X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/077386f9640db7ba0e157f7af2d1d1de94e4b1ce..1a61a65f98e142155ea20c7a346739b629d5511f:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 355085233a..bb3cd1213b 100644 --- a/blog/index.html +++ b/blog/index.html @@ -19,6 +19,600 @@ +
+
Recipe to test the Freedombox project on amd64 or Raspberry Pi
+
10th September 2013
+

I was introduced to the +Freedombox project +in 2010, when Eben Moglen presented his vision about serving the need +of non-technical people to keep their personal information private and +within the legal protection of their own homes. The idea is to give +people back the power over their network and machines, and return +Internet back to its intended peer-to-peer architecture. Instead of +depending on a central service, the Freedombox will give everyone +control over their own basic infrastructure.

+ +

I've intended to join the effort since then, but other tasks have +taken priority. But this summers nasty news about the misuse of trust +and privilege exercised by the "western" intelligence gathering +communities increased my eagerness to contribute to a point where I +actually started working on the project a while back.

+ +

The initial +Debian initiative based on the vision from Eben Moglen, is to +create a simple and cheap Debian based appliance that anyone can hook +up in their home and get access to secure and private services and +communication. The initial deployment platform have been the +Dreamplug, +which is a piece of hardware I do not own. So to be able to test what +the current Freedombox setup, I had to come up with a way to install +it on some hardware I do got access to. I have rewritten the +freedom-maker +image build framework to use .deb packages instead of only copying +setup into the boot images, and thanks to this rewrite I am able to +set up any machine supported by Debian Wheezy as a Freedombox, using +the previously mentioned deb (and a few support debs for packages +missing in Debian).

+ +

The current Freedombox setup consist of a set of bootstrapping +scripts +(freedombox-setup), +and a administrative web interface +(plinth + exmachina + +withsqlite), as well as a privacy enhancing proxy based on +privoxy +(freedombox-privoxy). There is also a web/javascript based XMPP +client (jwchat) +trying (unsuccessfully so far) to talk to the XMPP server +(ejabberd). The +web interface is pluggable, and the goal is to use it to enable OpenID +services, mesh network connectivity, use of TOR, etc, etc. Not much of +this is really working yet, see +the +project TODO for links to GIT repositories. Most of the code is +on github at the moment. The HTTP proxy is operational out of the +box, and the admin web interface can be used to add/remove plinth +users. I've not been able to do anything else with it so far, but +know there are several branches spread around github and other places +with lots of half baked features.

+ +

Anyway, if you want to have a look at the current stat, the +following recipes should work to give you a test machine to poke +at.

+ +

Debian Wheezy amd64

+ +
    + +
  1. Fetch normal Debian Wheezy installation ISO.
    2. +
  2. Boot from it, either as CD or USB stick.
    3. +

  3. Press [tab] on the boot prompt and add this as a boot argument +to the Debian installer:

    +

    url=http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat
    4. + +
  4. Answer the few language/region/password questions and pick disk to +install on.
    5. + +
  5. When the installation is finished and the machine have rebooted a +few times, your Freedombox is ready for testing.
    6. + +
+ +

Raspberry Pi Raspbian

+ +
    + +
  1. Fetch a Raspbian SD card image, create SD card.
    2. +
  2. Boot from SD card, extend file system to fill the card completely.
    3. +

  3. Log in and add this to /etc/sources.list:

    +
    +deb http://www.reinholdtsen.name/freedombox wheezy main
+
    4. +

  4. Run this as root:

    +
    +wget -O - http://www.reinholdtsen.name/freedombox/BE1A583D.asc | \
+   apt-key add -
+apt-get update
+apt-get install freedombox-setup
+/usr/lib/freedombox/setup
+
    5. +
  5. Reboot into your freshly created Freedombox.
    6. + +
+ +

You can test it on other architectures too, but because the +freedombox-privoxy package is binary, it will only work as intended on +the architectures where I have had time to build the binary and put it +in my APT repository. But do not let this stop you. It is only a +short "apt-get source -b freedombox-privoxy" away. :)

+ +

Note that by default Freedombox is a DHCP server on the +192.168.1.0/24 subnet, so if this is your subnet be careful and turn +off the DHCP server by running "update-rc.d isc-dhcp-server +disable" as root.

+ +

Please let me know if this work for you, or if you have any +problems. We gather on the IRC channel +#freedombox on +irc.debian.org and the +project +mailing list.

+ +

Once you get your freedombox operational, you can visit +http://your-host-name:8001/ to see the state of the plint +welcome screen (dead end - do not be surprised if you are unable to +get past it), and next visit http://your-host-name:8001/help/ +to look at the rest of plinth. The default user is 'admin' and the +default password is 'secret'.

+
+
+ + + Tags: debian, english, freedombox, sikkerhet, surveillance, web. + + +
+
+
+ +
+
Datalagringsdirektivet gjør at Oslo Høyre og Arbeiderparti ikke får min stemme i år
+
8th September 2013
+

I 2011 raderte et stortingsflertall bestående av Høyre og +Arbeiderpartiet vekk en betydelig del av privatsfæren til det norske +folk. Det ble vedtatt at det skulle registreres og lagres i et halvt +år hvor alle som bærer på en mobiltelefon befinner seg, hvem de +snakker med og hvor lenge de snakket sammen. Det skal også +registreres hvem de sendte SMS-meldinger til, hvem en har sendt epost +til, og hvilke nett-tjenere en besøkte. Saken er kjent som +Datalagringsdirektivet +(DLD), og innebærer at alle innbyggerne og andre innenfor Norges +grenser overvåkes døgnet rundt. Det ble i praksis innført brev og +besøkskontroll av hele befolkningen. Rapporter fra de landene som +allerede har innført slik total lagring av borgernes +kommunikasjonsmønstre forteller at det ikke hjelper i +kriminalitetsbekjempelsen. Den norske prislappen blir mange hundre +millioner, uten at det ser ut til å bidra positivt til politiets +arbeide. Jeg synes flere hundre millioner i stedet burde vært brukt +på noe som kan dokumenteres å ha effekt i kriminalitetsbekjempelsen. +Se mer på +Wikipedia +og Jon Wessel-Aas.

+ +

Hva er problemet, tenkter du kanskje? Et åpenbart problem er at +medienes kildevern i praksis blir radert ut. Den innsamlede +informasjonen gjør det mulig å finne ut hvem som har snakket med +journalister på telefon, SMS og epost, og hvem som har vært i nærheten +av journalister så sant begge bar med seg en telefon. Et annet er at +advokatvernet blir sterkt redusert, der politiet kan finne ut hvem +som har snakket med en advokat når, eller vært i møter en med advokat. +Et tredje er at svært personlig informasjon kan avledes fra hvilke +nettsteder en har besøkt. Har en besøkt hivnorge.no, +swingersnorge.com eller andre sider som kan brukes til avlede +interesser som hører til privatsfæren, vil denne informasjonen være +tilgjengelig takket være datalagringsdirektivet.

+ +

De fleste partiene var mot, kun to partier stemte for. Høyre og +Arbeiderpartiet. Og både Høyre og Arbeiderpartiet i Oslo har +DLD-forkjempere på toppen av sine lister (har ikke sjekket de andre +fylkene). Det er dermed helt uaktuelt for meg å stemme på disse +partiene. Her er oversikten over partienes valglister i Oslo, med +informasjon om hvem som stemte hva i første DLD-votering i Stortinget, +basert på informasjon fra mine venner i +Holder de +Ord samt data.stortinget.no. +Først ut er stortingslista fra Høyre for Oslo:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
#Navn, fødselsår og valgkretsStemme/kommentar
1.Ine Marie Eriksen Søreide (1976), Gamle OsloStemte for DLD
2.Nikolai Astrup (1978), FrognerStemte mot DLD
3.Michael Tetzschner (1954), Vestre AkerStemte mot DLD
4.Kristin Vinje (1963), Nordre AkerIkke til stede
5.Mudassar Hussain Kapur (1976), NordstrandIkke til stede
6.Stefan Magnus B. Heggelund (1984), GrünerløkkaIkke til stede
7.Heidi Nordby Lunde (1973), GrünerløkkaIkke til stede
8.Frode Helgerud (1950), FrognerIkke til stede
9.Afshan Rafiq (1975), StovnerIkke til stede
10.Astrid Nøklebye Heiberg (1936), FrognerIkke til stede
11.Camilla Strandskog (1984) St.HanshaugenIkke til stede
12.John Christian Elden (1967), UllernIkke til stede
13.Berit Solli (1972), AlnaIkke til stede
14.Ola Kvisgaard (1963), FrognerIkke til stede
15.James Stove Lorentzen (1957), Vestre AkerIkke til stede
16.Gülsüm Koc (1987), StovnerIkke til stede
17.Jon Ole Whist (1976), GrünerløkkaIkke til stede
18.Maren Eline Malthe-Sørenssen (1971), Vestre AkerIkke til stede
19.Ståle Hagen (1968), Søndre NordstrandIkke til stede
20.Kjell Omdal Erichsen (1978), SageneIkke til stede
21.Saida R. Begum (1987), GrünerløkkaIkke til stede
22.Torkel Brekke (1970), Nordre AkerIkke til stede
23.Sverre K. Seeberg (1950), Vestre AkerIkke til stede
24.Julie Margrethe Brodtkorb (1974), UllernIkke til stede
25.Fabian Stang (1955), FrognerIkke til stede
+ +

Deretter har vi stortingslista fra Arbeiderpartiet for Oslo:

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
#Navn, fødselsår og valgkretsStemme/kommentar
1.Jens Stoltenberg (1959), FrognerIkke til stede i Stortinget, leder av regjeringen som fremmet forslaget
2.Hadia Tajik (1983), GrünerløkkaStemte for DLD
3.Jonas Gahr Støre (1960), Vestre AkerIkke til stede i Stortinget, medlem av regjeringen som fremmet forslaget
4.Marianne Marthinsen (1980), GrünerløkkaStemte for DLD
5.Jan Bøhler (1952), AlnaStemte for DLD
6.Marit Nybakk (1947), FrognerStemte for DLD
7.Truls Wickholm (1978), SageneStemte for DLD
8.Prableen Kaur (1993), GrorudIkke til stede
9.Vegard Grøslie Wennesland (1983), St.HanshaugenIkke til stede
10.Inger Helene Vaaten (1975), GrorudIkke til stede
11.Ivar Leveraas (1939), AlnaIkke til stede
12.Grete Haugdal (1971), Gamle OsloIkke til stede
13.Olav Tønsberg (1948), AlnaIkke til stede
14.Khamshajiny Gunaratnam (1988), GrorudIkke til stede
15.Fredrik Mellem (1969), SageneIkke til stede
16.Brit Axelsen (1945), StovnerIkke til stede
17.Dag Bayegan-Harlem (1977), UllernIkke til stede
18.Kristin Sandaker (1963), ØsteinsjøIkke til stede
19.Bashe Musse (1965), GrünerløkkaIkke til stede
20.Torunn Kanutte Husvik (1983), St. HanshaugenIkke til stede
21.Steinar Andersen (1947), NordstrandIkke til stede
22.Anne Cathrine Berger (1972), SageneIkke til stede
23.Khalid Mahmood (1959), ØstensjøIkke til stede
24.Munir Jaber (1990), AlnaIkke til stede
25.Libe Solberg Rieber-Mohn (1965), FrognerIkke til stede
+ +

Hvilket parti får så min stemme i år. Jeg tror det blir +Piratpartiet. Hvis de kan bidra +til at det kommer noen inn på Stortinget med teknisk peiling, så får +kanskje ikke overvåkningsgalskapen like fritt spillerom som det har +hatt så langt.

+ +
+
+ + + Tags: norsk, personvern, stortinget, surveillance, valg. + + +
+
+
+ +
+
Second beta release (beta 1) of Debian Edu/Skolelinux based on Debian Wheezy
+
22nd August 2013
+

The second wheezy based beta release of Debian Edu was wrapped up +today, slightly delayed because of some bugs in the initial Windows +integration fixes . This is the release announcement:

+ +

New features for Debian Edu 7.1+edu0~b1 released 2013-08-22

+ +

These are the release notes for Debian Edu / Skolelinux +7.1+edu0~b1, based on Debian with codename "Wheezy".

+ +

About Debian Edu and Skolelinux

+ +

Debian Edu, also known as +Skolelinux, is a Linux distribution based on Debian providing an +out-of-the box environment of a completely configured school +network. Immediately after installation a school server running all +services needed for a school network is set up just waiting for users +and machines being added via GOsa², a comfortable Web-UI. A netbooting +environment is prepared using PXE, so after initial installation of +the main server from CD or USB stick all other machines can be +installed via the network. The provided school server provides LDAP +database and Kerberos authentication service, centralized home +directories, DHCP server, web proxy and many other services. The +desktop contains +more +than 60 educational software packages and more are available from +the Debian archive, and schools can choose between KDE, Gnome, LXDE +and Xfce desktop environment.

+ +

This is the sixth test release based on Debian Wheezy. Basically this +is an updated and slightly improved version compared to the Squeeze +release.

+ +

ALERT: Alpha based installations should reinstall or downgrade the +versions of gosa and libpam-mklocaluser to the ones used in this beta +release. Both alpha and beta0 based installations should reinstall or +deal with gosa.conf manually; there are two options: (1) Keep +gosa.conf and edit this file as outlined +on +the mailing list. (2) Accept the new version of gosa.conf and +replace both contained admin password placeholders with the password +hashes found in the old one (backup copy!). In both cases every user +need to change their their password to make sure a password is set for +CIFS access to their home directory.

+ +

Software updates

+ + + +

Other changes

+ + + +

Known issues

+ + + +

Where to get it

+ +

To download the multiarch netinstall CD release you can use

+ + + +

The MD5SUM of this image is: 1e357f80b55e703523f2254adde6d78b +
The SHA1SUM of this image is: 7157f9be5fd27c7694d713c6ecfed61c3edda3b2

+ +

To download the multiarch USB stick ISO release you can use

+ + + +

The MD5SUM of this image is: 7a8408ead59cf7e3cef25afb6e91590b +
The SHA1SUM of this image is: f1817c031f02790d5edb3bfa0dcf8451088ad119

+ + +

How to report bugs

+ +

http://wiki.debian.org/DebianEdu/HowTo/ReportBugs +

+
+ + + Tags: debian edu, english. + + +
+
+
+ +
+
Intel 180 SSD disk with Lenovo firmware can not use Intel firmware
+
18th August 2013
+

Earlier, I reported about +my +problems using an Intel SSD 520 Series 180 GB disk. Friday I was +told by IBM that the original disk should be thrown away. And as +there no longer was a problem if I bricked the firmware, I decided +today to try to install Intel firmware to replace the Lenovo firmware +currently on the disk.

+ +

I searched the Intel site for firmware, and found +issdfut_2.0.4.iso +(aka Intel SATA Solid-State Drive Firmware Update Tool) which +according to the site should contain the latest firmware for SSD +disks. I inserted the broken disk in one of my spare laptops and +booted the ISO from a USB stick. The disk was recognized, but the +program claimed the newest firmware already were installed and refused +to insert any Intel firmware. So no change, and the disk is still +unable to handle write load. :( I guess the only way to get them +working would be if Lenovo releases new firmware. No idea how likely +that is. Anyway, just blogging about this test for completeness. I +got a working Samsung disk, and see no point in spending more time on +the broken disks.

+
+
+ + + Tags: debian, english. + + +
+
+
+
90 percent done with the Norwegian draft translation of Free Culture
2nd August 2013
@@ -490,284 +1084,6 @@ fixed. :)

-
-
The Thinkpad is dead, long live the Thinkpad X230
-
4th July 2013
-

Half a year ago, I reported that I had to find a replacement for my -trusty old Thinkpad X41. Unfortunately I did not have much time to -spend on it, but today the replacement finally arrived. I ended up -picking a Thinkpad -X230 with SSD disk (NZDAJMN). I first test installed Debian Edu -Wheezy as a roaming workstation, and it worked flawlessly. As I write -this, it is installing what I hope will be a more final installation, -with a encrypted hard drive to ensure any dope head stealing it end up -with an expencive door stop.

- -

I had a hard time trying to track down a good laptop, as my most -important requirements (robust and with a good keyboard) are never -listed in the feature list. But I did get good help from the search -feature at Prisjakt, which -allowed me to limit the list of interesting laptops based on my other -requirements. A bit surprising that SSD disk are not disks, so I had -to drop number of disks from my search parameters.

- -

I am not quite convinced about the keyboard, as it is significantly -wider than my old keyboard, and I have to stretch my hand a lot more -to reach the edges. But the key response is fairly good and the -individual key shape is fairly easy to handle, so I hope I will get -used to it. My old X40 was starting to fail, and I really needed a -new laptop now. :)

- -

I look forward to figuring out how to turn off the touch pad.

-
-
- - - Tags: debian, english. - - -
-
-
- -
-
Fourth alpha release of Debian Edu/Skolelinux based on Debian Wheezy
-
3rd July 2013
-

The fourth wheezy based alpha release of Debian Edu was wrapped up -today. This is the release announcement:

- -

New features for Debian Edu 7.1+edu0~alpha3 released -2013-07-03

- -

These are the release notes for for Debian Edu / Skolelinux -7.1+edu0~alpha3, based on Debian with codename "Wheezy".

- -

About Debian Edu and Skolelinux

- -

Debian Edu, also known as -Skolelinux, is a Linux distribution based on Debian providing an -out-of-the box environment of a completely configured school -network. Immediately after installation a school server running all -services needed for a school network is set up just waiting for users -and machines being added via GOsa², a comfortable Web-UI. A netbooting -environment is prepared using PXE, so after initial installation of -the main server from CD, DVD or USB stick all other machines can be -installed via the network. The provided school server provides LDAP -database and Kerberos authentication service, centralized home -directories, DHCP server, web proxy and many other services. The -desktop contains -more -than 60 educational software packages and more are available from -the Debian archive, and schools can choose between KDE, Gnome, LXDE -and Xfce desktop environment.

- -

This is the fourth test release based on Debian Wheezy. Basically -this is an updated and slightly improved version compared to the -Squeeze release.

- -

Software updates

- -

Other changes

- -

Known issues

- -

Where to get it

- -

To download the multiarch netinstall CD release you can use

- - -

The MD5SUM of this image is: 2b161a99d2a848c376d8d04e3854e30c -
The SHA1SUM of this image is: 498922e9c508c0a7ee9dbe1dfe5bf830d779c3c8

- -

To download the multiarch USB stick ISO release you can use

- - -

The MD5SUM of this image is: 25e808e403a4c15dbef1d13c37d572ac -
The SHA1SUM of this image is: 15ecfc93eb6b4f453b7eb0bc04b6a279262d9721

- -

How to report bugs

- -

http://wiki.debian.org/DebianEdu/HowTo/ReportBugs

-
-
- - - Tags: debian edu, english. - - -
-
-
- -
-
Automatically locate and install required firmware packages on Debian (Isenkram 0.4)
-
25th June 2013
-

It annoys me when the computer fail to do automatically what it is -perfectly capable of, and I have to do it manually to get things -working. One such task is to find out what firmware packages are -needed to get the hardware on my computer working. Most often this -affect the wifi card, but some times it even affect the RAID -controller or the ethernet card. Today I pushed version 0.4 of the -Isenkram package -including a new script isenkram-autoinstall-firmware handling the -process of asking all the loaded kernel modules what firmware files -they want, find debian packages providing these files and install the -debian packages. Here is a test run on my laptop:

- -

-# isenkram-autoinstall-firmware 
-info: kernel drivers requested extra firmware: ipw2200-bss.fw ipw2200-ibss.fw ipw2200-sniffer.fw
-info: fetching http://http.debian.net/debian/dists/squeeze/Contents-i386.gz
-info: locating packages with the requested firmware files
-info: Updating APT sources after adding non-free APT source
-info: trying to install firmware-ipw2x00
-firmware-ipw2x00
-firmware-ipw2x00
-Preconfiguring packages ...
-Selecting previously deselected package firmware-ipw2x00.
-(Reading database ... 259727 files and directories currently installed.)
-Unpacking firmware-ipw2x00 (from .../firmware-ipw2x00_0.28+squeeze1_all.deb) ...
-Setting up firmware-ipw2x00 (0.28+squeeze1) ...
-# 
-

- -

When all the requested firmware is present, a simple message is -printed instead:

- -

-# isenkram-autoinstall-firmware 
-info: did not find any firmware files requested by loaded kernel modules.  exiting
-# 
-

- -

It could use some polish, but it is already working well and saving -me some time when setting up new machines. :)

- -

So, how does it work? It look at the set of currently loaded -kernel modules, and look up each one of them using modinfo, to find -the firmware files listed in the module meta-information. Next, it -download the Contents file from a nearby APT mirror, and search for -the firmware files in this file to locate the package with the -requested firmware file. If the package is in the non-free section, a -non-free APT source is added and the package is installed using -apt-get install. The end result is a slightly better working -machine.

- -

I hope someone find time to implement a more polished version of -this script as part of the hw-detect debian-installer module, to -finally fix BTS report -#655507. There really is no need to insert USB sticks with -firmware during a PXE install when the packages already are available -from the nearby Debian mirror.

-
-
- - - Tags: debian, english, isenkram. - - -
-
-
- -
-
The value of a good distro wide test suite...
-
22nd June 2013
-

In the Debian Edu / -Skolelinux project, we include a post-installation test suite, -which check that services are running, working, and return the -expected results. It runs automatically just after the first boot on -test installations (using test ISOs), but not on production -installations (using non-test ISOs). It test that the LDAP service is -operating, Kerberos is responding, DNS is replying, file systems are -online resizable, etc, etc. And it check that the PXE service is -configured, which is the topic of this post.

- -

The last week I've fixed the DVD and USB stick ISOs for our Debian -Edu Wheezy release. These ISOs are supposed to be able to install a -complete system without any Internet connection, but for that to -happen all the needed packages need to be on them. Thanks to our test -suite, I discovered that we had forgotten to adjust our PXE setup to -cope with the new names and paths used by the netboot d-i packages. -When Internet connectivity was available, the installer fall back to -using wget to fetch d-i boot images, but when offline it require -working packages to get it working. And the packages changed name -from debian-installer-6.0-netboot-$arch to -debian-installer-7.0-netboot-$arch, we no longer pulled in the -packages during installation. Without our test suite, I suspect we -would never have discovered this before release. Now it is fixed -right after we got the ISOs operational.

- -

Another by-product of the test suite is that we can ask system -administrators with problems getting Debian Edu to work, to run the -test suite using /usr/sbin/debian-edu-test-install and see if -any errors are detected. This usually pinpoint the subsystem causing -the problem.

- -

If you want to help us help kids learn how to share and create, -please join us on -#debian-edu on -irc.debian.org and the -debian-edu@ mailing -list.

-
-
- - - Tags: debian edu, english. - - -
-
-
-

RSS feed