A secure multimedia workstation

[Dirk Scheuring]

Hello all,

my name is Dirk Scheuring, and I come out of the "conventional" world of
professional audio and video production and performance - a world which
is dominated by proprietary programs: Adobe Premiere, Logic Pro Audio,
Ableton Live, Traktor, Serato, to name a few "standards". Those are run
almost exclusively on Windows or Mac OS X. And a while ago, when Windows
8 and OS X Lion came out, I, after more than 20 years as a user of both
Microsoft and Apple products, decided that I've had it with that. That
if I went furter that-a-way, I'd no longer be buying a computer as much
as I'd be leasing a supervised node on some giant corporation's
network. All my production and communication data there are pre-pwned
and will be monetized by...everybody but me, mostly, and it's all out of
my control.

Furthermore, by now I've lost access to much of my production from the
past decades, because the data was recorded to SCSI hard disks, DAT
tapes, ZIP drives, Atari TOS floppies, and it exists in all kinds of
propretary file formats, like, for Akai, or Sequential Circuits
machines. If I still even have a copy at all. Which I don't, in many
cases.

This situation sucks for an artist like me. I figured that the problem
was that I had failed to take control of my data production,
communication, and storage, for the last 25 years. And I decided that I
would take control /now/, and that the next 25 years must de different.

So I looked for solutions to my problem, and I now think that a good
solution does not exist yet, but that it is possible for one to exist,
and that I could probably build it. But can I? Or would such a project
be too difficult for me to carry out? Please help me find an answer to
that question.

Here's what I want to be able to do in, say, three years time: I want to
boot and install GNU Guix from a USB Stick, just the way it's done today
(1). I want that future build to work flawlessly on libreboot-certified
hardware (currently, that would be X60 and T60 Thinkpads (2), so that's
my target machine, one with at least 4GB RAM and a 240GB SSD). And by
default, that Guix build would offer functionality similar to KXStudio
(3), which is a Ubuntu-Debian-based distribution aimed at multimedia
producers; it has a realtime-enabled kernel, sets the jack2 audio server
running at startup, and offers audio and video production tools like
Ardour and Cinelerra-CV. So that would be part of the work: Re-packaging
the KXStudio packages and the Xfce-based interface for the Guix package
manager. Xfce itself seems to be mostly done already, if I understood
the list correctly. I also noticed, to my surprise and delight, that
jack2 and Ardour have recently been added. (4)

Also, I want to gitify all the things (5), out of the box. The user
should be able to use git, git-annex, vcsh, and other useful programs in
that vein, to version-control, synchronize and back up everything, from
config files to all the media data formats they need. I aim for a
client-server-style system, which, by default, would install on a single
physical computer, but can easily be split for seperate server and
client hardware. The server architecture should make it easy to connect
hard discs/raids for backup, and to automate those as far as possible:
If I create a new MIDI file today, I want to be able to load and use it
in 25 years. Therefore, I want to be able to clone my whole system, data
and all, to a bootable disk, carry it over to the next generation of
libre hardware, and have it working there without a fuss.

And encrypt all the things (there will be trade-offs, because media
production machines need to read and write data from/to disk /fast/,
which is not so easy if you also want to encrypt, but...I'd like to know
what is possible...)

And lock down all the things: By default, the system should be able to
set itself up without a network connection. All communication to the
outside should be based on the decisions of the user. I would like to
discourage the use of the system for web mail, general surfing, and
socializing; I would like to encourage users to isolate their working
environment from the rest of their computer use, to enable only the
newslists, websites, and repositories necessary for media production,
patching/upgrading, and persistence, and to communicate via, e.g., Pond
(6). That is, there should be an awesome security meta-package for GNU
Guix, trying to minimize data leakage by default yet leaving the
ultimate responsibility and control to the user.

And though the default session should use Xfce, to make the transition
from proprietary systems as easy as possible for newbies, the user
should also be able to log in to an alternative interface, which would
be based on Guile Emacs and Guile-WM (7). What I hope for is described
in the Readme of the latter, in author Mark Witmer's "Even Crazier Wish
List":

"Implement enough of a widget toolkit to actually run Guile Emacs inside
of Guile-WM all on Guile XCB. You would basically be running a
Lisp-machine at that point and all of your friends will be jealous."

Yes. This is what I want, ultimately: A truly-free, user-friendly,
self-cloning, Guix-package-manager-using, turn-key software-based
Lisp Machine for media production, versioning, archiving, backup, and
comsec. For anybody who can start out by spending $ 200 - 300 on a used
Thinkpad plus upgrade parts on Ebay (add to that a used server and some
more disks for the full-blown client-server solution).

Does this sound like a feasible project to you all? And what would it
take to make it real?

All the best,

Dirk


(1) 
https://www.gnu.org/software/guix/manual/html_node/System-Installation.html#USB-Stick-Installation
(2) http://libreboot.org/docs/hardware/index.html
(3) http://kxstudio.sourceforge.net/
(4) http://comments.gmane.org/gmane.comp.gnu.guix.devel/5809
(5) http://penta.debconf.org/dc13_schedule/events/1025.en.html
(6) https://pond.imperialviolet.org/
(7) https://github.com/mwitmer/guile-wm