X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/fb6ba24594960258911140b7f18489ea97cf2549..ebfb53b51b789a038b3157fc273aaf96559b76c4:/blog/archive/2013/10/index.html diff --git a/blog/archive/2013/10/index.html b/blog/archive/2013/10/index.html index 572a797649..b84631e63c 100644 --- a/blog/archive/2013/10/index.html +++ b/blog/archive/2013/10/index.html @@ -21,6 +21,364 @@

Entries from October 2013.

+
+
+ Teaching vmdebootstrap to create Raspberry Pi SD card images +
+
+ 27th October 2013 +
+
+

The +vmdebootstrap +program is a a very nice system to create virtual machine images. It +create a image file, add a partition table, mount it and run +debootstrap in the mounted directory to create a Debian system on a +stick. Yesterday, I decided to try to teach it how to make images for +Raspberry Pi, as part +of a plan to simplify the build system for +the FreedomBox +project. The FreedomBox project already uses vmdebootstrap for +the virtualbox images, but its current build system made multistrap +based system for Dreamplug images, and it is lacking support for +Raspberry Pi.

+ +

Armed with the knowledge on how to build "foreign" (aka non-native +architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap +code and adjusted it to be able to build armel images on my amd64 +Debian laptop. I ended up giving vmdebootstrap five new options, +allowing me to replicate the image creation process I use to make +Debian +Jessie based mesh node images for the Raspberry Pi. First, the +--foreign /path/to/binfm_handler option tell vmdebootstrap to +call debootstrap with --foreign and to copy the handler into the +generated chroot before running the second stage. This allow +vmdebootstrap to create armel images on an amd64 host. Next I added +two new options --bootsize size and --boottype +fstype to teach it to create a separate /boot/ partition with the +given file system type, allowing me to create an image with a vfat +partition for the /boot/ stuff. I also added a --variant +variant option to allow me to create smaller images without the +Debian base system packages installed. Finally, I added an option +--no-extlinux to tell vmdebootstrap to not install extlinux +as a boot loader. It is not needed on the Raspberry Pi and probably +most other non-x86 architectures. The changes were accepted by the +upstream author of vmdebootstrap yesterday and today, and is now +available from +the +upstream project page.

+ +

To use it to build a Raspberry Pi image using Debian Jessie, first +create a small script (the customize script) to add the non-free +binary blob needed to boot the Raspberry Pi and the APT source +list:

+ +

+#!/bin/sh
+set -e # Exit on first error
+rootdir="$1"
+cd "$rootdir"
+cat <<EOF > etc/apt/sources.list
+deb http://http.debian.net/debian/ jessie main contrib non-free
+EOF
+# Install non-free binary blob needed to boot Raspberry Pi.  This
+# install a kernel somewhere too.
+wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \
+    -O $rootdir/usr/bin/rpi-update
+chmod a+x $rootdir/usr/bin/rpi-update
+mkdir -p $rootdir/lib/modules
+touch $rootdir/boot/start.elf
+chroot $rootdir rpi-update
+

+ +

Next, fetch the latest vmdebootstrap script and call it like this +to build the image:

+ +
+sudo ./vmdebootstrap \
+    --variant minbase \
+    --arch armel \
+    --distribution jessie \
+    --mirror http://http.debian.net/debian \
+    --image test.img \
+    --size 600M \
+    --bootsize 64M \
+    --boottype vfat \
+    --log-level debug \
+    --verbose \
+    --no-kernel \
+    --no-extlinux \
+    --root-password raspberry \
+    --hostname raspberrypi \
+    --foreign /usr/bin/qemu-arm-static \
+    --customize `pwd`/customize \
+    --package netbase \
+    --package git-core \
+    --package binutils \
+    --package ca-certificates \
+    --package wget \
+    --package kmod
+

+ +

The list of packages being installed are the ones needed by +rpi-update to make the image bootable on the Raspberry Pi, with the +exception of netbase, which is needed by debootstrap to find +/etc/hosts with the minbase variant. I really wish there was a way to +set up an Raspberry Pi using only packages in the Debian archive, but +that is not possible as far as I know, because it boots from the GPU +using a non-free binary blob.

+ +

The build host need debootstrap, kpartx and qemu-user-static and +probably a few others installed. I have not checked the complete +build dependency list.

+ +

The resulting image will not use the hardware floating point unit +on the Raspberry PI, because the armel architecture in Debian is not +optimized for that use. So the images created will be a bit slower +than Raspbian based images.

+ +
+
+ + + Tags: debian, english, freedombox, mesh network. + + +
+
+
+ +
+
+ Det er jo makta som er mest sårbar ved massiv overvåkning av Internett +
+
+ 26th October 2013 +
+
+

De siste måneders eksponering av +den +totale overvåkningen som foregår i den vestlige verden dokumenterer +hvor sårbare vi er. Men det slår meg at de som er mest sårbare +for dette, myndighetspersoner på alle nivåer, neppe har innsett at de +selv er de mest interessante personene å lage profiler på, for å kunne +påvirke dem.

+ +

For å ta et lite eksempel: Stortingets nettsted, +www.stortinget.no (og +forsåvidt også +data.stortinget.no), +inneholder informasjon om det som foregår på Stortinget, og jeg antar +de største brukerne av informasjonen der er representanter og +rådgivere på Stortinget. Intet overraskende med det. Det som derimot +er mer skjult er at Stortingets nettsted bruker +Google +Analytics, hvilket gjør at enhver som besøker nettsidene der også +rapporterer om besøket via Internett-linjer som passerer Sverige, +England og videre til USA. Det betyr at informasjon om ethvert besøk +på stortingets nettsider kan snappes opp av svensk, britisk og USAs +etterretningsvesen. De kan dermed holde et øye med hvilke +Stortingssaker stortingsrepresentantene synes er interessante å sjekke +ut, og hvilke sider rådgivere og andre på stortinget synes er +interessant å besøke, når de gjør det og hvilke andre representanter +som sjekker de samme sidene omtrent samtidig. Stortingets bruk av +Google Analytics gjør det dermed enkelt for utenlands etteretning å +spore representantenes aktivitet og interesse. Hvis noen av +representantene bruker Google Mail eller noen andre tjenestene som +krever innlogging, så vil det være enda enklere å finne ut nøyaktig +hvilke personer som bruker hvilke nettlesere og dermed knytte +informasjonen opp til enkeltpersoner på Stortinget.

+ +

Og jo flere nettsteder som bruker Google Analytics, jo bedre +oversikt over stortingsrepresentantenes lesevaner og interesse blir +tilgjengelig for svensk, britisk og USAs etterretning. Hva de kan +bruke den informasjonen til overlater jeg til leseren å undres +over.

+ +
+
+ + + Tags: norsk, personvern, sikkerhet, stortinget, surveillance. + + +
+
+
+ +
+
+ A Raspberry Pi based batman-adv Mesh network node +
+
+ 21st October 2013 +
+
+

The last few days I have been experimenting with +the +batman-adv mesh technology. I want to gain some experience to see +if it will fit the +Freedombox project, and together with my neighbors try to build a +mesh network around the park where I live. Batman-adv is a layer 2 +mesh system ("ethernet" in other words), where the mesh network appear +as if all the mesh clients are connected to the same switch.

+ +

My hardware of choice was the Linksys WRT54GL routers I had lying +around, but I've been unable to get them working with batman-adv. So +instead, I started playing with a +Raspberry Pi, and tried to +get it working as a mesh node. My idea is to use it to create a mesh +node which function as a switch port, where everything connected to +the Raspberry Pi ethernet plug is connected (bridged) to the mesh +network. This allow me to hook a wifi base station like the Linksys +WRT54GL to the mesh by plugging it into a Raspberry Pi, and allow +non-mesh clients to hook up to the mesh. This in turn is useful for +Android phones using the Serval +Project voip client, allowing every one around the playground to +phone and message each other for free. The reason is that Android +phones do not see ad-hoc wifi networks (they are filtered away from +the GUI view), and can not join the mesh without being rooted. But if +they are connected using a normal wifi base station, they can talk to +every client on the local network.

+ +

To get this working, I've created a debian package +meshfx-node +and a script +build-rpi-mesh-node +to create the Raspberry Pi boot image. I'm using Debian Jessie (and +not Raspbian), to get more control over the packages available. +Unfortunately a huge binary blob need to be inserted into the boot +image to get it booting, but I'll ignore that for now. Also, as +Debian lack support for the CPU features available in the Raspberry +Pi, the system do not use the hardware floating point unit. I hope +the routing performance isn't affected by the lack of hardware FPU +support.

+ +

To create an image, run the following with a sudo enabled user +after inserting the target SD card into the build machine:

+ +

+% wget -O build-rpi-mesh-node \
+    https://raw.github.com/petterreinholdtsen/meshfx-node/master/build-rpi-mesh-node
+% sudo bash -x ./build-rpi-mesh-node > build.log 2>&1
+% dd if=/root/rpi/rpi_basic_jessie_$(date +%Y%m%d).img of=/dev/mmcblk0 bs=1M
+%
+

+ +

Booting with the resulting SD card on a Raspberry PI with a USB +wifi card inserted should give you a mesh node. At least it does for +me with a the wifi card I am using. The default mesh settings are the +ones used by the Oslo mesh project at Hackeriet, as I mentioned in +an +earlier blog post about this mesh testing.

+ +

The mesh node was not horribly expensive either. I bought +everything over the counter in shops nearby. If I had ordered online +from the lowest bidder, the price should be significantly lower:

+ +

+ + + + + + + + +
SupplierModelNOK
TeknikkmagasinetRaspberry Pi model B349.90
TeknikkmagasinetRaspberry Pi type B case99.90
LefdalJensen Air:Link 25150295.-
Clas OhlsonKingston 16 GB SD card199.-
Total cost943.80

+ +

Now my mesh network at home consist of one laptop in the basement +connected to my production network, one Raspberry Pi node on the 1th +floor that can be seen by my neighbor across the park, and one +play-node I use to develop the image building script. And some times +I hook up my work horse laptop to the mesh to test it. I look forward +to figuring out what kind of latency the batman-adv setup will give, +and how much packet loss we will experience around the park. :)

+ +
+
+ + + Tags: english, freedombox, mesh network, nuug. + + +
+
+
+ +
+
+ Perl library to control the Spykee robot moved to github +
+
+ 19th October 2013 +
+
+

Back in 2010, I created a Perl library to talk to +the Spykee robot +(with two belts, wifi, USB and Linux) and made it available from my +web page. Today I concluded that it should move to a site that is +easier to use to cooperate with others, and moved it to github. If +you got a Spykee robot, you might want to check out +the +libspykee-perl github repository.

+ +
+
+ + + Tags: english, nuug, robot. + + +
+
+
+ +
+
+ Good causes: Debian Outreach Program for Women, EFF documenting the spying and Open access in Norway +
+
+ 15th October 2013 +
+
+

The last few days I came across a few good causes that should get +wider attention. I recommend signing and donating to each one of +these. :)

+ +

Via Debian +Project News for 2013-10-14 I came across the Outreach Program for +Women program which is a Google Summer of Code like initiative to get +more women involved in free software. One debian sponsor has offered +to match any donation done to Debian +earmarked for this initiative. I donated a few minutes ago, and +hope you will to. :)

+ +

And the Electronic Frontier Foundation just announced plans to +create video +documentaries about the excessive spying on every Internet user that +take place these days, and their need to fund the work. I've already +donated. Are you next?

+ +

For my Norwegian audience, the organisation Studentenes og +Akademikernes Internasjonale Hjelpefond is collecting signatures for a +statement under the heading +Bloggers United for Open +Access for those of us asking for more focus on open access in the +Norwegian government. So far 499 signatures. I hope you will sign it +too.

+ +
+
+ + + Tags: debian, english, opphavsrett, surveillance. + + +
+
+
+
Oslo community mesh network - with NUUG and Hackeriet at Hausmania @@ -84,7 +442,7 @@ There are heaps of different protocols, and I am still struggling to figure out which one would be "best" for some definitions of best, but given that the community mesh group in Oslo is so small, I believe it is best to hook up with the existing one instead of trying to create a -completely different setup, and thus this have decided to focus on +completely different setup, and thus I have decided to focus on batman-adv for now. It sure help me to know that the very cool Serval project in Australia is using batman-adv as their meshing technology when it create a self @@ -102,7 +460,7 @@ packets across mesh networks, and OLSR, B.A.T.M.A.N. and B.A.T.M.A.N. advanced are protocols used by several free software based community mesh networks.

-

The batman-adv protocol is a bit special, as it provide layer 2 +

The batman-adv protocol is a bit special, as it provide layer 2 (as in ethernet ) routing, allowing ipv4 and ipv6 to work on the same network. One way to think about it is that it provide a mesh based vlan you can bridge to or handle like any other vlan connected to your @@ -112,13 +470,13 @@ least since Debian Wheezy, and it is fairly easy to set up. A introduction is available from the Open Mesh project. These are the key settings needed to join the Oslo meshfx network:

- +

-
SettingValue
Protocol / kernel modulebatman-adv
ESSIDmeshfx@hackeriet
Channel / Frequency11 / 2462
Cell ID02:BA:00:00:00:01
+

The reason for setting ad-hoc wifi Cell ID is to work around bugs in firmware used in wifi card and wifi drivers. (See a nice post from @@ -153,11 +511,17 @@ to figure out a good business plan for mesh networking and as far as I know have closed down the experiment. Perhaps Telenor or others would be interested in a cooperation?

+

Update 2013-10-12: I was just +told +by the Serval project developers that they no longer use +batman-adv (but are compatible with it), but their own crypto based +mesh system.

+
- Tags: english, freedombox, nuug. + Tags: english, freedombox, mesh network, nuug.
@@ -216,6 +580,50 @@ me know. :)

Archive