Re: [Server-devel] Issue with ds-backup in XS 0.4
I wrote: > Somewhere I have an unregister.py script [...] here. douglas --8<-- #!/usr/bin/python CONFIG = '/home/olpc/.sugar/default/config' from ConfigParser import SafeConfigParser cp = SafeConfigParser() cp.read(CONFIG) cp.remove_section('Server') cp.remove_section('Jabber') f = open(CONFIG, 'w') cp.write(f) f.close() ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] /etc/xs-sigchecks-enabled
Reuben K. Caron wrote: > Douglas, my testing show it works too. At least the usbmount script and > processing the magic file on the USB key (and commenting out the encryption > stuff shows the generated password file works). I could use some more > documentation on generating the required keys. I've tried generating ones on > the server, generating my own and placing the public one on the USB Key, and > different variations.. If you could provide some RTFM direction or more info > in the Readme that would be great. Thanks for trying it, Reuben. I've done some more WTFM, in both the xs-otp and xs-tools packages. At the bottom of the xs-otp README, there is now a minimal, works-for-me, description of key generation and decryption. I've added similar information to the xs-tools README, and put the test directory from git into the rpm's doc section. This is unlikely to be directly useful but it contains examples of gpg usage, including batch key generation. There's also /usr/share/doc/xs-tools*/examples, which is more exemplary but less populated. However, this: > generating my own and placing the public one on the USB Key ought to have worked, if you put the public key in a directory called 'XS-trusted-keys', and it was in the expected format, and either the server had no other keys in /etc/pki/olpc/XS-trusted-keys, or it did and they signed the new one. Did the server make any noise when the usb key was inserted? Douglas ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
[Server-devel] Fwd: /etc/xs-sigchecks-enabled
The background to this discussion is the xs-sigchecks-enabled flag was introduced so packages like xs-rsync could function without relying on infrastructure that didn't exist at the time. This email is just moving talk to the list; I'll reply to myself shortly. -- Forwarded message -- From: Martin Langhoff <[EMAIL PROTECTED]> Date: 2008/11/6 Subject: Re: /etc/xs-sigchecks-enabled To: Douglas Bagnall <[EMAIL PROTECTED]> Hi Douglas, On Wed, Nov 5, 2008 at 1:59 AM, Douglas Bagnall <[EMAIL PROTECTED]> wrote: > This is bugging me a little, because more and more is starting to hang > off it, with xs-tools importing keys and the sotp passwords and so on. good to think it through... > I would like something that meant "we're not checking keys so you > can't do that", but after considering what effect it has in other > situations, I've treated the flag to mean "we're not checking keys so > you can do anything!". You are right that for sotp it backfires in a bad way. Don't think I was aware of this before you mentioned it... > So, for the xs-tools usbmount script, it would be nice to treat it as > a 'not checking, so not allowing' flag. There is a little bit of a > bootstrapping problem there: if you're not allowing unsigned imports, > you can't get a key in to sign other keys to allow imports. We've > talked about this before: either there's a magical moment of trust > that lets the first key in whatever, or there is a preinstalled OLPC > key. In the present interpretation of the flag, there is a magical > era of trust. (If we have a preinstalled key it would need to be in > /etc/pki/olpc/XS-trusted-keys). > > Ah, sorry for the ramble: What I'm getting at is: should the absence > of /etc/xs-sigchecks-enabled mean 'always trust usb input' or 'do what > seems sensible with usb input'? No, no ramble but good thinking -- and I'd say we should move this to the server-devel list. My take on this is that it means 'do what seems sensible with usb input' -- in that sense it's a "xs-security-on" flag, rather than pointing to a particular mechanism. (maybe worthy of a rename before 0.5 is released?) As you say, there's a magical moment of trust at install time. Some teams might use anaconda to touch the file, pilots might login and touch the file manually (but that's unlikely). Not having the file there means you're on a less safe configuration, apt only for small pilots where a sysadmin controls the machine closely (physical security, etc). cheers, m -- [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Backup of laptops
hi Pia, > I've got the XO 767 image rolled out to about 80 laptops, between 3 sites > all with the 0.4 server image. I'm not sure why, but _none_ of the servers > are receiving backups from the clients. I've tried following the > instructions to debug the issue, but am not getting any error messages from > either the server or the clients. It just silently fails. My question is, > has anyone got this working? Any ideas how I can fix it? It appears that > the backups worked once, and then never again. The clients create the > ~/.sugar/default/lock/ds-backup.run file but then nothing happens and the > file remains, so of course then the backup script never runs again as the > lock file still exists. Do any files under /library/users/ have the wrong ownership? (perhaps owned by a different laptop). If so, then the problem might well be fixed by this patch: http://dev.laptop.org/git?p=users/martin/ds-backup.git;a=commitdiff;h=8266a15e62600ac1a4fbe7a656472a67a640e35b Unfortunately that's needed on the client not the server, so 0.5 will not help. I really hope I'm wrong about this, though. > This is a real pain as I need to have these backups for oversight of the > children, and it is a high profile trial. Any ideas? Should I just upgrade > to 0.5 on the server? douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] [ejabberd] Memory use with SSL connections
This thread on the ejabberd list has detached itself from server-devel, so for the record I'll point to a couple of interesting messages: In http://lists.jabber.ru/pipermail/ejabberd/2008-October/004316.html, Evgeniy Khramtsov of ProcessOne writes: > Douglas Bagnall wrote: > >> Does ejabberd use a wide range of OpenSSL's functionality >> > No, it doesn't. It uses only encryption functions and certificate checks. > >> or might >> one of the light libraries with flakey standards coverage (e.g., >> yassl) work well enough? >> > OpenSSL has a very important benefit: it doesn't require socket descriptors > to be passed to it's API functions. Other libraries (gnutls, yassl) need > sockets to be passed to their functions (furthermore, sockets must be in > blocking mode!!), but this is not acceptable in Erlang of course. At least I > didn't see alternative libraries without this restriction. and in http://lists.jabber.ru/pipermail/ejabberd/2008-October/004317.html, Jonathan Schleifer suggests an alternative: > xyssl doesn't need a socket passed either IIRC and needs less memory > than OpenSSL. Unfortunately, https://xyssl.com has disappeared so information about it is hard to find. Douglas ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
Re: Pseudo-locales for i18n testing by English speakers
A data point, just because I have a script that does this stuff: Of the 118 activities linked from [[Activities]], the following have a pseudo linfo field, and the asterisked ones have actual pseudo-ised data. org.laptop.MeasureActivity (Measure) org.laptop.Pippy (Pippy) org.laptop.TamTamSynthLab (TamTamSynthLab) org.laptop.RecordActivity (Record) org.laptop.AcousticMeasure (Distance) org.laptop.TamTamJam (TamTamJam) org.laptop.TamTamEdit (TamTamEdit) * org.laptop.Connect (Connect vs. [զք ЩЌठ ऊ ۦШи]حօղոչҁե) * org.laptop.GmailActivity (Gmail vs. [ҳﯽ Сیपżل Ƶ Հҟ]Вҕօաیэ) org.laptop.TamTamMini (TamTamMini) douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: testing ejabberd
Gary C Martin wrote: >> http://wiki.laptop.org/go/Ejabberd_resource_tests#Try_4:_a_few_thousand_users > > > One extra figure that would be interesting is the server response latency to > client requests, not sure if hyperactivity gives you that easily. No, I don't think hyperactivity does measure latency. The only metric I have is that activity sharing between XOs worked well enough while competing with 2000 hyperactivity clients. There are other test suites that claim to measure latency, so I'm looking into running one of them at the same time. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: testing ejabberd
I wrote: > I've written up my recent testing of ejabberd for the wiki: > > http://wiki.laptop.org/go/Ejabberd_resource_tests > > It is not completely satisfactory: I don't have the resources to test > up to 3000 active users which I believe is an important target. At > lower numbers, however, ejabberd's memory consumption seems to be > linear, and it looks to be roughly the case that 0.5 GB per 1000 users > is enough. (Just barely -- that's a limit, not a recommendation). Since then, thanks to hyperactivity pointers from Guillaume, I got ejabberd to very briefly accept about 4700 connections, and almost simultaneously, to crash. I'm quite pleased with this on both counts, even though, because it happened during the period late on Fridays that our host company offers free beer upstairs, I did not actually witness the events. The results are summarised here: http://wiki.laptop.org/go/Ejabberd_resource_tests#Try_4:_a_few_thousand_users In short, with 1GB ram, ejabberd coped with a stable load of 2000 connections, but it went crazy when faced with more, bouncing off the RAM ceiling, dropping clients, and freezing its web admin interface. Then after a quiet period it recuperated and gamely made the fatal number of connections. >From time to time ejabberd logged errors or warnings but they don't seem to relate to much. I'm trying to get this automated enough so I can leave it running in the background and think of something else. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
hyperactivity limits
I wrote: > It is not completely satisfactory: I don't have the resources to test > up to 3000 active users which I believe is an important target. Just to clarify this: it was actually client resources I ran out of, not the server (though that must have been getting close to melt down). I used hyperactivity, but could only maintain about 250 connections from each instance. Guillaume: you mentioned somewhere that you had worked on a Gabble bug relating to hyperactivity, so I tried a git snapshot and got a recurring trace back with this punchline: dbus.exceptions.DBusException: org.freedesktop.Telepathy.Errors.NotImplemented: \ Unknown property BuddyGadgetAvailable on org.laptop.Telepathy.Gadget Do I need to replace other stuff than just Gabble? Or should I not bother yet? Is 250 connections in the order that you get? Perhaps my hyperactivity has issues all of its own. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: testing ejabberd
I've written up my recent testing of ejabberd for the wiki: http://wiki.laptop.org/go/Ejabberd_resource_tests It is not completely satisfactory: I don't have the resources to test up to 3000 active users which I believe is an important target. At lower numbers, however, ejabberd's memory consumption seems to be linear, and it looks to be roughly the case that 0.5 GB per 1000 users is enough. (Just barely -- that's a limit, not a recommendation). With 1200 users making some communication every 15 seconds, the 2GHz dual core pentium was bouncing along with a load average around 2 and ejabberd over 100% CPU usage. I don't know whether 15 seconds is a reasonable interval: if e.g. each keystroke in a shared Write touches ejabberd, then 15 seconds seems long; otherwise perhaps it's very short. Once I realised that the open files resource limit was killing ejabberd (which took an embarrassingly long time, not helped by cryptic log messages), it was stable under all loads. From time to time I tried sharing activities between XOs and they were always responsive. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: testing ejabberd
Guillaume, > Would be helpful if you could upload Gabble log somewhere. Before > starting hyperactivity, launch Gabble manually like this: > GABBLE_PERSIST=1 GABBLE_LOGFILE=/tmp/gabble.log GABBLE_DEBUG=all > LM_DEBUG=net /usr/lib/telepathy/telepathy-gabble Thanks. That was enough for me to sort it out -- the problem was caused by ejabberd restricting the number of registrations per IP address. Adding "{registration_timeout, infinity}." to ejabberd.cfg fixed it. I've put the log at http://halo.gen.nz/gabble-wired-connection-1.log but only in case you are curious. I've tested up to about 350 users from various machines at various activity rates. Collaboration continues to work while ejabberd is under this load, while its memory use grows to around 160MB. I'll report on this in more detail soon. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
testing ejabberd
hi I'm having some trouble using hyperactivity to test ejabberd. Hyperactivity always ends up looping over unsuccessful accounts, producing output like this: can't connect hyperactivity-ac4ec2e2-892e-11dd-a4b7-0017c40d34e4. Remove it have to create 1 accounts create accounts/gabble/schoolserver.dell.xs.laptop.org/hyperactivity-ac9cecec-892e-11dd-a4b7-0017c40d34e4.account can't connect hyperactivity-ac6d40aa-892e-11dd-a4b7-0017c40d34e4. Remove it have to create 1 accounts create accounts/gabble/schoolserver.dell.xs.laptop.org/hyperactivity-acb4ce02-892e-11dd-a4b7-0017c40d34e4.account can't connect hyperactivity-ac85168a-892e-11dd-a4b7-0017c40d34e4. Remove it What ejabberd says of each of these is something like: I(<0.258.0>:ejabberd_listener:112) : (#Port<0.464>) Accepted connection {{0,0,0,0,0,65535,44050,2588},33012} -> {{0,0,0,0,0,65535,44050,1},5222} This would make simple sense if hyperactivity didn't succeed every now or then. These usable accounts build up over time, so hyperactivity ends up starting with a few of them. So in the sea of unsuccessful creations there is every now and then a line like: client hyperactivity-c3e52044-88f3-11dd-a913-0017c40d34e4: --> change current activity Although that has no server-side correspondent. The anomalous messages on the server side are: =INFO REPORT 2008-09-23 01:15:34 === I(<0.386.0>:ejabberd_c2s:478) : ({socket_state,gen_tcp,#Port<0.451>,<0.385.0>}) Failed legacy authentication for [EMAIL PROTECTED]/Telepathy =INFO REPORT 2008-09-23 01:15:34 === I(<0.388.0>:ejabberd_c2s:438) : ({socket_state,gen_tcp,#Port<0.453>,<0.387.0>}) Accepted legacy authentication for [EMAIL PROTECTED]/Telepathy =INFO REPORT 2008-09-23 01:15:34 === I(<0.388.0>:mod_shared_roster:640) : user_available for "hyperactivity-c3e52044-88f3-11dd-a913-0017c40d34e4" @ "schoolserver.dell.xs.laptop.org" (1 resources) [ ... millions of the 'Accepted connection' messages, then ... ] =INFO REPORT 2008-09-23 01:15:54 === I(<0.388.0>:ejabberd_c2s:1290) : ({socket_state,gen_tcp,#Port<0.453>,<0.387.0>}) Close session for [EMAIL PROTECTED]/Telepathy =INFO REPORT 2008-09-23 01:15:54 === I(<0.388.0>:mod_shared_roster:679) : unset_presence for "hyperactivity-c3e52044-88f3-11dd-a913-0017c40d34e4" @ "schoolserver.dell.xs.laptop.org" / "Telepathy" -> [] (0 resources) Has somebody seen this before? What am I doing wrong? Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: G1G1v2 Activities
Gary C Martin <[EMAIL PROTECTED]> wrote: > > Perhaps correcting http://wiki.laptop.org/go/Activity_tutorial would > help? Good point -- done, at least for host_version and bundle_id. As it happens the actually published HelloWorld activity is one of the worst offenders, having no activity_version. That might even break things. > I'm showing my age here, but is bundle_id a replacement for > service_name? Seem to be identical. It is, they are. I'm not sure why it changed, and all the code I've seen tries both, but the spec is adamant (that's http://wiki.laptop.org/go/Activity_bundles). > OK, well... I 'think' Moon-5 can now go on your shiny happy list – Yes! I've got no idea about that bundle_name warning, sorry. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: G1G1v2 Activities
Greg Smith wrote: > What do you think are the most important activities to include? If we're sticking to activities with valid activity.info files, then (AFAICT) we're limited to: XaoS - org.codewiz.XaoS Sokoban - de.hpi.swa.Sokoban Pipes- de.hpi.swa.Pipes Bounce - bounce Chat - org.laptop.Chat DrGeoII - org.ofset.DrGeoII Breakout - de.hpi.swa.Breakout Funtowers- de.hpi.swa.Funtowers DiceWars - de.hpi.swa.DiceWars X activity - org.laptop.wiki.XActivity StackAttack - de.hpi.swa.StackAttack Joke Machine - org.worldwideworkshop.JokeMachineActivity Sokobaenle - de.hpi.swa.Sokobaenle BlockAttack - de.hpi.swa.BlockAttack Abalone - de.hpi.swa.Abalone SameGame - de.hpi.swa.SameGame Not that it really matters, of course. Most activities fail by having no bundle_id, and only 36/115 have host_version. Good on whoever does the swa.hpi.de games. douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] anaconda deletes /fsckoptions on F9 based XS
hi Joshua, Just to clarify: >> Most of them >> will be in locations with unreliable power - so they will switch off >> when power gets cut. > > I have run servers like this for a few years with ext3. I was surprised > how well it worked. I never got anything resembling file system > corruption. ext3 worked like a charm. Is that with a '-y' fsck option set, or just with the defaults? Douglas ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
Re: anaconda deletes /fsckoptions on F9 based XS
Jeremy Katz wrote: > How often are you actually getting to having fsck questions? ext3 > partitions should be set up by default to not run fsck unless it's > really really needed. [Some dd'ing and pulling plugs later] Yes, it does seem so. I may have been mis-conditioned by certain fsck-happy .deb distros (and having said that, it is a long time since I saw a question). > It's not deleted by anaconda, it's deleted on boot by rc.sysinit. See > line 723 or so. argh. Thanks. I should have seen that. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: XOs resisting activation
Scott wrote: > You need a signed build if you are going to enable security. 759 is > not signed. 714 is the most recent signed build. The 4 button install of 714 worked; thanks Scott and Mitch. In the process, I noticed that it looks to download fs.zip from the school server. That is quite neat, and I'd like to make the server play along. I've opened #8523 which contains speculation about what ofw might want from the XS. I just noticed #2740 (the same, from firmware's POV), but it is probably worth keeping both tickets. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
[Server-devel] anaconda deletes /fsckoptions on F9 based XS
hi, The xs-config package creates a file called /fsckoptions (yes, in /), to stop headless servers from stalling on fsck questions. This file is deleted by anaconda, some time after the end of ks.cfg's %post section. To be sure, I used: %post #[...] if [ -e /fsckoptions ]; then touch /root/fsckoptions-there-at-end-of-post fi and that flag is set. Does anyone know how to stop anaconda doing this? Or is it necessary to use a first-boot rc script? douglas ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
Re: Expected date for 8.2.0
Walter Bender wrote: > Are we still so wedded to the purity of circles? Simply changing the > shape of the icon once a connection is made would go a long way. Maybe > morph into a star? or a sun? Or add the ubiquitous parens around the > icon a la the indicator light? None of these would adversely impact > the color-ID scheme. There has been some discussion on the server-devel list of making a logo for the XS. Perhaps the symbol for a connected school server should match that logo (and a simple mesh should look different -- for me at least this would save, well, a minute per week). The thread starts and restarts at: http://lists.laptop.org/pipermail/server-devel/2008-September/001896.html http://lists.laptop.org/pipermail/server-devel/2008-September/001920.html This might also focus the minds of prospective designers: rather than struggling to incorporate the letters X and S, try to make your logo look like a school. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
XO activity bundle .info format
In the course of making an activity server for the XS, I have looked at the activity.info files of 114 bundles from http://wiki.laptop.org/go/Activities. One (Berkeley Logo) turned out not to be a bundle at all, and otherwise the tags I found were: name 113 icon 113 activity_version 111 service_name 101 show_launcher 76 class 61 exec52 host_version35 mime_types 25 bundle_id 20 id 4 update_url 2 runtime_library_dirs 1 activity-version 1 bundle_id || service_name 113 bundle_id != service_name0 It seems that people are using bundle_id and service_name interchangeably, and that although the wiki[1] says bundle_id is required, service_name is more common. Is it OK to assume these will remain as synonyms? Might they ever diverge? [1]http://wiki.laptop.org/go/Activity_bundles#.info_File_Format The tags that appear most erroneous belong to the following activities: id: com.ywwg.Sonata org.osl.MediaPlayerActivity com.epals.www com.ywwg.NewsReader activity-version: org.laptop.ViewSlidesActivity NO activity_version: org.laptop.ViewSlidesActivity org.laptop.HelloWorldActivity runtime_library_dirs: org.laptop.swordread I'm not sure about the last one. Douglas ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Martin's new assistant
hello, I will be working with Martin Langhoff for a couple of months, with the hope of giving XS development a boost. At present I am really just familiarising myself with the system, but we aim to clean up that bug tracker and have a considerably more useful school server. My background is in software art, with a bit of filmmaking, web development, and general programming. Some of my projects are described on http://halo.gen.nz/. The art background is perhaps more relevant than it might seem: it is hard to imagine an environment with worse connectivity and less IT expertise than a typical New Zealand art gallery. Designing and deploying tolerably cheap and fail-safe systems has been a large part of my work. Anyway, I'm glad to helping the OLPC project. cheers, Douglas Bagnall ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel