<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/s3ql__a_locally_mounted_cloud_file_system___nice_free_software.html">s3ql, a locally mounted cloud file system - nice free software</a></div>
- <div class="date"> 9th April 2014</div>
- <div class="body"><p>For a while now, I have been looking for a sensible offsite backup
-solution for use at home. My requirements are simple, it must be
-cheap and locally encrypted (in other words, I keep the encryption
-keys, the storage provider do not have access to my private files).
-One idea me and my friends have had many years ago, before the cloud
-storage providers showed up, have been to use Google mail as storage,
-writing a Linux block device storing blocks as emails in the mail
-service provided by Google, and thus get heaps of free space. On top
-of this one can add encryption, RAID and volume management to have
-lots of (fairly slow, I admit that) cheap and encrypted storage. But
-I never found time to implement such system. But the last few weeks I
-have looked at a system called
-<a href="https://bitbucket.org/nikratio/s3ql/">S3QL</a>, a locally
-mounted network backed file system with the features I need.</p>
-
-<p>S3QL is a fuse file system with a local cache and cloud storage,
-handling several different storage providers, any with Amazon S3,
-Google Drive or OpenStack API. There are heaps of such storage
-providers. S3QL can also use a local directory as storage, which
-combined with sshfs allow for file storage on any ssh server. S3QL
-include support for encryption, compression, de-duplication, snapshots
-and immutable file systems, allowing me to mount the remote storage as
-a local mount point, look at and use the files as if they were local,
-while the content is stored in the cloud as well. This allow me to
-have a backup that should survive fire. The file system can not be
-shared between several machines at the same time, as only one can
-mount it at the time, but any machine with the encryption key and
-access to the storage service can mount it if it is unmounted.</p>
-
-<p>It is simple to use. I'm using it on Debian Wheezy, where the
-package is included already. So to get started, run <tt>apt-get
-install s3ql</tt>. Next, pick a storage provider. I ended up picking
-Greenqloud, after reading their nice recipe on
-<a href="https://greenqloud.zendesk.com/entries/44611757-How-To-Use-S3QL-to-mount-a-StorageQloud-bucket-on-Debian-Wheezy">how
-to use s3ql with their Amazon S3 service</a>, because I trust the laws
-in Iceland more than those in USA when it come to keeping my personal
-data safe and private, and thus would rather spend money on a company
-in Iceland. Another nice recipe is available from the article
-<a href="http://www.admin-magazine.com/HPC/Articles/HPC-Cloud-Storage">S3QL
-Filesystem for HPC Storage</a> by Jeff Layton in the HPC section of
-Admin magazine. When the provider is picked, figure out how to get
-the API key needed to connect to the storage API. With Greencloud,
-the key did not show up until I had added payment details to my
-account.</p>
-
-<p>Armed with the API access details, it is time to create the file
-system. First, create a new bucket in the cloud. This bucket is the
-file system storage area. I picked a bucket name reflecting the
-machine that was going to store data there, but any name will do.
-I'll refer to it as <tt>bucket-name</tt> below. In addition, one need
-the API login and password, and a locally created password. Store it
-all in ~root/.s3ql/authinfo2 like this:
-
-<p><blockquote><pre>
-[s3c]
-storage-url: s3c://s.greenqloud.com:443/bucket-name
-backend-login: API-login
-backend-password: API-password
-fs-passphrase: local-password
-</pre></blockquote></p>
-
-<p>I create my local passphrase using <tt>pwget 50</tt> or similar,
-but any sensible way to create a fairly random password should do it.
-Armed with these details, it is now time to run mkfs, entering the API
-details and password to create it:</p>
-
-<p><blockquote><pre>
-# mkdir -m 700 /var/lib/s3ql-cache
-# mkfs.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
- --ssl s3c://s.greenqloud.com:443/bucket-name
-Enter backend login:
-Enter backend password:
-Before using S3QL, make sure to read the user's guide, especially
-the 'Important Rules to Avoid Loosing Data' section.
-Enter encryption password:
-Confirm encryption password:
-Generating random encryption key...
-Creating metadata tables...
-Dumping metadata...
-..objects..
-..blocks..
-..inodes..
-..inode_blocks..
-..symlink_targets..
-..names..
-..contents..
-..ext_attributes..
-Compressing and uploading metadata...
-Wrote 0.00 MB of compressed metadata.
-# </pre></blockquote></p>
-
-<p>The next step is mounting the file system to make the storage available.
-
-<p><blockquote><pre>
-# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
- --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
-Using 4 upload threads.
-Downloading and decompressing metadata...
-Reading metadata...
-..objects..
-..blocks..
-..inodes..
-..inode_blocks..
-..symlink_targets..
-..names..
-..contents..
-..ext_attributes..
-Mounting filesystem...
-# df -h /mnt
-Filesystem Size Used Avail Use% Mounted on
-s3c://s.greenqloud.com:443/bucket-name 1.0T 0 1.0T 0% /s3ql
-#
-</pre></blockquote></p>
-
-<p>The file system is now ready for use. I use rsync to store my
-backups in it, and as the metadata used by rsync is downloaded at
-mount time, no network traffic (and storage cost) is triggered by
-running rsync. To unmount, one should not use the normal umount
-command, as this will not flush the cache to the cloud storage, but
-instead running the umount.s3ql command like this:
-
-<p><blockquote><pre>
-# umount.s3ql /s3ql
-#
-</pre></blockquote></p>
-
-<p>There is a fsck command available to check the file system and
-correct any problems detected. This can be used if the local server
-crashes while the file system is mounted, to reset the "already
-mounted" flag. This is what it look like when processing a working
-file system:</p>
-
-<p><blockquote><pre>
-# fsck.s3ql --force --ssl s3c://s.greenqloud.com:443/bucket-name
-Using cached metadata.
-File system seems clean, checking anyway.
-Checking DB integrity...
-Creating temporary extra indices...
-Checking lost+found...
-Checking cached objects...
-Checking names (refcounts)...
-Checking contents (names)...
-Checking contents (inodes)...
-Checking contents (parent inodes)...
-Checking objects (reference counts)...
-Checking objects (backend)...
-..processed 5000 objects so far..
-..processed 10000 objects so far..
-..processed 15000 objects so far..
-Checking objects (sizes)...
-Checking blocks (referenced objects)...
-Checking blocks (refcounts)...
-Checking inode-block mapping (blocks)...
-Checking inode-block mapping (inodes)...
-Checking inodes (refcounts)...
-Checking inodes (sizes)...
-Checking extended attributes (names)...
-Checking extended attributes (inodes)...
-Checking symlinks (inodes)...
-Checking directory reachability...
-Checking unix conventions...
-Checking referential integrity...
-Dropping temporary indices...
-Backing up old metadata...
-Dumping metadata...
-..objects..
-..blocks..
-..inodes..
-..inode_blocks..
-..symlink_targets..
-..names..
-..contents..
-..ext_attributes..
-Compressing and uploading metadata...
-Wrote 0.89 MB of compressed metadata.
-#
-</pre></blockquote></p>
-
-<p>Thanks to the cache, working on files that fit in the cache is very
-quick, about the same speed as local file access. Uploading large
-amount of data is to me limited by the bandwidth out of and into my
-house. Uploading 685 MiB with a 100 MiB cache gave me 305 kiB/s,
-which is very close to my upload speed, and downloading the same
-Debian installation ISO gave me 610 kiB/s, close to my download speed.
-Both were measured using <tt>dd</tt>. So for me, the bottleneck is my
-network, not the file system code. I do not know what a good cache
-size would be, but suspect that the cache should e larger than your
-working set.</p>
-
-<p>I mentioned that only one machine can mount the file system at the
-time. If another machine try, it is told that the file system is
-busy:</p>
-
-<p><blockquote><pre>
-# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
- --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
-Using 8 upload threads.
-Backend reports that fs is still mounted elsewhere, aborting.
