With recent articles like
felt it was important to point out the golden thread running through these.
Which boils down to one thing. "He who controls the software and/or server
controls the device" at least in devices like these.
When buying a product that is Internet ready or Internet connected it is very
important for people to ask the question "What happens if the Internet part
For some products it's no biggie, like say a media player that downloads from a
specific site, but also let you put your own music on. In this case the
Internet part is more of a "Value added" piece then an mandatory one.
Then there are things like the Google Chromecast. If the Internet back end goes
away because Google decides to move to ChromeCast V3.0 and not support earlier ones, then
the device will become a brick. useless. And due to the lack of software
freedom in these devices there is nothing the owner can do.
This same thing is true of an ever increasing number of products. Especially as
we move into the whole "Internet of Things" (IoT) world. One of the reasons
that businesses are so hot on the IoT idea is the reach it gives them over the
product. This was seen with Kindle when amazon reached into thousands of
devices and Erased the book 1984.
There are two separate issues at play here:
- Who controls the software
- Who controls the server
The "ownership" of the device hinges on these two things. Lets look at each of them.
Who controls the software
If you do not control the software on the device, then it controls you. You do
not own that device. The person that controls the software owns it.
When I talk about control I am not talking about how "Usable" the software is.
I'm talking about the users ability to Change, modify, study, etc. the
software on the device.
If you can't change the software at all them you have absolutely no control.
If you can swap one opaque mass of software for another opaque mass of software
you have the limited illusion of control
Only when you can Study the software to see how it works, Change it to
work the way you want it to, Share the changes you've made and have the
freedom to use the software in any way you choose do you truly control the
Sadly an ever decreasing number of devices fall into this category. Even many
devices that appear free, like the Raspberry Pi, are actually Not truly so due
to the fact that they can not work without some opaque bit of software. In
the case of the Raspberry Pi it is impossible to boot the device without
software that is not in your control.
Who controls the server
This question is either of slightly less or equal importance to the "ownership"
of the device based on what the server bit does.
If the server bit is strictly "Value added", as in the device will continue to
function completely without the server. Then the question is a minor one.
However increasingly, and by design, devices will not function if the server is
Now if you have freedom in the software as mentioned above. It wouldn't be an
issue. You or someone else could study the software, change it to use a
different server or to not need the server and then share that change to
the world. Problem solved.
Sadly as mentioned above it is a rare device where that can be done. Partly
because most software licenses prevent you from doing any of those and thus
from using the software any way you want
So lacking freedom in the software and being tied to a server that you don't
control means that not only can you not fix, or modify the device, you are now
entirely at the whim of the person that controls the server. What if the server
says to delete all your stuff? Nothing you can do. The device wont work without
the server so you can't prevent it from connecting and once it does bang your
stuff is gone.
It goes well beyond just deleting your stuff. The server could push out an
update that kills the device. Now it wont even turn on. Or they could just shut
down the sever, Again you're stuck with a useless device. It is also important
to remember that the connection to the server is a two way street and can be
used to spy on anything you do with or near the device, as Windows 10
and it looks like Occulus Rift
As the whole IoT thing takes off this is going to become a huge issue and one
that customers need to pay attention to. An IoT fridge that you do not control
could be remotely told to not keep food cold anymore when the manufacturer
decides it is time for you to buy a new one.
Think that is far fetched? There have been printer out there for years now that
decide to stop working based on a software
in the printer. There is absolutely nothing mechanically wrong with them the
software just decides "Sorry I'm done.. go buy a new printer". If
manufacturers are willing to screw with you like this how much more so when
they can reach over the network and do what ever they like to your device?
So the next time you buy an electronic device ask, Who controls the software?
Is the server part "Value added" or mandatory? Can I change the software? Can I
run my own server? And ultimately, Do I want to buy a device I will not "own or
With the ongoing debate about strong encryption on mobile devices, I'd like to
take a moment to clear up a misconception that I've seen tossed around and
sadly accepted by too many people.
To be clear anyone that reads my stuff will know that I fall well inside the
"must have strong crypto" camp. So the views expressed here will clearly be
coloured by that.
