[Server-devel] Fixing the Shellshocker bash exploit on the old FC9 based XS 0.6

2014-09-25 Thread Anna
The patch that fixes the shellshocker exploit isn't, from the best that I
can tell, going to be released for Fedora versions older than 17.

I just patched my XS 0.6 with this:

curl -k https://shellshocker.net/fixbash | sh

You'll need to be able to compile, I'm not sure of any other specific
requirements since I installed the Development Tools group on this box a
long time ago.

You can find more information here:  https://shellshocker.net/

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Fixing the Shellshocker bash exploit on the old FC9 based XS 0.6

2014-09-25 Thread Anna
Yup, the fix was only for CVE-2014-6271.  My XS 0.6 is still vulnerable to
CVE-2014-7169.

I was just looking at my Apache access log to see if anyone was trying the
exploits.  Luckily this guy who hit me is a security researcher:

209.126.230.72 - - [24/Sep/2014:23:55:55 -0500] GET / HTTP/1.0 200 2692
() { :; }; ping -c 11 209.126.230.74 shellshock-scan (
http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html)

But I don't think this person is up to any good:

89.207.135.125 - - [25/Sep/2014:07:04:51 -0500] GET
/cgi-sys/defaultwebpage.cgi HTTP/1.0 404 77 - () { :;}; /bin/ping -c 1
198.101.206.138

My .htaccess is set up to block user agents by keyword, like bot, crawler,
google, bing, etc.  I threw the word ping in there, at least that'll give
a 403 to the above attempt.

I'll keep an eye on https://ftp.gnu.org/gnu/bash/bash-4.3-patches/ and hope
a patch for CVE-2014-7169 lands in there soon.

Yes, I do need to stop procrastinating and replace this machine.  This old
Dell's power supply is going bad.  Takes me about an hour of mysterious
fiddling to get it powered back on after shutdown.

Anna Schoolfield
Birmingham

On Thu, Sep 25, 2014 at 9:14 PM, Samuel Greenfeld sam...@greenfeld.org
wrote:

 XS 0.7 school servers are based on CentOS 6.x, which still gets security
 updates.

 So you can log onto your XS 0.7 schoolserver as root, and yum update
 bash to get the latest version.

 Note that there is talk that the first fix may not be complete, so you may
 have to update bash twice.


 On Thu, Sep 25, 2014 at 7:04 PM, Anna ascho...@gmail.com wrote:

 The patch that fixes the shellshocker exploit isn't, from the best that
 I can tell, going to be released for Fedora versions older than 17.

 I just patched my XS 0.6 with this:

 curl -k https://shellshocker.net/fixbash | sh

 You'll need to be able to compile, I'm not sure of any other specific
 requirements since I installed the Development Tools group on this box a
 long time ago.

 You can find more information here:  https://shellshocker.net/

 Anna Schoolfield
 Birmingham

 ___
 Server-devel mailing list
 Server-devel@lists.laptop.org
 http://lists.laptop.org/listinfo/server-devel



___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Taking pictures with an XSCE on an XO

2014-02-22 Thread Anna
A long time ago, I posted on OLPC News Forum about how to make your XO-1
take and display an image with gstreamer and the boa web server.  You can
take and display an image from the XO-1's camera via any browser on the
LAN.  These instructions are mostly still valid for the XO-1.

http://web.archive.org/web/2028021343/http://www.olpcnews.com/forum/index.php?topic=4710.0

But for the XSCE on an XO 1.5, 1.75 or 4?  Apache makes things a little
more difficult to configure.  So let's just see what to do, then.

As root, create this file:

-bash-4.2# cat /var/www/cgi-bin/webcam.cgi
#!/bin/sh
# CGI script to take and display an on-demand image
echo Content-type: text/html
echo
echo htmlheadtitleA Picture from the XO XSCE Webcam/titlebody
echo h1Here's a Real Time image from the XO XSCE Webcam/h1
echo b
gst-launch-0.10 v4l2src ! ffmpegcolorspace ! pngenc ! filesink
location=/var/www/html/images/webcam.png  /dev/null
echo br /
echo IMG SRC=../images/webcam.png
echo br /
echo h2Refresh this page to take another picture/h2
echo /b/body/html

chmod +x webcam.cgi

Still as root, Put apache into the video and audio groups in /etc/groups:

-bash-4.2# cat /etc/group |grep apache
video:x:39:olpc,apache
audio:x:63:olpc,apache

mkdir /var/www/html/images and then:

chown apache:apache /var/www/html/images

Reboot.  Then go to http://whatever your XSCE's IP is/webcam.cgi and it
automagically takes and displays a picture of what your XSCE XO is pointed
at.

Then hit F5 to refresh as needed for new pictures.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Large groups of XO-1 do not work with access points

2014-02-07 Thread Anna
This is all very interesting, particularly when James Cameron stated,
...all it takes is for two active scans to miss the access point.  All
the years I've been working with these things, I really had no idea.  And
did I inadvertently do the correct workaround?

I've got a couple of XO-1's that repeatedly don't automatically see a
couple of my AP's in Sugar's Network Neighborhood on boot (some of my XO-1
units just work, btw).  In a console, I'll do `iwlist eth0 scan |grep my
ap's ssid` multiple times until it shows up (or grep on ESSID for the list
of what all it sees).  Then switch back to Network Neighborhood, find the
AP's circle (which now shows up) and associate.

After that, networking is fine until reboot, but then I just repeat the
above procedure.

What I found peculiar was that the AP doesn't initially show up on those
XO-1's even when the XO-1 is on the table right next to the AP.  But, hey,
I figured out how to scan for it and then moved on.  I didn't know others
had this issue in other environments.

My home environment is relatively noisy.  I'm looking at an XO-1 now and it
can see 16 APs: four on channel 1, one on channel 4, one on channel 5,
three on channel 6, three on channel 8, one on channel 10, three on channel
11.  Only three of those are in my house - Tyler's AP on channel 1 (which
is WPA encrypted and I don't typically use), my regular AP on channel 11,
and the XSCE's AP on channel 6.

Musing upon it now, I should probably switch the channels between my
regular AP on 11 and the XSCE's - the XSCE's channel 6 might be getting
crowded out by my neighbors on 4,5,6, and 8.

Anna


On Fri, Feb 7, 2014 at 7:21 PM, James Cameron qu...@laptop.org wrote:

 On Sat, Feb 08, 2014 at 12:16:06PM +1100, James Cameron wrote:
  1.  sometimes, an active scan by the XO-1 does not have the access
  point listed in the scan results, despite the XO-1 transmitting an
  acknowledgement to the access point,

 This implies a problem in the firmware or the kernel.

 --
 James Cameron
 http://quozl.linux.org.au/
 ___
 Devel mailing list
 de...@lists.laptop.org
 http://lists.laptop.org/listinfo/devel

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] $400 computer for Haiti

2013-12-19 Thread Anna
What's the climate control situation at the site in Haiti?

I live in a 100 year old house in Birmingham, Alabama, without central AC.
In the summer, I have to physically relocate equipment to my server room
(a well insulated room where I keep a window unit on full blast).
Otherwise, fans sound like jet planes taking off and everything gets really
hot and stressed.

Anyway, heat related failure would be one of my main concerns in Haiti.

Anna


On Thu, Dec 19, 2013 at 4:58 PM, George Hunt georgejh...@gmail.com wrote:

 Hi all,

 The Haiti deployment we are preparing for, made $400 available for a
 server, and power is available. What hardware has been the question.  Tony
 had lots of experience with Atom processors, and suggested nettop boxes. My
 research has led me to the following:

 $193 Zortec celeron processor
 http://www.amazon.com/Zotac-Dual-Core-Celeron-Barebone-ZBOXNANO-ID61-U/dp/B008OHRFE0/ref=sr_1_7?s=electronicsie=UTF8qid=1387490390sr=1-7keywords=zotac+barebone

 $75 8GB Memory --
 http://www.amazon.com/Corsair-1x8GB-Laptop-Memory-CMSO8GX3M1A1333C9/dp/B005T63BEM/ref=pd_sim_pc_1

 $86 WD blue 1TB drive --
 http://www.amazon.com/WD-Blue-Mobile-Hard-Drive/dp/B005DVJJWQ/ref=sr_1_4?ie=UTF8qid=1387491567sr=8-4keywords=wd+2.5+1+tb+blue

 Total $354 + tax

 Per Tim Moody's suggestion, I consulted
 http://www.cpubenchmark.net/cpu_list.php

 The Atom processor d535 has a passmark score of 693
 The celeron, for about the same price, selected in this proposal, has
 passmark score of 1215
 The i3 version of the Zortac box is $130 more and its passmark score is
 3833

 Of course, cpu benchmarks are not the only issue. I think it has been
 suggested more money should be put into memory, when trying to serve many
 clients.

 Soliciting inputs . . .

 George


 ___
 Server-devel mailing list
 Server-devel@lists.laptop.org
 http://lists.laptop.org/listinfo/server-devel


___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Supporting basic mobile phones

2013-11-25 Thread Anna
I was thinking about the type of phones as well.  If by smartphone, Tim
means a phone that can do wifi, that should be easy enough to fit into our
existing ecosystem.  Maybe have browser detection and serve mobile
optimized stuff, say redirect to http://m.schoolserver on those devices.

If the phone does not do wifi, we'd need a different infrastructure setup.
Like Tim said, some sort of cellular gateway.  And then what sort of
interaction would there be?  I'm not familiar enough with non-smart phones
(besides texting and making voice calls) to know.

We've got a regular cellphone, a prepaid LG500G Tracfone, we use as a
spare (got it on sale for $10).  There's no microSD card in it and the only
way to talk to it locally is through bluetooth (bit of a hassle to set
up).  It's a decent enough phone, I can take pictures and videos, create
audio recordings, and write notes (there's a nice qwerty keyboard).  Then,
via a bluetooth dongle on my desktop, I can access the files I created.
Or, from my desktop, put pictures, videos, podcasts (or any other mp3
file), or text files on it.  I haven't tried to send/receive those files
over the cellular network because I don't want to waste a bunch of minutes
playing around with that.  Would airtime would be a factor with integrating
regular cellphones?  And if so, how best to communicate with the handset?

Carol Ruth Silver might be a good resource on the logistics since she's
involved with a project in Afghanistan using regular (non-smart) phones
to teach literacy.


On Mon, Nov 25, 2013 at 1:39 PM, Tim Moody t...@timmoody.com wrote:

 This idea occurred to me as well.  I think we need to be sure about the
 kinds of phones that are available.  What I read indicates mostly not smart
 phones.  I believe the highly successful apps, such as mpesa and ushahidi
 use sms, not even wap.  You then need a cellular gateway.


 Message: 1
 Date: Mon, 25 Nov 2013 09:21:47 +0530
 From: Anish Mangal an...@activitycentral.com
 To: server-devel server-devel@lists.laptop.org, T Gillett
 tgill...@gmail.com
 Subject: [Server-devel] [crazy idea] Supporting basic mobile phones |
 Searching for possible standards
 Message-ID:
 CAHFjNwNb5jh=kDm9Cw8gdKgW8-C1YHJe1GD=chdhktskigs...@mail.gmail.com
 Content-Type: text/plain; charset=utf-8

 Hi,

 Disclaimer: Please do not construe this as a direction that XSCE should be
 taking, but more of a crazy idea I am exploring on the side.

 In developing nations, the most common communication device is the mobile
 phone. It is atleast a magnitude more common any other electronic
 communication device. If one were to look at building technology solutions
 for education in less developed nations of this world, a cellphone would
 seem like the perfect thing to piggyback upon.

 On the other hand, this would seem like saying lets shut down sugar and
 move to android, because it's everywhere, something I'm not sure is the
 best thing to do. (So I am conflicted about it).

 Cutting to the chase:
 1. Is there any overlap between the xsce vision *as you see it* and
 supporting mobile phones.
 2a. If the answer to that is a yes, are there standards or software that
 might help make XSCE content and services available on basic mobile
 phones.
 We will probably forego 80% of the value XSCE provides, but that 20% might
 be valuable.
 2b. What kind of service standards would be most suitable to build upon?
 WAP, SMS, Voice (navigation)? Most basic mobile phones today have a WAP
 browser.

 The more I think, the more it feels that this may not be the right thing
 for the XSCE project, but still would like to have an understanding of the
 challenges involved.

 Thoughts?

 --
 Anish

 P.S. this email is a result of talking to a few people over the past few
 weeks and hearing from them again and again the sheer availability of
 mobile phones. At the same time, I'm sure many people would have already
 tried to figure out this space (maybe I'm trying to do just that).
 -- next part --
 An HTML attachment was scrubbed...
 URL: http://lists.laptop.org/pipermail/server-devel/
 attachments/20131125/c000a076/attachment-0001.html

 --

 ___
 Server-devel mailing list
 Server-devel@lists.laptop.org
 http://lists.laptop.org/listinfo/server-devel


 End of Server-devel Digest, Vol 79, Issue 20
 


 --
 Sig inserted by AutoHotkey ver. 1.1.11.01 (signature - first line)
 WLMail QuoteFix - http://www.dusko-lolic.from.hr/ (signature - second
 line)
 ___
 Server-devel mailing list
 Server-devel@lists.laptop.org
 http://lists.laptop.org/listinfo/server-devel

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] [XSCE] End User Documentation / Basic Setup Guide / How to upload PDFs etc

2013-11-17 Thread Anna
If possible, deploy epubs rather than pdfs.

You can always convert an epub to a pdf.  You can't easily do it the other
way round.  Go ahead and search, the pdf format is a bane for people who
use ereaders.

Also, epubs open from the Journal in the Read Activity, where kids can use
bookmarks.  PDFs open in Browse and there's no bookmarking mechanism.  So
you're halfway through a PDF, shut down your XO for the day, then the next
morning open the PDF back up and have to scroll to where you left off.  Not
cool.


On Sun, Nov 17, 2013 at 8:38 PM, Curt Thompson curtathomp...@gmail.comwrote:

 In the short term, I just followed Anna's suggestion and put the PDFs in
 a directory I made /var/www/html/science.  I tested it out with the
 Browse activity in the XO-1 James is lending me as a client and it seems
 to work relatively well - opens in-browser, which is nice.

 Not super fast but the images/text load up within a few seconds and it's
 scrollable with the buttons near the monitor (once you click inside the
 PDF).  I'm considering whether it's worth it to extract each page as an
 image and convert all these PDFs into essentially an HTML-based e-book
 to make it more responsive.

 In the long term, I'd like to be able to train teachers in how to add
 content.  If we can send them a USB stick with PDFs, for example, it'd
 be nice for them to be able to simply copy it into place and enjoy the
 updated content.  Would this be the case once I got Pathagar set up and
 working?

 I'll also work on documentation when I can.  I started to write setup
 documentation but the online install info on the wiki is pretty good.
 What's missing (in my humble opinion) is what to do with XSCE once it's
 up and running.  I'll try to make some time to document the things I
 learn as I go.

 Thanks for the help


 On 11/17/2013 12:05 PM, Sameer Verma wrote:
  On Sat, Nov 16, 2013 at 8:15 PM, Anna ascho...@gmail.com wrote:
  Pathagar is still a work in progress.  I'm not sure if it can handle
 pdfs,
  though.  Last I saw, it was just epubs.
 
  By design, Pathagar will serve *any* kind of file. The file serving is
  done via HTTP (Can be apache, nginx, or lighttpd, etc). Here is an
  example of PDF: http://108.171.173.65/book/10/view and here's an
  example of epub: http://108.171.173.65/book/8/view Pathagar itself
  doesn't care about the file format, as long as the http server has a
  way (MIME) to handle it. As far as the Pathagar software itself is
  concerned, there are no showstopping bugs that I know of.
 
  A couple of notes on the *installation* of Pathagar, where we do have
  a bunch of problems:
 
  1) The *current* version of Pathagar is borked. I haven't gone back to
  see where it fails or how, but there should be a prior version that
  works. There is also a version (patch) that apparently fixes the book
  edit and upload problem. I have not tested it. I hope someone else can
  take a look?
 
  https://github.com/PathagarBooks/pathagar/issues
 
  2) There seem to be multiple deployment approaches. We have PIP, RPM,
  fabric, and the good old way of installing and configuring by hand
  (which is what I follow, because I haven't had the time to test the
  other methods). At the OLPC SF Summit, Jerry told me that they have
  the RPM part addressed, but the current bug (cannot add/edit books)
  gets in the way.
 
  Hopefully the latest patch can address these things.
 
  For your immediate purposes, I'd suggest `mkdir /var/www/html/science`
 and
  put the pdfs there.  Then clients can go to http://schoolserver/scienceto
  download them.
 
  Anna
 
 
  On Sat, Nov 16, 2013 at 10:05 PM, Curt Thompson 
 curtathomp...@gmail.com
  wrote:
  So I've been tinkering around XSCE School Server for a while now - I
  have it set up with Internet-in-a-box via USB drive and I spent a while
  trying to get my laptop to work as AP/server.
 
  I've also been poking around looking for basic setup info.  In
  particular, I'm trying to upload these ~36 Science Textbook PDFs and
 I'm
  not sure where to put them, if I should just be copying them to some
  directory (etc/Moodle or etc/pathagar or /library/pathagar/media?) or
  uploading them via one of these systems.  Any advice on which method is
  best?
 
  I've looked around the Wiki but I can't find anything like a basic
 setup
  guide (such as a reference that could be used by teachers, students,
  and/or volunteers in the field.)  Is there such a guide?
 
 
 


___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Setting up a USB drive for the XSCE Activity Update service

2013-11-08 Thread Anna
How to do an activity bundle came up on #schoolserver today.  I knew I
had written it up, but forgot that I only sent it to xsce-devel at the
time.  This is something that should be on server-devel.  And probably
needs a wiki entry.

-- Forwarded message --
Date: Thu, Jul 11, 2013 at 2:32 AM
Subject: Setting up a USB drive for the XSCE Activity Update service


I have never tested or even looked at this before, but today on the call,
George made sure I saw this link which has all the details regarding the
Activity Update service for the XSCE:
http://dev.laptop.org/git/users/martin/xs-activity-server/tree/README

But if you're sitting there with a USB drive, some activities you'd like to
include, you've got an XSCE, and you want some simple instructions, here's
a digest.

Unfortunately I'm going to assume you're on a Linux box, apologies to the
Windows people.

First, insert your USB drive into your computer (I used my regular FAT32
formatted drive that I also use for flashing XOs) and create a directory
named xs-activity-server

Navigate into the xs-activity-server dir and download some activities.

This isn't necessary, but it's quite nice.  Write a blurb for the
activity that will show up on the entry for the activity in
http://schoolserver/activities

First, get the bundle_id for the Activity.  In Linux, it's simply:

zipgrep bundle_id activityname.xo

It should return something like:

JAMediaTube.activity/activity/activity.info:bundle_id =
org.laptop.JAMediaTube

You want the bit at the end.

Now, create an .info file in the xs-activity-server dir.  It doesn't matter
what it's named, just do activities.info or something.

For every activity you would like to write a blurb for, put an entry for
that in the activities.info file.  For example:

[org.laptop.JAMediaTube]
description = Watch YouTube! It's really fun!

