On May 2019 we did a presentation at University of Nicosia about digital rights and horror stories regarding their violations. We talked about ways of how technology can be used against us, and about actions and tools we can use to protect ourselves.

You can find the presentation material here:

Horror Stories from Digiland

Here you can find some references that help in the creation of the presentation. This is a shorter version of an earlier presentation I did in greek so the references may not match exactly to this one.

ECHELON

Trailblazer

Sony Rootkit

Lower Merion High School

Afgan War Logs

PRISM

The Fappening

No cloud

Ashley Maddison

VW Scandal

Vault 7

Dropbox

Tesla Cars

Mobile Telephony

Truecaller

Smart TVs

Facebook

Target

Apple

Microsoft

Cabridge Analytica

Free-Basics

Backdoors – Malware

HTTPS Interception

Brain decoding – fMRI

Political Nightmares

Net Neutrality

So why should I care?

Protect yourself

Alternative social media

Protections in Telephony

Protection in Email

Other Solutions

GDPR

Digital Rights Organizations

Rysiek\’s Law

Digital Rights in Cyprus

Digital Rights

Orwell vs Huxley

I have been using [Skelleton](https://www.skelleton.net)’s guide[^guide] to setup [opendmarc](http://www.trusteddomain.org/opendmarc/) on some mail server I am building.

My problem is the version of opendmarc that comes with Debian is 1.3.0 and this version has a bug[^list] which fails to honor the *IgnoreAuthenticatedClients* directive.

This is an attempt to build[^build] the newest version, 1.3.1, for Debian jessie.

### Prepare the environment

* Install all necessary packages:

“`
$ sudo apt -y install pbuilder debootstrap devscripts packaging-dev debian-keyring
“`

* Prepare a Debian jessie build environment:

“`
$ sudo pbuilder create –debootstrapopts –variant=buildd –mirror http://ftp.us.debian.org/debian/ –distribution jessie –architecture amd64 –components main –debbuildopts -mJohn Doe \
“`

### Prepare the Debian environment for *opendmarc* 1.3.1

* Download and extract the package:

“`
$ wget http://downloads.sourceforge.net/project/opendmarc/opendmarc-1.3.1.tar.gz
$ tar xvzf opendmarc-1.3.1.tar.gz
$ cd opendmarc-1.3.1/
“`
* Prepare for Debian packaging:

“`
$ DEBFULLNAME=”John Doe” DEBEMAIL=”john.doe@example.net” dh_make -s -y –createorig
“`

* Rename the *debian* folder:

“`
$ mv debian debian.orig
“`

* Shamelessly copy *debian/** from the original:

“`
$ cd /tmp/
$ apt-get source opendmarc
$ cd opendmarc-1.3.1+dfsg/
$ cp -a debian/ ~/opendmarc-1.3.1
“`

* Optional steps:

* Change the Author name to yours in *debian/control*

* Restore the *debian/changelog* file:

“`
$ cp debian.orig/changelog debian/
“`

* Get rid of the *debian.orig* folder:

“`
$ mv debian.orig/ ..
“`

* Edit the *debian/changelog* file with `dch -e`:

opendmarc (1.3.1-1) unstable; urgency=medium
  * Initial release: To fix the IgnoreAuthenticatedClients issue:     http://www.trusteddomain.org/pipermail/opendmarc-users/2016-April/000636.html
 -- John Doe <john.doe@example.net> Fri, 29 Apr 2016 13:43:22 +0300

### Build *opendmarc* 1.3.1

* Run *pdebuild*:

“`
$ pdebuild
“`

* You cab find the resultant debs under */var/cache/pbuilder/result/*:

“`
$ ls -la /var/cache/pbuilder/result/
total 868
drwxr-xr-x 2 root root 4096 Απρ 29 13:54 .
drwxr-xr-x 8 root root 4096 Απρ 29 12:56 ..
-rw-r–r– 1 theodotos theodotos 38534 Απρ 29 13:54 libopendmarc2_1.3.1-1_amd64.deb
-rw-r–r– 1 theodotos theodotos 64210 Απρ 29 13:54 libopendmarc-dev_1.3.1-1_amd64.deb
-rw-r–r– 1 theodotos theodotos 2348 Απρ 29 13:54 opendmarc_1.3.1-1_amd64.changes
-rw-r–r– 1 theodotos theodotos 75890 Απρ 29 13:54 opendmarc_1.3.1-1_amd64.deb
-rw-rw-r– 1 theodotos theodotos 846 Απρ 29 13:54 opendmarc_1.3.1-1.dsc
-rw-r–r– 1 theodotos theodotos 663859 Απρ 29 13:54 opendmarc_1.3.1-1.tar.gz
-rw-r–r– 1 theodotos theodotos 17136 Απρ 29 13:54 rddmarc_1.3.1-1_all.deb
“`

You can now copy the debs over your mail server and test them.

__Update: I did this before I had discovered that opendmarc 1.3.1 is in Debian jessie backports[^backports]. But an interesting drill nevertheless.__

References
———-
[^guide]: https://www.skelleton.net/2015/03/21/how-to-eliminate-spam-and-protect-your-name-with-dmarc/
[^list]: http://www.trusteddomain.org/pipermail/opendmarc-users/2016-April/000636.html
[^build]: http://www.theo-andreou.org/?p=1145
[^backports]: http://www.trusteddomain.org/pipermail/opendmarc-users/2016-April/000641.html

These are the instructions for installing an [ORCID](http://orcid.org/)[^orcid] authentication node. We will be using the [simple-orcid-auth-node](https://github.com/ORCID/simple-orcid-auth-node)[^soan] developed by the ORCID organization.

### Assumptions

* An Ubuntu 16.04 server machine but works on 14.04x with some minor changes.
* A FQDN, let’s say *orcid.example.com*.
* Server IP is 10.2.2.2 in our case.
* Create an *orcid* user: `sudo useradd -r -m -d /var/www/html/orcid orcid`.
* For Ubuntu 14.04 it is better to use */var/www/orcid* instead of */var/www/html/orcid*.
* Also use `service restart` on 14.04.x instead of `systemctl restart `.

### Installing *simple-orcid-auth-node*

* Install necessary packages (as a privileged user):

“`
$ sudo apt -y install nginx nodejs npm
“`

__NOTE: If you are using Ubuntu 14.04.x do not install the [node](http://packages.ubuntu.com/trusty/node) package. This package is completely unrelated with [nodejs](https://nodejs.org/en/).__[^node]

* Download and extract *simple-orcid-auth-node* (as the *orcid* user):

“`
sudo su – orcid
wget https://github.com/rcpeters/simple-orcid-auth-node/archive/master.tar.gz
tar xvzf master.tar.gz
“`

* Install the application:

“`
$ cd simple-orcid-auth-node-master/
$ npm install
“`

* Test run the application (as the *orcid* user):

“`
$ nodejs client-app.js
server started on 8000
“`

Looks OK. Now point your Hit CTRL^C and move on.

__NOTE: If you prefer using the legacy `node client-app.js` invocation, you need to install the [nodejs-legacy](http://packages.ubuntu.com/xenial/nodejs-legacy) package as well.__

### Setting ORCID as an autostart service

* Autostart using *systemd*[^systemd] (Ubuntu 16.04):

* Create the */etc/systemd/system/orcid.service* service definition (as the *root* user):

$ cat > /etc/systemd/system/orcid.service << EOF
[Service]
ExecStart=/usr/bin/nodejs /var/www/html/orcid/simple-orcid-auth-node-master/client-app.js
WorkingDirectory=/var/www/html/orcid/simple-orcid-auth-node-master
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=orcid
User=orcid
Group=orcid
Environment=NODE_ENV=production
[Install] WantedBy=multi-user.target EOF

* Reload *systemd* and start the service:

“`
$ sudo systemctl daemon-reload
$ sudo systemctl start orcid.service
“`

* Verify that the service is started:

$ sudo systemctl status orcid.service
● orcid.service
   Loaded: loaded (/etc/systemd/system/orcid.service; disabled; vendor preset: enabled)
   Active: active (running) since Wed 2016-04-27 09:00:16 UTC; 37s ago
 Main PID: 11141 (nodejs)
    Tasks: 5 (limit: 512)
   Memory: 24.1M
      CPU: 268ms
   CGroup: /system.slice/orcid.service
           └─11141 /usr/bin/nodejs /var/www/html/orcid/simple-orcid-auth-node-master/client-app.js
Apr 27 09:00:16 orcid systemd[1]: Started orcid.service. Apr 27 09:00:16 orcid orcid[11141]: server started on 8000

* Autostart using *sysv-init* (Ubuntu 14.04.x):

* Prepare a *sysv-init* startup script or use mine for convinience:

“`
$ cd /etc/init.d
$ wget https://raw.githubusercontent.com/theodotos/arena/master/orcid
$ chmod +x orcid
$ update-rc.d orcid enable
$ update-rc.d orcid defaults
“`

Now *orcid* should be able to autostart after a reboot.

### Setting up nginx

* Prepare this configuration:

$ cat > /etc/nginx/sites-available/orcid << EOF
server {
    listen 80;     listen [::]:80 ipv6only=on;
    server_name orcid.example.com;
    access_log /var/log/nginx/orcid.access.log;     error_log /var/log/nginx/orcid.error.log;
    location / {         proxy_pass http://localhost:8000/;         proxy_set_header Host \$host;         proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;     } } EOF

* Enable the *orcid* site:

“`
$ cd /etc/nginx/sites-enabled/
$ sudo ln -s /etc/nginx/sites-available/orcid
“`

* Uncomment the following line in */etc/nginx/nginx.conf*[^nginx]:

“`
server_names_hash_bucket_size 64;
“`

* Restart *nginx*:

“`
$ sudo systemctl restart nginx.service
“`

* Verify *nginx* with `sudo systemctl status nginx.service`

Now you can visit the http://orcid.example.com site and test your setup

### Going to production

The default *simple-orcid-auth-node* is using the sandbox ORCID service which is ideal for testing. This is how the configuration file (*helpers/config.js*) looks like:

“`
module.exports = config = {
// Config for OAuth2
CLIENT_ID: ‘APP-O9TUKAPVLALU1SOJ’,
CLIENT_SECRET: ‘0eafb938-020e-45a6-a148-3c222171d9d8’,
AUTHORIZE_URI: ‘https://sandbox.orcid.org/oauth/authorize’,
TOKEN_EXCHANGE_URI: ‘https://api.sandbox.orcid.org/oauth/token’,
CODE_CALLBACK_URI: ‘http://localhost:8000/authorization-code-callback’,
// General server config
PORT: ‘8000’,
SERVER_IP: ‘127.0.0.1’,
}

“`

This setup will not work in production. You have to modify the **CLIENT_ID** and **CLIENT_SECRET** variables with your own credentials and change the **AUTHORIZE_URI** and **TOKEN_EXCHANGE_URI** to point to the production ORCID services:

module.exports = config = {
  // Config for OAuth2 
  CLIENT_ID: 'APP-HSGSHJS335353GSGSG',
  CLIENT_SECRET: '56d4eb21-6622-8483-3422-f53f3fs53sfs35f',
  AUTHORIZE_URI: 'https://orcid.org/oauth/authorize',
  TOKEN_EXCHANGE_URI: 'https://api.orcid.org/oauth/token',
  CODE_CALLBACK_URI: 'http://localhost:8000/authorization-code-callback',
  // General server config
  PORT: '8000',
  SERVER_IP: '127.0.0.1',
}
...

Restart *nginx* and *orcid* when done:

“`
$ sudo systemctl restart nginx.service orcid.service
“`

References
———-

[^orcid]: https://en.wikipedia.org/wiki/ORCID
[^soan]: https://github.com/ORCID/simple-orcid-auth-node
[^node]: https://github.com/ORCID/simple-orcid-auth-node/issues/3
[^systemd]: https://www.digitalocean.com/community/tutorials/how-to-deploy-node-js-applications-using-systemd-and-nginx
[^nginx]: http://charles.lescampeurs.org/2008/11/14/fix-nginx-increase-server_names_hash_bucket_size

This guide describes how to upgrade your [XstreamTec HTPC appliance](http://www.amazon.co.uk/gp/product/B00F0PZZIW?psc=1&redirect=true&ref_=oh_aui_detailpage_o00_s00 “XstreamTec HTPC”) from XBMC to [KODI](https://en.wikipedia.org/wiki/Kodi_%28software%29 “KODI”) or re-install the system, in case of system corruption.

XstreamTec does not appear to have an official website but I have contacted them via Amazon and they promptly replied with instructions.

Prerequisities
————–
* An XstreamTec HTPC media player.
* A Linux system with an SD card slot.
* A Windows PC or VM (optional).
* An empty SD card (4GB minimum).

Install the recovery firmware
—————————–

1. Download the android recovery sd card image (use Google Chrome or Chromium):

https://mega.co.nz/#!wExHTJgC!XPuoFyhF_S-roTEhsMhQ8BLrfH4R5tXhp2jwaLF_o1M

* Convert the image to raw format:

If you extract the downloaded file (***MATRICOM_MX2_115_FULL_AUG_09_2013.rar***) you will get the image file (***MATRICOM_MX2_115_FULL_AUG_09_2013.imgc***). Alas this file has a peculiar format (*****.imgc*****) which is some kind of compressed raw image. I couldn’t figure out how to convert this to a raw (suitable for **`dd`**) image on Linux. To convert this to raw you need a Windows only utility called **HDDRawCopy**. So you will need a Windows system ([WINE](https://www.winehq.org/ “WineHQ”) does not work for this) and use **HDDRawCopy** to convert the *****.imgc***** file to ***Raw/dd*** format.

If you do not have a Windows machine, you can download the image I converted already, in *****.bz2***** format from here:
[MATRICOM_MX2_115_FULL_AUG_09_2013.dd.bz2](files/MATRICOM_MX2_115_FULL_AUG_09_2013.dd.bz2 “XstreamTec Recovery Image”). Just extract it like this to get the raw image:

   $ cd ~/Downloads
   $ bzip2 -d MATRICOM_MX2_115_FULL_AUG_09_2013.dd.bz2
   

* Prepare the SD card:

> ***Note***
> *Make sure you don’t have any useful data on the SD card!*

First verify that the SD card is inserted:

      $ cat /proc/partitions 
      major minor  #blocks  name
      
          8        0  488386584 sda
          8        1     524288 sda1
          8        2     249856 sda2
          8        3  487610368 sda3
         11        0    1048575 sr0
       252        0  487608320 dm-0
       252        1  483524608 dm-1
       252        2    4067328 dm-2
       179        0    7761920 mmcblk0
       179        1      71680 mmcblk0p1
       179        2     124928 mmcblk0p2
       179        3    7559168 mmcblk0p3
      

Unmount all partitions on the SD card:

      $ sudo umount /dev/mmcblk0p*
      

Now use **`fdisk`** and delete all partitions from the SD card:

      $ sudo fdisk /dev/mmcblk0
      

* Dump the image on the SD card:

After preparing the SD card we need to dump the raw image on it:

         $ sudo dd if=MATRICOM_MX2_115_FULL_AUG_09_2013.dd of=/dev/mmcblk0
      

> ***Note***
> *Be very careful with `dd`! If you specify the wrong device on the `of=` parameter you may destroy useful data on other devices, even you main hard disk!*

Boot the recovery image
———————–

Now we need to go though these steps to load the recovery image:

1. Power off the XstreamTec appliance.

2. Insert the SD card, in the SD slot of the XstreamTec.

3. Press the reset button. This is somewhat tricky. The reset button is inside the AV port of the XstreamTec so you will need a toothpick to press it.

4. Power on the appliance, while keeping the reset button pressed. The system will enter the recovery installation procedure. Release the reset button when the recovery starts.

5. Follow the on-screen instructions to load the Android recovery image. Then reboot into android and see if it boots correctly.

Install the newer version of the Android system
———————————————–

Now we need to install a more recent version of Android on the XstreamTec.

1. Download the newer Android firmware:

   $ cd ~/Downloads
   $ wget http://matriserver.com/files/MX2/firmware/MX2-full-1.1.6-firmware-RC.zip
   

2. Prepare the SD card:

* Insert the SD card in your PC and check if it is mounted:

      $ df -hT | grep mmc
      /dev/mmcblk0p1              vfat      3,7G  100M  3,6G   3% /media/user/0E99-207A
      

* Delete all previous files from the SD card:

      $ cd /media/user/0E99-207A
      $ rm -fr * 
      

> ***Note***
> *Once again make sure you don’t have any data you need on the SD card.*

3. Load the firmware on the SD card.

Unzip the contents of the downloaded zip file (**MX2-full-1.1.6-firmware-RC.zip**) on the SD card:

   $ cd /media/user/0E99-207A
   $ unzip ~/Downloads/MX2-full-1.1.6-firmware-RC.zip
   

Boot the new Android firmware
——————————

Go through these steps agaon to load the new Android firmware:

1. Power off the XstreamTec appliance.

2. Insert the SD card in the SD slot of the XstreamTec.

3. Press the reset button. Repeat the toothpick procedure as previously.

4. Power on the appliance while keeping the reset button pressed. The system will enter the new Android firmware installation procedure. Release the reset button when the recovery starts.

5. Follow the on-screen instructions to load the new Android firmware. Then reboot into the new Android and see if it boots correctly.

One would be tempted to keep the Android system and use XBMC or install Kodi on it. This way you can have Android and XBMC/Kodi on your XstreamTec appliance. Alas the XBMC/Kodi experience for Android is not as good as the one on OpenELEC. Trust me, if you need the full Kodi experience you need to install OpenELEC.

Install OpenELEC on the XstreamTec HTPC media player
—————————————————-

1. Download the OpenELEC firmware:

   $ cd ~/Downloads
   $ wget https://www.dropbox.com/s/toe4kxi9ivomlmp/OpenELEC-Amlogic.MX2.arm-5.0.3.zip
   

> **Update:**
> There is a newer version at [github](https://github.com/codesnake/OpenELEC.tv/releases/download/6.0.1/OpenELEC-Amlogic.M8.arm-6.0.1.zip).

2. Prepare the SD card:

* Insert the SD card in your PC and check if it is mounted:

      $ df -hT | grep mmc
      /dev/mmcblk0p1              vfat      3,7G  100M  3,6G   3% /media/user/0E99-207A
      

* Delete all previous files from the SD card:

      $ cd /media/user/0E99-207A
      $ rm -fr * 
      

3. Load the OpenELEC firmware on the SD card.

Unzip the contents of the downloaded zip file (**OpenELEC-Amlogic.MX2.arm-5.0.3.zip**) on the SD card:

   $ cd /media/user/0E99-207A
   $ unzip ~/Downloads/OpenELEC-Amlogic.MX2.arm-5.0.3.zip
   

Boot the OpenELEC firmware
————————–

Once again repeat these steps to load the OpenELEC firmware:

1. Power off the XstreamTec appliance.

2. Insert the SD card in the SD slot of the XstreamTec.

3. Press the reset button. Repeat the toothpick procedure as previously.

4. Power on the appliance while keeping the reset button pressed. The system will enter the OpenELEC installation procedure. Release the reset button when the recovery starts.

5. Follow the on-screen instructions to load the OpenELEC firmware. Then reboot into your freshly installed system and see if it works properly.

Enjoy your Kodi experience!

References
———-
* http://kodi.tv/
* http://openelec.tv/

The Utilite computer comes with an aging Ubuntu 12.04. If you try to upgrade it to to 14.04 or later, you will end up with a broken system because of their dependency, either fully or partially, on the [systemd](https://en.wikipedia.org/wiki/Systemd “systemd”) init system. The problem is that the stock kernel does not support [cgroups](https://en.wikipedia.org/wiki/Cgroups “control groups”) which is a mandatory dependency for **systemd**. Type these commands on your Utilite, to verify the missing feature:

$ sudo mount /dev/sda1 /boot
$ /usr/src/linux-kernel/scripts/extract-ikconfig /boot/uImage-cm-fx6 | grep CGROUPS
# CONFIG_CGROUPS is not set

There is also another important feature: **fhandle**. A **systemd** Linux system without an **fhandle** enabled kernel, will fail to enable the **swap space** during boot.

Most modern distros, with a few notable [exceptions](https://en.wikipedia.org/wiki/Systemd#Adoption_and_reception “systemd adoption”), have switched to this new initialization system. So if we want to use a recent version of Ubuntu, Debian or most other distros, we need to recompile the kernel with **cgroups** support.

Prerequisites
————-

* A standard x86-based PC with Linux installed (I use Ubuntu 15.04 at present). This is going to be our build station.
* A Utilite ARM Computer. This is our target.

Prepare the cross-compile toolchain
———————————–

The necessary packages are available on recent Ubuntu releases and Debian unstable.

First let’s install all necessary and optional packages on our build station:

$ sudo apt-get -y install build-essential gcc-arm-none-eabi gcc-arm-linux-gnueabi gcc-arm-linux-gnueabihf libncurses5 libncurses5-dev libncursesw5 libncursesw5-dev lzop git u-boot-tools pkg-config

Download the kernel sources
—————————

1. You can download the sources from here:

   $ wget https://github.com/utilite-computer/linux-kernel-3.0/archive/master.tar.gz
   

2. Then extract the tarball and change into the kernel source root:

   $ tar xvzf master.tar.gz
   $ cd linux-kernel-3.0-master/
   

Building the kernel
——————-

1. Prepare the environment:

   $ export ARCH=arm
   $ export CROSS_COMPILE=arm-linux-gnueabihf-
   

2. Prepare the configuration for utilite:

   $ make utilite_defconfig
   

* Check if **cgroups** and **fhandle** are enabled:

      $ grep CGROUPS .config 
      # CONFIG_CGROUPS is not set
      $ grep FHANDLE .config 
      # CONFIG_FHANDLE is not set
      

* Since **cgroups** and **fhandle**, are not enabled we need to enter **menuconfig** to enable it:

      $ make menuconfig
      

Navigate to **General Setup** and go down to **Control Group support**. Press the space bar and you will see an asterisk ([*]). That means the **Control Group support** feature is enabled to be compiled in the kernel. Now do the same with the **open by fhandle syscalls** option. Press **exit** and **Yes** to save your new configuration.

* Make sure **cgroups** and **fhandle** are now enabled:

      $ grep CGROUPS .config 
      CONFIG_CGROUPS=y
      $ grep FHANDLE .config
      CONFIG_FHANDLE=y
      

Good. Let’s proceed with the build.

3. Build the kernel and prepare a U-boot compatible image (**uImage**):

   $ make
   $ make uImage
   

This will take some time depending on how powerful your build station is. Go for coffee, watch some movie, read a [comic](https://xkcd.com/303/ “XKCD: Compiling”)…

Prepare the tarball
——————-

Now we need to package the kernel and modules together.

1. Install the modules in the **rootfs** directory:

   $ mkdir -p rootfs/boot
   $ INSTALL_MOD_PATH=./rootfs make modules_install
  

Ignore this error after `make modules_install`:

“`
make[1]: *** No rule to make target ‘rootfs/lib/firmware/./’, needed by ‘rootfs/lib/firmware/ti_3410.fw’. Stop.
Makefile:1130: recipe for target ‘_modinst_post’ failed
make: *** [_modinst_post] Error 2
“`

2. Copy the image and prepare the tarball:

   $ cp arch/arm/boot/uImage rootfs/boot/uImage-cm-fx6
   $ cp arch/arm/boot/zImage rootfs/boot/zImage-cm-fx6
   $ cd rootfs
   $ tar cvzf ../linux-utilite-kernel-3.0.tar.gz .
   $ cd ..
   

Deploy the tarball
——————

Now we are ready to deploy the kernel to the Utilite computer.

1. Copy the kernel to the Utilite computer:

   $ scp linux-utilite-kernel-3.0.tar.gz utilite@utilite-desktop:
   

2. Now connect to the Utilite and mount the boot partition:

   $ sudo mount /dev/sda1 /boot
   

3. Backup the existing files and remove the old image and modules:

   $ tar cvzf linux-utilite-original-kernel.tar.gz /boot/ /lib/modules/3.0.35-cm-fx6-6.3/
   $ sudo rm /boot/uImage-cm-fx6 
   $ sudo rm -fr /lib/modules/3.0.35-cm-fx6-6.3
   

If something goes wrong you can boot from a microSD or a USB drive and restore the original kernel.

4. Deploy the kernel:

> ***Note***
> *Make sure the **/boot** directory is mounted on the **/dev/sda1** filesystem before running the following command.*

   $ sudo tar xvzf linux-utilite-kernel-3.0.tar.gz -C /
   $ sudo chown -R root:root /lib/modules/3.0.35-cm-fx6-6.4
   $ sudo depmod 3.0.35-cm-fx6-6.4
   

The errors caused by **tar** are produced because FAT filesystem like **/dev/sda1**, do not support the ownership attribute. You can safely ignore them. **`chown`** is used to set the owneship of the modules to the root user, since the tarball was packaged under a normal user account and inherited its permissions.

You can now reboot the Utilite and see if everything works as expected. If not, you can boot with a microSD or a USB flash drive and restore the original kernel and modules.

After we have successfully prepared a **cgroups** enabled kernel, we can move on to setup a new [Ubuntu or Debian](/?p=1087 “Setup a new Ubuntu or Debian system on the Utilite”) system on the Utilite.

References
———-
* [1] http://www.compulab.co.il/utilite-computer/wiki/index.php/Utilite_Linux_Kernel_3.0