The point I want to clear up is this new comparison of cell phones to physical
spaces. The argument tends to go like this: "Peoples homes are private but the
government can get a warrant to search them. So the government should be able
to do the same for Phones."
On the surface that may seems to make sense and I suspect that is why people
are buying into it, but the truth is much closer to saying: "Peoples homes are
private but the government can get a warrant to search them. So the government
should be able to do the same for private conversations."
What the government is seeking is not access to a physical space but rather
retroactive access to private conversations. The government has never had the
ability in the past to compel you to divulge what you said to your friend last
Tuesday. Especially if such might be incriminating.
By wanting all encryption breakable the government is trying to do an end run
around your right to remain silent, or plead the 5th, or what ever the
equivalent is in your country.
Cell phones are by definition communication devices, not dwellings, not safes,
not a place of business. Cell phones store and transmit conversations, which is
speech, which has special safe guards when talking privately with another
Yes there are wiretaps and police can get a warrant to get a wiretap. But wiretaps
have never been retroactive. Remember it's "You have the right to remain
silent, anything you say may be used against you in a court..."
How safe do you feel knowing that by breaking into your phone and having
retroactive access to your speech, "anything you say" now includes
much of what you said for the last 2, 3, 5 years. Did you have an indiscretion
that they can blackmail you with? Did you joke with a friend about robing a
bank? Did you talk with someone about the possibility of fudging your taxes a
bit? Did you get really drunk after a break-up and text something that could be
considered a threat? And on, and on.
One of the reasons that speech is protected is because it is so easy to twist
and use against someone. As the famous quote goes "If you give me six lines
written by the hand of the most honest of men, I will find something in them
which will hang him."
We can not, we must not allow governments and police to have easy unfettered
retroactive access to our speech going back years. It removes too many
safeguards and tips the balance of power dangerously to the side of the already
Keep private conversations private. Say No to big brother.
Back in 2014 I wrote Cold Urticaria and the Rural Canadian Male. This is a follow up to that to talk about the things I have learned living with CU.
Know you're reaction point
The First thing I'd tell to someone newly diagnosed with CU is to get a good indoor outdoor thermometer or a small thermometer they can take with them. This was very useful for me in determining the temperature at which I start reacting. For me that is around 10C (50F).
knowing this temperature is very important to managing ones CU. It is especially helpful in the spring and fall as it lets me know if a day is a dress light or medium day.
Knowing this temperature is not the only deciding factor on how to dress as things like how damp/wet it is out and how windy will raise the temperature I react at by a few degrees. A clear still day of 15C and I'm probably Ok. Make it a windy day and it gets iffy depending on how strong the wind is. Make it a wet windy day and I'll be reacting for sure even at 15C.
Stay warm inside
In not talking about making sure the heat is on. I expect that you'd do that anyway. However I have learned that not getting "chilled" is very important. And I've also learned that unless you're paying close attention you may not even notice that you've gotten a little chilled.
I first noticed this on my walks to the local Tim Horton's. My hands (usually the first thing to react) would be fine on the way to Tim Horton's but would react on the way home. At first I just assumed that the temperature had dropped or the wind had come up a bit and so I needed heavier gloves. But It kept happening even when I was pretty sure it had gotten warmer. What I finally clued into is that Tim Horton's must keep things a bit cooler then I do at home and the combination of that and me sitting working on my computer (being inactive) caused my body temperature to drop a bit which was priming me to react once I went outside.
I've come to think of it as a buffer or battery kind of thing. If I'm nice and warm inside which keeps my body temperature up I have more stored heat and so don't cool to my reaction point as quickly when I go out. If I've already dropped a couple of degrees of body heat I'm that much closer to my reaction point and so will react much more quickly upon going out. So making sure that I'm staying warm is important even when I'm inside. The tough places for this are the places that are just a little cool. You don't really notice it but you're loosing body temperature. I'm sure if I were in them long enough I'd notice but by then I'd probably pretty chilled.
All I can do is pay attention and dress a littler warmer then usual when I'm at such a place.
It about a lot more then just the weather
This is the thing That I'd most like people to understand. It's about anything cold.
- Cold drinks - which result in a very unhappy stomach and dumping as the body tried to remove the irritant as quickly as possible.
- Handling cold items - frozen food, laundry done in the cold cycle, thing from the fridge, etc.
- Water - any water that isn't from the hot tap will cause me to react. It's not necessarily under 10C but water sucks heat out of things fast. And rapid cooling causes a reaction.
So when you start to think about things like that a clearer picture forms. I can't have ice cream, or ice cold beer. I can't go swimming. Getting sprayed with a garden hose would be dangerous. I have to be quick handling things from the fridge or freezer, or get gloves, or just deal with the fact that my hands are going to react. And on and on.
You're going to have reactions
When I was first diagnosed and got on the Reactine and knew to bundle up etc. I mistakenly believed that I'd be able to get to a place through care and medication of being reaction free. Unfortunately this is not possible, or at least not likely I could go to the maximum dosage and stay there all the time and maybe I'd not react, but I doubt it. In my experience the meds only limit the severity and duration of the reaction and don't actually prevent it.
Also this isn't like a nut allergy where I can just stay away from nuts. Cold stuff, or stuff that causes rapid cooling (like water) is everywhere. I have to walk in it, touch it, breath it, etc. there is just no way I'm going to be reaction free. But that is OK. I've learned that part of having CU is coming to terms with the fact that I'm going to have reactions.
The goal has to be as few reactions as possible and no big and dangerous reactions.
Reactine (Cetirizine) isn't perfect
About a year after I was diagnosed I started suffering symptoms that for all the world looked like Rheumatoid Arthritis. So much so that it was starting to affect my mobility and daily life. But as I went for test they all came back negative. So I started to wonder what had changed that might be causing these symptoms. The only thing I could think of was that I was now on 20mg/day of Cetirizine so I did a web search on longterm use of Cetirizine at higher than the over the counter dose (10mg) and found that I was not alone. Many people reporting joint pain and other symptoms. So I stopped the Cetirizine and poof all my joint pain and fatigue went away.
Luckily there are a multitude of options for daily antihistamines so I just switched to another and haven't looked back.
Things I'd tell people who have a friend that has been diagnosed with CU
The number one thing is don't say stupid shit when someone comes to you and tells they have Cold Urticaria (or Heat Urticaria, or Stress Urticaria)
Things like "Well, bundle up" or "I hate the cold too" just don't cut it.
Now I completely get that it is not an everyday situation and there is going to be that uncomfortable "Oh crap, what do I say...." moment. So let me give you a head start on it.
Instead of "well, bundle up/stay warm" which when you break it down really comes off like this:
Her: "My puppy just died" (I have CU and I'm kinda freaked out)
You: "Guess you better bury it then..." (Well, bundle up/Stay warm)
When we put it like that it is easy to see how it is missing the point.
As for the "I hate the cold too". It is a totally annoying response as CU isn't about 'liking' or not 'liking' it is about "If I'm not careful the cold (anything under 10C, 50F) could KILL me". That is a world away from "Brr.. My toes are freezing.. This sucks"
So, Better responses:
"oh Man! Does that mean no more ice cream, that blows"
"Shit, that must be rough/scary theres a ton of stuff that'll make you react"
"Gee, I bet that is complicated to manage day to day"
These all show that you kinda get it and don't come across like a brush off. Trust me your friend with CU will appreciate the good response.
I am writing this blog entry to explain to those that may not know the three models of doing things on the Internet. And also why it is important to understand them, to pay attention to them, and choose services and software that use the most correct model.
The three models are:
- P2P - Peer-to-Peer
They all have their strength and weaknesses and more importantly, they all have an impact on your rights and freedoms.
Centralized is the most common. This is your Google, Facebook, Pinterest, Twitter, Amazon, E-bay, Bank, Etc.
The centralized model has Big servers run by private interests (the site owners/Company) located in some place of their choosing which you use a browser or mobile App. to connect to. Typically all data is stored on the remote server.
This model is perfect for things like banking or online shopping. Just like in the real world you go to the place of business to shop or bank. It is also very appropriate for information type websites news,stocks,weather,sports scores,etc.
The important thing to remember about this model is that you do not control the server and therefor you do not control the data on the server. For the sites mentioned above, no biggie. For things like Facebook,Twitter,etc that live and die on user generated content (your stuff, your data) it's a huge biggie. Once your data is on their server it is usually considered "their data". The User Agreements of such site almost always stipulate that they can do what ever they want with what you upload.
The centralized model is also the easiest for the government to spy on, sensor, control, and shutdown. Because all the data on the server is owned but Company X all the government has to do is legally compel Company X to hand it over. In this way encryption like HTTPS is null and void. Governments can also just seize and shutdown servers they don't like. Also if Company X gets tired of running the server it and all your data will just go Poof and disappear from the Internet.
Considering all these things it is easy to see that the centralized model is both the least free (as in your rights and freedoms) and the most fragile. A lot of service providers out there could be whipped off the Internet by one good flood or other disaster happening to their main server.
This model is less known and understood by the average person today but it is actually the most common model used in the early days of the Internet. In this model instead on one server (or server farm/s) owned by one company there are many small servers that all talk to each other (federate) to provide a service. This model is used for E-mail, IRC, Usenet, XMPP, UUCP (yes I know that is ancient and deprecated), and newer system like pump.io and Tor. The strength of this system lies in the fact that no one owns the system.. sure they may own a server or two but no one owns the whole system. If a server goes down you just switch to another one.
This model is much harder to sensor, shutdown or control. Servers can live in different countries with different laws and governments. Typically the software to run these kinds of servers is small and easier to install and maintain. This means that anyone with a bit of work and understanding can set up an server and become part of the network of servers. If a government wanted to shutdown the service they'd have to block access to every single server, or a majority of them, to make the system unusable. Not so easy. Spying wise it is harder too. If the government compelled Google to hand over all E-mails (you can be pretty confident that they have/are) it doesn't get them any mails going from email@example.com to firstname.lastname@example.org.
Users typically use some sort of "client" software to connect to their server of choice and interact with the system as a whole. They don't have to worry about what server their friend is on because all servers in the system talk to one another. So email@example.com can email firstname.lastname@example.org no problem, no worries. As you can see from that example the part that comes after the @ actually refers to what server someone is on in the system. The same is true for XMPP addresses, SIP (proper Voip) addresses, webfinger addresses (pump.io), etc.
There is still the problem of your data on their server.. but as a federated system passes the data from server to server people running federated servers tend to act more like custodians of the data then owners of it. People tend to run these types of servers to offer a public service. OK, well not the Google's of the world. But places like Riseup or Ostel.
Peer to Peer (P2P)
In this model the client software is also the server. All clients on the system talk to and can connect to all other servers on the system. These systems are highly dynamic (servers coming and going all the time) and tend to be very connection and bandwidth heavy because everyone has to help move everyone else's data around.
In a P2P system no one owns the data it just lives out there bouncing from client to client. This means that for most P2P systems you have to be willing to give resources to the network. You have to let the P2P network use some of your bandwidth and disk space.
As you can imagine this is the least easy to censor or shutdown model, and also, if it is done right the hardest to spy on. Because of this many people see the P2P model as a freedom and privacy Panacea. But the truth is this isn't the best model for all things. I don't want to be trading huge chunks of bandwidth and disk space just to see what the weather is going to be like tomorrow. Also because of the dynamic nature of the network and the problem of where stuff is stored relative to who is online the P2P model isn't really the best for "store and forward" applications like E-mail. Sure there are things like Bitmessage but if Bob isn't around for a day or two after Sue tries to send him a bitmessage her software will have to try sending it again. If they have really bad timing it could take months for Bob to get the message. Where in a federated system Sue would send the data to her server of choice which would send it to Bob's server of choice which would hold on to it till bob came online.
People in remote locations or developing countries may not have the bandwidth or disk space to share. There are people in the area where I live for whom a P2P system could easily eat their monthly data allotment in a day or two.
