1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <rss version='
2.0' xmlns:lj='http://www.livejournal.org/rss/lj/
1.0/'
>
4 <title>Petter Reinholdtsen - Entries tagged debian
</title>
5 <description>Entries tagged debian
</description>
6 <link>http://people.skolelinux.org/pere/blog/
</link>
10 <title>Git repository for song book for Computer Scientists
</title>
11 <link>http://people.skolelinux.org/pere/blog/Git_repository_for_song_book_for_Computer_Scientists.html
</link>
12 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Git_repository_for_song_book_for_Computer_Scientists.html
</guid>
13 <pubDate>Fri,
7 Sep
2012 13:
50:
00 +
0200</pubDate>
14 <description><p
>As I
15 <a href=
"http://people.skolelinux.org/pere/blog/Song_book_for_Computer_Scientists.html
">mentioned
16 this summer
</a
>, I have created a Computer Science song book a few
17 years ago, and today I finally found time to create a public
18 <a href=
"https://gitorious.org/pere-cs-songbook/pere-cs-songbook
">Gitorious
19 repository for the project
</a
>.
</p
>
21 <p
>If you want to help out, please clone the source and submit patches
22 to the HTML version. To generate the PDF and PostScript version,
23 please use prince XML, or let me know about a useful free software
24 processor capable of creating a good looking PDF from the HTML.
</p
>
26 <p
>Want to sing? You can still find the song book in HTML, PDF and
28 <a href=
"http://www.hungry.com/~pere/cs-songbook/
">Petter
's Computer
29 Science Songbook
</a
>.
</p
>
34 <title>Gratulerer med
19-årsdagen, Debian!
</title>
35 <link>http://people.skolelinux.org/pere/blog/Gratulerer_med_19__rsdagen__Debian_.html
</link>
36 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Gratulerer_med_19__rsdagen__Debian_.html
</guid>
37 <pubDate>Thu,
16 Aug
2012 11:
20:
00 +
0200</pubDate>
38 <description><p
>I dag fyller
39 <a href=
"http://www.debian.org/News/
2012/
20120813">Debian-prosjektet
19
40 år
</a
>. Jeg har fulgt det de siste
12 årene, og er veldig glad for å kunne
41 si gratulerer med dagen, Debian!
</p
>
46 <title>Song book for Computer Scientists
</title>
47 <link>http://people.skolelinux.org/pere/blog/Song_book_for_Computer_Scientists.html
</link>
48 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Song_book_for_Computer_Scientists.html
</guid>
49 <pubDate>Sun,
24 Jun
2012 13:
30:
00 +
0200</pubDate>
50 <description><p
>Many years ago, while studying Computer Science at the
51 <a href=
"http://www.uit.no/
">University of Tromsø
</a
>, I started
52 collecting computer related songs for use at parties. The original
53 version was written in LaTeX, but a few years ago I got help from
54 Håkon W. Lie, one of the inventors of W3C CSS, to convert it to HTML
55 while keeping the ability to create a nice book in PDF format. I have
56 not had time to maintain the book for a while now, and guess I should
57 put it up on some public version control repository where others can
58 help me extend and update the book. If anyone is volunteering to help
59 me with this, send me an email. Also let me know if there are songs
60 missing in my book.
</p
>
62 <p
>I have not mentioned the book on my blog so far, and it occured to
63 me today that I really should let all my readers share the joys of
64 singing out load about programming, computers and computer networks.
65 Especially now that
<a href=
"http://debconf12.debconf.org/
">Debconf
66 12</a
> is about to start (and I am not going). Want to sing? Check
67 out
<a href=
"http://www.hungry.com/~pere/cs-songbook/
">Petter
's
68 Computer Science Songbook
</a
>.
73 <title>Automatically upgrading server firmware on Dell PowerEdge
</title>
74 <link>http://people.skolelinux.org/pere/blog/Automatically_upgrading_server_firmware_on_Dell_PowerEdge.html
</link>
75 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Automatically_upgrading_server_firmware_on_Dell_PowerEdge.html
</guid>
76 <pubDate>Mon,
21 Nov
2011 12:
00:
00 +
0100</pubDate>
77 <description><p
>At work we have heaps of servers. I believe the total count is
78 around
1000 at the moment. To be able to get help from the vendors
79 when something go wrong, we want to keep the firmware on the servers
80 up to date. If the firmware isn
't the latest and greatest, the
81 vendors typically refuse to start debugging any problems until the
82 firmware is upgraded. So before every reboot, we want to upgrade the
83 firmware, and we would really like everyone handling servers at the
84 university to do this themselves when they plan to reboot a machine.
85 For that to happen we at the unix server admin group need to provide
86 the tools to do so.
</p
>
88 <p
>To make firmware upgrading easier, I am working on a script to
89 fetch and install the latest firmware for the servers we got. Most of
90 our hardware are from Dell and HP, so I have focused on these servers
91 so far. This blog post is about the Dell part.
</P
>
93 <p
>On the Dell FTP site I was lucky enough to find
94 <a href=
"ftp://ftp.us.dell.com/catalog/Catalog.xml.gz
">an XML file
</a
>
95 with firmware information for all
11th generation servers, listing
96 which firmware should be used on a given model and where on the FTP
97 site I can find it. Using a simple perl XML parser I can then
98 download the shell scripts Dell provides to do firmware upgrades from
99 within Linux and reboot when all the firmware is primed and ready to
100 be activated on the first reboot.
</p
>
102 <p
>This is the Dell related fragment of the perl code I am working on.
103 Are there anyone working on similar tools for firmware upgrading all
104 servers at a site? Please get in touch and lets share resources.
</p
>
110 use File::Temp qw(tempdir);
112 # Install needed RHEL packages if missing
114 'XML::Simple
' =
> 'perl-XML-Simple
',
116 for my $module (keys %rhelmodules) {
117 eval
"use $module;
";
119 my $pkg = $rhelmodules{$module};
120 system(
"yum install -y $pkg
");
121 eval
"use $module;
";
125 my $errorsto =
'pere@hungry.com
';
131 sub run_firmware_script {
132 my ($opts, $script) = @_;
134 print STDERR
"fail: missing script name\n
";
137 print STDERR
"Running $script\n\n
";
139 if (
0 == system(
"sh $script $opts
")) { # FIXME correct exit code handling
140 print STDERR
"success: firmware script ran succcessfully\n
";
142 print STDERR
"fail: firmware script returned error\n
";
146 sub run_firmware_scripts {
147 my ($opts, @dirs) = @_;
148 # Run firmware packages
149 for my $dir (@dirs) {
150 print STDERR
"info: Running scripts in $dir\n
";
151 opendir(my $dh, $dir) or die
"Unable to open directory $dir: $!
";
152 while (my $s = readdir $dh) {
153 next if $s =~ m/^\.\.?/;
154 run_firmware_script($opts,
"$dir/$s
");
162 print STDERR
"info: Downloading $url\n
";
163 system(
"wget --quiet \
"$url\
"");
168 my $product = `dmidecode -s system-product-name`;
171 if ($product =~ m/PowerEdge/) {
173 # on RHEL, these pacakges are needed by the firwmare upgrade scripts
174 system(
'yum install -y compat-libstdc++-
33.i686 libstdc++.i686 libxml2.i686 procmail
');
176 my $tmpdir = tempdir(
180 fetch_dell_fw(
'catalog/Catalog.xml.gz
');
181 system(
'gunzip Catalog.xml.gz
');
182 my @paths = fetch_dell_fw_list(
'Catalog.xml
');
183 # -q is quiet, disabling interactivity and reducing console output
184 my $fwopts =
"-q
";
186 for my $url (@paths) {
189 run_firmware_scripts($fwopts, $tmpdir);
191 print STDERR
"error: Unsupported Dell model
'$product
'.\n
";
192 print STDERR
"error: Please report to $errorsto.\n
";
196 print STDERR
"error: Unsupported Dell model
'$product
'.\n
";
197 print STDERR
"error: Please report to $errorsto.\n
";
203 my $url =
"ftp://ftp.us.dell.com/$path
";
207 # Using ftp://ftp.us.dell.com/catalog/Catalog.xml.gz, figure out which
208 # firmware packages to download from Dell. Only work for Linux
209 # machines and
11th generation Dell servers.
210 sub fetch_dell_fw_list {
211 my $filename = shift;
213 my $product = `dmidecode -s system-product-name`;
215 my ($mybrand, $mymodel) = split(/\s+/, $product);
217 print STDERR
"Finding firmware bundles for $mybrand $mymodel\n
";
219 my $xml = XMLin($filename);
221 for my $bundle (@{$xml-
>{SoftwareBundle}}) {
222 my $brand = $bundle-
>{TargetSystems}-
>{Brand}-
>{Display}-
>{content};
223 my $model = $bundle-
>{TargetSystems}-
>{Brand}-
>{Model}-
>{Display}-
>{content};
225 if (
"ARRAY
" eq ref $bundle-
>{TargetOSes}-
>{OperatingSystem}) {
226 $oscode = $bundle-
>{TargetOSes}-
>{OperatingSystem}[
0]-
>{osCode};
228 $oscode = $bundle-
>{TargetOSes}-
>{OperatingSystem}-
>{osCode};
230 if ($mybrand eq $brand
&& $mymodel eq $model
&& "LIN
" eq $oscode)
232 @paths = map { $_-
>{path} } @{$bundle-
>{Contents}-
>{Package}};
235 for my $component (@{$xml-
>{SoftwareComponent}}) {
236 my $componenttype = $component-
>{ComponentType}-
>{value};
238 # Drop application packages, only firmware and BIOS
239 next if
'APAC
' eq $componenttype;
241 my $cpath = $component-
>{path};
242 for my $path (@paths) {
243 if ($cpath =~ m%/$path$%) {
244 push(@paths, $cpath);
252 <p
>The code is only tested on RedHat Enterprise Linux, but I suspect
253 it could work on other platforms with some tweaking. Anyone know a
254 index like Catalog.xml is available from HP for HP servers? At the
255 moment I maintain a similar list manually and it is quickly getting
261 <title>How is booting into runlevel
1 different from single user boots?
</title>
262 <link>http://people.skolelinux.org/pere/blog/How_is_booting_into_runlevel_1_different_from_single_user_boots_.html
</link>
263 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_is_booting_into_runlevel_1_different_from_single_user_boots_.html
</guid>
264 <pubDate>Thu,
4 Aug
2011 12:
40:
00 +
0200</pubDate>
265 <description><p
>Wouter Verhelst have some
266 <a href=
"http://grep.be/blog/en/retorts/pere_kubuntu_boot
">interesting
267 comments and opinions
</a
> on my blog post on
268 <a href=
"http://people.skolelinux.org/pere/blog/What_should_start_from__etc_rcS_d__in_Debian____almost_nothing.html
">the
269 need to clean up /etc/rcS.d/ in Debian
</a
> and my blog post about
270 <a href=
"http://people.skolelinux.org/pere/blog/What_is_missing_in_the_Debian_desktop__or_why_my_parents_use_Kubuntu.html
">the
271 default KDE desktop in Debian
</a
>. I only have time to address one
272 small piece of his comment now, and though it best to address the
273 misunderstanding he bring forward:
</p
>
275 <p
><blockquote
>
276 Currently, a system admin has four options: [...] boot to a
277 single-user system (by adding
'single
' to the kernel command line;
278 this runs rcS and rc1 scripts)
279 </blockquote
></p
>
281 <p
>This make me believe Wouter believe booting into single user mode
282 and booting into runlevel
1 is the same. I am not surprised he
283 believe this, because it would make sense and is a quite sensible
284 thing to believe. But because the boot in Debian is slightly broken,
285 runlevel
1 do not work properly and it isn
't the same as single user
286 mode. I
'll try to explain what is actually happing, but it is a bit
287 hard to explain.
</p
>
289 <p
>Single user mode is defined like this in /etc/inittab:
290 "<tt
>~~:S:wait:/sbin/sulogin
</tt
>". This means the only thing that is
291 executed in single user mode is sulogin. Single user mode is a boot
292 state
"between
" the runlevels, and when booting into single user mode,
293 only the scripts in /etc/rcS.d/ are executed before the init process
294 enters the single user state. When switching to runlevel
1, the state
295 is in fact not ending in runlevel
1, but it passes through runlevel
1
296 and end up in the single user mode (see /etc/rc1.d/S03single, which
297 runs
"init -t1 S
" to switch to single user mode at the end of runlevel
298 1. It is confusing that the
'S
' (single user) init mode is not the
299 mode enabled by /etc/rcS.d/ (which is more like the initial boot
302 <p
>This summary might make it clearer. When booting for the first
303 time into single user mode, the following commands are executed:
304 "<tt
>/etc/init.d/rc S; /sbin/sulogin
</tt
>". When booting into
305 runlevel
1, the following commands are executed:
"<tt
>/etc/init.d/rc
306 S; /etc/init.d/rc
1; /sbin/sulogin
</tt
>". A problem show up when
307 trying to continue after visiting single user mode. Not all services
308 are started again as they should, causing the machine to end up in an
309 unpredicatble state. This is why Debian admins recommend rebooting
310 after visiting single user mode.
</p
>
312 <p
>A similar problem with runlevel
1 is caused by the amount of
313 scripts executed from /etc/rcS.d/. When switching from say runlevel
2
314 to runlevel
1, the services started from /etc/rcS.d/ are not properly
315 stopped when passing through the scripts in /etc/rc1.d/, and not
316 started again when switching away from runlevel
1 to the runlevels
317 2-
5. I believe the problem is best fixed by moving all the scripts
318 out of /etc/rcS.d/ that are not
<strong
>required
</strong
> to get a
319 functioning single user mode during boot.
</p
>
321 <p
>I have spent several years investigating the Debian boot system,
322 and discovered this problem a few years ago. I suspect it originates
323 from when sysvinit was introduced into Debian, a long time ago.
</p
>
328 <title>What should start from /etc/rcS.d/ in Debian? - almost nothing
</title>
329 <link>http://people.skolelinux.org/pere/blog/What_should_start_from__etc_rcS_d__in_Debian____almost_nothing.html
</link>
330 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/What_should_start_from__etc_rcS_d__in_Debian____almost_nothing.html
</guid>
331 <pubDate>Sat,
30 Jul
2011 14:
00:
00 +
0200</pubDate>
332 <description><p
>In the Debian boot system, several packages include scripts that
333 are started from /etc/rcS.d/. In fact, there is a bite more of them
334 than make sense, and this causes a few problems. What kind of
335 problems, you might ask. There are at least two problems. The first
336 is that it is not possible to recover a machine after switching to
337 runlevel
1. One need to actually reboot to get the machine back to
338 the expected state. The other is that single user boot will sometimes
339 run into problems because some of the subsystems are activated before
340 the root login is presented, causing problems when trying to recover a
341 machine from a problem in that subsystem. A minor additional point is
342 that moving more scripts out of rcS.d/ and into the other rc#.d/
343 directories will increase the amount of scripts that can run in
344 parallel during boot, and thus decrease the boot time.
</p
>
346 <p
>So, which scripts should start from rcS.d/. In short, only the
347 scripts that _have_ to execute before the root login prompt is
348 presented during a single user boot should go there. Everything else
349 should go into the numeric runlevels. This means things like
350 lm-sensors, fuse and x11-common should not run from rcS.d, but from
351 the numeric runlevels. Today in Debian, there are around
115 init.d
352 scripts that are started from rcS.d/, and most of them should be moved
353 out. Do your package have one of them? Please help us make single
354 user and runlevel
1 better by moving it.
</p
>
356 <p
>Scripts setting up the screen, keyboard, system partitions
357 etc. should still be started from rcS.d/, but there is for example no
358 need to have the network enabled before the single user login prompt
359 is presented.
</p
>
361 <p
>As always, things are not so easy to fix as they sound. To keep
362 Debian systems working while scripts migrate and during upgrades, the
363 scripts need to be moved from rcS.d/ to rc2.d/ in reverse dependency
364 order, ie the scripts that nothing in rcS.d/ depend on can be moved,
365 and the next ones can only be moved when their dependencies have been
366 moved first. This migration must be done sequentially while we ensure
367 that the package system upgrade packages in the right order to keep
368 the system state correct. This will require some coordination when it
369 comes to network related packages, but most of the packages with
370 scripts that should migrate do not have anything in rcS.d/ depending
371 on them. Some packages have already been updated, like the sudo
372 package, while others are still left to do. I wish I had time to work
373 on this myself, but real live constrains make it unlikely that I will
374 find time to push this forward.
</p
>
379 <title>What is missing in the Debian desktop, or why my parents use Kubuntu
</title>
380 <link>http://people.skolelinux.org/pere/blog/What_is_missing_in_the_Debian_desktop__or_why_my_parents_use_Kubuntu.html
</link>
381 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/What_is_missing_in_the_Debian_desktop__or_why_my_parents_use_Kubuntu.html
</guid>
382 <pubDate>Fri,
29 Jul
2011 08:
10:
00 +
0200</pubDate>
383 <description><p
>While at Debconf11, I have several times during discussions
384 mentioned the issues I believe should be improved in Debian for its
385 desktop to be useful for more people. The use case for this is my
386 parents, which are currently running Kubuntu which solve the
389 <p
>I suspect these four missing features are not very hard to
390 implement. After all, they are present in Ubuntu, so if we wanted to
391 do this in Debian we would have a source.
</p
>
395 <li
><strong
>Simple GUI based upgrade of packages.
</strong
> When there
396 are new packages available for upgrades, a icon in the KDE status bar
397 indicate this, and clicking on it will activate the simple upgrade
398 tool to handle it. I have no problem guiding both of my parents
399 through the process over the phone. If a kernel reboot is required,
400 this too is indicated by the status bars and the upgrade tool. Last
401 time I checked, nothing with the same features was working in KDE in
404 <li
><strong
>Simple handling of missing Firefox browser
405 plugins.
</strong
> When the browser encounter a MIME type it do not
406 currently have a handler for, it will ask the user if the system
407 should search for a package that would add support for this MIME type,
408 and if the user say yes, the APT sources will be searched for packages
409 advertising the MIME type in their control file (visible in the
410 Packages file in the APT archive). If one or more packages are found,
411 it is a simple click of the mouse to add support for the missing mime
412 type. If the package require the user to accept some non-free
413 license, this is explained to the user. The entire process make it
414 more clear to the user why something do not work in the browser, and
415 make the chances higher for the user to blame the web page authors and
416 not the browser for any missing features.
</li
>
418 <li
><strong
>Simple handling of missing multimedia codec/format
419 handlers.
</strong
> When the media players encounter a format or codec
420 it is not supporting, a dialog pop up asking the user if the system
421 should search for a package that would add support for it. This
422 happen with things like MP3, Windows Media or H
.264. The selection
423 and installation procedure is very similar to the Firefox browser
424 plugin handling. This is as far as I know implemented using a
425 gstreamer hook. The end result is that the user easily get access to
426 the codecs that are present from the APT archives available, while
427 explaining more on why a given format is unsupported by Ubuntu.
</li
>
429 <li
><strong
>Better browser handling of some MIME types.
</strong
> When
430 displaying a text/plain file in my Debian browser, it will propose to
431 start emacs to show it. If I remember correctly, when doing the same
432 in Kunbutu it show the file as a text file in the browser. At least I
433 know Opera will show text files within the browser. I much prefer the
434 latter behaviour.
</li
>
438 <p
>There are other nice features as well, like the simplified suite
439 upgrader, but given that I am the one mostly doing the dist-upgrade,
440 it do not matter much.
</p
>
442 <p
>I really hope we could get these features in place for the next
443 Debian release. It would require the coordinated effort of several
444 maintainers, but would make the end user experience a lot better.
</p
>
449 <title>Perl modules used by FixMyStreet which are missing in Debian/Squeeze
</title>
450 <link>http://people.skolelinux.org/pere/blog/Perl_modules_used_by_FixMyStreet_which_are_missing_in_Debian_Squeeze.html
</link>
451 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Perl_modules_used_by_FixMyStreet_which_are_missing_in_Debian_Squeeze.html
</guid>
452 <pubDate>Tue,
26 Jul
2011 12:
25:
00 +
0200</pubDate>
453 <description><p
>The Norwegian
<a href=
"http://www.fiksgatami.no/
">FiksGataMi
</A
>
454 site is build on Debian/Squeeze, and this platform was chosen because
455 I am most familiar with Debian (being a Debian Developer for around
10
456 years) because it is the latest stable Debian release which should get
457 security support for a few years.
</p
>
459 <p
>The web service is written in Perl, and depend on some perl modules
460 that are missing in Debian at the moment. It would be great if these
461 modules were added to the Debian archive, allowing anyone to set up
462 their own
<a href=
"http://www.fixmystreet.com
">FixMyStreet
</a
> clone
463 in their own country using only Debian packages. The list of modules
464 missing in Debian/Squeeze isn
't very long, and I hope the perl group
465 will find time to package the
12 modules Catalyst::Plugin::SmartURI,
466 Catalyst::Plugin::Unicode::Encoding, Catalyst::View::TT, Devel::Hide,
467 Sort::Key, Statistics::Distributions, Template::Plugin::Comma,
468 Template::Plugin::DateTime::Format, Term::Size::Any, Term::Size::Perl,
469 URI::SmartURI and Web::Scraper to make the maintenance of FixMyStreet
470 easier in the future.
</p
>
472 <p
>Thanks to the great tools in Debian, getting the missing modules
473 installed on my server was a simple call to
'cpan2deb Module::Name
'
474 and
'dpkg -i
' to install the resulting package. But this leave me
475 with the responsibility of tracking security problems, which I really
476 do not have time for.
</p
>
481 <title>A Norwegian FixMyStreet have kept me busy the last few weeks
</title>
482 <link>http://people.skolelinux.org/pere/blog/A_Norwegian_FixMyStreet_have_kept_me_busy_the_last_few_weeks.html
</link>
483 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/A_Norwegian_FixMyStreet_have_kept_me_busy_the_last_few_weeks.html
</guid>
484 <pubDate>Sun,
3 Apr
2011 22:
50:
00 +
0200</pubDate>
485 <description><p
>Here is a small update for my English readers. Most of my blog
486 posts have been in Norwegian the last few weeks, so here is a short
487 update in English.
</p
>
489 <p
>The kids still keep me too busy to get much free software work
490 done, but I did manage to organise a project to get a Norwegian port
491 of the British service
492 <a href=
"http://www.fixmystreet.com/
">FixMyStreet
</a
> up and running,
493 and it has been running for a month now. The entire project has been
494 organised by me and two others. Around Christmas we gathered sponsors
495 to fund the development work. In January I drafted a contract with
496 <a href=
"http://www.mysociety.org/
">mySociety
</a
> on what to develop,
497 and in February the development took place. Most of it involved
498 converting the source to use GPS coordinates instead of British
499 easting/northing, and the resulting code should be a lot easier to get
500 running in any country by now. The Norwegian
501 <a href=
"http://www.fiksgatami.no/
">FiksGataMi
</a
> is using
502 <a href=
"http://www.openstreetmap.org/
">OpenStreetmap
</a
> as the map
503 source and the source for administrative borders in Norway, and
504 support for this had to be added/fixed.
</p
>
506 <p
>The Norwegian version went live March
3th, and we spent the weekend
507 polishing the system before we announced it March
7th. The system is
508 running on a KVM instance of Debian/Squeeze, and has seen almost
3000
509 problem reports in a few weeks. Soon we hope to announce the Android
510 and iPhone versions making it even easier to report problems with the
511 public infrastructure.
</p
>
513 <p
>Perhaps something to consider for those of you in countries without
514 such service?
</p
>
519 <title>Using NVD and CPE to track CVEs in locally maintained software
</title>
520 <link>http://people.skolelinux.org/pere/blog/Using_NVD_and_CPE_to_track_CVEs_in_locally_maintained_software.html
</link>
521 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Using_NVD_and_CPE_to_track_CVEs_in_locally_maintained_software.html
</guid>
522 <pubDate>Fri,
28 Jan
2011 15:
40:
00 +
0100</pubDate>
523 <description><p
>The last few days I have looked at ways to track open security
524 issues here at my work with the University of Oslo. My idea is that
525 it should be possible to use the information about security issues
526 available on the Internet, and check our locally
527 maintained/distributed software against this information. It should
528 allow us to verify that no known security issues are forgotten. The
529 CVE database listing vulnerabilities seem like a great central point,
530 and by using the package lists from Debian mapped to CVEs provided by
531 the testing security team, I believed it should be possible to figure
532 out which security holes were present in our free software
533 collection.
</p
>
535 <p
>After reading up on the topic, it became obvious that the first
536 building block is to be able to name software packages in a unique and
537 consistent way across data sources. I considered several ways to do
538 this, for example coming up with my own naming scheme like using URLs
539 to project home pages or URLs to the Freshmeat entries, or using some
540 existing naming scheme. And it seem like I am not the first one to
541 come across this problem, as MITRE already proposed and implemented a
542 solution. Enter the
<a href=
"http://cpe.mitre.org/index.html
">Common
543 Platform Enumeration
</a
> dictionary, a vocabulary for referring to
544 software, hardware and other platform components. The CPE ids are
545 mapped to CVEs in the
<a href=
"http://web.nvd.nist.gov/
">National
546 Vulnerability Database
</a
>, allowing me to look up know security
547 issues for any CPE name. With this in place, all I need to do is to
548 locate the CPE id for the software packages we use at the university.
549 This is fairly trivial (I google for
'cve cpe $package
' and check the
550 NVD entry if a CVE for the package exist).
</p
>
552 <p
>To give you an example. The GNU gzip source package have the CPE
553 name cpe:/a:gnu:gzip. If the old version
1.3.3 was the package to
554 check out, one could look up
555 <a href=
"http://web.nvd.nist.gov/view/vuln/search?cpe=cpe%
3A%
2Fa%
3Agnu%
3Agzip:
1.3.3">cpe:/a:gnu:gzip:
1.3.3
556 in NVD
</a
> and get a list of
6 security holes with public CVE entries.
557 The most recent one is
558 <a href=
"http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-
2010-
0001">CVE-
2010-
0001</a
>,
559 and at the bottom of the NVD page for this vulnerability the complete
560 list of affected versions is provided.
</p
>
562 <p
>The NVD database of CVEs is also available as a XML dump, allowing
563 for offline processing of issues. Using this dump, I
've written a
564 small script taking a list of CPEs as input and list all CVEs
565 affecting the packages represented by these CPEs. One give it CPEs
566 with version numbers as specified above and get a list of open
567 security issues out.
</p
>
569 <p
>Of course for this approach to be useful, the quality of the NVD
570 information need to be high. For that to happen, I believe as many as
571 possible need to use and contribute to the NVD database. I notice
573 <a href=
"https://www.redhat.com/security/data/metrics/rhsamapcpe.txt
">a
574 map from CVE to CPE
</a
>, indicating that they are using the CPE
575 information. I
'm not aware of Debian and Ubuntu doing the same.
</p
>
577 <p
>To get an idea about the quality for free software, I spent some
578 time making it possible to compare the CVE database from Debian with
579 the CVE database in NVD. The result look fairly good, but there are
580 some inconsistencies in NVD (same software package having several
581 CPEs), and some inaccuracies (NVD not mentioning buggy packages that
582 Debian believe are affected by a CVE). Hope to find time to improve
583 the quality of NVD, but that require being able to get in touch with
584 someone maintaining it. So far my three emails with questions and
585 corrections have not seen any reply, but I hope contact can be
586 established soon.
</p
>
588 <p
>An interesting application for CPEs is cross platform package
589 mapping. It would be useful to know which packages in for example
590 RHEL, OpenSuSe and Mandriva are missing from Debian and Ubuntu, and
591 this would be trivial if all linux distributions provided CPE entries
592 for their packages.
</p
>
597 <title>Which module is loaded for a given PCI and USB device?
</title>
598 <link>http://people.skolelinux.org/pere/blog/Which_module_is_loaded_for_a_given_PCI_and_USB_device_.html
</link>
599 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Which_module_is_loaded_for_a_given_PCI_and_USB_device_.html
</guid>
600 <pubDate>Sun,
23 Jan
2011 00:
20:
00 +
0100</pubDate>
601 <description><p
>In the
602 <a href=
"http://packages.qa.debian.org/discover-data
">discover-data
</a
>
603 package in Debian, there is a script to report useful information
604 about the running hardware for use when people report missing
605 information. One part of this script that I find very useful when
606 debugging hardware problems, is the part mapping loaded kernel module
607 to the PCI device it claims. It allow me to quickly see if the kernel
608 module I expect is driving the hardware I am struggling with. To see
609 the output, make sure discover-data is installed and run
610 <tt
>/usr/share/bug/discover-data
3>&1</tt
>. The relevant output on
611 one of my machines like this:
</p
>
615 10de:
03eb i2c_nforce2
618 10de:
03f0 snd_hda_intel
627 <p
>The code in question look like this, slightly modified for
628 readability and to drop the output to file descriptor
3:
</p
>
631 if [ -d /sys/bus/pci/devices/ ] ; then
632 echo loaded pci modules:
634 cd /sys/bus/pci/devices/
635 for address in * ; do
636 if [ -d
"$address/driver/module
" ] ; then
637 module=`cd $address/driver/module ; pwd -P | xargs basename`
638 if grep -q
"^$module
" /proc/modules ; then
639 address=$(echo $address |sed s/
0000://)
640 id=`lspci -n -s $address | tail -n
1 | awk
'{print $
3}
'`
641 echo
"$id $module
"
650 <p
>Similar code could be used to extract USB device module
654 if [ -d /sys/bus/usb/devices/ ] ; then
655 echo loaded usb modules:
657 cd /sys/bus/usb/devices/
658 for address in * ; do
659 if [ -d
"$address/driver/module
" ] ; then
660 module=`cd $address/driver/module ; pwd -P | xargs basename`
661 if grep -q
"^$module
" /proc/modules ; then
662 address=$(echo $address |sed s/
0000://)
663 id=$(lsusb -s $address | tail -n
1 | awk
'{print $
6}
')
664 if [
"$id
" ] ; then
665 echo
"$id $module
"
675 <p
>This might perhaps be something to include in other tools as
681 <title>How to test if a laptop is working with Linux
</title>
682 <link>http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html
</link>
683 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html
</guid>
684 <pubDate>Wed,
22 Dec
2010 14:
55:
00 +
0100</pubDate>
685 <description><p
>The last few days I have spent at work here at the
<a
686 href=
"http://www.uio.no/
">University of Oslo
</a
> testing if the new
687 batch of computers will work with Linux. Every year for the last few
688 years the university have organised shared bid of a few thousand
689 computers, and this year HP won the bid. Two different desktops and
690 five different laptops are on the list this year. We in the UNIX
691 group want to know which one of these computers work well with RHEL
692 and Ubuntu, the two Linux distributions we currently handle at the
693 university.
</p
>
695 <p
>My test method is simple, and I share it here to get feedback and
696 perhaps inspire others to test hardware as well. To test, I PXE
697 install the OS version of choice, and log in as my normal user and run
698 a few applications and plug in selected pieces of hardware. When
699 something fail, I make a note about this in the test matrix and move
700 on. If I have some spare time I try to report the bug to the OS
701 vendor, but as I only have the machines for a short time, I rarely
702 have the time to do this for all the problems I find.
</p
>
704 <p
>Anyway, to get to the point of this post. Here is the simple tests
705 I perform on a new model.
</p
>
709 <li
>Is PXE installation working? I
'm testing with RHEL6, Ubuntu Lucid
710 and Ubuntu Maverik at the moment. If I feel like it, I also test with
711 RHEL5 and Debian Edu/Squeeze.
</li
>
713 <li
>Is X.org working? If the graphical login screen show up after
714 installation, X.org is working.
</li
>
716 <li
>Is hardware accelerated OpenGL working? Running glxgears (in
717 package mesa-utils on Ubuntu) and writing down the frames per second
718 reported by the program.
</li
>
720 <li
>Is sound working? With Gnome and KDE, a sound is played when
721 logging in, and if I can hear this the test is successful. If there
722 are several audio exits on the machine, I try them all and check if
723 the Gnome/KDE audio mixer can control where to send the sound. I
724 normally test this by playing
725 <a href=
"http://www.nuug.no/aktiviteter/
20101012-chef/
">a HTML5
726 video
</a
> in Firefox/Iceweasel.
</li
>
728 <li
>Is the USB subsystem working? I test this by plugging in a USB
729 memory stick and see if Gnome/KDE notices this.
</li
>
731 <li
>Is the CD/DVD player working? I test this by inserting any CD/DVD
732 I have lying around, and see if Gnome/KDE notices this.
</li
>
734 <li
>Is any built in camera working? Test using cheese, and see if a
735 picture from the v4l device show up.
</li
>
737 <li
>Is bluetooth working? Use the Gnome/KDE browsing tool to see if
738 any bluetooth devices are discovered. In my office, I normally see a
741 <li
>For laptops, is the SD or Compaq Flash reader working. I have
742 memory modules lying around, and stick them in and see if Gnome/KDE
743 notice this.
</li
>
745 <li
>For laptops, is suspend/hibernate working? I
'm testing if the
746 special button work, and if the laptop continue to work after
749 <li
>For laptops, is the extra buttons working, like audio level,
750 adjusting background light, switching on/off external video output,
751 switching on/off wifi, bluetooth, etc? The set of buttons differ from
752 laptop to laptop, so I just write down which are working and which are
755 <li
>Some laptops have smart card readers, finger print readers,
756 acceleration sensors etc. I rarely test these, as I do not know how
757 to quickly test if they are working or not, so I only document their
758 existence.
</li
>
762 <p
>By now I suspect you are really curious what the test results are
763 for the HP machines I am testing. I
'm not done yet, so I will report
764 the test results later. For now I can report that HP
8100 Elite work
765 fine, and hibernation fail with HP EliteBook
8440p on Ubuntu Lucid,
766 and audio fail on RHEL6. Ubuntu Maverik worked with
8440p. As you
767 can see, I have most machines left to test. One interesting
768 observation is that Ubuntu Lucid has almost twice the frame rate than
769 RHEL6 with glxgears. No idea why.
</p
>
774 <title>Some thoughts on BitCoins
</title>
775 <link>http://people.skolelinux.org/pere/blog/Some_thoughts_on_BitCoins.html
</link>
776 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Some_thoughts_on_BitCoins.html
</guid>
777 <pubDate>Sat,
11 Dec
2010 15:
10:
00 +
0100</pubDate>
778 <description><p
>As I continue to explore
779 <a href=
"http://www.bitcoin.org/
">BitCoin
</a
>, I
've starting to wonder
780 what properties the system have, and how it will be affected by laws
781 and regulations here in Norway. Here are some random notes.
</p
>
783 <p
>One interesting thing to note is that since the transactions are
784 verified using a peer to peer network, all details about a transaction
785 is known to everyone. This means that if a BitCoin address has been
786 published like I did with mine in my initial post about BitCoin, it is
787 possible for everyone to see how many BitCoins have been transfered to
788 that address. There is even a web service to look at the details for
789 all transactions. There I can see that my address
790 <a href=
"http://blockexplorer.com/address/
15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
</a
>
791 have received
16.06 Bitcoin, the
792 <a href=
"http://blockexplorer.com/address/
1LfdGnGuWkpSJgbQySxxCWhv
8MHqvwst
3">1LfdGnGuWkpSJgbQySxxCWhv
8MHqvwst
3</a
>
793 address of Simon Phipps have received
181.97 BitCoin and the address
794 <a href=
"http://blockexplorer.com/address/
1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt
">1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt
</A
>
795 of EFF have received
2447.38 BitCoins so far. Thank you to each and
796 every one of you that donated bitcoins to support my activity. The
797 fact that anyone can see how much money was transfered to a given
798 address make it more obvious why the BitCoin community recommend to
799 generate and hand out a new address for each transaction. I
'm told
800 there is no way to track which addresses belong to a given person or
801 organisation without the person or organisation revealing it
802 themselves, as Simon, EFF and I have done.
</p
>
804 <p
>In Norway, and in most other countries, there are laws and
805 regulations limiting how much money one can transfer across the border
806 without declaring it. There are money laundering, tax and accounting
807 laws and regulations I would expect to apply to the use of BitCoin.
808 If the Skolelinux foundation
809 (
<a href=
"http://linuxiskolen.no/slxdebianlabs/donations.html
">SLX
810 Debian Labs
</a
>) were to accept donations in BitCoin in addition to
811 normal bank transfers like EFF is doing, how should this be accounted?
812 Given that it is impossible to know if money can across the border or
813 not, should everything or nothing be declared? What exchange rate
814 should be used when calculating taxes? Would receivers have to pay
815 income tax if the foundation were to pay Skolelinux contributors in
816 BitCoin? I have no idea, but it would be interesting to know.
</p
>
818 <p
>For a currency to be useful and successful, it must be trusted and
819 accepted by a lot of users. It must be possible to get easy access to
820 the currency (as a wage or using currency exchanges), and it must be
821 easy to spend it. At the moment BitCoin seem fairly easy to get
822 access to, but there are very few places to spend it. I am not really
823 a regular user of any of the vendor types currently accepting BitCoin,
824 so I wonder when my kind of shop would start accepting BitCoins. I
825 would like to buy electronics, travels and subway tickets, not herbs
826 and books. :) The currency is young, and this will improve over time
827 if it become popular, but I suspect regular banks will start to lobby
828 to get BitCoin declared illegal if it become popular. I
'm sure they
829 will claim it is helping fund terrorism and money laundering (which
830 probably would be true, as is any currency in existence), but I
831 believe the problems should be solved elsewhere and not by blaming
832 currencies.
</p
>
834 <p
>The process of creating new BitCoins is called mining, and it is
835 CPU intensive process that depend on a bit of luck as well (as one is
836 competing against all the other miners currently spending CPU cycles
837 to see which one get the next lump of cash). The
"winner
" get
50
838 BitCoin when this happen. Yesterday I came across the obvious way to
839 join forces to increase ones changes of getting at least some coins,
840 by coordinating the work on mining BitCoins across several machines
841 and people, and sharing the result if one is lucky and get the
50
843 <a href=
"http://www.bluishcoder.co.nz/bitcoin-pool/
">BitCoin Pool
</a
>
844 if this sounds interesting. I have not had time to try to set up a
845 machine to participate there yet, but have seen that running on ones
846 own for a few days have not yield any BitCoins througth mining
849 <p
>Update
2010-
12-
15: Found an
<a
850 href=
"http://inertia.posterous.com/reply-to-the-underground-economist-why-bitcoi
">interesting
851 criticism
</a
> of bitcoin. Not quite sure how valid it is, but thought
852 it was interesting to read. The arguments presented seem to be
853 equally valid for gold, which was used as a currency for many years.
</p
>
858 <title>Now accepting bitcoins - anonymous and distributed p2p crypto-money
</title>
859 <link>http://people.skolelinux.org/pere/blog/Now_accepting_bitcoins___anonymous_and_distributed_p2p_crypto_money.html
</link>
860 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Now_accepting_bitcoins___anonymous_and_distributed_p2p_crypto_money.html
</guid>
861 <pubDate>Fri,
10 Dec
2010 08:
20:
00 +
0100</pubDate>
862 <description><p
>With this weeks lawless
863 <a href=
"http://www.salon.com/news/opinion/glenn_greenwald/
2010/
12/
06/wikileaks/index.html
">governmental
864 attacks
</a
> on Wikileak and
865 <a href=
"http://www.salon.com/technology/dan_gillmor/
2010/
12/
06/war_on_speech
">free
866 speech
</a
>, it has become obvious that PayPal, visa and mastercard can
867 not be trusted to handle money transactions.
869 <a href=
"http://webmink.com/
2010/
12/
06/now-accepting-bitcoin/
">Simon
870 Phipps on bitcoin
</a
> reminded me about a project that a friend of
871 mine mentioned earlier. I decided to follow Simon
's example, and get
872 involved with
<a href=
"http://www.bitcoin.org/
">BitCoin
</a
>. I got
873 some help from my friend to get it all running, and he even handed me
874 some bitcoins to get started. I even donated a few bitcoins to Simon
875 for helping me remember BitCoin.
</p
>
877 <p
>So, what is bitcoins, you probably wonder? It is a digital
878 crypto-currency, decentralised and handled using peer-to-peer
879 networks. It allows anonymous transactions and prohibits central
880 control over the transactions, making it impossible for governments
881 and companies alike to block donations and other transactions. The
882 source is free software, and while the key dependency wxWidgets
2.9
883 for the graphical user interface is missing in Debian, the command
884 line client builds just fine. Hopefully Jonas
885 <a href=
"http://bugs.debian.org/
578157">will get the package into
886 Debian
</a
> soon.
