/XP type interface (LXDE or XFCE desktops), to a Windows 7 type interface (Mate desktop), and so on. You can learn more about the Debian Desktop Environments here (https://wiki.debian.org/DesktopEnvironment).
There is also a Debian-based Distribution that is focused on security and privacy called Tails OS (https://tails.boum.org/). However, for those of you who are adventurous, and/or would like to have as much control over your computer as possible, I offer a tutorial below.
Regardless of what you decide to do, I would suggest that you check out the following:
- For Security Information, check out: https://www.privacytools.io
- Surveillance Self-Defense: https://ssd.eff.org
- The Electronic Frontier Foundation: https://www.eff.org
- Private Messaging: https://bitmessage.org
- Disk Encryption via VeraCrypt: https://veracrypt.codeplex.com
- Search Engines: https://duckduckgo.com, https://searx.me, https://quant.com, https://www.startpage.com
- The Ultimate Firefox Privacy & Security Guide: https://www.maketecheasier.com/ultimate-firefox-privacy-security-guide/
Minimal Install Tutorial:
A Minimal Install involves creating an Operating System that provides just the bare necessities of what you need to have a functional computer. The tutorial below is built using Debian, and will provide you with a basic system that you can expand upon as you see fit.
While it is true that you can go even more bare-bones than what I provide below, and you can take even more control than I provide below; what I offer is pretty sufficient for anyone looking to take control of their computing experience. Yes, there are those out there that want a computer with no network connectivity, no Internet access, no graphical interfaces, no sound… nothing but a blinking cursor awaiting their command; but that is a rare minority that probably already knows how to achieve what they desire. For the rest of us, I present the following:
For more reference see: https://www.debian.org/releases/stable/installmanual
Download (or otherwise acquire) the Debian Network Install CD: https://www.debian.org/CD/netinst/
Note: To verify that your downloaded file has not been altered, hacked, or otherwise tampered with, you will want to verify it. For information on how to verify the ISO Checksum from Windows, see: https://www.maketecheasier.com/verify-md5-sha-1-sha-256-checksum-windows10/. To verify from Linux, see: https://linuxconfig.org/how-to-verify-checksums-in-linux (also see https://www.gnupg.org/download/integrity_check.html). To verify from Mac, see: http://www.techradar.com/how-to/how-to-check-a-files-checksum-on-mac
If you do not have the installation CD/DVD, you will need to make one from the ISO you downloaded… but you would be better off making a bootable USB thumbdrive instead, that you can add files to. One method, for Windows, Linux, and Mac is the use of a program called UnetBootin (https://unetbootin.github.io/). For alternatives, you can check out the FAQ here: https://www.debian.org/CD/faq/#record-unix (There are instructions for Linux, Windows, and Mac).
Note: Some computers require extra firmware. Go to https://www.debian.org/releases/stable/installmanual, find the guide you want (32 Bit, 64 Bit, etc.), go to the section on firmware, and download and unpack (extract) the additional firmware. Make sure the extracted files are in a folder named “firmware” and place it on your bootable USB device (as instructed) so that it can be accessed during the installation. If you install from CD instead of USB, or you cannot add files to the install USB, simply put the firmware folder on another USB drive, and insert it, when prompted, for missing firmware.
Note: To make life easier on yourself, you would be well advised to connect your computer (desktop or laptop) to your Router via an Ethernet Cable before installation. Keep it connected until you are able to install networking tools and configure your networking. If you lose connectivity after the initial reboot, you can manually gain access. I will detail this information below.
Installing the System:
- Place the bootable USB device into your computer and reboot, selecting the USB device, launching the installer. After it boots, the usage difference between choosing the Graphical Install or the regular Install is a matter of access to a mouse. The Graphical Install allows the use of a mouse, the regular Install is keyboard only.
- Answer the questions in regard to language, location, etc.
- When you get to “hostname”, you can select anything you want. This will serve as the name of your computer.
- Root Password: Make sure to choose a password that is difficult to guess, but easy for you to remember. It is best to choose something far removed from you… in other words, DO NOT use birthdays, friend/family names, etc. A good idea is to choose a phrase and then creatively write it out. For example: If you want your password to be based on the phrase “leave me alone”, you could write it out like this… “13@v3MeA10wn!”. You now have a 13 digit password that you can remember, but others may not easily guess.
