SPM Linux

1, computers

computers can help people to easily access and improve human knowledge,
and as a result do things to improve the quality of human life

digital circuits
in conventional digital circuits when the inputs change, the outputs can have temporary invalid values,
until they stabilize to the valid values
but for the circuit to do its job, gates with memory (registers),
must operate only when the inputs have correct values
one solution is to synchronize registers with a global clock signal
the period of clock signal is made long enough for the circuit to become stable

disadvantages of synchronous circuits:
, we have to split long operations into several smaller ones,
which can be performed in successive clock cycles (a technique known as pipelining)
otherwise the circuit would be slow and inefficient
, distributing a high'fan'out, timing'sensitive clock signal can be complicated
, electromagnetic interference at the clock frequency and its harmonics
, widely distributed clock signal takes a lot of power, and must run whether the circuit is receiving inputs or not
although "clock gating" can help to reduce some of the problems of synchronous circuits,
i think the real solution is to use asynchronous circuits

the only sane kind of asynchronous circuit which i could imagine is this:
, next to any data wire, there is a control wire which determines if the data is valid or not
, when a register wants to change its outputs, it first invalidates them,
for a duration equal to the delay of one gate
, any gate receiving an invalid input, invalidates its outputs
, this way all data which is going to change in the future, is first invalidated
, registers operate only when all inputs are valid

computer architecture
cpu, memory, peripherals, this seems to be the only practical architecture for the hardware of computers
cpu runs a sequence of simple computations, called instruction codes, one by one
compilers are special programs that generate instruction codes,
from a program written in a structured and human readable language
https://www.bottomupcs.com/

there is always the possibility of backdoors for closed source CPU,
especially if the boot firmware is also closed source
recently introduction of "secure execution environment" makes this situation even worse
it's a closed source, full'blown, always'running mini operating system,
with full access to the whole system (including memory and network)
furthermore they have made it practically impossible for users to disable it
this mess of a design cries out for hidden and quite sophisticated backdoors
https://www.fsf.org/blogs/licensing/intel-me-and-why-we-should-get-rid-of-me
https://libreboot.org/faq.html#intel
https://en.wikipedia.org/wiki/Intel_Management_Engine
https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf

on X86 architectures the default boot firmware on nearly all systems are closed source
flashing a CoreBoot based boot firmware is possible, but there still will be closed source parts (Intel FSP)
in addition, there is no easy way to get rid of Intel ME (or AMD PSP),
though there are some hacks to disable (but not completely remove) it:
https://puri.sm/posts/deep-dive-into-intel-me-disablement/

ARM architecture is closed source too, but in most cases, the boot firmware is open source (U-Boot or EDK2)
ARM TrustZone can host an open source operating system too, apparently:
https://news.ycombinator.com/item?id=17783357
GPU with open source driver: Qualcomm/Adreno

open source CPU: RISC-V, Power ISA

boot firmware must have a read'only part and an updatable part
this way an interrupted flashing does not brick the device
also the read'only part checks the signature of the updatable part, to make sure it's not malicious
the read'only part just executes the updatable part, if o keys are pressed

to protect the computer from physical attacks, you must:
, somehow prevent tampering with hardware
, protect boot firmware settings by a password
to prevent changing the storage device used for booting
these can make physical attacks more difficult, but keep in mind that:
physical access to a computer is root access, given enough time and resources
even with encrypted root partition, and secure boot, someone can replace RAM with a malicious chip,
that can discover the key used to encrypt the root partition (very sophisticated but not impossible)
so it's best to make computers as small as possible, so they can always be kept near the owner
the ideal computer would be a PC stick, containing a RISC-V processor, GPU, RAM and SSD,
plus a USB4 2.0 port that connects to a hub
the hub:
, provides power
, has a USB dock (to connect peripherals like display and camera)
, wifi, Bluetooth, maybe even speaker and microphone
, extra ports: ethernet, audio jack, DP and HDMI
for security reasons, th PCIe tunnel of USB4 2.0 will be disabled in boot firmware
https://www.chromium.org/chromium-os/developer-library/reference/security/usb4/
https://en.wikipedia.org/wiki/Thunderbolt_(interface)#Security_vulnerabilities
external graphic cards should allow direct connection to the display (bypassing GPU),
if the USB4 connection does not have a PCIe tunnel

programs usually do not run directly on computer hardware
instead they run on a more sophisticated software machine (a virtual machine) called the kernel
in theory we can live without a kernel (an idea sometimes called a library operating system),
and it can be useful for some use cases (like embedded systems),
but a kernel based operating system makes developing and testing programs, much easier
Linux is a highly developed, constantly evolving, open'source kernel

2, SPM Linux

SPM Linux is a Linux based operating system, built and maintained using SPM (simple package manager)
SPM uses a simple and innovative method that unifies software building and package management

SPM by itself can be used as a standalone build system and package manager on any POSIX system
you need to have "gnunet" program on your system
also to build packages from source, these extra programs are required:
clang git ssh-keygen
now just run this command to install SPM in user's home directory:
; sh spm/install.sh
note that SPM will try to download binary packages (instead of building from source),
if they are available for your system
if you want to make sure that packages are always built from source, run this instead:
; sh spm/install.sh src

to install SPM Linux on a storage device, first we need to be in a POSIX system with these programs installed:
gnunet mkfs.vfat mkfs.btrfs
to build packages from source, these extra programs are required too:
clang git ssh-keygen
for example you can boot into an Alpine Linux live system, and enter this at the command line:
; apk add gnunet btrfs-progs
or if you want to build packages from source:
; apk add gnunet btrfs-progs clang git openssh-keygen
now just run this command (as root):
; sh spm/install.sh
or to build packages from source:
; sh spm/install.sh src

the user interface of SPM Linux is very simple
press "super" (mod+mod) or "alt+space" to show the application launcher
the first item in application launcher is "system"; it opens the system menu:
, session (lock, suspend, exit, reboot, poweroff)
, connections
, timezone
, passwords
, packages (install, remove, upgrade, install SPM Linux)
when there is a space in the text entered in the system menu, it'll be run in a terminal emulator box
the box will be accessible as a system menu entry labeled with a number followed by the entered command
to close the box, and remove its entry, press escape
press "super+space" or "alt+tab" repeatedly, to switch between open apps (shown at the left side of taskbar)
the selected one will be moved to the first place
to close focused window, press "super+backspace" or "alt+escape"

updating packages is an atomic process
nonetheless, to have a really fail'safe system, redundant backups are necessary
so make sure to have an extra SPM Linux installed on a removable storage device
system -> packages -> install SPM Linux

to run a program as root:
; sudo <command>