</p
>
888 <p
>Bitcoins can be converted to other currencies, like USD and EUR.
889 There are
<a href=
"http://www.bitcoin.org/trade
">companies accepting
890 bitcoins
</a
> when selling services and goods, and there are even
891 currency
"stock
" markets where the exchange rate is decided. There
892 are not many users so far, but the concept seems promising. If you
893 want to get started and lack a friend with any bitcoins to spare,
895 <a href=
"https://freebitcoins.appspot.com/
">some for free
</a
> (
0.05
896 bitcoin at the time of writing). Use
897 <a href=
"http://www.bitcoinwatch.com/
">BitcoinWatch
</a
> to keep an eye
898 on the current exchange rates.
</p
>
900 <p
>As an experiment, I have decided to set up bitcoind on one of my
901 machines. If you want to support my activity, please send Bitcoin
902 donations to the address
903 <b
>15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b
</b
>. Thank you!
</p
>
908 <title>Why isn
't Debian Edu using VLC?
</title>
909 <link>http://people.skolelinux.org/pere/blog/Why_isn_t_Debian_Edu_using_VLC_.html
</link>
910 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Why_isn_t_Debian_Edu_using_VLC_.html
</guid>
911 <pubDate>Sat,
27 Nov
2010 11:
30:
00 +
0100</pubDate>
912 <description><p
>In the latest issue of Linux Journal, the readers choices were
913 presented, and the winner among the multimedia player were VLC.
914 Personally, I like VLC, and it is my player of choice when I first try
915 to play a video file or stream. Only if VLC fail will I drag out
916 gmplayer to see if it can do better. The reason is mostly the failure
917 model and trust. When VLC fail, it normally pop up a error message
918 reporting the problem. When mplayer fail, it normally segfault or
919 just hangs. The latter failure mode drain my trust in the program.
<p
>
921 <p
>But even if VLC is my player of choice, we have choosen to use
922 mplayer in
<a href=
"http://www.skolelinux.org/
">Debian
923 Edu/Skolelinux
</a
>. The reason is simple. We need a good browser
924 plugin to play web videos seamlessly, and the VLC browser plugin is
925 not very good. For example, it lack in-line control buttons, so there
926 is no way for the user to pause the video. Also, when I
927 <a href=
"http://wiki.debian.org/DebianEdu/BrowserMultimedia
">last
928 tested the browser plugins
</a
> available in Debian, the VLC plugin
929 failed on several video pages where mplayer based plugins worked. If
930 the browser plugin for VLC was as good as the gecko-mediaplayer
931 package (which uses mplayer), we would switch.
</P
>
933 <p
>While VLC is a good player, its user interface is slightly
934 annoying. The most annoying feature is its inconsistent use of
935 keyboard shortcuts. When the player is in full screen mode, its
936 shortcuts are different from when it is playing the video in a window.
937 For example, space only work as pause when in full screen mode. I
938 wish it had consisten shortcuts and that space also would work when in
939 window mode. Another nice shortcut in gmplayer is [enter] to restart
940 the current video. It is very nice when playing short videos from the
941 web and want to restart it when new people arrive to have a look at
942 what is going on.
</p
>
947 <title>Lenny-
>Squeeze upgrades of the Gnome and KDE desktop, now with apt-get autoremove
</title>
948 <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades_of_the_Gnome_and_KDE_desktop__now_with_apt_get_autoremove.html
</link>
949 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades_of_the_Gnome_and_KDE_desktop__now_with_apt_get_autoremove.html
</guid>
950 <pubDate>Mon,
22 Nov
2010 14:
15:
00 +
0100</pubDate>
951 <description><p
>Michael Biebl suggested to me on IRC, that I changed my automated
952 upgrade testing of the
953 <a href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing/
">Lenny
954 Gnome and KDE Desktop
</a
> to do
<tt
>apt-get autoremove
</tt
> when using apt-get.
955 This seem like a very good idea, so I adjusted by test scripts and
956 can now present the updated result from today:
</p
>
958 <p
>This is for Gnome:
</p
>
960 <p
>Installed using apt-get, missing with aptitude
</p
>
962 <blockquote
><p
>
974 freedesktop-sound-theme
976 gconf-defaults-service
991 gnome-desktop-environment
995 gnome-session-canberra
1000 gstreamer0.10-fluendo-mp3
1006 libapache2-mod-dnssd
1009 libaprutil1-dbd-sqlite3
1012 libboost-date-time1.42
.0
1013 libboost-python1.42
.0
1014 libboost-thread1.42
.0
1016 libchamplain-gtk-
0.4-
0
1018 libclutter-gtk-
0.10-
0
1025 libfreerdp-plugins-standard
1040 libgnomepanel2.24-cil
1045 libgtksourceview2.0-common
1046 libmono-addins-gui0.2-cil
1047 libmono-addins0.2-cil
1048 libmono-cairo2.0-cil
1049 libmono-corlib2.0-cil
1050 libmono-i18n-west2.0-cil
1051 libmono-posix2.0-cil
1052 libmono-security2.0-cil
1053 libmono-sharpzip2.84-cil
1054 libmono-system2.0-cil
1057 libndesk-dbus-glib1.0-cil
1058 libndesk-dbus1.0-cil
1068 libtelepathy-farsight0
1077 nautilus-sendto-empathy
1081 python-aptdaemon-gtk
1083 python-beautifulsoup
1098 python-gtksourceview2
1109 python-pkg-resources
1116 python-twisted-conch
1122 python-zope.interface
1127 rhythmbox-plugin-cdrecorder
1134 system-config-printer-udev
1136 telepathy-mission-control-
5
1147 </p
></blockquote
>
1149 <p
>Installed using apt-get, removed with aptitude
</p
>
1151 <blockquote
><p
>
1157 fast-user-switch-applet
1176 libgtksourceview2.0-
0
1178 libsdl1.2debian-alsa
1184 system-config-printer
1189 </p
></blockquote
>
1191 <p
>Installed using aptitude, missing with apt-get
</p
>
1193 <blockquote
><p
>
1194 gstreamer0.10-gnomevfs
1195 </p
></blockquote
>
1197 <p
>Installed using aptitude, removed with apt-get
</p
>
1199 <blockquote
><p
>
1201 </p
></blockquote
>
1203 <p
>This is for KDE:
</p
>
1205 <p
>Installed using apt-get, missing with aptitude
</p
>
1207 <blockquote
><p
>
1209 </p
></blockquote
>
1211 <p
>Installed using apt-get, removed with aptitude
</p
>
1213 <blockquote
><p
>
1216 </p
></blockquote
>
1218 <p
>Installed using aptitude, missing with apt-get
</p
>
1220 <blockquote
><p
>
1234 kdeartwork-emoticons
1236 kdeartwork-theme-icon
1240 kdebase-workspace-bin
1241 kdebase-workspace-data
1255 kscreensaver-xsavers
1270 plasma-dataengines-workspace
1272 plasma-desktopthemes-artwork
1273 plasma-runners-addons
1274 plasma-scriptengine-googlegadgets
1275 plasma-scriptengine-python
1276 plasma-scriptengine-qedje
1277 plasma-scriptengine-ruby
1278 plasma-scriptengine-webkit
1279 plasma-scriptengines
1280 plasma-wallpapers-addons
1281 plasma-widget-folderview
1282 plasma-widget-networkmanagement
1286 xscreensaver-data-extra
1288 xscreensaver-gl-extra
1289 xscreensaver-screensaver-bsod
1290 </p
></blockquote
>
1292 <p
>Installed using aptitude, removed with apt-get
</p
>
1294 <blockquote
><p
>
1296 google-gadgets-common
1314 libggadget-qt-
1.0-
0b
1319 libkonqsidebarplugin4a
1328 libplasma-geolocation-interface4
1330 libplasmagenericshell4
1344 libsmokeknewstuff2-
3
1345 libsmokeknewstuff3-
3
1347 libsmokektexteditor3
1355 libsmokeqtnetwork4-
3
1361 libsmokeqtuitools4-
3
1373 plasma-dataengines-addons
1374 plasma-scriptengine-superkaramba
1375 plasma-widget-lancelot
1376 plasma-widgets-addons
1377 plasma-widgets-workspace
1381 update-notifier-common
1382 </p
></blockquote
>
1384 <p
>Running apt-get autoremove made the results using apt-get and
1385 aptitude a bit more similar, but there are still quite a lott of
1386 differences. I have no idea what packages should be installed after
1387 the upgrade, but hope those that do can have a look.
</p
>
1392 <title>Migrating Xen virtual machines using LVM to KVM using disk images
</title>
1393 <link>http://people.skolelinux.org/pere/blog/Migrating_Xen_virtual_machines_using_LVM_to_KVM_using_disk_images.html
</link>
1394 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Migrating_Xen_virtual_machines_using_LVM_to_KVM_using_disk_images.html
</guid>
1395 <pubDate>Mon,
22 Nov
2010 11:
20:
00 +
0100</pubDate>
1396 <description><p
>Most of the computers in use by the
1397 <a href=
"http://www.skolelinux.org/
">Debian Edu/Skolelinux project
</a
>
1398 are virtual machines. And they have been Xen machines running on a
1399 fairly old IBM eserver xseries
345 machine, and we wanted to migrate
1400 them to KVM on a newer Dell PowerEdge
2950 host machine. This was a
1401 bit harder that it could have been, because we set up the Xen virtual
1402 machines to get the virtual partitions from LVM, which as far as I
1403 know is not supported by KVM. So to migrate, we had to convert
1404 several LVM logical volumes to partitions on a virtual disk file.
</p
>
1407 <a href=
"http://searchnetworking.techtarget.com.au/articles/
35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM
">a
1408 nice recipe
</a
> to do this, and wrote the following script to do the
1409 migration. It uses qemu-img from the qemu package to make the disk
1410 image, parted to partition it, losetup and kpartx to present the disk
1411 image partions as devices, and dd to copy the data. I NFS mounted the
1412 new servers storage area on the old server to do the migration.
</p
>
1418 # http://searchnetworking.techtarget.com.au/articles/
35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM
1423 if [ -z
"$
1" ] ; then
1424 echo
"Usage: $
0 &lt;hostname
&gt;
"
1430 if [ ! -e /dev/vg_data/$host-disk ] ; then
1431 echo
"error: unable to find LVM volume for $host
"
1435 # Partitions need to be a bit bigger than the LVM LVs. not sure why.
1436 disksize=$( lvs --units m | grep $host-disk | awk
'{sum = sum + $
4} END { print int(sum *
1.05) }
')
1437 swapsize=$( lvs --units m | grep $host-swap | awk
'{sum = sum + $
4} END { print int(sum *
1.05) }
')
1438 totalsize=$(( ( $disksize + $swapsize ) ))
1441 #dd if=/dev/zero of=$img bs=
1M count=$(( $disksize + $swapsize ))
1442 qemu-img create $img ${totalsize}MMaking room on the Debian Edu/Sqeeze DVD
1444 parted $img mklabel msdos
1445 parted $img mkpart primary linux-swap
0 $disksize
1446 parted $img mkpart primary ext2 $disksize $totalsize
1447 parted $img set
1 boot on
1450 losetup /dev/loop0 $img
1451 kpartx -a /dev/loop0
1453 dd if=/dev/vg_data/$host-disk of=/dev/mapper/loop0p1 bs=
1M
1454 fsck.ext3 -f /dev/mapper/loop0p1 || true
1455 mkswap /dev/mapper/loop0p2
1457 kpartx -d /dev/loop0
1458 losetup -d /dev/loop0
1461 <p
>The script is perhaps so simple that it is not copyrightable, but
1462 if it is, it is licenced using GPL v2 or later at your discretion.
</p
>
1464 <p
>After doing this, I booted a Debian CD in rescue mode in KVM with
1465 the new disk image attached, installed grub-pc and linux-image-
686 and
1466 set up grub to boot from the disk image. After this, the KVM machines
1467 seem to work just fine.
</p
>
1472 <title>Lenny-
>Squeeze upgrades, apt vs aptitude with the Gnome and KDE desktop
</title>
1473 <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_and_KDE_desktop.html
</link>
1474 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_and_KDE_desktop.html
</guid>
1475 <pubDate>Sat,
20 Nov
2010 22:
50:
00 +
0100</pubDate>
1476 <description><p
>I
'm still running upgrade testing of the
1477 <a href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing/
">Lenny
1478 Gnome and KDE Desktop
</a
>, but have not had time to spend on reporting the
1479 status. Here is a short update based on a test I ran
20101118.
</p
>
1481 <p
>I still do not know what a correct migration should look like, so I
1482 report any differences between apt and aptitude and hope someone else
1483 can see if anything should be changed.
</p
>
1485 <p
>This is for Gnome:
</p
>
1487 <p
>Installed using apt-get, missing with aptitude
</p
>
1489 <blockquote
><p
>
1490 apache2.2-bin aptdaemon at-spi baobab binfmt-support
1491 browser-plugin-gnash cheese-common cli-common cpp-
4.3 cups-pk-helper
1492 dmz-cursor-theme empathy empathy-common finger
1493 freedesktop-sound-theme freeglut3 gconf-defaults-service gdm-themes
1494 gedit-plugins geoclue geoclue-hostip geoclue-localnet geoclue-manual
1495 geoclue-yahoo gnash gnash-common gnome gnome-backgrounds
1496 gnome-cards-data gnome-codec-install gnome-core
1497 gnome-desktop-environment gnome-disk-utility gnome-screenshot
1498 gnome-search-tool gnome-session-canberra gnome-spell
1499 gnome-system-log gnome-themes-extras gnome-themes-more
1500 gnome-user-share gs-common gstreamer0.10-fluendo-mp3
1501 gstreamer0.10-tools gtk2-engines gtk2-engines-pixbuf
1502 gtk2-engines-smooth hal-info hamster-applet libapache2-mod-dnssd
1503 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap
1504 libart2.0-cil libatspi1.0-
0 libboost-date-time1.42
.0
1505 libboost-python1.42
.0 libboost-thread1.42
.0 libchamplain-
0.4-
0
1506 libchamplain-gtk-
0.4-
0 libcheese-gtk18 libclutter-gtk-
0.10-
0
1507 libcryptui0 libcupsys2 libdiscid0 libeel2-data libelf1 libepc-
1.0-
2
1508 libepc-common libepc-ui-
1.0-
2 libfreerdp-plugins-standard
1509 libfreerdp0 libgail-common libgconf2.0-cil libgdata-common libgdata7
1510 libgdl-
1-common libgdu-gtk0 libgee2 libgeoclue0 libgexiv2-
0 libgif4
1511 libglade2.0-cil libglib2.0-cil libgmime2.4-cil libgnome-vfs2.0-cil
1512 libgnome2.24-cil libgnomepanel2.24-cil libgnomeprint2.2-data
1513 libgnomeprintui2.2-common libgnomevfs2-bin libgpod-common libgpod4
1514 libgtk2.0-cil libgtkglext1 libgtksourceview-common
1515 libgtksourceview2.0-common libmono-addins-gui0.2-cil
1516 libmono-addins0.2-cil libmono-cairo2.0-cil libmono-corlib2.0-cil
1517 libmono-i18n-west2.0-cil libmono-posix2.0-cil
1518 libmono-security2.0-cil libmono-sharpzip2.84-cil
1519 libmono-system2.0-cil libmtp8 libmusicbrainz3-
6
1520 libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libopal3.6
.8
1521 libpolkit-gtk-
1-
0 libpt-
1.10.10-plugins-alsa
1522 libpt-
1.10.10-plugins-v4l libpt2.6
.7 libpython2.6 librpm1 librpmio1
1523 libsdl1.2debian libservlet2.4-java libsrtp0 libssh-
4
1524 libtelepathy-farsight0 libtelepathy-glib0 libtidy-
0.99-
0
1525 libxalan2-java libxerces2-java media-player-info mesa-utils
1526 mono-
2.0-gac mono-gac mono-runtime nautilus-sendto
1527 nautilus-sendto-empathy openoffice.org-writer2latex
1528 openssl-blacklist p7zip p7zip-full pkg-config python-
4suite-xml
1529 python-aptdaemon python-aptdaemon-gtk python-axiom
1530 python-beautifulsoup python-bugbuddy python-clientform
1531 python-coherence python-configobj python-crypto python-cupshelpers
1532 python-cupsutils python-eggtrayicon python-elementtree
1533 python-epsilon python-evolution python-feedparser python-gdata
1534 python-gdbm python-gst0.10 python-gtkglext1 python-gtkmozembed
1535 python-gtksourceview2 python-httplib2 python-louie python-mako
1536 python-markupsafe python-mechanize python-nevow python-notify
1537 python-opengl python-openssl python-pam python-pkg-resources
1538 python-pyasn1 python-pysqlite2 python-rdflib python-serial
1539 python-tagpy python-twisted-bin python-twisted-conch
1540 python-twisted-core python-twisted-web python-utidylib python-webkit
1541 python-xdg python-zope.interface remmina remmina-plugin-data
1542 remmina-plugin-rdp remmina-plugin-vnc rhythmbox-plugin-cdrecorder
1543 rhythmbox-plugins rpm-common rpm2cpio seahorse-plugins shotwell
1544 software-center svgalibg1 system-config-printer-udev
1545 telepathy-gabble telepathy-mission-control-
5 telepathy-salut tomboy
1546 totem totem-coherence totem-mozilla totem-plugins
1547 transmission-common xdg-user-dirs xdg-user-dirs-gtk xserver-xephyr
1549 </p
></blockquote
>
1551 Installed using apt-get, removed with aptitude
1553 <blockquote
><p
>
1554 arj bluez-utils cheese dhcdbd djvulibre-desktop ekiga eog
1555 epiphany-extensions epiphany-gecko evolution-exchange
1556 fast-user-switch-applet file-roller gcalctool gconf-editor gdm gedit
1557 gedit-common gnome-app-install gnome-games gnome-games-data
1558 gnome-nettool gnome-system-tools gnome-themes gnome-utils
1559 gnome-vfs-obexftp gnome-volume-manager gnuchess gucharmap
1560 guile-
1.8-libs hal libavahi-compat-libdnssd1 libavahi-core5
1561 libavahi-ui0 libbind9-
50 libbluetooth2 libcamel1.2-
11 libcdio7
1562 libcucul0 libcurl3 libdirectfb-
1.0-
0 libdmx1 libdvdread3
1563 libedata-cal1.2-
6 libedataserver1.2-
9 libeel2-
2.20 libepc-
1.0-
1
1564 libepc-ui-
1.0-
1 libexchange-storage1.2-
3 libfaad0 libgadu3
1565 libgalago3 libgd2-noxpm libgda3-
3 libgda3-common libggz2 libggzcore9
1566 libggzmod4 libgksu1.2-
0 libgksuui1.0-
1 libgmyth0 libgnome-desktop-
2
1567 libgnome-pilot2 libgnomecups1.0-
1 libgnomeprint2.2-
0
1568 libgnomeprintui2.2-
0 libgpod3 libgraphviz4 libgtk-vnc-
1.0-
0
1569 libgtkhtml2-
0 libgtksourceview1.0-
0 libgtksourceview2.0-
0
1570 libgucharmap6 libhesiod0 libicu38 libisccc50 libisccfg50 libiw29
1571 libjaxp1.3-java-gcj libkpathsea4 liblircclient0 libltdl3 liblwres50
1572 libmagick++
10 libmagick10 libmalaga7 libmozjs1d libmpfr1ldbl libmtp7
1573 libmysqlclient15off libnautilus-burn4 libneon27 libnm-glib0
1574 libnm-util0 libopal-
2.2 libosp5 libparted1.8-
10 libpisock9
1575 libpisync1 libpoppler-glib3 libpoppler3 libpt-
1.10.10 libraw1394-
8
1576 libsdl1.2debian-alsa libsensors3 libsexy2 libsmbios2 libsoup2.2-
8
1577 libspeexdsp1 libssh2-
1 libsuitesparse-
3.1.0 libsvga1
1578 libswfdec-
0.6-
90 libtalloc1 libtotem-plparser10 libtrackerclient0
1579 libvoikko1 libxalan2-java-gcj libxerces2-java-gcj libxklavier12
1580 libxtrap6 libxxf86misc1 libzephyr3 mysql-common rhythmbox seahorse
1581 sound-juicer swfdec-gnome system-config-printer totem-common
1582 totem-gstreamer transmission-gtk vinagre vino w3c-dtd-xhtml wodim
1583 </p
></blockquote
>
1585 <p
>Installed using aptitude, missing with apt-get
</p
>
1587 <blockquote
><p
>
1588 gstreamer0.10-gnomevfs
1589 </p
></blockquote
>
1591 <p
>Installed using aptitude, removed with apt-get
</p
>
1593 <blockquote
><p
>
1595 </p
></blockquote
>
1597 <p
>This is for KDE:
</p
>
1599 <p
>Installed using apt-get, missing with aptitude
</p
>
1601 <blockquote
><p
>
1602 autopoint bomber bovo cantor cantor-backend-kalgebra cpp-
4.3 dcoprss
1603 edict espeak espeak-data eyesapplet fifteenapplet finger gettext
1604 ghostscript-x git gnome-audio gnugo granatier gs-common
1605 gstreamer0.10-pulseaudio indi kaddressbook-plugins kalgebra
1606 kalzium-data kanjidic kapman kate-plugins kblocks kbreakout kbstate
1607 kde-icons-mono kdeaccessibility kdeaddons-kfile-plugins
1608 kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
1609 kdeedu kdeedu-data kdeedu-kvtml-data kdegames kdegames-card-data
1610 kdegames-mahjongg-data kdegraphics-kfile-plugins kdelirc
1611 kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
1612 kdepim-kfile-plugins kdepim-kio-plugins kdessh kdetoys kdewebdev
1613 kdiamond kdnssd kfilereplace kfourinline kgeography-data kigo
1614 killbots kiriki klettres-data kmoon kmrml knewsticker-scripts
1615 kollision kpf krosspython ksirk ksmserver ksquares kstars-data
1616 ksudoku kubrick kweather libasound2-plugins libboost-python1.42
.0
1617 libcfitsio3 libconvert-binhex-perl libcrypt-ssleay-perl libdb4.6++
1618 libdjvulibre-text libdotconf1.0 liberror-perl libespeak1
1619 libfinance-quote-perl libgail-common libgsl0ldbl libhtml-parser-perl
1620 libhtml-tableextract-perl libhtml-tagset-perl libhtml-tree-perl
1621 libio-stringy-perl libkdeedu4 libkdegames5 libkiten4 libkpathsea5
1622 libkrossui4 libmailtools-perl libmime-tools-perl
1623 libnews-nntpclient-perl libopenbabel3 libportaudio2 libpulse-browse0
1624 libservlet2.4-java libspeechd2 libtiff-tools libtimedate-perl
1625 libunistring0 liburi-perl libwww-perl libxalan2-java libxerces2-java
1626 lirc luatex marble networkstatus noatun-plugins
1627 openoffice.org-writer2latex palapeli palapeli-data parley
1628 parley-data poster psutils pulseaudio pulseaudio-esound-compat
1629 pulseaudio-module-x11 pulseaudio-utils quanta-data rocs rsync
1630 speech-dispatcher step svgalibg1 texlive-binaries texlive-luatex
1632 </p
></blockquote
>
1634 <p
>Installed using apt-get, removed with aptitude
</p
>
1636 <blockquote
><p
>
1637 amor artsbuilder atlantik atlantikdesigner blinken bluez-utils cvs
1638 dhcdbd djvulibre-desktop imlib-base imlib11 kalzium kanagram kandy
1639 kasteroids katomic kbackgammon kbattleship kblackbox kbounce kbruch
1640 kcron kdat kdemultimedia-kappfinder-data kdeprint kdict kdvi kedit
1641 keduca kenolaba kfax kfaxview kfouleggs kgeography kghostview
1642 kgoldrunner khangman khexedit kiconedit kig kimagemapeditor
1643 kitchensync kiten kjumpingcube klatin klettres klickety klines
1644 klinkstatus kmag kmahjongg kmailcvt kmenuedit kmid kmilo kmines
1645 kmousetool kmouth kmplot knetwalk kodo kolf kommander konquest kooka
1646 kpager kpat kpdf kpercentage kpilot kpoker kpovmodeler krec
1647 kregexpeditor kreversi ksame ksayit kshisen ksig ksim ksirc ksirtet
1648 ksmiletris ksnake ksokoban kspaceduel kstars ksvg ksysv kteatime
1649 ktip ktnef ktouch ktron kttsd ktuberling kturtle ktux kuickshow
1650 kverbos kview kviewshell kvoctrain kwifimanager kwin kwin4 kwordquiz
1651 kworldclock kxsldbg libakode2 libarts1-akode libarts1-audiofile
1652 libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
1653 libavahi-core5 libavc1394-
0 libbind9-
50 libbluetooth2
1654 libboost-python1.34
.1 libcucul0 libcurl3 libcvsservice0
1655 libdirectfb-
1.0-
0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
1656 libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-
0 libicu38
1657 libiec61883-
0 libindex0 libisccc50 libisccfg50 libiw29
1658 libjaxp1.3-java-gcj libk3b3 libkcal2b libkcddb1 libkdeedu3
1659 libkdegames1 libkdepim1a libkgantt0 libkleopatra1 libkmime2
1660 libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
1661 libksieve0 libktnef1 liblockdev1 libltdl3 liblwres50 libmagick10
1662 libmimelib1c2a libmodplug0c2 libmozjs1d libmpcdec3 libmpfr1ldbl
1663 libneon27 libnm-util0 libopensync0 libpisock9 libpoppler-glib3
1664 libpoppler-qt2 libpoppler3 libraw1394-
8 librss1 libsensors3
1665 libsmbios2 libssh2-
1 libsuitesparse-
3.1.0 libswfdec-
0.6-
90
1666 libtalloc1 libxalan2-java-gcj libxerces2-java-gcj libxtrap6 lskat
1667 mpeglib network-manager-kde noatun pmount tex-common texlive-base
1668 texlive-common texlive-doc-base texlive-fonts-recommended tidy
1669 ttf-dustin ttf-kochi-gothic ttf-sjfonts
1670 </p
></blockquote
>
1672 <p
>Installed using aptitude, missing with apt-get
</p
>
1674 <blockquote
><p
>
1675 dolphin kde-core kde-plasma-desktop kde-standard kde-window-manager
1676 kdeartwork kdebase kdebase-apps kdebase-workspace
1677 kdebase-workspace-bin kdebase-workspace-data kdeutils kscreensaver
1678 kscreensaver-xsavers libgle3 libkonq5 libkonq5-templates libnetpbm10
1679 netpbm plasma-widget-folderview plasma-widget-networkmanagement
1680 xscreensaver-data-extra xscreensaver-gl xscreensaver-gl-extra
1681 xscreensaver-screensaver-bsod
1682 </p
></blockquote
>
1684 <p
>Installed using aptitude, removed with apt-get
</p
>
1686 <blockquote
><p
>
1687 kdebase-bin konq-plugins konqueror
1688 </p
></blockquote
>
1693 <title>Gnash buildbot slave and Debian kfreebsd
</title>
1694 <link>http://people.skolelinux.org/pere/blog/Gnash_buildbot_slave_and_Debian_kfreebsd.html
</link>
1695 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Gnash_buildbot_slave_and_Debian_kfreebsd.html
</guid>
1696 <pubDate>Sat,
20 Nov
2010 07:
20:
00 +
0100</pubDate>
1697 <description><p
>Answering
1698 <a href=
"http://www.listware.net/
201011/gnash-dev/
67431-gnash-dev-buildbot-looking-for-slaves.html
">the
1699 call from the Gnash project
</a
> for
1700 <a href=
"http://www.gnashdev.org:
8010">buildbot
</a
> slaves to test the
1701 current source, I have set up a virtual KVM machine on the Debian
1702 Edu/Skolelinux virtualization host to test the git source on
1703 Debian/Squeeze. I hope this can help the developers in getting new
1704 releases out more often.
</p
>
1706 <p
>As the developers want less main-stream build platforms tested to,
1707 I have considered setting up a
<a
1708 href=
"http://www.debian.org/ports/kfreebsd-gnu/
">Debian/kfreebsd
</a
>
1709 machine as well. I have also considered using the kfreebsd
1710 architecture in Debian as a file server in NUUG to get access to the
5
1711 TB zfs volume we currently use to store DV video. Because of this, I
1712 finally got around to do a test installation of Debian/Squeeze with
1713 kfreebsd. Installation went fairly smooth, thought I noticed some
1714 visual glitches in the cdebconf dialogs (black cursor left on the
1715 screen at random locations). Have not gotten very far with the
1716 testing. Noticed cfdisk did not work, but fdisk did so it was not a
1717 fatal problem. Have to spend some more time on it to see if it is
1718 useful as a file server for NUUG. Will try to find time to set up a
1719 gnash buildbot slave on the Debian Edu/Skolelinux this weekend.
</p
>
1724 <title>Debian in
3D
</title>
1725 <link>http://people.skolelinux.org/pere/blog/Debian_in_3D.html
</link>
1726 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_in_3D.html
</guid>
1727 <pubDate>Tue,
9 Nov
2010 16:
10:
00 +
0100</pubDate>
1728 <description><p
><img src=
"http://thingiverse-production.s3.amazonaws.com/renders/
23/e0/c4/f9/
2b/debswagtdose_preview_medium.jpg
"></p
>
1730 <p
>3D printing is just great. I just came across this Debian logo in
1732 <a href=
"http://blog.thingiverse.com/
2010/
11/
09/participatory-branding/
">the
1733 thingiverse blog
</a
>.
</p
>
1738 <title>Software updates
2010-
10-
24</title>
1739 <link>http://people.skolelinux.org/pere/blog/Software_updates_2010_10_24.html
</link>
1740 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Software_updates_2010_10_24.html
</guid>
1741 <pubDate>Sun,
24 Oct
2010 22:
45:
00 +
0200</pubDate>
1742 <description><p
>Some updates.
</p
>
1744 <p
>My
<a href=
"http://pledgebank.com/gnash-avm2
">gnash pledge
</a
> to
1745 raise money for the project is going well. The lower limit of
10
1746 signers was reached in
24 hours, and so far
13 people have signed it.
1747 More signers and more funding is most welcome, and I am really curious
1748 how far we can get before the time limit of December
24 is reached.
1751 <p
>On the #gnash IRC channel on irc.freenode.net, I was just tipped
1752 about what appear to be a great code coverage tool capable of
1753 generating code coverage stats without any changes to the source code.
1755 <a href=
"http://simonkagstrom.github.com/kcov/index.html
">kcov
</a
>,
1756 and can be used using
<tt
>kcov
&lt;directory
&gt;
&lt;binary
&gt;
</tt
>.
1757 It is missing in Debian, but the git source built just fine in Squeeze
1758 after I installed libelf-dev, libdwarf-dev, pkg-config and
1759 libglib2.0-dev. Failed to build in Lenny, but suspect that is
1760 solvable. I hope kcov make it into Debian soon.
</p
>
1762 <p
>Finally found time to wrap up the release notes for
<a
1763 href=
"http://lists.debian.org/debian-edu-announce/
2010/
10/msg00002.html
">a
1764 new alpha release of Debian Edu
</a
>, and just published the second
1765 alpha test release of the Squeeze based Debian Edu /
1766 <a href=
"http://www.skolelinux.org/
">Skolelinux
</a
>
1767 release. Give it a try if you need a complete linux solution for your
1768 school, including central infrastructure server, workstations, thin
1769 client servers and diskless workstations. A nice touch added
1770 yesterday is RDP support on the thin client servers, for windows
1771 clients to get a Linux desktop on request.
</p
>
1776 <title>Some notes on Flash in Debian and Debian Edu
</title>
1777 <link>http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html
</link>
1778 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html
</guid>
1779 <pubDate>Sat,
4 Sep
2010 10:
10:
00 +
0200</pubDate>
1780 <description><p
>In the
<a href=
"http://popcon.debian.org/unknown/by_vote
">Debian
1781 popularity-contest numbers
</a
>, the adobe-flashplugin package the
1782 second most popular used package that is missing in Debian. The sixth
1783 most popular is flashplayer-mozilla. This is a clear indication that
1784 working flash is important for Debian users. Around
10 percent of the
1785 users submitting data to popcon.debian.org have this package
1786 installed.
</p
>
1788 <p
>In the report written by Lars Risan in August
2008
1789 («
<a href=
"http://wiki.skolelinux.no/Dokumentasjon/Rapporter?action=AttachFile
&do=view
&target=Skolelinux_i_bruk_rapport_1.0.pdf
">Skolelinux
1790 i bruk – Rapport for Hurum kommune, Universitetet i Agder og
1791 stiftelsen SLX Debian Labs
</a
>»), one of the most important problems
1792 schools experienced with
<a href=
"http://www.skolelinux.org/
">Debian
1793 Edu/Skolelinux
</a
> was the lack of working Flash. A lot of educational
1794 web sites require Flash to work, and lacking working Flash support in
1795 the web browser and the problems with installing it was perceived as a
1796 good reason to stay with Windows.
</p
>
1798 <p
>I once saw a funny and sad comment in a web forum, where Linux was
1799 said to be the retarded cousin that did not really understand
1800 everything you told him but could work fairly well. This was a
1801 comment regarding the problems Linux have with proprietary formats and
1802 non-standard web pages, and is sad because it exposes a fairly common
1803 understanding of whose fault it is if web pages that only work in for
1804 example Internet Explorer
6 fail to work on Firefox, and funny because
1805 it explain very well how annoying it is for users when Linux
1806 distributions do not work with the documents they receive or the web
1807 pages they want to visit.
</p
>
1809 <p
>This is part of the reason why I believe it is important for Debian
1810 and Debian Edu to have a well working Flash implementation in the
1811 distribution, to get at least popular sites as Youtube and Google
1812 Video to working out of the box. For Squeeze, Debian have the chance
1813 to include the latest version of Gnash that will make this happen, as
1814 the new release
0.8.8 was published a few weeks ago and is resting in
1815 unstable. The new version work with more sites that version
0.8.7.
1816 The Gnash maintainers have asked for a freeze exception, but the
1817 release team have not had time to reply to it yet. I hope they agree
1818 with me that Flash is important for the Debian desktop users, and thus
1819 accept the new package into Squeeze.
</p
>
1824 <title>Circular package dependencies harms apt recovery
</title>
1825 <link>http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
</link>
1826 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html
</guid>
1827 <pubDate>Tue,
27 Jul
2010 23:
50:
00 +
0200</pubDate>
1828 <description><p
>I discovered this while doing
1829 <a href=
"http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
">automated
1830 testing of upgrades from Debian Lenny to Squeeze
</a
>. A few packages
1831 in Debian still got circular dependencies, and it is often claimed
1832 that apt and aptitude should be able to handle this just fine, but
1833 some times these dependency loops causes apt to fail.
</p
>
1835 <p
>An example is from todays
1836 <a href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing//test-
20100727-lenny-squeeze-kde-aptitude.txt
">upgrade
1837 of KDE using aptitude
</a
>. In it, a bug in kdebase-workspace-data
1838 causes perl-modules to fail to upgrade. The cause is simple. If a
1839 package fail to unpack, then only part of packages with the circular
1840 dependency might end up being unpacked when unpacking aborts, and the
1841 ones already unpacked will fail to configure in the recovery phase
1842 because its dependencies are unavailable.
</p
>
1844 <p
>In this log, the problem manifest itself with this error:
</p
>
1846 <blockquote
><pre
>
1847 dpkg: dependency problems prevent configuration of perl-modules:
1848 perl-modules depends on perl (
>=
5.10.1-
1); however:
1849 Version of perl on system is
5.10.0-
19lenny
2.
1850 dpkg: error processing perl-modules (--configure):
1851 dependency problems - leaving unconfigured
1852 </pre
></blockquote
>
1854 <p
>The perl/perl-modules circular dependency is already
1855 <a href=
"http://bugs.debian.org/
527917">reported as a bug
</a
>, and will
1856 hopefully be solved as soon as possible, but it is not the only one,
1857 and each one of these loops in the dependency tree can cause similar
1858 failures. Of course, they only occur when there are bugs in other
1859 packages causing the unpacking to fail, but it is rather nasty when
1860 the failure of one package causes the problem to become worse because
1861 of dependency loops.
</p
>
1864 <a href=
"http://lists.debian.org/debian-devel/
2010/
06/msg00116.html
">the
1865 tireless effort by Bill Allombert
</a
>, the number of circular
1867 <a href=
"http://debian.semistable.com/debgraph.out.html
">left in Debian
1868 is dropping
</a
>, and perhaps it will reach zero one day. :)
</p
>
1870 <p
>Todays testing also exposed a bug in
1871 <a href=
"http://bugs.debian.org/
590605">update-notifier
</a
> and
1872 <a href=
"http://bugs.debian.org/
590604">different behaviour
</a
> between
1873 apt-get and aptitude, the latter possibly caused by some circular
1874 dependency. Reported both to BTS to try to get someone to look at
1880 <title>What are they searching for - PowerDNS and ISC DHCP in LDAP
</title>
1881 <link>http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html
</link>
1882 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html
</guid>
1883 <pubDate>Sat,
17 Jul
2010 21:
00:
00 +
0200</pubDate>
1884 <description><p
>This is a
1885 <a href=
"http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
">followup
</a
>
1887 <a href=
"http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html
">previous
1889 <a href=
"http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
">merging
1890 all
</a
> the computer related LDAP objects in Debian Edu.
</p
>
1892 <p
>As a step to try to see if it possible to merge the DNS and DHCP
1893 LDAP objects, I have had a look at how the packages pdns-backend-ldap
1894 and dhcp3-server-ldap in Debian use the LDAP server. The two
1895 implementations are quite different in how they use LDAP.
</p
>
1897 To get this information, I started slapd with debugging enabled and
1898 dumped the debug output to a file to get the LDAP searches performed
1899 on a Debian Edu main-server. Here is a summary.
1901 <p
><strong
>powerdns
</strong
></p
>
1903 <a href=
"http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend
">Clues
1904 on how to
</a
> set up PowerDNS to use a LDAP backend is available on
1907 <p
>PowerDNS have two modes of operation using LDAP as its backend.
1908 One
"strict
" mode where the forward and reverse DNS lookups are done
1909 using the same LDAP objects, and a
"tree
" mode where the forward and
1910 reverse entries are in two different subtrees in LDAP with a structure
1911 based on the DNS names, as in tjener.intern and
1912 2.2.0.10.in-addr.arpa.
</p
>
1914 <p
>In tree mode, the server is set up to use a LDAP subtree as its
1915 base, and uses a
"base
" scoped search for the DNS name by adding
1916 "dc=tjener,dc=intern,
" to the base with a filter for
1917 "(associateddomain=tjener.intern)
" for the forward entry and
1918 "dc=
2,dc=
2,dc=
0,dc=
10,dc=in-addr,dc=arpa,
" with a filter for
1919 "(associateddomain=
2.2.0.10.in-addr.arpa)
" for the reverse entry. For
1920 forward entries, it is looking for attributes named dnsttl, arecord,
1921 nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
1922 txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
1923 srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
1924 ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
1925 spfrecord and modifytimestamp. For reverse entries it is looking for
1926 the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
1927 ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
1928 locrecord, srvrecord, naptrrecord and modifytimestamp. The equivalent
1929 ldapsearch commands could look like this:
</p
>
1931 <blockquote
><pre
>
1932 ldapsearch -h ldap \
1933 -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
1934 -s base -x
'(associateddomain=tjener.intern)
' dNSTTL aRecord nSRecord \
1935 cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
1936 rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
1937 nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
1938 rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
1940 ldapsearch -h ldap \
1941 -b dc=
2,dc=
2,dc=
0,dc=
10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
1942 -s base -x
'(associateddomain=
2.2.0.10.in-addr.arpa)
'
1943 dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
1944 hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
1945 srvrecord naptrrecord modifytimestamp
1946 </pre
></blockquote
>
1948 <p
>In Debian Edu/Lenny, the PowerDNS tree mode is used with
1949 ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
1950 example LDAP objects used there. In addition to these objects, the
1951 parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
1952 also exist.
</p
>
1954 <blockquote
><pre
>
1955 dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
1957 objectclass: dnsdomain
1958 objectclass: domainrelatedobject
1961 associateddomain: tjener.intern
1963 dn: dc=
2,dc=
2,dc=
0,dc=
10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
1965 objectclass: dnsdomain2
1966 objectclass: domainrelatedobject
1968 ptrrecord: tjener.intern
1969 associateddomain:
2.2.0.10.in-addr.arpa
1970 </pre
></blockquote
>
1972 <p
>In strict mode, the server behaves differently. When looking for
1973 forward DNS entries, it is doing a
"subtree
" scoped search with the
1974 same base as in the tree mode for a object with filter
1975 "(associateddomain=tjener.intern)
" and requests the attributes dnsttl,
1976 arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
1977 mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
1978 naptrrecord and modifytimestamp. For reverse entires it also do a
1979 subtree scoped search but this time the filter is
"(arecord=
10.0.2.2)
"
1980 and the requested attributes are associateddomain, dnsttl and
1981 modifytimestamp. In short, in strict mode the objects with ptrrecord
1982 go away, and the arecord attribute in the forward object is used
1985 <p
>The forward and reverse searches can be simulated using ldapsearch
1986 like this:
</p
>
1988 <blockquote
><pre
>
1989 ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
1990 '(associateddomain=tjener.intern)
' dNSTTL aRecord nSRecord \
1991 cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
1992 rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
1993 nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
1994 rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
1996 ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
1997 '(arecord=
10.0.2.2)
' associateddomain dnsttl modifytimestamp
1998 </pre
></blockquote
>
2000 <p
>In addition to the forward and reverse searches , there is also a
2001 search for SOA records, which behave similar to the forward and
2002 reverse lookups.
</p
>
2004 <p
>A thing to note with the PowerDNS behaviour is that it do not
2005 specify any objectclass names, and instead look for the attributes it
2006 need to generate a DNS reply. This make it able to work with any
2007 objectclass that provide the needed attributes.
</p
>
2009 <p
>The attributes are normally provided in the cosine (RFC
1274) and
2010 dnsdomain2 schemas. The latter is used for reverse entries like
2011 ptrrecord and recent DNS additions like aaaarecord and srvrecord.
</p
>
2013 <p
>In Debian Edu, we have created DNS objects using the object classes
2014 dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
2015 attributes) and domainrelatedobject (for associatedDomain). The use
2016 of structural object classes make it impossible to combine these
2017 classes with the object classes used by DHCP.
</p
>
2019 <p
>There are other schemas that could be used too, for example the
2020 dnszone structural object class used by Gosa and bind-sdb for the DNS
2021 attributes combined with the domainrelatedobject object class, but in
2022 this case some unused attributes would have to be included as well
2023 (zonename and relativedomainname).
</p
>
2025 <p
>My proposal for Debian Edu would be to switch PowerDNS to strict
2026 mode and not use any of the existing objectclasses (dnsdomain,
2027 dnsdomain2 and dnszone) when one want to combine the DNS information
2028 with DHCP information, and instead create a auxiliary object class
2029 defined something like this (using the attributes defined for
2030 dnsdomain and dnsdomain2 or dnszone):
</p
>
2032 <blockquote
><pre
>
2033 objectclass ( some-oid NAME
'dnsDomainAux
'
2036 MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
2037 DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
2038 TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
2039 NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
2040 A6Record $ DNAMERecord
2042 </pre
></blockquote
>
2044 <p
>This will allow any object to become a DNS entry when combined with
2045 the domainrelatedobject object class, and allow any entity to include
2046 all the attributes PowerDNS wants. I
've sent an email to the PowerDNS
2047 developers asking for their view on this schema and if they are
2048 interested in providing such schema with PowerDNS, and I hope my
2049 message will be accepted into their mailing list soon.
</p
>
2051 <p
><strong
>ISC dhcp
</strong
></p
>
2053 <p
>The DHCP server searches for specific objectclass and requests all
2054 the object attributes, and then uses the attributes it want. This
2055 make it harder to figure out exactly what attributes are used, but
2056 thanks to the working example in Debian Edu I can at least get an idea
2057 what is needed without having to read the source code.
</p
>
2059 <p
>In the DHCP server configuration, the LDAP base to use and the
2060 search filter to use to locate the correct dhcpServer entity is
2061 stored. These are the relevant entries from
2062 /etc/dhcp3/dhcpd.conf:
</p
>
2064 <blockquote
><pre
>
2065 ldap-base-dn
"dc=skole,dc=skolelinux,dc=no
";
2066 ldap-dhcp-server-cn
"dhcp
";
2067 </pre
></blockquote
>
2069 <p
>The DHCP server uses this information to nest all the DHCP
2070 configuration it need. The cn
"dhcp
" is located using the given LDAP
2071 base and the filter
"(
&(objectClass=dhcpServer)(cn=dhcp))
". The
2072 search result is this entry:
</p
>
2074 <blockquote
><pre
>
2075 dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
2078 objectClass: dhcpServer
2079 dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
2080 </pre
></blockquote
>
2082 <p
>The content of the dhcpServiceDN attribute is next used to locate the
2083 subtree with DHCP configuration. The DHCP configuration subtree base
2084 is located using a base scope search with base
"cn=DHCP
2085 Config,dc=skole,dc=skolelinux,dc=no
" and filter
2086 "(
&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))
".
2087 The search result is this entry:
</p
>
2089 <blockquote
><pre
>
2090 dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
2093 objectClass: dhcpService
2094 objectClass: dhcpOptions
2095 dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
2096 dhcpStatements: ddns-update-style none
2097 dhcpStatements: authoritative
2098 dhcpOption: smtp-server code
69 = array of ip-address
2099 dhcpOption: www-server code
72 = array of ip-address
2100 dhcpOption: wpad-url code
252 = text
2101 </pre
></blockquote
>
2103 <p
>Next, the entire subtree is processed, one level at the time. When
2104 all the DHCP configuration is loaded, it is ready to receive requests.
2105 The subtree in Debian Edu contain objects with object classes
2106 top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
2107 top/dhcpSubnet, top/dhcpGroup and top/dhcpHost. These provide options
2108 and information about netmasks, dynamic range etc. Leaving out the
2109 details here because it is not relevant for the focus of my
2110 investigation, which is to see if it is possible to merge dns and dhcp
2111 related computer objects.
</p
>
2113 <p
>When a DHCP request come in, LDAP is searched for the MAC address
2114 of the client (
00:
00:
00:
00:
00:
00 in this example), using a subtree
2115 scoped search with
"cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
" as
2116 the base and
"(
&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
2117 00:
00:
00:
00:
00:
00))
" as the filter. This is what a host object look
2120 <blockquote
><pre
>
2121 dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
2124 objectClass: dhcpHost
2125 dhcpHWAddress: ethernet
00:
00:
00:
00:
00:
00
2126 dhcpStatements: fixed-address hostname
2127 </pre
></blockquote
>
2129 <p
>There is less flexiblity in the way LDAP searches are done here.
2130 The object classes need to have fixed names, and the configuration
2131 need to be stored in a fairly specific LDAP structure. On the
2132 positive side, the invidiual dhcpHost entires can be anywhere without
2133 the DN pointed to by the dhcpServer entries. The latter should make
2134 it possible to group all host entries in a subtree next to the
2135 configuration entries, and this subtree can also be shared with the
2136 DNS server if the schema proposed above is combined with the dhcpHost
2137 structural object class.
2139 <p
><strong
>Conclusion
</strong
></p
>
2141 <p
>The PowerDNS implementation seem to be very flexible when it come
2142 to which LDAP schemas to use. While its
"tree
" mode is rigid when it
2143 come to the the LDAP structure, the
"strict
" mode is very flexible,
2144 allowing DNS objects to be stored anywhere under the base cn specified
2145 in the configuration.
</p
>
2147 <p
>The DHCP implementation on the other hand is very inflexible, both
2148 regarding which LDAP schemas to use and which LDAP structure to use.
2149 I guess one could implement ones own schema, as long as the
2150 objectclasses and attributes have the names used, but this do not
2151 really help when the DHCP subtree need to have a fairly fixed
2152 structure.
</p
>
2154 <p
>Based on the observed behaviour, I suspect a LDAP structure like
2155 this might work for Debian Edu:
</p
>
2157 <blockquote
><pre
>
2159 cn=machine-info (dhcpService) - dhcpServiceDN points here
2160 cn=dhcp (dhcpServer)
2161 cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
2162 cn=
10.0.2.0 (dhcpSubnet)
2163 cn=group1 (dhcpGroup/dhcpOptions)
2164 cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
2165 cn=
192.168.0.0 (dhcpSubnet)
2166 cn=group1 (dhcpGroup/dhcpOptions)
2167 ou=machines - PowerDNS base points here
2168 cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
2169 </pre
></blockquote
>
2171 <P
>This is not tested yet. If the DHCP server require the dhcpHost
2172 entries to be in the dhcpGroup subtrees, the entries can be stored
2173 there instead of a common machines subtree, and the PowerDNS base
2174 would have to be moved one level up to the machine-info subtree.
</p
>
2176 <p
>The combined object under the machines subtree would look something
2177 like this:
</p
>
2179 <blockquote
><pre
>
2180 dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
2183 objectClass: dhcpHost
2184 objectclass: domainrelatedobject
2185 objectclass: dnsDomainAux
2186 associateddomain: hostname.intern
2187 arecord:
10.11.12.13
2188 dhcpHWAddress: ethernet
00:
00:
00:
00:
00:
00
2189 dhcpStatements: fixed-address hostname.intern
2190 </pre
></blockquote
>
2192 </p
>One could even add the LTSP configuration associated with a given
2193 machine, as long as the required attributes are available in a
2194 auxiliary object class.
</p
>
2199 <title>Combining PowerDNS and ISC DHCP LDAP objects
</title>
2200 <link>http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
</link>
2201 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html
</guid>
2202 <pubDate>Wed,
14 Jul
2010 23:
45:
00 +
0200</pubDate>
2203 <description><p
>For a while now, I have wanted to find a way to change the DNS and
2204 DHCP services in Debian Edu to use the same LDAP objects for a given
2205 computer, to avoid the possibility of having a inconsistent state for
2206 a computer in LDAP (as in DHCP but no DNS entry or the other way
2207 around) and make it easier to add computers to LDAP.
</p
>
2209 <p
>I
've looked at how powerdns and dhcpd is using LDAP, and using this
2210 information finally found a solution that seem to work.
</p
>
2212 <p
>The old setup required three LDAP objects for a given computer.
2213 One forward DNS entry, one reverse DNS entry and one DHCP entry. If
2214 we switch powerdns to use its strict LDAP method (ldap-method=strict
2215 in pdns-debian-edu.conf), the forward and reverse DNS entries are
2216 merged into one while making it impossible to transfer the reverse map
2217 to a slave DNS server.
</p
>
2219 <p
>If we also replace the object class used to get the DNS related
2220 attributes to one allowing these attributes to be combined with the
2221 dhcphost object class, we can merge the DNS and DHCP entries into one.
2222 I
've written such object class in the dnsdomainaux.schema file (need
2223 proper OIDs, but that is a minor issue), and tested the setup. It
2224 seem to work.
</p
>
2226 <p
>With this test setup in place, we can get away with one LDAP object
2227 for both DNS and DHCP, and even the LTSP configuration I suggested in
2228 an earlier email. The combined LDAP object will look something like
2231 <blockquote
><pre
>
2232 dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
2234 objectClass: dhcphost
2235 objectclass: domainrelatedobject
2236 objectclass: dnsdomainaux
2237 associateddomain: hostname.intern
2238 arecord:
10.11.12.13
2239 dhcphwaddress: ethernet
00:
00:
00:
00:
00:
00
2240 dhcpstatements: fixed-address hostname
2242 </pre
></blockquote
>
2244 <p
>The DNS server uses the associateddomain and arecord entries, while
2245 the DHCP server uses the dhcphwaddress and dhcpstatements entries
2246 before asking DNS to resolve the fixed-adddress. LTSP will use
2247 dhcphwaddress or associateddomain and the ldapconfig* attributes.
</p
>
2249 <p
>I am not yet sure if I can get the DHCP server to look for its
2250 dhcphost in a different location, to allow us to put the objects
2251 outside the
"DHCP Config
" subtree, but hope to figure out a way to do
2252 that. If I can
't figure out a way to do that, we can still get rid of
2253 the hosts subtree and move all its content into the DHCP Config tree
2254 (which probably should be renamed to be more related to the new
2255 content. I suspect cn=dnsdhcp,ou=services or something like that
2256 might be a good place to put it.
</p
>
2258 <p
>If you want to help out with implementing this for Debian Edu,
2259 please contact us on debian-edu@lists.debian.org.
</p
>
2264 <title>Idea for storing LTSP configuration in LDAP
</title>
2265 <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html
</link>
2266 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html
</guid>
2267 <pubDate>Sun,
11 Jul
2010 22:
00:
00 +
0200</pubDate>
2268 <description><p
>Vagrant mentioned on IRC today that ltsp_config now support
2269 sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
2270 clients, and that this can be used to fetch configuration from LDAP if
2271 Debian Edu choose to store configuration there.
</p
>
2273 <p
>Armed with this information, I got inspired and wrote a test module
2274 to get configuration from LDAP. The idea is to look up the MAC
2275 address of the client in LDAP, and look for attributes on the form
2276 ltspconfigsetting=value, and use this to export SETTING=value to the
2277 LTSP clients.
</p
>
2279 <p
>The goal is to be able to store the LTSP configuration attributes
2280 in a
"computer
" LDAP object used by both DNS and DHCP, and thus
2281 allowing us to store all information about a computer in one place.
</p
>
2283 <p
>This is a untested draft implementation, and I welcome feedback on
2284 this approach. A real LDAP schema for the ltspClientAux objectclass
2285 need to be written. Comments, suggestions, etc?
</p
>
2287 <blockquote
><pre
>
2288 # Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
2290 # Fetch LTSP client settings from LDAP based on MAC address
2292 # Uses ethernet address as stored in the dhcpHost objectclass using
2293 # the dhcpHWAddress attribute or ethernet address stored in the
2294 # ieee802Device objectclass with the macAddress attribute.
2296 # This module is written to be schema agnostic, and only depend on the
2297 # existence of attribute names.
2299 # The LTSP configuration variables are saved directly using a
2300 # ltspConfig prefix and uppercasing the rest of the attribute name.
2301 # To set the SERVER variable, set the ltspConfigServer attribute.
2303 # Some LDAP schema should be created with all the relevant
2304 # configuration settings. Something like this should work:
2306 # objectclass (
1.1.2.2 NAME
'ltspClientAux
'
2309 # MAY ( ltspConfigServer $ ltsConfigSound $ ... )
2311 LDAPSERVER=$(debian-edu-ldapserver)
2312 if [
"$LDAPSERVER
" ] ; then
2313 LDAPBASE=$(debian-edu-ldapserver -b)
2314 for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk
'{print $
5}
'|sort -u) ; do
2315 filter=
"(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))
"
2316 ldapsearch -h
"$LDAPSERVER
" -b
"$LDAPBASE
" -v -x
"$filter
" | \
2317 grep
'^ltspConfig
' | while read attr value ; do
2318 # Remove prefix and convert to upper case
2319 attr=$(echo $attr | sed
's/^ltspConfig//i
' | tr a-z A-Z)
2320 # bass value on to clients
2321 eval
"$attr=$value; export $attr
"
2325 </pre
></blockquote
>
2327 <p
>I
'm not sure this shell construction will work, because I suspect
2328 the while block might end up in a subshell causing the variables set
2329 there to not show up in ltsp-config, but if that is the case I am sure
2330 the code can be restructured to make sure the variables are passed on.
2331 I expect that can be solved with some testing. :)
</p
>
2333 <p
>If you want to help out with implementing this for Debian Edu,
2334 please contact us on debian-edu@lists.debian.org.
</p
>
2336 <p
>Update
2010-
07-
17: I am aware of another effort to store LTSP
2337 configuration in LDAP that was created around year
2000 by
2338 <a href=
"http://www.pcxperience.com/thinclient/documentation/ldap.html
">PC
2339 Xperience, Inc.,
2000</a
>. I found its
2340 <a href=
"http://people.redhat.com/alikins/ltsp/ldap/
">files
</a
> on a
2341 personal home page over at redhat.com.
</p
>
2346 <title>jXplorer, a very nice LDAP GUI
</title>
2347 <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html
</link>
2348 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html
</guid>
2349 <pubDate>Fri,
9 Jul
2010 12:
55:
00 +
0200</pubDate>
2350 <description><p
>Since
2351 <a href=
"http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html
">my
2352 last post
</a
> about available LDAP tools in Debian, I was told about a
2353 LDAP GUI that is even better than luma. The java application
2354 <a href=
"http://jxplorer.org/
">jXplorer
</a
> is claimed to be capable of
2355 moving LDAP objects and subtrees using drag-and-drop, and can
2356 authenticate using Kerberos. I have only tested the Kerberos
2357 authentication, but do not have a LDAP setup allowing me to rewrite
2358 LDAP with my test user yet. It is
2359 <a href=
"http://packages.qa.debian.org/j/jxplorer.html
">available in
2360 Debian
</a
> testing and unstable at the moment. The only problem I
2361 have with it is how it handle errors. If something go wrong, its
2362 non-intuitive behaviour require me to go through some query work list
2363 and remove the failing query. Nothing big, but very annoying.
</p
>
2368 <title>Lenny-
>Squeeze upgrades, apt vs aptitude with the Gnome desktop
</title>
2369 <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html
</link>
2370 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html
</guid>
2371 <pubDate>Sat,
3 Jul
2010 23:
55:
00 +
0200</pubDate>
2372 <description><p
>Here is a short update on my
<a
2373 href=
"http://people.skolelinux.org/~pere/debian-upgrade-testing/
">my
2374 Debian Lenny-
>Squeeze upgrade testing
</a
>. Here is a summary of the
2375 difference for Gnome when it is upgraded by apt-get and aptitude. I
'm
2376 not reporting the status for KDE, because the upgrade crashes when
2377 aptitude try because of missing conflicts
2378 (
<a href=
"http://bugs.debian.org/
584861">#
584861</a
> and
2379 <a href=
"http://bugs.debian.org/
585716">#
585716</a
>).
</p
>
2381 <p
>At the end of the upgrade test script, dpkg -l is executed to get a
2382 complete list of the installed packages. Based on this I see these
2383 differences when I did a test run today. As usual, I do not really
2384 know what the correct set of packages would be, but thought it best to
2385 publish the difference.
</p
>
2387 <p
>Installed using apt-get, missing with aptitude
</p
>
2389 <blockquote
><p
>
2390 at-spi cpp-
4.3 finger gnome-spell gstreamer0.10-gnomevfs
2391 libatspi1.0-
0 libcupsys2 libeel2-data libgail-common libgdl-
1-common
2392 libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
2393 libgtksourceview-common libpt-
1.10.10-plugins-alsa
2394 libpt-
1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
2395 libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
2396 python-
4suite-xml python-eggtrayicon python-gtkhtml2
2397 python-gtkmozembed svgalibg1 xserver-xephyr zip
2398 </p
></blockquote
>
2400 <p
>Installed using apt-get, removed with aptitude
</p
>
2402 <blockquote
><p
>
2403 bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
2404 gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
2405 libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-
50
2406 libbluetooth2 libcamel1.2-
11 libcdio7 libcucul0 libcurl3
2407 libdirectfb-
1.0-
0 libdvdread3 libedata-cal1.2-
6 libedataserver1.2-
9
2408 libeel2-
2.20 libepc-
1.0-
1 libepc-ui-
1.0-
1 libexchange-storage1.2-
3
2409 libfaad0 libgd2-noxpm libgda3-
3 libgda3-common libggz2 libggzcore9
2410 libggzmod4 libgksu1.2-
0 libgksuui1.0-
1 libgmyth0 libgnome-desktop-
2
2411 libgnome-pilot2 libgnomecups1.0-
1 libgnomeprint2.2-
0
2412 libgnomeprintui2.2-
0 libgpod3 libgraphviz4 libgtkhtml2-
0
2413 libgtksourceview1.0-
0 libgucharmap6 libhesiod0 libicu38 libisccc50
2414 libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++
10
2415 libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
2416 libneon27 libnm-glib0 libnm-util0 libopal-
2.2 libosp5
2417 libparted1.8-
10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
2418 libpt-
1.10.10 libraw1394-
8 libsensors3 libsmbios2 libsoup2.2-
8
2419 libssh2-
1 libsuitesparse-
3.1.0 libswfdec-
0.6-
90 libtalloc1
2420 libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
2421 libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
2422 mysql-common swfdec-gnome totem-gstreamer wodim
2423 </p
></blockquote
>
2425 <p
>Installed using aptitude, missing with apt-get
</p
>
2427 <blockquote
><p
>
2428 gnome gnome-desktop-environment hamster-applet python-gnomeapplet
2429 python-gnomekeyring python-wnck rhythmbox-plugins xorg
2430 xserver-xorg-input-all xserver-xorg-input-evdev
2431 xserver-xorg-input-kbd xserver-xorg-input-mouse
2432 xserver-xorg-input-synaptics xserver-xorg-video-all
2433 xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
2434 xserver-xorg-video-chips xserver-xorg-video-cirrus
2435 xserver-xorg-video-dummy xserver-xorg-video-fbdev
2436 xserver-xorg-video-glint xserver-xorg-video-i128
2437 xserver-xorg-video-i740 xserver-xorg-video-mach64
2438 xserver-xorg-video-mga xserver-xorg-video-neomagic
2439 xserver-xorg-video-nouveau xserver-xorg-video-nv
2440 xserver-xorg-video-r128 xserver-xorg-video-radeon
2441 xserver-xorg-video-radeonhd xserver-xorg-video-rendition
2442 xserver-xorg-video-s3 xserver-xorg-video-s3virge
2443 xserver-xorg-video-savage xserver-xorg-video-siliconmotion
2444 xserver-xorg-video-sis xserver-xorg-video-sisusb
2445 xserver-xorg-video-tdfx xserver-xorg-video-tga
2446 xserver-xorg-video-trident xserver-xorg-video-tseng
2447 xserver-xorg-video-vesa xserver-xorg-video-vmware
2448 xserver-xorg-video-voodoo
2449 </p
></blockquote
>
2451 <p
>Installed using aptitude, removed with apt-get
</p
>
2453 <blockquote
><p
>
2454 deskbar-applet xserver-xorg xserver-xorg-core
2455 xserver-xorg-input-wacom xserver-xorg-video-intel
2456 xserver-xorg-video-openchrome
2457 </p
></blockquote
>
2459 <p
>I was told on IRC that the xorg-xserver package was
2460 <a href=
"http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=
9c8080d06c457932d3bfec021c69ac000aa60120
">changed
2461 in git
</a
> today to try to get apt-get to not remove xorg completely.
2462 No idea when it hits Squeeze, but when it does I hope it will reduce
2463 the difference somewhat.
2468 <title>LUMA, a very nice LDAP GUI
</title>
2469 <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html
</link>
2470 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html
</guid>
2471 <pubDate>Mon,
28 Jun
2010 00:
30:
00 +
0200</pubDate>
2472 <description><p
>The last few days I have been looking into the status of the LDAP
2473 directory in Debian Edu, and in the process I started to miss a GUI
2474 tool to browse the LDAP tree. The only one I was able to find in
2475 Debian/Squeeze and Lenny is
2476 <a href=
"http://luma.sourceforge.net/
">LUMA
</a
>, which has proved to
2477 be a great tool to get a overview of the current LDAP directory
2478 populated by default in Skolelinux. Thanks to it, I have been able to
2479 find empty and obsolete subtrees, misplaced objects and duplicate
2480 objects. It will be installed by default in Debian/Squeeze. If you
2481 are working with LDAP, give it a go. :)
</p
>
2483 <p
>I did notice one problem with it I have not had time to report to
2484 the BTS yet. There is no .desktop file in the package, so the tool do
2485 not show up in the Gnome and KDE menus, but only deep down in in the
2486 Debian submenu in KDE. I hope that can be fixed before Squeeze is
2489 <p
>I have not yet been able to get it to modify the tree yet. I would
2490 like to move objects and remove subtrees directly in the GUI, but have
2491 not found a way to do that with LUMA yet. So in the mean time, I use
2492 <a href=
"http://www.lichteblau.com/ldapvi/
">ldapvi
</a
> for that.
</p
>
2494 <p
>If you have tips on other GUI tools for LDAP that might be useful
2495 in Debian Edu, please contact us on debian-edu@lists.debian.org.
</p
>
2497 <p
>Update
2010-
06-
29: Ross Reedstrom tipped us about the
2498 <a href=
"http://packages.qa.debian.org/g/gq.html
">gq
</a
> package as a
2499 useful GUI alternative. It seem like a good tool, but is unmaintained
2500 in Debian and got a RC bug keeping it out of Squeeze. Unless that
2501 changes, it will not be an option for Debian Edu based on Squeeze.
</p
>
2506 <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object
</title>
2507 <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html
</link>
2508 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html
</guid>
2509 <pubDate>Thu,
24 Jun
2010 00:
35:
00 +
0200</pubDate>
2510 <description><p
>A while back, I
2511 <a href=
"http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
">complained
2512 about the fact
</a
> that it is not possible with the provided schemas
2513 for storing DNS and DHCP information in LDAP to combine the two sets
2514 of information into one LDAP object representing a computer.
</p
>
2516 <p
>In the mean time, I discovered that a simple fix would be to make
2517 the dhcpHost object class auxiliary, to allow it to be combined with
2518 the dNSDomain object class, and thus forming one object for one
2519 computer when storing both DHCP and DNS information in LDAP.
</p
>
2521 <p
>If I understand this correctly, it is not safe to do this change
2522 without also changing the assigned number for the object class, and I
2523 do not know enough about LDAP schema design to do that properly for
2524 Debian Edu.
</p
>
2526 <p
>Anyway, for future reference, this is how I believe we could change
2528 <a href=
"http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-
00">DHCP
2529 schema
</a
> to solve at least part of the problem with the LDAP schemas
2530 available today from IETF.
</p
>
2533 --- dhcp.schema (revision
65192)
2534 +++ dhcp.schema (working copy)
2536 objectclass (
2.16.840.1.113719.1.203.6.6
2537 NAME
'dhcpHost
'
2538 DESC
'This represents information about a particular client
'
2542 MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
2543 X-NDS_CONTAINMENT (
'dhcpService
' 'dhcpSubnet
' 'dhcpGroup
') )
2546 <p
>I very much welcome clues on how to do this properly for Debian
2547 Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
2548 package, and should thus be free to rewrite it as we see fit.
</p
>
2550 <p
>If you want to help out with implementing this for Debian Edu,
2551 please contact us on debian-edu@lists.debian.org.
</p
>
2556 <title>Calling tasksel like the installer, while still getting useful output
</title>
2557 <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html
</link>
2558 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html
</guid>
2559 <pubDate>Wed,
16 Jun
2010 14:
55:
00 +
0200</pubDate>
2560 <description><p
>A few times I have had the need to simulate the way tasksel
2561 installs packages during the normal debian-installer run. Until now,
2562 I have ended up letting tasksel do the work, with the annoying problem
2563 of not getting any feedback at all when something fails (like a
2564 conffile question from dpkg or a download that fails), using code like
2567 <blockquote
><pre
>
2568 export DEBIAN_FRONTEND=noninteractive
2569 tasksel --new-install
2570 </pre
></blockquote
>
2572 This would invoke tasksel, let its automatic task selection pick the
2573 tasks to install, and continue to install the requested tasks without
2574 any output what so ever.
2576 Recently I revisited this problem while working on the automatic
2577 package upgrade testing, because tasksel would some times hang without
2578 any useful feedback, and I want to see what is going on when it
2579 happen. Then it occured to me, I can parse the output from tasksel
2580 when asked to run in test mode, and use that aptitude command line
2581 printed by tasksel then to simulate the tasksel run. I ended up using
2584 <blockquote
><pre
>
2585 export DEBIAN_FRONTEND=noninteractive
2586 cmd=
"$(in_target tasksel -t --new-install | sed
's/debconf-apt-progress -- //
')
"
2588 </pre
></blockquote
>
2590 <p
>The content of $cmd is typically something like
"<tt
>aptitude -q
2591 --without-recommends -o APT::Install-Recommends=no -y install
2592 ~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
2593 ~pimportant
</tt
>", which will install the gnome desktop task, the
2594 laptop task and all packages with priority standard , required and
2595 important, just like tasksel would have done it during
2596 installation.
</p
>
2598 <p
>A better approach is probably to extend tasksel to be able to
2599 install packages without using debconf-apt-progress, for use cases
2600 like this.
</p
>
2605 <title>Lenny-
>Squeeze upgrades, removals by apt and aptitude
</title>
2606 <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html
</link>
2607 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html
</guid>
2608 <pubDate>Sun,
13 Jun
2010 09:
05:
00 +
0200</pubDate>
2609 <description><p
>My
2610 <a href=
"http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
">testing
2611 of Debian upgrades
</a
> from Lenny to Squeeze continues, and I
've
2612 finally made the upgrade logs available from
2613 <a href=
"http://people.skolelinux.org/pere/debian-upgrade-testing/
">http://people.skolelinux.org/pere/debian-upgrade-testing/
</a
>.
2614 I am now testing dist-upgrade of Gnome and KDE in a chroot using both
2615 apt and aptitude, and found their differences interesting. This time
2616 I will only focus on their removal plans.
</p
>
2618 <p
>After installing a Gnome desktop and the laptop task, apt-get wants
2619 to remove
72 packages when dist-upgrading from Lenny to Squeeze. The
2620 surprising part is that it want to remove xorg and all
2621 xserver-xorg-video* drivers. Clearly not a good choice, but I am not
2622 sure why. When asking aptitude to do the same, it want to remove
129
2623 packages, but most of them are library packages I suspect are no
2624 longer needed. Both of them want to remove bluetooth packages, which
2625 I do not know. Perhaps these bluetooth packages are obsolete?
</p
>
2627 <p
>For KDE, apt-get want to remove
82 packages, among them kdebase
2628 which seem like a bad idea and xorg the same way as with Gnome. Asking
2629 aptitude for the same, it wants to remove
192 packages, none which are
2630 too surprising.
</p
>
2632 <p
>I guess the removal of xorg during upgrades should be investigated
2633 and avoided, and perhaps others as well. Here are the complete list
2634 of planned removals. The complete logs is available from the URL
2635 above. Note if you want to repeat these tests, that the upgrade test
2636 for kde+apt-get hung in the tasksel setup because of dpkg asking
2637 conffile questions. No idea why. I worked around it by using
2638 '<tt
>echo
>> /proc/
<em
>pidofdpkg
</em
>/fd/
0</tt
>' to tell dpkg to
2641 <p
><b
>apt-get gnome
72</b
>
2642 <br
>bluez-gnome cupsddk-drivers deskbar-applet gnome
2643 gnome-desktop-environment gnome-network-admin gtkhtml3.14
2644 iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-
1-
0
2645 libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0
2646 nautilus-cd-burner python-gnome2-desktop python-gnome2-extras
2647 serpentine swfdec-mozilla update-manager xorg xserver-xorg
2648 xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
2649 xserver-xorg-input-kbd xserver-xorg-input-mouse
2650 xserver-xorg-input-synaptics xserver-xorg-input-wacom
2651 xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
2652 xserver-xorg-video-ati xserver-xorg-video-chips
2653 xserver-xorg-video-cirrus xserver-xorg-video-cyrix
2654 xserver-xorg-video-dummy xserver-xorg-video-fbdev
2655 xserver-xorg-video-glint xserver-xorg-video-i128
2656 xserver-xorg-video-i740 xserver-xorg-video-imstt
2657 xserver-xorg-video-intel xserver-xorg-video-mach64
2658 xserver-xorg-video-mga xserver-xorg-video-neomagic
2659 xserver-xorg-video-nsc xserver-xorg-video-nv
2660 xserver-xorg-video-openchrome xserver-xorg-video-r128
2661 xserver-xorg-video-radeon xserver-xorg-video-radeonhd
2662 xserver-xorg-video-rendition xserver-xorg-video-s3
2663 xserver-xorg-video-s3virge xserver-xorg-video-savage
2664 xserver-xorg-video-siliconmotion xserver-xorg-video-sis
2665 xserver-xorg-video-sisusb xserver-xorg-video-tdfx
2666 xserver-xorg-video-tga xserver-xorg-video-trident
2667 xserver-xorg-video-tseng xserver-xorg-video-v4l
2668 xserver-xorg-video-vesa xserver-xorg-video-vga
2669 xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-
1.9
2670 xulrunner-
1.9-gnome-support
</p
>
2672 <p
><b
>aptitude gnome
129</b
>
2674 <br
>bluez-gnome bluez-utils cpp-
4.3 cupsddk-drivers dhcdbd
2675 djvulibre-desktop finger gnome-app-install gnome-mount
2676 gnome-network-admin gnome-spell gnome-vfs-obexftp
2677 gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2
2678 libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2
2679 libcamel1.2-
11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0
2680 libdirectfb-
1.0-
0 libdvdread3 libedataserver1.2-
9 libeel2-
2.20
2681 libeel2-data libepc-
1.0-
1 libepc-ui-
1.0-
1 libfaad0 libgail-common
2682 libgd2-noxpm libgda3-
3 libgda3-common libgdl-
1-
0 libgdl-
1-common
2683 libggz2 libggzcore9 libggzmod4 libgksu1.2-
0 libgksuui1.0-
1 libgmyth0
2684 libgnomecups1.0-
1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-
0
2685 libgnomeprint2.2-data libgnomeprintui2.2-
0 libgnomeprintui2.2-common
2686 libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-
0
2687 libgtksourceview-common libgtksourceview1.0-
0 libgucharmap6
2688 libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++
10
2689 libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off
2690 libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-
2.2
2691 libosp5 libparted1.8-
10 libpoppler-glib3 libpoppler3 libpt-
1.10.10
2692 libpt-
1.10.10-plugins-alsa libpt-
1.10.10-plugins-v4l libraw1394-
8
2693 libsensors3 libslab0 libsmbios2 libsoup2.2-
8 libssh2-
1
2694 libsuitesparse-
3.1.0 libswfdec-
0.6-
90 libtalloc1 libtotem-plparser10
2695 libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0
2696 libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6
2697 libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner
2698 openoffice.org-writer2latex openssl-blacklist p7zip
2699 python-
4suite-xml python-eggtrayicon python-gnome2-desktop
2700 python-gnome2-extras python-gtkhtml2 python-gtkmozembed
2701 python-numeric python-sexy serpentine svgalibg1 swfdec-gnome
2702 swfdec-mozilla totem-gstreamer update-manager wodim
2703 xserver-xorg-video-cyrix xserver-xorg-video-imstt
2704 xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
2707 <p
><b
>apt-get kde
82</b
>
2709 <br
>cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core
2710 kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3
2711 kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker
2712 kicker-applets knewsticker kolourpaint konq-plugins konqueror korn
2713 kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1
2714 libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg
2715 xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
2716 xserver-xorg-input-kbd xserver-xorg-input-mouse
2717 xserver-xorg-input-synaptics xserver-xorg-input-wacom
2718 xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
2719 xserver-xorg-video-ati xserver-xorg-video-chips
2720 xserver-xorg-video-cirrus xserver-xorg-video-cyrix
2721 xserver-xorg-video-dummy xserver-xorg-video-fbdev
2722 xserver-xorg-video-glint xserver-xorg-video-i128
2723 xserver-xorg-video-i740 xserver-xorg-video-imstt
2724 xserver-xorg-video-intel xserver-xorg-video-mach64
2725 xserver-xorg-video-mga xserver-xorg-video-neomagic
2726 xserver-xorg-video-nsc xserver-xorg-video-nv
2727 xserver-xorg-video-openchrome xserver-xorg-video-r128
2728 xserver-xorg-video-radeon xserver-xorg-video-radeonhd
2729 xserver-xorg-video-rendition xserver-xorg-video-s3
2730 xserver-xorg-video-s3virge xserver-xorg-video-savage
2731 xserver-xorg-video-siliconmotion xserver-xorg-video-sis
2732 xserver-xorg-video-sisusb xserver-xorg-video-tdfx
2733 xserver-xorg-video-tga xserver-xorg-video-trident
2734 xserver-xorg-video-tseng xserver-xorg-video-v4l
2735 xserver-xorg-video-vesa xserver-xorg-video-vga
2736 xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-
1.9</p
>
2738 <p
><b
>aptitude kde
192</b
>
2739 <br
>bluez-utils cpp-
4.3 cupsddk-drivers cvs dcoprss dhcdbd
2740 djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext
2741 ghostscript-x imlib-base imlib11 indi kandy karm kasteroids
2742 kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat
2743 kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
2744 kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data
2745 kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data
2746 kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
2747 kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh
2748 kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs
2749 kghostview khelpcenter khexedit kiconedit kitchensync klatin
2750 klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint
2751 kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler
2752 krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver
2753 ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos
2754 kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock
2755 kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile
2756 libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
2757 libavahi-core5 libavc1394-
0 libavcodec51 libbluetooth2
2758 libboost-python1.34
.1 libcucul0 libcurl3 libcvsservice0 libdatrie0
2759 libdirectfb-
1.0-
0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
2760 libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-
0
2761 libicu38 libiec61883-
0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1
2762 libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2
2763 libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
2764 libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a
2765 libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9
2766 libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-
8 libsmbios2
2767 libssh2-
1 libsuitesparse-
3.1.0 libtalloc1 libtiff-tools
2768 libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java
2769 libxerces2-java-gcj libxtrap6 mpeglib networkstatus
2770 openoffice.org-writer2latex pmount poster psutils quanta quanta-data
2771 superkaramba svgalibg1 tex-common texlive-base texlive-base-bin
2772 texlive-common texlive-doc-base texlive-fonts-recommended
2773 xserver-xorg-video-cyrix xserver-xorg-video-imstt
2774 xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
2775 xulrunner-
1.9</p
>
2781 <title>Automatic upgrade testing from Lenny to Squeeze
</title>
2782 <link>http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
</link>
2783 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html
</guid>
2784 <pubDate>Fri,
11 Jun
2010 22:
50:
00 +
0200</pubDate>
2785 <description><p
>The last few days I have done some upgrade testing in Debian, to
2786 see if the upgrade from Lenny to Squeeze will go smoothly. A few bugs
2787 have been discovered and reported in the process
2788 (
<a href=
"http://bugs.debian.org/
585410">#
585410</a
> in nagios3-cgi,
2789 <a href=
"http://bugs.debian.org/
584879">#
584879</a
> already fixed in
2790 enscript and
<a href=
"http://bugs.debian.org/
584861">#
584861</a
> in
2791 kdebase-workspace-data), and to get a more regular testing going on, I
2792 am working on a script to automate the test.
</p
>
2794 <p
>The idea is to create a Lenny chroot and use tasksel to install a
2795 Gnome or KDE desktop installation inside the chroot before upgrading
2796 it. To ensure no services are started in the chroot, a policy-rc.d
2797 script is inserted. To make sure tasksel believe it is to install a
2798 desktop on a laptop, the tasksel tests are replaced in the chroot
2799 (only acceptable because this is a throw-away chroot).
</p
>
2801 <p
>A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade
2802 currently always fail because udev refuses to upgrade with the kernel
2803 in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade
2804 is created. The bug report
2805 <a href=
"http://bugs.debian.org/
566000">#
566000</a
> make me suspect
2806 this problem do not trigger in a chroot, but I touch the file anyway
2807 to make sure the upgrade go well. Testing on virtual and real
2808 hardware have failed me because of udev so far, and creating this file
2809 do the trick in such settings anyway. This is a
2810 <a href=
"http://www.linuxquestions.org/questions/debian-
26/failed-dist-upgrade-due-to-udev-config_sysfs_deprecated-nonsense-
804130/
">known
2811 issue
</a
> and the current udev behaviour is intended by the udev
2812 maintainer because he lack the resources to rewrite udev to keep
2813 working with old kernels or something like that. I really wish the
2814 udev upstream would keep udev backwards compatible, to avoid such
2815 upgrade problem, but given that they fail to do so, I guess
2816 documenting the way out of this mess is the best option we got for
2817 Debian Squeeze.
</p
>
2819 <p
>Anyway, back to the task at hand, testing upgrades. This test
2820 script, which I call
<tt
>upgrade-test
</tt
> for now, is doing the
2823 <blockquote
><pre
>
2827 if [
"$
1" ] ; then
2836 exec
&lt; /dev/null
2838 mirror=http://ftp.skolelinux.org/debian
2839 tmpdir=chroot-$from-upgrade-$to-$desktop
2841 debootstrap $from $tmpdir $mirror
2842 chroot $tmpdir aptitude update
2843 cat
> $tmpdir/usr/sbin/policy-rc.d
&lt;
&lt;EOF
2847 chmod a+rx $tmpdir/usr/sbin/policy-rc.d
2851 mount -t proc proc $tmpdir/proc
2852 # Make sure proc is unmounted also on failure
2853 trap exit_cleanup EXIT INT
2855 chroot $tmpdir aptitude -y install debconf-utils
2857 # Make sure tasksel autoselection trigger. It need the test scripts
2858 # to return the correct answers.
