Planet Fellowship (en)

Tuesday, 29 July 2014

Pruning Syslog entries from MongoDB

DanielPocock.com - fsfe | 18:27, Tuesday, 29 July 2014

I previously announced the availability of rsyslog+MongoDB+LogAnalyzer in Debian wheezy-backports. This latest rsyslog with MongoDB storage support is also available for Ubuntu and Fedora users in one way or another.

Just one thing was missing: a flexible way to prune the database. LogAnalyzer provides a very basic pruning script that simply purges all records over a certain age. The script hasn't been adapted to work within the package layout. It is written in PHP, which may not be ideal for people who don't actually want LogAnalyzer on their Syslog/MongoDB host.

Now there is a convenient solution: I've just contributed a very trivial Python script for selectively pruning the records.

Thanks to Python syntax and the PyMongo client, it is extremely concise: in fact, here is the full script:

#!/usr/bin/python

import syslog
import datetime
from pymongo import Connection

# It assumes we use the default database name 'logs' and collection 'syslog'
# in the rsyslog configuration.

with Connection() as client:
    db = client.logs
    table = db.syslog
    #print "Initial count: %d" % table.count()
    today = datetime.datetime.today()

    # remove ANY record older than 5 weeks except mail.info
    t = today - datetime.timedelta(weeks=5)
    table.remove({"time":{ "$lt": t }, "syslog_fac": { "$ne" : syslog.LOG_MAIL }})

    # remove any debug record older than 7 days
    t = today - datetime.timedelta(days=7)
    table.remove({"time":{ "$lt": t }, "syslog_sever": syslog.LOG_DEBUG})

    #print "Final count: %d" % table.count()

Just put it in /usr/local/bin and run it daily from cron.

Customization

Just adapt the table.remove statements as required. See the PyMongo tutorial for a very basic introduction to the query syntax and full details in the MongoDB query operator reference for creating more elaborate pruning rules.

Potential improvements

  • Indexing the columns used in the queries
  • Logging progress and stats to Syslog


LogAnalyzer using a database backend such as MongoDB is very easy to set up and much faster than working with text-based log files

Monday, 28 July 2014

Intro to Open Invention Network’s defensive publications

Hugo - FSFE planet | 10:37, Monday, 28 July 2014

Three weeks ago, I started working for Open Invention Network as an intern1. Open Invention Network, or OIN in short, aims at creating a safe environment for Linux and Linux-based systems to thrive in spite of all the threats that patents constitute to software developers.

<aside class="dyk-patents2009 sidenote right"> Did you know? In 2009-2011 in the US, $20 billion was spent on patent litigation and patent purchases. In 2011, for Apple and Google, this spending exceeded spending on research and development. (source) </aside>

As one of my activities with OIN in the Linux Defenders program, I am helping Free Software (aka Open Source) projects submit “defensive publications.”

Defensive publications are sort of anti-patents:

  • while patents are claimed to exclude others from being able to implement something,
  • defensive publications prevent anyone to exclude others from being able to implement something.

They’re called defensive because they can be used against further patent applications or they can be used a posteriori to defend oneself against patent infringement claims. Indeed, if the software is already accessible by the public before a patent on it is submitted, there’s no way you or anyone would be infringing on a patent on that software. Actually in that situation the patent should be invalidated. Then you might ask: why do I need to write defensive publications if I have already published my source code? — Unfortunately, that’s because just releasing source code is not effective to protect yourself against patents.

In theory, it is true that you are immune from infringement of subsequent patents as soon as you’ve made your software source code publicly accessible online, for instance using a public version control system like Github.

In practice, it’s not really effective. Here’s why:

  1. the life of patents begin at the patent office where patent applications are submitted, then reviewed by patent office staff:

    Patent examiners have a strong sense of the technology that is patented, but they’re missing an understanding of what has been and is currently being developed in the open source world. As shocking as it may seem, the result is the examiner formulating an inaccurate sense of what is innovative. As the final arbiter of a very significant monopoly grant, they are often grossly uninformed in terms of what lies beyond their narrowly scoped search. This is not wholly their fault as they have limited resources and time. However, it is a strong indication of a faulty system that is so entrenched in the archaic methods under which patent offices have been operating.

    As Andrea pointed out, patent office staff will usually not go to software repositories and read source code in order to find prior art. That’s why making it easy for them to read about what you’ve done in software is necessary. That’s what defensive publications are supposed to do.

  2. The life of patents end in several ways, whichever comes first:

    1. The patent was filed more than 20 years ago or the patent holders have not paid their yearly patent-taxes, it’s now in the public domain
    2. an authoritative court decision has striked out the patent as invalid (and there’s no appeal pending)
    3. the patent office reverts their decision to grant the patent

    The problem is that in each of these cases, the process can be quite long. Litigations can go on for several years, especially since a patent holder will probably try to appeal a decision that invalidate its patent.

    As for the patent office procedures, they can take a decade. For instance, it took more than 15 years to strike down a single very broad Amazon patent application2.

    Meanwhile, the patent will constitute a potential threat that will effectively encumber the use and distribution of your software.

Basically, defensive publications consist in documenting one aspect of software projects that’s focused on solving a challenge and does it in a new, innovative way. The document would give some context about the state of the art and then describe in more details how the system works, usually by using meaningful diagrams, flowcharts and other figures.

Not like this one:

Created by Libby Levi for opensource.com
Parody of a software patent figure

And who’s going to read defensive publications? At OIN, we maintain a website to list defensive publications. Then, we submit them to databases used for prior-art examination by patent office examiners. So the target audience for these defensive publications is the patent office that reviews patent applications. A good defensive publication should use generic terms that are understood even by someone who’s not programming in the same language as the one used for the program.

Defensive publications may be no more than a re-arrangement of what’s already written on the project’s blog, or in the documentation. They can be useful to explain how your program works to other programmers. In some aspect, they look like a (short!) scientific publication.

For software that works in areas heavily encumbered with patents like media codecs, actively submitting defensive publications can safeguard the project’s rights against patent holders. For instance, consider that patent trolls now account for 67% of all new patent lawsuits and as shown in a 2012 study, startups are not immune to patent threats.

So part of my job is to work with Free Software projects to help them submit defensive publications. I have been working with Pablo Joubert on a defensive publication around search engines making use of distributed hash tables (DHT). Pablo was involved in the Seeks project and has now started a new project building upon seeks. It was very interesting for me to learn more about how DHT are used in peer-to-peer networks and how we can make use of them for new awesome applications like social search. Now, Pablo also has a document that explains concisely what the project is and how it works. This could be the preamble to the documentation 😉

I’ve also worked on a guide to defensive publications and I am starting to think on how a tutorial might look like. I hope you will find that useful. I’ll write more about that next time!


  1. Since I passed the bar exam in December last year, I now have to fulfil two 6-month internships. ↩

  2. It’s patent EP0927945 The patent’s abstract begins like this: “A method and system for placing an order to purchase an item via the Internet.” This patent was filed at the European Patent Office in 1998. ↩

Secure that Dictaphone

DanielPocock.com - fsfe | 05:35, Monday, 28 July 2014

2014 has been a big year for dictaphones so far.

First, it was France and the secret recordings made by Patrick Buisson during the reign of President Sarkozy.

Then, a US court ordered the release of the confidential Boston College tapes, part of an oral history project. Originally, each participant had agreed their recording would only be released after their death. Sinn Fein leader Gerry Adams was arrested and questioned over a period of 100 hours and released without charge.

Now Australia is taking its turn. In #dictagate down under, a senior political correspondent from a respected newspaper recorded (most likely with consent) some off-the-record comments of former conservative leader Ted Baillieu. Unfortunately, this journalist misplaced the dictaphone at the state conference of Baillieu's arch-rivals, the ALP. A scandal quickly errupted.

Secure recording technology

There is no question that electronic voice recordings can be helpful for people, including journalists, researchers, call centers and many other purposes. However, the ease with which they can now be distributed is only dawning on people.

Twenty years ago, you would need to get the assistance of a radio or TV producer to disseminate such recordings so widely. Today there is email and social media. The Baillieu tapes were emailed directly to 400 people in a matter of minutes.

Just as technology brings new problems, it also brings solutions. Encryption is one of them.

Is encryption worthwhile?

Coverage of the Snowden revelations has revealed that many popular security technologies are not one hundred percent safe. In each of these dictaphone cases, however, NSA-level expertise was not a factor. Even the most simplistic encryption would have caused endless frustration to the offenders who distributed the Baillieu tape.

How can anybody be sure encryption is reliable?

Part of the problem is education. Everybody using the technology needs to be aware of the basic concepts, for example, public key cryptography.

Another big question mark is back doors. There is ongoing criticism of Apple iPhone/iPod devices and the many ways that their encryption can be easily disabled by Apple engineers and presumably many former staff, security personnel and others. The message is clear: proprietary, closed-source solutions should be avoided. Free and open source technologies are the alternative. If a company does not give you the source code, how can anybody independently audit their code for security? With encryption software, what use is it if nobody has verified it?

What are the options?

However, given that the majority of people don't have a PhD in computer science or mathematics, are there convenient ways to get started with encryption?

Reading is a good start. The Code Book by Simon Singh (author of other popular science books like Fermat's Last Theorem) is very accessible, not classified and assumes no formal training in mathematics. Even for people who do know these topics inside out, it is a good book to share with friends and family.

The Guardian Project (no connection with Guardian Media of Edward Snowden fame) aims to provide a secure and easy to use selection of apps for pocket devices. This project has practical applications in business, journalism and politics alike.

How should a secure dictaphone app work?

Dictaphone users typically need to take their dictaphones in the field, so there is a risk of losing it or having it stolen. A strong security solution in this situation may involve creating an RSA key pair on a home/office computer, keeping the private key on the home computer and putting the public key on the dictaphone device. Configured this way, the dictaphone will not be able to play back any of the recordings itself - the user will always have to copy them to the computer for decryption.

Monday, 21 July 2014

Australia can't criticize Putin while competing with him

DanielPocock.com - fsfe | 17:00, Monday, 21 July 2014

While much of the world is watching the tragedy of MH17 and contemplating the grim fate of 298 deceased passengers sealed into a refrigerated freight train in the middle of a war zone, Australia (with 28 victims on that train) has more than just theoretical skeletons in the closet too.

At this moment, some 153 Tamil refugees, fleeing the same type of instability that brought a horrible death to the passengers of MH17, have been locked up in the hull of a customs ship on the high seas. Windowless cabins and a supply of food not fit for a dog are part of the Government's strategy to brutalize these people for simply trying to avoid the risk of enhanced imprisonment(TM) in their own country.

Under international protocol for rescue at sea and political asylum, these people should be taken to the nearest port and given a humanitarian visa on arrival. Australia, however, is trying to lie and cheat their way out of these international obligations while squealing like a stuck pig about the plight of Australians in the hands of Putin. If Prime Minister Tony Abbott wants to encourage Putin to co-operate with the international community, shouldn't he try to lead by example? How can Australians be safe abroad if our country systematically abuses foreigners in their time of need?

Friday, 18 July 2014

An invisible part of the Free Software Foundation Europe

I love it here » English | 12:03, Friday, 18 July 2014

In all organisations you have people, who do crucial work which is invisible to the public. But without them, the organisation would not function. In the FSFE, one of this people who takes care of a lot of invisible tasks is Reinhard Müller. After maintaining FSFE’s website, coordinating FSFE’s translation team, and taking care of our Fellowship database for many years, in 2007 he volunteered to be FSFE’s Financial Officer. With this post I want to offer you an insight into the invisible tasks performed by Reinhard.

<figure about="http://blogs.fsfe.org/mk/wp-content/plugins/creative-commons-license-manager/embed-helper.php?id=1338" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/terms/">Karsten and Reinhard working together <figcaption>Karsten, with FSCONS shirt, and Reinhard, with Mach Dich Frei shirt, working Matthias Kirschner CC BY-SA <script> function showEmbed(element) { var figureNode = element.parentNode.parentNode; var helperNode = document.createElement('html'); helperNode.appendChild(figureNode.cloneNode(true)); embedNode = document.createElement('input'); embedNode.value = helperNode.innerHTML.replace(/<:/g,"<").replace(/<.:/g,"</figcaption><style scoped="scoped">figure[about] { display: inline-block; margin: 0; padding: 0; position: relative; } figure[about] > img, figure[about] > audio, figure[about] > video, figure[about] > object { display: block; margin: 0; padding: 0; } figure[about] figcaption { background-color: rgba(190, 190, 190, 0.6); bottom: 0px; font-size: 12px; height: 22px; left: 0px; line-height: 22px; overflow: hidden; padding-left: 22px; position: absolute; width: 0px; } audio +figcaption, video + figcaption, object + figcaption { left: 22px !important; } figure[about] figcaption:hover { height: inherit; width: inherit; } figure[about] figcaption [property*=title] { display: none; } figure[about] figcaption [property*=attributionName] { border: none; color: black; display: inline-block; height: 22px; margin: 0 0.5em; text-decoration: underline; text-shadow: none; } figure[about] figcaption small { position: absolute; left: 0; bottom: 0; } figure[about] figcaption small, figure[about] figcaption small a, figure[about] figcaption small a abbr { color: transparent !important; border: none; display: inline-block; height: 22px; margin: 0; padding: 0; text-shadow: none !important; width: 22px; } figure[about] figcaption small a[href^="http://creativecommons.org/licenses/"] { background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAQAAABuvaSwAAAAAnNCSVQICFXsRgQAAAAJcEhZcwAABJ0AAASdAXw0a6EAAAAZdEVYdFNvZnR3YXJlAHd3dy5pbmtzY2FwZS5vcmeb7jwaAAABmklEQVQoz5XTPWiTURTG8d8b/GjEii2VKoqKi2DFwU9wUkTdFIeKIEWcpIOTiA4OLgVdXFJwEZHoIII0TiJipZJFrIgGKXQQCRg6RKREjEjMcQnmTVPB3jNc7j1/7nk49zlJ+P+1rPsqydqFD1HvSkUq9MkpaQihoWRcfzqftGUkx9y10Yy33vlttz2GzBmNQtfLrmqqGu6odNKccOvvubXt1/Da+tAZBkwKx1OwHjNqti1EQ7DBN2Vr2vBl4cJiaAjOCdfbcMF3mWC7O6qmDFntms9KzgYZNU/bcFkxBM+UjXjiilFNl4yZsCIoqrRgA0IuGNRws1W66H1KSE5YFzKoa+pFTV0/ydYk66s+kt5kE1ilqd7qs49KIcj75bEfxp0RJn0yKxtMm21rzmtYG6x0Wt5Fy4ODbhuzJejx06M2PCzc+2frbgjn0z9YEE4tih7Q8FyShgdVzRvpQk+omLe5wxvBIV+ECTtkQpCx00Oh4ugCI7XcfF8INa9MqQnhQdrRSedYJYcdsc9eTHvjRbzsyC5lBjNLYP0B5PQk1O2dJT8AAAAASUVORK5CYII="); background-position: 0px center; background-repeat: no-repeat; } figure[about] > figcaption button, figure[about] > figcaption input { color: inherit; background: inherit; border-width: 1px; font-size: smaller; margin: 0 0.5em; width: 5em; } </style></figure>

From 20 to 22 June, Karsten and I myself met with Reinhard in Lustenau/Austria to go through his current tasks. The goal was to minimise a single point of failure in our organisation. We want to make sure that Reinhard’s tasks could also be performed by someone else in the case he decides to do a journey round the world. So beside impressing us with the wonderful landscape, Reinhard gave us a detailed summary. Here a short overview of tasks he performs in the FSFE’s “Lustenau Office”:

  • Payment of invoices and archiving them: yes unfortunately we do not just receive donations, but also invoices. Reinhard takes care of that.
  • Checking our bank statements: this includes contacting individual donors asking them to become Fellows instead to minimise our administrative overhead, add donors above 480€ to our donors page to as well as checking our liquidity.
  • Paper filing for the accounting: for the cash books, our bank accounts, check if something is missing.
  • The accounting: together with aqbanking-tools and some nice self-written bash scripts, Reinhard merges all payments from the bank, the manually added numbers from the cash box, the credit cards, and others accounts into CSV files. In this process all payments receive the correct account number. (For me this is one of most advanced tasks, which Reinhard already documented quite well. I also learned a lot about accounting.)
  • Reporting taxes to the financial authorities: We have to pay tax for the merchandise (19%), the legal conference tickets (7%), plus in very rare cases services we sell (which is especially complicated if it is outside Germany). Reinhard calculates our taxes and reports them to our tax consultant, who again after checking reports that to the authorities. He has to finish this 1 month, and 10 days after each quarter.

I learnt a lot during those days while documenting those tasks, and I am very thankful that Reinhard does all those things for the FSFE in his spare time. Furthermore it was great to enjoy the sunny weather and the beautiful mountains.

Below, you can see Reinhard with the FSFE’s first t-shirt, ever. It has the Latin quote by Saint Augustinus written on it: “Omnis enim res, quae dando non deficit, dum habetur et non datur, nondum habetur, quomodo habenda est.” which translates to “For if a thing is not diminished by being shared with others, it is not rightly owned if it is only owned and not shared.” (Meanwhile we switched to English as the main language for our t-shirts.)

<figure about="http://blogs.fsfe.org/mk/wp-content/plugins/creative-commons-license-manager/embed-helper.php?id=1339" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/terms/">Reinhard with the first FSFE t-shirt in the Austrian mountains <figcaption>Reinhard with the first FSFE t-shirt in the Austrian mountains Matthias Kirschner CC BY-SA <script> function showEmbed(element) { var figureNode = element.parentNode.parentNode; var helperNode = document.createElement('html'); helperNode.appendChild(figureNode.cloneNode(true)); embedNode = document.createElement('input'); embedNode.value = helperNode.innerHTML.replace(/<:/g,"<").replace(/<.:/g,"</figcaption><style scoped="scoped">figure[about] { display: inline-block; margin: 0; padding: 0; position: relative; } figure[about] > img, figure[about] > audio, figure[about] > video, figure[about] > object { display: block; margin: 0; padding: 0; } figure[about] figcaption { background-color: rgba(190, 190, 190, 0.6); bottom: 0px; font-size: 12px; height: 22px; left: 0px; line-height: 22px; overflow: hidden; padding-left: 22px; position: absolute; width: 0px; } audio +figcaption, video + figcaption, object + figcaption { left: 22px !important; } figure[about] figcaption:hover { height: inherit; width: inherit; } figure[about] figcaption [property*=title] { display: none; } figure[about] figcaption [property*=attributionName] { border: none; color: black; display: inline-block; height: 22px; margin: 0 0.5em; text-decoration: underline; text-shadow: none; } figure[about] figcaption small { position: absolute; left: 0; bottom: 0; } figure[about] figcaption small, figure[about] figcaption small a, figure[about] figcaption small a abbr { color: transparent !important; border: none; display: inline-block; height: 22px; margin: 0; padding: 0; text-shadow: none !important; width: 22px; } figure[about] figcaption small a[href^="http://creativecommons.org/licenses/"] { background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAQAAABuvaSwAAAAAnNCSVQICFXsRgQAAAAJcEhZcwAABJ0AAASdAXw0a6EAAAAZdEVYdFNvZnR3YXJlAHd3dy5pbmtzY2FwZS5vcmeb7jwaAAABmklEQVQoz5XTPWiTURTG8d8b/GjEii2VKoqKi2DFwU9wUkTdFIeKIEWcpIOTiA4OLgVdXFJwEZHoIII0TiJipZJFrIgGKXQQCRg6RKREjEjMcQnmTVPB3jNc7j1/7nk49zlJ+P+1rPsqydqFD1HvSkUq9MkpaQihoWRcfzqftGUkx9y10Yy33vlttz2GzBmNQtfLrmqqGu6odNKccOvvubXt1/Da+tAZBkwKx1OwHjNqti1EQ7DBN2Vr2vBl4cJiaAjOCdfbcMF3mWC7O6qmDFntms9KzgYZNU/bcFkxBM+UjXjiilFNl4yZsCIoqrRgA0IuGNRws1W66H1KSE5YFzKoa+pFTV0/ydYk66s+kt5kE1ilqd7qs49KIcj75bEfxp0RJn0yKxtMm21rzmtYG6x0Wt5Fy4ODbhuzJejx06M2PCzc+2frbgjn0z9YEE4tih7Q8FyShgdVzRvpQk+omLe5wxvBIV+ECTtkQpCx00Oh4ugCI7XcfF8INa9MqQnhQdrRSedYJYcdsc9eTHvjRbzsyC5lBjNLYP0B5PQk1O2dJT8AAAAASUVORK5CYII="); background-position: 0px center; background-repeat: no-repeat; } figure[about] > figcaption button, figure[about] > figcaption input { color: inherit; background: inherit; border-width: 1px; font-size: smaller; margin: 0 0.5em; width: 5em; } </style></figure>

Thursday, 17 July 2014

MH17 and the elephant in the room

DanielPocock.com - fsfe | 19:09, Thursday, 17 July 2014

Just last week, air passengers were told of intrusive new checks on their electronic devices when flying.

