Why we use Chakra

i18n


Dansk – English – Español – Français – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Português – Polski – Română – Slovenský – Suomi – Svenska – Türkçe – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어

Excuse the bad writing. This section is currently under construction.

Contents

The Problem

The world of desktop Linux is one of ever-increasing customization and complexity. User interfaces are becoming more and more distro-specific as time goes on, and the underlying system is becoming harder and harder for users to configure manually. The added complexity also means more opportunities for bugs and instabilities. There are still plenty of distros out there that offer a simple, transparent, Unix-like experience that maximizes user configurability (and is generally more stable to boot), but these are all distros aimed at experienced power users.

The Solution

Fortunately a distro doesn't have to be heavily customized to be easy to use. The answer is Chakra Linux, which is a fork of Arch Linux. This is not the kind of fork you eat with; a fork is when somebody takes somebody else's software, modifies it to their liking, and gives it a new name. Of course we all know that if somebody did that to Microsoft or Adobe software they'd get the pants sued off of their backside, but out here in free software land it happens all the time, and nobody minds. Arch is a distro that it stresses simplicity of design and Unix-like configurability. More than almost any other distro, Arch is all about putting the user in the driver's seat. It's a rolling release, so new software is added to the online repositories as soon as it becomes available. This is a lot of fun, but it also means that sometimes an update is apt to break something.

Chakra actually started out as KDEMod, a more modular version of the KDE desktop environment for Arch. KDE comes as a pretty big software bundle, including a lot of stuff that you may not necessarily want but can't uninstall. KDEMod stripped things way down, releasing just the desktop environment with a handful of applications and leaving it to the user to install whatever he or she wanted. Eventually the KDEMod folks decided to split from Arch and create their own distro, which they named Chakra.

Chakra is still a lot like Arch, keeping the base system as simple, stripped-down, and user-configurable as possible. But it's a desktop distro first and foremost, and rather than trying to be all things to all people by offering a wide variety of desktops it focuses exclusively on the KDE desktop environment and it's native apps. The goal is to provide the ultimate KDE desktop experience on top of a simple, configurable, stable base. In order to accomplish this Chakra has evolved a novel "semi-rolling" release system. The core system has regular releases, roughly every six months but avoiding the fixed schedules that guarantee a buggy system. The desktop and the applications are upgraded as new releases become available. That way you get a solid, stable base with the latest apps on top.

Why Chakra?

There are several very good reasons to use Chakra, not only for Linux newcomers, but even for advanced users like myself! First of all, you get the stability that comes from a fixed, stable core system, but you also have the latest versions of the desktop and the apps (although they do get tested for a week or so before making their way into the main repositories). Then there's Chakra's single-minded devotion to the KDE desktop environment and it's native apps. In my opinion KDE is the finest desktop environment in the world, for any platform, and Chakra provides the smoothest, fastest KDE desktop experience I've ever encountered. There are some good native tools that make Chakra a great distro for noobs to ease into, while leaving the system transparent and accessible enough to satisfy even the most tweak-happy power user. In short Chakra is more stable than Arch, more up-to-date than Slackware, very fast, and features the best KDE desktop environment I've ever seen. It's also a very simple, clean design under the hood, as opposed to the heavily customized approach most modern "desktop" distros take. If you strip away the graphical desktop environment Chakra is just about as close to a "pure" Linux experience as you can get these days.

Why not Debian?

When every single system before us has used debian, ubuntu, or something big, why is Cherimoya based on Arch/Chakra?

It has a BSD-like ports system.

In such a system, all unofficial packages have to be built from source directly from the developers site using a Makefile-like script, or otherwise packaged in a transparent manner if they are closed-source. The Makefile-like script (PKGBUILDS) can be obtained from the CCR or ported from the AUR, which rival Debian's binary repositories in size and packages. Building from the vanilla source code and being able to see what patches are applied makes sure that you can make edits and check the source code before installing. You will also get the newest packages without having to depend on a plucky, or even nonexistent packager. (extremely important in the case of I2P and Tor). universe of packages are either old, rarely checked, or outdated.

It's much simpler to create packages

All packages in Chakra/Arch Linux, even the core ones, are defined by a single Makefile-like config called a PKGBUILD, containing all the information about the package and instructions to build it. Once you have one, just type "makepkg" and you've got your binary package. You can also define files to add or scripts to run. Debugging is quite simple, and making a PKGBUILD is easier to grasp.

It uses the ArchISO build scripts

One of Cherimoya's goals is to allow respins and edits to be made by anyone, so that you can make your own customized version, or even take over for development. ArchISO is extremely easy and simple for anyone to respin, and stay that way no matter what level you develop at.

Debian, of course, is a nice and stable system. And I do not have anything against Debian, I just prefer these features that Chakra/Arch provides, and are mostly unavailable on Debian.

Debian depends on a binary package system.

Binary packages are convienient, fast, and easy to use. However, the contents of a package are only readable by computers, requiring you to trust the packager, the package reviewers, the repository where it came from, all on top of the developer. If any of those people add in malicious code, you will not know until it is too late. Showing the source code is no solution, as it also requires you to trust that the resulting binary package was actually built from it.

Because of how Anonymous's open nature, using such a complex trust system is extremely unsafe, as adversaries can exploit any point in this process to add in malicious code. Therefore, providing binary packages should be avoided for unofficial packages.

The solution is to give users scripts that build packages from source code with just one command, which we call PKGBUILDs. They contain no binary code, are completely human-readable, and only requires users to trust two people; the developer, and themselves. Malicious patches can be quickly and easily discovered before they are even installed. Since they are able to read the PKGBUILDs, they can also fix them, making the user actively involved where, with binaries, they almost never did. Interaction between the PKGBUILD maintainer and the user flourishes, making critical updates quicker and better.

It also removes the need to have seperate binary repositories, as people can pool all their PKGBUILDs in one of the User Repositories. These allow anyone to submit, maintain, and review packages.

Debian's liveCD creators is not as easy, simple, or repeatable as ArchISO.

I've done a lot of research, worked on a lot of Linux systems, and I can tell you hands down that Chakra-ISO is the best of them all, as stated above. Debian (and it's derivatives, Ubuntu, Backtrack, and TAILs) have some powerful liveCD creators, but it was not designed to be as easy to make a repeatable, automated, and redistributable result, a deal breaker for us. And because of Arch's qualities, it may not be possible to create such a liveCD creator on a Debian system anyway.

Why not just use Backtrack?

Backtrack is quality software that deserves it's reputation. And it was considered long ago to use Backtrack as the basis. However, certain qualities make it a less appealing base:

Backtrack's version of KDE4 contains few core modifications.

As stated above, KDE4's features are extremely useful and contribute to making Linux a more modern graphical system, so it is our first choice for a desktop environment. Sadly, the unmodified KDE4's reputation for being an exceedingly heavy system is well-deserved. Running it on lower-end systems is laughable at best, even while cutting the features to the bone. Therefore, Backtrack's KDE can get unwieldly, as many anons in poorer countries may not be able to run it.

But Chakra's version of KDE is over 5 years worth of work on making KDE a slimmer, more modular system following Arch Linux's KISS principles, and it has paid off immensely. It's the only KDE4 system that has managed to run well on my poor-neckbeard's netbook, so naturally I chose it as Cherimoya's base.

Backtrack wasn't able to include specific applications, and has to bow down to our adversaries.

Backtrack is made by a corporation that has to keep it clean of touchy or copyright-infringing applications. Examples are stuff like Nessus and LOIC. That corporation must also bend to the will of our adversaries to survive, and who knows what could happen then. Since Anonymous is not really an organization, these restrictions no longer exist (although, when possible, they should be abided) Also, the attack methods of Anonymous may go beyond penetration testing, something that Backtrack just can't provide.

Backtrack only provides half of what we need.

Offensive capabilities are great, but what about defense? Backtrack is advertised as a "penetration testing" distro, not a hacking distro. Understandably, it does not offer any defensive/anonymity features, being as they are obviously not needed in "penetration testing".

Cherimoya wants a strong, Tor and I2P oriented environment, which may resemble the workings of TAILs. If we wanted to implement that on Backtrack, it would be quite difficult. Therefore, just starting out from scratch is a better option.

We have a different goal in mind: to get anons on I2P and Tor, and provide them with tools and documentation needed for raids. Their goal is to provide hackers with the things they need to get in. Our paths may cross, but because we have a vastly larger set of mods and additions to add, it's better to just start out from scratch and implement mods from Backtrack as needed.

We aren't competing with Backtrack at all. We serve a different audience, using different, but similar tools. Using Backtrack as a base will be foolish, because it wasn't designed to be respun to the extent of what we are doing. Backtrack is quality software; just not the right one for Anonymous.

Why not TAILs?

TAILs is an incredible system designed to provide high anonymity, and an amnesic system using Tor and Debian. And then the question will come up;

Why didn't you just base Cherimoya on TAILS?

Yes, we could. But as said before, I'm not exactly a fan of Debian.


The Journey Begins...

By now you're probably just dying to boot up Chakra Linux and try it out for yourself! In the next chapter we'll get everything we need lined up to begin our Chakra adventure.

Back | Next | Beginner's Guide Index

tanasinn.info archive