2859 echo tasksel tasksel/desktop multiselect $desktop | \
2860 chroot $tmpdir debconf-set-selections
2862 # Include the desktop and laptop task
2863 for test in desktop laptop ; do
2864 echo
> $tmpdir/usr/lib/tasksel/tests/$test
&lt;
&lt;EOF
2868 chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
2871 DEBIAN_FRONTEND=noninteractive
2872 DEBIAN_PRIORITY=critical
2873 export DEBIAN_FRONTEND DEBIAN_PRIORITY
2874 chroot $tmpdir tasksel --new-install
2876 echo deb $mirror $to main
> $tmpdir/etc/apt/sources.list
2877 chroot $tmpdir aptitude update
2878 touch $tmpdir/etc/udev/kernel-upgrade
2879 chroot $tmpdir aptitude -y dist-upgrade
2881 </pre
></blockquote
>
2883 <p
>I suspect it would be useful to test upgrades with both apt-get and
2884 with aptitude, but I have not had time to look at how they behave
2885 differently so far. I hope to get a cron job running to do the test
2886 regularly and post the result on the web. The Gnome upgrade currently
2887 work, while the KDE upgrade fail because of the bug in
2888 kdebase-workspace-data
</p
>
2890 <p
>I am not quite sure what kind of extract from the huge upgrade logs
2891 (KDE
167 KiB, Gnome
516 KiB) it make sense to include in this blog
2892 post, so I will refrain from trying. I can report that for Gnome,
2893 aptitude report
760 packages upgraded,
448 newly installed,
129 to
2894 remove and
1 not upgraded and
1024MB need to be downloaded while for
2895 KDE the same numbers are
702 packages upgraded,
507 newly installed,
2896 193 to remove and
0 not upgraded and
1117MB need to be downloaded
</p
>
2898 <p
>I am very happy to notice that the Gnome desktop + laptop upgrade
2899 is able to migrate to dependency based boot sequencing and parallel
2900 booting without a hitch. Was unsure if there were still bugs with
2901 packages failing to clean up their obsolete init.d script during
2902 upgrades, and no such problem seem to affect the Gnome desktop+laptop
2908 <title>Upstart or sysvinit - as init.d scripts see it
</title>
2909 <link>http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html
</link>
2910 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html
</guid>
2911 <pubDate>Sun,
6 Jun
2010 23:
55:
00 +
0200</pubDate>
2912 <description><p
>If Debian is to migrate to upstart on Linux, I expect some init.d
2913 scripts to migrate (some of) their operations to upstart job while
2914 keeping the init.d for hurd and kfreebsd. The packages with such
2915 needs will need a way to get their init.d scripts to behave
2916 differently when used with sysvinit and with upstart. Because of
2917 this, I had a look at the environment variables set when a init.d
2918 script is running under upstart, and when it is not.
</p
>
2920 <p
>With upstart, I notice these environment variables are set when a
2921 script is started from rcS.d/ (ignoring some irrelevant ones like
2924 <blockquote
><pre
>
2930 UPSTART_EVENTS=startup
2932 UPSTART_JOB=rc-sysinit
2933 </pre
></blockquote
>
2935 <p
>With sysvinit, these environment variables are set for the same
2938 <blockquote
><pre
>
2939 INIT_VERSION=sysvinit-
2.88
2944 </pre
></blockquote
>
2946 <p
>The RUNLEVEL and PREVLEVEL environment variables passed on from
2947 sysvinit are not set by upstart. Not sure if it is intentional or not
2948 to not be compatible with sysvinit in this regard.
</p
>
2950 <p
>For scripts needing to behave differently when upstart is used,
2951 looking for the UPSTART_JOB environment variable seem to be a good
2957 <title>A manual for standards wars...
</title>
2958 <link>http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html
</link>
2959 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html
</guid>
2960 <pubDate>Sun,
6 Jun
2010 14:
15:
00 +
0200</pubDate>
2961 <description><p
>Via the
2962 <a href=
"http://feedproxy.google.com/~r/robweir/antic-atom/~
3/QzU4RgoAGMg/weekly-links-
10.html
">blog
2963 of Rob Weir
</a
> I came across the very interesting essay named
2964 <a href=
"http://faculty.haas.berkeley.edu/shapiro/wars.pdf
">The Art of
2965 Standards Wars
</a
> (PDF
25 pages). I recommend it for everyone
2966 following the standards wars of today.
</p
>
2971 <title>Sitesummary tip: Listing computer hardware models used at site
</title>
2972 <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html
</link>
2973 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html
</guid>
2974 <pubDate>Thu,
3 Jun
2010 12:
05:
00 +
0200</pubDate>
2975 <description><p
>When using sitesummary at a site to track machines, it is possible
2976 to get a list of the machine types in use thanks to the DMI
2977 information extracted from each machine. The script to do so is
2978 included in the sitesummary package, and here is example output from
2979 the Skolelinux build servers:
</p
>
2981 <blockquote
><pre
>
2982 maintainer:~# /usr/lib/sitesummary/hardware-model-summary
2984 Dell Computer Corporation
1
2987 eserver xSeries
345 -[
8670M1X]-
1
2991 </pre
></blockquote
>
2993 <p
>The quality of the report depend on the quality of the DMI tables
2994 provided in each machine. Here there are Intel machines without model
2995 information listed with Intel as vendor and no model, and virtual Xen
2996 machines listed as [no-dmi-info]. One can add -l as a command line
2997 option to list the individual machines.
</p
>
2999 <p
>A larger list is
3000 <a href=
"http://narvikskolen.no/sitesummary/
">available from the the
3001 city of Narvik
</a
>, which uses Skolelinux on all their shools and also
3002 provide the basic sitesummary report publicly. In their report there
3003 are ~
1400 machines. I know they use both Ubuntu and Skolelinux on
3004 their machines, and as sitesummary is available in both distributions,
3005 it is trivial to get all of them to report to the same central
3006 collector.
</p
>
3011 <title>KDM fail at boot with NVidia cards - and no one try to fix it?
</title>
3012 <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
</link>
3013 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html
</guid>
3014 <pubDate>Tue,
1 Jun
2010 17:
05:
00 +
0200</pubDate>
3015 <description><p
>It is strange to watch how a bug in Debian causing KDM to fail to
3016 start at boot when an NVidia video card is used is handled. The
3017 problem seem to be that the nvidia X.org driver uses a long time to
3018 initialize, and this duration is longer than kdm is configured to
3021 <p
>I came across two bugs related to this issue,
3022 <a href=
"http://bugs.debian.org/
583312">#
583312</a
> initially filed
3023 against initscripts and passed on to nvidia-glx when it became obvious
3024 that the nvidia drivers were involved, and
3025 <a href=
"http://bugs.debian.org/
524751">#
524751</a
> initially filed against
3026 kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.
</p
>
3028 <p
>To me, it seem that no-one is interested in actually solving the
3029 problem nvidia video card owners experience and make sure the Debian
3030 distribution work out of the box for these users. The nvidia driver
3031 maintainers expect kdm to be set up to wait longer, while kdm expect
3032 the nvidia driver maintainers to fix the driver to start faster, and
3033 while they wait for each other I guess the users end up switching to a
3034 distribution that work for them. I have no idea what the solution is,
3035 but I am pretty sure that waiting for each other is not it.
</p
>
3037 <p
>I wonder why we end up handling bugs this way.
</p
>
3042 <title>Parallellized boot seem to hold up well in Debian/testing
</title>
3043 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</link>
3044 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html
</guid>
3045 <pubDate>Thu,
27 May
2010 23:
55:
00 +
0200</pubDate>
3046 <description><p
>A few days ago, parallel booting was enabled in Debian/testing.
3047 The feature seem to hold up pretty well, but three fairly serious
3048 issues are known and should be solved:
3052 <li
>The wicd package seen to
3053 <a href=
"http://bugs.debian.org/
508289">break NFS mounting
</a
> and
3054 <a href=
"http://bugs.debian.org/
581586">network setup
</a
> when
3055 parallel booting is enabled. No idea why, but the wicd maintainer
3056 seem to be on the case.
</li
>
3058 <li
>The nvidia X driver seem to
3059 <a href=
"http://bugs.debian.org/
583312">have a race condition
</a
>
3060 triggered more easily when parallel booting is in effect. The
3061 maintainer is on the case.
</li
>
3063 <li
>The sysv-rc package fail to properly enable dependency based boot
3064 sequencing (the shutdown is broken) when old file-rc users
3065 <a href=
"http://bugs.debian.org/
575080">try to switch back
</a
> to
3066 sysv-rc. One way to solve it would be for file-rc to create
3067 /etc/init.d/.legacy-bootordering, and another is to try to make
3068 sysv-rc more robust. Will investigate some more and probably upload a
3069 workaround in sysv-rc to help those trying to move from file-rc to
3070 sysv-rc get a working shutdown.
</li
>
3072 </ul
></p
>
3074 <p
>All in all not many surprising issues, and all of them seem
3075 solvable before Squeeze is released. In addition to these there are
3076 some packages with bugs in their dependencies and run level settings,
3077 which I expect will be fixed in a reasonable time span.
</p
>
3079 <p
>If you report any problems with dependencies in init.d scripts to
3080 the BTS, please usertag the report to get it to show up at
3081 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
3082 list of usertagged bugs related to this
</a
>.
</p
>
3084 <p
>Update: Correct bug number to file-rc issue.
</p
>
3089 <title>More flexible firmware handling in debian-installer
</title>
3090 <link>http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</link>
3091 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html
</guid>
3092 <pubDate>Sat,
22 May
2010 21:
30:
00 +
0200</pubDate>
3093 <description><p
>After a long break from debian-installer development, I finally
3094 found time today to return to the project. Having to spend less time
3095 working dependency based boot in debian, as it is almost complete now,
3096 definitely helped freeing some time.
</p
>
3098 <p
>A while back, I ran into a problem while working on Debian Edu. We
3099 include some firmware packages on the Debian Edu CDs, those needed to
3100 get disk and network controllers working. Without having these
3101 firmware packages available during installation, it is impossible to
3102 install Debian Edu on the given machine, and because our target group
3103 are non-technical people, asking them to provide firmware packages on
3104 an external medium is a support pain. Initially, I expected it to be
3105 enough to include the firmware packages on the CD to get
3106 debian-installer to find and use them. This proved to be wrong.
3107 Next, I hoped it was enough to symlink the relevant firmware packages
3108 to some useful location on the CD (tried /cdrom/ and
3109 /cdrom/firmware/). This also proved to not work, and at this point I
3110 found time to look at the debian-installer code to figure out what was
3111 going to work.
</p
>
3113 <p
>The firmware loading code is in the hw-detect package, and a closer
3114 look revealed that it would only look for firmware packages outside
3115 the installation media, so the CD was never checked for firmware
3116 packages. It would only check USB sticks, floppies and other
3117 "external
" media devices. Today I changed it to also look in the
3118 /cdrom/firmware/ directory on the mounted CD or DVD, which should
3119 solve the problem I ran into with Debian edu. I also changed it to
3120 look in /firmware/, to make sure the installer also find firmware
3121 provided in the initrd when booting the installer via PXE, to allow us
3122 to provide the same feature in the PXE setup included in Debian
3125 <p
>To make sure firmware deb packages with a license questions are not
3126 activated without asking if the license is accepted, I extended
3127 hw-detect to look for preinst scripts in the firmware packages, and
3128 run these before activating the firmware during installation. The
3129 license question is asked using debconf in the preinst, so this should
3130 solve the issue for the firmware packages I have looked at so far.
</p
>
3132 <p
>If you want to discuss the details of these features, please
3133 contact us on debian-boot@lists.debian.org.
</p
>
3138 <title>Parallellized boot is now the default in Debian/unstable
</title>
3139 <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</link>
3140 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html
</guid>
3141 <pubDate>Fri,
14 May
2010 22:
40:
00 +
0200</pubDate>
3142 <description><p
>Since this evening, parallel booting is the default in
3143 Debian/unstable for machines using dependency based boot sequencing.
3144 Apparently the testing of concurrent booting has been wider than
3145 expected, if I am to believe the
3146 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
3147 on debian-devel@
</a
>, and I concluded a few days ago to move forward
3148 with the feature this weekend, to give us some time to detect any
3149 remaining problems before Squeeze is frozen. If serious problems are
3150 detected, it is simple to change the default back to sequential boot.
3151 The upload of the new sysvinit package also activate a new upstream
3154 More information about
3155 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
3156 based boot sequencing
</a
> is available from the Debian wiki. It is
3157 currently possible to disable parallel booting when one run into
3158 problems caused by it, by adding this line to /etc/default/rcS:
</p
>
3160 <blockquote
><pre
>
3162 </pre
></blockquote
>
3164 <p
>If you report any problems with dependencies in init.d scripts to
3165 the BTS, please usertag the report to get it to show up at
3166 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
3167 list of usertagged bugs related to this
</a
>.
</p
>
3172 <title>Sitesummary tip: Listing MAC address of all clients
</title>
3173 <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</link>
3174 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html
</guid>
3175 <pubDate>Fri,
14 May
2010 21:
10:
00 +
0200</pubDate>
3176 <description><p
>In the recent Debian Edu versions, the
3177 <a href=
"http://wiki.debian.org/DebianEdu/HowTo/SiteSummary
">sitesummary
3178 system
</a
> is used to keep track of the machines in the school
3179 network. Each machine will automatically report its status to the
3180 central server after boot and once per night. The network setup is
3181 also reported, and using this information it is possible to get the
3182 MAC address of all network interfaces in the machines. This is useful
3183 to update the DHCP configuration.
</p
>
3185 <p
>To give some idea how to use sitesummary, here is a one-liner to
3186 ist all MAC addresses of all machines reporting to sitesummary. Run
3187 this on the collector host:
</p
>
3189 <blockquote
><pre
>
3190 perl -MSiteSummary -e
'for_all_hosts(sub { print join(
" ", get_macaddresses(shift)),
"\n
"; });
'
3191 </pre
></blockquote
>
3193 <p
>This will list all MAC addresses assosiated with all machine, one
3194 line per machine and with space between the MAC addresses.
</p
>
3196 <p
>To allow system administrators easier job at adding static DHCP
3197 addresses for hosts, it would be possible to extend this to fetch
3198 machine information from sitesummary and update the DHCP and DNS
3199 tables in LDAP using this information. Such tool is unfortunately not
3200 written yet.
</p
>
3205 <title>systemd, an interesting alternative to upstart
</title>
3206 <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</link>
3207 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html
</guid>
3208 <pubDate>Thu,
13 May
2010 22:
20:
00 +
0200</pubDate>
3209 <description><p
>The last few days a new boot system called
3210 <a href=
"http://www.freedesktop.org/wiki/Software/systemd
">systemd
</a
>
3212 <a href=
"http://
0pointer.de/blog/projects/systemd.html
">introduced
</a
>
3214 to the free software world. I have not yet had time to play around
3215 with it, but it seem to be a very interesting alternative to
3216 <a href=
"http://upstart.ubuntu.com/
">upstart
</a
>, and might prove to be
3217 a good alternative for Debian when we are able to switch to an event
3218 based boot system. Tollef is
3219 <a href=
"http://bugs.debian.org/
580814">in the process
</a
> of getting
3220 systemd into Debian, and I look forward to seeing how well it work. I
3221 like the fact that systemd handles init.d scripts with dependency
3222 information natively, allowing them to run in parallel where upstart
3223 at the moment do not.
</p
>
3225 <p
>Unfortunately do systemd have the same problem as upstart regarding
3226 platform support. It only work on recent Linux kernels, and also need
3227 some new kernel features enabled to function properly. This means
3228 kFreeBSD and Hurd ports of Debian will need a port or a different boot
3229 system. Not sure how that will be handled if systemd proves to be the
3230 way forward.
</p
>
3232 <p
>In the mean time, based on the
3233 <a href=
"http://lists.debian.org/debian-devel/
2010/
05/msg00122.html
">input
3234 on debian-devel@
</a
> regarding parallel booting in Debian, I have
3235 decided to enable full parallel booting as the default in Debian as
3236 soon as possible (probably this weekend or early next week), to see if
3237 there are any remaining serious bugs in the init.d dependencies. A
3238 new version of the sysvinit package implementing this change is
3239 already in experimental. If all go well, Squeeze will be released
3240 with parallel booting enabled by default.
</p
>
3245 <title>Parallellizing the boot in Debian Squeeze - ready for wider testing
</title>
3246 <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</link>
3247 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html
</guid>
3248 <pubDate>Thu,
6 May
2010 23:
25:
00 +
0200</pubDate>
3249 <description><p
>These days, the init.d script dependencies in Squeeze are quite
3250 complete, so complete that it is actually possible to run all the
3251 init.d scripts in parallell based on these dependencies. If you want
3252 to test your Squeeze system, make sure
3253 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
3254 based boot sequencing
</a
> is enabled, and add this line to
3255 /etc/default/rcS:
</p
>
3257 <blockquote
><pre
>
3258 CONCURRENCY=makefile
3259 </pre
></blockquote
>
3261 <p
>That is it. It will cause sysv-rc to use the startpar tool to run
3262 scripts in parallel using the dependency information stored in
3263 /etc/init.d/.depend.boot, /etc/init.d/.depend.start and
3264 /etc/init.d/.depend.stop to order the scripts. Startpar is configured
3265 to try to start the kdm and gdm scripts as early as possible, and will
3266 start the facilities required by kdm or gdm as early as possible to
3267 make this happen.
</p
>
3269 <p
>Give it a try, and see if you like the result. If some services
3270 fail to start properly, it is most likely because they have incomplete
3271 init.d script dependencies in their startup script (or some of their
3272 dependent scripts have incomplete dependencies). Report bugs and get
3273 the package maintainers to fix it. :)
</p
>
3275 <p
>Running scripts in parallel could be the default in Debian when we
3276 manage to get the init.d script dependencies complete and correct. I
3277 expect we will get there in Squeeze+
1, if we get manage to test and
3278 fix the remaining issues.
</p
>
3280 <p
>If you report any problems with dependencies in init.d scripts to
3281 the BTS, please usertag the report to get it to show up at
3282 <a href=
"http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org
">the
3283 list of usertagged bugs related to this
</a
>.
</p
>
3288 <title>Debian has switched to dependency based boot sequencing
</title>
3289 <link>http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html
</link>
3290 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html
</guid>
3291 <pubDate>Mon,
27 Jul
2009 23:
50:
00 +
0200</pubDate>
3292 <description><p
>Since this evening, with the upload of sysvinit version
2.87dsf-
2,
3293 and the upload of insserv version
1.12.0-
10 yesterday, Debian unstable
3294 have been migrated to using dependency based boot sequencing. This
3295 conclude work me and others have been doing for the last three days.
3296 It feels great to see this finally part of the default Debian
3297 installation. Now we just need to weed out the last few problems that
3298 are bound to show up, to get everything ready for Squeeze.
</p
>
3300 <p
>The next step is migrating /sbin/init from sysvinit to upstart, and
3301 fixing the more fundamental problem of handing the event based
3302 non-predictable kernel in the early boot.
