X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/c48916382a44a7a8d59ee4fa8342e6a85fc556ac..f29f99052afe6957717bd71b319c2bcc57210b7a:/blog/index.rss diff --git a/blog/index.rss b/blog/index.rss index 13bb58bfe7..e6b1048fbf 100644 --- a/blog/index.rss +++ b/blog/index.rss @@ -7,724 +7,728 @@ - Dokumentaren om Datalagringsdirektivet sendes endelig på NRK - http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html - http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html - Wed, 26 Mar 2014 09:50:00 +0100 - <p><a href="http://www.nuug.no/">Foreningen NUUG</a> melder i natt at -NRK nå har bestemt seg for -<a href="http://www.nuug.no/news/NRK_viser_filmen_om_Datalagringsdirektivet_f_rste_gang_2014_03_31.shtml">når -den norske dokumentarfilmen om datalagringsdirektivet skal -sendes</a> (se <a href="http://www.imdb.com/title/tt2832844/">IMDB</a> -for detaljer om filmen) . Første visning blir på NRK2 mandag -2014-03-31 kl. 19:50, og deretter visninger onsdag 2014-04-02 -kl. 12:30, fredag 2014-04-04 kl. 19:40 og søndag 2014-04-06 kl. 15:10. -Jeg har sett dokumentaren, og jeg anbefaler enhver å se den selv. Som -oppvarming mens vi venter anbefaler jeg Bjørn Stærks kronikk i -Aftenposten fra i går, -<a href="http://www.aftenposten.no/meninger/kronikker/Autoritar-gjokunge-7514915.html">Autoritær -gjøkunge</a>, der han gir en grei skisse av hvor ille det står til med -retten til privatliv og beskyttelsen av demokrati i Norge og resten -verden, og helt riktig slår fast at det er vi i databransjen som -sitter med nøkkelen til å gjøre noe med dette. Jeg har involvert meg -i prosjektene <a href="http://www.dugnadsnett.no/">dugnadsnett.no</a> -og <a href="https://wiki.debian.org/FreedomBox">FreedomBox</a> for å -forsøke å gjøre litt selv for å bedre situasjonen, men det er mye -hardt arbeid fra mange flere enn meg som gjenstår før vi kan sies å ha -gjenopprettet balansen.</p> - -<p>Jeg regner med at nettutgaven dukker opp på -<a href="http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet">NRKs -side om filmen om datalagringsdirektivet</a> om frem dager. Hold et -øye med siden, og tips venner og slekt om at de også bør se den.</p> + Hvordan vurderer regjeringen H.264-patentutfordringen? + http://people.skolelinux.org/pere/blog/Hvordan_vurderer_regjeringen_H_264_patentutfordringen_.html + http://people.skolelinux.org/pere/blog/Hvordan_vurderer_regjeringen_H_264_patentutfordringen_.html + Sun, 16 Nov 2014 10:30:00 +0100 + <p>For en stund tilbake spurte jeg Fornyingsdepartementet om hvilke +juridiske vurderinger rundt patentproblemstillingen som var gjort da +H.264 ble tatt inn i <a href="http://standard.difi.no/">statens +referansekatalog over standarder</a>. Stig Hornnes i FAD tipset meg +om følgende som står i oppsumeringen til høringen om +referansekatalogen versjon 2.0, som jeg siden ved hjelp av en +innsynsforespørsel fikk tak i +<a href="http://wiki.nuug.no/uttalelser/200901-standardkatalog-v2?action=AttachFile&do=get&target=kongelig-resolusjon.pdf">PDF-utgaven av</a> +datert 2009-06-03 (saksnummer 200803291, saksbehandler Henrik +Linnestad).</p> + +<p>Der står det følgende om problemstillingen:</p> + +<p><blockquote> +<strong>4.4 Patentproblematikk</strong> + +<p>NUUG og Opera ser det som særlig viktig at forslagene knyttet til +lyd og video baserer seg på de royalty-frie standardene Vorbis, Theora +og FLAC.</p> + +<p>Kommentarene relaterer seg til at enkelte standarder er åpne, men +inneholder tekniske prosedyrer som det i USA (og noen andre land som +Japan) er gitt patentrettigheter til. I vårt tilfelle berører dette +spesielt standardene Mp3 og H.264, selv om Politidirektoratet peker på +at det muligens kan være tilsvarende problematikk også for Theora og +Vorbis. Dette medfører at det i USA kan kreves royalties for bruk av +tekniske løsninger knyttet til standardene, et krav som også +håndheves. Patenter kan imidlertid bare hevdes i de landene hvor +patentet er gitt, så amerikanske patenter gjelder ikke andre steder +enn USA.</p> + +<p>Spesielt for utvikling av fri programvare er patenter +problematisk. GPL, en "grunnleggende" lisens for distribusjon av fri +programvare, avviser at programvare kan distribueres under denne +lisensen hvis det inneholder referanser til patenterte rutiner som +utløser krav om royalties. Det er imidlertid uproblematisk å +distribuere fri programvareløsninger under GPL som benytter de +aktuelle standardene innen eller mellom land som ikke anerkjenner +patentene. Derfor finner vi også flere implementeringer av Mp3 og +H.264 som er fri programvare, lisensiert under GPL.</p> + +<p>I Norge og EU er patentlovgivningen langt mer restriktiv enn i USA, +men det er også her mulig å få patentert metoder for løsning av et +problem som relaterer seg til databehandling. Det er AIF bekjent ikke +relevante patenter i EU eller Norge hva gjelder H.264 og Mp3, men +muligheten for at det finnes patenter uten at det er gjort krav om +royalties eller at det senere vil gis slike patenter kan ikke helt +avvises.</p> + +<p>AIF mener det er et behov for å gi offentlige virksomheter mulighet +til å benytte antatt royaltyfrie åpne standarder som et likeverdig +alternativ eller i tillegg til de markedsledende åpne standardene.</p> + +</blockquote></p> + +<p>Det ser dermed ikke ut til at de har vurdert patentspørsmålet i +sammenheng med opphavsrettsvilkår slik de er formulert for f.eks. +Apple Final Cut Pro, Adobe Premiere Pro, Avid og Sorenson-verktøyene, +der det kreves brukstillatelse for patenter som ikke er gyldige i +Norge for å bruke disse verktøyene til annet en personlig og ikke +kommersiell aktivitet når det gjelder H.264-video. Jeg må nok lete +videre etter svar på det spørsmålet.</p> - Public Trusted Timestamping services for everyone - http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html - http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html - Tue, 25 Mar 2014 12:50:00 +0100 - <p>Did you ever need to store logs or other files in a way that would -allow it to be used as evidence in court, and needed a way to -demonstrate without reasonable doubt that the file had not been -changed since it was created? Or, did you ever need to document that -a given document was received at some point in time, like some -archived document or the answer to an exam, and not changed after it -was received? The problem in these settings is to remove the need to -trust yourself and your computers, while still being able to prove -that a file is the same as it was at some given time in the past.</p> - -<p>A solution to these problems is to have a trusted third party -"stamp" the document and verify that at some given time the document -looked a given way. Such -<a href="https://en.wikipedia.org/wiki/Notarius">notarius</a> service -have been around for thousands of years, and its digital equivalent is -called a -<a href="http://en.wikipedia.org/wiki/Trusted_timestamping">trusted -timestamping service</a>. <a href="http://www.ietf.org/">The Internet -Engineering Task Force</a> standardised how such service could work a -few years ago as <a href="http://tools.ietf.org/html/rfc3161">RFC -3161</a>. The mechanism is simple. Create a hash of the file in -question, send it to a trusted third party which add a time stamp to -the hash and sign the result with its private key, and send back the -signed hash + timestamp. Both email, FTP and HTTP can be used to -request such signature, depending on what is provided by the service -used. Anyone with the document and the signature can then verify that -the document matches the signature by creating their own hash and -checking the signature using the trusted third party public key. -There are several commercial services around providing such -timestamping. A quick search for -"<a href="https://duckduckgo.com/?q=rfc+3161+service">rfc 3161 -service</a>" pointed me to at least -<a href="https://www.digistamp.com/technical/how-a-digital-time-stamp-works/">DigiStamp</a>, -<a href="http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx">Quo -Vadis</a>, -<a href="https://www.globalsign.com/timestamp-service/">Global Sign</a> -and <a href="http://www.globaltrustfinder.com/TSADefault.aspx">Global -Trust Finder</a>. The system work as long as the private key of the -trusted third party is not compromised.</p> - -<p>But as far as I can tell, there are very few public trusted -timestamp services available for everyone. I've been looking for one -for a while now. But yesterday I found one over at -<a href="https://www.pki.dfn.de/zeitstempeldienst/">Deutches -Forschungsnetz</a> mentioned in -<a href="http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/">a -blog by David Müller</a>. I then found -<a href="http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html">a -good recipe on how to use the service</a> over at the University of -Greifswald.</p> - -<p><a href="http://www.openssl.org/">The OpenSSL library</a> contain -both server and tools to use and set up your own signing service. See -the ts(1SSL), tsget(1SSL) manual pages for more details. The -following shell script demonstrate how to extract a signed timestamp -for any file on the disk in a Debian environment:</p> + A Debian package for SMTP via Tor (aka SMTorP) using exim4 + http://people.skolelinux.org/pere/blog/A_Debian_package_for_SMTP_via_Tor__aka_SMTorP__using_exim4.html + http://people.skolelinux.org/pere/blog/A_Debian_package_for_SMTP_via_Tor__aka_SMTorP__using_exim4.html + Mon, 10 Nov 2014 13:40:00 +0100 + <p>The right to communicate with your friends and family in private, +without anyone snooping, is a right every citicen have in a liberal +democracy. But this right is under serious attack these days.</p> + +<p>A while back it occurred to me that one way to make the dragnet +surveillance conducted by NSA, GCHQ, FRA and others (and confirmed by +the whisleblower Snowden) more expensive for Internet email, +is to deliver all email using SMTP via Tor. Such SMTP option would be +a nice addition to the FreedomBox project if we could send email +between FreedomBox machines without leaking metadata about the emails +to the people peeking on the wire. I +<a href="http://lists.alioth.debian.org/pipermail/freedombox-discuss/2014-October/006493.html">proposed +this on the FreedomBox project mailing list in October</a> and got a +lot of useful feedback and suggestions. It also became obvious to me +that this was not a novel idea, as the same idea was tested and +documented by Johannes Berg as early as 2006, and both +<a href="https://github.com/pagekite/Mailpile/wiki/SMTorP">the +Mailpile</a> and <a href="http://dee.su/cables">the Cables</a> systems +propose a similar method / protocol to pass emails between users.</p> + +<p>To implement such system one need to set up a Tor hidden service +providing the SMTP protocol on port 25, and use email addresses +looking like username@hidden-service-name.onion. With such addresses +the connections to port 25 on hidden-service-name.onion using Tor will +go to the correct SMTP server. To do this, one need to configure the +Tor daemon to provide the hidden service and the mail server to accept +emails for this .onion domain. To learn more about Exim configuration +in Debian and test the design provided by Johannes Berg in his FAQ, I +set out yesterday to create a Debian package for making it trivial to +set up such SMTP over Tor service based on Debian. Getting it to work +were fairly easy, and +<a href="https://github.com/petterreinholdtsen/exim4-smtorp">the +source code for the Debian package</a> is available from github. I +plan to move it into Debian if further testing prove this to be a +useful approach.</p> + +<p>If you want to test this, set up a blank Debian machine without any +mail system installed (or run <tt>apt-get purge exim4-config</tt> to +get rid of exim4). Install tor, clone the git repository mentioned +above, build the deb and install it on the machine. Next, run +<tt>/usr/lib/exim4-smtorp/setup-exim-hidden-service</tt> and follow +the instructions to get the service up and running. Restart tor and +exim when it is done, and test mail delivery using swaks like +this:</p> <p><blockquote><pre> -#!/bin/sh -set -e -url="http://zeitstempel.dfn.de" -caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt" -reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq) -resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr) -cafile=chain.txt -if [ ! -f $cafile ] ; then - wget -O $cafile "$caurl" -fi -openssl ts -query -data "$1" -cert | tee "$reqfile" \ - | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile" -openssl ts -reply -in "$resfile" -text 1>&2 -openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2 -base64 < "$resfile" -rm "$reqfile" "$resfile" +torsocks swaks --server dutlqrrmjhtfa3vp.onion \ + --to fbx@dutlqrrmjhtfa3vp.onion </pre></blockquote></p> -<p>The argument to the script is the file to timestamp, and the output -is a base64 encoded version of the signature to STDOUT and details -about the signature to STDERR. Note that due to -<a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553">a bug -in the tsget script</a>, you might need to modify the included script -and remove the last line. Or just write your own HTTP uploader using -curl. :) Now you too can prove and verify that files have not been -changed.</p> - -<p>But the Internet need more public trusted timestamp services. -Perhaps something for <a href="http://www.uninett.no/">Uninett</a> or -my work place the <a href="http://www.uio.no/">University of Oslo</a> -to set up?</p> +<p>This will test the SMTP delivery using tor. Replace the email +address with your own address to test your server. :)</p> + +<p>The setup procedure is still to complex, and I hope it can be made +easier and more automatic. Especially the tor setup need more work. +Also, the package include a tor-smtp tool written in C, but its task +should probably be rewritten in some script language to make the deb +architecture independent. It would probably also make the code easier +to review. The tor-smtp tool currently need to listen on a socket for +exim to talk to it and is started using xinetd. It would be better if +no daemon and no socket is needed. I suspect it is possible to get +exim to run a command line tool for delivery instead of talking to a +socket, and hope to figure out how in a future version of this +system.</p> + +<p>Until I wipe my test machine, I can be reached using the +<tt>fbx@dutlqrrmjhtfa3vp.onion</tt> mail address, deliverable over +SMTorP. :)</p> - Video DVD reader library / python-dvdvideo - nice free software - http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html - http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html - Fri, 21 Mar 2014 15:25:00 +0100 - <p>Keeping your DVD collection safe from scratches and curious -children fingers while still having it available when you want to see a -movie is not straight forward. My preferred method at the moment is -to store a full copy of the ISO on a hard drive, and use VLC, Popcorn -Hour or other useful players to view the resulting file. This way the -subtitles and bonus material are still available and using the ISO is -just like inserting the original DVD record in the DVD player.</p> - -<p>Earlier I used dd for taking security copies, but it do not handle -DVDs giving read errors (which are quite a few of them). I've also -tried using -<a href="http://people.skolelinux.org/pere/blog/Ripping_problematic_DVDs_using_dvdbackup_and_genisoimage.html">dvdbackup -and genisoimage</a>, but these days I use the marvellous python library -and program -<a href="http://bblank.thinkmo.de/blog/new-software-python-dvdvideo">python-dvdvideo</a> -written by Bastian Blank. It is -<a href="http://packages.qa.debian.org/p/python-dvdvideo.html">in Debian -already</a> and the binary package name is python3-dvdvideo. Instead -of trying to read every block from the DVD, it parses the file -structure and figure out which block on the DVD is actually in used, -and only read those blocks from the DVD. This work surprisingly well, -and I have been able to almost backup my entire DVD collection using -this method.</p> - -<p>So far, python-dvdvideo have failed on between 10 and -20 DVDs, which is a small fraction of my collection. The most common -problem is -<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831">DVDs -using UTF-16 instead of UTF-8 characters</a>, which according to -Bastian is against the DVD specification (and seem to cause some -players to fail too). A rarer problem is what seem to be inconsistent -DVD structures, as the python library -<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723079">claim -there is a overlap between objects</a>. An equally rare problem claim -<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741878">some -value is out of range</a>. No idea what is going on there. I wish I -knew enough about the DVD format to fix these, to ensure my movie -collection will stay with me in the future.</p> - -<p>So, if you need to keep your DVDs safe, back them up using -python-dvdvideo. :)</p> - - - - - Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene - http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html - http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html - Sun, 16 Mar 2014 09:30:00 +0100 - <p>Det offentlige Norge har mye kunnskap og informasjon. Men hvordan -kan en få tilgang til den på en enkel måte? Takket være et lite -knippe lover og tilhørende forskrifter, blant annet -<a href="http://lovdata.no/dokument/NL/lov/2006-05-19-16">offentlighetsloven</a>, -<a href="http://lovdata.no/dokument/NL/lov/2003-05-09-31">miljøinformasjonsloven</a> -og -<a href="http://lovdata.no/dokument/NL/lov/1967-02-10/">forvaltningsloven</a> -har en rett til å spørre det offentlige og få svar. Men det finnes -intet offentlig arkiv over hva andre har spurt om, og dermed risikerer en -å måtte forstyrre myndighetene gang på gang for å få tak i samme -informasjonen på nytt. <a href="http://www.mysociety.org/">Britiske -mySociety</a> har laget tjenesten -<a href="http://www.whatdotheyknow.com/">WhatDoTheyKnow</a> som gjør -noe med dette. I Storbritannia blir WhatdoTheyKnow brukt i -<a href="http://www.mysociety.org/2011/07/01/whatdotheyknows-share-of-central-government-foi-requests-q2-2011/">ca -15% av alle innsynsforespørsler mot sentraladministrasjonen</a>. -Prosjektet heter <a href="http://www.alaveteli.org/">Alaveteli</A>, og -er takk i bruk en rekke steder etter at løsningen ble generalisert og -gjort mulig å oversette. Den hjelper borgerne med å be om innsyn, -rådgir ved purringer og klager og lar alle se hvilke henvendelser som -er sendt til det offentlige og hvilke svar som er kommet inn, i et -søkpart arkiv. Her i Norge holder vi i foreningen NUUG på å få opp en -norsk utgave av Alaveteli, og her trenger vi din hjelp med -oversettelsen.</p> - -<p>Så langt er 76 % av Alaveteli oversatt til norsk bokmål, men vi -skulle gjerne vært oppe i 100 % før lansering. Oversettelsen gjøres -på <a href="https://www.transifex.com/projects/p/alaveteli/">Transifex, -der enhver som registrerer seg</a> og ber om tilgang til -bokmålsoversettelsen får bidra. Vi har satt opp en test av tjenesten -(som ikke sender epost til det offentlige, kun til oss som holder på å -sette opp tjenesten) på maskinen -<a href="http://alaveteli-dev.nuug.no/">alaveteli-dev.nuug.no</a>, der -en kan se hvordan de oversatte meldingen blir seende ut på nettsiden. -Når tjenesten lanseres vil den hete -<a href="https://www.mimesbrønn.no/">Mimes brønn</a>, etter -visdomskilden som Odin måtte gi øyet sitt for å få drikke i. Den -nettsiden er er ennå ikke klar til bruk.</p> - -<p>Hvis noen vil oversette til nynorsk også, så skal vi finne ut -hvordan vi lager en flerspråklig tjeneste. Men i første omgang er -fokus på bokmålsoversettelsen, der vi selv har nok peiling til å ha -fått oversatt 76%, men trenger hjelp for å komme helt i mål. :)</p> - - - - - Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine - http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html - http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html - Fri, 14 Mar 2014 11:00:00 +0100 - <p>The <a href="https://wiki.debian.org/FreedomBox">Freedombox -project</a> is working on providing the software and hardware for -making it easy for non-technical people to host their data and -communication at home, and being able to communicate with their -friends and family encrypted and away from prying eyes. It has been -going on for a while, and is slowly progressing towards a new test -release (0.2).</p> - -<p>And what day could be better than the Pi day to announce that the -new version will provide "hard drive" / SD card / USB stick images for -Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization -system), and can also be installed using a Debian installer preseed -file. The Debian based Freedombox is now based on Debian Jessie, -where most of the needed packages used are already present. Only one, -the freedombox-setup package, is missing. To try to build your own -boot image to test the current status, fetch the freedom-maker scripts -and build using -<a href="http://packages.qa.debian.org/vmdebootstrap">vmdebootstrap</a> -with a user with sudo access to become root: - -<pre> -git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \ - freedom-maker -sudo apt-get install git vmdebootstrap mercurial python-docutils \ - mktorrent extlinux virtualbox qemu-user-static binfmt-support \ - u-boot-tools -make -C freedom-maker dreamplug-image raspberry-image virtualbox-image -</pre> - -<p>Root access is needed to run debootstrap and mount loopback -devices. See the README for more details on the build. If you do not -want all three images, trim the make line. But note that thanks to <a -href="https://bugs.debian.org/741407">a race condition in -vmdebootstrap</a>, the build might fail without the patch to the -kpartx call.</p> - -<p>If you instead want to install using a Debian CD and the preseed -method, boot a Debian Wheezy ISO and use this boot argument to load -the preseed values:</p> + First Jessie based Debian Edu released (alpha0) + http://people.skolelinux.org/pere/blog/First_Jessie_based_Debian_Edu_released__alpha0_.html + http://people.skolelinux.org/pere/blog/First_Jessie_based_Debian_Edu_released__alpha0_.html + Mon, 27 Oct 2014 20:40:00 +0100 + <p>I am happy to report that I on behalf of the Debian Edu team just +sent out +<a href="https://lists.debian.org/debian-edu-announce/2014/10/msg00000.html">this +announcement</a>:</p> <pre> -url=<a href="http://www.reinholdtsen.name/freedombox/preseed-jessie.dat">http://www.reinholdtsen.name/freedombox/preseed-jessie.dat</a> -</pre> - -<p>But note that due to <a href="https://bugs.debian.org/740673">a -recently introduced bug in apt in Jessie</a>, the installer will -currently hang while setting up APT sources. Killing the -'<tt>apt-cdrom ident</tt>' process when it hang a few times during the -installation will get the installation going. This affect all -installations in Jessie, and I expect it will be fixed soon.</p> - -<p>Give it a go and let us know how it goes on the mailing list, and help -us get the new release published. :) Please join us on -<a href="irc://irc.debian.org:6667/%23freedombox">IRC (#freedombox on -irc.debian.org)</a> and -<a href="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the -mailing list</a> if you want to help make this vision come true.</p> - - - - - How to add extra storage servers in Debian Edu / Skolelinux - http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html - http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html - Wed, 12 Mar 2014 12:50:00 +0100 - <p>On larger sites, it is useful to use a dedicated storage server for -storing user home directories and data. The design for handling this -in <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a>, is -to update the automount rules in LDAP and let the automount daemon on -the clients take care of the rest. I was reminded about the need to -document this better when one of the customers of -<a href="http://www.slxdrift.no/">Skolelinux Drift AS</a>, where I am -on the board of directors, asked about how to do this. The steps to -get this working are the following:</p> +The Debian Edu Team is pleased to announce the release of Debian Edu +Jessie 8.0+edu0~alpha0 + +Debian Edu is a complete operating system for schools. Through its +various installation profiles you can install servers, workstations +and laptops which will work together on the school network. With +Debian Edu, the teachers themselves or their technical support can +roll out a complete multi-user multi-machine study environment within +hours or a few days. Debian Edu comes with hundreds of applications +pre-installed, but you can always add more packages from Debian. + +For those who want to give Debian Edu Jessie a try, download and +installation instructions are available, including detailed +instructions in the manual[1] explaining the first steps, such as +setting up a network or adding users. Please note that the password +for the user your prompted for during installation must have a length +of at least 5 characters! + + [1] &lt;URL: <a href="https://wiki.debian.org/DebianEdu/Documentation/Jessie">https://wiki.debian.org/DebianEdu/Documentation/Jessie</a> &gt; + +Would you like to give your school's computer a longer life? Are you +tired of sneaker administration, running from computer to computer +reinstalling the operating system? Would you like to administrate all +the computers in your school using only a couple of hours every week? +Check out Debian Edu Jessie! + +Skolelinux is used by at least two hundred schools all over the world, +mostly in Germany and Norway. + +About Debian Edu and Skolelinux +=============================== + +Debian Edu, also known as Skolelinux[2], is a Linux distribution based +on Debian providing an out-of-the box environment of a completely +configured school network. Immediately after installation a school +server running all services needed for a school network is set up just +waiting for users and machines being added via GOsa², a comfortable +Web-UI. A netbooting environment is prepared using PXE, so after +initial installation of the main server from CD or USB stick all other +machines can be installed via the network. The provided school server +provides LDAP database and Kerberos authentication service, +centralized home directories, DHCP server, web proxy and many other +services. The desktop contains more than 60 educational software +packages[3] and more are available from the Debian archive, and +schools can choose between KDE, Gnome, LXDE, Xfce and MATE desktop +environment. + + [2] &lt;URL: <a href="http://www.skolelinux.org/">http://www.skolelinux.org/</a> &gt; + [3] &lt;URL: <a href="http://people.skolelinux.org/pere/blog/Educational_applications_included_in_Debian_Edu___Skolelinux__the_screenshot_collection____.html">http://people.skolelinux.org/pere/blog/Educational_applications_included_in_Debian_Edu___Skolelinux__the_screenshot_collection____.html</a> &gt; + +Full release notes and manual +============================= + +Below the download URLs there is a list of some of the new features +and bugfixes of Debian Edu 8.0+edu0~alpha0 Codename Jessie. The full +list is part of the manual. (See the feature list in the manual[4] for +the English version.) For some languages manual translations are +available, see the manual translation overview[5]. + + [4] &lt;URL: <a href="https://wiki.debian.org/DebianEdu/Documentation/Jessie/Features">https://wiki.debian.org/DebianEdu/Documentation/Jessie/Features</a> &gt; + [5] &lt;URL: <a href="http://maintainer.skolelinux.org/debian-edu-doc/">http://maintainer.skolelinux.org/debian-edu-doc/</a> &gt; + +Where to get it +--------------- + +To download the multiarch netinstall CD release (624 MiB) you can use + + * <a href="ftp://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso</a> + * <a href="http://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso</a> + * rsync -avzP ftp.skolelinux.org::skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso . + +The SHA1SUM of this image is: 361188818e036ce67280a572f757de82ebfeb095 + +New features for Debian Edu 8.0+edu0~alpha0 Codename Jessie released 2014-10-27 +=============================================================================== + + +Installation changes +-------------------- + + * PXE installation now installs firmware automatically for the hardware present. + +Software updates +---------------- + +Everything which is new in Debian Jessie 8.0, eg: + + * Linux kernel 3.16.x + * Desktop environments KDE "Plasma" 4.11.12, GNOME 3.14, Xfce 4.10, + LXDE 0.5.6 and MATE 1.8 (KDE "Plasma" is installed by default; to + choose one of the others see manual.) + * the browsers Iceweasel 31 ESR and Chromium 38 + * !LibreOffice 4.3.3 + * GOsa 2.7.4 + * LTSP 5.5.4 + * CUPS print system 1.7.5 + * new boot framework: systemd + * Educational toolbox GCompris 14.07 + * Music creator Rosegarden 14.02 + * Image editor Gimp 2.8.14 + * Virtual stargazer Stellarium 0.13.0 + * golearn 0.9 + * tuxpaint 0.9.22 + * New version of debian-installer from Debian Jessie. + * Debian Jessie includes about 42000 packages available for + installation. + * More information about Debian Jessie 8.0 is provided in the release + notes[6] and the installation manual[7]. + + [6] &lt;URL: <a href="http://www.debian.org/releases/jessie/releasenotes">http://www.debian.org/releases/jessie/releasenotes</a> &gt; + [7] &lt;URL: <a href="http://www.debian.org/releases/jessie/installmanual">http://www.debian.org/releases/jessie/installmanual</a> &gt; + +Fixed bugs +---------- + + * Inserting incorrect DNS information in Gosa will no longer break + DNS completely, but instead stop DNS updates until the incorrect + information is corrected (Debian bug #710362) + * and many others. + +Documentation and translation updates +------------------------------------- + + * The Debian Edu Jessie Manual is fully translated to German, French, + Italian, Danish and Dutch. Partly translated versions exist for + Norwegian Bokmal and Spanish. + +Other changes +------------- + + * Due to new Squid settings, powering off or rebooting the main + server takes more time. + * To manage printers localhost:631 has to be used, currently www:631 + doesn't work. + +Regressions / known problems +---------------------------- + + * Installing LTSP chroot fails with a bug related to eatmydata about + exim4-config failing to run its postinst (see Debian bug #765694 + and Debian bug #762103). + * Munin collection is not properly configured on clients (Debian bug + #764594). The fix is available in a newer version of munin-node. + * PXE setup for Main Server and Thin Client Server setup does not + work when installing on a machine without direct Internet access. + Will be fixed when Debian bug #766960 is fixed in Jessie. -<p><ol> +See the status page[8] for the complete list. -<li>Add new storage server in DNS. I use nas-server.intern as the -example host here.</li> + [8] &lt;URL: <a href="https://wiki.debian.org/DebianEdu/Status/Jessie">https://wiki.debian.org/DebianEdu/Status/Jessie</a> &gt; -<li>Add automoun LDAP information about this server in LDAP, to allow -all clients to automatically mount it on reqeust.</li> +How to report bugs +------------------ -<li>Add the relevant entries in tjener.intern:/etc/fstab, because -tjener.intern do not use automount to avoid mounting loops.</li> +&lt;URL: <a href="http://wiki.debian.org/DebianEdu/HowTo/ReportBugs">http://wiki.debian.org/DebianEdu/HowTo/ReportBugs</a> &gt; -</ol></p> +About Debian +============ -<p>DNS entries are added in GOsa², and not described here. Follow the -<a href="https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted">instructions -in the manual</a> (Machine Management with GOsa² in section Getting -started).</p> +The Debian Project was founded in 1993 by Ian Murdock to be a truly +free community project. Since then the project has grown to be one of +the largest and most influential open source projects. Thousands of +volunteers from all over the world work together to create and +maintain Debian software. Available in 70 languages, and supporting a +huge range of computer types, Debian calls itself the universal +operating system. -<p>Ensure that the NFS export points on the server are exported to the -relevant subnets or machines:</p> +Contact Information +For further information, please visit the Debian web pages[9] or send +mail to press@debian.org. -<p><blockquote><pre> -root@tjener:~# showmount -e nas-server -Export list for nas-server: -/storage 10.0.0.0/8 -root@tjener:~# -</pre></blockquote></p> - -<p>Here everything on the backbone network is granted access to the -/storage export. With NFSv3 it is slightly better to limit it to -netgroup membership or single IP addresses to have some limits on the -NFS access.</p> - -<p>The next step is to update LDAP. This can not be done using GOsa², -because it lack a module for automount. Instead, use ldapvi and add -the required LDAP objects using an editor.</p> - -<p><blockquote><pre> -ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no -</pre></blockquote></p> - -<p>When the editor show up, add the following LDAP objects at the -bottom of the document. The "/&" part in the last LDAP object is a -wild card matching everything the nas-server exports, removing the -need to list individual mount points in LDAP.</p> - -<p><blockquote><pre> -add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no -objectClass: automount -cn: nas-server -automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no - -add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no -objectClass: top -objectClass: automountMap -ou: auto.nas-server - -add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no -objectClass: automount -cn: / -automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/& -</pre></blockquote></p> - -<p>The last step to remember is to mount the relevant mount points in -tjener.intern by adding them to /etc/fstab, creating the mount -directories using mkdir and running "mount -a" to mount them.</p> - -<p>When this is done, your users should be able to access the files on -the storage server directly by just visiting the -/tjener/nas-server/storage/ directory using any application on any -workstation, LTSP client or LTSP server.</p> + [9] &lt;URL: <a href="http://www.debian.org/">http://www.debian.org/</a> &gt; +</pre> - Hvordan bør RFC 822-formattert epost lagres i en NOARK5-database? - http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html - http://people.skolelinux.org/pere/blog/Hvordan_b_r_RFC_822_formattert_epost_lagres_i_en_NOARK5_database_.html - Fri, 7 Mar 2014 15:20:00 +0100 - <p>For noen uker siden ble NXCs fri programvarelisenserte -NOARK5-løsning -<a href="http://www.nuug.no/aktiviteter/20140211-noark/">presentert hos -NUUG</a> (video -<a href="https://www.youtube.com/watch?v=JCb_dNS3MHQ">på youtube -foreløbig</a>), og det fikk meg til å titte litt mer på NOARK5, -standarden for arkivhåndtering i det offentlige Norge. Jeg lurer på -om denne kjernen kan være nyttig i et par av mine prosjekter, og for ett -av dem er det mest aktuelt å lagre epost. Jeg klarte ikke finne noen -anbefaling om hvordan RFC 822-formattert epost (aka Internett-epost) -burde lagres i NOARK5, selv om jeg vet at noen arkiver tar -PDF-utskrift av eposten med sitt epostprogram og så arkiverer PDF-en -(eller enda værre, tar papirutskrift og lagrer bildet av eposten som -PDF i arkivet).</p> - -<p>Det er ikke så mange formater som er akseptert av riksarkivet til -langtidsoppbevaring av offentlige arkiver, og PDF og XML er de mest -aktuelle i så måte. Det slo meg at det måtte da finnes en eller annen -egnet XML-representasjon og at det kanskje var enighet om hvilken som -burde brukes, så jeg tok mot til meg og spurte -<a href="http://samdok.com/">SAMDOK</a>, en gruppe tilknyttet -arkivverket som ser ut til å jobbe med NOARK-samhandling, om de hadde -noen anbefalinger: - -<p><blockquote> -<p>Hei.</p> - -<p>Usikker på om dette er riktig forum å ta opp mitt spørsmål, men jeg -lurer på om det er definert en anbefaling om hvordan RFC -822-formatterte epost (aka vanlig Internet-epost) bør lages håndteres -i NOARK5, slik at en bevarer all informasjon i eposten -(f.eks. Received-linjer). Finnes det en anbefalt XML-mapping ala den -som beskrives på -&lt;URL: <a href="https://www.informit.com/articles/article.aspx?p=32074">https://www.informit.com/articles/article.aspx?p=32074</a> &gt;? Mitt -mål er at det skal være mulig å lagre eposten i en NOARK5-kjerne og -kunne få ut en identisk formattert kopi av opprinnelig epost ved -behov.</p> -</blockquote></p> - -<p>Postmottaker hos SAMDOK mente spørsmålet heller burde stilles -direkte til riksarkivet, og jeg fikk i dag svar derfra formulert av -seniorrådgiver Geir Ivar Tungesvik:</p> - -<p><blockquote> -<p>Riksarkivet har ingen anbefalinger når det gjelder konvertering fra -e-post til XML. Det står arkivskaper fritt å eventuelt definere/bruke -eget format. Inklusive da - som det spørres om - et format der det er -mulig å re-etablere e-post format ut fra XML-en. XML (e-post) -dokumenter må være referert i arkivstrukturen, og det må vedlegges et -gyldig XML skjema (.xsd) for XML-filene. Arkivskaper står altså fritt -til å gjøre hva de vil, bare det dokumenteres og det kan dannes et -utrekk ved avlevering til depot.</p> - -<p>De obligatoriske kravene i Noark 5 standarden må altså oppfylles - -etter dialog med Riksarkivet i forbindelse med godkjenning. For -offentlige arkiv er det særlig viktig med filene loependeJournal.xml -og offentligJournal.xml. Private arkiv som vil forholde seg til Noark -5 standarden er selvsagt frie til å bruke det som er relevant for dem -av obligatoriske krav.</p> -</blockquote></p> - -<p>Det ser dermed ut for meg som om det er et lite behov for å -standardisere XML-lagring av RFC-822-formatterte meldinger. Noen som -vet om god spesifikasjon i så måte? I tillegg til den omtalt over, -har jeg kommet over flere aktuelle beskrivelser (søk på "rfc 822 -xml", så finner du aktuelle alternativer).</p> - -<ul> - -<li><a href="http://www.openhealth.org/xmtp/">XML MIME Transformation -protocol (XMTP)</a> fra OpenHealth, sist oppdatert 2001.</li> - -<li><a href="https://tools.ietf.org/html/draft-klyne-message-rfc822-xml-03">An -XML format for mail and other messages</a> utkast fra IETF datert -2001.</li> - -<li><a href="http://www.informit.com/articles/article.aspx?p=32074">xMail: -E-mail as XML</a> en artikkel fra 2003 som beskriver python-modulen -rfc822 som gir ut XML-representasjon av en RFC 822-formattert epost.</li> - -</ul> - -<p>Finnes det andre og bedre spesifikasjoner for slik lagring? Send -meg en epost hvis du har innspill.</p> + I spent last weekend recording MakerCon Nordic + http://people.skolelinux.org/pere/blog/I_spent_last_weekend_recording_MakerCon_Nordic.html + http://people.skolelinux.org/pere/blog/I_spent_last_weekend_recording_MakerCon_Nordic.html + Thu, 23 Oct 2014 23:00:00 +0200 + <p>I spent last weekend at <a href="http://www.makercon.no/">Makercon +Nordic</a>, a great conference and workshop for makers in Norway and +the surrounding countries. I had volunteered on behalf of the +Norwegian Unix Users Group (NUUG) to video record the talks, and we +had a great and exhausting time recording the entire day, two days in +a row. There were only two of us, Hans-Petter and me, and we used the +regular video equipment for NUUG, with a +<a href="http://dvswitch.alioth.debian.org/wiki/">dvswitch</a>, a +camera and a VGA to DV convert box, and mixed video and slides +live.</p> + +<p>Hans-Petter did the post-processing, consisting of uploading the +around 180 GiB of raw video to Youtube, and the result is +<a href="https://www.youtube.com/user/MakerConNordic/">now becoming +public</a> on the MakerConNordic account. The videos have the license +NUUG always use on our recordings, which is +<a href="http://creativecommons.org/licenses/by-sa/3.0/no/">Creative +Commons Navngivelse-Del på samme vilkår 3.0 Norge</a>. Many great +talks available. Check it out! :)</p> - Lenker for 2014-02-28 - http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html - http://people.skolelinux.org/pere/blog/Lenker_for_2014_02_28.html - Fri, 28 Feb 2014 13:30:00 +0100 - <p>Her er noen lenker til tekster jeg har satt pris på å lese de siste -månedene. Det er mye om varsleren Edward Snowden, som burde få all -hjelp, støtte og beskyttelse Norge kan stille opp med for å ha satt -totalitær overvåkning på sakskartet, men også endel annet -tankevekkende og interessant.</p> - -<ul> + listadmin, the quick way to moderate mailman lists - nice free software + http://people.skolelinux.org/pere/blog/listadmin__the_quick_way_to_moderate_mailman_lists___nice_free_software.html + http://people.skolelinux.org/pere/blog/listadmin__the_quick_way_to_moderate_mailman_lists___nice_free_software.html + Wed, 22 Oct 2014 20:00:00 +0200 + <p>If you ever had to moderate a mailman list, like the ones on +alioth.debian.org, you know the web interface is fairly slow to +operate. First you visit one web page, enter the moderation password +and get a new page shown with a list of all the messages to moderate +and various options for each email address. This take a while for +every list you moderate, and you need to do it regularly to do a good +job as a list moderator. But there is a quick alternative, +<a href="http://heim.ifi.uio.no/kjetilho/hacks/#listadmin">the +listadmin program</a>. It allow you to check lists for new messages +to moderate in a fraction of a second. Here is a test run on two +lists I recently took over:</p> -<li>2013-12-21 -<a href="http://www.dagbladet.no/2013/12/21/nyheter/thomas_drake/nsa/overvakning/snowden/30925886/">- -NSA tenker som Stasi</a> - Dagbladet.no</li> - -<li>2013-12-19 <a href="http://www.dagensit.no/article2732734.ece">- -Staten har ikke rett til å vite alt om deg</a> - DN.no</li> - -<li>2013-12-21 -<a href="http://www.dagbladet.no/2013/12/21/nyheter/krig_og_konflikter/politikk/utenriks/30961126/">Nye -mål for NSAs spionasje avslørt</a> - Dagbladet.no</li> +<p><blockquote><pre> +% time listadmin xiph +fetching data for pkg-xiph-commits@lists.alioth.debian.org ... nothing in queue +fetching data for pkg-xiph-maint@lists.alioth.debian.org ... nothing in queue + +real 0m1.709s +user 0m0.232s +sys 0m0.012s +% +</pre></blockquote></p> -<li>2013-12-19 -<a href="http://www.dagbladet.no/2013/12/19/nyheter/nsa/usa/politikk/barack_obama/30918684/">«NSA -bør fjernes fra sin makt til å samle inn metadata fra amerikanske -telefonsamtaler»</a> - Dagbladet.no</li> +<p>In 1.7 seconds I had checked two mailing lists and confirmed that +there are no message in the moderation queue. Every morning I +currently moderate 68 mailman lists, and it normally take around two +minutes. When I took over the two pkg-xiph lists above a few days +ago, there were 400 emails waiting in the moderator queue. It took me +less than 15 minutes to process them all using the listadmin +program.</p> -<li>2013-12-18 -<a href="http://www.dagbladet.no/2013/12/18/kultur/meninger/hovedkronikk/debatt/snowden/30901089/">Etterretning, -overvåking, frihet og sikkerhet</a> - Dagbladet.no</li> +<p>If you install +<a href="https://tracker.debian.org/pkg/listadmin">the listadmin +package</a> from Debian and create a file <tt>~/.listadmin.ini</tt> +with content like this, the moderation task is a breeze:</p> -<li>2013-12-17 -<a href="http://www.nrk.no/verden/snowden-vil-ha-asyl-i-brasil-1.11423444">Snowden -angriper USA i åpent brev</a> - nrk.no</li> +<p><blockquote><pre> +username username@example.org +spamlevel 23 +default discard +discard_if_reason "Posting restricted to members only. Remove us from your mail list." -<li>2013-12-17 -<a href="http://www.digi.no/925820/rettslig-nederlag-for-etterretning">Rettslig -nederlag for etterretning</a> - digi.no</li> +password secret +adminurl https://{domain}/mailman/admindb/{list} +mailman-list@lists.example.com -<li>2013-12-21 -<a href="http://www.dagbladet.no/2013/12/21/kultur/meninger/hovedkommentar/kommentar/etterretning/30963284/">Truende -nedkjøling</a> - dagbladet.no</li> +password hidden +other-list@otherserver.example.org +</pre></blockquote></p> -<li>2013-12-20 -<a href="http://www.aftenposten.no/viten/Matematikk-og-forstaelse-7411849.html">Matematikk -og forståelse</a> - aftenposten.no</li> +<p>There are other options to set as well. Check the manual page to +learn the details.</p> -<li>2013-10-20 -<a href="http://www.nrk.no/viten/ny-studie_sovn-reinser-hjernen-var-1.11306106">Vi -søv for å reinse hjernen vår, ifølgje ny studie</a> - nrk.no</li> +<p>If you are forced to moderate lists on a mailman installation where +the SSL certificate is self signed or not properly signed by a +generally accepted signing authority, you can set a environment +variable when calling listadmin to disable SSL verification:</p> -<li>2013-12-11 -<a href="http://www.nrk.no/buskerud/julebaksten-i-vasken-1.11410033">Rotterace -i kloakken</a> - nrk.no</li> +<p><blockquote><pre> +PERL_LWP_SSL_VERIFY_HOSTNAME=0 listadmin +</pre></blockquote></p> -<li>2013-12-30 -<a href="http://www.aftenposten.no/viten/Apne-brev-og-frie-tanker-7413734.html">Åpne -brev og frie tanker</a> - aftenposten.no</li> +<p>If you want to moderate a subset of the lists you take care of, you +can provide an argument to the listadmin script like I do in the +initial screen dump (the xiph argument). Using an argument, only +lists matching the argument string will be processed. This make it +quick to accept messages if you notice the moderation request in your +email.</p> + +<p>Without the listadmin program, I would never be the moderator of 68 +mailing lists, as I simply do not have time to spend on that if the +process was any slower. The listadmin program have saved me hours of +time I could spend elsewhere over the years. It truly is nice free +software.</p> + +<p>As usual, if you use Bitcoin and want to show your support of my +activities, please send Bitcoin donations to my address +<b><a href="bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&label=PetterReinholdtsenBlog">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p> + +<p>Update 2014-10-27: Added missing 'username' statement in +configuration example. Also, I've been told that the +PERL_LWP_SSL_VERIFY_HOSTNAME=0 setting do not work for everyone. Not +sure why.</p> + + + + + Debian Jessie, PXE and automatic firmware installation + http://people.skolelinux.org/pere/blog/Debian_Jessie__PXE_and_automatic_firmware_installation.html + http://people.skolelinux.org/pere/blog/Debian_Jessie__PXE_and_automatic_firmware_installation.html + Fri, 17 Oct 2014 14:10:00 +0200 + <p>When PXE installing laptops with Debian, I often run into the +problem that the WiFi card require some firmware to work properly. +And it has been a pain to fix this using preseeding in Debian. +Normally something more is needed. But thanks to +<a href="https://packages.qa.debian.org/i/isenkram.html">my isenkram +package</a> and its recent tasksel extension, it has now become easy +to do this using simple preseeding.</p> + +<p>The isenkram-cli package provide tasksel tasks which will install +firmware for the hardware found in the machine (actually, requested by +the kernel modules for the hardware). (It can also install user space +programs supporting the hardware detected, but that is not the focus +of this story.)</p> + +<p>To get this working in the default installation, two preeseding +values are needed. First, the isenkram-cli package must be installed +into the target chroot (aka the hard drive) before tasksel is executed +in the pkgsel step of the debian-installer system. This is done by +preseeding the base-installer/includes debconf value to include the +isenkram-cli package. The package name is next passed to debootstrap +for installation. With the isenkram-cli package in place, tasksel +will automatically use the isenkram tasks to detect hardware specific +packages for the machine being installed and install them, because +isenkram-cli contain tasksel tasks.</p> + +<p>Second, one need to enable the non-free APT repository, because +most firmware unfortunately is non-free. This is done by preseeding +the apt-mirror-setup step. This is unfortunate, but for a lot of +hardware it is the only option in Debian.</p> + +<p>The end result is two lines needed in your preseeding file to get +firmware installed automatically by the installer:</p> -<li>2014-01-12 -<a href="http://www.aftenposten.no/viten/Stopp-kunnskapsapartheidet-7428229.html">Stopp dagens kunnskapsapartheid!</a> - aftenposten.no</li> +<p><blockquote><pre> +base-installer base-installer/includes string isenkram-cli +apt-mirror-setup apt-setup/non-free boolean true +</pre></blockquote></p> -<li>2014-01-09 -<a href="http://www.aftenposten.no/nyheter/uriks/EU-rapport-Britisk-og-amerikansk-overvaking-ser-ut-til-a-vare-ulovlig-7428933.html">EU-rapport: -Britisk og amerikansk overvåking ser ut til å være ulovlig</a> - -aftenposten.no</li> +<p>The current version of isenkram-cli in testing/jessie will install +both firmware and user space packages when using this method. It also +do not work well, so use version 0.15 or later. Installing both +firmware and user space packages might give you a bit more than you +want, so I decided to split the tasksel task in two, one for firmware +and one for user space programs. The firmware task is enabled by +default, while the one for user space programs is not. This split is +implemented in the package currently in unstable.</p> -<li>2013-10-23 Professor Jan Arild Audestad -<a href="http://www.digi.no/924008/advarer-mot-konspirasjonsteori">Advarer -mot konspirasjonsteori</a> i digi.no og sier han ikke tror NSA kan -avlytte mobiltelefoner, mens han noen måneder senere forteller:</li> +<p>If you decide to give this a go, please let me know (via email) how +this recipe work for you. :)</p> -<li>2014-01-09 -<a href="http://www.aftenposten.no/nyheter/iriks/--Vi-ble-presset-til-a-svekke-mobilsikkerheten-pa-80-tallet-7410467.html">- -Vi ble presset til å svekke mobilsikkerheten på 80-tallet</a> - -aftenposten.no</li> +<p>So, I bet you are wondering, how can this work. First and +foremost, it work because tasksel is modular, and driven by whatever +files it find in /usr/lib/tasksel/ and /usr/share/tasksel/. So the +isenkram-cli package place two files for tasksel to find. First there +is the task description file (/usr/share/tasksel/descs/isenkram.desc):</p> -<li>2014-02-12 -<a href="http://tv.nrk.no/program/koid20005814/et-moete-med-edward-snowden">Et -møte med Edward Snowden</a> - intervju sendt av nrk, tilgjengelig til -2015-01-31</li> +<p><blockquote><pre> +Task: isenkram-packages +Section: hardware +Description: Hardware specific packages (autodetected by isenkram) + Based on the detected hardware various hardware specific packages are + proposed. +Test-new-install: show show +Relevance: 8 +Packages: for-current-hardware + +Task: isenkram-firmware +Section: hardware +Description: Hardware specific firmware packages (autodetected by isenkram) + Based on the detected hardware various hardware specific firmware + packages are proposed. +Test-new-install: mark show +Relevance: 8 +Packages: for-current-hardware-firmware +</pre></blockquote></p> -<li>2014-02-17 -<a href="http://politiken.dk/debat/profiler/jessteinpedersen/ECE2210356/litteraturredaktoeren-helle-thornings-tavshed-om-snowden-er-en-skandale/">Litteraturredaktøren: -Helle Thornings tavshed om Snowden er en skandale</a> - -politiken.dk</li> +<p>The key parts are Test-new-install which indicate how the task +should be handled and the Packages line referencing to a script in +/usr/lib/tasksel/packages/. The scripts use other scripts to get a +list of packages to install. The for-current-hardware-firmware script +look like this to list relevant firmware for the machine: -<li>2014-02-21 -<a href="http://www.aftenposten.no/meninger/kronikker/Bra-a-ha-en-Storebror-7476734.html">Bra å ha en «Storebror»</a> - aftenposten.no</li> +<p><blockquote><pre> +#!/bin/sh +# +PATH=/usr/sbin:$PATH +export PATH +isenkram-autoinstall-firmware -l +</pre></blockquote></p> -<li>2014-02-28 -<a href="http://johnchristianelden.blogg.no/1393536806_narkotikasiktet_stort.html">"Narkotikasiktet -Stortingsmann" - Spillet bak kulissene</a> - John Christian Eldens -blogg</li> +<p>With those two pieces in place, the firmware is installed by +tasksel during the normal d-i run. :)</p> -<li>2014-02-28 -<a href="http://www.aftenposten.no/meninger/Heksejakt-pa-hasjbrukere-7486283.html">Heksejakt -på hasjbrukere</a> - aftenposten.no</li> +<p>If you want to test what tasksel will install when isenkram-cli is +installed, run <tt>DEBIAN_PRIORITY=critical tasksel --test +--new-install</tt> to get the list of packages that tasksel would +install.</p> -</ul> +<p><a href="https://wiki.debian.org/DebianEdu/">Debian Edu</a> will be +pilots in testing this feature, as isenkram is used there now to +install firmware, replacing the earlier scripts.</p> - New home and release 1.0 for netgroup and innetgr (aka ng-utils) - http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html - http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html - Sat, 22 Feb 2014 21:45:00 +0100 - <p>Many years ago, I wrote a GPL licensed version of the netgroup and -innetgr tools, because I needed them in -<a href="http://www.skolelinux.org/">Skolelinux</a>. I called the project -ng-utils, and it has served me well. I placed the project under the -<a href="http://www.hungry.com/">Hungry Programmer</a> umbrella, and it was maintained in our CVS -repository. But many years ago, the CVS repository was dropped (lost, -not migrated to new hardware, not sure), and the project have lacked a -proper home since then.</p> - -<p>Last summer, I had a look at the package and made a new release -fixing a irritating crash bug, but was unable to store the changes in -a proper source control system. I applied for a project on -<a href="https://alioth.debian.org/">Alioth</a>, but did not have time -to follow up on it. Until today. :)</p> - -<p>After many hours of cleaning and migration, the ng-utils project -now have a new home, and a git repository with the highlight of the -history of the project. I published all release tarballs and imported -them into the git repository. As the project is really stable and not -expected to gain new features any time soon, I decided to make a new -release and call it 1.0. Visit the new project home on -<a href="https://alioth.debian.org/projects/ng-utils/">https://alioth.debian.org/projects/ng-utils/</a> -if you want to check it out. The new version is also uploaded into -<a href="http://packages.qa.debian.org/n/ng-utils.html">Debian Unstable</a>.</p> + Ubuntu used to show the bread prizes at ICA Storo + http://people.skolelinux.org/pere/blog/Ubuntu_used_to_show_the_bread_prizes_at_ICA_Storo.html + http://people.skolelinux.org/pere/blog/Ubuntu_used_to_show_the_bread_prizes_at_ICA_Storo.html + Sat, 4 Oct 2014 15:20:00 +0200 + <p>Today I came across an unexpected Ubuntu boot screen. Above the +bread shelf on the ICA shop at Storo in Oslo, the grub menu of Ubuntu +with Linux kernel 3.2.0-23 (ie probably version 12.04 LTS) was stuck +on a screen normally showing the bread types and prizes:</p> + +<p align="center"><img width="70%" src="http://people.skolelinux.org/pere/blog/images/2014-10-04-ubuntu-ica-storo-crop.jpeg"></p> + +<p>If it had booted as it was supposed to, I would never had known +about this hidden Linux installation. It is interesting what +<a href="http://revealingerrors.com/">errors can reveal</a>.</p> - Testing sysvinit from experimental in Debian Hurd - http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html - http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html - Mon, 3 Feb 2014 13:40:00 +0100 - <p>A few days ago I decided to try to help the Hurd people to get -their changes into sysvinit, to allow them to use the normal sysvinit -boot system instead of their old one. This follow up on the -<a href="https://teythoon.cryptobitch.de//categories/gsoc.html">great -Google Summer of Code work</a> done last summer by Justus Winter to -get Debian on Hurd working more like Debian on Linux. To get started, -I downloaded a prebuilt hard disk image from -<a href="http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz">http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz</a>, -and started it using virt-manager.</p> - -<p>The first think I had to do after logging in (root without any -password) was to get the network operational. I followed -<a href="https://www.debian.org/ports/hurd/hurd-install">the -instructions on the Debian GNU/Hurd ports page</a> and ran these -commands as root to get the machine to accept a IP address from the -kvm internal DHCP server:</p> - -<p><blockquote><pre> -settrans -fgap /dev/netdde /hurd/netdde -kill $(ps -ef|awk '/[p]finet/ { print $2}') -kill $(ps -ef|awk '/[d]evnode/ { print $2}') -dhclient /dev/eth0 -</pre></blockquote></p> + New lsdvd release version 0.17 is ready + http://people.skolelinux.org/pere/blog/New_lsdvd_release_version_0_17_is_ready.html + http://people.skolelinux.org/pere/blog/New_lsdvd_release_version_0_17_is_ready.html + Sat, 4 Oct 2014 08:40:00 +0200 + <p>The <a href="https://sourceforge.net/p/lsdvd/">lsdvd project</a> +got a new set of developers a few weeks ago, after the original +developer decided to step down and pass the project to fresh blood. +This project is now maintained by Petter Reinholdtsen and Steve +Dibb.</p> + +<p>I just wrapped up +<a href="https://sourceforge.net/p/lsdvd/mailman/message/32896061/">a +new lsdvd release</a>, available in git or from +<a href="https://sourceforge.net/projects/lsdvd/files/lsdvd/">the +download page</a>. This is the changelog dated 2014-10-03 for version +0.17.</p> -<p>After this, the machine had internet connectivity, and I could -upgrade it and install the sysvinit packages from experimental and -enable it as the default boot system in Hurd.</p> - -<p>But before I did that, I set a password on the root user, as ssh is -running on the machine it for ssh login to work a password need to be -set. Also, note that a bug somewhere in openssh on Hurd block -compression from working. Remember to turn that off on the client -side.</p> - -<p>Run these commands as root to upgrade and test the new sysvinit -stuff:</p> - -<p><blockquote><pre> -cat > /etc/apt/sources.list.d/experimental.list &lt;&lt;EOF -deb http://http.debian.net/debian/ experimental main -EOF -apt-get update -apt-get dist-upgrade -apt-get install -t experimental initscripts sysv-rc sysvinit \ - sysvinit-core sysvinit-utils -update-alternatives --config runsystem -</pre></blockquote></p> +<ul> -<p>To reboot after switching boot system, you have to use -<tt>reboot-hurd</tt> instead of just <tt>reboot</tt>, as there is not -yet a sysvinit process able to receive the signals from the normal -'reboot' command. After switching to sysvinit as the boot system, -upgrading every package and rebooting, the network come up with DHCP -after boot as it should, and the settrans/pkill hack mentioned at the -start is no longer needed. But for some strange reason, there are no -longer any login prompt in the virtual console, so I logged in using -ssh instead. - -<p>Note that there are some race conditions in Hurd making the boot -fail some times. No idea what the cause is, but hope the Hurd porters -figure it out. At least Justus said on IRC (#debian-hurd on -irc.debian.org) that they are aware of the problem. A way to reduce -the impact is to upgrade to the Hurd packages built by Justus by -adding this repository to the machine:</p> + <li>Ignore 'phantom' audio, subtitle tracks</li> + <li>Check for garbage in the program chains, which indicate that a track is + non-existant, to work around additional copy protection</li> + <li>Fix displaying content type for audio tracks, subtitles</li> + <li>Fix pallete display of first entry</li> + <li>Fix include orders</li> + <li>Ignore read errors in titles that would not be displayed anyway</li> + <li>Fix the chapter count</li> + <li>Make sure the array size and the array limit used when initialising + the palette size is the same.</li> + <li>Fix array printing.</li> + <li>Correct subsecond calculations.</li> + <li>Add sector information to the output format.</li> + <li>Clean up code to be closer to ANSI C and compile without warnings + with more GCC compiler warnings.</li> -<p><blockquote><pre> -cat > /etc/apt/sources.list.d/hurd-ci.list &lt;&lt;EOF -deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main -EOF -</pre></blockquote></p> +</ul> -<p>At the moment the prebuilt virtual machine get some packages from -http://ftp.debian-ports.org/debian, because some of the packages in -unstable do not yet include the required patches that are lingering in -BTS. This is the completely list of "unofficial" packages installed:</p> +<p>This change bring together patches for lsdvd in use in various +Linux and Unix distributions, as well as patches submitted to the +project the last nine years. Please check it out. :)</p> + + + + + How to test Debian Edu Jessie despite some fatal problems with the installer + http://people.skolelinux.org/pere/blog/How_to_test_Debian_Edu_Jessie_despite_some_fatal_problems_with_the_installer.html + http://people.skolelinux.org/pere/blog/How_to_test_Debian_Edu_Jessie_despite_some_fatal_problems_with_the_installer.html + Fri, 26 Sep 2014 12:20:00 +0200 + <p>The <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux +project</a> provide a Linux solution for schools, including a +powerful desktop with education software, a central server providing +web pages, user database, user home directories, central login and PXE +boot of both clients without disk and the installation to install Debian +Edu on machines with disk (and a few other services perhaps to small +to mention here). We in the Debian Edu team are currently working on +the Jessie based version, trying to get everything in shape before the +freeze, to avoid having to maintain our own package repository in the +future. The +<a href="https://wiki.debian.org/DebianEdu/Status/Jessie">current +status</a> can be seen on the Debian wiki, and there is still heaps of +work left. Some fatal problems block testing, breaking the installer, +but it is possible to work around these to get anyway. Here is a +recipe on how to get the installation limping along.</p> + +<p>First, download the test ISO via +<a href="ftp://ftp.skolelinux.no/cd-edu-testing-nolocal-netinst/debian-edu-amd64-i386-NETINST-1.iso">ftp</a>, +<a href="http://ftp.skolelinux.no/cd-edu-testing-nolocal-netinst/debian-edu-amd64-i386-NETINST-1.iso">http</a> +or rsync (use +ftp.skolelinux.org::cd-edu-testing-nolocal-netinst/debian-edu-amd64-i386-NETINST-1.iso). +The ISO build was broken on Tuesday, so we do not get a new ISO every +12 hours or so, but thankfully the ISO we already got we are able to +install with some tweaking.</p> + +<p>When you get to the Debian Edu profile question, go to tty2 +(use Alt-Ctrl-F2), run</p> <p><blockquote><pre> -# aptitude search '?narrow(?version(CURRENT),?origin(Debian Ports))' -i emacs - GNU Emacs editor (metapackage) -i gdb - GNU Debugger -i hurd-recommended - Miscellaneous translators -i isc-dhcp-client - ISC DHCP client -i isc-dhcp-common - common files used by all the isc-dhcp* packages -i libc-bin - Embedded GNU C Library: Binaries -i libc-dev-bin - Embedded GNU C Library: Development binaries -i libc0.3 - Embedded GNU C Library: Shared libraries -i A libc0.3-dbg - Embedded GNU C Library: detached debugging symbols -i libc0.3-dev - Embedded GNU C Library: Development Libraries and Hea -i multiarch-support - Transitional package to ensure multiarch compatibilit -i A x11-common - X Window System (X.Org) infrastructure -i xorg - X.Org X Window System -i A xserver-xorg - X.Org X server -i A xserver-xorg-input-all - X.Org X server -- input driver metapackage -# +nano /usr/bin/edu-eatmydata-install </pre></blockquote></p> -<p>All in all, testing hurd has been an interesting experience. :) -X.org did not work out of the box and I never took the time to follow -the porters instructions to fix it. This time I was interested in the -command line stuff.<p> +<p>and add 'exit 0' as the second line, disabling the eatmydata +optimization. Return to the installation, select the profile you want +and continue. Without this change, exim4-config will fail to install +due to a known bug in eatmydata.</p> + +<p>When you get the grub question at the end, answer /dev/sda (or if +this do not work, figure out what your correct value would be. All my +test machines need /dev/sda, so I have no advice if it do not fit +your need.</p> + +<p>If you installed a profile including a graphical desktop, log in as +root after the initial boot from hard drive, and install the +education-desktop-XXX metapackage. XXX can be kde, gnome, lxde, xfce +or mate. If you want several desktop options, install more than one +metapackage. Once this is done, reboot and you should have a working +graphical login screen. This workaround should no longer be needed +once the education-tasks package version 1.801 enter testing in two +days.</p> + +<p>I believe the ISO build will start working on two days when the new +tasksel package enter testing and Steve McIntyre get a chance to +update the debian-cd git repository. The eatmydata, grub and desktop +issues are already fixed in unstable and testing, and should show up +on the ISO as soon as the ISO build start working again. Well the +eatmydata optimization is really just disabled. The proper fix +require an upload by the eatmydata maintainer applying the patch +provided in bug <a href="https://bugs.debian.org/702711">#702711</a>. +The rest have proper fixes in unstable.</p> + +<p>I hope this get you going with the installation testing, as we are +quickly running out of time trying to get our Jessie based +installation ready before the distribution freeze in a month.</p> + + + + + Suddenly I am the new upstream of the lsdvd command line tool + http://people.skolelinux.org/pere/blog/Suddenly_I_am_the_new_upstream_of_the_lsdvd_command_line_tool.html + http://people.skolelinux.org/pere/blog/Suddenly_I_am_the_new_upstream_of_the_lsdvd_command_line_tool.html + Thu, 25 Sep 2014 11:20:00 +0200 + <p>I use the <a href="https://sourceforge.net/p/lsdvd/">lsdvd tool</a> +to handle my fairly large DVD collection. It is a nice command line +tool to get details about a DVD, like title, tracks, track length, +etc, in XML, Perl or human readable format. But lsdvd have not seen +any new development since 2006 and had a few irritating bugs affecting +its use with some DVDs. Upstream seemed to be dead, and in January I +sent a small probe asking for a version control repository for the +project, without any reply. But I use it regularly and would like to +get <a href="https://packages.qa.debian.org/lsdvd">an updated version +into Debian</a>. So two weeks ago I tried harder to get in touch with +the project admin, and after getting a reply from him explaining that +he was no longer interested in the project, I asked if I could take +over. And yesterday, I became project admin.</p> + +<p>I've been in touch with a Gentoo developer and the Debian +maintainer interested in joining forces to maintain the upstream +project, and I hope we can get a new release out fairly quickly, +collecting the patches spread around on the internet into on place. +I've added the relevant Debian patches to the freshly created git +repository, and expect the Gentoo patches to make it too. If you got +a DVD collection and care about command line tools, check out +<a href="https://sourceforge.net/p/lsdvd/git/ci/master/tree/">the git source</a> and join +<a href="https://sourceforge.net/p/lsdvd/mailman/">the project mailing +list</a>. :)</p>