-#
-</pre></blockquote></p>
-
-<p>The file content is uploaded when the cache is full, while the
-metadata is uploaded once every 24 hour by default. To ensure the
-file system content is flushed to the cloud, one can either umount the
-file system, or ask s3ql to flush the cache and metadata using
-s3qlctrl:
-
-<p><blockquote><pre>
-# s3qlctrl upload-meta /s3ql
-# s3qlctrl flushcache /s3ql
-#
-</pre></blockquote></p>
-
-<p>If you are curious about how much space your data uses in the
-cloud, and how much compression and deduplication cut down on the
-storage usage, you can use s3qlstat on the mounted file system to get
-a report:</p>
-
-<p><blockquote><pre>
-# s3qlstat /s3ql
-Directory entries: 9141
-Inodes: 9143
-Data blocks: 8851
-Total data size: 22049.38 MB
-After de-duplication: 21955.46 MB (99.57% of total)
-After compression: 21877.28 MB (99.22% of total, 99.64% of de-duplicated)
-Database size: 2.39 MB (uncompressed)
-(some values do not take into account not-yet-uploaded dirty blocks in cache)
-#
-</pre></blockquote></p>
-
-<p>I mentioned earlier that there are several possible suppliers of
-storage. I did not try to locate them all, but am aware of at least
-<a href="https://www.greenqloud.com/">Greenqloud</a>,
-<a href="http://drive.google.com/">Google Drive</a>,
-<a href="http://aws.amazon.com/s3/">Amazon S3 web serivces</a>,
-<a href="http://www.rackspace.com/">Rackspace</a> and
-<a href="http://crowncloud.net/">Crowncloud</A>. The latter even
-accept payment in Bitcoin. Pick one that suit your need. Some of
-them provide several GiB of free storage, but the prize models are
-quire different and you will have to figure out what suit you
-best.</p>
-
-<p>While researching this blog post, I had a look at research papers
-and posters discussing the S3QL file system. There are several, which
-told me that the file system is getting a critical check by the
-science community and increased my confidence in using it. One nice
-poster is titled
-"<a href="http://www.lanl.gov/orgs/adtsc/publications/science_highlights_2013/docs/pg68_69.pdf">An
-Innovative Parallel Cloud Storage System using OpenStack’s SwiftObject
-Store and Transformative Parallel I/O Approach</a>" by Hsing-Bung
-Chen, Benjamin McClelland, David Sherrill, Alfred Torrez, Parks Fields
-and Pamela Smith. Please have a look.</p>
-
-<p>Given my problems with different file systems earlier, I decided to
-check out the mounted S3QL file system to see if it would be usable as
-a home directory (in other word, that it provided POSIX semantics when
-it come to locking and umask handling etc). Running
-<a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">my
-test code to check file system semantics, I was happy to discover that
-no error was found. So the file system can be used for home
-directories, if one chooses to do so.</p>
-
-<p>If you do not want a locally file system, and want something that
-work without the Linux fuse file system, I would like to mention the
-<a href="http://www.tarsnap.com/">Tarsnap service</a>, which also
-provide locally encrypted backup using a command line client. It have
-a nicer access control system, where one can split out read and write
-access, allowing some systems to write to the backup and others to
-only read from it.</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Updated_version_of_the_Norwegian_web_service_FiksGataMi.html">Updated version of the Norwegian web service FiksGataMi</a></div>
+ <div class="date">30th December 2014</div>
+ <div class="body"><p>I am very happy that we in the
+<a href="http://www.nuug.no/">Norwegian Unix User group (NUUG)</a>,
+spearheaded by Marius Halden from NUUG and Matthew Somerville from
+MySociety, finally managed to upgrade the code base for the Norwegian
+version of <a href="http://fixmystreet.org/">FixMyStreet</a>. This
+
+was the first major update since 2011. The refurbished
+<a href="http://www.fiksgatami.no/">FiksGataMi</a> is already live, and
+seem to hold up the pressure. The
+<a href="http://www.nuug.no/news/Pressemelding__FiksGataMi_i_oppdatert_og_mobilvennlig_klesdrakt.shtml">press
+release and announcement</a> went out this morning.</p>
+
+<p>FixMyStreet is a web platform for allowing the citizens to easily
+report problems with public infrastructure to the responsible
+authorities. Think of it as a shared mail client with map support,
+allowing everyone to see what already was reported and comment on the
+reports in public.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/EU_domstolen_bekreftet_i_dag_at_datalagringsdirektivet_er_ulovlig.html">EU-domstolen bekreftet i dag at datalagringsdirektivet er ulovlig</a></div>
- <div class="date"> 8th April 2014</div>
- <div class="body"><p>I dag kom endelig avgjørelsen fra EU-domstolen om
-datalagringsdirektivet, som ikke overraskende ble dømt ulovlig og i
-strid med borgernes grunnleggende rettigheter. Hvis du lurer på hva
-datalagringsdirektivet er for noe, så er det
-<a href="http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet">en
-flott dokumentar tilgjengelig hos NRK</a> som jeg tidligere
-<a href="http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html">har
-anbefalt</a> alle å se.</p>
-
-<p>Her er et liten knippe nyhetsoppslag om saken, og jeg regner med at
-det kommer flere ut over dagen. Flere kan finnes
-<a href="http://www.mylder.no/?drill=datalagringsdirektivet&intern=1">via
-mylder</a>.</p>
-
-<p><ul>
-
-<li><a href="http://e24.no/digital/eu-domstolen-datalagringsdirektivet-er-ugyldig/22879592">EU-domstolen:
-Datalagringsdirektivet er ugyldig</a> - e24.no 2014-04-08
-
-<li><a href="http://www.aftenposten.no/nyheter/iriks/EU-domstolen-Datalagringsdirektivet-er-ulovlig-7529032.html">EU-domstolen:
-Datalagringsdirektivet er ulovlig</a> - aftenposten.no 2014-04-08
-
-<li><a href="http://www.aftenposten.no/nyheter/iriks/politikk/Krever-DLD-stopp-i-Norge-7530086.html">Krever
-DLD-stopp i Norge</a> - aftenposten.no 2014-04-08
-
-<li><a href="http://www.p4.no/story.aspx?id=566431">Apenes: - En
-gledens dag</a> - p4.no 2014-04-08
-
-<li><a href="http://www.nrk.no/norge/_-datalagringsdirektivet-er-ugyldig-1.11655929">EU-domstolen:
-– Datalagringsdirektivet er ugyldig</a> - nrk.no 2014-04-08</li>
-
-<li><a href="http://www.vg.no/nyheter/utenriks/data-og-nett/eu-domstolen-datalagringsdirektivet-er-ugyldig/a/10130280/">EU-domstolen:
-Datalagringsdirektivet er ugyldig</a> - vg.no 2014-04-08</li>
-
-<li><a href="http://www.dagbladet.no/2014/04/08/nyheter/innenriks/datalagringsdirektivet/personvern/32711646/">-
-Vi bør skrote hele datalagringsdirektivet</a> - dagbladet.no
-2014-04-08</li>
-
-<li><a href="http://www.digi.no/928137/eu-domstolen-dld-er-ugyldig">EU-domstolen:
-DLD er ugyldig</a> - digi.no 2014-04-08</li>
-
-<li><a href="http://www.irishtimes.com/business/sectors/technology/european-court-declares-data-retention-directive-invalid-1.1754150">European
-court declares data retention directive invalid</a> - irishtimes.com
-2014-04-08</li>
-
-<li><a href="http://www.reuters.com/article/2014/04/08/us-eu-data-ruling-idUSBREA370F020140408?feedType=RSS">EU
-court rules against requirement to keep data of telecom users</a> -
-reuters.com 2014-04-08</li>
-
-</ul>
-</p>
-
-<p>Jeg synes det er veldig fint at nok en stemme slår fast at
-totalitær overvåkning av befolkningen er uakseptabelt, men det er
-fortsatt like viktig å beskytte privatsfæren som før, da de
-teknologiske mulighetene fortsatt finnes og utnyttes, og jeg tror
-innsats i prosjekter som
-<a href="https://wiki.debian.org/FreedomBox">Freedombox</a> og
-<a href="http://www.dugnadsnett.no/">Dugnadsnett</a> er viktigere enn
-noen gang.</p>
-
-<p><strong>Update 2014-04-08 12:10</strong>: Kronerullingen for å
-stoppe datalagringsdirektivet i Norge gjøres hos foreningen
-<a href="http://www.digitaltpersonvern.no/">Digitalt Personvern</a>,
-som har samlet inn 843 215,- så langt men trenger nok mye mer hvis
-
-ikke Høyre og Arbeiderpartiet bytter mening i saken. Det var
-<a href="http://www.holderdeord.no/parliament-issues/48650">kun
-partinene Høyre og Arbeiderpartiet</a> som stemte for
-Datalagringsdirektivet, og en av dem må bytte mening for at det skal
-bli flertall mot i Stortinget. Se mer om saken
-<a href="http://www.holderdeord.no/issues/69-innfore-datalagringsdirektivet">Holder
-de ord</a>.</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/L_r_kidsa_koding_har_vanligvis_ikke_samtykkeerkl_ringer.html">Lær kidsa koding har vanligvis ikke samtykkeerklæringer</a></div>
+ <div class="date">21st December 2014</div>
+ <div class="body"><p>Bruken av samtykkeerklæring i forbindelse med Lær kidsa koding
+(LKK),
+<a href="http://people.skolelinux.org/pere/blog/Klarer_ikke_Microsoft___holde_p__hemmeligheter_.html">som
+jeg omtalte for noen dager siden</a>, var så overraskende at jeg tok
+kontakt med de som koordinerer LKK koding sentralt for å høre hvor
+ofte foreldre har blitt bedt om a signere på samtykkeerklæringer i
+forbindelse med LKK, og om jeg kunne få kopi av de som var brukt i
+fjor og i år.</p>
+
+<p>Simen Sommerfeldt svarte og fortalte at LKK koding sentralt ikke
+hadde hørt om bruk av samtykkeerklæringer i sammenheng med LKK før
+saken kom opp i Aftenposten, og at dette dermed var en helt ny
+problemstilling som de ikke hadde noen rutiner og regler for. Slike
+oppslag og protester var ikke en situasjon de ønsket å komme opp i
+igjen, så de planlegger å lage en policy rundt dette som gjør at det
+ikke gjentar seg. Han fortalte videre at de har bedt
+Microsoft-folkene formulere et forslag til policy-tekst som ikke kan
+misforstås nå som Microsoft har erfart hvor galt det kan gå.</p>
+
+<p>Han fortalte også at Christine Korme hos Microsoft hadde
+forfattet følgende tekst som hun ba om ble sendt til alle som spør:</p>
+
+<p><blockquote>
+<p>«Først og fremst; vi beklager på det sterkeste at en feil hos oss
+ har ført til et slikt oppslag. I Microsoft Norge støtter vi LKK med
+ hjerte og sjel og ønsker på ingen må at det skal stilles spørsmål
+ ved det fantastiske arbeidet som gjøres av LKK! Jeg beklager dette
+ på det sterkeste og ber om å få lov til å forklare.</p>
+
+<p>Microsoft var til stede i 5. klasse på Ruseløkka skole for å kjøre
+ en kodetime. Vi hadde med et TV-team fra TV2 God Morgen Norge og et
+ TV-team fra Microsoft. Foresatte ble bedt om å gi et skriftlig
+ samtykke for at opptak og bilder av barna kunne brukes. Microsoft
+ bruker ikke bilder eller opptak av barn uten at et skriftlig
+ samtykke gis av foresatte. Alle barna i klassen skulle delta i
+ kodetimen helt uavhengig av om det var gitt samtykke for filming
+ eller ikke. Barn som ikke skulle filmes ble plassert bakerst i
+ klassen slik at de ikke kom med på bilder. Men alle elever var med
+ og alle fikk hjelp av oss - selvfølgelig. Jeg var selv til stede og
+ tror jeg på vegne av alle kan si; dette var gøy! Det medfører altså
+ ikke på noen som helst måte riktighet at noen elever ble ekskludert
+ dersom deres foresatte ikke hadde skrevet under en
+ samtykkeerklæring. Klassen på Ruseløkka var det eneste stedet det
+ var med et Microsoft TV-team i løpet av kodeuken.</p>
+
+<p>I går ettermiddag ble jeg ringt opp av en journalist fra
+ Aftenposten om saken. Foreldre hadde reagert på
+ samtykkeerklæringen. Hverken lærer for femteklassen, rektor eller
+ jeg hadde hørt fra noen foreldre før Aftenposten ringte onsdag
+ ettermiddag.</p>
+
+<p>I Microsoft har vi kommet i skade for å bruke et standard formular
+ som samtykkeerklæring. Dette er ikke dekkende for Microsofts bruk av
+ denne filmen. Det beklager jeg sterkt. En ny samtykkeerklæring er i
+ dag sendt til skolen. Denne samtykkeerklæringen mener vi klargjør
+ bruken av opptakene.</p>
+
+<p>Det har aldri vært vår hensikt å bruke opptakene i kommersiell
+ sammenheng. Filmen på 2-3 minutter lages for å vise hva Microsoft i
+ de nordiske landene bidro med under kodeuken. Filmen vil bli vist
+ internt i Microsoft og eksternt i forbindelse med arrangementer og
+ diskusjoner som handler om undervisning i koding og informatikk.
+ Filmen vil også være tilgjengelig på en Microsoft nettside som
+ handler om koding og undervisning av elever. I skrivende stund er
+ ingen bilder eller opptak brukt eller lagt ut noe sted. Disse vil
+ heller ikke bli brukt uten at foresatte til barn som medvirker har
+ skrevet under en ny samtykkeerklæring som understreker at bruken
+ ikke er kommersiell.</p>
+
+<p>Jeg håper dette oppklarende og igjen beklager jeg på det sterkeste
+ at dette har inntruffet.</p>
+
+<p>Microsoft Norge hjalp om lag 600 elever med å kode i kodeuken og
+ dette var en dugnad våre ansatte satte svært stor pris på å få
+ anledning til å støtte! Jeg håper ikke den uheldige delen av saken
+ overskygger det som hele tiden har vært det aller, aller viktigste
+ for oss: å lære kidsa å kode.»</p>
+
+</blockquote></p>
+
+<p>Det betyr altså at vanligvis pleier Microsoft å be folk som sier ja
+til å bli filmet om å holde på hemmelighetene til Microsoft, samt be
+om lov til å bruke filmene kommersielt over hele verden i all fremtid,
+men at de egentlig ikke hadde tenkt på om det var så lurt å gjøre det
+samme med skoleelever i offentlig norsk skole. Og skolen tenkte
+tydeligvis heller ikke så mye på problemstillingen da de lot Microsoft
+dele ut forslaget til samtykkeerklæring til foreldrene. Altså svikt i
+flere ledd, men alle hadde gode intensjoner og ønsker å støtte et godt
+tiltak.</p>
+
+<p>Jeg lurer på hvilke konsekvensen denne svikten får i skolenorge.
+Blir det gjort bedre vurderinger i neste skole når noen vil filme?
+Det høres i hvert fall ut som om Lær kidsa kode skal gjøre sitt, og
+fortsatt sørge for at alle som ønsker det får lære å programmere, uten
+å måtte akseptere urimelige vilkår.</p>
+
+<p>Jeg har spurt Microsoft og skolen om kopi av opprinnelig og ny
+samtykkeerklæring, men ikke fått svar ennå. Er spent på om det var
+mer interessant i det opprinnelige, og hva som er endret i den nye.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html">ReactOS Windows clone - nice free software</a></div>
- <div class="date"> 1st April 2014</div>
- <div class="body"><p>Microsoft have announced that Windows XP reaches its end of life
-2014-04-08, in 7 days. But there are heaps of machines still running
-Windows XP, and depending on Windows XP to run their applications, and
-upgrading will be expensive, both when it comes to money and when it
-comes to the amount of effort needed to migrate from Windows XP to a
-new operating system. Some obvious options (buy new a Windows
-machine, buy a MacOSX machine, install Linux on the existing machine)
-are already well known and covered elsewhere. Most of them involve
-leaving the user applications installed on Windows XP behind and
-trying out replacements or updated versions. In this blog post I want
-to mention one strange bird that allow people to keep the hardware and
-the existing Windows XP applications and run them on a free software
-operating system that is Windows XP compatible.</p>
-
-<p><a href="http://www.reactos.org/">ReactOS</a> is a free software
-operating system (GNU GPL licensed) working on providing a operating
-system that is binary compatible with Windows, able to run windows
-programs directly and to use Windows drivers for hardware directly.
-The project goal is for Windows user to keep their existing machines,
-drivers and software, and gain the advantages from user a operating
-system without usage limitations caused by non-free licensing. It is
-a Windows clone running directly on the hardware, so quite different
-from the approach taken by <a href="http://www.winehq.org/">the Wine
-project</a>, which make it possible to run Windows binaries on
-Linux.</p>
-
-<p>The ReactOS project share code with the Wine project, so most
-shared libraries available on Windows are already implemented already.
-There is also a software manager like the one we are used to on Linux,
-allowing the user to install free software applications with a simple
-click directly from the Internet. Check out the
-<a href="http://www.reactos.org/screenshots">screen shots on the
-project web site</a> for an idea what it look like (it looks just like
-Windows before metro).</p>
-
-<p>I do not use ReactOS myself, preferring Linux and Unix like
-operating systems. I've tested it, and it work fine in a virt-manager
-virtual machine. The browser, minesweeper, notepad etc is working
-fine as far as I can tell. Unfortunately, my main test application
-is the software included on a CD with the Lego Mindstorms NXT, which
-seem to install just fine from CD but fail to leave any binaries on
-the disk after the installation. So no luck with that test software.
-No idea why, but hope someone else figure out and fix the problem.
-I've tried the ReactOS Live ISO on a physical machine, and it seemed
-to work just fine. If you like Windows and want to keep running your
-old Windows binaries, check it out by
-<a href="http://www.reactos.org/download">downloading</a> the
-installation CD, the live CD or the preinstalled virtual machine
-image.</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Of_course_USA_loses_in_cyber_war___NSA_and_friends_made_sure_it_would_happen.html">Of course USA loses in cyber war - NSA and friends made sure it would happen</a></div>
+ <div class="date">19th December 2014</div>
+ <div class="body"><p>So, Sony caved in
+(<a href="https://twitter.com/RobLowe/status/545338568512917504">according
+to Rob Lowe</a>) and demonstrated that America lost its first cyberwar
+(<a href="https://twitter.com/newtgingrich/status/545339074975109122">according
+to Newt Gingrich</a>). It should not surprise anyone, after the
+whistle blower Edward Snowden documented that the government of USA
+and their allies for many years have done their best to make sure the
+technology used by its citizens is filled with security holes allowing
+the secret services to spy on its own population. No one in their
+right minds could believe that the ability to snoop on the people all
+over the globe could only be used by the personnel authorized to do so
+by the president of the United States of America. If the capabilities
+are there, they will be used by friend and foe alike, and now they are
+being used to bring Sony on its knees.</p>
+
+<p>I doubt it will a lesson learned, and expect USA to lose its next
+cyber war too, given how eager the western intelligence communities
+(and probably the non-western too, but it is less in the news) seem to
+be to continue its current dragnet surveillance practice.</p>
+
+<p>There is a reason why China and others are trying to move away from
+Windows to Linux and other alternatives, and it is not to avoid
+sending its hard earned dollars to Cayman Islands (or whatever
+<a href="https://en.wikipedia.org/wiki/Tax_haven">tax haven</a>
+Microsoft is using these days to collect the majority of its
+income. :)</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/reactos">reactos</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html">Debian Edu interview: Roger Marsal</a></div>
- <div class="date">30th March 2014</div>
- <div class="body"><p><a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a>
-keep gaining new users. Some weeks ago, a person showed up on IRC,
-<a href="irc://irc.debian.org/#debian-edu">#debian-edu</a>, with a
-wish to contribute, and I managed to get a interview with this great
-contributor Roger Marsal to learn more about his background.</p>
-
-<p><strong>Who are you, and how do you spend your days?</strong></p>
-
-<p>My name is Roger Marsal, I'm 27 years old (1986 generation) and I
-live in Barcelona, Spain. I've got a strong business background and I
-work as a patrimony manager and as a real estate agent. Additionally,
-I've co-founded a British based tech company that is nowadays on the
-last development phase of a new social networking concept.</p>
-
-<p>I'm a Linux enthusiast that started its journey with Ubuntu four years
-ago and have recently switched to Debian seeking rock solid stability
-and as a necessary step to gain expertise.</p>
-
-<p>In a nutshell, I spend my days working and learning as much as I
-can to face both my job, entrepreneur project and feed my Linux
-hunger.</p>
-
-<p><strong>How did you get in contact with the Skolelinux / Debian Edu
-project?</strong></p>
-
-<p>I discovered the <a href="http://www.ltsp.org/">LTSP</a> advantages
-with "Ubuntu 12.04 alternate install" and after a year of use I
-started looking for an alternative. Even though I highly value and
-respect the Ubuntu project, I thought it was necessary for me to
-change to a more robust and stable alternative. As far as I was using
-Debian on my personal laptop I thought it would be fine to install
-Debian and configure an LTSP server myself. Surprised, I discovered
-that the Debian project also supported a kind of Edubuntu equivalent,
-and after having some pain I obtained a Debian Edu network up and
-running. I just loved it.</p>
-
-<p><strong>What do you see as the advantages of Skolelinux / Debian
-Edu?</strong></p>
-
-<p>I found a main advantage in that, once you know "the tips and
-tricks", a new installation just works out of the box. It's the most
-complete alternative I've found to create an LTSP network. All the
-other distributions seems to be made of plastic, Debian Edu seems to
-be made of steel.</p>
-
-<p><strong>What do you see as the disadvantages of Skolelinux / Debian
-Edu?</strong></p>
-
-<p>I found two main disadvantages.</p>
-
-<p>I'm not an expert but I've got notions and I had to spent a considerable
-amount of time trying to bring up a standard network topology. I'm quite
-stubborn and I just worked until I did but I'm sure many people with few
-resources (not big schools, but academies for example) would have switched
-or dropped.</p>
-
-<p>It's amazing how such a complex system like Debian Edu has achieved
-this out-of-the-box state. Even though tweaking without breaking gets
-more difficult, as more factors have to be considered. This can
-discourage many people too.</p>
-
-<p><strong>Which free software do you use daily?</strong></p>
-
-<p>I use Debian, Firefox, Okular, Inkscape, LibreOffice and
-Virtualbox.</p>
-
-
-<p><strong>Which strategy do you believe is the right one to use to
-get schools to use free software?</strong></p>
-
-<p>I don't think there is a need for a particular strategy. The free
-attribute in both "freedom" and "no price" meanings is what will
-really bring free software to schools. In my experience I can think of
-the <a href="http://www.r-project.org/">"R" statistical language</a>; a
-few years a ago was an extremely nerd tool for university people.
-Today it's being increasingly used to teach statistics at many
-different level of studies. I believe free and open software will
-increasingly gain popularity, but I'm sure schools will be one of the
-first scenarios where this will happen.</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Klarer_ikke_Microsoft___holde_p__hemmeligheter_.html">Klarer ikke Microsoft å holde på hemmeligheter?</a></div>
+ <div class="date">18th December 2014</div>
+ <div class="body"><p>Må Microsoft virkelig ha hjelp av unger for å holde på
+hemmelighetene sine?</p>
+
+<p>I dag kom det en fascinerende artikkel i Aftenposten om
+<a href="http://www.osloby.no/nyheter/Microsoft-ba-om-a-fa-bruke-bilder-og-video-av-barna-dine-7831036.html">hva
+Microsoft har foreslått at foreldre går med på</a> for å la ungene
+delta på <a href="http://www.kidsakoder.no/">Lær kidsa koding</a> på
+skolen. De ber foreldrene om å få bruke bilder og video av ungene
+kommersielt og gratis i all fremtid, hvilket var så drøyt at
+Arbeiderpartiets bystyrerepresentant
+<a href="https://no.wikipedia.org/wiki/Per_Anders_Langerød">Per Anders
+Torvik Langerød</a> tok opp saken opp under bystyrets muntlige
+spørretime onsdag. Resultatet av dette er at Microsoft har trukket
+tilbake teksten i samtykkeerklæringen og kommunikasjonsdirektør
+Christine Korme i Microsoft sier i artikkelen at «Vi vil presentere en
+ny erklæring som gjør det helt klart i hvilken forbindelse materialet
+skal brukes, altså ikke-kommersielt», hvilket jo er fint. Jeg lurer
+virkelig på hvordan teksten kunne slippe ut til foreldrene i første
+omgang. Her har noen på skolen ikke fulgt med i timen, eller mangler
+grunnleggende personverntrening.</p>
+
+<p>Men bildet av samtykkeerklæringen inneholder også en annen
+problematisk klausul, som ikke omtales overhodet i
+Aftenposten-artikkelen. Neste punkt i erklæringen lyder:</p>
+
+<p><blockquote>
+«Du aksepterer ikke å bruke eller videreformidle til en tredjepart
+noen hemmelige eller fortrolige opplysninger som gis av Microsoft i
+løpet av elevens deltagelse.»
+</blockquote></p>
+
+<p>Mener Microsoft virkelig at foreldre og barn skal ta ansvar for at
+Microsoft ikke klarer å holde hemmelig og fortrolig informasjon for
+seg selv når de besøker en offentlig norsk skole? Jeg ville nektet
+plent å signert på en avtale med en slik klausul, da det er Microsofts
+ansvar å holde på sine hemmeligheter, og ikke noe mine barn og min
+familie tar på oss erstatningsansvar for hvis de kommer på avveie.</p>
+
+<p>Jeg lurer på om noen har fått se den nye samtykkeerklæringen?
+Inneholder den fortsatt klausul om hemmelighold? Hvor mange er det
+som hittil har signert på den gamle samtykkeerklæringen? Hvor har den
+vært brukt? Savnet svar på disse spørsmålene i artikkelen, da de som
+har signert på den gamle vel vil være bundet av den selv om ingen
+flere signerer på den.</p>
+
+<p>Lær kidsa koding er et glimrende initiativ, og jeg skulle ønske
+noen av <a href="http://www.nuug.no/">foreningen NUUGs</a> medlemmer
+hadde kapasitet til å delta i initiativet på NUUGs vegne. Selv tar
+jobb, familie og eksisterende prosjekter allerede all tid. Slik
+Microsoft tydeligvis holder på er det behov for noen med et annet syn
+på livet som bidragsyter her.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html">Dokumentaren om Datalagringsdirektivet sendes endelig på NRK</a></div>
- <div class="date">26th March 2014</div>
- <div class="body"><p><a href="http://www.nuug.no/">Foreningen NUUG</a> melder i natt at
-NRK nå har bestemt seg for
-<a href="http://www.nuug.no/news/NRK_viser_filmen_om_Datalagringsdirektivet_f_rste_gang_2014_03_31.shtml">når
-den norske dokumentarfilmen om datalagringsdirektivet skal
-sendes</a> (se <a href="http://www.imdb.com/title/tt2832844/">IMDB</a>
-for detaljer om filmen) . Første visning blir på NRK2 mandag
-2014-03-31 kl. 19:50, og deretter visninger onsdag 2014-04-02
-kl. 12:30, fredag 2014-04-04 kl. 19:40 og søndag 2014-04-06 kl. 15:10.
-Jeg har sett dokumentaren, og jeg anbefaler enhver å se den selv. Som
-oppvarming mens vi venter anbefaler jeg Bjørn Stærks kronikk i
-Aftenposten fra i går,
-<a href="http://www.aftenposten.no/meninger/kronikker/Autoritar-gjokunge-7514915.html">Autoritær
-gjøkunge</a>, der han gir en grei skisse av hvor ille det står til med
-retten til privatliv og beskyttelsen av demokrati i Norge og resten
-verden, og helt riktig slår fast at det er vi i databransjen som
-sitter med nøkkelen til å gjøre noe med dette. Jeg har involvert meg
-i prosjektene <a href="http://www.dugnadsnett.no/">dugnadsnett.no</a>
-og <a href="https://wiki.debian.org/FreedomBox">FreedomBox</a> for å
-forsøke å gjøre litt selv for å bedre situasjonen, men det er mye
-hardt arbeid fra mange flere enn meg som gjenstår før vi kan sies å ha
-gjenopprettet balansen.</p>
-
-<p>Jeg regner med at nettutgaven dukker opp på
-<a href="http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet">NRKs
-side om filmen om datalagringsdirektivet</a> om fem dager. Hold et
-øye med siden, og tips venner og slekt om at de også bør se den.</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Opphavsretts_status_for__Empty_Socks__fra_1927_.html">Opphavsretts-status for «Empty Socks» fra 1927?</a></div>
+ <div class="date">12th December 2014</div>
+ <div class="body"><p>For noen dager siden
+<a href="http://www.nb.no/Hva-skjer/Aktuelt/Nyheter/Tapt-filmskatt-fra-Disney-funnet-i-Nasjonalbiblioteket">annonserte
+Nasjonalbiblioteket gladnyheten</a> om at de i sine arkiver hadde
+funnet et nitratfilm-eksemplar av en 87 år gammel Disney-film ved navn
+Empty Socks, en film som tidligere var antatt tapt og der det i følge
+nyhetsmeldinger var kun ca. 25 sekunder bevart for ettertiden.
+Nasjonalbiblioteket hadde 5 minutter og 30 sekunder av filmen i sitt
+magasin. Dette er flott for bevaringen av verdens kulturarv. 5,5
+minutter mindre tapt enn vi trodde av vår felles historie.</p>
+
+<p>Men hvordan kunne filmen gå tapt, når arkivlovene i USA krevde at
+publiserte filmer på den tiden ble deponert i bibliotek? Forklaringen
+har jeg fra Lawrence Lessig og boken
+<a href="http://free-culture.cc/">Free Culture</a>, som jeg holder på
+<a href="https://github.com/petterreinholdtsen/free-culture-lessig">å
+oversette til norsk</a>:</p>
+
+<p><blockquote>
+<p>Dette er delvis på grunn av loven. Opphavsrettseiere var tidlig i
+ amerikansk opphavsrettslov nødt til å deponere kopier av sine verk i
+ biblioteker. Disse kopiene skulle både sikre spredning av kunnskap,
+ og sikre at det fantes en kopi av verket tilgjengelig når vernetiden
+ utløp, slik at andre kunne få tilgang til og kopiere verket.</p>
+
+<p>Disse reglene gjaldt også for filmer. Men i 1915 gjorde
+ kongressbiblioteket et unntak for film. Filmer kunne bli
+ opphavsrettsbeskyttet så lenge det ble gjort slik deponering. Men
+ filmskaperne fikk så lov til å låne tilbake de deponerte filmene -
+ så lenge de ville uten noe kostnad. Bare i 1915 var det mer enn 5475
+ filmer deponert og “lånt tilbake”. Dermed var det ikke noe eksemplar
+ i noe bibliotek når vernetiden til filmen utløp. Eksemplaret
+ eksisterer - hvis den finnes i det hele tatt - i arkivbiblioteket
+ til filmselskapet.</p>
+</blockquote></p>
+
+<p>Nyheten gjorde meg nysgjerrig på om filmen kunne være falt i det
+fri. En 87 år gammel film kunne jo tenkes å ha blitt en del av
+allemannseiet, slik at vi alle kan bruke den til å bygge videre på vår
+felles kultur uten å måtte be om tillatelse - slik Walt Disney gjorde
+det i starten av sin karriere. Jeg spurte nasjonalbiblioteket, og de
+sa nei. Hvordan kan det ha seg med en så gammel film? Jeg besteme
+meg for å undersøke nærmere. En kan finne informasjon om den norske
+vernetiden på
+<a href="https://lovdata.no/dokument/NL/lov/1961-05-12-2">Lovdata</a>
+og </a>Wikipedia</A>. Her er et relevant <a
+href="https://no.wikipedia.org/wiki/Opphavsrett#Vernetid">utsnitt fra
+siden om opphavsrett i den norske Wikipedia</a>:</p>
+
+<p><blockquote>
+ Ifølge åndsverkloven §§ 40-41 utløper vernetiden for et åndsverk 70
+ år etter utløpet av opphavspersonens dødsår. [...] For filmverk
+ gjelder særlige regler: Her kommer ikke alle mulige opphavspersoner
+ i betraktning, men kun hovedregissøren, manusforfatteren,
+ dialogforfatteren og komponisten av filmmusikken. Vernetiden
+ begynner å løpe etter utgangen av dødsåret til den lengstlevende av
+ disse. [...] Der opphavspersonen er ukjent, utløper opphavsretten 70
+ år etter første kjente offentliggjørelse av verket. Det er kun de
+ økonomiske rettighetene som faller bort i det vernetiden er
+ utløpt. De ideelle rettighetene må fortsatt respekteres, noe som
+ blant annet innebærer at man plikter å navngi opphavspersonen ved
+ tilgjengeliggjøring.
+</blockquote></p>
+
+<p>I følge nettstedet
+<a href="http://www.disneyshorts.org/shorts.aspx?shortID=75">The
+Encyclopedia of Disney Animated Shorts</a> er følgende personer gitt
+æren for denne kortfilmen:</p>
+
+<dl>
+
+<dt>Regissør</dt>
+<dd><a href="https://en.wikipedia.org/wiki/Walt_Disney">Walt Disney</a> (1901-12-05 – 1966-12-15) +70 år = 2037</dd>
+
+<dt>Animasjon
+<dd><a href="https://en.wikipedia.org/wiki/Ub_Iwerks">Ub Iwerks</a> (1901-03-24 – 1971-07-07) +70 år = 2042
+<br><a href="https://en.wikipedia.org/wiki/Rollin_Hamilton">Rollin "Ham" Hamilton</a> (1898-10-28 - 1951-06-03) +70 år = 2022
+<br><a href="https://en.wikipedia.org/wiki/Harman_and_Ising">Hugh Harman</a> (1903-08-31 – 1982-11-25) +70 år = 2053</dd>
+
+<dt>Kamera
+<dd>Mike Marcus (?-?)</dd>
+
+</dl>
+
+<p>Alle fødsels- og dødsdatoene er fra engelske Wikipedia. Det er
+ikke oppgitt navn på manusforfatter, dialogforfatter og komponist, men
+jeg mistenker at tegnerne vil få opphavsrettigheter på tegnefilmer her
+i Norge, og tar derfor med disse. Kameramannen vil ikke få noen
+rettigheter så vidt jeg forstår, og er derfor ignorert her.</p>
+
+<p>Slik jeg forstår den norske opphavsretten vil dermed dette
+filmverket bli allemannseie (også kalt å falle i det fri) i 2053, 126
+år etter at det ble utgitt. Hvis kun regissørens rettigheter er
+relevante, vil det skje i 2037, 110 år etter at det ble utgitt. Etter
+det vil enhver kunne dele det med alle de har lyst til, fremføre det
+offentlig eller klippe og lime i det for å lage sin egen film basert
+på det - helt uten å måtte spørre noen om lov.</p>
+
+<p>Måtte så Nasjonalbiblioteket spørre om lov før de kunne kopiere
+sitt nitrat-eksemplar over på mer varig format? Nei, heldigvis.
+Åndsverklovens § 16 sier at arkiv, bibliotek, museer og undervisnings-
+og forskningsinstitusjoner har rett til å fremstille eksemplar av verk
+for konserverings- og sikringsformål og andre særskilte formål.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>.
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html">Public Trusted Timestamping services for everyone</a></div>
- <div class="date">25th March 2014</div>
- <div class="body"><p>Did you ever need to store logs or other files in a way that would
-allow it to be used as evidence in court, and needed a way to
-demonstrate without reasonable doubt that the file had not been
-changed since it was created? Or, did you ever need to document that
-a given document was received at some point in time, like some
-archived document or the answer to an exam, and not changed after it
-was received? The problem in these settings is to remove the need to
-trust yourself and your computers, while still being able to prove
-that a file is the same as it was at some given time in the past.</p>
-
-<p>A solution to these problems is to have a trusted third party
-"stamp" the document and verify that at some given time the document
-looked a given way. Such
-<a href="https://en.wikipedia.org/wiki/Notarius">notarius</a> service
-have been around for thousands of years, and its digital equivalent is
-called a
-<a href="http://en.wikipedia.org/wiki/Trusted_timestamping">trusted
-timestamping service</a>. <a href="http://www.ietf.org/">The Internet
-Engineering Task Force</a> standardised how such service could work a
-few years ago as <a href="http://tools.ietf.org/html/rfc3161">RFC
-3161</a>. The mechanism is simple. Create a hash of the file in
-question, send it to a trusted third party which add a time stamp to
-the hash and sign the result with its private key, and send back the
-signed hash + timestamp. Both email, FTP and HTTP can be used to
-request such signature, depending on what is provided by the service
-used. Anyone with the document and the signature can then verify that
-the document matches the signature by creating their own hash and
-checking the signature using the trusted third party public key.
-There are several commercial services around providing such
-timestamping. A quick search for
-"<a href="https://duckduckgo.com/?q=rfc+3161+service">rfc 3161
-service</a>" pointed me to at least
-<a href="https://www.digistamp.com/technical/how-a-digital-time-stamp-works/">DigiStamp</a>,
-<a href="http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx">Quo
-Vadis</a>,
-<a href="https://www.globalsign.com/timestamp-service/">Global Sign</a>
-and <a href="http://www.globaltrustfinder.com/TSADefault.aspx">Global
-Trust Finder</a>. The system work as long as the private key of the
-trusted third party is not compromised.</p>
-
-<p>But as far as I can tell, there are very few public trusted
-timestamp services available for everyone. I've been looking for one
-for a while now. But yesterday I found one over at
-<a href="https://www.pki.dfn.de/zeitstempeldienst/">Deutches
-Forschungsnetz</a> mentioned in
-<a href="http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/">a
-blog by David Müller</a>. I then found
-<a href="http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html">a
-good recipe on how to use the service</a> over at the University of
-Greifswald.</p>
-
-<p><a href="http://www.openssl.org/">The OpenSSL library</a> contain
-both server and tools to use and set up your own signing service. See
-the ts(1SSL), tsget(1SSL) manual pages for more details. The
-following shell script demonstrate how to extract a signed timestamp
-for any file on the disk in a Debian environment:</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/How_to_stay_with_sysvinit_in_Debian_Jessie.html">How to stay with sysvinit in Debian Jessie</a></div>
+ <div class="date">22nd November 2014</div>
+ <div class="body"><p>By now, it is well known that Debian Jessie will not be using
+sysvinit as its boot system by default. But how can one keep using
+sysvinit in Jessie? It is fairly easy, and here are a few recipes,
+courtesy of
+<a href="http://www.vitavonni.de/blog/201410/2014102101-avoiding-systemd.html">Erich
+Schubert</a> and
+<a href="http://smcv.pseudorandom.co.uk/2014/still_universal/">Simon
+McVittie</a>.
+
+<p>If you already are using Wheezy and want to upgrade to Jessie and
+keep sysvinit as your boot system, create a file
+<tt>/etc/apt/preferences.d/use-sysvinit</tt> with this content before
+you upgrade:</p>
<p><blockquote><pre>
-#!/bin/sh
-set -e
-url="http://zeitstempel.dfn.de"
-caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt"
-reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
-resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
-cafile=chain.txt
-if [ ! -f $cafile ] ; then
- wget -O $cafile "$caurl"
-fi
-openssl ts -query -data "$1" -cert | tee "$reqfile" \
- | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile"
-openssl ts -reply -in "$resfile" -text 1>&2
-openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2
-base64 < "$resfile"
-rm "$reqfile" "$resfile"
-</pre></blockquote></p>
+Package: systemd-sysv
+Pin: release o=Debian
+Pin-Priority: -1
+</pre></blockquote><p>
+
+<p>This file content will tell apt and aptitude to not consider
+installing systemd-sysv as part of any installation and upgrade
+solution when resolving dependencies, and thus tell it to avoid
+systemd as a default boot system. The end result should be that the
+upgraded system keep using sysvinit.</p>
+
+<p>If you are installing Jessie for the first time, there is no way to
+get sysvinit installed by default (debootstrap used by
+debian-installer have no option for this), but one can tell the
+installer to switch to sysvinit before the first boot. Either by
+using a kernel argument to the installer, or by adding a line to the
+preseed file used. First, the kernel command line argument:
-<p>The argument to the script is the file to timestamp, and the output
-is a base64 encoded version of the signature to STDOUT and details
-about the signature to STDERR. Note that due to
-<a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553">a bug
-in the tsget script</a>, you might need to modify the included script
-and remove the last line. Or just write your own HTTP uploader using
-curl. :) Now you too can prove and verify that files have not been
-changed.</p>
-
-<p>But the Internet need more public trusted timestamp services.
-Perhaps something for <a href="http://www.uninett.no/">Uninett</a> or
-my work place the <a href="http://www.uio.no/">University of Oslo</a>
-to set up?</p>
+<p><blockquote><pre>
+preseed/late_command="in-target apt-get install --purge -y sysvinit-core"
+</pre></blockquote><p>
+
+<p>Next, the line to use in a preseed file:</p>
+
+<p><blockquote><pre>
+d-i preseed/late_command string in-target apt-get install -y sysvinit-core
+</pre></blockquote><p>
+
+<p>One can of course also do this after the first boot by installing
+the sysvinit-core package.</p>
+
+<p>I recommend only using sysvinit if you really need it, as the
+sysvinit boot sequence in Debian have several hardware specific bugs
+on Linux caused by the fact that it is unpredictable when hardware
+devices show up during boot. But on the other hand, the new default
+boot system still have a few rough edges I hope will be fixed before
+Jessie is released.</p>
+
+<p>Update 2014-11-26: Inspired by
+<ahref="https://www.mirbsd.org/permalinks/wlog-10-tg_e20141125-tg.htm#e20141125-tg_wlog-10-tg">a
+blog post by Torsten Glaser</a>, added --purge to the preseed
+line.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html">Video DVD reader library / python-dvdvideo - nice free software</a></div>
- <div class="date">21st March 2014</div>
- <div class="body"><p>Keeping your DVD collection safe from scratches and curious
-children fingers while still having it available when you want to see a
-movie is not straight forward. My preferred method at the moment is
-to store a full copy of the ISO on a hard drive, and use VLC, Popcorn
-Hour or other useful players to view the resulting file. This way the
-subtitles and bonus material are still available and using the ISO is
-just like inserting the original DVD record in the DVD player.</p>
-
-<p>Earlier I used dd for taking security copies, but it do not handle
-DVDs giving read errors (which are quite a few of them). I've also
-tried using
-<a href="http://people.skolelinux.org/pere/blog/Ripping_problematic_DVDs_using_dvdbackup_and_genisoimage.html">dvdbackup
-and genisoimage</a>, but these days I use the marvellous python library
-and program
-<a href="http://bblank.thinkmo.de/blog/new-software-python-dvdvideo">python-dvdvideo</a>
-written by Bastian Blank. It is
-<a href="http://packages.qa.debian.org/p/python-dvdvideo.html">in Debian
-already</a> and the binary package name is python3-dvdvideo. Instead
-of trying to read every block from the DVD, it parses the file
-structure and figure out which block on the DVD is actually in used,
-and only read those blocks from the DVD. This work surprisingly well,
-and I have been able to almost backup my entire DVD collection using
-this method.</p>
-
-<p>So far, python-dvdvideo have failed on between 10 and
-20 DVDs, which is a small fraction of my collection. The most common
-problem is
-<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831">DVDs
-using UTF-16 instead of UTF-8 characters</a>, which according to
-Bastian is against the DVD specification (and seem to cause some
-players to fail too). A rarer problem is what seem to be inconsistent
-DVD structures, as the python library
-<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723079">claim
-there is a overlap between objects</a>. An equally rare problem claim
-<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741878">some
-value is out of range</a>. No idea what is going on there. I wish I
-knew enough about the DVD format to fix these, to ensure my movie
-collection will stay with me in the future.</p>
-
-<p>So, if you need to keep your DVDs safe, back them up using
-python-dvdvideo. :)</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Hvordan_vurderer_regjeringen_H_264_patentutfordringen_.html">Hvordan vurderer regjeringen H.264-patentutfordringen?</a></div>
+ <div class="date">16th November 2014</div>
+ <div class="body"><p>For en stund tilbake spurte jeg Fornyingsdepartementet om hvilke
+juridiske vurderinger rundt patentproblemstillingen som var gjort da
+H.264 ble tatt inn i <a href="http://standard.difi.no/">statens
+referansekatalog over standarder</a>. Stig Hornnes i FAD tipset meg
+om følgende som står i oppsumeringen til høringen om
+referansekatalogen versjon 2.0, som jeg siden ved hjelp av en
+innsynsforespørsel fikk tak i
+<a href="http://wiki.nuug.no/uttalelser/200901-standardkatalog-v2?action=AttachFile&do=get&target=kongelig-resolusjon.pdf">PDF-utgaven av</a>
+datert 2009-06-03 (saksnummer 200803291, saksbehandler Henrik
+Linnestad).</p>
+
+<p>Der står det følgende om problemstillingen:</p>
+
+<p><blockquote>
+<strong>4.4 Patentproblematikk</strong>
+
+<p>NUUG og Opera ser det som særlig viktig at forslagene knyttet til
+lyd og video baserer seg på de royalty-frie standardene Vorbis, Theora
+og FLAC.</p>
+
+<p>Kommentarene relaterer seg til at enkelte standarder er åpne, men
+inneholder tekniske prosedyrer som det i USA (og noen andre land som
+Japan) er gitt patentrettigheter til. I vårt tilfelle berører dette
+spesielt standardene Mp3 og H.264, selv om Politidirektoratet peker på
+at det muligens kan være tilsvarende problematikk også for Theora og
+Vorbis. Dette medfører at det i USA kan kreves royalties for bruk av
+tekniske løsninger knyttet til standardene, et krav som også
+håndheves. Patenter kan imidlertid bare hevdes i de landene hvor
+patentet er gitt, så amerikanske patenter gjelder ikke andre steder
+enn USA.</p>
+
+<p>Spesielt for utvikling av fri programvare er patenter
+problematisk. GPL, en "grunnleggende" lisens for distribusjon av fri
+programvare, avviser at programvare kan distribueres under denne
+lisensen hvis det inneholder referanser til patenterte rutiner som
+utløser krav om royalties. Det er imidlertid uproblematisk å
+distribuere fri programvareløsninger under GPL som benytter de
+aktuelle standardene innen eller mellom land som ikke anerkjenner
+patentene. Derfor finner vi også flere implementeringer av Mp3 og
+H.264 som er fri programvare, lisensiert under GPL.</p>
+
+<p>I Norge og EU er patentlovgivningen langt mer restriktiv enn i USA,
+men det er også her mulig å få patentert metoder for løsning av et
+problem som relaterer seg til databehandling. Det er AIF bekjent ikke
+relevante patenter i EU eller Norge hva gjelder H.264 og Mp3, men
+muligheten for at det finnes patenter uten at det er gjort krav om
+royalties eller at det senere vil gis slike patenter kan ikke helt
+avvises.</p>
+
+<p>AIF mener det er et behov for å gi offentlige virksomheter mulighet
+til å benytte antatt royaltyfrie åpne standarder som et likeverdig
+alternativ eller i tillegg til de markedsledende åpne standardene.</p>
+
+</blockquote></p>
+
+<p>Det ser dermed ikke ut til at de har vurdert patentspørsmålet i
+sammenheng med opphavsrettsvilkår slik de er formulert for f.eks.
+Apple Final Cut Pro, Adobe Premiere Pro, Avid og Sorenson-verktøyene,
+der det kreves brukstillatelse for patenter som ikke er gyldige i
+Norge for å bruke disse verktøyene til annet en personlig og ikke
+kommersiell aktivitet når det gjelder H.264-video. Jeg må nok lete
+videre etter svar på det spørsmålet.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/standard">standard</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html">Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene</a></div>
- <div class="date">16th March 2014</div>
- <div class="body"><p>Det offentlige Norge har mye kunnskap og informasjon. Men hvordan
-kan en få tilgang til den på en enkel måte? Takket være et lite
-knippe lover og tilhørende forskrifter, blant annet
-<a href="http://lovdata.no/dokument/NL/lov/2006-05-19-16">offentlighetsloven</a>,
-<a href="http://lovdata.no/dokument/NL/lov/2003-05-09-31">miljøinformasjonsloven</a>
-og
-<a href="http://lovdata.no/dokument/NL/lov/1967-02-10/">forvaltningsloven</a>
-har en rett til å spørre det offentlige og få svar. Men det finnes
-intet offentlig arkiv over hva andre har spurt om, og dermed risikerer en
-å måtte forstyrre myndighetene gang på gang for å få tak i samme
-informasjonen på nytt. <a href="http://www.mysociety.org/">Britiske
-mySociety</a> har laget tjenesten
-<a href="http://www.whatdotheyknow.com/">WhatDoTheyKnow</a> som gjør
-noe med dette. I Storbritannia blir WhatdoTheyKnow brukt i
-<a href="http://www.mysociety.org/2011/07/01/whatdotheyknows-share-of-central-government-foi-requests-q2-2011/">ca
-15% av alle innsynsforespørsler mot sentraladministrasjonen</a>.
-Prosjektet heter <a href="http://www.alaveteli.org/">Alaveteli</A>, og
-er takk i bruk en rekke steder etter at løsningen ble generalisert og
-gjort mulig å oversette. Den hjelper borgerne med å be om innsyn,
-rådgir ved purringer og klager og lar alle se hvilke henvendelser som
-er sendt til det offentlige og hvilke svar som er kommet inn, i et
-søkpart arkiv. Her i Norge holder vi i foreningen NUUG på å få opp en
-norsk utgave av Alaveteli, og her trenger vi din hjelp med
-oversettelsen.</p>
-
-<p>Så langt er 76 % av Alaveteli oversatt til norsk bokmål, men vi
-skulle gjerne vært oppe i 100 % før lansering. Oversettelsen gjøres
-på <a href="https://www.transifex.com/projects/p/alaveteli/">Transifex,
-der enhver som registrerer seg</a> og ber om tilgang til
-bokmålsoversettelsen får bidra. Vi har satt opp en test av tjenesten
-(som ikke sender epost til det offentlige, kun til oss som holder på å
-sette opp tjenesten) på maskinen
-<a href="http://alaveteli-dev.nuug.no/">alaveteli-dev.nuug.no</a>, der
-en kan se hvordan de oversatte meldingen blir seende ut på nettsiden.
-Når tjenesten lanseres vil den hete
-<a href="https://www.mimesbrønn.no/">Mimes brønn</a>, etter
-visdomskilden som Odin måtte gi øyet sitt for å få drikke i. Den
-nettsiden er er ennå ikke klar til bruk.</p>
-
-<p>Hvis noen vil oversette til nynorsk også, så skal vi finne ut
-hvordan vi lager en flerspråklig tjeneste. Men i første omgang er
-fokus på bokmålsoversettelsen, der vi selv har nok peiling til å ha
-fått oversatt 76%, men trenger hjelp for å komme helt i mål. :)</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/A_Debian_package_for_SMTP_via_Tor__aka_SMTorP__using_exim4.html">A Debian package for SMTP via Tor (aka SMTorP) using exim4</a></div>
+ <div class="date">10th November 2014</div>
+ <div class="body"><p>The right to communicate with your friends and family in private,
+without anyone snooping, is a right every citicen have in a liberal
+democracy. But this right is under serious attack these days.</p>
+
+<p>A while back it occurred to me that one way to make the dragnet
+surveillance conducted by NSA, GCHQ, FRA and others (and confirmed by
+the whisleblower Snowden) more expensive for Internet email,
+is to deliver all email using SMTP via Tor. Such SMTP option would be
+a nice addition to the FreedomBox project if we could send email
+between FreedomBox machines without leaking metadata about the emails
+to the people peeking on the wire. I
+<a href="http://lists.alioth.debian.org/pipermail/freedombox-discuss/2014-October/006493.html">proposed
+this on the FreedomBox project mailing list in October</a> and got a
+lot of useful feedback and suggestions. It also became obvious to me
+that this was not a novel idea, as the same idea was tested and
+documented by Johannes Berg as early as 2006, and both
+<a href="https://github.com/pagekite/Mailpile/wiki/SMTorP">the
+Mailpile</a> and <a href="http://dee.su/cables">the Cables</a> systems
+propose a similar method / protocol to pass emails between users.</p>
+
+<p>To implement such system one need to set up a Tor hidden service
+providing the SMTP protocol on port 25, and use email addresses
+looking like username@hidden-service-name.onion. With such addresses
+the connections to port 25 on hidden-service-name.onion using Tor will
+go to the correct SMTP server. To do this, one need to configure the
+Tor daemon to provide the hidden service and the mail server to accept
+emails for this .onion domain. To learn more about Exim configuration
+in Debian and test the design provided by Johannes Berg in his FAQ, I
+set out yesterday to create a Debian package for making it trivial to
+set up such SMTP over Tor service based on Debian. Getting it to work
+were fairly easy, and
+<a href="https://github.com/petterreinholdtsen/exim4-smtorp">the
+source code for the Debian package</a> is available from github. I
+plan to move it into Debian if further testing prove this to be a
+useful approach.</p>
+
+<p>If you want to test this, set up a blank Debian machine without any
+mail system installed (or run <tt>apt-get purge exim4-config</tt> to
+get rid of exim4). Install tor, clone the git repository mentioned
+above, build the deb and install it on the machine. Next, run
+<tt>/usr/lib/exim4-smtorp/setup-exim-hidden-service</tt> and follow
+the instructions to get the service up and running. Restart tor and
+exim when it is done, and test mail delivery using swaks like
+this:</p>
+
+<p><blockquote><pre>
+torsocks swaks --server dutlqrrmjhtfa3vp.onion \
+ --to fbx@dutlqrrmjhtfa3vp.onion
+</pre></blockquote></p>
+
+<p>This will test the SMTP delivery using tor. Replace the email
+address with your own address to test your server. :)</p>
+
+<p>The setup procedure is still to complex, and I hope it can be made
+easier and more automatic. Especially the tor setup need more work.
+Also, the package include a tor-smtp tool written in C, but its task
+should probably be rewritten in some script language to make the deb
+architecture independent. It would probably also make the code easier
+to review. The tor-smtp tool currently need to listen on a socket for
+exim to talk to it and is started using xinetd. It would be better if
+no daemon and no socket is needed. I suspect it is possible to get
+exim to run a command line tool for delivery instead of talking to a
+socket, and hope to figure out how in a future version of this
+system.</p>
+
+<p>Until I wipe my test machine, I can be reached using the
+<tt>fbx@dutlqrrmjhtfa3vp.onion</tt> mail address, deliverable over
+SMTorP. :)</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html">Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine</a></div>
- <div class="date">14th March 2014</div>
- <div class="body"><p>The <a href="https://wiki.debian.org/FreedomBox">Freedombox
-project</a> is working on providing the software and hardware for
-making it easy for non-technical people to host their data and
-communication at home, and being able to communicate with their
-friends and family encrypted and away from prying eyes. It has been
-going on for a while, and is slowly progressing towards a new test
-release (0.2).</p>
-
-<p>And what day could be better than the Pi day to announce that the
-new version will provide "hard drive" / SD card / USB stick images for
-Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization
-system), and can also be installed using a Debian installer preseed
-file. The Debian based Freedombox is now based on Debian Jessie,
-where most of the needed packages used are already present. Only one,
-the freedombox-setup package, is missing. To try to build your own
-boot image to test the current status, fetch the freedom-maker scripts
-and build using
-<a href="http://packages.qa.debian.org/vmdebootstrap">vmdebootstrap</a>
-with a user with sudo access to become root:
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/First_Jessie_based_Debian_Edu_released__alpha0_.html">First Jessie based Debian Edu released (alpha0)</a></div>
+ <div class="date">27th October 2014</div>
+ <div class="body"><p>I am happy to report that I on behalf of the Debian Edu team just
+sent out
+<a href="https://lists.debian.org/debian-edu-announce/2014/10/msg00000.html">this
+announcement</a>:</p>
<pre>
-git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
- freedom-maker
-sudo apt-get install git vmdebootstrap mercurial python-docutils \
- mktorrent extlinux virtualbox qemu-user-static binfmt-support \
- u-boot-tools
-make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
-</pre>
+The Debian Edu Team is pleased to announce the release of Debian Edu
+Jessie 8.0+edu0~alpha0
+
+Debian Edu is a complete operating system for schools. Through its
+various installation profiles you can install servers, workstations
+and laptops which will work together on the school network. With
+Debian Edu, the teachers themselves or their technical support can
+roll out a complete multi-user multi-machine study environment within
+hours or a few days. Debian Edu comes with hundreds of applications
+pre-installed, but you can always add more packages from Debian.
+
+For those who want to give Debian Edu Jessie a try, download and
+installation instructions are available, including detailed
+instructions in the manual[1] explaining the first steps, such as
+setting up a network or adding users. Please note that the password
+for the user your prompted for during installation must have a length
+of at least 5 characters!
+
+ [1] <URL: <a href="https://wiki.debian.org/DebianEdu/Documentation/Jessie">https://wiki.debian.org/DebianEdu/Documentation/Jessie</a> >
+
+Would you like to give your school's computer a longer life? Are you
+tired of sneaker administration, running from computer to computer
+reinstalling the operating system? Would you like to administrate all
+the computers in your school using only a couple of hours every week?
+Check out Debian Edu Jessie!
+
+Skolelinux is used by at least two hundred schools all over the world,
+mostly in Germany and Norway.
+
+About Debian Edu and Skolelinux
+===============================
+
+Debian Edu, also known as Skolelinux[2], is a Linux distribution based
+on Debian providing an out-of-the box environment of a completely
+configured school network. Immediately after installation a school
+server running all services needed for a school network is set up just
+waiting for users and machines being added via GOsa², a comfortable
+Web-UI. A netbooting environment is prepared using PXE, so after
+initial installation of the main server from CD or USB stick all other
+machines can be installed via the network. The provided school server
+provides LDAP database and Kerberos authentication service,
+centralized home directories, DHCP server, web proxy and many other
+services. The desktop contains more than 60 educational software
+packages[3] and more are available from the Debian archive, and
+schools can choose between KDE, Gnome, LXDE, Xfce and MATE desktop
+environment.
+
+ [2] <URL: <a href="http://www.skolelinux.org/">http://www.skolelinux.org/</a> >
+ [3] <URL: <a href="http://people.skolelinux.org/pere/blog/Educational_applications_included_in_Debian_Edu___Skolelinux__the_screenshot_collection____.html">http://people.skolelinux.org/pere/blog/Educational_applications_included_in_Debian_Edu___Skolelinux__the_screenshot_collection____.html</a> >
+
+Full release notes and manual
+=============================
+
+Below the download URLs there is a list of some of the new features
+and bugfixes of Debian Edu 8.0+edu0~alpha0 Codename Jessie. The full
+list is part of the manual. (See the feature list in the manual[4] for
+the English version.) For some languages manual translations are
+available, see the manual translation overview[5].
+
+ [4] <URL: <a href="https://wiki.debian.org/DebianEdu/Documentation/Jessie/Features">https://wiki.debian.org/DebianEdu/Documentation/Jessie/Features</a> >
+ [5] <URL: <a href="http://maintainer.skolelinux.org/debian-edu-doc/">http://maintainer.skolelinux.org/debian-edu-doc/</a> >
+
+Where to get it
+---------------
+
+To download the multiarch netinstall CD release (624 MiB) you can use
+
+ * <a href="ftp://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso</a>
+ * <a href="http://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso</a>
+ * rsync -avzP ftp.skolelinux.org::skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso .
+
+The SHA1SUM of this image is: 361188818e036ce67280a572f757de82ebfeb095
+
+New features for Debian Edu 8.0+edu0~alpha0 Codename Jessie released 2014-10-27
+===============================================================================
+
+
+Installation changes
+--------------------
+
+ * PXE installation now installs firmware automatically for the hardware present.
