Re: [Server-devel] notes on scaling ejabberd for the XO's
On Sun, Mar 15, 2009 at 06:30:17PM -0400, Daniel Drake wrote: 2009/3/15 Martin Langhoff martin.langh...@gmail.com: Client code for Gadget seems to be integrated in the Telepathy new Sugar present on the SoaS images. The server side -- the proper gadget code -- isn't on any XS, and I haven't seen or tested it (lack of time :-( ) Even if I had, it's a ton of new code, a lot more adventurous than what we're doing w moodle. So short/midterm, following ejabberd+moodle is lower risk from the perspective of a deployment today. One thing I still don't understand about gadget... how does it actually solve the problem? I'm assuming the problem it solves is lack of partitioning, and the fact that the neighborhood view becomes kind of impossible after 50 users, etc. Right? Wrong. Gadget is primarily intended to reduce the bandwidth consumed by Gabble under the load generated by Sugar. So what does gadget do? Think of it as a server-side keyword search engine which you can query for lists of matching people and activities. The purported bandwidth reduction comes from sending each client only what it asks for instead of everything, which is what the shared roster hack does. Is there a new client side UI for electing groups? Who chooses, the kids or the teachers? etc. Guillaume filed https://dev.laptop.org/ticket/7711 eight months ago but the absence of comments in that ticket and the current paucity of results in http://dev.sugarlabs.org/search?q=gadget suggests to me that the Sugar folks have completely ignored the necessary UI work in favor of more pressing issues. Regards, Michael --- To understand how Gadget works, read http://wiki.laptop.org/go/XMPP_Component_Protocol and skim the contents of http://dev.laptop.org/git/projects/gadget/tree/gadget paying particular attention to the automated tests. Then, if you're feeling brave, read the Gabble source code: http://git.collabora.co.uk/?p=telepathy-gabble.git;a=tree;hb=master paying particular attention to the files whose names contain 'olpc'. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Mass olpc-update via XS?
Dear XS folks, Daniel Drake, currently in Paraguay, wants to try implementing the procedure described in http://wiki.laptop.org/go/User:Mstone/Commentaries/Mass_olpc-update via XSen (using DNS to redirect the XOs' theft-deterrence protocol requests to the local XS.) However, after briefly scanning the wiki, I noticed that we have http://wiki.laptop.org/go/XS_Blueprints:Lease_and_update_server http://wiki.laptop.org/go/XS-activation http://wiki.laptop.org/go/XS-rsync but no sign of an XS-ified theft deterrence protocol server. Now, to the best of my (limited) knowledge, there is one usefully complete implementation of the protocol, http://dev.laptop.org/git?p=users/cscott/act-server;a=summary which was deployed in production at antitheft.laptop.organd activation.laptop.org and used to update several thousand G1G1'07 machines. (The installation of the code on those machines is, as usual, thoroughly documented internally at Machine:antitheft and Machine:activation pages, for those with access; some small bits of censorship /are/ needed before publication.) In conclusion, do you currently know any problems that would prevent merging whatever packages he and I create for his XSen (probably based on Scott's code) into the main XS tree, assuming that we provide suitable documentation alongside them? Anyone got any better ideas about how to accomplish our goal? Thanks, Michael ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] xs-otp: one time passwords for the XS
On Sun, Oct 26, 2008 at 04:46:17PM +0100, Martin Langhoff wrote: On Fri, Oct 24, 2008 at 7:33 PM, Michael Stone [EMAIL PROTECTED] wrote: Do the XS installation instructions offer any guidance on prohibiting booting with init=/bin/bash, booting from external media, or simply removing the XS hard drive and manipulating it from a separate machine? Physical security is not our problem... (at least yet). Still sure that you want the XS to be involved in the theft-deterrence protocol? :) Michael ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Ubuntu XS
On Mon, Aug 18, 2008 at 07:41:13AM +1000, Pia Waugh wrote: There are a few interesting feature requests I've had from local trials, including the ability to only allow an XS to talk to approved XOs, to avoid strangers parking outside a school with an XO and interacting with children (worst case scenarios are always the first thing on a Government agenda :), so we're looking at MAC address management on the server potentially. More to come! Uruguay already uses a Debian-basex XS (which is quite different from Martin's) and which includes some MAC-address filtering technology. (They've also expressed great interest in expanding this technology into a full 802.11i/802.1x/EAP/RADIUS authentication system, which seems like it might be of mutual interest.) Greg Smith and Emiliano Pastorino could probably give you some good introductions if you'd like to try to collaborate with LATU. Michael ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS
Martin, Thanks for your note. Unfortunately, it left me with more questions than with answers. Some questions include: * What use cases are you trying to support? * What threats obstruct supporting those use cases? * What trust structure are you trying to create and how does it mitigate the threats while permitting the use cases? * What algorithms are you going to use and why? * What security properties are you trying to check? (Perhaps you've already answered some of these basic questions elsewhere and you simply left out the citation?) Two other comments: If you want to go the route of 'signed content lives in directories', then please examine the programs in olpc-contents http://wiki.laptop.org/go/Olpc-contents and let us know in what way they can be improved before writing your own. If you're more interested 'signed content lives in archives', then JAR-signing might be for you! Regards, Michael P.S. - In the future, please consider CC'ing the security@ list when you write security-related mail. Interesting people live there. ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Testing EduBlog
On Fri, Aug 01, 2008 at 04:42:58PM -0400, Greg Smith wrote: Scott and Michael raised the question of why we didn't build it as a .xo only project with no need for server. I explained the constraints of time and image in Uruguay and they understood that. There were less convinced that it should be a web app instead of built in to Write but on further discussion I think they understood that the dynamic nature of EduBlog (that teachers can change and control where the students post to and what they see e.g. frog blog) makes it hard to build in to Write. I was happy to see that you brought your project so far so quickly and I was pleased that you were able to use technologies (e.g. Moodle) familiar to the people you recruited to assist you; however, I felt very strongly that the architecture you chose was alien to the 'no-server-needed-but-we'll-use-one-if-it's-available' architecture underlying the XO (and stated most clearly in Scott's Network Principles document). Michael ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Testing EduBlog
On Sat, Aug 02, 2008 at 12:45:24PM -0700, Carol Lerche wrote: Michael, how did you envision publishing a blog on the Internet without the use of a server? The kids are using the write activity to compose their posts. I'm confused by your comment. Carol, I'm sorry I confused you. I envisioned that publishing content generated in Write might be conducted by teaching Write how to push content directly to the blog-server or by teaching Sugar how to push generic Sugar content to the blog-server. I further envisioned that the student - teacher - blog workflow might be accomplished by having the student invite the teacher to the Write instance for which publishing is desired, then by having the teacher run the 'publish' action described above. This way, the EduBlog effort might have provided its desired workflows and made a direct contribution to Sugar-based publishing in general. Michael ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] [PATCH] Touch a .transfer_complete to mark completion, minor cleanups
On Mon, Jun 16, 2008 at 06:20:02PM -0400, Martin Langhoff wrote: Note: this is a work in progress. Naturally. Back to your question: we tack on a transfer_complete flag file in a 2nd rsync transmission that is conditional on the first one succeeding. A better solution is to wrap rsync at the XS end, and flag completion if the local rsync exits cleanly. You could probably fix my objection by updating the protocol wiki page to discuss this convention. Does the server only consider backups that contain this completion flag? (More generally, how does the server select which path it should return to the client?) Hmmm. Nothing prevents clients from just ssh'ing in and rsyncing to various nested directories to DoS our storage. Once you've given a login to someone then yes, they can do a lot of damage. However, I consider that problem to be orthogonal to the problem we were discussing, which was that of people who don't have logins doing nasty things. Heck, without rssh they get shell, so they can eat up the partition with a quick dd if=/dev/zero of=bla Quotas? Token-bucketed writes? There's lots of options. If you tell me that our threat scenario is more serious, we are in for a complete change of plans. Is your threat scenario described anywhere? Michael P.S. - Another curious thought: world-writable files on my XO will remain world-writable on the XS after being rsync'ed up and down, right? Presumably that means we need to take some care with the permissions on the directory we ask the client to store them in... ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] XO-XS backups
On Fri, May 16, 2008 at 03:23:18PM +1200, Martin Langhoff wrote: At this stage, I am slowly hacking on ds-backup.py. My plan so far is to Where can I find your code? Thanks, Michael ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Collaboration between schools
On Wed, Apr 23, 2008 at 06:28:57PM -0400, John Watlington wrote: I learned more about the network built by the MED in Peru for their schools. Each school is in its own VLAN, and cannot route to the other schools, only to the Internet and to MED servers. Pardon my ignorance, but what are MED servers? Thanks, Michael ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
[Server-devel] Synchronizing xs-0.3 and xo-??? --- backups
Martin, Based on feedback from Peru, Mexico, and Nepal, the restoration from disaster-recovery backups XO/XS coordination feature has been steadily rising in priority. I also notice that Backups is your first line-item on the XS-0.3 roadmap. My large question is: what changes need to be made to the XO's OS, (currently to candidate-703) in order to make progress in this feature cluster? Relevant tickets #24 ROTcscott (Backup of laptops - short-term solution) #2516 STKtomeu (Automatic backup of laptops to XS) #3334 DSNjg (Exactly what should be backed up?) #4569 DSNjg (Controlling disk usage of backups) #4224 DSNkrstic (Manage SN - identity mapping on XS) #4270 PKGwad (Full restore from school server) #4380 TSTtomeu (Restore individual entry from school server) #4275 DSNtomeu (Keep UI) #4587 ESCtomeu (Mass-export Journal to USB key) #6374 PKGmartin (Package the xo-backup tools for the school server) #4100 STKkrstic (XS should provide human readable index of journal backup) Sub-questions: * What backup scheme do we actually intend to deploy? (Current choices appear to be Wad's dumb-rsync method [1] and Ivan's method [2]. [1]: http://lists.laptop.org/pipermail/server-devel/2008-February/000314.html (outdated) [2]: http://wiki.laptop.org/go/XS_backup_restore * Does the chosen scheme permit us to sanely combine old backups with an XO build that makes breaking changes to file layouts? Regards, Michael Key: ??? - status or author unknown TST - needs to be tested in a build BLD - needs to be put into a build PKG - pkg needs to be built DBG - debugging/diagnosis still needed DSN - design needed STK - stuck; a decision is needed about how to proceed SGN - a signoff is needed ESC - canceled or siginificantly reduced in priority FIN - successfully finished MSG - communication needed ROT - solution has bitrotted ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel