www.fabiankeil.de/gehacktes/electrobsd/

ElectroBSD – Free as in free (electro) beer and freedom

[Various 'Asylum for Snowden' posters on a wall. Quotation in German: 'Spray it on every wall: more encryption is required by this country'] [Diagram of ElectroBSD pool layout]

TL;DR

The Electro Beer Software Distribution (ElectroBSD) is an experimental operating system designed to be used in hostile environments like Germany.

ElectroBSD is (supposed to be) free software but due to unresolved license issues it is currently only released as patchset against the non-free uptream.

History

According to the Free Software Foundation Europe:

Free in Free Software is referring to freedom, not price. Having been used in this meaning since the 80s, the first documented complete definition appears to be the GNU's Bulletin, vol. 1 no. 1, published February 1986. In particular, four freedoms define Free Software:

  1. The freedom to run the program, for any purpose. [...]
  2. The freedom to study how the program works, and adapt it to you needs. [...]
  3. The freedom to redistribute copies so you can help your neighbor. [...]
  4. The freedom to improve the program, and release your improvements to the public, so that the whole community benefits. [...]

Electro beer is a dual-use technology commonly used to resist threats like the computer police (Computerbullen). It's also used by the computer police itself (to wash down transistor doughnuts).

Electro beer first appeared on the German Die Ärzte album 5, 6, 7, 8 - Bullenstaat! (track 7). Here are the lyrics:

Computerbulle naschst den Transistordonut.
Womit spülst Du ihn runter?
Womit spülst Du ihn runter?
Mit 'nem Elektrobier (Elektrobier)!

Elektrobier (Elektrobier), Elektrobier (Elektrobier), Elektrobier (Elektrobier)

Roboterpunker, womit trinkst Du Dir Mut an,
für Deinen Widerstand gegen Computerbullen?
Mit 'nem Elektrobier (Elektrobier)!

Elektrobier (Elektrobier), Elektrobier (Elektrobier), Elektrobier (Elektrobier)

Appropriately the whole album is available as free (as in electro beer) download on the official Die Ärzte website.

ElectroBSD is based on FreeBSD but compiled with KERNCONF=ELECTRO_BEER (alcohol-free as in no alcohol) and a couple of customizations. The goal is to make free penetration tests from the computer police a pleasant experience for the whole family slightly less annoying for the test subjects and more expensive for the police (ElectroBSD experts unfortunately aren't cheap).

Features

While ElectroBSD is still incomplete, some features are already available today:

For additional features, please have a look at FreeBSD's Technological Advances (which ElectroBSD inherits).

Missing features

[Screenshot: ElectroBSD afl-fuzzing Privoxy] While ElectroBSD already looks pretty decent (if I may say so myself), some mundane details have room for improvement and the following (unsorted) TODO list is rather long and yet incomplete.

And finally:

Downloads

Due to license issues and lazyness ElectroBSD is still not officially available online in binary form. It is built from a patched FreeBSD source tree which contains non-free parts inherited from upstream that can't be distributed freely. While the ElectroBSD build script (reproduce.sh) will automatically remove known non-free parts, it is expected that not all the non-free parts are known yet.

2016-02-04: A slightly redacted ElectroBSD patchset (signature) is available online now. When applying it on top of FreeBSD r295083 (11-CURRENT) and using the following /usr/src/reproduce.conf (not part of the patchset):

fk@r500 ~ $cat /usr/src/reproduce.conf 
BUILD=ElectroBSD-r295083-0c7f4d6
EPOCH=1454184620

with a ElectroBSD-r295083-0c7f4d6 userland, reproduce.sh is expected to generate the following binaries on amd64:

SHA256 (/usr/obj/usr/src/release/ElectroBSD-r295083-0c7f4d6/MANIFEST) = 570a1a701ddd59515695c0667565a279a3fb971e38f42d5c7c15d9063a1482b6
SHA256 (/usr/obj/usr/src/release/ElectroBSD-r295083-0c7f4d6/base-dbg.txz) = c181100dc22e3a81d02ce38b3e1bed804af149c289d21bf12b88e9fbf81dfa15
SHA256 (/usr/obj/usr/src/release/ElectroBSD-r295083-0c7f4d6/base.txz) = 8744b34846b0354705a9f9b98d01275e8682ceea4078e2057e127675a721d9b8
SHA256 (/usr/obj/usr/src/release/ElectroBSD-r295083-0c7f4d6/kernel-dbg.txz) = 1e1a4dba34a6bc507105d5ea0bcb57f6fa0d66917e6208d50a2510702fade35b
SHA256 (/usr/obj/usr/src/release/ElectroBSD-r295083-0c7f4d6/kernel.txz) = 14957575db057e549bfc9b8871923f504756931caaa73fe523cf94e400afefc9
SHA256 (/usr/obj/usr/src/release/ElectroBSD-r295083-0c7f4d6/src.txz) = 81457e259f9b6910ffed9ee82074c4e00bde07f762e8f1fb185561836847766d
SHA256 (/usr/obj/usr/src/release/ElectroBSD-r295083-0c7f4d6/tests.txz) = 5cbcc2faaf391f7347229d6bb2cd71b9d3de6f18a6bc3db75f08b0d1a44c079c

After building the ElectroBSD-r295083-0c7f4d6 userland on FreeBSD you should be able to use it to reproduce the results above. This has been tested starting with FreeBSD 10.2, but it should work with any other version that is recent enough to build FreeBSD r295083.

If you rebase the patchset on top of a more recent FreeBSD revision, you frequently still get reproducible results, but occasionally there are upstream regressions that require new fixes.

Builds on i386 are generally expected to be reproducible as well, but due to laziness lack of computing power this is tested less often, so regressions are not always detected right away.

This code drop has been rushed, the instructions will be fleshed out in the near future this century.

2017-01-26: Here's a more recent ElectroBSD patchset (signature) against FreeBSD r312620 (11-STABLE). The expected hashes for amd64 and i386 are included in the commit message for the last commit which adds reproduce.conf.

2021-12-02: ElectroBSD has been rebased on FreeBSD stable/12. ElectroBSD patchset (signature) against FreeBSD stable/12 8facf7082d4973ae. The expected hashes for amd64 are included in the commit message for the last commit which adds reproduce.conf.

2022-08-28: ElectroBSD has been rebased on FreeBSD stable/13. ElectroBSD patchset (signature) against FreeBSD stable/13 c4c0c782f7097bc7. The expected hashes for amd64 are included in the commit message for the last commit which adds reproduce.conf.

Already open for serious business

You can support ElectroBSD development by donating to the Privoxy project (tax deductible in some countries). ElectroBSD is not actually developed by the Privoxy project, but the more hours spent on Privoxy ElectroBSD developers can bill, the more unpayed hours they can spend on ElectroBSD-related activities.

Please let me know if you want to fund ElectroBSD-related work directly, in which case you can not only influence what is being worked on (to some degree), but also get a proper bill from:

Fabian Keil

IT-Beratung und Polizei-Erziehung

USt-IdNr.: DE 295260795

Frankfurter Straße 68

51065 Köln

This should be tax-deductible if you use ElectroBSD for profit.

There's work in progress to create an ElectroBSD Moral License which will be modelled after the Varnish Moral License.

Current ElectroBSD funding: 0 EUR, operating at a loss which is unsustainable in the long run.

Die Sicherheit Freiheit Deutschlands wird auch am Hindukusch vor der eigenen Haustür verteidigt

[Foto: Redacted scan of a Bundeswehr letter of recommendation]

Dear BSI and friends: Your money is welcome here, too.

Funding ElectroBSD does not support the malware industry and certainly makes more sense than wasting taxpayers' money on zero-day exploits.

[Foto: Aufkleber-Motiv]

According to the totally leaked endorsement to the right (classification: NvE), the Bundeswehr (federal defence forces of Germany) only had good things to say about providing at least one of the ElectroBSD developers with taxpayer's money in the past.

Unless you have the proper clearance (apparently you don't) the endorsement will appear slightly redacted to increase its comedic value, to make it look more important and to prevent the MAD from getting upset mad.

Note that none of the blacked out parts are about electro beer (or any other beverages).

ElectroBSD FAQ/FMQ