+
+Software updates
+----------------
+
+Everything which is new in Debian Jessie 8.0, eg:
+
+ * Linux kernel 3.16.x
+ * Desktop environments KDE "Plasma" 4.11.12, GNOME 3.14, Xfce 4.10,
+ LXDE 0.5.6 and MATE 1.8 (KDE "Plasma" is installed by default; to
+ choose one of the others see manual.)
+ * the browsers Iceweasel 31 ESR and Chromium 38
+ * !LibreOffice 4.3.3
+ * GOsa 2.7.4
+ * LTSP 5.5.4
+ * CUPS print system 1.7.5
+ * new boot framework: systemd
+ * Educational toolbox GCompris 14.07
+ * Music creator Rosegarden 14.02
+ * Image editor Gimp 2.8.14
+ * Virtual stargazer Stellarium 0.13.0
+ * golearn 0.9
+ * tuxpaint 0.9.22
+ * New version of debian-installer from Debian Jessie.
+ * Debian Jessie includes about 42000 packages available for
+ installation.
+ * More information about Debian Jessie 8.0 is provided in the release
+ notes[6] and the installation manual[7].
+
+ [6] <URL: <a href="http://www.debian.org/releases/jessie/releasenotes">http://www.debian.org/releases/jessie/releasenotes</a> >
+ [7] <URL: <a href="http://www.debian.org/releases/jessie/installmanual">http://www.debian.org/releases/jessie/installmanual</a> >
+
+Fixed bugs
+----------
+
+ * Inserting incorrect DNS information in Gosa will no longer break
+ DNS completely, but instead stop DNS updates until the incorrect
+ information is corrected (Debian bug #710362)
+ * and many others.
+
+Documentation and translation updates
+-------------------------------------
+
+ * The Debian Edu Jessie Manual is fully translated to German, French,
+ Italian, Danish and Dutch. Partly translated versions exist for
+ Norwegian Bokmal and Spanish.
+
+Other changes
+-------------
+
+ * Due to new Squid settings, powering off or rebooting the main
+ server takes more time.
+ * To manage printers localhost:631 has to be used, currently www:631
+ doesn't work.
+
+Regressions / known problems
+----------------------------
+
+ * Installing LTSP chroot fails with a bug related to eatmydata about
+ exim4-config failing to run its postinst (see Debian bug #765694
+ and Debian bug #762103).
+ * Munin collection is not properly configured on clients (Debian bug
+ #764594). The fix is available in a newer version of munin-node.
+ * PXE setup for Main Server and Thin Client Server setup does not
+ work when installing on a machine without direct Internet access.
+ Will be fixed when Debian bug #766960 is fixed in Jessie.
-<p>Root access is needed to run debootstrap and mount loopback
-devices. See the README for more details on the build. If you do not
-want all three images, trim the make line. But note that thanks to <a
-href="https://bugs.debian.org/741407">a race condition in
-vmdebootstrap</a>, the build might fail without the patch to the
-kpartx call.</p>
+See the status page[8] for the complete list.
-<p>If you instead want to install using a Debian CD and the preseed
-method, boot a Debian Wheezy ISO and use this boot argument to load
-the preseed values:</p>
+ [8] <URL: <a href="https://wiki.debian.org/DebianEdu/Status/Jessie">https://wiki.debian.org/DebianEdu/Status/Jessie</a> >
-<pre>
-url=<a href="http://www.reinholdtsen.name/freedombox/preseed-jessie.dat">http://www.reinholdtsen.name/freedombox/preseed-jessie.dat</a>
-</pre>
+How to report bugs
+------------------
+
+<URL: <a href="http://wiki.debian.org/DebianEdu/HowTo/ReportBugs">http://wiki.debian.org/DebianEdu/HowTo/ReportBugs</a> >
-<p>But note that due to <a href="https://bugs.debian.org/740673">a
-recently introduced bug in apt in Jessie</a>, the installer will
-currently hang while setting up APT sources. Killing the
-'<tt>apt-cdrom ident</tt>' process when it hang a few times during the
-installation will get the installation going. This affect all
-installations in Jessie, and I expect it will be fixed soon.</p>
-
-<p>Give it a go and let us know how it goes on the mailing list, and help
-us get the new release published. :) Please join us on
-<a href="irc://irc.debian.org:6667/%23freedombox">IRC (#freedombox on
-irc.debian.org)</a> and
-<a href="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the
-mailing list</a> if you want to help make this vision come true.</p>
+About Debian
+============
+
+The Debian Project was founded in 1993 by Ian Murdock to be a truly
+free community project. Since then the project has grown to be one of
+the largest and most influential open source projects. Thousands of
+volunteers from all over the world work together to create and
+maintain Debian software. Available in 70 languages, and supporting a
+huge range of computer types, Debian calls itself the universal
+operating system.
+
+Contact Information
+For further information, please visit the Debian web pages[9] or send
+mail to press@debian.org.
+
+ [9] <URL: <a href="http://www.debian.org/">http://www.debian.org/</a> >
+</pre>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html">How to add extra storage servers in Debian Edu / Skolelinux</a></div>
- <div class="date">12th March 2014</div>
- <div class="body"><p>On larger sites, it is useful to use a dedicated storage server for
-storing user home directories and data. The design for handling this
-in <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a>, is
-to update the automount rules in LDAP and let the automount daemon on
-the clients take care of the rest. I was reminded about the need to
-document this better when one of the customers of
-<a href="http://www.slxdrift.no/">Skolelinux Drift AS</a>, where I am
-on the board of directors, asked about how to do this. The steps to
-get this working are the following:</p>
-
-<p><ol>
-
-<li>Add new storage server in DNS. I use nas-server.intern as the
-example host here.</li>
-
-<li>Add automoun LDAP information about this server in LDAP, to allow
-all clients to automatically mount it on reqeust.</li>
-
-<li>Add the relevant entries in tjener.intern:/etc/fstab, because
-tjener.intern do not use automount to avoid mounting loops.</li>
-
-</ol></p>
-
-<p>DNS entries are added in GOsa², and not described here. Follow the
-<a href="https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted">instructions
-in the manual</a> (Machine Management with GOsa² in section Getting
-started).</p>
-
-<p>Ensure that the NFS export points on the server are exported to the
-relevant subnets or machines:</p>
-
-<p><blockquote><pre>
-root@tjener:~# showmount -e nas-server
-Export list for nas-server:
-/storage 10.0.0.0/8
-root@tjener:~#
-</pre></blockquote></p>
-
-<p>Here everything on the backbone network is granted access to the
-/storage export. With NFSv3 it is slightly better to limit it to
-netgroup membership or single IP addresses to have some limits on the
-NFS access.</p>
-
-<p>The next step is to update LDAP. This can not be done using GOsa²,
-because it lack a module for automount. Instead, use ldapvi and add
-the required LDAP objects using an editor.</p>
-
-<p><blockquote><pre>
-ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no
-</pre></blockquote></p>
-
-<p>When the editor show up, add the following LDAP objects at the
-bottom of the document. The "/&" part in the last LDAP object is a
-wild card matching everything the nas-server exports, removing the
-need to list individual mount points in LDAP.</p>
-
-<p><blockquote><pre>
-add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
-objectClass: automount
-cn: nas-server
-automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
-
-add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
-objectClass: top
-objectClass: automountMap
-ou: auto.nas-server
-
-add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
-objectClass: automount
-cn: /
-automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
-</pre></blockquote></p>
-
-<p>The last step to remember is to mount the relevant mount points in
-tjener.intern by adding them to /etc/fstab, creating the mount
-directories using mkdir and running "mount -a" to mount them.</p>
-
-<p>When this is done, your users should be able to access the files on
-the storage server directly by just visiting the
-/tjener/nas-server/storage/ directory using any application on any
-workstation, LTSP client or LTSP server.</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/I_spent_last_weekend_recording_MakerCon_Nordic.html">I spent last weekend recording MakerCon Nordic</a></div>
+ <div class="date">23rd October 2014</div>
+ <div class="body"><p>I spent last weekend at <a href="http://www.makercon.no/">Makercon
+Nordic</a>, a great conference and workshop for makers in Norway and
+the surrounding countries. I had volunteered on behalf of the
+Norwegian Unix Users Group (NUUG) to video record the talks, and we
+had a great and exhausting time recording the entire day, two days in
+a row. There were only two of us, Hans-Petter and me, and we used the
+regular video equipment for NUUG, with a
+<a href="http://dvswitch.alioth.debian.org/wiki/">dvswitch</a>, a
+camera and a VGA to DV convert box, and mixed video and slides
+live.</p>
+
+<p>Hans-Petter did the post-processing, consisting of uploading the
+around 180 GiB of raw video to Youtube, and the result is
+<a href="https://www.youtube.com/user/MakerConNordic/">now becoming
+public</a> on the MakerConNordic account. The videos have the license
+NUUG always use on our recordings, which is
+<a href="http://creativecommons.org/licenses/by-sa/3.0/no/">Creative
+Commons Navngivelse-Del på samme vilkår 3.0 Norge</a>. Many great
+talks available. Check it out! :)</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>.
</div>
<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/03/">March (8)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/04/">April (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/04/">April (7)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/05/">May (1)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/06/">June (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/07/">July (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/08/">August (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/09/">September (5)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/10/">October (6)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/11/">November (3)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2014/12/">December (5)</a></li>
</ul></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (15)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (96)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (109)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (146)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (151)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/dld">dld (15)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (12)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (243)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (265)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (21)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (22)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (12)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (14)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (9)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (41)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (18)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (19)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (8)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lsdvd">lsdvd (2)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (26)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (32)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (244)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (252)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (162)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (165)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (11)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (46)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (50)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (72)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (79)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (3)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (9)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (39)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (41)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (44)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (46)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (3)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (9)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (24)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (28)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (2)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (46)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (29)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (34)</a></li>
</ul>
projects / homepage.git / blobdiff