X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/ecdf7d14b113afc64f4b86bcae3dbda7b418fad9..664e29a948f20e356de06149be10c64ac3ea9b7b:/blog/archive/2014/03/index.html diff --git a/blog/archive/2014/03/index.html b/blog/archive/2014/03/index.html index 8bb02c74a5..ca0d91ae25 100644 --- a/blog/archive/2014/03/index.html +++ b/blog/archive/2014/03/index.html @@ -23,20 +23,476 @@
- How to add extra storage servers in Debian Edu / Skolelinux + Debian Edu interview: Roger Marsal +
+
+ 30th March 2014 +
+
+

Debian Edu / Skolelinux +keep gaining new users. Some weeks ago, a person showed up on IRC, +#debian-edu, with a +wish to contribute, and I managed to get a interview with this great +contributor Roger Marsal to learn more about his background.

+ +

Who are you, and how do you spend your days?

+ +

My name is Roger Marsal, I'm 27 years old (1986 generation) and I +live in Barcelona, Spain. I've got a strong business background and I +work as a patrimony manager and as a real estate agent. Additionally, +I've co-founded a British based tech company that is nowadays on the +last development phase of a new social networking concept.

+ +

I'm a Linux enthusiast that started its journey with Ubuntu four years +ago and have recently switched to Debian seeking rock solid stability +and as a necessary step to gain expertise.

+ +

In a nutshell, I spend my days working and learning as much as I +can to face both my job, entrepreneur project and feed my Linux +hunger.

+ +

How did you get in contact with the Skolelinux / Debian Edu +project?

+ +

I discovered the LTSP advantages +with "Ubuntu 12.04 alternate install" and after a year of use I +started looking for an alternative. Even though I highly value and +respect the Ubuntu project, I thought it was necessary for me to +change to a more robust and stable alternative. As far as I was using +Debian on my personal laptop I thought it would be fine to install +Debian and configure an LTSP server myself. Surprised, I discovered +that the Debian project also supported a kind of Edubuntu equivalent, +and after having some pain I obtained a Debian Edu network up and +running. I just loved it.

+ +

What do you see as the advantages of Skolelinux / Debian +Edu?

+ +

I found a main advantage in that, once you know "the tips and +tricks", a new installation just works out of the box. It's the most +complete alternative I've found to create an LTSP network. All the +other distributions seems to be made of plastic, Debian Edu seems to +be made of steel.

+ +

What do you see as the disadvantages of Skolelinux / Debian +Edu?

+ +

I found two main disadvantages.

+ +

I'm not an expert but I've got notions and I had to spent a considerable +amount of time trying to bring up a standard network topology. I'm quite +stubborn and I just worked until I did but I'm sure many people with few +resources (not big schools, but academies for example) would have switched +or dropped.

+ +

It's amazing how such a complex system like Debian Edu has achieved +this out-of-the-box state. Even though tweaking without breaking gets +more difficult, as more factors have to be considered. This can +discourage many people too.

+ +

Which free software do you use daily?

+ +

I use Debian, Firefox, Okular, Inkscape, LibreOffice and +Virtualbox.

+ + +

Which strategy do you believe is the right one to use to +get schools to use free software?

+ +

I don't think there is a need for a particular strategy. The free +attribute in both "freedom" and "no price" meanings is what will +really bring free software to schools. In my experience I can think of +the "R" statistical language; a +few years a ago was an extremely nerd tool for university people. +Today it's being increasingly used to teach statistics at many +different level of studies. I believe free and open software will +increasingly gain popularity, but I'm sure schools will be one of the +first scenarios where this will happen.

+ +
+
+ + + Tags: debian edu, english, intervju. + + +
+
+
+ +
+
+ Dokumentaren om Datalagringsdirektivet sendes endelig på NRK +
+
+ 26th March 2014 +
+
+

Foreningen NUUG melder i natt at +NRK nå har bestemt seg for +når +den norske dokumentarfilmen om datalagringsdirektivet skal +sendes (se IMDB +for detaljer om filmen) . Første visning blir på NRK2 mandag +2014-03-31 kl. 19:50, og deretter visninger onsdag 2014-04-02 +kl. 12:30, fredag 2014-04-04 kl. 19:40 og søndag 2014-04-06 kl. 15:10. +Jeg har sett dokumentaren, og jeg anbefaler enhver å se den selv. Som +oppvarming mens vi venter anbefaler jeg Bjørn Stærks kronikk i +Aftenposten fra i går, +Autoritær +gjøkunge, der han gir en grei skisse av hvor ille det står til med +retten til privatliv og beskyttelsen av demokrati i Norge og resten +verden, og helt riktig slår fast at det er vi i databransjen som +sitter med nøkkelen til å gjøre noe med dette. Jeg har involvert meg +i prosjektene dugnadsnett.no +og FreedomBox for å +forsøke å gjøre litt selv for å bedre situasjonen, men det er mye +hardt arbeid fra mange flere enn meg som gjenstår før vi kan sies å ha +gjenopprettet balansen.

