Ben Whitelaw and Mike Masnick have an excellent weekly podcast for policy wonks, Ctrl-Alt-Speech, where they review the latest news in online speech. Given my MPhil research interests, something in their 6 November episode caught my attention. To most listeners and perhaps even the hosts, it was just another news story within our enthusiastic if wonky niche. But to me, it was one of the dangers I’ve seen coming down the road for a good while, finally arriving, and announcing that it is here to stay. (I have a ten-year track record of “success” on pointing at obvious/ominous things and saying “here it comes”, as some of you may be aware. Some of you more than others…) Ben discussed how he watched the livestream video from the Southport Public Inquiry hearing on the 4th of November. The Inquiry, which is a non-adversarial, non-judicial process, is exploring what led up to the Southport incident from a variety of angles, as opposed to just blaming everything on smartphones and social media, which is what would have happened under the Conservatives. In the hearing, X’s Head of Global Government Affairs was interviewed about the violent content which the perpetrator of the Southport stabbings watched in the years, months, and even minutes leading up to the atrocity. You can read the transcript here, which for unknown reasons is printed 4-up; it begins on page 64. There’s no need to get into the full back-and-forth about why particular pieces of content were or were not taken down; what is important here is what she told the Inquiry: > _What I am saying is I wasn’t part of the discussions of what the decisions were made. What I will say is that what we are — what our guide is, that taking the**God-given right of freedom of speech, freedom of religion and freedom of expression** from the masses because of the very few that have committed horrendous crimes is not something that we take very lightly._ This statement was made after she explained that a particular video of a violent stabbing which directly inspired the perpetrator of the Southport murders was, in her personal religious belief, an actual miracle: > _I was watching that video live and the reason I was watching that — actually that sermon live is because Mar Mari is a bishop in my church. He just happens to be in Australia and I just happen to be in the US. And I’m a devout parishioner of the Assyrian Church because I’m an Assyrian Christian. What I saw happen and what I saw unfold, which everybody here likes to point out the horrificness of it or the tragedy that is in there, my experience was different, and let me explain to you why context matters. I saw a miracle unfold that day. People saw a monster, I saw an angel protecting Mar Mari. Where people saw a helpless victim, I saw men, heroes, parishioners, rushing to save him [ … ] So I’m going to follow his teachings and I’m going to instead, in this hearing, tell you that what I see in that video is very different than what you see in that video. I actually see hope. I actually see faith. I actually see forgiveness. And so, yes, I do watch that video and I watch it for those reasons. For you to take that away from me, under the guise of safety, that isn’t justice; that is tyrannical overreach._ This needs some unpacking. Set aside pub discussions about the nature of freedom of speech, the Inquiry’s discussion about the content, or the platform’s policies which led it to keep that content up, and focus on why this was the tactic she chose to deploy in front of the Inquiry. _She was inserting religion, and God, on top of all of the issues on the table._ Over content moderation, over corporate policy, over law and regulation, and even over her own professional obligations. This is common in the US political context. This is unheard of in the UK political context. Her goal at the Inquiry was to introduce it. Note for example how she referred to the “ _**God-given right of freedom of speech, freedom of religion and freedom of expression**_**“.** None of those things, in the context of online speech, come from a deity or from a faith. All of them come from many other complex and tangible processes, involving many long and complex texts. The Bible is not one of them. And note how she chose to use the time she had to win the Inquiry over to her side, as clever policy professionals do when up before a committee, to instead deliver a sermon on miracles and faith, one where she unabashedly inserted _her personal spiritual needs_ over any other concern. _This is textbook Christian Nationalist policy tactics,_ built along the triad of persecution, grievance, and righteousness which Whitehead and Perry have empirically established as the movement’s ethos. That ethos holds that “freedom” means God-given rights bestowed upon the Christians within the movement. Anything not in that order is an attack on freedom, and God; anyone not in that movement is an attack on those who are, and on the God that is. If you are to understand any of the debates about speech, privacy, and freedom of expression which will shape the discourse over the next few years, you need to understand that ethos. It does not matter if you disagree, or feel that you are in better possession of more tangible (and secular) facts. This is what the situation is. You cannot work with something you do not understand. Like it or not, God has entered the chat. So understand how, in this context, the discussion of the “God-given right of freedom of speech” was a clever inversion of the argument. She invoked the “God-given right of freedom of speech” _to impose a chilling effect on the Inquiry’s speech._ Forget the fine points of law, policy, or even soft ethics: this stuff is _God-given_. This is _God_ you’re messing with. _Her_ God: an personal insult so grievous that she was no longer obliged to dignify the committee with a meaningful response. And how dare they even ask. One of my many frustrations about the state of the digital rights fightback in the UK – more to the point, with the chummy amateurism which passes for a movement – is that the fightback has never learned that victory goes to those who can throw the most spaghetti at the wall. Organisations which are restricted to the grant funding they must secure a year in advance, which must be allocated to the table cell and accounted for to the penny, cannot so much as write a social media post, respond to a media question, or fart in the general direction of an issue which is not strictly defined within the grant funding document. Organisations with healthier cash flows are free from all of those constraints. They can pick their issues. They can pick their battles. They can pick fights. They can throw spaghetti at the wall to see what sticks. They can do so knowing that civil society, quite literally, _cannot fight back_. What Ben spotted in that seemingly dry Inquiry hearing on the 6th of November was the US Christian Nationalist movement throwing spaghetti on the walls of the UK policy establishment. The Inquiry didn’t understand that. So they didn’t look at the wall behind them to spot what was stuck there. You should.

Important This post originally mentioned another linux installation that is based on Arch. I’ve removed references to it from the instructions because I should have known better. Thankfully it was one very optional, and the remaining guide holds up with base Arch. My Surface is now on a vanilla Arch install. My three year-old Surface Laptop Studio (first generation) has been starting to feel a bit long in the tooth as Windows 11 has continued to grow fatter. It’s that slow, creeping, feeling you get when a device isn’t quite “good enough” anymore. You probably know what I mean; things take longer to open than you remember, and there’s just a little bit more “friction” using the device than you’d like. It’s small things - a few extra seconds here, a loading spinner there. Even though I don’t use the Surface all that much now, I didn’t want to leave it in it’s current state. In my experience, there’s few more frustrating computing experiences than coming back to a Windows laptop after you’ve not used it for several weeks/months… only to have it grind to a complete halt when you eventually do power it on as it spends the next hour or more trying to catch-up on updates on the system and applications. So, a switch to Linux was on the cards - ideally lightweight and ready to go for any light dev work I pick it up for. I love using Arch Linux. I use a flavour of it on my main desktop PC. It can be time-consuming to install, but it’s (relatively) straightforward, especially if you follow the Wiki. But, because we’re talking about Microsoft hardware, it wasn’t the super-simple installation it _could_ have been, but it wasn’t _too_ bad. Fiddly enough I figured I’d write it up below. ## Step 0: Preparation First thing’s first, you’ll need the latest Arch Linux installation medium burned to a USB stick. I used Rufus to create the installer USB on a Sandisk Type-C drive. Secondly, you will need to disable Secure Boot in the laptop’s firmware. From Windows, hold down the Shift key while clicking on Reboot in the start menu. This will restart you into the firmware control panel. Select Security, then turn off Secure Boot by clicking the “Change configuration” button. Select “None”, then OK. Secure Boot Turning off Secure Boot will put a big, scary-looking, red bar across the top of your laptop’s boot screen. It’s fine, we’ll fix it in step 2. While we’re in the firmware, go back to Boot Configuration and reorder the devices so USB Storage is at the top of the list. I found it a little fiddly to get it to move, but it did eventually drag into the right place. With your installation medium inserted into the laptop, click on Exit, then Restart Now. Warning! We’re going to enable LUKS disk encryption. The built-in keyboard **will not work for entering the encryption key at boot** until after Step 3. You should keep a wired keyboard handy and plugged in to the laptop. ## Step 1: Minimal Arch Install For the most part you can choose what you want. This is the important stuff I chose: * For bootloader I “chose” systemd-boot (the default). * Disk: Use the Default partitioning layout, selecting your SSD * Disk: Choose btrfs with the default structure and compression * Disk: Use LUKS disk encryption with a password, selecting the partition created earlier * Network: Copy ISO network config * Authentication: Create your account, then set yourself as a Super User * Additional packages - I added `nano` and `sbctl` (see Step 2). ## Step 2: Secure Boot This part should be possible to do `chroot`’d into your system from the install media, but I rebooted and logged in as `root`. Secure Boot was the part I struggled with the most, and it genuinely took me _hours_ to get a working setup. Luckily for you, it should only take a few minutes as a result of that :) Get the current status of Secure Boot, using `sbctl`. It should look similar to the following: sbctl status Installed: ✘ Sbctl is not installed Setup Mode: ✘ Enabled Secure Boot: ✘ Disabled Create custom secure boot keys: sbctl create-keys Created Owner UUID 0f5c874c-d63b-43dc-b44f-b10b9340cd45 Creating secure boot keys...✔ Secure boot keys created! Enroll custom secure boot keys, passing the `--microsoft` flag: sbctl enroll-keys --microsoft Enrolling keys to EFI variables...✔ Enrolled keys to the EFI variables! Check the status. It should show as not in setup mode anymore: sbctl status Installed: ✔ Sbctl is installed Owner GUID: 0f5c874c-d63b-43dc-b44f-b10b9340cd45 Setup Mode: ✔ Disabled Secure Boot: ✘ Disabled **IMPORTANT** Secure Boot is now enabled, but DO NOT reboot yet. You still need to sign the bootloader files, so if you reboot now you won’t be able to load Arch until you turn it off again. `sbctl` includes a `sign-all` command, but it silently failed for me, and didn’t sign anything. Instead, check which files you need to sign with `sbctl verify`. A bunch of .img files might be listed as errors, but in my experience, that’s fine; I’ve removed them from the output below: sbctl verify ✘ /boot/EFI/BOOT/BOOTX64.EFI is not signed ✘ /boot/EFI/systemd/systemd-bootx64.efi is not signed ✘ /boot/vmlinuz-linux is not signed Sign each of those files in turn: sbctl sign /boot/EFI/BOOT/BOOTX64.EFI sbctl sign /boot/EFI/systemd/systemd-bootx64.efi sbctl sign /boot/vmlinuz-linux That should be everything you need. It was for me, anyway. The best part is: future kernel updates will automatically be signed, so you shouldn’t need touch this again. `sbctl verify` should show the files as signed: sbctl verify ✔ /boot/EFI/BOOT/BOOTX64.EFI is signed ✔ /boot/EFI/systemd/systemd-bootx64.efi is signed ✔ /boot/vmlinuz-linux is signed You can add an entry for `linux-surface-fallback` if you want, b ut I didn’t bother. At this stage, it should be safe to reboot. Arch should load, and the big red bar should be gone. Login as `root` for Step 3. ## Step 3: Surface Hardware Note I’ve only been concerned with getting the keyboard/trackpad working, so haven’t properly tested things like the webcam yet. The touchscreen seems to work, but I’ve done the most basic of checking. Refer to the linux-surface Wiki if you need help with any of this. ### Add the Kernel Repository and Install Packages Refer to the Wiki for the latest steps. The steps I followed are repeated below for posterity: First you need to import the keys we use to sign packages. curl -s https://raw.githubusercontent.com/linux-surface/linux-surface/master/pkg/keys/surface.asc \ | sudo pacman-key --add - It is recommended to check and verify the fingerprint of the key. pacman-key --finger 56C464BAAC421453 Finally, you must locally sign the imported key. pacman-key --lsign-key 56C464BAAC421453 You can now add the repository by adding the following to the end of /etc/pacman.conf [linux-surface] Server = https://pkg.surfacelinux.com/arch/ After doing that you need to refresh the repository metadata, then you can install the linux-surface kernel and its dependencies. pacman -Syu pacman -S linux-surface linux-surface-headers iptsd libcamera libcamera-tools ### Add the Boot Loader Entries As mentioned, I went with the Arch default of Systemd-boot for the bootloader, so this step might not be needed if you chose the recommended Limine. I can’t help you with that, sorry. Systemd-boot doesn’t auto-detect new kernels like I remember GRUB doing in other distros, and it is configured differently to the GRUB I’ve used to since my youth[1]. This means we have a little work to do. First, list out the entries you do have, which will probably be just the defaults: ls -l /boot/loader/entries 2025-08-24_08-39-03_linux-fallback.conf 2025-08-24_08-39-03_linux.conf Copy the `..._linux.conf` file to `..._linux-surface.conf`, then open it to edit[2]: cp /boot/loader/entries/2025-08-24_08-39-03_linux.conf /boot/loader/entries/2025-08-24_08-39-03_linux-surface.conf nano /boot/loader/entries/2025-08-24_08-39-03_linux-surface.conf Inside the file, edit the title, then update the paths to the correct vmlinuz and img files. Mine looks like this (I’ve omitted any lines I didn’t edit, so leave the rest of the file as-is, especially the `options` line): title Arch Linux (linux-surface) linux /vmlinuz-linux-surface initrd /initramfs-linux-surface.img Save and exit. ### Enable the Keyboard for LUKS Decryption You must be booted into the `linux-surface` kernel for the next steps to work, so if you haven’t already, reboot and be sure to select the correct kernel in the boot menu. You can check if you’re in the right kernel with `uname -a` - if you are, it will have `surface` somewhere in the output. Enabling the keyboard early enough that it can be used to enter the LUKS password requires editing how kernel modules are loaded, then regenerating the kernel image. This sounds scarier than it is. First, we need to edit `/etc/mkinitcpio.conf`. nano /etc/mkinitcpio.conf Refer to this page on Disk Encryption in the linux-surface documentation for what you need to add to the `MODULES=()` section. For thoroughness, I added basically everything, so my entry looks something like this (I’ve removed unrelated entries that were already there): MODULES=(pinctrl_tigerlake surface_aggregator surface_aggregator_registry surface_aggregator_hub surface_hid_core surface_hid surface_kbd intel_lpss_pci 8250_dw) Regenerate your kernel images: mkinitcpio -P This will churn away for quite some time, but eventually you’ll be returned to the prompt. You can restart now, and _should_ be able to type the LUKS decryption password with the built-in keyboard. Login as your regular user (e.g. `chris`, or whatever) and continue on installing and configuring Arch to your desired state. * * * 1. No, seriously. I first encountered GRUB in circa 1997. ↩︎ 2. The datetime file name prefix probably isn’t required, but it had taken so long to get to this point I didn’t even think about using the basic `linux-surface.conf`. ↩︎

Attached: 1 image The O2, an entry level Unix workstation, was introduced in the mid 90s and came with a single MIPS CPU. Here, we see some baby Octanes, haha! It officially ran on IRIX UNix OS but also supported the Linux and BSD families of operating systems https://en.wikipedia.org/wiki/SGI_O2 #unix #history

Fudgesicles. I’ve lost the original SVG for a site logo. That’s mildly inconvenient.

I went through the faff of setting up a self-hosted Ghost instance a few days ago, then realised I’m probably never going to use it. Ah well, it was a learning exercise at least

Tonight’s bit of housekeeping done: Migrated my password manager off a Raspberry Pi, and on to something a little more robust

Spent the whole day trying to unfuck my home office, so it’s less cluttered and stress-inducing. 2 whole bin bags of stuff removed; it’s better, but still a mess. It’ll have to be an ongoing process

I’m considering reinstalling my desktop again, using everything I learned installing Arch on my laptop. I only really just finished getting the desktop “just so”. It’s me, hi, I’m the problem, it’s me.