Even tho a P2P system that used good encryption for transfer and storage would be very hard to spy on these systems are complicated beasties and are prone to other forms of attack, resource depletion, evil clients that do things like say they'll forward that data but then throw it away thus vanishing it from the network, governments running a ton of clients to analyze the traffic flow and figure out who is talking to who or even who is who, etc.
It is also important to note that many P2P systems like Bittorrent and Bitcoin do nothing to hide your IP address, so there is no anonymity. Many people are confused and think that P2P automatically means anonymous.
Which is Best
There really is no one best model. The important thing is to try and pick the services that are using the right model for the right job and be aware of the trade offs
- more right but more resources (P2P) - Heavy on bandwidth, CPU time, and disk space but no central server, just other people using the software.
- No rights but fast, easy and light on resource (centralized) - Where people running the service control everything. The rules, your data, who has access and how, etc.
- a bit of a mix (federated) where people running the many servers take the bandwidth and resource hit.
Things to watch out for are centralized sites that are trying to own and control your data, and a newer trend of big companies trying to push the workload onto users by using P2P technologies. Netflix has eyed this to take some of the load off their servers by making people watching a show also stream that show to other people watching the show.. great for them.. terrible for your bandwidth.
Pay attention to which model a service is using and you have a much better ideal of how it effects your rights, freedoms, data, bandwidth, and disk space.
I just want to share an article that everyone should read. It offers a frank and honest look at the whole "terrorism" thing.
The Threat Is Already Inside
Good job Rosa Brooks I'd love to buy you a coffee some day for bringing some level headed discourse to this subject.
It not my habit to just post links to other articles, but this one was far to good not to share.
I am oh so tired of the stupidity going on in the US. So, I am going to explain encryption for all the politicians and people buying the fear mongering about encryption like you all were 5 years old.
Encryption and especially end-to-end encryption is THE ONLY way to have a private conversation in a digital world. When I say THE ONLY I mean exactly that. There is NO other way.
K, everyone got that, No encryption equals NO private conversations EVER.
Now, the very, very, VERY important thing that many people are blanking on is that...
No private conversations equals NO FREEDOM OF SPEECH. You can not have freedom of speech without privacy. Period. End of story.
So the next time someone talks about getting rid of or backdooring or breaking encryption The correct response is "Stop trying to take away my right to free speech"
It's been a while since I've Blogged. Life is like that when blogging is a hobby not an occupation. I've been spending my time on some things that I find interesting.
Twister Has captured my attention lately and I'm finding that it has come a long way since the first time I looked at it. It is becoming quite a nice social media platform and I'm now running a node 24/7 on one of my RPi's.
I've also launched the OpenCPAP Project and That will probably be a big focus for me in the new year.
Of course there has been some downtime to playing and getting all nostalgic on Crossfire. If you are an old time tile based RPG'er or just like that aesthetic I'd strongly suggest giving it a look.
For a while I was working on Getting Yacy running on one of my RPi's but there was some issue with the JRE that Raspbian packages. Perhaps I'll put Arch Linux on one of them and try again.
It is likely that this is my last blog entry for 2015. If so Happy Holidays to all and I'll see you in the new year.
Who stole my freedom and why
Have you ever wondered why you can e-mail anyone with any e-mail account but
you can only chat to people on the same service as you? It's a really good
question and the answer will surprise you.
The fact is you, I, Anyone CAN chat
(IM) to anyone anywhere. The technology exists and is in use all over the place
today. The reason most people don't is because of two things.
A) The big companies don't want you to
B) The big companies don't want you to
I know, I know, A and B look a lot the same but really they are two sides of
the same coin. Lets start with A.
The Big Companies Don't want you to (A)
The Internet's big boy Google,Yahoo, Facebook, Msn, etc Want to make money off
of you and since the first days of Instant Messaging companies realized it was a
"killer feature" everyone raced to have the best chat (IM) application. And
they made sure that their chat wouldn't chat to the other guys. Why? Because
they want to make money off of you... not just you... you, your friends, their
friends, your kids, your kids friends, etc. They want to monetize as many users
as they can... and they understand that if all your friends are on "Super X
chat" then chances are good that you'll cave to presure and use "Super X chat".
Partly because all your friends are on it... partly because all those people being
on it creates a lot of "buzz" so you hear about it a lot more. Partly because
of branding. It is a potent mix. The big companies understand this and
intentionally screw you out of your freedom (to chat to anyone) in a bid to
pressure your friends and family to also join. Big companies see IM as the
crack that will get not just you but all your friends hooked on them. So they
never tell you there is another option. In fact they lie and say it cant be
done because of X, Y, and/or Z
Having a lot of people using one Instant messenger
creates a LOT of pressure for others to use it. Big companies understand this.
It even has a name "The Network effect". The more people there are using a
particular instant messenger (or any other social thing) the more people will
gravitate to it and the harder it is to leave. Think of it like a social
black hole. The bigger it gets the more and faster it pulls people in and the
harder it is to escape. For the big companies this means lots and lots of
customers and lots and lots of money. For you and your friends this means
getting screwed out of your freedom to talk to anyone... because now you can
only talk to people on "Super X chat" and the only way to talk to a person not
on it... is to get them hooked too.
The big companies don't want you too (B)
The free and open protocol I mentioned before (XMPP) is just that, free and
open. None of the big companies control it, much like the protocol that runs
E-mail, in fact your username on XMPP looks just like an E-mail address
and if you are lucky it can be the same as you E-mail address, Mine is.
Just a quick note here for the everyday users. All Instant Messenger systems
are comprised of two parts. The protocol. a definition of how software using
the system will talk to one another and the sotware. Now it is understandable
that most people don't know this distinction because Skype software speaks the
Skype protocol and since Microsoft controls the protocol and wont tell or let
others figure out how it works ONLY the Skype software speaks it. Thus the
average user never sees the distinction between protocol and software with
instant messaging. You do with E-mail because the protocol is open and not
controlled by any one company so there are hunderds of different E-mail
programs that can all talk to one another.
So if companies were to properly implement XMPP they would lose control, you
wouldn't have to be on their network, you wouldn't even have to use their
software. They couldn't force ads on you. It would be much harder to track and
profile you. They'd lose control of you and the leverage they had over your
friends. They also would loose the ability to add and remove features willy
nilly. They'd have to try to be as standard as possible so that you didn't
suddenly find yourself unable to talk to friends or you'd just leave and go get
another account. Imagine if gmail suddenly stopped being able to send mail to
Yahoo because of some "feature", no one would put up with that. So instead of
being the crack that gets you hooked on the big companies they'd see it as a
burden "have to provide to compete" type service and they really don't like
With all that it is no wonder that so few people have heard of XMPP. If people
knew they'd leave the big boys in droves and never come back.
So How do I do this XMPP thing?
Pretty easily actually:
- You download one of the XMPP clients that you like.
- You set up an account on ANY proper XMPP server. (That's just a small list to get you started)
- You share your favouritename@XMPPserver address with your friends.
But here is the hard part...
You refuse to let Big Companies screw you out of you freedom by using a "popular" Instant messenger. As soon as you do that no one on that service will switch. You loose. They loose. Big company wins and continues to screw people out of their freedom.
It is that last bit, the "Network Effect" that is hindering XMPP as much as the
big guys not talking about or using it. People that do know and make the move
over to XMPP are often faced with loosing contact with friends. The thing to
remember is, if enough people switch then the "Network Effect" will be on our
side. The more people there are using XMPP the more people will want to use
XMPP. And suddenly it wont matter what IM software you like or what server you
are on, you'll be able to talk to anyone anywhere. Just like E-mail.
This Is more of an announcement then a blog entry. So please excuse it's brevity
I have recently been looking for a place online to hang my hat and chill out. Not
so much in a social media sense but more in a realtime chat sense. I checked many
of the usual possibilities IRC, etc. but just wasn't having much luck finding what
I was looking for so I have decided to try a bit of an experiment in creating one.
