X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/e0bf21fad87dba50f6e954a5313a3028f79752d4..370ca01630bcc562f24d76ef1cdf4b95d77f9804:/blog/index.html diff --git a/blog/index.html b/blog/index.html index 31a6b6e3b6..3e773a0c13 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,26 +20,37 @@
-
Lets make a wireless community network in Oslo!
-
13th November 2013
-

Today NUUG and Hackeriet announced -our -plans to join forces and create a wireless community network in -Oslo. The workshop to help people get started will take place -Thursday 2013-11-28, but we already are collecting the geolocation of -people joining forces to make this happen. We have -9 -locations plotted on the map, but we will need more before we have -a connected mesh spread across Oslo. If this sound interesting to -you, please join us at the workshop. If you are too impatient to wait -15 days, please join us on the IRC channel -#nuug on irc.freenode.net -right away. :)

+
Suddenly I am the new upstream of the lsdvd command line tool
+
25th September 2014
+

I use the lsdvd tool +to handle my fairly large DVD collection. It is a nice command line +tool to get details about a DVD, like title, tracks, track length, +etc, in XML, Perl or human readable format. But lsdvd have not seen +any new development since 2006 and had a few irritating bugs affecting +its use with some DVDs. Upstream seemed to be dead, and in January I +sent a small probe asking for a version control repository for the +project, without any reply. But I use it regularly and would like to +get an updated version +into Debian. So two weeks ago I tried harder to get in touch with +the project admin, and after getting a reply from him explaining that +he was no longer interested in the project, I asked if I could take +over. And yesterday, I became project admin.

+ +

I've been in touch with a Gentoo developer and the Debian +maintainer interested in joining forces to maintain the upstream +project, and I hope we can get a new release out fairly quickly, +collecting the patches spread around on the internet into on place. +I've added the relevant Debian patches to the freshly created git +repository, and expect the Gentoo patches to make it too. If you got +a DVD collection and care about command line tools, check out +the git source and join +the project mailing +list. :)

- Tags: english, mesh network, nuug. + Tags: debian, english, multimedia.
@@ -47,131 +58,263 @@ right away. :)

-
Running TP-Link MR3040 as a batman-adv mesh node using openwrt
-
10th November 2013
-

Continuing my research into mesh networking, I was recommended to -use TP-Link 3040 and 3600 access points as mesh nodes, and the pair I -bought arrived on Friday. Here are my notes on how to set up the -MR3040 as a mesh node using -OpenWrt.

- -

I started by following the instructions on the OpenWRT wiki for -TL-MR3040, -and downloaded -the -recommended firmware image -(openwrt-ar71xx-generic-tl-mr3040-v2-squashfs-factory.bin) and -uploaded it into the original web interface. The flashing went fine, -and the machine was available via telnet on the ethernet port. After -logging in and setting the root password, ssh was available and I -could start to set it up as a batman-adv mesh node.

- -

I started off by reading the instructions from -Wireless -Africa, which had quite a lot of useful information, but -eventually I followed the recipe from the Open Mesh wiki for -using -batman-adv on OpenWrt. A small snag was the fact that the -opkg install kmod-batman-adv command did not work as it -should. The batman-adv kernel module would fail to load because its -dependency crc16 was not already loaded. I -reported the bug to -the openwrt project and hope it will be fixed soon. But the problem -only seem to affect initial testing of batman-adv, as configuration -seem to work when booting from scratch.

- -

The setup is done using files in /etc/config/. I did not bridge -the Ethernet and mesh interfaces this time, to be able to hook up the -box on my local network and log into it for configuration updates. -The following files were changed and look like this after modifying -them:

- -

/etc/config/network

- -
-
-config interface 'loopback'
-        option ifname 'lo'
-        option proto 'static'
-        option ipaddr '127.0.0.1'
-        option netmask '255.0.0.0'
-
-config globals 'globals'
-        option ula_prefix 'fdbf:4c12:3fed::/48'
-
-config interface 'lan'
-        option ifname 'eth0'
-        option type 'bridge'
-        option proto 'dhcp'
-        option ipaddr '192.168.1.1'
-        option netmask '255.255.255.0'
-        option hostname 'tl-mr3040'
-        option ip6assign '60'
-
-config interface 'mesh'
-        option ifname 'adhoc0'
-        option mtu '1528'
-        option proto 'batadv'
-        option mesh 'bat0'
-
- -

/etc/config/wireless

-
-
-config wifi-device 'radio0'
-        option type 'mac80211'
-        option channel '11'
-        option hwmode '11ng'
-        option path 'platform/ar933x_wmac'
-        option htmode 'HT20'
-        list ht_capab 'SHORT-GI-20'
-        list ht_capab 'SHORT-GI-40'
-        list ht_capab 'RX-STBC1'
-        list ht_capab 'DSSS_CCK-40'
-        option disabled '0'
-
-config wifi-iface 'wmesh'
-        option device 'radio0'
-        option ifname 'adhoc0'
-        option network 'mesh'
-        option encryption 'none'
-        option mode 'adhoc'
-        option bssid '02:BA:00:00:00:01'
-        option ssid 'meshfx@hackeriet'
-
-

/etc/config/batman-adv

-
-
-config 'mesh' 'bat0'
-        option interfaces 'adhoc0'
-        option 'aggregated_ogms'
-        option 'ap_isolation'
-        option 'bonding'
-        option 'fragmentation'
-        option 'gw_bandwidth'
-        option 'gw_mode'
-        option 'gw_sel_class'
-        option 'log_level'
-        option 'orig_interval'
-        option 'vis_mode'
-        option 'bridge_loop_avoidance'
-        option 'distributed_arp_table'
-        option 'network_coding'
-        option 'hop_penalty'
-
-# yet another batX instance
-# config 'mesh' 'bat5'
-#       option 'interfaces' 'second_mesh'
-
- -

The mesh node is now operational. I have yet to test its range, -but I hope it is good. I have not yet tested the TP-Link 3600 box -still wrapped up in plastic.

+
Hva henger under skibrua over E16 på Sollihøgda?
+
21st September 2014
+

Rundt omkring i Oslo og Østlandsområdet henger det bokser over +veiene som jeg har lurt på hva gjør. De har ut fra plassering og +vinkling sett ut som bokser som sniffer ut et eller annet fra +forbipasserende trafikk, men det har vært uklart for meg hva det er de +leser av. Her om dagen tok jeg bilde av en slik boks som henger under +ei +skibru på Sollihøgda:

+ +

+ +

Boksen er tydelig merket «Kapsch >>>», logoen til +det sveitsiske selskapet Kapsch som +blant annet lager sensorsystemer for veitrafikk. Men de lager mye +forskjellig, og jeg kjente ikke igjen boksen på utseendet etter en +kjapp titt på produktlista til selskapet.

+ +

I og med at boksen henger over veien E16, en riksvei vedlikeholdt +av Statens Vegvesen, så antok jeg at det burde være mulig å bruke +REST-API-et som gir tilgang til vegvesenets database over veier, +skilter og annet veirelatert til å finne ut hva i alle dager dette +kunne være. De har både +en +datakatalog og +et +søk, der en kan søke etter ulike typer oppføringer innen for et +gitt geografisk område. Jeg laget et enkelt shell-script for å hente +ut antall av en gitt type innenfor området skibrua dekker, og listet +opp navnet på typene som ble funnet. Orket ikke slå opp hvordan +URL-koding av aktuelle strenger kunne gjøres mer generisk, og brukte +en stygg sed-linje i stedet.

+ +
+#!/bin/sh
+urlmap() {
+    sed \
+    -e 's/  / /g'   -e 's/{/%7B/g'  \
+    -e 's/}/%7D/g'  -e 's/\[/%5B/g' \
+    -e 's/\]/%5D/g' -e 's/ /%20/g'  \
+    -e 's/,/%2C/g'  -e 's/\"/%22/g' \
+    -e 's/:/%3A/g'
+}
+
+lookup() {
+    url="$1"
+    curl -s -H 'Accept: application/vnd.vegvesen.nvdb-v1+xml' \
+       "https://www.vegvesen.no/nvdb/api$url" | xmllint --format -
+}
+
+for id in $(seq 1 874) ; do
+    search="{
+  lokasjon: {
+    bbox: \"10.34425,59.96386,10.34458,59.96409\",
+    srid: \"WGS84\"
+  },
+   objektTyper: [{
+     id: $id, antall: 10
+   }]
+}"
+
+    query=/sok?kriterie=$(echo $search | urlmap)
+    if lookup "$query" |
+    grep -q '<totaltAntallReturnert>0<'
+    then
+    :
+    else
+    echo $id
+    lookup "/datakatalog/objekttyper/$id" |grep '^  <navn>'
+    fi
+done
+
+exit 0
+
+ +Aktuelt ID-område 1-874 var riktig i datakatalogen da jeg laget +scriptet. Det vil endre seg over tid. Skriptet listet så opp +aktuelle typer i og rundt skibrua: + +
+5
+  <navn>Rekkverk</navn>
+14
+  <navn>Rekkverksende</navn>
+47
+  <navn>Trafikklomme</navn>
+49
+  <navn>Trafikkøy</navn>
+60
+  <navn>Bru</navn>
+79
+  <navn>Stikkrenne/Kulvert</navn>
+80
+  <navn>Grøft, åpen</navn>
+86
+  <navn>Belysningsstrekning</navn>
+95
+  <navn>Skiltpunkt</navn>
+96
+  <navn>Skiltplate</navn>
+98
+  <navn>Referansestolpe</navn>
+99
+  <navn>Vegoppmerking, langsgående</navn>
+105
+  <navn>Fartsgrense</navn>
+106
+  <navn>Vinterdriftsstrategi</navn>
+172
+  <navn>Trafikkdeler</navn>
+241
+  <navn>Vegdekke</navn>
+293
+  <navn>Breddemåling</navn>
+301
+  <navn>Kantklippareal</navn>
+318
+  <navn>Snø-/isrydding</navn>
+445
+  <navn>Skred</navn>
+446
+  <navn>Dokumentasjon</navn>
+452
+  <navn>Undergang</navn>
+528
+  <navn>Tverrprofil</navn>
+532
+  <navn>Vegreferanse</navn>
+534
+  <navn>Region</navn>
+535
+  <navn>Fylke</navn>
+536
+  <navn>Kommune</navn>
+538
+  <navn>Gate</navn>
+539
+  <navn>Transportlenke</navn>
+540
+  <navn>Trafikkmengde</navn>
+570
+  <navn>Trafikkulykke</navn>
+571
+  <navn>Ulykkesinvolvert enhet</navn>
+572
+  <navn>Ulykkesinvolvert person</navn>
+579
+  <navn>Politidistrikt</navn>
+583
+  <navn>Vegbredde</navn>
+591
+  <navn>Høydebegrensning</navn>
+592
+  <navn>Nedbøyningsmåling</navn>
+597
+  <navn>Støy-luft, Strekningsdata</navn>
+601
+  <navn>Oppgravingsdata</navn>
+602
+  <navn>Oppgravingslag</navn>
+603
+  <navn>PMS-parsell</navn>
+604
+  <navn>Vegnormalstrekning</navn>
+605
+  <navn>Værrelatert strekning</navn>
+616
+  <navn>Feltstrekning</navn>
+617
+  <navn>Adressepunkt</navn>
+626
+  <navn>Friksjonsmåleserie</navn>
+629
+  <navn>Vegdekke, flatelapping</navn>
+639
+  <navn>Kurvatur, horisontalelement</navn>
+640
+  <navn>Kurvatur, vertikalelement</navn>
+642
+  <navn>Kurvatur, vertikalpunkt</navn>
+643
+  <navn>Statistikk, trafikkmengde</navn>
+647
+  <navn>Statistikk, vegbredde</navn>
+774
+  <navn>Nedbøyningsmåleserie</navn>
+775
+  <navn>ATK, influensstrekning</navn>
+794
+  <navn>Systemobjekt</navn>
+810
+  <navn>Vinterdriftsklasse</navn>
+821
+  <navn>Funksjonell vegklasse</navn>
+825
+  <navn>Kurvatur, stigning</navn>
+838
+  <navn>Vegbredde, beregnet</navn>
+862
+  <navn>Reisetidsregistreringspunkt</navn>
+871
+  <navn>Bruksklasse</navn>
+
+ +

Av disse ser ID 775 og 862 mest relevant ut. ID 775 antar jeg +refererer til fotoboksen som står like ved brua, mens +«Reisetidsregistreringspunkt» kanskje kan være boksen som henger der. +Hvordan finner jeg så ut hva dette kan være for noe. En titt på +datakatalogsiden +for ID 862/Reisetidsregistreringspunkt viser at det er finnes 53 +slike målere i Norge, og hvor de er plassert, men gir ellers få +detaljer. Det er plassert 40 på østlandet og 13 i Trondheimsregionen. +Men siden nevner «AutoPASS», og hvis en slår opp oppføringen på +Sollihøgda nevner den «Ciber AS» som ID for eksternt system. (Kan det +være snakk om +Ciber +Norge AS, et selskap eid av Ciber Europe Bv?) Et nettsøk på + «Ciber AS autopass» fører meg til en artikkel fra NRK Trøndelag i + 2013 med tittel +«Sjekk +dette hvis du vil unngå kø». Artikkelen henviser til vegvesenets +nettside +reisetider.no +som har en +kartside +for Østlandet som viser at det måles mellom Sandvika og Sollihøgda. +Det kan dermed se ut til at jeg har funnet ut hva boksene gjør.

+ +

Hvis det stemmer, så er dette bokser som leser av AutoPASS-ID-en +til alle passerende biler med AutoPASS-brikke, og dermed gjør det mulig +for de som kontrollerer boksene å holde rede på hvor en gitt bil er +når den passerte et slikt målepunkt. NRK-artikkelen forteller at +denne informasjonen i dag kun brukes til å koble to +AutoPASS-brikkepasseringer passeringer sammen for å beregne +reisetiden, og at bruken er godkjent av Datatilsynet. Det er desverre +ikke mulig for en sjåfør som passerer under en slik boks å kontrollere +at AutoPASS-ID-en kun brukes til dette i dag og i fremtiden.

+ +

I tillegg til denne type AutoPASS-sniffere vet jeg at det også +finnes mange automatiske stasjoner som tar betalt pr. passering (aka +bomstasjoner), og der lagres informasjon om tid, sted og bilnummer i +10 år. Finnes det andre slike sniffere plassert ut på veiene?

+ +

Personlig har jeg valgt å ikke bruke AutoPASS-brikke, for å gjøre +det vanskeligere og mer kostbart for de som vil invadere privatsfæren +og holde rede på hvor bilen min beveger seg til enhver tid. Jeg håper +flere vil gjøre det samme, selv om det gir litt høyere private +utgifter (dyrere bompassering). Vern om privatsfæren koster i disse +dager.

+ +

Takk til Jan Kristian Jensen i Statens Vegvesen for tips om +dokumentasjon på vegvesenets REST-API.

- Tags: english, mesh network, nuug. + Tags: kart, norsk, personvern, rfid, surveillance.
@@ -179,204 +322,215 @@ still wrapped up in plastic.

-
Debian init.d boot script example for rsyslog
-
2nd November 2013
-

If one of the points of switching to a new init system in Debian is -to get rid of huge -init.d scripts, I doubt we need to switch away from sysvinit and -init.d scripts at all. Here is an example init.d script, ie a rewrite -of /etc/init.d/rsyslog:

- -

-#!/lib/init/init-d-script
-### BEGIN INIT INFO
-# Provides:          rsyslog
-# Required-Start:    $remote_fs $time
-# Required-Stop:     umountnfs $time
-# X-Stop-After:      sendsigs
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: enhanced syslogd
-# Description:       Rsyslog is an enhanced multi-threaded syslogd.
-#                    It is quite compatible to stock sysklogd and can be 
-#                    used as a drop-in replacement.
-### END INIT INFO
-DESC="enhanced syslogd"
-DAEMON=/usr/sbin/rsyslogd
-

- -

Pretty minimalistic to me... For the record, the original sysv-rc -script was 137 lines, and the above is just 15 lines, most of it meta -info/comments.

- -

How to do this, you ask? Well, one create a new script -/lib/init/init-d-script looking something like this: - -

-#!/bin/sh
+      
Speeding up the Debian installer using eatmydata and dpkg-divert

+      
16th September 2014

+      
The Debian installer could be
+a lot quicker.  When we install more than 2000 packages in
+Skolelinux / Debian Edu using
+tasksel in the installer, unpacking the binary packages take forever.
+A part of the slow I/O issue was discussed in
+bug #613428 about too
+much file system sync-ing done by dpkg, which is the package
+responsible for unpacking the binary packages.  Other parts (like code
+executed by postinst scripts) might also sync to disk during
+installation.  All this sync-ing to disk do not really make sense to
+me.  If the machine crash half-way through, I start over, I do not try
+to salvage the half installed system.  So the failure sync-ing is
+supposed to protect against, hardware or system crash, is not really
+relevant while the installer is running.

+
+
A few days ago, I thought of a way to get rid of all the file
+system sync()-ing in a fairly non-intrusive way, without the need to
+change the code in several packages.  The idea is not new, but I have
+not heard anyone propose the approach using dpkg-divert before.  It
+depend on the small and clever package
+eatmydata, which
+uses LD_PRELOAD to replace the system functions for syncing data to
+disk with functions doing nothing, thus allowing programs to live
+dangerous while speeding up disk I/O significantly.  Instead of
+modifying the implementation of dpkg, apt and tasksel (which are the
+packages responsible for selecting, fetching and installing packages),
+it occurred to me that we could just divert the programs away, replace
+them with a simple shell wrapper calling
+"eatmydata $program $@", to get the same effect.
+Two days ago I decided to test the idea, and wrapped up a simple
+implementation for the Debian Edu udeb.

+
+
The effect was stunning.  In my first test it reduced the running
+time of the pkgsel step (installing tasks) from 64 to less than 44
+minutes (20 minutes shaved off the installation) on an old Dell
+Latitude D505 machine.  I am not quite sure what the optimised time
+would have been, as I messed up the testing a bit, causing the debconf
+priority to get low enough for two questions to pop up during
+installation.  As soon as I saw the questions I moved the installation
+along, but do not know how long the question were holding up the
+installation.  I did some more measurements using Debian Edu Jessie,
+and got these results.  The time measured is the time stamp in
+/var/log/syslog between the "pkgsel: starting tasksel" and the
+"pkgsel: finishing up" lines, if you want to do the same measurement
+yourself.  In Debian Edu, the tasksel dialog do not show up, and the
+timing thus do not depend on how quickly the user handle the tasksel
+dialog.

 
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
-# and status_of_proc is working.
-. /lib/lsb/init-functions
-
-#
-# Function that starts the daemon/service
-
-#
-do_start()
-{
-	# Return
-	#   0 if daemon has been started
-	#   1 if daemon was already running
-	#   2 if daemon could not be started
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
-		|| return 1
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
-		$DAEMON_ARGS \
-		|| return 2
-	# Add code here, if necessary, that waits for the process to be ready
-	# to handle requests from services started subsequently which depend
-	# on this one.  As a last resort, sleep for some time.
-}
+

+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Machine/setupOriginal taskselOptimised taskselReduction
Latitude D505 Main+LTSP LXDE64 min (07:46-08:50)<44 min (11:27-12:11)>20 min 18%
Latitude D505 Roaming LXDE57 min (08:48-09:45)34 min (07:43-08:17)23 min 40%
Latitude D505 Minimal22 min (10:37-10:59)11 min (11:16-11:27)11 min 50%
Thinkpad X200 Minimal6 min (08:19-08:25)4 min (08:04-08:08)2 min 33%
Thinkpad X200 Roaming KDE19 min (09:21-09:40)15 min (10:25-10:40)4 min 21%

 
-#
-# Function that stops the daemon/service
-#
-do_stop()
-{
-	# Return
-	#   0 if daemon has been stopped
-	#   1 if daemon was already stopped
-	#   2 if daemon could not be stopped
-	#   other if a failure occurred
-	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
-	RETVAL="$?"
-	[ "$RETVAL" = 2 ] && return 2
-	# Wait for children to finish too if this is a daemon that forks
-	# and if the daemon is only ever run from this initscript.
-	# If the above conditions are not satisfied then add some other code
-	# that waits for the process to drop all resources that could be
-	# needed by services started subsequently.  A last resort is to
-	# sleep for some time.
-	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
-	[ "$?" = 2 ] && return 2
-	# Many daemons don't delete their pidfiles when they exit.
-	rm -f $PIDFILE
-	return "$RETVAL"
+
The test is done using a netinst ISO on a USB stick, so some of the
+time is spent downloading packages.  The connection to the Internet
+was 100Mbit/s during testing, so downloading should not be a
+significant factor in the measurement.  Download typically took a few
+seconds to a few minutes, depending on the amount of packages being
+installed.

+
+
The speedup is implemented by using two hooks in
+Debian
+Installer, the pre-pkgsel.d hook to set up the diverts, and the
+finish-install.d hook to remove the divert at the end of the
+installation.  I picked the pre-pkgsel.d hook instead of the
+post-base-installer.d hook because I test using an ISO without the
+eatmydata package included, and the post-base-installer.d hook in
+Debian Edu can only operate on packages included in the ISO.  The
+negative effect of this is that I am unable to activate this
+optimization for the kernel installation step in d-i.  If the code is
+moved to the post-base-installer.d hook, the speedup would be larger
+for the entire installation.

+
+
I've implemented this in the
+debian-edu-install
+git repository, and plan to provide the optimization as part of the
+Debian Edu installation.  If you want to test this yourself, you can
+create two files in the installer (or in an udeb).  One shell script
+need do go into /usr/lib/pre-pkgsel.d/, with content like this:

+
+
+#!/bin/sh
+set -e
+. /usr/share/debconf/confmodule
+info() {
+    logger -t my-pkgsel "info: $*"
+}
+error() {
+    logger -t my-pkgsel "error: $*"
 }
+override_install() {
+    apt-install eatmydata || true
+    if [ -x /target/usr/bin/eatmydata ] ; then
+        for bin in dpkg apt-get aptitude tasksel ; do
+            file=/usr/bin/$bin
+            # Test that the file exist and have not been diverted already.
+            if [ -f /target$file ] ; then
+                info "diverting $file using eatmydata"
+                printf "#!/bin/sh\neatmydata $bin.distrib \"\$@\"\n" \
+                    > /target$file.edu
+                chmod 755 /target$file.edu
+                in-target dpkg-divert --package debian-edu-config \
+                    --rename --quiet --add $file
+                ln -sf ./$bin.edu /target$file
+            else
+                error "unable to divert $file, as it is missing."
+            fi
+        done
+    else
+        error "unable to find /usr/bin/eatmydata after installing the eatmydata pacage"
+    fi
+}
+
+override_install
+

+
+
To clean up, another shell script should go into
+/usr/lib/finish-install.d/ with code like this:
 
-#
-# Function that sends a SIGHUP to the daemon/service
-#
-do_reload() {
-	#
-	# If the daemon can reload its configuration without
-	# restarting (for example, when it is sent a SIGHUP),
-	# then implement that here.
-	#
-	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
-	return 0
+
+#! /bin/sh -e
+. /usr/share/debconf/confmodule
+error() {
+    logger -t my-finish-install "error: $@"
+}
+remove_install_override() {
+    for bin in dpkg apt-get aptitude tasksel ; do
+        file=/usr/bin/$bin
+        if [ -x /target$file.edu ] ; then
+            rm /target$file
+            in-target dpkg-divert --package debian-edu-config \
+                --rename --quiet --remove $file
+            rm /target$file.edu
+        else
+            error "Missing divert for $file."
+        fi
+    done
+    sync # Flush file buffers before continuing
 }
 
-SCRIPTNAME=$1
-scriptbasename="$(basename $1)"
-echo "SN: $scriptbasename"
-if [ "$scriptbasename" != "init-d-library" ] ; then
-    script="$1"
-    shift
-    . $script
-else
-    exit 0
-fi
-
-NAME=$(basename $DAEMON)
-PIDFILE=/var/run/$NAME.pid
-
-# Exit if the package is not installed
-#[ -x "$DAEMON" ] || exit 0
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-case "$1" in
-  start)
-	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
-	do_start
-	case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-	;;
-  stop)
-	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
-	do_stop
-	case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-	;;
-  status)
-	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
-	;;
-  #reload|force-reload)
-	#
-	# If do_reload() is not implemented then leave this commented out
-	# and leave 'force-reload' as an alias for 'restart'.
-	#
-	#log_daemon_msg "Reloading $DESC" "$NAME"
-	#do_reload
-	#log_end_msg $?
-	#;;
-  restart|force-reload)
-	#
-	# If the "reload" option is implemented then remove the
-	# 'force-reload' alias
-	#
-	log_daemon_msg "Restarting $DESC" "$NAME"
-	do_stop
-	case "$?" in
-	  0|1)
-		do_start
-		case "$?" in
-			0) log_end_msg 0 ;;
-			1) log_end_msg 1 ;; # Old process is still running
-			*) log_end_msg 1 ;; # Failed to start
-		esac
-		;;
-	  *)
-		# Failed to stop
-		log_end_msg 1
-		;;
-	esac
-	;;
-  *)
-	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
-	exit 3
-	;;
-esac
-
-:
-

-
-
It is based on /etc/init.d/skeleton, and could be improved quite a
-lot.  I did not really polish the approach, so it might not always
-work out of the box, but you get the idea.  I did not try very hard to
-optimize it nor make it more robust either.

-
-
A better argument for switching init system in Debian than reducing
-the size of init scripts (which is a good thing to do anyway), is to
-get boot system that is able to handle the kernel events sensibly and
-robustly, and do not depend on the boot to run sequentially.  The boot
-and the kernel have not behaved sequentially in years.

+remove_install_override
+

+ +

In Debian Edu, I placed both code fragments in a separate script +edu-eatmydata-install and call it from the pre-pkgsel.d and +finish-install.d scripts.

+ +

By now you might ask if this change should get into the normal +Debian installer too? I suspect it should, but am not sure the +current debian-installer coordinators find it useful enough. It also +depend on the side effects of the change. I'm not aware of any, but I +guess we will see if the change is safe after some more testing. +Perhaps there is some package in Debian depending on sync() and +fsync() having effect? Perhaps it should go into its own udeb, to +allow those of us wanting to enable it to do so without affecting +everyone.

+ +

Update 2014-09-24: Since a few days ago, enabling this optimization +will break installation of all programs using gnutls because of +bug #702711. An updated +eatmydata package in Debian will solve it.

- Tags: bootsystem, debian, english. + Tags: debian, debian edu, english.
@@ -384,28 +538,62 @@ and the kernel have not behaved sequentially in years.

-
Browser plugin for SPICE (spice-xpi) uploaded to Debian
-
1st November 2013
-

The SPICE protocol for -remote display access is the preferred solution with oVirt and RedHat -Enterprise Virtualization, and I was sad to discover the other day -that the browser plugin needed to use these systems seamlessly was -missing in Debian. The request -for a package was from 2012-04-10 with no progress since -2013-04-01, so I decided to wrap up a package based on the great work -from Cajus Pollmeier and put it in a collab-maint maintained git -repository to get a package I could use. I would very much like -others to help me maintain the package (or just take over, I do not -mind), but as no-one had volunteered so far, I just uploaded it to -NEW. I hope it will be available in Debian in a few days.

- -

The source is now available from -http://anonscm.debian.org/gitweb/?p=collab-maint/spice-xpi.git;a=summary.

+
Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net
+
10th September 2014
+

Yesterday, I had the pleasure of attending a talk with the +Norwegian Unix User Group about +the +OpenPGP keyserver pool sks-keyservers.net, and was very happy to +learn that there is a large set of publicly available key servers to +use when looking for peoples public key. So far I have used +subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former +were misbehaving, but those days are ended. The servers I have used +up until yesterday have been slow and some times unavailable. I hope +those problems are gone now.

+ +

Behind the round robin DNS entry of the +sks-keyservers.net service +there is a pool of more than 100 keyservers which are checked every +day to ensure they are well connected and up to date. It must be +better than what I have used so far. :)

+ +

Yesterdays speaker told me that the service is the default +keyserver provided by the default configuration in GnuPG, but this do +not seem to be used in Debian. Perhaps it should?

+ +

Anyway, I've updated my ~/.gnupg/options file to now include this +line:

+ +

+keyserver pool.sks-keyservers.net
+

+ +

With GnuPG version 2 one can also locate the keyserver using SRV +entries in DNS. Just for fun, I did just that at work, so now every +user of GnuPG at the University of Oslo should find a OpenGPG +keyserver automatically should their need it:

+ +

+% host -t srv _pgpkey-http._tcp.uio.no
+_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
+%
+

+ +

Now if only +the +HKP lookup protocol supported finding signature paths, I would be +very happy. It can look up a given key or search for a user ID, but I +normally do not want that, but to find a trust path from my key to +another key. Given a user ID or key ID, I would like to find (and +download) the keys representing a signature path from my key to the +key in question, to be able to get a trust path between the two keys. +This is as far as I can tell not possible today. Perhaps something +for a future version of the protocol?

- Tags: debian, english. + Tags: debian, english, personvern, sikkerhet.
@@ -413,120 +601,116 @@ NEW. I hope it will be available in Debian in a few days.

-
Teaching vmdebootstrap to create Raspberry Pi SD card images
-
27th October 2013
-

The -vmdebootstrap -program is a a very nice system to create virtual machine images. It -create a image file, add a partition table, mount it and run -debootstrap in the mounted directory to create a Debian system on a -stick. Yesterday, I decided to try to teach it how to make images for -Raspberry Pi, as part -of a plan to simplify the build system for -the FreedomBox -project. The FreedomBox project already uses vmdebootstrap for -the virtualbox images, but its current build system made multistrap -based system for Dreamplug images, and it is lacking support for -Raspberry Pi.

- -

Armed with the knowledge on how to build "foreign" (aka non-native -architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap -code and adjusted it to be able to build armel images on my amd64 -Debian laptop. I ended up giving vmdebootstrap five new options, -allowing me to replicate the image creation process I use to make -Debian -Jessie based mesh node images for the Raspberry Pi. First, the ---foreign /path/to/binfm_handler option tell vmdebootstrap to -call debootstrap with --foreign and to copy the handler into the -generated chroot before running the second stage. This allow -vmdebootstrap to create armel images on an amd64 host. Next I added -two new options --bootsize size and --boottype -fstype to teach it to create a separate /boot/ partition with the -given file system type, allowing me to create an image with a vfat -partition for the /boot/ stuff. I also added a --variant -variant option to allow me to create smaller images without the -Debian base system packages installed. Finally, I added an option ---no-extlinux to tell vmdebootstrap to not install extlinux -as a boot loader. It is not needed on the Raspberry Pi and probably -most other non-x86 architectures. The changes were accepted by the -upstream author of vmdebootstrap yesterday and today, and is now -available from -the -upstream project page.

- -

To use it to build a Raspberry Pi image using Debian Jessie, first -create a small script (the customize script) to add the non-free -binary blob needed to boot the Raspberry Pi and the APT source -list:

- -

-#!/bin/sh
-set -e # Exit on first error
-rootdir="$1"
-cd "$rootdir"
-cat <<EOF > etc/apt/sources.list
-deb http://http.debian.net/debian/ jessie main contrib non-free
-EOF
-# Install non-free binary blob needed to boot Raspberry Pi.  This
-# install a kernel somewhere too.
-wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \
-    -O $rootdir/usr/bin/rpi-update
-chmod a+x $rootdir/usr/bin/rpi-update
-mkdir -p $rootdir/lib/modules
-touch $rootdir/boot/start.elf
-chroot $rootdir rpi-update
-

- -

Next, fetch the latest vmdebootstrap script and call it like this -to build the image:

- -
-sudo ./vmdebootstrap \
-    --variant minbase \
-    --arch armel \
-    --distribution jessie \
-    --mirror http://http.debian.net/debian \
-    --image test.img \
-    --size 600M \
-    --bootsize 64M \
-    --boottype vfat \
-    --log-level debug \
-    --verbose \
-    --no-kernel \
-    --no-extlinux \
-    --root-password raspberry \
-    --hostname raspberrypi \
-    --foreign /usr/bin/qemu-arm-static \
-    --customize `pwd`/customize \
-    --package netbase \
-    --package git-core \
-    --package binutils \
-    --package ca-certificates \
-    --package wget \
-    --package kmod
-

- -

The list of packages being installed are the ones needed by -rpi-update to make the image bootable on the Raspberry Pi, with the -exception of netbase, which is needed by debootstrap to find -/etc/hosts with the minbase variant. I really wish there was a way to -set up an Raspberry Pi using only packages in the Debian archive, but -that is not possible as far as I know, because it boots from the GPU -using a non-free binary blob.

- -

The build host need debootstrap, kpartx and qemu-user-static and -probably a few others installed. I have not checked the complete -build dependency list.

- -

The resulting image will not use the hardware floating point unit -on the Raspberry PI, because the armel architecture in Debian is not -optimized for that use. So the images created will be a bit slower -than Raspbian based images.

+
Do you need an agreement with MPEG-LA to publish and broadcast H.264 video in Norway?
+
25th August 2014
+

Two years later, I am still not sure if it is legal here in Norway +to use or publish a video in H.264 or MPEG4 format edited by the +commercially licensed video editors, without limiting the use to +create "personal" or "non-commercial" videos or get a license +agreement with MPEG LA. If one +want to publish and broadcast video in a non-personal or commercial +setting, it might be that those tools can not be used, or that video +format can not be used, without breaking their copyright license. I +am not sure. +Back +then, I found that the copyright license terms for Adobe Premiere +and Apple Final Cut Pro both specified that one could not use the +program to produce anything else without a patent license from MPEG +LA. The issue is not limited to those two products, though. Other +much used products like those from Avid and Sorenson Media have terms +of use are similar to those from Adobe and Apple. The complicating +factor making me unsure if those terms have effect in Norway or not is +that the patents in question are not valid in Norway, but copyright +licenses are.

+ +

These are the terms for Avid Artist Suite, according to their +published +end user +license +text (converted to lower case text for easier reading):

+ +

+

18.2. MPEG-4. MPEG-4 technology may be included with the +software. MPEG LA, L.L.C. requires this notice:

+ +

This product is licensed under the MPEG-4 visual patent portfolio +license for the personal and non-commercial use of a consumer for (i) +encoding video in compliance with the MPEG-4 visual standard (“MPEG-4 +video”) and/or (ii) decoding MPEG-4 video that was encoded by a +consumer engaged in a personal and non-commercial activity and/or was +obtained from a video provider licensed by MPEG LA to provide MPEG-4 +video. No license is granted or shall be implied for any other +use. Additional information including that relating to promotional, +internal and commercial uses and licensing may be obtained from MPEG +LA, LLC. See http://www.mpegla.com. This product is licensed under +the MPEG-4 systems patent portfolio license for encoding in compliance +with the MPEG-4 systems standard, except that an additional license +and payment of royalties are necessary for encoding in connection with +(i) data stored or replicated in physical media which is paid for on a +title by title basis and/or (ii) data which is paid for on a title by +title basis and is transmitted to an end user for permanent storage +and/or use, such additional license may be obtained from MPEG LA, +LLC. See http://www.mpegla.com for additional details.

+ +

18.3. H.264/AVC. H.264/AVC technology may be included with the +software. MPEG LA, L.L.C. requires this notice:

+ +

This product is licensed under the AVC patent portfolio license for +the personal use of a consumer or other uses in which it does not +receive remuneration to (i) encode video in compliance with the AVC +standard (“AVC video”) and/or (ii) decode AVC video that was encoded +by a consumer engaged in a personal activity and/or was obtained from +a video provider licensed to provide AVC video. No license is granted +or shall be implied for any other use. Additional information may be +obtained from MPEG LA, L.L.C. See http://www.mpegla.com.

+

+ +

Note the requirement that the videos created can only be used for +personal or non-commercial purposes.

+ +

The Sorenson Media software have +similar terms:

+ +

+ +

With respect to a license from Sorenson pertaining to MPEG-4 Video +Decoders and/or Encoders: Any such product is licensed under the +MPEG-4 visual patent portfolio license for the personal and +non-commercial use of a consumer for (i) encoding video in compliance +with the MPEG-4 visual standard (“MPEG-4 video”) and/or (ii) decoding +MPEG-4 video that was encoded by a consumer engaged in a personal and +non-commercial activity and/or was obtained from a video provider +licensed by MPEG LA to provide MPEG-4 video. No license is granted or +shall be implied for any other use. Additional information including +that relating to promotional, internal and commercial uses and +licensing may be obtained from MPEG LA, LLC. See +http://www.mpegla.com.

+ +

With respect to a license from Sorenson pertaining to MPEG-4 +Consumer Recorded Data Encoder, MPEG-4 Systems Internet Data Encoder, +MPEG-4 Mobile Data Encoder, and/or MPEG-4 Unique Use Encoder: Any such +product is licensed under the MPEG-4 systems patent portfolio license +for encoding in compliance with the MPEG-4 systems standard, except +that an additional license and payment of royalties are necessary for +encoding in connection with (i) data stored or replicated in physical +media which is paid for on a title by title basis and/or (ii) data +which is paid for on a title by title basis and is transmitted to an +end user for permanent storage and/or use. Such additional license may +be obtained from MPEG LA, LLC. See http://www.mpegla.com for +additional details.

+ +

+ +

Some free software like +Handbrake and +FFMPEG uses GPL/LGPL licenses and do +not have any such terms included, so for those, there is no +requirement to limit the use to personal and non-commercial.

- Tags: debian, english, freedombox, mesh network. + Tags: english, multimedia, opphavsrett, standard, video, web.
@@ -534,51 +718,167 @@ than Raspbian based images.

-
Det er jo makta som er mest sårbar ved massiv overvåkning av Internett
-
26th October 2013
-

De siste måneders eksponering av -den -totale overvåkningen som foregår i den vestlige verden dokumenterer -hvor sårbare vi er. Men det slår meg at de som er mest sårbare -for dette, myndighetspersoner på alle nivåer, neppe har innsett at de -selv er de mest interessante personene å lage profiler på, for å kunne -påvirke dem.

- -

For å ta et lite eksempel: Stortingets nettsted, -www.stortinget.no (og -forsåvidt også -data.stortinget.no), -inneholder informasjon om det som foregår på Stortinget, og jeg antar -de største brukerne av informasjonen der er representanter og -rådgivere på Stortinget. Intet overraskende med det. Det som derimot -er mer skjult er at Stortingets nettsted bruker -Google -Analytics, hvilket gjør at enhver som besøker nettsidene der også -rapporterer om besøket via Internett-linjer som passerer Sverige, -England og videre til USA. Det betyr at informasjon om ethvert besøk -på stortingets nettsider kan snappes opp av svensk, britisk og USAs -etterretningsvesen. De kan dermed holde et øye med hvilke -Stortingssaker stortingsrepresentantene synes er interessante å sjekke -ut, og hvilke sider rådgivere og andre på stortinget synes er -interessant å besøke, når de gjør det og hvilke andre representanter -som sjekker de samme sidene omtrent samtidig. Stortingets bruk av -Google Analytics gjør det dermed enkelt for utenlands etteretning å -spore representantenes aktivitet og interesse. Hvis noen av -representantene bruker Google Mail eller noen andre tjenestene som -krever innlogging, så vil det være enda enklere å finne ut nøyaktig -hvilke personer som bruker hvilke nettlesere og dermed knytte -informasjonen opp til enkeltpersoner på Stortinget.

- -

Og jo flere nettsteder som bruker Google Analytics, jo bedre -oversikt over stortingsrepresentantenes lesevaner og interesse blir -tilgjengelig for svensk, britisk og USAs etterretning. Hva de kan -bruke den informasjonen til overlater jeg til leseren å undres -over.

+
Lenker for 2014-08-03
+
3rd August 2014
+

Lenge siden jeg har hatt tid til å publisere lenker til skriverier +jeg har hatt glede og nytte av av å lese. Her er en liten norsk +lenkesamling.

+ +

    + +
  • Sjøslag +om fiskemilliardene (NRK Ytring 2014-03-03) - litt om hvordan de +norske felles matressurser røves fra felleskapet.
    • + +
  • Matkrisen +kan komme til Norge (Aftenposten 2014-4-01) - hvordan miljøendringene vil gjøre matproduksjonen i Norge mer sÃ¥rbar.
    • + +
  • Norge +trenger kornlager (NRK Ytring 2014-06-07) Chr. Anton Smedshaug +forteller litt om Norges sÃ¥rbare matsituasjon etter at Staten solgte +Norges kornlager.
    • + +
  • PST +vil overvÃ¥ke datatastaturer (NRK 2014-03-04) - PST ønsker retten +til Ã¥ bryte seg inn pÃ¥ private PC-er og legge inn spionprogrammer. +Hvilket nok vil gjøre Linux mer populært, men gjør at en i enda mindre +grad enn i dag kan stole pÃ¥ datamaskiner - neppe en god ide for +samfunnet totalt sett.
    • + +
  • «Ruter +fremstÃ¥r som et pøbelvelde» (OsloBy 2014-03-05) - et eksempel pÃ¥ +hvordan kollektivtransportselskapet i Oslo hÃ¥ndterer sine kunder.
    • + +
  • Clear +Channel nektet Ã¥ vise Greenpeace-reklame i Oslo (Dagbladet +2014-03-05) - forteller litt om hvordan hvilke budskap som nÃ¥r ut i +det offentlige rom kontrolleres i Norge.
    • + +
  • Svarte +ikke pÃ¥ kritikken (Dagbladet 2014-03-06) - innlegg fra Norsk +presseforbund der de nok en gang tar opp det forkastelige i at +politiet nÃ¥ har full tilgang til Ã¥ bedrive telefonkontroll av +advokater.
    • + +
  • «Putin +spiller poker, ikke sjakk. I sjakk har man regler.» (Aftenposten +2014-03-08) - sjakklegenden Kasparov forklarer litt om hvordan han ser +at Russlands politikk fungerer, blant annet i lys av started av +Ukraina-krisen.
    • + +
  • I +seng med fienden (Aftenposten 2014-03-10) - kronikk fra Eirik +H. Vinje om hvordan menn og kvinner settes opp mot hverandre i det +offentlige ordskiftet, kanskje pÃ¥ sviktende grunnlag.
    • + +
  • Fritt +frem for skulk (Aftenposten 2014-03-14) - skildring av hvordan +norske elever i dag ikke lenger har rimelig krav om oppmøte pÃ¥ +skolen.
    • + +
  • «Datalagringsdirektiv» +avslørte abort, sykdom og vÃ¥penkjøp (Aftenposten 2014-03-14) - om +hvordan forskere har dokumentert hvordan innsamling av metadata om +telefoni og Internett-bruk kan være svært avslørende.
    • + +
  • Konsentrasjonssvikt +pÃ¥ pensum (Dagbladet 2014-03-14) - Kommentar om hvordan (feil) +bruk IKT i skolen kan ødelegge mer enn det bidrar til læring.
    • + +
  • Reservasjonsrettsstaten +(blogg fra Doremus 2014-02-09) - morsom beskrivelse om hvordan +regjeringens forslag til reservasjonsrett for leger kan utvides til Ã¥ +gjelde alles samvittighet.
    • + +
  • Autoritær +gjøkunge (Aftenposten 2014-03-25) - Kronikk av Bjørn Stærk om +snurpenots-overvÃ¥kningen som varsleren Snowden dokumenterte.
    • + +
  • Leveransekrise +i Offentlig sektor – mener Mike Bracken, Executive Director of Digital +in the Cabinet Office (blogg fra Friprog-senteret 2014-03-26).
    • + +
  • Norge +mÃ¥ stanse avlyttingen (Dagbladet 2014-03-26) - leserinnlegg fra +Felix Horne der han ber om at Norge gjør en innsats for Ã¥ fÃ¥ slutt pÃ¥ +overvÃ¥kning av innbyggerne som gjøres i Norge av Etiopiske +myndigheter.
    • + +
  • Demokrati +er ingen naturlig styreform (Aftenposten 2014-04-01) - kronikk av +Stein Ringen om hvordan demokrati som styreform gÃ¥r tapt nÃ¥r +innbyggerne tar det for gitt.
    • + +
  • Ytringsansvar +ere Enhver tilladte! (NRK Ytring 2014-04-01) - innspill fra Trygve +Svensson og Helge Svare om at hver enkelt av oss har et ansvar for Ã¥ +ytre oss i den offentlige debatten.
    • + +
  • Jeg +er ingen god samfunnsborger (Aftenposten 2014-04-16), kronikk av +Simen Tveitereid om alternative mÃ¥ter Ã¥ motiveres i samfunnet, uten Ã¥ +hige etter mer penger og flere ting.
    • + +
  • DLD-dommen: +Avgjørelsen fÃ¥r umiddelbar virkning (Aftenposten 2014-04-10) - +kronikk av Høyres Michael Tetzschner, en partiutbryter i DLD-saken som +stemte nei til DLD i Stortinget i 2011.
    • + +
  • Datalagringsdirektivets +endelikt (blogg fra John Wessel-Aas 2014-04-11) - oppsummering +av hvordan direktivet ble funnet ugyldig i EU-domstolen.
    • + +
  • Kronikk: +Kapitulasjonspresidenten (VG 2014-04-22) - kronikk av Einar +Kr. Steffenak om hvordan Stortingspresidenten og regjeringen viser sin +prinsippløshet i møte med Kina.
    • + +
  • Innerst +inne er alle nordmenn (Aftenposten 2014-04-27) - kronikk fra Bjørn +Stærk om hvordan vi i Vesten i stor grad baserer oss pÃ¥ en fantasi om +at alle i verden bærer pÃ¥ en drøm om Ã¥ bli som oss.
    • + +
  • Det +italienske senatet gav seg selv 134 milliarder euro i sluttpakke +(Aftenposten 2014-06-19) - forsker Simen Gaure forteller hvordan +løgner og fantasi fra nettkilder i stor grad blir akseptert som +sannhet - antagelig ogsÃ¥ av deg og meg.
    • + +
  • Et +forsvar for brÃ¥kmakerne (Dagbladet 2014-05-30) - kronikk av Dag +Øystein Nome som beskriver hvordan dagens skole ikke fungerer sÃ¥ godt +for mange elever.
    • + +
  • Betalte +med slitt seddel - havnet i arresten (Osloby 2014-06-25)) - +dokumentasjon av Oslopolitiets angrep pÃ¥ vÃ¥r alles rett til Ã¥ ferdes +uten elektronisk sporing. Jeg bruker kontanter i sÃ¥ stor grad som +mulig da banken ikke har noe med hvor jeg er og hva jeg kjøper. Vi +som gjør dette risikerer som beskrevet overgrep som frihetsberøvelse +og registrering og lagring av fingeravtrykk og bilde i politiets +database over mistenkte.
    • + +
  • Fredsprisen +til Snowden (Aftenposten 2014-06-28) - leder som forklarer hvorfor +varsleren Snowden bør fÃ¥ fredsprisen.
    • + +
  • Strategi +for politistaten (Dagbladet 2014-08-01) - leder som advarer om +sterke krefter som bruker terrortrusselen til Ã¥ lirke Norge nærmere Ã¥ +bli en politistat.
    • + +
  • Vi +mÃ¥ tenke nytt om narkotika (NRK Ytring 2014-08-03) - Mark Lewis +forklarer hvorfor legalisering og offentlig kontroll av +narkotikamarkedet er mye bedre enn Ã¥ overlate det til kriminelle.
    • + + +

- Tags: norsk, personvern, sikkerhet, stortinget, surveillance. + Tags: lenker, norsk, opphavsrett, personvern.
@@ -586,93 +886,94 @@ over.

-
A Raspberry Pi based batman-adv Mesh network node
-
21st October 2013
-

The last few days I have been experimenting with -the -batman-adv mesh technology. I want to gain some experience to see -if it will fit the -Freedombox project, and together with my neighbors try to build a -mesh network around the park where I live. Batman-adv is a layer 2 -mesh system ("ethernet" in other words), where the mesh network appear -as if all the mesh clients are connected to the same switch.

- -

My hardware of choice was the Linksys WRT54GL routers I had lying -around, but I've been unable to get them working with batman-adv. So -instead, I started playing with a -Raspberry Pi, and tried to -get it working as a mesh node. My idea is to use it to create a mesh -node which function as a switch port, where everything connected to -the Raspberry Pi ethernet plug is connected (bridged) to the mesh -network. This allow me to hook a wifi base station like the Linksys -WRT54GL to the mesh by plugging it into a Raspberry Pi, and allow -non-mesh clients to hook up to the mesh. This in turn is useful for -Android phones using the Serval -Project voip client, allowing every one around the playground to -phone and message each other for free. The reason is that Android -phones do not see ad-hoc wifi networks (they are filtered away from -the GUI view), and can not join the mesh without being rooted. But if -they are connected using a normal wifi base station, they can talk to -every client on the local network.

- -

To get this working, I've created a debian package -meshfx-node -and a script -build-rpi-mesh-node -to create the Raspberry Pi boot image. I'm using Debian Jessie (and -not Raspbian), to get more control over the packages available. -Unfortunately a huge binary blob need to be inserted into the boot -image to get it booting, but I'll ignore that for now. Also, as -Debian lack support for the CPU features available in the Raspberry -Pi, the system do not use the hardware floating point unit. I hope -the routing performance isn't affected by the lack of hardware FPU -support.

- -

To create an image, run the following with a sudo enabled user -after inserting the target SD card into the build machine:

- -

-% wget -O build-rpi-mesh-node \
-    https://raw.github.com/petterreinholdtsen/meshfx-node/master/build-rpi-mesh-node
-% sudo bash -x ./build-rpi-mesh-node > build.log 2>&1
-% dd if=/root/rpi/rpi_basic_jessie_$(date +%Y%m%d).img of=/dev/mmcblk0 bs=1M
-%
-

- -

Booting with the resulting SD card on a Raspberry PI with a USB -wifi card inserted should give you a mesh node. At least it does for -me with a the wifi card I am using. The default mesh settings are the -ones used by the Oslo mesh project at Hackeriet, as I mentioned in -an -earlier blog post about this mesh testing.

- -

The mesh node was not horribly expensive either. I bought -everything over the counter in shops nearby. If I had ordered online -from the lowest bidder, the price should be significantly lower:

- -

- - - - - - - - -
SupplierModelNOK
TeknikkmagasinetRaspberry Pi model B349.90
TeknikkmagasinetRaspberry Pi type B case99.90
LefdalJensen Air:Link 25150295.-
Clas OhlsonKingston 16 GB SD card199.-
Total cost943.80

- -

Now my mesh network at home consist of one laptop in the basement -connected to my production network, one Raspberry Pi node on the 1th -floor that can be seen by my neighbor across the park, and one -play-node I use to develop the image building script. And some times -I hook up my work horse laptop to the mesh to test it. I look forward -to figuring out what kind of latency the batman-adv setup will give, -and how much packet loss we will experience around the park. :)

+
Debian Edu interview: Bernd Zeitzen
+
31st July 2014
+

The complete and free “out of the box” software solution for +schools, Debian Edu / +Skolelinux, is used quite a lot in Germany, and one of the people +involved is Bernd Zeitzen, who show up on the project mailing lists +from time to time with interesting questions and tips on how to adjust +the setup. I managed to interview him this summer.

+ +

Who are you, and how do you spend your days?

+ +

My name is Bernd Zeitzen and I'm married with Hedda, a self +employed physiotherapist. My former profession is tool maker, but I +haven't worked for 30 years in this job. 30 years ago I started to +support my wife and become her officeworker and a few years later the +administrator for a small computer network, today based on Ubuntu +Server (Samba, OpenVPN). For her daily work she has to use Windows +Desktops because the software she needs to organize her business only +works with Windows . :-(

+ +

In 1988 we started with one PC and DOS, then I learned to use +Windows 98, 2000, XP, …, 8, Ubuntu, MacOSX. Today we are running a +Linux server with 6 Windows clients and 10 persons (teacher of +children with special needs, speech therapist, occupational therapist, +psychologist and officeworkers) using our Samba shares via OpenVPN to +work with the documentations of our patients.

+ +

How did you get in contact with the Skolelinux / Debian Edu +project?

+ +

Two years ago a friend of mine asked me, if I want to get a job in +his school (Gymnasium +Harsewinkel). They started with Skolelinux / Debian Edu and they +were looking for people to give support to the teachers using the +software and the network and teaching the pupils increasing their +computer skills in optional lessons. I'm spending 4-6 hours a week +with this job.

+ +

What do you see as the advantages of Skolelinux / Debian +Edu?

+ +

The independence.

+ +

First: Every person is allowed to use, share and develop the +software. Even if you are poor, you are allowed to use the software +included in Skolelinux/Debian Edu and all the other Free Software.

+ +

Second: The software runs on old machines and this gives us the +possibility to recycle computers, weeded out from offices. The +servers and desktops are running for more than two years and they are +working reliable.

+ +

We have two servers (one tjener and one terminal server), 45 +workstations in three classrooms and seven laptops as a mobile +solution for all classrooms. These machines are all booting from the +terminal server. In the moment we are installing 30 laptops as mobile +workstations. Then the pupils have the possibility to work with these +machines in their classrooms. Internet access is realized by a WLAN +router, connected to the schools network. This is all done without a +dedicated system administrator or a computer science teacher.

+ +

What do you see as the disadvantages of Skolelinux / Debian +Edu?

+ +

Teachers and pupils are Windows users. <Irony on> And Linux +isn't cool. It's software for freaks using the command line. <Irony +off> They don't realize the stability of the system.

+ +

Which free software do you use daily?

+ +

Firefox, Thunderbird, LibreOffice, Ubuntu Server 12.04 (Samba, +Apache, MySQL, Joomla!, … and Skolelinux / Debian Edu)

+ +

Which strategy do you believe is the right one to use to +get schools to use free software?

+ +

In Germany we have the situation: every school is free to decide +which software they want to use. This decision is influenced by +teachers who learned to use Windows and MS Office. They buy a PC with +Windows preinstalled and an additional testing version of MS +Office. They don't know about the possibility to use Free Software +instead. Another problem are the publisher of school books. They +develop their software, added to the school books, for Windows.

- Tags: english, freedombox, mesh network, nuug. + Tags: debian edu, english, intervju.
@@ -680,21 +981,39 @@ and how much packet loss we will experience around the park. :)

-
Perl library to control the Spykee robot moved to github
-
19th October 2013
-

Back in 2010, I created a Perl library to talk to -the Spykee robot -(with two belts, wifi, USB and Linux) and made it available from my -web page. Today I concluded that it should move to a site that is -easier to use to cooperate with others, and moved it to github. If -you got a Spykee robot, you might want to check out -the -libspykee-perl github repository.

+
98.6 percent done with the Norwegian draft translation of Free Culture
+
23rd July 2014
+

This summer I finally had time to continue working on the Norwegian +docbook version of the 2004 book +Free Culture by Lawrence Lessig, +to get a Norwegian text explaining the problems with todays copyright +law. Yesterday, I finally completed translated the book text. There +are still some foot/end notes left to translate, the colophon page +need to be rewritten, and a few words and phrases still need to be +translated, but the Norwegian text is ready for the first proof +reading. :) More spell checking is needed, and several illustrations +need to be cleaned up. The work stopped up because I had to give +priority to other projects the last year, and the progress graph of +the translation show this very well:

+ +

+ +

If you want to read the result, check out the +github +project pages and the +PDF, +EPUB +and HTML version available in the +archive +directory.

+ +

Please report typos, bugs and improvements to the github project if +you find any.

- Tags: english, nuug, robot. + Tags: docbook, english, freeculture.
@@ -702,38 +1021,111 @@ libspykee-perl github repository.

-
Good causes: Debian Outreach Program for Women, EFF documenting the spying and Open access in Norway
-
15th October 2013
-

The last few days I came across a few good causes that should get -wider attention. I recommend signing and donating to each one of -these. :)

- -

Via Debian -Project News for 2013-10-14 I came across the Outreach Program for -Women program which is a Google Summer of Code like initiative to get -more women involved in free software. One debian sponsor has offered -to match any donation done to Debian -earmarked for this initiative. I donated a few minutes ago, and -hope you will to. :)

- -

And the Electronic Frontier Foundation just announced plans to -create video -documentaries about the excessive spying on every Internet user that -take place these days, and their need to fund the work. I've already -donated. Are you next?

- -

For my Norwegian audience, the organisation Studentenes og -Akademikernes Internasjonale Hjelpefond is collecting signatures for a -statement under the heading -Bloggers United for Open -Access for those of us asking for more focus on open access in the -Norwegian government. So far 499 signatures. I hope you will sign it -too.

+
From English wiki to translated PDF and epub via Docbook
+
17th June 2014
+

The Debian Edu / Skolelinux +project provide an instruction manual for teachers, system +administrators and other users that contain useful tips for setting up +and maintaining a Debian Edu installation. This text is about how the +text processing of this manual is handled in the project.

+ +

One goal of the project is to provide information in the native +language of its users, and for this we need to handle translations. +But we also want to make sure each language contain the same +information, so for this we need a good way to keep the translations +in sync. And we want it to be easy for our users to improve the +documentation, avoiding the need to learn special formats or tools to +contribute, and the obvious way to do this is to make it possible to +edit the documentation using a web browser. We also want it to be +easy for translators to keep the translation up to date, and give them +help in figuring out what need to be translated. Here is the list of +tools and the process we have found trying to reach all these +goals.

+ +

We maintain the authoritative source of our manual in the +Debian +wiki, as several wiki pages written in English. It consist of one +front page with references to the different chapters, several pages +for each chapter, and finally one "collection page" gluing all the +chapters together into one large web page (aka +the +AllInOne page). The AllInOne page is the one used for further +processing and translations. Thanks to the fact that the +MoinMoin installation on +wiki.debian.org support exporting pages in +the Docbook format, we can fetch +the list of pages to export using the raw version of the AllInOne +page, loop over each of them to generate a Docbook XML version of the +manual. This process also download images and transform image +references to use the locally downloaded images. The generated +Docbook XML files are slightly broken, so some post-processing is done +using the documentation/scripts/get_manual program, and the +result is a nice Docbook XML file (debian-edu-wheezy-manual.xml) and +a handfull of images. The XML file can now be used to generate PDF, HTML +and epub versions of the English manual. This is the basic step of +our process, making PDF (using dblatex), HTML (using xsltproc) and +epub (using dbtoepub) version from Docbook XML, and the resulting files +are placed in the debian-edu-doc-en binary package.

+ +

But English documentation is not enough for us. We want translated +documentation too, and we want to make it easy for translators to +track the English original. For this we use the +poxml package, +which allow us to transform the English Docbook XML file into a +translation file (a .pot file), usable with the normal gettext based +translation tools used by those translating free software. The pot +file is used to create and maintain translation files (several .po +files), which the translations update with the native language +translations of all titles, paragraphs and blocks of text in the +original. The next step is combining the original English Docbook XML +and the translation file (say debian-edu-wheezy-manual.nb.po), to +create a translated Docbook XML file (in this case +debian-edu-wheezy-manual.nb.xml). This translated (or partly +translated, if the translation is not complete) Docbook XML file can +then be used like the original to create a PDF, HTML and epub version +of the documentation.

+ +

The translators use different tools to edit the .po files. We +recommend using +lokalize, +while some use emacs and vi, others can use web based editors like +Poodle or +Transifex. All we care about +is where the .po file end up, in our git repository. Updated +translations can either be committed directly to git, or submitted as +bug reports +against the debian-edu-doc package.

+ +

One challenge is images, which both might need to be translated (if +they show translated user applications), and are needed in different +formats when creating PDF and HTML versions (epub is a HTML version in +this regard). For this we transform the original PNG images to the +needed density and format during build, and have a way to provide +translated images by storing translated versions in +images/$LANGUAGECODE/. I am a bit unsure about the details here. The +package maintainers know more.

+ +

If you wonder what the result look like, we provide +the content +of the documentation packages on the web. See for example the +Italian +PDF version or the +German +HTML version. We do not yet build the epub version by default, +but perhaps it will be done in the future.

+ +

To learn more, check out +the +debian-edu-doc package, +the +manual on the wiki and +the +translation instructions in the manual.

- Tags: debian, english, opphavsrett, surveillance. + Tags: debian, debian edu, docbook, english.
@@ -741,142 +1133,57 @@ too.

-
Oslo community mesh network - with NUUG and Hackeriet at Hausmania
-
11th October 2013
-

Wireless mesh networks are self organising and self healing -networks that can be used to connect computers across small and large -areas, depending on the radio technology used. Normal wifi equipment -can be used to create home made radio networks, and there are several -successful examples like -Freifunk and -Athens Wireless Metropolitan Network -(see -wikipedia -for a large list) around the globe. To give you an idea how it -work, check out the nice overview of the Kiel Freifunk community which -can be seen from their -dynamically -updated node graph and map, where one can see how the mesh nodes -automatically handle routing and recover from nodes disappearing. -There is also a small community mesh network group in Oslo, Norway, -and that is the main topic of this blog post.

- -

I've wanted to check out mesh networks for a while now, and hoped -to do it as part of my involvement with the NUUG member organisation community, and -my recent involvement in -the Freedombox project -finally lead me to give mesh networks some priority, as I suspect a -Freedombox should use mesh networks to connect neighbours and family -when possible, given that most communication between people are -between those nearby (as shown for example by research on Facebook -communication patterns). It also allow people to communicate without -any central hub to tap into for those that want to listen in on the -private communication of citizens, which have become more and more -important over the years.

- -

So far I have only been able to find one group of people in Oslo -working on community mesh networks, over at the hack space -Hackeriet at Husmania. They seem to -have started with some Freifunk based effort using OLSR, called -the Oslo -Freifunk project, but that effort is now dead and the people -behind it have moved on to a batman-adv based system called -meshfx. Unfortunately the wiki -site for the Oslo Freifunk project is no longer possible to update to -reflect this fact, so the old project page can't be updated to point to -the new project. A while back, the people at Hackeriet invited people -from the Freifunk community to Oslo to talk about mesh networks. I -came across this video where Hans Jørgen Lysglimt interview the -speakers about this talk (from -youtube):

- -

- -

I mentioned OLSR and batman-adv, which are mesh routing protocols. -There are heaps of different protocols, and I am still struggling to -figure out which one would be "best" for some definitions of best, but -given that the community mesh group in Oslo is so small, I believe it -is best to hook up with the existing one instead of trying to create a -completely different setup, and thus I have decided to focus on -batman-adv for now. It sure help me to know that the very cool -Serval project in Australia -is using batman-adv as their meshing technology when it create a self -organizing and self healing telephony system for disaster areas and -less industrialized communities. Check out this cool video presenting -that project (from -youtube):

- -

- -

According to the wikipedia page on -Wireless -mesh network there are around 70 competing schemes for routing -packets across mesh networks, and OLSR, B.A.T.M.A.N. and -B.A.T.M.A.N. advanced are protocols used by several free software -based community mesh networks.

- -

The batman-adv protocol is a bit special, as it provide layer 2 -(as in ethernet ) routing, allowing ipv4 and ipv6 to work on the same -network. One way to think about it is that it provide a mesh based -vlan you can bridge to or handle like any other vlan connected to your -computer. The required drivers are already in the Linux kernel at -least since Debian Wheezy, and it is fairly easy to set up. A -good -introduction is available from the Open Mesh project. These are -the key settings needed to join the Oslo meshfx network:

- -

- - - - - -
SettingValue
Protocol / kernel modulebatman-adv
ESSIDmeshfx@hackeriet
Channel / Frequency11 / 2462
Cell ID02:BA:00:00:00:01

- -

The reason for setting ad-hoc wifi Cell ID is to work around bugs -in firmware used in wifi card and wifi drivers. (See a nice post from -VillageTelco about -"Information -about cell-id splitting, stuck beacons, and failed IBSS merges! -for details.) When these settings are activated and you have some -other mesh node nearby, your computer will be connected to the mesh -network and can communicate with any mesh node that is connected to -any of the nodes in your network of nodes. :)

- -

My initial plan was to reuse my old Linksys WRT54GL as a mesh node, -but that seem to be very hard, as I have not been able to locate a -firmware supporting batman-adv. If anyone know how to use that old -wifi access point with batman-adv these days, please let me know.

- -

If you find this project interesting and want to join, please join -us on IRC, either channel -#oslohackerspace -or #nuug on -irc.freenode.net.

- -

While investigating mesh networks in Oslo, I came across an old -research paper from the university of Stavanger and Telenor Research -and Innovation called -The -reliability of wireless backhaul mesh networks and elsewhere -learned that Telenor have been experimenting with mesh networks at -Grünerløkka in Oslo. So mesh networks are also interesting for -commercial companies, even though Telenor discovered that it was hard -to figure out a good business plan for mesh networking and as far as I -know have closed down the experiment. Perhaps Telenor or others would -be interested in a cooperation?

- -

Update 2013-10-12: I was just -told -by the Serval project developers that they no longer use -batman-adv (but are compatible with it), but their own crypto based -mesh system.

+
Hvordan enkelt laste ned filmer fra NRK med den "nye" løsningen
+
16th June 2014
+

Jeg har fortsatt behov for å kunne laste ned innslag fra NRKs +nettsted av og til for å se senere når jeg ikke er på nett, men +min +oppskrift fra 2011 sluttet å fungere da NRK byttet +avspillermetode. I dag fikk jeg endelig lett etter oppdatert løsning, +og jeg er veldig glad for å fortelle at den enkleste måten å laste ned +innslag er å bruke siste versjon 2014.06.07 av +youtube-dl. Støtten i +youtube-dl kom +inn for 23 dager siden og +versjonen i +Debian fungerer fint også som backport til Debian Wheezy. Det er +et lite problem, det håndterer kun URLer med små bokstaver, men hvis +en har en URL med store bokstaver kan en bare gjøre alle store om til +små bokstaver for å få youtube-dl til å laste ned. Rapporterte +nettopp +problemet til +utviklerne, og antar de får fikset det snart.

+ +

Dermed er alt klart til å laste ned dokumentarene om +USAs +hemmelige avlytting og +Selskapene +bak USAs avlytting, i tillegg til +intervjuet +med Edward Snowden gjort av den tyske tv-kanalen ARD. Anbefaler +alle å se disse, sammen med +foredraget +til Jacob Appelbaum på siste CCC-konferanse, for å forstå mer om +hvordan overvåkningen av borgerne brer om seg.

+ +

Takk til gode venner på foreningen NUUGs IRC-kanal +#nuug på irc.freenode.net +for tipsene som fikk meg i mål.

+ +

Oppdatering 2014-06-17: Etter at jeg publiserte +denne, ble jeg tipset om bloggposten +"Downloading +HD content from tv.nrk.no" av Ingvar Hagelund, som har alternativ +implementasjon og tips for å lage mkv-fil med undertekstene inkludert. +Kanskje den passer bedre for deg? I tillegg ble feilen i youtube-dl +ble fikset litt senere ut på dagen i går, samt at youtube-dl fikk +støtte for å laste ned undertitler. Takk til Anders Einar Hilden for +god innsats og youtube-dl-utviklerne for rask respons.

- Tags: english, freedombox, mesh network, nuug. + Tags: multimedia, norsk, video, web.
@@ -891,6 +1198,29 @@ mesh system.

Archive