[org.laptop.FakeActivity]
description = This is a placeholder for documentation purposes

Notice the bundle_id value we grepped for earlier?  That's in brackets in
the .info file with the description directly underneath.

You've got your .xo files, set up your activities.info file, it's all on a
USB drive in a dir named xs-activity-server, and now that you've got all
the ingredients, the last order of business is to create a manifest for the
XSCE to read.

While in the xs-activity-server dir on your USB drive, run this command:

sha1sum *.xo *.info  manifest.sha1

Eject the USB drive and plug it into the XSCE.  And then magic happens!
The activities you put on the USB drive in the xs-activity-server dir will
just automagically show up on http://schoolserver/activities with the
blurbs you wrote in the activities.info file.

I don't know how the USB drive gets ejected by novice users from the XSCE.
Which could be a concern?

At any rate, this probably needs a wiki entry.

Anna
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Reminder: XSCE IRC scrum tomorrow (5th November), 1600 UTC / 1200 EDT on #schoolserver/irc.freenode.net

2013-11-05 Thread Anna
Since Daylight Savings is over, we meet at Noon EST, 11 am CST.  For folks
on the West coast, that's 9 am PST.

Basically, if it's noon in NYC, that's when we meet on Tuesdays on IRC.

Anna


On Tue, Nov 5, 2013 at 9:22 AM, Anish Mangal an...@activitycentral.comwrote:

 I screwed up, because 1600 UTC is not the same as 1200 EDT anymore
 (daylight savings confusion). So lets meet at 1200 EDT only, which is 1 hr
 and 40 mins from now. (1700 UTC).

 -
 Anish


 On Mon, Nov 4, 2013 at 3:27 PM, Anish Mangal an...@activitycentral.comwrote:

 Hi fellow server-hackers!

 We will be having our eighth IRC scrum meeting tomorrow 5th November on
 1600 UTC / 1200 EDT at the #schoolserver channel (irc.freenode.net). The
 meeting will be logged by a supybot instance.

 Please start filling in your points to discuss in the rolling agenda
 document

 https://docs.google.com/document/d/1o6QtzLb6e58YKWqMf_junux2XyBRLFm31un8YLcYslg/edit

 Logs for the last meeting held on 29th October are here:
 https://sugardextrose.org/issues/4826

 Cheers,
 Anish



 ___
 Server-devel mailing list
 Server-devel@lists.laptop.org
 http://lists.laptop.org/listinfo/server-devel


___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] How to create a screencast

2013-10-28 Thread Anna
Here's a few commands I played with from an XO-1, then tried to view
stream.ogg from my desktop.  I couldn't get streaming to work, though, all
it did was display a static screen capture.

gst-launch ximagesrc! ffmpegcolorspace ! videorate ! videoscale !
video/x-raw-yuv,framerate=5/1,width=320,height=240 ! theoraenc quality=16 !
oggmux ! shout2send ip=schoolserver.local port=9000 password=dxsstreaming
mount=stream.ogg streamname=Test description=Screencast

gst-launch ximagesrc! ffmpegcolorspace ! videorate ! videoscale !
video/x-raw-yuv,width=320,height=240 ! theoraenc quality=16 ! oggmux !
shout2send ip=schoolserver.local port=9000 password=dxsstreaming
mount=stream.ogg streamname=Test description=Screencast

gst-launch ximagesrc! ffmpegcolorspace ! videorate ! videoscale !
video/x-raw-yuv,framerate=15/1,width=160,height=120 ! theoraenc quality=16
! oggmux ! shout2send ip=schoolserver.local port=9000 password=dxsstreaming
mount=stream.ogg streamname=Test description=Screencast



On Mon, Oct 28, 2013 at 3:03 PM, George Hunt georgejh...@gmail.com wrote:

 Nosing around I found
 https://github.com/scollazo/dxs/blob/b6f016a69f5304a20710ea58baf0679bfad05e01/docs/TESTING.rst

 Which I believe answers my question.  I'll just need time to play around
 with it.

 George


 On Mon, Oct 28, 2013 at 3:08 PM, David Farning 
 dfarn...@activitycentral.com wrote:

 Sorry,

 Santi has been pulled away to work on other projects for a couple of
 days to a week. He is not ignoring you :( Just deep in a frustrating
 project :)

 On Sun, Oct 27, 2013 at 10:51 PM, George Hunt georgejh...@gmail.com
 wrote:
  Santi,
 
  In the demo last week, I think you said that you had used gstreamer to
  generate screencasts, and that icecast might be used at the school
 server
  end to distribute them, (there was some discussion whether icecast
 could do
  multicast).
 
  Can you give me a script, or at least more informtion about the
 gst-launch,
  or other technique, that you used?
 
  Thanks
 
  ___
  Server-devel mailing list
  Server-devel@lists.laptop.org
  http://lists.laptop.org/listinfo/server-devel
 



 --
 David Farning
 Activity Central: http://www.activitycentral.com



 ___
 Server-devel mailing list
 Server-devel@lists.laptop.org
 http://lists.laptop.org/listinfo/server-devel


___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Using a wifi dongle as an AP on the XSCE

2013-10-27 Thread Anna
I've got a wifi dongle that I know supports AP mode.  I've previously used
it as an AP with hostapd and dnsmasq on an Ubuntu desktop.  So I wanted to
see how to go about using it with XSCE on an XO 1.75.

The model number printed on the thing is SMCWUSB-N2.  lsusb (once I
installed usbutils) reports this:
Bus 001 Device 004: ID 0cf3:1002 Atheros Communications, Inc. TP-Link
TL-WN821N v2 802.11n [Atheros AR9170]

The XO 1.75 needed firmware for it in /lib/firmware:
http://wireless.kernel.org/en/users/Drivers/carl9170#Firmware_binary

Plugged in the dongle and made sure it was recognized:

-bash-4.2# ifconfig
wlan0: flags=4099UP,BROADCAST,MULTICAST  mtu 1500
ether 00:22:2d:c0:12:e3  txqueuelen 1000  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Ensured that AP mode was listed under Supported interface modes.

-bash-4.2# iw list
...
Supported interface modes:
 * IBSS
 * managed
 * AP
 * AP/VLAN
 * monitor
 * P2P-client
 * P2P-GO

Install hostapd:
yum -y install hostapd

Some self-explanatory required edits at the bottom of
/etc/hostapd/hostapd.conf:

# Customize these for your local configuration...
interface=wlan0
hw_mode=g
channel=6
ssid=xsce

Before running the XSCE install, edit vars/default_vars.yml for wlan0:
#Network
xsce_networks:
wan:
  iface: eth0
  ip: dhcp
lan:
  iface: wlan0
  ip: 172.18.96.1
  network: 172.18.96.0
  netmask: 255.255.224.0

Run the install like normal.  Though if your only connection to the
internet is through eth0, it might drop out (some sort of NM freakout with
the presence of wlan0?).  I ended up redoing the install from scratch with
a wired usb ethernet dongle providing the internet connection.

Once the install completes successfully, do:
systemctl enable hostapd.service

Throw this at the bottom of /etc/rc.d/rc.local:
ifconfig wlan0 172.18.96.1
systemctl restart dhcpd.service
systemctl restart named.service

Reboot.  A client should be able to connect to XSCE via the wifi dongle.

I do a problem with eth0 coming up on boot with this, have to walk over to
the XO 1.75 and manually connect to my wifi in the console.  And this
command is disturbingly inconsistent, I have to try it several times before
eth0 will connect:
nmcli dev wifi connect mywifi

This probably won't support many clients (I've tested with three) and I'm
not sure how stable it is.  And I'm not happy with eth0 not coming up on
boot and then the unreliability of trying to manually connect.  Though if
you're doing a simple demo, using a wifi dongle as an AP might come in
handy if there's no access to a power outlet to plug in an actual AP, since
everything is powered by the XO's battery.

If you only need to serve local content (IIAB, for example), then
technically you don't need eth0 to be up.  Though I am curious what's going
on with eth0, I'm guessing it might be Network Manager related?

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] ifcfg-eth# files in /etc/sysconfig/network-scripts generated by runansible

2013-10-25 Thread Anna
This morning, I was trying out a 2 dongle install from
https://github.com/XSCE/xsce.git.  The default in vars/default_vars.yml is
eth0 as WAN and eth1 as LAN.  Well, I forgot to edit that for my interfaces
(eth1 as WAN and eth2 as LAN).  So after ./runansible finished, I edited
vars/default_vars.yml accordingly and reran ./runansible.

After a reboot, I couldn't ssh back in.  Walked over to the XO 1.75 and
ifconfig indicated that eth1 and eth2 were both on 172.18.96.1.  On DXS,
whenever I've forgotten to edit default_vars.yml for my interfaces, I can
edit that file, rerun ./runansible, and everything gets sorted out.

What I discovered is that now runansible apparently generates an ifcfg file
for the LAN interface in /etc/sysconfig/network-scripts.  After attempt #1
with the default interfaces (eth0 for WAN and eth1 for LAN) and attempt #2
with my edits (eth1 for WAN and eth2 for LAN), now I had ifcfg-eth1 and
ifcfg-eth2 in there:

DEVICE=eth1
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:1C:49:01:04:27
IPADDR=172.18.96.1
NETMASK=255.255.224.0
ONBOOT=yes

DEVICE=eth2
BOOTPROTO=static
DHCPCLASS=
HWADDR=00:E0:4C:53:44:58
IPADDR=172.18.96.1
NETMASK=255.255.224.0
ONBOOT=yes

Before I figured out what was going on, I rebooted a couple of times and
was perplexed that both eth1 and eth2 kept coming up on 172.18.96.1.

So, I deleted ifcfg-eth1, reran ./runansible, rebooted, and now networking
is fine.  WAN is eth1 on 192.168.1.11 and LAN is eth2 on 172.18.96.1, like
it's supposed to be.

What we should probably do is discard any ifcfg-eth# files first thing so
there aren't any old ones lingering about to muck up networking.

Anna
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] github workflow

2013-10-23 Thread Anna
Santi wrote some excellent documentation on
https://sugardextrose.org/projects/dxs/wiki/git


On Wed, Oct 23, 2013 at 5:05 PM, Martin Dluhos mar...@gnu.org wrote:

 On 10/23/2013 02:38 PM, George Hunt wrote:
  After some discussion at the sprint, I looked for documentation of the
 workflow
  as I understand it:
 
  https://www.atlassian.com/git/workflows#!workflow-forking
  https://www.atlassian.com/git/workflows#%21workflow-forking

 In case, the selected workflow doesn't show up for you as it didn't for
 me, the
 one we are using is Forking Workflow.

 ___
 Server-devel mailing list
 Server-devel@lists.laptop.org
 http://lists.laptop.org/listinfo/server-devel

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Chat on ejabberd from any browser with MUCkl

2013-10-13 Thread Anna
 = schoolserver.local; // domain name of jabber service
to be used
---
 var XMPPDOMAIN = localhost; // domain name of jabber service to be used
57c57
 var MUCKLPASS = 12muckl; // password
---
 var MUCKLPASS = muckl; // password
69,71c69,71
 name:'chat',
 description:'Welcome to the XSCE chat server',
 server:'conference.schoolserver.local'//,
---
 name:'test',
 description:'some room for testing',
 server:'conference.localhost'//,

If it's being hosted on an XO, I would recommend this additional edit to
config.js, from false to true  Otherwise it can take a long time to
feed the chat scrollback to the web clients.

/* CONFERENCENOHIST
 * whether to not show room history upon joining
 */
var CONFERENCENOHIST = true;

This isn't necessary, but it can speed things up a little bit, so I prefer
to get rid of the background image by commenting this line out in muckl.css:
# background: url(images/mucklbg.jpg) repeat;

After all this, any user from any browser on most every platform or device,
if they're able to hit the XSCE/DXS's Apache server whatsoever, should be
able to go to http://schoolserver/chat, or even just the LAN IP, my local
example is http://192.168.1.7/chat.  Then enter a nick, hit enter, and
gossip on the ejabberd server.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] [XSCE] ansible

2013-10-12 Thread Anna
 Fri, Oct 11, 2013 at 10:04 AM, tkk...@nurturingasia.com wrote:

 Managed to install it. Nice ansible and all the goodies for server
 management


An install note - sometimes the first runthrough of runansible fails for
me.  Not always, I think it's the vagaries of my internet and/or wifi.  I
simply runansible again (and again, if needed) until it finally finishes.


 How stable is the system? I am able to load the IIAB demo files (on a USB
 stick). It will work for a while and then crash...


Just as on the XSCE, on the DXS we've noticed stability issues on low end
1.75 units.  The 1.75's with 512MB of RAM, to be specific.  In particular,
yes, IIAB crashes the low end 1.75 if a few (as in 3) clients try to access
IIAB content at the same time.   I think folks determined it was some sort
of kernel issue.  But yeah, the system freezes up, is totally unresponsive
even on the local console, and I have to do a hard reboot (as in walk
over to it, press down the power button till it powers off, then power back
up). I don't try to put that crappy 1.75 up on my public URL anymore,
I've found it to be entirely too unstable.  However, my testing cycles can
be very short and rather specific, thus sometimes I need to reflash a unit
several times a day.  For those testing cycles confined to my LAN, I mostly
use the crappy 1.75 because it wouldn't break my heart if it broke,
unlike these units below:

*What I have found to be very stable for XSCE and DXS*

1.  The XO 1.5 (got one up right now public, uptime 9 days with the full
IIAB TB drive)

Apparently there's almost 1GB RAM
[root@schoolserver] html free -m
 total   used   free sharedbuffers cached
Mem:   936824112  0 60543


2.  The XO 1.75 HS with the chicklet keyboard

Looks like this thing has 840MB RAM?
-bash-4.2# free -m
 total   used   free sharedbuffers cached
Mem:   840418422  0 21146


3.  The XO-4

For stability testing, I typically make the XSCE or DXS public.  During
end of cycle testing, I try to keep the install up public at least a
week, if not longer.  I have ejabberd users who always notice when my
server goes down.  Not only can I see downtime in my scrollback in Pidgin
or Psi or Gajim (any chat client that handles XMPP), but my users will
literally call me on my telephone to let me know if my server is down.  So
far with XSCE/DXS testing, I haven't gotten any phone calls.  Again, the
only stability issue we've run into was when I tried to run the XSCE/DXS on
the crappy 1.75 with IIAB.

Anna



 -Original Message-
 From: Anna [mailto:ascho...@gmail.com]
 Sent: Friday, October 11, 2013 08:20 AM
 To: 'xsce-devel'
 Cc: 'Server Devel'
 Subject: Re: [XSCE] ansible
 
 Couple of postinstall notes:
 
 xs-authserver has some sort of conflict with the library versions that
 IIAB
 installs.  This gets xs-authserver working (don't worry, it doesn't break
 IIAB):
 pip install --upgrade --force-reinstall Werkzeug Flask
 systemctl restart xs-authserver
 
 OLPC Backup needs a permissions fix in /etc/rssh.conf, so uncomment:
 allowrsync
 allowsftp
 
 Here's my testing checklist.  Thought I'd paste this in so y'all can see
 how similar to XSCE DXS is, and also how to access DXS specific things
 like
 Munin, Ajenti, and xs-authserver.
 
  Item Access from Note dhcpd Client Client gets an IP address in the
 172.18.x.x range   dhcpd Server Check /var/lib/dhcpd/dhcpd.leases for
 client leases   idmgr Client Registration - Register the XOidmgr
 Server Check
 /library/users for the XO's Serial Number dir   ejabberd Client 2
 registered clients can see each other   ejabberd Server `ejabberdctl
 connected_users` reports the 2 registered clients  ejabberd Clients Share
 the chat activity and communicate   httpd Client http://schoolserver and
 http://schoolserver.local resolves to Apache test page  Moodle Client
 http://schoolserver.local/moodle autologs in   Authserver Client
 http://schoolserver.local:5000 greets with the XO buddy name  Squid
 Server Check
 /library/cache size, load webpage on client, verify size has increased
 Dansguardian Client Try to look at porn? No way!IIAB Client
 http://schoolserver/iiab resolvesOLPC-Backup Server du -sk
 /library/users/* indicates backups   Stats Server A client's rrds are in
 /library/sugar-stats/rrd/   Monit Server Halt services and see if they
 restartMunin Client http://schoolserver/munin user:admin
 pass:munindxs
 Ajenti Client http://schoolserver:9990 user:root pass:admin   Ajenti
 Wondershaper Client Verify bandwidth edits via online speedtest such as
 speakeasy.net/speedtest  Upload Activity N/A
 /var/www/html/upload_activity.php
 is currently not present - WIP
 
 
 On Thu, Oct 10, 2013 at 2:46 PM, Anish Mangal an...@activitycentral.com
 wrote:
 
  Documented in the githup repo here:
 
  https://github.com/activitycentral/dxs/blob/master

[Server-devel] SSH Tip for XSCE and DXS Installs on XOs

2013-10-11 Thread Anna
It seems like I set up a new XSCE or DXS about every 15 minutes (slight
exaggeration).  I know the XSCE has an admin user with the password
12admin, but I rarely log in that way.  And the admin user doesn't get
created until after the XSCE install is done or at all on the DXS.  On the
USB drive I use to flash the target XOs, I keep an authorized_keys file and
a little script to set up ssh:

#!/bin/bash
mkdir /home/olpc/.ssh
cp authorized_keys /home/olpc/.ssh
chmod 700 /home/olpc/.ssh
chmod 644 /home/olpc/.ssh/authorized_keys
chown -R olpc:olpc /home/olpc/.ssh
su -c 'systemctl enable sshd.service'
su -c 'systemctl start sshd.service'
exit

After I flash a new target machine, I do the usual in Sugar (disable power
mgmt, connect to wifi if a one dongle install), then switch to a root
console with ctrl+alt+f2.  I cd to the usb drive, do `sh ssh-setup.sh` (the
USB drive is FAT32) and by the time I walk back over to my desktop, ssh is
configured and I can get right in with `ssh olpc@192.168.1.10` or whatever
the XO's IP is.

The only caveat is if you're using that same USB drive for xs-repo during
an XSCE install, cd out of it afterwards.  If any user is in the drive as
their working dir, the XSCE install will throw errors.

Part of my testing is to put the XSCE or DXS public, so the authorized_keys
file on my USB drive not only includes my pubkeys, but also the keys of
folks who sometimes need to ssh in and take a look at things.  I have
problems with script kiddies when running ssh public on port 22, so I
typically disallow password logins.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] [XSCE] ansible

2013-10-10 Thread Anna
Some quick instructions for installing the DXS.  I've only tested on a XO
1.75 as the target so far.

