Thursday 31 March 2011

There are no non-Christians here...

One of my weekly lessons when I was at school was called 'Personal and Social Education'. Its goal was to ensure that I wouldn't end up as a geek.

I remember the teacher one day calling for meditation on the day's Blessèd Thought:
There are no strangers here; only friends we haven't met.
It was an embarrassingly crass and schmaltzy statement. What did he think the word strangers meant? It must have held some meaning for him, otherwise it wouldn't have made much sense to say that there were no strangers there. Anyway, we'd all met each other, and we certainly weren't all likely to end up as friends. As well as playing fast and loose with the meaning of strangers, it rather cheapened the meaning of friends to imply that everyone could be and should be friends with everyone else.

Recently I went to a church whose service sheet mentioned a weekly meeting for prayer for 'the chronically ill and not-yet Christians'. Praying for those who are ill (James 5:14), and praying that people would become Christians (Matthew 9:35–38) is, of course, an essential part of the Christian life, and I'm sure that the meeting itself was wholesome and honouring to God. But not-yet Christians? I can almost see my teacher nodding approvingly:
There are no non-Christians here; only not-yet Christians.
It's not the first time I've heard the phrase. It seems to turn up more and more, mainly in the context of spurring people on to evangelism. Google hits for the phrase are well into six figures.

But for all its optimism, I do find this language rather disturbing. This isn't mere linguistic pedantry: the language we use to describe people affects our perception of them, and eventually affects the way we treat them.

So what's wrong with describing non-Christians as not-yet Christians?

For one, it's horribly patronising. It's roughly equivalent to telling a child: I know you don't agree with me at the moment, but one day you'll see that I'm right. I'll explain when you're old enough to understand. How does that sound from the receiving end? How would I feel to know that my atheist friends describe me as a not-yet atheist, and my Muslim friends describe me as a not-yet Muslim?

Secondly, it demotivates our evangelism. It is odd that the phrase gets used mainly in the context of encouraging Christians to spread the gospel; it certainly doesn't have that effect on me.

Jesus sees those who live without him as lost sheep (Luke 15:3–7), as in mortal peril (Luke 13:1–5), as in imminent danger of being cut down (Luke 13:6–9). This is what gives evangelism its urgency: time is short. Any view of non-Christians as simply Christians-in-waiting may be very comforting, just as it may be more comforting to ignore the warnings on cigarette packets; but it is a dangerous game to play.

But finally, and most importantly, it contradicts Jesus' teaching. Describing non-Christians as not-yet Christians suggests that it is only a matter of time: eventually all non-Christians will become Christians. Jesus' love will win through in the end: just trust him to do what he has promised.

The trouble is that he has promised no such thing. There are narrow and broad roads (Matthew 7:13–14); there are good and bad trees (Matthew 7:15–19); there are solid and weak foundations (Matthew 7:24–27). At the last judgement, there will be a final separation into two groups (Matthew 25:31–46). Some of those for whom we pray will eventually become Christians; some will not. Christian faith is about trusting God to do what he has said he will do; trusting God to do what he has said he will certainly not do is pure self-deception.

Contrast the biblical Jesus with the not-yet Christian view of Jesus. Hear the words of comfort our much nicer, softer, all-inclusive Jesus brings us:
“Not everyone who says to me, ‘Lord, Lord,’ will enter the kingdom of heaven, but only the one who does the will of my Father who is in heaven. Many will say to me on that day, ‘Lord, Lord, did we not prophesy in your name and in your name drive out demons and in your name perform many miracles?’ Then I will tell them plainly, ‘There are no strangers here; only friends I haven't met.’ (Matthew 7:21–23, Not-Yet Version)

Tuesday 29 March 2011

How to use your Android phone as a Linux live USB stick

Two of the things I carry with me everywhere are a USB stick containing a live Linux installation (so that I can boot Windows machines into Linux and get to my own desktop and files), and my phone. This week, in a fit of ruthless efficiency, I discovered that it's possible to do without the USB stick: I can plug my phone into a computer, and boot directly from it.

My wife's Windoze laptop, booted into Fedora using my phone
When I connect my phone (an HTC Desire, but this should apply to all Android phones) to a computer and set the phone to 'Disk drive' mode, it exposes the whole SD card as a block device. That means that you can do pretty much anything to it that you could do if it were a USB stick. Format it, partition it, boot off it...

That opens up a world of possibilities. Effectively you can carry your computer round in your pocket, with all the programs you want, and all your documents safely encrypted. For bonus marks, you can set your phone up to read the encrypted image and get access to your documents directly from your phone.

Here's what to do to get your phone set up for booting.

  1. Prepare a Fedora ISO image that you'd like to boot from. I've got my own that I built, with the programs on it that I generally use, but the easiest way to get one to experiment with is to download the live CD image from the Fedora web site.
  2. Make sure there's enough room on your phone's SD card. To play this game properly, you'll need enough space for the installation image (~650MB for the live CD), some space for a persistent overlay so that you can install and remove other programs and edit system settings (~350MB should be plenty), and some space for an encrypted filesystem containing your documents; so maybe 1GB plus document storage space. You don't need to repartition: this can all go on the FAT32-formatted partition you already have. (The whole process is non-destructive.)
  3. Set the FAT32 partition on your phone's SD card to be bootable. Plug your phone into your computer, put it in 'Disk drive' mode, and then use parted on Linux, or a GParted live CD, or whatever you Windows types use for partition management.
  4. Now install the image. I'm using Fedora, so the gubbins I need to perform the installation is already there, in the livecd-tools package; the command I use to install onto a USB stick is
    livecd-iso-to-disk --reset-mbr --overlay-size-mb 350 --home-size-mb 1024 whatever.iso /dev/sdb1
    Be very careful to get this right! You need to replace '/dev/sdb1' with the device representing your card's FAT32 partition. The '--reset-mbr' isn't as scary as it looks: it doesn't destroy the partition table, but it does set the master boot record to something that you can boot from.
  5. Reboot your phone to convince yourself you didn't brick it.
  6. Now boot your computer from your phone! Set your phone to 'Disk drive' mode again, reboot your computer, and hit F12 or whatever lets you choose a boot device, and select 'USB device' or equivalent.
I've found that it is a little slow when booting up, but operates at a fair old lick when running. Read performance isn't too bad, and write performance is hugely helped by the cacheing, as long as you don't do anything to hammer the disk. For web browsing, editing OpenOffice documents, programming and pretty much anything, it works very nicely. I even compiled a kernel and it coped just fine.

Answers to questions for more excitable types:
  • Do I need to have rooted my phone? No. All you're doing is using it to store some files. On the other hand, if you have rooted your phone, you'll be able to access the encrypted files directly from your phone.
  • What happens if my phone battery runs out? It won't. On my phone, at least, the USB port supplies more than enough power to keep it operating as a disk drive, so it'll charge up rather than drain.
  • What do I do if the phone rings? Answer it. There's nothing to stop you using your phone as a phone, as long as you don't unplug it, reboot it or turn it off 'Disk drive' mode. (That does mean that your FAT32 partition won't be mounted on your phone, so any apps that you've got stored on the SD card using the native Froyo system won't be operational. If you've used an A2SD-style separate partition, your apps will all work fine.)
  • What's the best way to make use of all this? That rather depends on what you want to do. I use Unison to sync my files so that everything's up to date, but you could equally use Dropbox or similar. Really, the sky's the limit: you can use it to do anything you could do with your normal computer.
  • How do I mount the encrypted partition directly from my phone? This takes a little bit of planning, and I'll write a full article on that soon. You need four things to get it to work:
    • a rooted phone;
    • a cryptsetup binary compiled for ARM (download);
    • a recent busybox binary (if you haven't got it already, install from the Market or download);
    • a phone kernel with compiled-in support for the encryption present in the encrypted partition.
    If you don't already have the first, you probably shouldn't be messing with this low-level stuff. The fourth is the trickiest, but not impossible; and by far the easiest approach is to change the encryption to match your kernel rather than change your kernel to match the encryption. Here's the rough outline of what to do to open the image, and how to change the encryption if necessary. It assumes some familiarity with doing bad things to your phone:
    1. Use adb shell to get a terminal on your phone.
    2. Map the encrypted image to a free loop device:
      1. Use busybox losetup -f to find a free one.
      2. Create it if necessary: busybox mknod -m 0600 /dev/loopx b 7 x (replacing 'x' with the number of the first free device, if it doesn't exist).
      3. Check that the one you've created is still free! It should be, but for some reason, when I create /dev/loop0 through to /dev/loop3 on my phone, they all get eaten straight away. Anything numbered from 4 upwards works fine for me.
      4. Map the device: busybox losetup /dev/loopx /sdcard/LiveOS/home.img
    3. Try to open it: cryptsetup luksOpen /dev/loopx enchome
    4. If you're lucky, it'll open fine, and you won't need to change the encryption. If you get an error telling you to check your kernel for the right cipher support, it means you're going to need to change the encryption. If you've stored anything important in the encrypted image, stop and copy it out, because this will destroy it (but you only have to do it once):
      1. Format it with a different cipher:
        cryptsetup --cipher=aes-cbc-benbi luksFormat /dev/loopx
        You might need to try different cipher specs till you find one that your kernel supports. You could try 'aes-cbc-plain' or just 'aes' or even 'twofish'. A look at /proc/crypto will give you some clues as to what's available, but it's not easy to work out exactly what it all means. Make sure you stick to something that gives you a decent level of security.
      2. Try opening it again, using the luksOpen command above.
      3. You'll now need to format it again, with
        busybox mke2fs -m 0 /dev/mapper/enchome
        If you get an 'applet not found' error, your version of busybox isn't recent enough.
    5. Once you've successfully run the luksOpen command, you can now mount the image. Make an empty directory somewhere that you can mount it in (say, /sdcard/encimage), and then mount it with: mount /dev/mapper/enchome /sdcard/encimage
    From now on, you should be able to follow this procedure (without needing to change the encryption every time) to mount the image with full read/write access. This really needs automating, and a little GUI putting together... I'm working on it.