social.gl-como.it

Cerca

Elementi taggati con: debian

recipe to observe the cell phones around you



Debian developer Petter Reinholdtsen writes:
A little more than a month ago I wrote how to observe the SIM card ID (aka IMSI number) of mobile phones talking to nearby mobile phone base stations using Debian GNU/Linux and a cheap USB software defined radio, and thus being able to pinpoint the location of people and equipment (like cars and trains) with an accuracy of a few kilometer. Since then we have worked to make the procedure even simpler, and it is now possible to do this without any manual frequency tuning and without building your own packages.

The gr-gsm package is now included in Debian testing and unstable, and the IMSI-catcher code no longer require root access to fetch and decode the GSM data collected using gr-gsm.

Here is an updated recipe, using packages built by Debian and a git clone of two python scripts:
...

#debian #freesoftware #privacy #imsicatcher #gsm #mobilephone #gnuradio #sdr

Petter Reinholdtsen: Easier recipe to observe the cell phones around you

Petter Reinholdtsen: Easier recipe to observe the cell phones around you
 

"How to Live Without Google" - and getting it all wrong



In a failed attempt to improve users personal privacy, DuckDuckGo jumps from the frying pan straight into the fire. With the motto
Remove Google from your life? Yes, it can be done!
they give ten advices, most of them very bad. Also, they are using inexact wording by calling things free, when they are "free as in beer", but not necessarily "free as in freedom". I comment on their three worst recommendations:
Google Search -> DuckDuckGo (free)
Let's start off with the easiest one! Switching to DuckDuckGo not only keeps your searches private but also gives you extra advantages such as our bang shortcuts, handy Instant Answers, and knowing you're not trapped in a filter bubble.
I understand, that they advertise their own service here. And while I do believe, that DuckDuckGo does not cheat and keeps your searches private, as a user, one cannot prove it. In any case, one just replaces one centralised search machine with another one. Better use a decentralised service, such as meta search engine Searx.
Android -> iOS (paid)
The most popular alternative to Android is of course iOS, which offers easy device encryption and encrypted messaging via iMessage by default. We also have tips to increase privacy protection on your iPhone or iPad.
This is certainly the worst recommendation in their list. I had to check the date of the article, when I read this. Aprils Fool's Day? I'm certainly not a fan of Android and I'm not an Android user anymore, but going for a much more restrictive jail is just stupid. Android has at least relatively free versions, e.g. Replicant. iOS, in contrast, is a carcel with beautifully painted walls. Very high walls with perfectly styled barbed wire on top. Even the most proprietary variants of Android let you at least install free software from F-Droid.org.

If you don't want to use Android anymore, like myself, better go for a free alternative, e.g. support the Librem 5 crowdfunding, or the Pyra handheld or the ZeroPhone, all three running the free Debian operating system.
Google Allo -> Signal (free)
There are several services offering private messaging but, as we've mentioned before, Signal gets our recommendation. It offers free, end-to-end encryption for both messages and private calls. It's also recommended by Edward Snowden and renowned security expert Bruce Schneier, among others.
Again, they recommend to leave one centralised service for another one. And one, that even wants your phone number, otherwise you can't use it. And one, that does not yet have a decent client for Linux. There are messengers around that are federated or completely decentralised, that do not force you give them your phone number, and that have native clients for all major operating systems. My recommendation is XMPP. If you are on Linux, use e.g. Gajim, on Android the best app is probably Conversations, for iOS there is ChatSecure and so on. Alternatives to XMPP are Ring, Matrix and more recently Wire.

Benjamin Franklin wrote in 1755:
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
One should also not give up libre software, which is essential in many ways, to purchase a little perceived safety or privacy through non-free or centralised services.

#duckduckgo #google #searx #replicant #fdroid #librem5 #pyra #zerophone #debian #xmpp #gajim #conversations #chatsecure #ring #matrix #wire

How to Live Without Google

Google tracking is more pervasive than most people realize. We show you some alternatives to Google services to limit your exposure.
 

Debian Day in Varese

Immagine/foto

The decorations *may* have been changed a bit from the way they originally came from the restaurant kitchen... :D

#debian @Gruppo Linux Como @LIFO
 
#debian #stretch #libreoffice #gnome #bug

[gl-como] libreoffice -crash su debian stretch - architettura i386

Siccome ho pc scrausi sparsi per tutto il pianeta :) ho ricevuto
lamentele da gente imbufalita per il fatto che non riescono più ad
utilizzarlo...

Il bug è noto, e non ci hanno ancora messo una pezza, ma si può evitare
il crash "segando" l'integrazione con le GTK (per chi le usa)..
Palms, buildings and cloudy weather with a high chance of rain

Immagine/foto

and then, not seen on the picture because privacy, a group of geeks typing on their laptops while sitting in sight of a swimming pool.

Yes, I'm at #Debian SunCamp, and other than some intermittent issues with the "sun" part this is preparing to be a good and hopefully productive time!
 

[Luxembourg University sponsors Free Software developers



](https://joinup.ec.europa.eu/community/osor/news/luxembourg-university-sponsors-open-source-developers)

“We want to extend the lifespan of the Debian releases to at least 5
years in order to provide a stable and safe environment for our
researchers”, system administrator Cartiaux says.

#Debian #FreeSoftware #Luxembourg

Luxembourg University sponsors open source developers | Joinup

Luxembourg University sponsors open source developers | Joinup
 

[Luxembourg University sponsors Free Software developers



](https://joinup.ec.europa.eu/community/osor/news/luxembourg-university-sponsors-open-source-developers)

“We want to extend the lifespan of the Debian releases to at least 5
years in order to provide a stable and safe environment for our
researchers”, system administrator Cartiaux says.

#Debian #FreeSoftware #Luxembourg

Luxembourg University sponsors open source developers | Joinup

Luxembourg University sponsors open source developers | Joinup
 



You broke the Internet



Now let's build a GNU one



Details: Yellow is for projects in development while green is for those that are available. Red illustrates brands that lose their monopoly condition once the respective layers are fully operational whereas light red indicates faulty technologies that we must replace.

Strongly recommend checking out the source website: http://youbroketheinternet.org/

Some related tags: #internet #surveillance #freesoftware #gnu #linux #security #netsec #crypto #ipfs #gpg #pgp #encryption #cryptocat #mumble #GNS #guix #nix #bittorrent #faceboogle #tor #I2P #otr #librecmc #libreboot #fsf #eff #ccc #pirateparty #pirates #ricochet #gnunet #freenet #android #replicant #grothoff #signal #libresignal #taler #gnutaler #youbroketheinternet #selfhosting #decentralization #selfhosted #tox #xmpp #jitsi #pond #PSYC #Tahoe-LAFS #retroshare #cjdns #onionshare #cryptocat #briar #maidsafe #coreboot #tribler #axolotl #zeroqm #bitmessage #cloud #skype #twitter #microsoft #rhizome #rina #netsukuku #tails #debian #freedombox #freedombone #ethos #qubes #whonix #guixSD #gentoo #zyre #reproduciblebuilds #openwrt #BMX7 #net2o #ethereum #copperheadOS #federation #dns #smtp #dane #blackadder #globaleaks #redphone #2020 #mesh #pulse #heartbeat

#youbroketheinternet

#youbroketheinternet
 
Immagine/foto

Estas aun a tiempo de incorporarte al taller de syadmin en el HSRE



Estaremos por mumble y por etherpad y en Lorenzo Boturini 61, Colonia Obrera, exDF, México.

http://ranchoelectronico.org/taller-de-sysadmin-2017/

#sysadmin #mumble #mexico #administraciondesistemas #servidores #debian #ranchoelectronico
 
Immagine/foto

Estas aun a tiempo de incorporarte al taller de syadmin en el HSRE



Estaremos por mumble y por etherpad y en Lorenzo Boturini 61, Colonia Obrera, exDF, México.

http://ranchoelectronico.org/taller-de-sysadmin-2017/

#sysadmin #mumble #mexico #administraciondesistemas #servidores #debian #ranchoelectronico
 
[share author='debacle' profile='https://framasphere.org/u/debacle' avatar='http://social.gl-como.it/photo/c0331be42ef79e267daede8005dc9a5c-5.jpg' guid='b15ec4e0bd580134f40a2a0000053625' posted='2017-01-15 13:59:01' link='https://framasphere.org/posts/b15ec4e0bd580134f40a2a0000053625']

Please help DebianMobile!



