X-Git-Url: https://pere.pagekite.me/gitweb/homepage.git/blobdiff_plain/9e61ef387b31fd343f519f1a5cfd46463d596677..a51c1e2b80c664b82b7e88dcd4956cedbee8f9fa:/blog/index.html diff --git a/blog/index.html b/blog/index.html index a5afcf2f80..5190c14fcc 100644 --- a/blog/index.html +++ b/blog/index.html @@ -20,39 +20,40 @@
-
Of course USA loses in cyber war - NSA and friends made sure it would happen
-
19th December 2014
-

So, Sony caved in -(according -to Rob Lowe) and demonstrated that America lost its first cyberwar -(according -to Newt Gingrich). It should not surprise anyone, after the -whistle blower Edward Snowden documented that the government of USA -and their allies for many years have done their best to make sure the -technology used by its citizens is filled with security holes allowing -the secret services to spy on its own population. No one in their -right minds could believe that the ability to snoop on the people all -over the globe could only be used by the personnel authorized to do so -by the president of the United States of America. If the capabilities -are there, they will be used by friend and foe alike, and now they are -being used to bring Sony on its knees.

- -

I doubt it will a lesson learned, and expect USA to loose its next -cyber war too, given how eager the western intelligence communities -(and probably the non-western too, but it is less in the news) seem to -be to continue its current dragnet surveillance practice.

- -

There is a reason why China and others are trying to move away from -Windows to Linux and other alternatives, and it is not to avoid -sending its hard earned dollars to Cayman Islands (or whatever -tax haven -Microsoft is using these days to collect the majority of its -income. :)

+
Vitenskapen tar som vanlig feil igjen - relativt feil
+
1st August 2016
+

For mange år siden leste jeg en klassisk tekst som gjorde såpass +inntrykk på meg at jeg husker den fortsatt, flere år senere, og bruker +argumentene fra den stadig vekk. Teksten var «The Relativity of +Wrong» som Isaac Asimov publiserte i Skeptical Inquirer i 1989. Den +gir litt perspektiv rundt formidlingen av vitenskapelige resultater. +Jeg har hatt lyst til å kunne dele den også med folk som ikke +behersker Engelsk så godt, som barn og noen av mine eldre slektninger, +og har savnet å ha den tilgjengelig på norsk. For to uker siden tok +jeg meg sammen og kontaktet Asbjørn Dyrendal i foreningen Skepsis om +de var interessert i å publisere en norsk utgave på bloggen sin, og da +han var positiv tok jeg kontakt med Skeptical Inquirer og spurte om +det var greit for dem. I løpet av noen dager fikk vi tilbakemelding +fra Barry Karr hos The Skeptical Inquirer som hadde sjekket og fått OK +fra Robyn Asimov som representerte arvingene i Asmiov-familien og gikk +igang med oversettingen.

+ +

Resultatet, «Relativt +feil» ble publisert på skepsis-bloggen for noen minutter siden. +Jeg anbefaler deg på det varmeste å lese denne teksten og dele den med +dine venner.

+ +

For å håndtere oversettelsen og sikre at original og oversettelse +var i sync brukte vi git, po4a, GNU make og Transifex. Det hele +fungerte utmerket og gjorde det enkelt å dele tekstene og jobbe sammen +om finpuss på formuleringene. Hadde hosted.weblate.org latt meg +opprette nye prosjekter selv i stedet for å måtte kontakte +administratoren der, så hadde jeg brukt weblate i stedet.

- Tags: english, personvern, surveillance. + Tags: norsk, skepsis.
@@ -60,64 +61,51 @@ income. :)

-
Klarer ikke Microsoft å holde på hemmeligheter?
-
18th December 2014
-

Må Microsoft virkelig ha hjelp av unger for å holde på -hemmelighetene sine?

- -

I dag kom det en fascinerende artikkel i Aftenposten om -hva -Microsoft har foreslått at foreldre går med på for å la ungene -delta på Lær kidsa koding på -skolen. De ber foreldrene om å få bruke bilder og video av ungene -kommersielt og gratis i all fremtid, hvilket var så drøyt at -Arbeiderpartiets bystyrerepresentant -Per Anders -Torvik Langerød tok opp saken opp under bystyrets muntlige -spørretime onsdag. Resultatet av dette er at Microsoft har trukket -tilbake teksten i samtykkeerklæringen og kommunikasjonsdirektør -Christine Korme i Microsoft sier i artikkelen at «Vi vil presentere en -ny erklæring som gjør det helt klart i hvilken forbindelse materialet -skal brukes, altså ikke-kommersielt», hvilket jo er fint. Jeg lurer -virkelig på hvordan teksten kunne slippe ut til foreldrene i første -omgang. Her har noen på skolen ikke fulgt med i timen, eller mangler -grunnleggende personverntrening.

- -

Men bildet av samtykkeerklæringen inneholder også en annen -problematisk klausul, som ikke omtales overhodet i -Aftenposten-artikkelen. Neste punkt i erklæringen lyder:

- -

-«Du aksepterer ikke å bruke eller videreformidle til en tredjepart -noen hemmelige eller fortrolige opplysninger som gis av Microsoft i -løpet av elevens deltagelse.» -

- -

Mener Microsoft virkelig at foreldre og barn skal ta ansvar for at -Microsoft ikke klarer å holde hemmelig og fortrolig informasjon for -seg selv når de besøker en offentlig norsk skole? Jeg ville nektet -plent å signert på en avtale med en slik klausul, da det er Microsofts -ansvar å holde på sine hemmeligheter, og ikke noe mine barn og min -familie tar på oss erstatningsansvar for hvis de kommer på avveie.

- -

Jeg lurer på om noen har fått se den nye samtykkeerklæringen? -Inneholder den fortsatt klausul om hemmelighold? Hvor mange er det -som hittil har signert på den gamle samtykkeerklæringen? Hvor har den -vært brukt? Savnet svar på disse spørsmålene i artikkelen, da de som -har signert på den gamle vel vil være bundet av den selv om ingen -flere signerer på den.

- -

Lær kidsa koding er et glimrende initiativ, og jeg skulle ønske -noen av foreningen NUUGs medlemmer -hadde kapasitet til å delta i initiativet på NUUGs vegne. Selv tar -jobb, familie og eksisterende prosjekter allerede all tid. Slik -Microsoft tydeligvis holder på er det behov for noen med et annet syn -på livet som bidragsyter her.

+
Techno TV broadcasting live across Norway and the Internet (#debconf16, #nuug) on @frikanalen
+
1st August 2016
+

Did you know there is a TV channel broadcasting talks from DebConf +16 across an entire country? Or that there is a TV channel +broadcasting talks by or about +Linus Torvalds, +Tor, +OpenID, +Common Lisp, +Civic Tech, +EFF founder John Barlow, +how to make 3D +printer electronics and many more fascinating topics? It works +using only free software (all of it +available from Github), and +is administrated using a web browser and a web API.

+ +

The TV channel is the Norwegian open channel +Frikanalen, and I am involved +via the NUUG member association in +running and developing the software for the channel. The channel is +organised as a member organisation where its members can upload and +broadcast what they want (think of it as Youtube for national +broadcasting television). Individuals can broadcast too. The time +slots are handled on a first come, first serve basis. Because the +channel have almost no viewers and very few active members, we can +experiment with TV technology without too much flack when we make +mistakes. And thanks to the few active members, most of the slots on +the schedule are free. I see this as an opportunity to spread +knowledge about technology and free software, and have a script I run +regularly to fill up all the open slots the next few days with +technology related video. The end result is a channel I like to +describe as Techno TV - filled with interesting talks and +presentations.

+ +

It is available on channel 50 on the Norwegian national digital TV +network (RiksTV). It is also available as a multicast stream on +Uninett. And finally, it is available as +a WebM unicast stream from +Frikanalen and NUUG. Check it out. :)

- Tags: norsk, nuug, personvern. + Tags: english, frikanalen, nuug, video.
@@ -125,115 +113,90 @@ på livet som bidragsyter her.

-
Opphavsretts-status for «Empty Socks» fra 1927?
-
12th December 2014
-

For noen dager siden -annonserte -Nasjonalbiblioteket gladnyheten om at de i sine arkiver hadde -funnet et nitratfilm-eksemplar av en 87 år gammel Disney-film ved navn -Empty Socks, en film som tidligere var antatt tapt og der det i følge -nyhetsmeldinger var kun ca. 25 sekunder bevart for ettertiden. -Nasjonalbiblioteket hadde 5 minutter og 30 sekunder av filmen i sitt -magasin. Dette er flott for bevaringen av verdens kulturarv. 5,5 -minutter mindre tapt enn vi trodde av vår felles historie.

- -

Men hvordan kunne filmen gå tapt, når arkivlovene i USA krevde at -publiserte filmer på den tiden ble deponert i bibliotek? Forklaringen -har jeg fra Lawrence Lessig og boken -Free Culture, som jeg holder på -å -oversette til norsk:

- -

-

Dette er delvis på grunn av loven. Opphavsrettseiere var tidlig i - amerikansk opphavsrettslov nødt til å deponere kopier av sine verk i - biblioteker. Disse kopiene skulle både sikre spredning av kunnskap, - og sikre at det fantes en kopi av verket tilgjengelig når vernetiden - utløp, slik at andre kunne få tilgang til og kopiere verket.

- -

Disse reglene gjaldt også for filmer. Men i 1915 gjorde - kongressbiblioteket et unntak for film. Filmer kunne bli - opphavsrettsbeskyttet så lenge det ble gjort slik deponering. Men - filmskaperne fikk så lov til å låne tilbake de deponerte filmene - - så lenge de ville uten noe kostnad. Bare i 1915 var det mer enn 5475 - filmer deponert og “lånt tilbake”. Dermed var det ikke noe eksemplar - i noe bibliotek når vernetiden til filmen utløp. Eksemplaret - eksisterer - hvis den finnes i det hele tatt - i arkivbiblioteket - til filmselskapet.

-

- -

Nyheten gjorde meg nysgjerrig på om filmen kunne være falt i det -fri. En 87 år gammel film kunne jo tenkes å ha blitt en del av -allemannseiet, slik at vi alle kan bruke den til å bygge videre på vår -felles kultur uten å måtte be om tillatelse - slik Walt Disney gjorde -det i starten av sin karriere. Jeg spurte nasjonalbiblioteket, og de -sa nei. Hvordan kan det ha seg med en så gammel film? Jeg besteme -meg for å undersøke nærmere. En kan finne informasjon om den norske -vernetiden på -Lovdata -og Wikipedia. Her er et relevant utsnitt fra -siden om opphavsrett i den norske Wikipedia:

- -

- Ifølge åndsverkloven §§ 40-41 utløper vernetiden for et åndsverk 70 - år etter utløpet av opphavspersonens dødsår. [...] For filmverk - gjelder særlige regler: Her kommer ikke alle mulige opphavspersoner - i betraktning, men kun hovedregissøren, manusforfatteren, - dialogforfatteren og komponisten av filmmusikken. Vernetiden - begynner å løpe etter utgangen av dødsåret til den lengstlevende av - disse. [...] Der opphavspersonen er ukjent, utløper opphavsretten 70 - år etter første kjente offentliggjørelse av verket. Det er kun de - økonomiske rettighetene som faller bort i det vernetiden er - utløpt. De ideelle rettighetene må fortsatt respekteres, noe som - blant annet innebærer at man plikter å navngi opphavspersonen ved - tilgjengeliggjøring. -

- -

I følge nettstedet -The -Encyclopedia of Disney Animated Shorts er følgende personer gitt -æren for denne kortfilmen:

- -
- -
Regissør
-
Walt Disney (1901-12-05 – 1966-12-15) +70 år = 2037
- -
Animasjon -
Ub Iwerks (1901-03-24 – 1971-07-07) +70 år = 2042 -
Rollin "Ham" Hamilton (1898-10-28 - 1951-06-03) +70 år = 2022 -
Hugh Harman (1903-08-31 – 1982-11-25) +70 år = 2053
- -
Kamera -
Mike Marcus (?-?)
- -
- -

Alle fødsels- og dødsdatoene er fra engelske Wikipedia. Det er -ikke oppgitt navn på manusforfatter, dialogforfatter og komponist, men -jeg mistenker at tegnerne vil få opphavsrettigheter på tegnefilmer her -i Norge, og tar derfor med disse. Kameramannen vil ikke få noen -rettigheter så vidt jeg forstår, og er derfor ignorert her.

- -

Slik jeg forstår den norske opphavsretten vil dermed dette -filmverket bli allemannseie (også kalt å falle i det fri) i 2053, 126 -år etter at det ble utgitt. Hvis kun regissørens rettigheter er -relevante, vil det skje i 2037, 110 år etter at det ble utgitt. Etter -det vil enhver kunne dele det med alle de har lyst til, fremføre det -offentlig eller klippe og lime i det for å lage sin egen film basert -på det - helt uten å måtte spørre noen om lov.

- -

Måtte så Nasjonalbiblioteket spørre om lov før de kunne kopiere -sitt nitrat-eksemplar over på mer varig format? Nei, heldigvis. -Åndsverklovens § 16 sier at arkiv, bibliotek, museer og undervisnings- -og forskningsinstitusjoner har rett til å fremstille eksemplar av verk -for konserverings- og sikringsformål og andre særskilte formål.

+
Unlocking HTC Desire HD on Linux using unruu and fastboot
+
7th July 2016
+

Yesterday, I tried to unlock a HTC Desire HD phone, and it proved +to be a slight challenge. Here is the recipe if I ever need to do it +again. It all started by me wanting to try the recipe to set up +an +hardened Android installation from the Tor project blog on a +device I had access to. It is a old mobile phone with a broken +microphone The initial idea had been to just +install +CyanogenMod on it, but did not quite find time to start on it +until a few days ago.

