Re: [Server-devel] XS testing
Thanks for your point about the 'headless' server. The install usb must ensure that ssh access from an XO is sufficient to complete the install process. As far as I know all of our installed servers will be headless. This means the first two 'tests' should be changed: >> 1. Reboot the server and log in as root. >> 2. From an XO verify that it can connect with the server network. 1. Reboot the server and log in as root from an XO using SSH. I don't think it makes any difference in the implementation if the usb drive is used to install XS at the 'depot' or at the school. At the 'depot', it may be desirable to have the servers boot from the network. As I understand it, this can be done using the same files used to create the usb drive. Incidentally, one point in favor of a laptop as server is that it's battery may come in handy in schools with unstable power. Tony Martin Langhoff wrote: > On Tue, Oct 7, 2008 at 7:04 AM, Tony Anderson <[EMAIL PROTECTED]> wrote: >> What I think we need urgently is a simple procedure someone in the field can >> use to verify an XS installation. It has to be simple and effective, because >> this person is also bringing up a school-set of XOs. > > This is great. I had not thought of this, but the moment Bryan > mentioned I clicked with it. Excellent idea. > >> Our model is that the installer has a usb drive with XS to install at the >> school. We hope that the embedded install script will provide a complete >> configuration including network, firewall, and Moodle. > > This is one of the possible scenarios, and likely to be common in > pilots. In large deployments it makes sense to preinstall the XS image > at HQ because > > - it can be done in parallel > - OS install can be network-based > - Additional content can be installed via the network > - checks that the machine works while there's a good chance you have > spare parts too! :-) > > Which is a long-winded way of saying: we need to take multiple > scenarios into account. In some of the scenarios the user may not have > root access or shell access. In some scenarios, the machine will be > completely headless... > >> The installer should >> then do things like: >> >> 1. Reboot the server and log in as root. >> 2. From an XO verify that it can connect with the server network. >> 3. From an XO verify that the 'schoolserver' link on the browser displays >> the Moodle site page. >> 4. From an XO verify that the browser can access the OLPC Wiki. >> 5. Verify that the XO sees ejabberd (telepathy-gabble) >> 6. Verify that two XOs connected via ejabberd can see and 'chat' with each >> other. >> 7. Verify that an XO receives access denied attempting to download an exe >> file >> 8. Verify that the XO can log in to a Moodle course with the correct student >> identification. > > Good list. Here's my challenge: I think we can do everything in the > list without logging in / using the shell console at all on the XS. > >> Naturally, I am hoping for suggestions of additional essential server >> capabilities that need to be tested (e.g. verifying backup/restore of the >> journal/datastore, access the library, install an activity). >> However, we need to be careful to keep it simple and avoid testing features. > > Agreed. If the tests are simple enough, they can even be performed by > a teacher, which means that the local team has a goodtool to use > before they send a technician to the field. > > So we'd have 2 sets: > - tests you can run from an XO > - addittional tests you can run if you have shell / root access > > what do you think? > > > > m ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Memory use with SSL connections
Until Sugar has a better model for collaboration, anything over about 500 users is moot. (Thanks for testing it all the way up to 2K users). The problem is that the laptop UI will try to show all the users on the server in the neighborhood view... Can you try to connect an XO to the server with over 500 hyperactivity users, and see what breaks ? Certainly we are interested in finding and fixing the bottlenecks, but I don't think pushing past 500 users is critical at this time. On the other hand, supporting virtual machines so we can have five ejabber instances running on a server (w. sufficient RAM) might be an interesting topic to pursue... Cheers, wad On Oct 6, 2008, at 1:07 AM, Douglas Bagnall wrote: > hi > > I'm testing a slightly modified ejabberd 2.0.1 for OLPC, and am seeing > quite high memory use -- a 1GB machine is unreliable beyond 2000 > connections. There are pictures here: > > http://wiki.laptop.org/go/ > Ejabberd_resource_tests#Try_4:_a_few_thousand_users > > OLPC's XO laptops use (old style) SSL connections, and these results > are in the same order of magnitude that Sean Dilda reported in May: > > http://lists.jabber.ru/pipermail/ejabberd/2008-May/003676.html > >> For 2,000 SSL connections it'll take around 1GB of RAM. For 2,000 >> plaintext connections, it'll take around 150MB. I'm seeing similar >> results for the old port 5223 tls and using starttls on port 5222. > > Does anyone have any tips, patches, or configuration options that > might help? > > regards, > > > Douglas Bagnall > ___ > Server-devel mailing list > Server-devel@lists.laptop.org > http://lists.laptop.org/listinfo/server-devel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] physical security issue