If you care about open hardware and free software, if you care about a trustworthy operating system in your pocket, please consider to help getting Debian run on mobile devices. Join the effort and let's see, what can be achieved. Currently, this is a hackers/developers party, there is not much for end users, yet, so please be warned and don't hold your breath. #debian #debianmobile #openhardware #freesoftware #mobile #handheld #pyra #neo900 #zerophone

Mobile - Debian Wiki



@Gruppo Linux Como[/share]
 
[share author='debacle' profile='https://framasphere.org/u/debacle' avatar='http://social.gl-como.it/photo/c0331be42ef79e267daede8005dc9a5c-5.jpg' guid='b15ec4e0bd580134f40a2a0000053625' posted='2017-01-15 13:59:01' link='https://framasphere.org/posts/b15ec4e0bd580134f40a2a0000053625']

Please help DebianMobile!



If you care about open hardware and free software, if you care about a trustworthy operating system in your pocket, please consider to help getting Debian run on mobile devices. Join the effort and let's see, what can be achieved. Currently, this is a hackers/developers party, there is not much for end users, yet, so please be warned and don't hold your breath. #debian #debianmobile #openhardware #freesoftware #mobile #handheld #pyra #neo900 #zerophone

Mobile - Debian Wiki



@Gruppo Linux Como[/share]
 
[share author='debacle' profile='https://framasphere.org/u/debacle' avatar='http://social.gl-como.it/photo/c0331be42ef79e267daede8005dc9a5c-5.jpg' guid='b15ec4e0bd580134f40a2a0000053625' posted='2017-01-15 13:59:01' link='https://framasphere.org/posts/b15ec4e0bd580134f40a2a0000053625']

Please help DebianMobile!



If you care about open hardware and free software, if you care about a trustworthy operating system in your pocket, please consider to help getting Debian run on mobile devices. Join the effort and let's see, what can be achieved. Currently, this is a hackers/developers party, there is not much for end users, yet, so please be warned and don't hold your breath. #debian #debianmobile #openhardware #freesoftware #mobile #handheld #pyra #neo900 #zerophone

Mobile - Debian Wiki



@Gruppo Linux Como[/share]
 
[share author='debacle' profile='https://framasphere.org/u/debacle' avatar='http://social.gl-como.it/photo/c0331be42ef79e267daede8005dc9a5c-5.jpg' guid='b15ec4e0bd580134f40a2a0000053625' posted='2017-01-15 13:59:01' link='https://framasphere.org/posts/b15ec4e0bd580134f40a2a0000053625']

Please help DebianMobile!



If you care about open hardware and free software, if you care about a trustworthy operating system in your pocket, please consider to help getting Debian run on mobile devices. Join the effort and let's see, what can be achieved. Currently, this is a hackers/developers party, there is not much for end users, yet, so please be warned and don't hold your breath. #debian #debianmobile #openhardware #freesoftware #mobile #handheld #pyra #neo900 #zerophone

Mobile - Debian Wiki



@Gruppo Linux Como[/share]
 
[share author='debacle' profile='https://framasphere.org/u/debacle' avatar='http://social.gl-como.it/photo/c0331be42ef79e267daede8005dc9a5c-5.jpg' guid='b15ec4e0bd580134f40a2a0000053625' posted='2017-01-15 13:59:01' link='https://framasphere.org/posts/b15ec4e0bd580134f40a2a0000053625']

Please help DebianMobile!



If you care about open hardware and free software, if you care about a trustworthy operating system in your pocket, please consider to help getting Debian run on mobile devices. Join the effort and let's see, what can be achieved. Currently, this is a hackers/developers party, there is not much for end users, yet, so please be warned and don't hold your breath. #debian #debianmobile #openhardware #freesoftware #mobile #handheld #pyra #neo900 #zerophone

Mobile - Debian Wiki



@Gruppo Linux Como[/share]
 

Please help DebianMobile!



If you care about open hardware and free software, if you care about a trustworthy operating system in your pocket, please consider to help getting Debian run on mobile devices. Join the effort and let's see, what can be achieved. Currently, this is a hackers/developers party, there is not much for end users, yet, so please be warned and don't hold your breath. #debian #debianmobile #openhardware #freesoftware #mobile #handheld #pyra #neo900 #zerophone

Mobile - Debian Wiki

 



Ya se congeló #Debian9 ¿Más aún?



http://www.phoronix.com/scan.php?page=news_item&px=Debian-Stretch-Frozen

#Debian #Frozen #GNU #linux

Linux Hardware Reviews, Open-Source Benchmarks & Linux Performance - Phoronix

Phoronix is the leading technology website for Linux hardware reviews, open-source news, Linux benchmarks, open-source benchmarks, and computer hardware tests.
 



Ya se congeló #Debian9 ¿Más aún?



http://www.phoronix.com/scan.php?page=news_item&px=Debian-Stretch-Frozen

#Debian #Frozen #GNU #linux

Linux Hardware Reviews, Open-Source Benchmarks & Linux Performance - Phoronix

Phoronix is the leading technology website for Linux hardware reviews, open-source news, Linux benchmarks, open-source benchmarks, and computer hardware tests.
 
The Windows(TM)(c)(shit) stress ... a new psycological disease.

I feel seek...each time someone ask me for help to tune or install things on Windows, I feel bad...realy bad.
OK the only one person able to ask me for help on Windows is my father...
But...this evening...He asked me ton install a USB/wifi plug...

I was thinking "Ho no...not Wifi on Windows !"

Guess what ?

I came with my Debian Lapy, it was...well you know, 20 to 30 sec and it was connected.
The Android tablet...my parent's tablet...Linux then...ok, connected, same.

Windows and the USB/Wifi plug...not working after struggling 1 hour with this fucking and fucked system !
I said my parents "I want to live in a country where Windows is prohibited...it's not a system...it's a cash machine for it's owner but it's working only for him, as a system, it's not working. Look...that's a system...ok let's reboot both..."
I rebooted the Windows and My Debian...of course Debian...12sec for the login screen, somthing like this...Windows...2mins.
Ok I have a SSD in the lapy while the Windows PC has a classic HD, but the rest of the hardware is almost equal.

We sill go RJ45 wire cables to the optical fiber box...

Don't anymore let people think Windows is a system.

#Linux #GNU-Linux #BSD #Windows #Debian
 
I decided I want to give #Wayland a shot. The problem is that it seems that Wayland only works on #GNOME3, and so far my experience with a #Debian #Stretch GNOME session on Wayland is: too many bugs.

The first: SSH_AUTH_SOCK gets set to /run/user/1000/keyring/ssh, but there's no such socket. My current workaround: generate / connect to an existing SSH agent. Yeah, this is what happens when you can't start them all from the same session. I used to use a variation of this for sharing a single ssh-agent instance for multiple logins to a remote server: This is to be sourced (.) from somewhere:

_fix_ssh_agent_info() {
local ssh_socket ssh_pid
local my_uid=$(id -u)
ssh_socket=$(find /tmp/ssh-*/agent.* -uid "$my_uid" | head -n1)
if [ "$ssh_socket" = '' ]; then
eval ssh-agentreturn
fi
ssh_pid=${ssh_socket##*.}

export SSH_AUTH_SOCK="$ssh_socket" SSH_AGENT_PID="$ssh_pid"
}

case "$SSH_AUTH_SOCK" in
/run/user/*/keyring/ssh) _fix_ssh_agent_info;;
esac

unset _fix_ssh_agent_info
 
The Windows(TM)(c)(shit) stress ... a new psycological disease.

I feel seek...each time someone ask me for help to tune or install things on Windows, I feel bad...realy bad.
OK the only one person able to ask me for help on Windows is my father...
But...this evening...He asked me ton install a USB/wifi plug...

I was thinking "Ho no...not Wifi on Windows !"

Guess what ?

I came with my Debian Lapy, it was...well you know, 20 to 30 sec and it was connected.
The Android tablet...my parent's tablet...Linux then...ok, connected, same.

Windows and the USB/Wifi plug...not working after struggling 1 hour with this fucking and fucked system !
I said my parents "I want to live in a country where Windows is prohibited...it's not a system...it's a cash machine for it's owner but it's working only for him, as a system, it's not working. Look...that's a system...ok let's reboot both..."
I rebooted the Windows and My Debian...of course Debian...12sec for the login screen, somthing like this...Windows...2mins.
Ok I have a SSD in the lapy while the Windows PC has a classic HD, but the rest of the hardware is almost equal.

We sill go RJ45 wire cables to the optical fiber box...

Don't anymore let people think Windows is a system.

#Linux #GNU-Linux #BSD #Windows #Debian
 
How To Secure #Nginx with #LetsEncrypt on #Debian 8 https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-debian-8 #web #security #certificate
Let's Encrypt is a new Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, certbot (previously
 
Preseeding a debian installation from the standard installer is as easy as pressing ESC at the right time and pointing it to the url of your preseed file, right?

It is, except when you're using libreboot, and you never pass through that “right time”, because you are skipping the installer's grub.

So, for future reference, here is the right incantation to use at the command line that you get by pressing c at the libreboot menu:


linux (usb0)/install.amd/vmlinuz auto=true url=http://webserver/path/preseed.cfg
initrd (usb0)/install.amd/initrx
boot


simple, once you've found it...

(ok, it took me less than one hour, but I don't want it to take another hour the next time)

#coreboot #libreboot #debian #preseed
 

Preseeding a debian installation on a libreboot computer

Preseeding a debian installation from the standard installer is as easy as pressing ESC at the right time and pointing it to the url of your preseed file, right?

It is, except when you're using libreboot, and you never pass through that “right time”, because you are skipping the installer's grub.

So, for future reference, here is the right incantation to use at the command line that you get by pressing c at the libreboot menu:


linux (usb0)/install.amd/vmlinuz auto=true url=http://webserver/path/preseed.cfg
initrd (usb0)/install.amd/initrx
boot


simple, once you've found it...

(ok, it took me less than one hour, but I don't want it to take another hour the next time)

#coreboot #libreboot #debian #preseed
 
Immagine/foto
#Debian 9 + #Xfce: parfait ! Et l'installation prend à peu près le temps d'une demi mise à jours forcée #Windows10 :p
 
Immagine/foto
#Debian 9 + #Xfce: parfait ! Et l'installation prend à peu près le temps d'une demi mise à jours forcée #Windows10 :p
 

Some pictures of the latest #Pyra #ptototype revision



Here are some pictures of the latest prototype revision posted by Evil Dragon on the Pyra-Forum















#handheld #hardware #linux #debian #opensource #pyra-handheld

With full steam into the new year!

What traits does it improve?
 

Some pictures of the latest #Pyra #ptototype revision



Here are some pictures of the latest prototype revision posted by Evil Dragon on the Pyra-Forum















#handheld #hardware #linux #debian #opensource #pyra-handheld

With full steam into the new year!

What traits does it improve?
 

manpages.debian.org has been modernized!


https://manpages.debian.org has been modernized! We have just launched a major update to our manpage repository. What used to be served via a CGI script is now a statically generated website, and therefore blazingly fast.

#debian #freesoftware #manual #manpage #manpages

manpages.debian.org has been modernized!

 

Modern XMPP Server



by Elena ``of Valhalla''



reposted here to get the tags right


I've published a new HOWTO on my website:

Enrico already wrote about the Why (and the What, Who and When), so I'll just quote his conclusion and move on to the How.
I now have an XMPP setup which has all the features of the recent fancy chat systems, and on top of that it runs, client and server, on Free Software, which can be audited, it is federated and I can self-host my own server in my own VPS if I want to, with packages supported in Debian.

How



I've decided to install prosody, mostly because it was recommended by the RTC QuickStart Guide; I've heard that similar results can be reached with ejabberd and other servers.

I'm also targeting Debian stable (+ backports); as I write this is jessie; if there are significant differences I will update this article when I will upgrade my server to stretch. Right now, this means that I'm using prosody 0.9 (and that's probably also the version that will be available in stretch).

Installation and prerequisites



You will need to enable the backports repository and then install the packages prosody and prosody-modules.

You also need to setup some TLS certificates (I used Let's Encrypt); and make them readable by the prosody user; you can see Chapter 12 of the RTC QuickStart Guide for more details.

On your firewall, you'll need to open the following TCP ports:
  • 5222 (client2server)
  • 5269 (server2server)
  • 5280 (default http port for prosody)
  • 5281 (default https port for prosody)
The latter two are needed to enable some services provided via http(s), including rich media transfers.

With just a handful of users, I didn't bother to configure LDAP or anything else, but just created users manually via:
prosodyctl adduser alice@example.org
In-band registration is disabled by default (and I've left it that way, to prevent my server from being used to send spim).

prosody configuration



You can then start configuring prosody by editing /etc/prosody/prosody.cfg.lua and changing a few values from the distribution defaults.

First of all, enforce the use of encryption and certificate checking both for client2server and server2server communications with:
c2s_require_encryption = true<br></br>s2s_secure_auth = true
and then, sadly, add to the whitelist any server that you want to talk to and doesn't support the above:
s2s_insecure_domains = { "gmail.com" }

virtualhosts



For each virtualhost you want to configure, create a file /etc/prosody/conf.avail/chat.example.org.cfg.lua with contents like the following:
VirtualHost "chat.example.org"
enabled = true
ssl = {
key = "/etc/ssl/private/example.org-key.pem";
certificate = "/etc/ssl/public/example.org.pem";
}

For the domains where you also want to enable MUCs, add the follwing lines:
Component "conference.chat.example.org" "muc"
restrict_room_creation = "local"

the "local" configures prosody so that only local users are allowed to create new rooms (but then everybody can join them, if the room administrator allows it): this may help reduce unwanted usages of your server by random people.

You can also add the following line to enable rich media transfers via http uploads (XEP-0363):
Component "upload.chat.trueelena.org" "http_upload"
The defaults are pretty sane, but see https://modules.prosody.im/mod_http_upload.html for details on what knobs you can configure for this module

Don't forget to enable the virtualhost by linking the file inside /etc/prosody/conf.d/.

additional modules



Most of the other interesting XEPs are enabled by loading additional modules inside /etc/prosody/prosody.cfg.lua (under modules_enabled); to enable mod_something just add a line like:
"something";
Most of these come from the prosody-modules package (and thus from https://modules.prosody.im/ ) and some may require changing when prosody 0.10 will be available; when this is the case it is mentioned below.
  • mod_carbons (XEP-0280) To keep conversations syncronized while using multiple devices at the same time.

    This will be included by default in prosody 0.10.
  • mod_privacy + mod_blocking (XEP-0191) To allow user-controlled blocking of users, including as an anti-spim measure.

    In prosody 0.10 these two modules will be replaced by mod_privacy.
  • mod_smacks (XEP-0198) Allow clients to resume a disconnected session before a customizable timeout and prevent message loss.
  • mod_mam (XEP-0313) Archive messages on the server for a limited period of time (default 1 week) and allow clients to retrieve them; this is required to syncronize message history between multiple clients.

    With prosody 0.9 only an in-memory storage backend is available, which may make this module problematic on servers with many users. prosody 0.10 will fix this by adding support for an SQL backed storage with archiving capabilities.
  • mod_throttle_presence + mod_filter_chatstates (XEP-0352) Filter out presence updates and chat states when the client announces (via Client State Indication) that the user isn't looking. This is useful to reduce power and bandwidth usage for "useless" traffic.
#xmpp #prosody #debian #jabber

Modern XMPP Server

I've published a new HOWTO on my website:

Enrico already wrote about the Why (and the What, Who and When), so I'll just quote his conclusion and move on to the How.

»I now have an XMPP setup which has all the features of the recent fancy chat systems, and on top of that it runs, client and server, on Free Software, which can be audited, it is federated and I can self-host my own server in my own VPS if I want to, with packages supported in Debian.«

*How*

I've decided to install prosody, mostly because it was recommended by the RTC QuickStart Guide; I've heard that similar results can be reached with ejabberd and other servers.

I'm also targeting Debian stable (+ backports); as I write this is jessie; if there are significant differences I will update this article when I will upgrade my server to stretch. Right now, this means that I'm using prosody 0.9 (and that's probably also the version that will be available in stretch).

*Installation and prerequisites*

You will need to enable the backports repository and then install the packages prosody and prosody-modules.

You also need to setup some TLS certificates (I used Let's Encrypt); and make them readable by the prosody user; you can see Chapter 12 of the RTC QuickStart Guide for more details.

On your firewall, you'll need to open the following TCP ports:

* 5222 (client2server)

* 5269 (server2server)

* 5280 (default http port for prosody)

* 5281 (default https port for prosody)

The latter two are needed to enable some services provided via http(s), including rich media transfers.

With just a handful of users, I didn't bother to configure LDAP or anything else, but just created users manually via:

prosodyctl adduser alice@example.org

In-band registration is disabled by default (and I've left it that way, to prevent my server from being used to send spim).

*prosody configuration*

You can then start configuring prosody by editing /etc/prosody/prosody.cfg.lua and changing a few values from the distribution defaults.

First of all, enforce the use of encryption and certificate checking both for client2server and server2server communications with:

c2s_require_encryption = true
s2s_secure_auth = true

and then, sadly, add to the whitelist any server that you want to talk to and doesn't support the above:

s2s_insecure_domains = { "gmail.com" }

*virtualhosts*

For each virtualhost you want to configure, create a file /etc/prosody/conf.avail/chat.example.org.cfg.lua with contents like the following:

VirtualHost "chat.example.org"
enabled = true
ssl = {
key = "/etc/ssl/private/example.org-key.pem";
certificate = "/etc/ssl/public/example.org.pem";
}

For the domains where you also want to enable MUCs, add the follwing lines:

Component "conference.chat.example.org" "muc"
restrict_room_creation = "local"

the "local" configures prosody so that only local users are allowed to create new rooms (but then everybody can join them, if the room administrator allows it): this may help reduce unwanted usages of your server by random people.

You can also add the following line to enable rich media transfers via http uploads (XEP-0363):

Component "upload.chat.trueelena.org" "http_upload"

The defaults are pretty sane, but see https://modules.prosody.im/mod_http_upload.html for details on what knobs you can configure for this module

Don't forget to enable the virtualhost by linking the file inside /etc/prosody/conf.d/.

*additional modules*

Most of the other interesting XEPs are enabled by loading additional modules inside /etc/prosody/prosody.cfg.lua (under modules_enabled); to enable mod_something just add a line like:

"something";

Most of these come from the prosody-modules package (and thus from https://modules.prosody.im/ ) and some may require changing when prosody 0.10 will be available; when this is the case it is mentioned below.

* mod_carbons (XEP-0280)
To keep conversations syncronized while using multiple devices at the same time.

This will be included by default in prosody 0.10.

* mod_privacy + mod_blocking (XEP-0191)
To allow user-controlled blocking of users, including as an anti-spim measure.

In prosody 0.10 these two modules will be replaced by mod_privacy.

* mod_smacks (XEP-0198)
Allow clients to resume a disconnected session before a customizable timeout and prevent message loss.

* mod_mam (XEP-0313)
Archive messages on the server for a limited period of time (default 1 week) and allow clients to retrieve them; this is required to syncronize message history between multiple clients.

With prosody 0.9 only an in-memory storage backend is available, which may make this module problematic on servers with many users. prosody 0.10 will fix this by adding support for an SQL backed storage with archiving capabilities.

* mod_throttle_presence + mod_filter_chatstates (XEP-0352)
Filter out presence updates and chat states when the client announces (via Client State Indication) that the user isn't looking. This is useful to reduce power and bandwidth usage for "useless" traffic.

@Gruppo Linux Como @LIFO
 
[share author='debacle' profile='https://framasphere.org/u/debacle' avatar='http://social.gl-como.it/photo/c0331be42ef79e267daede8005dc9a5c-5.jpg' guid='b15ec4e0bd580134f40a2a0000053625' posted='2017-01-15 13:59:01' link='https://framasphere.org/posts/b15ec4e0bd580134f40a2a0000053625']

Please help DebianMobile!



If you care about open hardware and free software, if you care about a trustworthy operating system in your pocket, please consider to help getting Debian run on mobile devices. Join the effort and let's see, what can be achieved. Currently, this is a hackers/developers party, there is not much for end users, yet, so please be warned and don't hold your breath. #debian #debianmobile #openhardware #freesoftware #mobile #handheld #pyra #neo900 #zerophone

Mobile - Debian Wiki



@Gruppo Linux Como[/share]
 

Please help DebianMobile!



If you care about open hardware and free software, if you care about a trustworthy operating system in your pocket, please consider to help getting Debian run on mobile devices. Join the effort and let's see, what can be achieved. Currently, this is a hackers/developers party, there is not much for end users, yet, so please be warned and don't hold your breath. #debian #debianmobile #openhardware #freesoftware #mobile #handheld #pyra #neo900 #zerophone

Mobile - Debian Wiki



@Gruppo Linux Como
 

Please help DebianMobile!



If you care about open hardware and free software, if you care about a trustworthy operating system in your pocket, please consider to help getting Debian run on mobile devices. Join the effort and let's see, what can be achieved. Currently, this is a hackers/developers party, there is not much for end users, yet, so please be warned and don't hold your breath. #debian #debianmobile #openhardware #freesoftware #mobile #handheld #pyra #neo900 #zerophone

Mobile - Debian Wiki

 

Updated Debian 8: 8.7 released


The Debian project is pleased to announce the seventh update of its stable distribution Debian 8 (codename "jessie"). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were already published separately and are referenced where available.

[ #OS #Linux #Debian ]

Debian -- News -- Updated Debian 8: 8.7 released

 

Attention all Freedom Fighters!



The #LibreNetSA #Diaspora* pod has been offline for the last few days. Yes, we noticed it as well.

The problem was caused during a routine upgrade of the pod. It turns out that #Trisquel 7 did not have the new version of #OpenSSL that the new version of #Ruby required. After the upgrade failed, we were unable to rollback the changes, leaving no other option than to reimage the server.

That has been done now, and the D* pod is back online!

Notable changes: - The server is running #Debian 8.6 - We are now running the very latest version of Diaspora: Version 0.6.2.0 - We have decided to abandon the #XMPP server, and adopt #Matrix / #Riot as the primary chat system. You can find it HERE
  • IF you are actively using the XMPP for chatting and find yourself dismayed at this change, please feel free to PM: /u/falgn0n
  • If enough people rely on and use the XMPP for #chat, we will certainly restore it
Any other questions, as always, please don't hesitate to get in touch.

Riot Webchat -> join the room 'LibreNetSA' (as a guest if you like, or sign up)



Your friendly neighbourhood Podmins:
DeviantAndFalgn0n

#Podmin
 

Attention all Freedom Fighters!



The #LibreNetSA #Diaspora* pod has been offline for the last few days. Yes, we noticed it as well.

The problem was caused during a routine upgrade of the pod. It turns out that #Trisquel 7 did not have the new version of #OpenSSL that the new version of #Ruby required. After the upgrade failed, we were unable to rollback the changes, leaving no other option than to reimage the server.

That has been done now, and the D* pod is back online!

Notable changes: - The server is running #Debian 8.6 - We are now running the very latest version of Diaspora: Version 0.6.2.0 - We have decided to abandon the #XMPP server, and adopt #Matrix / #Riot as the primary chat system. You can find it HERE
  • IF you are actively using the XMPP for chatting and find yourself dismayed at this change, please feel free to PM: /u/falgn0n
  • If enough people rely on and use the XMPP for #chat, we will certainly restore it
Any other questions, as always, please don't hesitate to get in touch.

Riot Webchat -> join the room 'LibreNetSA' (as a guest if you like, or sign up)



Your friendly neighbourhood Podmins:
DeviantAndFalgn0n

#Podmin
 

Pyra Handheld: 1000 sold!



For the friends of the decimal system and the believers of the importance of many trailing zeros: Pyra handheld sold already 1000 times - that is 3e8 in hex, an impressive number!

Now let's wait, until they get the thing ready...

#pyra #debian #freesoftware #almostopenhardware #handheld #dragonbox #openpandora

Pyra Handheld

 
nuovi vecchi