X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/a5b0a729d91a8bda65c433de13e96179cc11a69c..6de2416d4a9b7a56fb1c04dec08cdff3a6aa8fb6:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 955fede355..37f9d3aa69 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,204 +20,70 @@
-
Debian init.d boot script example for rsyslog
-
2nd November 2013
-

If one of the points of switching to a new init system in Debian is -to get rid of huge -init.d scripts, I doubt we need to switch away from sysvinit and -init.d scripts at all. Here is an example init.d script, ie a rewrite -of /etc/init.d/rsyslog:

- -

-#!/lib/init/init-d-script
-### BEGIN INIT INFO
-# Provides:          rsyslog
-# Required-Start:    $remote_fs $time
-# Required-Stop:     umountnfs $time
-# X-Stop-After:      sendsigs
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: enhanced syslogd
-# Description:       Rsyslog is an enhanced multi-threaded syslogd.
-#                    It is quite compatible to stock sysklogd and can be 
-#                    used as a drop-in replacement.
-### END INIT INFO
-DESC="enhanced syslogd"
-DAEMON=/usr/sbin/rsyslogd
-

- -

Pretty minimalistic to me... For the record, the original sysv-rc -script was 137 lines, and the above is just 15 lines, most of the meta -info/comments.

- -

How to do this, you ask? Well, one create a new script -/lib/init/init-d-script looking something like this: - -

-#!/bin/sh
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
-# and status_of_proc is working.
-. /lib/lsb/init-functions
+      
Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine

+      
14th March 2014

+      
The Freedombox
+project is working on providing the software and hardware for
+making it easy for non-technical people to host their data and
+communication at home, and being able to communicate with their
+friends and family encrypted and away from prying eyes.  It has been
+going on for a while, and is slowly progressing towards a new test
+release (0.2).

+
+
And what day could be better than the Pi day to announce that the
+new version will provide "hard drive" / SD card / USB stick images for
+Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization
+system), and can also be installed using a Debian installer preseed
+file.  The Debian based Freedombox is now based on Debian Jessie,
+where most of the needed packages used are already present.  Only one,
+the freedombox-setup package, is missing.  To try to build your own
+boot image to test the current status, fetch the freedom-maker scripts
+and build using
+vmdebootstrap
+with a user with sudo access to become root:
 
-#
-# Function that starts the daemon/service
-
-#
-do_start()
-{
-	# Return
-	#   0 if daemon has been started
-	#   1 if daemon was already running
-	#   2 if daemon could not be started
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
-		|| return 1
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
-		$DAEMON_ARGS \
-		|| return 2
-	# Add code here, if necessary, that waits for the process to be ready
-	# to handle requests from services started subsequently which depend
-	# on this one.  As a last resort, sleep for some time.
-}
-
-#
-# Function that stops the daemon/service
-#
-do_stop()
-{
-	# Return
-	#   0 if daemon has been stopped
-	#   1 if daemon was already stopped
-	#   2 if daemon could not be stopped
-	#   other if a failure occurred
-	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
-	RETVAL="$?"
-	[ "$RETVAL" = 2 ] && return 2
-	# Wait for children to finish too if this is a daemon that forks
-	# and if the daemon is only ever run from this initscript.
-	# If the above conditions are not satisfied then add some other code
-	# that waits for the process to drop all resources that could be
-	# needed by services started subsequently.  A last resort is to
-	# sleep for some time.
-	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
-	[ "$?" = 2 ] && return 2
-	# Many daemons don't delete their pidfiles when they exit.
-	rm -f $PIDFILE
-	return "$RETVAL"
-}
+
+git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
+  freedom-maker
+sudo apt-get install git vmdebootstrap mercurial python-docutils \
+  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
+  u-boot-tools
+make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
+

+
+
Root access is needed to run debootstrap and mount loopback
+devices.  See the README for more details on the build. If you do not
+want all three images, trim the make line.  But note that thanks to a race condition in
+vmdebootstrap, the build might fail without the patch to the
+kpartx call.

+
+
If you instead want to install using a Debian CD and the preseed
+method, boot a Debian Wheezy ISO and use this boot argument to load
+the preseed values:

 
-#
-# Function that sends a SIGHUP to the daemon/service
-#
-do_reload() {
-	#
-	# If the daemon can reload its configuration without
-	# restarting (for example, when it is sent a SIGHUP),
-	# then implement that here.
-	#
-	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
-	return 0
-}
-
-SCRIPTNAME=$1
-scriptbasename="$(basename $1)"
-echo "SN: $scriptbasename"
-if [ "$scriptbasename" != "init-d-library" ] ; then
-    script="$1"
-    shift
-    . $script
-else
-    exit 0
-fi
-
-NAME=$(basename $DAEMON)
-PIDFILE=/var/run/$NAME.pid
-
-# Exit if the package is not installed
-#[ -x "$DAEMON" ] || exit 0
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-case "$1" in
-  start)
-	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
-	do_start
-	case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-	;;
-  stop)
-	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
-	do_stop
-	case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-	;;
-  status)
-	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
-	;;
-  #reload|force-reload)
-	#
-	# If do_reload() is not implemented then leave this commented out
-	# and leave 'force-reload' as an alias for 'restart'.
-	#
-	#log_daemon_msg "Reloading $DESC" "$NAME"
-	#do_reload
-	#log_end_msg $?
-	#;;
-  restart|force-reload)
-	#
-	# If the "reload" option is implemented then remove the
-	# 'force-reload' alias
-	#
-	log_daemon_msg "Restarting $DESC" "$NAME"
-	do_stop
-	case "$?" in
-	  0|1)
-		do_start
-		case "$?" in
-			0) log_end_msg 0 ;;
-			1) log_end_msg 1 ;; # Old process is still running
-			*) log_end_msg 1 ;; # Failed to start
-		esac
-		;;
-	  *)
-		# Failed to stop
-		log_end_msg 1
-		;;
-	esac
-	;;
-  *)
-	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
-	exit 3
-	;;
-esac
-
-:
-

- -

It is based on /etc/init.d/skeleton, and could be improved quite a -lot. I did not really polish the approach, so it might not always -work out of the box, but you get the idea. I did not try very hard to -optimize it nor make it more robust either.

- -

A better argument for switching init system in Debian than reducing -the size of init scripts (which is a good thing to do anyway), is to -get boot system that is able to handle the kernel events sensibly and -robustly, and do not depend on the boot to run sequentially. The boot -and the kernel have not behaved sequentially in year.

+
+url=http://www.reinholdtsen.name/freedombox/preseed-jessie.dat
+
+ +

But note that due to a +recently introduced bug in apt in Jessie, the installer will +currently hang while setting up APT sources. Killing the +'apt-cdrom ident' process when it hang a few times during the +installation will get the installation going. This affect all +installations in Jessie, and I expect it will be fixed soon.

+ +Give it a go and let us know how it goes on the mailing list, and help +us get the new release published. :) Please join us on +IRC (#freedombox on +irc.debian.org) and +the +mailing list if you want to help make this vision come true.

- Tags: bootsystem, debian, english. + Tags: debian, english, freedombox, sikkerhet, surveillance, web.
@@ -225,28 +91,94 @@ and the kernel have not behaved sequentially in year.

-
Browser plugin for SPICE (spice-xpi) uploaded to Debian
-
1st November 2013
-

The SPICE protocol for -remote display access is the preferred solution with oVirt and RedHat -Enterprise Virtualization, and I was sad to discover the other day -that the browser plugin needed to use these systems seamlessly was -missing in Debian. The request -for a package was from 2012-04-10 with no progress since -2013-04-01, so I decided to wrap up a package based on the great work -from Cajus Pollmeier and put it in a collab-maint maintained git -repository to get a package I could use. I would very much like -others to help me maintain the package (or just take over, I do not -mind), but as no-one had volunteered so far, I just uploaded it to -NEW. I hope it will be available in Debian in a few days.

- -

The source is now available from -http://anonscm.debian.org/gitweb/?p=collab-maint/spice-xpi.git;a=summary.

+
How to add extra storage servers in Debian Edu / Skolelinux
+
12th March 2014
+

On larger sites, it is useful to use a dedicated storage server for +storing user home directories and data. The design for handling this +in Debian Edu / Skolelinux, is +to update the automount rules in LDAP and let the automount daemon on +the clients take care of the rest. I was reminded about the need to +document this better when one of the customers of +Skolelinux Drift AS, where I am +on the board of directors, asked about how to do this. The steps to +get this working are the following:

+ +

    + +
  1. Add new storage server in DNS. I use nas-server.intern as the +example host here.
    2. + +
  2. Add automoun LDAP information about this server in LDAP, to allow +all clients to automatically mount it on reqeust.
    3. + +
  3. Add the relevant entries in tjener.intern:/etc/fstab, because +tjener.intern do not use automount to avoid mounting loops.
    4. + +

+ +

DNS entries are added in GOsa², and not described here. Follow the +instructions +in the manual (Machine Management with GOsa² in section Getting +started).

+ +

Ensure that the NFS export points on the server are exported to the +relevant subnets or machines:

+ +

+root@tjener:~# showmount -e nas-server
+Export list for nas-server:
+/storage         10.0.0.0/8
+root@tjener:~#
+

+ +

Here everything on the backbone network is granted access to the +/storage export. With NFSv3 it is slightly better to limit it to +netgroup membership or single IP addresses to have some limits on the +NFS access.

+ +

The next step is to update LDAP. This can not be done using GOsa², +because it lack a module for automount. Instead, use ldapvi and add +the required LDAP objects using an editor.

+ +

+ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no
+

+ +

When the editor show up, add the following LDAP objects at the +bottom of the document. The "/&" part in the last LDAP object is a +wild card matching everything the nas-server exports, removing the +need to list individual mount points in LDAP.

+ +

+add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: nas-server
+automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+
+add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: automountMap
+ou: auto.nas-server
+
+add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
+objectClass: automount
+cn: /
+automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
+

+ +

The last step to remember is to mount the relevant mount points in +tjener.intern by adding them to /etc/fstab, creating the mount +directories using mkdir and running "mount -a" to mount them.

+ +

When this is done, your users should be able to access the files on +the storage server directly by just visiting the +/tjener/nas-server/storage/ directory using any application on any +workstation, LTSP client or LTSP server.

- Tags: debian, english. + Tags: debian edu, english, ldap.
@@ -254,120 +186,97 @@ NEW. I hope it will be available in Debian in a few days.

-
Teaching vmdebootstrap to create Raspberry Pi SD card images
-
27th October 2013
-

The -vmdebootstrap -program is a a very nice system to create virtual machine images. It -create a image file, add a partition table, mount it and run -debootstrap in the mounted directory to create a Debian system on a -stick. Yesterday, I decided to try to teach it how to make images for -Raspberry Pi, as part -of a plan to simplify the build system for -the FreedomBox -project. The FreedomBox project already uses vmdebootstrap for -the virtualbox images, but its current build system made multistrap -based system for Dreamplug images, and it is lacking support for -Raspberry Pi.

- -

Armed with the knowledge on how to build "foreign" (aka non-native -architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap -code and adjusted it to be able to build armel images on my amd64 -Debian laptop. I ended up giving vmdebootstrap five new options, -allowing me to replicate the image creation process I use to make -Debian -Jessie based mesh node images for the Raspberry Pi. First, the ---foreign /path/to/binfm_handler option tell vmdebootstrap to -call debootstrap with --foreign and to copy the handler into the -generated chroot before running the second stage. This allow -vmdebootstrap to create armel images on an amd64 host. Next I added -two new options --bootsize size and --boottype -fstype to teach it to create a separate /boot/ partition with the -given file system type, allowing me to create an image with a vfat -partition for the /boot/ stuff. I also added a --variant -variant option to allow me to create smaller images without the -Debian base system packages installed. Finally, I added an option ---no-extlinux to tell vmdebootstrap to not install extlinux -as a boot loader. It is not needed on the Raspberry Pi and probably -most other non-x86 architectures. The changes were accepted by the -upstream author of vmdebootstrap yesterday and today, and is now -available from -the -upstream project page.

- -

To use it to build a Raspberry Pi image using Debian Jessie, first -create a small script (the customize script) to add the non-free -binary blob needed to boot the Raspberry Pi and the APT source -list:

- -

-#!/bin/sh
-set -e # Exit on first error
-rootdir="$1"
-cd "$rootdir"
-cat <<EOF > etc/apt/sources.list
-deb http://http.debian.net/debian/ jessie main contrib non-free
-EOF
-# Install non-free binary blob needed to boot Raspberry Pi.  This
-# install a kernel somewhere too.
-wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \
-    -O $rootdir/usr/bin/rpi-update
-chmod a+x $rootdir/usr/bin/rpi-update
-mkdir -p $rootdir/lib/modules
-touch $rootdir/boot/start.elf
-chroot $rootdir rpi-update
-

- -

Next, fetch the latest vmdebootstrap script and call it like this -to build the image:

+
Hvordan bør RFC 822-formattert epost lagres i en NOARK5-database?
+
7th March 2014
+

For noen uker siden ble NXCs fri programvarelisenserte +NOARK5-løsning +presentert hos +NUUG (video +på youtube +foreløbig), og det fikk meg til å titte litt mer på NOARK5, +standarden for arkivhåndtering i det offentlige Norge. Jeg lurer på +om denne kjernen kan være nyttig i et par av mine prosjekter, og for ett +av dem er det mest aktuelt å lagre epost. Jeg klarte ikke finne noen +anbefaling om hvordan RFC 822-formattert epost (aka Internett-epost) +burde lagres i NOARK5, selv om jeg vet at noen arkiver tar +PDF-utskrift av eposten med sitt epostprogram og så arkiverer PDF-en +(eller enda værre, tar papirutskrift og lagrer bildet av eposten som +PDF i arkivet).

+ +

Det er ikke så mange formater som er akseptert av riksarkivet til +langtidsoppbevaring av offentlige arkiver, og PDF og XML er de mest +aktuelle i så måte. Det slo meg at det måtte da finnes en eller annen +egnet XML-representasjon og at det kanskje var enighet om hvilken som +burde brukes, så jeg tok mot til meg og spurte +SAMDOK, en gruppe tilknyttet +arkivverket som ser ut til å jobbe med NOARK-samhandling, om de hadde +noen anbefalinger: + +

+

Hei.

+ +

Usikker på om dette er riktig forum å ta opp mitt spørsmål, men jeg +lurer på om det er definert en anbefaling om hvordan RFC +822-formatterte epost (aka vanlig Internet-epost) bør lages håndteres +i NOARK5, slik at en bevarer all informasjon i eposten +(f.eks. Received-linjer). Finnes det en anbefalt XML-mapping ala den +som beskrives på +<URL: https://www.informit.com/articles/article.aspx?p=32074 >? Mitt +mål er at det skal være mulig å lagre eposten i en NOARK5-kjerne og +kunne få ut en identisk formattert kopi av opprinnelig epost ved +behov.

+

+ +

Postmottaker hos SAMDOK mente spørsmålet heller burde stilles +direkte til riksarkivet, og jeg fikk i dag svar derfra formulert av +seniorrådgiver Geir Ivar Tungesvik:

+ +

+

Riksarkivet har ingen anbefalinger når det gjelder konvertering fra +e-post til XML. Det står arkivskaper fritt å eventuelt definere/bruke +eget format. Inklusive da - som det spørres om - et format der det er +mulig å re-etablere e-post format ut fra XML-en. XML (e-post) +dokumenter må være referert i arkivstrukturen, og det må vedlegges et +gyldig XML skjema (.xsd) for XML-filene. Arkivskaper står altså fritt +til å gjøre hva de vil, bare det dokumenteres og det kan dannes et +utrekk ved avlevering til depot.

+ +

De obligatoriske kravene i Noark 5 standarden må altså oppfylles - +etter dialog med Riksarkivet i forbindelse med godkjenning. For +offentlige arkiv er det særlig viktig med filene loependeJournal.xml +og offentligJournal.xml. Private arkiv som vil forholde seg til Noark +5 standarden er selvsagt frie til å bruke det som er relevant for dem +av obligatoriske krav.

+

+ +

Det ser dermed ut for meg som om det er et lite behov for å +standardisere XML-lagring av RFC-822-formatterte meldinger. Noen som +vet om god spesifikasjon i så måte? I tillegg til den omtalt over, +har jeg kommet over flere aktuelle beskrivelser (søk på "rfc 822 +xml", så finner du aktuelle alternativer).

-
-sudo ./vmdebootstrap \
-    --variant minbase \
-    --arch armel \
-    --distribution jessie \
-    --mirror http://http.debian.net/debian \
-    --image test.img \
-    --size 600M \
-    --bootsize 64M \
-    --boottype vfat \
-    --log-level debug \
-    --verbose \
-    --no-kernel \
-    --no-extlinux \
-    --root-password raspberry \
-    --hostname raspberrypi \
-    --foreign /usr/bin/qemu-arm-static \
-    --customize `pwd`/customize \
-    --package netbase \
-    --package git-core \
-    --package binutils \
-    --package ca-certificates \
-    --package wget \
-    --package kmod
-

- -

The list of packages being installed are the ones needed by -rpi-update to make the image bootable on the Raspberry Pi, with the -exception of netbase, which is needed by debootstrap to find -/etc/hosts with the minbase variant. I really wish there was a way to -set up an Raspberry Pi using only packages in the Debian archive, but -that is not possible as far as I know, because it boots from the GPU -using a non-free binary blob.

- -

The build host need debootstrap, kpartx and qemu-user-static and -probably a few others installed. I have not checked the complete -build dependency list.

- -

The resulting image will not use the hardware floating point unit -on the Raspberry PI, because the armel architecture in Debian is not -optimized for that use. So the images created will be a bit slower -than Raspbian based images.

+ + +

Finnes det andre og bedre spesifikasjoner for slik lagring? Send +meg en epost hvis du har innspill.

- Tags: debian, english, freedombox, mesh network. + Tags: norsk, offentlig innsyn.
@@ -375,51 +284,110 @@ than Raspbian based images.

-
Det er jo makta som er mest sårbar ved massiv overvåkning av Internett
-
26th October 2013
-

De siste måneders eksponering av -den -totale overvåkningen som foregår i den vestlige verden dokumenterer -hvor sårbare vi er. Men det slår meg at de som er mest sårbare -for dette, myndighetspersoner på alle nivåer, neppe har innsett at de -selv er de mest interessante personene å lage profiler på, for å kunne -påvirke dem.

- -

For å ta et lite eksempel: Stortingets nettsted, -www.stortinget.no (og -forsåvidt også -data.stortinget.no), -inneholder informasjon om det som foregår på Stortinget, og jeg antar -de største brukerne av informasjonen der er representanter og -rådgivere på Stortinget. Intet overraskende med det. Det som derimot -er mer skjult er at Stortingets nettsted bruker -Google -Analytics, hvilket gjør at enhver som besøker nettsidene der også -rapporterer om besøket via Internett-linjer som passerer Sverige, -England og videre til USA. Det betyr at informasjon om ethvert besøk -på stortingets nettsider kan snappes opp av svensk, britisk og USAs -etterretningsvesen. De kan dermed holde et øye med hvilke -Stortingssaker stortingsrepresentantene synes er interessante å sjekke -ut, og hvilke sider rådgivere og andre på stortinget synes er -interessant å besøke, når de gjør det og hvilke andre representanter -som sjekker de samme sidene omtrent samtidig. Stortingets bruk av -Google Analytics gjør det dermed enkelt for utenlands etteretning å -spore representantenes aktivitet og interesse. Hvis noen av -representantene bruker Google Mail eller noen andre tjenestene som -krever innlogging, så vil det være enda enklere å finne ut nøyaktig -hvilke personer som bruker hvilke nettlesere og dermed knytte -informasjonen opp til enkeltpersoner på Stortinget.

- -

Og jo flere nettsteder som bruker Google Analytics, jo bedre -oversikt over stortingsrepresentantenes lesevaner og interesse blir -tilgjengelig for svensk, britisk og USAs etterretning. Hva de kan -bruke den informasjonen til overlater jeg til leseren å undres -over.

+
Lenker for 2014-02-28
+
28th February 2014
+

Her er noen lenker til tekster jeg har satt pris på å lese de siste +månedene. Det er mye om varsleren Edward Snowden, som burde få all +hjelp, støtte og beskyttelse Norge kan stille opp med for å ha satt +totalitær overvåkning på sakskartet, men også endel annet +tankevekkende og interessant.

+ +
- Tags: norsk, personvern, sikkerhet, stortinget, surveillance. + Tags: lenker, norsk, personvern.
@@ -427,93 +395,37 @@ over.

-
A Raspberry Pi based batman-adv Mesh network node
-
21st October 2013
-

The last few days I have been experimenting with -the -batman-adv mesh technology. I want to gain some experience to see -if it will fit the -Freedombox project, and together with my neighbors try to build a -mesh network around the park where I live. Batman-adv is a layer 2 -mesh system ("ethernet" in other words), where the mesh network appear -as if all the mesh clients are connected to the same switch.

- -

My hardware of choice was the Linksys WRT54GL routers I had lying -around, but I've been unable to get them working with batman-adv. So -instead, I started playing with a -Raspberry Pi, and tried to -get it working as a mesh node. My idea is to use it to create a mesh -node which function as a switch port, where everything connected to -the Raspberry Pi ethernet plug is connected (bridged) to the mesh -network. This allow me to hook a wifi base station like the Linksys -WRT54GL to the mesh by plugging it into a Raspberry Pi, and allow -non-mesh clients to hook up to the mesh. This in turn is useful for -Android phones using the Serval -Project voip client, allowing every one around the playground to -phone and message each other for free. The reason is that Android -phones do not see ad-hoc wifi networks (they are filtered away from -the GUI view), and can not join the mesh without being rooted. But if -they are connected using a normal wifi base station, they can talk to -every client on the local network.

- -

To get this working, I've created a debian package -meshfx-node -and a script -build-rpi-mesh-node -to create the Raspberry Pi boot image. I'm using Debian Jessie (and -not Raspbian), to get more control over the packages available. -Unfortunately a huge binary blob need to be inserted into the boot -image to get it booting, but I'll ignore that for now. Also, as -Debian lack support for the CPU features available in the Raspberry -Pi, the system do not use the hardware floating point unit. I hope -the routing performance isn't affected by the lack of hardware FPU -support.

- -

To create an image, run the following with a sudo enabled user -after inserting the target SD card into the build machine:

- -

-% wget -O build-rpi-mesh-node \
-    https://raw.github.com/petterreinholdtsen/meshfx-node/master/build-rpi-mesh-node
-% sudo bash -x ./build-rpi-mesh-node > build.log 2>&1
-% dd if=/root/rpi/rpi_basic_jessie_$(date +%Y%m%d).img of=/dev/mmcblk0 bs=1M
-%
-

- -

Booting with the resulting SD card on a Raspberry PI with a USB -wifi card inserted should give you a mesh node. At least it does for -me with a the wifi card I am using. The default mesh settings are the -ones used by the Oslo mesh project at Hackeriet, as I mentioned in -an -earlier blog post about this mesh testing.

- -

The mesh node was not horribly expensive either. I bought -everything over the counter in shops nearby. If I had ordered online -from the lowest bidder, the price should be significantly lower:

- -

- - - - - - - - -
SupplierModelNOK
TeknikkmagasinetRaspberry Pi model B349.90
TeknikkmagasinetRaspberry Pi type B case99.90
LefdalJensen Air:Link 25150295.-
Clas OhlsonKingston 16 GB SD card199.-
Total cost943.80

- -

Now my mesh network at home consist of one laptop in the basement -connected to my production network, one Raspberry Pi node on the 1th -floor that can be seen by my neighbor across the park, and one -play-node I use to develop the image building script. And some times -I hook up my work horse laptop to the mesh to test it. I look forward -to figuring out what kind of latency the batman-adv setup will give, -and how much packet loss we will experience around the park. :)

+
New home and release 1.0 for netgroup and innetgr (aka ng-utils)
+
22nd February 2014
+

Many years ago, I wrote a GPL licensed version of the netgroup and +innetgr tools, because I needed them in +Skolelinux. I called the project +ng-utils, and it has served me well. I placed the project under the +Hungry Programmer umbrella, and it was maintained in our CVS +repository. But many years ago, the CVS repository was dropped (lost, +not migrated to new hardware, not sure), and the project have lacked a +proper home since then.

+ +

Last summer, I had a look at the package and made a new release +fixing a irritating crash bug, but was unable to store the changes in +a proper source control system. I applied for a project on +Alioth, but did not have time +to follow up on it. Until today. :)

+ +

After many hours of cleaning and migration, the ng-utils project +now have a new home, and a git repository with the highlight of the +history of the project. I published all release tarballs and imported +them into the git repository. As the project is really stable and not +expected to gain new features any time soon, I decided to make a new +release and call it 1.0. Visit the new project home on +https://alioth.debian.org/projects/ng-utils/ +if you want to check it out. The new version is also uploaded into +Debian Unstable.

- Tags: english, freedombox, mesh network, nuug. + Tags: debian, english.
@@ -521,21 +433,113 @@ and how much packet loss we will experience around the park. :)

-
Perl library to control the Spykee robot moved to github
-
19th October 2013
-

Back in 2010, I created a Perl library to talk to -the Spykee robot -(with two belts, wifi, USB and Linux) and made it available from my -web page. Today I concluded that it should move to a site that is -easier to use to cooperate with others, and moved it to github. If -you got a Spykee robot, you might want to check out -the -libspykee-perl github repository.

+
Testing sysvinit from experimental in Debian Hurd
+
3rd February 2014
+

A few days ago I decided to try to help the Hurd people to get +their changes into sysvinit, to allow them to use the normal sysvinit +boot system instead of their old one. This follow up on the +great +Google Summer of Code work done last summer by Justus Winter to +get Debian on Hurd working more like Debian on Linux. To get started, +I downloaded a prebuilt hard disk image from +http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz, +and started it using virt-manager.

+ +

The first think I had to do after logging in (root without any +password) was to get the network operational. I followed +the +instructions on the Debian GNU/Hurd ports page and ran these +commands as root to get the machine to accept a IP address from the +kvm internal DHCP server:

+ +

+settrans -fgap /dev/netdde /hurd/netdde
+kill $(ps -ef|awk '/[p]finet/ { print $2}')
+kill $(ps -ef|awk '/[d]evnode/ { print $2}')
+dhclient /dev/eth0
+

+ +

After this, the machine had internet connectivity, and I could +upgrade it and install the sysvinit packages from experimental and +enable it as the default boot system in Hurd.

+ +

But before I did that, I set a password on the root user, as ssh is +running on the machine it for ssh login to work a password need to be +set. Also, note that a bug somewhere in openssh on Hurd block +compression from working. Remember to turn that off on the client +side.

+ +

Run these commands as root to upgrade and test the new sysvinit +stuff:

+ +

+cat > /etc/apt/sources.list.d/experimental.list <<EOF
+deb http://http.debian.net/debian/ experimental main
+EOF
+apt-get update
+apt-get dist-upgrade
+apt-get install -t experimental initscripts sysv-rc sysvinit \
+    sysvinit-core sysvinit-utils
+update-alternatives --config runsystem
+

+ +

To reboot after switching boot system, you have to use +reboot-hurd instead of just reboot, as there is not +yet a sysvinit process able to receive the signals from the normal +'reboot' command. After switching to sysvinit as the boot system, +upgrading every package and rebooting, the network come up with DHCP +after boot as it should, and the settrans/pkill hack mentioned at the +start is no longer needed. But for some strange reason, there are no +longer any login prompt in the virtual console, so I logged in using +ssh instead. + +

Note that there are some race conditions in Hurd making the boot +fail some times. No idea what the cause is, but hope the Hurd porters +figure it out. At least Justus said on IRC (#debian-hurd on +irc.debian.org) that they are aware of the problem. A way to reduce +the impact is to upgrade to the Hurd packages built by Justus by +adding this repository to the machine:

+ +

+cat > /etc/apt/sources.list.d/hurd-ci.list <<EOF
+deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main
+EOF
+

+ +

At the moment the prebuilt virtual machine get some packages from +http://ftp.debian-ports.org/debian, because some of the packages in +unstable do not yet include the required patches that are lingering in +BTS. This is the completely list of "unofficial" packages installed:

+ +

+# aptitude search '?narrow(?version(CURRENT),?origin(Debian Ports))'
+i   emacs                   - GNU Emacs editor (metapackage)
+i   gdb                     - GNU Debugger
+i   hurd-recommended        - Miscellaneous translators
+i   isc-dhcp-client         - ISC DHCP client
+i   isc-dhcp-common         - common files used by all the isc-dhcp* packages
+i   libc-bin                - Embedded GNU C Library: Binaries
+i   libc-dev-bin            - Embedded GNU C Library: Development binaries
+i   libc0.3                 - Embedded GNU C Library: Shared libraries
+i A libc0.3-dbg             - Embedded GNU C Library: detached debugging symbols
+i   libc0.3-dev             - Embedded GNU C Library: Development Libraries and Hea
+i   multiarch-support       - Transitional package to ensure multiarch compatibilit
+i A x11-common              - X Window System (X.Org) infrastructure
+i   xorg                    - X.Org X Window System
+i A xserver-xorg            - X.Org X server
+i A xserver-xorg-input-all  - X.Org X server -- input driver metapackage
+#
+

+ +

All in all, testing hurd has been an interesting experience. :) +X.org did not work out of the box and I never took the time to follow +the porters instructions to fix it. This time I was interested in the +command line stuff.

- Tags: english, nuug, robot. + Tags: bootsystem, debian, english.
@@ -543,38 +547,90 @@ libspykee-perl github repository.

-
Good causes: Debian Outreach Program for Women, EFF documenting the spying and Open access in Norway
-
15th October 2013
-

The last few days I came across a few good causes that should get -wider attention. I recommend signing and donating to each one of -these. :)

- -

Via Debian -Project News for 2013-10-14 I came across the Outreach Program for -Women program which is a Google Summer of Code like initiative to get -more women involved in free software. One debian sponsor has offered -to match any donation done to Debian -earmarked for this initiative. I donated a few minutes ago, and -hope you will to. :)

- -

And the Electronic Frontier Foundation just announced plans to -create video -documentaries about the excessive spying on every Internet user that -take place these days, and their need to fund the work. I've already -donated. Are you next?

- -

For my Norwegian audience, the organisation Studentenes og -Akademikernes Internasjonale Hjelpefond is collecting signatures for a -statement under the heading -Bloggers United for Open -Access for those of us asking for more focus on open access in the -Norwegian government. So far 499 signatures. I hope you will sign it -too.

+
A fist full of non-anonymous Bitcoins
+
29th January 2014
+

Bitcoin is a incredible use of peer to peer communication and +encryption, allowing direct and immediate money transfer without any +central control. It is sometimes claimed to be ideal for illegal +activity, which I believe is quite a long way from the truth. At least +I would not conduct illegal money transfers using a system where the +details of every transaction are kept forever. This point is +investigated in +USENIX ;login: +from December 2013, in the article +"A +Fistful of Bitcoins - Characterizing Payments Among Men with No +Names" by Sarah Meiklejohn, Marjori Pomarole,Grant Jordan, Kirill +Levchenko, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. They +analyse the transaction log in the Bitcoin system, using it to find +addresses belong to individuals and organisations and follow the flow +of money from both Bitcoin theft and trades on Silk Road to where the +money end up. This is how they wrap up their article:

+ +

+

"To demonstrate the usefulness of this type of analysis, we turned +our attention to criminal activity. In the Bitcoin economy, criminal +activity can appear in a number of forms, such as dealing drugs on +Silk Road or simply stealing someone else’s bitcoins. We followed the +flow of bitcoins out of Silk Road (in particular, from one notorious +address) and from a number of highly publicized thefts to see whether +we could track the bitcoins to known services. Although some of the +thieves attempted to use sophisticated mixing techniques (or possibly +mix services) to obscure the flow of bitcoins, for the most part +tracking the bitcoins was quite straightforward, and we ultimately saw +large quantities of bitcoins flow to a variety of exchanges directly +from the point of theft (or the withdrawal from Silk Road).

+ +

As acknowledged above, following stolen bitcoins to the point at +which they are deposited into an exchange does not in itself identify +the thief; however, it does enable further de-anonymization in the +case in which certain agencies can determine (through, for example, +subpoena power) the real-world owner of the account into which the +stolen bitcoins were deposited. Because such exchanges seem to serve +as chokepoints into and out of the Bitcoin economy (i.e., there are +few alternative ways to cash out), we conclude that using Bitcoin for +money laundering or other illicit purposes does not (at least at +present) seem to be particularly attractive."

+

+ +

These researches are not the first to analyse the Bitcoin +transaction log. The 2011 paper +"An Analysis of Anonymity in +the Bitcoin System" by Fergal Reid and Martin Harrigan is +summarized like this:

+ +

+"Anonymity in Bitcoin, a peer-to-peer electronic currency system, is a +complicated issue. Within the system, users are identified by +public-keys only. An attacker wishing to de-anonymize its users will +attempt to construct the one-to-many mapping between users and +public-keys and associate information external to the system with the +users. Bitcoin tries to prevent this attack by storing the mapping of +a user to his or her public-keys on that user's node only and by +allowing each user to generate as many public-keys as required. In +this chapter we consider the topological structure of two networks +derived from Bitcoin's public transaction history. We show that the +two networks have a non-trivial topological structure, provide +complementary views of the Bitcoin system and have implications for +anonymity. We combine these structures with external information and +techniques such as context discovery and flow analysis to investigate +an alleged theft of Bitcoins, which, at the time of the theft, had a +market value of approximately half a million U.S. dollars." +

+ +

I hope these references can help kill the urban myth that Bitcoin +is anonymous. It isn't really a good fit for illegal activites. Use +cash if you need to stay anonymous, at least until regular DNA +sampling of notes and coins become the norm. :)

+ +

As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- Tags: debian, english, opphavsrett, surveillance. + Tags: bitcoin, english, personvern, sikkerhet.
@@ -582,142 +638,54 @@ too.

-
Oslo community mesh network - with NUUG and Hackeriet at Hausmania
-
11th October 2013
-

Wireless mesh networks are self organising and self healing -networks that can be used to connect computers across small and large -areas, depending on the radio technology used. Normal wifi equipment -can be used to create home made radio networks, and there are several -successful examples like -Freifunk and -Athens Wireless Metropolitan Network -(see -wikipedia -for a large list) around the globe. To give you an idea how it -work, check out the nice overview of the Kiel Freifunk community which -can be seen from their -dynamically -updated node graph and map, where one can see how the mesh nodes -automatically handle routing and recover from nodes disappearing. -There is also a small community mesh network group in Oslo, Norway, -and that is the main topic of this blog post.

- -

I've wanted to check out mesh networks for a while now, and hoped -to do it as part of my involvement with the NUUG member organisation community, and -my recent involvement in -the Freedombox project -finally lead me to give mesh networks some priority, as I suspect a -Freedombox should use mesh networks to connect neighbours and family -when possible, given that most communication between people are -between those nearby (as shown for example by research on Facebook -communication patterns). It also allow people to communicate without -any central hub to tap into for those that want to listen in on the -private communication of citizens, which have become more and more -important over the years.

- -

So far I have only been able to find one group of people in Oslo -working on community mesh networks, over at the hack space -Hackeriet at Husmania. They seem to -have started with some Freifunk based effort using OLSR, called -the Oslo -Freifunk project, but that effort is now dead and the people -behind it have moved on to a batman-adv based system called -meshfx. Unfortunately the wiki -site for the Oslo Freifunk project is no longer possible to update to -reflect this fact, so the old project page can't be updated to point to -the new project. A while back, the people at Hackeriet invited people -from the Freifunk community to Oslo to talk about mesh networks. I -came across this video where Hans Jørgen Lysglimt interview the -speakers about this talk (from -youtube):

- -

- -

I mentioned OLSR and batman-adv, which are mesh routing protocols. -There are heaps of different protocols, and I am still struggling to -figure out which one would be "best" for some definitions of best, but -given that the community mesh group in Oslo is so small, I believe it -is best to hook up with the existing one instead of trying to create a -completely different setup, and thus I have decided to focus on -batman-adv for now. It sure help me to know that the very cool -Serval project in Australia -is using batman-adv as their meshing technology when it create a self -organizing and self healing telephony system for disaster areas and -less industrialized communities. Check out this cool video presenting -that project (from -youtube):

- -

- -

According to the wikipedia page on -Wireless -mesh network there are around 70 competing schemes for routing -packets across mesh networks, and OLSR, B.A.T.M.A.N. and -B.A.T.M.A.N. advanced are protocols used by several free software -based community mesh networks.

- -

The batman-adv protocol is a bit special, as it provide layer 2 -(as in ethernet ) routing, allowing ipv4 and ipv6 to work on the same -network. One way to think about it is that it provide a mesh based -vlan you can bridge to or handle like any other vlan connected to your -computer. The required drivers are already in the Linux kernel at -least since Debian Wheezy, and it is fairly easy to set up. A -good -introduction is available from the Open Mesh project. These are -the key settings needed to join the Oslo meshfx network:

- -

- - - - - -
SettingValue
Protocol / kernel modulebatman-adv
ESSIDmeshfx@hackeriet
Channel / Frequency11 / 2462
Cell ID02:BA:00:00:00:01

- -

The reason for setting ad-hoc wifi Cell ID is to work around bugs -in firmware used in wifi card and wifi drivers. (See a nice post from -VillageTelco about -"Information -about cell-id splitting, stuck beacons, and failed IBSS merges! -for details.) When these settings are activated and you have some -other mesh node nearby, your computer will be connected to the mesh -network and can communicate with any mesh node that is connected to -any of the nodes in your network of nodes. :)

- -

My initial plan was to reuse my old Linksys WRT54GL as a mesh node, -but that seem to be very hard, as I have not been able to locate a -firmware supporting batman-adv. If anyone know how to use that old -wifi access point with batman-adv these days, please let me know.

- -

If you find this project interesting and want to join, please join -us on IRC, either channel -#oslohackerspace -or #nuug on -irc.freenode.net.

- -

While investigating mesh networks in Oslo, I came across an old -research paper from the university of Stavanger and Telenor Research -and Innovation called -The -reliability of wireless backhaul mesh networks and elsewhere -learned that Telenor have been experimenting with mesh networks at -Grünerløkka in Oslo. So mesh networks are also interesting for -commercial companies, even though Telenor discovered that it was hard -to figure out a good business plan for mesh networking and as far as I -know have closed down the experiment. Perhaps Telenor or others would -be interested in a cooperation?

- -

Update 2013-10-12: I was just -told -by the Serval project developers that they no longer use -batman-adv (but are compatible with it), but their own crypto based -mesh system.

+
New chrpath release 0.16
+
14th January 2014
+

Coverity is a nice tool to +find problems in C, C++ and Java code using static source code +analysis. It can detect a lot of different problems, and is very +useful to find memory and locking bugs in the error handling part of +the source. The company behind it provide +check of free software projects as +a community service, and many hundred free software projects are +already checked. A few days ago I decided to have a closer look at +the Coverity system, and discovered that the +gnash and +ipmitool +projects I am involved with was already registered. But these are +fairly big, and I would also like to have a small and easy project to +check, and decided to request +checking of the chrpath project. It was +added to the checker and discovered seven potential defects. Six of +these were real, mostly resource "leak" when the program detected an +error. Nothing serious, as the resources would be released a fraction +of a second later when the program exited because of the error, but it +is nice to do it right in case the source of the program some time in +the future end up in a library. Having fixed all defects and added +a +mailing list for the chrpath developers, I decided it was time to +publish a new release. These are the release notes:

+ +

New in 0.16 released 2014-01-14:

+ +
    + +
  • Fixed all minor bugs discovered by Coverity.
    • +
  • Updated config.sub and config.guess from the GNU project.
    • +
  • Mention new project mailing list in the documentation.
    • + +
+ +

You can +download the +new version 0.16 from alioth. Please let us know via the Alioth +project if something is wrong with the new release. The test suite +did not discover any old errors, so if you find a new one, please also +include a test suite check.

- Tags: english, freedombox, mesh network, nuug. + Tags: chrpath, debian, english.
@@ -725,37 +693,216 @@ mesh system.

-
Skolelinux / Debian Edu 7.1 install and overview video from Marcelo Salvador
-
8th October 2013
-

The other day I was pleased and surprised to discover that Marcelo -Salvador had published a -video on -Youtube showing how to install the standalone Debian Edu / -Skolelinux profile. This is the profile intended for use at home or -on laptops that should not be integrated into the provided network -services (no central home directory, no Kerberos / LDAP directory etc, -in other word a single user machine). The result is 11 minutes long, -and show some user applications (seem to be rather randomly picked). -Missed a few of my favorites like celestia, planets and chromium -showing the Zygote Body 3D model -of the human body, but I guess he did not know about those or find -other programs more interesting. :) And the video do not show the -advantages I believe is one of the most valuable featuers in Debian -Edu, its central school server making it possible to run hundreds of -computers without hard drives by installing one central -LTSP server.

- -

Anyway, check out the video, embedded below and linked to above:

- - - -

Are there other nice videos demonstrating Skolelinux? Please let -me know. :)

+
Debian Edu interview: Dominik George
+
25th December 2013
+

The Debian Edu / Skolelinux +project consist of both newcomers and old timers, and this time I +was able to get an interview with a newcomer in the project who showed +up on the IRC channel a few weeks ago to let us know about his +successful installation of Debian Edu Wheezy in his School. Say hello +to Dominik +George.

+ + + +

Who are you, and how do you spend your days?

+ +

I am a 23 year-old student from Germany who has spent half of his +life with open source. In "real life", I am, as already mentioned, a +student in the fields of Computer Science, Electrical Engineering, +Information Technologies and Anglistics. Due to my (only partially +voluntary) huge engagement in the open source world, these things are +a bit vacant right now however.

+ +

I also have been working as a project teacher at a Gymasnium +(public school) for various years now. I took up that work some time +around 2005 when still attending that school myself and have continued +it until today. I also had been running the (kind of very advanced) +network of that school together with a team of very interested and +talented students in the age of 11 to 15 years, who took the chance to +learn a lot about open source and networking before I left the school +to help building another school's informational education concept from +scratch.

+ +

That said, one might see me as a kind of "glue" between school kids +and the elderly of teachers as well as between the open source +ecosystem and the (even more complex) educational ecosystem.

+ +

When I am not busy with open source or education, I like Geocaching +and cycling.

+ +

How did you get in contact with the Skolelinux / Debian Edu +project?

+ +

I think that happened some time around 2009 when I first attended +FrOSCon and visited the project +booth. I think I wasn't too interested back then because I used to +have an attitude of disliking software that does too much stuff on its +own. Maybe I was too inexperienced to realise the upsides of an +"out-of-the-box" solution ;).

+ +

The first time I actively talked to Skolelinux people was at +OpenRheinRuhr 2011 when the +BiscuIT project, a home-grewn software used by my school for various +really cool things from timetables and class contact lists to lunch +ordering, student ID card printing and project elections first got to +a stage where it could have been published. I asked the Skolelinux +guys running the booth if the project were interested in it and gave a +small demonstration, but there wasn't any real feedback and the guys +seemed rather uninterested.

+ +

After I left the school where I developed the software, it got +mostly lost, but I am now reimplementing it for my new school. I have +reusability and compatibility in mind, and I hop there will be a new +basis for contributing it to the Skolelinux project ;)!

+ +

What do you see as the advantages of Skolelinux / Debian +Edu?

+ +

The most important advantage seems to be that it "just +works". After overcoming some minor (but still very annoying) glitches +in the installer, I got a fully functional, working school network, +without the month-long hassle I experienced when setting all that up +from scratch in earlier years. And above that, it rocked - I didn't +have any real hardware at hand, because the school was just founded +and has no money whatsoever, so I installed a combined server (main +server, terminal services and workstation) in a VM on my personal +notebook, bridging the LTSP network interface to the ethernet port, +and then PXE-booted the Windows notebooks that were lying around from +it. I could use 8 clients without any performance issues, by using a +tiny little VM on a tiny little notebook. I think that's enough to say +that it rocks!

+ +

Secondly, there are marketing reasons. Life's bad, and so no +politician will ever permit a setup described as "Debian, an universal +operating system, with some really cool educational tools" while they +will be jsut fine with "Skolelinux, a single-purpose solution for your +school network", even if both turn out to be the very same thing (yes, +this is unfair towards the Skolelinux project, and must not be taken +too seriously - you get the idea, anyway).

+ +

What do you see as the disadvantages of Skolelinux / Debian +Edu?

+ +

I have not been involved with Skolelinux long enough to really +answer this question in a fair way. Thus, please allow me to put it in +other words: "What do you expect from Skolelinux to keep liking it?" I +can list a few points about that:

+ +
    + +
  • always strive to get all things integrated into Debian upstream +
  • be open to discussion about changes and the like, even with newcomers +
  • be helpful at being helpful ;) + +
+ +

I'm really sorry I cannot say much more about that :(!

+ +

Which free software do you use daily?

+ +

First of all, all software I use is free and open. I have abandoned +all non-free software (except for firmware on my darned phone) this +year.

+ +

I run Debian GNU/Linux on all PC systems I use. On that, I mostly +run text tools. I use +mksh as shell, +jupp as very advanced +text editor (I even got the developer to help me write a script/macro +based full-featured student management software with the two), +mcabber for XMPP and +irssi for IRC. For that overly +coloured world called the WWW, I use +Iceweasel +(Firefox). Oh, and mutt for +e-mail.

+ +

However, while I am personally aware of the fact that text tools +are more efficient and powerful than anything else, I also use (or at +least operate) some tools that are suitable to bring open source to +kids. One of these things is Jappix, +which I already introduced to some kids even before they got aware of +Facebook, making them see for themselves that they do not need +Facebook now ;).

+ +

Which strategy do you believe is the right one to use to +get schools to use free software?

+ +

Well, that's a two-sided thing. One side is what I believe, and one +side is what I have experienced.

+ +

I believe that the right strategy is showing them the benefits. But +that won't work out as long as the acceptance of free alternatives +grows globally. What I mean is that if all the kids are almost forced +to use Windows, Facebook, Skype, you name it at home, they will not +see why they would want to use alternatives at school. I have seen +students take seat in front of a fully-functional, modern Debian +desktop that could do anything their Windows at home could do, and +they jsut refused to use it because "Linux sucks". It is something +that makes the council of our city spend around 600000 € to buy +software - not including hardware, mind you - for operating school +networks, and for installing a system that, as has been proved, does +not work. For those of you readers who are good at maths, have you +already found out how many lives could have been saved with that money +if we had instead used it to bring education to parts of the world +that need it? I have, and found it to be nothing less dramatic than +plain criminal.

+ +

That said, the only feasible way appears to be the bottom up +method. We have to bring free software to kids and parents. I have +founded an association named +Teckids here in Germany that does +just that. We organise several events for kids and adolescents in the +area of free and open source software, for example the +FrogLabs, which share staff with +Teckids and are the youth programme of +the Free and Open Source Software +Conference (FrOSCon). We do a lot more than most other conferences +- this year, we first offered the FrogLabs as a holiday camp for kids +aged 10 to 16. It was a huge success, with approx. 30 kids taking part +and learning with and about free software through a whole weekend. All +of us had a lot of fun, and the results were really exciting.

+ +

Apart from that, we are preparing a campaign that is supposed to bring +the message of free alternatives to stuff kids use every day to them and +their parents, e.g. the use of Jabber / Jappix instead of Facebook and +Skype. To make that possible, we are planning to get together a team of +clever kids who understand very well what their peers need and can bring +it across to them. So we will have a peer-driven network of adolescents +who teach each other and collect feedback from the community of minors. +We then take that feedback and our own experience to work closely with +open source projects, such as Skolelinux or Jappix, at improving their +software in a way that makes it more and more attractive for the target +group. At least I hope that we will have good cooperation with +Skolelinux in the future ;)!

+ +

So in conclusion, what I believe is that, if it weren't for the world +being so bad, it should be very clear to the political decision makers +that the only way to go nowadays is free software for various reasons, +but I have learnt that the only way that seems to work is bottom up.

+ +
- Tags: debian edu, english, video. + Tags: debian edu, english, intervju.
@@ -763,23 +910,44 @@ me know. :)

-
Finally, Debian Edu Wheezy is released today!
-
29th September 2013
-

A few hours ago, the announcement for the first stable release of -Debian Edu Wheezy went out from the Debian publicity team. The -complete announcement text can be found at -the Debian News -section, translated to several languages. Please check it out.

- -

There is one minor known problem that we will fix very soon. One -can not install a amd64 Thin Client Server using PXE, as the /var/ -partition is too small. A workaround is to extend the partition (use -lvresize + resize2fs in tty 2 while installing).

+
Dugnadsnett for alle stiller på Oslo Maker Faire i januar 2014
+
10th December 2013
+

Helga 18. og 19. januar 2014 arrangeres +Oslo Maker +Faire, og Dugnadsnett for +alle har fått plass! Planen er å ha et bord med en plakat der vi +forteller om hva Dugnadsnett for alle er for noe, og et lite verksted +der vi hjelper folk som er interessert i å få opp sin egen mesh-node. +Jeg gleder meg til å se hvordan prosjektet blir mottatt der.

+ +

Målet med dugnadsnett for alle i Oslo er å få på plass et datanett +for kommunikasjon ved hjelp av radio-repeaterstasjoner (kalt +mesh-noder) som gjør at en kan direkte kommunisere med slekt, venner +og bekjente i Oslo via andre som deltar i dugnadsnettet, samt gjøre +det mulig komme ut på internett via dugnadsnettet. Første delmål er å +kunne sende SMS-meldinger vha. IP-telefoni løsningen +Serval project mellom +deltagerne i Dugnadsnett for alle i Oslo. Formålet er å ta tilbake +kontrollen over egen nett-infrastruktur og gjøre det dyrere å bedrive +massiv innsamling av informasjon om borgernes bruk av datanett.

+ +

Høres dette interessant ut? Bli med på prosjektet, fortell oss +hvor du kunne tenke deg å sette opp en radio-repeater (slik at folk i +nærheten kan finne hverandre ved hjelp av +kartet over planlagte og +eksisterende radio-repeatere), bli med på epostlisten +dugnadsnett +(at) nuug.no og stikk innom +IRC-kanalen +#dugnadsnett.no. Så langt er det planlagt over 40 +radio-repeatere, med VPN-forbindelser via Internet for å la de delene +av nettet som ikke når hverandre via radio kunne snakke med hverandre +likevel.

- Tags: debian edu, english. + Tags: mesh network, norsk, nuug.
@@ -794,6 +962,17 @@ lvresize + resize2fs in tty 2 while installing).

Archive