Generated.

[homepage.git] / blog / index.rss

<?xml version="1.0" encoding="utf-8"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/' xmlns:atom="http://www.w3.org/2005/Atom">
        <channel>
                <title>Petter Reinholdtsen</title>
                <description></description>
                <link>http://people.skolelinux.org/pere/blog/</link>
                <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
                <title>S3QL, a locally mounted cloud file system - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/S3QL__a_locally_mounted_cloud_file_system___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/S3QL__a_locally_mounted_cloud_file_system___nice_free_software.html</guid>
                <pubDate>Wed, 9 Apr 2014 11:30:00 +0200</pubDate>
                <description>&lt;p&gt;For a while now, I have been looking for a sensible offsite backup
solution for use at home.  My requirements are simple, it must be
cheap and locally encrypted (in other words, I keep the encryption
keys, the storage provider do not have access to my private files).
One idea me and my friends had many years ago, before the cloud
storage providers showed up, was to use Google mail as storage,
writing a Linux block device storing blocks as emails in the mail
service provided by Google, and thus get heaps of free space.  On top
of this one can add encryption, RAID and volume management to have
lots of (fairly slow, I admit that) cheap and encrypted storage.  But
I never found time to implement such system.  But the last few weeks I
have looked at a system called
&lt;a href=&quot;https://bitbucket.org/nikratio/s3ql/&quot;&gt;S3QL&lt;/a&gt;, a locally
mounted network backed file system with the features I need.&lt;/p&gt;

&lt;p&gt;S3QL is a fuse file system with a local cache and cloud storage,
handling several different storage providers, any with Amazon S3,
Google Drive or OpenStack API.  There are heaps of such storage
providers.  S3QL can also use a local directory as storage, which
combined with sshfs allow for file storage on any ssh server.  S3QL
include support for encryption, compression, de-duplication, snapshots
and immutable file systems, allowing me to mount the remote storage as
a local mount point, look at and use the files as if they were local,
while the content is stored in the cloud as well.  This allow me to
have a backup that should survive fire.  The file system can not be
shared between several machines at the same time, as only one can
mount it at the time, but any machine with the encryption key and
access to the storage service can mount it if it is unmounted.&lt;/p&gt;

&lt;p&gt;It is simple to use.  I&#39;m using it on Debian Wheezy, where the
package is included already.  So to get started, run &lt;tt&gt;apt-get
install s3ql&lt;/tt&gt;.  Next, pick a storage provider.  I ended up picking
Greenqloud, after reading their nice recipe on
&lt;a href=&quot;https://greenqloud.zendesk.com/entries/44611757-How-To-Use-S3QL-to-mount-a-StorageQloud-bucket-on-Debian-Wheezy&quot;&gt;how
to use S3QL with their Amazon S3 service&lt;/a&gt;, because I trust the laws
in Iceland more than those in USA when it come to keeping my personal
data safe and private, and thus would rather spend money on a company
in Iceland.  Another nice recipe is available from the article
&lt;a href=&quot;http://www.admin-magazine.com/HPC/Articles/HPC-Cloud-Storage&quot;&gt;S3QL
Filesystem for HPC Storage&lt;/a&gt; by Jeff Layton in the HPC section of
Admin magazine.  When the provider is picked, figure out how to get
the API key needed to connect to the storage API.  With Greencloud,
the key did not show up until I had added payment details to my
account.&lt;/p&gt;

&lt;p&gt;Armed with the API access details, it is time to create the file
system.  First, create a new bucket in the cloud.  This bucket is the
file system storage area.  I picked a bucket name reflecting the
machine that was going to store data there, but any name will do.
I&#39;ll refer to it as &lt;tt&gt;bucket-name&lt;/tt&gt; below.  In addition, one need
the API login and password, and a locally created password.  Store it
all in ~root/.s3ql/authinfo2 like this:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
[s3c]
storage-url: s3c://s.greenqloud.com:443/bucket-name
backend-login: API-login
backend-password: API-password
fs-passphrase: local-password
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;I create my local passphrase using &lt;tt&gt;pwget 50&lt;/tt&gt; or similar,
but any sensible way to create a fairly random password should do it.
Armed with these details, it is now time to run mkfs, entering the API
details and password to create it:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# mkdir -m 700 /var/lib/s3ql-cache
# mkfs.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl s3c://s.greenqloud.com:443/bucket-name
Enter backend login: 
Enter backend password: 
Before using S3QL, make sure to read the user&#39;s guide, especially
the &#39;Important Rules to Avoid Loosing Data&#39; section.
Enter encryption password: 
Confirm encryption password: 
Generating random encryption key...
Creating metadata tables...
Dumping metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Compressing and uploading metadata...
Wrote 0.00 MB of compressed metadata.
# &lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The next step is mounting the file system to make the storage available.

