Monday, January 25, 2021

OpenBSD 6.8 on Lenovo X280

Here are the steps I've taken to install OpenBSD 6.8 on a Lenovo X280 attached to my LAN via the Lenovo internet dongle made for the X280.

This was a clean install, replacing the entire disk contents.

The initial installation, once the USB stick is prepared, takes a bit over an hour. The manual customizations (following the post-install reboot) take additional time.

Download install68.img for amd64.

Get the accompanying SHA256 file from a mirror, and check the integrity. (On a GNU/Linux system, use sha256sum.)

Copy the image file to a USB stick using dd.

In the X280 BIOS setup, disable secure boot and set to boot UEFI-only.

In the X280 BIOS setup, disable the following devices: WWAN, Bluetooth, camera, microphone, fingerprint reader, and Thunderbolt. (Turning these all off may be an overreach, but at least one of those, if left enabled, causes a high rate of ACPI interrupts, which in turn causes CPU0 to spend all of its time processing the bogus interrupts, which pushes the CPU into thermal limiting as indicated by a critical temperature alert posted to dmesg. It's not a bad thing to disable all those devices; this is a computer, not an entertainment center. BTW, I had help with the diagnosis: http://openbsd-archive.7691.n7\\ -sluggish-behavior-td338146.html; the BSD systat program was instrumental in exposing the high interrupt rate.)

Connect the X280 to the LAN via its Ethernet dongle. (The WiFi won't work until after the installation is complete.)

Connect the X280's charger. This is critical!

Insert the USB stick, power-on the X280 and tap F12 for the boot device screen; select the USB stick.

Watch the installer boot.

From here on, exercise patience. Many operations seem to take a lot of time, particularly if you're used to the incessant chatter of GUI installers.

Most of the installer prompts should be answered with the default. Here are the non-obvious exceptions:

  - Use em0 (not iwm0) for the network connection.
  - Use local for domain name.
  - Use whole-disk GPT partitioning.
  - You want xenodm to run at startup.
  - Use disk for location of sets.
  - Use sd1 for install media.
  - Continue without SHA256.sig.

Once the sets have finished installing, reboot. (Remove the USB stick when the BIOS splash or POST screen appears.)

After reboot, log in once the greeter appears. (This is after a one-time script downloads firmware and does other setup.)

CHECKPOINT: Now you have a working OpenBSD 6.8 installation. If that's what you seek, you need read no further. The following instructions show how I have molded the installation to my own liking. Please feel free to adopt, adapt or ignore the following:

Welcome to fvwm. Don't panic.

In the xterm, use the C-button3 menu to set the font size to huge. (This'll make the size very nearly readable. We'll fix this soon.)

Get your privilege on...

 $ su

Bring up WiFi.

 # ifconfig iwm0 up
 # ifconfig iwm0 scan  # only if you don't already know your network's SSID
 # ifconfig iwm0 nwid YOUR_SSID wpakey YOUR_PASSPHRASE
 # dhclient iwm0
 # ifconfig  # to confirm that iwm0 is now up and running

Make the WiFi configuration persist across reboot. Create this file:

--- begin /etc/hostname.iwm0
inet6 autoconf
---   end /etc/hostname.iwm0

You may add more access point entries; the first SSID match is used.

Grant yourself doas access.

 # echo 'permit persist keepenv YOUR_USERNAME' > /etc/doas.conf

Set up power management.

 # rcctl enable apmd
 # rcctl set apmd flags -A
 # rcctl start apmd

Use the Intel DRM driver.

 # mkdir /etc/X11/xorg.conf.d

Create this file:

--- begin /etc/X11/xorg.conf.d/intel.conf
Section "Device"
  Identifier "drm"
  Driver "intel"
  Option "TearFree" "true"
---   end /etc/X11/xorg.conf.d/intel.conf

Add yourself to the staff group.

 # usermod -G staff YOUR_USERNAME

Update the locate database. [IS THERE A BETTER WAY?]

 # /usr/libexec/locate.updatedb

Drop privilege...

 # exit

Now we'll replace fvwm with cwm.

Create the following files.

--- begin ~/.xsession
export LANG=en_US.UTF-8
export ENV=$HOME/.kshrc
xrdb -merge $HOME/.Xresources
xsetroot -solid dimgray
xbanish &
exec cwm
---   end ~/.xsession
--- begin ~/.Xresources
XClock.Clock.minuteColor: dimgray
XClock.Clock.secondColor: gray
XLock.dpmsoff: 1
XTerm*termName: xterm-256color
XTerm*vt100.scrollBar: false
XTerm*vt100.faceName: "Lexi Mono"
XTerm*vt100.faceSize: 17.0
XTerm*vt100.reverseVideo: true
XTerm*vt100.cursorColor: cyan
---   end ~/.Xresources
--- begin ~/.cwmrc
sticky yes
fontname "Lexi Mono-17"
color menubg green
color menufg blue
color font black
color selfont white
color urgencyborder red
color activeborder white
color inactiveborder yellow
color groupborder cyan
color ungroupborder blue
gap 1 1 1 1
borderwidth 2
bind-key SM-e window-snap-up-left
bind-key SM-r window-snap-up
bind-key SM-t window-snap-up-right
bind-key SM-g window-snap-right
bind-key SM-b window-snap-down-right
bind-key SM-v window-snap-down
bind-key SM-c window-snap-down-left
bind-key SM-d window-snap-left
bind-key SM-f ".cwmbin/window-snap-center"
bind-key M-space ".cwmbin/home-pointer"
htile 70
bind-key CMS-minus window-htile
vtile 70
bind-key CM-minus window-vtile
command xterm xterm
command tabbed-xterm "tabbed xterm -into"
command xclock "xclock -render -update 1"
command xload xload
command xpdf xpdf
command gorilla gorilla
command xclipboard xclipboard
command xcalc xcalc
command xfontsel xfontsel
command xbiff xviff
command xkill xkill
command zzz zzz
command ZZZ ZZZ
wm fvwm fvwm
wm twm twm
ignore xconsole
ignore xclock
ignore xload
ignore xbiff
---   end ~/.cwmrc
--- begin ~/.kshrc
PS1="\\[\e[33m\\]\h\\[\e[32m\\]\\$\\[\e[m\\] "
alias b='apm -vba'
alias g='xlock -inwindow -mode galaxy -delay 66667'
alias ob='w3m'
alias of='w3m'
alias oj='w3m'
alias rx='printf "exit code: %d\n" $?'
function sx { w3m$(echo $@|jq -Rr @uri); }
alias so='sx'
case $PATH in */usr/games*) ;; *) PATH=$PATH:/usr/games ;; esac
case $PATH in *$HOME/.bin*) ;; *) PATH=$PATH:$HOME/.bin ;; esac
---   end ~/.kshrc

Almost finished. Create a directory for cwm helpers.

 $ mkdir ~/.cwmbin

Now create these files, mode 755:

--- begin ~/.cwmbin/home-pointer
#! /usr/bin/env ksh

set -A whlt $(xrandr --current |grep -oE '(^[^ ]+ connected primary )[^ ]+' \
	|cut -d' ' -f4|tr x+ '  ')
xdotool mousemove $((${whlt[0]}/2+${whlt[2]})) $((${whlt[1]}/2+${whlt[3]}))
---   end ~/.cwmbin/home-pointer
--- begin ~/.cwmbin/window-snap-center
#! /usr/bin/env ksh

set -A whlt $(xrandr --current |grep -oE '(^[^ ]+ connected primary )[^ ]+'\
	|cut -d' ' -f4|tr x+ '  ')
id=$(xdotool getwindowfocus)
set -A wh $(xwininfo -int -id $id|egrep 'Width|Height'|cut -d: -f2)
wmctrl -int -r $id -e -0,$(($scx-${wh[0]}/2)),$(($scy-${wh[1]}/2)),-1,-1
---   end ~/.cwmbin/window-snap-center

Bid fvwm a fond farewell.

CA-backspace to restart the WM.

Say hello to cwm.

 CA-return for a fresh xterm.
 CA-x to kill the focused window.
 $ man cwm
 $ man cwmrc

Check power state.

 $ apm

Unplug the charger and ask how long the battery will last.

You can manually throttle the processor speed to conserve power:

 $ apm -L

You probably won't like the performance under that setting.

Restore normal performance:

 $ apm -A

The X280's backlight adjustment keys work.

Install the following packages. Use `doas pkg_add PACKAGE_NAME`.

	mutt (sasl variant)
	rc (editline variant)
	gnuplot (no_x11 variant)
	w3m (image variant)
	mkvtoolnix (no_x11 variant)
	urlview (non-slang variant)

TODO: add entries to /etc/hosts (do *not* install avahi)

TODO: setup and test MTA

	/etc/mail/secrets (640, root:_smtpd) has credentials
	Configure smtpd. [RTFM]

TODO: configure mutt

TODO: periodic maintenance tasks (syspatch, mail, ...)

TODO: collect new configurations into a site##.tgz file; add to installer

TODO: create autoinstall configuration; add to installer (Preset everything but the hostname?)


- I used Cullum Smith's "OpenBSD on a Laptop" as my initial guide. Written for OpenBSD 6.4, November 2018.

- I won't install a web browser. To me, it's counterintuitive to install an inherently insecure pseudo-OS on an aspirationally secure platform just to be entertained. My smartphone (a device on which I have few expectations of security) will have to do as my surveillance beacon.

- I'm impressed by OpenBSD's consistency, simplicity and attention to detail. Having man pages that are actually useful is a revelation!

Wednesday, April 8, 2020

News: Then and now

Frequencyonce a day24/7
Outletsa handfuluncountable
Sourcessubject matter expertsentities on the `net
Focusissues and analysesfeelings and opinions

Tuesday, March 31, 2020

The Citizens' Dilemma

There's a thought experiment known as "The Prisoner's Dilemma". Go read about it on a source of your choosing. (Want to save a moment? Try

The Prisoner's Dilemma is conventionally cast in terms of two prisoners. But let's imagine instead an arbitrarily large population of prisoners all involved in the same crime and all faced with the same choice to free themselves at the expense of their co-conspirators. "The Prisoners' Dilemma", if you will.

The Prisoner's Dilemma (and by extension, The Prisoners' Dilemma) is cast in terms of "the other". As citizens, we see ourselves as a free people. As a free people, we are not prisoners. The lesson of the thought exercise - that cooperation is the only stable long-term strategy - is lost on us as free people. We need not take our advantage of our fellow prisoners in order to secure our own freedom; we are already free.

So let me propose a thought experiment titled "The Citizens' Dilemma". For the prisoner's action of confessing to his partner's crime in order to secure release, substitute the citizen's action of diminishing another citizen's rights in order to expand one's own rights.

Both the Prisoners' Dilemma and the Citizens' Dilemma have but one stable solution: cooperation.

In both thought experiments, to violate cooperation is to set in motion a cascade of in-kind events that ends only when the disparity in equity is maximized: one prisoner has freedom; one citizen has rights.

Sunday, January 24, 2016

I'm in the process of figuring out how to migrate my web content. More later...