On your target machine:
Flash 13.2.0-13
Turn off power management
Connect to internet
Get a root terminal

Install from git source:

wget
http://xsce.activitycentral.com/repos/xs-extra/noarch/ansible-1.3.1-0.git201309161027.fc18.noarch.rpm
yum -y localinstall ansible*
yum -y install git
git clone https://github.com/activitycentral/dxs.git dxs-master
cd dxs-master
git fetch -u --all
git checkout master
git pull
[plug in all your dongles]
./runansible xo
reboot
cd dxs-master
./runansible
reboot

Default is hostname = schoolserver.local and a one dongle install (WAN =
ears and LAN = usb ethernet dongle to AP).
To change that, edit dxs-master/vars/default_vars.yml accordingly before
doing ./runansible xo:

#Domain name
xsce_hostname : schoolserver
xsce_domain: local

#Network
xsce_networks:
wan:
  iface: eth0
  ip: dhcp
lan:
  iface: eth1
  ip: 172.18.96.1
  network: 172.18.96.0
  netmask: 255.255.224.0


On Thu, Oct 10, 2013 at 2:18 PM, Tim Moody t...@timmoody.com wrote:

   Anna, you mentioned instructions for doing an ansible install.  can you
 point me to them?

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] The concept of pushing content to clients

2013-10-06 Thread Anna
I got my Mom a refurb Kindle for $50 for her birthday.  This past Thursday,
she visited me for a few hours and we did a bit of training over takeout
from Dreamland BBQ.

What in the world does that have to do with the XO/DXS/XSCE ecosystem, you
might be asking?

For one, there's registration.  Mom entered her Amazon user/pass into the
Kindle.  Then it was registered and she could see the Kindle when she
looked at her Amazon account from her laptop.

After registration, I asked her to go into her Amazon account to put my
email address and the Tinderizer (I'll explain later) email address into
the approved email list.  That's so you can send things to
mom@kindle.comfrom an approved email address and it'll just
magically show up on her
Kindle.

I installed Calibre on her Windows laptop, which luckily went well.  She
understood it was like iTunes for books.  (Mom has an iPhone and an iPad,
she knows iTunes.)  Then I showed her some free ebook sites where she could
get content, how to import the downloaded books into Calibre, and how to
put that content onto the Kindle.

Where Mom was really fascinated was how you can push content onto the
Kindle.  If you don't have a Kindle, here's how it works (remember Mom put
my email address into the approved list):

1.  I find something interesting that Mom might like to read
2.  I email m...@kindle.com that content in a .txt file attachment and
simply put the word convert in the subject
3.  Mom connects her Kindle to wifi and it automagically downloads the
content

Now, Mom is a huge fan of the NYT, she actually pays money to subscribe.  I
set her up with http://tinderizer.com like I use.  Sometimes the NYT has
very long articles that I'd like to read later on the e-ink Kindle.
 Tinderizer is a bookmarklet that, once you set it up (and setup is very
simple), it's one click to push it to the Kindle.  Once the Kindle is
connected to wifi, that content just magically shows up on the device.
 If I know I'm going to be offline for a while, or just want to sit out on
the porch in the sunlight, I'll browse for articles to push to the Kindle
to read later.  Instapaper is another option I've heard good things about,
but it doesn't sound as simple.

In my case, reading thoughtful, longform articles on my computer screen is
sometimes difficult, so I quite prefer them on the Kindle's eink screen.
 And reading offline minimizes distractions.

I know you're still wondering, what does this have to do with the
XO/DXS/XSCE ecosystem!  The concept of pushing content to client devices,
which then automagically shows up with no effort from the end user.  And
it's not a link, it's the full content, so the user only needs to have a
connection for a few minutes while the queued up content is pushed.

Many folks might think Amazon is evil or whatever, but their content
delivery system is notable and somewhat revolutionary as far as end users
are concerned.

Also, take note of this Kindle based project:  http://www.worldreader.org/

As we're going into XSCE 0.5 and thinking about value added stuff, lemme
just throw this concept in.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] [ANNOUNCE] XSCE-0.4 released!

2013-10-03 Thread Anna
Everyone has been waiting patiently for the latest release of School Server
Community Edition and here it finally is!  The XSCE 0.4 release is ready to
go for deployments on most hardware iterations.  But say you’re a hobbyist
with just a single XO-1 and an old computer for the XSCE?  This is a fun
and easy way for you to try out a server with the equipment you’ve already
got.  XSCE 0.4 provides many value-added features for both end-users and
deployers.  Give it a try, you will not be disappointed.

End users:

   -

   Moodle, a free software e-learning platform, or Learning Management
   System, or Virtual Learning Environment, available without internet,
   -

   Internet-in-a-Box, an electronic resources library, available without
   internet (download a test dataset -
   http://downloads.internet-in-a-box.org/IIAB_QuickStart_Sampler_20130809.tgz
   ),
   -

   Internet Content filtering via Dansguardian,
   -

   Customization stick for quickly adding activities and content.

Deployers:

   -

   Install without needing internet,
   -

   Automatic monitoring of services for long-term unattended operation,
   -

   Usage statistics collection (optional, requires compatible clients),
   -

   Remote administration via secure connection (optional),
   -

   Supported on low cost, commodity hardware, minimum 512 Mb,
   -

   Supported on low cost, low power, Trimslice and Raspberry Pi.


Install - http://wiki.laptop.org/go/XS_Community_Edition/0.4/Installing

Hack - http://wiki.laptop.org/go/XS_Community_Edition/0.4/Hacking

Known issue(s)

   -

   Internet-in-a-Box may perform poorly on inadequate hardware.


Getting support

   -

   Check the FAQ http://wiki.laptop.org/go/XS_Community_Edition/FAQ and
   known issues from above.
   -

   Join the #schoolserver IRC channel on irc.freenode.net.  Lurkers
   welcome, just hang out for a while until you get comfortable enough to
   participate.
   -

   Ask by mail on xsce-devel@ or server-devel@ mailing lists,
   -

   Open a bug report at https://sugardextrose.org/projects/xsce and wait
   for the team to respond.


Best,

The XSCE team
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Weekly log rotation

2013-09-18 Thread Anna
Oops, forgot to copy server-devel


On Wed, Sep 18, 2013 at 10:55 PM, Anna ascho...@gmail.com wrote:

 Was weekly log rotation supposed to be a thing?  I thought we talked about
 it.

 Here's the XSCE on an XO 1.5, running like a champ for this uptime on
 xs-config-0.8.4.260.g5388399-1.noarch

 [root@schoolserver] ~ uptime
  03:43:11 up 8 days,  3:22,  2 users,  load average: 0.14, 0.24, 0.27
 [root@schoolserver] ~ ls /var/log
 btmp  httpd monit.log   ppp
  spooler  user.logyum.log
 cron  lastlog   moodle  puppet
 squidwpa_supplicant.log
 dansguardian  maillog   moodle-instupg.log
  pwr-SHC0050085F-130911_002052.csv  sugar-stats  wtmp
 ejabberd  messages  powerd.tracesecure
 tallylog xs-setup.log

 I've poked into dirs in /var/log and don't see any log rotation.  But
 secure should be rotating, if log rotation is working.

 Anna

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Weekly log rotation

2013-09-18 Thread Anna
On Wed, Sep 18, 2013 at 11:50 PM, James Cameron qu...@laptop.org wrote:

 Things to check:

 - is crond running?  (it isn't present by default on OLPC OS)


[root@schoolserver] ~ systemctl status crond.service
crond.service - Command Scheduler
   Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled)
   Active: active (running) since Wed 2013-09-11 00:20:49 GMT; 1 weeks 1
days ago
 Main PID: 513 (crond)
   CGroup: name=systemd:/system/crond.service
   └─513 /usr/sbin/crond -n

Warning: Journal has been rotated since unit was started. Log output is
incomplete or unavailable.



 - is logrotate installed?


[root@schoolserver] ~ whereis logrotate
logrotate: /sbin/logrotate /usr/sbin/logrotate /etc/logrotate.conf
/etc/logrotate.d

- is /etc/cron.daily/logrotate present?


[root@schoolserver] ~ cat /etc/cron.daily/logrotate
#!/bin/sh

/usr/sbin/logrotate /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate ALERT exited abnormally with [$EXITVALUE]
fi
exit 0


 - is /etc/logrotate.d/syslog present?


[root@schoolserver] ~ cat /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2 /dev/null` 2 /dev/null || true
endscript
}




 On Wed, Sep 18, 2013 at 11:10:39PM -0500, Anna wrote:
  Oops, forgot to copy server-devel
 
 
  On Wed, Sep 18, 2013 at 10:55 PM, Anna ascho...@gmail.com wrote:
 
  Was weekly log rotation supposed to be a thing?  I thought we talked
 about
  it.
 
  Here's the XSCE on an XO 1.5, running like a champ for this uptime on
  xs-config-0.8.4.260.g5388399-1.noarch
 
  [root@schoolserver] ~ uptime
   03:43:11 up 8 days,  3:22,  2 users,  load average: 0.14, 0.24, 0.27
  [root@schoolserver] ~ ls /var/log
  btmp  httpd monit.log   ppp

 spooler  user.logyum.log
  cron  lastlog   moodle  puppet

  squidwpa_supplicant.log
  dansguardian  maillog   moodle-instupg.log
   pwr-SHC0050085F-130911_002052.csv  sugar-stats  wtmp
  ejabberd  messages  powerd.tracesecure

  tallylog xs-setup.log
 
  I've poked into dirs in /var/log and don't see any log rotation.  But
  secure should be rotating, if log rotation is working.
 
  Anna
 
 

  ___
  Server-devel mailing list
  Server-devel@lists.laptop.org
  http://lists.laptop.org/listinfo/server-devel


 --
 James Cameron
 http://quozl.linux.org.au/

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] [XSCE] Re: Weekly log rotation

2013-09-18 Thread Anna
On Thu, Sep 19, 2013 at 12:38 AM, Jon Nettleton jon.nettle...@gmail.comwrote:

 What does your /etc/logrotate.conf look like?  One option for logrotate is
 to only rotate if the logs have reached a certain size.


My understanding was it was supposed to rotate weekly no matter what.

[root@schoolserver] ~ cat /etc/logrotate.conf
# see man logrotate for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}

/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}

# system-specific logs may be also be configured here.
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XSCE testing note for the xsce-devel repo

2013-09-11 Thread Anna
It's been my understanding for a long time to always test from Master,
which is http://xsce.activitycentral.com/repos/xsce-devel.repo.  So that's
the repo I've been downloading into /etc/yum.repos.d.  Well, I just found
out that doesn't pull in everything, in particular the xsce-0.4-fixes repo,
which is required for the patched ejabberd rpm.

So, going forward, unless someone says something different, here's what
testers need to do during the development cycle:  follow the instructions
on the install page where it says to wget
http://xsce.activitycentral.com/repos/xsce-rel4.repo into /etc/yum.repos.d.
 And then edit xsce-rel4.repo to enabled=1 for [xsce-devel].

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] [XSCE] XSCE devel scrum on #schoolserver

2013-09-10 Thread Anna
I've currently got a public instance of the XSCE up in my house at
http://schoolserver.alabamaxo.org (but I change servers from time to time
during testing cycles so don't be surprised if tomorrow it's back on the
big old Dell with XS 0.6 or something else).

XO 1.5 with 1GB RAM
Class 6 SD card as swap
Two ethernet dongles
Full IIAB hard drive courtesy of Braddock

Several of us hit IIAB content at once and it was very, very slow (even
just over my LAN), but the machine hasn't crashed yet.  What we had
stability issues with before was the low end 1.75 which only has 512MB
RAM.  It just took a few folks hitting IIAB for it to freeze up completely,
necessitating a hard reboot.  Unfortunately, my low end 1.75's SD card
slot is broken and I can't test out swap on an SD card.

I'd like to encourage folks who have the ability and willingness to
publicly host their test XSCE's.  It's a lot of fun to have a testing party
over IRC!  And I mean, come on, out of the entire XSCE testing group, the
only person set up to test over the internet is an English major in Alabama?

Anna Schoolfield
Birmingham


On Tue, Sep 10, 2013 at 5:34 PM, Anish Mangal an...@activitycentral.comwrote:

 Hi,

 We had our very first IRC scrum earlier today. Thanks to all those who
 attended. The meeting was logged.

 =Rolling agenda document is here=

 https://docs.google.com/document/d/1o6QtzLb6e58YKWqMf_junux2XyBRLFm31un8YLcYslg/edit

 =Key highlights/minutes=

 * Both RC-2 and stable release have been deferred by a week to 19th and
 26th September respectively. This has been done in light of the recent
 breakages, and to allow sufficient time to test on various supported
 platforms.

 * At some point (hopefully later this week) a separate RC-2 (Release
 Candidate) branch will be created, after the major issues have been
 resolved, and the buildbot will start automatic builds from that branch.

 * There is some lack of clarity of the performance of IIAB (Internet In A
 Box) on XO-1.5, XO-1.75 with/without extra swap memory. Anna will create a
 public instance of XSCE-0.4 on an XO-1.5 at
 http://schoolserver.alabamaxo.org.* *Once the server is up, she will
 announce it here, and all of us are encouraged to test it as much as
 possible.

 * XSCE-0.4 RC2 will be presented at makerfaire http://makerfaire.com Sept
 21/22 in NYC

 =Request to community=
 We are getting very close to the RC-2 and stable release. You are
 encouraged to test the builds as much as possible, on whatever platform you
 have access to, in whatever configuration you find comfortable. These
 efforts would be most effective *once the RC-2 branch has been created
 (it will be publicly announced again).*

 =Here are the minutes as recorded by the bot=
 https://sugardextrose.org/issues/4630

 =Here are the full logs=

 https://sugardextrose.org/attachments/3132/schoolserver.2013-09-10-16.03.log.txt

 Best,
 Anish



 On Mon, Sep 9, 2013 at 11:18 AM, Anish Mangal 
 an...@activitycentral.comwrote:

 Reminder to all. XSCE scrum on IRC at  1600 UTC / 0900 PDT / 1100 CDT /
 1200 EDT tomorrow. Please start thinking about your agenda items :-)


 On Tue, Sep 3, 2013 at 4:33 PM, Anish Mangal 
 an...@activitycentral.comwrote:

 Okay, so based on the responses I've received so far, all weekdays, and
 1600 UTC seems like the best time slot. So I'll propose we hold weekly XSCE
 meetings on

 Tuesdays, 1600 UTC / 0900 PDT / 1100 CDT / 1200 EDT

 If somebody has an issue with that time, please speak up :)

 Best,
 Anish



 On Sat, Aug 31, 2013 at 8:01 PM, Anish Mangal an...@activitycentral.com
  wrote:

 Yes exactly.
 On Aug 31, 2013 7:22 PM, Kevin Mark kevin.m...@verizon.net wrote:

 On Sat, Aug 31, 2013 at 12:56:29PM -0700, Anish Mangal wrote:
 +1
 We could use the services of xsceBOT :-)
 (uhps... sent the previous email from the wrong from: address :/
 - gmail compose
 sucks)

 I know some Fedora folks who used a meeting bot (based on supybot).
 You give a
 command like 'start meeting' and 'end meeting', it logs the meeting
 and sends
 it as an email or something and you can add bullet points.
 -k

 
 
   On Sat, Aug 31, 2013 at 12:41 PM, Anna [1]ascho...@gmail.com
 wrote:
 
 I know the policy for #schoolserver is that logs aren't kept,
 but in the interest
 of transparency, perhaps we could log official
 #schoolserver meetings.  One of
 the nice things about meeting on IRC vs. Skype is that IRC
 meetings axiomatically
 have transcripts.
 Anna
 
 On Sat, Aug 31, 2013 at 1:25 PM, Anish Mangal [2]
 an...@activitycentral.com
 wrote:
 
   Hi,
   For some time now, people (including me) have been mulling
 the idea of having
   XSCE development meetings on IRC in complement to the
 weekly skype calls.
   Conversation on the #schoolserver channel has gradually
 been growing too. I
   would like to propose that we start holding weekly regular
 planning and scrum

Re: [Server-devel] [XSCE] XSCE devel scrum on #schoolserver

2013-09-03 Thread Anna
I agree with Anish, we need some buffer time between the two meetings.  As
much as I like all y'all, I'd prefer to not have to deal with two meetings
in one day.

Our Thursday Skype calls are useful, but IRC meetings are a totally
different animal when it comes to this stuff.  Specifically getting into
the nitty gritty details.  When we're speaking to each other by voice, I
have to pay constant attention to what people are saying vocally and
therefore can't go google something real quick or examine a config file.
 Maybe it's just me, but when it comes to paying attention to phone calls,
I can't do much else at the same time and process everything the way I need
to.

There's a lot more latitude in IRC meetings because I can easily scan the
scrollback if my attention was diverted for a couple of minutes while
testing a change, looking at something, etc.

To generalize very heavily: Skype is better for general things (and it's
great to hear everyone's voices, of course), but IRC is better for work
sessions.  At least in my experience.

Bottom line, I don't feel like I need to have an XSCE booted up during
Skype calls.  But I would during an IRC meeting.

The meeting methods are two totally different frames of mind for me and I
think they belong on different days.

Anna


On Tue, Sep 3, 2013 at 7:40 PM, Anish Mangal an...@activitycentral.comwrote:

 I think Tuesday is good. It will help allow some buffer time between the
 two meetings. If it doesn't work out well, we'll shift to Thursday after a
 couple of weeks.

 Okay?

 Cheers,
 Anish



 On Tue, Sep 3, 2013 at 5:38 PM, Adam Holt h...@laptop.org wrote:

 I'd much prefer Thursday on the same day as our voice meetings.  Or was
 this separated by sev days for a reason?


 On Tue, Sep 3, 2013 at 7:33 PM, Anish Mangal 
 an...@activitycentral.comwrote:

 Okay, so based on the responses I've received so far, all weekdays, and
 1600 UTC seems like the best time slot. So I'll propose we hold weekly XSCE
 meetings on

 Tuesdays, 1600 UTC / 0900 PDT / 1100 CDT / 1200 EDT

 If somebody has an issue with that time, please speak up :)

 Best,
 Anish



 On Sat, Aug 31, 2013 at 8:01 PM, Anish Mangal an...@activitycentral.com
  wrote:

 Yes exactly.
 On Aug 31, 2013 7:22 PM, Kevin Mark kevin.m...@verizon.net wrote:

 On Sat, Aug 31, 2013 at 12:56:29PM -0700, Anish Mangal wrote:
 +1
 We could use the services of xsceBOT :-)
 (uhps... sent the previous email from the wrong from: address :/
 - gmail compose
 sucks)

 I know some Fedora folks who used a meeting bot (based on supybot).
 You give a
 command like 'start meeting' and 'end meeting', it logs the meeting
 and sends
 it as an email or something and you can add bullet points.
 -k

 
 
   On Sat, Aug 31, 2013 at 12:41 PM, Anna [1]ascho...@gmail.com
 wrote:
 
 I know the policy for #schoolserver is that logs aren't kept,
 but in the interest
 of transparency, perhaps we could log official
 #schoolserver meetings.  One of
 the nice things about meeting on IRC vs. Skype is that IRC
 meetings axiomatically
 have transcripts.
 Anna
 
 On Sat, Aug 31, 2013 at 1:25 PM, Anish Mangal [2]
 an...@activitycentral.com
 wrote:
 
   Hi,
   For some time now, people (including me) have been mulling
 the idea of having
   XSCE development meetings on IRC in complement to the
 weekly skype calls.
   Conversation on the #schoolserver channel has gradually
 been growing too. I
   would like to propose that we start holding weekly regular
 planning and scrum
   meetings to discuss plans and ideas around XSCE
 development. I don't have any
   structure in mind yet, so we can largely go off where the
 community wants it
   to.
   I don't what's the best time for anybody who might be
 interested, so I created
   this: [3]http://whenisgood.net/q72f3wf
   Thoughts?
   Best,
   Anish
 
   --
   Anish | [4]an...@sugarlabs.org
 
  References
 
 Visible links
 1. mailto:ascho...@gmail.com
 2. mailto:an...@activitycentral.com
 3. http://whenisgood.net/q72f3wf
 4. mailto:an...@sugarlabs.org





 --
 Unsung Heroes of OLPC, interviewed live @ http://unleashkids.org !