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
Using 4 upload threads.
Downloading and decompressing metadata...
Reading metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Mounting filesystem...
# df -h /s3ql
Filesystem                              Size  Used Avail Use% Mounted on
s3c://s.greenqloud.com:443/bucket-name  1.0T     0  1.0T   0% /s3ql
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The file system is now ready for use.  I use rsync to store my
backups in it, and as the metadata used by rsync is downloaded at
mount time, no network traffic (and storage cost) is triggered by
running rsync.  To unmount, one should not use the normal umount
command, as this will not flush the cache to the cloud storage, but
instead running the umount.s3ql command like this:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# umount.s3ql /s3ql
# 
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;There is a fsck command available to check the file system and
correct any problems detected.  This can be used if the local server
crashes while the file system is mounted, to reset the &quot;already
mounted&quot; flag.  This is what it look like when processing a working
file system:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# fsck.s3ql --force --ssl s3c://s.greenqloud.com:443/bucket-name
Using cached metadata.
File system seems clean, checking anyway.
Checking DB integrity...
Creating temporary extra indices...
Checking lost+found...
Checking cached objects...
Checking names (refcounts)...
Checking contents (names)...
Checking contents (inodes)...
Checking contents (parent inodes)...
Checking objects (reference counts)...
Checking objects (backend)...
..processed 5000 objects so far..
..processed 10000 objects so far..
..processed 15000 objects so far..
Checking objects (sizes)...
Checking blocks (referenced objects)...
Checking blocks (refcounts)...
Checking inode-block mapping (blocks)...
Checking inode-block mapping (inodes)...
Checking inodes (refcounts)...
Checking inodes (sizes)...
Checking extended attributes (names)...
Checking extended attributes (inodes)...
Checking symlinks (inodes)...
Checking directory reachability...
Checking unix conventions...
Checking referential integrity...
Dropping temporary indices...
Backing up old metadata...
Dumping metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Compressing and uploading metadata...
Wrote 0.89 MB of compressed metadata.
# 
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Thanks to the cache, working on files that fit in the cache is very
quick, about the same speed as local file access.  Uploading large
amount of data is to me limited by the bandwidth out of and into my
house.  Uploading 685 MiB with a 100 MiB cache gave me 305 kiB/s,
which is very close to my upload speed, and downloading the same
Debian installation ISO gave me 610 kiB/s, close to my download speed.
Both were measured using &lt;tt&gt;dd&lt;/tt&gt;.  So for me, the bottleneck is my
network, not the file system code.  I do not know what a good cache
size would be, but suspect that the cache should e larger than your
working set.&lt;/p&gt;

&lt;p&gt;I mentioned that only one machine can mount the file system at the
time.  If another machine try, it is told that the file system is
busy:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
Using 8 upload threads.
Backend reports that fs is still mounted elsewhere, aborting.
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The file content is uploaded when the cache is full, while the
metadata is uploaded once every 24 hour by default.  To ensure the
file system content is flushed to the cloud, one can either umount the
file system, or ask S3QL to flush the cache and metadata using
s3qlctrl:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# s3qlctrl upload-meta /s3ql
# s3qlctrl flushcache /s3ql
# 
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;If you are curious about how much space your data uses in the
cloud, and how much compression and deduplication cut down on the
storage usage, you can use s3qlstat on the mounted file system to get
a report:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# s3qlstat /s3ql
Directory entries:    9141
Inodes:               9143
Data blocks:          8851
Total data size:      22049.38 MB
After de-duplication: 21955.46 MB (99.57% of total)
After compression:    21877.28 MB (99.22% of total, 99.64% of de-duplicated)
Database size:        2.39 MB (uncompressed)
(some values do not take into account not-yet-uploaded dirty blocks in cache)
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;I mentioned earlier that there are several possible suppliers of
storage.  I did not try to locate them all, but am aware of at least
&lt;a href=&quot;https://www.greenqloud.com/&quot;&gt;Greenqloud&lt;/a&gt;,
&lt;a href=&quot;http://drive.google.com/&quot;&gt;Google Drive&lt;/a&gt;,
&lt;a href=&quot;http://aws.amazon.com/s3/&quot;&gt;Amazon S3 web serivces&lt;/a&gt;,
&lt;a href=&quot;http://www.rackspace.com/&quot;&gt;Rackspace&lt;/a&gt; and
&lt;a href=&quot;http://crowncloud.net/&quot;&gt;Crowncloud&lt;/A&gt;.  The latter even
accept payment in Bitcoin.  Pick one that suit your need.  Some of
them provide several GiB of free storage, but the prize models are
quite different and you will have to figure out what suits you
best.&lt;/p&gt;

&lt;p&gt;While researching this blog post, I had a look at research papers
and posters discussing the S3QL file system.  There are several, which
told me that the file system is getting a critical check by the
science community and increased my confidence in using it.  One nice
poster is titled
&quot;&lt;a href=&quot;http://www.lanl.gov/orgs/adtsc/publications/science_highlights_2013/docs/pg68_69.pdf&quot;&gt;An
Innovative Parallel Cloud Storage System using OpenStack’s SwiftObject
Store and Transformative Parallel I/O Approach&lt;/a&gt;&quot; by Hsing-Bung
Chen, Benjamin McClelland, David Sherrill, Alfred Torrez, Parks Fields
and Pamela Smith.  Please  have a look.&lt;/p&gt;

&lt;p&gt;Given my problems with different file systems earlier, I decided to
check out the mounted S3QL file system to see if it would be usable as
a home directory (in other word, that it provided POSIX semantics when
it come to locking and umask handling etc).  Running
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html&quot;&gt;my
test code to check file system semantics&lt;/a&gt;, I was happy to discover that
no error was found.  So the file system can be used for home
directories, if one chooses to do so.&lt;/p&gt;

&lt;p&gt;If you do not want a locally file system, and want something that
work without the Linux fuse file system, I would like to mention the
&lt;a href=&quot;http://www.tarsnap.com/&quot;&gt;Tarsnap service&lt;/a&gt;, which also
provide locally encrypted backup using a command line client.  It have
a nicer access control system, where one can split out read and write
access, allowing some systems to write to the backup and others to
only read from it.&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>EU-domstolen bekreftet i dag at datalagringsdirektivet er ulovlig</title>
                <link>http://people.skolelinux.org/pere/blog/EU_domstolen_bekreftet_i_dag_at_datalagringsdirektivet_er_ulovlig.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/EU_domstolen_bekreftet_i_dag_at_datalagringsdirektivet_er_ulovlig.html</guid>
                <pubDate>Tue, 8 Apr 2014 11:30:00 +0200</pubDate>
                <description>&lt;p&gt;I dag kom endelig avgjørelsen fra EU-domstolen om
datalagringsdirektivet, som ikke overraskende ble dømt ulovlig og i
strid med borgernes grunnleggende rettigheter.  Hvis du lurer på hva
datalagringsdirektivet er for noe, så er det
&lt;a href=&quot;http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet&quot;&gt;en
flott dokumentar tilgjengelig hos NRK&lt;/a&gt; som jeg tidligere
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html&quot;&gt;har
anbefalt&lt;/a&gt; alle å se.&lt;/p&gt;

&lt;p&gt;Her er et liten knippe nyhetsoppslag om saken, og jeg regner med at
det kommer flere ut over dagen.  Flere kan finnes
&lt;a href=&quot;http://www.mylder.no/?drill=datalagringsdirektivet&amp;intern=1&quot;&gt;via
mylder&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;ul&gt;

&lt;li&gt;&lt;a href=&quot;http://e24.no/digital/eu-domstolen-datalagringsdirektivet-er-ugyldig/22879592&quot;&gt;EU-domstolen:
Datalagringsdirektivet er ugyldig&lt;/a&gt; - e24.no 2014-04-08

&lt;li&gt;&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/EU-domstolen-Datalagringsdirektivet-er-ulovlig-7529032.html&quot;&gt;EU-domstolen:
Datalagringsdirektivet er ulovlig&lt;/a&gt; - aftenposten.no 2014-04-08

&lt;li&gt;&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/politikk/Krever-DLD-stopp-i-Norge-7530086.html&quot;&gt;Krever
DLD-stopp i Norge&lt;/a&gt; - aftenposten.no 2014-04-08

&lt;li&gt;&lt;a href=&quot;http://www.p4.no/story.aspx?id=566431&quot;&gt;Apenes: - En
gledens dag&lt;/a&gt; - p4.no 2014-04-08

&lt;li&gt;&lt;a href=&quot;http://www.nrk.no/norge/_-datalagringsdirektivet-er-ugyldig-1.11655929&quot;&gt;EU-domstolen:
– Datalagringsdirektivet er ugyldig&lt;/a&gt; - nrk.no 2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.vg.no/nyheter/utenriks/data-og-nett/eu-domstolen-datalagringsdirektivet-er-ugyldig/a/10130280/&quot;&gt;EU-domstolen:
Datalagringsdirektivet er ugyldig&lt;/a&gt; - vg.no 2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.dagbladet.no/2014/04/08/nyheter/innenriks/datalagringsdirektivet/personvern/32711646/&quot;&gt;-
Vi bør skrote hele datalagringsdirektivet&lt;/a&gt; - dagbladet.no
2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.digi.no/928137/eu-domstolen-dld-er-ugyldig&quot;&gt;EU-domstolen:
DLD er ugyldig&lt;/a&gt; - digi.no 2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.irishtimes.com/business/sectors/technology/european-court-declares-data-retention-directive-invalid-1.1754150&quot;&gt;European
court declares data retention directive invalid&lt;/a&gt; - irishtimes.com
2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.reuters.com/article/2014/04/08/us-eu-data-ruling-idUSBREA370F020140408?feedType=RSS&quot;&gt;EU
court rules against requirement to keep data of telecom users&lt;/a&gt; -
reuters.com 2014-04-08&lt;/li&gt;

&lt;/ul&gt;
&lt;/p&gt;

&lt;p&gt;Jeg synes det er veldig fint at nok en stemme slår fast at
totalitær overvåkning av befolkningen er uakseptabelt, men det er
fortsatt like viktig å beskytte privatsfæren som før, da de
teknologiske mulighetene fortsatt finnes og utnyttes, og jeg tror
innsats i prosjekter som
&lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox&lt;/a&gt; og
&lt;a href=&quot;http://www.dugnadsnett.no/&quot;&gt;Dugnadsnett&lt;/a&gt; er viktigere enn
noen gang.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2014-04-08 12:10&lt;/strong&gt;: Kronerullingen for å
stoppe datalagringsdirektivet i Norge gjøres hos foreningen
&lt;a href=&quot;http://www.digitaltpersonvern.no/&quot;&gt;Digitalt Personvern&lt;/a&gt;,
som har samlet inn 843 215,- så langt men trenger nok mye mer hvis

ikke Høyre og Arbeiderpartiet bytter mening i saken.  Det var
&lt;a href=&quot;http://www.holderdeord.no/parliament-issues/48650&quot;&gt;kun
partinene Høyre og Arbeiderpartiet&lt;/a&gt; som stemte for
Datalagringsdirektivet, og en av dem må bytte mening for at det skal
bli flertall mot i Stortinget.  Se mer om saken
&lt;a href=&quot;http://www.holderdeord.no/issues/69-innfore-datalagringsdirektivet&quot;&gt;Holder
de ord&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>ReactOS Windows clone - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html</guid>
                <pubDate>Tue, 1 Apr 2014 12:10:00 +0200</pubDate>
                <description>&lt;p&gt;Microsoft have announced that Windows XP reaches its end of life
2014-04-08, in 7 days.  But there are heaps of machines still running
Windows XP, and depending on Windows XP to run their applications, and
upgrading will be expensive, both when it comes to money and when it
comes to the amount of effort needed to migrate from Windows XP to a
new operating system.  Some obvious options (buy new a Windows
machine, buy a MacOSX machine, install Linux on the existing machine)
are already well known and covered elsewhere.  Most of them involve
leaving the user applications installed on Windows XP behind and
trying out replacements or updated versions. In this blog post I want
to mention one strange bird that allow people to keep the hardware and
the existing Windows XP applications and run them on a free software
operating system that is Windows XP compatible.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.reactos.org/&quot;&gt;ReactOS&lt;/a&gt; is a free software
operating system (GNU GPL licensed) working on providing a operating
system that is binary compatible with Windows, able to run windows
programs directly and to use Windows drivers for hardware directly.
The project goal is for Windows user to keep their existing machines,
drivers and software, and gain the advantages from user a operating
system without usage limitations caused by non-free licensing.  It is
a Windows clone running directly on the hardware, so quite different
from the approach taken by &lt;a href=&quot;http://www.winehq.org/&quot;&gt;the Wine
project&lt;/a&gt;, which make it possible to run Windows binaries on
Linux.&lt;/p&gt;

&lt;p&gt;The ReactOS project share code with the Wine project, so most
shared libraries available on Windows are already implemented already.
There is also a software manager like the one we are used to on Linux,
allowing the user to install free software applications with a simple
click directly from the Internet.  Check out the
&lt;a href=&quot;http://www.reactos.org/screenshots&quot;&gt;screen shots on the
project web site&lt;/a&gt; for an idea what it look like (it looks just like
Windows before metro).&lt;/p&gt;

&lt;p&gt;I do not use ReactOS myself, preferring Linux and Unix like
operating systems.  I&#39;ve tested it, and it work fine in a virt-manager
virtual machine.  The browser, minesweeper, notepad etc is working
fine as far as I can tell.  Unfortunately, my main test application
is the software included on a CD with the Lego Mindstorms NXT, which
seem to install just fine from CD but fail to leave any binaries on
the disk after the installation.  So no luck with that test software.
No idea why, but hope someone else figure out and fix the problem.
I&#39;ve tried the ReactOS Live ISO on a physical machine, and it seemed
to work just fine.  If you like Windows and want to keep running your
old Windows binaries, check it out by
&lt;a href=&quot;http://www.reactos.org/download&quot;&gt;downloading&lt;/a&gt; the
installation CD, the live CD or the preinstalled virtual machine
image.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian Edu interview: Roger Marsal</title>
                <link>http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html</guid>
                <pubDate>Sun, 30 Mar 2014 11:40:00 +0200</pubDate>
                <description>&lt;p&gt;&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu / Skolelinux&lt;/a&gt;
keep gaining new users.  Some weeks ago, a person showed up on IRC,
&lt;a href=&quot;irc://irc.debian.org/#debian-edu&quot;&gt;#debian-edu&lt;/a&gt;, with a
wish to contribute, and I managed to get a interview with this great
contributor Roger Marsal to learn more about his background.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Who are you, and how do you spend your days?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;My name is Roger Marsal, I&#39;m 27 years old (1986 generation) and I
live in Barcelona, Spain. I&#39;ve got a strong business background and I
work as a patrimony manager and as a real estate agent.  Additionally,
I&#39;ve co-founded a British based tech company that is nowadays on the
last development phase of a new social networking concept.&lt;/p&gt;

&lt;p&gt;I&#39;m a Linux enthusiast that started its journey with Ubuntu four years
ago and have recently switched to Debian seeking rock solid stability
and as a necessary step to gain expertise.&lt;/p&gt;

&lt;p&gt;In a nutshell, I spend my days working and learning as much as I
can to face both my job, entrepreneur project and feed my Linux
hunger.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How did you get in contact with the Skolelinux / Debian Edu
project?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I discovered the &lt;a href=&quot;http://www.ltsp.org/&quot;&gt;LTSP&lt;/a&gt; advantages
with &quot;Ubuntu 12.04 alternate install&quot; and after a year of use I
started looking for an alternative.  Even though I highly value and
respect the Ubuntu project, I thought it was necessary for me to
change to a more robust and stable alternative.  As far as I was using
Debian on my personal laptop I thought it would be fine to install
Debian and configure an LTSP server myself.  Surprised, I discovered
that the Debian project also supported a kind of Edubuntu equivalent,
and after having some pain I obtained a Debian Edu network up and
running.  I just loved it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What do you see as the advantages of Skolelinux / Debian
Edu?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I found a main advantage in that, once you know &quot;the tips and
tricks&quot;, a new installation just works out of the box. It&#39;s the most
complete alternative I&#39;ve found to create an LTSP network. All the
other distributions seems to be made of plastic, Debian Edu seems to
be made of steel.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What do you see as the disadvantages of Skolelinux / Debian
Edu?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I found two main disadvantages.&lt;/p&gt;