- User Name and Password. Many people ignore user names when it comes to security, but in order to break into your computer using your credentials, a person will need your password AND your user name. If you want to complicate things a bit, choose a User Name that is not connected to you. For example, if your name is “Bob”, don’t use “bob” as your User Name; instead you could use something like “wallawalla”… why? Because who the hell would think your User Name is “wallawalla”. As to the password, use a similar methodology as was used with the Root Password (but DON’T use your root password).
- Allow automatic processes to take place and then partition and format your computer. You can let the installer do it on its own, or you can do it manually. Choosing to encrypt your drive might be a good idea (in the partition section you can choose: Guided – use entire disk and set up encrypted LVM). Remember to make a great password.
- If you choose Encrypted LVM, it will then take a long, long time scrubbing your drive. You can cancel this if you desire. It is up to you and your needs.
- When it comes to configuring the package manager, you can select “No” and continue. Answer the questions that follow.
- The basic utilities will install, you can then choose to install a desktop or just the standard system utilities. If you want full customization, choose to only install the standard system utilities (some purists balk at this, but, in the end, you end up using most of them anyway).
- The installation will take place and then you will be asked about installing grub. Be sure to install grub to the computer hard drive (usually /dev/sda). If you accidentally install grub to your USB device and cannot boot your system, put the USB device back in, and as it boots, choose to boot to your hard drive. At the terminal you can then use the command “sudo grub-install /dev/sda” to install it to the hard drive.
- When finished, remove the USB device and reboot the computer. If you used Encrypted LVN, you will need to put in your boot password, and after it boots, log in using your User Name and Password.
- You will then need to install some software. Put in the command “su” (ignore the quotes) and hit “Enter” then type in your root password.
Note: If you go to the next step and discover that you have no connectivity, you can manually fix this by doing the following:
a. If you do not know the name of the network interface, use the command “ip link show” and note the name of the Ethernet Card (maybe something like enp2s8).
b. Use the command “nano /etc/network/interfaces”
c. after the line “iface lo inet loopback”, place the following text:
auto [name of network interface]
allow-hotplug [name of network interface]
iface [name of network interface] inet dhcp
d. Press Ctrl+x, and Choose “y” to save the file, and press “Enter” to overwrite the original file.
e. Put in the command “systemctl restart networking”, and your computer should now have connectivity.
- Now install “sudo” and grant your User Name access to it.
apt-get install sudo
adduser [your user name] sudo
At this point, it might be a good idea to reboot and then log back in, and use “sudo” for your commands, instead of being logged in with elevated privileges.
To test your sudo credentials after rebooting:
Log in as user, and then enter the command: sudo ls
If the display comes back as follows, it does NOT have sudo rights:
“username is not in the sudoers file. This incident will be reported.”
If the display comes back as follows, it DOES have sudo rights:
“We trust you have received the usual lecture from the local System Administrator...”
- Install some firmware:
sudo apt-get install firmware-linux firmware-linux-free intel-microcode (or amd64-microcode) [for wireless add “firmware-iwlwifi”]
Note: If you want to install firmware-linux-nonfree you will have to enable/add the non-free repositories to your Sources List.
You can manually edit your Sources List by doing the following command: nano /etc/apt/sources.list (If you continue with the Openbox installation below, you can use sudo leafpad /etc/apt/sources.list for future editing).
When you edit your Sources List, you will add lines like this (# comments out a line):
deb http://security.debian.org/ stretch/updates main contrib non-free
deb-src http://security.debian.org/ stretch/updates main contrib non-free
deb http://http.us.debian.org/debian stretch main contrib non-free
deb ftp://ftp.deb-multimedia.org stretch main non-free
- Install networking (refer to: https://wiki.debian.org/NetworkConfiguration and https://wiki.debian.org/WiFi/HowToUse):
sudo apt-get install net-tools network-manager
Note: After installing this, you may need to go back into Network Interfaces (nano /etc/network/interfaces) and comment out the lines (place a “#” in front of each line):
auto [name of network interface]
allow-hotplug [name of network interface]
iface [name of network interface] inet dhcp
- If you have wireless, you will need to install wireless-tools:
sudo apt-get install wireless-tools
You now have a very, very basic, but operational, command-line system. You can expand upon this by installing a Window/Desktop Manager, GUI for apps, etc. Below I will detail how to utilize the Openbox Window Manager with LXDE tools (panel, file manager, etc.) for added functionality (Alternatives to LXDE include XFCE and Gnome). Learn more about Openbox here: http://openbox.org/wiki/Main_Page Learn more about LXDE here: https://wiki.lxde.org/en/Main_Page
Add Openbox and a File Manager:
sudo apt-get install xorg x11-xserver-utils xserver-xorg xserver-xorg-core xserver-xorg-legacy xfonts-base xinit openbox openbox-menu obconf obmenu menu menu-xdg suckless-tools lxpanel lxrandr lxtask lxterminal lxappearance lxappearance-obconf lxinput gnome-disk-utility gnome-system-tools xdotool pcmanfm tumbler gvfs gvfs-backends policykit-1 ntfs-3g dosfstools
Note: Once the above is installed, you can enter the Graphical Environment by entering the command “startx”. You will then be greeted by a blank screen and a mouse cursor… DON’T PANIC, this is normal at this stage. Right-Clicking will bring up menus, etc. Right-click and then choose “Terminal emulator” and a terminal should then open. You can then continue using the command-line. If you minimize it by accident (or on purpose), you can get it back by pressing “Alt+Tab”.
sudo apt-get install xfce4-power-manager xfce4-sensors-plugin [for laptops add: tlp tlp-rdw]
sudo apt-get install apt-xapian-index gdebi gksu git
Archive Manager/Compression Utilities:
sudo apt-get install xarchiver unace rar unrar sharutils uudeview mpack arj cabextract
sudo apt-get install wicd wicd-gtk
Conky (learn more about Conky here: https://github.com/brndnmtthws/conky):
sudo apt-get install conky-all curl
Your system can end up a little on the homely side without some added fonts.
sudo apt-get install ttf-freefont ttf-bitstream-vera ttf-dejavu ttf-liberation
And/Or… you can create a folder in your Home folder named “.fonts” (include the period) and manually add your fonts to this folder.
Sound is installed by default, but you can add a System Tray Icon and Ogg tools (optional):
sudo apt-get install pasystray vorbis-tools
Install Print Capability (optional):
sudo apt-get install task-print-server foomatic-db-engine openprinting-ppds
sudo apt-get install blueman bluez bluez-cups
Install Useful Software:
sudo apt-get install leafpad software-properties-gtk galculator grsync seahorse gufw parcellite extlinux filezilla xfburn gparted keepass2 numlockx xpad gpicview nitrogen [or feh]
Browser and Email:
The most secure and customizable browser (in my opinion) is Firefox. It is best to stay away from most others as they do not have the user control that Firefox does. If you are comfortable with text only email, you can use Mutt with PGP. For GUI email, you can use Claws (with PGP), but I am a big fan of Thunderbird (with PGP).
sudo apt-get install firefox-esr thunderbird enigmail
Office Suite (optional):
Everyone has their preferences… some want functionality over size, some compromise size for functionality (and ease of use), etc. I personally am a huge fan of Libreoffice, but it can leave a large footprint on your system. You already have a text editor with Leafpad, but you may want something that can read .odf, .doc, and other type files. A spreadsheet program is very useful, and you will also want to consider a PDF viewer.
sudo apt-get install xpdf libreoffice [or only install writer and calc: libreoffice-writer myspell mythes libreoffice-help libreoffice-calc]
Screensaver (with a Matrix-style screensaver included):
sudo apt-get install xscreensaver xscreensaver-data xscreensaver-gl
Setting up your system:
- The first thing we need to do is create some directories and copy some configuration files. Put in the following commands (keep the “.” in the names below… these are “hidden” files):
mkdir ~/.themes (Here you can extract Themes for use)
mkdir ~/.icons (You can manually add icons you wish to use here)
mkdir ~/.fonts (You can manually add fonts to this folder for use)
cp /etc/conky/conky.conf ~/.conkyrc (To edit Conky settings… use this copy, not the original)
cp /var/lib/openbox/debian-menu.xml ~/.config/openbox/debian-menu.xml
cp /etc/xdg/openbox/menu.xml ~/.config/openbox/menu.xml
cp /etc/xdg/openbox/rc.xml ~/.config/openbox/rc.xml
Note: You can view hidden files in your File Manager by pressing Ctrl+h.
- We need to create an autostart file for Openbox. This will be the file used to cause programs (like conky, panels, etc.) to launch when Openbox loads.
leafpad ~/.config/openbox/autostart (and then Add the following lines to Autostart. # = a Commented Line:)
xscreensaver -no-splash &
(sleep 5s && conky) &
#Turn off Computer Beeps
xset b off &
#Turn off Screen Blanking (you disable Energy Star features by adding -dpms)
xset s off -dpms
- Using Nitrogen, simply open Nitrogen and choose the directory and image you want.
Using Feh: Set wallpaper using: feh --bg-scale /path/to_image/background.jpg
- Add a Dynamic Openbox Menu:
LXDE menus are already installed. To use a Gnome Menu, “sudo apt-get install gnome-menus”
You can edit menu.xml directly by using the command “leafpad ~/.config/openbox/menu.xml”.
Place the following text where you want the menu to go:
(html comment removed: )
In this case, the “-i” disallows icons. Remove the “-i” and icons will be allowed.
I normally put this right above the Debian menu (or in place of it), right below the line “(html comment removed: This requires the presence of the 'menu' package to work )”
Note: you can replace "lxde-applications.menu" with whatever menu you want. The menus are found in /etc/xdg/menus/
When you are done, simply use the command “openbox --reconfigure” and the new menu should show up when you Righ-Click.
- If you want to use the Left or Right “Super” (Windows) Key to open the LXDE Menu (via Keybinding):
Place the following text below the line (and the blank line that follows). Note: in order to post this, I had to remove the "<" and ">" symbols from the text. I will use "+" in place of "<" and "*" in place of ">". I apologize for any confusion this may cause:
(html comment removed: Customized Keybindings )
Note: Use “Super_R” for the right “Super” Key.
Note: Once you save the document, you can type in the command “openbox –restart” to see the changes reflected. The above example shows the “root-menu” if you want to show the LXDE or Gnome Menu, etc. simply replace the words “root-menu” with the menu id you want to show.
- Customize Conky:
- Change the Grub Background:
sudo leafpad /etc/default/grub
Add the line:
Then use the command: sudo update-grub
Note: It would be best if the image were 640x480
- Configure Printers:
In your browser, go to http://localhost:631/ and choose "adding printers and classes" and then select "add printers". In the off chance you may need to install drivers, you will have to look into that on your own for your specific device. There is a lot of help out there among articles and Linux Forums.
Note: If you are not allowed to log in to localhost:631, go into terminal and enter "sudo killall cupsd". Cups will then automatically restart and you will be able to log in.
If you are forbidden to install a printer run:
sudo adduser [your user name] lpadmin
- Find Path to Drives: Use the command “lsblk”.
- Ctrl+Alt+F[number] = change to a different console (the normal session is "F7")
- To take screenshots with scrot: https://wiki.lxde.org/en/How_to_take_screenshots
- To add missing keys found during "sudo apt-get update":
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys [key number]
- Useful Commands:
Start Openbox: startx
Shutdown/Power Off the computer: gksudo 'shutdown -h now'
Reboot: gksudo 'shutdown -r now'
Log Out: openbox --exit
- Keybinding (see also: http://openbox.org/wiki/Help:Bindings). Openbox default key combinations: https://wiki.debian.org/Openbox#Keyboard_shortcuts
Keybinding Note: A= Alt, C= Control, W= Windows key (or Super_L, Super_R). Escape= escape key, Delete= delete key. For the Arrow Keys, Up = up arrow, Down = down arrow, Left = left arrow, and Right = right arrow.
At this point you should have a desktop/laptop with a graphical interface and basic functionality. There is no video player or music player; most codecs are not installed. There is no picture editor; no games; no music/DVD rippers; no torrent program, and so on. You are in control of what you put on your computer and the security behind it. It is now time to emerge from Vault 101 and explore the Wasteland.