</p
>
3307 <title>Taking over sysvinit development
</title>
3308 <link>http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html
</link>
3309 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html
</guid>
3310 <pubDate>Wed,
22 Jul
2009 23:
00:
00 +
0200</pubDate>
3311 <description><p
>After several years of frustration with the lack of activity from
3312 the existing sysvinit upstream developer, I decided a few weeks ago to
3313 take over the package and become the new upstream. The number of
3314 patches to track for the Debian package was becoming a burden, and the
3315 lack of synchronization between the distribution made it hard to keep
3316 the package up to date.
</p
>
3318 <p
>On the new sysvinit team is the SuSe maintainer Dr. Werner Fink,
3319 and my Debian co-maintainer Kel Modderman. About
10 days ago, I made
3320 a new upstream tarball with version number
2.87dsf (for Debian, SuSe
3321 and Fedora), based on the patches currently in use in these
3322 distributions. We Debian maintainers plan to move to this tarball as
3323 the new upstream as soon as we find time to do the merge. Since the
3324 new tarball was created, we agreed with Werner at SuSe to make a new
3325 upstream project at
<a href=
"http://savannah.nongnu.org/
">Savannah
</a
>, and continue
3326 development there. The project is registered and currently waiting
3327 for approval by the Savannah administrators, and as soon as it is
3328 approved, we will import the old versions from svn and continue
3329 working on the future release.
</p
>
3331 <p
>It is a bit ironic that this is done now, when some of the involved
3332 distributions are moving to upstart as a syvinit replacement.
</p
>
3337 <title>Debian boots quicker and quicker
</title>
3338 <link>http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html
</link>
3339 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html
</guid>
3340 <pubDate>Wed,
24 Jun
2009 21:
40:
00 +
0200</pubDate>
3341 <description><p
>I spent Monday and tuesday this week in London with a lot of the
3342 people involved in the boot system on Debian and Ubuntu, to see if we
3343 could find more ways to speed up the boot system. This was an Ubuntu
3345 <a href=
"https://wiki.ubuntu.com/FoundationsTeam/BootPerformance/DebianUbuntuSprint
">developer
3346 gathering
</a
>. It was quite productive. We also discussed the future
3347 of boot systems, and ways to handle the increasing number of boot
3348 issues introduced by the Linux kernel becoming more and more
3349 asynchronous and event base. The Ubuntu approach using udev and
3350 upstart might be a good way forward. Time will show.
</p
>
3352 <p
>Anyway, there are a few ways at the moment to speed up the boot
3353 process in Debian. All of these should be applied to get a quick
3358 <li
>Use dash as /bin/sh.
</li
>
3360 <li
>Disable the init.d/hwclock*.sh scripts and make sure the hardware
3361 clock is in UTC.
</li
>
3363 <li
>Install and activate the insserv package to enable
3364 <a href=
"http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot
">dependency
3365 based boot sequencing
</a
>, and enable concurrent booting.
</li
>
3369 These points are based on the Google summer of code work done by
3370 <a href=
"http://initscripts-ng.alioth.debian.org/soc2006-bootsystem/
">Carlos
3373 <p
>Support for makefile-style concurrency during boot was uploaded to
3374 unstable yesterday. When we tested it, we were able to cut
6 seconds
3375 from the boot sequence. It depend on very correct dependency
3376 declaration in all init.d scripts, so I expect us to find edge cases
3377 where the dependences in some scripts are slightly wrong when we start
3378 using this.
</p
>
3380 <p
>On our IRC channel for this effort, #pkg-sysvinit, a new idea was
3381 introduced by Raphael Geissert today, one that could affect the
3382 startup speed as well. Instead of starting some scripts concurrently
3383 from rcS.d/ and another set of scripts from rc2.d/, it would be
3384 possible to run a of them in the same process. A quick way to test
3385 this would be to enable insserv and run
'mv /etc/rc2.d/S* /etc/rcS.d/;
3386 insserv
'. Will need to test if that work. :)
</p
>
3391 <title>BSAs påstander om piratkopiering møter motstand
</title>
3392 <link>http://people.skolelinux.org/pere/blog/BSAs_p_stander_om_piratkopiering_m_ter_motstand.html
</link>
3393 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/BSAs_p_stander_om_piratkopiering_m_ter_motstand.html
</guid>
3394 <pubDate>Sun,
17 May
2009 23:
05:
00 +
0200</pubDate>
3395 <description><p
>Hvert år de siste årene har BSA, lobbyfronten til de store
3396 programvareselskapene som Microsoft og Apple, publisert en rapport der
3397 de gjetter på hvor mye piratkopiering påfører i tapte inntekter i
3398 ulike land rundt om i verden. Resultatene er tendensiøse. For noen
3400 <a href=
"http://global.bsa.org/globalpiracy2008/studies/globalpiracy2008.pdf
">siste
3401 rapport
</a
>, og det er flere kritiske kommentarer publisert de siste
3402 dagene. Et spesielt interessant kommentar fra Sverige,
3403 <a href=
"http://www.idg.se/
2.1085/
1.229795/bsa-hoftade-sverigesiffror
">BSA
3404 höftade Sverigesiffror
</a
>, oppsummeres slik:
</p
>
3407 I sin senaste rapport slår BSA fast att
25 procent av all mjukvara i
3408 Sverige är piratkopierad. Det utan att ha pratat med ett enda svenskt
3409 företag.
"Man bör nog kanske inte se de här siffrorna som helt
3410 exakta
", säger BSAs Sverigechef John Hugosson.
3413 <p
>Mon tro om de er like metodiske når de gjetter på andelen piratkopiering i Norge? To andre kommentarer er
<a
3414 href=
"http://www.vnunet.com/vnunet/comment/
2242134/bsa-piracy-figures-shot-reality
">BSA
3415 piracy figures need a shot of reality
</a
> og
<a
3416 href=
"http://www.michaelgeist.ca/content/view/
3958/
125/
">Does The WIPO
3417 Copyright Treaty Work?
</a
></p
>
3419 <p
>Fant lenkene via
<a
3420 href=
"http://tech.slashdot.org/article.pl?sid=
09/
05/
17/
1632242">oppslag
3421 på Slashdot
</a
>.
</p
>
3426 <title>IDG mener linux i servermarkedet vil vokse med
21% i
2009</title>
3427 <link>http://people.skolelinux.org/pere/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html
</link>
3428 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html
</guid>
3429 <pubDate>Thu,
7 May
2009 22:
30:
00 +
0200</pubDate>
3430 <description><p
>Kom over
3431 <a href=
"http://news.cnet.com/
8301-
13505_3-
10216873-
16.html
">interessante
3432 tall
</a
> fra IDG om utviklingen av linuxservermarkedet. Fikk meg til
3433 å tenke på antall tjenermaskiner ved Universitetet i Oslo der jeg
3434 jobber til daglig. En rask opptelling forteller meg at vi har
490
3435 (
61%) fysiske unix-tjener (mest linux men også noen solaris) og
196
3436 (
25%) windowstjenere, samt
112 (
14%) virtuelle unix-tjenere. Med den
3437 bakgrunnskunnskapen kan jeg godt tro at IDG er inne på noe.
</p
>
3442 <title>Kryptert harddisk - naturligvis
</title>
3443 <link>http://people.skolelinux.org/pere/blog/Kryptert_harddisk___naturligvis.html
</link>
3444 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Kryptert_harddisk___naturligvis.html
</guid>
3445 <pubDate>Sat,
2 May
2009 15:
30:
00 +
0200</pubDate>
3446 <description><p
><a href=
"http://www.dagensit.no/trender/article1658676.ece
">Dagens
3447 IT melder
</a
> at Intel hevder at det er dyrt å miste en datamaskin,
3448 når en tar tap av arbeidstid, fortrolige dokumenter,
3449 personopplysninger og alt annet det innebærer. Det er ingen tvil om
3450 at det er en kostbar affære å miste sin datamaskin, og det er årsaken
3451 til at jeg har kryptert harddisken på både kontormaskinen og min
3452 bærbare. Begge inneholder personopplysninger jeg ikke ønsker skal
3453 komme på avveie, den første informasjon relatert til jobben min ved
3454 Universitetet i Oslo, og den andre relatert til blant annet
3455 foreningsarbeide. Kryptering av diskene gjør at det er lite
3456 sannsynlig at dophoder som kan finne på å rappe maskinene får noe ut
3457 av dem. Maskinene låses automatisk etter noen minutter uten bruk,
3458 og en reboot vil gjøre at de ber om passord før de vil starte opp.
3459 Jeg bruker Debian på begge maskinene, og installasjonssystemet der
3460 gjør det trivielt å sette opp krypterte disker. Jeg har LVM på toppen
3461 av krypterte partisjoner, slik at alt av datapartisjoner er kryptert.
3462 Jeg anbefaler alle å kryptere diskene på sine bærbare. Kostnaden når
3463 det er gjort slik jeg gjør det er minimale, og gevinstene er
3464 betydelige. En bør dog passe på passordet. Hvis det går tapt, må
3465 maskinen reinstalleres og alt er tapt.
</p
>
3467 <p
>Krypteringen vil ikke stoppe kompetente angripere som f.eks. kjøler
3468 ned minnebrikkene før maskinen rebootes med programvare for å hente ut
3469 krypteringsnøklene. Kostnaden med å forsvare seg mot slike angripere
3470 er for min del høyere enn gevinsten. Jeg tror oddsene for at
3471 f.eks. etteretningsorganisasjoner har glede av å titte på mine
3472 maskiner er minimale, og ulempene jeg ville oppnå ved å forsøke å
3473 gjøre det vanskeligere for angripere med kompetanse og ressurser er
3474 betydelige.
</p
>
3479 <title>Two projects that have improved the quality of free software a lot
</title>
3480 <link>http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html
</link>
3481 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html
</guid>
3482 <pubDate>Sat,
2 May
2009 15:
00:
00 +
0200</pubDate>
3483 <description><p
>There are two software projects that have had huge influence on the
3484 quality of free software, and I wanted to mention both in case someone
3485 do not yet know them.
</p
>
3487 <p
>The first one is
<a href=
"http://valgrind.org/
">valgrind
</a
>, a
3488 tool to detect and expose errors in the memory handling of programs.
3489 It is easy to use, all one need to do is to run
'valgrind program
',
3490 and it will report any problems on stdout. It is even better if the
3491 program include debug information. With debug information, it is able
3492 to report the source file name and line number where the problem
3493 occurs. It can report things like
'reading past memory block in file
3494 X line N, the memory block was allocated in file Y, line M
', and
3495 'using uninitialised value in control logic
'. This tool has made it
3496 trivial to investigate reproducible crash bugs in programs, and have
3497 reduced the number of this kind of bugs in free software a lot.
3499 <p
>The second one is
3500 <a href=
"http://en.wikipedia.org/wiki/Coverity
">Coverity
</a
> which is
3501 a source code checker. It is able to process the source of a program
3502 and find problems in the logic without running the program. It
3503 started out as the Stanford Checker and became well known when it was
3504 used to find bugs in the Linux kernel. It is now a commercial tool
3505 and the company behind it is running
3506 <a href=
"http://www.scan.coverity.com/
">a community service
</a
> for the
3507 free software community, where a lot of free software projects get
3508 their source checked for free. Several thousand defects have been
3509 found and fixed so far. It can find errors like
'lock L taken in file
3510 X line N is never released if exiting in line M
', or
'the code in file
3511 Y lines O to P can never be executed
'. The projects included in the
3512 community service project have managed to get rid of a lot of
3513 reliability problems thanks to Coverity.
</p
>
3515 <p
>I believe tools like this, that are able to automatically find
3516 errors in the source, are vital to improve the quality of software and
3517 make sure we can get rid of the crashing and failing software we are
3518 surrounded by today.
</p
>
3523 <title>No patch is not better than a useless patch
</title>
3524 <link>http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html
</link>
3525 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html
</guid>
3526 <pubDate>Tue,
28 Apr
2009 09:
30:
00 +
0200</pubDate>
3527 <description><p
>Julien Blache
3528 <a href=
"http://blog.technologeek.org/
2009/
04/
12/
214">claim that no
3529 patch is better than a useless patch
</a
>. I completely disagree, as a
3530 patch allow one to discuss a concrete and proposed solution, and also
3531 prove that the issue at hand is important enough for someone to spent
3532 time on fixing it. No patch do not provide any of these positive
3533 properties.
</p
>
3538 <title>Standardize on protocols and formats, not vendors and applications
</title>
3539 <link>http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html
</link>
3540 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html
</guid>
3541 <pubDate>Mon,
30 Mar
2009 11:
50:
00 +
0200</pubDate>
3542 <description><p
>Where I work at the University of Oslo, one decision stand out as a
3543 very good one to form a long lived computer infrastructure. It is the
3544 simple one, lost by many in todays computer industry: Standardize on
3545 open network protocols and open exchange/storage formats, not applications.
3546 Applications come and go, while protocols and files tend to stay, and
3547 thus one want to make it easy to change application and vendor, while
3548 avoiding conversion costs and locking users to a specific platform or
3549 application.
</p
>
3551 <p
>This approach make it possible to replace the client applications
3552 independently of the server applications. One can even allow users to
3553 use several different applications as long as they handle the selected
3554 protocol and format. In the normal case, only one client application
3555 is recommended and users only get help if they choose to use this
3556 application, but those that want to deviate from the easy path are not
3557 blocked from doing so.
</p
>
3559 <p
>It also allow us to replace the server side without forcing the
3560 users to replace their applications, and thus allow us to select the
3561 best server implementation at any moment, when scale and resouce
3562 requirements change.
</p
>
3564 <p
>I strongly recommend standardizing - on open network protocols and
3565 open formats, but I would never recommend standardizing on a single
3566 application that do not use open network protocol or open formats.
</p
>
3571 <title>Returning from Skolelinux developer gathering
</title>
3572 <link>http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html
</link>
3573 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html
</guid>
3574 <pubDate>Sun,
29 Mar
2009 21:
00:
00 +
0200</pubDate>
3575 <description><p
>I
'm sitting on the train going home from this weekends Debian
3576 Edu/Skolelinux development gathering. I got a bit done tuning the
3577 desktop, and looked into the dynamic service location protocol
3578 implementation avahi. It look like it could be useful for us. Almost
3579 30 people participated, and I believe it was a great environment to
3580 get to know the Skolelinux system. Walter Bender, involved in the
3581 development of the Sugar educational platform, presented his stuff and
3582 also helped me improve my OLPC installation. He also showed me that
3583 his Turtle Art application can be used in standalone mode, and we
3584 agreed that I would help getting it packaged for Debian. As a
3585 standalone application it would be great for Debian Edu. We also
3586 tried to get the video conferencing working with two OLPCs, but that
3587 proved to be too hard for us. The application seem to need more work
3588 before it is ready for me. I look forward to getting home and relax
3594 <title>Time for new LDAP schemas replacing RFC
2307?
</title>
3595 <link>http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
</link>
3596 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html
</guid>
3597 <pubDate>Sun,
29 Mar
2009 20:
30:
00 +
0200</pubDate>
3598 <description><p
>The state of standardized LDAP schemas on Linux is far from
3599 optimal. There is RFC
2307 documenting one way to store NIS maps in
3600 LDAP, and a modified version of this normally called RFC
2307bis, with
3601 some modifications to be compatible with Active Directory. The RFC
3602 specification handle the content of a lot of system databases, but do
3603 not handle DNS zones and DHCP configuration.
</p
>
3605 <p
>In
<a href=
"http://www.skolelinux.org/
">Debian Edu/Skolelinux
</a
>,
3606 we would like to store information about users, SMB clients/hosts,
3607 filegroups, netgroups (users and hosts), DHCP and DNS configuration,
3608 and LTSP configuration in LDAP. These objects have a lot in common,
3609 but with the current LDAP schemas it is not possible to have one
3610 object per entity. For example, one need to have at least three LDAP
3611 objects for a given computer, one with the SMB related stuff, one with
3612 DNS information and another with DHCP information. The schemas
3613 provided for DNS and DHCP are impossible to combine into one LDAP
3614 object. In addition, it is impossible to implement quick queries for
3615 netgroup membership, because of the way NIS triples are implemented.
3616 It just do not scale. I believe it is time for a few RFC
3617 specifications to cleam up this mess.
</p
>
3619 <p
>I would like to have one LDAP object representing each computer in
3620 the network, and this object can then keep the SMB (ie host key), DHCP
3621 (mac address/name) and DNS (name/IP address) settings in one place.
3622 It need to be efficently stored to make sure it scale well.
</p
>
3624 <p
>I would also like to have a quick way to map from a user or
3625 computer and to the net group this user or computer is a member.
</p
>
3627 <p
>Active Directory have done a better job than unix heads like myself
3628 in this regard, and the unix side need to catch up. Time to start a
3629 new IETF work group?
</p
>
3634 <title>Endelig er Debian Lenny gitt ut
</title>
3635 <link>http://people.skolelinux.org/pere/blog/Endelig_er_Debian_Lenny_gitt_ut.html
</link>
3636 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Endelig_er_Debian_Lenny_gitt_ut.html
</guid>
3637 <pubDate>Sun,
15 Feb
2009 11:
50:
00 +
0100</pubDate>
3638 <description><p
>Endelig er
<a href=
"http://www.debian.org/
">Debian
</a
>
3639 <a href=
"http://www.debian.org/News/
2009/
20090214">Lenny
</a
> gitt ut.
3640 Et langt steg videre for Debian-prosjektet, og en rekke nye
3641 programpakker blir nå tilgjengelig for de av oss som bruker den
3642 stabile utgaven av Debian. Neste steg er nå å få
3643 <a href=
"http://www.skolelinux.org/
">Skolelinux
</a
> /
3644 <a href=
"http://wiki.debian.org/DebianEdu/
">Debian Edu
</a
> ferdig
3645 oppdatert for den nye utgaven, slik at en oppdatert versjon kan
3646 slippes løs på skolene. Takk til alle debian-utviklerne som har
3647 gjort dette mulig. Endelig er f.eks. fungerende avhengighetsstyrt
3648 bootsekvens tilgjengelig i stabil utgave, vha pakken
3649 <tt
>insserv
</tt
>.
</p
>
3654 <title>Devcamp brought us closer to the Lenny based Debian Edu release
</title>
3655 <link>http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html
</link>
3656 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html
</guid>
3657 <pubDate>Sun,
7 Dec
2008 12:
00:
00 +
0100</pubDate>
3658 <description><p
>This weekend we had a small developer gathering for Debian Edu in
3659 Oslo. Most of Saturday was used for the general assemly for the
3660 member organization, but the rest of the weekend I used to tune the
3661 LTSP installation. LTSP now work out of the box on the
10-network.
3662 Acer Aspire One proved to be a very nice thin client, with both
3663 screen, mouse and keybard in a small box. Was working on getting the
3664 diskless workstation setup configured out of the box, but did not
3665 finish it before the weekend was up.
</p
>
3667 <p
>Did not find time to look at the
4 VGA cards in one box we got from
3668 the Brazilian group, so that will have to wait for the next
3669 development gathering. Would love to have the Debian Edu installer
3670 automatically detect and configure a multiseat setup when it find one
3671 of these cards.
</p
>
3676 <title>The sorry state of multimedia browser plugins in Debian
</title>
3677 <link>http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html
</link>
3678 <guid isPermaLink=
"true">http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html
</guid>
3679 <pubDate>Tue,
25 Nov
2008 00:
10:
00 +
0100</pubDate>
3680 <description><p
>Recently I have spent some time evaluating the multimedia browser
3681 plugins available in Debian Lenny, to see which one we should use by
3682 default in Debian Edu. We need an embedded video playing plugin with
3683 control buttons to pause or stop the video, and capable of streaming
3684 all the multimedia content available on the web. The test results and
3685 notes are available on
3686 <a href=
"http://wiki.debian.org/DebianEdu/BrowserMultimedia
">the
3687 Debian wiki
</a
>. I was surprised how few of the plugins are able to
3688 fill this need. My personal video player favorite, VLC, has a really
3689 bad plugin which fail on a lot of the test pages. A lot of the MIME
3690 types I would expect to work with any free software player (like
3691 video/ogg), just do not work. And simple formats like the
3692 audio/x-mplegurl format (m3u playlists), just isn
't supported by the
3693 totem and vlc plugins. I hope the situation will improve soon. No
3694 wonder sites use the proprietary Adobe flash to play video.
</p
>
3696 <p
>For Lenny, we seem to end up with the mplayer plugin. It seem to
3697 be the only one fitting our needs. :/
</p
>
projects / homepage.git / blob