<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
<item>
- <title>How to add extra storage servers in Debian Edu / Skolelinux</title>
- <link>http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</guid>
- <pubDate>Fri, 14 Mar 2014 12:50:00 +0100</pubDate>
- <description><p>On larger sites, it is useful to use a dedicated storage server for
-storing user home directories and data. The design for handling this
-in Debian Edu / Skolelinux, is to update the automount rules in LDAP
-and let the automount daemon on the clients take care of the rest. I
-was reminded about the need to document this better when one of the
-customers of <a href="http://www.slxdrift.no/">Skolelinux Drift AS</a>,
-where I am on the board of directors, asked about how to do this. The
-steps to get this working are the following:</p>
+ <title>S3QL, a locally mounted cloud file system - nice free software</title>
+ <link>http://people.skolelinux.org/pere/blog/S3QL__a_locally_mounted_cloud_file_system___nice_free_software.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/S3QL__a_locally_mounted_cloud_file_system___nice_free_software.html</guid>
+ <pubDate>Wed, 9 Apr 2014 11:30:00 +0200</pubDate>
+ <description><p>For a while now, I have been looking for a sensible offsite backup
+solution for use at home. My requirements are simple, it must be
+cheap and locally encrypted (in other words, I keep the encryption
+keys, the storage provider do not have access to my private files).
+One idea me and my friends had many years ago, before the cloud
+storage providers showed up, was to use Google mail as storage,
+writing a Linux block device storing blocks as emails in the mail
+service provided by Google, and thus get heaps of free space. On top
+of this one can add encryption, RAID and volume management to have
+lots of (fairly slow, I admit that) cheap and encrypted storage. But
+I never found time to implement such system. But the last few weeks I
+have looked at a system called
+<a href="https://bitbucket.org/nikratio/s3ql/">S3QL</a>, a locally
+mounted network backed file system with the features I need.</p>
+
+<p>S3QL is a fuse file system with a local cache and cloud storage,
+handling several different storage providers, any with Amazon S3,
+Google Drive or OpenStack API. There are heaps of such storage
+providers. S3QL can also use a local directory as storage, which
+combined with sshfs allow for file storage on any ssh server. S3QL
+include support for encryption, compression, de-duplication, snapshots
+and immutable file systems, allowing me to mount the remote storage as
+a local mount point, look at and use the files as if they were local,
+while the content is stored in the cloud as well. This allow me to
+have a backup that should survive fire. The file system can not be
+shared between several machines at the same time, as only one can
+mount it at the time, but any machine with the encryption key and
+access to the storage service can mount it if it is unmounted.</p>
+
+<p>It is simple to use. I'm using it on Debian Wheezy, where the
+package is included already. So to get started, run <tt>apt-get
+install s3ql</tt>. Next, pick a storage provider. I ended up picking
+Greenqloud, after reading their nice recipe on
+<a href="https://greenqloud.zendesk.com/entries/44611757-How-To-Use-S3QL-to-mount-a-StorageQloud-bucket-on-Debian-Wheezy">how
+to use S3QL with their Amazon S3 service</a>, because I trust the laws
+in Iceland more than those in USA when it come to keeping my personal
+data safe and private, and thus would rather spend money on a company
+in Iceland. Another nice recipe is available from the article
+<a href="http://www.admin-magazine.com/HPC/Articles/HPC-Cloud-Storage">S3QL
+Filesystem for HPC Storage</a> by Jeff Layton in the HPC section of
+Admin magazine. When the provider is picked, figure out how to get
+the API key needed to connect to the storage API. With Greencloud,
+the key did not show up until I had added payment details to my
+account.</p>
+
+<p>Armed with the API access details, it is time to create the file
+system. First, create a new bucket in the cloud. This bucket is the
+file system storage area. I picked a bucket name reflecting the
+machine that was going to store data there, but any name will do.
+I'll refer to it as <tt>bucket-name</tt> below. In addition, one need
+the API login and password, and a locally created password. Store it
+all in ~root/.s3ql/authinfo2 like this:
-<p><ol>
+<p><blockquote><pre>
+[s3c]
+storage-url: s3c://s.greenqloud.com:443/bucket-name
+backend-login: API-login
+backend-password: API-password
+fs-passphrase: local-password
+</pre></blockquote></p>
-<li>Add new storage server in DNS. I use nas-server.intern as the
-example host here.</li>
+<p>I create my local passphrase using <tt>pwget 50</tt> or similar,
+but any sensible way to create a fairly random password should do it.
+Armed with these details, it is now time to run mkfs, entering the API
+details and password to create it:</p>
-<li>Add automoun LDAP information about this server in LDAP, to allow
-all clients to automatically mount it on reqeust.</li>
+<p><blockquote><pre>
+# mkdir -m 700 /var/lib/s3ql-cache
+# mkfs.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
+ --ssl s3c://s.greenqloud.com:443/bucket-name
+Enter backend login:
+Enter backend password:
+Before using S3QL, make sure to read the user's guide, especially
+the 'Important Rules to Avoid Loosing Data' section.
+Enter encryption password:
+Confirm encryption password:
+Generating random encryption key...
+Creating metadata tables...
+Dumping metadata...
+..objects..
+..blocks..
+..inodes..
+..inode_blocks..
+..symlink_targets..
+..names..
+..contents..
+..ext_attributes..
+Compressing and uploading metadata...
+Wrote 0.00 MB of compressed metadata.
+# </pre></blockquote></p>
+
+<p>The next step is mounting the file system to make the storage available.
-<li>Add the relevant entries in tjener.intern:/etc/fstab, because
-tjener.intern do not use automount to avoid mounting loops.</li>
+<p><blockquote><pre>
+# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
+ --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
+Using 4 upload threads.
+Downloading and decompressing metadata...
+Reading metadata...
+..objects..
+..blocks..
+..inodes..
+..inode_blocks..
+..symlink_targets..
+..names..
+..contents..
+..ext_attributes..
+Mounting filesystem...
+# df -h /s3ql
+Filesystem Size Used Avail Use% Mounted on
+s3c://s.greenqloud.com:443/bucket-name 1.0T 0 1.0T 0% /s3ql
+#
+</pre></blockquote></p>
-</ol></p>
+<p>The file system is now ready for use. I use rsync to store my
+backups in it, and as the metadata used by rsync is downloaded at
+mount time, no network traffic (and storage cost) is triggered by
+running rsync. To unmount, one should not use the normal umount
+command, as this will not flush the cache to the cloud storage, but
+instead running the umount.s3ql command like this:
-<p>DNS entries are added in GOsa², and not described here. Follow the
-<a href="https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted">instructions
-in the manual</a> (Machine Management with GOsa² in section etting
-started).</p>
+<p><blockquote><pre>
+# umount.s3ql /s3ql
+#
+</pre></blockquote></p>
-<p>Ensure that the NFS export points on the server are exported to the
-relevant subnets or machines:</p>
+<p>There is a fsck command available to check the file system and
+correct any problems detected. This can be used if the local server
+crashes while the file system is mounted, to reset the "already
+mounted" flag. This is what it look like when processing a working
+file system:</p>
<p><blockquote><pre>
-root@tjener:~# showmount -e nas-server
-Export list for nas-server:
-/storage 10.0.0.0/8
-root@tjener:~#
+# fsck.s3ql --force --ssl s3c://s.greenqloud.com:443/bucket-name
+Using cached metadata.
+File system seems clean, checking anyway.
+Checking DB integrity...
+Creating temporary extra indices...
+Checking lost+found...
+Checking cached objects...
+Checking names (refcounts)...
+Checking contents (names)...
+Checking contents (inodes)...
+Checking contents (parent inodes)...
+Checking objects (reference counts)...
+Checking objects (backend)...
+..processed 5000 objects so far..
+..processed 10000 objects so far..
+..processed 15000 objects so far..
+Checking objects (sizes)...
+Checking blocks (referenced objects)...
+Checking blocks (refcounts)...
+Checking inode-block mapping (blocks)...
+Checking inode-block mapping (inodes)...
+Checking inodes (refcounts)...
+Checking inodes (sizes)...
+Checking extended attributes (names)...
+Checking extended attributes (inodes)...
+Checking symlinks (inodes)...
+Checking directory reachability...
+Checking unix conventions...
+Checking referential integrity...
+Dropping temporary indices...
+Backing up old metadata...
+Dumping metadata...
+..objects..
+..blocks..
+..inodes..
+..inode_blocks..
+..symlink_targets..
+..names..
+..contents..
+..ext_attributes..
+Compressing and uploading metadata...
+Wrote 0.89 MB of compressed metadata.
+#
</pre></blockquote></p>
-<p>Here everything on the backbone network is granted access to the
-/storage export. With NFSv3 it is slightly better to limit it to
-netgroup membership or single IP addresses to have some limits on the
-NFS access.</p>
-
-<p>The next step is to update LDAP. This can not be done using GOsa²,
-because it lack a module for automount. Instead, use ldapvi and add
-the required LDAP objects using an editor.</p>
+<p>Thanks to the cache, working on files that fit in the cache is very
+quick, about the same speed as local file access. Uploading large
+amount of data is to me limited by the bandwidth out of and into my
+house. Uploading 685 MiB with a 100 MiB cache gave me 305 kiB/s,
+which is very close to my upload speed, and downloading the same
+Debian installation ISO gave me 610 kiB/s, close to my download speed.
+Both were measured using <tt>dd</tt>. So for me, the bottleneck is my
+network, not the file system code. I do not know what a good cache
+size would be, but suspect that the cache should e larger than your
+working set.</p>
+
+<p>I mentioned that only one machine can mount the file system at the
+time. If another machine try, it is told that the file system is
+busy:</p>
<p><blockquote><pre>
-ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no
+# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
+ --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
+Using 8 upload threads.
+Backend reports that fs is still mounted elsewhere, aborting.
+#
</pre></blockquote></p>
-<p>When the editor show up, add the following LDAP objects at the
-bottom of the document. The "/&" part in the last LDAP object is a
-wild card matching everything the nas-server exports, removing the
-need to list individual mount points in LDAP.</p>
+<p>The file content is uploaded when the cache is full, while the
+metadata is uploaded once every 24 hour by default. To ensure the
+file system content is flushed to the cloud, one can either umount the
+file system, or ask S3QL to flush the cache and metadata using
+s3qlctrl:
<p><blockquote><pre>
-add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
-objectClass: automount
-cn: nas-server
-automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+# s3qlctrl upload-meta /s3ql
+# s3qlctrl flushcache /s3ql
+#
+</pre></blockquote></p>
-add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
-objectClass: top
-objectClass: automountMap
-ou: auto.nas-server
+<p>If you are curious about how much space your data uses in the
+cloud, and how much compression and deduplication cut down on the
+storage usage, you can use s3qlstat on the mounted file system to get
+a report:</p>
-add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
-objectClass: automount
-cn: /
-automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
+<p><blockquote><pre>
+# s3qlstat /s3ql
+Directory entries: 9141
+Inodes: 9143
+Data blocks: 8851
+Total data size: 22049.38 MB
+After de-duplication: 21955.46 MB (99.57% of total)
+After compression: 21877.28 MB (99.22% of total, 99.64% of de-duplicated)
+Database size: 2.39 MB (uncompressed)
+(some values do not take into account not-yet-uploaded dirty blocks in cache)
+#
</pre></blockquote></p>
-<p>The last step to remember is to mount the relevant mount points in
-tjener.intern by adding them to /etc/fstab, creating the mount
-directories using mkdir and running "mount -a" to mount them.</p>
+<p>I mentioned earlier that there are several possible suppliers of
+storage. I did not try to locate them all, but am aware of at least
+<a href="https://www.greenqloud.com/">Greenqloud</a>,
+<a href="http://drive.google.com/">Google Drive</a>,
+<a href="http://aws.amazon.com/s3/">Amazon S3 web serivces</a>,
+<a href="http://www.rackspace.com/">Rackspace</a> and
+<a href="http://crowncloud.net/">Crowncloud</A>. The latter even
+accept payment in Bitcoin. Pick one that suit your need. Some of
+them provide several GiB of free storage, but the prize models are
+quite different and you will have to figure out what suits you
+best.</p>
+
+<p>While researching this blog post, I had a look at research papers
+and posters discussing the S3QL file system. There are several, which
+told me that the file system is getting a critical check by the
+science community and increased my confidence in using it. One nice
+poster is titled
+"<a href="http://www.lanl.gov/orgs/adtsc/publications/science_highlights_2013/docs/pg68_69.pdf">An
+Innovative Parallel Cloud Storage System using OpenStack’s SwiftObject
+Store and Transformative Parallel I/O Approach</a>" by Hsing-Bung
+Chen, Benjamin McClelland, David Sherrill, Alfred Torrez, Parks Fields
+and Pamela Smith. Please have a look.</p>
+
+<p>Given my problems with different file systems earlier, I decided to
+check out the mounted S3QL file system to see if it would be usable as
+a home directory (in other word, that it provided POSIX semantics when
+it come to locking and umask handling etc). Running
+<a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">my
+test code to check file system semantics</a>, I was happy to discover that
+no error was found. So the file system can be used for home
+directories, if one chooses to do so.</p>
+
+<p>If you do not want a locally file system, and want something that
+work without the Linux fuse file system, I would like to mention the
+<a href="http://www.tarsnap.com/">Tarsnap service</a>, which also
+provide locally encrypted backup using a command line client. It have
+a nicer access control system, where one can split out read and write
+access, allowing some systems to write to the backup and others to
+only read from it.</p>
-<p>When this is done, your users should be able to access the files on
-the storage server directly by just visiting the
-/tjener/nas-server/storage/ directory using any application on any
-workstation, LTSP client or LTSP server.</p>
+<p>As usual, if you use Bitcoin and want to show your support of my
+activities, please send Bitcoin donations to my address
+<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
</description>
</item>
<item>
- <title>Hvordan bør RFC 822-formattert epost lagres i en NOARK5-database?</title>
- <link>http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html</guid>
- <pubDate>Fri, 7 Mar 2014 15:20:00 +0100</pubDate>
- <description><p>For noen uker siden ble NXCs fri programvarelisenserte
-NOARK5-løsning
-<a href="http://www.nuug.no/aktiviteter/20140211-noark/">presentert hos
-NUUG</a> (video
-<a href="https://www.youtube.com/watch?v=JCb_dNS3MHQ">på youtube
-foreløbig</a>), og det fikk meg til å titte litt mer på NOARK5,
-standarden for arkivhåndtering i det offentlige Norge. Jeg lurer på
-om denne kjernen kan være nyttig i et par av mine prosjekter, og for ett
-av dem er det mest aktuelt å lagre epost. Jeg klarte ikke finne noen
-anbefaling om hvordan RFC 822-formattert epost (aka Internett-epost)
-burde lagres i NOARK5, selv om jeg vet at noen arkiver tar
-PDF-utskrift av eposten med sitt epostprogram og så arkiverer PDF-en
-(eller enda værre, tar papirutskrift og lagrer bildet av eposten som
-PDF i arkivet).</p>
-
-<p>Det er ikke så mange formater som er akseptert av riksarkivet til
-langtidsoppbevaring av offentlige arkiver, og PDF og XML er de mest
-aktuelle i så måte. Det slo meg at det måtte da finnes en eller annen
-egnet XML-representasjon og at det kanskje var enighet om hvilken som
-burde brukes, så jeg tok mot til meg og spurte
-<a href="http://samdok.com/">SAMDOK</a>, en gruppe tilknyttet
-arkivverket som ser ut til å jobbe med NOARK-samhandling, om de hadde
-noen anbefalinger:
-
-<p><blockquote>
-<p>Hei.</p>
-
-<p>Usikker på om dette er riktig forum å ta opp mitt spørsmål, men jeg
-lurer på om det er definert en anbefaling om hvordan RFC
-822-formatterte epost (aka vanlig Internet-epost) bør lages håndteres
-i NOARK5, slik at en bevarer all informasjon i eposten
-(f.eks. Received-linjer). Finnes det en anbefalt XML-mapping ala den
-som beskrives på
-&lt;URL: <a href="https://www.informit.com/articles/article.aspx?p=32074">https://www.informit.com/articles/article.aspx?p=32074</a> &gt;? Mitt
-mål er at det skal være mulig å lagre eposten i en NOARK5-kjerne og
-kunne få ut en identisk formattert kopi av opprinnelig epost ved
-behov.</p>
-</blockquote></p>
-
-<p>Postmottaker hos SAMDOK mente spørsmålet heller burde stilles
-direkte til riksarkivet, og jeg fikk i dag svar derfra formulert av
-seniorrådgiver Geir Ivar Tungesvik:</p>
-
-<p><blockquote>
-<p>Riksarkivet har ingen anbefalinger når det gjelder konvertering fra
-e-post til XML. Det står arkivskaper fritt å eventuelt definere/bruke
-eget format. Inklusive da - som det spørres om - et format der det er
-mulig å re-etablere e-post format ut fra XML-en. XML (e-post)
-dokumenter må være referert i arkivstrukturen, og det må vedlegges et
-gyldig XML skjema (.xsd) for XML-filene. Arkivskaper står altså fritt
-til å gjøre hva de vil, bare det dokumenteres og det kan dannes et
-utrekk ved avlevering til depot.</p>
-
-<p>De obligatoriske kravene i Noark 5 standarden må altså oppfylles -
-etter dialog med Riksarkivet i forbindelse med godkjenning. For
-offentlige arkiv er det særlig viktig med filene loependeJournal.xml
-og offentligJournal.xml. Private arkiv som vil forholde seg til Noark
-5 standarden er selvsagt frie til å bruke det som er relevant for dem
-av obligatoriske krav.</p>
-</blockquote></p>
-
-<p>Det ser dermed ut for meg som om det er et lite behov for å
-standardisere XML-lagring av RFC-822-formatterte meldinger. Noen som
-vet om god spesifikasjon i så måte? I tillegg til den omtalt over,
-har jeg kommet over flere aktuelle beskrivelser (søk på "rfc 822
-xml", så finner du aktuelle alternativer).</p>
-
-<ul>
-
-<li><a href="http://www.openhealth.org/xmtp/">XML MIME Transformation
-protocol (XMTP)</a> fra OpenHealth, sist oppdatert 2001.</li>
-
-<li><a href="https://tools.ietf.org/html/draft-klyne-message-rfc822-xml-03">An
-XML format for mail and other messages</a> utkast fra IETF datert
-2001.</li>
-
-<li><a href="http://www.informit.com/articles/article.aspx?p=32074">xMail:
-E-mail as XML</a> en artikkel fra 2003 som beskriver python-modulen
-rfc822 som gir ut XML-representasjon av en RFC 822-formattert epost.</li>
+ <title>EU-domstolen bekreftet i dag at datalagringsdirektivet er ulovlig</title>
+ <link>http://people.skolelinux.org/pere/blog/EU_domstolen_bekreftet_i_dag_at_datalagringsdirektivet_er_ulovlig.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/EU_domstolen_bekreftet_i_dag_at_datalagringsdirektivet_er_ulovlig.html</guid>
+ <pubDate>Tue, 8 Apr 2014 11:30:00 +0200</pubDate>
+ <description><p>I dag kom endelig avgjørelsen fra EU-domstolen om
+datalagringsdirektivet, som ikke overraskende ble dømt ulovlig og i
+strid med borgernes grunnleggende rettigheter. Hvis du lurer på hva
+datalagringsdirektivet er for noe, så er det
+<a href="http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet">en
+flott dokumentar tilgjengelig hos NRK</a> som jeg tidligere
+<a href="http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html">har
+anbefalt</a> alle å se.</p>
-</ul>
+<p>Her er et liten knippe nyhetsoppslag om saken, og jeg regner med at
+det kommer flere ut over dagen. Flere kan finnes
+<a href="http://www.mylder.no/?drill=datalagringsdirektivet&intern=1">via
+mylder</a>.</p>
-<p>Finnes det andre og bedre spesifikasjoner for slik lagring? Send
-meg en epost hvis du har innspill.</p>