So if you are an older (45+ yo) Techie like myself feel free to fire up your favourite
XMPP/Jabber client and swing by the new Multi User Chat at:
We are just getting started so the crowd is currently fairly sparse, but with luck the
community will grow as word gets around.
Apparently some people were having troubles connecting. I have dropped the S2S encryption
requirements a bit and this should help with most of the connection issues.. If you had
troubles in the past please try again.
In this blog Posting I'm going to show you how to make a Pi Crate from an Clementine/Tangerine/Orange crate.
First you need a sharp knife (an exacto-knife or other knife with a small sharp blade) , and a pair of needle nose pliers (or multi-tool) , a crate, a Raspberry Pi, scissors and some glue. Don't discard the papers from the bottom of the crate we will used them too.
Using the pliers of multi-tool gently pry up the ends of the wires holding the crate together...
Still using the pliers or multi-tool gently pull the wires out of the crate...
You now hav the bottom separated from the crate...
Next gently remove the staples from the sides of the crate...
After doing all four corners you should have a totally disassembled crate...
Take one of the long sides of the crate (should be wood not press board) , and measure the width of the Pi at both ends of the piece. Then using the other long side as a straight edge mark a line between the marks...
Cut along the line. This will give you two parts.. We will use the wider piece for the bottom of the Pi-Crate and the thinner piece for the sides...
Put the Pi on the wider piece at one end and mark a line at the other end of the pi. Using the pi as a straight edge.
Cut That piece off. Repeat if you want a top. (on my crate the sides were just a tad too short for a top to work. Depending on the crate you start with your's may be o.k.)
Line the slim piece up with the Pi sized piece and using one of the spare pieces as a spacer mark it at a point that is equal too the length of the Pi shaped piece plus the width of a wooden side piece. This will give space for the end piece.
Repeate for the other side and then for the end. For the end piece make it the same size as the end of the Pi sized piece...
Ok, Here is where the Paper and glue comes in. Get your scissors and cut 2 strips the length of the Pi sized piece and almost aw wide as the side pieces. Now using one of the short ends of the Crate as a straightedge line up the Pi sized piece and both long sides so all three pieces are touching...
Apply glue to one side of each paper strip and then apply them to the aligned pieces so that they are half on the Pi sized piece and half on an side piece. While waiting for the glue to dry mark and gently cut out a gap in the end piece for the MicroSD card...
Once the glue has dried flip one side up onto the Pi sized piece using the paper as a hinge, Mark and cut out a gap for the various ports on the side of the pi (sound/HDMI/Power. It helpful to work from both sides Flipping it back down to get at the inside. This will bake a nice hole in both the paper and the side piece. Once that is Done use a small tab of paper the width of a side and long enough to secure to both the end piece and the now cut side piece. (there is extra paper on my end piece in the picture as I was experimenting with the top)
Wait for that tab to dry, then using the paper as hinges fold up the sides of the crate and fold closed then end. While holding the end in place gently insert another paper and glue tab to the inside of the corner between the end piece and that side it is not yet attached to. Hold it in place long enough for the glue to get a good hold or use something like books to hold the sides in place while the glue sets.
Now slip your Pi into the new Crate. I found it easiest to put the side with the ports in first then gently press the Pi into place...
Slide ihe MicroSD card into the Pi using the gap you made in the back piece...
Check that all the Side ports are properly accessible, remove the Pi and do any required trimming..
The next steps may be optional. I personally found that the sides felt a little softer then I would like. If you find this to be the case cut two small pieces of wood from some of the remaining crate pieces..
Gently slide these pieces in between the sides of the crate and the front ports of the Pi. Friction will hold them in place nicely so no need to glue.
For me that made the Pi-Crate feel very solid. I haven't bothered with a top for two reasons. As I mentioned before the Clementine crate I was using produced sides that are just shy of tall enough for a top, and I was worried a top might cause ventilation problems.. If you want to do a top just create another paper hinge between either the end piece, or the uncut side piece and another Pi sized piece. I'd strongly suggest cutting holes into it for ventilation.