___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] [XSCE] XSCE devel scrum on #schoolserver

2013-08-31 Thread Anna
I know the policy for #schoolserver is that logs aren't kept, but in the
interest of transparency, perhaps we could log official #schoolserver
meetings.  One of the nice things about meeting on IRC vs. Skype is that
IRC meetings axiomatically have transcripts.

Anna


On Sat, Aug 31, 2013 at 1:25 PM, Anish Mangal an...@activitycentral.comwrote:

 Hi,

 For some time now, people (including me) have been mulling the idea of
 having XSCE development meetings on IRC in complement to the weekly skype
 calls. Conversation on the *#schoolserver* channel has gradually been
 growing too. I would like to propose that we start holding weekly regular
 planning and scrum meetings to discuss plans and ideas around XSCE
 development. I don't have any structure in mind yet, so we can largely go
 off where the community wants it to.

 I don't what's the best time for anybody who might be interested, so I
 created this: http://whenisgood.net/q72f3wf

 Thoughts?

 Best,
 Anish



___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Testing XSCE 3 on XO 1.5 2GB os855

2013-06-14 Thread Anna
I posted how to transfer the /var/cache/yum contents from one XSCE to
another a while ago on the wiki.  This is what I do to save time when I'm
repeatedly installing the XSCE.

http://wiki.laptop.org/go/User:Holt/XS_Community_Edition/0.3/Configuring#Manually_saving_yum_cache_for_repeat_installations
Manually saving yum cache for repeat installations

Currently we're testing keeping the yum cache on a USB drive so subsequent
installations go faster, but if you're having issues with getting that to
work, there's a manual option. The XSCE installation process tells
/etc/yum.conf to keep the yum cache, rather than the default XO behavior of
discarding it. After a successful installation, you can pack up the yum
cache to tote to another installation:

cd /var/cache/yum
tar cf xsce.tar *

Copy the tarball off. Unpack it on an XO with the same architecture and
Fedora version.

tar xvf xsce.tar -C /var/cache/yum




On Fri, Jun 14, 2013 at 7:54 PM, David Farning dfarn...@activitycentral.com
 wrote:

 Sorry. I was not clear. I was blending your good 'customer
 requirement' into a team discussion that started months ago about
 stable vs development code and documentation :)

 All the documentation for 0.4 (devel/unstable) is available at
 http://wiki.laptop.org/go/User:Holt/XS_Community_Edition/0.4 .

 I meant to suggest that we add the USB install information as a clause
 to http://wiki.laptop.org/go/User:Holt/XS_Community_Edition/0.4/Installing
 . That way, the information would be publically available to lead
 users like you without implying that it is guaranteed to work. Welcome
 to the bleeding edge.

 On Fri, Jun 14, 2013 at 7:14 PM, David Leeming
 da...@leeming-consulting.com wrote:
  OK ... but can you give me a preview, I will test it and give feedback
 
  David
 
 
  -Original Message-
  From: David Farning [mailto:dfarn...@activitycentral.com]
  Sent: Saturday, 15 June 2013 10:34 a.m.
  To: David Leeming
  Cc: George Hunt; Jerry Vonau; server-devel
  Subject: Re: [Server-devel] Testing XSCE 3 on XO 1.5 2GB os855
 
  Let's add it to the 0.4 install section since it has not passed anna's
  QA for 0.3.
 
  Seem reasonable?
 
  On Fri, Jun 14, 2013 at 5:10 PM, David Leeming
  da...@leeming-consulting.com wrote:
  Hi George
 
 
 
  It’s a great job the XSCE team has done and good thinking on the offline
  install.
 
 
 
   – would it be possible to add step by step instructions on using the
 yum
  cache for a subsequent offline install, to the wiki please?
 
 
 
  David
 
 
 
  From: George Hunt [mailto:georgejh...@gmail.com]
  Sent: Friday, 14 June 2013 8:41 p.m.
  To: David Farning
  Cc: David Leeming; Jerry Vonau; server-devel
  Subject: Re: [Server-devel] Testing XSCE 3 on XO 1.5 2GB os855
 
 
 
  There were kernel problems with 11.3.1 which kept us from getting the
 XO-1.5
  to become an XSCE.  It was only with the 13.1.0 release, that we were
 able
  to get the network adapters to work properly after a reboot.
 
 
 
  So I'm afraid that everyone will save a lot of time, and pain, in the
 long
  run, if the install procedure is followed exactly.
  (
 http://wiki.laptop.org/go/User:Holt/XS_Community_Edition/0.3/Installing)
 
 
 
  We were not able to test adequately the offline install for subsequent
 XSCE
  installations to have it be part of the 0.3 release. But for situations
  where internet access is slow, and expensive, it is possible to use a
 USB
  stick to transfer the rpm packages contained in the /var/yum/cache from
 the
  first XSCE to the next one, and greatly speed up the install process.
 (And
  if you leave a USB stick in the XSCE, during the first install, it is
 our
  intention, and design, that the /var/yum/cache will be copied to that
 USB
  stick during the install process on that first machine -- and then used
  automatically on a subsequent install)
 
 
 
  George
 
 
 
  On Thu, Jun 13, 2013 at 10:31 PM, David Farning
  dfarn...@activitycentral.com wrote:
 
  Hmm, that is an interesting point that we kind of took for granted.
 
  Our goal with the 'reference' hardware and software is to provide a
  known set of stuff which 'just works.' While other hardware, software,
  and features might work... they have not been tested.
 
  Maybe george or jerry have a good answer for you.
 
  At the risk of carbon dating myself... I grew up in the era where my
  nerdy friends and I drooled over the pages of 'Computer Shopper' for a
  9.6 kbit/s modem. Auto Resume for stalled downloads was a life saver:)
 
  Now, for simplicity, our testing involves reflashing everything to get
  back to a known state. As you point out, that is probably not the best
  assumption for low bandwidth areas.
 
  On Thu, Jun 13, 2013 at 8:36 PM, David Leeming
  da...@leeming-consulting.com wrote:
  Sorry just realised the XO is only installed with 11.3.1 (os855)
 
 
 
  However, is it still possible to work around? It’s not easy or cheap to
  download the os file.
 
 
 
  David
 
 
 
  From: David Leeming 

Re: [Server-devel] 12 Volt power system for School Servers.

2013-05-29 Thread Anna
On Wed, May 29, 2013 at 5:26 PM, James Cameron qu...@laptop.org wrote:


 If the AP was USB powered Wifi dongle, the problem goes away.


Speaking of, and this would only be appropriate for extremely small
deployments, but I started messing around on the XSCE with hostapd with a
wifi dongle this very afternoon.  It's been on my wishlist for a long time,
but earlier kernels didn't have support and it is such a PITA to compile
the XO kernel.

Anna
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS Community Edition: XO 1.75 installtion

2013-03-02 Thread Anna
On Sat, Mar 2, 2013 at 9:53 AM, tkk...@nurturingasia.com wrote:

 I followed the procedures here (
 http://wiki.laptop.org/go/User:Holt/XS_Community_Edition/0.2/Hacking#Installing)
 and manage get to the part where I was advice to take a coffee break
 (ejjaberd starting, etc).

 After a long wait I get the following info:

 systemctl start ejabberd-xs-service
 Job failed. See system journal and 'systemctl status' for detail


I always get that message about ejabberd failing to start during the
installation process.  It times out, then the installation process moves on.

Did the install continue after you got that message?  It should have done
some other stuff, then after another little while, it should have told you
to reboot.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS Community Edition: XO 1.75 installtion

2013-03-02 Thread Anna
Just to clarify, you're on a 1.75 running 12.1.0?  And before you started
doing anything in the instructions, did you plug in a USB wifi dongle
connected to a powered up AP?

My usual process for getting ready to install is:

1.  Flash 12.1.0 on a 1.75
2.  It reboots itself, I set the buddy name
3.  In NH, I connect to my home wifi
4.  Turn off power management in the Sugar Control Panel
5.  Plug in the ethernet cable that connects the usb wifi dongle to the AP
6.  Plug the AP's power into the wall outlet
7.  Insert the usb wifi dongle into the 1.75
8.  Open the terminal activity and start following the install instructions

On Sat, Mar 2, 2013 at 10:23 AM, tkk...@nurturingasia.com wrote:


 Must I use an external AP or there is more magic if the XO wirless can
 function as this ?


As far as I know, the XO's wifi chip doesn't support AP mode, so
unfortunately no.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS Community Edition: XO 1.75 installtion

2013-03-02 Thread Anna
We are just about to push some fixes and changes, so if you're not
impatient to try this out, I'd suggest waiting a couple of days or so.
Stay tuned for some news!

On Sat, Mar 2, 2013 at 11:31 AM, tkk...@nurturingasia.com wrote:


 Does Moodle, registration, etc work as usual with a complete install?


No Moodle, but the basic set of XS services listed here should work:
http://wiki.laptop.org/go/User:Holt/XS_Community_Edition/0.2/Test_Plan

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] A possible alternative to Pathagar: calibre2opds

2013-01-03 Thread Anna
I use Calibre for my ebook management on my regular desktop and a while ago
I saw a Calibre OPDS project.  Basically you run it against your Calibre
database and it generates a browsable catalog of your ebook collection.
Calibre is cross platform, as is calibre2opds.  Unfortunately calibre2opds
doesn't generate searchable catalogs, which is a huge issue with huge
collections.

To sum it up, I put my 600MB Calibre collection on a USB drive, ran
calibre2opds against it, and generated a web browseable catalog.  I
installed apache on a 12.1.0 XO-1, then mounted that USB drive on
/var/www/html/books.  Booted up a stock 12.1.0 XO-1, downloaded a few epubs
from Browse, and they straight up opened in Read.  I tried downloading a
book in rtf format, but that wanted to open in Write and then Write just
hung.  And no, the XO-1 doesn't know what to do with mobi files.

If you have a well organized Calibre library and don't intend to add books
all the time, this would be perfect for a schoolserver.  It doesn't require
anything extra.

If a school was upfront with which ebooks they needed, someone could create
that Calibre database and set up calibre2opds for it.  Ship it, it's done.
Lives in an apache dir, there's no messing with it.

Poking through my new Bookserver, I realize that I have not curated
things the way I should.  It's messy.  But it's just for my personal use.
Teachers could give little writeups, make sure the cover art is there, and
make sure all books are in multiple formats.  Most of my books are only in
mobi, since I do the vast majority of my reading on a Kindle 3.

As far as the server XO-1, it just needed a web server.  I could have
used lighttpd, but went with apache because that's what the XSCE is going
to use.  Seriously, all I did on the XO-1 was yum install httpd, started
the service, and mounted the USB drive on /var/www/html/books.

If you've never used Calibre, it is a very, very nice piece of software.
Like iTunes for ebooks.  Cross platform, and converts seamlessly (except
for PDFs.  That's always been crappy).  You can edit metadata, get
bookcovers, and insert your own blurb for the book.  There are also
plugins so you can strip DRM.  Not that I'm advocating this, but a teacher
could be visiting in the States and use her sister's library card or Amazon
account to download a lot of ebooks, then she could import those books into
Calibre and take them home and serve them up to her students.  But that's a
moral and legal issue outside our scope.

Just an option if Pathagar proves to be too problematic.

Reference Links:
http://calibre-ebook.com/
http://calibre2opds.com/

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Parallel Distributed Shell (pdsh)

2012-12-13 Thread Anna
://code.google.com/p/pdsh/
http://jaclindley.com/2009/04/20/system-administration-pdsh/
http://linux.die.net/man/1/pdsh
http://linux.die.net/man/1/pdcp


Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] A quick networking question

2012-02-28 Thread Anna
As long as the volunteers connecting with their laptops aren't familiar
with MAC spoofing, you can tell the XS's dhcp server to only hand out IP
addresses to XOs.  Instead of fooling with the bit about redirecting all
http traffic for unknown clients to kittenwar.net, leave that bit out or
redirect them to 172.18.0.1 so they can access the local XS but not get
outside.

Here's the writeup:

http://lists.laptop.org/pipermail/server-devel/2011-January/005341.html

Anyway, it's a thought.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Registering to XS stable FC9 0.6 with XO stable FC14 11.2.0

2011-07-24 Thread Anna
I was trying out 11.2.0 and attempted to register to my XS 0.6.  Sugar gave
me Registration Failed. Cannot connect to the server.

However, when I open Browse and click on the Local schoolserver link, I
get my XS homepage.  When I ping schoolserver, the XO knows the schoolserver
is at 172.18.0.1.

I can manually connect to Jabber over the LAN when I go to XO Guy - My
Settings - Network - Collaboration and enter in my XS URL.  But I can't
see XO Guys in my network neighborhood.  I tested Chat and it works if I
invite the FC14 XO from another machine and then click the chat invitation
on the FC14 XO, but obviously that is not ideal.

To be sure I didn't jack up something on my XS, I tested registration from a
freshly flashed FC11 OS860.  Worked fine, saw XO Guys and all that.

The XOs have cooperated great with XS 0.6 up until the FC14 11.2.0 build.
Are there known issues or workarounds that I've missed?

Has anyone been able to register to XS 0.6 with an XO running 11.2.0?

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Uploading files to the XS via a simple PHP form

2011-06-15 Thread Anna
A long while ago, a teacher contacted me wondering how he could upload files
to the XS.  He had a Mac, so I set him up with an XS login and a dir in
/var/www/html and he used CyberDuck to scp the files.  But what if it had
been a teacher who only had access to one of the school's XP machines?  The
IT policy is so strict you can't install anything.  While a few teachers
might be OK with scping files from an XO, most might not.

Now, I know Moodle handles file uploads, but some folks don't use it.  Or
they might prefer to upload certain things outside of Moodle where Apache
can serve it.

Aside from security concerns, and the vain hope that your users aren't
careless idiots, this is extremely easy to set up.

Obviously, take care if your XS faces the outside world.  On my test XS, I
put upload.html in /var/www/html/clubhouse, which is password protected with
.htaccess.  Seriously, this is all it takes to make the form:

 form enctype=multipart/form-data action=../upload.php method=POST
 Please choose a file: input name=uploaded type=file /br /
 input type=submit value=Upload /
 /form

In /var/www/html, I created upload.php which says where to upload the file
(the target).

?php
 $target = deaddrop/;
 $target = $target . basename( $_FILES['uploaded']['name']) ;
 $ok=1;

 {
 if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
 {
 echo The file . basename( $_FILES['uploadedfile']['name']).  has been
uploaded;
 }
 else
 {
 echo Sorry, there was a problem uploading your file.;
 }
 }
 ?

The last step was to create /var/www/html/deaddrop and set the permissions:

chown -R apache:apache deaddrop

So now all the user needs to do is go to
http://schoolserver/clubhouse/upload.html, enter the login credentials if
you've set that up, upload a file from their local drive, then go to
http://schoolserver/deaddrop to see it listed in the index.

Users can't delete files, of course.  Root needs to log in to take care of
that.  Which means if a careless idiot accidentally uploads, ahem, home
movies, that will be up there for all to see until someone with root access
can take care of it.

And there's nothing that would keep you from setting up a password protected
teachers lounge with individual upload.html files that point to individual
teacher's web directories.

As always, comments, suggestions, and criticism welcome.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] OLPC Australia XS concerns

2011-06-10 Thread Anna
On Fri, Jun 10, 2011 at 11:16 AM, Martin Langhoff martin.langh...@gmail.com
 wrote:


  the XO's WLAN can be the AP


 Note that running hostap is not a trivial endeavour.


Unless something's changed recently since the last time I looked, the XO's
wifi chip doesn't support hostapd.  The best I've been able to kludge
together (back when I used the XO as a portable XS to tote to training
sessions) was a USB-Ethernet adapter on eth1 connected to an old Linksys
AP.  If wifi was available, the XO's WLAN worked as eth0.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Question on number of iptables rules

2011-02-02 Thread Anna
On Wed, Feb 2, 2011 at 9:24 AM, Martin Langhoff
martin.langh...@gmail.comwrote:

 On Tue, Feb 1, 2011 at 6:28 PM, Anna ascho...@gmail.com wrote:
  My test XS at home has a FQDN and is open to the outside.  Therefore this
 is
  probably a pretty rare issue in XS land, but I thought I'd ask.

 In general, I'd keep it closed. It's not designed as a full internet
 server.


I do try to stay under the radar as much as possible.  I don't post the URL
anywhere.  I'm not even listed on the wiki as a Jabber server, relying on
word of mouth.  And what fun is having an XO chat server if other folks
can't join in?  Also, playing around with Moodle and Statusnet and stuff
like that is a lot more fun when there are other users.



  Here's my question - is the XS networking going to get wonky with 894
 extra
  iptables rules?

 Short answer - no.


Great!  I'm very glad to hear that.

I still had bots with empty user agent strings originating from the UK, US,
Italy, Spain, etc.  And I wanted to go ahead and block all bots who identify
themselves as such.

I put this in /var/www/html/.htaccess

SetEnvIf User-Agent ^-$ block=1
SetEnvIf User-Agent ^$ block=1
SetEnvIfNoCase User-Agent (bot|spider|spyder|yahoo) block=1
Order allow,deny
Allow from all
Deny from env=block

Now all blank user agent strings and even Googlebot get a 403.  (The User
Agent Switcher addon for Firefox is quite handy to test that with.)  I'll
probably have to add to the user agent list, but that should take care of
most of it for now.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Question on number of iptables rules

2011-02-01 Thread Anna
My test XS at home has a FQDN and is open to the outside.  Therefore this is
probably a pretty rare issue in XS land, but I thought I'd ask.

I noticed my ambient rx/tx traffic on eth0 had gone from really low (like
0.1 to 0.7 kB/s) to hovering between 5-20 kB/s.  I went through httpd's
access_log and error_log and blocked a bunch of IPs that looked kinda
sketchy.  Chinese and Russian search engine bots, script kiddies looking for
phpmyadmin, that kinda stuff.

Of course, I do have robots.txt disallowing all user agents, but we know
that's not always respected.

Then I thought, rather than play whack-a-mole with individual IPs, I'll just
block China and Russia altogether.  However, that brings up another
question.  Between China:
http://www.wizcrafts.net/chinese-iptables-blocklist.html  and Russia:
http://www.wizcrafts.net/russian-iptables-blocklist.html that's a ton of IP
addresses.

Getting them into /etc/sysconfig/olpc-scripts/iptables-xs is easy enough.  I
pasted the IP data into a file named banned_ips.txt and ran this little
script:

#!/bin/bash
for i in $( banned_ips.txt); do
iptables -A INPUT -s $i -j DROP
done

I didn't mess with iptables-xs.in, as I figured I might need to update
and/or straighten stuff out and a simple IP list is a lot easier to
manipulate.  Of course, restarting iptables reloads iptables-xs.in and the
block list is gone from iptables-xs.  No big deal, as the above script just
takes a couple seconds to run and they're back in there.

Here's my question - is the XS networking going to get wonky with 894 extra
iptables rules?  I know every incoming connection has to be checked against
it, so what's the max count of rules that's a good idea?  And is there a
better way to handle this?

Anna Schoolfield
Birmingham

P.S.  After blocking all these IPs, my ambient traffic has gone back down to
normal.
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Question on number of iptables rules

2011-02-01 Thread Anna
On Tue, Feb 1, 2011 at 8:46 PM, Tom Mitchell mi...@niftyegg.com wrote:

 It can help to block China and Russia but the way spam and denial
 of service botnets work that is more limited than you might wish.


Well, I'm not currently running a mail server, so luckily I don't have to
worry about that right now.  The Chinese and Russian stuff was in my httpd
logs.  And quite a bit of it, which gave me concern enough to want to block
those two countries.  I read that a lot of other server admins take a
similar approach.


 Two tools denyhosts and PortSentry come to mind.  They
 will deal with many blunt script attacks that come from anyplace on the
 globe even Iceland ;-)


I'm running ssh on a non standard port, and have never seen any attacks in
/var/log/secure.  Not sure how denyhosts is supposed to help me there.  As
far as port scanning, I try to keep available ports to a bare minimum.  I
did look into Fail2ban, but since my issue seemed to be mostly Apache
related, and the individual IPs varied quite a bit among the Chinese and
Russian ranges, I can have tons of unwanted traffic before that kicks in.


 With a system live on the internet it is often valuable to block
 everything first and then open exactly what you need
 for exactly those that need it.


So when I get weird stuff on port 80, I'm supposed to block the entire
internet from my web server except my friends and my Mom?  If I ask my Mom
her IP address, she's likely to give me her phone number.  Or maybe run
Apache on a random port?  Hey, y'all, when you try to go to my
schoolserver, just remember it's http://schoolserver.example.org:4329;  Not
likely.


 The number of rules by itself almost does not matter.
 Sometimes the order of rules matters more.


In iptables, I've got a few lines of regular stuff and then 894 drop
statements for the IP ranges that are likely going to be problematic.  Not
sure what kind of order almost 900 drop statements are supposed to be in.


 For example you can drop/block all connections to telnet
 and many other port services in a very early rule and never
 need to test your long list of IP address blocks.


The XS 0.6 doesn't ship with telnet and no one uses that any more anyway.
All I have open to the outside world are ports for Apache, Jabber, and ssh.
And my ssh port is non-standard and doesn't show up on a casual nmap -sS
anyway.  Again, never any issues logged as far as script kiddies poking
around at ssh.  And I do keep tabs on who's registered to the Jabber
server.  If I run  ejabberdctl stats registeredusers and there's a
ridiculous number, I can take a look at the  web admin interface to see
specifics.  And then there are folks on my Jabber server pretty much 24/7
and I have all the chat rooms logged.

I posted here because I wanted to know if 894 rules in iptables-xs was going
to be a problem on XS 0.6.  And if there was a better way to handle the
issue.


 Log files always need to be watched.


I do agree with you there.  I try to look in on my httpd logs every couple
of days.  And the XS 0.6 logwatch emails are quite informative.  I installed
alpine, so keeping up with them is fast and simple.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] wwwoffle?

2011-01-22 Thread Anna
On Sat, Jan 22, 2011 at 7:42 AM, Martin Langhoff
martin.langh...@gmail.comwrote:

 Hi Dan!

 Welcome to the jungle! I'm in the middle of prepping an XS release,
 and yes, wwwoffle would be a nice thing to include.

 If you search the list archives (google for
 'site:lists.laptop.org/pipermail/server-devel wwwoffle') Anna has
 written a bit of a howto and was keep on working towards making it a
 script to run. She's interested in this as well, maybe you can
 collaborate?


Wasn't me!  I tried to get it to work the other day on my test server, but
ran into an issue because port 8080 is already being used by Jabber's
http-bind.  (I've got MUCkl so folks can chat when all they have is web
access.  And do cool things like chat from a Kindle.)

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Administrative login for political reasons

2011-01-21 Thread Anna
On Fri, Jan 21, 2011 at 10:19 AM, Martin Langhoff martin.langh...@gmail.com
 wrote:

 On Thu, Jan 20, 2011 at 10:07 PM, Sameer Verma sve...@sfsu.edu wrote:
  You are hilariously evil 8-)~

 I think I'll scare new XS admins with if you have problems with
 managing your XS... we'll ask Anna to come help you... mbwahahahaha.


 New XS admins, particularly if they're new to Linux culture, should be made
aware that you don't just give the root password to anyone who asks for it.
I've personally been bullied by a project manager who had no business with
those credentials and was not very happy when I told her that It's on a
need to know basis and when further pressed, ...and you don't need to
know, so quit asking.  I'm not a control freak, but emailing root passwords
in clear text to nitwits, and only a nitwit would even ask for such a thing,
is just not done.

My test XS at home has no undeserved logins, but I still want to easily
monitor what's going on.

I've got a local Statusnet installation with XMPP integration, so I put this
in /etc/bashrc

curl -u security:password
http://schoolserver.example.org/statusnet/api/statuses/update.xml -d
status=`whoami` logged into `hostname` on `date`  /dev/null 21

It automaticallly posts to Statusnet when someone logs in.  Since my
personal Statusnet user follows the security user, the Statusnet XMPP bot
sends me a notification via my Jabber client.  My other users don't like
seeing all the login notice clutter, so I put the security user in the
Sandbox so those notices don't show up in the Public Timeline.

Statusnet is really a lot of fun and my users quite enjoy it, even posting
from Blackberries when they're out and about.  Not sure how it would scale
at a school, though.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Administrative login for political reasons

2011-01-19 Thread Anna
I think enough time has passed that I can write this up in case anyone else
runs into this situation.  Back when I was tussling with a school IT guy, he
demanded administrative access to the XSs.  Err, you do realize there is
no GUI whatsoever and all you're going to see is a prompt, right?  He was a
Windows guy and didn't want to admit he had no clue what to do with a CLI
only Linux system.  And got offended when I asked if he had an ssh client.
Well, Mr. Big Shot, here's your precious admin access.

I created an admin user and set a password.

adduser admin
passwd admin

I use passwords for ssh, but do run it on a nonstandard port, deterring the
script kiddies.

Having previously installed and set up ssmtp so the XSs could send me emails
via gmail, I edited /home/admin/.bashrc

echo 'Login Alert on' `hostname` `who -m` | mail -s Login Alert
m...@gmail.com

Being of a nosy disposition, particularly when it comes to what's going on
with my systems, I set it up to quietly log everything he did with this line
in /home/admin/.bash_profile

script -q /var/log/sessions/login-`date +%m-%d-%Y-%Hh-%Mm-%Ss`-`whoami`.log
 exit

Created and set permissions to a dir in /var/log that looks innocuous:

mkdir /var/log/sessions
chmod 777 /var/log/sessions

And just in case he reads something on the internet, here's some sudo rope
to hang himself with.  I can install and customize an XS in under an hour,
so whatever if he breaks it.  I was actually really looking forward to
pulling logs to prove he was out of his league.

visudo and then add an entry for admin under root.

## Allow root to run any commands anywhere
rootALL=(ALL) ALL
admin   ALL=(ALL)ALL

The hilarious bit was he claimed he logged into all my XSs and said
everything looked OK.  What?  I didn't get a single email notification and
/var/log/sessions was empty.  I checked /var/log/secure just to be
absolutely sure.  What a pompous liar.  And a liar who didn't know better
than to lie to someone who could prove it via system logs.

So that's my workaround for ignorant people who demand admin access.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.7 plans -- your thoughts please...

2011-01-18 Thread Anna
On Tue, Jan 18, 2011 at 4:31 PM, David Leeming da...@leeming-consulting.com
 wrote:


 I have never tried selecting the Gnome option, but a nice GUI would be
 useful for users with limited grasp of command line stuff for file
 management. Maybe that is available already


 David Leeming
 Solomon Islands Rural Link



Managing a system with Gnome sounds seductive, but I can't think of a faster
way to bork up a server than to let a novice admin loose in GUI tools with
root powers.

For file management, say a user level directory under /var/www/html, far
better to mount it with sshfs from a remote system (there's even a Windows
tool for that called dokan).  That way you can have the ease of a GUI
filesystem tool without the risks of actually running a Window Manager on
the server itself.  Not to mention installing Gnome and X Windows and all
the deps takes a ton of space.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.7 plans -- your thoughts please...

2011-01-18 Thread Anna
Reporting mechanisms would be useful, such as:

Squid reporting for the locations with internet access.

I've played around with sarg for ad-hoc reports, which really came in handy
when I got claims that the internet doesn't work.  Not only is it up, but
here's what folks are looking at.

On an ongoing basis, maybe sarg generated reports in a password protected
Apache dir so teachers and administrators can browse them.

Bandwidth and Device Reporting.

I heard fears that with open wifi, everyone and their brother would leech
the XS's internet.  So I use dhcpstatus and vnstat to generate a simple
daily report counting how many XOs, how many other devices, and how much
traffic there was.

http://lists.laptop.org/pipermail/server-devel/2010-April/004809.html

Even if a location doesn't have internet access, daily reporting of the
number of unique XOs that got IP addresses would probably be informative.
At least you'd have a quick way to see how many XOs are being brought to
school and be able to track that over time.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS-0.7 plans -- your thoughts please...

2011-01-18 Thread Anna
On Tue, Jan 18, 2011 at 11:12 PM, rihowa...@gmail.com
rihowa...@gmail.comwrote:


 In closing I would like to say, I do not think most administrators would
 care about RHEL6 or CentOS.  In fact they may prefer the modern up to date
 Fedora 14 features.

 Thanks

 rihowa...@gmail.com


Seconded.  Sticking to Fedora 14 would allow a lot more flexibility, keep
support mostly on the same page, and lend a certain comfort level to
existing admins for upgrading.  And there's a lot more online support for
Fedora than for CentOS or RHEL.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Notes on Flashing the NAND over the LAN

2011-01-17 Thread Anna
On Sun, Jan 16, 2011 at 9:43 PM, James Cameron qu...@laptop.org wrote:

 I don't know about the Apache version used on the XS, but on a desktop
 here the edit was in /etc/apache2/mods-available/reqtimeout.conf and
 changed

 RequestReadTimeout header=20-40,minrate=500
 RequestReadTimeout body=10,minrate=500

 to

 RequestReadTimeout header=20-40,minrate=50
 RequestReadTimeout body=20,minrate=50


I looked into this a little more and found, per
http://httpd.apache.org/docs/trunk/mod/mod_reqtimeout.html that module is
for Apache 2.2.15 and later.  The Apache version on XS 0.6 is a bit long in
the tooth.

[root@schoolserver ~]# httpd -v
Server version: Apache/2.2.9 (Unix)
Server built:   Jul 14 2008 15:36:56

Anyone have ideas for a workaround?

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Schoolserver and eth1

2011-01-16 Thread Anna
On Sun, Jan 16, 2011 at 2:16 PM, Dr. Gerald Ardito
gerald.ard...@gmail.comwrote:

 Will do.
 How do I do that?

 Thanks.
 Gerald


If you can't ssh in so you can copy and paste system output, you can put it
on a USB drive.

Plug a USB drive into the schoolserver and, depending on the motherboard,
you might hear a series of system beeps as it mounts.

Type mount to see where it is.  Mine looks like this:

/dev/sdc1 on /media/usb0 type vfat (rw,noexec,nodev,sync,noatime)

Now you can redirect standard output to text files on the usb drive.

[root@schoolserver ~]# lspci  /media/usb0/lspci.txt
[root@schoolserver ~]# ifconfig -a  /media/usb0/ifconfig.txt
[root@schoolserver ~]# cat /etc/udev/rules.d/70-persistent-net.rules 
/media/usb0/udev.txt

It doesn't matter what you name them, just be descriptive.  And if you're
going to take them to a Windows machine, I'd put .txt as a file extension.

Unmount the usb drive.

umount /media/usb0

Now you can take that usb drive to your regular computer and copy and paste
the contents of those text files in an email for us.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Notes on Flashing the NAND over the LAN

2011-01-16 Thread Anna
With the release of 10.1.3, I thought I'd revisit flashing an XO over the
LAN.  Here are my notes, if anyone's interested.

First off, if your AP is really old and only does B, you might run into
trouble.  The layout in my house is the XS in the front room with eth1
connected to a router.  The router goes to an AP sitting next to the XS and
a wall jack to the sleeping porch (it's a 1913 bungalow) with another AP
back there.  I call it my winter lab because there's a heater.  The front
room with the XS has been getting down to 40F, which is a bit chilly.

My two APs are different Linksys models.  The older one, which I picked up
from a thrift store for $5, only does B and usually works for most things.
The newer one does B/G.  I did have the older one in my winter lab but
swapped it out for the newer one, as you'll see.

I started off by using wget to download these two files in /var/www/html on
the XS:

http://build.laptop.org/10.1.3/xo-1/os860/os860.img
http://build.laptop.org/10.1.3/xo-1/os860/os860.img.fs.zip

I copied os860.img.fs.zip to fs.zip.  Then I set both my APs to the SSID of
OLPCOFW.  Since it was getting kind of cold, I went to my winter lab with
the B only AP (and the heater).  Plugged in an XO-1, held down all four game
keys, and powered on.  It saw the AP, associated to OLPCOFW, got an IP from
the XS, erased the nand, and then tried to flash it.  When I say try, it got
about 5 green blocks in before completely stalling.

Figuring the old AP was the problem, I swapped it out for the newer B/G AP
from the front room.  That AP worked.  Flashing the XO-1 over the LAN took
about half an hour, but it completed, rebooted itself, and was good to go.
For mass updates, this would probably be highly inefficient and you're
better off with USB drives or an XO set up to NAND Blast.  But it's a nice
option to have for the occasional reflashing.

I had other trouble with the B only AP, like when I put this in
/etc/sysconfig/network-scripts/ifcfg-eth0 on an XO:

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=dhcp
TYPE=Wireless
MODE=Managed
ESSID=OLPCOFW

Trying to associate with the B only AP in single user mode with ifup eth0
fails.  It works with the B/G AP, though.

So now that I've verified flashing the XO-1 over the LAN works with the B/G
AP, I'm curious to see if the XO 1.5 can do that as well.  Short answer -
no, I couldn't get it to work.

I used wget to download these two files into /var/www/html on the XS.

http://build.laptop.org/10.1.3/xo-1.5/os860/os860-4g.zd
http://build.laptop.org/10.1.3/xo-1.5/os860/os860-4g.zsp.fs.zip

I deleted the XO-1 fs.zip file and copied os860-4g.zsp.fs.zip to fs.zip.
Following the same procedure as the XO-1 LAN flashing, the XO 1.5 said it
was looking for ssid:OLPC-NANDblaster.  I renamed the AP to OLPC-NANDblaster
and this is all I got:

Trying disk:\fs.zip
Trying ext:\fs.zip
Trying NANDblaster
Boot device: /dropin-fs:nb15_rx Arguments:  ssid:OLPC-NANDblaster
Scan for: OLPC-NANDblaster found
Associate with: OLPC-NANDblaster
Waiting for server

And then it just sits there.  Oh, well, it would have probably taken a
couple of hours to flash over the LAN anyway.

Tip:  I like to include the IP addresses of my APs and the router in
/etc/motd.  Then I need only login to the XS to see where I put them so I
know where to go for their web interfaces.

cat /etc/motd

The Router is on 172.18.126.2
The B/G AP is on 172.18.126.3
The Salvation Army AP is on 172.18.126.4

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Notes on Flashing the NAND over the LAN

2011-01-16 Thread Anna
On Sun, Jan 16, 2011 at 8:49 PM, James Cameron qu...@laptop.org wrote:


 Yes, the XO-1.5 firmware attempts NANDblaster.  However, you might
 override this by attempting fs-update over HTTP:

ok fs-update http:\\server\os860-4g.zd

 I've just tried this here, and the green boxes cease on about the second
 line.  I remember I had to increase the maximum request duration on
 Apache last time I tested it.
  http://quozl.linux.org.au/


I only got about 3/4 of one green line before it pooped out.

fs-update http:\\172.18.0.1\os860-4g.zd

After many, many minutes it complains about Short read of zdata file

And then WARNING: The file specified 29489 chunks but wrote only 280
chunks

I'm not familiar enough with Apache to know what to edit as far as the
maximum request duration.  Any tips there?

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Notes on Flashing the NAND over the LAN

2011-01-16 Thread Anna
On Sun, Jan 16, 2011 at 9:43 PM, James Cameron qu...@laptop.org wrote:

 On Sun, Jan 16, 2011 at 09:22:19PM -0600, Anna wrote:
  I'm not familiar enough with Apache to know what to edit as far as the
  maximum request duration.  Any tips there?

 I think I found evidence in Apache logs of a timeout, so I changed this.

 I don't know about the Apache version used on the XS, but on a desktop
 here the edit was in /etc/apache2/mods-available/reqtimeout.conf and
 changed

 RequestReadTimeout header=20-40,minrate=500
 RequestReadTimeout body=10,minrate=500

 to

 RequestReadTimeout header=20-40,minrate=50
 RequestReadTimeout body=20,minrate=50

 (This has consequences for a server available to the general public,
 since denial of service attacks become slightly easier.  But on a local
 server your risk will be lower.)

 --
 James Cameron
 http://quozl.linux.org.au/



I can't grep anything on XS 0.6 in /etc/httpd resembling that, so this is
probably going to be a question for Martin.
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] IP Address Pools for XOs, known clients, and unknown clients on XS 0.6

2011-01-12 Thread Anna
I like to leave the AP open on my test XS 0.6 at home, but ran into an issue
with that yesterday.  I noticed the lights on my router blinking like crazy,
so I did a live tail on the squid access log to see what was going on.

tail -f /var/log/squid/access.log

And oh, my goodness.  One of my neighbors was on there checking his
Facebook, setting up his fantasy basketball team, and, ahem, looking at
copious amounts of adult material.  First I checked to see if I knew who it
was via the Facebook user id I found in the squid log.  No, I had never met
him, but Mr. Frank redacted strikes quite the caricature of a aging
redneck fratboy.  In typical passive aggressive Southern lady style, I'm
going to teach him a lesson.

I don't want to put encryption on the AP or fool around with content
filtering, so I'm going to use some dhcp tweaks and iptables to put up an
obstacle to web browsing by unknown clients.

Edits for /etc/sysconfig/olpc-scripts/dhcpd.conf.1

Under the subnet declaration, I added a class definition for the XOs.  This
works for the two XO 1.5 units I've got as well, but I'd verify the MAC on
any of those just to be sure.

subnet 172.18.96.0 netmask 255.255.224.0 {

class xo {
match if substring (hardware,1,3) = 00:17:c4;
}

Since I'm going to separate things into pools by range, I comment out this
line:

#range 172.18.96.2 172.18.125.254;

Beneath the lease times, I add my pools.  Adjust your ranges as needed.

# Address pool for just XOs
pool {
allow members of xo;
range 172.18.96.2 172.18.123.254;
}
# Address Pool for unknown clients
pool {
range 172.18.124.2 172.18.124.254;
deny members of xo;
deny known-clients;
allow unknown-clients;
}
# Address pool for known clients
pool {
range 172.18.125.2 172.18.125.254;
deny members of xo;
deny unknown-clients;
}

Make sure all that is within the ending bracket of the subnet.

At the very bottom of the file, below everything else, I add the known
clients.

# Non-XO stuff on dynamic range 172.18.125.0/24
host anna-eeepc-1 {hardware ethernet 00:15:af:ec:9e:46;}
host anna-eeepc-2 {hardware ethernet 00:22:43:2e:fe:79;}
host tyler-eeepc {hardware ethernet 00:15:af:ec:96:1f;}

And because I'm ticked off, and inspired by
http://www.ex-parrot.com/pete/upside-down-ternet.html, it's time for some
fun with iptables.  In /etc/sysconfig/olpc-scripts/iptables-xs.in I add a
couple of lines like so:

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -s 172.18.124.0/24 -p tcp --dport 80 -j DNAT --to
205.196.209.62
@@SQUID@@
-A POSTROUTING -o @@WAN@@ -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -s 172.18.124.0/24 -p tcp --dport 443 -j DROP
COMMIT

Restart dhcpd and iptables:
service dhcpd restart
service iptables restart

Now all unknown clients will have http traffic redirected to
http://kittenwar.com and their https traffic is dropped.

Obviously this isn't a deterrent to someone who can use an ssh proxy for
browsing, and it doesn't block traffic on other ports or protocols, but most
of my neighbors aren't of the networking savvy sort (particularly the
grotesque rednecks) and will likely conclude this darn internet ain't
workin' no more.  If I lived near MIT, this would not be an acceptable
solution.  But I'm not terribly concerned many folks around here know much
about packet sniffing or MAC spoofing.

When guests come over and want to look at something other than pictures of
kittens, all I have to do is add the MAC to the list of known clients,
restart dhcpd, and tell them to renew their IP.

At the very least, now I know how to keep XOs and non-XO clients on
different IP ranges.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] IP Address Pools for XOs, known clients, and unknown clients on XS 0.6

2011-01-12 Thread Anna
On Wed, Jan 12, 2011 at 8:50 PM, John Watlington w...@laptop.org wrote:


 The best iptables hack like this I've seen routed extraneous
 connections through a transparent web proxy which flipped
 all images (swapped left and right).

 Cheers,
 wad


That does look fun, but I went with the kitten thing instead of messing with
the XS's Squid proxy.  This is my test XS, after all, and I didn't want to
break that functionality.

 And because I'm ticked off, and inspired by
  http://www.ex-parrot.com/pete/upside-down-ternet.html it's time for
  some fun with iptables.


That's probably the hack you're thinking of.

Tonight I just remembered that because my squid cache was full of ick due to
that thoughtless neighbor, I should probably scrub it out:

/etc/sysconfig/olpc-scripts/TURN_SQUID_OFF
rm -rf /library/cache
/etc/sysconfig/olpc-scripts/TURN_SQUID_ON

And now it's virginal again, so to speak.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Connecting the a Schoolserver via SSH

2010-12-21 Thread Anna
On Tue, Dec 21, 2010 at 8:20 AM, Dr. Gerald Ardito
gerald.ard...@gmail.comwrote:

 Hello.

 I have my schoolserver up and running (at last!).

 I want to connect to it from one of the XOs using SSH.

 I have read what is on the wiki, but I must be missing something.

 Can someone provide some detailed instructions?

 Thanks.
 Gerald



Gerald:

Though you're supposed to use keys, and I still do from my main desktop,
it's convenient when you're sshing from multiple XOs or other computers to
go ahead and enable password based ssh login.  That way you don't have to
fool with keys all the time.  Since my XSs are exposed to the internet, I do
run ssh on a non-standard port, which keeps out the script kiddies.  If
you're worried about that, it's really simple to change the port.  Anyway,
it's just a config file edit to allow password based ssh logins.

As root, create a regular user on the XS.

adduser gerald
passwd gerald

You'll be prompted for the new password.  That's it for setting up a user.

Enable password authentication in /etc/ssh/sshd_config and /etc/ssh/
sshd_config.in  I think you're supposed to be able to edit only sshd_config
and then run make -f /etc/xs-config.make sshd_config to do up
sshd_config.in properly, but I just go ahead and make this minor change to
both files, as I've never gotten xs-config.make to work consistently for me.

In both those files, uncomment PasswordAuthentication yes and comment out
PasswordAuthentication no so it looks like this:

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no
#PasswordAuthentication no

Restart the ssh service.

service sshd restart

Now from an XO connected to the XS, you can

ssh ger...@172.18.0.1

or

ssh gerald@XS's hostname

Enter in your password and you should be greeted with the motd!  After you
successfully ssh in, you can su root.  Sometimes that's not root enough,
though and you might have to 'sudo su -' if it says you can't do something.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Connecting the a Schoolserver via SSH

2010-12-21 Thread Anna
On Tue, Dec 21, 2010 at 5:09 PM, Dr. Gerald Ardito
gerald.ard...@gmail.comwrote:

 Anna,

 Thanks. I'll try this out tomorrow.

 I have another question for you.
 I was testing the server with about 12 XOs today. They all connected fine
 and had internet connections. But the performance seemed slow. It took
 several seconds for pages to load at times.
 Also, when I tried to have shared Activities (I opened a chat session, for
 example), the performance was horribly slow, and not every computer could
 connect.
 Do you have any ideas about why this might be happening and how to make it
 better?

 Thanks.
 Gerald


The slow page load in either Firefox or Browse is usually helped quite a bit
by disabling ipv6.  In a (recent) Browse activity or Firefox, enter
about:config in the address bar.  Type ipv6 in the filter bar.  The
Preference Name you're looking for is network.dns.disableIPv6.  Double
click it to set the value to true.  That usually helps page load speed quite
a bit.

If activities seems really slow when they're shared over the XS versus the
XO-1 mesh, I don't know what that might be other than the throughput of your
AP.  If you suspect your XS setup, you can always connect to my test XS 0.6
running a semi-public Jabber to see if there's a difference.  In fact,
we've just been testing joining the XO Chat activity with regular XMPP
clients like Pidgin and Gajim.  Send me a private email if you'd like the
URL.  And that goes for anyone who's interested, not just Gerald.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XS on XO Setup as Contingency for Main Power Outage

2010-12-15 Thread Anna
,  [
  {host, conferen...@host@},
  {access, muc},
  {access_create, muc},
  {access_persistent, muc_admin},
  {access_admin, muc_admin}

Restart the ejabberd service.

I don't need to create the admin login on the XSXO as I've already done that
on the XS with these two commands:

ejabberdctl register admin schoolserver.example.org password
ejabberdctl set-password admin schoolserver.example.org password

Migrate the ejabberd database from the XS to the XSXO.  This takes care of
the admin login as well as any persistent chat rooms you've already set up.
It should go without saying that you need to keep this up to date.  You can
restore the ejabberd backup on the XSXO as many times as you want and it'll
just overwrite the old database.

On the XS, create the backup file:

ejabberdctl backup /tmp/jabber.bak

Copy the backup file over to /tmp on the XSXO.  Change permissions:

chown ejabberd:ejabberd /tmp/jabber.bak

Restore the backup to the XSXO:

ejabberdctl restore /tmp/jabber.bak

Check to make sure it took.  Run this on both the XS and XSXO and the counts
should match:

ejabberdctl stats registeredusers

The address for the web admin interface will be:
http://schoolserver.example.org:5280/admin

Login:  ad...@schoolserver.example.org
Password:  the previously set password

**
* Speed up boot time *
**

I got the XSXO to boot in about 53 seconds.  When you're scrambling around
in the dark, you don't want to wait forever for a login prompt.

If you're not using these services, turn them off with chkconfig --level 345
service off

hddtemp
dhcpd
moodle
pgsql-xs
xsactivation
idmgr
xs-rysncd

Use chkconfig --list to see which services are set to run on which runlevel.

To further speed up boot, go into /etc/sysconfig/network-scripts and move
the devices you're not going to use into a backup directory.  You can always
put them back later.

cd /etc/sysconfig/network-scripts
mkdir bak
mv ifcfg-eth1 bak
mv ifcfg-lanbond* bak
mv ifcfg-msh* bak
mv ifcfg-wmesh* bak

***
* Save some power *
***

Turning off the backlight will reduce power consumption a bit, especially
important if you've only got a car battery to charge it with.

Turn off the backlight:
echo 0  /sys/class/backlight/dcon-bl/brightness

Turn the backlight back on:
echo 15  /sys/class/backlight/dcon-bl/brightness

**
* Switching over *
**

So the power just went out.  I hook the inverter up to a car battery and
plug my DSL modem into it.  While the connection comes back up, I safely
shut down the regular XS and turn off the UPS to stop that infernal
beeping.  Power on the XSXO and get an IP from the router.  Log into the
router's web interface and put the XSXO into the DMZ.  Renew the IP on the
XSXO.

ifdown eth0
ifup eth0

Everyone who was logged into jabber on the XS will automagically move over
to the XSXO.


Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS on XO Setup as Contingency for Main Power Outage

2010-12-15 Thread Anna
On Wed, Dec 15, 2010 at 7:11 PM, John Watlington w...@laptop.org wrote:


 I would recommend that you use a class 6 or class 10 full size SD card for
 this purpose.
 One of the Sandisk Extreme III cards, for example.   The extra cost is
 worth it for the server.
 There is a huge difference in card performance, especially for small file
 writes, and
 the new larger sized (8+GB) microSD cards tend to be especially bad.


It's an 8 GB Patriot SDHC class 6, which has always been really snappy.  I
actually used an initial iteration of the XSXO for a couple of weeks last
month for an extended maintenance window while I diddled around backing
up, cleaning out the dust bunnies, and reinstalling my regular XS.  My users
couldn't tell the difference as far as Jabber went.  I did have to make sure
to not keep a local login up, as I had the XSXO on the floor in the pantry
next to the DSL modem and the cats would walk on the XO's keyboard.  Darn
it, cat, you're not root!



 Great write-up, by the way.

 Thanks!
 wad


Thanks!  I've been meaning to get this set up in anticipation of winter
storms and hoped others would find it useful.  Not only as a power friendly
backup, but it lowers the barriers to entry for running your own Jabber and
Apache if you can't dedicate a real computer but do have an XO-1 and a
spare SD card.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] OLPC XS- Not booting

2010-11-11 Thread Anna
On Thu, Nov 11, 2010 at 12:38 AM, Dudley Daduwe
ddaduwe.olpc...@gmail.comwrote:

 Thank you for the updates on the motherboard. Please advise me as to how I
 could troobleshoot my E-Box server.
 Previously I was able to connect the IDE and boot up.However, I decided to
 remove the original IDE HDD  and put and new IDE HDD onto the server. After
 doing that I was not able to see any activity on the screen for about 5
 minutes. So I decided to put back the original IDE HDD but still does not
 show any activity. Looking at the HDD LED display, I could not see any
 activity taking place. How can I get the server back to boot with a display
 on the screen.

 Dudley Daduwe


Can you get into BIOS?  Can the BIOS see the hard drives?

If you don't know if the machine itself is working outside the hard drives,
have you tried booting from a Linux rescue CD?  Some folks like Knoppix for
that.  I tend to use Ubuntu NBR (cause I usually have that CD on top of the
stack).  But there are a myriad of Linux live CDs out there.

If you can get into a live Linux boot, ls /dev and see if you see your hard
drives.  If you don't see them, or can't boot into Linux from a CD, then
it's time to break the box down and reconnect the drives.  Or check the
power supply.  I've run into so many hardware issues with the old stuff I
work with, I can't even keep track of how many problems I've had.

Hard drives give me special trouble.  If I can actually see the stubborn
drives in /dev, I'll use gparted or fdisk to format to a single fat32
partition.  Then the XS install usually picks it up.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Jabber presence under NAT named under DMZ issues

2010-11-09 Thread Anna
Thanks to Jerry's and Martin's notes, I got the XSXO working correctly in my
router's DMZ with my external IP and FQDN.  I also hotswapped the XS, so
to speak.

XSXO1 = the install where named broke
XSXO2 = my second install

XSXO2:  After first boot, I edited /var/named-xs/school.external.zone.db for
my external IP.  Then ran domain_config and named started up without error.
That was it.  Rebooted.

On XSXO1,  I backed up the ejabberd db:

ejabberdctl backup /tmp/jabber.bak

Copied it over to /tmp on XSXO2 and restored it:

chown ejabberd:ejabberd /tmp/jabber.bak
ejabberdctl restore /tmp/jabber.bak

XSXO1 had live Jabber chat users (and has had for the past few days).  I
gave folks warning, then physically unplugged the USB ethernet adapter from
XSXO1 and hooked it up to XSXO2.  It came up as eth0 and then everyone
automagically came back online!  My router sees the USB ethernet adapter's
MAC as the DMZ device, so I figured it would do that.

I know the XO-1 is a tiny, tiny server but my Jabber user group typically
has no more than a dozen users online at any given time.  I was just hoping
XS on the XO-1 would prove to be a viable backup solution to my big old Dell
XS in the event of system maintenance or a power outage.

As far as the Jabber presence resetting itself every hour when the XS is
behind NAT, I suspect it might be my router.  The ejabberd logs only
indicated that users disconnected and then reconnected.  Robert Howard, one
of my Jabber users in San Francisco, is sending me one of his spare DSL
modem/router units to try out.

Also, given my previous unsuccessful attempts at XS 0.6 on my big old Dell
(currently running XS 0.5.2), I'm glad to finally know how to get networking
up without breaking named.  And now I have a backup XS to keep everyone
happy while I update from XS 0.5.2 to 0.6.  (My users are borderline
obsessive.)

The XS's I've set up at schools currently don't have this issue with XS 0.6
as they're not public facing, but their DSL connections do have external
static IPs.  Another one of the reasons why I wanted to test this out.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Jabber presence under NAT named under DMZ issues

2010-11-05 Thread Anna
...@\@/IN: loading from master file
school.internal.zone.db failed: bad name (check-names)
internal/@@BASEDNSNAME@@/IN: bad name (check-names)
school.internal.zone.in-addr.db:1: no TTL specified; using SOA MINTTL
instead
zone 0.18.172.in-addr.arpa/IN: loaded serial 1
school.internal.zone.16.in-addr.db:1: no TTL specified; using SOA MINTTL
instead
zone 16.18.172.in-addr.arpa/IN: loaded serial 1
school.internal.zone.32.in-addr.db:1: no TTL specified; using SOA MINTTL
instead
zone 18.18.172.in-addr.arpa/IN: loaded serial 1
school.internal.zone.48.in-addr.db:1: no TTL specified; using SOA MINTTL
instead
zone 20.18.172.in-addr.arpa/IN: loaded serial 1
dns_rdata_fromtext: school.external.zone.db:1: near 'root': bad name
(check-names)
school.external.zone.db:2: no TTL specified; zone rejected
school.external.zone.db:4: schoolserve...@\@basednsna...@\@: bad owner name
(check-names)
school.external.zone.db:4: no TTL specified; zone rejected
school.external.zone.db:5: no TTL specified; zone rejected
school.external.zone.db:6: no TTL specified; zone rejected
school.external.zone.db:7: no TTL specified; zone rejected
school.external.zone.db:8: no TTL specified; zone rejected
school.external.zone.db:9: no TTL specified; zone rejected
school.external.zone.db:10: no TTL specified; zone rejected
school.external.zone.db:11: no TTL specified; zone rejected
school.external.zone.db:12: no TTL specified; zone rejected
zone \...@\@basednsna...@\@/IN: loading from master file
school.external.zone.db failed: bad name (check-names)
external/@@BASEDNSNAME@@/IN: bad name (check-names)
   [FAILED]


So, is it my router or is there something on the XS that runs at the top of
every hour that breaks if a particular port isn't open?  I searched all over
/var/log and didn't see anything.

If someone has advice with either of these options, that would be very
helpful:

1.  The XSXO has an IP from my LAN (192.168.1.200 for example) and I can
forward 80, 5222, 5223 (or other ports!) to it and the presence service
doesn't reset every hour.

2.  The XSXO is in the DMZ and named will start up.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Bridging XS to another network

2010-11-01 Thread Anna
On Mon, Nov 1, 2010 at 6:43 PM, David Leeming
da...@leeming-consulting.comwrote:


 At the moment from the external net I can browse to
 http://192.168.0.210/wiki and it works fine
 but not
 http://192.168.0.210/ or http://192.168.0.210/moodle

 Maybe the above is relevant?

 David



Since we don't use Moodle here, I do this so that a regular index.html in
/var/www/html shows up when you go to http://schoolserver

mv /etc/httpd/conf.d/010-make-moodle-default.conf
/etc/httpd/conf.d/010-make-moodle-default.conf.bak
service httpd restart

Moodle is still available at http://schoolserver/moodle in my
configurations, but you've got some weird stuff going on.

Anyway, if you suspect Moodle isn't being cooperative for some reason, the
above might be worth a try to see if you can get an index page from
/var/www/html when you browse to the XS's external IP.  You can always put
Moodle back the way it was.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Bridging XS to another network

2010-10-30 Thread Anna
David:

I'm a little confused as to your setup.  If you just have the one ethernet
device on the XS, it can either get an IP address from your router (as eth0)
or hand out DHCP addresses (as eth1).  It can't be in both roles.

I've played around with external access for the XS and it does involve some
firewall stuff.  I think I used lokkit to configure access to port 80 and
the jabber port to my regular LAN.  Then I opened up those ports on my
router firewall for access from the rest of the internet.

By way of example, here's a setup I've done in the past:

Regular LAN:
XS (eth0) 192.168.1.20
My Desktop 192.168.1.6
XO A 192.168.1.7

XS LAN:
XS (eth1) 172.18.0.1
XO B 172.18.96.2

On the XS LAN, XO B can go to http://schoolserver or 172.18.0.1 and see
the default Moodle homepage.  It can also register to the XS and all that
good stuff, cause it's getting its IP address from the XS's DHCP server.

On the Regular LAN, my desktop and XO A can't see the Moodle homepage at
192.168.1.20 until I open port 80 in the firewall on the XS using lokkit (or
edit iptables or whatever).  Since XO A is not getting its IP address from
the XS, it won't be able to register.  If XO A wants to use the XS's
Jabber server, that port needs to be opened in the XS firewall.  XO A can
now manually set the Jabber server to 192.168.1.20 and collaborate.  If you
want to use Moodle, not being able to register to the XS is a huge issue.
Apache access works fine, though.

I use ifcfg-eth0-local to set the static IP for eth0 on the XS.  Here's my
example:

IPADDR=192.168.1.20
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
GATEWAY=192.168.1.254

To see what I need to put in there, I'll do this on another Linux box
connected to my Regular LAN:

a...@anna-desktop:~$ ifconfig eth0
eth0  Link encap:Ethernet  HWaddr 00:0f:1f:80:0d:ea
  inet addr:192.168.1.4  Bcast:192.168.1.255  Mask:255.255.255.0
  inet6 addr: fe80::20f:1fff:fe80:dea/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:1328780 errors:0 dropped:0 overruns:0 frame:0
  TX packets:1018129 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:100
  RX bytes:1602636271 (1.6 GB)  TX bytes:98891469 (98.8 MB)

a...@anna-desktop:~$ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags   MSS Window  irtt
Iface
192.168.1.0 0.0.0.0 255.255.255.0   U 0 0  0
eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0  0
eth0
0.0.0.0 192.168.1.254   0.0.0.0 UG0 0  0
eth0

If you're trying to have all the services available with just the single
ethernet port, good luck.  I'm no networking expert, but I don't see how
it's possible.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] How to configure XS with only one Ethernet port

2010-10-27 Thread Anna
If I'm messing around with different ethernet devices (a USB wifi adapter or
USB ethernet adapter) and stuff isn't showing up the way I want, I'll take a
look at /etc/udev/rules.d/70-persistent-net.rules

For example, if I want to get my internet connection from my USB wifi
adapter, which shows up as wlan0, I'll go in there and edit wlan0 to eth0,
making sure that's the only eth0 in there.  Or sometimes if I've been
plugging different USB things in and out and I want to start over, I'll
remove all my USB doodads, delete that file, reboot, and start afresh.

I'll also take a look at that file if I'm moving around physical cards to
make sure that what I want to be eth1 is showing up as that and not eth2.
My older/cheap hardware can be persnickety.

Anna Schoolfield
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] automount external HD

2010-10-16 Thread Anna
If you've got an /etc/fstab entry for the drive, you could tell udev to
mount it.  I think this'll require the auto option in fstab.

I haven't tested it, but if you create 92-mount.rules (or whatever 90
something is available) in /etc/udev/rules.d with this...

SUBSYSTEM==block, run+=/bin/mount -a

...It should automagically mount where fstab tells it to.  But again, I
haven't tested it.  Just an idea.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Daily Reporting on traffic and DHCP leases

2010-04-20 Thread Anna
On Tue, Apr 20, 2010 at 9:02 PM, Juan G. Narvaez gnrvz...@gmail.com wrote:

 Wow! This is very useful!

 I was thinking on how to generate a networking report a few days ago...
 tomorrow i will start to the implementation

 Thank you very much!!!

 J. Guillermo Narváez
 OLPC XS Implementation Team - La Rioja | Argentina


I hope it works out for you.  And I'm really happy if this was helpful.  Let
me know how it turns out.

Forgot to mention, vnstat requires a little bit of config.  First,
initialize the database for the two cards:

vnstat -u -i eth0
vnstat -u -i eth1

Then put this in crontab so vnstat will gather the required data.

 */5 * * * * vnstat -u

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] turn off backlight on XS-on-XO1

2010-03-02 Thread Anna
On Tue, Mar 2, 2010 at 1:34 PM, Paul Fox p...@laptop.org wrote:

 martin wrote:
   Good question. Could we run Paul's power daemon configured to dim
   screen completely if there is no VT user actvity?

 yes, that would probably work.  there's no X11 requirement in kbdshim
 or powerd.   but to be clear:  is the requirement for blanking after
 an idle period?  or do you just want a command to blank the screen?
 because the latter can be created pretty easily.

 paul


I'd appreciate a command to blank the screen.  I installed olpc-kbdshim from
the repo and then
http://dev.laptop.org/~pgf/rpms/olpc-powerd-9-1.fc9.i386.rpm.  Tried editing
/etc/powerd/powerd.conf to make the screen blank, but I guess I don't know
what I'm doing cause it's not working.

In my particular situation, I usually just make sure the XS on XO is booted
up and online, then ssh in from another machine.  So the ability to turn the
backlight off at will would be great.

When I have a screen at all, that is.  I've been messing around with XS on
XO on a couple of XOs that have been stripped for parts cause of one issue
or another.  But that's another story.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Error message - etc/init.d/callhome restart

2010-02-23 Thread Anna
XS 0.6 has been sending me a ton of these emails.  Is there a fix for this?

-- Forwarded message --
From: root usern...@gmail.com
Date: Tue, Feb 23, 2010 at 12:00 PM
Subject: Cron r...@schoolserver /etc/init.d/callhome restart
To: root


/etc/init.d/callhome: line 14: .: /etc/sysconfig/callhome: is a directory
/etc/init.d/callhome: line 17: [: =: unary operator expected
Shutting down callhome: [FAILED]
Starting callhome: [  OK  ]
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Error message - etc/init.d/callhome restart

2010-02-23 Thread Anna
On Tue, Feb 23, 2010 at 4:39 PM, John Watlington w...@laptop.org wrote:


 Remove the cron script for callhome, located in /etc/cron.d.
 It isn't needed for your closely monitored setup, and if needed
 should be revamped.

 Cheers,
 wad


Thanks, I thought that's what it was.  Though I do like to check here first
to keep from inadvertently breaking something.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XS on XO Kernel Source RPM?

2010-02-06 Thread Anna
I'd like to compile the zd1211rw module for my wifi dongle to use as a wlan0
device on the XS on XO (OLPC-School-Server-0.6-i386.img.gz), but I can't
find the source rpm.  I found kernel-headers and kernel-devel at:

http://xs-dev.laptop.org/xsrepos/stable/olpc/xs-0.5/i586/

If the src rpm is out there, can someone please let me know where to find
it?  Or if it's in the OLPC kernel git repo, please let me know which branch
I need to checkout?

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] OpenDNS instructions don't work

2010-02-03 Thread Anna
On Wed, Feb 3, 2010 at 4:31 PM, Martin Langhoff
martin.langh...@gmail.comwrote:

 On Wed, Feb 3, 2010 at 5:17 PM, Daniel Drake d...@laptop.org wrote:
  http://wiki.laptop.org/go/XS_Techniques_and_Configuration#Use_OpenDNS
  This doesn't work - xs-config.make says it shouldnt be used for
  named-xs.conf, and named doesn't work afterwards since the config file
  is borked.

 Good point. I think instead you need to run 'domain_config', no need
 to pass the domain parameter.


(Sorry for the duplicate email, Martin.  I hit reply instead of reply all)

I just set up 9 XS 0.6 boxes and noticed editing named-xs.conf.in was really
touchy.  What I ended up doing post-install:

First thing after first bootup - followed the OpenDNS instructions on the
wiki.  But I didn't bother to restart named since I'm about to reboot.

(Then I did some other things - set up the static IP for eth0, edited
sshd_config.in and sshd_config for the port and to allow passwords, edited
iptables for my new ssh port, added a user, then edited /etc/group for
newuser and root in the mail group.)

Last, the domain_config thing.  Then reboot.

I learned to be really, really careful when editing named-xs.conf.in because
if I made a typo and then tried to fix it later, I could never get named to
start.  Ended up just starting over when that happened.

Anyway, things seem to be working all right with OpenDNS filtering.  In my
case anyway.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Upgrading BIOS on an old Dell without Windows or Floppies

2010-01-31 Thread Anna
I know this has nothing specific to do with the XS, but maybe it'll help
others, as I spent ages searching around for the solution.  Some of us are
reusing legacy Dells and those can be difficult to deal with in a Linux only
environment.

So just in case other folks are re-purposing old Dell machines as XS's and
are in a similar situation in regards to wanting to upgrade the BIOS -
you'll need:  a Linux box, CD Burner, and 2 CDRs.

We have a bunch of old Dell Optiplex GX270 boxes to use as XS's.  I want to
update the BIOS from A04 to the newest A07, but don't have access to a
Windows machine nor possess any floppies.  I certainly wasn't about to go
and buy floppies just for this, let alone install Windows.  And I've never
been able to successfully boot a USB drive on these boxes, so that's out.

Luckily an OpenSUSE user had the exact same quandary and posted the
solution:
http://collinpark.blogspot.com/2009/06/more-pain-opensuse-111-on-my-dell.html

I downloaded the LiveCD version of FreeDOS 1.0 and burned the iso to a CD.
It's 153M.

http://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.0/fdfullcd.iso

Then I got the BIOS update from Dell.  Of course it's an exe file which
doesn't let me do anything with under Linux.  I tried to extract it, but
just produced a bunch of errors.  Forget that, then.

I burned the BIOS file GX270A07.EXE to a data CD, which seems kinda a waste
of a CD for such a small file (540K).  But I've got scads of CDRs and no
desire to trot over to Office Depot just for floppies.  Besides, I've got a
lot of these boxes to update, and I suppose it doesn't feel like such a
waste when I think of how many times it'll be used.

I boot the FreeDOS CD and hit enter at the prompt.  Then hit 5 for the
FreeDOS Live CD Only option and after a few seconds, got an A:\ prompt.

I eject the FreeDOS CD and insert the CD with GX270A07.EXE.  **This is
important:  wait for the CD-ROM drive LED to quit blinking before you do
anything.**  If you try to access the drive too soon, you'll get an error
and have to reboot.  I enter DIR X:\ and see the exe file.

Then I simply enter:
X:\GX270A07.EXE

I'm prompted twice to hit y, then cross my fingers and hope the power
doesn't go out for a few seconds while it flashes.  Yeah, a UPS is probably
a really good idea.

It automatically reboots and I hit F2 to get into the BIOS setup.  Wow,
there's A07!  If you happen to be using a similar machine, might I recommend
Power Management - AC Power Recovery - Last.  That way if the power goes
out and the UPS dies (if you're lucky enough to have one), the XS will
automagically power back on when power is restored.

Here's the the obligatory: YMMV, the process will likely be different with
other models, and be careful otherwise you might brick the mobo.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Postfix vs ssmtp conflict on XS 0.6

2010-01-28 Thread Anna
On a test XS 0.6 box, I installed ssmtp and set up Gmail as the smtp server
(which is dead simple, btw).  In order to send mail, I had to uninstall
postfix, otherwise I got this error message:

postdrop: warning: unable to look up public/pickup: No such file or
directory

Is it going to break anything having uninstalled postfix or will I otherwise
run into unexpected issues?  Sometimes the XS is kinda weird about stuff
like that.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Postfix vs ssmtp conflict on XS 0.6

2010-01-28 Thread Anna
Thanks, Martin!  I was hoping it would be OK.  Sometimes I never know what's
going to break when I start messing with things.

I uninstalled postfix, installed and configured ssmtp for gmail, edited the
mail group for root (requires reboot), installed mutt with no further
configuration (the simple mail command doesn't handle attachments), and
downloaded and installed the sarg rpm (it's not in the repos).

This hacky, crappy, inelegant script sends the recipient a simple email with
the daily squid access report.  I tested it in crontab just to make sure.
The files are in zip archive for the Windows folks.  They do have to unzip
it and manage to open the index.html file.  But if folks want to see where
the kids are going on the internetz, this seems like an easy way to provide
that data right in their inboxes.

#!/bin/bash
recipient=exam...@example.com
today='date +%0e-%m-%Y';
mkdir /root/squid
sarg -l /var/log/squid/access.log -o /root/squid -z -d $today
zip -r internetlog.zip squid/
echo This is the Internet activity log for $HOSTNAME |mutt -a
internetlog.zip -s $HOSTNAME Internet Log $recipient
#Cleanup
rm -rf /root/squid
exit

Since I know this is a crappy script, you won't hurt my feelings if you
point out how awful it is.

Anna Schoolfield
Birmingham

On Thu, Jan 28, 2010 at 7:49 PM, Martin Langhoff
martin.langh...@gmail.comwrote:

 On Thu, Jan 28, 2010 at 7:35 PM, Anna ascho...@gmail.com wrote:
  On a test XS 0.6 box, I installed ssmtp and set up Gmail as the smtp
 server
  (which is dead simple, btw).  In order to send mail, I had to uninstall
  postfix, otherwise I got this error message:
 
  postdrop: warning: unable to look up public/pickup: No such file or
  directory

 You can have them both installed, (Fedora/RedHat are very good at
 avoiding rpm conflicts) but I am sure that if you have them both
 *running* with default configs they'll conflict over port 25 and
 various other things.

 So yes, uninstallign postfix is recommended. Probably disabling it is
 enough (chkconfig --level 345 postfix off).

  Is it going to break anything having uninstalled postfix or will I
 otherwise
  run into unexpected issues?  Sometimes the XS is kinda weird about stuff
  like that.

 We're weird, true. But removing postfix is ok.

 cheers,


 m
 --
  martin.langh...@gmail.com
  mar...@laptop.org -- School Server Architect
  - ask interesting questions
  - don't get distracted with shiny stuff  - working code first
  - http://wiki.laptop.org/go/User:Martinlanghoff

___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Newbie problems

2009-07-21 Thread Anna
On Tue, Jul 21, 2009 at 4:25 PM, Varun Arora futuregeni...@gmail.comwrote:


 I installed all packages including MySQL DB, X Window System, GNOME etc. on
 installation of XS 5.2. Unfortunately, after installation I tried to run
 MySQL and it did not run. It was not installed. X Windows did not seem to
 installed. I had checked both these during installation. I know GUI is not
 is not important for most network admins, but I just wanted to know why the
 stable installation disc does not install them even though I checked them.


I'm not on the dev team, but I've installed MySQL and X Windows on an XS.
Those packages are not on the XS install media, so it doesn't matter if you
check them during the install process.


 I did manage to download the X packages later using Yum, but that led to
 serious instability such as failure to login from GNOME and bad network
 connectivity. Had to freshly install.


Did you do yum groupinstall?  You can see which groups are available with
yum grouplist.  For example, you can do:

yum groupinstall X Window System
yum groupinstall GNOME Desktop Environment
yum groupinstall MySQL Database

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] (Mostly) Enforcing Google Image Safe Search With Squid

2009-06-08 Thread Anna
I just installed the latest XS 0.6d2, and in addition to setting up OpenDNS
in named-xs.conf to do the usual filtering, hunted around to find an easy
way to enforce safe Google image searches, as that seems to be an issue.

Looks like squid can block urls via regular expressions.  I created a file
named /etc/squid/blacklisted_sites.txt consisting of:

http://images.google.com/preferences
http://images.google.com/advanced_image_search
safe=off

and added the following lines to /etc/squid/squid-xs.conf.in at the
beginning of their respective sections.

acl blacklist_sites url_regex /etc/squid/blacklisted_sites.txt

http_access deny blacklist_sites

Then, of course,

make -f /etc/xs-config.make squid-xs.conf

And then

/etc/sysconfig/olpc-scripts/TURN_SQUID_ON

So now when I attempt to turn off safe search, squid gives me access
denied.  A *horrible* issue was when I tested what would happen if I came
to school with safe search already off in my cookie.  Well, it doesn't
block the first results page as Google doesn't put safe=off in the url
string, but it does block the next page.  Small comfort if you're the
teacher with that kid in your class, though.  Oh, only one page of nasty
thumbnails.  That's not disruptive at all.

It blocks the preferences page link from the image results as well, so
you're stuck with whatever you connected to the XS with, even if that
happens to allow the depraved corners of the internet.  We can't help what
kids do at home, though.

I don't know if safe=off is the best thing to block on, as there might be
some legitimate sites with that string in the URL, but somehow I doubt it.

The non XS specific part of the instructions came from
http://learnlinux.tsf.org.za/courses/build/electives/ch03s03.html

I sure hope someone out there has a better idea.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Filtering and authentication

2009-04-26 Thread Anna
On Sun, Apr 26, 2009 at 10:51 AM, Reuben K. Caron reu...@laptop.org wrote:


  A free and simple solution, while not bullet proof (no content filter is
 that I am aware), is Open DNS. They are even CIPA compliant in the US:
 http://www.opendns.com/solutions/k12/


That's what I set up for our pilot school, which was very easy as the XS's
DSL connection has a static IP.  OpenDNS provides different filtering
options, which you can customize as necessary.  Being in the US, CIPA
compliance is absolutely vital to retain certain federal funding, and
OpenDNS was the quickest and easiest way to accomplish that.  Dansguardian
can be CIPA compliant, but there are other steps involved and I was wary of
unintentionally running afoul of the rules.
http://dansguardian.org/?page=faq#15  Not to mention Dansguardian consumes
server resources.  OpenDNS doesn't use any server resources and you can
easily configure the filtering to be CIPA compliant.
http://www.opendns.com/solutions/k12/cipa/

As far as limiting the internet connection to authorized XOs, that's an
issue we're probably going to run into at some point once we broaden the XS
deployment.  So far at the pilot school, the staff members connect to the
internet with their personal laptops and iPhones, but I haven't really heard
any complaints of abuse yet.

If your deployment is relatively small, it should be easy enough to add the
hardware addresses of the trusted XOs to dhcpd.conf and disallow unknown
machines (or play pranks on them as suggested at
http://www.ex-parrot.com/~pete/upside-down-ternet.html).

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Browsing school server

2009-01-16 Thread Anna
On Fri, Jan 16, 2009 at 11:21 AM, Martin Langhoff martin.langh...@gmail.com
 wrote:


 There is an alternative you can also use - less moodle-centric, and
 may be unsupported going forward

 1 - create a new directory: /var/www/mylocalcontent , put your files there

 2 - add a new apache config file in /etc/httpd/conf.d - in that file,
 you need an Alias line, and a Directory section. I think it needsto
 be something like

   Alias /mylocalcontent /var/www/mylocalcontent
   Directory /var/www/mylocalcontent
   order allow,deny
   allow all
   /Directory

 3 - Edit the moodle header include to add a link to that content -
 look in /var/www/moodle/web/themes/xo/header.html


Since, at least for now, we're not going to be using moodle in Birmingham
yet, I renamed

/etc/httpd/conf.d/010-make-moodle-default.conf

to /etc/httpd/conf.d/010-make-moodle-default.conf.orig

and then /var/www/html/ went back to the way it was as in XS 0.4.  In fact,
on my test server, I have /var/www/html on a separate partition on another
physical drive, so it only took an fstab edit to put the web content back.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Browsing school server

2009-01-16 Thread Anna
On Fri, Jan 16, 2009 at 12:29 PM, Martin Langhoff martin.langh...@gmail.com
 wrote:

 On Fri, Jan 16, 2009 at 4:07 PM, Anna ascho...@gmail.com wrote:
  Since, at least for now, we're not going to be using moodle in Birmingham
  yet, I renamed

 you break my heart with that, but it's a valid workaround :-)


I'm very sorry, Martin, but I hope you understand the reasoning behind the
decision.  Aside from the teacher training issues regarding content creation
and management, we're just not prepared to address the very serious
potential for disciplinary issues surrounding the current login
authentication method.  The current moodle scenario might work within a
small, trusting environment, but when I'm looking at schools with between
100-600 students, there's no way we can keep kids from making mischief via
other logins, either accidentally or intentionally.

I just don't want the electronic version of a kid writing teacher is a
dummy on the blackboard, and the current moodle configuration allows the
troublemaker to do so under another kid's name.  Or delete each other's
homework or any number of pranks we've yet to imagine.

Don't get me wrong - I think Moodle is a very exciting project, and I'm
looking forward to implementing it in the future, but not right now.  That's
why I had to find a workaround to host web content in the traditional
fashion.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS 0.5.1-dev03 with ejabberd goodness, kernel bling, Access Point workingness... looking for xmas testers

2008-12-31 Thread Anna
2008/12/31 David Leeming leem...@pipolfastaem.gov.sb


 I want to do a new install but can you let me know if I can install Samba
 and how to set up access to a shared folder on a Windows PC on the LAN as I
 have a large content collection and it takes ages to copy it all again by
 flash drive. Or maybe there is a better way to do it.

I was curious about that, too, so I looked into other alternatives as Samba
can sometimes be a pain to configure.  It's also yet another service to run
on the XS.

I found an sshfs utility for Windows called Dokan.  And it's free for
non-commercial purposes!  This might make more sense than fooling with
Samba, especially if you only have one Windows machine to deal with.

The Dokan library and Doken SSHFS packages are at
http://dokan-dev.net/en/download/.  I also had to install the Microsoft
Visual C++ package mentioned on that site, the .NET Framework (which was 55
MB), and Windows Installer 3.1.

There's a nice GUI to enter in your ssh login info and mount points.  I
connected and now /home/anna on the XS is mounted read/write on N: on an XP
machine.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] New xs-config and a 5.1-dev iso...

2008-12-20 Thread Anna
On Sat, Dec 20, 2008 at 9:56 AM, Martin Langhoff
martin.langh...@gmail.comwrote:

 There's some discussion on ejabberd lists about the presence problem
 we are seeing. P1 claims it's fixed with a patch we already have, I
 can repro it reliably. Something else is going on -- if we can get to
 the bottom of this quickly... will anyone help me test it?


I can help test if I have instructions.  I'm not busy with anything in
particular this morning, anyway.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] stability of XS 0.5

2008-12-19 Thread Anna
On Fri, Dec 19, 2008 at 7:32 AM, Martin Langhoff
martin.langh...@gmail.comwrote:

 That Moodle's failed is odd! /var/log/moodle/ will have an
 installation log that probably tells us what went wrong, can you post
 it.


Here's the contents of /var/log/moodle/cron.log on the XSXO.  That was the
only file in there.  I didn't see an install log.

== Running cron - Thu Dec 18 16:00:03 CST 2008 ==
htmlbodytable align=centertrtd style=color:#99;
text-align:center; font-size:large; border-width:1px;
border-color:#00; border-style:solid; border-radius: 20px;
border-collapse: collapse; -moz-border-radius: 20px; padding:
15pxpError: Database connection failed./ppIt is possible that the
database is overloaded or otherwise not running properly./ppThe site
administrator should also check that the database details have been
correctly specified in config.php/p/td/tr/table/body/htmlADODB
Error: Database connection failed
== Running cron - Thu Dec 18 16:05:02 CST 2008 ==
PHP Fatal error:  __clone method called on non-object in
/var/www/moodle/web/lib/moodlelib.php on line 1817
== Running cron - Thu Dec 18 16:10:01 CST 2008 ==
PHP Fatal error:  __clone method called on non-object in
/var/www/moodle/web/lib/moodlelib.php on line 1817
== Running cron - Thu Dec 18 16:15:01 CST 2008 ==
PHP Fatal error:  __clone method called on non-object in
/var/www/moodle/web/lib/moodlelib.php on line 1817
== Running cron - Thu Dec 18 16:20:02 CST 2008 ==
PHP Fatal error:  __clone method called on non-object in
/var/www/moodle/web/lib/moodlelib.php on line 1817
== Running cron - Thu Dec 18 16:25:01 CST 2008 ==
PHP Fatal error:  __clone method called on non-object in
/var/www/moodle/web/lib/moodlelib.php on line 1817

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Collaboration unreliable 0.5

2008-12-17 Thread Anna
On Wed, Dec 17, 2008 at 12:55 PM, Martin Langhoff martin.langh...@gmail.com
 wrote:


 I'm trying to reproduce the problem. Any hints as to how long it takes
 for it to happen? What triggers laptops not seeing eachother? I'll
 keep trying stuff... but any hint...


I just created a jabber login called anna-test via the webadmin interface
and logged in via pidgin.  I didn't see anyone online, though I logged out
and logged back in repeatedly.   My previously established login could see
seven users online, which matched the online users according to webadmin.

Only after I restarted the ejabberd service could the anna-test login see
other users.

This would explain why the issue seemed to resolve itself for us as the
server matured.  I know I've rebooted at some point, thus restarting
ejabberd, after all my regular users were registered.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Collaboration unreliable 0.5

2008-12-15 Thread Anna
2008/12/14 David Leeming leem...@pipolfastaem.gov.sb

 This is intermittent; 30 mins ago I did have 3 out of 4 showing, but after
 rebooting everything and waiting 30 mins, still no sign of any.


My user group helping me test XS 0.5 has noticed the same issue.  It's not
limited to XOs in the neighborhood view, either.  Several of us use other
chat clients like finch, pidgin, gajim, and adium (on the Mac), and the
buddy list in those does not reliably populate.  Luckily we had already
established the convention of a permanent MUC named chat, which no one had
trouble joining.  There, at least, we could see and chat with everyone
fairly reliably.  That is not an acceptable solution for children, of
course.

Our theory was that ejabberd isn't pushing out all the roster data to
other connected users or there's a longer time interval in between pushes.
We noticed if we stayed on long enough, eventually more folks would show up
in the buddy list or the XO network home, but it seemed competely random.

I think it's gotten better lately, but that's probably subjective.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Amateurish Workaround to Get Bonding to Work With eth1

2008-12-09 Thread Anna
This is probably far from ideal, but it works for me and I'm putting it out
there in case you're messing with XS 0.5 and need to have eth1 working now
so you can test other stuff.  I'm sure there's a more elegant solution.

Put this in /etc/rc.local

ifenslave lanbond0 eth1

Reboot.  And there we go:

[EMAIL PROTECTED] ~]# ifconfig eth1
eth1  Link encap:Ethernet  HWaddr 00:0D:56:05:7C:DA
  UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
  RX packets:4348 errors:0 dropped:0 overruns:0 frame:0
  TX packets:5381 errors:0 dropped:0 overruns:0 carrier:0
  collisions:0 txqueuelen:100
  RX bytes:368480 (359.8 KiB)  TX bytes:6433735 (6.1 MiB)

I've connected a few XOs to my test platform so far and haven't seen any
unexpected issues.  I don't know if you have to edit
/etc/modprobe.d/xs_bonding with Jerry's suggestion below, but I've got that
in there.

options lanbond0 mode=active-backup miimon=100
options mshbond0 mode=active-backup miimon=100
options mshbond1 mode=active-backup miimon=100
options mshbond2 mode=active-backup miimon=100

Of course, you can just run ifenslave lanbond0 eth1, but it doesn't persist
on reboot.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Trying to Understand the Why of Bonding in XS 0.5

2008-12-08 Thread Anna
I've read the September posts on why bonding is being implemented in XS 0.5
and also the excellent article Martin referenced -
http://www.linuxfoundation.org/en/Net:Bonding.

What I've gleaned so far - the purpose of bonding as far as the XS is
concerned is to allow the APs attached to eth1 and the usb active antennas
to work with dhcp in an environment where any of these devices may be
plugged in at any point without restarting the dhcpd service or the
network.  Correct?

So, in an environment where the usb active antennas are impractical, such as
in Birmingham where the XSs will be locked up in the IT closets away from
physical proximity to most XOs, what purpose would bonding serve?

Since Birmingham is planning on using legacy equipment for the XSs (read -
old stuff), XS software compatibility with older hardware is key.
Unfortunately I don't have newer hardware to test XS 0.5 with, but I haven't
gotten bonding to work on what I've got and, if the other emails to this
list are any indication, many other folks are having issues.

I don't mind trying to figure out stuff, but it sure is nice when things
just work, as networking mostly did in XS 0.4.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS 0.5 Second Attempt at eth1

2008-12-05 Thread Anna
On Fri, Dec 5, 2008 at 5:04 AM, Martin Langhoff
[EMAIL PROTECTED]wrote:


 Anna, what's your NIC? Ideally, we want to know the marketing
 make/name/model and what lspci reports for it. Perhaps I can get my
 hands on the same hw you have.


I'm currently testing on two machines.  They're both circa 2003 Dells -
GX270 P4's.

Server A
02:09.0 Ethernet controller: D-Link System Inc RTL8139 Ethernet (rev 10)
02:0c.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet
Controller (rev 02)

Server B
01:07.0 Ethernet controller: Macronix, Inc. [MXIC] MX987x5 (rev 25)
01:0c.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet
Controller (rev 02)

Of course the Intel NICs are the onboard ones.  I found the other two in my
junkyard, so more than likely they're circa 2000.


What's your other NIC? If you run xs-swapnics (and swap the cables
 too), do things work better with the bonding configuration we're
 shipping?


I tried xs-swapnics on both boxes during my first installation attempts, so
I know all four have had the different roles at some point.  I've moved the
D-Link to different slots in Server A when it was assigned the eth1 role.
I've tried using different cables; tried with a hub and without; and tried
getting an IP with an AP, a Fedora Desktop, and an Ubuntu desktop.  I think
I've been rather thorough.

So based on all that trial and error and messing around, I think I can
definitively report that I can not get bonding to work with any of my
hardware.

I sure hope it's not an issue with the Dell GX270, because our deployment
got hold of a couple dozen of them to use as XS's.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS 0.5 Second Attempt at eth1

2008-12-04 Thread Anna
Not having done this before, and after getting syntax errors and command not
found for speed, I googled and edited
/etc/sysconfig/network-scripts/ifcfg-eth1 like so.  I figured 100 might be a
good place to start.  I haven't tried half duplex yet, but I can if you
think that would do anything.

ETHTOOL_OPTS=speed 100 duplex full autoneg off

Restarting the network didn't give any errors.

After that, ethtool eth1 gives this:

[EMAIL PROTECTED] ~]# ethtool eth1
Settings for eth1:
Supported ports: [ TP ]
Supported link modes:   10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes:  Not reported
Advertised auto-negotiation: No
Speed: Unknown! (65535)
Duplex: Unknown! (255)
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: off
Supports Wake-on: umbg
Wake-on: g
Current message level: 0x0007 (7)
Link detected: no

Of course, still no pinging anything.  In fact, I don't have blinky lights
on the NIC anymore or a link light on the AP, which I had before.

Anna
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS 0.5 Second Attempt at eth1

2008-12-04 Thread Anna
On Thu, Dec 4, 2008 at 6:29 PM, Jerry Vonau [EMAIL PROTECTED] wrote:


 OK, I'm out of ideas, lets see if we can configure eth1 without bonding,
 not sure if this is nic driver issue with bonding, or what...

 backup the ifcfg-eth1 file, copy ifcfg-landbond0, ifcfg-lanbond0:1
 ifcfg-lanbond0:2 and to ifcfg-eth1, ifcfg-eth1:1 ifcfg-eth1:2 respectively.
 edit the ifcfg-eth1* files changing the device line to match the new name,
 eth1 eth1:1 eth1:2.

 Please stop the network before editing the files.

 Jerry


W00t!  That did it.  I'm emailing from my Ubuntu machine on:

eth0  Link encap:Ethernet  HWaddr 00:0f:1f:80:0d:ea
  inet addr:172.18.96.2  Bcast:172.18.127.255  Mask:255.255.224.0
  inet6 addr: fe80::20f:1fff:fe80:dea/64 Scope:Link
  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
  RX packets:49210 errors:0 dropped:0 overruns:0 frame:0
  TX packets:47393 errors:0 dropped:0 overruns:0 carrier:0
  collisions:2059 txqueuelen:10
  RX bytes:27778611 (26.4 MB)  TX bytes:8279042 (7.8 MB)
  Base address:0xdf40 Memory:feae-feb0

My wifi AP is up and running and an XO pulled 172.18.96.3.  Obviously
there's a hub in the middle.

Oh, here's the latest output of ethtool eth1:

[EMAIL PROTECTED] ~]# ethtool eth1
Settings for eth1:
Supported ports: [ TP ]
Supported link modes:   10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Supports auto-negotiation: Yes
Advertised link modes:  10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
Advertised auto-negotiation: Yes
Speed: 10Mb/s
Duplex: Half
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: umbg
Wake-on: g
Current message level: 0x0007 (7)
Link detected: yes

So, what are the repercussions of this?

Anna
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] XS 0.5 Second Attempt at eth1

2008-12-03 Thread Anna
I tried the XS 0.5 install on another box to see if the LAN issues on my
previous attempt were a hardware problem or something.  It's a different
model Dell with 2 nics.

Here are my notes:

Basic install from the CD, text mode, default everything.

Boot up, then:
/etc/sysconfig/olpc-scripts/domain_config anna.org

Reboot

/etc/sysconfig/olpc-scripts/network_config 1

Reboot

Of course, the hostname was still localhost.localdomain so I edited
/etc/sysconfig/network for HOSTNAME=schoolserver1

Reboot.  Hostname was now updated to schoolserver1.

Eth0 pulled an IP from my main LAN, so I knew which card was which.  I
connected my AP (set to 172.18.96.5 and netmask 255.255.224.0) but couldn't
ping it.  I tried connecting to the AP with an XO, but of course it didn't
do anything.  I even connected my Ubuntu machine to the XS, but it couldn't
get an IP and I couldn't ping anything either way.

I did the edit Jerry suggested in a previous email:

Please edit /etc/modprobe.d/xs_bonding adding:

options lanbond0 mode=active-backup miimon=100
options mshbond0 mode=active-backup miimon=100
options mshbond1 mode=active-backup miimon=100
options mshbond2 mode=active-backup miimon=100

Reboot.  Tried connecting the AP and the Ubuntu machine again (separately,
of course), but nothing happened.

Has anyone gotten eth1 on XS 0.5 working?

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] XS 0.5 - eth1 not coming up

2008-12-02 Thread Anna
Jerry:

I did see eth1 as slave in ifcfg-eth1:

[EMAIL PROTECTED] network-scripts]# cat ifcfg-eth1
#  OLPC School server
#  This file configures the ethernet port connected to local machines (LAN)
###
### NOTE: This file will be _replaced_ in xs-config updates
###
DEVICE=eth1
. /etc/sysconfig/xs_network_config

if [ foo$XS_LANBOND0_IPADDR != foo ]; then
   ONBOOT=yes
   TYPE=Ethernet
   MASTER=lanbond0
   SLAVE=yes
   NM_CONTROLLED=no
fi

I'll forward you my /var/log/messages.  I rebooted when it was clear things
weren't working.  The network came back up as usual.

And what I need to do is connect a wifi ap to eth1 so the XS can give out
IPs.  Its currently not doing that.  My usual setup is eth1 -- hub -- wifi
ap to XOs, ubuntu desktop, fedora desktop.  That worked under XS 0.4.  Now I
can't get an IP to anything.  I've tried all three separately and via the
hub.  No IP goodness!  And yes, dhcp is running so far as I can tell.

Thanks,

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Anna's /var/log/messages

2008-12-02 Thread Anna
Sorry, no go.  I edited /etc/modprobe.d/xs_bonding as directed, then tried
getting an IP from my Fedora box and my Linksys WAP11 $5 Salvation Army
special (which worked wonderfully under XS 0.4) to no avail.  I have one of
those little green active antennas, which works, so I know dhcp is serving
out IPs.

However, and I don't know if this is related, my jabber users seem to be all
populated now in both pidgin and the XO network home.  That was an issue I
was going to bring up later, but now no need.  Unless that is, in fact,
unrelated, in which case I'll just become puzzled again.

Oh, and I updated /var/log/messages in that link I sent you before, Jerry.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


[Server-devel] Permissions in /sys/class/net/msh0

2008-05-15 Thread Anna
Hi All,

I've been at this for days now and am only emailing out of desperation.  
I'm on server build 161 (the 163 install didn't work on my hardware), 
though I enabled the testing repos to get what I hope is closer to 163.

Anyway, I finally managed to trick the server into seeing a msh0 
device.  I've got 3 NICs - eth0, eth1, and msh0.  I put HWADDR=mac 
address for the third NIC in the ifcfg-msh0 files.

Now that I've got /sys/class/net/msh0, the olpc-mesh-script wants to run 
at boot.  Which is great!  But, something's the matter with the 
permissions.  On boot, when it tries to echo 1  
/sys/class/net/msh0/anycast_mask, permission is denied.  I can't even do 
it manually.

I'm guessing there's a udev rule somewhere that needs to be edited or 
added.  Any ideas?

The reason I'm doing this is to try to see if I can get a school mesh 
portal point to work with off the shelf hardware.  If anyone has an 
easier way to do that or can point me towards the documentation, I would 
be grateful for any assistance.

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel


Re: [Server-devel] Permissions in /sys/class/net/msh0

2008-05-15 Thread Anna
Thank you for the quick response, wad.  I should have emailed earlier 
instead of wasting all this time.  At least I've learned more about the 
networking setup.

 wad:
 What was the error when installing 163 ?   We want to know about these 
 things!
163 installed just great at Glen Iris, actually.  The issue was with my 
test platform (aka Frankenserver) here at my house.  It's a 1999 Dell:  
1 Ghz  256 MB of RAM.  Far from ideal specs.  It does run a public 
jabber server reasonably well, though, so I can't complain too much.  
When I tried to install 163 on it, I got the usual I/O errors, but also 
Squashfs errors.  Not a good sign.  When the install finally ran, it 
dropped out of the status screen after a few minutes and started 
scrolling Cyrillic characters.  I let that run for a couple of hours to 
see what would happen, then finally lost hope and shut it down.  When I 
rebooted, it went straight to a grub prompt.  I went ahead and put 161 
back on, cause I do have a few loyal users on my jabber server and I 
didn't want to disappoint them.  If anyone wants to join in, send me an 
email directly and I'll give you the IP.

 wad:
 I don't think there is any way currently to run a (pseudo) 802.11s 
 mesh with
 OTS 802.11b/g hardware at this time, although the Open802.11s project is
 working on that.   If you have OTS APs, just hook them up to the 
 second NIC
 and let the laptops connect that way.
And here I was being so hopeful!  The XO even sees an Unknown Mesh 
while it's searching for mesh portals, so I thought I was close.  I have 
a regular AP on eth1 and the XO connects to that just fine.  However, I 
can't do backups to the server, which is what I wanted to test.  It's my 
understanding that the XO wants to be connected to a School Mesh Portal 
Point to give the user the option for backup to the server from the 
Journal.  If there's another way to accomplish that, please let me know.

I'll send the request for the Active Antenna.  Maybe we can have a 
special area in the school where users can connect to the schoolserver 
mesh and do their backup tasks there.

Thanks,

Anna Schoolfield
Birmingham
___
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel