Bought May 2024 to be my clean crypto-only computer. Searched for cheapest 1 TB disk 16 GB RAM not too old on Amazon with Ubuntu certification, and that was it at £479.00.
Some reviews:
OPSEC: will run only cryptocurrency wallets and nothing else. Will connect to Internet, but never ever to a non clean USB flash drive.
Bootstrap OPSEC:It must have taken about one week running full time to sync the Monero blockchain which at the time was at about 3.1M blocks! I checked on system explorer, and CPU and internet usage was never maxed out, suggesting simply slow network. But the computer still overheated quite a bit and froze a few times.
- turn on from factory, start Windows 11 Home 23H2 build 22631.2715, connect to home Wifi during setup process. Considered skipping WiFi, but I'll want to download the Ubuntu ISO later on anyways answers.microsoft.com/en-us/windows/forum/all/bypass-lets-connect-you-to-a-network/2ce188f6-1b28-45a0-97d2-bfccfa3c9188. Don't sign in to online Windows account, and turn off all spyware requests.
- on preinstalled Edge browser, download Ubuntu 24.04 ISO from ubuntu.com, check sha256 with
Get-FileHash
on powershell even though that is pointless security.stackexchange.com/questions/1687/does-hashing-a-file-from-an-unsigned-website-give-a-false-sense-of-security, download balenaEtcher portable from etcher.balena.io/ (currently recommended burner at ubuntu.com/download/desktop#how-to-install) from etc, and burn Ubuntu into a SanDisk Ultra Flair 64 GB - install Ubuntu from USB flash. No internet connection initially, default everything.
- notice that Ubuntu 24.04 is too broken, install Ubuntu 22.04.4 on the previously used USB from Ubuntu, and then install 22.04 instead... minimal installation, encrypted ZFS
- Ubuntu 24.04 "The application files has closed unexpectedly". This likely terminated uncompression of the bz2 halfway, and led to a corrupted monerod...
- askubuntu.com/questions/15520/how-can-i-tell-ubuntu-to-do-nothing-when-i-close-my-laptop-lid fix the eternal laptop lid issue without GUI solution...
- copy view only wallet private key by takinga picture of the QR code with Android cell phone. This gives it to the CIA immediately, but that's fine as we're going to publish it publicly.
This section describes our attempts at compiling the Linux kernel for Ubuntu so as to use the exact patches and build configuration as used for a given Ubuntu release. The same toolchain would also be ideal, but perhaps this would require a Linux distribution buildable from source.
canonical-kteam-docs.readthedocs-hosted.com/en/public/how-to/build-kernel.html seems promising it says that for Ubuntu 24.04 and above you should do the following which was tested on Ubuntu 24.10:
sudo cp /etc/apt/sources.list /etc/apt/sources.list~
sudo sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list
sudo apt-get update
sudo apt build-dep -y linux linux-image-unsigned-$(uname -r)
sudo apt install -y fakeroot llvm libncurses-dev dwarves
apt source linux-image-unsigned-$(uname -r)
~/tmp/ubuntu/linux-6.11.0
cd linux-6.11.0
chmod a+x debian/rules
chmod a+x debian/scripts/*
chmod a+x debian/scripts/misc/*
fakeroot debian/rules clean
fakeroot debian/rules binary
The build is extremely slow compared to a build of a more embedded and specifically targeted minimal kernel, and took about 2 hours on P14s. Their philosophy is likely to enable as many drivers as possible so that a single download will work for everyone. Which makes sense, fair enough. It would be cute though if there was a smarter way. Oh well.
linux-6.11.0/debian/build/build-generic
Symmetric encryption is a type of encryption where you use a password (also known as a "key") to encrypt your data, and then the same password to decrypt the data.
For example, this is the type of encryption that is used for encrypting the data in our smartphones and laptops with disk encryption.
This way, if your laptop gets stolen, the thief is not able to see your private photos without knowing your password, even though they are able to read every byte of your disk.
The downside is that that you have to type your password every time you want to login. This leads people to want to use shorter passwords, which in turn are more prone to password cracking.
The other main type of encryption is public-key cryptography.
The advantage of public-key cryptography is that it allows you to send secret messages to other people even an the attacker is able to capture the encrypted messages. This is for example what you want to do when sending a personal message to a friend over the Internet. Such encryption is especially crucial when using wireless communication such as Wi-Fi, where anyone nearby can capture the signals you send and receive, and would be able to read all your data if it weren't encrypted.
Easily sending encrypted messages over the Internet is not possible with symmetric encryption because for your friend to decrypt the message in that system, you'd need to send them the password, which the attacker would also be able to eavesdrop and then decrypt the message that follows using it. The problem of sharing a password with another person online is called key exchange.
Advanced Encryption Standard (AES) is one of the most popular families of symmetric encryption algorithms.
OpenSSL is a popular open source implementation of symmetric and public-key cryptography. A simple example of using OpenSSL for symmetric encryption from the command-line is:This asks for a password, which we set as contains:Then to decrypt:once again asks for your password and given the correct password produces a file This was tested on Ubuntu 24.04, OpenSSL 3.0.13. See also: How to use OpenSSL to encrypt/decrypt files? on Stack Overflow.
echo 'Hello World!' > message.txt
openssl aes-256-cbc -a -salt -pbkdf2 -in message.txt -out message.txt.enc
asdfqwer
, and then produces a file message.txt.enc
containing garbled text such that:hd message.txt.enc
00000000 55 32 46 73 64 47 56 6b 58 31 38 58 48 65 2f 30 |U2FsdGVkX18XHe/0|
00000010 70 56 42 2b 70 45 6c 55 59 38 2b 54 38 7a 4e 34 |pVB+pElUY8+T8zN4|
00000020 4e 37 6d 52 2f 73 6d 4d 62 64 30 3d 0a |N7mR/smMbd0=.|
0000002d
openssl aes-256-cbc -d -a -pbkdf2 -in message.txt.enc -out message.new.txt
message.new.txt
containing the original message:Hello World!
There is no provably secure symmetric-key algorithm besides the one-time pad, which has the serious drawback of requiring the key to be as long as the message. This means that we believe that most encryption algorithms are secure because it is a hugely valuable target and no one has managed to crack them yet. But we don't have a mathematical proof that they are actually secure, so they could in theory be broken by new algorithms one day.
Updates Post OurBigBook job search round 2025 Updated 2025-05-23 +Created 2025-05-07 2025-05-23
I shouldn't be doing this on funded OurBigBook time which is until the end of May, but I was getting too nervous and decided to start a casual job search to test the waters.
In particular I want to see if I can get past the HR lady step without toning down my online profiles. If nothing works out for the next round I'll be hiding anything too spicy like:Another interesting point is to see if French companies are more likely to reply given that Ciro Santilli studied at École Polytechnique which the French worship.
- prominently seeking funding for OurBigBook on my LinkedIn profile
- CIA 2010 covert communication websites references. This will be my first job hunt since I have published that article. Wish me luck.
- gay Putin profile picture on Stack Overflow
Gay Putin, currently used in Ciro Santilli's Stack Overflow profile
. Ciro's profiles may be a bit too much for the HR ladies who reject his job applications on the spot. To be fair, perhaps not enough years of experience for certain applications and job hopping may have something to do with it too. But since they don't ever tell you anything not to get sued, we'll never know.I'm looking in particular either for:
- machine learning-adjacent jobs in companies that seem to be doing something that could further AGI, e.g. automatic code generation or robotics would be ideal
- quantum computing
- systems programming, which is what I actually have work experience with
I spent the last two weeks doing that:
- one week browsing everything of interest in London and Paris and sending applications to anything that seemed both relevant and interesting. Maintaining an application list at: Section "Job application by Ciro Santilli".
- one week on a very laborious but somewhat interesting take home exercise for Linux kernel engineer a Canonical, makers of Ubuntu.I had a week to finish 5 practical coding and packaging questions, and I tried to do everything as perfectly as possible, but I somewhat underestimated the amount of work and wait needed to do everything and didn't manage to finish question 4 and missed 5. Oops let's see how that goes.At least this had a few good outcomes for the Internet as I tried to document things as nicely as I could where they were missing from Google as usual:
- I re-tested Linux Kernel Module Cheat and made some small improvements. Things still worked from a Ubuntu 24.10 host (using Docker to Ubuntu 22.04), and I also checked that kernel 6.8 builds and GDB step debugs after adding the newly required config
CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT
, also mentioned that at: Why are there no debug symbols in my vmlinux when using gdb with /proc/kcore? - I contributed some simple updates to github.com/martinezjavier/ldd3 getting it closer to work on Linux kernel v6.8. That repository aims to keep the venerable examples from Linux kernel module book LDD3 alive on newer kernels, and is a very good source for kernel module developers.
- How to compile a Linux kernel module?: wrote a quick Ciro-approved tutorial
- Dynamic array in Linux kernel module: I gave an educational example of a dynamic byte array (like std::string) using the kvmalloc family of allocators
- quickemu: this is a good emulator manager and I think I'll be using it for Ubuntu images when needed from now on. I wrote:
- How to run Ubuntu desktop on QEMU?: an introductory tutorial to the software as their README is not that good as is often the case. It's hard for project authors to predict what new users want or not. This is my second answer to this question, the previous one focusing on a more manual approach without third party helpers.
- How to share folder between guest/host? (Quickemu): I explained how to setup a 9p mount to share a directory between guest and host
- Error :: You must put some 'source' URIs in your sources.list: updated this answer for Ubuntu 24.04. This issue comes up when you want to do either of:which don't work by default, and my answer explains how to do it from the GUI and CLI. The CLI method is specially important for Docker images. Since Ubuntu doesn't offer a stable CLI method for this, the method breaks from time to time and we have to find the new config file to edit.
sudo apt build-dep sudo apt source
- What is hardware enablement (HWE)?: I learned a bit better how Ubuntu structures its kernel releases for each Ubuntu release
Some of the main issues I had were:- compiling Linux kernel for Ubuntu is extremely slow. I was used to compiling for embedded system with Buildroot, which finishes in minutes, but for Ubuntu is hours, presumably because they enable as many drivers as possible to make a single ISO work on as many different computers as possible, which makes sense, but also makes development harder
- my QEMU setup for Ubuntu was not quite as streamlined and I relearned a few things and set up quickemu. By chance I had recently come across quickemu for testing OurBigBook on MacOS, but I had to learn a bit how to set it up reasonably too
- I re-tested Linux Kernel Module Cheat and made some small improvements. Things still worked from a Ubuntu 24.10 host (using Docker to Ubuntu 22.04), and I also checked that kernel 6.8 builds and GDB step debugs after adding the newly required config
I tried to use every single free offline text-to-speech engine that would run on Ubuntu 24.04 without too much hassle to see if any of them sounded natural. pico2wave was the overall winner so far, but it is not perfect.
I've been noticing a gap between the "AI" SOTA and what is actually packaged well enough to be usable by a general audience.
Also played a bit more with OpenAI Whisper: askubuntu.com/questions/24059/automatically-generate-subtitles-close-caption-from-a-video-using-speech-to-text/1522895#1522895 Mind blowing performance and perfect packaging as well, kudos.