-</description>
- </item>
-
- <item>
- <title>Lenker for 2014-02-28</title>
- <link>http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html</guid>
- <pubDate>Fri, 28 Feb 2014 13:30:00 +0100</pubDate>
- <description><p>Her er noen lenker til tekster jeg har satt pris på å lese de siste
-månedene. Det er mye om varsleren Edward Snowden, som burde få all
-hjelp, støtte og beskyttelse Norge kan stille opp med for å ha satt
-totalitær overvåkning på sakskartet, men også endel annet
-tankevekkende og interessant.</p>
-
-<ul>
-
-<li>2013-12-21
-<a href="http://www.dagbladet.no/2013/12/21/nyheter/thomas_drake/nsa/overvakning/snowden/30925886/">-
-NSA tenker som Stasi</a> - Dagbladet.no</li>
-
-<li>2013-12-19 <a href="http://www.dagensit.no/article2732734.ece">-
-Staten har ikke rett til å vite alt om deg</a> - DN.no</li>
-
-<li>2013-12-21
-<a href="http://www.dagbladet.no/2013/12/21/nyheter/krig_og_konflikter/politikk/utenriks/30961126/">Nye
-mål for NSAs spionasje avslørt</a> - Dagbladet.no</li>
-
-<li>2013-12-19
-<a href="http://www.dagbladet.no/2013/12/19/nyheter/nsa/usa/politikk/barack_obama/30918684/">«NSA
-bør fjernes fra sin makt til å samle inn metadata fra amerikanske
-telefonsamtaler»</a> - Dagbladet.no</li>
-
-<li>2013-12-18
-<a href="http://www.dagbladet.no/2013/12/18/kultur/meninger/hovedkronikk/debatt/snowden/30901089/">Etterretning,
-overvåking, frihet og sikkerhet</a> - Dagbladet.no</li>
-
-<li>2013-12-17
-<a href="http://www.nrk.no/verden/snowden-vil-ha-asyl-i-brasil-1.11423444">Snowden
-angriper USA i åpent brev</a> - nrk.no</li>
-
-<li>2013-12-17
-<a href="http://www.digi.no/925820/rettslig-nederlag-for-etterretning">Rettslig
-nederlag for etterretning</a> - digi.no</li>
-
-<li>2013-12-21
-<a href="http://www.dagbladet.no/2013/12/21/kultur/meninger/hovedkommentar/kommentar/etterretning/30963284/">Truende
-nedkjøling</a> - dagbladet.no</li>
-
-<li>2013-12-20
-<a href="http://www.aftenposten.no/viten/Matematikk-og-forstaelse-7411849.html">Matematikk
-og forståelse</a> - aftenposten.no</li>
-
-<li>2013-10-20
-<a href="http://www.nrk.no/viten/ny-studie_sovn-reinser-hjernen-var-1.11306106">Vi
-søv for å reinse hjernen vår, ifølgje ny studie</a> - nrk.no</li>
-
-<li>2013-12-11
-<a href="http://www.nrk.no/buskerud/julebaksten-i-vasken-1.11410033">Rotterace
-i kloakken</a> - nrk.no</li>
-
-<li>2013-12-30
-<a href="http://www.aftenposten.no/viten/Apne-brev-og-frie-tanker-7413734.html">Åpne
-brev og frie tanker</a> - aftenposten.no</li>
-
-<li>2014-01-12
-<a href="http://www.aftenposten.no/viten/Stopp-kunnskapsapartheidet-7428229.html">Stopp dagens kunnskapsapartheid!</a> - aftenposten.no</li>
-
-<li>2014-01-09
-<a href="http://www.aftenposten.no/nyheter/uriks/EU-rapport-Britisk-og-amerikansk-overvaking-ser-ut-til-a-vare-ulovlig-7428933.html">EU-rapport:
-Britisk og amerikansk overvåking ser ut til å være ulovlig</a> -
-aftenposten.no</li>
-
-<li>2013-10-23 Professor Jan Arild Audestad
-<a href="http://www.digi.no/924008/advarer-mot-konspirasjonsteori">Advarer
-mot konspirasjonsteori</a> i digi.no og sier han ikke tror NSA kan
-avlytte mobiltelefoner, mens han noen måneder senere forteller:</li>
-
-<li>2014-01-09
-<a href="http://www.aftenposten.no/nyheter/iriks/--Vi-ble-presset-til-a-svekke-mobilsikkerheten-pa-80-tallet-7410467.html">-
-Vi ble presset til å svekke mobilsikkerheten på 80-tallet</a> -
-aftenposten.no</li>
-
-<li>2014-02-12
-<a href="http://tv.nrk.no/program/koid20005814/et-moete-med-edward-snowden">Et
-møte med Edward Snowden</a> - intervju sendt av nrk, tilgjengelig til
-2015-01-31</li>
-
-<li>2014-02-17
-<a href="http://politiken.dk/debat/profiler/jessteinpedersen/ECE2210356/litteraturredaktoeren-helle-thornings-tavshed-om-snowden-er-en-skandale/">Litteraturredaktøren:
-Helle Thornings tavshed om Snowden er en skandale</a> -
-politiken.dk</li>
-
-<li>2014-02-21
-<a href="http://www.aftenposten.no/meninger/kronikker/Bra-a-ha-en-Storebror-7476734.html">Bra å ha en «Storebror»</a> - aftenposten.no</li>
-
-<li>2014-02-28
-<a href="http://johnchristianelden.blogg.no/1393536806_narkotikasiktet_stort.html">"Narkotikasiktet
-Stortingsmann" - Spillet bak kulissene</a> - John Christian Eldens
-blogg</li>
-
-<li>2014-02-28
-<a href="http://www.aftenposten.no/meninger/Heksejakt-pa-hasjbrukere-7486283.html">Heksejakt
-på hasjbrukere</a> - aftenposten.no</li>
+<p><ul>
-</ul>
-</description>
- </item>
-
- <item>
- <title>New home and release 1.0 for netgroup and innetgr (aka ng-utils)</title>
- <link>http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</guid>
- <pubDate>Sat, 22 Feb 2014 21:45:00 +0100</pubDate>
- <description><p>Many years ago, I wrote a GPL licensed version of the netgroup and
-innetgr tools, because I needed them in
-<a href="http://www.skolelinux.org/">Skolelinux</a>. I called the project
-ng-utils, and it has served me well. I placed the project under the
-<a href="http://www.hungry.com/">Hungry Programmer</a> umbrella, and it was maintained in our CVS
-repository. But many years ago, the CVS repository was dropped (lost,
-not migrated to new hardware, not sure), and the project have lacked a
-proper home since then.</p>
-
-<p>Last summer, I had a look at the package and made a new release
-fixing a irritating crash bug, but was unable to store the changes in
-a proper source control system. I applied for a project on
-<a href="https://alioth.debian.org/">Alioth</a>, but did not have time
-to follow up on it. Until today. :)</p>
-
-<p>After many hours of cleaning and migration, the ng-utils project
-now have a new home, and a git repository with the highlight of the
-history of the project. I published all release tarballs and imported
-them into the git repository. As the project is really stable and not
-expected to gain new features any time soon, I decided to make a new
-release and call it 1.0. Visit the new project home on
-<a href="https://alioth.debian.org/projects/ng-utils/">https://alioth.debian.org/projects/ng-utils/</a>
-if you want to check it out. The new version is also uploaded into
-<a href="http://packages.qa.debian.org/n/ng-utils.html">Debian Unstable</a>.</p>
-</description>
- </item>
-
- <item>
- <title>Testing sysvinit from experimental in Debian Hurd</title>
- <link>http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</guid>
- <pubDate>Mon, 3 Feb 2014 13:40:00 +0100</pubDate>
- <description><p>A few days ago I decided to try to help the Hurd people to get
-their changes into sysvinit, to allow them to use the normal sysvinit
-boot system instead of their old one. This follow up on the
-<a href="https://teythoon.cryptobitch.de//categories/gsoc.html">great
-Google Summer of Code work</a> done last summer by Justus Winter to
-get Debian on Hurd working more like Debian on Linux. To get started,
-I downloaded a prebuilt hard disk image from
-<a href="http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz">http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz</a>,
-and started it using virt-manager.</p>
-
-<p>The first think I had to do after logging in (root without any
-password) was to get the network operational. I followed
-<a href="https://www.debian.org/ports/hurd/hurd-install">the
-instructions on the Debian GNU/Hurd ports page</a> and ran these
-commands as root to get the machine to accept a IP address from the
-kvm internal DHCP server:</p>
+<li><a href="http://e24.no/digital/eu-domstolen-datalagringsdirektivet-er-ugyldig/22879592">EU-domstolen:
+Datalagringsdirektivet er ugyldig</a> - e24.no 2014-04-08
-<p><blockquote><pre>
-settrans -fgap /dev/netdde /hurd/netdde
-kill $(ps -ef|awk '/[p]finet/ { print $2}')
-kill $(ps -ef|awk '/[d]evnode/ { print $2}')
-dhclient /dev/eth0
-</pre></blockquote></p>
+<li><a href="http://www.aftenposten.no/nyheter/iriks/EU-domstolen-Datalagringsdirektivet-er-ulovlig-7529032.html">EU-domstolen:
+Datalagringsdirektivet er ulovlig</a> - aftenposten.no 2014-04-08
-<p>After this, the machine had internet connectivity, and I could
-upgrade it and install the sysvinit packages from experimental and
-enable it as the default boot system in Hurd.</p>
+<li><a href="http://www.aftenposten.no/nyheter/iriks/politikk/Krever-DLD-stopp-i-Norge-7530086.html">Krever
+DLD-stopp i Norge</a> - aftenposten.no 2014-04-08
-<p>But before I did that, I set a password on the root user, as ssh is
-running on the machine it for ssh login to work a password need to be
-set. Also, note that a bug somewhere in openssh on Hurd block
-compression from working. Remember to turn that off on the client
-side.</p>
+<li><a href="http://www.p4.no/story.aspx?id=566431">Apenes: - En
+gledens dag</a> - p4.no 2014-04-08
-<p>Run these commands as root to upgrade and test the new sysvinit
-stuff:</p>
+<li><a href="http://www.nrk.no/norge/_-datalagringsdirektivet-er-ugyldig-1.11655929">EU-domstolen:
+– Datalagringsdirektivet er ugyldig</a> - nrk.no 2014-04-08</li>
-<p><blockquote><pre>
-cat > /etc/apt/sources.list.d/experimental.list &lt;&lt;EOF
-deb http://http.debian.net/debian/ experimental main
-EOF
-apt-get update
-apt-get dist-upgrade
-apt-get install -t experimental initscripts sysv-rc sysvinit \
- sysvinit-core sysvinit-utils
-update-alternatives --config runsystem
-</pre></blockquote></p>
+<li><a href="http://www.vg.no/nyheter/utenriks/data-og-nett/eu-domstolen-datalagringsdirektivet-er-ugyldig/a/10130280/">EU-domstolen:
+Datalagringsdirektivet er ugyldig</a> - vg.no 2014-04-08</li>
-<p>To reboot after switching boot system, you have to use
-<tt>reboot-hurd</tt> instead of just <tt>reboot</tt>, as there is not
-yet a sysvinit process able to receive the signals from the normal
-'reboot' command. After switching to sysvinit as the boot system,
-upgrading every package and rebooting, the network come up with DHCP
-after boot as it should, and the settrans/pkill hack mentioned at the
-start is no longer needed. But for some strange reason, there are no
-longer any login prompt in the virtual console, so I logged in using
-ssh instead.
-
-<p>Note that there are some race conditions in Hurd making the boot
-fail some times. No idea what the cause is, but hope the Hurd porters
-figure it out. At least Justus said on IRC (#debian-hurd on
-irc.debian.org) that they are aware of the problem. A way to reduce
-the impact is to upgrade to the Hurd packages built by Justus by
-adding this repository to the machine:</p>
+<li><a href="http://www.dagbladet.no/2014/04/08/nyheter/innenriks/datalagringsdirektivet/personvern/32711646/">-
+Vi bør skrote hele datalagringsdirektivet</a> - dagbladet.no
+2014-04-08</li>
-<p><blockquote><pre>
-cat > /etc/apt/sources.list.d/hurd-ci.list &lt;&lt;EOF
-deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main
-EOF
-</pre></blockquote></p>
+<li><a href="http://www.digi.no/928137/eu-domstolen-dld-er-ugyldig">EU-domstolen:
+DLD er ugyldig</a> - digi.no 2014-04-08</li>
-<p>At the moment the prebuilt virtual machine get some packages from
-http://ftp.debian-ports.org/debian, because some of the packages in
-unstable do not yet include the required patches that are lingering in
-BTS. This is the completely list of "unofficial" packages installed:</p>
+<li><a href="http://www.irishtimes.com/business/sectors/technology/european-court-declares-data-retention-directive-invalid-1.1754150">European
+court declares data retention directive invalid</a> - irishtimes.com
+2014-04-08</li>
-<p><blockquote><pre>
-# aptitude search '?narrow(?version(CURRENT),?origin(Debian Ports))'
-i emacs - GNU Emacs editor (metapackage)
-i gdb - GNU Debugger
-i hurd-recommended - Miscellaneous translators
-i isc-dhcp-client - ISC DHCP client
-i isc-dhcp-common - common files used by all the isc-dhcp* packages
-i libc-bin - Embedded GNU C Library: Binaries
-i libc-dev-bin - Embedded GNU C Library: Development binaries
-i libc0.3 - Embedded GNU C Library: Shared libraries
-i A libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
-i libc0.3-dev - Embedded GNU C Library: Development Libraries and Hea
-i multiarch-support - Transitional package to ensure multiarch compatibilit
-i A x11-common - X Window System (X.Org) infrastructure
-i xorg - X.Org X Window System
-i A xserver-xorg - X.Org X server
-i A xserver-xorg-input-all - X.Org X server -- input driver metapackage
-#
-</pre></blockquote></p>
+<li><a href="http://www.reuters.com/article/2014/04/08/us-eu-data-ruling-idUSBREA370F020140408?feedType=RSS">EU
+court rules against requirement to keep data of telecom users</a> -
+reuters.com 2014-04-08</li>
-<p>All in all, testing hurd has been an interesting experience. :)
-X.org did not work out of the box and I never took the time to follow
-the porters instructions to fix it. This time I was interested in the
-command line stuff.<p>
+</ul>
+</p>
+
+<p>Jeg synes det er veldig fint at nok en stemme slår fast at
+totalitær overvåkning av befolkningen er uakseptabelt, men det er
+fortsatt like viktig å beskytte privatsfæren som før, da de
+teknologiske mulighetene fortsatt finnes og utnyttes, og jeg tror
+innsats i prosjekter som
+<a href="https://wiki.debian.org/FreedomBox">Freedombox</a> og
+<a href="http://www.dugnadsnett.no/">Dugnadsnett</a> er viktigere enn
+noen gang.</p>
+
+<p><strong>Update 2014-04-08 12:10</strong>: Kronerullingen for å
+stoppe datalagringsdirektivet i Norge gjøres hos foreningen
+<a href="http://www.digitaltpersonvern.no/">Digitalt Personvern</a>,
+som har samlet inn 843 215,- så langt men trenger nok mye mer hvis
+
+ikke Høyre og Arbeiderpartiet bytter mening i saken. Det var
+<a href="http://www.holderdeord.no/parliament-issues/48650">kun
+partinene Høyre og Arbeiderpartiet</a> som stemte for
+Datalagringsdirektivet, og en av dem må bytte mening for at det skal
+bli flertall mot i Stortinget. Se mer om saken
+<a href="http://www.holderdeord.no/issues/69-innfore-datalagringsdirektivet">Holder
+de ord</a>.</p>
</description>
</item>
<item>
- <title>A fist full of non-anonymous Bitcoins</title>
- <link>http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_fist_full_of_non_anonymous_Bitcoins.html</guid>
- <pubDate>Wed, 29 Jan 2014 14:10:00 +0100</pubDate>
- <description><p>Bitcoin is a incredible use of peer to peer communication and
-encryption, allowing direct and immediate money transfer without any
-central control. It is sometimes claimed to be ideal for illegal
-activity, which I believe is quite a long way from the truth. At least
-I would not conduct illegal money transfers using a system where the
-details of every transaction are kept forever. This point is
-investigated in
-<a href="https://www.usenix.org/publications/login">USENIX ;login:</a>
-from December 2013, in the article
-"<a href="https://www.usenix.org/system/files/login/articles/03_meiklejohn-online.pdf">A
-Fistful of Bitcoins - Characterizing Payments Among Men with No
-Names</a>" by Sarah Meiklejohn, Marjori Pomarole,Grant Jordan, Kirill
-Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. They
-analyse the transaction log in the Bitcoin system, using it to find
-addresses belong to individuals and organisations and follow the flow
-of money from both Bitcoin theft and trades on Silk Road to where the
-money end up. This is how they wrap up their article:</p>
-
-<p><blockquote>
-<p>"To demonstrate the usefulness of this type of analysis, we turned
-our attention to criminal activity. In the Bitcoin economy, criminal
-activity can appear in a number of forms, such as dealing drugs on
-Silk Road or simply stealing someone else’s bitcoins. We followed the
-flow of bitcoins out of Silk Road (in particular, from one notorious
-address) and from a number of highly publicized thefts to see whether
-we could track the bitcoins to known services. Although some of the
-thieves attempted to use sophisticated mixing techniques (or possibly
-mix services) to obscure the flow of bitcoins, for the most part
-tracking the bitcoins was quite straightforward, and we ultimately saw
-large quantities of bitcoins flow to a variety of exchanges directly
-from the point of theft (or the withdrawal from Silk Road).</p>
-
-<p>As acknowledged above, following stolen bitcoins to the point at
-which they are deposited into an exchange does not in itself identify
-the thief; however, it does enable further de-anonymization in the
-case in which certain agencies can determine (through, for example,
-subpoena power) the real-world owner of the account into which the
-stolen bitcoins were deposited. Because such exchanges seem to serve
-as chokepoints into and out of the Bitcoin economy (i.e., there are
-few alternative ways to cash out), we conclude that using Bitcoin for
-money laundering or other illicit purposes does not (at least at
-present) seem to be particularly attractive."</p>
-</blockquote><p>
-
-<p>These researches are not the first to analyse the Bitcoin
-transaction log. The 2011 paper
-"<a href="http://arxiv.org/abs/1107.4524">An Analysis of Anonymity in
-the Bitcoin System</A>" by Fergal Reid and Martin Harrigan is
-summarized like this:</p>
-
-<p><blockquote>
-"Anonymity in Bitcoin, a peer-to-peer electronic currency system, is a
-complicated issue. Within the system, users are identified by
-public-keys only. An attacker wishing to de-anonymize its users will
-attempt to construct the one-to-many mapping between users and
-public-keys and associate information external to the system with the
-users. Bitcoin tries to prevent this attack by storing the mapping of
-a user to his or her public-keys on that user's node only and by
-allowing each user to generate as many public-keys as required. In
-this chapter we consider the topological structure of two networks
-derived from Bitcoin's public transaction history. We show that the
-two networks have a non-trivial topological structure, provide
-complementary views of the Bitcoin system and have implications for
-anonymity. We combine these structures with external information and
-techniques such as context discovery and flow analysis to investigate
-an alleged theft of Bitcoins, which, at the time of the theft, had a
-market value of approximately half a million U.S. dollars."
-</blockquote></p>
-
-<p>I hope these references can help kill the urban myth that Bitcoin
-is anonymous. It isn't really a good fit for illegal activites. Use
-cash if you need to stay anonymous, at least until regular DNA
-sampling of notes and coins become the norm. :)</p>
-
-<p>As usual, if you use Bitcoin and want to show your support of my
-activities, please send Bitcoin donations to my address
-<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>
+ <title>ReactOS Windows clone - nice free software</title>
+ <link>http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html</guid>
+ <pubDate>Tue, 1 Apr 2014 12:10:00 +0200</pubDate>
+ <description><p>Microsoft have announced that Windows XP reaches its end of life
+2014-04-08, in 7 days. But there are heaps of machines still running
+Windows XP, and depending on Windows XP to run their applications, and
+upgrading will be expensive, both when it comes to money and when it
+comes to the amount of effort needed to migrate from Windows XP to a
+new operating system. Some obvious options (buy new a Windows
+machine, buy a MacOSX machine, install Linux on the existing machine)
+are already well known and covered elsewhere. Most of them involve
+leaving the user applications installed on Windows XP behind and
+trying out replacements or updated versions. In this blog post I want
+to mention one strange bird that allow people to keep the hardware and
+the existing Windows XP applications and run them on a free software
+operating system that is Windows XP compatible.</p>
+
+<p><a href="http://www.reactos.org/">ReactOS</a> is a free software
+operating system (GNU GPL licensed) working on providing a operating
+system that is binary compatible with Windows, able to run windows
+programs directly and to use Windows drivers for hardware directly.
+The project goal is for Windows user to keep their existing machines,
+drivers and software, and gain the advantages from user a operating
+system without usage limitations caused by non-free licensing. It is
+a Windows clone running directly on the hardware, so quite different
+from the approach taken by <a href="http://www.winehq.org/">the Wine
+project</a>, which make it possible to run Windows binaries on
+Linux.</p>
+
+<p>The ReactOS project share code with the Wine project, so most
+shared libraries available on Windows are already implemented already.
+There is also a software manager like the one we are used to on Linux,
+allowing the user to install free software applications with a simple
+click directly from the Internet. Check out the
+<a href="http://www.reactos.org/screenshots">screen shots on the
+project web site</a> for an idea what it look like (it looks just like
+Windows before metro).</p>
+
+<p>I do not use ReactOS myself, preferring Linux and Unix like
+operating systems. I've tested it, and it work fine in a virt-manager
+virtual machine. The browser, minesweeper, notepad etc is working
+fine as far as I can tell. Unfortunately, my main test application
+is the software included on a CD with the Lego Mindstorms NXT, which
+seem to install just fine from CD but fail to leave any binaries on
+the disk after the installation. So no luck with that test software.
+No idea why, but hope someone else figure out and fix the problem.
+I've tried the ReactOS Live ISO on a physical machine, and it seemed
+to work just fine. If you like Windows and want to keep running your
+old Windows binaries, check it out by
+<a href="http://www.reactos.org/download">downloading</a> the
+installation CD, the live CD or the preinstalled virtual machine
+image.</p>
</description>
</item>
<item>
- <title>New chrpath release 0.16</title>
- <link>http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html</guid>
- <pubDate>Tue, 14 Jan 2014 11:00:00 +0100</pubDate>
- <description><p><a href="http://www.coverity.com/">Coverity</a> is a nice tool to
-find problems in C, C++ and Java code using static source code
-analysis. It can detect a lot of different problems, and is very
-useful to find memory and locking bugs in the error handling part of
-the source. The company behind it provide
-<a href="https://scan.coverity.com/">check of free software projects as
-a community service</a>, and many hundred free software projects are
-already checked. A few days ago I decided to have a closer look at
-the Coverity system, and discovered that the
-<a href="http://www.gnu.org/software/gnash/">gnash</a> and
-<a href="http://sourceforge.net/projects/ipmitool/">ipmitool</a>
-projects I am involved with was already registered. But these are
-fairly big, and I would also like to have a small and easy project to
-check, and decided to <a href="http://scan.coverity.com/projects/1179">request
-checking of the chrpath project</a>. It was
-added to the checker and discovered seven potential defects. Six of
-these were real, mostly resource "leak" when the program detected an
-error. Nothing serious, as the resources would be released a fraction
-of a second later when the program exited because of the error, but it
-is nice to do it right in case the source of the program some time in
-the future end up in a library. Having fixed all defects and added
-<a href="https://lists.alioth.debian.org/mailman/listinfo/chrpath-devel">a
-mailing list for the chrpath developers</a>, I decided it was time to
-publish a new release. These are the release notes:</p>
-
-<p>New in 0.16 released 2014-01-14:</p>
-
-<ul>
-
- <li>Fixed all minor bugs discovered by Coverity.</li>
- <li>Updated config.sub and config.guess from the GNU project.</li>
- <li>Mention new project mailing list in the documentation.</li>
+ <title>Debian Edu interview: Roger Marsal</title>
+ <link>http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html</guid>
+ <pubDate>Sun, 30 Mar 2014 11:40:00 +0200</pubDate>
+ <description><p><a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a>
+keep gaining new users. Some weeks ago, a person showed up on IRC,
+<a href="irc://irc.debian.org/#debian-edu">#debian-edu</a>, with a
+wish to contribute, and I managed to get a interview with this great
+contributor Roger Marsal to learn more about his background.</p>
-</ul>
+<p><strong>Who are you, and how do you spend your days?</strong></p>
-<p>You can
-<a href="https://alioth.debian.org/frs/?group_id=31052">download the
-new version 0.16 from alioth</a>. Please let us know via the Alioth
-project if something is wrong with the new release. The test suite
-did not discover any old errors, so if you find a new one, please also
-include a test suite check.</p>
-</description>
- </item>
-
- <item>
- <title>Debian Edu interview: Dominik George</title>
- <link>http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Dominik_George.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Dominik_George.html</guid>
- <pubDate>Wed, 25 Dec 2013 13:40:00 +0100</pubDate>
- <description><p>The <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux
-project</a> consist of both newcomers and old timers, and this time I
-was able to get an interview with a newcomer in the project who showed
-up on the IRC channel a few weeks ago to let us know about his
-successful installation of Debian Edu Wheezy in his School. Say hello
-to <a href="https://www.ohloh.net/accounts/Natureshadow">Dominik
-George</a>.</p>
-
-<!-- http://www.dominik-george.de/images/foto.jpg -->
+<p>My name is Roger Marsal, I'm 27 years old (1986 generation) and I
+live in Barcelona, Spain. I've got a strong business background and I
+work as a patrimony manager and as a real estate agent. Additionally,
+I've co-founded a British based tech company that is nowadays on the
+last development phase of a new social networking concept.</p>
-<p><strong>Who are you, and how do you spend your days?</strong></p>
+<p>I'm a Linux enthusiast that started its journey with Ubuntu four years
+ago and have recently switched to Debian seeking rock solid stability
+and as a necessary step to gain expertise.</p>
-<p>I am a 23 year-old student from Germany who has spent half of his
-life with open source. In "real life", I am, as already mentioned, a
-student in the fields of Computer Science, Electrical Engineering,
-Information Technologies and Anglistics. Due to my (only partially
-voluntary) huge engagement in the open source world, these things are
-a bit vacant right now however.</p>
-
-<p>I also have been working as a project teacher at a Gymasnium
-(public school) for various years now. I took up that work some time
-around 2005 when still attending that school myself and have continued
-it until today. I also had been running the (kind of very advanced)
-network of that school together with a team of very interested and
-talented students in the age of 11 to 15 years, who took the chance to
-learn a lot about open source and networking before I left the school
-to help building another school's informational education concept from
-scratch.</p>
-
-<p>That said, one might see me as a kind of "glue" between school kids
-and the elderly of teachers as well as between the open source
-ecosystem and the (even more complex) educational ecosystem.</p>
-
-<p>When I am not busy with open source or education, I like Geocaching
-and cycling.</p>
+<p>In a nutshell, I spend my days working and learning as much as I
+can to face both my job, entrepreneur project and feed my Linux
+hunger.</p>
<p><strong>How did you get in contact with the Skolelinux / Debian Edu
project?</strong></p>
-<p>I think that happened some time around 2009 when I first attended
-<a href="http://www.froscon.org">FrOSCon</a> and visited the project
-booth. I think I wasn't too interested back then because I used to
-have an attitude of disliking software that does too much stuff on its
-own. Maybe I was too inexperienced to realise the upsides of an
-"out-of-the-box" solution ;).</p>
-
-<p>The first time I actively talked to Skolelinux people was at
-<a href="http://www.openrheinruhr.de">OpenRheinRuhr</a> 2011 when the
-BiscuIT project, a home-grewn software used by my school for various
-really cool things from timetables and class contact lists to lunch
-ordering, student ID card printing and project elections first got to
-a stage where it could have been published. I asked the Skolelinux
-guys running the booth if the project were interested in it and gave a
-small demonstration, but there wasn't any real feedback and the guys
-seemed rather uninterested.</p>
-
-<p>After I left the school where I developed the software, it got
-mostly lost, but I am now reimplementing it for my new school. I have
-reusability and compatibility in mind, and I hop there will be a new
-basis for contributing it to the Skolelinux project ;)!</p>
+<p>I discovered the <a href="http://www.ltsp.org/">LTSP</a> advantages
+with "Ubuntu 12.04 alternate install" and after a year of use I
+started looking for an alternative. Even though I highly value and
+respect the Ubuntu project, I thought it was necessary for me to
+change to a more robust and stable alternative. As far as I was using
+Debian on my personal laptop I thought it would be fine to install
+Debian and configure an LTSP server myself. Surprised, I discovered
+that the Debian project also supported a kind of Edubuntu equivalent,
+and after having some pain I obtained a Debian Edu network up and
+running. I just loved it.</p>
<p><strong>What do you see as the advantages of Skolelinux / Debian
Edu?</strong></p>
-<p>The most important advantage seems to be that it "just
-works". After overcoming some minor (but still very annoying) glitches
-in the installer, I got a fully functional, working school network,
-without the month-long hassle I experienced when setting all that up
-from scratch in earlier years. And above that, it rocked - I didn't
-have any real hardware at hand, because the school was just founded
-and has no money whatsoever, so I installed a combined server (main
-server, terminal services and workstation) in a VM on my personal
-notebook, bridging the LTSP network interface to the ethernet port,
-and then PXE-booted the Windows notebooks that were lying around from
-it. I could use 8 clients without any performance issues, by using a
-tiny little VM on a tiny little notebook. I think that's enough to say
-that it rocks!</p>
-
-<p>Secondly, there are marketing reasons. Life's bad, and so no
-politician will ever permit a setup described as "Debian, an universal
-operating system, with some really cool educational tools" while they
-will be jsut fine with "Skolelinux, a single-purpose solution for your
-school network", even if both turn out to be the very same thing (yes,
-this is unfair towards the Skolelinux project, and must not be taken
-too seriously - you get the idea, anyway).</p>
+<p>I found a main advantage in that, once you know "the tips and
+tricks", a new installation just works out of the box. It's the most
+complete alternative I've found to create an LTSP network. All the
+other distributions seems to be made of plastic, Debian Edu seems to
+be made of steel.</p>
<p><strong>What do you see as the disadvantages of Skolelinux / Debian
Edu?</strong></p>
-<p>I have not been involved with Skolelinux long enough to really
-answer this question in a fair way. Thus, please allow me to put it in
-other words: "What do you expect from Skolelinux to keep liking it?" I
-can list a few points about that:</p>
+<p>I found two main disadvantages.</p>
-<ul>
-
- <li>always strive to get all things integrated into Debian upstream
- <li>be open to discussion about changes and the like, even with newcomers
- <li>be helpful at being helpful ;)
-
-</ul>
+<p>I'm not an expert but I've got notions and I had to spent a considerable
+amount of time trying to bring up a standard network topology. I'm quite
+stubborn and I just worked until I did but I'm sure many people with few
+resources (not big schools, but academies for example) would have switched
+or dropped.</p>
-<p>I'm really sorry I cannot say much more about that :(!</p>
+<p>It's amazing how such a complex system like Debian Edu has achieved
+this out-of-the-box state. Even though tweaking without breaking gets
+more difficult, as more factors have to be considered. This can
+discourage many people too.</p>
<p><strong>Which free software do you use daily?</strong></p>
-<p>First of all, all software I use is free and open. I have abandoned
-all non-free software (except for firmware on my darned phone) this
-year.</p>
-
-<p>I run Debian GNU/Linux on all PC systems I use. On that, I mostly
-run text tools. I use
-<a href="https://www.mirbsd.org/mksh.htm">mksh</a> as shell,
-<a href="https://www.mirbsd.org/jupp.htm">jupp</a> as very advanced
-text editor (I even got the developer to help me write a script/macro
-based full-featured student management software with the two),
-<a href="http://mcabber.com/">mcabber</a> for XMPP and
-<a href="http://www.irssi.org/">irssi</a> for IRC. For that overly
-coloured world called the WWW, I use
-<a href="https://www.mozilla.org/en-US/firefox/new/">Iceweasel
-(Firefox)</a>. Oh, and <a href="http://www.mutt.org/">mutt</a> for
-e-mail.</p>
-
-<p>However, while I am personally aware of the fact that text tools
-are more efficient and powerful than anything else, I also use (or at
-least operate) some tools that are suitable to bring open source to
-kids. One of these things is <a href="http://jappix.org/">Jappix</a>,
-which I already introduced to some kids even before they got aware of
-Facebook, making them see for themselves that they do not need
-Facebook now ;).</p>
+<p>I use Debian, Firefox, Okular, Inkscape, LibreOffice and
+Virtualbox.</p>
+
<p><strong>Which strategy do you believe is the right one to use to
get schools to use free software?</strong></p>
-<p>Well, that's a two-sided thing. One side is what I believe, and one
-side is what I have experienced.</p>
-
-<p>I believe that the right strategy is showing them the benefits. But
-that won't work out as long as the acceptance of free alternatives
-grows globally. What I mean is that if all the kids are almost forced
-to use Windows, Facebook, Skype, you name it at home, they will not
-see why they would want to use alternatives at school. I have seen
-students take seat in front of a fully-functional, modern Debian
-desktop that could do anything their Windows at home could do, and
-they jsut refused to use it because "Linux sucks". It is something
-that makes the council of our city spend around 600000 € to buy
-software - not including hardware, mind you - for operating school
-networks, and for installing a system that, as has been proved, does
-not work. For those of you readers who are good at maths, have you
-already found out how many lives could have been saved with that money
-if we had instead used it to bring education to parts of the world
-that need it? I have, and found it to be nothing less dramatic than
-plain criminal.</p>
-
-<p>That said, the only feasible way appears to be the bottom up
-method. We have to bring free software to kids and parents. I have
-founded an association named
-<a href="https://www.teckids.org">Teckids</a> here in Germany that does
-just that. We organise several events for kids and adolescents in the
-area of free and open source software, for example the
-<a href="http://kids.froscon.org">FrogLabs</a>, which share staff with
-Teckids and are the youth programme of
-<a href="http://www.froscon.org">the Free and Open Source Software
-Conference (FrOSCon)</a>. We do a lot more than most other conferences
-- this year, we first offered the FrogLabs as a holiday camp for kids
-aged 10 to 16. It was a huge success, with approx. 30 kids taking part
-and learning with and about free software through a whole weekend. All
-of us had a lot of fun, and the results were really exciting.</p>
-
-<p>Apart from that, we are preparing a campaign that is supposed to bring
-the message of free alternatives to stuff kids use every day to them and
-their parents, e.g. the use of Jabber / Jappix instead of Facebook and
-Skype. To make that possible, we are planning to get together a team of
-clever kids who understand very well what their peers need and can bring
-it across to them. So we will have a peer-driven network of adolescents
-who teach each other and collect feedback from the community of minors.
-We then take that feedback and our own experience to work closely with
-open source projects, such as Skolelinux or Jappix, at improving their
-software in a way that makes it more and more attractive for the target
-group. At least I hope that we will have good cooperation with
-Skolelinux in the future ;)!</p>
-
-<p>So in conclusion, what I believe is that, if it weren't for the world
-being so bad, it should be very clear to the political decision makers
-that the only way to go nowadays is free software for various reasons,
-but I have learnt that the only way that seems to work is bottom up.</p>
-
-<!--
-
-> * Who should be interviewed with this questions in the future?
-
-That's probably the hardest question of them all, as I do not know the
-community. However, I would be willing to do the following:
-
- <li>Run an interview with a German headteacher who is very open to
- free software, and also prefers it, but cannot really use it because
- of the decision makers above;
- <li>Run interviews with some kids, both with and without previous
- knowledge about free software
-
-If that is wanted, just let me know ;).
-
--->
+<p>I don't think there is a need for a particular strategy. The free
+attribute in both "freedom" and "no price" meanings is what will
+really bring free software to schools. In my experience I can think of
+the <a href="http://www.r-project.org/">"R" statistical language</a>; a
+few years a ago was an extremely nerd tool for university people.
+Today it's being increasingly used to teach statistics at many
+different level of studies. I believe free and open software will
+increasingly gain popularity, but I'm sure schools will be one of the
+first scenarios where this will happen.</p>
</description>
</item>
<item>
- <title>Dugnadsnett for alle stiller på Oslo Maker Faire i januar 2014</title>
- <link>http://people.skolelinux.org/pere/blog/Dugnadsnett_for_alle_stiller_p__Oslo_Maker_Faire_i_januar_2014.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Dugnadsnett_for_alle_stiller_p__Oslo_Maker_Faire_i_januar_2014.html</guid>
- <pubDate>Tue, 10 Dec 2013 19:20:00 +0100</pubDate>
- <description><p>Helga 18. og 19. januar 2014 arrangeres
-<a href="http://makerfaireoslo.no/no/program/dugnadsnett">Oslo Maker
-Faire</a>, og <a href="http://www.dugnadsnett.no/">Dugnadsnett for
-alle</a> har fått plass! Planen er å ha et bord med en plakat der vi
-forteller om hva Dugnadsnett for alle er for noe, og et lite verksted
-der vi hjelper folk som er interessert i å få opp sin egen mesh-node.
-Jeg gleder meg til å se hvordan prosjektet blir mottatt der.</p>
-
-<p>Målet med dugnadsnett for alle i Oslo er å få på plass et datanett
-for kommunikasjon ved hjelp av radio-repeaterstasjoner (kalt
-mesh-noder) som gjør at en kan direkte kommunisere med slekt, venner
-og bekjente i Oslo via andre som deltar i dugnadsnettet, samt gjøre
-det mulig komme ut på internett via dugnadsnettet. Første delmål er å
-kunne sende SMS-meldinger vha. IP-telefoni løsningen
-<a href="http://www.servalproject.org/">Serval project</a> mellom
-deltagerne i Dugnadsnett for alle i Oslo. Formålet er å ta tilbake
-kontrollen over egen nett-infrastruktur og gjøre det dyrere å bedrive
-massiv innsamling av informasjon om borgernes bruk av datanett.</p>
-
-<p>Høres dette interessant ut? Bli med på prosjektet, fortell oss
-hvor du kunne tenke deg å sette opp en radio-repeater (slik at folk i
-nærheten kan finne hverandre ved hjelp av
-<a href="http://flynor.net/mesh/mesh.php">kartet over planlagte og
-eksisterende radio-repeatere</A>), bli med på epostlisten
-<a href="http://lists.nuug.no/mailman/listinfo/dugnadsnett">dugnadsnett
-(at) nuug.no</a> og stikk innom
-<a href="irc://irc.freenode.net/#dugnadsnett.no">IRC-kanalen
-#dugnadsnett.no</a>. Så langt er det planlagt over 40
-radio-repeatere, med VPN-forbindelser via Internet for å la de delene
-av nettet som ikke når hverandre via radio kunne snakke med hverandre
-likevel.</p>
+ <title>Dokumentaren om Datalagringsdirektivet sendes endelig på NRK</title>
+ <link>http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html</guid>
+ <pubDate>Wed, 26 Mar 2014 09:50:00 +0100</pubDate>
+ <description><p><a href="http://www.nuug.no/">Foreningen NUUG</a> melder i natt at
+NRK nå har bestemt seg for
+<a href="http://www.nuug.no/news/NRK_viser_filmen_om_Datalagringsdirektivet_f_rste_gang_2014_03_31.shtml">når
+den norske dokumentarfilmen om datalagringsdirektivet skal
+sendes</a> (se <a href="http://www.imdb.com/title/tt2832844/">IMDB</a>
+for detaljer om filmen) . Første visning blir på NRK2 mandag
+2014-03-31 kl. 19:50, og deretter visninger onsdag 2014-04-02
+kl. 12:30, fredag 2014-04-04 kl. 19:40 og søndag 2014-04-06 kl. 15:10.
+Jeg har sett dokumentaren, og jeg anbefaler enhver å se den selv. Som
+oppvarming mens vi venter anbefaler jeg Bjørn Stærks kronikk i
+Aftenposten fra i går,
+<a href="http://www.aftenposten.no/meninger/kronikker/Autoritar-gjokunge-7514915.html">Autoritær
+gjøkunge</a>, der han gir en grei skisse av hvor ille det står til med
+retten til privatliv og beskyttelsen av demokrati i Norge og resten
+verden, og helt riktig slår fast at det er vi i databransjen som
+sitter med nøkkelen til å gjøre noe med dette. Jeg har involvert meg
+i prosjektene <a href="http://www.dugnadsnett.no/">dugnadsnett.no</a>
+og <a href="https://wiki.debian.org/FreedomBox">FreedomBox</a> for å
+forsøke å gjøre litt selv for å bedre situasjonen, men det er mye
+hardt arbeid fra mange flere enn meg som gjenstår før vi kan sies å ha
+gjenopprettet balansen.</p>
+
+<p>Jeg regner med at nettutgaven dukker opp på
+<a href="http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet">NRKs
+side om filmen om datalagringsdirektivet</a> om fem dager. Hold et
+øye med siden, og tips venner og slekt om at de også bør se den.</p>
</description>
</item>
<item>
- <title>Debian Edu interview: Klaus Knopper</title>
- <link>http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Klaus_Knopper.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Klaus_Knopper.html</guid>
- <pubDate>Fri, 6 Dec 2013 09:50:00 +0100</pubDate>
- <description><p>It has been a while since I managed to publish the last interview,
-but the <a href="http://www.skolelinux.org/">Debian Edu /
-Skolelinux</a> community is still going strong, and yesterday we even
-had a new school administrator show up on
-<a href="irc://irc.debian.org/#debian-edu">#debian-edu</a> to share
-his success story with installing Debian Edu at their school. This
-time I have been able to get some helpful comments from the creator of
-Knoppix, Klaus Knopper, who was involved in a Skolelinux project in
-Germany a few years ago.</p>
-
-<p><strong>Who are you, and how do you spend your days?</strong></p>
+ <title>Public Trusted Timestamping services for everyone</title>
+ <link>http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</guid>
+ <pubDate>Tue, 25 Mar 2014 12:50:00 +0100</pubDate>
+ <description><p>Did you ever need to store logs or other files in a way that would
+allow it to be used as evidence in court, and needed a way to
+demonstrate without reasonable doubt that the file had not been
+changed since it was created? Or, did you ever need to document that
+a given document was received at some point in time, like some
+archived document or the answer to an exam, and not changed after it
+was received? The problem in these settings is to remove the need to
+trust yourself and your computers, while still being able to prove
+that a file is the same as it was at some given time in the past.</p>
+
+<p>A solution to these problems is to have a trusted third party
+"stamp" the document and verify that at some given time the document
+looked a given way. Such
+<a href="https://en.wikipedia.org/wiki/Notarius">notarius</a> service
+have been around for thousands of years, and its digital equivalent is
+called a
+<a href="http://en.wikipedia.org/wiki/Trusted_timestamping">trusted
+timestamping service</a>. <a href="http://www.ietf.org/">The Internet
+Engineering Task Force</a> standardised how such service could work a
+few years ago as <a href="http://tools.ietf.org/html/rfc3161">RFC
+3161</a>. The mechanism is simple. Create a hash of the file in
+question, send it to a trusted third party which add a time stamp to
+the hash and sign the result with its private key, and send back the
+signed hash + timestamp. Both email, FTP and HTTP can be used to
+request such signature, depending on what is provided by the service
+used. Anyone with the document and the signature can then verify that
+the document matches the signature by creating their own hash and
+checking the signature using the trusted third party public key.
+There are several commercial services around providing such
+timestamping. A quick search for
+"<a href="https://duckduckgo.com/?q=rfc+3161+service">rfc 3161
+service</a>" pointed me to at least
+<a href="https://www.digistamp.com/technical/how-a-digital-time-stamp-works/">DigiStamp</a>,
+<a href="http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx">Quo
+Vadis</a>,
+<a href="https://www.globalsign.com/timestamp-service/">Global Sign</a>
+and <a href="http://www.globaltrustfinder.com/TSADefault.aspx">Global
+Trust Finder</a>. The system work as long as the private key of the
+trusted third party is not compromised.</p>
+
+<p>But as far as I can tell, there are very few public trusted
+timestamp services available for everyone. I've been looking for one
+for a while now. But yesterday I found one over at
+<a href="https://www.pki.dfn.de/zeitstempeldienst/">Deutches
+Forschungsnetz</a> mentioned in
+<a href="http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/">a
+blog by David Müller</a>. I then found
+<a href="http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html">a
+good recipe on how to use the service</a> over at the University of
+Greifswald.</p>
+
+<p><a href="http://www.openssl.org/">The OpenSSL library</a> contain
+both server and tools to use and set up your own signing service. See
+the ts(1SSL), tsget(1SSL) manual pages for more details. The
+following shell script demonstrate how to extract a signed timestamp
+for any file on the disk in a Debian environment:</p>
-<p>I am Klaus Knopper. I have a master degree in electrical
-engineering, and is currently professor in information management at
-the university of applied sciences Kaiserslautern / Germany and
-freelance Open Source software developer and consultant.</p>
-
-<p>All of this is pretty much of the work I spend my days with. Apart
-from teaching, I'm also conducting some more or less experimental
-projects like the <a href="http://www.knoppix.org">Knoppix GNU/Linux live
-system</a> (Debian-based like Skolelinux),
-<a href="http://www.knopper.net/knoppix-adriane/index-en.html">ADRIANE</a>
-(a blind-friendly talking desktop system) and
-<a href="http://www.knopper.net/linbo/index-en.html">LINBO</a>
-(Linux-based network boot console, a fast remote install and repair
-system supporting various operating systems).</p>
+<p><blockquote><pre>
+#!/bin/sh
+set -e
+url="http://zeitstempel.dfn.de"
+caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt"
+reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
+resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
+cafile=chain.txt
+if [ ! -f $cafile ] ; then
+ wget -O $cafile "$caurl"
+fi
+openssl ts -query -data "$1" -cert | tee "$reqfile" \
+ | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile"
+openssl ts -reply -in "$resfile" -text 1>&2
+openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2
+base64 < "$resfile"
+rm "$reqfile" "$resfile"
+</pre></blockquote></p>
-<p><strong>How did you get in contact with the Skolelinux / Debian Edu
-project?</strong></p>
+<p>The argument to the script is the file to timestamp, and the output
+is a base64 encoded version of the signature to STDOUT and details
+about the signature to STDERR. Note that due to
+<a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553">a bug
+in the tsget script</a>, you might need to modify the included script
+and remove the last line. Or just write your own HTTP uploader using
+curl. :) Now you too can prove and verify that files have not been
+changed.</p>
+
+<p>But the Internet need more public trusted timestamp services.
+Perhaps something for <a href="http://www.uninett.no/">Uninett</a> or
+my work place the <a href="http://www.uio.no/">University of Oslo</a>
+to set up?</p>
+</description>
+ </item>
+
+ <item>
+ <title>Video DVD reader library / python-dvdvideo - nice free software</title>
+ <link>http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</guid>
+ <pubDate>Fri, 21 Mar 2014 15:25:00 +0100</pubDate>
+ <description><p>Keeping your DVD collection safe from scratches and curious
+children fingers while still having it available when you want to see a
+movie is not straight forward. My preferred method at the moment is
+to store a full copy of the ISO on a hard drive, and use VLC, Popcorn
+Hour or other useful players to view the resulting file. This way the
+subtitles and bonus material are still available and using the ISO is
+just like inserting the original DVD record in the DVD player.</p>
+
+<p>Earlier I used dd for taking security copies, but it do not handle
+DVDs giving read errors (which are quite a few of them). I've also
+tried using
+<a href="http://people.skolelinux.org/pere/blog/Ripping_problematic_DVDs_using_dvdbackup_and_genisoimage.html">dvdbackup
+and genisoimage</a>, but these days I use the marvellous python library
+and program
+<a href="http://bblank.thinkmo.de/blog/new-software-python-dvdvideo">python-dvdvideo</a>
+written by Bastian Blank. It is
+<a href="http://packages.qa.debian.org/p/python-dvdvideo.html">in Debian
+already</a> and the binary package name is python3-dvdvideo. Instead
+of trying to read every block from the DVD, it parses the file
+structure and figure out which block on the DVD is actually in used,
+and only read those blocks from the DVD. This work surprisingly well,
+and I have been able to almost backup my entire DVD collection using
+this method.</p>
+
+<p>So far, python-dvdvideo have failed on between 10 and
+20 DVDs, which is a small fraction of my collection. The most common
+problem is
+<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831">DVDs
+using UTF-16 instead of UTF-8 characters</a>, which according to
+Bastian is against the DVD specification (and seem to cause some
+players to fail too). A rarer problem is what seem to be inconsistent
+DVD structures, as the python library
+<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723079">claim
+there is a overlap between objects</a>. An equally rare problem claim
+<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741878">some
+value is out of range</a>. No idea what is going on there. I wish I
+knew enough about the DVD format to fix these, to ensure my movie
+collection will stay with me in the future.</p>
+
+<p>So, if you need to keep your DVDs safe, back them up using
+python-dvdvideo. :)</p>
+</description>
+ </item>
+
+ <item>
+ <title>Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene</title>
+ <link>http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html</guid>
+ <pubDate>Sun, 16 Mar 2014 09:30:00 +0100</pubDate>
+ <description><p>Det offentlige Norge har mye kunnskap og informasjon. Men hvordan
+kan en få tilgang til den på en enkel måte? Takket være et lite
+knippe lover og tilhørende forskrifter, blant annet
+<a href="http://lovdata.no/dokument/NL/lov/2006-05-19-16">offentlighetsloven</a>,
+<a href="http://lovdata.no/dokument/NL/lov/2003-05-09-31">miljøinformasjonsloven</a>
+og
+<a href="http://lovdata.no/dokument/NL/lov/1967-02-10/">forvaltningsloven</a>
+har en rett til å spørre det offentlige og få svar. Men det finnes
+intet offentlig arkiv over hva andre har spurt om, og dermed risikerer en
+å måtte forstyrre myndighetene gang på gang for å få tak i samme
+informasjonen på nytt. <a href="http://www.mysociety.org/">Britiske
+mySociety</a> har laget tjenesten
+<a href="http://www.whatdotheyknow.com/">WhatDoTheyKnow</a> som gjør
+noe med dette. I Storbritannia blir WhatdoTheyKnow brukt i
+<a href="http://www.mysociety.org/2011/07/01/whatdotheyknows-share-of-central-government-foi-requests-q2-2011/">ca
+15% av alle innsynsforespørsler mot sentraladministrasjonen</a>.
+Prosjektet heter <a href="http://www.alaveteli.org/">Alaveteli</A>, og
+er takk i bruk en rekke steder etter at løsningen ble generalisert og
+gjort mulig å oversette. Den hjelper borgerne med å be om innsyn,
+rådgir ved purringer og klager og lar alle se hvilke henvendelser som
+er sendt til det offentlige og hvilke svar som er kommet inn, i et
+søkpart arkiv. Her i Norge holder vi i foreningen NUUG på å få opp en
+norsk utgave av Alaveteli, og her trenger vi din hjelp med
+oversettelsen.</p>
+
+<p>Så langt er 76 % av Alaveteli oversatt til norsk bokmål, men vi
+skulle gjerne vært oppe i 100 % før lansering. Oversettelsen gjøres
+på <a href="https://www.transifex.com/projects/p/alaveteli/">Transifex,
+der enhver som registrerer seg</a> og ber om tilgang til
+bokmålsoversettelsen får bidra. Vi har satt opp en test av tjenesten
+(som ikke sender epost til det offentlige, kun til oss som holder på å
+sette opp tjenesten) på maskinen
+<a href="http://alaveteli-dev.nuug.no/">alaveteli-dev.nuug.no</a>, der
+en kan se hvordan de oversatte meldingen blir seende ut på nettsiden.
+Når tjenesten lanseres vil den hete
+<a href="https://www.mimesbrønn.no/">Mimes brønn</a>, etter
+visdomskilden som Odin måtte gi øyet sitt for å få drikke i. Den
+nettsiden er er ennå ikke klar til bruk.</p>
+
+<p>Hvis noen vil oversette til nynorsk også, så skal vi finne ut
+hvordan vi lager en flerspråklig tjeneste. Men i første omgang er
+fokus på bokmålsoversettelsen, der vi selv har nok peiling til å ha
+fått oversatt 76%, men trenger hjelp for å komme helt i mål. :)</p>
+</description>
+ </item>
+
+ <item>
+ <title>Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine</title>
+ <link>http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</guid>
+ <pubDate>Fri, 14 Mar 2014 11:00:00 +0100</pubDate>
+ <description><p>The <a href="https://wiki.debian.org/FreedomBox">Freedombox
+project</a> is working on providing the software and hardware for
+making it easy for non-technical people to host their data and
+communication at home, and being able to communicate with their
+friends and family encrypted and away from prying eyes. It has been
+going on for a while, and is slowly progressing towards a new test
+release (0.2).</p>
+
+<p>And what day could be better than the Pi day to announce that the
+new version will provide "hard drive" / SD card / USB stick images for
+Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization
+system), and can also be installed using a Debian installer preseed
+file. The Debian based Freedombox is now based on Debian Jessie,
+where most of the needed packages used are already present. Only one,
+the freedombox-setup package, is missing. To try to build your own
+boot image to test the current status, fetch the freedom-maker scripts
+and build using
+<a href="http://packages.qa.debian.org/vmdebootstrap">vmdebootstrap</a>
+with a user with sudo access to become root:
+
+<pre>
+git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
+ freedom-maker
+sudo apt-get install git vmdebootstrap mercurial python-docutils \
+ mktorrent extlinux virtualbox qemu-user-static binfmt-support \
+ u-boot-tools
+make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
+</pre>
+
+<p>Root access is needed to run debootstrap and mount loopback
+devices. See the README for more details on the build. If you do not
+want all three images, trim the make line. But note that thanks to <a
+href="https://bugs.debian.org/741407">a race condition in
+vmdebootstrap</a>, the build might fail without the patch to the
+kpartx call.</p>
+
+<p>If you instead want to install using a Debian CD and the preseed
+method, boot a Debian Wheezy ISO and use this boot argument to load
+the preseed values:</p>
+
+<pre>
+url=<a href="http://www.reinholdtsen.name/freedombox/preseed-jessie.dat">http://www.reinholdtsen.name/freedombox/preseed-jessie.dat</a>
+</pre>
+
+<p>But note that due to <a href="https://bugs.debian.org/740673">a
+recently introduced bug in apt in Jessie</a>, the installer will
+currently hang while setting up APT sources. Killing the
+'<tt>apt-cdrom ident</tt>' process when it hang a few times during the
+installation will get the installation going. This affect all
+installations in Jessie, and I expect it will be fixed soon.</p>
+
+<p>Give it a go and let us know how it goes on the mailing list, and help
+us get the new release published. :) Please join us on
+<a href="irc://irc.debian.org:6667/%23freedombox">IRC (#freedombox on
+irc.debian.org)</a> and
+<a href="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the
+mailing list</a> if you want to help make this vision come true.</p>
+</description>
+ </item>
+
+ <item>
+ <title>How to add extra storage servers in Debian Edu / Skolelinux</title>
+ <link>http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</guid>
+ <pubDate>Wed, 12 Mar 2014 12:50:00 +0100</pubDate>
+ <description><p>On larger sites, it is useful to use a dedicated storage server for
+storing user home directories and data. The design for handling this
+in <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a>, is
+to update the automount rules in LDAP and let the automount daemon on
+the clients take care of the rest. I was reminded about the need to
+document this better when one of the customers of
+<a href="http://www.slxdrift.no/">Skolelinux Drift AS</a>, where I am
+on the board of directors, asked about how to do this. The steps to
+get this working are the following:</p>
-<p>The credit for this have to go to Kurt Gramlich, who is the German
-coordinator for Skolelinux. We were looking for an all-in-one open
-source community-supported distribution for schools, and Kurt
-introduced us to Skolelinux for this purpose.</p>
+<p><ol>
-<p><strong>What do you see as the advantages of Skolelinux / Debian
-Edu?</strong></p>
+<li>Add new storage server in DNS. I use nas-server.intern as the
+example host here.</li>
-<ul>
- <li>Quick installation,</li>
- <li>works (almost) out of the box,</li>
- <li>contains many useful software packages for teaching and learning,</li>
- <li>is a purely community-based distro and not controlled by a
- single company,</li>
- <li>has a large number of supporters and teachers who share their
- experience and problem solutions.</li>
-</ul>
+<li>Add automoun LDAP information about this server in LDAP, to allow
+all clients to automatically mount it on reqeust.</li>
-<p><strong>What do you see as the disadvantages of Skolelinux / Debian
-Edu?</strong></p>
+<li>Add the relevant entries in tjener.intern:/etc/fstab, because
+tjener.intern do not use automount to avoid mounting loops.</li>
-<ul>
- <li>Skolelinux is - as we had to learn - not easily upgradable to
- the next version. Opposed to its genuine Debian base, upgrading to
- a new version means a full new installation from scratch to get it
- working again reliably.
-
- <li>Skolelinux is based on Debian/stable, and therefore always a
- little outdated in terms of program versions compared to Edubuntu or
- similar educational Linux distros, which rather use Debian/testing
- as their base.
-
- <li>Skolelinux has some very self-opinionated and stubborn default
- configuration which in my opinion adds unnecessary complexity and is
- not always suitable for a schools needs, the preset network
- configuration is actually a core definition feature of Skolelinux
- and not easy to change, so schools sometimes have to change their
- network configuration to make it "Skolelinux-compatible".
-
- <li>Some proposed extensions, which were made available as
- contribution, like secure examination mode and lecture material
- distribution and collection, were not accepted into the mainline
- Skolelinux development and are now not easy to maintain in the
- future because of Skolelinux somewhat undeterministic update
- schemes.</li>
-
- <li>Skolelinux has only a very tiny number of base developers
- compared to Debian.</li>
+</ol></p>
-</ul>
+<p>DNS entries are added in GOsa², and not described here. Follow the
+<a href="https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted">instructions
+in the manual</a> (Machine Management with GOsa² in section Getting
+started).</p>
-<p>For these reasons and experience from our project, I would now
-rather consider using plain Debian for schools next time, until
-Skolelinux is more closely integrated into Debian and becomes
-upgradeable without reinstallation.</p>
+<p>Ensure that the NFS export points on the server are exported to the
+relevant subnets or machines:</p>
-<p><strong>Which free software do you use daily?</strong></p>
+<p><blockquote><pre>
+root@tjener:~# showmount -e nas-server
+Export list for nas-server:
+/storage 10.0.0.0/8
+root@tjener:~#
+</pre></blockquote></p>
-<p>GNU/Linux with LXDE desktop, bash for interactive dialog and
-programming, texlive for documentation and correspondence,
-occasionally LibreOffice for document format conversion. Various
-programming languages for teaching.</p>
+<p>Here everything on the backbone network is granted access to the
+/storage export. With NFSv3 it is slightly better to limit it to
+netgroup membership or single IP addresses to have some limits on the
+NFS access.</p>
-<p><strong>Which strategy do you believe is the right one to use to
-get schools to use free software?</strong></p>
+<p>The next step is to update LDAP. This can not be done using GOsa²,
+because it lack a module for automount. Instead, use ldapvi and add
+the required LDAP objects using an editor.</p>
-<p>Strong arguments are</p>
+<p><blockquote><pre>
+ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no
+</pre></blockquote></p>
-<ul>
+<p>When the editor show up, add the following LDAP objects at the
+bottom of the document. The "/&" part in the last LDAP object is a
+wild card matching everything the nas-server exports, removing the
+need to list individual mount points in LDAP.</p>
- <li>Knowledge is free, and so should be methods and tools for
- teaching and learning.</li>
+<p><blockquote><pre>
+add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: nas-server
+automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
- <li>Students can learn with and use the same software at school, at
- home, and at their working place without running into license or
- conversion problems.</li>
+add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: automountMap
+ou: auto.nas-server
- <li>Closed source or proprietary software hides knowledge rather
- than exposing it, and proprietary software vendors try to bind
- customers to certain products. But teachers need to teach
- science, not products.</li>
+add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: /
+automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
+</pre></blockquote></p>
- <li>If you have everything you for daily work as open source, what
- would you need proprietary software for?</li>
+<p>The last step to remember is to mount the relevant mount points in
+tjener.intern by adding them to /etc/fstab, creating the mount
+directories using mkdir and running "mount -a" to mount them.</p>
-</ul>
+<p>When this is done, your users should be able to access the files on
+the storage server directly by just visiting the
+/tjener/nas-server/storage/ directory using any application on any
+workstation, LTSP client or LTSP server.</p>
</description>
</item>
projects / homepage.git / blobdiff