&lt;p&gt;I&#39;m not an expert but I&#39;ve got notions and I had to spent a considerable
amount of time trying to bring up a standard network topology. I&#39;m quite
stubborn and I just worked until I did but I&#39;m sure many people with few
resources (not big schools, but academies for example) would have switched
or dropped.&lt;/p&gt;

&lt;p&gt;It&#39;s amazing how such a complex system like Debian Edu has achieved
this out-of-the-box state. Even though tweaking without breaking gets
more difficult, as more factors have to be considered. This can
discourage many people too.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Which free software do you use daily?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I use Debian, Firefox, Okular, Inkscape, LibreOffice and
Virtualbox.&lt;/p&gt;


&lt;p&gt;&lt;strong&gt;Which strategy do you believe is the right one to use to
get schools to use free software?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I don&#39;t think there is a need for a particular strategy. The free
attribute in both &quot;freedom&quot; and &quot;no price&quot; meanings is what will
really bring free software to schools. In my experience I can think of
the &lt;a href=&quot;http://www.r-project.org/&quot;&gt;&quot;R&quot; statistical language&lt;/a&gt;; a
few years a ago was an extremely nerd tool for university people.
Today it&#39;s being increasingly used to teach statistics at many
different level of studies.  I believe free and open software will
increasingly gain popularity, but I&#39;m sure schools will be one of the
first scenarios where this will happen.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Dokumentaren om Datalagringsdirektivet sendes endelig på NRK</title>
                <link>http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html</guid>
                <pubDate>Wed, 26 Mar 2014 09:50:00 +0100</pubDate>
                <description>&lt;p&gt;&lt;a href=&quot;http://www.nuug.no/&quot;&gt;Foreningen NUUG&lt;/a&gt; melder i natt at
NRK nå har bestemt seg for
&lt;a href=&quot;http://www.nuug.no/news/NRK_viser_filmen_om_Datalagringsdirektivet_f_rste_gang_2014_03_31.shtml&quot;&gt;når
den norske dokumentarfilmen om datalagringsdirektivet skal
sendes&lt;/a&gt; (se &lt;a href=&quot;http://www.imdb.com/title/tt2832844/&quot;&gt;IMDB&lt;/a&gt;
for detaljer om filmen) . Første visning blir på NRK2 mandag
2014-03-31 kl. 19:50, og deretter visninger onsdag 2014-04-02
kl. 12:30, fredag 2014-04-04 kl. 19:40 og søndag 2014-04-06 kl. 15:10.
Jeg har sett dokumentaren, og jeg anbefaler enhver å se den selv.  Som
oppvarming mens vi venter anbefaler jeg Bjørn Stærks kronikk i
Aftenposten fra i går,
&lt;a href=&quot;http://www.aftenposten.no/meninger/kronikker/Autoritar-gjokunge-7514915.html&quot;&gt;Autoritær
gjøkunge&lt;/a&gt;, der han gir en grei skisse av hvor ille det står til med
retten til privatliv og beskyttelsen av demokrati i Norge og resten
verden, og helt riktig slår fast at det er vi i databransjen som
sitter med nøkkelen til å gjøre noe med dette.  Jeg har involvert meg
i prosjektene &lt;a href=&quot;http://www.dugnadsnett.no/&quot;&gt;dugnadsnett.no&lt;/a&gt;
og &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;FreedomBox&lt;/a&gt; for å
forsøke å gjøre litt selv for å bedre situasjonen, men det er mye
hardt arbeid fra mange flere enn meg som gjenstår før vi kan sies å ha
gjenopprettet balansen.&lt;/p&gt;

&lt;p&gt;Jeg regner med at nettutgaven dukker opp på
&lt;a href=&quot;http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet&quot;&gt;NRKs
side om filmen om datalagringsdirektivet&lt;/a&gt; om fem dager.  Hold et
øye med siden, og tips venner og slekt om at de også bør se den.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Public Trusted Timestamping services for everyone</title>
                <link>http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</guid>
                <pubDate>Tue, 25 Mar 2014 12:50:00 +0100</pubDate>
                <description>&lt;p&gt;Did you ever need to store logs or other files in a way that would
allow it to be used as evidence in court, and needed a way to
demonstrate without reasonable doubt that the file had not been
changed since it was created?  Or, did you ever need to document that
a given document was received at some point in time, like some
archived document or the answer to an exam, and not changed after it
was received?  The problem in these settings is to remove the need to
trust yourself and your computers, while still being able to prove
that a file is the same as it was at some given time in the past.&lt;/p&gt;

&lt;p&gt;A solution to these problems is to have a trusted third party
&quot;stamp&quot; the document and verify that at some given time the document
looked a given way.  Such
&lt;a href=&quot;https://en.wikipedia.org/wiki/Notarius&quot;&gt;notarius&lt;/a&gt; service
have been around for thousands of years, and its digital equivalent is
called a
&lt;a href=&quot;http://en.wikipedia.org/wiki/Trusted_timestamping&quot;&gt;trusted
timestamping service&lt;/a&gt;.  &lt;a href=&quot;http://www.ietf.org/&quot;&gt;The Internet
Engineering Task Force&lt;/a&gt; standardised how such service could work a
few years ago as &lt;a href=&quot;http://tools.ietf.org/html/rfc3161&quot;&gt;RFC
3161&lt;/a&gt;.  The mechanism is simple.  Create a hash of the file in
question, send it to a trusted third party which add a time stamp to
the hash and sign the result with its private key, and send back the
signed hash + timestamp.  Both email, FTP and HTTP can be used to
request such signature, depending on what is provided by the service
used. Anyone with the document and the signature can then verify that
the document matches the signature by creating their own hash and
checking the signature using the trusted third party public key.
There are several commercial services around providing such
timestamping.  A quick search for
&quot;&lt;a href=&quot;https://duckduckgo.com/?q=rfc+3161+service&quot;&gt;rfc 3161
service&lt;/a&gt;&quot; pointed me to at least
&lt;a href=&quot;https://www.digistamp.com/technical/how-a-digital-time-stamp-works/&quot;&gt;DigiStamp&lt;/a&gt;,
&lt;a href=&quot;http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx&quot;&gt;Quo
Vadis&lt;/a&gt;,
&lt;a href=&quot;https://www.globalsign.com/timestamp-service/&quot;&gt;Global Sign&lt;/a&gt;
and &lt;a href=&quot;http://www.globaltrustfinder.com/TSADefault.aspx&quot;&gt;Global
Trust Finder&lt;/a&gt;.  The system work as long as the private key of the
trusted third party is not compromised.&lt;/p&gt;

&lt;p&gt;But as far as I can tell, there are very few public trusted
timestamp services available for everyone.  I&#39;ve been looking for one
for a while now. But yesterday I found one over at
&lt;a href=&quot;https://www.pki.dfn.de/zeitstempeldienst/&quot;&gt;Deutches
Forschungsnetz&lt;/a&gt; mentioned in
&lt;a href=&quot;http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/&quot;&gt;a
blog by David Müller&lt;/a&gt;.  I then found
&lt;a href=&quot;http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html&quot;&gt;a
good recipe on how to use the service&lt;/a&gt; over at the University of
Greifswald.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.openssl.org/&quot;&gt;The OpenSSL library&lt;/a&gt; contain
both server and tools to use and set up your own signing service.  See
the ts(1SSL), tsget(1SSL) manual pages for more details.  The
following shell script demonstrate how to extract a signed timestamp
for any file on the disk in a Debian environment:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
set -e
url=&quot;http://zeitstempel.dfn.de&quot;
caurl=&quot;https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt&quot;
reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
cafile=chain.txt
if [ ! -f $cafile ] ; then
    wget -O $cafile &quot;$caurl&quot;
fi
openssl ts -query -data &quot;$1&quot; -cert | tee &quot;$reqfile&quot; \
    | /usr/lib/ssl/misc/tsget -h &quot;$url&quot; -o &quot;$resfile&quot;
openssl ts -reply -in &quot;$resfile&quot; -text 1&gt;&amp;2
openssl ts -verify -data &quot;$1&quot; -in &quot;$resfile&quot; -CAfile &quot;$cafile&quot; 1&gt;&amp;2
base64 &lt; &quot;$resfile&quot;
rm &quot;$reqfile&quot; &quot;$resfile&quot;
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The argument to the script is the file to timestamp, and the output
is a base64 encoded version of the signature to STDOUT and details
about the signature to STDERR.  Note that due to
&lt;a href=&quot;http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553&quot;&gt;a bug
in the tsget script&lt;/a&gt;, you might need to modify the included script
and remove the last line.  Or just write your own HTTP uploader using
curl. :) Now you too can prove and verify that files have not been
changed.&lt;/p&gt;

&lt;p&gt;But the Internet need more public trusted timestamp services.
Perhaps something for &lt;a href=&quot;http://www.uninett.no/&quot;&gt;Uninett&lt;/a&gt; or
my work place the &lt;a href=&quot;http://www.uio.no/&quot;&gt;University of Oslo&lt;/a&gt;
to set up?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Video DVD reader library / python-dvdvideo - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</guid>
                <pubDate>Fri, 21 Mar 2014 15:25:00 +0100</pubDate>
                <description>&lt;p&gt;Keeping your DVD collection safe from scratches and curious
children fingers while still having it available when you want to see a
movie is not straight forward.  My preferred method at the moment is
to store a full copy of the ISO on a hard drive, and use VLC, Popcorn
Hour or other useful players to view the resulting file.  This way the
subtitles and bonus material are still available and using the ISO is
just like inserting the original DVD record in the DVD player.&lt;/p&gt;

&lt;p&gt;Earlier I used dd for taking security copies, but it do not handle
DVDs giving read errors (which are quite a few of them).  I&#39;ve also
tried using
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Ripping_problematic_DVDs_using_dvdbackup_and_genisoimage.html&quot;&gt;dvdbackup
and genisoimage&lt;/a&gt;, but these days I use the marvellous python library
and program
&lt;a href=&quot;http://bblank.thinkmo.de/blog/new-software-python-dvdvideo&quot;&gt;python-dvdvideo&lt;/a&gt;
written by Bastian Blank.  It is
&lt;a href=&quot;http://packages.qa.debian.org/p/python-dvdvideo.html&quot;&gt;in Debian
already&lt;/a&gt; and the binary package name is python3-dvdvideo. Instead
of trying to read every block from the DVD, it parses the file
structure and figure out which block on the DVD is actually in used,
and only read those blocks from the DVD.  This work surprisingly well,
and I have been able to almost backup my entire DVD collection using
this method.&lt;/p&gt;

&lt;p&gt;So far, python-dvdvideo have failed on between 10 and
20 DVDs, which is a small fraction of my collection.  The most common
problem is
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831&quot;&gt;DVDs
using UTF-16 instead of UTF-8 characters&lt;/a&gt;, which according to
Bastian is against the DVD specification (and seem to cause some
players to fail too).  A rarer problem is what seem to be inconsistent
DVD structures, as the python library
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723079&quot;&gt;claim
there is a overlap between objects&lt;/a&gt;.  An equally rare problem claim
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741878&quot;&gt;some
value is out of range&lt;/a&gt;.  No idea what is going on there.  I wish I
knew enough about the DVD format to fix these, to ensure my movie
collection will stay with me in the future.&lt;/p&gt;

&lt;p&gt;So, if you need to keep your DVDs safe, back them up using
python-dvdvideo. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Norsk utgave av Alaveteli / WhatDoTheyKnow på trappene</title>
                <link>http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Norsk_utgave_av_Alaveteli___WhatDoTheyKnow_p__trappene.html</guid>
                <pubDate>Sun, 16 Mar 2014 09:30:00 +0100</pubDate>
                <description>&lt;p&gt;Det offentlige Norge har mye kunnskap og informasjon.  Men hvordan
kan en få tilgang til den på en enkel måte?  Takket være et lite
knippe lover og tilhørende forskrifter, blant annet
&lt;a href=&quot;http://lovdata.no/dokument/NL/lov/2006-05-19-16&quot;&gt;offentlighetsloven&lt;/a&gt;,
&lt;a href=&quot;http://lovdata.no/dokument/NL/lov/2003-05-09-31&quot;&gt;miljøinformasjonsloven&lt;/a&gt;
og
&lt;a href=&quot;http://lovdata.no/dokument/NL/lov/1967-02-10/&quot;&gt;forvaltningsloven&lt;/a&gt;
har en rett til å spørre det offentlige og få svar.  Men det finnes
intet offentlig arkiv over hva andre har spurt om, og dermed risikerer en
å måtte forstyrre myndighetene gang på gang for å få tak i samme
informasjonen på nytt.  &lt;a href=&quot;http://www.mysociety.org/&quot;&gt;Britiske
mySociety&lt;/a&gt; har laget tjenesten
&lt;a href=&quot;http://www.whatdotheyknow.com/&quot;&gt;WhatDoTheyKnow&lt;/a&gt; som gjør
noe med dette.  I Storbritannia blir WhatdoTheyKnow brukt i
&lt;a href=&quot;http://www.mysociety.org/2011/07/01/whatdotheyknows-share-of-central-government-foi-requests-q2-2011/&quot;&gt;ca
15% av alle innsynsforespørsler mot sentraladministrasjonen&lt;/a&gt;.
Prosjektet heter &lt;a href=&quot;http://www.alaveteli.org/&quot;&gt;Alaveteli&lt;/A&gt;, og
er takk i bruk en rekke steder etter at løsningen ble generalisert og
gjort mulig å oversette.  Den hjelper borgerne med å be om innsyn,
rådgir ved purringer og klager og lar alle se hvilke henvendelser som
er sendt til det offentlige og hvilke svar som er kommet inn, i et
søkpart arkiv.  Her i Norge holder vi i foreningen NUUG på å få opp en
norsk utgave av Alaveteli, og her trenger vi din hjelp med
oversettelsen.&lt;/p&gt;

&lt;p&gt;Så langt er 76 % av Alaveteli oversatt til norsk bokmål, men vi
skulle gjerne vært oppe i 100 % før lansering.  Oversettelsen gjøres
på &lt;a href=&quot;https://www.transifex.com/projects/p/alaveteli/&quot;&gt;Transifex,
der enhver som registrerer seg&lt;/a&gt; og ber om tilgang til
bokmålsoversettelsen får bidra.  Vi har satt opp en test av tjenesten
(som ikke sender epost til det offentlige, kun til oss som holder på å
sette opp tjenesten) på maskinen
&lt;a href=&quot;http://alaveteli-dev.nuug.no/&quot;&gt;alaveteli-dev.nuug.no&lt;/a&gt;, der
en kan se hvordan de oversatte meldingen blir seende ut på nettsiden.
Når tjenesten lanseres vil den hete
&lt;a href=&quot;https://www.mimesbrønn.no/&quot;&gt;Mimes brønn&lt;/a&gt;, etter
visdomskilden som Odin måtte gi øyet sitt for å få drikke i.  Den
nettsiden er er ennå ikke klar til bruk.&lt;/p&gt;

&lt;p&gt;Hvis noen vil oversette til nynorsk også, så skal vi finne ut
hvordan vi lager en flerspråklig tjeneste.  Men i første omgang er
fokus på bokmålsoversettelsen, der vi selv har nok peiling til å ha
fått oversatt 76%, men trenger hjelp for å komme helt i mål. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine</title>
                <link>http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</guid>
                <pubDate>Fri, 14 Mar 2014 11:00:00 +0100</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox
project&lt;/a&gt; is working on providing the software and hardware for
making it easy for non-technical people to host their data and
communication at home, and being able to communicate with their
friends and family encrypted and away from prying eyes.  It has been
going on for a while, and is slowly progressing towards a new test
release (0.2).&lt;/p&gt;

&lt;p&gt;And what day could be better than the Pi day to announce that the
new version will provide &quot;hard drive&quot; / SD card / USB stick images for
Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization
system), and can also be installed using a Debian installer preseed
file.  The Debian based Freedombox is now based on Debian Jessie,
where most of the needed packages used are already present.  Only one,
the freedombox-setup package, is missing.  To try to build your own
boot image to test the current status, fetch the freedom-maker scripts
and build using
&lt;a href=&quot;http://packages.qa.debian.org/vmdebootstrap&quot;&gt;vmdebootstrap&lt;/a&gt;
with a user with sudo access to become root:

&lt;pre&gt;
git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
  freedom-maker
sudo apt-get install git vmdebootstrap mercurial python-docutils \
  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
  u-boot-tools
make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
&lt;/pre&gt;

&lt;p&gt;Root access is needed to run debootstrap and mount loopback
devices.  See the README for more details on the build. If you do not
want all three images, trim the make line.  But note that thanks to &lt;a
href=&quot;https://bugs.debian.org/741407&quot;&gt;a race condition in
vmdebootstrap&lt;/a&gt;, the build might fail without the patch to the
kpartx call.&lt;/p&gt;

&lt;p&gt;If you instead want to install using a Debian CD and the preseed
method, boot a Debian Wheezy ISO and use this boot argument to load
the preseed values:&lt;/p&gt;

&lt;pre&gt;
url=&lt;a href=&quot;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&quot;&gt;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&lt;/a&gt;
&lt;/pre&gt;

&lt;p&gt;But note that due to &lt;a href=&quot;https://bugs.debian.org/740673&quot;&gt;a
recently introduced bug in apt in Jessie&lt;/a&gt;, the installer will
currently hang while setting up APT sources.  Killing the
&#39;&lt;tt&gt;apt-cdrom ident&lt;/tt&gt;&#39; process when it hang a few times during the
installation will get the installation going.  This affect all
installations in Jessie, and I expect it will be fixed soon.&lt;/p&gt;

&lt;p&gt;Give it a go and let us know how it goes on the mailing list, and help
us get the new release published. :) Please join us on
&lt;a href=&quot;irc://irc.debian.org:6667/%23freedombox&quot;&gt;IRC (#freedombox on
irc.debian.org)&lt;/a&gt; and
&lt;a href=&quot;http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss&quot;&gt;the
mailing list&lt;/a&gt; if you want to help make this vision come true.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to add extra storage servers in Debian Edu / Skolelinux</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_add_extra_storage_servers_in_Debian_Edu___Skolelinux.html</guid>
                <pubDate>Wed, 12 Mar 2014 12:50:00 +0100</pubDate>
                <description>&lt;p&gt;On larger sites, it is useful to use a dedicated storage server for
storing user home directories and data.  The design for handling this
in &lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu / Skolelinux&lt;/a&gt;, is
to update the automount rules in LDAP and let the automount daemon on
the clients take care of the rest.  I was reminded about the need to
document this better when one of the customers of
&lt;a href=&quot;http://www.slxdrift.no/&quot;&gt;Skolelinux Drift AS&lt;/a&gt;, where I am
on the board of directors, asked about how to do this.  The steps to
get this working are the following:&lt;/p&gt;

&lt;p&gt;&lt;ol&gt;

&lt;li&gt;Add new storage server in DNS.  I use nas-server.intern as the
example host here.&lt;/li&gt;

&lt;li&gt;Add automoun LDAP information about this server in LDAP, to allow
all clients to automatically mount it on reqeust.&lt;/li&gt;

&lt;li&gt;Add the relevant entries in tjener.intern:/etc/fstab, because
tjener.intern do not use automount to avoid mounting loops.&lt;/li&gt;

&lt;/ol&gt;&lt;/p&gt;

&lt;p&gt;DNS entries are added in GOsa², and not described here.  Follow the
&lt;a href=&quot;https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted&quot;&gt;instructions
in the manual&lt;/a&gt; (Machine Management with GOsa² in section Getting
started).&lt;/p&gt;

&lt;p&gt;Ensure that the NFS export points on the server are exported to the
relevant subnets or machines:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
root@tjener:~# showmount -e nas-server
Export list for nas-server:
/storage         10.0.0.0/8
root@tjener:~#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Here everything on the backbone network is granted access to the
/storage export.  With NFSv3 it is slightly better to limit it to
netgroup membership or single IP addresses to have some limits on the
NFS access.&lt;/p&gt;

&lt;p&gt;The next step is to update LDAP.  This can not be done using GOsa²,
because it lack a module for automount.  Instead, use ldapvi and add
the required LDAP objects using an editor.&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
ldapvi --ldap-conf -ZD &#39;(cn=admin)&#39; -b ou=automount,dc=skole,dc=skolelinux,dc=no
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;When the editor show up, add the following LDAP objects at the
bottom of the document.  The &quot;/&amp;&quot; part in the last LDAP object is a
wild card matching everything the nas-server exports, removing the
need to list individual mount points in LDAP.&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
objectClass: automount
cn: nas-server
automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no

add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: automountMap
ou: auto.nas-server

add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
objectClass: automount
cn: /
automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&amp;
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The last step to remember is to mount the relevant mount points in
tjener.intern by adding them to /etc/fstab, creating the mount
directories using mkdir and running &quot;mount -a&quot; to mount them.&lt;/p&gt;

&lt;p&gt;When this is done, your users should be able to access the files on
the storage server directly by just visiting the
/tjener/nas-server/storage/ directory using any application on any
workstation, LTSP client or LTSP server.&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>