Actually, Walter, we still hold hope for XOs as school servers for very small schools.The problem with this is insufficient memory and insufficient disk space. While an external disk may alleviate the second problem, it has poor reliability and is a very attractive item for theft. But there is nothing stopping a regular laptop from serving as a school server. An external network interface may be needed for the upstream connection. wad On Oct 7, 2008, at 11:25 PM, Walter Bender wrote: > Clarification: the XO is not the laptop I am proposing for the server. > Wad can speak to this. > > -walter > > On Tue, Oct 7, 2008 at 11:24 PM, Walter Bender > <[EMAIL PROTECTED]> wrote: >> One idealet (not worthy of being called an idea): What if the server >> were a laptop that the teacher could take with him/her? Pros: The >> school need not be secure. Cons: Price, and of course, laptops can be >> stolen. But it does put the server in the hands of a presumably >> trusted individual in the community. >> >> -walter >> >> On Tue, Oct 7, 2008 at 11:20 PM, Sameer Verma <[EMAIL PROTECTED]> >> wrote: >>> On Tue, Oct 7, 2008 at 8:00 PM, John Watlington <[EMAIL PROTECTED]> >>> wrote: You keep pushing for centrally hosted school servers. Are you sure you don't work for the phone company ? >>> >>> Last time I checked, San Francisco State University wasn't in the >>> telco business. >>> Again, unless you have a 100 Mbit connection from the school to the upstream ISP, you will need something with a disk and a significant amount of memory present in the school. >>> >>> OK. >>> I don't disagree about the need for physical security of the machine, just the proposed solution. >>> >>> OK. Any other solutions? I'm all ears. >>> >>> Sameer >>> wad On Oct 7, 2008, at 10:47 PM, Sameer Verma wrote: > As if discussions on this list aren't lively enough, here's > another > issue to look at. > > While I was in Jamaica, I met with several people who work with > their > school districts, and many pointed out that if a server was to > stay > physically resident at the school, it will need a lot of physical > security. The most common problem is theft. The other problem > will be > physical damage (just because somebody can). It is not uncommon in > some of these > > If the school server is hosted at an ISP upstream, we need > something > small (maybe an XO?) at the school that can VLAN or VPN over to > the > school server at the ISP/Data Center. > > Any ideas? > > cheers, > Sameer > -- > Dr. Sameer Verma, Ph.D. > Associate Professor of Information Systems > San Francisco State University > San Francisco CA 94132 USA > http://verma.sfsu.edu/ > http://opensource.sfsu.edu/ > ___ > Server-devel mailing list > Server-devel@lists.laptop.org > http://lists.laptop.org/listinfo/server-devel >>> ___ >>> Server-devel mailing list >>> Server-devel@lists.laptop.org >>> http://lists.laptop.org/listinfo/server-devel >>> >> >> >> >> -- >> Walter Bender >> Sugar Labs >> http://www.sugarlabs.org >> > > > > -- > Walter Bender > Sugar Labs > http://www.sugarlabs.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] physical security issue
On Tue, Oct 7, 2008 at 11:24 PM, Walter Bender <[EMAIL PROTECTED]> wrote: > One idealet (not worthy of being called an idea): What if the server > were a laptop that the teacher could take with him/her? Pros: The > school need not be secure. Cons: Price, and of course, laptops can be > stolen. But it does put the server in the hands of a presumably > trusted individual in the community. One obvious problem is what happens if that teacher doesn't come to work today. In any school with more then one teacher, this would seem to be a potential problem. Bill Bogstad ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] physical security issue
Clarification: the XO is not the laptop I am proposing for the server. Wad can speak to this. -walter On Tue, Oct 7, 2008 at 11:24 PM, Walter Bender <[EMAIL PROTECTED]> wrote: > One idealet (not worthy of being called an idea): What if the server > were a laptop that the teacher could take with him/her? Pros: The > school need not be secure. Cons: Price, and of course, laptops can be > stolen. But it does put the server in the hands of a presumably > trusted individual in the community. > > -walter > > On Tue, Oct 7, 2008 at 11:20 PM, Sameer Verma <[EMAIL PROTECTED]> wrote: >> On Tue, Oct 7, 2008 at 8:00 PM, John Watlington <[EMAIL PROTECTED]> wrote: >>> >>> You keep pushing for centrally hosted school servers. >>> Are you sure you don't work for the phone company ? >>> >> >> Last time I checked, San Francisco State University wasn't in the >> telco business. >> >>> Again, unless you have a 100 Mbit connection from the >>> school to the upstream ISP, you will need something with >>> a disk and a significant amount of memory present in the >>> school. >>> >> >> OK. >> >>> I don't disagree about the need for physical security of >>> the machine, just the proposed solution. >>> >> >> OK. Any other solutions? I'm all ears. >> >> Sameer >> >>> wad >>> >>> On Oct 7, 2008, at 10:47 PM, Sameer Verma wrote: >>> As if discussions on this list aren't lively enough, here's another issue to look at. While I was in Jamaica, I met with several people who work with their school districts, and many pointed out that if a server was to stay physically resident at the school, it will need a lot of physical security. The most common problem is theft. The other problem will be physical damage (just because somebody can). It is not uncommon in some of these If the school server is hosted at an ISP upstream, we need something small (maybe an XO?) at the school that can VLAN or VPN over to the school server at the ISP/Data Center. Any ideas? cheers, Sameer -- Dr. Sameer Verma, Ph.D. Associate Professor of Information Systems San Francisco State University San Francisco CA 94132 USA http://verma.sfsu.edu/ http://opensource.sfsu.edu/ ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel >> ___ >> Server-devel mailing list >> Server-devel@lists.laptop.org >> http://lists.laptop.org/listinfo/server-devel >> > > > > -- > Walter Bender > Sugar Labs > http://www.sugarlabs.org > -- Walter Bender Sugar Labs http://www.sugarlabs.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] physical security issue
One idealet (not worthy of being called an idea): What if the server were a laptop that the teacher could take with him/her? Pros: The school need not be secure. Cons: Price, and of course, laptops can be stolen. But it does put the server in the hands of a presumably trusted individual in the community. -walter On Tue, Oct 7, 2008 at 11:20 PM, Sameer Verma <[EMAIL PROTECTED]> wrote: > On Tue, Oct 7, 2008 at 8:00 PM, John Watlington <[EMAIL PROTECTED]> wrote: >> >> You keep pushing for centrally hosted school servers. >> Are you sure you don't work for the phone company ? >> > > Last time I checked, San Francisco State University wasn't in the > telco business. > >> Again, unless you have a 100 Mbit connection from the >> school to the upstream ISP, you will need something with >> a disk and a significant amount of memory present in the >> school. >> > > OK. > >> I don't disagree about the need for physical security of >> the machine, just the proposed solution. >> > > OK. Any other solutions? I'm all ears. > > Sameer > >> wad >> >> On Oct 7, 2008, at 10:47 PM, Sameer Verma wrote: >> >>> As if discussions on this list aren't lively enough, here's another >>> issue to look at. >>> >>> While I was in Jamaica, I met with several people who work with their >>> school districts, and many pointed out that if a server was to stay >>> physically resident at the school, it will need a lot of physical >>> security. The most common problem is theft. The other problem will be >>> physical damage (just because somebody can). It is not uncommon in >>> some of these >>> >>> If the school server is hosted at an ISP upstream, we need something >>> small (maybe an XO?) at the school that can VLAN or VPN over to the >>> school server at the ISP/Data Center. >>> >>> Any ideas? >>> >>> cheers, >>> Sameer >>> -- >>> Dr. Sameer Verma, Ph.D. >>> Associate Professor of Information Systems >>> San Francisco State University >>> San Francisco CA 94132 USA >>> http://verma.sfsu.edu/ >>> http://opensource.sfsu.edu/ >>> ___ >>> Server-devel mailing list >>> Server-devel@lists.laptop.org >>> http://lists.laptop.org/listinfo/server-devel > ___ > Server-devel mailing list > Server-devel@lists.laptop.org > http://lists.laptop.org/listinfo/server-devel > -- Walter Bender Sugar Labs http://www.sugarlabs.org ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] physical security issue
On Tue, Oct 7, 2008 at 8:00 PM, John Watlington <[EMAIL PROTECTED]> wrote: > > You keep pushing for centrally hosted school servers. > Are you sure you don't work for the phone company ? > Last time I checked, San Francisco State University wasn't in the telco business. > Again, unless you have a 100 Mbit connection from the > school to the upstream ISP, you will need something with > a disk and a significant amount of memory present in the > school. > OK. > I don't disagree about the need for physical security of > the machine, just the proposed solution. > OK. Any other solutions? I'm all ears. Sameer > wad > > On Oct 7, 2008, at 10:47 PM, Sameer Verma wrote: > >> As if discussions on this list aren't lively enough, here's another >> issue to look at. >> >> While I was in Jamaica, I met with several people who work with their >> school districts, and many pointed out that if a server was to stay >> physically resident at the school, it will need a lot of physical >> security. The most common problem is theft. The other problem will be >> physical damage (just because somebody can). It is not uncommon in >> some of these >> >> If the school server is hosted at an ISP upstream, we need something >> small (maybe an XO?) at the school that can VLAN or VPN over to the >> school server at the ISP/Data Center. >> >> Any ideas? >> >> cheers, >> Sameer >> -- >> Dr. Sameer Verma, Ph.D. >> Associate Professor of Information Systems >> San Francisco State University >> San Francisco CA 94132 USA >> http://verma.sfsu.edu/ >> http://opensource.sfsu.edu/ >> ___ >> Server-devel mailing list >> Server-devel@lists.laptop.org >> http://lists.laptop.org/listinfo/server-devel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] physical security issue
