Generated.

[homepage.git] / blog / index.rss

<?xml version="1.0" encoding="utf-8"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/' xmlns:atom="http://www.w3.org/2005/Atom">
        <channel>
                <title>Petter Reinholdtsen</title>
                <description></description>
                <link>http://people.skolelinux.org/pere/blog/</link>
                <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
                <title>Install hardware dependent packages using tasksel (Isenkram 0.7)</title>
                <link>http://people.skolelinux.org/pere/blog/Install_hardware_dependent_packages_using_tasksel__Isenkram_0_7_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Install_hardware_dependent_packages_using_tasksel__Isenkram_0_7_.html</guid>
                <pubDate>Wed, 23 Apr 2014 14:50:00 +0200</pubDate>
                <description>&lt;p&gt;It would be nice if it was easier in Debian to get all the hardware
related packages relevant for the computer installed automatically.
So I implemented one, using
&lt;a href=&quot;http://packages.qa.debian.org/isenkram&quot;&gt;my Isenkram
package&lt;/a&gt;.  To use it, install the tasksel and isenkram packages and
run tasksel as user root.  You should be presented with a new option,
&quot;Hardware specific packages (autodetected by isenkram)&quot;.  When you
select it, tasksel will install the packages isenkram claim is fit for
the current hardware, hot pluggable or not.&lt;p&gt;

&lt;p&gt;The implementation is in two files, one is the tasksel menu entry
description, and the other is the script used to extract the list of
packages to install.  The first part is in
&lt;tt&gt;/usr/share/tasksel/descs/isenkram.desc&lt;/tt&gt; and look like
this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
Task: isenkram
Section: hardware
Description: Hardware specific packages (autodetected by isenkram)
 Based on the detected hardware various hardware specific packages are
 proposed.
Test-new-install: mark show
Relevance: 8
Packages: for-current-hardware
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The second part is in
&lt;tt&gt;/usr/lib/tasksel/packages/for-current-hardware&lt;/tt&gt; and look like
this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
#
(
    isenkram-lookup
    isenkram-autoinstall-firmware -l
) | sort -u
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;All in all, a very short and simple implementation making it
trivial to install the hardware dependent package we all may want to
have installed on our machines.  I&#39;ve not been able to find a way to
get tasksel to tell you exactly which packages it plan to install
before doing the installation.  So if you are curious or careful,
check the output from the isenkram-* command line tools first.&lt;/p&gt;

&lt;p&gt;The information about which packages are handling which hardware is
fetched either from the isenkram package itself in
/usr/share/isenkram/, from git.debian.org or from the APT package
database (using the Modaliases header).  The APT package database
parsing have caused a nasty resource leak in the isenkram daemon (bugs
&lt;a href=&quot;http://bugs.debian.org/719837&quot;&gt;#719837&lt;/a&gt; and
&lt;a href=&quot;http://bugs.debian.org/730704&quot;&gt;#730704&lt;/a&gt;).  The cause is in
the python-apt code (bug
&lt;a href=&quot;http://bugs.debian.org/745487&quot;&gt;#745487&lt;/a&gt;), but using a
workaround I was able to get rid of the file descriptor leak and
reduce the memory leak from ~30 MiB per hardware detection down to
around 2 miB per hardware detection.  It should make the desktop
daemon a lot more useful.  The fix is in version 0.7 uploaded to
unstable today.&lt;/p&gt;

&lt;p&gt;I believe the current way of mapping hardware to packages in
Isenkram is is a good draft, but in the future I expect isenkram to
use the AppStream data source for this.  A proposal for getting proper
AppStream support into Debian is floating around as
&lt;a href=&quot;https://wiki.debian.org/DEP-11&quot;&gt;DEP-11&lt;/a&gt;, and
&lt;a href=&quot;https://wiki.debian.org/SummerOfCode2014/Projects#SummerOfCode2014.2FProjects.2FAppStreamDEP11Implementation.AppStream.2FDEP-11_for_the_Debian_Archive&quot;&gt;GSoC
project&lt;/a&gt; will take place this summer to improve the situation.  I
look forward to seeing the result, and welcome patches for isenkram to
start using the information when it is ready.&lt;/p&gt;

&lt;p&gt;If you want your package to map to some specific hardware, either
add a &quot;Xb-Modaliases&quot; header to your control file like I did in
&lt;a href=&quot;http://packages.qa.debian.org/pymissile&quot;&gt;the pymissile
package&lt;/a&gt; or submit a bug report with the details to the isenkram
package.  See also
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/tags/isenkram/&quot;&gt;all my
blog posts tagged isenkram&lt;/a&gt; for details on the notation.  I expect
the information will be migrated to AppStream eventually, but for the
moment I got no better place to store it.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>FreedomBox milestone - all packages now in Debian Sid</title>
                <link>http://people.skolelinux.org/pere/blog/FreedomBox_milestone___all_packages_now_in_Debian_Sid.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/FreedomBox_milestone___all_packages_now_in_Debian_Sid.html</guid>
                <pubDate>Tue, 15 Apr 2014 22:10:00 +0200</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox
project&lt;/a&gt; is working on providing the software and hardware to make
it easy for non-technical people to host their data and communication
at home, and being able to communicate with their friends and family
encrypted and away from prying eyes.  It is still going strong, and
today a major mile stone was reached.&lt;/p&gt;

&lt;p&gt;Today, the last of the packages currently used by the project to
created the system images were accepted into Debian Unstable.  It was
the freedombox-setup package, which is used to configure the images
during build and on the first boot.  Now all one need to get going is
the build code from the freedom-maker git repository and packages from
Debian.  And once the freedombox-setup package enter testing, we can
build everything directly from Debian. :)&lt;/p&gt;

&lt;p&gt;Some key packages used by Freedombox are
&lt;a href=&quot;http://packages.qa.debian.org/freedombox-setup&quot;&gt;freedombox-setup&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/plinth&quot;&gt;plinth&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/pagekite&quot;&gt;pagekite&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/tor&quot;&gt;tor&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/privoxy&quot;&gt;privoxy&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/owncloud&quot;&gt;owncloud&lt;/a&gt; and
&lt;a href=&quot;http://packages.qa.debian.org/dnsmasq&quot;&gt;dnsmasq&lt;/a&gt;.  There
are plans to integrate more packages into the setup.  User
documentation is maintained on the Debian wiki.  Please
&lt;a href=&quot;https://wiki.debian.org/FreedomBox/Manual/Jessie&quot;&gt;check out
the manual&lt;/a&gt; and help us improve it.&lt;/p&gt;

&lt;p&gt;To test for yourself and create boot images with the FreedomBox
setup, run this on a Debian machine using a user with sudo rights to
become root:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
sudo apt-get install git vmdebootstrap mercurial python-docutils \
  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
  u-boot-tools
git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
  freedom-maker
make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;Root access is needed to run debootstrap and mount loopback
devices.  See the README in the freedom-maker git repo for more
details on the build.  If you do not want all three images, trim the
make line.  Note that the virtualbox-image target is not really
virtualbox specific.  It create a x86 image usable in kvm, qemu,
vmware and any other x86 virtual machine environment.  You might need
the version of vmdebootstrap in Jessie to get the build working, as it
include fixes for a race condition with kpartx.&lt;/p&gt;

&lt;p&gt;If you instead want to install using a Debian CD and the preseed
method, boot a Debian Wheezy ISO and use this boot argument to load
the preseed values:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
url=&lt;a href=&quot;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&quot;&gt;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&lt;/a&gt;
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;I have not tested it myself the last few weeks, so I do not know if
it still work.&lt;/p&gt;

&lt;p&gt;If you wonder how to help, one task you could look at is using
systemd as the boot system.  It will become the default for Linux in
Jessie, so we need to make sure it is usable on the Freedombox.  I did
a simple test a few weeks ago, and noticed dnsmasq failed to start
during boot when using systemd.  I suspect there are other problems
too. :) To detect problems, there is a test suite included, which can
be run from the plinth web interface.&lt;/p&gt;

&lt;p&gt;Give it a go and let us know how it goes on the mailing list, and help
us get the new release published. :) Please join us on
&lt;a href=&quot;irc://irc.debian.org:6667/%23freedombox&quot;&gt;IRC (#freedombox on
irc.debian.org)&lt;/a&gt; and
&lt;a href=&quot;http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss&quot;&gt;the
mailing list&lt;/a&gt; if you want to help make this vision come true.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Språkkoder for POSIX locale i Norge</title>
                <link>http://people.skolelinux.org/pere/blog/Spr_kkoder_for_POSIX_locale_i_Norge.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Spr_kkoder_for_POSIX_locale_i_Norge.html</guid>
                <pubDate>Fri, 11 Apr 2014 21:30:00 +0200</pubDate>
                <description>&lt;p&gt;For 12 år siden, skrev jeg et lite notat om
&lt;a href=&quot;http://i18n.skolelinux.no/localekoder.txt&quot;&gt;bruk av språkkoder
i Norge&lt;/a&gt;.  Jeg ble nettopp minnet på dette da jeg fikk spørsmål om
notatet fortsatt var aktuelt, og tenkte det var greit å repetere hva
som fortsatt gjelder.  Det jeg skrev da er fortsatt like aktuelt.&lt;/p&gt;

&lt;p&gt;Når en velger språk i programmer på unix, så velger en blant mange
språkkoder.  For språk i Norge anbefales følgende språkkoder (anbefalt
locale i parantes):&lt;/p&gt;

&lt;p&gt;&lt;dl&gt;
&lt;dt&gt;nb (nb_NO)&lt;/dt&gt;&lt;dd&gt;Bokmål i Norge&lt;/dd&gt;
&lt;dt&gt;nn (nn_NO)&lt;/dt&gt;&lt;dd&gt;Nynorsk i Norge&lt;/dd&gt;
&lt;dt&gt;se (se_NO)&lt;/dt&gt;&lt;dd&gt;Nordsamisk i Norge&lt;/dd&gt;
&lt;/dl&gt;&lt;/p&gt;

&lt;p&gt;Alle programmer som bruker andre koder bør endres.&lt;/p&gt;

&lt;p&gt;Språkkoden bør brukes når .po-filer navngis og installeres.  Dette
er ikke det samme som locale-koden.  For Norsk Bokmål, så bør filene
være navngitt nb.po, mens locale (LANG) bør være nb_NO.&lt;/p&gt;

&lt;p&gt;Hvis vi ikke får standardisert de kodene i alle programmene med
norske oversettelser, så er det umulig å gi LANG-variablen ett innhold
som fungerer for alle programmer.&lt;/p&gt;

&lt;p&gt;Språkkodene er de offisielle kodene fra ISO 639, og bruken av dem i
forbindelse med POSIX localer er standardisert i RFC 3066 og ISO
15897.  Denne anbefalingen er i tråd med de angitte standardene.&lt;/p&gt;

&lt;p&gt;Følgende koder er eller har vært i bruk som locale-verdier for
&quot;norske&quot; språk.  Disse bør unngås, og erstattes når de oppdages:&lt;/p&gt;

&lt;p&gt;&lt;table&gt;
&lt;tr&gt;&lt;td&gt;norwegian&lt;/td&gt;&lt;td&gt;-&gt; nb_NO&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;bokmål   &lt;/td&gt;&lt;td&gt;-&gt; nb_NO&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;bokmal   &lt;/td&gt;&lt;td&gt;-&gt; nb_NO&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;nynorsk  &lt;/td&gt;&lt;td&gt;-&gt; nn_NO&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;no       &lt;/td&gt;&lt;td&gt;-&gt; nb_NO&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;no_NO    &lt;/td&gt;&lt;td&gt;-&gt; nb_NO&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;no_NY    &lt;/td&gt;&lt;td&gt;-&gt; nn_NO&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;sme_NO   &lt;/td&gt;&lt;td&gt;-&gt; se_NO&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;&lt;/p&gt;

&lt;p&gt;Merk at når det gjelder de samiske språkene, at se_NO i praksis
henviser til nordsamisk i Norge, mens f.eks.  smj_NO henviser til
lulesamisk.  Dette notatet er dog ikke ment å gi råd rundt samiske
språkkoder, der gjør
&lt;a href=&quot;http://www.divvun.no/&quot;&gt;Divvun-prosjektet&lt;/a&gt; en bedre
jobb.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Referanser:&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;

  &lt;li&gt;&lt;a href=&quot;http://www.rfc-base.org/rfc-3066.html&quot;&gt;RFC 3066 - Tags
    for the Identification of Languages&lt;/a&gt; (Erstatter RFC 1766)&lt;/li&gt;
   
  &lt;li&gt;&lt;a href=&quot;http://www.loc.gov/standards/iso639-2/langcodes.html&quot;&gt;ISO
    639&lt;/a&gt; - Codes for the Representation of Names of Languages&lt;/li&gt;

  &lt;li&gt;&lt;a href=&quot;http://std.dkuug.dk/jtc1/sc22/wg20/docs/n897-14652w25.pdf&quot;&gt;ISO
    DTR 14652&lt;/a&gt; - locale-standard Specification method for cultural
    conventions&lt;/li&gt;
 
  &lt;li&gt;&lt;a href=&quot;http://std.dkuug.dk/jtc1/sc22/wg20/docs/n610.pdf&quot;&gt;ISO
    15897: Registration procedures for cultural elements (cultural
    registry)&lt;/a&gt;,
    &lt;a href=&quot;http://std.dkuug.dk/jtc1/sc22/wg20/docs/n849-15897wd6.pdf&quot;&gt;(nytt
    draft)&lt;/a&gt;&lt;/li&gt;

  &lt;li&gt;&lt;a href=&quot;http://std.dkuug.dk/jtc1/sc22/wg20/&quot;&gt;ISO/IEC
    JTC1/SC22/WG20&lt;/a&gt; - Gruppen for i18n-standardisering i ISO&lt;/li&gt;

&lt;ul&gt;
</description>
        </item>
        
        <item>
                <title>S3QL, a locally mounted cloud file system - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/S3QL__a_locally_mounted_cloud_file_system___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/S3QL__a_locally_mounted_cloud_file_system___nice_free_software.html</guid>
                <pubDate>Wed, 9 Apr 2014 11:30:00 +0200</pubDate>
                <description>&lt;p&gt;For a while now, I have been looking for a sensible offsite backup
solution for use at home.  My requirements are simple, it must be
cheap and locally encrypted (in other words, I keep the encryption
keys, the storage provider do not have access to my private files).
One idea me and my friends had many years ago, before the cloud
storage providers showed up, was to use Google mail as storage,
writing a Linux block device storing blocks as emails in the mail
service provided by Google, and thus get heaps of free space.  On top
of this one can add encryption, RAID and volume management to have
lots of (fairly slow, I admit that) cheap and encrypted storage.  But
I never found time to implement such system.  But the last few weeks I
have looked at a system called
&lt;a href=&quot;https://bitbucket.org/nikratio/s3ql/&quot;&gt;S3QL&lt;/a&gt;, a locally
mounted network backed file system with the features I need.&lt;/p&gt;

&lt;p&gt;S3QL is a fuse file system with a local cache and cloud storage,
handling several different storage providers, any with Amazon S3,
Google Drive or OpenStack API.  There are heaps of such storage
providers.  S3QL can also use a local directory as storage, which
combined with sshfs allow for file storage on any ssh server.  S3QL
include support for encryption, compression, de-duplication, snapshots
and immutable file systems, allowing me to mount the remote storage as
a local mount point, look at and use the files as if they were local,
while the content is stored in the cloud as well.  This allow me to
have a backup that should survive fire.  The file system can not be
shared between several machines at the same time, as only one can
mount it at the time, but any machine with the encryption key and
access to the storage service can mount it if it is unmounted.&lt;/p&gt;

&lt;p&gt;It is simple to use.  I&#39;m using it on Debian Wheezy, where the
package is included already.  So to get started, run &lt;tt&gt;apt-get
install s3ql&lt;/tt&gt;.  Next, pick a storage provider.  I ended up picking
Greenqloud, after reading their nice recipe on
&lt;a href=&quot;https://greenqloud.zendesk.com/entries/44611757-How-To-Use-S3QL-to-mount-a-StorageQloud-bucket-on-Debian-Wheezy&quot;&gt;how
to use S3QL with their Amazon S3 service&lt;/a&gt;, because I trust the laws
in Iceland more than those in USA when it come to keeping my personal
data safe and private, and thus would rather spend money on a company
in Iceland.  Another nice recipe is available from the article
&lt;a href=&quot;http://www.admin-magazine.com/HPC/Articles/HPC-Cloud-Storage&quot;&gt;S3QL
Filesystem for HPC Storage&lt;/a&gt; by Jeff Layton in the HPC section of
Admin magazine.  When the provider is picked, figure out how to get
the API key needed to connect to the storage API.  With Greencloud,
the key did not show up until I had added payment details to my
account.&lt;/p&gt;

&lt;p&gt;Armed with the API access details, it is time to create the file
system.  First, create a new bucket in the cloud.  This bucket is the
file system storage area.  I picked a bucket name reflecting the
machine that was going to store data there, but any name will do.
I&#39;ll refer to it as &lt;tt&gt;bucket-name&lt;/tt&gt; below.  In addition, one need
the API login and password, and a locally created password.  Store it
all in ~root/.s3ql/authinfo2 like this:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
[s3c]
storage-url: s3c://s.greenqloud.com:443/bucket-name
backend-login: API-login
backend-password: API-password
fs-passphrase: local-password
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;I create my local passphrase using &lt;tt&gt;pwget 50&lt;/tt&gt; or similar,
but any sensible way to create a fairly random password should do it.
Armed with these details, it is now time to run mkfs, entering the API
details and password to create it:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# mkdir -m 700 /var/lib/s3ql-cache
# mkfs.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl s3c://s.greenqloud.com:443/bucket-name
Enter backend login: 
Enter backend password: 
Before using S3QL, make sure to read the user&#39;s guide, especially
the &#39;Important Rules to Avoid Loosing Data&#39; section.
Enter encryption password: 
Confirm encryption password: 
Generating random encryption key...
Creating metadata tables...
Dumping metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Compressing and uploading metadata...
Wrote 0.00 MB of compressed metadata.
# &lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The next step is mounting the file system to make the storage available.

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
Using 4 upload threads.
Downloading and decompressing metadata...
Reading metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Mounting filesystem...
# df -h /s3ql
Filesystem                              Size  Used Avail Use% Mounted on
s3c://s.greenqloud.com:443/bucket-name  1.0T     0  1.0T   0% /s3ql
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The file system is now ready for use.  I use rsync to store my
backups in it, and as the metadata used by rsync is downloaded at
mount time, no network traffic (and storage cost) is triggered by
running rsync.  To unmount, one should not use the normal umount
command, as this will not flush the cache to the cloud storage, but
instead running the umount.s3ql command like this:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# umount.s3ql /s3ql
# 
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;There is a fsck command available to check the file system and
correct any problems detected.  This can be used if the local server
crashes while the file system is mounted, to reset the &quot;already
mounted&quot; flag.  This is what it look like when processing a working
file system:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# fsck.s3ql --force --ssl s3c://s.greenqloud.com:443/bucket-name
Using cached metadata.
File system seems clean, checking anyway.
Checking DB integrity...
Creating temporary extra indices...
Checking lost+found...
Checking cached objects...
Checking names (refcounts)...
Checking contents (names)...
Checking contents (inodes)...
Checking contents (parent inodes)...
Checking objects (reference counts)...
Checking objects (backend)...
..processed 5000 objects so far..
..processed 10000 objects so far..
..processed 15000 objects so far..
Checking objects (sizes)...
Checking blocks (referenced objects)...
Checking blocks (refcounts)...
Checking inode-block mapping (blocks)...
Checking inode-block mapping (inodes)...
Checking inodes (refcounts)...
Checking inodes (sizes)...
Checking extended attributes (names)...
Checking extended attributes (inodes)...
Checking symlinks (inodes)...
Checking directory reachability...
Checking unix conventions...
Checking referential integrity...
Dropping temporary indices...
Backing up old metadata...
Dumping metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Compressing and uploading metadata...
Wrote 0.89 MB of compressed metadata.
# 
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Thanks to the cache, working on files that fit in the cache is very
quick, about the same speed as local file access.  Uploading large
amount of data is to me limited by the bandwidth out of and into my
house.  Uploading 685 MiB with a 100 MiB cache gave me 305 kiB/s,
which is very close to my upload speed, and downloading the same
Debian installation ISO gave me 610 kiB/s, close to my download speed.
Both were measured using &lt;tt&gt;dd&lt;/tt&gt;.  So for me, the bottleneck is my
network, not the file system code.  I do not know what a good cache
size would be, but suspect that the cache should e larger than your
working set.&lt;/p&gt;

&lt;p&gt;I mentioned that only one machine can mount the file system at the
time.  If another machine try, it is told that the file system is
busy:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
Using 8 upload threads.
Backend reports that fs is still mounted elsewhere, aborting.
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The file content is uploaded when the cache is full, while the
metadata is uploaded once every 24 hour by default.  To ensure the
file system content is flushed to the cloud, one can either umount the
file system, or ask S3QL to flush the cache and metadata using
s3qlctrl:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# s3qlctrl upload-meta /s3ql
# s3qlctrl flushcache /s3ql
# 
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;If you are curious about how much space your data uses in the
cloud, and how much compression and deduplication cut down on the
storage usage, you can use s3qlstat on the mounted file system to get
a report:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# s3qlstat /s3ql
Directory entries:    9141
Inodes:               9143
Data blocks:          8851
Total data size:      22049.38 MB
After de-duplication: 21955.46 MB (99.57% of total)
After compression:    21877.28 MB (99.22% of total, 99.64% of de-duplicated)
Database size:        2.39 MB (uncompressed)
(some values do not take into account not-yet-uploaded dirty blocks in cache)
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;I mentioned earlier that there are several possible suppliers of
storage.  I did not try to locate them all, but am aware of at least
&lt;a href=&quot;https://www.greenqloud.com/&quot;&gt;Greenqloud&lt;/a&gt;,
&lt;a href=&quot;http://drive.google.com/&quot;&gt;Google Drive&lt;/a&gt;,
&lt;a href=&quot;http://aws.amazon.com/s3/&quot;&gt;Amazon S3 web serivces&lt;/a&gt;,
&lt;a href=&quot;http://www.rackspace.com/&quot;&gt;Rackspace&lt;/a&gt; and
&lt;a href=&quot;http://crowncloud.net/&quot;&gt;Crowncloud&lt;/A&gt;.  The latter even
accept payment in Bitcoin.  Pick one that suit your need.  Some of
them provide several GiB of free storage, but the prize models are
quite different and you will have to figure out what suits you
best.&lt;/p&gt;

&lt;p&gt;While researching this blog post, I had a look at research papers
and posters discussing the S3QL file system.  There are several, which
told me that the file system is getting a critical check by the
science community and increased my confidence in using it.  One nice
poster is titled
&quot;&lt;a href=&quot;http://www.lanl.gov/orgs/adtsc/publications/science_highlights_2013/docs/pg68_69.pdf&quot;&gt;An
Innovative Parallel Cloud Storage System using OpenStack’s SwiftObject
Store and Transformative Parallel I/O Approach&lt;/a&gt;&quot; by Hsing-Bung
Chen, Benjamin McClelland, David Sherrill, Alfred Torrez, Parks Fields
and Pamela Smith.  Please  have a look.&lt;/p&gt;

&lt;p&gt;Given my problems with different file systems earlier, I decided to
check out the mounted S3QL file system to see if it would be usable as
a home directory (in other word, that it provided POSIX semantics when
it come to locking and umask handling etc).  Running
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html&quot;&gt;my
test code to check file system semantics&lt;/a&gt;, I was happy to discover that
no error was found.  So the file system can be used for home
directories, if one chooses to do so.&lt;/p&gt;

&lt;p&gt;If you do not want a locally file system, and want something that
work without the Linux fuse file system, I would like to mention the
&lt;a href=&quot;http://www.tarsnap.com/&quot;&gt;Tarsnap service&lt;/a&gt;, which also
provide locally encrypted backup using a command line client.  It have
a nicer access control system, where one can split out read and write
access, allowing some systems to write to the backup and others to
only read from it.&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>EU-domstolen bekreftet i dag at datalagringsdirektivet er ulovlig</title>
                <link>http://people.skolelinux.org/pere/blog/EU_domstolen_bekreftet_i_dag_at_datalagringsdirektivet_er_ulovlig.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/EU_domstolen_bekreftet_i_dag_at_datalagringsdirektivet_er_ulovlig.html</guid>
                <pubDate>Tue, 8 Apr 2014 11:30:00 +0200</pubDate>
                <description>&lt;p&gt;I dag kom endelig avgjørelsen fra EU-domstolen om
datalagringsdirektivet, som ikke overraskende ble dømt ulovlig og i
strid med borgernes grunnleggende rettigheter.  Hvis du lurer på hva
datalagringsdirektivet er for noe, så er det
&lt;a href=&quot;http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet&quot;&gt;en
flott dokumentar tilgjengelig hos NRK&lt;/a&gt; som jeg tidligere
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html&quot;&gt;har
anbefalt&lt;/a&gt; alle å se.&lt;/p&gt;

&lt;p&gt;Her er et liten knippe nyhetsoppslag om saken, og jeg regner med at
det kommer flere ut over dagen.  Flere kan finnes
&lt;a href=&quot;http://www.mylder.no/?drill=datalagringsdirektivet&amp;intern=1&quot;&gt;via
mylder&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;ul&gt;

&lt;li&gt;&lt;a href=&quot;http://e24.no/digital/eu-domstolen-datalagringsdirektivet-er-ugyldig/22879592&quot;&gt;EU-domstolen:
Datalagringsdirektivet er ugyldig&lt;/a&gt; - e24.no 2014-04-08

&lt;li&gt;&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/EU-domstolen-Datalagringsdirektivet-er-ulovlig-7529032.html&quot;&gt;EU-domstolen:
Datalagringsdirektivet er ulovlig&lt;/a&gt; - aftenposten.no 2014-04-08

&lt;li&gt;&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/politikk/Krever-DLD-stopp-i-Norge-7530086.html&quot;&gt;Krever
DLD-stopp i Norge&lt;/a&gt; - aftenposten.no 2014-04-08

&lt;li&gt;&lt;a href=&quot;http://www.p4.no/story.aspx?id=566431&quot;&gt;Apenes: - En
gledens dag&lt;/a&gt; - p4.no 2014-04-08

&lt;li&gt;&lt;a href=&quot;http://www.nrk.no/norge/_-datalagringsdirektivet-er-ugyldig-1.11655929&quot;&gt;EU-domstolen:
– Datalagringsdirektivet er ugyldig&lt;/a&gt; - nrk.no 2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.vg.no/nyheter/utenriks/data-og-nett/eu-domstolen-datalagringsdirektivet-er-ugyldig/a/10130280/&quot;&gt;EU-domstolen:
Datalagringsdirektivet er ugyldig&lt;/a&gt; - vg.no 2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.dagbladet.no/2014/04/08/nyheter/innenriks/datalagringsdirektivet/personvern/32711646/&quot;&gt;-
Vi bør skrote hele datalagringsdirektivet&lt;/a&gt; - dagbladet.no
2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.digi.no/928137/eu-domstolen-dld-er-ugyldig&quot;&gt;EU-domstolen:
DLD er ugyldig&lt;/a&gt; - digi.no 2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.irishtimes.com/business/sectors/technology/european-court-declares-data-retention-directive-invalid-1.1754150&quot;&gt;European
court declares data retention directive invalid&lt;/a&gt; - irishtimes.com
2014-04-08&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.reuters.com/article/2014/04/08/us-eu-data-ruling-idUSBREA370F020140408?feedType=RSS&quot;&gt;EU
court rules against requirement to keep data of telecom users&lt;/a&gt; -
reuters.com 2014-04-08&lt;/li&gt;

&lt;/ul&gt;
&lt;/p&gt;

&lt;p&gt;Jeg synes det er veldig fint at nok en stemme slår fast at
totalitær overvåkning av befolkningen er uakseptabelt, men det er
fortsatt like viktig å beskytte privatsfæren som før, da de
teknologiske mulighetene fortsatt finnes og utnyttes, og jeg tror
innsats i prosjekter som
&lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox&lt;/a&gt; og
&lt;a href=&quot;http://www.dugnadsnett.no/&quot;&gt;Dugnadsnett&lt;/a&gt; er viktigere enn
noen gang.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2014-04-08 12:10&lt;/strong&gt;: Kronerullingen for å
stoppe datalagringsdirektivet i Norge gjøres hos foreningen
&lt;a href=&quot;http://www.digitaltpersonvern.no/&quot;&gt;Digitalt Personvern&lt;/a&gt;,
som har samlet inn 843 215,- så langt men trenger nok mye mer hvis

ikke Høyre og Arbeiderpartiet bytter mening i saken.  Det var
&lt;a href=&quot;http://www.holderdeord.no/parliament-issues/48650&quot;&gt;kun
partinene Høyre og Arbeiderpartiet&lt;/a&gt; som stemte for
Datalagringsdirektivet, og en av dem må bytte mening for at det skal
bli flertall mot i Stortinget.  Se mer om saken
&lt;a href=&quot;http://www.holderdeord.no/issues/69-innfore-datalagringsdirektivet&quot;&gt;Holder
de ord&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>ReactOS Windows clone - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/ReactOS_Windows_clone___nice_free_software.html</guid>
                <pubDate>Tue, 1 Apr 2014 12:10:00 +0200</pubDate>
                <description>&lt;p&gt;Microsoft have announced that Windows XP reaches its end of life
2014-04-08, in 7 days.  But there are heaps of machines still running
Windows XP, and depending on Windows XP to run their applications, and
upgrading will be expensive, both when it comes to money and when it
comes to the amount of effort needed to migrate from Windows XP to a
new operating system.  Some obvious options (buy new a Windows
machine, buy a MacOSX machine, install Linux on the existing machine)
are already well known and covered elsewhere.  Most of them involve
leaving the user applications installed on Windows XP behind and
trying out replacements or updated versions. In this blog post I want
to mention one strange bird that allow people to keep the hardware and
the existing Windows XP applications and run them on a free software
operating system that is Windows XP compatible.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.reactos.org/&quot;&gt;ReactOS&lt;/a&gt; is a free software
operating system (GNU GPL licensed) working on providing a operating
system that is binary compatible with Windows, able to run windows
programs directly and to use Windows drivers for hardware directly.
The project goal is for Windows user to keep their existing machines,
drivers and software, and gain the advantages from user a operating
system without usage limitations caused by non-free licensing.  It is
a Windows clone running directly on the hardware, so quite different
from the approach taken by &lt;a href=&quot;http://www.winehq.org/&quot;&gt;the Wine
project&lt;/a&gt;, which make it possible to run Windows binaries on
Linux.&lt;/p&gt;

&lt;p&gt;The ReactOS project share code with the Wine project, so most
shared libraries available on Windows are already implemented already.
There is also a software manager like the one we are used to on Linux,
allowing the user to install free software applications with a simple
click directly from the Internet.  Check out the
&lt;a href=&quot;http://www.reactos.org/screenshots&quot;&gt;screen shots on the
project web site&lt;/a&gt; for an idea what it look like (it looks just like
Windows before metro).&lt;/p&gt;

&lt;p&gt;I do not use ReactOS myself, preferring Linux and Unix like
operating systems.  I&#39;ve tested it, and it work fine in a virt-manager
virtual machine.  The browser, minesweeper, notepad etc is working
fine as far as I can tell.  Unfortunately, my main test application
is the software included on a CD with the Lego Mindstorms NXT, which
seem to install just fine from CD but fail to leave any binaries on
the disk after the installation.  So no luck with that test software.
No idea why, but hope someone else figure out and fix the problem.
I&#39;ve tried the ReactOS Live ISO on a physical machine, and it seemed
to work just fine.  If you like Windows and want to keep running your
old Windows binaries, check it out by
&lt;a href=&quot;http://www.reactos.org/download&quot;&gt;downloading&lt;/a&gt; the
installation CD, the live CD or the preinstalled virtual machine
image.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian Edu interview: Roger Marsal</title>
                <link>http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Roger_Marsal.html</guid>
                <pubDate>Sun, 30 Mar 2014 11:40:00 +0200</pubDate>
                <description>&lt;p&gt;&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu / Skolelinux&lt;/a&gt;
keep gaining new users.  Some weeks ago, a person showed up on IRC,
&lt;a href=&quot;irc://irc.debian.org/#debian-edu&quot;&gt;#debian-edu&lt;/a&gt;, with a
wish to contribute, and I managed to get a interview with this great
contributor Roger Marsal to learn more about his background.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Who are you, and how do you spend your days?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;My name is Roger Marsal, I&#39;m 27 years old (1986 generation) and I
live in Barcelona, Spain. I&#39;ve got a strong business background and I
work as a patrimony manager and as a real estate agent.  Additionally,
I&#39;ve co-founded a British based tech company that is nowadays on the
last development phase of a new social networking concept.&lt;/p&gt;

&lt;p&gt;I&#39;m a Linux enthusiast that started its journey with Ubuntu four years
ago and have recently switched to Debian seeking rock solid stability
and as a necessary step to gain expertise.&lt;/p&gt;

&lt;p&gt;In a nutshell, I spend my days working and learning as much as I
can to face both my job, entrepreneur project and feed my Linux
hunger.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;How did you get in contact with the Skolelinux / Debian Edu
project?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I discovered the &lt;a href=&quot;http://www.ltsp.org/&quot;&gt;LTSP&lt;/a&gt; advantages
with &quot;Ubuntu 12.04 alternate install&quot; and after a year of use I
started looking for an alternative.  Even though I highly value and
respect the Ubuntu project, I thought it was necessary for me to
change to a more robust and stable alternative.  As far as I was using
Debian on my personal laptop I thought it would be fine to install
Debian and configure an LTSP server myself.  Surprised, I discovered
that the Debian project also supported a kind of Edubuntu equivalent,
and after having some pain I obtained a Debian Edu network up and
running.  I just loved it.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What do you see as the advantages of Skolelinux / Debian
Edu?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I found a main advantage in that, once you know &quot;the tips and
tricks&quot;, a new installation just works out of the box. It&#39;s the most
complete alternative I&#39;ve found to create an LTSP network. All the
other distributions seems to be made of plastic, Debian Edu seems to
be made of steel.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;What do you see as the disadvantages of Skolelinux / Debian
Edu?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I found two main disadvantages.&lt;/p&gt;

&lt;p&gt;I&#39;m not an expert but I&#39;ve got notions and I had to spent a considerable
amount of time trying to bring up a standard network topology. I&#39;m quite
stubborn and I just worked until I did but I&#39;m sure many people with few
resources (not big schools, but academies for example) would have switched
or dropped.&lt;/p&gt;

&lt;p&gt;It&#39;s amazing how such a complex system like Debian Edu has achieved
this out-of-the-box state. Even though tweaking without breaking gets
more difficult, as more factors have to be considered. This can
discourage many people too.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Which free software do you use daily?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I use Debian, Firefox, Okular, Inkscape, LibreOffice and
Virtualbox.&lt;/p&gt;


&lt;p&gt;&lt;strong&gt;Which strategy do you believe is the right one to use to
get schools to use free software?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;I don&#39;t think there is a need for a particular strategy. The free
attribute in both &quot;freedom&quot; and &quot;no price&quot; meanings is what will
really bring free software to schools. In my experience I can think of
the &lt;a href=&quot;http://www.r-project.org/&quot;&gt;&quot;R&quot; statistical language&lt;/a&gt;; a
few years a ago was an extremely nerd tool for university people.
Today it&#39;s being increasingly used to teach statistics at many
different level of studies.  I believe free and open software will
increasingly gain popularity, but I&#39;m sure schools will be one of the
first scenarios where this will happen.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Dokumentaren om Datalagringsdirektivet sendes endelig på NRK</title>
                <link>http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Dokumentaren_om_Datalagringsdirektivet_sendes_endelig_p__NRK.html</guid>
                <pubDate>Wed, 26 Mar 2014 09:50:00 +0100</pubDate>
                <description>&lt;p&gt;&lt;a href=&quot;http://www.nuug.no/&quot;&gt;Foreningen NUUG&lt;/a&gt; melder i natt at
NRK nå har bestemt seg for
&lt;a href=&quot;http://www.nuug.no/news/NRK_viser_filmen_om_Datalagringsdirektivet_f_rste_gang_2014_03_31.shtml&quot;&gt;når
den norske dokumentarfilmen om datalagringsdirektivet skal
sendes&lt;/a&gt; (se &lt;a href=&quot;http://www.imdb.com/title/tt2832844/&quot;&gt;IMDB&lt;/a&gt;
for detaljer om filmen) . Første visning blir på NRK2 mandag
2014-03-31 kl. 19:50, og deretter visninger onsdag 2014-04-02
kl. 12:30, fredag 2014-04-04 kl. 19:40 og søndag 2014-04-06 kl. 15:10.
Jeg har sett dokumentaren, og jeg anbefaler enhver å se den selv.  Som
oppvarming mens vi venter anbefaler jeg Bjørn Stærks kronikk i
Aftenposten fra i går,
&lt;a href=&quot;http://www.aftenposten.no/meninger/kronikker/Autoritar-gjokunge-7514915.html&quot;&gt;Autoritær
gjøkunge&lt;/a&gt;, der han gir en grei skisse av hvor ille det står til med
retten til privatliv og beskyttelsen av demokrati i Norge og resten
verden, og helt riktig slår fast at det er vi i databransjen som
sitter med nøkkelen til å gjøre noe med dette.  Jeg har involvert meg
i prosjektene &lt;a href=&quot;http://www.dugnadsnett.no/&quot;&gt;dugnadsnett.no&lt;/a&gt;
og &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;FreedomBox&lt;/a&gt; for å
forsøke å gjøre litt selv for å bedre situasjonen, men det er mye
hardt arbeid fra mange flere enn meg som gjenstår før vi kan sies å ha
gjenopprettet balansen.&lt;/p&gt;

&lt;p&gt;Jeg regner med at nettutgaven dukker opp på
&lt;a href=&quot;http://tv.nrk.no/program/koid75005313/tema-dine-digitale-spor-datalagringsdirektivet&quot;&gt;NRKs
side om filmen om datalagringsdirektivet&lt;/a&gt; om fem dager.  Hold et
øye med siden, og tips venner og slekt om at de også bør se den.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Public Trusted Timestamping services for everyone</title>
                <link>http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Public_Trusted_Timestamping_services_for_everyone.html</guid>
                <pubDate>Tue, 25 Mar 2014 12:50:00 +0100</pubDate>
                <description>&lt;p&gt;Did you ever need to store logs or other files in a way that would
allow it to be used as evidence in court, and needed a way to
demonstrate without reasonable doubt that the file had not been
changed since it was created?  Or, did you ever need to document that
a given document was received at some point in time, like some
archived document or the answer to an exam, and not changed after it
was received?  The problem in these settings is to remove the need to
trust yourself and your computers, while still being able to prove
that a file is the same as it was at some given time in the past.&lt;/p&gt;

&lt;p&gt;A solution to these problems is to have a trusted third party
&quot;stamp&quot; the document and verify that at some given time the document
looked a given way.  Such
&lt;a href=&quot;https://en.wikipedia.org/wiki/Notarius&quot;&gt;notarius&lt;/a&gt; service
have been around for thousands of years, and its digital equivalent is
called a
&lt;a href=&quot;http://en.wikipedia.org/wiki/Trusted_timestamping&quot;&gt;trusted
timestamping service&lt;/a&gt;.  &lt;a href=&quot;http://www.ietf.org/&quot;&gt;The Internet
Engineering Task Force&lt;/a&gt; standardised how such service could work a
few years ago as &lt;a href=&quot;http://tools.ietf.org/html/rfc3161&quot;&gt;RFC
3161&lt;/a&gt;.  The mechanism is simple.  Create a hash of the file in
question, send it to a trusted third party which add a time stamp to
the hash and sign the result with its private key, and send back the
signed hash + timestamp.  Both email, FTP and HTTP can be used to
request such signature, depending on what is provided by the service
used. Anyone with the document and the signature can then verify that
the document matches the signature by creating their own hash and
checking the signature using the trusted third party public key.
There are several commercial services around providing such
timestamping.  A quick search for
&quot;&lt;a href=&quot;https://duckduckgo.com/?q=rfc+3161+service&quot;&gt;rfc 3161
service&lt;/a&gt;&quot; pointed me to at least
&lt;a href=&quot;https://www.digistamp.com/technical/how-a-digital-time-stamp-works/&quot;&gt;DigiStamp&lt;/a&gt;,
&lt;a href=&quot;http://www.quovadisglobal.co.uk/CertificateServices/SigningServices/TimeStamp.aspx&quot;&gt;Quo
Vadis&lt;/a&gt;,
&lt;a href=&quot;https://www.globalsign.com/timestamp-service/&quot;&gt;Global Sign&lt;/a&gt;
and &lt;a href=&quot;http://www.globaltrustfinder.com/TSADefault.aspx&quot;&gt;Global
Trust Finder&lt;/a&gt;.  The system work as long as the private key of the
trusted third party is not compromised.&lt;/p&gt;

&lt;p&gt;But as far as I can tell, there are very few public trusted
timestamp services available for everyone.  I&#39;ve been looking for one
for a while now. But yesterday I found one over at
&lt;a href=&quot;https://www.pki.dfn.de/zeitstempeldienst/&quot;&gt;Deutches
Forschungsnetz&lt;/a&gt; mentioned in
&lt;a href=&quot;http://www.d-mueller.de/blog/dealing-with-trusted-timestamps-in-php-rfc-3161/&quot;&gt;a
blog by David Müller&lt;/a&gt;.  I then found
&lt;a href=&quot;http://www.rz.uni-greifswald.de/support/dfn-pki-zertifikate/zeitstempeldienst.html&quot;&gt;a
good recipe on how to use the service&lt;/a&gt; over at the University of
Greifswald.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.openssl.org/&quot;&gt;The OpenSSL library&lt;/a&gt; contain
both server and tools to use and set up your own signing service.  See
the ts(1SSL), tsget(1SSL) manual pages for more details.  The
following shell script demonstrate how to extract a signed timestamp
for any file on the disk in a Debian environment:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
set -e
url=&quot;http://zeitstempel.dfn.de&quot;
caurl=&quot;https://pki.pca.dfn.de/global-services-ca/pub/cacert/chain.txt&quot;
reqfile=$(mktemp -t tmp.XXXXXXXXXX.tsq)
resfile=$(mktemp -t tmp.XXXXXXXXXX.tsr)
cafile=chain.txt
if [ ! -f $cafile ] ; then
    wget -O $cafile &quot;$caurl&quot;
fi
openssl ts -query -data &quot;$1&quot; -cert | tee &quot;$reqfile&quot; \
    | /usr/lib/ssl/misc/tsget -h &quot;$url&quot; -o &quot;$resfile&quot;
openssl ts -reply -in &quot;$resfile&quot; -text 1&gt;&amp;2
openssl ts -verify -data &quot;$1&quot; -in &quot;$resfile&quot; -CAfile &quot;$cafile&quot; 1&gt;&amp;2
base64 &lt; &quot;$resfile&quot;
rm &quot;$reqfile&quot; &quot;$resfile&quot;
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The argument to the script is the file to timestamp, and the output
is a base64 encoded version of the signature to STDOUT and details
about the signature to STDERR.  Note that due to
&lt;a href=&quot;http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742553&quot;&gt;a bug
in the tsget script&lt;/a&gt;, you might need to modify the included script
and remove the last line.  Or just write your own HTTP uploader using
curl. :) Now you too can prove and verify that files have not been
changed.&lt;/p&gt;

&lt;p&gt;But the Internet need more public trusted timestamp services.
Perhaps something for &lt;a href=&quot;http://www.uninett.no/&quot;&gt;Uninett&lt;/a&gt; or
my work place the &lt;a href=&quot;http://www.uio.no/&quot;&gt;University of Oslo&lt;/a&gt;
to set up?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Video DVD reader library / python-dvdvideo - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Video_DVD_reader_library___python_dvdvideo___nice_free_software.html</guid>
                <pubDate>Fri, 21 Mar 2014 15:25:00 +0100</pubDate>
                <description>&lt;p&gt;Keeping your DVD collection safe from scratches and curious
children fingers while still having it available when you want to see a
movie is not straight forward.  My preferred method at the moment is
to store a full copy of the ISO on a hard drive, and use VLC, Popcorn
Hour or other useful players to view the resulting file.  This way the
subtitles and bonus material are still available and using the ISO is
just like inserting the original DVD record in the DVD player.&lt;/p&gt;

&lt;p&gt;Earlier I used dd for taking security copies, but it do not handle
DVDs giving read errors (which are quite a few of them).  I&#39;ve also
tried using
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Ripping_problematic_DVDs_using_dvdbackup_and_genisoimage.html&quot;&gt;dvdbackup
and genisoimage&lt;/a&gt;, but these days I use the marvellous python library
and program
&lt;a href=&quot;http://bblank.thinkmo.de/blog/new-software-python-dvdvideo&quot;&gt;python-dvdvideo&lt;/a&gt;
written by Bastian Blank.  It is
&lt;a href=&quot;http://packages.qa.debian.org/p/python-dvdvideo.html&quot;&gt;in Debian
already&lt;/a&gt; and the binary package name is python3-dvdvideo. Instead
of trying to read every block from the DVD, it parses the file
structure and figure out which block on the DVD is actually in used,
and only read those blocks from the DVD.  This work surprisingly well,
and I have been able to almost backup my entire DVD collection using
this method.&lt;/p&gt;

&lt;p&gt;So far, python-dvdvideo have failed on between 10 and
20 DVDs, which is a small fraction of my collection.  The most common
problem is
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720831&quot;&gt;DVDs
using UTF-16 instead of UTF-8 characters&lt;/a&gt;, which according to
Bastian is against the DVD specification (and seem to cause some
players to fail too).  A rarer problem is what seem to be inconsistent
DVD structures, as the python library
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=723079&quot;&gt;claim
there is a overlap between objects&lt;/a&gt;.  An equally rare problem claim
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741878&quot;&gt;some
value is out of range&lt;/a&gt;.  No idea what is going on there.  I wish I
knew enough about the DVD format to fix these, to ensure my movie
collection will stay with me in the future.&lt;/p&gt;

&lt;p&gt;So, if you need to keep your DVDs safe, back them up using
python-dvdvideo. :)&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>