<link>http://people.skolelinux.org/pere/blog/</link>
<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Fortsatt ingen sikkerhetsoppdateringer for billettautomatene til kollektivtrafikken i Oslo?</title>
+ <link>http://people.skolelinux.org/pere/blog/Fortsatt_ingen_sikkerhetsoppdateringer_for_billettautomatene_til_kollektivtrafikken_i_Oslo_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Fortsatt_ingen_sikkerhetsoppdateringer_for_billettautomatene_til_kollektivtrafikken_i_Oslo_.html</guid>
+ <pubDate>Tue, 29 Nov 2016 08:50:00 +0100</pubDate>
+ <description><p>For fire og et halvt år siden lot jeg meg overraske over at Ruters
+billettautomater for kollektivtrafikken i Oslo kjørte
+<a href="http://en.wikipedia.org/wiki/Windows_2000">Windows 2000
+Professional</a>, et og et halvt år etter at Microsoft hadde gitt
+beskjed om at det ikke lenger kom sikkerhetsoppdateringer til
+systemet. Støtten fra Microsoft
+<a href="http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=Windows+2000&Filter=FilterNO">tok
+slutt 2010-07-13 i følge Wikipedia og Microsoft selv</a>.</p>
+
+<p>For fem dager siden passerte jeg på nytt en slik billettautomat som
+hadde brutt sammen, og den annonserte fortsatt at den kjører Windows
+2000 Professional, nå mer enn seks år siden Microsoft sluttet å komme
+med sikkerhetspatcher til produktet. Sikret meg et bilde av
+krasjmeldingen på skjermen.
+
+<p><a href="http://people.skolelinux.org/pere/blog/images/2016-11-29-ruter-win2000pro.jpeg"><img width="40%" src="http://people.skolelinux.org/pere/blog/images/2016-11-29-ruter-win2000pro.jpeg" alt="[foto av billettautomat]"></a></p>
+
+<p>Mon tro om de mangler kildekoden til systemet som kjører på
+automaten, og dermed ikke uten videre kan oppgradere?</p>
+
+<p>Jeg ser jo fra
+<a href="https://www.mimesbronn.no/request/ruterbillett_app">en
+innsynshenvendelse om kildekoden til billett-Appen til Ruter på Mimes
+brønn</a> at Ruter tilsynelatende ikke legger sikkerheten i
+sertifikater, nøkler og passord, men i stedet baserer seg på at
+logikken i programvaren holdes hemmelig. Det borger ikke godt for
+sikkerheten i Ruters datasystemer.
+
+<p>Bildet er tilgjengelig for bruk med bruksvilkårene til
+<a href="http://creativecommons.org/licenses/by/3.0/no/">Creative
+Commons Navngivelse 3.0 Norge (CC BY 3.0)</a>.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Quicker Debian installations using eatmydata</title>
+ <link>http://people.skolelinux.org/pere/blog/Quicker_Debian_installations_using_eatmydata.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Quicker_Debian_installations_using_eatmydata.html</guid>
+ <pubDate>Fri, 25 Nov 2016 14:50:00 +0100</pubDate>
+ <description><p>Two years ago, I did some experiments with eatmydata and the Debian
+installation system, observing how using
+<a href="http://people.skolelinux.org/pere/blog/Speeding_up_the_Debian_installer_using_eatmydata_and_dpkg_divert.html">eatmydata
+could speed up the installation</a> quite a bit. My testing measured
+speedup around 20-40 percent for Debian Edu, where we install around
+1000 packages from within the installer. The eatmydata package
+provide a way to disable/delay file system flushing. This is a bit
+risky in the general case, as files that should be stored on disk will
+stay only in memory a bit longer than expected, causing problems if a
+machine crashes at an inconvenient time. But for an installation, if
+the machine crashes during installation the process is normally
+restarted, and avoiding disk operations as much as possible to speed
+up the process make perfect sense.
+
+<p>I added code in the Debian Edu specific installation code to enable
+<a href="https://tracker.debian.org/pkg/libeatmydata">eatmydata</a>,
+but did not have time to push it any further. But a few months ago I
+picked it up again and worked with the libeatmydata package maintainer
+Mattia Rizzolo to make it easier for everyone to get this installation
+speedup in Debian. Thanks to our cooperation There is now an
+eatmydata-udeb package in Debian testing and unstable, and simply
+enabling/installing it in debian-installer (d-i) is enough to get the
+quicker installations. It can be enabled using preseeding. The
+following untested kernel argument should do the trick:</p>
+
+<blockquote><pre>
+preseed/early_command="anna-install eatmydata-udeb"
+</pre></blockquote>
+
+<p>This should ask d-i to install the package inside the d-i
+environment early in the installation sequence. Having it installed
+in d-i in turn will make sure the relevant scripts are called just
+after debootstrap filled /target/ with the freshly installed Debian
+system to configure apt to run dpkg with eatmydata. This is enough to
+speed up the installation process. There is a proposal to
+<a href="https://bugs.debian.org/841153">extend the idea a bit further
+by using /etc/ld.so.preload instead of apt.conf</a>, but I have not
+tested its impact.</p>
+
+</description>
+ </item>
+
<item>
<title>Oversette bokmål til nynorsk, enklere enn du tror takket være Apertium</title>
<link>http://people.skolelinux.org/pere/blog/Oversette_bokm_l_til_nynorsk__enklere_enn_du_tror_takket_v_re_Apertium.html</link>
</description>
</item>
- <item>
- <title>Isenkram, Appstream and udev make life as a LEGO builder easier</title>
- <link>http://people.skolelinux.org/pere/blog/Isenkram__Appstream_and_udev_make_life_as_a_LEGO_builder_easier.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Isenkram__Appstream_and_udev_make_life_as_a_LEGO_builder_easier.html</guid>
- <pubDate>Fri, 7 Oct 2016 09:50:00 +0200</pubDate>
- <description><p><a href="http://packages.qa.debian.org/isenkram">The Isenkram
-system</a> provide a practical and easy way to figure out which
-packages support the hardware in a given machine. The command line
-tool <tt>isenkram-lookup</tt> and the tasksel options provide a
-convenient way to list and install packages relevant for the current
-hardware during system installation, both user space packages and
-firmware packages. The GUI background daemon on the other hand provide
-a pop-up proposing to install packages when a new dongle is inserted
-while using the computer. For example, if you plug in a smart card
-reader, the system will ask if you want to install <tt>pcscd</tt> if
-that package isn't already installed, and if you plug in a USB video
-camera the system will ask if you want to install <tt>cheese</tt> if
-cheese is currently missing. This already work just fine.</p>
-
-<p>But Isenkram depend on a database mapping from hardware IDs to
-package names. When I started no such database existed in Debian, so
-I made my own data set and included it with the isenkram package and
-made isenkram fetch the latest version of this database from git using
-http. This way the isenkram users would get updated package proposals
-as soon as I learned more about hardware related packages.</p>
-
-<p>The hardware is identified using modalias strings. The modalias
-design is from the Linux kernel where most hardware descriptors are
-made available as a strings that can be matched using filename style
-globbing. It handle USB, PCI, DMI and a lot of other hardware related
-identifiers.</p>
-
-<p>The downside to the Isenkram specific database is that there is no
-information about relevant distribution / Debian version, making
-isenkram propose obsolete packages too. But along came AppStream, a
-cross distribution mechanism to store and collect metadata about
-software packages. When I heard about the proposal, I contacted the
-people involved and suggested to add a hardware matching rule using
-modalias strings in the specification, to be able to use AppStream for
-mapping hardware to packages. This idea was accepted and AppStream is
-now a great way for a package to announce the hardware it support in a
-distribution neutral way. I wrote
-<a href="http://people.skolelinux.org/pere/blog/Using_appstream_with_isenkram_to_install_hardware_related_packages_in_Debian.html">a
-recipe on how to add such meta-information</a> in a blog post last
-December. If you have a hardware related package in Debian, please
-announce the relevant hardware IDs using AppStream.</p>
-
-<p>In Debian, almost all packages that can talk to a LEGO Mindestorms
-RCX or NXT unit, announce this support using AppStream. The effect is
-that when you insert such LEGO robot controller into your Debian
-machine, Isenkram will propose to install the packages needed to get
-it working. The intention is that this should allow the local user to
-start programming his robot controller right away without having to
-guess what packages to use or which permissions to fix.</p>
-
-<p>But when I sat down with my son the other day to program our NXT
-unit using his Debian Stretch computer, I discovered something
-annoying. The local console user (ie my son) did not get access to
-the USB device for programming the unit. This used to work, but no
-longer in Jessie and Stretch. After some investigation and asking
-around on #debian-devel, I discovered that this was because udev had
-changed the mechanism used to grant access to local devices. The
-ConsoleKit mechanism from <tt>/lib/udev/rules.d/70-udev-acl.rules</tt>
-no longer applied, because LDAP users no longer was added to the
-plugdev group during login. Michael Biebl told me that this method
-was obsolete and the new method used ACLs instead. This was good
-news, as the plugdev mechanism is a mess when using a remote user
-directory like LDAP. Using ACLs would make sure a user lost device
-access when she logged out, even if the user left behind a background
-process which would retain the plugdev membership with the ConsoleKit
-setup. Armed with this knowledge I moved on to fix the access problem
-for the LEGO Mindstorms related packages.</p>
-
-<p>The new system uses a udev tag, 'uaccess'. It can either be
-applied directly for a device, or is applied in
-/lib/udev/rules.d/70-uaccess.rules for classes of devices. As the
-LEGO Mindstorms udev rules did not have a class, I decided to add the
-tag directly in the udev rules files included in the packages. Here
-is one example. For the nqc C compiler for the RCX, the
-<tt>/lib/udev/rules.d/60-nqc.rules</tt> file now look like this:
-
-<p><pre>
-SUBSYSTEM=="usb", ACTION=="add", ATTR{idVendor}=="0694", ATTR{idProduct}=="0001", \
- SYMLINK+="rcx-%k", TAG+="uaccess"
-</pre></p>
-
-<p>The key part is the 'TAG+="uaccess"' at the end. I suspect all
-packages using plugdev in their /lib/udev/rules.d/ files should be
-changed to use this tag (either directly or indirectly via
-<tt>70-uaccess.rules</tt>). Perhaps a lintian check should be created
-to detect this?</p>
-
-<p>I've been unable to find good documentation on the uaccess feature.