+ +

Jeg regner med at nettutgaven dukker opp på +NRKs +side om filmen om datalagringsdirektivet om fem dager. Hold et +øye med siden, og tips venner og slekt om at de også bør se den.

+ +
+
+ + + Tags: dld, freedombox, mesh network, norsk, personvern, sikkerhet, surveillance. + + +
+
+
+ +
+
+ Public Trusted Timestamping services for everyone +
+
+ 25th March 2014 +
+
+

Did you ever need to store logs or other files in a way that would +allow it to be used as evidence in court, and needed a way to +demonstrate without reasonable doubt that the file had not been +changed since it was created? Or, did you ever need to document that +a given document was received at some point in time, like some +archived document or the answer to an exam, and not changed after it +was received? The problem in these settings is to remove the need to +trust yourself and your computers, while still being able to prove +that a file is the same as it was at some given time in the past.

+ +

A solution to these problems is to have a trusted third party +"stamp" the document and verify that at some given time the document +looked a given way. Such +notarius service +have been around for thousands of years, and its digital equivalent is +called a +trusted +timestamping service. The Internet +Engineering Task Force standardised how such service could work a +few years ago as RFC +3161. The mechanism is simple. Create a hash of the file in +question, send it to a trusted third party which add a time stamp to +the hash and sign the result with its private key, and send back the +signed hash + timestamp. Both email, FTP and HTTP can be used to +request such signature, depending on what is provided by the service +used. Anyone with the document and the signature can then verify that +the document matches the signature by creating their own hash and +checking the signature using the trusted third party public key. +There are several commercial services around providing such +timestamping. A quick search for +"rfc 3161 +service" pointed me to at least +DigiStamp, +Quo +Vadis, +Global Sign +and Global +Trust Finder. The system work as long as the private key of the +trusted third party is not compromised.

+ +

But as far as I can tell, there are very few public trusted +timestamp services available for everyone. I've been looking for one +for a while now. But yesterday I found one over at +Deutches +Forschungsnetz mentioned in +a +blog by David Müller. I then found +a +good recipe on how to use the service over at the University of +Greifswald.

+ +

The OpenSSL library contain +both server and tools to use and set up your own signing service. See +the ts(1SSL), tsget(1SSL) manual pages for more details. The +following shell script demonstrate how to extract a signed timestamp +for any file on the disk in a Debian environment:

+ +

+#!/bin/sh
+set -e
+url="http://zeitstempel.dfn.de"
+caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt"
+reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
+resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
+cafile=chain.txt
+if [ ! -f $cafile ] ; then
+    wget -O $cafile "$caurl"
+fi
+openssl ts -query -data "$1" -cert | tee "$reqfile" \
+    | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile"
+openssl ts -reply -in "$resfile" -text 1>&2
+openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2
+base64 < "$resfile"
+rm "$reqfile" "$resfile"
+

+ +

The argument to the script is the file to timestamp, and the output +is a base64 encoded version of the signature to STDOUT and details +about the signature to STDERR. Note that due to +a bug +in the tsget script, you might need to modify the included script +and remove the last line. Or just write your own HTTP uploader using +curl. :) Now you too can prove and verify that files have not been +changed.

+ +

But the Internet need more public trusted timestamp services. +Perhaps something for Uninett or +my work place the University of Oslo +to set up?

+ +
+
+ + + Tags: english, sikkerhet. + + +
+
+
+ +
+
+ Video DVD reader library / python-dvdvideo - nice free software +
+
+ 21st March 2014 +
+
+

Keeping your DVD collection safe from scratches and curious +children fingers while still having it available when you want to see a +movie is not straight forward. My preferred method at the moment is +to store a full copy of the ISO on a hard drive, and use VLC, Popcorn +Hour or other useful players to view the resulting file. This way the +subtitles and bonus material are still available and using the ISO is +just like inserting the original DVD record in the DVD player.

+ +

Earlier I used dd for taking security copies, but it do not handle +DVDs giving read errors (which are quite a few of them). I've also +tried using +dvdbackup +and genisoimage, but these days I use the marvellous python library +and program +python-dvdvideo +written by Bastian Blank. It is +in Debian +already and the binary package name is python3-dvdvideo. Instead +of trying to read every block from the DVD, it parses the file +structure and figure out which block on the DVD is actually in used, +and only read those blocks from the DVD. This work surprisingly well, +and I have been able to almost backup my entire DVD collection using +this method.

+ +

So far, python-dvdvideo have failed on between 10 and +20 DVDs, which is a small fraction of my collection. The most common +problem is +DVDs +using UTF-16 instead of UTF-8 characters, which according to +Bastian is against the DVD specification (and seem to cause some +players to fail too). A rarer problem is what seem to be inconsistent +DVD structures, as the python library +claim +there is a overlap between objects. An equally rare problem claim +some +value is out of range. No idea what is going on there. I wish I +knew enough about the DVD format to fix these, to ensure my movie +collection will stay with me in the future.

+ +

So, if you need to keep your DVDs safe, back them up using +python-dvdvideo. :)

+ +
+
+ + + Tags: english, multimedia, opphavsrett, video. + + +
+
+
+ +
+
+ Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene +
+
+ 16th March 2014 +
+
+

Det offentlige Norge har mye kunnskap og informasjon. Men hvordan +kan en få tilgang til den på en enkel måte? Takket være et lite +knippe lover og tilhørende forskrifter, blant annet +offentlighetsloven, +miljøinformasjonsloven +og +forvaltningsloven +har en rett til å spørre det offentlige og få svar. Men det finnes +intet offentlig arkiv over hva andre har spurt om, og dermed risikerer en +å måtte forstyrre myndighetene gang på gang for å få tak i samme +informasjonen på nytt. Britiske +mySociety har laget tjenesten +WhatDoTheyKnow som gjør +noe med dette. I Storbritannia blir WhatdoTheyKnow brukt i +ca +15% av alle innsynsforespørsler mot sentraladministrasjonen. +Prosjektet heter Alaveteli, og +er takk i bruk en rekke steder etter at løsningen ble generalisert og +gjort mulig å oversette. Den hjelper borgerne med å be om innsyn, +rådgir ved purringer og klager og lar alle se hvilke henvendelser som +er sendt til det offentlige og hvilke svar som er kommet inn, i et +søkpart arkiv. Her i Norge holder vi i foreningen NUUG på å få opp en +norsk utgave av Alaveteli, og her trenger vi din hjelp med +oversettelsen.

+ +

Så langt er 76 % av Alaveteli oversatt til norsk bokmål, men vi +skulle gjerne vært oppe i 100 % før lansering. Oversettelsen gjøres +på Transifex, +der enhver som registrerer seg og ber om tilgang til +bokmålsoversettelsen får bidra. Vi har satt opp en test av tjenesten +(som ikke sender epost til det offentlige, kun til oss som holder på å +sette opp tjenesten) på maskinen +alaveteli-dev.nuug.no, der +en kan se hvordan de oversatte meldingen blir seende ut på nettsiden. +Når tjenesten lanseres vil den hete +Mimes brønn, etter +visdomskilden som Odin måtte gi øyet sitt for å få drikke i. Den +nettsiden er er ennå ikke klar til bruk.

+ +

Hvis noen vil oversette til nynorsk også, så skal vi finne ut +hvordan vi lager en flerspråklig tjeneste. Men i første omgang er +fokus på bokmålsoversettelsen, der vi selv har nok peiling til å ha +fått oversatt 76%, men trenger hjelp for å komme helt i mål. :)

+ +
+
+ + + Tags: norsk, nuug, offentlig innsyn. + + +
+
+
+ +
+
+ Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine
14th March 2014
+
+

The Freedombox +project is working on providing the software and hardware for +making it easy for non-technical people to host their data and +communication at home, and being able to communicate with their +friends and family encrypted and away from prying eyes. It has been +going on for a while, and is slowly progressing towards a new test +release (0.2).

+ +

And what day could be better than the Pi day to announce that the +new version will provide "hard drive" / SD card / USB stick images for +Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization +system), and can also be installed using a Debian installer preseed +file. The Debian based Freedombox is now based on Debian Jessie, +where most of the needed packages used are already present. Only one, +the freedombox-setup package, is missing. To try to build your own +boot image to test the current status, fetch the freedom-maker scripts +and build using +vmdebootstrap +with a user with sudo access to become root: + +

+git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
+  freedom-maker
+sudo apt-get install git vmdebootstrap mercurial python-docutils \
+  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
+  u-boot-tools
+make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
+
+ +

Root access is needed to run debootstrap and mount loopback +devices. See the README for more details on the build. If you do not +want all three images, trim the make line. But note that thanks to a race condition in +vmdebootstrap, the build might fail without the patch to the +kpartx call.

+ +

If you instead want to install using a Debian CD and the preseed +method, boot a Debian Wheezy ISO and use this boot argument to load +the preseed values:

+ +
+url=http://www.reinholdtsen.name/freedombox/preseed-jessie.dat
+
+ +

But note that due to a +recently introduced bug in apt in Jessie, the installer will +currently hang while setting up APT sources. Killing the +'apt-cdrom ident' process when it hang a few times during the +installation will get the installation going. This affect all +installations in Jessie, and I expect it will be fixed soon.

+ +

Give it a go and let us know how it goes on the mailing list, and help +us get the new release published. :) Please join us on +IRC (#freedombox on +irc.debian.org) and +the +mailing list if you want to help make this vision come true.

+ +
+
+ + + Tags: debian, english, freedombox, sikkerhet, surveillance, web. + + +
+
+
+ +
+
+ How to add extra storage servers in Debian Edu / Skolelinux +
+
+ 12th March 2014 +

On larger sites, it is useful to use a dedicated storage server for storing user home directories and data. The design for handling this -in Debian Edu / Skolelinux, is to update the automount rules in LDAP -and let the automount daemon on the clients take care of the rest. I -was reminded about the need to document this better when one of the -customers of Skolelinux Drift AS, -where I am on the board of directors, asked about how to do this. The -steps to get this working are the following:

+in Debian Edu / Skolelinux, is +to update the automount rules in LDAP and let the automount daemon on +the clients take care of the rest. I was reminded about the need to +document this better when one of the customers of +Skolelinux Drift AS, where I am +on the board of directors, asked about how to do this. The steps to +get this working are the following:

    @@ -53,7 +509,7 @@ tjener.intern do not use automount to avoid mounting loops.

    DNS entries are added in GOsa², and not described here. Follow the instructions -in the manual (Machine Management with GOsa² in section etting +in the manual (Machine Management with GOsa² in section Getting started).

    Ensure that the NFS export points on the server are exported to the @@ -240,7 +696,19 @@ meg en epost hvis du har innspill.

  1. February (3)
  2. -
  3. March (2)
  4. +
  5. March (8)
  6. + +
  7. April (7)
  8. + +
  9. May (1)
  10. + +
  11. June (2)
  12. + +
  13. July (2)
  14. + +
  15. August (2)
  16. + +
  17. September (1)
  18. @@ -421,58 +889,62 @@ meg en epost hvis du har innspill.

  19. chrpath (2)
  20. -
  21. debian (94)
  22. +
  23. debian (100)
  24. -
  25. debian edu (145)
  26. +
  27. debian edu (148)
  28. digistan (10)
  29. -
  30. docbook (10)
  31. +
  32. dld (15)
  33. + +
  34. docbook (12)
  35. drivstoffpriser (4)
  36. -
  37. english (237)
  38. +
  39. english (252)
  40. fiksgatami (21)
  41. fildeling (12)
  42. -
  43. freeculture (12)
  44. +
  45. freeculture (13)
  46. -
  47. freedombox (5)
  48. +
  49. freedombox (8)
  50. frikanalen (11)
  51. -
  52. intervju (39)
  53. +
  54. intervju (41)
  55. -
  56. isenkram (7)
  57. +
  58. isenkram (9)
  59. kart (18)
  60. ldap (9)
  61. -
  62. lenker (7)
  63. +
  64. lenker (8)
  65. ltsp (1)
  66. -
  67. mesh network (7)
  68. +
  69. mesh network (8)
  70. -
  71. multimedia (25)
  72. +
  73. multimedia (29)
  74. -
  75. norsk (241)
  76. +
  77. norsk (247)
  78. -
  79. nuug (161)
  80. +
  81. nuug (162)
  82. -
  83. offentlig innsyn (10)
  84. +
  85. offentlig innsyn (11)
  86. open311 (2)
  87. -
  88. opphavsrett (45)
  89. +
  90. opphavsrett (48)
  91. -
  92. personvern (69)
  93. +
  94. personvern (74)
  95. raid (1)
  96. +
  97. reactos (1)
  98. +
  99. reprap (11)
  100. rfid (2)
  101. @@ -485,29 +957,29 @@ meg en epost hvis du har innspill.

  102. scraperwiki (2)
  103. -
  104. sikkerhet (34)
  105. +
  106. sikkerhet (41)
  107. sitesummary (4)
  108. skepsis (4)
  109. -
  110. standard (44)
  111. +
  112. standard (45)
  113. stavekontroll (3)
  114. stortinget (9)
  115. -
  116. surveillance (21)
  117. +
  118. surveillance (25)
  119. sysadmin (1)
  120. valg (8)
  121. -
  122. video (39)
  123. +
  124. video (43)
  125. vitenskap (4)
  126. -
  127. web (28)
  128. +
  129. web (33)