You keep pushing for centrally hosted school servers. Are you sure you don't work for the phone company ? Again, unless you have a 100 Mbit connection from the school to the upstream ISP, you will need something with a disk and a significant amount of memory present in the school. I don't disagree about the need for physical security of the machine, just the proposed solution. wad On Oct 7, 2008, at 10:47 PM, Sameer Verma wrote: > As if discussions on this list aren't lively enough, here's another > issue to look at. > > While I was in Jamaica, I met with several people who work with their > school districts, and many pointed out that if a server was to stay > physically resident at the school, it will need a lot of physical > security. The most common problem is theft. The other problem will be > physical damage (just because somebody can). It is not uncommon in > some of these > > If the school server is hosted at an ISP upstream, we need something > small (maybe an XO?) at the school that can VLAN or VPN over to the > school server at the ISP/Data Center. > > Any ideas? > > cheers, > Sameer > -- > Dr. Sameer Verma, Ph.D. > Associate Professor of Information Systems > San Francisco State University > San Francisco CA 94132 USA > http://verma.sfsu.edu/ > http://opensource.sfsu.edu/ > ___ > Server-devel mailing list > Server-devel@lists.laptop.org > http://lists.laptop.org/listinfo/server-devel ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] XS testing
On Tue, Oct 7, 2008 at 7:04 AM, Tony Anderson <[EMAIL PROTECTED]> wrote: > What I think we need urgently is a simple procedure someone in the field can > use to verify an XS installation. It has to be simple and effective, because > this person is also bringing up a school-set of XOs. This is great. I had not thought of this, but the moment Bryan mentioned I clicked with it. Excellent idea. > Our model is that the installer has a usb drive with XS to install at the > school. We hope that the embedded install script will provide a complete > configuration including network, firewall, and Moodle. This is one of the possible scenarios, and likely to be common in pilots. In large deployments it makes sense to preinstall the XS image at HQ because - it can be done in parallel - OS install can be network-based - Additional content can be installed via the network - checks that the machine works while there's a good chance you have spare parts too! :-) Which is a long-winded way of saying: we need to take multiple scenarios into account. In some of the scenarios the user may not have root access or shell access. In some scenarios, the machine will be completely headless... > The installer should > then do things like: > > 1. Reboot the server and log in as root. > 2. From an XO verify that it can connect with the server network. > 3. From an XO verify that the 'schoolserver' link on the browser displays > the Moodle site page. > 4. From an XO verify that the browser can access the OLPC Wiki. > 5. Verify that the XO sees ejabberd (telepathy-gabble) > 6. Verify that two XOs connected via ejabberd can see and 'chat' with each > other. > 7. Verify that an XO receives access denied attempting to download an exe > file > 8. Verify that the XO can log in to a Moodle course with the correct student > identification. Good list. Here's my challenge: I think we can do everything in the list without logging in / using the shell console at all on the XS. > Naturally, I am hoping for suggestions of additional essential server > capabilities that need to be tested (e.g. verifying backup/restore of the > journal/datastore, access the library, install an activity). > However, we need to be careful to keep it simple and avoid testing features. Agreed. If the tests are simple enough, they can even be performed by a teacher, which means that the local team has a goodtool to use before they send a technician to the field. So we'd have 2 sets: - tests you can run from an XO - addittional tests you can run if you have shell / root access what do you think? m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] DanGuardian and XS Plans
Hello List Just from my (not too recent) experience with the Birmingham deployment: There are two competing interests: - As long as the Board of Education (BoE) receives federal funds under the No Child Left Behind Act they are responsible for providing internet only in a filtered manner (certified, lots of signatures and red tape ...). The Birmingham BoE is *very* broke so they rely on these funds. Effectively this means upstream filtering in the BoE's IT department's realm (this also helps them - gets abused for - demands for additional funding). - To provide a cost effective solution (without lots of additional funding for overhead / BoE infrastructure) the XS could provide a filtering solution of its own and thus provide a daring principal with a way of providing parallel infrastructure just for XO/XS purposes. This means as long as the BoE does not agree to a two tiered IT infrastructure (which they in my opinion can't), DansGuardian is not needed. Yet it might be helpfull in increasing acceptance for olpc products in a less messed up environment. In previous discussions I understood that olpc did not want get in a place where it could be held responsible for content filtering (with no resources and mandate to manage the servers remotely a very understandable stand). I do think though that olpc can only provide the tools currently available and should not worry too much about whether local admins put them to good use. (And I personally favour Brasil's teachers union's stand to turn filtering off. Life filtered is not life. Encounter the problems, use them for contents of lessons, and get on with reality.) just my 2cts (and keep up the great work!) Stefan Btw: I just relocated from Alabama to Germany for job reasons and have no personal stakes in the Birmingham deployment (nor any other deployments for that matter). > Date: Tue, 7 Oct 2008 20:06:25 +1300 > From: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > CC: server-devel@lists.laptop.org; [EMAIL PROTECTED] > Subject: Re: [Server-devel] DanGuardian and XS Plans > > On Tue, Oct 7, 2008 at 4:17 AM, John Watlington <[EMAIL PROTECTED]> wrote: > >In existing deployments (not trials) content filtering > > is being done upstream in the internet connection. > > Interesting! I didn't know that - > > > Content filtering is a very sensitive subject, and any > > offering made by OLPC should make it VERY CLEAR > > that the country is responsible for the filtering -- both > > the initial setup and maintaining the filter. > > Yup. And also very clear that we believe that filters are quite leaky > -- meaning that they will have problems with it, and a plan / process > to deal with it. Some local teams may find planning for such > situations hard. > > > Squid has been supported since build 161, long before > > Martin started wholesale improvements.Easier to install ? > > Right now you have to type one command line: > > /etc/sysconfig/olcp-scripts/TURN_SQUID_ON > > to permanently enable Squid. This was done simply > > because not all installation will want it. > > Yep - TURN_SQUID_ON works well on the current xs-0.5 dev version. > However, I'm not very happy with it due to memory footprint, and > considering replacing it with a apache + mod_cache_disk which - from > what I've seen - plays to the strengths of linux's disk i/o handling. > > cheers, > > > > m > -- > [EMAIL PROTECTED] > [EMAIL PROTECTED] -- School Server Architect > - ask interesting questions > - don't get distracted with shiny stuff - working code first > - http://wiki.laptop.org/go/User:Martinlanghoff > ___ > Server-devel mailing list > Server-devel@lists.laptop.org > http://lists.laptop.org/listinfo/server-devel _ MSN Toolbar: Alle Infos sehen, ohne die Website auf der Sie gerade sind zu verlassen. http://www.msn.de/toolbar___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] DanGuardian and XS Plans
On Tue, Oct 7, 2008 at 4:17 AM, John Watlington <[EMAIL PROTECTED]> wrote: >In existing deployments (not trials) content filtering > is being done upstream in the internet connection. Interesting! I didn't know that - > Content filtering is a very sensitive subject, and any > offering made by OLPC should make it VERY CLEAR > that the country is responsible for the filtering -- both > the initial setup and maintaining the filter. Yup. And also very clear that we believe that filters are quite leaky -- meaning that they will have problems with it, and a plan / process to deal with it. Some local teams may find planning for such situations hard. > Squid has been supported since build 161, long before > Martin started wholesale improvements.Easier to install ? > Right now you have to type one command line: > /etc/sysconfig/olcp-scripts/TURN_SQUID_ON > to permanently enable Squid. This was done simply > because not all installation will want it. Yep - TURN_SQUID_ON works well on the current xs-0.5 dev version. However, I'm not very happy with it due to memory footprint, and considering replacing it with a apache + mod_cache_disk which - from what I've seen - plays to the strengths of linux's disk i/o handling. cheers, m -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel