Recipe to test the Freedombox project on amd64 or Raspberry Pi

10th September 2013

I was introduced to the -Freedombox project -in 2010, when Eben Moglen presented his vision about serving the need -of non-technical people to keep their personal information private and -within the legal protection of their own homes. The idea is to give -people back the power over their network and machines, and return -Internet back to its intended peer-to-peer architecture. Instead of -depending on a central service, the Freedombox will give everyone -control over their own basic infrastructure.

- -

I've intended to join the effort since then, but other tasks have -taken priority. But this summers nasty news about the misuse of trust -and privilege exercised by the "western" intelligence gathering -communities increased my eagerness to contribute to a point where I -actually started working on the project a while back.

- -

The initial -Debian initiative based on the vision from Eben Moglen, is to -create a simple and cheap Debian based appliance that anyone can hook -up in their home and get access to secure and private services and -communication. The initial deployment platform have been the -Dreamplug, -which is a piece of hardware I do not own. So to be able to test what -the current Freedombox setup, I had to come up with a way to install -it on some hardware I do got access to. I have rewritten the -freedom-maker -image build framework to use .deb packages instead of only copying -setup into the boot images, and thanks to this rewrite I am able to -set up any machine supported by Debian Wheezy as a Freedombox, using -the previously mentioned deb (and a few support debs for packages -missing in Debian).

- -

The current Freedombox setup consist of a set of bootstrapping -scripts -(freedombox-setup), -and a administrative web interface -(plinth + exmachina + -withsqlite), as well as a privacy enhancing proxy based on -privoxy -(freedombox-privoxy). There is also a web/javascript based XMPP -client (jwchat) -trying (unsuccessfully so far) to talk to the XMPP server -(ejabberd). The -web interface is pluggable, and the goal is to use it to enable OpenID -services, mesh network connectivity, use of TOR, etc, etc. Not much of -this is really working yet, see -the -project TODO for links to GIT repositories. Most of the code is -on github at the moment. The HTTP proxy is operational out of the -box, and the admin web interface can be used to add/remove plinth -users. I've not been able to do anything else with it so far, but -know there are several branches spread around github and other places -with lots of half baked features.

- -

Anyway, if you want to have a look at the current stat, the -following recipes should work to give you a test machine to poke -at.

- -

Debian Wheezy amd64

- -

Fetch normal Debian Wheezy installation ISO.
Boot from it, either as CD or USB stick.
Press [tab] on the boot prompt and add this as a boot argument -to the Debian installer:
-
```
url=http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat
```
Answer the few language/region/password questions and pick disk to -install on.
When the installation is finished and the machine have rebooted a -few times, your Freedombox is ready for testing.

- -

Raspberry Pi Raspbian

- -

Fetch a Raspbian SD card image, create SD card.
Boot from SD card, extend file system to fill the card completely.
Log in and add this to /etc/sources.list:
+
Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine
+
14th March 2014
+
The Freedombox +project is working on providing the software and hardware for +making it easy for non-technical people to host their data and +communication at home, and being able to communicate with their +friends and family encrypted and away from prying eyes. It has been +going on for a while, and is slowly progressing towards a new test +release (0.2).
+ +
And what day could be better than the Pi day to announce that the +new version will provide "hard drive" / SD card / USB stick images for +Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization +system), and can also be installed using a Debian installer preseed +file. The Debian based Freedombox is now based on Debian Jessie, +where most of the needed packages used are already present. Only one, +the freedombox-setup package, is missing. To try to build your own +boot image to test the current status, fetch the freedom-maker scripts +and build using +vmdebootstrap +with a user with sudo access to become root: +
```
-deb http://www.reinholdtsen.name/freedombox wheezy main
-
```
Run this as root:
+git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \ + freedom-maker +sudo apt-get install git vmdebootstrap mercurial python-docutils \ + mktorrent extlinux virtualbox qemu-user-static binfmt-support \ + u-boot-tools +make -C freedom-maker dreamplug-image raspberry-image virtualbox-image + + +
Root access is needed to run debootstrap and mount loopback +devices. See the README for more details on the build. If you do not +want all three images, trim the make line. But note that thanks to a race condition in +vmdebootstrap, the build might fail without the patch to the +kpartx call.
+ +
If you instead want to install using a Debian CD and the preseed +method, boot a Debian Wheezy ISO and use this boot argument to load +the preseed values:
+
```
-wget -O - http://www.reinholdtsen.name/freedombox/BE1A583D.asc | \
-   apt-key add -
-apt-get update
-apt-get install freedombox-setup
-/usr/lib/freedombox/setup
-
```
Reboot into your freshly created Freedombox.

- -

You can test it on other architectures too, but because the -freedombox-privoxy package is binary, it will only work as intended on -the architectures where I have had time to build the binary and put it -in my APT repository. But do not let this stop you. It is only a -short "apt-get source -b freedombox-privoxy" away. :)

- -

Note that by default Freedombox is a DHCP server on the -192.168.1.0/24 subnet, so if this is your subnet be careful and turn -off the DHCP server by running "update-rc.d isc-dhcp-server -disable" as root.

- -

Please let me know if this work for you, or if you have any -problems. We gather on the IRC channel -#freedombox on -irc.debian.org and the -project -mailing list.

- -

Once you get your freedombox operational, you can visit -http://your-host-name:8001/ to see the state of the plint -welcome screen (dead end - do not be surprised if you are unable to -get past it), and next visit http://your-host-name:8001/help/ -to look at the rest of plinth. The default user is 'admin' and the -default password is 'secret'.

+url=http://www.reinholdtsen.name/freedombox/preseed-jessie.dat + + +

But note that due to a +recently introduced bug in apt in Jessie, the installer will +currently hang while setting up APT sources. Killing the +'apt-cdrom ident' process when it hang a few times during the +installation will get the installation going. This affect all +installations in Jessie, and I expect it will be fixed soon.

+ +Give it a go and let us know how it goes on the mailing list, and help +us get the new release published. :) Please join us on +IRC (#freedombox on +irc.debian.org) and +the +mailing list if you want to help make this vision come true.

@@ -156,283 +91,192 @@ default password is 'secret'.

Datalagringsdirektivet gjÃ¸r at Oslo HÃ¸yre og Arbeiderparti ikke fÃ¥r min stemme i Ã¥r

8th September 2013

I 2011 raderte et stortingsflertall bestÃ¥ende av HÃ¸yre og -Arbeiderpartiet vekk en betydelig del av privatsfÃ¦ren til det norske -folk. Det ble vedtatt at det skulle registreres og lagres i et halvt -Ã¥r hvor alle som bÃ¦rer pÃ¥ en mobiltelefon befinner seg, hvem de -snakker med og hvor lenge de snakket sammen. Det skal ogsÃ¥ -registreres hvem de sendte SMS-meldinger til, hvem en har sendt epost -til, og hvilke nett-tjenere en besÃ¸kte. Saken er kjent som -Datalagringsdirektivet -(DLD), og innebÃ¦rer at alle innbyggerne og andre innenfor Norges -grenser overvÃ¥kes dÃ¸gnet rundt. Det ble i praksis innfÃ¸rt brev og -besÃ¸kskontroll av hele befolkningen. Rapporter fra de landene som -allerede har innfÃ¸rt slik total lagring av borgernes -kommunikasjonsmÃ¸nstre forteller at det ikke hjelper i -kriminalitetsbekjempelsen. Den norske prislappen blir mange hundre -millioner, uten at det ser ut til Ã¥ bidra positivt til politiets -arbeide. Jeg synes flere hundre millioner i stedet burde vÃ¦rt brukt -pÃ¥ noe som kan dokumenteres Ã¥ ha effekt i kriminalitetsbekjempelsen. -Se mer pÃ¥ -Wikipedia -og Jon Wessel-Aas.

- -

Hva er problemet, tenkter du kanskje? Et Ã¥penbart problem er at -medienes kildevern i praksis blir radert ut. Den innsamlede -informasjonen gjÃ¸r det mulig Ã¥ finne ut hvem som har snakket med -journalister pÃ¥ telefon, SMS og epost, og hvem som har vÃ¦rt i nÃ¦rheten -av journalister sÃ¥ sant begge bar med seg en telefon. Et annet er at -advokatvernet blir sterkt redusert, der politiet kan finne ut hvem -som har snakket med en advokat nÃ¥r, eller vÃ¦rt i mÃ¸ter en med advokat. -Et tredje er at svÃ¦rt personlig informasjon kan avledes fra hvilke -nettsteder en har besÃ¸kt. Har en besÃ¸kt hivnorge.no, -swingersnorge.com eller andre sider som kan brukes til avlede -interesser som hÃ¸rer til privatsfÃ¦ren, vil denne informasjonen vÃ¦re -tilgjengelig takket vÃ¦re datalagringsdirektivet.

- -

De fleste partiene var mot, kun to partier stemte for. HÃ¸yre og -Arbeiderpartiet. Og bÃ¥de HÃ¸yre og Arbeiderpartiet i Oslo har -DLD-forkjempere pÃ¥ toppen av sine lister (har ikke sjekket de andre -fylkene). Det er dermed helt uaktuelt for meg Ã¥ stemme pÃ¥ disse -partiene. Her er oversikten over partienes valglister i Oslo, med -informasjon om hvem som stemte hva i fÃ¸rste DLD-votering i Stortinget, -basert pÃ¥ informasjon fra mine venner i -Holder de -Ord samt data.stortinget.no. -FÃ¸rst ut er stortingslista fra HÃ¸yre for Oslo:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

#	Navn, fÃ¸dselsÃ¥r og valgkrets	Stemme/kommentar
1.	Ine Marie Eriksen SÃ¸reide (1976), Gamle Oslo	Stemte for DLD
2.	Nikolai Astrup (1978), Frogner	Stemte mot DLD
3.	Michael Tetzschner (1954), Vestre Aker	Stemte mot DLD
4.	Kristin Vinje (1963), Nordre Aker	Ikke til stede
5.	Mudassar Hussain Kapur (1976), Nordstrand	Ikke til stede
6.	Stefan Magnus B. Heggelund (1984), GrÃ¼nerlÃ¸kka	Ikke til stede
7.	Heidi Nordby Lunde (1973), GrÃ¼nerlÃ¸kka	Ikke til stede
8.	Frode Helgerud (1950), Frogner	Ikke til stede
9.	Afshan Rafiq (1975), Stovner	Ikke til stede
10.	Astrid NÃ¸klebye Heiberg (1936), Frogner	Ikke til stede
11.	Camilla Strandskog (1984) St.Hanshaugen	Ikke til stede
12.	John Christian Elden (1967), Ullern	Ikke til stede
13.	Berit Solli (1972), Alna	Ikke til stede
14.	Ola Kvisgaard (1963), Frogner	Ikke til stede
15.	James Stove Lorentzen (1957), Vestre Aker	Ikke til stede
16.	GÃ¼lsÃ¼m Koc (1987), Stovner	Ikke til stede
17.	Jon Ole Whist (1976), GrÃ¼nerlÃ¸kka	Ikke til stede
18.	Maren Eline Malthe-SÃ¸renssen (1971), Vestre Aker	Ikke til stede
19.	StÃ¥le Hagen (1968), SÃ¸ndre Nordstrand	Ikke til stede
20.	Kjell Omdal Erichsen (1978), Sagene	Ikke til stede
21.	Saida R. Begum (1987), GrÃ¼nerlÃ¸kka	Ikke til stede
22.	Torkel Brekke (1970), Nordre Aker	Ikke til stede
23.	Sverre K. Seeberg (1950), Vestre Aker	Ikke til stede
24.	Julie Margrethe Brodtkorb (1974), Ullern	Ikke til stede
25.	Fabian Stang (1955), Frogner	Ikke til stede

- -

Deretter har vi stortingslista fra Arbeiderpartiet for Oslo:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

How to add extra storage servers in Debian Edu / Skolelinux

12th March 2014

On larger sites, it is useful to use a dedicated storage server for +storing user home directories and data. The design for handling this +in Debian Edu / Skolelinux, is +to update the automount rules in LDAP and let the automount daemon on +the clients take care of the rest. I was reminded about the need to +document this better when one of the customers of +Skolelinux Drift AS, where I am +on the board of directors, asked about how to do this. The steps to +get this working are the following:

+ +

Add new storage server in DNS. I use nas-server.intern as the +example host here.
Add automoun LDAP information about this server in LDAP, to allow +all clients to automatically mount it on reqeust.
Add the relevant entries in tjener.intern:/etc/fstab, because +tjener.intern do not use automount to avoid mounting loops.

+ +

DNS entries are added in GOsaÂ², and not described here. Follow the +instructions +in the manual (Machine Management with GOsaÂ² in section Getting +started).

+ +

Ensure that the NFS export points on the server are exported to the +relevant subnets or machines:

+ +

+root@tjener:~# showmount -e nas-server
+Export list for nas-server:
+/storage         10.0.0.0/8
+root@tjener:~#
+

+ +

Here everything on the backbone network is granted access to the +/storage export. With NFSv3 it is slightly better to limit it to +netgroup membership or single IP addresses to have some limits on the +NFS access.

+ +

The next step is to update LDAP. This can not be done using GOsaÂ², +because it lack a module for automount. Instead, use ldapvi and add +the required LDAP objects using an editor.

+ +

+ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no
+

+ +

When the editor show up, add the following LDAP objects at the +bottom of the document. The "/&" part in the last LDAP object is a +wild card matching everything the nas-server exports, removing the +need to list individual mount points in LDAP.

+ +

+add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: nas-server
+automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+
+add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: automountMap
+ou: auto.nas-server
+
+add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: /
+automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
+

+ +

The last step to remember is to mount the relevant mount points in +tjener.intern by adding them to /etc/fstab, creating the mount +directories using mkdir and running "mount -a" to mount them.

+ +

When this is done, your users should be able to access the files on +the storage server directly by just visiting the +/tjener/nas-server/storage/ directory using any application on any +workstation, LTSP client or LTSP server.

+ + + Tags: debian edu, english, ldap. + + +

+ +

Hvordan bÃ¸r RFC 822-formattert epost lagres i en NOARK5-database?

7th March 2014

For noen uker siden ble NXCs fri programvarelisenserte +NOARK5-lÃ¸sning +presentert hos +NUUG (video +pÃ¥ youtube +forelÃ¸big), og det fikk meg til Ã¥ titte litt mer pÃ¥ NOARK5, +standarden for arkivhÃ¥ndtering i det offentlige Norge. Jeg lurer pÃ¥ +om denne kjernen kan vÃ¦re nyttig i et par av mine prosjekter, og for ett +av dem er det mest aktuelt Ã¥ lagre epost. Jeg klarte ikke finne noen +anbefaling om hvordan RFC 822-formattert epost (aka Internett-epost) +burde lagres i NOARK5, selv om jeg vet at noen arkiver tar +PDF-utskrift av eposten med sitt epostprogram og sÃ¥ arkiverer PDF-en +(eller enda vÃ¦rre, tar papirutskrift og lagrer bildet av eposten som +PDF i arkivet).

+ +

Det er ikke sÃ¥ mange formater som er akseptert av riksarkivet til +langtidsoppbevaring av offentlige arkiver, og PDF og XML er de mest +aktuelle i sÃ¥ mÃ¥te. Det slo meg at det mÃ¥tte da finnes en eller annen +egnet XML-representasjon og at det kanskje var enighet om hvilken som +burde brukes, sÃ¥ jeg tok mot til meg og spurte +SAMDOK, en gruppe tilknyttet +arkivverket som ser ut til Ã¥ jobbe med NOARK-samhandling, om de hadde +noen anbefalinger: + +

+
Hei.
+ +
Usikker pÃ¥ om dette er riktig forum Ã¥ ta opp mitt spÃ¸rsmÃ¥l, men jeg +lurer pÃ¥ om det er definert en anbefaling om hvordan RFC +822-formatterte epost (aka vanlig Internet-epost) bÃ¸r lages hÃ¥ndteres +i NOARK5, slik at en bevarer all informasjon i eposten +(f.eks. Received-linjer). Finnes det en anbefalt XML-mapping ala den +som beskrives pÃ¥ +<URL: https://www.informit.com/articles/article.aspx?p=32074 >? Mitt +mÃ¥l er at det skal vÃ¦re mulig Ã¥ lagre eposten i en NOARK5-kjerne og +kunne fÃ¥ ut en identisk formattert kopi av opprinnelig epost ved +behov.
+

+ +

Postmottaker hos SAMDOK mente spÃ¸rsmÃ¥let heller burde stilles +direkte til riksarkivet, og jeg fikk i dag svar derfra formulert av +seniorrÃ¥dgiver Geir Ivar Tungesvik:

+ +

+
Riksarkivet har ingen anbefalinger nÃ¥r det gjelder konvertering fra +e-post til XML. Det stÃ¥r arkivskaper fritt Ã¥ eventuelt definere/bruke +eget format. Inklusive da - som det spÃ¸rres om - et format der det er +mulig Ã¥ re-etablere e-post format ut fra XML-en. XML (e-post) +dokumenter mÃ¥ vÃ¦re referert i arkivstrukturen, og det mÃ¥ vedlegges et +gyldig XML skjema (.xsd) for XML-filene. Arkivskaper stÃ¥r altsÃ¥ fritt +til Ã¥ gjÃ¸re hva de vil, bare det dokumenteres og det kan dannes et +utrekk ved avlevering til depot.
+ +
De obligatoriske kravene i Noark 5 standarden mÃ¥ altsÃ¥ oppfylles - +etter dialog med Riksarkivet i forbindelse med godkjenning. For +offentlige arkiv er det sÃ¦rlig viktig med filene loependeJournal.xml +og offentligJournal.xml. Private arkiv som vil forholde seg til Noark +5 standarden er selvsagt frie til Ã¥ bruke det som er relevant for dem +av obligatoriske krav.
+

+ +

Det ser dermed ut for meg som om det er et lite behov for Ã¥ +standardisere XML-lagring av RFC-822-formatterte meldinger. Noen som +vet om god spesifikasjon i sÃ¥ mÃ¥te? I tillegg til den omtalt over, +har jeg kommet over flere aktuelle beskrivelser (sÃ¸k pÃ¥ "rfc 822 +xml", sÃ¥ finner du aktuelle alternativer).

- - +

- - - +

XML MIME Transformation +protocol (XMTP) fra OpenHealth, sist oppdatert 2001.

- - - +

An +XML format for mail and other messages utkast fra IETF datert +2001.

#	Navn, fÃ¸dselsÃ¥r og valgkrets	Stemme/kommentar
1.	Jens Stoltenberg (1959), Frogner	Ikke til stede i Stortinget, leder av regjeringen som fremmet forslaget
2.	Hadia Tajik (1983), GrÃ¼nerlÃ¸kka	Stemte for DLD
3.	Jonas Gahr StÃ¸re (1960), Vestre Aker	Ikke til stede i Stortinget, medlem av regjeringen som fremmet forslaget
4.	Marianne Marthinsen (1980), GrÃ¼nerlÃ¸kka	Stemte for DLD
5.	Jan BÃ¸hler (1952), Alna	Stemte for DLD
6.	Marit Nybakk (1947), Frogner	Stemte for DLD
7.	Truls Wickholm (1978), Sagene	Stemte for DLD
8.	Prableen Kaur (1993), Grorud	Ikke til stede
9.	Vegard GrÃ¸slie Wennesland (1983), St.Hanshaugen	Ikke til stede
10.	Inger Helene Vaaten (1975), Grorud	Ikke til stede
11.	Ivar Leveraas (1939), Alna	Ikke til stede
12.	Grete Haugdal (1971), Gamle Oslo	Ikke til stede
13.	Olav TÃ¸nsberg (1948), Alna	Ikke til stede
14.	Khamshajiny Gunaratnam (1988), Grorud	Ikke til stede
15.	Fredrik Mellem (1969), Sagene	Ikke til stede
16.	Brit Axelsen (1945), Stovner	Ikke til stede
17.	Dag Bayegan-Harlem (1977), Ullern	Ikke til stede
18.	Kristin Sandaker (1963), ÃsteinsjÃ¸	Ikke til stede
19.	Bashe Musse (1965), GrÃ¼nerlÃ¸kka	Ikke til stede
20.	Torunn Kanutte Husvik (1983), St. Hanshaugen	Ikke til stede
21.	Steinar Andersen (1947), Nordstrand	Ikke til stede
22.	Anne Cathrine Berger (1972), Sagene	Ikke til stede
23.	Khalid Mahmood (1959), ÃstensjÃ¸	Ikke til stede
24.	Munir Jaber (1990), Alna	Ikke til stede
25.	Libe Solberg Rieber-Mohn (1965), Frogner	Ikke til stede

xMail: +E-mail as XML en artikkel fra 2003 som beskriver python-modulen +rfc822 som gir ut XML-representasjon av en RFC 822-formattert epost.

Hvilket parti fÃ¥r sÃ¥ min stemme i Ã¥r. Jeg tror det blir -Piratpartiet. Hvis de kan bidra -til at det kommer noen inn pÃ¥ Stortinget med teknisk peiling, sÃ¥ fÃ¥r -kanskje ikke overvÃ¥kningsgalskapen like fritt spillerom som det har -hatt sÃ¥ langt.

+ +

Finnes det andre og bedre spesifikasjoner for slik lagring? Send +meg en epost hvis du har innspill.

- Tags: norsk, personvern, stortinget, surveillance, valg. + Tags: norsk, offentlig innsyn.

@@ -440,138 +284,110 @@ hatt sÃ¥ langt.

Second beta release (beta 1) of Debian Edu/Skolelinux based on Debian Wheezy

22nd August 2013

The second wheezy based beta release of Debian Edu was wrapped up -today, slightly delayed because of some bugs in the initial Windows -integration fixes . This is the release announcement:

- -

New features for Debian Edu 7.1+edu0~b1 released 2013-08-22

- -

These are the release notes for Debian Edu / Skolelinux -7.1+edu0~b1, based on Debian with codename "Wheezy".

- -

About Debian Edu and Skolelinux

- -

Debian Edu, also known as -Skolelinux, is a Linux distribution based on Debian providing an -out-of-the box environment of a completely configured school -network. Immediately after installation a school server running all -services needed for a school network is set up just waiting for users -and machines being added via GOsaÂ², a comfortable Web-UI. A netbooting -environment is prepared using PXE, so after initial installation of -the main server from CD or USB stick all other machines can be -installed via the network. The provided school server provides LDAP -database and Kerberos authentication service, centralized home -directories, DHCP server, web proxy and many other services. The -desktop contains -more -than 60 educational software packages and more are available from -the Debian archive, and schools can choose between KDE, Gnome, LXDE -and Xfce desktop environment.

- -

This is the sixth test release based on Debian Wheezy. Basically this -is an updated and slightly improved version compared to the Squeeze -release.

- -

ALERT: Alpha based installations should reinstall or downgrade the -versions of gosa and libpam-mklocaluser to the ones used in this beta -release. Both alpha and beta0 based installations should reinstall or -deal with gosa.conf manually; there are two options: (1) Keep -gosa.conf and edit this file as outlined -on -the mailing list. (2) Accept the new version of gosa.conf and -replace both contained admin password placeholders with the password -hashes found in the old one (backup copy!). In both cases every user -need to change their their password to make sure a password is set for -CIFS access to their home directory.

- -

Software updates

Lenker for 2014-02-28

28th February 2014

Her er noen lenker til tekster jeg har satt pris pÃ¥ Ã¥ lese de siste +mÃ¥nedene. Det er mye om varsleren Edward Snowden, som burde fÃ¥ all +hjelp, stÃ¸tte og beskyttelse Norge kan stille opp med for Ã¥ ha satt +totalitÃ¦r overvÃ¥kning pÃ¥ sakskartet, men ogsÃ¥ endel annet +tankevekkende og interessant.

Added ssh askpass packages to default installation, to ensure ssh - work also without a attached tty.
Add the command-not-found package to the default installation to - make it easier to figure out where to find missing command line - tools. Please note, that the command 'update-command-not-found' - has to be run as root to actually make it useful (internet access - required).
2013-12-21 +- +NSA tenker som Stasi - Dagbladet.no

2013-12-19 - +Staten har ikke rett til Ã¥ vite alt om deg - DN.no

Other changes

2013-12-21 +Nye +mÃ¥l for NSAs spionasje avslÃ¸rt - Dagbladet.no

2013-12-19 +Â«NSA +bÃ¸r fjernes fra sin makt til Ã¥ samle inn metadata fra amerikanske +telefonsamtalerÂ» - Dagbladet.no
Adjusted the USB stick ISO image build to include every tool -needed for desktop=xfce installations.
Adjust thin-client-server task to work when installing from USB -stick ISO image.
Made new grub artwork (changed png from indexed to RGB format).
Minor cleanup in the CUPS setup.
Make sure that bootstrapping of the Samba domain really happens - during installation of the main server and adjust SID handling to - cope with this.
Make Samba passwords changeable (again) via GOsaÂ².
Fix generation of LM and NT password hashes via GOsaÂ² to avoid - empty password hashes.
Adapted Samba machine domain joining to latest change in the - smbldap-tools Perl package, fixing bugs blocking Windows machines - from joining the Samba domain.
2013-12-18 +Etterretning, +overvÃ¥king, frihet og sikkerhet - Dagbladet.no

2013-12-17 +Snowden +angriper USA i Ã¥pent brev - nrk.no

Known issues

2013-12-17 +Rettslig +nederlag for etterretning - digi.no

2013-12-21 +Truende +nedkjÃ¸ling - dagbladet.no
KDE fails to understand the wpad.dat file provided, causing it to - not use the http proxy as it should.
Chromium also fails to use the proxy when using the KDE desktop - (using the KDE configuration).
2013-12-20 +Matematikk +og forstÃ¥else - aftenposten.no

2013-10-20 +Vi +sÃ¸v for Ã¥ reinse hjernen vÃ¥r, ifÃ¸lgje ny studie - nrk.no

Where to get it

2013-12-11 +Rotterace +i kloakken - nrk.no

To download the multiarch netinstall CD release you can use

2013-12-30 +Ãpne +brev og frie tanker - aftenposten.no

2014-01-12 +Stopp dagens kunnskapsapartheid! - aftenposten.no
ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-CD.iso
2014-01-09 +EU-rapport: +Britisk og amerikansk overvÃ¥king ser ut til Ã¥ vÃ¦re ulovlig - +aftenposten.no
http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-CD.iso
2013-10-23 Professor Jan Arild Audestad +Advarer +mot konspirasjonsteori i digi.no og sier han ikke tror NSA kan +avlytte mobiltelefoner, mens han noen mÃ¥neder senere forteller:
rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-CD.iso .
2014-01-09 +- +Vi ble presset til Ã¥ svekke mobilsikkerheten pÃ¥ 80-tallet - +aftenposten.no

2014-02-12 +Et +mÃ¸te med Edward Snowden - intervju sendt av nrk, tilgjengelig til +2015-01-31

The MD5SUM of this image is: 1e357f80b55e703523f2254adde6d78b -
The SHA1SUM of this image is: 7157f9be5fd27c7694d713c6ecfed61c3edda3b2

2014-02-17 +LitteraturredaktÃ¸ren: +Helle Thornings tavshed om Snowden er en skandale - +politiken.dk

To download the multiarch USB stick ISO release you can use

2014-02-21 +Bra Ã¥ ha en Â«StorebrorÂ» - aftenposten.no

2014-02-28 +"Narkotikasiktet +Stortingsmann" - Spillet bak kulissene - John Christian Eldens +blogg
ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-USB.iso
http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-USB.iso
rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-USB.iso .
2014-02-28 +Heksejakt +pÃ¥ hasjbrukere - aftenposten.no

- -

The MD5SUM of this image is: 7a8408ead59cf7e3cef25afb6e91590b -
The SHA1SUM of this image is: f1817c031f02790d5edb3bfa0dcf8451088ad119

- - -

How to report bugs

- -

http://wiki.debian.org/DebianEdu/HowTo/ReportBugs

- Tags: debian edu, english. + Tags: lenker, norsk, personvern.

@@ -579,29 +395,32 @@ stick ISO image.

Intel 180 SSD disk with Lenovo firmware can not use Intel firmware

18th August 2013

Earlier, I reported about -my -problems using an Intel SSD 520 Series 180 GB disk. Friday I was -told by IBM that the original disk should be thrown away. And as -there no longer was a problem if I bricked the firmware, I decided -today to try to install Intel firmware to replace the Lenovo firmware -currently on the disk.

- -

I searched the Intel site for firmware, and found -issdfut_2.0.4.iso -(aka Intel SATA Solid-State Drive Firmware Update Tool) which -according to the site should contain the latest firmware for SSD -disks. I inserted the broken disk in one of my spare laptops and -booted the ISO from a USB stick. The disk was recognized, but the -program claimed the newest firmware already were installed and refused -to insert any Intel firmware. So no change, and the disk is still -unable to handle write load. :( I guess the only way to get them -working would be if Lenovo releases new firmware. No idea how likely -that is. Anyway, just blogging about this test for completeness. I -got a working Samsung disk, and see no point in spending more time on -the broken disks.

New home and release 1.0 for netgroup and innetgr (aka ng-utils)

22nd February 2014

Many years ago, I wrote a GPL licensed version of the netgroup and +innetgr tools, because I needed them in +Skolelinux. I called the project +ng-utils, and it has served me well. I placed the project under the +Hungry Programmer umbrella, and it was maintained in our CVS +repository. But many years ago, the CVS repository was dropped (lost, +not migrated to new hardware, not sure), and the project have lacked a +proper home since then.

+ +

Last summer, I had a look at the package and made a new release +fixing a irritating crash bug, but was unable to store the changes in +a proper source control system. I applied for a project on +Alioth, but did not have time +to follow up on it. Until today. :)

+ +

After many hours of cleaning and migration, the ng-utils project +now have a new home, and a git repository with the highlight of the +history of the project. I published all release tarballs and imported +them into the git repository. As the project is really stable and not +expected to gain new features any time soon, I decided to make a new +release and call it 1.0. Visit the new project home on +https://alioth.debian.org/projects/ng-utils/ +if you want to check it out. The new version is also uploaded into +Debian Unstable.

@@ -614,57 +433,113 @@ the broken disks.

90 percent done with the Norwegian draft translation of Free Culture

2nd August 2013

It has been a while since my last update. Since last summer, I -have worked on a Norwegian -docbook version of the 2004 book -Free Culture by Lawrence Lessig, -to get a Norwegian text explaining the problems with the copyright -law. Yesterday, I finally broken the 90% mark, when counting the -number of strings to translate. Due to real life constraints, I have -not had time to work on it since March, but when the summer broke out, -I found time to work on it again. Still lots of work left, but the -first draft is nearing completion. I created a graph to show the -progress of the translation:

- -

When the first draft is done, the translated text need to be -proof read, and the remaining formatting problems with images and SVG -drawings need to be fixed. There are probably also some index entries -missing that need to be added. This can be done by comparing the -index entries listed in the SiSU version of the book, or comparing the -English docbook version with the paper version. Last, the colophon -page with ISBN numbers etc need to be wrapped up before the release is -done. I should also figure out how to get correct Norwegian sorting -of the index pages. All docbook tools I have tried so far (xmlto, -docbook-xsl, dblatex) get the order of symbols and the special -Norwegian letters ÃÃÃ wrong.

- -

There is still need for translators and people with docbook -knowledge, to be able to get a good looking book (I still struggle -with dblatex, xmlto and docbook-xsl) as well as to do the draft -translation and proof reading. And I would like the figures to be -redrawn as SVGs to make it easy to translate them. Any SVG master -around? There are also some legal terms that are unfamiliar to me. -If you want to help, please get in touch with me, and check out the -project files currently available from -github.

- -

If you are curious what the translated book currently look like, -the updated -PDF -and -EPUB -are published on github. The HTML version is published as well, but -github hand it out with MIME type text/plain, confusing browsers, so I -saw no point in linking to that version.

Testing sysvinit from experimental in Debian Hurd

3rd February 2014

A few days ago I decided to try to help the Hurd people to get +their changes into sysvinit, to allow them to use the normal sysvinit +boot system instead of their old one. This follow up on the +great +Google Summer of Code work done last summer by Justus Winter to +get Debian on Hurd working more like Debian on Linux. To get started, +I downloaded a prebuilt hard disk image from +http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz, +and started it using virt-manager.

+ +

The first think I had to do after logging in (root without any +password) was to get the network operational. I followed +the +instructions on the Debian GNU/Hurd ports page and ran these +commands as root to get the machine to accept a IP address from the +kvm internal DHCP server:

+ +

+settrans -fgap /dev/netdde /hurd/netdde
+kill $(ps -ef|awk '/[p]finet/ { print $2}')
+kill $(ps -ef|awk '/[d]evnode/ { print $2}')
+dhclient /dev/eth0
+

+ +

After this, the machine had internet connectivity, and I could +upgrade it and install the sysvinit packages from experimental and +enable it as the default boot system in Hurd.

+ +

But before I did that, I set a password on the root user, as ssh is +running on the machine it for ssh login to work a password need to be +set. Also, note that a bug somewhere in openssh on Hurd block +compression from working. Remember to turn that off on the client +side.

+ +

Run these commands as root to upgrade and test the new sysvinit +stuff:

+ +

+cat > /etc/apt/sources.list.d/experimental.list <<EOF
+deb http://http.debian.net/debian/ experimental main
+EOF
+apt-get update
+apt-get dist-upgrade
+apt-get install -t experimental initscripts sysv-rc sysvinit \
+    sysvinit-core sysvinit-utils
+update-alternatives --config runsystem
+

+ +

To reboot after switching boot system, you have to use +reboot-hurd instead of just reboot, as there is not +yet a sysvinit process able to receive the signals from the normal +'reboot' command. After switching to sysvinit as the boot system, +upgrading every package and rebooting, the network come up with DHCP +after boot as it should, and the settrans/pkill hack mentioned at the +start is no longer needed. But for some strange reason, there are no +longer any login prompt in the virtual console, so I logged in using +ssh instead. + +

Note that there are some race conditions in Hurd making the boot +fail some times. No idea what the cause is, but hope the Hurd porters +figure it out. At least Justus said on IRC (#debian-hurd on +irc.debian.org) that they are aware of the problem. A way to reduce +the impact is to upgrade to the Hurd packages built by Justus by +adding this repository to the machine:

+ +

+cat > /etc/apt/sources.list.d/hurd-ci.list <<EOF
+deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main
+EOF
+

+ +

At the moment the prebuilt virtual machine get some packages from +http://ftp.debian-ports.org/debian, because some of the packages in +unstable do not yet include the required patches that are lingering in +BTS. This is the completely list of "unofficial" packages installed:

+ +

+# aptitude search '?narrow(?version(CURRENT),?origin(Debian Ports))'
+i   emacs                   - GNU Emacs editor (metapackage)
+i   gdb                     - GNU Debugger
+i   hurd-recommended        - Miscellaneous translators
+i   isc-dhcp-client         - ISC DHCP client
+i   isc-dhcp-common         - common files used by all the isc-dhcp* packages
+i   libc-bin                - Embedded GNU C Library: Binaries
+i   libc-dev-bin            - Embedded GNU C Library: Development binaries
+i   libc0.3                 - Embedded GNU C Library: Shared libraries
+i A libc0.3-dbg             - Embedded GNU C Library: detached debugging symbols
+i   libc0.3-dev             - Embedded GNU C Library: Development Libraries and Hea
+i   multiarch-support       - Transitional package to ensure multiarch compatibilit
+i A x11-common              - X Window System (X.Org) infrastructure
+i   xorg                    - X.Org X Window System
+i A xserver-xorg            - X.Org X server
+i A xserver-xorg-input-all  - X.Org X server -- input driver metapackage
+#
+

+ +

All in all, testing hurd has been an interesting experience. :) +X.org did not work out of the box and I never took the time to follow +the porters instructions to fix it. This time I was interested in the +command line stuff.

- Tags: docbook, english, freeculture. + Tags: bootsystem, debian, english.

@@ -672,137 +547,90 @@ saw no point in linking to that version.

First beta release of Debian Edu/Skolelinux based on Debian Wheezy

27th July 2013

The first wheezy based beta release of Debian Edu was wrapped up -today. This is the release announcement:

- -

New features for Debian Edu 7.1+edu0~b0 released -2013-07-27

- -

These are the release notes for for Debian Edu / Skolelinux -7.1+edu0~b0, based on Debian with codename "Wheezy".

- -

About Debian Edu and Skolelinux

- -

Debian Edu, also known as -Skolelinux, is a Linux distribution based on Debian providing an -out-of-the box environment of a completely configured school -network. Immediately after installation a school server running all -services needed for a school network is set up just waiting for users -and machines being added via GOsaÂ², a comfortable Web-UI. A netbooting -environment is prepared using PXE, so after initial installation of -the main server from CD, DVD or USB stick all other machines can be -installed via the network. The provided school server provides LDAP -database and Kerberos authentication service, centralized home -directories, DHCP server, web proxy and many other services. The -desktop contains -more -than 60 educational software packages and more are available from -the Debian archive, and schools can choose between KDE, Gnome, LXDE -and Xfce desktop environment.

- -

This is the fifth test release based on Debian Wheezy. Basically -this is an updated and slightly improved version compared to the -Squeeze release.

- -

ALERT: Alpha based installations should reinstall or downgrade the -versions of gosa and libpam-mklocaluser to the ones used in this beta -release.

- -

Software updates

- -

Switched roaming workstation profiles from wicd to network-manager - for network configuration, as wicd didn't work any more.
Changed version numbers of patched gosa and libpam-mklocaluser - packages to make sure our locally patched versions will be replaced - by the official packages when they are released from Debian. Those - installing alpha version need to reinstall or manually downgrade gosa - and libpam-mklocaluser.
Added bluetooth tools to the default desktop (bluedevil, blueman).
Added tools for sharing the desktop on KDE (krdc, krfb).
Added valgrind to the default installation for easier debugging of - crash bugs.

- -

Other changes

- -

Fixed artwork package to work with gnome, no longer break - desktop=gnome installations.
Adjusted installer to now work when forced to use a proxy with the - netinst CD.
Fixed code detecting and setting/loading hardware specific - setup/firmware to work more robust out of the box.
Adjusted Kerberos setup to detect realm and server settings at - install time instead of dynamically at run time. This avoid a crash - with krb5-auth-dialog on diskless workstations without a DNS name.
Worked around misfeature in network-manager not calling the dhclient - exit hooks, causing automatic proxy configuration and automatic host - name setting at run time to work again.
Fixed feature setting the default Iceweasel start page from URL - fetched from LDAP, to allow schools to set the global default by - updating the dc=skole,dc=skolelinux,dc=no LDAP object.
Changed default host name on all networked machines to be unique - (generated from MAC or reverse DNS) after boot.
Adjusted partition sizes to make sure they are big enough.

- -

Known issues

- -

Grub is missing the new artwork.
KDE fail to understand the wpad.dat file provided, causing it to - not use the http proxy as it should.
Chromium also fail to use the proxy.

- -

Where to get it

- -

To download the multiarch netinstall CD release you can use

- -

ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b0-CD.iso
http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b0-CD.iso
rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b0-CD.iso .

- -

The MD5SUM of this image is: 55d5de9765b6dccd5d9ec33cf1a07109 -
The SHA1SUM of this image is: 996a1d9517740e4d627d100de2d12b23dd545a3f

- -

To download the multiarch USB stick ISO release you can use

- -

ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b0-USB.iso
http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b0-USB.iso
rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b0-USB.iso .

- -

The MD5SUM of this image is: d8f0818c51a78d357de794066f289f69 -
The SHA1SUM of this image is: 49185ca354e8d0543240423746924f76a6cee733

- - -

How to report bugs

- -

http://wiki.debian.org/DebianEdu/HowTo/ReportBugs +

A fist full of non-anonymous Bitcoins

29th January 2014

Bitcoin is a incredible use of peer to peer communication and +encryption, allowing direct and immediate money transfer without any +central control. It is sometimes claimed to be ideal for illegal +activity, which I believe is quite a long way from the truth. At least +I would not conduct illegal money transfers using a system where the +details of every transaction are kept forever. This point is +investigated in +USENIX ;login: +from December 2013, in the article +"A +Fistful of Bitcoins - Characterizing Payments Among Men with No +Names" by Sarah Meiklejohn, Marjori Pomarole,Grant Jordan, Kirill +Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. They +analyse the transaction log in the Bitcoin system, using it to find +addresses belong to individuals and organisations and follow the flow +of money from both Bitcoin theft and trades on Silk Road to where the +money end up. This is how they wrap up their article:

+ +

+
"To demonstrate the usefulness of this type of analysis, we turned +our attention to criminal activity. In the Bitcoin economy, criminal +activity can appear in a number of forms, such as dealing drugs on +Silk Road or simply stealing someone elseâs bitcoins. We followed the +flow of bitcoins out of Silk Road (in particular, from one notorious +address) and from a number of highly publicized thefts to see whether +we could track the bitcoins to known services. Although some of the +thieves attempted to use sophisticated mixing techniques (or possibly +mix services) to obscure the flow of bitcoins, for the most part +tracking the bitcoins was quite straightforward, and we ultimately saw +large quantities of bitcoins flow to a variety of exchanges directly +from the point of theft (or the withdrawal from Silk Road).
+ +
As acknowledged above, following stolen bitcoins to the point at +which they are deposited into an exchange does not in itself identify +the thief; however, it does enable further de-anonymization in the +case in which certain agencies can determine (through, for example, +subpoena power) the real-world owner of the account into which the +stolen bitcoins were deposited. Because such exchanges seem to serve +as chokepoints into and out of the Bitcoin economy (i.e., there are +few alternative ways to cash out), we conclude that using Bitcoin for +money laundering or other illicit purposes does not (at least at +present) seem to be particularly attractive."
+

+ +

These researches are not the first to analyse the Bitcoin +transaction log. The 2011 paper +"An Analysis of Anonymity in +the Bitcoin System" by Fergal Reid and Martin Harrigan is +summarized like this:

+ +

+"Anonymity in Bitcoin, a peer-to-peer electronic currency system, is a +complicated issue. Within the system, users are identified by +public-keys only. An attacker wishing to de-anonymize its users will +attempt to construct the one-to-many mapping between users and +public-keys and associate information external to the system with the +users. Bitcoin tries to prevent this attack by storing the mapping of +a user to his or her public-keys on that user's node only and by +allowing each user to generate as many public-keys as required. In +this chapter we consider the topological structure of two networks +derived from Bitcoin's public transaction history. We show that the +two networks have a non-trivial topological structure, provide +complementary views of the Bitcoin system and have implications for +anonymity. We combine these structures with external information and +techniques such as context discovery and flow analysis to investigate +an alleged theft of Bitcoins, which, at the time of the theft, had a +market value of approximately half a million U.S. dollars." +

+ +

I hope these references can help kill the urban myth that Bitcoin +is anonymous. It isn't really a good fit for illegal activites. Use +cash if you need to stay anonymous, at least until regular DNA +sampling of notes and coins become the norm. :)

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian edu, english. + Tags: bitcoin, english, personvern, sikkerhet.

@@ -810,112 +638,54 @@ release.

How to fix a Thinkpad X230 with a broken 180 GB SSD disk

17th July 2013

Today I switched to -my -new laptop. I've previously written about the problems I had with -my new Thinkpad X230, which was delivered with an -180 -GB Intel SSD disk with Lenovo firmware that did not handle -sustained writes. My hardware supplier have been very forthcoming in -trying to find a solution, and after first trying with another -identical 180 GB disks they decided to send me a 256 GB Samsung SSD -disk instead to fix it once and for all. The Samsung disk survived -the installation of Debian with encrypted disks (filling the disk with -random data during installation killed the first two), and I thus -decided to trust it with my data. I have installed it as a Debian Edu -Wheezy roaming workstation hooked up with my Debian Edu Squeeze main -server at home using Kerberos and LDAP, and will use it as my work -station from now on.

- -

As this is a solid state disk with no moving parts, I believe the -Debian Wheezy default installation need to be tuned a bit to increase -performance and increase life time of the disk. The Linux kernel and -user space applications do not yet adjust automatically to such -environment. To make it easier for my self, I created a draft Debian -package ssd-setup to handle this tuning. The -source -for the ssd-setup package is available from collab-maint, and it -is set up to adjust the setup of the machine by just installing the -package. If there is any non-SSD disk in the machine, the package -will refuse to install, as I did not try to write any logic to sort -file systems in SSD and non-SSD file systems.

- -

I consider the package a draft, as I am a bit unsure how to best -set up Debian Wheezy with an SSD. It is adjusted to my use case, -where I set up the machine with one large encrypted partition (in -addition to /boot), put LVM on top of this and set up partitions on -top of this again. See the README file in the package source for the -references I used to pick the settings. At the moment these -parameters are tuned:

New chrpath release 0.16

14th January 2014

Coverity is a nice tool to +find problems in C, C++ and Java code using static source code +analysis. It can detect a lot of different problems, and is very +useful to find memory and locking bugs in the error handling part of +the source. The company behind it provide +check of free software projects as +a community service, and many hundred free software projects are +already checked. A few days ago I decided to have a closer look at +the Coverity system, and discovered that the +gnash and +ipmitool +projects I am involved with was already registered. But these are +fairly big, and I would also like to have a small and easy project to +check, and decided to request +checking of the chrpath project. It was +added to the checker and discovered seven potential defects. Six of +these were real, mostly resource "leak" when the program detected an +error. Nothing serious, as the resources would be released a fraction +of a second later when the program exited because of the error, but it +is nice to do it right in case the source of the program some time in +the future end up in a library. Having fixed all defects and added +a +mailing list for the chrpath developers, I decided it was time to +publish a new release. These are the release notes:

+ +

New in 0.16 released 2014-01-14:

Set up cryptsetup to pass TRIM commands to the physical disk - (adding discard to /etc/crypttab)
Set up LVM to pass on TRIM commands to the underlying device (in - this case a cryptsetup partition) by changing issue_discards from - 0 to 1 in /etc/lvm/lvm.conf.
Set relatime as a file system option for ext3 and ext4 file - systems.
Tell swap to use TRIM commands by adding 'discard' to - /etc/fstab.
Change I/O scheduler from cfq to deadline using a udev rule.
Run fstrim on every ext3 and ext4 file system every night (from - cron.daily).
Adjust sysctl values vm.swappiness to 1 and vm.vfs_cache_pressure - to 50 to reduce the kernel eagerness to swap out processes.
Fixed all minor bugs discovered by Coverity.
Updated config.sub and config.guess from the GNU project.
Mention new project mailing list in the documentation.

During installation, I cancelled the part where the installer fill -the disk with random data, as this would kill the SSD performance for -little gain. My goal with the encrypted file system is to ensure -those stealing my laptop end up with a brick and not a working -computer. I have no hope in keeping the really resourceful people -from getting the data on the disk (see -XKCD #538 for an explanation why). -Thus I concluded that adding the discard option to crypttab is the -right thing to do.

- -

I considered using the noop I/O scheduler, as several recommended -it for SSD, but others recommended deadline and a benchmark I found -indicated that deadline might be better for interactive use.

- -

I also considered using the 'discard' file system option for ext3 -and ext4, but read that it would give a performance hit ever time a -file is removed, and thought it best to that that slowdown once a day -instead of during my work.

- -

My package do not set up tmpfs on /var/run, /var/lock and /tmp, as -this is already done by Debian Edu.

- -

I have not yet started on the user space tuning. I expect -iceweasel need some tuning, and perhaps other applications too, but -have not yet had time to investigate those parts.

- -

The package should work on Ubuntu too, but I have not yet tested it -there.

- -

As for the answer to the question in the title of this blog post, -as far as I know, the only solution I know about is to replace the -disk. It might be possible to flash it with Intel firmware instead of -the Lenovo firmware. But I have not tried and did not want to do so -without approval from Lenovo as I wanted to keep the warranty on the -disk until a solution was found and they wanted the broken disks -back.

You can +download the +new version 0.16 from alioth. Please let us know via the Alioth +project if something is wrong with the new release. The test suite +did not discover any old errors, so if you find a new one, please also +include a test suite check.

- Tags: debian, english. + Tags: chrpath, debian, english.

@@ -923,81 +693,216 @@ back.

Intel SSD 520 Series 180 GB with Lenovo firmware still lock up from sustained writes

10th July 2013

A few days ago, I wrote about -the -problems I experienced with my new X230 and its SSD disk, which -was dying during installation because it is unable to cope with -sustained write. My supplier is in contact with -Lenovo, and they wanted to send a -replacement disk to try to fix the problem. They decided to send an -identical model, so my hopes for a permanent fix was slim.

- -

Anyway, today I got the replacement disk and tried to install -Debian Edu Wheezy with encrypted disk on it. The new disk have the -same firmware version as the original. This time my hope raised -slightly as the installation progressed, as the original disk used to -die after 4-7% of the disk was written to, while this time it kept -going past 10%, 20%, 40% and even past 50%. But around 60%, the disk -died again and I was back on square one. I still do not have a new -laptop with a disk I can trust. I can not live with a disk that might -lock up when I download a new -Debian Edu / Skolelinux ISO or -other large files. I look forward to hearing from my supplier with -the next proposal from Lenovo.

- -

The original disk is marked Intel SSD 520 Series 180 GB, -11S0C38722Z1ZNME35X1TR, ISN: CVCV321407HB180EGN, SA: G57560302, FW: -LF1i, 29MAY2013, PBA: G39779-300, LBA 351,651,888, LI P/N: 0C38722, -Pb-free 2LI, LC P/N: 16-200366, WWN: 55CD2E40002756C4, Model: -SSDSC2BW180A3L 2.5" 6Gb/s SATA SSD 180G 5V 1A, ASM P/N 0C38732, FRU -P/N 45N8295, P0C38732.

- -

The replacement disk is marked Intel SSD 520 Series 180 GB, -11S0C38722Z1ZNDE34N0L0, ISN: CVCV315306RK180EGN, SA: G57560-302, FW: -LF1i, 22APR2013, PBA: G39779-300, LBA 351,651,888, LI P/N: 0C38722, -Pb-free 2LI, LC P/N: 16-200366, WWN: 55CD2E40000AB69E, Model: -SSDSC2BW180A3L 2.5" 6Gb/s SATA SSD 180G 5V 1A, ASM P/N 0C38732, FRU -P/N 45N8295, P0C38732.

- -

The only difference is in the first number (serial number?), ISN, -SA, date and WNPP values. Mentioning all the details here in case -someone is able to use the information to find a way to identify the -failing disk among working ones (if any such working disk actually -exist).

- - - Tags: debian, english. - - -

- -

July 13th: Debian/Ubuntu BSP and Skolelinux/Debian Edu developer gathering in Oslo

9th July 2013

The upcoming Saturday, 2013-07-13, we are organising a combined -Debian Edu developer gathering and Debian and Ubuntu bug squashing -party in Oslo. It is organised by the -member assosiation NUUG and -the Debian Edu / Skolelinux -project together with the hack space -Bitraf.

- -

It starts 10:00 and continue until late evening. Everyone is -welcome, and there is no fee to participate. There is on the other -hand limited space, and only room for 30 people. Please put your name -on the event -wiki page if you plan to join us.

Debian Edu interview: Dominik George

25th December 2013

The Debian Edu / Skolelinux +project consist of both newcomers and old timers, and this time I +was able to get an interview with a newcomer in the project who showed +up on the IRC channel a few weeks ago to let us know about his +successful installation of Debian Edu Wheezy in his School. Say hello +to Dominik +George.

+ + + +

Who are you, and how do you spend your days?

+ +

I am a 23 year-old student from Germany who has spent half of his +life with open source. In "real life", I am, as already mentioned, a +student in the fields of Computer Science, Electrical Engineering, +Information Technologies and Anglistics. Due to my (only partially +voluntary) huge engagement in the open source world, these things are +a bit vacant right now however.

+ +

I also have been working as a project teacher at a Gymasnium +(public school) for various years now. I took up that work some time +around 2005 when still attending that school myself and have continued +it until today. I also had been running the (kind of very advanced) +network of that school together with a team of very interested and +talented students in the age of 11 to 15 years, who took the chance to +learn a lot about open source and networking before I left the school +to help building another school's informational education concept from +scratch.

+ +

That said, one might see me as a kind of "glue" between school kids +and the elderly of teachers as well as between the open source +ecosystem and the (even more complex) educational ecosystem.

+ +

When I am not busy with open source or education, I like Geocaching +and cycling.

+ +

How did you get in contact with the Skolelinux / Debian Edu +project?

+ +

I think that happened some time around 2009 when I first attended +FrOSCon and visited the project +booth. I think I wasn't too interested back then because I used to +have an attitude of disliking software that does too much stuff on its +own. Maybe I was too inexperienced to realise the upsides of an +"out-of-the-box" solution ;).

+ +

The first time I actively talked to Skolelinux people was at +OpenRheinRuhr 2011 when the +BiscuIT project, a home-grewn software used by my school for various +really cool things from timetables and class contact lists to lunch +ordering, student ID card printing and project elections first got to +a stage where it could have been published. I asked the Skolelinux +guys running the booth if the project were interested in it and gave a +small demonstration, but there wasn't any real feedback and the guys +seemed rather uninterested.

+ +

After I left the school where I developed the software, it got +mostly lost, but I am now reimplementing it for my new school. I have +reusability and compatibility in mind, and I hop there will be a new +basis for contributing it to the Skolelinux project ;)!

+ +

What do you see as the advantages of Skolelinux / Debian +Edu?

+ +

The most important advantage seems to be that it "just +works". After overcoming some minor (but still very annoying) glitches +in the installer, I got a fully functional, working school network, +without the month-long hassle I experienced when setting all that up +from scratch in earlier years. And above that, it rocked - I didn't +have any real hardware at hand, because the school was just founded +and has no money whatsoever, so I installed a combined server (main +server, terminal services and workstation) in a VM on my personal +notebook, bridging the LTSP network interface to the ethernet port, +and then PXE-booted the Windows notebooks that were lying around from +it. I could use 8 clients without any performance issues, by using a +tiny little VM on a tiny little notebook. I think that's enough to say +that it rocks!

+ +

Secondly, there are marketing reasons. Life's bad, and so no +politician will ever permit a setup described as "Debian, an universal +operating system, with some really cool educational tools" while they +will be jsut fine with "Skolelinux, a single-purpose solution for your +school network", even if both turn out to be the very same thing (yes, +this is unfair towards the Skolelinux project, and must not be taken +too seriously - you get the idea, anyway).

+ +

What do you see as the disadvantages of Skolelinux / Debian +Edu?

+ +

I have not been involved with Skolelinux long enough to really +answer this question in a fair way. Thus, please allow me to put it in +other words: "What do you expect from Skolelinux to keep liking it?" I +can list a few points about that:

+ +

always strive to get all things integrated into Debian upstream +
be open to discussion about changes and the like, even with newcomers +
be helpful at being helpful ;) + +

+ +

I'm really sorry I cannot say much more about that :(!

+ +

Which free software do you use daily?

+ +

First of all, all software I use is free and open. I have abandoned +all non-free software (except for firmware on my darned phone) this +year.

+ +

I run Debian GNU/Linux on all PC systems I use. On that, I mostly +run text tools. I use +mksh as shell, +jupp as very advanced +text editor (I even got the developer to help me write a script/macro +based full-featured student management software with the two), +mcabber for XMPP and +irssi for IRC. For that overly +coloured world called the WWW, I use +Iceweasel +(Firefox). Oh, and mutt for +e-mail.

