X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/9c472ae020e66baaf6daaf23c06bb0308a065a0e..6de2416d4a9b7a56fb1c04dec08cdff3a6aa8fb6:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 199bd4bc72..37f9d3aa69 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,56 +20,70 @@
-
New chrpath release 0.15
-
24th November 2013
-

After many years break from the package and a vain hope that -development would be continued by someone else, I finally pulled my -acts together this morning and wrapped up a new release of chrpath, -the command line tool to modify the rpath and runpath of already -compiled ELF programs. The update was triggered by the persistence of -Isha Vishnoi at IBM, which needed a new config.guess file to get -support for the ppc64le architecture (powerpc 64-bit Little Endian) he -is working on. I checked the -Debian, -Ubuntu and -Fedora -packages for interesting patches (failed to find the source from -OpenSUSE and Mandriva packages), and found quite a few nice fixes. -These are the release notes:

- -

New in 0.15 released 2013-11-24:

+
Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine
+
14th March 2014
+

The Freedombox +project is working on providing the software and hardware for +making it easy for non-technical people to host their data and +communication at home, and being able to communicate with their +friends and family encrypted and away from prying eyes. It has been +going on for a while, and is slowly progressing towards a new test +release (0.2).

+ +

And what day could be better than the Pi day to announce that the +new version will provide "hard drive" / SD card / USB stick images for +Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization +system), and can also be installed using a Debian installer preseed +file. The Debian based Freedombox is now based on Debian Jessie, +where most of the needed packages used are already present. Only one, +the freedombox-setup package, is missing. To try to build your own +boot image to test the current status, fetch the freedom-maker scripts +and build using +vmdebootstrap +with a user with sudo access to become root: -

    - -
  • Updated config.sub and config.guess from the GNU project to work - with newer architectures. Thanks to isha vishnoi for the heads - up.
    • - -
  • Updated README with current URLs.
    • - -
  • Added byteswap fix found in Ubuntu, credited Jeremy Kerr and - Matthias Klose.
    • +
    +git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
+  freedom-maker
+sudo apt-get install git vmdebootstrap mercurial python-docutils \
+  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
+  u-boot-tools
+make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
+
    -
  • Added missing help for -k|--keepgoing option, using patch by - Petr Machata found in Fedora.
    • +

    Root access is needed to run debootstrap and mount loopback +devices. See the README for more details on the build. If you do not +want all three images, trim the make line. But note that thanks to a race condition in +vmdebootstrap, the build might fail without the patch to the +kpartx call.

    -
  • Rewrite removal of RPATH/RUNPATH to make sure the entry in - .dynamic is a NULL terminated string. Based on patch found in - Fedora credited Axel Thimm and Christian Krause.
    • +

    If you instead want to install using a Debian CD and the preseed +method, boot a Debian Wheezy ISO and use this boot argument to load +the preseed values:

    -
+
+url=http://www.reinholdtsen.name/freedombox/preseed-jessie.dat
+
-

You can -download the -new version 0.15 from alioth. Please let us know via the Alioth -project if something is wrong with the new release. The test suite -did not discover any old errors, so if you find a new one, please also -include a testsuite check.

+

But note that due to a +recently introduced bug in apt in Jessie, the installer will +currently hang while setting up APT sources. Killing the +'apt-cdrom ident' process when it hang a few times during the +installation will get the installation going. This affect all +installations in Jessie, and I expect it will be fixed soon.

+ +Give it a go and let us know how it goes on the mailing list, and help +us get the new release published. :) Please join us on +IRC (#freedombox on +irc.debian.org) and +the +mailing list if you want to help make this vision come true.

- Tags: debian, english. + Tags: debian, english, freedombox, sikkerhet, surveillance, web.
@@ -77,64 +91,94 @@ include a testsuite check.

-
RSS-kilde for fritekstsøk i offentlige anbud hos Doffin
-
22nd November 2013
-

I fjor sommer lagde jeg en -offentlig -tilgjengelig SQL-database over offentlig anbud basert på skraping -av HTML-data fra Doffin. Den har stått og gått siden da, og har nå -ca. 28000 oppføringer. Jeg oppdaget da jeg tittet innom at noen -oppføringer var ikke blitt med, antagelig på grunn av at de fikk -tildelt sekvensnummer i Doffin en godt stund før de ble publisert, -slik at min nettsideskraper som fortsatte skrapingen der den slapp -sist ikke fikk dem med seg. Jeg har fikset litt slik at skraperen nå -ser litt tilbake i tid for å se om den har gått glipp av noen -oppføringer, og har skrapet på nytt fra midten av september 2013 og -fremover. Det bør dermed bli en mer komplett database for kommende -måneder. Hvis jeg får tid skal jeg forsøke å skrape "glemte" data fra -før midten av september 2013, men tør ikke garantere at det blir -prioritert med det første.

- -

Men målet med denne bloggposten er å vise hvordan denne -Doffin-databasen kan brukes og integreres med en RSS-leser, slik at en -kan la datamaskinen holde et øye med Doffin-annonseringer etter -nøkkelord. En kan lage sitt eget søk ved å besøke -API-et -hos Scraperwiki, velge format rss2 og så legge inn noe ala dette i -"query in SQL":

- -

-select title, scrapedurl as link, abstract as description,
-       publishdate as pubDate from 'swdata'
-   where abstract like '%linux%' or title like '%linux%'
-   order by seq desc limit 20
-

- -

Dette vil søke opp alle anbud med ordet linux i oppsummering eller -tittel. En kan lage mer avanserte søk hvis en ønsker det. URL-en som -dukker opp nederst på siden kan en så gi til sin RSS-leser (jeg bruker -akregator selv), og så automatisk få beskjed hvis det dukker opp anbud -med det aktuelle nøkkelordet i teksten. Merk at kapasiteten og -ytelsen hos Scraperwiki er begrenset, så ikke be RSS-leseren hente ned -oftere enn en gang hver dag.

- -

Du lurer kanskje på hva slags informasjon en kan få ut fra denne -databasen. Her er to RSS-kilder, med søkeordet -"linux", -søkeordet -"fri -programvare" -og søkeordet -"odf". -Det er bare å søke på det en er interessert i. Kopier gjerne -datasettet og sett opp din egen tjeneste hvis du vil gjøre mer -avanserte søk. SQLite-filen med Doffin-oppføringer kan lastes med fra -Scraperwiki for de som vil grave dypere.

+
How to add extra storage servers in Debian Edu / Skolelinux
+
12th March 2014
+

On larger sites, it is useful to use a dedicated storage server for +storing user home directories and data. The design for handling this +in Debian Edu / Skolelinux, is +to update the automount rules in LDAP and let the automount daemon on +the clients take care of the rest. I was reminded about the need to +document this better when one of the customers of +Skolelinux Drift AS, where I am +on the board of directors, asked about how to do this. The steps to +get this working are the following:

+ +

    + +
  1. Add new storage server in DNS. I use nas-server.intern as the +example host here.
    2. + +
  2. Add automoun LDAP information about this server in LDAP, to allow +all clients to automatically mount it on reqeust.
    3. + +
  3. Add the relevant entries in tjener.intern:/etc/fstab, because +tjener.intern do not use automount to avoid mounting loops.
    4. + +

+ +

DNS entries are added in GOsa², and not described here. Follow the +instructions +in the manual (Machine Management with GOsa² in section Getting +started).

+ +

Ensure that the NFS export points on the server are exported to the +relevant subnets or machines:

+ +

+root@tjener:~# showmount -e nas-server
+Export list for nas-server:
+/storage         10.0.0.0/8
+root@tjener:~#
+

+ +

Here everything on the backbone network is granted access to the +/storage export. With NFSv3 it is slightly better to limit it to +netgroup membership or single IP addresses to have some limits on the +NFS access.

+ +

The next step is to update LDAP. This can not be done using GOsa², +because it lack a module for automount. Instead, use ldapvi and add +the required LDAP objects using an editor.

+ +

+ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no
+

+ +

When the editor show up, add the following LDAP objects at the +bottom of the document. The "/&" part in the last LDAP object is a +wild card matching everything the nas-server exports, removing the +need to list individual mount points in LDAP.

+ +

+add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: nas-server
+automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+
+add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: automountMap
+ou: auto.nas-server
+
+add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: /
+automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
+

+ +

The last step to remember is to mount the relevant mount points in +tjener.intern by adding them to /etc/fstab, creating the mount +directories using mkdir and running "mount -a" to mount them.

+ +

When this is done, your users should be able to access the files on +the storage server directly by just visiting the +/tjener/nas-server/storage/ directory using any application on any +workstation, LTSP client or LTSP server.

- Tags: norsk, nuug, offentlig innsyn. + Tags: debian edu, english, ldap.
@@ -142,56 +186,97 @@ Scraperwiki for de som vil grave dypere.

-
All drones should be radio marked with what they do and who they belong to
-
21st November 2013
-

Drones, flying robots, are getting more and more popular. The most -know ones are the killer drones used by some government to murder -people they do not like without giving them the chance of a fair -trial, but the technology have many good uses too, from mapping and -forest maintenance to photography and search and rescue. I am sure it -is just a question of time before "bad drones" are in the hands of -private enterprises and not only state criminals but petty criminals -too. The drone technology is very useful and very dangerous. To have -some control over the use of drones, I agree with Daniel Suarez in his -TED talk -"The kill -decision shouldn't belong to a robot", where he suggested this -little gem to keep the good while limiting the bad use of drones:

- -
- -

Each robot and drone should have a cryptographically signed -I.D. burned in at the factory that can be used to track its movement -through public spaces. We have license plates on cars, tail numbers on -aircraft. This is no different. And every citizen should be able to -download an app that shows the population of drones and autonomous -vehicles moving through public spaces around them, both right now and -historically. And civic leaders should deploy sensors and civic drones -to detect rogue drones, and instead of sending killer drones of their -own up to shoot them down, they should notify humans to their -presence. And in certain very high-security areas, perhaps civic -drones would snare them and drag them off to a bomb disposal facility.

- -

But notice, this is more an immune system than a weapons system. It -would allow us to avail ourselves of the use of autonomous vehicles -and drones while still preserving our open, civil society.

- -
- -

The key is that every citizen should be able to read the -radio beacons sent from the drones in the area, to be able to check -both the government and others use of drones. For such control to be -effective, everyone must be able to do it. What should such beacon -contain? At least formal owner, purpose, contact information and GPS -location. Probably also the origin and target position of the current -flight. And perhaps some registration number to be able to look up -the drone in a central database tracking their movement. Robots -should not have privacy. It is people who need privacy.

+
Hvordan bør RFC 822-formattert epost lagres i en NOARK5-database?
+
7th March 2014
+

For noen uker siden ble NXCs fri programvarelisenserte +NOARK5-løsning +presentert hos +NUUG (video +på youtube +foreløbig), og det fikk meg til å titte litt mer på NOARK5, +standarden for arkivhåndtering i det offentlige Norge. Jeg lurer på +om denne kjernen kan være nyttig i et par av mine prosjekter, og for ett +av dem er det mest aktuelt å lagre epost. Jeg klarte ikke finne noen +anbefaling om hvordan RFC 822-formattert epost (aka Internett-epost) +burde lagres i NOARK5, selv om jeg vet at noen arkiver tar +PDF-utskrift av eposten med sitt epostprogram og så arkiverer PDF-en +(eller enda værre, tar papirutskrift og lagrer bildet av eposten som +PDF i arkivet).

+ +

Det er ikke så mange formater som er akseptert av riksarkivet til +langtidsoppbevaring av offentlige arkiver, og PDF og XML er de mest +aktuelle i så måte. Det slo meg at det måtte da finnes en eller annen +egnet XML-representasjon og at det kanskje var enighet om hvilken som +burde brukes, så jeg tok mot til meg og spurte +SAMDOK, en gruppe tilknyttet +arkivverket som ser ut til å jobbe med NOARK-samhandling, om de hadde +noen anbefalinger: + +

+

Hei.

+ +

Usikker på om dette er riktig forum å ta opp mitt spørsmål, men jeg +lurer på om det er definert en anbefaling om hvordan RFC +822-formatterte epost (aka vanlig Internet-epost) bør lages håndteres +i NOARK5, slik at en bevarer all informasjon i eposten +(f.eks. Received-linjer). Finnes det en anbefalt XML-mapping ala den +som beskrives på +<URL: https://www.informit.com/articles/article.aspx?p=32074 >? Mitt +mål er at det skal være mulig å lagre eposten i en NOARK5-kjerne og +kunne få ut en identisk formattert kopi av opprinnelig epost ved +behov.

+

+ +

Postmottaker hos SAMDOK mente spørsmålet heller burde stilles +direkte til riksarkivet, og jeg fikk i dag svar derfra formulert av +seniorrådgiver Geir Ivar Tungesvik:

+ +

+

Riksarkivet har ingen anbefalinger når det gjelder konvertering fra +e-post til XML. Det står arkivskaper fritt å eventuelt definere/bruke +eget format. Inklusive da - som det spørres om - et format der det er +mulig å re-etablere e-post format ut fra XML-en. XML (e-post) +dokumenter må være referert i arkivstrukturen, og det må vedlegges et +gyldig XML skjema (.xsd) for XML-filene. Arkivskaper står altså fritt +til å gjøre hva de vil, bare det dokumenteres og det kan dannes et +utrekk ved avlevering til depot.

+ +

De obligatoriske kravene i Noark 5 standarden må altså oppfylles - +etter dialog med Riksarkivet i forbindelse med godkjenning. For +offentlige arkiv er det særlig viktig med filene loependeJournal.xml +og offentligJournal.xml. Private arkiv som vil forholde seg til Noark +5 standarden er selvsagt frie til å bruke det som er relevant for dem +av obligatoriske krav.

+

+ +

Det ser dermed ut for meg som om det er et lite behov for å +standardisere XML-lagring av RFC-822-formatterte meldinger. Noen som +vet om god spesifikasjon i så måte? I tillegg til den omtalt over, +har jeg kommet over flere aktuelle beskrivelser (søk på "rfc 822 +xml", så finner du aktuelle alternativer).

+ + + +

Finnes det andre og bedre spesifikasjoner for slik lagring? Send +meg en epost hvis du har innspill.

- Tags: english, robot, sikkerhet, surveillance. + Tags: norsk, offentlig innsyn.
@@ -199,26 +284,110 @@ should not have privacy. It is people who need privacy.

-
Lets make a wireless community network in Oslo!
-
13th November 2013
-

Today NUUG and Hackeriet announced -our -plans to join forces and create a wireless community network in -Oslo. The workshop to help people get started will take place -Thursday 2013-11-28, but we already are collecting the geolocation of -people joining forces to make this happen. We have -9 -locations plotted on the map, but we will need more before we have -a connected mesh spread across Oslo. If this sound interesting to -you, please join us at the workshop. If you are too impatient to wait -15 days, please join us on the IRC channel -#nuug on irc.freenode.net -right away. :)

+
Lenker for 2014-02-28
+
28th February 2014
+

Her er noen lenker til tekster jeg har satt pris på å lese de siste +månedene. Det er mye om varsleren Edward Snowden, som burde få all +hjelp, støtte og beskyttelse Norge kan stille opp med for å ha satt +totalitær overvåkning på sakskartet, men også endel annet +tankevekkende og interessant.

+ +
- Tags: english, mesh network, nuug. + Tags: lenker, norsk, personvern.
@@ -226,131 +395,37 @@ right away. :)

-
Running TP-Link MR3040 as a batman-adv mesh node using openwrt
-
10th November 2013
-

Continuing my research into mesh networking, I was recommended to -use TP-Link 3040 and 3600 access points as mesh nodes, and the pair I -bought arrived on Friday. Here are my notes on how to set up the -MR3040 as a mesh node using -OpenWrt.

- -

I started by following the instructions on the OpenWRT wiki for -TL-MR3040, -and downloaded -the -recommended firmware image -(openwrt-ar71xx-generic-tl-mr3040-v2-squashfs-factory.bin) and -uploaded it into the original web interface. The flashing went fine, -and the machine was available via telnet on the ethernet port. After -logging in and setting the root password, ssh was available and I -could start to set it up as a batman-adv mesh node.

- -

I started off by reading the instructions from -Wireless -Africa, which had quite a lot of useful information, but -eventually I followed the recipe from the Open Mesh wiki for -using -batman-adv on OpenWrt. A small snag was the fact that the -opkg install kmod-batman-adv command did not work as it -should. The batman-adv kernel module would fail to load because its -dependency crc16 was not already loaded. I -reported the bug to -the openwrt project and hope it will be fixed soon. But the problem -only seem to affect initial testing of batman-adv, as configuration -seem to work when booting from scratch.

- -

The setup is done using files in /etc/config/. I did not bridge -the Ethernet and mesh interfaces this time, to be able to hook up the -box on my local network and log into it for configuration updates. -The following files were changed and look like this after modifying -them:

- -

/etc/config/network

- -
-
-config interface 'loopback'
-        option ifname 'lo'
-        option proto 'static'
-        option ipaddr '127.0.0.1'
-        option netmask '255.0.0.0'
-
-config globals 'globals'
-        option ula_prefix 'fdbf:4c12:3fed::/48'
-
-config interface 'lan'
-        option ifname 'eth0'
-        option type 'bridge'
-        option proto 'dhcp'
-        option ipaddr '192.168.1.1'
-        option netmask '255.255.255.0'
-        option hostname 'tl-mr3040'
-        option ip6assign '60'
-
-config interface 'mesh'
-        option ifname 'adhoc0'
-        option mtu '1528'
-        option proto 'batadv'
-        option mesh 'bat0'
-
- -

/etc/config/wireless

-
-
-config wifi-device 'radio0'
-        option type 'mac80211'
-        option channel '11'
-        option hwmode '11ng'
-        option path 'platform/ar933x_wmac'
-        option htmode 'HT20'
-        list ht_capab 'SHORT-GI-20'
-        list ht_capab 'SHORT-GI-40'
-        list ht_capab 'RX-STBC1'
-        list ht_capab 'DSSS_CCK-40'
-        option disabled '0'
-
-config wifi-iface 'wmesh'
-        option device 'radio0'
-        option ifname 'adhoc0'
-        option network 'mesh'
-        option encryption 'none'
-        option mode 'adhoc'
-        option bssid '02:BA:00:00:00:01'
-        option ssid 'meshfx@hackeriet'
-
-

/etc/config/batman-adv

-
-
-config 'mesh' 'bat0'
-        option interfaces 'adhoc0'
-        option 'aggregated_ogms'
-        option 'ap_isolation'
-        option 'bonding'
-        option 'fragmentation'
-        option 'gw_bandwidth'
-        option 'gw_mode'
-        option 'gw_sel_class'
-        option 'log_level'
-        option 'orig_interval'
-        option 'vis_mode'
-        option 'bridge_loop_avoidance'
-        option 'distributed_arp_table'
-        option 'network_coding'
-        option 'hop_penalty'
-
-# yet another batX instance
-# config 'mesh' 'bat5'
-#       option 'interfaces' 'second_mesh'
-
- -

The mesh node is now operational. I have yet to test its range, -but I hope it is good. I have not yet tested the TP-Link 3600 box -still wrapped up in plastic.

+
New home and release 1.0 for netgroup and innetgr (aka ng-utils)
+
22nd February 2014
+

Many years ago, I wrote a GPL licensed version of the netgroup and +innetgr tools, because I needed them in +Skolelinux. I called the project +ng-utils, and it has served me well. I placed the project under the +Hungry Programmer umbrella, and it was maintained in our CVS +repository. But many years ago, the CVS repository was dropped (lost, +not migrated to new hardware, not sure), and the project have lacked a +proper home since then.

+ +

Last summer, I had a look at the package and made a new release +fixing a irritating crash bug, but was unable to store the changes in +a proper source control system. I applied for a project on +Alioth, but did not have time +to follow up on it. Until today. :)

+ +

After many hours of cleaning and migration, the ng-utils project +now have a new home, and a git repository with the highlight of the +history of the project. I published all release tarballs and imported +them into the git repository. As the project is really stable and not +expected to gain new features any time soon, I decided to make a new +release and call it 1.0. Visit the new project home on +https://alioth.debian.org/projects/ng-utils/ +if you want to check it out. The new version is also uploaded into +Debian Unstable.

- Tags: english, mesh network, nuug. + Tags: debian, english.
@@ -358,199 +433,108 @@ still wrapped up in plastic.

-
Debian init.d boot script example for rsyslog
-
2nd November 2013
-

If one of the points of switching to a new init system in Debian is -to get rid of huge -init.d scripts, I doubt we need to switch away from sysvinit and -init.d scripts at all. Here is an example init.d script, ie a rewrite -of /etc/init.d/rsyslog:

- -

-#!/lib/init/init-d-script
-### BEGIN INIT INFO
-# Provides:          rsyslog
-# Required-Start:    $remote_fs $time
-# Required-Stop:     umountnfs $time
-# X-Stop-After:      sendsigs
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: enhanced syslogd
-# Description:       Rsyslog is an enhanced multi-threaded syslogd.
-#                    It is quite compatible to stock sysklogd and can be 
-#                    used as a drop-in replacement.
-### END INIT INFO
-DESC="enhanced syslogd"
-DAEMON=/usr/sbin/rsyslogd
-

- -

Pretty minimalistic to me... For the record, the original sysv-rc -script was 137 lines, and the above is just 15 lines, most of it meta -info/comments.

- -

How to do this, you ask? Well, one create a new script -/lib/init/init-d-script looking something like this: - -

-#!/bin/sh
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
-# and status_of_proc is working.
-. /lib/lsb/init-functions
-
-#
-# Function that starts the daemon/service
-
-#
-do_start()
-{
-	# Return
-	#   0 if daemon has been started
-	#   1 if daemon was already running
-	#   2 if daemon could not be started
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
-		|| return 1
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
-		$DAEMON_ARGS \
-		|| return 2
-	# Add code here, if necessary, that waits for the process to be ready
-	# to handle requests from services started subsequently which depend
-	# on this one.  As a last resort, sleep for some time.
-}
-
-#
-# Function that stops the daemon/service
+      
Testing sysvinit from experimental in Debian Hurd

+      
 3rd February 2014

+      
A few days ago I decided to try to help the Hurd people to get
+their changes into sysvinit, to allow them to use the normal sysvinit
+boot system instead of their old one.  This follow up on the
+great
+Google Summer of Code work done last summer by Justus Winter to
+get Debian on Hurd working more like Debian on Linux.  To get started,
+I downloaded a prebuilt hard disk image from
+http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz,
+and started it using virt-manager.

+
+
The first think I had to do after logging in (root without any
+password) was to get the network operational.  I followed
+the
+instructions on the Debian GNU/Hurd ports page and ran these
+commands as root to get the machine to accept a IP address from the
+kvm internal DHCP server:

+
+
+settrans -fgap /dev/netdde /hurd/netdde
+kill $(ps -ef|awk '/[p]finet/ { print $2}')
+kill $(ps -ef|awk '/[d]evnode/ { print $2}')
+dhclient /dev/eth0
+

+
+
After this, the machine had internet connectivity, and I could
+upgrade it and install the sysvinit packages from experimental and
+enable it as the default boot system in Hurd.

+
+
But before I did that, I set a password on the root user, as ssh is
+running on the machine it for ssh login to work a password need to be
+set.  Also, note that a bug somewhere in openssh on Hurd block
+compression from working.  Remember to turn that off on the client
+side.

+
+
Run these commands as root to upgrade and test the new sysvinit
+stuff:

+
+
+cat > /etc/apt/sources.list.d/experimental.list <<EOF
+deb http://http.debian.net/debian/ experimental main
+EOF
+apt-get update
+apt-get dist-upgrade
+apt-get install -t experimental initscripts sysv-rc sysvinit \
+    sysvinit-core sysvinit-utils
+update-alternatives --config runsystem
+

+
+
To reboot after switching boot system, you have to use
+reboot-hurd instead of just reboot, as there is not
+yet a sysvinit process able to receive the signals from the normal
+'reboot' command.  After switching to sysvinit as the boot system,
+upgrading every package and rebooting, the network come up with DHCP
+after boot as it should, and the settrans/pkill hack mentioned at the
+start is no longer needed.  But for some strange reason, there are no
+longer any login prompt in the virtual console, so I logged in using
+ssh instead.
+
+
Note that there are some race conditions in Hurd making the boot
+fail some times.  No idea what the cause is, but hope the Hurd porters
+figure it out.  At least Justus said on IRC (#debian-hurd on
+irc.debian.org) that they are aware of the problem.  A way to reduce
+the impact is to upgrade to the Hurd packages built by Justus by
+adding this repository to the machine:

+
+
+cat > /etc/apt/sources.list.d/hurd-ci.list <<EOF
+deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main
+EOF
+

+
+
At the moment the prebuilt virtual machine get some packages from
+http://ftp.debian-ports.org/debian, because some of the packages in
+unstable do not yet include the required patches that are lingering in
+BTS.  This is the completely list of "unofficial" packages installed:

+
+
+# aptitude search '?narrow(?version(CURRENT),?origin(Debian Ports))'
+i   emacs                   - GNU Emacs editor (metapackage)
+i   gdb                     - GNU Debugger
+i   hurd-recommended        - Miscellaneous translators
+i   isc-dhcp-client         - ISC DHCP client
+i   isc-dhcp-common         - common files used by all the isc-dhcp* packages
+i   libc-bin                - Embedded GNU C Library: Binaries
+i   libc-dev-bin            - Embedded GNU C Library: Development binaries
+i   libc0.3                 - Embedded GNU C Library: Shared libraries
+i A libc0.3-dbg             - Embedded GNU C Library: detached debugging symbols
+i   libc0.3-dev             - Embedded GNU C Library: Development Libraries and Hea
+i   multiarch-support       - Transitional package to ensure multiarch compatibilit
+i A x11-common              - X Window System (X.Org) infrastructure
+i   xorg                    - X.Org X Window System
+i A xserver-xorg            - X.Org X server
+i A xserver-xorg-input-all  - X.Org X server -- input driver metapackage
 #
-do_stop()
-{
-	# Return
-	#   0 if daemon has been stopped
-	#   1 if daemon was already stopped
-	#   2 if daemon could not be stopped
-	#   other if a failure occurred
-	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
-	RETVAL="$?"
-	[ "$RETVAL" = 2 ] && return 2
-	# Wait for children to finish too if this is a daemon that forks
-	# and if the daemon is only ever run from this initscript.
-	# If the above conditions are not satisfied then add some other code
-	# that waits for the process to drop all resources that could be
-	# needed by services started subsequently.  A last resort is to
-	# sleep for some time.
-	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
-	[ "$?" = 2 ] && return 2
-	# Many daemons don't delete their pidfiles when they exit.
-	rm -f $PIDFILE
-	return "$RETVAL"
-}
+

 
-#
-# Function that sends a SIGHUP to the daemon/service
-#
-do_reload() {
-	#
-	# If the daemon can reload its configuration without
-	# restarting (for example, when it is sent a SIGHUP),
-	# then implement that here.
-	#
-	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
-	return 0
-}
-
-SCRIPTNAME=$1
-scriptbasename="$(basename $1)"
-echo "SN: $scriptbasename"
-if [ "$scriptbasename" != "init-d-library" ] ; then
-    script="$1"
-    shift
-    . $script
-else
-    exit 0
-fi
-
-NAME=$(basename $DAEMON)
-PIDFILE=/var/run/$NAME.pid
-
-# Exit if the package is not installed
-#[ -x "$DAEMON" ] || exit 0
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-case "$1" in
-  start)
-	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
-	do_start
-	case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-	;;
-  stop)
-	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
-	do_stop
-	case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-	;;
-  status)
-	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
-	;;
-  #reload|force-reload)
-	#
-	# If do_reload() is not implemented then leave this commented out
-	# and leave 'force-reload' as an alias for 'restart'.
-	#
-	#log_daemon_msg "Reloading $DESC" "$NAME"
-	#do_reload
-	#log_end_msg $?
-	#;;
-  restart|force-reload)
-	#
-	# If the "reload" option is implemented then remove the
-	# 'force-reload' alias
-	#
-	log_daemon_msg "Restarting $DESC" "$NAME"
-	do_stop
-	case "$?" in
-	  0|1)
-		do_start
-		case "$?" in
-			0) log_end_msg 0 ;;
-			1) log_end_msg 1 ;; # Old process is still running
-			*) log_end_msg 1 ;; # Failed to start
-		esac
-		;;
-	  *)
-		# Failed to stop
-		log_end_msg 1
-		;;
-	esac
-	;;
-  *)
-	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
-	exit 3
-	;;
-esac
-
-:
-

- -

It is based on /etc/init.d/skeleton, and could be improved quite a -lot. I did not really polish the approach, so it might not always -work out of the box, but you get the idea. I did not try very hard to -optimize it nor make it more robust either.

- -

A better argument for switching init system in Debian than reducing -the size of init scripts (which is a good thing to do anyway), is to -get boot system that is able to handle the kernel events sensibly and -robustly, and do not depend on the boot to run sequentially. The boot -and the kernel have not behaved sequentially in years.

+

All in all, testing hurd has been an interesting experience. :) +X.org did not work out of the box and I never took the time to follow +the porters instructions to fix it. This time I was interested in the +command line stuff.

@@ -563,28 +547,90 @@ and the kernel have not behaved sequentially in years.

-
Browser plugin for SPICE (spice-xpi) uploaded to Debian
-
1st November 2013
-

The SPICE protocol for -remote display access is the preferred solution with oVirt and RedHat -Enterprise Virtualization, and I was sad to discover the other day -that the browser plugin needed to use these systems seamlessly was -missing in Debian. The request -for a package was from 2012-04-10 with no progress since -2013-04-01, so I decided to wrap up a package based on the great work -from Cajus Pollmeier and put it in a collab-maint maintained git -repository to get a package I could use. I would very much like -others to help me maintain the package (or just take over, I do not -mind), but as no-one had volunteered so far, I just uploaded it to -NEW. I hope it will be available in Debian in a few days.

- -

The source is now available from -http://anonscm.debian.org/gitweb/?p=collab-maint/spice-xpi.git;a=summary.

+
A fist full of non-anonymous Bitcoins
+
29th January 2014
+

Bitcoin is a incredible use of peer to peer communication and +encryption, allowing direct and immediate money transfer without any +central control. It is sometimes claimed to be ideal for illegal +activity, which I believe is quite a long way from the truth. At least +I would not conduct illegal money transfers using a system where the +details of every transaction are kept forever. This point is +investigated in +USENIX ;login: +from December 2013, in the article +"A +Fistful of Bitcoins - Characterizing Payments Among Men with No +Names" by Sarah Meiklejohn, Marjori Pomarole,Grant Jordan, Kirill +Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. They +analyse the transaction log in the Bitcoin system, using it to find +addresses belong to individuals and organisations and follow the flow +of money from both Bitcoin theft and trades on Silk Road to where the +money end up. This is how they wrap up their article:

+ +

+

"To demonstrate the usefulness of this type of analysis, we turned +our attention to criminal activity. In the Bitcoin economy, criminal +activity can appear in a number of forms, such as dealing drugs on +Silk Road or simply stealing someone else’s bitcoins. We followed the +flow of bitcoins out of Silk Road (in particular, from one notorious +address) and from a number of highly publicized thefts to see whether +we could track the bitcoins to known services. Although some of the +thieves attempted to use sophisticated mixing techniques (or possibly +mix services) to obscure the flow of bitcoins, for the most part +tracking the bitcoins was quite straightforward, and we ultimately saw +large quantities of bitcoins flow to a variety of exchanges directly +from the point of theft (or the withdrawal from Silk Road).

+ +

As acknowledged above, following stolen bitcoins to the point at +which they are deposited into an exchange does not in itself identify +the thief; however, it does enable further de-anonymization in the +case in which certain agencies can determine (through, for example, +subpoena power) the real-world owner of the account into which the +stolen bitcoins were deposited. Because such exchanges seem to serve +as chokepoints into and out of the Bitcoin economy (i.e., there are +few alternative ways to cash out), we conclude that using Bitcoin for +money laundering or other illicit purposes does not (at least at +present) seem to be particularly attractive."

+

+ +

These researches are not the first to analyse the Bitcoin +transaction log. The 2011 paper +"An Analysis of Anonymity in +the Bitcoin System" by Fergal Reid and Martin Harrigan is +summarized like this:

+ +

+"Anonymity in Bitcoin, a peer-to-peer electronic currency system, is a +complicated issue. Within the system, users are identified by +public-keys only. An attacker wishing to de-anonymize its users will +attempt to construct the one-to-many mapping between users and +public-keys and associate information external to the system with the +users. Bitcoin tries to prevent this attack by storing the mapping of +a user to his or her public-keys on that user's node only and by +allowing each user to generate as many public-keys as required. In +this chapter we consider the topological structure of two networks +derived from Bitcoin's public transaction history. We show that the +two networks have a non-trivial topological structure, provide +complementary views of the Bitcoin system and have implications for +anonymity. We combine these structures with external information and +techniques such as context discovery and flow analysis to investigate +an alleged theft of Bitcoins, which, at the time of the theft, had a +market value of approximately half a million U.S. dollars." +

+ +

I hope these references can help kill the urban myth that Bitcoin +is anonymous. It isn't really a good fit for illegal activites. Use +cash if you need to stay anonymous, at least until regular DNA +sampling of notes and coins become the norm. :)

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english. + Tags: bitcoin, english, personvern, sikkerhet.
@@ -592,120 +638,54 @@ NEW. I hope it will be available in Debian in a few days.

-
Teaching vmdebootstrap to create Raspberry Pi SD card images
-
27th October 2013
-

The -vmdebootstrap -program is a a very nice system to create virtual machine images. It -create a image file, add a partition table, mount it and run -debootstrap in the mounted directory to create a Debian system on a -stick. Yesterday, I decided to try to teach it how to make images for -Raspberry Pi, as part -of a plan to simplify the build system for -the FreedomBox -project. The FreedomBox project already uses vmdebootstrap for -the virtualbox images, but its current build system made multistrap -based system for Dreamplug images, and it is lacking support for -Raspberry Pi.

- -

Armed with the knowledge on how to build "foreign" (aka non-native -architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap -code and adjusted it to be able to build armel images on my amd64 -Debian laptop. I ended up giving vmdebootstrap five new options, -allowing me to replicate the image creation process I use to make -Debian -Jessie based mesh node images for the Raspberry Pi. First, the ---foreign /path/to/binfm_handler option tell vmdebootstrap to -call debootstrap with --foreign and to copy the handler into the -generated chroot before running the second stage. This allow -vmdebootstrap to create armel images on an amd64 host. Next I added -two new options --bootsize size and --boottype -fstype to teach it to create a separate /boot/ partition with the -given file system type, allowing me to create an image with a vfat -partition for the /boot/ stuff. I also added a --variant -variant option to allow me to create smaller images without the -Debian base system packages installed. Finally, I added an option ---no-extlinux to tell vmdebootstrap to not install extlinux -as a boot loader. It is not needed on the Raspberry Pi and probably -most other non-x86 architectures. The changes were accepted by the -upstream author of vmdebootstrap yesterday and today, and is now -available from -the -upstream project page.

- -

To use it to build a Raspberry Pi image using Debian Jessie, first -create a small script (the customize script) to add the non-free -binary blob needed to boot the Raspberry Pi and the APT source -list:

- -

-#!/bin/sh
-set -e # Exit on first error
-rootdir="$1"
-cd "$rootdir"
-cat <<EOF > etc/apt/sources.list
-deb http://http.debian.net/debian/ jessie main contrib non-free
-EOF
-# Install non-free binary blob needed to boot Raspberry Pi.  This
-# install a kernel somewhere too.
-wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \
-    -O $rootdir/usr/bin/rpi-update
-chmod a+x $rootdir/usr/bin/rpi-update
-mkdir -p $rootdir/lib/modules
-touch $rootdir/boot/start.elf
-chroot $rootdir rpi-update
-

- -

Next, fetch the latest vmdebootstrap script and call it like this -to build the image:

+
New chrpath release 0.16
+
14th January 2014
+

Coverity is a nice tool to +find problems in C, C++ and Java code using static source code +analysis. It can detect a lot of different problems, and is very +useful to find memory and locking bugs in the error handling part of +the source. The company behind it provide +check of free software projects as +a community service, and many hundred free software projects are +already checked. A few days ago I decided to have a closer look at +the Coverity system, and discovered that the +gnash and +ipmitool +projects I am involved with was already registered. But these are +fairly big, and I would also like to have a small and easy project to +check, and decided to request +checking of the chrpath project. It was +added to the checker and discovered seven potential defects. Six of +these were real, mostly resource "leak" when the program detected an +error. Nothing serious, as the resources would be released a fraction +of a second later when the program exited because of the error, but it +is nice to do it right in case the source of the program some time in +the future end up in a library. Having fixed all defects and added +a +mailing list for the chrpath developers, I decided it was time to +publish a new release. These are the release notes:

+ +

New in 0.16 released 2014-01-14:

-
-sudo ./vmdebootstrap \
-    --variant minbase \
-    --arch armel \
-    --distribution jessie \
-    --mirror http://http.debian.net/debian \
-    --image test.img \
-    --size 600M \
-    --bootsize 64M \
-    --boottype vfat \
-    --log-level debug \
-    --verbose \
-    --no-kernel \
-    --no-extlinux \
-    --root-password raspberry \
-    --hostname raspberrypi \
-    --foreign /usr/bin/qemu-arm-static \
-    --customize `pwd`/customize \
-    --package netbase \
-    --package git-core \
-    --package binutils \
-    --package ca-certificates \
-    --package wget \
-    --package kmod
-

- -

The list of packages being installed are the ones needed by -rpi-update to make the image bootable on the Raspberry Pi, with the -exception of netbase, which is needed by debootstrap to find -/etc/hosts with the minbase variant. I really wish there was a way to -set up an Raspberry Pi using only packages in the Debian archive, but -that is not possible as far as I know, because it boots from the GPU -using a non-free binary blob.

- -

The build host need debootstrap, kpartx and qemu-user-static and -probably a few others installed. I have not checked the complete -build dependency list.

- -

The resulting image will not use the hardware floating point unit -on the Raspberry PI, because the armel architecture in Debian is not -optimized for that use. So the images created will be a bit slower -than Raspbian based images.

+
    + +
  • Fixed all minor bugs discovered by Coverity.
    • +
  • Updated config.sub and config.guess from the GNU project.
    • +
  • Mention new project mailing list in the documentation.
    • + +
+ +

You can +download the +new version 0.16 from alioth. Please let us know via the Alioth +project if something is wrong with the new release. The test suite +did not discover any old errors, so if you find a new one, please also +include a test suite check.

- Tags: debian, english, freedombox, mesh network. + Tags: chrpath, debian, english.
@@ -713,51 +693,216 @@ than Raspbian based images.

-
Det er jo makta som er mest sårbar ved massiv overvåkning av Internett
-
26th October 2013
-

De siste måneders eksponering av -den -totale overvåkningen som foregår i den vestlige verden dokumenterer -hvor sårbare vi er. Men det slår meg at de som er mest sårbare -for dette, myndighetspersoner på alle nivåer, neppe har innsett at de -selv er de mest interessante personene å lage profiler på, for å kunne -påvirke dem.

- -

For å ta et lite eksempel: Stortingets nettsted, -www.stortinget.no (og -forsåvidt også -data.stortinget.no), -inneholder informasjon om det som foregår på Stortinget, og jeg antar -de største brukerne av informasjonen der er representanter og -rådgivere på Stortinget. Intet overraskende med det. Det som derimot -er mer skjult er at Stortingets nettsted bruker -Google -Analytics, hvilket gjør at enhver som besøker nettsidene der også -rapporterer om besøket via Internett-linjer som passerer Sverige, -England og videre til USA. Det betyr at informasjon om ethvert besøk -på stortingets nettsider kan snappes opp av svensk, britisk og USAs -etterretningsvesen. De kan dermed holde et øye med hvilke -Stortingssaker stortingsrepresentantene synes er interessante å sjekke -ut, og hvilke sider rådgivere og andre på stortinget synes er -interessant å besøke, når de gjør det og hvilke andre representanter -som sjekker de samme sidene omtrent samtidig. Stortingets bruk av -Google Analytics gjør det dermed enkelt for utenlands etteretning å -spore representantenes aktivitet og interesse. Hvis noen av -representantene bruker Google Mail eller noen andre tjenestene som -krever innlogging, så vil det være enda enklere å finne ut nøyaktig -hvilke personer som bruker hvilke nettlesere og dermed knytte -informasjonen opp til enkeltpersoner på Stortinget.

- -

Og jo flere nettsteder som bruker Google Analytics, jo bedre -oversikt over stortingsrepresentantenes lesevaner og interesse blir -tilgjengelig for svensk, britisk og USAs etterretning. Hva de kan -bruke den informasjonen til overlater jeg til leseren å undres -over.

+
Debian Edu interview: Dominik George
+
25th December 2013
+

The Debian Edu / Skolelinux +project consist of both newcomers and old timers, and this time I +was able to get an interview with a newcomer in the project who showed +up on the IRC channel a few weeks ago to let us know about his +successful installation of Debian Edu Wheezy in his School. Say hello +to Dominik +George.

+ + + +

Who are you, and how do you spend your days?

+ +

I am a 23 year-old student from Germany who has spent half of his +life with open source. In "real life", I am, as already mentioned, a +student in the fields of Computer Science, Electrical Engineering, +Information Technologies and Anglistics. Due to my (only partially +voluntary) huge engagement in the open source world, these things are +a bit vacant right now however.

+ +

I also have been working as a project teacher at a Gymasnium +(public school) for various years now. I took up that work some time +around 2005 when still attending that school myself and have continued +it until today. I also had been running the (kind of very advanced) +network of that school together with a team of very interested and +talented students in the age of 11 to 15 years, who took the chance to +learn a lot about open source and networking before I left the school +to help building another school's informational education concept from +scratch.

+ +

That said, one might see me as a kind of "glue" between school kids +and the elderly of teachers as well as between the open source +ecosystem and the (even more complex) educational ecosystem.

+ +

When I am not busy with open source or education, I like Geocaching +and cycling.

+ +

How did you get in contact with the Skolelinux / Debian Edu +project?

+ +

I think that happened some time around 2009 when I first attended +FrOSCon and visited the project +booth. I think I wasn't too interested back then because I used to +have an attitude of disliking software that does too much stuff on its +own. Maybe I was too inexperienced to realise the upsides of an +"out-of-the-box" solution ;).

+ +

The first time I actively talked to Skolelinux people was at +OpenRheinRuhr 2011 when the +BiscuIT project, a home-grewn software used by my school for various +really cool things from timetables and class contact lists to lunch +ordering, student ID card printing and project elections first got to +a stage where it could have been published. I asked the Skolelinux +guys running the booth if the project were interested in it and gave a +small demonstration, but there wasn't any real feedback and the guys +seemed rather uninterested.

+ +

After I left the school where I developed the software, it got +mostly lost, but I am now reimplementing it for my new school. I have +reusability and compatibility in mind, and I hop there will be a new +basis for contributing it to the Skolelinux project ;)!

+ +

What do you see as the advantages of Skolelinux / Debian +Edu?

+ +

The most important advantage seems to be that it "just +works". After overcoming some minor (but still very annoying) glitches +in the installer, I got a fully functional, working school network, +without the month-long hassle I experienced when setting all that up +from scratch in earlier years. And above that, it rocked - I didn't +have any real hardware at hand, because the school was just founded +and has no money whatsoever, so I installed a combined server (main +server, terminal services and workstation) in a VM on my personal +notebook, bridging the LTSP network interface to the ethernet port, +and then PXE-booted the Windows notebooks that were lying around from +it. I could use 8 clients without any performance issues, by using a +tiny little VM on a tiny little notebook. I think that's enough to say +that it rocks!

+ +

Secondly, there are marketing reasons. Life's bad, and so no +politician will ever permit a setup described as "Debian, an universal +operating system, with some really cool educational tools" while they +will be jsut fine with "Skolelinux, a single-purpose solution for your +school network", even if both turn out to be the very same thing (yes, +this is unfair towards the Skolelinux project, and must not be taken +too seriously - you get the idea, anyway).

+ +

What do you see as the disadvantages of Skolelinux / Debian +Edu?

+ +

I have not been involved with Skolelinux long enough to really +answer this question in a fair way. Thus, please allow me to put it in +other words: "What do you expect from Skolelinux to keep liking it?" I +can list a few points about that:

+ +
    + +
  • always strive to get all things integrated into Debian upstream +
  • be open to discussion about changes and the like, even with newcomers +
  • be helpful at being helpful ;) + +
+ +

I'm really sorry I cannot say much more about that :(!

+ +

Which free software do you use daily?

+ +

First of all, all software I use is free and open. I have abandoned +all non-free software (except for firmware on my darned phone) this +year.

+ +

I run Debian GNU/Linux on all PC systems I use. On that, I mostly +run text tools. I use +mksh as shell, +jupp as very advanced +text editor (I even got the developer to help me write a script/macro +based full-featured student management software with the two), +mcabber for XMPP and +irssi for IRC. For that overly +coloured world called the WWW, I use +Iceweasel +(Firefox). Oh, and mutt for +e-mail.

+ +

However, while I am personally aware of the fact that text tools +are more efficient and powerful than anything else, I also use (or at +least operate) some tools that are suitable to bring open source to +kids. One of these things is Jappix, +which I already introduced to some kids even before they got aware of +Facebook, making them see for themselves that they do not need +Facebook now ;).

+ +

Which strategy do you believe is the right one to use to +get schools to use free software?

+ +

Well, that's a two-sided thing. One side is what I believe, and one +side is what I have experienced.

+ +

I believe that the right strategy is showing them the benefits. But +that won't work out as long as the acceptance of free alternatives +grows globally. What I mean is that if all the kids are almost forced +to use Windows, Facebook, Skype, you name it at home, they will not +see why they would want to use alternatives at school. I have seen +students take seat in front of a fully-functional, modern Debian +desktop that could do anything their Windows at home could do, and +they jsut refused to use it because "Linux sucks". It is something +that makes the council of our city spend around 600000 € to buy +software - not including hardware, mind you - for operating school +networks, and for installing a system that, as has been proved, does +not work. For those of you readers who are good at maths, have you +already found out how many lives could have been saved with that money +if we had instead used it to bring education to parts of the world +that need it? I have, and found it to be nothing less dramatic than +plain criminal.

+ +

That said, the only feasible way appears to be the bottom up +method. We have to bring free software to kids and parents. I have +founded an association named +Teckids here in Germany that does +just that. We organise several events for kids and adolescents in the +area of free and open source software, for example the +FrogLabs, which share staff with +Teckids and are the youth programme of +the Free and Open Source Software +Conference (FrOSCon). We do a lot more than most other conferences +- this year, we first offered the FrogLabs as a holiday camp for kids +aged 10 to 16. It was a huge success, with approx. 30 kids taking part +and learning with and about free software through a whole weekend. All +of us had a lot of fun, and the results were really exciting.

+ +

Apart from that, we are preparing a campaign that is supposed to bring +the message of free alternatives to stuff kids use every day to them and +their parents, e.g. the use of Jabber / Jappix instead of Facebook and +Skype. To make that possible, we are planning to get together a team of +clever kids who understand very well what their peers need and can bring +it across to them. So we will have a peer-driven network of adolescents +who teach each other and collect feedback from the community of minors. +We then take that feedback and our own experience to work closely with +open source projects, such as Skolelinux or Jappix, at improving their +software in a way that makes it more and more attractive for the target +group. At least I hope that we will have good cooperation with +Skolelinux in the future ;)!

+ +

So in conclusion, what I believe is that, if it weren't for the world +being so bad, it should be very clear to the political decision makers +that the only way to go nowadays is free software for various reasons, +but I have learnt that the only way that seems to work is bottom up.

+ +
- Tags: norsk, personvern, sikkerhet, stortinget, surveillance. + Tags: debian edu, english, intervju.
@@ -765,93 +910,44 @@ over.

-
A Raspberry Pi based batman-adv Mesh network node
-
21st October 2013
-

The last few days I have been experimenting with -the -batman-adv mesh technology. I want to gain some experience to see -if it will fit the -Freedombox project, and together with my neighbors try to build a -mesh network around the park where I live. Batman-adv is a layer 2 -mesh system ("ethernet" in other words), where the mesh network appear -as if all the mesh clients are connected to the same switch.

- -

My hardware of choice was the Linksys WRT54GL routers I had lying -around, but I've been unable to get them working with batman-adv. So -instead, I started playing with a -Raspberry Pi, and tried to -get it working as a mesh node. My idea is to use it to create a mesh -node which function as a switch port, where everything connected to -the Raspberry Pi ethernet plug is connected (bridged) to the mesh -network. This allow me to hook a wifi base station like the Linksys -WRT54GL to the mesh by plugging it into a Raspberry Pi, and allow -non-mesh clients to hook up to the mesh. This in turn is useful for -Android phones using the Serval -Project voip client, allowing every one around the playground to -phone and message each other for free. The reason is that Android -phones do not see ad-hoc wifi networks (they are filtered away from -the GUI view), and can not join the mesh without being rooted. But if -they are connected using a normal wifi base station, they can talk to -every client on the local network.

- -

To get this working, I've created a debian package -meshfx-node -and a script -build-rpi-mesh-node -to create the Raspberry Pi boot image. I'm using Debian Jessie (and -not Raspbian), to get more control over the packages available. -Unfortunately a huge binary blob need to be inserted into the boot -image to get it booting, but I'll ignore that for now. Also, as -Debian lack support for the CPU features available in the Raspberry -Pi, the system do not use the hardware floating point unit. I hope -the routing performance isn't affected by the lack of hardware FPU -support.

- -

To create an image, run the following with a sudo enabled user -after inserting the target SD card into the build machine:

- -

-% wget -O build-rpi-mesh-node \
-    https://raw.github.com/petterreinholdtsen/meshfx-node/master/build-rpi-mesh-node
-% sudo bash -x ./build-rpi-mesh-node > build.log 2>&1
-% dd if=/root/rpi/rpi_basic_jessie_$(date +%Y%m%d).img of=/dev/mmcblk0 bs=1M
-%
-

- -

Booting with the resulting SD card on a Raspberry PI with a USB -wifi card inserted should give you a mesh node. At least it does for -me with a the wifi card I am using. The default mesh settings are the -ones used by the Oslo mesh project at Hackeriet, as I mentioned in -an -earlier blog post about this mesh testing.

- -

The mesh node was not horribly expensive either. I bought -everything over the counter in shops nearby. If I had ordered online -from the lowest bidder, the price should be significantly lower:

- -

- - - - - - - - -
SupplierModelNOK
TeknikkmagasinetRaspberry Pi model B349.90
TeknikkmagasinetRaspberry Pi type B case99.90
LefdalJensen Air:Link 25150295.-
Clas OhlsonKingston 16 GB SD card199.-
Total cost943.80

- -

Now my mesh network at home consist of one laptop in the basement -connected to my production network, one Raspberry Pi node on the 1th -floor that can be seen by my neighbor across the park, and one -play-node I use to develop the image building script. And some times -I hook up my work horse laptop to the mesh to test it. I look forward -to figuring out what kind of latency the batman-adv setup will give, -and how much packet loss we will experience around the park. :)

+
Dugnadsnett for alle stiller på Oslo Maker Faire i januar 2014
+
10th December 2013
+

Helga 18. og 19. januar 2014 arrangeres +Oslo Maker +Faire, og Dugnadsnett for +alle har fått plass! Planen er å ha et bord med en plakat der vi +forteller om hva Dugnadsnett for alle er for noe, og et lite verksted +der vi hjelper folk som er interessert i å få opp sin egen mesh-node. +Jeg gleder meg til å se hvordan prosjektet blir mottatt der.

+ +

Målet med dugnadsnett for alle i Oslo er å få på plass et datanett +for kommunikasjon ved hjelp av radio-repeaterstasjoner (kalt +mesh-noder) som gjør at en kan direkte kommunisere med slekt, venner +og bekjente i Oslo via andre som deltar i dugnadsnettet, samt gjøre +det mulig komme ut på internett via dugnadsnettet. Første delmål er å +kunne sende SMS-meldinger vha. IP-telefoni løsningen +Serval project mellom +deltagerne i Dugnadsnett for alle i Oslo. Formålet er å ta tilbake +kontrollen over egen nett-infrastruktur og gjøre det dyrere å bedrive +massiv innsamling av informasjon om borgernes bruk av datanett.

+ +

Høres dette interessant ut? Bli med på prosjektet, fortell oss +hvor du kunne tenke deg å sette opp en radio-repeater (slik at folk i +nærheten kan finne hverandre ved hjelp av +kartet over planlagte og +eksisterende radio-repeatere), bli med på epostlisten +dugnadsnett +(at) nuug.no og stikk innom +IRC-kanalen +#dugnadsnett.no. Så langt er det planlagt over 40 +radio-repeatere, med VPN-forbindelser via Internet for å la de delene +av nettet som ikke når hverandre via radio kunne snakke med hverandre +likevel.

- Tags: english, freedombox, mesh network, nuug. + Tags: mesh network, norsk, nuug.
@@ -866,6 +962,17 @@ and how much packet loss we will experience around the park. :)

Archive