For years, passengers have also suffered bans on basic essentials like drinking water and excesses like the patting down of babies that even Jimmy Saville would find offensive.

Of course, all this is being done for public safety.

So if western leaders claim the safety and security of their citizens is really their number one priority, just how is it that a passenger aircraft can be flying through a war zone where two other planes were shot down this month? When it comes to aviation security, this really is the elephant in the room. The MH17 tragedy today demonstrates that terror always finds a way. It is almost like the terrorists can have their cake and eat it too: they force "free" countries to give up their freedoms and public decency and then they still knock the occasional plane out of the sky anyway.

History in the making?

It is 100 years since the assassination of Austrian Archduke Franz Ferdinand started World War I and just over 50 years since the Cuban missile crisis. Will this incident also achieve similar notoriety in history? The downing of MH17 may well have been a "mistake" but the casualties are real and very tragic indeed. I've flown with Malaysia Airlines many times, including the same route MH17 and feel a lot of sympathy for these people who have been affected.

Watching DVB-T without a TV

the_unconventional's blog » English | 17:03, Thursday, 17 July 2014

Let me start off by saying that I don’t like TV, and especially not commercial broadcasters. Like I’ve said before: the only reason I’m even able to receive them is because it’s impossible to have a DOCSIS internet connection without a DVB-C package. I have one TV connected to the cable, but I never even bothered to install a coaxial cable upstairs.

I do, however, like to watch the occasional sports event, such as the Tour de France, the FIFA world cup, and other cycling and football tournaments.

Usually, the Dutch public broadcasting authority allows us to stream these events from their web site. However, those streams have some downsides: they’re usually laggy and low-bandwidth, but the biggest problem is that they require people to install Adobe’s Flash Player, which is a horrible security risk.

So, I’ve been looking for a way to watch those streams without having to install Adobe’s malware. The first thing that came to mind was DVB-T, which I’ve already been using on my bedroom TV for years. Granted, I only receive four channels, but I really couldn’t care less about the commercial stuff.

One small problem: DVB-T reception requires a TV. And I’m certainly not planning to put a TV in every room in my house. So it would be nice if I could watch those streams on displays I already have: computer monitors connected to Debian PCs.

I started looking for DVB-T receivers, and I managed to pick up a TerraTec Cinergy T RC for fifteen bucks. Unlike a lot of other hardware, the GNU/Linux support of TV tuners is generally very decent, so I wouldn’t worry too much about incompatibility. The connectors aren’t sophisticated either. It’s a simple coax plug, so the antenna cable can easily be extended.

All you need is a little receiver near a window and you’re set.

Installing a DVB receiver is rather easy: just plug it in, and usually it will work immediately. Sometimes you’ll need to put a firmware file in /lib/firmware, depending on your distribution. dmesg will then probably let you know about that.

usb 1-2: firmware: failed to load dvb-usb-af9015.fw (-2)
usb 1-2: Direct firmware load failed with error -2
usb 1-2: Falling back to user helper
usb 1-2: dvb_usb_v2: Did not find the firmware file ‘dvb-usb-af9015.fw’. Please see linux/Documentation/dvb/ for more details on firmware-problems. Status -2
dvb_usb_af9015: probe of 1-2:1.0 failed with error -2

In my case, I needed dvb-usb-af9015.fw, so I opened a terminal in the /lib/firmware directrory and ran sudo wget http://palosaari.fi/linux/v4l-dvb/firmware/af9015/5.24.0.0/dvb-usb-af9015.fw

After reconnecting the tuner, everything went well.

usb 4-1.4: dvb_usb_v2: found a ‘TerraTec Cinergy T Stick RC’ in warm state
DVB: registering new adapter (TerraTec Cinergy T Stick RC)
usb 4-1.4: DVB: registering adapter 0 frontend 0 (Afatech AF9013)…
Registered IR keymap rc-terratec-slim-2
usb 4-1.4: dvb_usb_v2: ‘TerraTec Cinergy T Stick RC’ successfully initialized and connected
usbcore: registered new interface driver dvb_usb_af9015

Watching DVB streams doesn’t require a lot of special software: all I’m using are MPlayer and the dvb-apps package.

First, I created a ~/.tzap directory and opened a terminal within it. Then, I ran scan /usr/share/dvb/dvb-t/nl-All -o zap -x 0 | tee channels.conf, which created a channel list. (Needless to say, the nl-All file should only be used if you live in the Netherlands.)

Nederland 1: 474000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_1_2:QAM_64: TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_4:HIERARCHY_NONE:7011:7012:1101
Nederland 2: 474000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_1_2:QAM_64: TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_4:HIERARCHY_NONE:7021:7022:1102
Nederland 3: 474000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_1_2:QAM_64: TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_4:HIERARCHY_NONE:7031:7032:1103
TV Rijnmond: 474000000:INVERSION_AUTO:BANDWIDTH_8_MHZ:FEC_1_2:FEC_1_2:QAM_64: TRANSMISSION_MODE_8K:GUARD_INTERVAL_1_4:HIERARCHY_NONE:7041:7042:1104

Finally, I wrote some scripts to tune tzap to the free-to-air channels and let MPlayer play the MPEG stream. Simply click them, run it in a terminal, wait ~10 seconds for a buffer to build up, and enjoy the live TV feed.

Modifying the scripts to the channels you receive in your country is pretty straightforward (just change the channel names accordingly to your channels.conf file), so I doubt that requires any explanation.

VLC users can simply drag their channels.conf file into the VLC window, which automatically converts it to a playlist. Press Ctrl + Y and save it as ~/Videos/TV.xspf (or whatever), and all you have to do is click the playlist and switch channels with the Previous / Next buttons.

<?xml version=”1.0″ encoding=”UTF-8″?>
<playlist xmlns=”http://xspf.org/ns/0/” xmlns:vlc=”http://www.videolan.org/vlc/playlist/ns/0/” version=”1″>
<title>Playlist</title>
<trackList>
<track>
<location>dvb-t:// frequency=474000000:inversion=0:bandwidth=8:code-rate-hp=1/2:code-rate-lp=1/2:modulation=64QAM: transmission=-1:guard=1/4:hierarchy=0</location>
<duration>18300000</duration>
<extension application=”http://www.videolan.org/vlc/playlist/0″>
<vlc:id>0</vlc:id>
<vlc:option>program=1101</vlc:option>
</extension>
</track>
<track>
<location>dvb-t:// frequency=474000000:inversion=0:bandwidth=8:code-rate-hp=1/2:code-rate-lp=1/2:modulation=64QAM: transmission=-1:guard=1/4:hierarchy=0</location>
<extension application=”http://www.videolan.org/vlc/playlist/0″>
<vlc:id>1</vlc:id>
<vlc:option>program=1102</vlc:option>
</extension>
</track>
<track>
<location>dvb-t:// frequency=474000000:inversion=0:bandwidth=8:code-rate-hp=1/2:code-rate-lp=1/2:modulation=64QAM: transmission=-1:guard=1/4:hierarchy=0</location>
<extension application=”http://www.videolan.org/vlc/playlist/0″>
<vlc:id>2</vlc:id>
<vlc:option>program=1103</vlc:option>
</extension>
</track>
<track>
<location>dvb-t:// frequency=474000000:inversion=0:bandwidth=8:code-rate-hp=1/2:code-rate-lp=1/2:modulation=64QAM: transmission=-1:guard=1/4:hierarchy=0</location>
<extension application=”http://www.videolan.org/vlc/playlist/0″>
<vlc:id>3</vlc:id>
<vlc:option>program=1104</vlc:option>
</extension>
</track>
</trackList>
<extension application=”http://www.videolan.org/vlc/playlist/0″>
<vlc:item tid=”0″/>
<vlc:item tid=”1″/>
<vlc:item tid=”2″/>
<vlc:item tid=”3″/>
</extension>
</playlist>

If you’re looking for a fancier GUI solution, you might want to check out MeTV. It can scan for channels on its own, but you can also import your channels.conf file. MeTV also offers EPG viewing and MPEG stream recording (including timers).

Also keep in mind that DVB-T offers nice advantages regarding anonymity, privacy, and bandwith. After all, it uses public RF signals that are “in the air anyway”. There’s no upstream, so nobody knows that you’re watching. And even if there was, there would be no way to identify you, as there is no IP address that an ISP could point towards you. Moreover, you don’t have to constrain your network with any kind of video stream. You can even unplug your ethernet cable, or take your laptop up the road.

Sunday, 13 July 2014

Installing MediaGoblin on FreeBSD

irl:/dev/blog » fsfe-planet | 16:32, Sunday, 13 July 2014

GNU MediaGoblin is a web application for hosting and sharing media. At 57North Hacklab, we currently have a Flickr group but to post to Flickr it is necessary to have a Yahoo! account and this seems like an unreasonable requirement to impose on members that want to share photos. This led to me setting up MediaGoblin. Hopefully it will also be useful for sharing other forms of media beyond photos too.

The instructions for installing MediaGoblin only cover Linux environments so here is my documentation of an installation on FreeBSD.

Start off by installing some dependencies (as root):

# pkg install git python py27-lxml py27-imaging py27-virtualenv

Then install some postgresql things (as root):

# pkg install postgresql92-server postgresql92-client py27-psycopg2

Do some setup of postgresql to initialise it and make it start on boot (as root):

# echo 'postgresql_enable="YES"' >> /etc/rc.conf
# /usr/local/etc/rc.d/postgresql initdb
# /usr/local/etc/rc.d/postgresql start

Create the new postgresql user and database (as root):

# su pgsql -c "createuser mediagoblin"
# su pgsql -c "createdb -E UNICODE -O mediagoblin mediagoblin"

Create the system user (as root):

# adduser
Username: mediagoblin
Full name: MediaGoblin Unprivileged User
Uid (Leave empty for default): 201
Login group [mediagoblin]:
Login group is mediagoblin. Invite mediagoblin into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash zsh rzsh git-shell nologin) [sh]:
Home directory [/home/mediagoblin]: /usr/local/srv/mediagoblin
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]:
Username   : mediagoblin
Password   :
Full Name  : MediaGoblin Unprivileged User
Uid        : 201
Class      :
Groups     : mediagoblin
Home       : /usr/local/srv/mediagoblin
Home Mode  :
Shell      : /bin/sh
Locked     : no
OK? (yes/no): yes
pw: mkdir(/srv/mediagoblin): No such file or directory
adduser: INFO: Successfully added (mediagoblin) to the user database.
Add another user? (yes/no): no
Goodbye!

The next step is to actually fetch the MediaGoblin sources (as root):

# su mediagoblin
# cd ~
# git clone git://gitorious.org/mediagoblin/mediagoblin.git
# cd mediagoblin
# git submodule init && git submodule update

Then build the MediaGoblin virtualenv (as mediagoblin):

$ (virtualenv --system-site-packages . || virtualenv .) && ./bin/python setup.py develop

To deploy with FastCGI, flup is apparently useful (as mediagoblin):

$ ./bin/easy_install flup

From here, you can follow the official documentation. Just start at “Deploying MediaGoblin Services”. Do remember though that your configuration files for web servers are going to be in /usr/local/etc not /etc

Saturday, 12 July 2014

Streaming APRS data over XMPP

irl:/dev/blog » fsfe-planet | 21:49, Saturday, 12 July 2014

I’ve recently started playing with radios again and I’ve been looking mainly at packet radio. APRS is a system which uses amateur radio to transmit position reports, weather reports, and messages between users. There is an Internet backbone for APRS called APRS-IS that can be used to access a filtered feed of APRS broadcasts. I thought it would be nice if such a feed were also available via XMPP so set about building a gateway.

This was not as easy as I’d hoped it would be. All the libraries I tried to use to access APRS-IS data either were in a language I didn’t want to touch (i.e. Perl) or wouldn’t run on my system without segfaulting. Luckily, it is quite easy to talk to the APRS-IS servers as it turns out. Opening a TCP connection and sending:

user MM6MVQ-1 pass -1 vers testsoftware 1.0_05 filter r/57.1526/-2.1100/50\r\n

caused the server to begin sending me all the APRS packets broadcast within 50km of Aberdeen.

Next up was the XMPP bit. I really wanted to get a pubsub service going, but I had no idea how they worked, and after fighting with libraries again and even giving up on the server software and using jabber.ccc.de’s server instead I went for the easier option of just sending messages to a MUC for now.

Check out xmpp:aprs-aberdeen@conference.jabber.ccc.de?join to see the messages being broadcast around me.

Friday, 11 July 2014

FSFE’s German speaking team meeting 2014

I love it here » English | 10:08, Friday, 11 July 2014

From 13 – 15 June 2014 FSFE had its German speaking team meeting in the Linuxhotel in Essen. The participants had some problems to travel there because of the chaos resulting from a heavy thunderstorm in the region. A lot of train lines where not functional, and the situation on the streets was also chaotic. But just because no ICE trains stop in Essen does not mean we will not continue our work for Free Software. In the end we were able to bring all volunteers to the Linuxhotel.

<figure about="http://blogs.fsfe.org/mk/wp-content/plugins/creative-commons-license-manager/embed-helper.php?id=1374" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/terms/">The two buildings from Linuxhotel <figcaption>linuxhotel_landschaft Linuxhotel CC BY-SA <script> function showEmbed(element) { var figureNode = element.parentNode.parentNode; var helperNode = document.createElement('html'); helperNode.appendChild(figureNode.cloneNode(true)); embedNode = document.createElement('input'); embedNode.value = helperNode.innerHTML.replace(/<:/g,"<").replace(/<.:/g,"</figcaption><style scoped="scoped">figure[about] { display: inline-block; margin: 0; padding: 0; position: relative; } figure[about] > img, figure[about] > audio, figure[about] > video, figure[about] > object { display: block; margin: 0; padding: 0; } figure[about] figcaption { background-color: rgba(190, 190, 190, 0.6); bottom: 0px; font-size: 12px; height: 22px; left: 0px; line-height: 22px; overflow: hidden; padding-left: 22px; position: absolute; width: 0px; } audio +figcaption, video + figcaption, object + figcaption { left: 22px !important; } figure[about] figcaption:hover { height: inherit; width: inherit; } figure[about] figcaption [property*=title] { display: none; } figure[about] figcaption [property*=attributionName] { border: none; color: black; display: inline-block; height: 22px; margin: 0 0.5em; text-decoration: underline; text-shadow: none; } figure[about] figcaption small { position: absolute; left: 0; bottom: 0; } figure[about] figcaption small, figure[about] figcaption small a, figure[about] figcaption small a abbr { color: transparent !important; border: none; display: inline-block; height: 22px; margin: 0; padding: 0; text-shadow: none !important; width: 22px; } figure[about] figcaption small a[href^="http://creativecommons.org/licenses/"] { background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAQAAABuvaSwAAAAAnNCSVQICFXsRgQAAAAJcEhZcwAABJ0AAASdAXw0a6EAAAAZdEVYdFNvZnR3YXJlAHd3dy5pbmtzY2FwZS5vcmeb7jwaAAABmklEQVQoz5XTPWiTURTG8d8b/GjEii2VKoqKi2DFwU9wUkTdFIeKIEWcpIOTiA4OLgVdXFJwEZHoIII0TiJipZJFrIgGKXQQCRg6RKREjEjMcQnmTVPB3jNc7j1/7nk49zlJ+P+1rPsqydqFD1HvSkUq9MkpaQihoWRcfzqftGUkx9y10Yy33vlttz2GzBmNQtfLrmqqGu6odNKccOvvubXt1/Da+tAZBkwKx1OwHjNqti1EQ7DBN2Vr2vBl4cJiaAjOCdfbcMF3mWC7O6qmDFntms9KzgYZNU/bcFkxBM+UjXjiilFNl4yZsCIoqrRgA0IuGNRws1W66H1KSE5YFzKoa+pFTV0/ydYk66s+kt5kE1ilqd7qs49KIcj75bEfxp0RJn0yKxtMm21rzmtYG6x0Wt5Fy4ODbhuzJejx06M2PCzc+2frbgjn0z9YEE4tih7Q8FyShgdVzRvpQk+omLe5wxvBIV+ECTtkQpCx00Oh4ugCI7XcfF8INa9MqQnhQdrRSedYJYcdsc9eTHvjRbzsyC5lBjNLYP0B5PQk1O2dJT8AAAAASUVORK5CYII="); background-position: 0px center; background-repeat: no-repeat; } figure[about] > figcaption button, figure[about] > figcaption input { color: inherit; background: inherit; border-width: 1px; font-size: smaller; margin: 0 0.5em; width: 5em; } </style></figure>

On Friday after dinner we finalised the agenda, especially discussing the workshop topics and decided depending on popularity which ones we will have during the weekend. Furthermore we added a slot for lightning talks for Saturday morning. After dinner we met Michael and Mechthilde in the Linuxhotel, who reported from their work during the day at the GLS bank to promote FSFE (in German).

Saturday morning started with 30 minutes of lightning talks. Erik Albers talked about our work and the results of the Free Software pact and how we could use that for regional elections. Maurice gave an overview of our activities in the Netherlands, especially their work at cryptoparties and the privacy cafe, the Netherland team’s involvement in the Free Software pact, and reported that the NL team now consists of around 10 active people. Guido Arnold presented a bash script to make it easier to publish local FSFE meetings on different FSFE websites, and microblogs. He motivated others to look at the code and improve it. Torsten Grote talked about the status of Free Software microblogging software. As the last one, Erik Albers gave a short overview from our German speaking local groups. Afer that the first slot of two parallel workshops started:

After lunch Michael Stehmann held a session how to better integrate evaluation in our work. We will do more work on this topic in the comming months. Then it was time again for two parallel workshops slots:

In the evening local Free Software supporters joined us for a BBQ, like former HURD developer Neal Walfield, FSFE’s booth master Rainer Kersten, FSFE’s Fellowship representative Stefan “Penny” Harmuth, and GnuPG author Werner Koch.

Due to longer travel times caused by the storm, Sunday was quite short. In the morning we slightly modified the agenda, and again had two workshop sessions. On group continued with the WhatsApp workshop to do further testing, and in the other group Erik Albers talked with local team coordinators about their situation and what ideas they have for the future. After “destroying” the rest of Saturday evening BBQ, and cleaning up, 2 days of good work were over again.

Wednesday, 09 July 2014

Randa Fundraiser: The countdown is ticking

Mario Fux | 13:33, Wednesday, 09 July 2014

Just some more hours and the Randa Meetings 2014 fundraiser will close. It will end at 23.59 UTC, afterwards you need to go to the normal KDE donation page to support us ;-) . So may I ask you one last time this year to help us and give something. It’s high time and we can still achieve a big jump on the progress bar with your help!

In the picture below you see the group photo of the Randa Meetings 2011 in the form of a jigsaw puzzle. The year and place when the KDE Frameworks 5 planning and work started which achieved an interim stop with the first stable release yesterday. Some great (KConfig, KArchive, Sonnet, ThreadWeaver, etc.) Qt addons for you Qt developers and for many different platforms.

Jigsaw puzzle of the group picture 2011

Jigsaw puzzle of the group picture 2011

And guess what we plan to work on this year in Randa? Porting even more KDE applications to KDE Frameworks 5. The KDE Edu group will be there too and will port its collection of educational software to KF5. Software for kids and people that want to learn and understand the world. Understand why it’s important to be free in your decision to choose the tools you use to create great things and communicate it to the world. All these are things we work on for your and our freedom.

So take a look at your wallet and give what you can and thus help to make another great edition of the Randa Meetings possible where we create even better software for you.

flattr this!

Sunday, 06 July 2014

News team jailed, phone hacking not fixed though

DanielPocock.com - fsfe | 08:20, Sunday, 06 July 2014

This week former News of the World executives were sentenced, most going to jail, for the British phone hacking scandal.

Noticeably absent from the trial and much of the media attention are the phone companies. Did they know their networks could be so systematically abused? Did they care?

In any case, the public has never been fully informed about how phones have been hacked. Speculation has it that phone hackers were guessing PIN numbers for remote voicemail access, typically trying birthdates and inappropriate PIN numbers like 0000 or 1234.

There is more to it

Those in the industry know that there are additional privacy failings in mobile networks, especially the voicemail service. It is not just in the UK either.

There are various reasons for not sharing explicit details on a blog like this and comments concerning such techniques can't be accepted.

Nonetheless, there are some points that do need to be made:

  • it is still possible for phones, especially voicemail, to be hacked on demand
  • an attacker does not need expensive equipment nor do they need to be within radio range (or even the same country) as their target
  • the attacker does not need to be an insider (phone company or spy agency employee)

Disable voicemail completely - the only way to be safe

The bottom line is that the only way to prevent voicemail hacking is to disable the phone's voicemail service completely. Voicemail is not really necessary given that most phones support email now. For those who feel they need it, consider running the voicemail service on your own private PBX using free software like Asterisk or FreeSWITCH. Some Internet telephony service providers also offer third-party voicemail solutions that are far more secure than those default services offered by mobile networks.

To disable voicemail, simply do two things:

  • send a letter to the phone company telling them you do not want any voicemail box in their network
  • in the mobile phone, select the menu option to disable all diversions, or manually disable each diversion one by one (e.g. disable forwarding when busy, disable forwarding when not answered, disable forwarding when out of range)

Friday, 04 July 2014

Free Software in Education News – June

Being Fellow #952 of FSFE » English | 22:12, Friday, 04 July 2014

Here’s what we collected in June. If you come accross anything that might be worth mentioning in this series, please drop me a note, dump it in this pad or drop it on the edu-eu mailinglist!

FSFE Edu-Team activities

Government

Other News

Future Events

Thanks to all contributors!

flattr this!

Just some more reasons to avoid Microsoft

Martin's notes - English | 07:01, Friday, 04 July 2014

Today, I had to create an account with Microsoft for work, so I can list a few more reasons why to avoid them:

1. If you want to create an account, you not only have to enable JavaScript, but you have to allow loading proprietary code from different websites, some of which will most probably track you across the web.
2. They intentionally fight security by allowing only passwords with 16 characters or shorter. By default, I use a 25 character random string.
3. The confirmation message they send you to verify your e-mail address is completely unreadable in plain text MUAs like mutt (although they even send a plain text part) because it contains incredibly long links. An example (it has been modified so it will not work!) of what this looks like for me:

Continue reading "Just some more reasons to avoid Microsoft"

Thursday, 03 July 2014

Evaluating Free Software for procurement

Karsten on Free Software | 11:06, Thursday, 03 July 2014

When you’re a public body, how do you evaluate Free Software solutions, and how do you procure them? Recently I’ve been getting this question fairly regularly. Here are the main resources I point people to.

First stop: A guideline from the European Commission on “public procurement of open source software“. This answers most of the fundamental questions, such as “is it ok for us to just download a program?” (yes), or “How can we specify that we really want Free Software and Open Standards?”. When it comes to evaluating potential solutions, the EC guideline is pretty curt.

The UK government has produced an “Open Source procurement toolkit“. This is a very useful resource. It highlights Open Standards and the need to avoid lock-in. The documents in the toolkit are clearly structured and well written.

They sometimes make the common mistake of describing “open source” and “commercial software” as opposites. Lots of commercial companies that have successfully built their business around Free Software would beg to differ. But this is a minor quibble with a generally very useful resource.

So let’s say you’re putting out a call for tender for a Free Software-based solution. How do you evaluate and compare the different bidders? Here, the Swedes have some helpful advice for you. In early 2011, one of Sweden’s two national procurement agencies launched a number of Free Software framework contracts. They specified some pretty detailed criteria for evaluating suppliers. Some of them are pretty nifty: In one example, bidders can score the highest number of points if they have committed code to a project, and the project has accepted and integrated it.

The original documents are in Swedish (of course), and have been translated into German. If you read neither language, this presentation by Daniel Melin has a pretty good overview. You’ll also want to check out this write-up of Sweden’s and other countries’ public sector approaches to procuring Free Software.

Thankfully, there are many other useful resources on this topic. If you want to see your favourite one included here, please get in touch!

 

Tuesday, 01 July 2014

[advertising] A nice Indie-Game

emergency exit | 18:42, Tuesday, 01 July 2014

I have just backed a wonderful looking independent dystopian RPG on Kickstarter! It’s called Insomnia, it looks like it uses the Free Software Engine Ogre3d (although its not Free Software itself) and it will feature native Linux support. They still need money, so if you enjoy special video games, go help them out and pre-order your DRM-free copy!

Workshop on Privacy and Free Software

/var/log/fsfe/flx » planet-en | 09:39, Tuesday, 01 July 2014

I led a workshop on Privacy and Free Software at FSFE’s Germanophone Team Meeting 2014. Here’s a summary.

Privacy Café

The Privacy Café is an initiative of Dutch digital rights organisation Bits of Freedom. Its purpose is to teach people to protect their privacy. They call it “digital self-defence”.

Whilst the Privacy Café has a lot in common with CryptoParties, there are some notable differences:

  • It usually takes place in a public library (instead of e.g. a hackerspace).
  • It targets a non-technical audience (which is why a public library is a very good venue).

The Privacy Café has a “menu” with

  • starters like Firefox, https everywhere, startpage.com, choosing good passwords, automatic updates, screen locking, hard disk encryption;
  • main courses like Tor, GnuPG, OTR, Tails;
  • and desserts like tosdr.org, prism-break.org, xkcd.com.

Volunteers from Bits of Freedom and hackerspaces (and sometimes FSFE) are there to answer questions, help people choose from the menu and install and configure the software.

Sometimes, there are also lightning talks. I gave one about the importance of Free Software at the Privacy Café in Utrecht.

Handouts: → Dutch (april), → Dutch (may), → English (june)

Software Freedom

The people that go to a Privacy Café are already aware of issues surrounding privacy and freedom. This gives us an opportunity to tell them about Free Software. A good place to start is by asking them “who controls the software?”.

Remarks from the Workshop

  • The timing is right, since awareness of privacy themes is very high at the moment and those who worry about privacy are already aware of the importance of freedom. This makes it much easier to show the link between freedom and control and Free Software.
  • It is unfortunate that the theme of Free Software is not already at the foreground, even though it is necessary for privacy.
  • We need all four freedoms, not just the ability to audit the software (i.e. source availability).
  • The menu metaphor is good (like the tools metaphor in the “tools leaflet”).
  • Using a public library as a venue is good, since it takes privacy out of the domain of hackers and “nerds” and makes it more approachable for non-technical people.
  • Free Software and encryption can be made more attractive with proper attention to presentation (e.g. websites and handouts).

Ideas from the Workshop

  • Making it more “fun” by using symbols (for signatures), stickers (for laptops) to show e.g. what “level” one has achieved.
  • Finish Lucile’s privacy flyer draft so it can be used for similar events.
  • Organise something similar (e.g. in Unperfekthaus).

non-free encryption software

What to do when those groups who teach encryption do so using non-free software?

  • Working together is desirable, so we have more Free Software people in the group and can explain our topic.
  • We should keep emphasising that only Free Software can ensure security (Kerckhoffs’s principle).
  • FSFE will never promote non-free software, and advises volunteers to also not recommend non-free software, but rather explain the issues mentioned above.

Links from the Workshop

- Felix

Monday, 30 June 2014

Photo of the Month — 2014-07

emergency exit | 23:04, Monday, 30 June 2014

I decided to start a photo-of-the-month series; hopefully I will be able to keep it up. Unfortunately the upload limitation on this platform is 1MB per picture so you won’t get high-res for now. The picture was taken last fall in Oberengadin, Switzerland, close to Salecina House. It was a breath-taking sunset and I was very tired from a day of hiking, but thankful for having been there right at that moment!

These three bracketed shots were originally taken (+0.66EV, -1.33EV, +2.66EV):

They were then joined into an HDR with Luminance HDR and afterwards two tonemappings were created, one with the Fattal algorithm and one with Mantiuk06:

I have presets for the algorithms that I usually use, but I am not 100% sure if they were used in this case. For Fattal I usually use default settings, for Mantiuk06 I usually increase Saturation factor a little (to ~1.0) and sometime decrease contrast factor. These two images where then blended 50% each with ImageMagick into this shot:

This was then finalized with Darktable, only tuning the base curve (influences brightness and contrast) to the shot you see in the beginning. If it seems a little dark to you, that’s something I also realized when looking at my pictures on other screens. My color correctness is not very good and I usually have brightness cranked up to 100% because it gives a better picture… I hope to get some nice 4k screen with better color correctness once they are cheaper.

All my photos, as usual, dual-licensed under CC-by-nc-sa and GPLv3.

Free Software in the Church: From principles to practice

Karsten on Free Software | 16:00, Monday, 30 June 2014

Several interesting conversations resulted from my visit to the European Christian Internet Conference. One of them was with a pastor (and computer scientist) who works in the church administration of the Rhineland in Germany. He shared with me a draft strategy (pdf, in German) to move the churches in his region towards Free Software. He asked me to comment, and I’m happy to do so.

The pastor will also be joining one of FSFE’s upcoming Fellowship meetings in Düsseldorf, Germany, to get more input from the Free Software supporters there. I love seeing connections like these come together.

The first problem he’s encountering with the strategy is getting his superiors to understand that IT is actually part and parcel of what the church does in this world, and should follow the organisation’s guidelines.

Eine IT-Strategie als eine „Ordnung“ der Kirche dient dazu, den Verkündigungsauftrag der Kirche zu unterstützen. Sie ist eine menschliche Ordnung, die der presbyterial-synodalen Ordnung der EKiR Rechnung trägt und selbst soweit es geht den Auftrag der Kirche widerspiegelt.

This is perhaps the most difficult challenge to overcome, and he’ll need to do some more work to explain this. Explaining ethics-based software to an ethics-based institution shouldn’t be too hard; but it still requires effort.

Next, the strategy document brings up cost as a key point in favour of Free Software:

Da der Einsatz von IT der Verwirklichung des Auftrages der Kirche dient und kein Selbstzweck ist, unterliegt der Einsatz von IT der Wirtschaftlichkeit, damit die Kirche als gute Haushälterin der ihr anvertrauten Gaben diese soweit wie möglich für Verkündigung, Seelsorge, Diakonie und das Eintreten für Frieden, Gerechtigkeit und Bewahrung der Schöpfung einsetzen kann.

Free Software is very often cheaper to deploy and use than non-free programs. But for us at FSFE, that’s never the primary argument. Instead, we always first talk about how Free Software empowers users and puts them in control of their computing. If you say “this is cheaper than that”, that’s both easy and pretty convincing – until the competitor decides to dramatically lower his prices, or presents an alternative calculation with a different methodology.

We’ve learned that Total Cost of Ownership in particular is a pretty insidious concept. It sounds perfectly reasonable, but since there are many different ways to calculate it, the competitor with the bigger PR budget will eventually win out.

So instead of cost, the strategy should highlight how Free Software and the Church’s ideas fit together, and why Free Software is a fundamentally better choice. This is also why the strategy document would be more effective if it used the term Free Software rather than open source.

So now we’ve dealt with the principles. Off we go with the practical stuff:

IT-Anforderungen sollen durch Standardanwendungen, die ggf. angepasst werden, abgedeckt werden. Proprietäre Software und Infrastruktur kommen nur zum Einsatz, wenn Standardlösungen nicht die notwendigen Anforderungen erfüllen können. In der Regel begründen nur spezielle kirchliche Anforderungen die Notwendigkeit von Eigenentwicklungen.