+ +

However, while I am personally aware of the fact that text tools +are more efficient and powerful than anything else, I also use (or at +least operate) some tools that are suitable to bring open source to +kids. One of these things is Jappix, +which I already introduced to some kids even before they got aware of +Facebook, making them see for themselves that they do not need +Facebook now ;).

+ +

Which strategy do you believe is the right one to use to +get schools to use free software?

+ +

Well, that's a two-sided thing. One side is what I believe, and one +side is what I have experienced.

+ +

I believe that the right strategy is showing them the benefits. But +that won't work out as long as the acceptance of free alternatives +grows globally. What I mean is that if all the kids are almost forced +to use Windows, Facebook, Skype, you name it at home, they will not +see why they would want to use alternatives at school. I have seen +students take seat in front of a fully-functional, modern Debian +desktop that could do anything their Windows at home could do, and +they jsut refused to use it because "Linux sucks". It is something +that makes the council of our city spend around 600000 â¬ to buy +software - not including hardware, mind you - for operating school +networks, and for installing a system that, as has been proved, does +not work. For those of you readers who are good at maths, have you +already found out how many lives could have been saved with that money +if we had instead used it to bring education to parts of the world +that need it? I have, and found it to be nothing less dramatic than +plain criminal.

+ +

That said, the only feasible way appears to be the bottom up +method. We have to bring free software to kids and parents. I have +founded an association named +Teckids here in Germany that does +just that. We organise several events for kids and adolescents in the +area of free and open source software, for example the +FrogLabs, which share staff with +Teckids and are the youth programme of +the Free and Open Source Software +Conference (FrOSCon). We do a lot more than most other conferences +- this year, we first offered the FrogLabs as a holiday camp for kids +aged 10 to 16. It was a huge success, with approx. 30 kids taking part +and learning with and about free software through a whole weekend. All +of us had a lot of fun, and the results were really exciting.

+ +

Apart from that, we are preparing a campaign that is supposed to bring +the message of free alternatives to stuff kids use every day to them and +their parents, e.g. the use of Jabber / Jappix instead of Facebook and +Skype. To make that possible, we are planning to get together a team of +clever kids who understand very well what their peers need and can bring +it across to them. So we will have a peer-driven network of adolescents +who teach each other and collect feedback from the community of minors. +We then take that feedback and our own experience to work closely with +open source projects, such as Skolelinux or Jappix, at improving their +software in a way that makes it more and more attractive for the target +group. At least I hope that we will have good cooperation with +Skolelinux in the future ;)!

+ +

So in conclusion, what I believe is that, if it weren't for the world +being so bad, it should be very clear to the political decision makers +that the only way to go nowadays is free software for various reasons, +but I have learnt that the only way that seems to work is bottom up.

+ +

- Tags: debian, debian edu, english, nuug. + Tags: debian edu, english, intervju.

@@ -1005,79 +910,44 @@ wiki page if you plan to join us.

The Thinkpad is dead, long live the Thinkpad X230?

5th July 2013

Half a year ago, I reported that I had to find a -replacement -for my trusty old Thinkpad X41. Unfortunately I did not have much -time to spend on it, and it took a while to find a model I believe -will do the job, but two days ago the replacement finally arrived. I -ended up picking a -Thinkpad X230 -with SSD disk (NZDAJMN). I first test installed Debian Edu Wheezy as -a roaming workstation, and it seemed to work flawlessly. But my -second installation with encrypted disk was not as successful. More -on that below.

- -

I had a hard time trying to track down a good laptop, as my most -important requirements (robust and with a good keyboard) are never -listed in the feature list. But I did get good help from the search -feature at Prisjakt, which -allowed me to limit the list of interesting laptops based on my other -requirements. A bit surprising that SSD disk are not disks according -to that search interface, so I had to drop specifying the number of -disks from my search parameters. I also asked around among friends to -get their impression on keyboards and robustness.

- -

So the new laptop arrived, and it is quite a lot wider than the -X41. I am not quite convinced about the keyboard, as it is -significantly wider than my old keyboard, and I have to stretch my -hand a lot more to reach the edges. But the key response is fairly -good and the individual key shape is fairly easy to handle, so I hope -I will get used to it. My old X40 was starting to fail, and I really -needed a new laptop now. :)

- -

Turning off the touch pad was simple. All it took was a quick -visit to the BIOS during boot it disable it.

- -

But there is a fatal problem with the laptop. The 180 GB SSD disk -lock up during load. And this happen when installing Debian Wheezy -with encrypted disk, while the disk is being filled with random data. -I also tested to install Ubuntu Raring, and it happen there too if I -reenable the code to fill the disk with random data (it is disabled by -default in Ubuntu). And the bug with is already known. It was -reported to Debian as BTS -report #691427 2012-10-25 (journal commit I/O error on brand-new -Thinkpad T430s ext4 on lvm on SSD). It is also reported to the Linux -kernel developers as -Kernel bugzilla -report #51861 2012-12-20 (Intel SSD 520 stops working under load -(SSDSC2BW180A3L in Lenovo ThinkPad T430s)). It is also reported on the -Lenovo forums, both for -T430 -2012-11-10 and for -X230 -03-20-2013. The problem do not only affect installation. The -reports state that the disk lock up during use if many writes are done -on the disk, so it is much no use to work around the installation -problem and end up with a computer that can lock up at any moment. -There is even a -small C program -available that will lock up the hard drive after running a few -minutes by writing to a file.

- -

I've contacted my supplier and asked how to handle this, and after -contacting PCHELP Norway (request 01D1FDP) which handle support -requests for Lenovo, his first suggestion was to upgrade the disk -firmware. Unfortunately there is no newer firmware available from -Lenovo, as my disk already have the most recent one (version LF1i). I -hope to hear more from him today and hope the problem can be -fixed. :)

Dugnadsnett for alle stiller pÃ¥ Oslo Maker Faire i januar 2014

10th December 2013

Helga 18. og 19. januar 2014 arrangeres +Oslo Maker +Faire, og Dugnadsnett for +alle har fÃ¥tt plass! Planen er Ã¥ ha et bord med en plakat der vi +forteller om hva Dugnadsnett for alle er for noe, og et lite verksted +der vi hjelper folk som er interessert i Ã¥ fÃ¥ opp sin egen mesh-node. +Jeg gleder meg til Ã¥ se hvordan prosjektet blir mottatt der.

+ +

MÃ¥let med dugnadsnett for alle i Oslo er Ã¥ fÃ¥ pÃ¥ plass et datanett +for kommunikasjon ved hjelp av radio-repeaterstasjoner (kalt +mesh-noder) som gjÃ¸r at en kan direkte kommunisere med slekt, venner +og bekjente i Oslo via andre som deltar i dugnadsnettet, samt gjÃ¸re +det mulig komme ut pÃ¥ internett via dugnadsnettet. FÃ¸rste delmÃ¥l er Ã¥ +kunne sende SMS-meldinger vha. IP-telefoni lÃ¸sningen +Serval project mellom +deltagerne i Dugnadsnett for alle i Oslo. FormÃ¥let er Ã¥ ta tilbake +kontrollen over egen nett-infrastruktur og gjÃ¸re det dyrere Ã¥ bedrive +massiv innsamling av informasjon om borgernes bruk av datanett.

+ +

HÃ¸res dette interessant ut? Bli med pÃ¥ prosjektet, fortell oss +hvor du kunne tenke deg Ã¥ sette opp en radio-repeater (slik at folk i +nÃ¦rheten kan finne hverandre ved hjelp av +kartet over planlagte og +eksisterende radio-repeatere), bli med pÃ¥ epostlisten +dugnadsnett +(at) nuug.no og stikk innom +IRC-kanalen +#dugnadsnett.no. SÃ¥ langt er det planlagt over 40 +radio-repeatere, med VPN-forbindelser via Internet for Ã¥ la de delene +av nettet som ikke nÃ¥r hverandre via radio kunne snakke med hverandre +likevel.

- Tags: debian, english. + Tags: mesh network, norsk, nuug.

@@ -1092,6 +962,17 @@ fixed. :)

Archive