+ +

The unlock process is supposed to be simple: (1) Boot into the boot +loader (press volume down and power at the same time), (2) select +'fastboot' before (3) connecting the device via USB to a Linux +machine, (4) request the device identifier token by running 'fastboot +oem get_identifier_token', (5) request the device unlocking key using +the HTC developer web +site and unlock the phone using the key file emailed to you.

+ +

Unfortunately, this only work fi you have hboot version 2.00.0029 +or newer, and the device I was working on had 2.00.0027. This +apparently can be easily fixed by downloading a Windows program and +running it on your Windows machine, if you accept the terms Microsoft +require you to accept to use Windows - which I do not. So I had to +come up with a different approach. I got a lot of help from AndyCap +on #nuug, and would not have been able to get this working without +him.

+ +

First I needed to extract the hboot firmware from +the +windows binary for HTC Desire HD downloaded as 'the RUU' from HTC. +For this there is is a github +project named unruu using libunshield. The unshield tool did not +recognise the file format, but unruu worked and extracted rom.zip, +containing the new hboot firmware and a text file describing which +devices it would work for.

+ +

Next, I needed to get the new firmware into the device. For this I +followed some instructions +available +from HTC1Guru.com, and ran these commands as root on a Linux +machine with Debian testing:

+ +

+adb reboot-bootloader
+fastboot oem rebootRUU
+fastboot flash zip rom.zip
+fastboot flash zip rom.zip
+fastboot reboot
+

+ +

The flash command apparently need to be done twice to take effect, +as the first is just preparations and the second one do the flashing. +The adb command is just to get to the boot loader menu, so turning the +device on while holding volume down and the power button should work +too.

+ +

With the new hboot version in place I could start following the +instructions on the HTC developer web site. I got the device token +like this:

+ +

+fastboot oem get_identifier_token 2>&1 | sed 's/(bootloader) //'
+
+ +

And once I got the unlock code via email, I could use it like +this:

+ +

+fastboot flash unlocktoken Unlock_code.bin
+

+ +

And with that final step in place, the phone was unlocked and I +could start stuffing the software of my own choosing into the device. +So far I only inserted a replacement recovery image to wipe the phone +before I start. We will see what happen next. Perhaps I should +install Debian on it. :)

- Tags: freeculture, norsk, opphavsrett, video. + Tags: bootsystem, debian, english, opphavsrett, sikkerhet.
@@ -241,70 +204,112 @@ for konserverings- og sikringsformål og andre særskilte formål.

-
How to stay with sysvinit in Debian Jessie
-
22nd November 2014
-

By now, it is well known that Debian Jessie will not be using -sysvinit as its boot system by default. But how can one keep using -sysvinit in Jessie? It is fairly easy, and here are a few recipes, -courtesy of -Erich -Schubert and -Simon -McVittie. - -

If you already are using Wheezy and want to upgrade to Jessie and -keep sysvinit as your boot system, create a file -/etc/apt/preferences.d/use-sysvinit with this content before -you upgrade:

+
How to use the Signal app if you only have a land line (ie no mobile phone)
+
3rd July 2016
+

For a while now, I have wanted to test +the Signal app, as it is +said to provide end to end encrypted communication and several of my +friends and family are already using it. As I by choice do not own a +mobile phone, this proved to be harder than expected. And I wanted to +have the source of the client and know that it was the code used on my +machine. But yesterday I managed to get it working. I used the +Github source, compared it to the source in +the +Signal Chrome app available from the Chrome web store, applied +patches to use the production Signal servers, started the app and +asked for the hidden "register without a smart phone" form. Here is +the recipe how I did it.

+ +

First, I fetched the Signal desktop source from Github, using -

-Package: systemd-sysv
-Pin: release o=Debian
-Pin-Priority: -1
-

- -

This file content will tell apt and aptitude to not consider -installing systemd-sysv as part of any installation and upgrade -solution when resolving dependencies, and thus tell it to avoid -systemd as a default boot system. The end result should be that the -upgraded system keep using sysvinit.

- -

If you are installing Jessie for the first time, there is no way to -get sysvinit installed by default (debootstrap used by -debian-installer have no option for this), but one can tell the -installer to switch to sysvinit before the first boot. Either by -using a kernel argument to the installer, or by adding a line to the -preseed file used. First, the kernel command line argument: +

+git clone https://github.com/WhisperSystems/Signal-Desktop.git
+
-

-preseed/late_command="in-target apt-get install --purge -y sysvinit-core"
-

+

Next, I patched the source to use the production servers, to be +able to talk to other Signal users:

-

Next, the line to use in a preseed file:

+
+cat <<EOF | patch -p0
+diff -ur ./js/background.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js
+--- ./js/background.js  2016-06-29 13:43:15.630344628 +0200
++++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/background.js    2016-06-29 14:06:29.530300934 +0200
+@@ -47,8 +47,8 @@
+         });
+     });
+ 
+-    var SERVER_URL = 'https://textsecure-service-staging.whispersystems.org';
+-    var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments-staging.s3.amazonaws.com';
++    var SERVER_URL = 'https://textsecure-service-ca.whispersystems.org:4433';
++    var ATTACHMENT_SERVER_URL = 'https://whispersystems-textsecure-attachments.s3.amazonaws.com';
+     var messageReceiver;
+     window.getSocketStatus = function() {
+         if (messageReceiver) {
+diff -ur ./js/expire.js userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js
+--- ./js/expire.js      2016-06-29 13:43:15.630344628 +0200
++++ userdata/Default/Extensions/bikioccmkafdpakkkcpdbppfkghcmihk/0.15.0_0/js/expire.js2016-06-29 14:06:29.530300934 +0200
+@@ -1,6 +1,6 @@
+ ;(function() {
+     'use strict';
+-    var BUILD_EXPIRATION = 0;
++    var BUILD_EXPIRATION = 1474492690000;
+ 
+     window.extension = window.extension || {};
+ 
+EOF
+
-

-d-i preseed/late_command string in-target apt-get install -y sysvinit-core
-

- -

One can of course also do this after the first boot by installing -the sysvinit-core package.

- -

I recommend only using sysvinit if you really need it, as the -sysvinit boot sequence in Debian have several hardware specific bugs -on Linux caused by the fact that it is unpredictable when hardware -devices show up during boot. But on the other hand, the new default -boot system still have a few rough edges I hope will be fixed before -Jessie is released.

- -

Update 2014-11-26: Inspired by -a -blog post by Torsten Glaser, added --purge to the preseed -line.

+

The first part is changing the servers, and the second is updating +an expiration timestamp. This timestamp need to be updated regularly. +It is set 90 days in the future by the build process (Gruntfile.js). +The value is seconds since 1970 times 1000, as far as I can tell.

+ +

Based on a tip and good help from the #nuug IRC channel, I wrote a +script to launch Signal in Chromium.

+ +
+#!/bin/sh
+cd $(dirname $0)
+mkdir -p userdata
+exec chromium \
+  --proxy-server="socks://localhost:9050" \
+  --user-data-dir=`pwd`/userdata --load-and-launch-app=`pwd`
+
+ +

The script start the app and configure Chromium to use the Tor +SOCKS5 proxy to make sure those controlling the Signal servers (today +Amazon and Whisper Systems) as well as those listening on the lines +will have a harder time location my laptop based on the Signal +connections if they use source IP address.

+ +

When the script starts, one need to follow the instructions under +"Standalone Registration" in the CONTRIBUTING.md file in the git +repository. I right clicked on the Signal window to get up the +Chromium debugging tool, visited the 'Console' tab and wrote +'extension.install("standalone")' on the console prompt to get the +registration form. Then I entered by land line phone number and +pressed 'Call'. 5 seconds later the phone rang and a robot voice +repeated the verification code three times. After entering the number +into the verification code field in the form, I could start using +Signal from my laptop. + +

As far as I can tell, The Signal app will leak who is talking to +whom and thus who know who to those controlling the central server, +but such leakage is hard to avoid with a centrally controlled server +setup. It is something to keep in mind when using Signal - the +content of your chats are harder to intercept, but the meta data +exposing your contact network is available to people you do not know. +So better than many options, but not great. And sadly the usage is +connected to my land line, thus allowing those controlling the server +to associate it to my home and person. I would prefer it if only +those I knew could tell who I was on Signal. There are options +avoiding such information leakage, but most of my friends are not +using them, so I am stuck with Signal for now.

- Tags: bootsystem, debian, english. + Tags: debian, english, sikkerhet, surveillance.
@@ -312,75 +317,46 @@ line.

-
Hvordan vurderer regjeringen H.264-patentutfordringen?
-
16th November 2014
-

For en stund tilbake spurte jeg Fornyingsdepartementet om hvilke -juridiske vurderinger rundt patentproblemstillingen som var gjort da -H.264 ble tatt inn i statens -referansekatalog over standarder. Stig Hornnes i FAD tipset meg -om følgende som står i oppsumeringen til høringen om -referansekatalogen versjon 2.0, som jeg siden ved hjelp av en -innsynsforespørsel fikk tak i -PDF-utgaven av -datert 2009-06-03 (saksnummer 200803291, saksbehandler Henrik -Linnestad).

- -

Der står det følgende om problemstillingen:

- -

-4.4 Patentproblematikk - -

NUUG og Opera ser det som særlig viktig at forslagene knyttet til -lyd og video baserer seg på de royalty-frie standardene Vorbis, Theora -og FLAC.

- -

Kommentarene relaterer seg til at enkelte standarder er åpne, men -inneholder tekniske prosedyrer som det i USA (og noen andre land som -Japan) er gitt patentrettigheter til. I vårt tilfelle berører dette -spesielt standardene Mp3 og H.264, selv om Politidirektoratet peker på -at det muligens kan være tilsvarende problematikk også for Theora og -Vorbis. Dette medfører at det i USA kan kreves royalties for bruk av -tekniske løsninger knyttet til standardene, et krav som også -håndheves. Patenter kan imidlertid bare hevdes i de landene hvor -patentet er gitt, så amerikanske patenter gjelder ikke andre steder -enn USA.

- -

Spesielt for utvikling av fri programvare er patenter -problematisk. GPL, en "grunnleggende" lisens for distribusjon av fri -programvare, avviser at programvare kan distribueres under denne -lisensen hvis det inneholder referanser til patenterte rutiner som -utløser krav om royalties. Det er imidlertid uproblematisk å -distribuere fri programvareløsninger under GPL som benytter de -aktuelle standardene innen eller mellom land som ikke anerkjenner -patentene. Derfor finner vi også flere implementeringer av Mp3 og -H.264 som er fri programvare, lisensiert under GPL.

- -

I Norge og EU er patentlovgivningen langt mer restriktiv enn i USA, -men det er også her mulig å få patentert metoder for løsning av et -problem som relaterer seg til databehandling. Det er AIF bekjent ikke -relevante patenter i EU eller Norge hva gjelder H.264 og Mp3, men -muligheten for at det finnes patenter uten at det er gjort krav om -royalties eller at det senere vil gis slike patenter kan ikke helt -avvises.

- -

AIF mener det er et behov for å gi offentlige virksomheter mulighet -til å benytte antatt royaltyfrie åpne standarder som et likeverdig -alternativ eller i tillegg til de markedsledende åpne standardene.

- -

- -

Det ser dermed ikke ut til at de har vurdert patentspørsmålet i -sammenheng med opphavsrettsvilkår slik de er formulert for f.eks. -Apple Final Cut Pro, Adobe Premiere Pro, Avid og Sorenson-verktøyene, -der det kreves brukstillatelse for patenter som ikke er gyldige i -Norge for å bruke disse verktøyene til annet en personlig og ikke -kommersiell aktivitet når det gjelder H.264-video. Jeg må nok lete -videre etter svar på det spørsmålet.

+
The new "best" multimedia player in Debian?
+
6th June 2016
+

When I set out a few weeks ago to figure out +which +multimedia player in Debian claimed to support most file formats / +MIME types, I was a bit surprised how varied the sets of MIME types +the various players claimed support for. The range was from 55 to 130 +MIME types. I suspect most media formats are supported by all +players, but this is not really reflected in the MimeTypes values in +their desktop files. There are probably also some bogus MIME types +listed, but it is hard to identify which one this is.

+ +

Anyway, in the mean time I got in touch with upstream for some of +the players suggesting to add more MIME types to their desktop files, +and decided to spend some time myself improving the situation for my +favorite media player VLC. The fixes for VLC entered Debian unstable +yesterday. The complete list of MIME types can be seen on the +Multimedia +player MIME type support status Debian wiki page.

+ +

The new "best" multimedia player in Debian? It is VLC, followed by +totem, parole, kplayer, gnome-mpv, mpv, smplayer, mplayer-gui and +kmplayer. I am sure some of the other players desktop files support +several of the formats currently listed as working only with vlc, +toten and parole.

+ +

A sad observation is that only 14 MIME types are listed as +supported by all the tested multimedia players in Debian in their +desktop files: audio/mpeg, audio/vnd.rn-realaudio, audio/x-mpegurl, +audio/x-ms-wma, audio/x-scpls, audio/x-wav, video/mp4, video/mpeg, +video/quicktime, video/vnd.rn-realvideo, video/x-matroska, +video/x-ms-asf, video/x-ms-wmv and video/x-msvideo. Personally I find +it sad that video/ogg and video/webm is not supported by all the media +players in Debian. As far as I can tell, all of them can handle both +formats.

- Tags: multimedia, norsk, opphavsrett, standard, video, web. + Tags: debian, debian edu, english, multimedia, video.
@@ -388,81 +364,118 @@ videre etter svar på det spørsmålet.

-
A Debian package for SMTP via Tor (aka SMTorP) using exim4
-
10th November 2014
-

The right to communicate with your friends and family in private, -without anyone snooping, is a right every citicen have in a liberal -democracy. But this right is under serious attack these days.

- -

A while back it occurred to me that one way to make the dragnet -surveillance conducted by NSA, GCHQ, FRA and others (and confirmed by -the whisleblower Snowden) more expensive for Internet email, -is to deliver all email using SMTP via Tor. Such SMTP option would be -a nice addition to the FreedomBox project if we could send email -between FreedomBox machines without leaking metadata about the emails -to the people peeking on the wire. I -proposed -this on the FreedomBox project mailing list in October and got a -lot of useful feedback and suggestions. It also became obvious to me -that this was not a novel idea, as the same idea was tested and -documented by Johannes Berg as early as 2006, and both -the -Mailpile and the Cables systems -propose a similar method / protocol to pass emails between users.

- -

To implement such system one need to set up a Tor hidden service -providing the SMTP protocol on port 25, and use email addresses -looking like username@hidden-service-name.onion. With such addresses -the connections to port 25 on hidden-service-name.onion using Tor will -go to the correct SMTP server. To do this, one need to configure the -Tor daemon to provide the hidden service and the mail server to accept -emails for this .onion domain. To learn more about Exim configuration -in Debian and test the design provided by Johannes Berg in his FAQ, I -set out yesterday to create a Debian package for making it trivial to -set up such SMTP over Tor service based on Debian. Getting it to work -were fairly easy, and -the -source code for the Debian package is available from github. I -plan to move it into Debian if further testing prove this to be a -useful approach.

- -

If you want to test this, set up a blank Debian machine without any -mail system installed (or run apt-get purge exim4-config to -get rid of exim4). Install tor, clone the git repository mentioned -above, build the deb and install it on the machine. Next, run -/usr/lib/exim4-smtorp/setup-exim-hidden-service and follow -the instructions to get the service up and running. Restart tor and -exim when it is done, and test mail delivery using swaks like -this:

+
A program should be able to open its own files on Linux
+
5th June 2016
+

Many years ago, when koffice was fresh and with few users, I +decided to test its presentation tool when making the slides for a +talk I was giving for NUUG on Japhar, a free Java virtual machine. I +wrote the first draft of the slides, saved the result and went to bed +the day before I would give the talk. The next day I took a plane to +the location where the meeting should take place, and on the plane I +started up koffice again to polish the talk a bit, only to discover +that kpresenter refused to load its own data file. I cursed a bit and +started making the slides again from memory, to have something to +present when I arrived. I tested that the saved files could be +loaded, and the day seemed to be rescued. I continued to polish the +slides until I suddenly discovered that the saved file could no longer +be loaded into kpresenter. In the end I had to rewrite the slides +three times, condensing the content until the talk became shorter and +shorter. After the talk I was able to pinpoint the problem – +kpresenter wrote inline images in a way itself could not understand. +Eventually that bug was fixed and kpresenter ended up being a great +program to make slides. The point I'm trying to make is that we +expect a program to be able to load its own data files, and it is +embarrassing to its developers if it can't.

+ +

Did you ever experience a program failing to load its own data +files from the desktop file browser? It is not a uncommon problem. A +while back I discovered that the screencast recorder +gtk-recordmydesktop would save an Ogg Theora video file the KDE file +browser would refuse to open. No video player claimed to understand +such file. I tracked down the cause being file --mime-type +returning the application/ogg MIME type, which no video player I had +installed listed as a MIME type they would understand. I asked for +file to change its +behavour and use the MIME type video/ogg instead. I also asked +several video players to add video/ogg to their desktop files, to give +the file browser an idea what to do about Ogg Theora files. After a +while, the desktop file browsers in Debian started to handle the +output from gtk-recordmydesktop properly.

+ +

But history repeats itself. A few days ago I tested the music +system Rosegarden again, and I discovered that the KDE and xfce file +browsers did not know what to do with the Rosegarden project files +(*.rg). I've reported the +rosegarden problem to BTS and a fix is commited to git and will be +included in the next upload. To increase the chance of me remembering +how to fix the problem next time some program fail to load its files +from the file browser, here are some notes on how to fix it.

+ +

The file browsers in Debian in general operates on MIME types. +There are two sources for the MIME type of a given file. The output from +file --mime-type mentioned above, and the content of the +shared MIME type registry (under /usr/share/mime/). The file MIME +type is mapped to programs supporting the MIME type, and this +information is collected from +the +desktop files available in /usr/share/applications/. If there is +one desktop file claiming support for the MIME type of the file, it is +activated when asking to open a given file. If there are more, one +can normally select which one to use by right-clicking on the file and +selecting the wanted one using 'Open with' or similar. In general +this work well. But it depend on each program picking a good MIME +type (preferably +a +MIME type registered with IANA), file and/or the shared MIME +registry recognizing the file and the desktop file to list the MIME +type in its list of supported MIME types.

+ +

The /usr/share/mime/packages/rosegarden.xml entry for +the +Shared MIME database look like this:

-torsocks swaks --server dutlqrrmjhtfa3vp.onion \
-  --to fbx@dutlqrrmjhtfa3vp.onion
+<?xml version="1.0" encoding="UTF-8"?>
+<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
+  <mime-type type="audio/x-rosegarden">
+    <sub-class-of type="application/x-gzip"/>
+    <comment>Rosegarden project file</comment>
+    <glob pattern="*.rg"/>
+  </mime-type>
+</mime-info>

-

This will test the SMTP delivery using tor. Replace the email -address with your own address to test your server. :)

- -

The setup procedure is still to complex, and I hope it can be made -easier and more automatic. Especially the tor setup need more work. -Also, the package include a tor-smtp tool written in C, but its task -should probably be rewritten in some script language to make the deb -architecture independent. It would probably also make the code easier -to review. The tor-smtp tool currently need to listen on a socket for -exim to talk to it and is started using xinetd. It would be better if -no daemon and no socket is needed. I suspect it is possible to get -exim to run a command line tool for delivery instead of talking to a -socket, and hope to figure out how in a future version of this -system.

- -

Until I wipe my test machine, I can be reached using the -fbx@dutlqrrmjhtfa3vp.onion mail address, deliverable over -SMTorP. :)

+

This states that audio/x-rosegarden is a kind of application/x-gzip +(it is a gzipped XML file). Note, it is much better to use an +official MIME type registered with IANA than it is to make up ones own +unofficial ones like the x-rosegarden type used by rosegarden.

+ +

The desktop file of the rosegarden program failed to list +audio/x-rosegarden in its list of supported MIME types, causing the +file browsers to have no idea what to do with *.rg files:

+ +

+% grep Mime /usr/share/applications/rosegarden.desktop
+MimeType=audio/x-rosegarden-composition;audio/x-rosegarden-device;audio/x-rosegarden-project;audio/x-rosegarden-template;audio/midi;
+X-KDE-NativeMimeType=audio/x-rosegarden-composition
+%
+

+ +

The fix was to add "audio/x-rosegarden;" at the end of the +MimeType= line.

+ +

If you run into a file which fail to open the correct program when +selected from the file browser, please check out the output from +file --mime-type for the file, ensure the file ending and +MIME type is registered somewhere under /usr/share/mime/ and check +that some desktop file under /usr/share/applications/ is claiming +support for this MIME type. If not, please report a bug to have it +fixed. :)

- Tags: debian, english, freedombox, personvern, surveillance. + Tags: debian, english.
@@ -470,192 +483,36 @@ SMTorP. :)

-
First Jessie based Debian Edu released (alpha0)
-
27th October 2014
-

I am happy to report that I on behalf of the Debian Edu team just -sent out -this -announcement:

- -
-The Debian Edu Team is pleased to announce the release of Debian Edu
-Jessie 8.0+edu0~alpha0
-
-Debian Edu is a complete operating system for schools. Through its
-various installation profiles you can install servers, workstations
-and laptops which will work together on the school network. With
-Debian Edu, the teachers themselves or their technical support can
-roll out a complete multi-user multi-machine study environment within
-hours or a few days. Debian Edu comes with hundreds of applications
-pre-installed, but you can always add more packages from Debian.
-
-For those who want to give Debian Edu Jessie a try, download and
-installation instructions are available, including detailed
-instructions in the manual[1] explaining the first steps, such as
-setting up a network or adding users. Please note that the password
-for the user your prompted for during installation must have a length
-of at least 5 characters!
-
- [1] <URL: https://wiki.debian.org/DebianEdu/Documentation/Jessie >
-
-Would you like to give your school's computer a longer life? Are you
-tired of sneaker administration, running from computer to computer
-reinstalling the operating system? Would you like to administrate all
-the computers in your school using only a couple of hours every week?
-Check out Debian Edu Jessie!
-
-Skolelinux is used by at least two hundred schools all over the world,
-mostly in Germany and Norway.
-
-About Debian Edu and Skolelinux
-===============================
-
-Debian Edu, also known as Skolelinux[2], is a Linux distribution based
-on Debian providing an out-of-the box environment of a completely
-configured school network. Immediately after installation a school
-server running all services needed for a school network is set up just
-waiting for users and machines being added via GOsa², a comfortable
-Web-UI. A netbooting environment is prepared using PXE, so after
-initial installation of the main server from CD or USB stick all other
-machines can be installed via the network.  The provided school server
-provides LDAP database and Kerberos authentication service,
-centralized home directories, DHCP server, web proxy and many other
-services.  The desktop contains more than 60 educational software
-packages[3] and more are available from the Debian archive, and
-schools can choose between KDE, Gnome, LXDE, Xfce and MATE desktop
-environment.
-
- [2] <URL: http://www.skolelinux.org/ >
- [3] <URL: http://people.skolelinux.org/pere/blog/Educational_applications_included_in_Debian_Edu___Skolelinux__the_screenshot_collection____.html >
-
-Full release notes and manual
-=============================
-
-Below the download URLs there is a list of some of the new features
-and bugfixes of Debian Edu 8.0+edu0~alpha0 Codename Jessie. The full
-list is part of the manual. (See the feature list in the manual[4] for
-the English version.) For some languages manual translations are
-available, see the manual translation overview[5].
-
- [4] <URL: https://wiki.debian.org/DebianEdu/Documentation/Jessie/Features >
- [5] <URL: http://maintainer.skolelinux.org/debian-edu-doc/ >
-
-Where to get it
----------------
-
-To download the multiarch netinstall CD release (624 MiB) you can use
-
- * ftp://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso
- * http://ftp.skolelinux.org/skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso
- * rsync -avzP ftp.skolelinux.org::skolelinux-cd/debian-edu-8.0+edu0~alpha0-CD.iso .
-
-The SHA1SUM of this image is: 361188818e036ce67280a572f757de82ebfeb095
-
-New features for Debian Edu 8.0+edu0~alpha0 Codename Jessie released 2014-10-27
-===============================================================================
-
-
-Installation changes
---------------------
-
- * PXE installation now installs firmware automatically for the hardware present.
-
-Software updates
-----------------
-
-Everything which is new in Debian Jessie 8.0, eg:
-
- * Linux kernel 3.16.x
- * Desktop environments KDE "Plasma" 4.11.12, GNOME 3.14, Xfce 4.10,
-   LXDE 0.5.6 and MATE 1.8 (KDE "Plasma" is installed by default; to
-   choose one of the others see manual.)
- * the browsers Iceweasel 31 ESR and Chromium 38 
- * !LibreOffice 4.3.3
- * GOsa 2.7.4
- * LTSP 5.5.4
- * CUPS print system 1.7.5
- * new boot framework: systemd
- * Educational toolbox GCompris 14.07 
- * Music creator Rosegarden 14.02
- * Image editor Gimp 2.8.14
- * Virtual stargazer Stellarium 0.13.0
- * golearn 0.9
- * tuxpaint 0.9.22
- * New version of debian-installer from Debian Jessie.
- * Debian Jessie includes about 42000 packages available for
-   installation.
- * More information about Debian Jessie 8.0 is provided in the release
-   notes[6] and the installation manual[7].
-
- [6] <URL: http://www.debian.org/releases/jessie/releasenotes >
- [7] <URL: http://www.debian.org/releases/jessie/installmanual >
-
-Fixed bugs
-----------
-
- * Inserting incorrect DNS information in Gosa will no longer break
-   DNS completely, but instead stop DNS updates until the incorrect
-   information is corrected (Debian bug #710362)
- * and many others.
-
-Documentation and translation updates
-------------------------------------- 
-
- * The Debian Edu Jessie Manual is fully translated to German, French,
-   Italian, Danish and Dutch. Partly translated versions exist for
-   Norwegian Bokmal and Spanish.
-
-Other changes
--------------
-
- * Due to new Squid settings, powering off or rebooting the main
-   server takes more time.
- * To manage printers localhost:631 has to be used, currently www:631
-   doesn't work.
-
-Regressions / known problems
-----------------------------
-
- * Installing LTSP chroot fails with a bug related to eatmydata about
-   exim4-config failing to run its postinst (see Debian bug #765694
-   and Debian bug #762103).
- * Munin collection is not properly configured on clients (Debian bug
-   #764594).  The fix is available in a newer version of munin-node.
- * PXE setup for Main Server and Thin Client Server setup does not
-   work when installing on a machine without direct Internet access.
-   Will be fixed when Debian bug #766960 is fixed in Jessie.
-
-See the status page[8] for the complete list.
-
- [8] <URL: https://wiki.debian.org/DebianEdu/Status/Jessie >
-
-How to report bugs
-------------------
-
-<URL: http://wiki.debian.org/DebianEdu/HowTo/ReportBugs >
-
-About Debian
-============
-
-The Debian Project was founded in 1993 by Ian Murdock to be a truly
-free community project. Since then the project has grown to be one of
-the largest and most influential open source projects. Thousands of
-volunteers from all over the world work together to create and
-maintain Debian software. Available in 70 languages, and supporting a
-huge range of computer types, Debian calls itself the universal
-operating system.
-
-Contact Information
-For further information, please visit the Debian web pages[9] or send
-mail to press@debian.org.
-
- [9] <URL: http://www.debian.org/ >
-
+
Tor - from its creators mouth 11 years ago
+
28th May 2016
+

A little more than 11 years ago, one of the creators of Tor, and +the current President of the Tor +project, Roger Dingledine, gave a talk for the members of the +Norwegian Unix User group (NUUG). A +video of the talk was recorded, and today, thanks to the great help +from David Noble, I finally was able to publish the video of the talk +on Frikanalen, the Norwegian open channel TV station where NUUG +currently publishes its talks. You can +watch the live stream using a web +browser with WebM support, or check out the recording on the video +on demand page for the talk +"Tor: Anonymous +communication for the US Department of Defence...and you.".

+ +

Here is the video included for those of you using browsers with +HTML video and Ogg Theora support:

+ +

+ +

I guess the gist of the talk can be summarised quite simply: If you +want to help the military in USA (and everyone else), use Tor. :)

- Tags: debian edu, english. + Tags: english, frikanalen, nuug, video.
@@ -663,32 +520,67 @@ mail to press@debian.org.
-
I spent last weekend recording MakerCon Nordic
-
23rd October 2014
-

I spent last weekend at Makercon -Nordic, a great conference and workshop for makers in Norway and -the surrounding countries. I had volunteered on behalf of the -Norwegian Unix Users Group (NUUG) to video record the talks, and we -had a great and exhausting time recording the entire day, two days in -a row. There were only two of us, Hans-Petter and me, and we used the -regular video equipment for NUUG, with a -dvswitch, a -camera and a VGA to DV convert box, and mixed video and slides -live.

- -

Hans-Petter did the post-processing, consisting of uploading the -around 180 GiB of raw video to Youtube, and the result is -now becoming -public on the MakerConNordic account. The videos have the license -NUUG always use on our recordings, which is -Creative -Commons Navngivelse-Del på samme vilkår 3.0 Norge. Many great -talks available. Check it out! :)

+
Isenkram with PackageKit support - new version 0.23 available in Debian unstable
+
25th May 2016
+

The isenkram +system is a user-focused solution in Debian for handling hardware +related packages. The idea is to have a database of mappings between +hardware and packages, and pop up a dialog suggesting for the user to +install the packages to use a given hardware dongle. Some use cases +are when you insert a Yubikey, it proposes to install the software +needed to control it; when you insert a braille reader list it +proposes to install the packages needed to send text to the reader; +and when you insert a ColorHug screen calibrator it suggests to +install the driver for it. The system work well, and even have a few +command line tools to install firmware packages and packages for the +hardware already in the machine (as opposed to hotpluggable hardware).

+ +

The system was initially written using aptdaemon, because I found +good documentation and example code on how to use it. But aptdaemon +is going away and is generally being replaced by +PackageKit, +so Isenkram needed a rewrite. And today, thanks to the great patch +from my college Sunil Mohan Adapa in the FreedomBox project, the +rewrite finally took place. I've just uploaded a new version of +Isenkram into Debian Unstable with the patch included, and the default +for the background daemon is now to use PackageKit. To check it out, +install the isenkram package and insert some hardware dongle +and see if it is recognised.

+ +

If you want to know what kind of packages isenkram would propose for +the machine it is running on, you can check out the isenkram-lookup +program. This is what it look like on a Thinkpad X230:

+ +

+% isenkram-lookup 
+bluez
+cheese
+fprintd
+fprintd-demo
+gkrellm-thinkbat
+hdapsd
+libpam-fprintd
+pidgin-blinklight
+thinkfan
+tleds
+tp-smapi-dkms
+tp-smapi-source
+tpb
+%p
+

+ +

The hardware mappings come from several places. The preferred way +is for packages to announce their hardware support using +the +cross distribution appstream system. +See +previous +blog posts about isenkram to learn how to do that.

- Tags: english, nuug, video. + Tags: debian, english, isenkram.
@@ -696,91 +588,57 @@ talks available. Check it out! :)

-
listadmin, the quick way to moderate mailman lists - nice free software
-
22nd October 2014
-

If you ever had to moderate a mailman list, like the ones on -alioth.debian.org, you know the web interface is fairly slow to -operate. First you visit one web page, enter the moderation password -and get a new page shown with a list of all the messages to moderate -and various options for each email address. This take a while for -every list you moderate, and you need to do it regularly to do a good -job as a list moderator. But there is a quick alternative, -the -listadmin program. It allow you to check lists for new messages -to moderate in a fraction of a second. Here is a test run on two -lists I recently took over:

- -

-% time listadmin xiph
-fetching data for pkg-xiph-commits@lists.alioth.debian.org ... nothing in queue
-fetching data for pkg-xiph-maint@lists.alioth.debian.org ... nothing in queue
-
-real    0m1.709s
-user    0m0.232s
-sys     0m0.012s
-%
-

- -

In 1.7 seconds I had checked two mailing lists and confirmed that -there are no message in the moderation queue. Every morning I -currently moderate 68 mailman lists, and it normally take around two -minutes. When I took over the two pkg-xiph lists above a few days -ago, there were 400 emails waiting in the moderator queue. It took me -less than 15 minutes to process them all using the listadmin -program.

- -

If you install -the listadmin -package from Debian and create a file ~/.listadmin.ini -with content like this, the moderation task is a breeze:

- -

-username username@example.org
-spamlevel 23
-default discard
-discard_if_reason "Posting restricted to members only. Remove us from your mail list."
-
-password secret
-adminurl https://{domain}/mailman/admindb/{list}
-mailman-list@lists.example.com
-
-password hidden
-other-list@otherserver.example.org
-

- -

There are other options to set as well. Check the manual page to -learn the details.

- -

If you are forced to moderate lists on a mailman installation where -the SSL certificate is self signed or not properly signed by a -generally accepted signing authority, you can set a environment -variable when calling listadmin to disable SSL verification:

- -

-PERL_LWP_SSL_VERIFY_HOSTNAME=0 listadmin
-

- -

If you want to moderate a subset of the lists you take care of, you -can provide an argument to the listadmin script like I do in the -initial screen dump (the xiph argument). Using an argument, only -lists matching the argument string will be processed. This make it -quick to accept messages if you notice the moderation request in your -email.

- -

Without the listadmin program, I would never be the moderator of 68 -mailing lists, as I simply do not have time to spend on that if the -process was any slower. The listadmin program have saved me hours of -time I could spend elsewhere over the years. It truly is nice free -software.

+
Discharge rate estimate in new battery statistics collector for Debian
+
23rd May 2016
+

Yesterday I updated the +battery-stats +package in Debian with a few patches sent to me by skilled and +enterprising users. There were some nice user and visible changes. +First of all, both desktop menu entries now work. A design flaw in +one of the script made the history graph fail to show up (its PNG was +dumped in ~/.xsession-errors) if no controlling TTY was available. +The script worked when called from the command line, but not when +called from the desktop menu. I changed this to look for a DISPLAY +variable or a TTY before deciding where to draw the graph, and now the +graph window pop up as expected.

+ +

The next new feature is a discharge rate estimator in one of the +graphs (the one showing the last few hours). New is also the user of +colours showing charging in blue and discharge in red. The percentages +of this graph is relative to last full charge, not battery design +capacity.

+ +

+ +

The other graph show the entire history of the collected battery +statistics, comparing it to the design capacity of the battery to +visualise how the battery life time get shorter over time. The red +line in this graph is what the previous graph considers 100 percent: + +

+ +

In this graph you can see that I only charge the battery to 80 +percent of last full capacity, and how the capacity of the battery is +shrinking. :(

+ +

The last new feature is in the collector, which now will handle +more hardware models. On some hardware, Linux power supply +information is stored in /sys/class/power_supply/ACAD/, while the +collector previously only looked in /sys/class/power_supply/AC/. Now +both are checked to figure if there is power connected to the +machine.

+ +

If you are interested in how your laptop battery is doing, please +check out the +battery-stats +in Debian unstable, or rebuild it on Jessie to get it working on +Debian stable. :) The upstream source is available from github. +Patches are very welcome.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address -15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

- -

Update 2014-10-27: Added missing 'username' statement in -configuration example. Also, I've been told that the -PERL_LWP_SSL_VERIFY_HOSTNAME=0 setting do not work for everyone. Not -sure why.

+15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

@@ -793,114 +651,34 @@ sure why.

-
Debian Jessie, PXE and automatic firmware installation
-
17th October 2014
-

When PXE installing laptops with Debian, I often run into the -problem that the WiFi card require some firmware to work properly. -And it has been a pain to fix this using preseeding in Debian. -Normally something more is needed. But thanks to -my isenkram -package and its recent tasksel extension, it has now become easy -to do this using simple preseeding.

- -

The isenkram-cli package provide tasksel tasks which will install -firmware for the hardware found in the machine (actually, requested by -the kernel modules for the hardware). (It can also install user space -programs supporting the hardware detected, but that is not the focus -of this story.)

- -

To get this working in the default installation, two preeseding -values are needed. First, the isenkram-cli package must be installed -into the target chroot (aka the hard drive) before tasksel is executed -in the pkgsel step of the debian-installer system. This is done by -preseeding the base-installer/includes debconf value to include the -isenkram-cli package. The package name is next passed to debootstrap -for installation. With the isenkram-cli package in place, tasksel -will automatically use the isenkram tasks to detect hardware specific -packages for the machine being installed and install them, because -isenkram-cli contain tasksel tasks.

- -

Second, one need to enable the non-free APT repository, because -most firmware unfortunately is non-free. This is done by preseeding -the apt-mirror-setup step. This is unfortunate, but for a lot of -hardware it is the only option in Debian.

- -

The end result is two lines needed in your preseeding file to get -firmware installed automatically by the installer:

- -

-base-installer base-installer/includes string isenkram-cli
-apt-mirror-setup apt-setup/non-free boolean true
-

- -

The current version of isenkram-cli in testing/jessie will install -both firmware and user space packages when using this method. It also -do not work well, so use version 0.15 or later. Installing both -firmware and user space packages might give you a bit more than you -want, so I decided to split the tasksel task in two, one for firmware -and one for user space programs. The firmware task is enabled by -default, while the one for user space programs is not. This split is -implemented in the package currently in unstable.

- -

If you decide to give this a go, please let me know (via email) how -this recipe work for you. :)

- -

So, I bet you are wondering, how can this work. First and -foremost, it work because tasksel is modular, and driven by whatever -files it find in /usr/lib/tasksel/ and /usr/share/tasksel/. So the -isenkram-cli package place two files for tasksel to find. First there -is the task description file (/usr/share/tasksel/descs/isenkram.desc):

- -

-Task: isenkram-packages
-Section: hardware
-Description: Hardware specific packages (autodetected by isenkram)
- Based on the detected hardware various hardware specific packages are
- proposed.
-Test-new-install: show show
-Relevance: 8
-Packages: for-current-hardware
-
-Task: isenkram-firmware
-Section: hardware
-Description: Hardware specific firmware packages (autodetected by isenkram)
- Based on the detected hardware various hardware specific firmware
- packages are proposed.
-Test-new-install: mark show
-Relevance: 8
-Packages: for-current-hardware-firmware
-

- -

The key parts are Test-new-install which indicate how the task -should be handled and the Packages line referencing to a script in -/usr/lib/tasksel/packages/. The scripts use other scripts to get a -list of packages to install. The for-current-hardware-firmware script -look like this to list relevant firmware for the machine: - -

-#!/bin/sh
-#
-PATH=/usr/sbin:$PATH
-export PATH
-isenkram-autoinstall-firmware -l
-

- -

With those two pieces in place, the firmware is installed by -tasksel during the normal d-i run. :)

- -

If you want to test what tasksel will install when isenkram-cli is -installed, run DEBIAN_PRIORITY=critical tasksel --test ---new-install to get the list of packages that tasksel would -install.

- -

Debian Edu will be -pilots in testing this feature, as isenkram is used there now to -install firmware, replacing the earlier scripts.

+
French edition of Lawrence Lessigs book Cultura Libre on Amazon and Barnes & Noble
+
21st May 2016
+

A few weeks ago the French paperback edition of Lawrence Lessigs +2004 book Cultura Libre was published. Today I noticed that the book +is now available from book stores. You can now buy it from +Amazon +($19.99), +Barnes +& Noble ($?) and as always from +Lulu.com +($19.99). The revenue is donated to the Creative Commons project. If +you buy from Lulu.com, they currently get $10.59, while if you buy +from one of the book stores most of the revenue go to the book store +and the Creative Commons project get much (not sure how much +less).

+ +

I was a bit surprised to discover that there is a kindle edition +sold by Amazon Digital Services LLC on Amazon. Not quite sure how +that edition was created, but if you want to download a electronic +edition (PDF, EPUB, Mobi) generated from the same files used to create +the paperback edition, they are +available +from github.

- Tags: debian, english, isenkram, sysadmin. + Tags: docbook, english, freeculture.
@@ -915,6 +693,56 @@ install firmware, replacing the earlier scripts.

Archive