+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html">New chrpath release 0.16</a>
+ </div>
+ <div class="date">
+ 14th January 2014
+ </div>
+ <div class="body">
+ <p><a href="http://www.coverity.com/">Coverity</a> is a nice tool to
+find problems in C, C++ and Java code using static source code
+analysis. It can detect a lot of different problems, and is very
+useful to find memory and locking bugs in the error handling part of
+the source. The company behind it provide
+<a href="https://scan.coverity.com/">check of free software projects as
+a community service</a>, and many hundred free software projects are
+already checked. A few days ago I decided to have a closer look at
+the Coverity system, and discovered that the
+<a href="http://www.gnu.org/software/gnash/">gnash</a> and
+<a href="http://sourceforge.net/projects/ipmitool/">ipmitool</a>
+projects I am involved with was already registered. But these are
+fairly big, and I would also like to have a small and easy project to
+check, and decided to <ahref="scan.coverity.com/projects/1179">request
+checking of the chrpath project</a>. It was
+added to the checker and discovered seven potential defects. Six of
+these were real, mostly resource "leak" when the program detected an
+error. Nothing serious, as the resources would be released a fraction
+of a second later when the program exited because of the error, but it
+is nice to do it right in case the source of the program some time in
+the future end up in a library. Having fixed all defects and added
+<a href="https://lists.alioth.debian.org/mailman/listinfo/chrpath-devel">a
+mailing list for the chrpath developers</a>, I decided it was time to
+publish a new release. These are the release notes:</p>
+
+<p>New in 0.16 released 2014-01-14:</p>
+
+<ul>
+
+ <li>Fixed all minor bugs discovered by Coverity.</li>
+ <li>Updated config.sub and config.guess from the GNU project.</li>
+ <li>Mention new project mailing list in the documentation.</li>
+
+</ul>
+
+<p>You can
+<a href="https://alioth.debian.org/frs/?group_id=31052">download the
+new version 0.16 from alioth</a>. Please let us know via the Alioth
+project if something is wrong with the new release. The test suite
+did not discover any old errors, so if you find a new one, please also
+include a test suite check.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/New_chrpath_release_0_15.html">New chrpath release 0.15</a>
+ </div>
+ <div class="date">
+ 24th November 2013
+ </div>
+ <div class="body">
+ <p>After many years break from the package and a vain hope that
+development would be continued by someone else, I finally pulled my
+acts together this morning and wrapped up a new release of chrpath,
+the command line tool to modify the rpath and runpath of already
+compiled ELF programs. The update was triggered by the persistence of
+Isha Vishnoi at IBM, which needed a new config.guess file to get
+support for the ppc64le architecture (powerpc 64-bit Little Endian) he
+is working on. I checked the
+<a href="http://packages.qa.debian.org/chrpath">Debian</a>,
+<a href="https://launchpad.net/ubuntu/+source/chrpath">Ubuntu</a> and
+<a href="https://admin.fedoraproject.org/pkgdb/acls/name/chrpath">Fedora</a>
+packages for interesting patches (failed to find the source from
+OpenSUSE and Mandriva packages), and found quite a few nice fixes.
+These are the release notes:</p>
+
+<p>New in 0.15 released 2013-11-24:</p>
+
+<ul>
+
+ <li>Updated config.sub and config.guess from the GNU project to work
+ with newer architectures. Thanks to isha vishnoi for the heads
+ up.</li>
+
+ <li>Updated README with current URLs.</li>
+
+ <li>Added byteswap fix found in Ubuntu, credited Jeremy Kerr and
+ Matthias Klose.</li>
+
+ <li>Added missing help for -k|--keepgoing option, using patch by
+ Petr Machata found in Fedora.</li>
+
+ <li>Rewrite removal of RPATH/RUNPATH to make sure the entry in
+ .dynamic is a NULL terminated string. Based on patch found in
+ Fedora credited Axel Thimm and Christian Krause.</li>
+
+</ul>
+
+<p>You can
+<a href="https://alioth.debian.org/frs/?group_id=31052">download the
+new version 0.15 from alioth</a>. Please let us know via the Alioth
+project if something is wrong with the new release. The test suite
+did not discover any old errors, so if you find a new one, please also
+include a testsuite check.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/chrpath">chrpath</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Debian_init_d_boot_script_example_for_rsyslog.html">Debian init.d boot script example for rsyslog</a>
+ </div>
+ <div class="date">
+ 2nd November 2013
+ </div>
+ <div class="body">
+ <p>If one of the points of switching to a new init system in Debian is
+<a href="http://thomas.goirand.fr/blog/?p=147">to get rid of huge
+init.d scripts</a>, I doubt we need to switch away from sysvinit and
+init.d scripts at all. Here is an example init.d script, ie a rewrite
+of /etc/init.d/rsyslog:</p>
+
+<p><pre>
+#!/lib/init/init-d-script
+### BEGIN INIT INFO
+# Provides: rsyslog
+# Required-Start: $remote_fs $time
+# Required-Stop: umountnfs $time
+# X-Stop-After: sendsigs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: enhanced syslogd
+# Description: Rsyslog is an enhanced multi-threaded syslogd.
+# It is quite compatible to stock sysklogd and can be
+# used as a drop-in replacement.
+### END INIT INFO
+DESC="enhanced syslogd"
+DAEMON=/usr/sbin/rsyslogd
+</pre></p>
+
+<p>Pretty minimalistic to me... For the record, the original sysv-rc
+script was 137 lines, and the above is just 15 lines, most of it meta
+info/comments.</p>
+
+<p>How to do this, you ask? Well, one create a new script
+/lib/init/init-d-script looking something like this:
+
+<p><pre>
+#!/bin/sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+ $DAEMON_ARGS \
+ || return 2
+ # Add code here, if necessary, that waits for the process to be ready
+ # to handle requests from services started subsequently which depend
+ # on this one. As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ #
+ # If the daemon can reload its configuration without
+ # restarting (for example, when it is sent a SIGHUP),
+ # then implement that here.
+ #
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+ return 0
+}
+
+SCRIPTNAME=$1
+scriptbasename="$(basename $1)"
+echo "SN: $scriptbasename"
+if [ "$scriptbasename" != "init-d-library" ] ; then
+ script="$1"
+ shift
+ . $script
+else
+ exit 0
+fi
+
+NAME=$(basename $DAEMON)
+PIDFILE=/var/run/$NAME.pid
+
+# Exit if the package is not installed
+#[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ #reload|force-reload)
+ #
+ # If do_reload() is not implemented then leave this commented out
+ # and leave 'force-reload' as an alias for 'restart'.
+ #
+ #log_daemon_msg "Reloading $DESC" "$NAME"
+ #do_reload
+ #log_end_msg $?
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
+</pre></p>
+
+<p>It is based on /etc/init.d/skeleton, and could be improved quite a
+lot. I did not really polish the approach, so it might not always
+work out of the box, but you get the idea. I did not try very hard to
+optimize it nor make it more robust either.</p>
+
+<p>A better argument for switching init system in Debian than reducing
+the size of init scripts (which is a good thing to do anyway), is to
+get boot system that is able to handle the kernel events sensibly and
+robustly, and do not depend on the boot to run sequentially. The boot
+and the kernel have not behaved sequentially in years.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Browser_plugin_for_SPICE__spice_xpi__uploaded_to_Debian.html">Browser plugin for SPICE (spice-xpi) uploaded to Debian</a>
+ </div>
+ <div class="date">
+ 1st November 2013
+ </div>
+ <div class="body">
+ <p><a href="http://www.spice-space.org/">The SPICE protocol</a> for
+remote display access is the preferred solution with oVirt and RedHat
+Enterprise Virtualization, and I was sad to discover the other day
+that the browser plugin needed to use these systems seamlessly was
+missing in Debian. The <a href="http://bugs.debian.org/668284">request
+for a package</a> was from 2012-04-10 with no progress since
+2013-04-01, so I decided to wrap up a package based on the great work
+from Cajus Pollmeier and put it in a collab-maint maintained git
+repository to get a package I could use. I would very much like
+others to help me maintain the package (or just take over, I do not
+mind), but as no-one had volunteered so far, I just uploaded it to
+NEW. I hope it will be available in Debian in a few days.</p>
+
+<p>The source is now available from
+<a href="http://anonscm.debian.org/gitweb/?p=collab-maint/spice-xpi.git;a=summary">http://anonscm.debian.org/gitweb/?p=collab-maint/spice-xpi.git;a=summary</a>.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Teaching_vmdebootstrap_to_create_Raspberry_Pi_SD_card_images.html">Teaching vmdebootstrap to create Raspberry Pi SD card images</a>
+ </div>
+ <div class="date">
+ 27th October 2013
+ </div>
+ <div class="body">
+ <p>The
+<a href="http://packages.qa.debian.org/v/vmdebootstrap.html">vmdebootstrap</a>
+program is a a very nice system to create virtual machine images. It
+create a image file, add a partition table, mount it and run
+debootstrap in the mounted directory to create a Debian system on a
+stick. Yesterday, I decided to try to teach it how to make images for
+<a href="https://wiki.debian.org/RaspberryPi">Raspberry Pi</a>, as part
+of a plan to simplify the build system for
+<a href="https://wiki.debian.org/FreedomBox">the FreedomBox
+project</a>. The FreedomBox project already uses vmdebootstrap for
+the virtualbox images, but its current build system made multistrap
+based system for Dreamplug images, and it is lacking support for
+Raspberry Pi.</p>
+
+<p>Armed with the knowledge on how to build "foreign" (aka non-native
+architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap
+code and adjusted it to be able to build armel images on my amd64
+Debian laptop. I ended up giving vmdebootstrap five new options,
+allowing me to replicate the image creation process I use to make
+<a href="http://people.skolelinux.org/pere/blog/A_Raspberry_Pi_based_batman_adv_Mesh_network_node.html">Debian
+Jessie based mesh node images for the Raspberry Pi</a>. First, the
+<tt>--foreign /path/to/binfm_handler</tt> option tell vmdebootstrap to
+call debootstrap with --foreign and to copy the handler into the
+generated chroot before running the second stage. This allow
+vmdebootstrap to create armel images on an amd64 host. Next I added
+two new options <tt>--bootsize size</tt> and <tt>--boottype
+fstype</tt> to teach it to create a separate /boot/ partition with the
+given file system type, allowing me to create an image with a vfat
+partition for the /boot/ stuff. I also added a <tt>--variant
+variant</tt> option to allow me to create smaller images without the
+Debian base system packages installed. Finally, I added an option
+<tt>--no-extlinux</tt> to tell vmdebootstrap to not install extlinux
+as a boot loader. It is not needed on the Raspberry Pi and probably
+most other non-x86 architectures. The changes were accepted by the
+upstream author of vmdebootstrap yesterday and today, and is now
+available from
+<a href="http://git.liw.fi/cgi-bin/cgit/cgit.cgi/vmdebootstrap/">the
+upstream project page</a>.</p>
+
+<p>To use it to build a Raspberry Pi image using Debian Jessie, first
+create a small script (the customize script) to add the non-free
+binary blob needed to boot the Raspberry Pi and the APT source
+list:</p>
+
+<p><pre>
+#!/bin/sh
+set -e # Exit on first error
+rootdir="$1"
+cd "$rootdir"
+cat <<EOF > etc/apt/sources.list
+deb http://http.debian.net/debian/ jessie main contrib non-free
+EOF
+# Install non-free binary blob needed to boot Raspberry Pi. This
+# install a kernel somewhere too.
+wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \
+ -O $rootdir/usr/bin/rpi-update
+chmod a+x $rootdir/usr/bin/rpi-update
+mkdir -p $rootdir/lib/modules
+touch $rootdir/boot/start.elf
+chroot $rootdir rpi-update
+</pre></p>
+
+<p>Next, fetch the latest vmdebootstrap script and call it like this
+to build the image:</p>
+
+<pre>
+sudo ./vmdebootstrap \
+ --variant minbase \
+ --arch armel \
+ --distribution jessie \
+ --mirror http://http.debian.net/debian \
+ --image test.img \
+ --size 600M \
+ --bootsize 64M \
+ --boottype vfat \
+ --log-level debug \
+ --verbose \
+ --no-kernel \
+ --no-extlinux \
+ --root-password raspberry \
+ --hostname raspberrypi \
+ --foreign /usr/bin/qemu-arm-static \
+ --customize `pwd`/customize \
+ --package netbase \
+ --package git-core \
+ --package binutils \
+ --package ca-certificates \
+ --package wget \
+ --package kmod
+</pre></p>
+
+<p>The list of packages being installed are the ones needed by
+rpi-update to make the image bootable on the Raspberry Pi, with the
+exception of netbase, which is needed by debootstrap to find
+/etc/hosts with the minbase variant. I really wish there was a way to
+set up an Raspberry Pi using only packages in the Debian archive, but
+that is not possible as far as I know, because it boots from the GPU
+using a non-free binary blob.</p>
+
+<p>The build host need debootstrap, kpartx and qemu-user-static and
+probably a few others installed. I have not checked the complete
+build dependency list.</p>
+
+<p>The resulting image will not use the hardware floating point unit
+on the Raspberry PI, because the armel architecture in Debian is not
+optimized for that use. So the images created will be a bit slower
+than <a href="http://www.raspbian.org/">Raspbian</a> based images.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/mesh network">mesh network</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Good_causes__Debian_Outreach_Program_for_Women__EFF_documenting_the_spying_and_Open_access_in_Norway.html">Good causes: Debian Outreach Program for Women, EFF documenting the spying and Open access in Norway</a>
+ </div>
+ <div class="date">
+ 15th October 2013
+ </div>
+ <div class="body">
+ <p>The last few days I came across a few good causes that should get
+wider attention. I recommend signing and donating to each one of
+these. :)</p>
+
+<p>Via <a href="http://www.debian.org/News/weekly/2013/18/">Debian
+Project News for 2013-10-14</a> I came across the Outreach Program for
+Women program which is a Google Summer of Code like initiative to get
+more women involved in free software. One debian sponsor has offered
+to match <a href="http://debian.ch/opw2013">any donation done to Debian
+earmarked</a> for this initiative. I donated a few minutes ago, and
+hope you will to. :)</p>
+
+<p>And the Electronic Frontier Foundation just announced plans to
+create <a href="https://supporters.eff.org/donate/nsa-videos">video
+documentaries about the excessive spying</a> on every Internet user that
+take place these days, and their need to fund the work. I've already
+donated. Are you next?</p>
+
+<p>For my Norwegian audience, the organisation Studentenes og
+Akademikernes Internasjonale Hjelpefond is collecting signatures for a
+statement under the heading
+<a href="http://saih.no/Bloggers_United/">Bloggers United for Open
+Access</a> for those of us asking for more focus on open access in the
+Norwegian government. So far 499 signatures. I hope you will sign it
+too.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Videos_about_the_Freedombox_project___for_inspiration_and_learning.html">Videos about the Freedombox project - for inspiration and learning</a>
+ </div>
+ <div class="date">
+ 27th September 2013
+ </div>
+ <div class="body">
+ <p>The <a href="http://www.freedomboxfoundation.org/">Freedombox
+project</a> have been going on for a while, and have presented the
+vision, ideas and solution several places. Here is a little
+collection of videos of talks and presentation of the project.</p>
+
+<ul>
+
+<li><a href="http://www.youtube.com/watch?v=ukvUz5taxvA">FreedomBox -
+2,5 minute marketing film</a> (Youtube)</li>
+
+<li><a href="http://www.youtube.com/watch?v=SzW25QTVWsE">Eben Moglen
+discusses the Freedombox on CBS news 2011</a> (Youtube)</li>
+
+<li><a href="http://www.youtube.com/watch?v=Ae8SZbxfE0g">Eben Moglen -
+Freedom in the Cloud - Software Freedom, Privacy and and Security for
+Web 2.0 and Cloud computing at ISOC-NY Public Meeting 2010</a>
+(Youtube)</li>
+
+<li><a href="http://www.youtube.com/watch?v=vNaIji_3xBE">Fosdem 2011
+Keynote by Eben Moglen presenting the Freedombox</a> (Youtube)</li>
+
+<li><a href="http://www.youtube.com/watch?v=9bDDUyJSQ9s">Presentation of
+the Freedombox by James Vasile at Elevate in Gratz 2011</a> (Youtube)</li>
+
+<li><a href="http://www.youtube.com/watch?v=zQTmnk27g9s"> Freedombox -
+Discovery, Identity, and Trust by Nick Daly at Freedombox Hackfest New
+York City in 2012</a> (Youtube)</li>
+
+<li><a href="http://www.youtube.com/watch?v=tkbSB4Ba7Ck">Introduction
+to the Freedombox at Freedombox Hackfest New York City in 2012</a>
+(Youtube)</li>
+
+<li><a href="http://www.youtube.com/watch?v=z-P2Jaeg0aQ">Freedom, Out
+of the Box! by Bdale Garbee at linux.conf.au Ballarat, 2012</a> (Youtube) </li>
+
+<li><a href="https://archive.fosdem.org/2013/schedule/event/freedombox/">Freedombox
+1.0 by Eben Moglen and Bdale Garbee at Fosdem 2013</a> (FOSDEM) </li>
+
+<li><a href="http://www.youtube.com/watch?v=e1LpYX2zVYg">What is the
+FreedomBox today by Bdale Garbee at Debconf13 in Vaumarcus
+2013</a> (Youtube)</li>
+
+</ul>
+
+<p>A larger list is available from
+<a href="https://wiki.debian.org/FreedomBox/TalksAndPresentations">the
+Freedombox Wiki</a>.</p>
+
+<p>On other news, I am happy to report that Freedombox based on Debian
+Jessie is coming along quite well, and soon both Owncloud and using
+Tor should be available for testers of the Freedombox solution. :) In
+a few weeks I hope everything needed to test it is included in Debian.
+The withsqlite package is already in Debian, and the plinth package is
+pending in NEW. The third and vital part of that puzzle is the
+metapackage/setup framework, which is still pending an upload. Join
+us on <a href="irc://irc.debian.org:6667/%23freedombox">IRC
+(#freedombox on irc.debian.org)</a> and
+<a href="http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss">the
+mailing list</a> if you want to help make this vision come true.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Recipe_to_test_the_Freedombox_project_on_amd64_or_Raspberry_Pi.html">Recipe to test the Freedombox project on amd64 or Raspberry Pi</a>
+ </div>
+ <div class="date">
+ 10th September 2013
+ </div>
+ <div class="body">
+ <p>I was introduced to the
+<a href="http://www.freedomboxfoundation.org/">Freedombox project</a>
+in 2010, when Eben Moglen presented his vision about serving the need
+of non-technical people to keep their personal information private and
+within the legal protection of their own homes. The idea is to give
+people back the power over their network and machines, and return
+Internet back to its intended peer-to-peer architecture. Instead of
+depending on a central service, the Freedombox will give everyone
+control over their own basic infrastructure.</p>
+
+<p>I've intended to join the effort since then, but other tasks have
+taken priority. But this summers nasty news about the misuse of trust
+and privilege exercised by the "western" intelligence gathering
+communities increased my eagerness to contribute to a point where I
+actually started working on the project a while back.</p>
+
+<p>The <a href="https://alioth.debian.org/projects/freedombox/">initial
+Debian initiative</a> based on the vision from Eben Moglen, is to
+create a simple and cheap Debian based appliance that anyone can hook
+up in their home and get access to secure and private services and
+communication. The initial deployment platform have been the
+<a href="http://www.globalscaletechnologies.com/t-dreamplugdetails.aspx">Dreamplug</a>,
+which is a piece of hardware I do not own. So to be able to test what
+the current Freedombox setup look like, I had to come up with a way to install
+it on some hardware I do have access to. I have rewritten the
+<a href="https://github.com/NickDaly/freedom-maker">freedom-maker</a>
+image build framework to use .deb packages instead of only copying
+setup into the boot images, and thanks to this rewrite I am able to
+set up any machine supported by Debian Wheezy as a Freedombox, using
+the previously mentioned deb (and a few support debs for packages
+missing in Debian).</p>
+
+<p>The current Freedombox setup consist of a set of bootstrapping
+scripts
+(<a href="https://github.com/petterreinholdtsen/freedombox-setup">freedombox-setup</a>),
+and a administrative web interface
+(<a href="https://github.com/NickDaly/Plinth">plinth</a> + exmachina +
+withsqlite), as well as a privacy enhancing proxy based on
+<a href="http://packages.qa.debian.org/privoxy">privoxy</a>
+(freedombox-privoxy). There is also a web/javascript based XMPP
+client (<a href="http://packages.qa.debian.org/jwchat">jwchat</a>)
+trying (unsuccessfully so far) to talk to the XMPP server
+(<a href="http://packages.qa.debian.org/ejabberd">ejabberd</a>). The
+web interface is pluggable, and the goal is to use it to enable OpenID
+services, mesh network connectivity, use of TOR, etc, etc. Not much of
+this is really working yet, see
+<a href="https://github.com/NickDaly/freedombox-todos/blob/master/TODO">the
+project TODO</a> for links to GIT repositories. Most of the code is
+on github at the moment. The HTTP proxy is operational out of the
+box, and the admin web interface can be used to add/remove plinth
+users. I've not been able to do anything else with it so far, but
+know there are several branches spread around github and other places
+with lots of half baked features.</p>
+
+<p>Anyway, if you want to have a look at the current state, the
+following recipes should work to give you a test machine to poke
+at.</p>
+
+<p><strong>Debian Wheezy amd64</strong></p>
+
+<ol>
+
+<li>Fetch normal Debian Wheezy installation ISO.</li>
+<li>Boot from it, either as CD or USB stick.</li>
+<li><p>Press [tab] on the boot prompt and add this as a boot argument
+to the Debian installer:<p>
+<pre>url=<a href="http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat">http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat</a></pre></li>
+
+<li>Answer the few language/region/password questions and pick disk to
+install on.</li>
+
+<li>When the installation is finished and the machine have rebooted a
+few times, your Freedombox is ready for testing.</li>
+
+</ol>
+
+<p><strong>Raspberry Pi Raspbian</strong></p>
+
+<ol>
+
+<li>Fetch a Raspbian SD card image, create SD card.</li>
+<li>Boot from SD card, extend file system to fill the card completely.</li>
+<li><p>Log in and add this to /etc/sources.list:</p>
+<pre>
+deb <a href="http://www.reinholdtsen.name/freedombox/">http://www.reinholdtsen.name/freedombox</a> wheezy main
+</pre></li>
+<li><p>Run this as root:</p>
+<pre>
+wget -O - http://www.reinholdtsen.name/freedombox/BE1A583D.asc | \
+ apt-key add -
+apt-get update
+apt-get install freedombox-setup
+/usr/lib/freedombox/setup
+</pre></li>
+<li>Reboot into your freshly created Freedombox.</li>
+
+</ol>
+
+<p>You can test it on other architectures too, but because the
+freedombox-privoxy package is binary, it will only work as intended on
+the architectures where I have had time to build the binary and put it
+in my APT repository. But do not let this stop you. It is only a
+short "<tt>apt-get source -b freedombox-privoxy</tt>" away. :)</p>
+
+<p>Note that by default Freedombox is a DHCP server on the
+192.168.1.0/24 subnet, so if this is your subnet be careful and turn
+off the DHCP server by running "<tt>update-rc.d isc-dhcp-server
+disable</tt>" as root.</p>
+
+<p>Please let me know if this works for you, or if you have any
+problems. We gather on the IRC channel
+<a href="irc://irc.debian.org:6667/%23freedombox">#freedombox</a> on
+irc.debian.org and the
+<a href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss">project
+mailing list</a>.</p>
+
+<p>Once you get your freedombox operational, you can visit
+<tt>http://your-host-name:8001/</tt> to see the state of the plint
+welcome screen (dead end - do not be surprised if you are unable to
+get past it), and next visit <tt>http://your-host-name:8001/help/</tt>
+to look at the rest of plinth. The default user is 'admin' and the
+default password is 'secret'.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>, <a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Intel_180_SSD_disk_with_Lenovo_firmware_can_not_use_Intel_firmware.html">Intel 180 SSD disk with Lenovo firmware can not use Intel firmware</a>
+ </div>
+ <div class="date">
+ 18th August 2013
+ </div>
+ <div class="body">
+ <p>Earlier, I reported about
+<a href="http://people.skolelinux.org/pere/blog/How_to_fix_a_Thinkpad_X230_with_a_broken_180_GB_SSD_disk.html">my
+problems using an Intel SSD 520 Series 180 GB disk</a>. Friday I was
+told by IBM that the original disk should be thrown away. And as
+there no longer was a problem if I bricked the firmware, I decided
+today to try to install Intel firmware to replace the Lenovo firmware
+currently on the disk.</p>
+
+<p>I searched the Intel site for firmware, and found
+<a href="https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&ProdId=3472&DwnldID=18363&ProductFamily=Solid-State+Drives+and+Caching&ProductLine=Intel%c2%ae+High+Performance+Solid-State+Drive&ProductProduct=Intel%c2%ae+SSD+520+Series+(180GB%2c+2.5in+SATA+6Gb%2fs%2c+25nm%2c+MLC)&lang=eng">issdfut_2.0.4.iso</a>
+(aka Intel SATA Solid-State Drive Firmware Update Tool) which
+according to the site should contain the latest firmware for SSD
+disks. I inserted the broken disk in one of my spare laptops and
+booted the ISO from a USB stick. The disk was recognized, but the
+program claimed the newest firmware already were installed and refused
+to insert any Intel firmware. So no change, and the disk is still
+unable to handle write load. :( I guess the only way to get them
+working would be if Lenovo releases new firmware. No idea how likely
+that is. Anyway, just blogging about this test for completeness. I
+got a working Samsung disk, and see no point in spending more time on
+the broken disks.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/How_to_fix_a_Thinkpad_X230_with_a_broken_180_GB_SSD_disk.html">How to fix a Thinkpad X230 with a broken 180 GB SSD disk</a>
+ </div>
+ <div class="date">
+ 17th July 2013
+ </div>
+ <div class="body">
+ <p>Today I switched to
+<a href="http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230_.html">my
+new laptop</a>. I've previously written about the problems I had with
+my new Thinkpad X230, which was delivered with an
+<a href="http://people.skolelinux.org/pere/blog/Intel_SSD_520_Series_180_GB_with_Lenovo_firmware_still_lock_up_from_sustained_writes.html">180
+GB Intel SSD disk with Lenovo firmware</a> that did not handle
+sustained writes. My hardware supplier have been very forthcoming in
+trying to find a solution, and after first trying with another
+identical 180 GB disks they decided to send me a 256 GB Samsung SSD
+disk instead to fix it once and for all. The Samsung disk survived
+the installation of Debian with encrypted disks (filling the disk with
+random data during installation killed the first two), and I thus
+decided to trust it with my data. I have installed it as a Debian Edu
+Wheezy roaming workstation hooked up with my Debian Edu Squeeze main
+server at home using Kerberos and LDAP, and will use it as my work
+station from now on.</p>
+
+<p>As this is a solid state disk with no moving parts, I believe the
+Debian Wheezy default installation need to be tuned a bit to increase
+performance and increase life time of the disk. The Linux kernel and
+user space applications do not yet adjust automatically to such
+environment. To make it easier for my self, I created a draft Debian
+package <tt>ssd-setup</tt> to handle this tuning. The
+<a href="http://anonscm.debian.org/gitweb/?p=collab-maint/ssd-setup.git">source
+for the ssd-setup package</a> is available from collab-maint, and it
+is set up to adjust the setup of the machine by just installing the
+package. If there is any non-SSD disk in the machine, the package
+will refuse to install, as I did not try to write any logic to sort
+file systems in SSD and non-SSD file systems.</p>
+
+<p>I consider the package a draft, as I am a bit unsure how to best
+set up Debian Wheezy with an SSD. It is adjusted to my use case,
+where I set up the machine with one large encrypted partition (in
+addition to /boot), put LVM on top of this and set up partitions on
+top of this again. See the README file in the package source for the
+references I used to pick the settings. At the moment these
+parameters are tuned:</p>
+
+<ul>
+
+<li>Set up cryptsetup to pass TRIM commands to the physical disk
+ (adding discard to /etc/crypttab)</li>
+
+<li>Set up LVM to pass on TRIM commands to the underlying device (in
+ this case a cryptsetup partition) by changing issue_discards from
+ 0 to 1 in /etc/lvm/lvm.conf.</li>
+
+<li>Set relatime as a file system option for ext3 and ext4 file
+ systems.</li>
+
+<li>Tell swap to use TRIM commands by adding 'discard' to
+ /etc/fstab.</li>
+
+<li>Change I/O scheduler from cfq to deadline using a udev rule.</li>
+
+<li>Run fstrim on every ext3 and ext4 file system every night (from
+ cron.daily).</li>
+
+<li>Adjust sysctl values vm.swappiness to 1 and vm.vfs_cache_pressure
+ to 50 to reduce the kernel eagerness to swap out processes.</li>
+
+</ul>
+
+<p>During installation, I cancelled the part where the installer fill
+the disk with random data, as this would kill the SSD performance for
+little gain. My goal with the encrypted file system is to ensure
+those stealing my laptop end up with a brick and not a working
+computer. I have no hope in keeping the really resourceful people
+from getting the data on the disk (see
+<a href="http://xkcd.com/538/">XKCD #538</a> for an explanation why).
+Thus I concluded that adding the discard option to crypttab is the
+right thing to do.</p>
+
+<p>I considered using the noop I/O scheduler, as several recommended
+it for SSD, but others recommended deadline and a benchmark I found
+indicated that deadline might be better for interactive use.</p>
+
+<p>I also considered using the 'discard' file system option for ext3
+and ext4, but read that it would give a performance hit ever time a
+file is removed, and thought it best to that that slowdown once a day
+instead of during my work.</p>
+
+<p>My package do not set up tmpfs on /var/run, /var/lock and /tmp, as
+this is already done by Debian Edu.</p>
+
+<p>I have not yet started on the user space tuning. I expect
+iceweasel need some tuning, and perhaps other applications too, but
+have not yet had time to investigate those parts.</p>
+
+<p>The package should work on Ubuntu too, but I have not yet tested it
+there.</p>
+
+<p>As for the answer to the question in the title of this blog post,
+as far as I know, the only solution I know about is to replace the
+disk. It might be possible to flash it with Intel firmware instead of
+the Lenovo firmware. But I have not tried and did not want to do so
+without approval from Lenovo as I wanted to keep the warranty on the
+disk until a solution was found and they wanted the broken disks
+back.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Intel_SSD_520_Series_180_GB_with_Lenovo_firmware_still_lock_up_from_sustained_writes.html">Intel SSD 520 Series 180 GB with Lenovo firmware still lock up from sustained writes</a>
+ </div>
+ <div class="date">
+ 10th July 2013
+ </div>
+ <div class="body">
+ <p>A few days ago, I wrote about
+<a href="http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230_.html">the
+problems I experienced with my new X230 and its SSD disk</a>, which
+was dying during installation because it is unable to cope with
+sustained write. My supplier is in contact with
+<a href="http://www.lenovo.com/">Lenovo</a>, and they wanted to send a
+replacement disk to try to fix the problem. They decided to send an
+identical model, so my hopes for a permanent fix was slim.</p>
+
+<p>Anyway, today I got the replacement disk and tried to install
+Debian Edu Wheezy with encrypted disk on it. The new disk have the
+same firmware version as the original. This time my hope raised
+slightly as the installation progressed, as the original disk used to
+die after 4-7% of the disk was written to, while this time it kept
+going past 10%, 20%, 40% and even past 50%. But around 60%, the disk
+died again and I was back on square one. I still do not have a new
+laptop with a disk I can trust. I can not live with a disk that might
+lock up when I download a new
+<a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a> ISO or
+other large files. I look forward to hearing from my supplier with
+the next proposal from Lenovo.</p>
+
+<p>The original disk is marked Intel SSD 520 Series 180 GB,
+11S0C38722Z1ZNME35X1TR, ISN: CVCV321407HB180EGN, SA: G57560302, FW:
+LF1i, 29MAY2013, PBA: G39779-300, LBA 351,651,888, LI P/N: 0C38722,
+Pb-free 2LI, LC P/N: 16-200366, WWN: 55CD2E40002756C4, Model:
+SSDSC2BW180A3L 2.5" 6Gb/s SATA SSD 180G 5V 1A, ASM P/N 0C38732, FRU
+P/N 45N8295, P0C38732.</p>
+
+<p>The replacement disk is marked Intel SSD 520 Series 180 GB,
+11S0C38722Z1ZNDE34N0L0, ISN: CVCV315306RK180EGN, SA: G57560-302, FW:
+LF1i, 22APR2013, PBA: G39779-300, LBA 351,651,888, LI P/N: 0C38722,
+Pb-free 2LI, LC P/N: 16-200366, WWN: 55CD2E40000AB69E, Model:
+SSDSC2BW180A3L 2.5" 6Gb/s SATA SSD 180G 5V 1A, ASM P/N 0C38732, FRU
+P/N 45N8295, P0C38732.</p>
+
+<p>The only difference is in the first number (serial number?), ISN,
+SA, date and WNPP values. Mentioning all the details here in case
+someone is able to use the information to find a way to identify the
+failing disk among working ones (if any such working disk actually
+exist).</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/July_13th__Debian_Ubuntu_BSP_and_Skolelinux_Debian_Edu_developer_gathering_in_Oslo.html">July 13th: Debian/Ubuntu BSP and Skolelinux/Debian Edu developer gathering in Oslo</a>
+ </div>
+ <div class="date">
+ 9th July 2013
+ </div>
+ <div class="body">
+ <p>The upcoming Saturday, 2013-07-13, we are organising a combined
+Debian Edu developer gathering and Debian and Ubuntu bug squashing
+party in Oslo. It is organised by <a href="http://www.nuug.no/">the
+member assosiation NUUG</a> and
+<a href="http://www.skolelinux.org/">the Debian Edu / Skolelinux
+project</a> together with <a href="http://bitraf.no/">the hack space
+Bitraf</a>.</p>
+
+<p>It starts 10:00 and continue until late evening. Everyone is
+welcome, and there is no fee to participate. There is on the other
+hand limited space, and only room for 30 people. Please put your name
+on <a href="http://wiki.debian.org/BSP/2013/07/13/no/Oslo">the event
+wiki page</a> if you plan to join us.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230_.html">The Thinkpad is dead, long live the Thinkpad X230?</a>
+ </div>
+ <div class="date">
+ 5th July 2013
+ </div>
+ <div class="body">
+ <p>Half a year ago, I reported that I had to find a
+<a href="http://people.skolelinux.org/pere/blog/Thank_you_Thinkpad_X41__for_your_long_and_trustworthy_service.html">replacement
+for my trusty old Thinkpad X41</a>. Unfortunately I did not have much
+time to spend on it, and it took a while to find a model I believe
+will do the job, but two days ago the replacement finally arrived. I
+ended up picking a
+<a href="http://www.linlap.com/lenovo_thinkpad_x230">Thinkpad X230</a>
+with SSD disk (NZDAJMN). I first test installed Debian Edu Wheezy as
+a roaming workstation, and it seemed to work flawlessly. But my
+second installation with encrypted disk was not as successful. More
+on that below.</p>
+
+<p>I had a hard time trying to track down a good laptop, as my most
+important requirements (robust and with a good keyboard) are never
+listed in the feature list. But I did get good help from the search
+feature at <a href="http://www.prisjakt.no/">Prisjakt</a>, which
+allowed me to limit the list of interesting laptops based on my other
+requirements. A bit surprising that SSD disk are not disks according
+to that search interface, so I had to drop specifying the number of
+disks from my search parameters. I also asked around among friends to
+get their impression on keyboards and robustness.</p>
+
+<p>So the new laptop arrived, and it is quite a lot wider than the
+X41. I am not quite convinced about the keyboard, as it is
+significantly wider than my old keyboard, and I have to stretch my
+hand a lot more to reach the edges. But the key response is fairly
+good and the individual key shape is fairly easy to handle, so I hope
+I will get used to it. My old X40 was starting to fail, and I really
+needed a new laptop now. :)</p>
+
+<p>Turning off the touch pad was simple. All it took was a quick
+visit to the BIOS during boot it disable it.</p>
+
+<p>But there is a fatal problem with the laptop. The 180 GB SSD disk
+lock up during load. And this happen when installing Debian Wheezy
+with encrypted disk, while the disk is being filled with random data.
+I also tested to install Ubuntu Raring, and it happen there too if I
+reenable the code to fill the disk with random data (it is disabled by
+default in Ubuntu). And the bug with is already known. It was
+reported to Debian as <a href="http://bugs.debian.org/691427">BTS
+report #691427 2012-10-25</a> (journal commit I/O error on brand-new
+Thinkpad T430s ext4 on lvm on SSD). It is also reported to the Linux
+kernel developers as
+<a href="https://bugzilla.kernel.org/show_bug.cgi?id=51861">Kernel bugzilla
+report #51861 2012-12-20</a> (Intel SSD 520 stops working under load
+(SSDSC2BW180A3L in Lenovo ThinkPad T430s)). It is also reported on the
+Lenovo forums, both for
+<a href="http://forums.lenovo.com/t5/T400-T500-and-newer-T-series/T430s-Intel-SSD-520-180GB-issue/m-p/1070549">T430
+2012-11-10</a> and for
+<a href="http://forums.lenovo.com/t5/X-Series-ThinkPad-Laptops/x230-SATA-errors-with-180GB-Intel-520-SSD-under-heavy-write-load/m-p/1068147">X230
+03-20-2013</a>. The problem do not only affect installation. The
+reports state that the disk lock up during use if many writes are done
+on the disk, so it is much no use to work around the installation
+problem and end up with a computer that can lock up at any moment.
+There is even a
+<a href="https://git.efficios.com/?p=test-ssd.git">small C program
+available</a> that will lock up the hard drive after running a few
+minutes by writing to a file.</p>
+
+<p>I've contacted my supplier and asked how to handle this, and after
+contacting PCHELP Norway (request 01D1FDP) which handle support
+requests for Lenovo, his first suggestion was to upgrade the disk
+firmware. Unfortunately there is no newer firmware available from
+Lenovo, as my disk already have the most recent one (version LF1i). I
+hope to hear more from him today and hope the problem can be
+fixed. :)</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230.html">The Thinkpad is dead, long live the Thinkpad X230</a>
+ </div>
+ <div class="date">
+ 4th July 2013
+ </div>
+ <div class="body">
+ <p>Half a year ago, I reported that I had to find a replacement for my
+trusty old Thinkpad X41. Unfortunately I did not have much time to
+spend on it, but today the replacement finally arrived. I ended up
+picking a <a href="http://www.linlap.com/lenovo_thinkpad_x230">Thinkpad
+X230</a> with SSD disk (NZDAJMN). I first test installed Debian Edu
+Wheezy as a roaming workstation, and it worked flawlessly. As I write
+this, it is installing what I hope will be a more final installation,
+with a encrypted hard drive to ensure any dope head stealing it end up
+with an expencive door stop.</p>
+
+<p>I had a hard time trying to track down a good laptop, as my most
+important requirements (robust and with a good keyboard) are never
+listed in the feature list. But I did get good help from the search
+feature at <ahref="http://www.prisjakt.no/">Prisjakt</a>, which
+allowed me to limit the list of interesting laptops based on my other
+requirements. A bit surprising that SSD disk are not disks, so I had
+to drop number of disks from my search parameters.</p>
+
+<p>I am not quite convinced about the keyboard, as it is significantly
+wider than my old keyboard, and I have to stretch my hand a lot more
+to reach the edges. But the key response is fairly good and the
+individual key shape is fairly easy to handle, so I hope I will get
+used to it. My old X40 was starting to fail, and I really needed a
+new laptop now. :)</p>
+
+<p>I look forward to figuring out how to turn off the touch pad.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Automatically_locate_and_install_required_firmware_packages_on_Debian__Isenkram_0_4_.html">Automatically locate and install required firmware packages on Debian (Isenkram 0.4)</a>
+ </div>
+ <div class="date">
+ 25th June 2013
+ </div>
+ <div class="body">
+ <p>It annoys me when the computer fail to do automatically what it is
+perfectly capable of, and I have to do it manually to get things
+working. One such task is to find out what firmware packages are
+needed to get the hardware on my computer working. Most often this
+affect the wifi card, but some times it even affect the RAID
+controller or the ethernet card. Today I pushed version 0.4 of the
+<a href="http://packages.qa.debian.org/isenkram">Isenkram package</a>
+including a new script isenkram-autoinstall-firmware handling the
+process of asking all the loaded kernel modules what firmware files
+they want, find debian packages providing these files and install the
+debian packages. Here is a test run on my laptop:</p>
+
+<p><pre>
+# isenkram-autoinstall-firmware
+info: kernel drivers requested extra firmware: ipw2200-bss.fw ipw2200-ibss.fw ipw2200-sniffer.fw
+info: fetching http://http.debian.net/debian/dists/squeeze/Contents-i386.gz
+info: locating packages with the requested firmware files
+info: Updating APT sources after adding non-free APT source
+info: trying to install firmware-ipw2x00
+firmware-ipw2x00
+firmware-ipw2x00
+Preconfiguring packages ...
+Selecting previously deselected package firmware-ipw2x00.
+(Reading database ... 259727 files and directories currently installed.)
+Unpacking firmware-ipw2x00 (from .../firmware-ipw2x00_0.28+squeeze1_all.deb) ...
+Setting up firmware-ipw2x00 (0.28+squeeze1) ...
+#
+</pre></p>
+
+<p>When all the requested firmware is present, a simple message is
+printed instead:</p>
+
+<p><pre>
+# isenkram-autoinstall-firmware
+info: did not find any firmware files requested by loaded kernel modules. exiting
+#
+</pre></p>
+
+<p>It could use some polish, but it is already working well and saving
+me some time when setting up new machines. :)</p>
+
+<p>So, how does it work? It look at the set of currently loaded
+kernel modules, and look up each one of them using modinfo, to find
+the firmware files listed in the module meta-information. Next, it
+download the Contents file from a nearby APT mirror, and search for
+the firmware files in this file to locate the package with the
+requested firmware file. If the package is in the non-free section, a
+non-free APT source is added and the package is installed using
+<tt>apt-get install</tt>. The end result is a slightly better working
+machine.</p>
+
+<p>I hope someone find time to implement a more polished version of
+this script as part of the hw-detect debian-installer module, to
+finally fix <a href="http://bugs.debian.org/655507">BTS report
+#655507</a>. There really is no need to insert USB sticks with
+firmware during a PXE install when the packages already are available
+from the nearby Debian mirror.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
+ <div class="entry">
+ <div class="title">
+ <a href="http://people.skolelinux.org/pere/blog/Fixing_the_Linux_black_screen_of_death_on_machines_with_Intel_HD_video.html">Fixing the Linux black screen of death on machines with Intel HD video</a>
+ </div>
+ <div class="date">
+ 11th June 2013
+ </div>
+ <div class="body">
+ <p>When installing RedHat, Fedora, Debian and Ubuntu on some machines,
+the screen just turn black when Linux boot, either during installation
+or on first boot from the hard disk. I've seen it once in a while the
+last few years, but only recently understood the cause. I've seen it
+on HP laptops, and on my latest acquaintance the Packard Bell laptop.
+The reason seem to be in the wiring of some laptops. The system to
+control the screen background light is inverted, so when Linux try to
+turn the brightness fully on, it end up turning it off instead. I do
+not know which Linux drivers are affected, but this post is about the
+i915 driver used by the
+<a href="http://www.linlap.com/packard_bell_easynote_lv">Packard Bell
+EasyNote LV</a>, Thinkpad X40 and many other laptops.</p>
+
+<p>The problem can be worked around two ways. Either by adding
+i915.invert_brightness=1 as a kernel option, or by adding a file in
+/etc/modprobe.d/ to tell modprobe to add the invert_brightness=1
+option when it load the i915 kernel module. On Debian and Ubuntu, it
+can be done by running these commands as root:</p>
+
+<pre>
+echo options i915 invert_brightness=1 | tee /etc/modprobe.d/i915.conf
+update-initramfs -u -k all
+</pre>
+
+<p>Since March 2012 there is
+<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca20efb1a9c2efefc28ad2867e5d6c3f5e1955">a
+mechanism in the Linux kernel</a> to tell the i915 driver which
+hardware have this problem, and get the driver to invert the
+brightness setting automatically. To use it, one need to add a row in
+<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/i915/intel_display.c">the
+intel_quirks array</a> in the driver source
+<tt>drivers/gpu/drm/i915/intel_display.c</tt> (look for "<tt>static
+struct intel_quirk intel_quirks</tt>"), specifying the PCI device
+number (vendor number 8086 is assumed) and subdevice vendor and device
+number.</p>
+
+<p>My Packard Bell EasyNote LV got this output from <tt>lspci
+-vvnn</tt> for the video card in question:</p>
+
+<p><pre>
+00:02.0 VGA compatible controller [0300]: Intel Corporation \
+ 3rd Gen Core processor Graphics Controller [8086:0156] \
+ (rev 09) (prog-if 00 [VGA controller])
+ Subsystem: Acer Incorporated [ALI] Device [1025:0688]
+ Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- \
+ ParErr- Stepping- SE RR- FastB2B- DisINTx+
+ Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast >TAbort- \
+ <TAbort- <MAbort->SERR- <PERR- INTx-
+ Latency: 0
+ Interrupt: pin A routed to IRQ 42
+ Region 0: Memory at c2000000 (64-bit, non-prefetchable) [size=4M]
+ Region 2: Memory at b0000000 (64-bit, prefetchable) [size=256M]
+ Region 4: I/O ports at 4000 [size=64]
+ Expansion ROM at <unassigned> [disabled]
+ Capabilities: <access denied>
+ Kernel driver in use: i915
+</pre></p>
+
+<p>The resulting intel_quirks entry would then look like this:</p>
+
+<p><pre>
+struct intel_quirk intel_quirks[] = {
+ ...
+ /* Packard Bell EasyNote LV11HC needs invert brightness quirk */
+ { 0x0156, 0x1025, 0x0688, quirk_invert_brightness },
+ ...
+}
+</pre></p>
+
+<p>According to the kernel module instructions (as seen using
+<tt>modinfo i915</tt>), information about hardware needing the
+invert_brightness flag should be sent to the
+<a href="http://lists.freedesktop.org/mailman/listinfo/dri-devel">dri-devel
+(at) lists.freedesktop.org</a> mailing list to reach the kernel
+developers. But my email about the laptop sent 2013-06-03 have not
+yet shown up in
+<a href="http://lists.freedesktop.org/archives/dri-devel/2013-June/thread.html">the
+web archive for the mailing list</a>, so I suspect they do not accept
+emails from non-subscribers. Because of this, I sent my patch also to
+the Debian bug tracking system instead as
+<a href="http://bugs.debian.org/710938">BTS report #710938</a>, to make
+sure the patch is not lost.</p>
+
+<p>Unfortunately, it is not enough to fix the kernel to get Laptops
+with this problem working properly with Linux. If you use Gnome, your
+worries should be over at this point. But if you use KDE, there is
+something in KDE ignoring the invert_brightness setting and turning on
+the screen during login. I've reported it to Debian as
+<a href="http://bugs.debian.org/711237">BTS report #711237</a>, and
+have no idea yet how to figure out exactly what subsystem is doing
+this. Perhaps you can help? Perhaps you know what the Gnome
+developers did to handle this, and this can give a clue to the KDE
+developers? Or you know where in KDE the screen brightness is changed
+during login? If so, please update the BTS report (or get in touch if
+you do not know how to update BTS).</p>
+
+<p>Update 2013-07-19: The correct fix for this machine seem to be
+acpi_backlight=vendor, to disable ACPI backlight support completely,
+as the ACPI information on the machine is trash and it is better to
+leave it to the intel video driver to control the screen
+backlight.</p>
+
+ </div>
+ <div class="tags">
+
+
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+
+
+ </div>
+ </div>
+ <div class="padding"></div>
+
projects / homepage.git / blobdiff