Three points deserve improvement here. First, what are “standard applications” and “standard solutions”? Better to talk about “Free Software applications / solutions”, with a footnote pointing to the Free Software definition. Many similar documents also talk about programs and solutions under “OSI-certified licenses“.

Rather than saying that “proprietary software will only be used if standard solutions (i.e. Free Software solutions) cannot meet the necessary requirements”, those who want to deploy non-free software should be asked (or, if possible, required) to first conduct a thorough review of potential Free Software solutions, and document why none of them are suitable.

Sometimes organisations have requirements that aren’t met by existing software. In cases where the Church is paying for new programs to be developed, it should make sure those programs are published as Free Software, and should get hold of the copyright on the code.

Open-Source-Lösungen sind zu präferieren, offener Quelltext ermöglicht im Zweifelsfalle, nachvollziehen zu können, wie die Software funktioniert. In der EKiR erarbeitete Lösungen kommen wiederum der Allgemeinheit zu Gute (Apg 20,35). Bei Beschaffungsmaßnahmen sind Ziele der Nachhaltigkeit und des gerechten Wirtschaftens zu bedenken und in die Abwägung zur Wirtschaftlichkeit einzubeziehen.
Preferring Free Software solutions in principle is a statement of intent, not a strategy. If the idea here is to provide more reasons for using Free Software, then there are many good arguments. The ability to review the source code is just one of them, and for this particular organisation, it’s probably not the strongest one. In particular, it would be wise to follow the practice recently adopted by the UK government, and figure future exit costs into the price of any new solution.
Um einen offenen und barrierefreien Datenaustausch zu ermöglichen, sollen zukünftig das „Open Document Format“ (ODF) sowie offene-Standards (XML) verwendet werden.
A clear preference for ODF as an Open Standard is great. However, there are other document types out there. There’s nothing on how the organisation will get from its current dependence on proprietary file formats to the future Open Standards practice. The UK government’s proposal on “Sharing or collaborating with government documents” is an excellent reference here.
Dokumenten-Management- und Archivierungssystem: Der Aufbau eines öffentlichen, zentralen Dokumenten-Auskunfts- und Archivierungssystems (s. Open-Data-Konzept) ist in Abstimmung mit den entsprechenden Fachabteilungen anzustreben,[...]

If you’re talking about long-term archiving, formats based on Open Standards aren’t only the sensible choice – they’re the only choice. Think of the Church what you will, but unlike the IT industry, at least they don’t define “long term” as “the next five years”.

While this strategy draft still needs quite a bit of work, it’s certainly going in the right direction. I very much welcome the commitment of this pastor to make a real difference in his organisation, and I’m grateful for the chance to support this effort.

Talking to the Church about Free Software

Karsten on Free Software | 15:57, Monday, 30 June 2014

Telling lots of different kinds of people about Free Software is one of the parts I like best about my work with FSFE. Recently I was invited to deliver a keynote at the European Christian Internet Conference. It’s a small event that has been running for a long time. A core group of ca. 50 people from (mostly protestant) churches from around Europe meets to discuss Internet-related aspects of their work. Maybe a third of the participants are priests; others are laypersons working with their local congregations.

I broke my talk down into two parts. The first one was a general introduction to Free Software: The idea, its history, what Free Software is doing today, and how the licenses work. With the second part, I focused on power, technology and surveillance, and the role that churches might play in righting the wrongs that governments are perpetrating against their people.

What stuck out with this group was the strong focus on ethical questions. I highlighted that Free Software and the ideas which the Church espouses go together very well: Sharing, helping each other out, and making sure that everyone can participate in society. If churches can agree that they should only buy Fair Trade coffee that respects the integrity of the producers, then they should also be able to agree to use only Free Software, which respects the integrity of its users. (If you read German, have a look at LuKi’s pages.)

The issue of surveillance resonated strongly with the participants. Priests often discuss highly intimate matters with people in their congregation, and these days, they find themselves doing so by electronic means. How is this confidentiality supposed to work if the priest knows that one or more governments are recording the conversation? And on a larger scale, how can we have a just society if those in power help themselves to near-total insight into the lives of everyone else?

The most useful role I can see for the church in this debate is to leverage its position as a moral institution. Church leaders need to step up and speak out against mass surveillance, again and again, until we have ended the practice.

 

Saturday, 28 June 2014

10 more days – we can do it

Mario Fux | 13:25, Saturday, 28 June 2014

The Randa Meetings 2014 fundraiser is quite successful and I want to thank everybody who already donated or supported us. But there is still some time till the 9th of July and thus we have still some time to convince more people for this good cause.

So please, remove the dust from your blog or social media account and spread the word and convince your friends and environment to give something. Just ask them politely and the worst you get is a “no”.

You can tell everybody that they will get even better KDE software, software that runs on almost all platforms and in the future on even more and software that everybody can use and share. Concretely this means that at the end of September 2014 you will get an updated KDE Book that helps you to work with KDE Frameworks 5, a more stable Kdenlive, a first port of KMyMoney to KF5, a glimpse at Amarok 3, another beta of GCompris based on Qt, a reinvigorated Gluon Games Framework, at least a first idea of the KDE SDK and much more. Isn’t that worth it?

And we will try something new this year at Randa to keep you, dear supporter, better informed about what happens at the meetings. Everyday you can check this work page and see in a short and concise form what everybody has done and achieved.

So thanks for donating, spreading the word and supporting us!

flattr this!

Friday, 27 June 2014

What to use instead of WhatsApp and Threema?

Torsten's Thoughtcrimes» Free Software | 19:16, Friday, 27 June 2014

WhatsApp is a messaging app for smartphones that allows you to send (text) messages free-of-charge. After WhatsApp’s recent acquisition by Facebook and in the face of the NSA revelations, many of the millions of WhatsApp users are looking for secure and trustworthy alternatives.

Because this effects so many people, we at the Free Software Foundation Europe would like to be able to promote an alternative that respects your freedom and privacy. Therefore we decided to do some research and to hold a workshop on WhatsApp alternatives during our latest FSFE team meeting.

While most tech-people really didn’t see the point in WhatsApp – after all there is Jabber/XMPP – we now understand better why it’s so popular: Seamless integration with the operating system and automatic contact discovery seem to be crucial features for the masses. We have to admit that encryption (OTR), group messages and file transfers, are not yet solved reliably or conveniently with popular XMPP apps.

So we ruled out promoting Xabber or ChatSecure as a good alternatives to WhatsApp and turned our focus to other currently popular apps:

Of these, Threema seems to be quite popular and is recommended by many people although it is proprietary and therefore not trustworthy. And Telegram is proprietary on the server side, so we immediately ruled those two out. After all, the interception of communication (man-in-the-middle) is not the only surveillance scenario; the client software needs to be trustworthy and transparent for security as well. And depending on a single server definitely is also not the path to freedom.

Surespot is Free Software, but it relies on the Google Play Services and doesn’t have automatic contact discovery through phone numbers, so we think it will probably not be competitive in the market segment that is currently dominated by WhatsApp.

TextSecureTextSecure and Kontalk are both good apps. However, TextSecure has a much larger adoption. It is integrated into CyanogenMod. Its protocol is better documented and has gone through more reviews. Just recently TextSecure gained lots of media attention and $400.000 funding. So we believe if we have a chance at migrating people away from WhatsApp at all, then TextSecure is the way to go.

Unfortunately, TextSecure also still relies on the Google Play Services for pushing messages to you. So this does not work on phones that have been freed from Google, but is also unacceptable for many other reasons.

As a consequence, we have started testing and supporting modifications to TextSecure that will provide an alternative mechanism for pushing messages. We are confident that the issue will be solved sooner or later (as the announced desktop and iOS clients will have to work with something else anyway), but if you have free time, please help the effort.

Once this is achieved, TextSecure will be a great alternative to WhatsApp, easy to use, free as in freedom and respecting your privacy.

Made at the German Team Meeting of FSFE in Linuxhotel.

Made at the German Team Meeting of FSFE in Linuxhotel.

(This post is based on an earlier version by Hannes Hauswedell)

<script type="text/javascript"> (function () { var s = document.createElement('script'); var t = document.getElementsByTagName('script')[0]; s.type = 'text/javascript'; s.async = true; s.src = '/wp-content/libs/SocialSharePrivacy/scripts/jquery.socialshareprivacy.min.autoload.js'; t.parentNode.insertBefore(s, t); })(); </script>

Thursday, 26 June 2014

Host your private cloud easily using ownCloud

Seravo | 10:47, Thursday, 26 June 2014

Would you like to have the easy of use of cloud storage and file syncing but without the trust issues or costs that come with using public cloud services? Do you like Dropbox but hesitate to use it? What you might be looking for is OwnCloud, the open source software you can run to host your own private cloud storage.

ownCloud logo
The development of ownCloud was started by Frank Karlitschek in 2010 and over the years it has evolved into the most popular open source cloud storage and file syncing software suite in the world. The code is licensed using AGPLv3 and the open source project is hosted at owncloud.org. Karlitschek also started the company OwnCloud Inc. which provides an Enterprise Edition that is useful for larger entities that run big OwnCloud installations with thousands of users.

The main component of OwnCloud is the server software written in modern PHP which uses a database (e.g. MariaDB) and files on the disk as backend. The server software provides both, a browser based UI and a webdav interface for syncing clients. There are syncing clients for Linux desktops, Windows, Mac OSX, Android and IOS, so with OwnCloud you can have your files synced across all your devices.

Open source and open standards

One of the really nice things about OwnCloud is that the architecture is built around open standards and you can connect to OwnCloud using any WebDAV capable software. It is likely that you can make your mobile phone sync contacts and calendar events using the iCard and iCal standards directly with an OwnCloud server without installing any new software. If you value your privacy a lot, then you could build a pretty good setup using an OwnCloud server and a Jolla, a phone which does not by default sync your data to any external server.

Open standards are also prominent when viewing the OwnCloud settings, that allow so many ways to integrate with various file storage backends and user authentication (SMB/CIFS, LDAP/AD etc).

Using WebDAV also has its drawbacks, like the need to transfer complete files instead of just the changed parts like other protocols like rsync do. This issue is very popular at the syncing client Github site and hopefully it will be addressed in some way eventually. There are also some other small annoyances, but on the other hand it has been amazing to see how much ownCloud has developed and gained popularity during the last 1-2 years. Today OwnCloud released the version 7 beta bringing once again a bunch of new features and usability refinements of the old features.

And when it comes to features, OwnCloud has an incredible amount of them. Besides the basic file uploading, downloading and sharing options there are loads of additional features that are not found in other similar software, such as the ability to create groups and define fine grained access rules and link settings to files shared from the owner to others. Users can also view old revisions of files and recover them in case of accidentally deleting some file. There is a good search feature that also looks inside the contents of the files. The search can be written of spoken thanks to voice detection.

In the web user interface you can also edit some files directly inline in the browser. In fact ownCloud is one of the biggest drivers in the development of  WebODF, the browser based OpenDocument editor. If OwnCloud finds pictures among the files it hosts, it will automatically also show them in the gallery app.

ownCloud browser interface

Example ownCloud browser interface

OwnCloud apps

Wait, there’s even more! Aside the file syncing and storage features, OwnCloud also hosts contacts and calendars. By activating the so called OwnCloud apps, users can enable even more features and applications that utilise the data stored in OwnCloud and that are used via the browser. There are multiple built-in apps ready and more apps can be installed from the app directory at apps.owncloud.com. Popular integrations are for example using the webmail app RoundCube inside ownCloud. Some companies have developed their own OwnCloud apps and built a complete intranet around ownCloud.

Benefits of private cloud: security and costs

Deploying OwnCloud or any other software to build your self-hosted private cloud solution requires of course a bigger initial investment compared to the public cloud offerings where everything is hosted for you and you only need to setup the client side. One might wonder what the benefits of a on-premises solution are?

The most prominent benefit is increased security and privacy. Since the revelations in 2013 it has been a well known fact that even respected western governments like the US force their own companies to give them full access to the data they host. Little has been published about the criminal acts that have been stopped by spying activities, so we can only conclude that this huge investment in online spying must be justified by economical gains in traditional industrial espionage. So it might be very relevant for a company to secure their data in a private cloud instead of a public cloud. On the other hand, most companies use Windows desktops to access all their data, so they will leak their data from the client side anyway. Also, most companies will not be able to hire the level of security experts big cloud companies provide, so their installations are probably not as well secured as bigger sites. On the other hand, bigger sites are targets for a lot of active intrusions all the time, while small private sites are less likely to be at least randomly targetted. Security is hard to do right, but at least it is good that an option like ownCloud is available.

Another but less prominent benefit is cost. Cloud storage seems to be easy and cheap, but it is actually still many times more expensive than what the underlying hardware and infrastructure is. As the hardware market is very competitive, anybody can buy many terabytes of cheap hard drives and set up an OwnCloud server big enough to host all the company data for the price of three months of rented 1 TB storage. Many companies also pay extra if they have a lot of traffic in their internet uplink. Hosting the terabyte scale storage on-premises will be a much cheaper solution, and accessing files from a locally hosted server will surely also be much faster than over a congested uplink.

How to get started using OwnCloud?

Anybody with access to a Linux server can simply head to owncloud.org, download it and start using it straight away. From a company perspective it might be good to be in contact with one of the official OwnCloud partners or some other Linux support company, like Seravo. OwnCloud is certainly worth keeping an eye on for any CTO who cares about the ability to control your own data.

Presentation in Finnish

The slides in Finnish presented at the Seravo Salad event on 2014-05-22 are also available:

<iframe frameborder="0" height="443" marginheight="0" marginwidth="0" scrolling="no" src="https://www.slideshare.net/slideshow/embed_code/36327611" width="540"></iframe>

Wednesday, 25 June 2014

Secure Texting and why FSFE cares

emergency exit | 14:08, Wednesday, 25 June 2014

Heard of WhatsApp? If you haven’t used it before (I e.g. haven’t), you can think of it as a free-of-charge messaging app that knows which of your contacts also have the app and automatically routes messages to them over your dataplan instead of SMS, so it’s (usually) free of charge.
In the face of NSA and WhatsApp’s recent acquisition by Facebook, many of the million WhatsApp users are looking for secure and trustworthy alternatives.

Because this effects so many people, we at the Free Software Foundation Europe would like to promote an alternative that respects your freedom and privacy. Therefore we decided to do some research and to hold a workshop on WhatsApp alternatives during our German-speaking FSFE team meeting ten days ago.

While most tech-people including myself really didn’t see the point in WhatsApp — after all there is XMPP — I now understand better why it’s so popular. Easy integration with the operating system and automatic contact discovery seem to be crucial features for the masses. And I do have to admit that both, encryption (OTR) and file transfers, are not yet solved reliably and/or conveniently with popular XMPP clients.

So we ruled out promoting Xabber or ChatSecure as a good alternatives to WhatsApp and turned our focus to other currently popular apps:
· Kontalk
· Telegram
· TextSecure
· Threema
· Surespot

Of these, Threema seems to be quite popular and is recommended by many people although it is completely proprietary. And Telegram is proprietary on the server side, so we immediately ruled those two out. After all, the interception of communication (man-in-the-middle) is not the only surveillance scenario; the client software needs to be trustworthy as well. And depending on a single Server definitely is also not the path to freedom.

Surespot is Free Software, but doesn’t have automatic contact discovery through phone numbers, so we think it will probably not be competitive in the market segment that is currently dominated by WhatsApp.

TextSecure and Kontalk are both good apps in our eyes, however, TextSecure has a much larger adoption and its protocol has gone through more reviews. The protool is integrated into CyanogenMod, recommended by leading security experts and the project just recently gained lots of media attention and $400.000 funding. So we believe if we are to have a chance at migrating people away from WhatsApp than TextSecure is the way to go.

Unfortunately, TextSecure relies on Google Cloud Messaging for pushing messages to the user. This comes in form of a dependency on a proprietary Google library, part of the “Google Play Services”. This is unacceptable for many reasons, this page sums up some of them.

As a consequence we have starting testing and supporting a version of TextSecure that provides an alternative mechanism for message distribution. We are confident that the issue will be solved sooner or later (as the announced desktop and iOS clients will have to work with something else anyway), but if you have free time, please help the effort.

Once this is achieved, TextSecure will be a great alternative to WhatsApp, easy to use, free as in freedom and respecting your privacy.

Tuesday, 24 June 2014

Call for Papers for Book on Technoshamanism

agger's Free Software blog | 18:51, Tuesday, 24 June 2014

From July 1st till October 30th we are accepting materials for our forthcoming publication TECHNOSHAMANISM. It will be a bilingual edition (in Portuguese and English) and is published as a collaboration between editors in Brazil and Denmark.

We are inviting papers on the subjects of technoshamanism, animism, indigenous people’s culture and rights, shamanic practices, biodiversity, agroforestry, permaculture, retelling of shamanic experiences, hallucinogenic plants, indigenous struggle, DIY culture, science and technology, art and electronics, transhuman interfaces based on technological gadgets, and any other topic related to the broader concept of technoshamanism.

The publication will discuss the issue of ancestral knowledge and new technologies and will pursue ecological alternatives as well as models and aesthetics to obtain new parameters for acting in the world in an era where not only the water supply, but also the very existence of forests and their peoples, of nature itself, are at risk.

We are accepting articles as well as fiction or techno fiction, images, comics, photonovels and any other suitable means of expression, as long as they are no longer than ten pages for each person or group. The publishing, in print as well as online, will be taken care of by the technoshamanist network. We will accept submissions in English, Portuguese and Spanish.

Please send your material to the following email address: xamanismotecnologico@gmail.com

On behalf of all editorial staff

Fabiane Borges
Carsten Agger

Monday, 23 June 2014

Bendigo: a risk of becoming the Australian capital of Islamophobia?

DanielPocock.com - fsfe | 19:25, Monday, 23 June 2014

I spent most of my high-school years in a small town called Bendigo in Australia. These days, I'm living in the centre of Europe, Switzerland.

Oddly enough, a more than trivial number of people in Bendigo are now trying to imitate one of the darkest moments in Switzerland's history, a crusade to prevent the construction of a mosque.

At least in Switzerland, they tried to be slightly diplomatic: the official question on the referendum was about banning minarets rather than a whole religion. The placards in the street were more explicit, with the silhouette of blackened minarets arranged to resemble a field of inter-continental ballistic missiles:

In Bendigo, however, the gloves are off. One councillor has already declared "I wouldn't want to live near a mosque. Would you?"

Will Bendigo ban the internet too?

In Australia and Britain, the press has been fascinated with the recent release of a Jihad video on Youtube created by Brits and Aussies fighting in Syria. Fear-mongering fanatics claim the mosque will bring jihadists to Bendigo. If they genuinely believe that, shouldn't they be pushing to censor or ban the internet too, so that the children of Bendigo won't get their hands on these recruitment videos?

Weeds will grow if nobody plucks them out

The fact is, most of these anti-Islam campaigners are nutcases or opportunists looking for a political career. Hundreds of millions of muslims worship their God in peace every day. As the referendum in Switzerland demonstrates, if good people do nothing, the nutcases will flourish like weeds. Only 30% of Swiss people voted to ban minarets, but with 47% of people not voting at all, the nutcases won. Citizens of Bendigo who value their human rights (which includes freedom of religion) would be wise to avoid complacency. Even though the mosque may now have council approval, sinister groups from around the whole country are now conspiring to overturn the decision or perhaps just make the town a focal point for their Islamophobia campaigns.

Awesome tools

Hugo - FSFE planet | 12:31, Monday, 23 June 2014

Here some little known, yet awesome tools that I use. Thanks to the people working on these (I’m glad to have met some of them, and they’re awesome too)!

<aside class="toc">

</aside>

Feedbin

Feedbin is an RSS web reader. It provides a pleasing reading experience and you can easily browse through items and share links. If you’re looking to host it yourself, have a look at the sources.

ikiwiki

ikiwiki powers this blog, hosted by branchable. If you like git and markdow, and editing your texts with your favourite text editor, this is for you.

Known

Known (formerly “idno”) is more “socially aware” than ikiwiki. It runs with PHP and it’s basically your easy-to-run indieweb space. If you use it with http://brid.gy you will enjoy a nice integration with twitter and other silos (see an example of my own).

YunoHost

YunoHost is custom debian distribution aiming at making self-hosting easy. It provides a nice web interface for administration of your self-hosted server and for users of the web server. If you have basic linux administration skills, this will be very helpful.

Pinboard1

Pinboard a simple and efficient bookmarking app that also archives the content of marked pages (if you pay for it).

Sharesome

Sharesome lets you easily share files on the web. It has a pleasant interface that works well on all devices I have tested so far. It’s also available as a web app. The neat feature is that you can choose where to host your data (for instance, with remotestorage; you can get an account at https://5apps.com).

Terms of Service; Didn’t Read

Some shameless self-promo with ToSDR, the app that tells you what happens to your rights online by rating and summarising Terms of service and privacy policies. You can also get it directly in your web browser or as a web app.


If you’re looking for a curated list of awesome web services that are free of charge and based on free software and open data, look no further than Jan’s Libre projects.


  1. Unfortunately, Pinboard is not released as free software. But you can export your bookmarks. ↩

Setup a home server with Fedora and BeagleBone Black

nikos.roussos | 11:13, Monday, 23 June 2014

Over the last Free Software Meetup we discussed about the "build your own home server" movement. This is a long and complex discussion, so most likely it will expand to future meetups. In the meantime I wanted to test BeagleBone Black (BB), as the hardware platform for such a project.

fedora on beaglebone black I prefer BB over Raspeberry Pi (RaPi) because, despite what many people seem to believe, RaPi is not fully Open Hardware. I also prefer armv7 hardware, since it gives me the option to use a "regular" linux distribution. I have the option for Fedora or Debian instead of Pidora or Raspbian.

During the meetup we talked a lot about Arkos, which supports many arm boards and seems like a great choice for administering your home server through a well designed web interface, lowering the technical knowledge threshold for setting up services like file or mail server. I'll get back to Arkos, but at this point I wanted to experiment with a "regular" distribution. So this post is about Fedora and Beaglebone Black.

Download the Fedora ARM image extract it and rename it to fedora-arm.raw so it's easier to follow the steps bellow.

Flashing Fedora to BB is not that difficult. The tricky part is that Fedora comes with an "initial setup" screen, which requires an hdmi monitor and a keyboard at least on first run so you can set some basic things (like root password). I wanted to do some modifications to the Fedora image, and get through this "initial setup" screen prior to flashing it on the BB. Inspired by Ebal's post, I thought Qemu as a perfect tool for this job.

sudo yum install qemu-system-arm

With qemu-system-arm tool I can emulate arm and run the image on my laptop. In order to boot the image qemu needs a kernel and what better place of finding a kernel than the image itself. You can either mount the image and copy kernel and initrd out or use libguestfs (kernel and Initrd version will obviously vary on future releases).

sudo yum install -y libguestfs-tools
virt-copy-out -a fedora-arm.raw /boot/vmlinuz-3.11.10-301.fc20.armv7hl .
virt-copy-out -a fedora-arm.raw /boot/initramfs-3.11.10-301.fc20.armv7hl.img .

Finally run it. (you may have to add your user to kvm group)

sudo usermod -aG kvm username
newgrp kvm
qemu-system-arm -machine vexpress-a9 -m 1024 -nographic -net nic -net user \
 -append "console=ttyAMA0,115200n8 rw root=/dev/mmcblk0p3 rootwait physmap.enabled=0" \
 -kernel vmlinuz-3.11.10-301.fc20.armv7hl \
 -initrd initramfs-3.11.10-301.fc20.armv7hl.img \
 -sd fedora-arm.raw

Booting up I reached to the "initial setup" screen I mentioned before. I created a new user with administrator (aka sudo) privileges. First things I did when finally got a prompt was to disable root account:

sudo passwd -l root

set a hostname

vi /etc/sysconfig/network

disable Network Manger

systemctl disable NetworkManager.service

setup static networking

echo "
 HWADDR="D8:D3:85:AE:DD:4C"
 BOOTPROTO="static"
 DEVICE="eth0"
 ONBOOT="yes"
 IPADDR=192.168.1.2
 NETMASK=255.255.255.0
 BROADCAST=192.168.1.255
 NETWORK=192.168.1.0
 GATEWAY=192.168.1.1
">/etc/sysconfig/network-scripts

add DNS settings

echo "
 nameserver 208.67.222.222
 nameserver 208.67.222.222
">/etc/resolv.conf

disable selinux (sorry Dan)

setenforce 0
sed -i s/=enforcing/=disabled/ /etc/selinux/config

Enable ssh

systemctl enable sshd
firewall-cmd --permanent --zone=public --add-service=ssh

Fedora image is around 2G. I had a 4G SDcard so I expanded it by 2G

qemu-img resize fedora-arm.raw +2G

Important to remember that this will expand the image but not the root filesystem inside. Flash it to an SDcard

dd if=fedora-arm.raw of=/dev/sdX

This a destructive command so make sure that sdX refers to your SDcard and not some disk. Now mount the card and resize the root filesystem, that probably would be on sdX3

e2fsck -f /dev/sdX3
resize2fs /dev/sdX3

And that's all. I removed the mini sd from the adapter and inserted it on BB. All that's left is ethernet connection and power. Less than a minute later I was able to ssh to my soon-to-be home server from my laptop.

Sunday, 22 June 2014

CloudFlare in the middle

Thib's Fellowship Blog » fsfe | 18:57, Sunday, 22 June 2014

What would happen if a lot of websites were all giving out their data (including login data) to a single entity?
What if those websites included www.cyanogenmod.org, en.bitcoin.it, blockchain.info, mywot.org, thedaywefightback.org, stopwatching.us, www.resetthenet.org, puu.sh, pastebin.com, www.blendernation.com, news.ycombinator.com, or 4chan.org?
Well, I don’t know what would happen, but a single entity does have access to all that data, has access to it live, and can even alter it on the fly, which they actually do as part of the service they provide.
No, SSL/TLS won’t save you, as this entity is the “secure” endpoint.
This entity is CloudFlare, an increasingly popular Content Delivery Network whose main selling point is protection against DDoS attacks, and for this purpose, they act as the perfect Man in the Middle.

Now, I’m not saying they’re a bad company. Their service is probably top notch, and they might even not peek at the data they have in their hands, as they promise!

But they have the technical ability to save each and every request on the aforementioned websites (and a lot more), and you would have no way to tell.
They could link your e-mail from thedaywefightback.org with the posts you’ve made on 4chan, for instance, or stealing your credentials on any of the websites they provide their service for.
They could also alter the data, censoring stuff on 4chan, misplacing information on mywot.com, giving you a malicious download link from cyanogenmod.org. The possibilities are endless.

Again, I am not claiming they are doing any of this stuff, but they could, and it would be extremely hard to detect.
Furthermore, they are a US-based company, and may be subject to FISA requests and gag orders.

Therefore, I have decided to block all of CloudFlare’s hosts from my personal computer.
That’s a bit extreme, but it was the easiest way I found to avoid those issues altogether.
To find out CloudFlare’s IP addresses ranges, you can get them directly from them (here for IPv6) or query a whois database such as whois.radb.net (“whois -h whois.radb.net !gAS13335” for IPv4, “whois -h whois.radb.net !6AS13335” for IPv6).

PS: When I first started to write about this, imgur.com and www.humblebundle.com, amongst others, were behind CloudFlare too. They now have transitioned away to different services, that may or may not have the same issues.

Tuesday, 17 June 2014

Brown Dogs and Barbers: Donations have topped €1000!

Computer Floss | 18:18, Tuesday, 17 June 2014

Recently I launched a donation service whereby people who wanted to see my book, Brown Dogs and Barbers, in print, could donate in order to make it happen. The levels of funding and what each level brings are visible on the donations page.

I’m pleased to report that with your help the total recently went over €1000 – in fact they currently stand at €1085. This not only means I can now hire a proof reader and an artist, but I am almost at the point where I can commission the production of a paperback version that can then be put on sales in places like Amazon and Lulu.

I’d like to thank everyone who donated so far. There’s still more I’d like to do, so please either donate to the project or pass this information on.

Planet Fellowship (en): RSS 2.0 | Atom | FOAF |

  /127.0.0.?  /var/log/fsfe/flx » planet-en  Albrechts Blog  Alessandro at FSFE » English  Alina Mierlus - Building the Freedom » English  Being Fellow #952 of FSFE » English  Bela's Internship Blog  Bernhard's Blog  Bits from the Basement  Björn Schießle's Weblog » English  Blog of Martin Husovec  Blog » English  Bobulate  Brian Gough's Notes  Carlo Piana :: Law is Freedom ::  Ciarán's free software notes  Colors of Noise - Entries tagged planetfsfe  Commons Machinery » FSFE  Communicating freely  Computer Floss  Creative Destruction & Me » FLOSS  Daniel Martí's blog  DanielPocock.com - fsfe  Don't Panic » English Planet  ENOWITTYNAME  Escape to freedom  FSFE Fellowship Vienna » English  Fellowship Interviews  Fellowship News  Frederik Gladhorn (fregl) » FSFE  Free Software & Digital Rights Noosphere  Free Software with a Female touch  Free as LIBRE  Free speech is better than free beer » English  Free, Easy and Others  From Out There  GLOG » Free Software  Gianf:) » free software  Graeme's notes » Page not found  Green Eggs and Ham  Handhelds, Linux and Heroes  Heiki "Repentinus" Ojasild » English  HennR's FSFE blog  Henri Bergius  Hook’s Humble Homepage  Hugo - FSFE planet  I love it here » English  Inductive Bias  Intuitionistically Uncertain » Technology  Jelle Hermsen » English  Jens Lechtenbörger » English  Jonas Öberg  Karsten on Free Software  Leena Simon» english  Losca  Mario Fux  Mark P. Lindhout’s Flamepit  Martin's notes - English  Max's weblog » English  Myriam's blog  Mäh?  Nice blog  Nicolas Jean's FSFE blog » English  Paul Boddie's Free Software-related blog » English  Pressreview  Saint's Log  Sam Tuke » Free Software  Sam Tuke's blog  Seravo  Supporting Free Software » English  The trunk  Thib's Fellowship Blog » fsfe  Thinking out loud » English  Thomas Koch - free software  Thomas Løcke Being Incoherent  Thoughts in Parentheses » Free Software  Tonnerre Lombard  Torsten's FSFE blog » english  Torsten's Thoughtcrimes» Free Software  Valentin Rusu » fsfe  Viktor's notes » English  Weblog  Weblog  Weblog  Weblog  Weblog  Weblog  Werner's own blurbs  With/in the FSFE » English  a fellowship ahead  agger's Free Software blog  anna.morris's blog  ayers's blog  blog  blog.padowi.se » English  drdanzs blog » freesoftware  emergency exit  free software blog  freedom bits  gollo's blog » English  hesa's Weblog » Free Software  irl:/dev/blog » fsfe-planet  julia.e.klein's blog  marc0s on Free Software  mina86.com  mkesper's blog » English  nikos.roussos  pb's blog  pichel's blog  rieper|blog » en  stargrave's blog  the_unconventional's blog » English  things i made  tobias_platen's blog  tolld's blog  wkossen's blog  yahuxo's blog