-It is unclear to me if the uaccess tag is an internal implementation
-detail like the udev-acl tag used by
-<tt>/lib/udev/rules.d/70-udev-acl.rules</tt>. If it is, I guess the
-indirect method is the preferred way. Michael
-<a href="https://github.com/systemd/systemd/issues/4288">asked for more
-documentation from the systemd project</a> and I hope it will make
-this clearer. For now I use the generic classes when they exist and
-is already handled by <tt>70-uaccess.rules</tt>, and add the tag
-directly if no such class exist.</p>
-
-<p>To learn more about the isenkram system, please check out
-<a href="http://people.skolelinux.org/pere/blog/tags/isenkram/">my
-blog posts tagged isenkram</a>.</p>
-
-<p>To help out making life for LEGO constructors in Debian easier,
-please join us on our IRC channel
-<a href="irc://irc.debian.org/%23debian-lego">#debian-lego</a> and join
-the <a href="https://alioth.debian.org/projects/debian-lego/">Debian
-LEGO team</a> in the Alioth project we created yesterday. A mailing
-list is not yet created, but we are working on it. :)</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
-</description>
- </item>
-
- <item>
- <title>Aftenposten-redaktøren med lua i hånda</title>
- <link>http://people.skolelinux.org/pere/blog/Aftenposten_redakt_ren_med_lua_i_h_nda.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Aftenposten_redakt_ren_med_lua_i_h_nda.html</guid>
- <pubDate>Fri, 9 Sep 2016 11:30:00 +0200</pubDate>
- <description><p>En av dagens nyheter er at Aftenpostens redaktør Espen Egil Hansen
-bruker
-<a href="https://www.nrk.no/kultur/aftenposten-brukar-heile-forsida-pa-facebook-kritikk-1.13126918">forsiden
-av papiravisen på et åpent brev til Facebooks sjef Mark Zuckerberg om
-Facebooks fjerning av bilder, tekster og sider de ikke liker</a>. Det
-må være uvant for redaktøren i avisen Aftenposten å stå med lua i
-handa og håpe på å bli hørt. Spesielt siden Aftenposten har vært med
-på å gi Facebook makten de nå demonstrerer at de har. Ved å melde seg
-inn i Facebook-samfunnet har de sagt ja til bruksvilkårene og inngått
-en antagelig bindende avtale. Kanskje de skulle lest og vurdert
-vilkårene litt nærmere før de sa ja, i stedet for å klage over at
-reglende de har valgt å akseptere blir fulgt? Personlig synes jeg
-vilkårene er uakseptable og det ville ikke falle meg inn å gå inn på
-en avtale med slike vilkår. I tillegg til uakseptable vilkår er det
-mange andre grunner til å unngå Facebook. Du kan finne en solid
-gjennomgang av flere slike argumenter hos
-<a href="https://stallman.org/facebook.html">Richard Stallmans side om
-Facebook</a>.
-
-<p>Jeg håper flere norske redaktører på samme vis må stå med lua i
-hånden inntil de forstår at de selv er med på å føre samfunnet på
-ville veier ved å omfavne Facebook slik de gjør når de omtaler og
-løfter frem saker fra Facebook, og tar i bruk Facebook som
-distribusjonskanal for sine nyheter. De bidrar til
-overvåkningssamfunnet og raderer ut lesernes privatsfære når de lenker
-til Facebook på sine sider, og låser seg selv inne i en omgivelse der
-det er Facebook, og ikke redaktøren, som sitter med makta.</p>
-
-<p>Men det vil nok ta tid, i et Norge der de fleste nettredaktører
-<a href="http://people.skolelinux.org/pere/blog/Snurpenot_overv_kning_av_sensitiv_personinformasjon.html">deler
-sine leseres personopplysinger med utenlands etterretning</a>.</p>
-
-<p>For øvrig burde varsleren Edward Snowden få politisk asyl i
-Norge.</p>
-</description>
- </item>
-
</channel>
</rss>
projects / homepage.git / blobdiff