Petter Reinholdtsen

Back in 2010, I created a Perl library to talk to the Spykee robot (with two belts, wifi, USB and Linux) and made it available from my web page. Today I concluded that it should move to a site that is easier to use to cooperate with others, and moved it to github. If you got a Spykee robot, you might want to check out the libspykee-perl github repository.

The last few days I came across a few good causes that should get wider attention. I recommend signing and donating to each one of these. :)

Via Debian Project News for 2013-10-14 I came across the Outreach Program for Women program which is a Google Summer of Code like initiative to get more women involved in free software. One debian sponsor has offered to match any donation done to Debian earmarked for this initiative. I donated a few minutes ago, and hope you will to. :)

And the Electronic Frontier Foundation just announced plans to create video documentaries about the excessive spying on every Internet user that take place these days, and their need to fund the work. I've already donated. Are you next?

For my Norwegian audience, the organisation Studentenes og Akademikernes Internasjonale Hjelpefond is collecting signatures for a statement under the heading Bloggers United for Open Access for those of us asking for more focus on open access in the Norwegian government. So far 499 signatures. I hope you will sign it too.

Wireless mesh networks are self organising and self healing networks that can be used to connect computers across small and large areas, depending on the radio technology used. Normal wifi equipment can be used to create home made radio networks, and there are several successful examples like Freifunk and Athens Wireless Metropolitan Network (see wikipedia for a large list) around the globe. To give you an idea how it work, check out the nice overview of the Kiel Freifunk community which can be seen from their dynamically updated node graph and map, where one can see how the mesh nodes automatically handle routing and recover from nodes disappearing. There is also a small community mesh network group in Oslo, Norway, and that is the main topic of this blog post.

I've wanted to check out mesh networks for a while now, and hoped to do it as part of my involvement with the NUUG member organisation community, and my recent involvement in the Freedombox project finally lead me to give mesh networks some priority, as I suspect a Freedombox should use mesh networks to connect neighbours and family when possible, given that most communication between people are between those nearby (as shown for example by research on Facebook communication patterns). It also allow people to communicate without any central hub to tap into for those that want to listen in on the private communication of citizens, which have become more and more important over the years.

So far I have only been able to find one group of people in Oslo working on community mesh networks, over at the hack space Hackeriet at Husmania. They seem to have started with some Freifunk based effort using OLSR, called the Oslo Freifunk project, but that effort is now dead and the people behind it have moved on to a batman-adv based system called meshfx. Unfortunately the wiki site for the Oslo Freifunk project is no longer possible to update to reflect this fact, so the old project page can't be updated to point to the new project. A while back, the people at Hackeriet invited people from the Freifunk community to Oslo to talk about mesh networks. I came across this video where Hans Jørgen Lysglimt interview the speakers about this talk (from youtube):

I mentioned OLSR and batman-adv, which are mesh routing protocols. There are heaps of different protocols, and I am still struggling to figure out which one would be "best" for some definitions of best, but given that the community mesh group in Oslo is so small, I believe it is best to hook up with the existing one instead of trying to create a completely different setup, and thus I have decided to focus on batman-adv for now. It sure help me to know that the very cool Serval project in Australia is using batman-adv as their meshing technology when it create a self organizing and self healing telephony system for disaster areas and less industrialized communities. Check out this cool video presenting that project (from youtube):

According to the wikipedia page on Wireless mesh network there are around 70 competing schemes for routing packets across mesh networks, and OLSR, B.A.T.M.A.N. and B.A.T.M.A.N. advanced are protocols used by several free software based community mesh networks.

The batman-adv protocol is a bit special, as it provide layer 2 (as in ethernet ) routing, allowing ipv4 and ipv6 to work on the same network. One way to think about it is that it provide a mesh based vlan you can bridge to or handle like any other vlan connected to your computer. The required drivers are already in the Linux kernel at least since Debian Wheezy, and it is fairly easy to set up. A good introduction is available from the Open Mesh project. These are the key settings needed to join the Oslo meshfx network:

The reason for setting ad-hoc wifi Cell ID is to work around bugs in firmware used in wifi card and wifi drivers. (See a nice post from VillageTelco about "Information about cell-id splitting, stuck beacons, and failed IBSS merges! for details.) When these settings are activated and you have some other mesh node nearby, your computer will be connected to the mesh network and can communicate with any mesh node that is connected to any of the nodes in your network of nodes. :)

My initial plan was to reuse my old Linksys WRT54GL as a mesh node, but that seem to be very hard, as I have not been able to locate a firmware supporting batman-adv. If anyone know how to use that old wifi access point with batman-adv these days, please let me know.

If you find this project interesting and want to join, please join us on IRC, either channel #oslohackerspace or #nuug on irc.freenode.net.

While investigating mesh networks in Oslo, I came across an old research paper from the university of Stavanger and Telenor Research and Innovation called The reliability of wireless backhaul mesh networks and elsewhere learned that Telenor have been experimenting with mesh networks at Grünerløkka in Oslo. So mesh networks are also interesting for commercial companies, even though Telenor discovered that it was hard to figure out a good business plan for mesh networking and as far as I know have closed down the experiment. Perhaps Telenor or others would be interested in a cooperation?

Update 2013-10-12: I was just told by the Serval project developers that they no longer use batman-adv (but are compatible with it), but their own crypto based mesh system.

The other day I was pleased and surprised to discover that Marcelo Salvador had published a video on Youtube showing how to install the standalone Debian Edu / Skolelinux profile. This is the profile intended for use at home or on laptops that should not be integrated into the provided network services (no central home directory, no Kerberos / LDAP directory etc, in other word a single user machine). The result is 11 minutes long, and show some user applications (seem to be rather randomly picked). Missed a few of my favorites like celestia, planets and chromium showing the Zygote Body 3D model of the human body, but I guess he did not know about those or find other programs more interesting. :) And the video do not show the advantages I believe is one of the most valuable featuers in Debian Edu, its central school server making it possible to run hundreds of computers without hard drives by installing one central LTSP server.

Anyway, check out the video, embedded below and linked to above:

Are there other nice videos demonstrating Skolelinux? Please let me know. :)

A few hours ago, the announcement for the first stable release of Debian Edu Wheezy went out from the Debian publicity team. The complete announcement text can be found at the Debian News section, translated to several languages. Please check it out.

There is one minor known problem that we will fix very soon. One can not install a amd64 Thin Client Server using PXE, as the /var/ partition is too small. A workaround is to extend the partition (use lvresize + resize2fs in tty 2 while installing).

The Freedombox project have been going on for a while, and have presented the vision, ideas and solution several places. Here is a little collection of videos of talks and presentation of the project.

• FreedomBox - 2,5 minute marketing film (Youtube)
• Eben Moglen discusses the Freedombox on CBS news 2011 (Youtube)
• Eben Moglen - Freedom in the Cloud - Software Freedom, Privacy and and Security for Web 2.0 and Cloud computing at ISOC-NY Public Meeting 2010 (Youtube)
• Fosdem 2011 Keynote by Eben Moglen presenting the Freedombox (Youtube)
• Presentation of the Freedombox by James Vasile at Elevate in Gratz 2011 (Youtube)
• Freedombox - Discovery, Identity, and Trust by Nick Daly at Freedombox Hackfest New York City in 2012 (Youtube)
• Introduction to the Freedombox at Freedombox Hackfest New York City in 2012 (Youtube)
• Freedom, Out of the Box! by Bdale Garbee at linux.conf.au Ballarat, 2012 (Youtube)
• Freedombox 1.0 by Eben Moglen and Bdale Garbee at Fosdem 2013 (FOSDEM)
• What is the FreedomBox today by Bdale Garbee at Debconf13 in Vaumarcus 2013 (Youtube)

A larger list is available from the Freedombox Wiki.

On other news, I am happy to report that Freedombox based on Debian Jessie is coming along quite well, and soon both Owncloud and using Tor should be available for testers of the Freedombox solution. :) In a few weeks I hope everything needed to test it is included in Debian. The withsqlite package is already in Debian, and the plinth package is pending in NEW. The third and vital part of that puzzle is the metapackage/setup framework, which is still pending an upload. Join us on IRC (#freedombox on irc.debian.org) and the mailing list if you want to help make this vision come true.

The third wheezy based beta release of Debian Edu was wrapped up today. This is the release announcement from Holger Levsen:

Hi,

it is my pleasure to announce the third beta release (beta 2 for short) of Debian Edu / Skolelinux based on Debian Wheezy!

Please test these images extensivly, if no new problems are found we plan to do this final Debian Edu Wheezy release this coming weekend. We are not aware of any major problems or blockers in beta2, if you find something, please notify us immediately!

(More about the remaining steps for the Edu Wheezy release in another mail to the edu list tonight or tomorrow...)

Noteworthy changes and software updates for Debian Edu 7.1+edu0~b2 compared to beta1:

• The KDE proxy setup has been adjusted to use the provided wpad.dat. This also gets Chromium to use this proxy.
• Install kdepim-groupware with KDE desktops to make sure korganizer understand ical/dav sources.
• Increased default maximum size of /var/spool/squid and /skole/backup on the main server.
• A source DVD image containing all source packages is now available as well.
• Updates for chromium (29.0.1547.57-1~deb7u1), imagemagick (6.7.7.10-5+deb7u2), php5 (5.4.4-14+deb7u4), libmodplug (0.8.8.4-3+deb7u1+git20130828), tiff (4.0.2-6+deb7u2), linux-image (3.2.0-4-486_3.2.46-1+deb7u1).

Where to get it:

To download the multiarch netinstall CD release you can use

• ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso
• http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso
• rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-CD.iso .

The SHA1SUM of this image is: 3a1c89f4666df80eebcd46c5bf5fedb866f9472f

To download the multiarch USB stick ISO release you can use

• ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso
• http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso
• rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b2-USB.iso .

The SHA1SUM of this image is: 702d1718548f401c74bfa6df9f032cc3ee16597e

The Source DVD image has the filename debian-edu-7.1+edu0~b2-source-DVD.iso and the SHA1SUM 089eed8b3f962db47aae1f6a9685e9bb2fa30ca5 and is available the same way as the other isos.

How to report bugs

For information how to report bugs please see
http://wiki.debian.org/DebianEdu/HowTo/ReportBugs

About Debian Edu and Skolelinux

Debian Edu, also known as Skolelinux, is a Linux distribution based on Debian providing an out-of-the box environment of a completely configured school network. Immediately after installation a school server running all services needed for a school network is set up just waiting for users and machines being added via GOsa², a comfortable Web-UI. A netbooting environment is prepared using PXE, so after initial installation of the main server from CD or USB stick all other machines can be installed via the network. The provided school server provides LDAP database and Kerberos authentication service, centralized home directories, DHCP server, web proxy and many other services. The desktop contains more than 60 educational software packages and more are available from the Debian archive, and schools can choose between KDE, Gnome, LXDE and Xfce desktop environment.

This is the seventh test release based on Debian Wheezy. Basically this is an updated and slightly improved version compared to the Squeeze release.

Notes for upgrades from Alpha Prereleases

Alpha based installations should reinstall or downgrade the versions of gosa and libpam-mklocaluser to the ones used in this beta release. Both alpha and beta0 based installations should reinstall or deal with gosa.conf manually; there are two options: (1) Keep gosa.conf and edit this file as outlined on the mailing list. (2) Accept the new version of gosa.conf and replace both contained admin password placeholders with the password hashes found in the old one (backup copy!). In both cases all users need to change their password to make sure a password is set for CIFS access to their home directory.

cheers,
Holger

I was introduced to the Freedombox project in 2010, when Eben Moglen presented his vision about serving the need of non-technical people to keep their personal information private and within the legal protection of their own homes. The idea is to give people back the power over their network and machines, and return Internet back to its intended peer-to-peer architecture. Instead of depending on a central service, the Freedombox will give everyone control over their own basic infrastructure.

I've intended to join the effort since then, but other tasks have taken priority. But this summers nasty news about the misuse of trust and privilege exercised by the "western" intelligence gathering communities increased my eagerness to contribute to a point where I actually started working on the project a while back.

The initial Debian initiative based on the vision from Eben Moglen, is to create a simple and cheap Debian based appliance that anyone can hook up in their home and get access to secure and private services and communication. The initial deployment platform have been the Dreamplug, which is a piece of hardware I do not own. So to be able to test what the current Freedombox setup look like, I had to come up with a way to install it on some hardware I do have access to. I have rewritten the freedom-maker image build framework to use .deb packages instead of only copying setup into the boot images, and thanks to this rewrite I am able to set up any machine supported by Debian Wheezy as a Freedombox, using the previously mentioned deb (and a few support debs for packages missing in Debian).

The current Freedombox setup consist of a set of bootstrapping scripts (freedombox-setup), and a administrative web interface (plinth + exmachina + withsqlite), as well as a privacy enhancing proxy based on privoxy (freedombox-privoxy). There is also a web/javascript based XMPP client (jwchat) trying (unsuccessfully so far) to talk to the XMPP server (ejabberd). The web interface is pluggable, and the goal is to use it to enable OpenID services, mesh network connectivity, use of TOR, etc, etc. Not much of this is really working yet, see the project TODO for links to GIT repositories. Most of the code is on github at the moment. The HTTP proxy is operational out of the box, and the admin web interface can be used to add/remove plinth users. I've not been able to do anything else with it so far, but know there are several branches spread around github and other places with lots of half baked features.

Anyway, if you want to have a look at the current state, the following recipes should work to give you a test machine to poke at.

Debian Wheezy amd64

1. Fetch normal Debian Wheezy installation ISO.
2. Boot from it, either as CD or USB stick.

3. Press [tab] on the boot prompt and add this as a boot argument to the Debian installer:

   url=http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat

4. Answer the few language/region/password questions and pick disk to install on.
5. When the installation is finished and the machine have rebooted a few times, your Freedombox is ready for testing.

Raspberry Pi Raspbian

1. Fetch a Raspbian SD card image, create SD card.
2. Boot from SD card, extend file system to fill the card completely.

3. Log in and add this to /etc/sources.list:

   deb http://www.reinholdtsen.name/freedombox wheezy main
   

4. Run this as root:

   wget -O - http://www.reinholdtsen.name/freedombox/BE1A583D.asc | \
      apt-key add -
   apt-get update
   apt-get install freedombox-setup
   /usr/lib/freedombox/setup
   

5. Reboot into your freshly created Freedombox.

You can test it on other architectures too, but because the freedombox-privoxy package is binary, it will only work as intended on the architectures where I have had time to build the binary and put it in my APT repository. But do not let this stop you. It is only a short "apt-get source -b freedombox-privoxy" away. :)

Note that by default Freedombox is a DHCP server on the 192.168.1.0/24 subnet, so if this is your subnet be careful and turn off the DHCP server by running "update-rc.d isc-dhcp-server disable" as root.

Please let me know if this works for you, or if you have any problems. We gather on the IRC channel #freedombox on irc.debian.org and the project mailing list.

Once you get your freedombox operational, you can visit http://your-host-name:8001/ to see the state of the plint welcome screen (dead end - do not be surprised if you are unable to get past it), and next visit http://your-host-name:8001/help/ to look at the rest of plinth. The default user is 'admin' and the default password is 'secret'.

I 2011 raderte et stortingsflertall bestående av Høyre og Arbeiderpartiet vekk en betydelig del av privatsfæren til det norske folk. Det ble vedtatt at det skulle registreres og lagres i et halvt år hvor alle som bærer på en mobiltelefon befinner seg, hvem de snakker med og hvor lenge de snakket sammen. Det skal også registreres hvem de sendte SMS-meldinger til, hvem en har sendt epost til, og hvilke nett-tjenere en besøkte. Saken er kjent som Datalagringsdirektivet (DLD), og innebærer at alle innbyggerne og andre innenfor Norges grenser overvåkes døgnet rundt. Det ble i praksis innført brev og besøkskontroll av hele befolkningen. Rapporter fra de landene som allerede har innført slik total lagring av borgernes kommunikasjonsmønstre forteller at det ikke hjelper i kriminalitetsbekjempelsen. Den norske prislappen blir mange hundre millioner, uten at det ser ut til å bidra positivt til politiets arbeide. Jeg synes flere hundre millioner i stedet burde vært brukt på noe som kan dokumenteres å ha effekt i kriminalitetsbekjempelsen. Se mer på Wikipedia og Jon Wessel-Aas.

Hva er problemet, tenkter du kanskje? Et åpenbart problem er at medienes kildevern i praksis blir radert ut. Den innsamlede informasjonen gjør det mulig å finne ut hvem som har snakket med journalister på telefon, SMS og epost, og hvem som har vært i nærheten av journalister så sant begge bar med seg en telefon. Et annet er at advokatvernet blir sterkt redusert, der politiet kan finne ut hvem som har snakket med en advokat når, eller vært i møter en med advokat. Et tredje er at svært personlig informasjon kan avledes fra hvilke nettsteder en har besøkt. Har en besøkt hivnorge.no, swingersnorge.com eller andre sider som kan brukes til avlede interesser som hører til privatsfæren, vil denne informasjonen være tilgjengelig takket være datalagringsdirektivet.

De fleste partiene var mot, kun to partier stemte for. Høyre og Arbeiderpartiet. Og både Høyre og Arbeiderpartiet i Oslo har DLD-forkjempere på toppen av sine lister (har ikke sjekket de andre fylkene). Det er dermed helt uaktuelt for meg å stemme på disse partiene. Her er oversikten over partienes valglister i Oslo, med informasjon om hvem som stemte hva i første DLD-votering i Stortinget, basert på informasjon fra mine venner i Holder de Ord samt data.stortinget.no. Først ut er stortingslista fra Høyre for Oslo:

Deretter har vi stortingslista fra Arbeiderpartiet for Oslo:

Hvilket parti får så min stemme i år. Jeg tror det blir Piratpartiet. Hvis de kan bidra til at det kommer noen inn på Stortinget med teknisk peiling, så får kanskje ikke overvåkningsgalskapen like fritt spillerom som det har hatt så langt.

The second wheezy based beta release of Debian Edu was wrapped up today, slightly delayed because of some bugs in the initial Windows integration fixes . This is the release announcement:

New features for Debian Edu 7.1+edu0~b1 released 2013-08-22

These are the release notes for Debian Edu / Skolelinux 7.1+edu0~b1, based on Debian with codename "Wheezy".

About Debian Edu and Skolelinux

Debian Edu, also known as Skolelinux, is a Linux distribution based on Debian providing an out-of-the box environment of a completely configured school network. Immediately after installation a school server running all services needed for a school network is set up just waiting for users and machines being added via GOsa², a comfortable Web-UI. A netbooting environment is prepared using PXE, so after initial installation of the main server from CD or USB stick all other machines can be installed via the network. The provided school server provides LDAP database and Kerberos authentication service, centralized home directories, DHCP server, web proxy and many other services. The desktop contains more than 60 educational software packages and more are available from the Debian archive, and schools can choose between KDE, Gnome, LXDE and Xfce desktop environment.

This is the sixth test release based on Debian Wheezy. Basically this is an updated and slightly improved version compared to the Squeeze release.

ALERT: Alpha based installations should reinstall or downgrade the versions of gosa and libpam-mklocaluser to the ones used in this beta release. Both alpha and beta0 based installations should reinstall or deal with gosa.conf manually; there are two options: (1) Keep gosa.conf and edit this file as outlined on the mailing list. (2) Accept the new version of gosa.conf and replace both contained admin password placeholders with the password hashes found in the old one (backup copy!). In both cases every user need to change their their password to make sure a password is set for CIFS access to their home directory.

Software updates

• Added ssh askpass packages to default installation, to ensure ssh work also without a attached tty.
• Add the command-not-found package to the default installation to make it easier to figure out where to find missing command line tools. Please note, that the command 'update-command-not-found' has to be run as root to actually make it useful (internet access required).

Other changes

• Adjusted the USB stick ISO image build to include every tool needed for desktop=xfce installations.
• Adjust thin-client-server task to work when installing from USB stick ISO image.
• Made new grub artwork (changed png from indexed to RGB format).
• Minor cleanup in the CUPS setup.
• Make sure that bootstrapping of the Samba domain really happens during installation of the main server and adjust SID handling to cope with this.
• Make Samba passwords changeable (again) via GOsa².
• Fix generation of LM and NT password hashes via GOsa² to avoid empty password hashes.
• Adapted Samba machine domain joining to latest change in the smbldap-tools Perl package, fixing bugs blocking Windows machines from joining the Samba domain.

Known issues

• KDE fails to understand the wpad.dat file provided, causing it to not use the http proxy as it should.
• Chromium also fails to use the proxy when using the KDE desktop (using the KDE configuration).

Where to get it

To download the multiarch netinstall CD release you can use

• ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-CD.iso
• http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-CD.iso
• rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-CD.iso .

The MD5SUM of this image is: 1e357f80b55e703523f2254adde6d78b
The SHA1SUM of this image is: 7157f9be5fd27c7694d713c6ecfed61c3edda3b2

To download the multiarch USB stick ISO release you can use

• ftp://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-USB.iso
• http://ftp.skolelinux.org/skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-USB.iso
• rsync -avzP ftp.skolelinux.org::skolelinux-cd/wheezy/debian-edu-7.1+edu0~b1-USB.iso .

The MD5SUM of this image is: 7a8408ead59cf7e3cef25afb6e91590b
The SHA1SUM of this image is: f1817c031f02790d5edb3bfa0dcf8451088ad119

How to report bugs

http://wiki.debian.org/DebianEdu/HowTo/ReportBugs