X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/ecdf7d14b113afc64f4b86bcae3dbda7b418fad9..664e29a948f20e356de06149be10c64ac3ea9b7b:/blog/archive/2014/03/index.html diff --git a/blog/archive/2014/03/index.html b/blog/archive/2014/03/index.html index 8bb02c74a5..ca0d91ae25 100644 --- a/blog/archive/2014/03/index.html +++ b/blog/archive/2014/03/index.html @@ -23,20 +23,476 @@
- How to add extra storage servers in Debian Edu / Skolelinux + Debian Edu interview: Roger Marsal +
+
+ 30th March 2014 +
+
+

Debian Edu / Skolelinux +keep gaining new users. Some weeks ago, a person showed up on IRC, +#debian-edu, with a +wish to contribute, and I managed to get a interview with this great +contributor Roger Marsal to learn more about his background.

+ +

Who are you, and how do you spend your days?

+ +

My name is Roger Marsal, I'm 27 years old (1986 generation) and I +live in Barcelona, Spain. I've got a strong business background and I +work as a patrimony manager and as a real estate agent. Additionally, +I've co-founded a British based tech company that is nowadays on the +last development phase of a new social networking concept.

+ +

I'm a Linux enthusiast that started its journey with Ubuntu four years +ago and have recently switched to Debian seeking rock solid stability +and as a necessary step to gain expertise.

+ +

In a nutshell, I spend my days working and learning as much as I +can to face both my job, entrepreneur project and feed my Linux +hunger.

+ +

How did you get in contact with the Skolelinux / Debian Edu +project?

+ +

I discovered the LTSP advantages +with "Ubuntu 12.04 alternate install" and after a year of use I +started looking for an alternative. Even though I highly value and +respect the Ubuntu project, I thought it was necessary for me to +change to a more robust and stable alternative. As far as I was using +Debian on my personal laptop I thought it would be fine to install +Debian and configure an LTSP server myself. Surprised, I discovered +that the Debian project also supported a kind of Edubuntu equivalent, +and after having some pain I obtained a Debian Edu network up and +running. I just loved it.

+ +

What do you see as the advantages of Skolelinux / Debian +Edu?

+ +

I found a main advantage in that, once you know "the tips and +tricks", a new installation just works out of the box. It's the most +complete alternative I've found to create an LTSP network. All the +other distributions seems to be made of plastic, Debian Edu seems to +be made of steel.

+ +

What do you see as the disadvantages of Skolelinux / Debian +Edu?

+ +

I found two main disadvantages.

+ +

I'm not an expert but I've got notions and I had to spent a considerable +amount of time trying to bring up a standard network topology. I'm quite +stubborn and I just worked until I did but I'm sure many people with few +resources (not big schools, but academies for example) would have switched +or dropped.

+ +

It's amazing how such a complex system like Debian Edu has achieved +this out-of-the-box state. Even though tweaking without breaking gets +more difficult, as more factors have to be considered. This can +discourage many people too.

+ +

Which free software do you use daily?

+ +

I use Debian, Firefox, Okular, Inkscape, LibreOffice and +Virtualbox.

+ + +

Which strategy do you believe is the right one to use to +get schools to use free software?

+ +

I don't think there is a need for a particular strategy. The free +attribute in both "freedom" and "no price" meanings is what will +really bring free software to schools. In my experience I can think of +the "R" statistical language; a +few years a ago was an extremely nerd tool for university people. +Today it's being increasingly used to teach statistics at many +different level of studies. I believe free and open software will +increasingly gain popularity, but I'm sure schools will be one of the +first scenarios where this will happen.

+ +
+
+ + + Tags: debian edu, english, intervju. + + +
+
+
+ +
+
+ Dokumentaren om Datalagringsdirektivet sendes endelig på NRK +
+
+ 26th March 2014 +
+
+

Foreningen NUUG melder i natt at +NRK nå har bestemt seg for +når +den norske dokumentarfilmen om datalagringsdirektivet skal +sendes (se IMDB +for detaljer om filmen) . Første visning blir på NRK2 mandag +2014-03-31 kl. 19:50, og deretter visninger onsdag 2014-04-02 +kl. 12:30, fredag 2014-04-04 kl. 19:40 og søndag 2014-04-06 kl. 15:10. +Jeg har sett dokumentaren, og jeg anbefaler enhver å se den selv. Som +oppvarming mens vi venter anbefaler jeg Bjørn Stærks kronikk i +Aftenposten fra i går, +Autoritær +gjøkunge, der han gir en grei skisse av hvor ille det står til med +retten til privatliv og beskyttelsen av demokrati i Norge og resten +verden, og helt riktig slår fast at det er vi i databransjen som +sitter med nøkkelen til å gjøre noe med dette. Jeg har involvert meg +i prosjektene dugnadsnett.no +og FreedomBox for å +forsøke å gjøre litt selv for å bedre situasjonen, men det er mye +hardt arbeid fra mange flere enn meg som gjenstår før vi kan sies å ha +gjenopprettet balansen.

+ +

Jeg regner med at nettutgaven dukker opp på +NRKs +side om filmen om datalagringsdirektivet om fem dager. Hold et +øye med siden, og tips venner og slekt om at de også bør se den.

+ +
+
+ + + Tags: dld, freedombox, mesh network, norsk, personvern, sikkerhet, surveillance. + + +
+
+
+ +
+
+ Public Trusted Timestamping services for everyone +
+
+ 25th March 2014 +
+
+

Did you ever need to store logs or other files in a way that would +allow it to be used as evidence in court, and needed a way to +demonstrate without reasonable doubt that the file had not been +changed since it was created? Or, did you ever need to document that +a given document was received at some point in time, like some +archived document or the answer to an exam, and not changed after it +was received? The problem in these settings is to remove the need to +trust yourself and your computers, while still being able to prove +that a file is the same as it was at some given time in the past.

+ +

A solution to these problems is to have a trusted third party +"stamp" the document and verify that at some given time the document +looked a given way. Such +notarius service +have been around for thousands of years, and its digital equivalent is +called a +trusted +timestamping service. The Internet +Engineering Task Force standardised how such service could work a +few years ago as RFC +3161. The mechanism is simple. Create a hash of the file in +question, send it to a trusted third party which add a time stamp to +the hash and sign the result with its private key, and send back the +signed hash + timestamp. Both email, FTP and HTTP can be used to +request such signature, depending on what is provided by the service +used. Anyone with the document and the signature can then verify that +the document matches the signature by creating their own hash and +checking the signature using the trusted third party public key. +There are several commercial services around providing such +timestamping. A quick search for +"rfc 3161 +service" pointed me to at least +DigiStamp, +Quo +Vadis, +Global Sign +and Global +Trust Finder. The system work as long as the private key of the +trusted third party is not compromised.

+ +

But as far as I can tell, there are very few public trusted +timestamp services available for everyone. I've been looking for one +for a while now. But yesterday I found one over at +Deutches +Forschungsnetz mentioned in +a +blog by David Müller. I then found +a +good recipe on how to use the service over at the University of +Greifswald.

+ +

The OpenSSL library contain +both server and tools to use and set up your own signing service. See +the ts(1SSL), tsget(1SSL) manual pages for more details. The +following shell script demonstrate how to extract a signed timestamp +for any file on the disk in a Debian environment:

+ +

+#!/bin/sh
+set -e
+url="http://zeitstempel.dfn.de"
+caurl="https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt"
+reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
+resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
+cafile=chain.txt
+if [ ! -f $cafile ] ; then
+    wget -O $cafile "$caurl"
+fi
+openssl ts -query -data "$1" -cert | tee "$reqfile" \
+    | /usr/lib/ssl/misc/tsget -h "$url" -o "$resfile"
+openssl ts -reply -in "$resfile" -text 1>&2
+openssl ts -verify -data "$1" -in "$resfile" -CAfile "$cafile" 1>&2
+base64 < "$resfile"
+rm "$reqfile" "$resfile"
+

+ +

The argument to the script is the file to timestamp, and the output +is a base64 encoded version of the signature to STDOUT and details +about the signature to STDERR. Note that due to +a bug +in the tsget script, you might need to modify the included script +and remove the last line. Or just write your own HTTP uploader using +curl. :) Now you too can prove and verify that files have not been +changed.

+ +

But the Internet need more public trusted timestamp services. +Perhaps something for Uninett or +my work place the University of Oslo +to set up?

+ +
+
+ + + Tags: english, sikkerhet. + + +
+
+
+ +
+
+ Video DVD reader library / python-dvdvideo - nice free software +
+
+ 21st March 2014 +
+
+

Keeping your DVD collection safe from scratches and curious +children fingers while still having it available when you want to see a +movie is not straight forward. My preferred method at the moment is +to store a full copy of the ISO on a hard drive, and use VLC, Popcorn +Hour or other useful players to view the resulting file. This way the +subtitles and bonus material are still available and using the ISO is +just like inserting the original DVD record in the DVD player.

+ +

Earlier I used dd for taking security copies, but it do not handle +DVDs giving read errors (which are quite a few of them). I've also +tried using +dvdbackup +and genisoimage, but these days I use the marvellous python library +and program +python-dvdvideo +written by Bastian Blank. It is +in Debian +already and the binary package name is python3-dvdvideo. Instead +of trying to read every block from the DVD, it parses the file +structure and figure out which block on the DVD is actually in used, +and only read those blocks from the DVD. This work surprisingly well, +and I have been able to almost backup my entire DVD collection using +this method.

+ +

So far, python-dvdvideo have failed on between 10 and +20 DVDs, which is a small fraction of my collection. The most common +problem is +DVDs +using UTF-16 instead of UTF-8 characters, which according to +Bastian is against the DVD specification (and seem to cause some +players to fail too). A rarer problem is what seem to be inconsistent +DVD structures, as the python library +claim +there is a overlap between objects. An equally rare problem claim +some +value is out of range. No idea what is going on there. I wish I +knew enough about the DVD format to fix these, to ensure my movie +collection will stay with me in the future.

+ +

So, if you need to keep your DVDs safe, back them up using +python-dvdvideo. :)

+ +
+
+ + + Tags: english, multimedia, opphavsrett, video. + + +
+
+
+ +
+
+ Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene +
+
+ 16th March 2014 +
+
+

Det offentlige Norge har mye kunnskap og informasjon. Men hvordan +kan en få tilgang til den på en enkel måte? Takket være et lite +knippe lover og tilhørende forskrifter, blant annet +offentlighetsloven, +miljøinformasjonsloven +og +forvaltningsloven +har en rett til å spørre det offentlige og få svar. Men det finnes +intet offentlig arkiv over hva andre har spurt om, og dermed risikerer en +å måtte forstyrre myndighetene gang på gang for å få tak i samme +informasjonen på nytt. Britiske +mySociety har laget tjenesten +WhatDoTheyKnow som gjør +noe med dette. I Storbritannia blir WhatdoTheyKnow brukt i +ca +15% av alle innsynsforespørsler mot sentraladministrasjonen. +Prosjektet heter Alaveteli, og +er takk i bruk en rekke steder etter at løsningen ble generalisert og +gjort mulig å oversette. Den hjelper borgerne med å be om innsyn, +rådgir ved purringer og klager og lar alle se hvilke henvendelser som +er sendt til det offentlige og hvilke svar som er kommet inn, i et +søkpart arkiv. Her i Norge holder vi i foreningen NUUG på å få opp en +norsk utgave av Alaveteli, og her trenger vi din hjelp med +oversettelsen.

+ +

Så langt er 76 % av Alaveteli oversatt til norsk bokmål, men vi +skulle gjerne vært oppe i 100 % før lansering. Oversettelsen gjøres +på Transifex, +der enhver som registrerer seg og ber om tilgang til +bokmålsoversettelsen får bidra. Vi har satt opp en test av tjenesten +(som ikke sender epost til det offentlige, kun til oss som holder på å +sette opp tjenesten) på maskinen +alaveteli-dev.nuug.no, der +en kan se hvordan de oversatte meldingen blir seende ut på nettsiden. +Når tjenesten lanseres vil den hete +Mimes brønn, etter +visdomskilden som Odin måtte gi øyet sitt for å få drikke i. Den +nettsiden er er ennå ikke klar til bruk.

+ +

Hvis noen vil oversette til nynorsk også, så skal vi finne ut +hvordan vi lager en flerspråklig tjeneste. Men i første omgang er +fokus på bokmålsoversettelsen, der vi selv har nok peiling til å ha +fått oversatt 76%, men trenger hjelp for å komme helt i mål. :)

+ +
+
+ + + Tags: norsk, nuug, offentlig innsyn. + + +
+
+
+ +
+
+ Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine
14th March 2014
+
+

The Freedombox +project is working on providing the software and hardware for +making it easy for non-technical people to host their data and +communication at home, and being able to communicate with their +friends and family encrypted and away from prying eyes. It has been +going on for a while, and is slowly progressing towards a new test +release (0.2).

+ +

And what day could be better than the Pi day to announce that the +new version will provide "hard drive" / SD card / USB stick images for +Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization +system), and can also be installed using a Debian installer preseed +file. The Debian based Freedombox is now based on Debian Jessie, +where most of the needed packages used are already present. Only one, +the freedombox-setup package, is missing. To try to build your own +boot image to test the current status, fetch the freedom-maker scripts +and build using +vmdebootstrap +with a user with sudo access to become root: + +

+git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
+  freedom-maker
+sudo apt-get install git vmdebootstrap mercurial python-docutils \
+  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
+  u-boot-tools
+make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
+
+ +

Root access is needed to run debootstrap and mount loopback +devices. See the README for more details on the build. If you do not +want all three images, trim the make line. But note that thanks to a race condition in +vmdebootstrap, the build might fail without the patch to the +kpartx call.

+ +

If you instead want to install using a Debian CD and the preseed +method, boot a Debian Wheezy ISO and use this boot argument to load +the preseed values:

+ +
+url=http://www.reinholdtsen.name/freedombox/preseed-jessie.dat
+
+ +

But note that due to a +recently introduced bug in apt in Jessie, the installer will +currently hang while setting up APT sources. Killing the +'apt-cdrom ident' process when it hang a few times during the +installation will get the installation going. This affect all +installations in Jessie, and I expect it will be fixed soon.

+ +

Give it a go and let us know how it goes on the mailing list, and help +us get the new release published. :) Please join us on +IRC (#freedombox on +irc.debian.org) and +the +mailing list if you want to help make this vision come true.

+ +
+
+ + + Tags: debian, english, freedombox, sikkerhet, surveillance, web. + + +
+
+
+ +
+
+ How to add extra storage servers in Debian Edu / Skolelinux +
+
+ 12th March 2014 +

On larger sites, it is useful to use a dedicated storage server for storing user home directories and data. The design for handling this -in Debian Edu / Skolelinux, is to update the automount rules in LDAP -and let the automount daemon on the clients take care of the rest. I -was reminded about the need to document this better when one of the -customers of Skolelinux Drift AS, -where I am on the board of directors, asked about how to do this. The -steps to get this working are the following:

+in Debian Edu / Skolelinux, is +to update the automount rules in LDAP and let the automount daemon on +the clients take care of the rest. I was reminded about the need to +document this better when one of the customers of +Skolelinux Drift AS, where I am +on the board of directors, asked about how to do this. The steps to +get this working are the following:

    @@ -53,7 +509,7 @@ tjener.intern do not use automount to avoid mounting loops.

    DNS entries are added in GOsa², and not described here. Follow the instructions -in the manual (Machine Management with GOsa² in section etting +in the manual (Machine Management with GOsa² in section Getting started).

    Ensure that the NFS export points on the server are exported to the @@ -240,7 +696,19 @@ meg en epost hvis du har innspill.

  1. February (3)
    2. -
  2. March (2)
    3. +
  3. March (8)
    4. + +
  4. April (7)
    5. + +
  5. May (1)
    6. + +
  6. June (2)
    7. + +
  7. July (2)
    8. + +
  8. August (2)
    9. + +
  9. September (1)
    10. @@ -421,58 +889,62 @@ meg en epost hvis du har innspill.

  10. chrpath (2)
    11. -
  11. debian (94)
    12. +
  12. debian (100)
    13. -
  13. debian edu (145)
    14. +
  14. debian edu (148)
  15. digistan (10)
    16. -
  16. docbook (10)
    17. +
  17. dld (15)
    18. + +
  18. docbook (12)
  19. drivstoffpriser (4)
    20. -
  20. english (237)
    21. +
  21. english (252)
  22. fiksgatami (21)
  23. fildeling (12)
    24. -
  24. freeculture (12)
    25. +
  25. freeculture (13)
    26. -
  26. freedombox (5)
    27. +
  27. freedombox (8)
  28. frikanalen (11)
    29. -
  29. intervju (39)
    30. +
  30. intervju (41)
    31. -
  31. isenkram (7)
    32. +
  32. isenkram (9)
  33. kart (18)
  34. ldap (9)
    35. -
  35. lenker (7)
    36. +
  36. lenker (8)
  37. ltsp (1)
    38. -
  38. mesh network (7)
    39. +
  39. mesh network (8)
    40. -
  40. multimedia (25)
    41. +
  41. multimedia (29)
    42. -
  42. norsk (241)
    43. +
  43. norsk (247)
    44. -
  44. nuug (161)
    45. +
  45. nuug (162)
    46. -
  46. offentlig innsyn (10)
    47. +
  47. offentlig innsyn (11)
  48. open311 (2)
    49. -
  49. opphavsrett (45)
    50. +
  50. opphavsrett (48)
    51. -
  51. personvern (69)
    52. +
  52. personvern (74)
  53. raid (1)
    54. +
  54. reactos (1)
    55. +
  55. reprap (11)
  56. rfid (2)
    57. @@ -485,29 +957,29 @@ meg en epost hvis du har innspill.

  57. scraperwiki (2)
    58. -
  58. sikkerhet (34)
    59. +
  59. sikkerhet (41)
  60. sitesummary (4)
  61. skepsis (4)
    62. -
  62. standard (44)
    63. +
  63. standard (45)
  64. stavekontroll (3)
  65. stortinget (9)
    66. -
  66. surveillance (21)
    67. +
  67. surveillance (25)
  68. sysadmin (1)
  69. valg (8)
    70. -
  70. video (39)
    71. +
  71. video (43)
  72. vitenskap (4)
    73. -
  73. web (28)
    74. +
  74. web (33)