GNU Guix can take a system definition (in .scm file) and make a VM out of it for you. Cool! But that's a "thin" VM — it shares part of the filesystem (the /gnu/store stuff) with the host. If you want a full VM with Guix in it, the official way is to boot the installation .iso inside a VM and use it to perform a usual install.

If you're like me, you probably feel this desire to avoid booting a .iso and building/downloading stuff in a VM ;)

Here's a solution ^^ First, make sure you have qemu and parted available (e.g. with `guix shell qemu parted`). Then, do

qemu-img create -f qcow2 vm.qcow2 100G
sudo modprobe nbd max_part=63
sudo qemu-nbd -n -c /dev/nbd0 vm.qcow2
sudo parted /dev/nbd0 mktable msdos
sudo parted /dev/nbd0 mkpart primary 0% 100%
sudo mkfs.ext4 -L my-vm-root /dev/nbd0p1
sudo mount /dev/nbd0p1 /mnt

Now, we can do `guix system init` to /mnt. But wait! Guix is going to check if the bootloader partition specified in your OS definition (assume it is in ./vm.scm, ok?) really exists (and, by default, it'll try to install the bootloader to it). So if your ./vm.scm has sth like this

(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(targets (list "/dev/sda"))))

It might cause you trouble… My solution is to pick the target depending on an environment variable 💡️ In your ./vm.scm, before the operating-system record is instantiated, put

(define bootloader-target
(or (getenv "SYSTEM_INIT_DISK_DEV") "/dev/sda"))

and make the bootloader part look like

(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(targets (list bootloader-target))))

Now, you can finish the installation :)

sudo sh -c 'SYSTEM_INIT_DISK_DEV=/dev/nbd0 guix system init vm.scm /mnt/'
sudo umount /mnt
sudo qemu-nbd -d /dev/nbd0

That should do. You can start the VM with sth like

sudo qemu-system-x86_64 -net nic,model=rtl8139 \
-net user,hostfwd=tcp::22-:22 \
-m 2G -hda vm.qcow2 -nographic -enable-kvm

The hostfwd part is to expose VM's SSH port on localhost (since you're going to play with it this way, aren't you?). sudo is purely to have permissions to do this forwarding and -nographic is to… If you're still reading, you surely understand this stuff, anyway ;)

In case you're wondering — the environment-controlled bootloader target now allows you to reuse the same system definition file for reconfiguring the running VM (otherwise, there's no reason not to just have /dev/nbd0 hardcoded in OS definition).

While doing this (as part of a more complex project for university classes, btw) I was also (un)lucky enough to stumble upon and fix one bug[1] that broke `guix init` 🦸

[1] https://issues.guix.gnu.org/70245

This post is licensed CC0 v1.0.

Some of you might have read the story[1][2] of my fight to be able to defend my BSc
thesis. How during pandemic I refused to run proprietary software (including
those mainstream videoconferencing tools) on my devices.

Today, after a 3-year break, I'm finally enrolling in an MSc course — which this
time happens not to be computer science but cybersecurity 😎️ Since the story
mentioned above went public, it seemed right to make a post about my present
enrollment as well.

It also seemed good to mention changes to my approach so that nobody has a false
image of myself and my actions. Also, I can now refer people to this post to
explain my position.

• I used to be only concerned about software I run on my own hardware. I would
  agree to use a proprietary videoconferencing platform if I could do so either
  through some SIP gateway or on the university's lab computer. Now, I conclude
  this is not good enough in case of software that (1) sends personal data to a
  third party or (2) actively encourages all other users to use its nonfree
  client software. So I plan to avoid these regardless of the device.
• Quite a few times I went to the lab outside of my classes just to do some
  homework that required a nonfree tool — I'd like to avoid this as well
  although I'm not making commitments here. Or maybe just a commitment of
  always complaining about the tool in the first place.
• I am now willing to make an exception and run nonfree software when it is used
  less as a tool and more as a target. For example in a pentesting exercise
  with a Windows VM.
• When some university teachers insisted on using MS Teams or Cisco Webex, I
  used not to take these matters to the dean because I didn't want to be a
  tattletale. Now I think I am ready to seek help more actively (although still
  not with the goal of causing my teachers problems).
• When students were required to put themselves on some list using a tool like
  Google Sheets, I used to message a friend who was already doing this and ask
  him to add my name as well. If such situations happen this time, I plan to
  instead complain directly to the author of the list.
• Instead of refusing all nonfree JS, I am now going to accept it if it serves
  as just an extension to a page's markup and not a real application. I plan to
  classify the scripts subjectively (no strict criteria like those in LibreJS).

That's it. Sorry for boring you, dear reader.

Wish me luck :) Also, please don't blame me if I somehow fail my commitments due
to family reasons (unfortunately, not everyone is completely healthy here).

While us, libre software folks, get constantly rejected by the society, it's helpful to notice we're not the first. Christ was as well — both in adult life and on his birthday.

When down in the dumps over the rejection, let's at least realize we're in a cool company — think about Mary and Joseph looking for a place 2k years ago.

Merry Christmas to all hackers!

Zawsze mam wrażenie, że jeśli mam sierotki na końcach lini, to mój dokument wygląda nieprofesjonalnie… Dzisiaj skleciłem komendę pandoca, która załatwia ten problem przynajmniej w przypadku .md → .pdf. Może komuś też się przyda?

pandoc -H <(printf %s '\usepackage[nosingleletter]{impnattypo}') \
    --pdf-engine=lualatex -o artykul.pdf artykul.md

Za pomocą niektórych stron można łatwo znaleźć transmicje Mszy św. o prawie każdej godzinie. Przydatne. Ale... takie transmisje z reguły wymagają włączenia w przeglądarce JavaScriptu, zazwyczaj JavaScriptu od YouTube'a.

Może kiedyś będzie lepiej i niektóre transmisje przeniosą się np. na etycznego PeerTube'a, dla którego istnieją oficjalne aplikacje na wolnej licencji. A jak poradzić sobie teraz?

Transmisję-stream z YT da się pobierać znanym skryptem youtube-dl (i kompatybilnymi forkami) i odtwarzać w odpowiednim desktopowym playerze (ja używam mpv).

Na początek trzeba znaleźć kod filmu. W przypadku msze.info wystarczy wejść w kod strony z transmisją (dodając "view-source:" na początku adresu) i znaleźć element z kodem filmu na YT (w tym przypadku "71phvw-OIFk").

Dla kodu konstruujemy URL filmu, w tym przypadku "https://youtube.com/watch?v=71phvw-OIFk". Upewniamy się, że zainstalowane są mpv oraz aktualny youtube-dl i włączamy transmisję komendą

mpv 'https://youtube.com/watch?v=71phvw-OIFk'

Co, jeśli nasza dystrybucja nie oferuje aktualnej wersji youtube-dl'a? Możemy oczywiście zainstalować youtube-dl z gita. A możemy też uruchomić mpv z GNU Guix'a. Guix to distro, którego aplikacji da się używać też pod innymi GNU+Linux'ami. Po zainstalowaniu Guix'a lub zaktualizowaniu go (komenda `guix pull`), możemy np. odpalić dany program ad hoc, w jednym kroku i bez permanentnej instalacji. W naszym przypadku — komenda

guix shell mpv -- mpv 'https://youtube.com/watch?v=71phvw-OIFk'

Zaletą jest to, że wersja mpv z Guix'a z automatu pociąga za sobą yt-dlp (jeden z zamienników dla youtube-dl) i używa go. Na + jest też to, że Guix jest dystrybucją rolling-release i można się spodziewać, że yt-dlp będzie często aktualizowany.

Niestety, ten sposób wciąż daje Google'owi poznać nasz adres IP. Można spróbować ukryć się za VPN'em (bo Tor tu raczej nie zda egzaminu).

Copyright 2023 Wojtek Kosior, drawing available under the terms of CC0

Less than 3 weeks ago I started Our Lady of Pompeii Novena[1] for digital freedom in my country. I have since come to consider it an extraordinarily good decision because it also helps myself a lot.

Every1 can feel invited to join and pray for other countries 🙂 After years of the Free Software Movement failing to achieve much socially, it is clear something has been missing — simple prayer. Here's my suggestion: let us give our digital freedom efforts a spiritual aspect

[1] It consists of daily rosary prayer. Look it up if you don't know it