Re: [Server-devel] Reschedule XS meeting for Friday Aug 15 - or 10 PM Aug 14 EST ---- was (Re: not up for Friday meeting about the XS)
On Sat, Aug 9, 2008 at 6:26 PM, Bryan Berry [EMAIL PROTECTED] wrote: feeling better now, antibiotics really work :) Great news. Please let me draw up a base agenda - I do want to outline where we stand with the XS and what the plans challenges and timeframes going forward are. I see the key purpose of this meeting is to let you folks what additional functionality we are working on for Nepal's XS If we are having a regular XS meeting, I also have to consider what we are doing targetting all our other deployments, some of them with thousands of servers :-) and to make sure that our additions don't conflict w/ future changes to the underlying XS. That's a tricky one. What you guys are doing is not particularly recommended unless you have just a small number of server plus deep linux expertise on tap long term. I've been trying to give David sensible advise around what things to avoid... Here is the additional stuff we are looking to build into the XS over the next 6 months: 1) Customized Nepali version of Moodle 2) Mail server using Squirrel Mail* 3) Setting up a local version of Nepal's E-Library on the XS, a copy of Nepal's current E-Library http://pustakalaya.olenepal.org which uses the open-source fedora-commons repository software. 4) and more stuff that I can't remember at the moment. 5) Connecting schools through ejabberd I'll be very interested in 1, 3 and 5, wanting to see how we can make those efforts reusable elsewhere :-) -- WRT 3 one thing that would be great is an exporter from the fedora repo to a static representation, or to something we can search serve easily, so we don't have to carry the fedora sw itself on the XS. I've worked a bit with it, and while usually the repos hosted in it have content that is _gold_, I don't think the sw itself adds any value on the XS. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] unregister from schoolserver
Hi, I was wondering what should/must happen on the server side when an xo wants to unregister. Is there already a command for that? http://dev.laptop.org/ticket/7765 Thanks, Simon ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Reschedule XS meeting for Friday Aug 15 - or 10 PM Aug 14 EST ---- was (Re: not up for Friday meeting about the XS)
On Sun, 2008-08-10 at 18:52 +1200, Martin Langhoff wrote: If we are having a regular XS meeting, I also have to consider what we are doing targetting all our other deployments, some of them with thousands of servers :-) Absolutely. We may be a small deployment but our work can benefit much larger deployments. I'll be very interested in 1, 3 and 5, wanting to see how we can make those efforts reusable elsewhere :-) -- I really hope so. WRT 3 one thing that would be great is an exporter from the fedora repo to a static representation, or to something we can search serve easily, so we don't have to carry the fedora sw itself on the XS. I've worked a bit with it, and while usually the repos hosted in it have content that is _gold_, I don't think the sw itself adds any value on the XS. The great thing about the fedora-commons software is the search functionality. Could we actually use search on a static representation of the fedora-commons repository? Ultimately, we want to put a lot of Nepali art and music on the XS. A searchable repository will be key to accessing those resources. In case David hasn't explained earlier, here is why hosting a mail server on the XS is important to us. The teachers aren't using their XO's as much as we would like them too. We are looking for applications that will appeal directly to them and compel them to use their XO's more frequently. We think e-mail is one such application. The Internet connection to our schools is not very reliable and we can only afford 64K per school due to our budget constraints and the high cost of Internet access in Nepal. E-mail is much better suited to this low-bandwidth environment. While it may not be right for every OLPC deployment, it's a good choice for us in Nepal. -- Bryan W. Berry Systems Engineer OLE Nepal, http://www.olenepal.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] VoIP
What are the bandwidth requirements for these various voip strategies, sip, iax2? Tim - Original Message - Date: Sat, 9 Aug 2008 09:17:31 -0700 From: Sameer Verma [EMAIL PROTECTED] Subject: Re: [Server-devel] Reschedule XS meeting for Friday Aug 15 - or 10 PM Aug 14 EST was (Re: not up for Friday meeting about the XS) To: Michael Stone [EMAIL PROTECTED] Cc: Bryan Berry [EMAIL PROTECTED], server-devel@lists.laptop.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 On Sat, Aug 9, 2008 at 7:47 AM, Michael Stone [EMAIL PROTECTED] wrote: On Sat, Aug 09, 2008 at 12:11:56PM +0545, Bryan Berry wrote: VoIP would be more effective but would require much more effort. Fedora recently set up its own VOIP system, so there may be experts lurking nearby who could be tempted into assisting you. Michael ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel I'm no VoIP expert, but I played with it for a bit on different distros. Trixbox (http://www.trixbox.org/) is CentOS based and is very featureful. On the other hand, Astlinux (http://www.astlinux.org/) is very interesting in that it has a very small footprint. Astlinux runs off a CF card (64MB if I remember correctly). You can also run it off a bootable CD. All the config is browser-based, and all the config files live on a separate USB key (or any other partition). I suspect we will need something in between. Also along the lines of VoIP clients, I've been looking at IAX2 (http://en.wikipedia.org/wiki/Inter-Asterisk_eXchange) clients instead of SIP. iaxcomm (http://iaxclient.sourceforge.net/iaxcomm/) is a simple IAX2 client. On Ubuntu its current, but I haven't found any active RPMs. IAX routes quite nicely as compared to SIP. I'd be interested in seeing a sugarized iaxcomm on the XO. Sameer -- Dr. Sameer Verma, Ph.D. Associate Professor of Information Systems San Francisco State University San Francisco CA 94132 USA http://verma.sfsu.edu/ http://opensource.sfsu.edu/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Reschedule XS meeting for Friday Aug 15 - or 10 PM Aug 14 EST ---- was (Re: not up for Friday meeting about the XS)
On Sun, Aug 10, 2008 at 9:10 PM, Bryan Berry [EMAIL PROTECTED] wrote: On Sun, 2008-08-10 at 18:52 +1200, Martin Langhoff wrote: If we are having a regular XS meeting, I also have to consider what we are doing targetting all our other deployments, some of them with thousands of servers :-) Absolutely. We may be a small deployment but our work can benefit much larger deployments. Small deployment *and* your expert hands at work. Fantastic WRT 3 one thing that would be great is an exporter from the fedora repo to a static representation, or to something we can search serve easily, so we don't have to carry the fedora sw itself on the XS. I've worked a bit with it, and while usually the repos hosted in it have content that is _gold_, I don't think the sw itself adds any value on the XS. The great thing about the fedora-commons software is the search functionality. Could we actually use search on a static representation of the fedora-commons repository? Well, that's exactly my thought. If we can get a static export from it, I'm sure we can feed it into a lightweight search system. Bringing in all the dependencies for Fedora, and agreeing to the memory and cpu footprint is not in my list of things to do. The teachers aren't using their XO's as much as we would like them too. We are looking for applications that will appeal directly to them and compel them to use their XO's more frequently. We think e-mail is one such application. It's a reasonable thing to want, I was worried about kids + email. Doing it without future upgrade conflicts on the XS will be a bit of a challenge. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] VoIP
On Mon, Aug 11, 2008 at 4:35 AM, Tim Moody [EMAIL PROTECTED] wrote: What are the bandwidth requirements for these various voip strategies, sip, iax2? Not sure (google away!) - but the latency requirements very tight for many (most?) of our deployments. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] installing a school server
On Fri, Aug 8, 2008 at 11:20 PM, Joshua N Pritikin [EMAIL PROTECTED] wrote: I finally got a reasonably fast internet connection at our school in India (BSNL EV-DO). I would like to try to install the school server. We have 15 XO laptops. Excellent. Just to get something working, I installed Ubuntu with Squid/Dansguardian. I have about 200Gb of hard drive and 2G RAM. Can I get an ext2 image of the school server and load it on a logical partition? I prefer to store anything important on LVM+RAID1. Does the school server understand this disk format? Yes, but you will need to tweak the kickstart file on the image (no do your own partitioning option yet, sorry). By default, the XS install CD will wipe the disk and setup an LVM (w/o RAID). cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] What's cooking in the XS pot (2008-08-11)
A shorter version of this will appeared on Community News soon - - Douglas started working on the school server this week. He tackled some bugs in the idmgr (#7606 and #7653), but most of the week was really devoted to familiarisation with Fedora and the specifics of the XS. For a while he was befuddled by a faulty network card, but by Friday he was back in control and enjoying himself. - The xs-rsync package is ready and you can update your XO image with it. In general terms, it allows publishing of resources on the XS via rsync, with special support for XO update images. More documentation at http://wiki.laptop.org/go/XS-rsync . Scott has applied a small patch to olpc-update (thanks!) adds support for an --server parameter. - A mechanism for triggering scripts when you insert a USB disks into a XS is ready. This allows us to deploy content and management scripts via USB disks. Policy and guidelines on how to use this, including security, are taking shape. The mechanism uses a ported version of usbmount - early documentation at http://wiki.laptop.org/go/XS_Automount_triggers - Thanks to Axel Thimm we have a fixed fakeroot on the XS, and one less race condition. - Jerry Vonau is exploring ahead on the Fedora 9 port, looking at our custom network scripts, xs-config and livecd/installcd build infrastructure, with a bit of support form Martin Langhoff. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] A simple signed bundle/directory trust scheme for the XS
The XS now has a few new packages that allow it to auto-install certain types of content (XO installation builds, for starters) from USB keys. This means that I have to address validating that such content comes from a trusted source. So I am setting up a simple and straightforward authentication scheme for the XS. It does not attempt to solve very possible problem -- physical access to the box and various other issues conspire against us. It humbly attempts to establish a simple yet reasonable chain of trust. Comments welcome. Please do keep in mind that I am trying to keep it simple and implementable in a short timeframe. There following are the main moving parts in this scheme. - Initial installation / boot is trusted. During installation and/or initial boot the XS will read a set of trusted public GPG keys from a USB drive, and copy them somewhere in /etc - more that one set of trusted keys is ok. If this happens, a file will exist in /etc indicating (to scripts and sysadmins) that signature checks are enforced. We may signal this in visible UIs too. - Signed content -- we will consider content as signed correctly if it has at its top directory a file called manifest.sha1 that validates the rest of the files in the directory and a manifest.sha1.sig file containing a GPG signature of manifest.sha1 , signed with one of the trusted keys. To avoid race conditions affecting files in a world-readable directory, the checks should be performed in a safe tmpdir. - Signed content maybe a dir on a usb key, or a directory in a zipfile or a tarball. As long as manifest.sha1 provides a valid manifest for all the files in the corresponding directory and subdirectories. Anything that unpacks to a directory is ok. We will use this scheme for a wide range of things - the files may be retrieved by the XS via the network, or uploaded by users via web interfaces. - Extraneous files - not listed in the manifest - cause an error. - We trust signed content - this includes scripts that will run as root, and can add new pub keys to the trusted set. - If we are not in 'enforcing mode' (XSs in pilots, for example) then we don't check for signatures. - Extraneous files and mismatched SHA1s *always* cause an error. - A utility called xs-check-signature Does the Right Thing (including logging) for scripts when passed the path to the manifest.sha1 file. that's all. More words than implementation code probably - :-) cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] unregister from schoolserver
Martin Langhoff wrote: On Sun, Aug 10, 2008 at 8:15 PM, Simon Schampijer [EMAIL PROTECTED] wrote: I was wondering what should/must happen on the server side when an xo wants to unregister. Is there already a command for that? http://dev.laptop.org/ticket/7765 None on the server side, and I don't know if there should be one - there is no useful use case for it. It's OK for the XO to 'forget' its registration and not tell the server so as to be free to register to another server. Use cases are for testing and for change of school. The XS will probably learn (later) to forget accounts that it has not seen in a very long time. Yeah that sounds like a good idea to not accumulate data. Thanks for clarifying, Simon ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel