[homepage.git] / blog / tags / debian / debian.rss

<?xml version="1.0" encoding="utf-8"?>
<rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
        <channel>
                <title>Petter Reinholdtsen - Entries tagged debian</title>
                <description>Entries tagged debian</description>
                <link>http://people.skolelinux.org/pere/blog/</link>

        
        <item>
                <title>Creating, updating and checking debian/copyright semi-automatically</title>
                <link>http://people.skolelinux.org/pere/blog/Creating__updating_and_checking_debian_copyright_semi_automatically.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Creating__updating_and_checking_debian_copyright_semi_automatically.html</guid>
                <pubDate>Fri, 19 Feb 2016 15:00:00 +0100</pubDate>
                <description>&lt;p&gt;Making packages for Debian requires quite a lot of attention to
details.  And one of the details is the content of the
debian/copyright file, which should list all relevant licenses used by
the code in the package in question, preferably in
&lt;a href=&quot;https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/&quot;&gt;machine
readable DEP5 format&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;For large packages with lots of contributors it is hard to write
and update this file manually, and if you get some detail wrong, the
package is normally rejected by the ftpmasters.  So getting it right
the first time around get the package into Debian faster, and save
both you and the ftpmasters some work..  Today, while trying to figure
out what was wrong with
&lt;a href=&quot;https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686447&quot;&gt;the
zfsonlinux copyright file&lt;/a&gt;, I decided to spend some time on
figuring out the options for doing this job automatically, or at least
semi-automatically.&lt;/p&gt;

&lt;p&gt;Lucikly, there are at least two tools available for generating the
file based on the code in the source package,
&lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/debmake&quot;&gt;debmake&lt;/a&gt;&lt;/tt&gt;
and &lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/cme&quot;&gt;cme&lt;/a&gt;&lt;/tt&gt;.  I&#39;m
not sure which one of them came first, but both seem to be able to
create a sensible draft file.  As far as I can tell, none of them can
be trusted to get the result just right, so the content need to be
polished a bit before the file is OK to upload.  I found the debmake
option in
&lt;a href=&quot;http://goofying-with-debian.blogspot.com/2014/07/debmake-checking-source-against-dep-5.html&quot;&gt;a
blog posts from 2014&lt;/a&gt;.

&lt;p&gt;To generate using debmake, use the -cc option:

&lt;p&gt;&lt;pre&gt;
debmake -cc &gt; debian/copyright
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;Note there are some problems with python and non-ASCII names, so
this might not be the best option.&lt;/p&gt;

&lt;p&gt;The cme option is based on a config parsing library, and I found
this approach in
&lt;a href=&quot;https://ddumont.wordpress.com/2015/04/05/improving-creation-of-debian-copyright-file/&quot;&gt;a
blog post from 2015&lt;/a&gt;.  To generate using cme, use the &#39;update
dpkg-copyright&#39; option:

&lt;p&gt;&lt;pre&gt;
cme update dpkg-copyright
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;This will create or update debian/copyright.  The cme tool seem to
handle UTF-8 names better than debmake.&lt;/p&gt;

&lt;p&gt;When the copyright file is created, I would also like some help to
check if the file is correct.  For this I found two good options,
&lt;tt&gt;debmake -k&lt;/tt&gt; and &lt;tt&gt;license-reconcile&lt;/tt&gt;.  The former seem
to focus on license types and file matching, and is able to detect
ineffective blocks in the copyright file.  The latter reports missing
copyright holders and years, but was confused by inconsistent license
names (like CDDL vs. CDDL-1.0).  I suspect it is good to use both and
fix all issues reported by them before uploading.  But I do not know
if the tools and the ftpmasters agree on what is important to fix in a
copyright file, so the package might still be rejected.&lt;/p&gt;

&lt;p&gt;The devscripts tool &lt;tt&gt;licensecheck&lt;/tt&gt; deserve mentioning.  It
will read through the source and try to find all copyright statements.
It is not comparing the result to the content of debian/copyright, but
can be useful when verifying the content of the copyright file.&lt;/p&gt;

&lt;p&gt;Are you aware of better tools in Debian to create and update
debian/copyright file.  Please let me know, or blog about it on
planet.debian.org.&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2016-02-20&lt;/strong&gt;: I got a tip from Mike Gabriel
on how to use licensecheck and cdbs to create a draft copyright file

&lt;p&gt;&lt;pre&gt;
licensecheck --copyright -r `find * -type f` | \
  /usr/lib/cdbs/licensecheck2dep5 &gt; debian/copyright.auto
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;He mentioned that he normally check the generated file into the
version control system to make it easier to discover license and
copyright changes in the upstream source.  I will try to do the same
with my packages in the future.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2016-02-21&lt;/strong&gt;: The cme author recommended
against using -quiet for new users, so I removed it from the proposed
command line.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Using appstream in Debian to locate packages with firmware and mime type support</title>
                <link>http://people.skolelinux.org/pere/blog/Using_appstream_in_Debian_to_locate_packages_with_firmware_and_mime_type_support.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Using_appstream_in_Debian_to_locate_packages_with_firmware_and_mime_type_support.html</guid>
                <pubDate>Thu, 4 Feb 2016 16:40:00 +0100</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://wiki.debian.org/DEP-11&quot;&gt;appstream system&lt;/a&gt;
is taking shape in Debian, and one provided feature is a very
convenient way to tell you which package to install to make a given
firmware file available when the kernel is looking for it.  This can
be done using apt-file too, but that is for someone else to blog
about. :)&lt;/p&gt;

&lt;p&gt;Here is a small recipe to find the package with a given firmware
file, in this example I am looking for ctfw-3.2.3.0.bin, randomly
picked from the set of firmware announced using appstream in Debian
unstable.  In general you would be looking for the firmware requested
by the kernel during kernel module loading.  To find the package
providing the example file, do like this:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
% apt install appstream
[...]
% apt update
[...]
% appstreamcli what-provides firmware:runtime ctfw-3.2.3.0.bin | \
  awk &#39;/Package:/ {print $2}&#39;
firmware-qlogic
%
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;See &lt;a href=&quot;https://wiki.debian.org/AppStream/Guidelines&quot;&gt;the
appstream wiki&lt;/a&gt; page to learn how to embed the package metadata in
a way appstream can use.&lt;/p&gt;

&lt;p&gt;This same approach can be used to find any package supporting a
given MIME type.  This is very useful when you get a file you do not
know how to handle.  First find the mime type using &lt;tt&gt;file
--mime-type&lt;/tt&gt;, and next look up the package providing support for
it.  Lets say you got an SVG file.  Its MIME type is image/svg+xml,
and you can find all packages handling this type like this:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
% apt install appstream
[...]
% apt update
[...]
% appstreamcli what-provides mimetype image/svg+xml | \
  awk &#39;/Package:/ {print $2}&#39;
bkchem
phototonic
inkscape
shutter
tetzle
geeqie
xia
pinta
gthumb
karbon
comix
mirage
viewnior
postr
ristretto
kolourpaint4
eog
eom
gimagereader
midori
%
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;I believe the MIME types are fetched from the desktop file for
packages providing appstream metadata.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Creepy, visualise geotagged social media information - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Creepy__visualise_geotagged_social_media_information___nice_free_software.html</guid>
                <pubDate>Sun, 24 Jan 2016 10:50:00 +0100</pubDate>
                <description>&lt;p&gt;Most people seem not to realise that every time they walk around
with the computerised radio beacon known as a mobile phone their
position is tracked by the phone company and often stored for a long
time (like every time a SMS is received or sent).  And if their
computerised radio beacon is capable of running programs (often called
mobile apps) downloaded from the Internet, these programs are often
also capable of tracking their location (if the app requested access
during installation).  And when these programs send out information to
central collection points, the location is often included, unless
extra care is taken to not send the location.  The provided
information is used by several entities, for good and bad (what is
good and bad, depend on your point of view).  What is certain, is that
the private sphere and the right to free movement is challenged and
perhaps even eradicated for those announcing their location this way,
when they share their whereabouts with private and public
entities.&lt;/p&gt;

&lt;p align=&quot;center&quot;&gt;&lt;img width=&quot;70%&quot; src=&quot;http://people.skolelinux.org/pere/blog/images/2016-01-24-nice-creepy-desktop-window.png&quot;&gt;&lt;/p&gt;

&lt;p&gt;The phone company logs provide a register of locations to check out
when one want to figure out what the tracked person was doing.  It is
unavailable for most of us, but provided to selected government
officials, company staff, those illegally buying information from
unfaithful servants and crackers stealing the information.  But the
public information can be collected and analysed, and a free software
tool to do so is called
&lt;a href=&quot;http://www.geocreepy.com/&quot;&gt;Creepy or Cree.py&lt;/a&gt;.  I
discovered it when I read
&lt;a href=&quot;http://www.aftenposten.no/kultur/Slik-kan-du-bli-overvaket-pa-Twitter-og-Instagram-uten-a-ane-det-7787884.html&quot;&gt;an
article about Creepy&lt;/a&gt; in the Norwegian newspaper Aftenposten i
November 2014, and decided to check if it was available in Debian.
The python program was in Debian, but
&lt;a href=&quot;https://tracker.debian.org/pkg/creepy&quot;&gt;the version in
Debian&lt;/a&gt; was completely broken and practically unmaintained.  I
uploaded a new version which did not work quite right, but did not
have time to fix it then.  This Christmas I decided to finally try to
get Creepy operational in Debian.  Now a fixed version is available in
Debian unstable and testing, and almost all Debian specific patches
are now included
&lt;a href=&quot;https://github.com/jkakavas/creepy&quot;&gt;upstream&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The Creepy program visualises geolocation information fetched from
Twitter, Instagram, Flickr and Google+, and allow one to get a
complete picture of every social media message posted recently in a
given area, or track the movement of a given individual across all
these services.  Earlier it was possible to use the search API of at
least some of these services without identifying oneself, but these
days it is impossible.  This mean that to use Creepy, you need to
configure it to log in as yourself on these services, and provide
information to them about your search interests.  This should be taken
into account when using Creepy, as it will also share information
about yourself with the services.&lt;/p&gt;

&lt;p&gt;The picture above show the twitter messages sent from (or at least
geotagged with a position from) the city centre of Oslo, the capital
of Norway.  One useful way to use Creepy is to first look at
information tagged with an area of interest, and next look at all the
information provided by one or more individuals who was in the area.
I tested it by checking out which celebrity provide their location in
twitter messages by checkout out who sent twitter messages near a
Norwegian TV station, and next could track their position over time,
making it possible to locate their home and work place, among other
things.  A similar technique have been
&lt;a href=&quot;http://www.buzzfeed.com/maxseddon/does-this-soldiers-instagram-account-prove-russia-is-covertl&quot;&gt;used
to locate Russian soldiers in Ukraine&lt;/a&gt;, and it is both a powerful
tool to discover lying governments, and a useful tool to help people
understand the value of the private information they provide to the
public.&lt;/p&gt;

&lt;p&gt;The package is not trivial to backport to Debian Stable/Jessie, as
it depend on several python modules currently missing in Jessie (at
least python-instagram, python-flickrapi and
python-requests-toolbelt).&lt;/p&gt;

&lt;p&gt;(I have uploaded
&lt;a href=&quot;https://screenshots.debian.net/package/creepy&quot;&gt;the image to
screenshots.debian.net&lt;/a&gt; and licensed it under the same terms as the
Creepy program in Debian.)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Always download Debian packages using Tor - the simple recipe</title>
                <link>http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html</guid>
                <pubDate>Fri, 15 Jan 2016 00:30:00 +0100</pubDate>
                <description>&lt;p&gt;During his DebConf15 keynote, Jacob Appelbaum
&lt;a href=&quot;https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/&quot;&gt;observed
that those listening on the Internet lines would have good reason to
believe a computer have a given security hole&lt;/a&gt; if it download a
security fix from a Debian mirror.  This is a good reason to always
use encrypted connections to the Debian mirror, to make sure those
listening do not know which IP address to attack.  In August, Richard
Hartmann observed that encryption was not enough, when it was possible
to interfere download size to security patches or the fact that
download took place shortly after a security fix was released, and
&lt;a href=&quot;http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/&quot;&gt;proposed
to always use Tor to download packages from the Debian mirror&lt;/a&gt;.  He
was not the first to propose this, as the
&lt;tt&gt;&lt;a href=&quot;https://tracker.debian.org/pkg/apt-transport-tor&quot;&gt;apt-transport-tor&lt;/a&gt;&lt;/tt&gt;
package by Tim Retout already existed to make it easy to convince apt
to use &lt;a href=&quot;https://www.torproject.org/&quot;&gt;Tor&lt;/a&gt;, but I was not
aware of that package when I read the blog post from Richard.&lt;/p&gt;

&lt;p&gt;Richard discussed the idea with Peter Palfrader, one of the Debian
sysadmins, and he set up a Tor hidden service on one of the central
Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
it possible to download packages directly between two tor nodes,
making sure the network traffic always were encrypted.&lt;/p&gt;

&lt;p&gt;Here is a short recipe for enabling this on your machine, by
installing &lt;tt&gt;apt-transport-tor&lt;/tt&gt; and replacing http and https
urls with tor+http and tor+https, and using the hidden service instead
of the official Debian mirror site.  I recommend installing
&lt;tt&gt;etckeeper&lt;/tt&gt; before you start to have a history of the changes
done in /etc/.&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
apt install apt-transport-tor
sed -i &#39;s% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%&#39; /etc/apt/sources.list
sed -i &#39;s% http% tor+http%&#39; /etc/apt/sources.list
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;If you have more sources listed in /etc/apt/sources.list.d/, run
the sed commands for these too.  The sed command is assuming your are
using the ftp.debian.org Debian mirror.  Adjust the command (or just
edit the file manually) to match your mirror.&lt;/p&gt;

&lt;p&gt;This work in Debian Jessie and later.  Note that tools like
&lt;tt&gt;apt-file&lt;/tt&gt; only recently started using the apt transport
system, and do not work with these tor+http URLs.  For
&lt;tt&gt;apt-file&lt;/tt&gt; you need the version currently in experimental,
which need a recent apt version currently only in unstable.  So if you
need a working &lt;tt&gt;apt-file&lt;/tt&gt;, this is not for you.&lt;/p&gt;

&lt;p&gt;Another advantage from this change is that your machine will start
using Tor regularly and at fairly random intervals (every time you
update the package lists or upgrade or install a new package), thus
masking other Tor traffic done from the same machine.  Using Tor will
become normal for the machine in question.&lt;/p&gt;

&lt;p&gt;On &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox&lt;/a&gt;, APT
is set up by default to use &lt;tt&gt;apt-transport-tor&lt;/tt&gt; when Tor is
enabled.  It would be great if it was the default on any Debian
system.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>OpenALPR, find car license plates in video streams - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/OpenALPR__find_car_license_plates_in_video_streams___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/OpenALPR__find_car_license_plates_in_video_streams___nice_free_software.html</guid>
                <pubDate>Wed, 23 Dec 2015 01:00:00 +0100</pubDate>
                <description>&lt;p&gt;When I was a kid, we used to collect &quot;car numbers&quot;, as we used to
call the car license plate numbers in those days.  I would write the
numbers down in my little book and compare notes with the other kids
to see how many region codes we had seen and if we had seen some
exotic or special region codes and numbers.  It was a fun game to pass
time, as we kids have plenty of it.&lt;/p&gt;

&lt;p&gt;A few days I came across
&lt;a href=&quot;https://github.com/openalpr/openalpr&quot;&gt;the OpenALPR
project&lt;/a&gt;, a free software project to automatically discover and
report license plates in images and video streams, and provide the
&quot;car numbers&quot; in a machine readable format.  I&#39;ve been looking for
such system for a while now, because I believe it is a bad idea that the
&lt;a href=&quot;https://en.wikipedia.org/wiki/Automatic_number_plate_recognition&quot;&gt;automatic
number plate recognition&lt;/a&gt; tool only is available in the hands of
the powerful, and want it to be available also for the powerless to
even the score when it comes to surveillance and sousveillance.  I
discovered the developer
&lt;a href=&quot;https://bugs.debian.org/747509&quot;&gt;wanted to get the tool into
Debian&lt;/a&gt;, and as I too wanted it to be in Debian, I volunteered to
help him get it into shape to get the package uploaded into the Debian
archive.&lt;/p&gt;

&lt;p&gt;Today we finally managed to get the package into shape and uploaded
it into Debian, where it currently
&lt;a href=&quot;https://ftp-master.debian.org//new/openalpr_2.2.1-1.html&quot;&gt;waits
in the NEW queue&lt;/a&gt; for review by the Debian ftpmasters.&lt;/p&gt;

&lt;p&gt;I guess you are wondering why on earth such tool would be useful
for the common folks, ie those not running a large government
surveillance system?  Well, I plan to put it in a computer on my bike
and in my car, tracking the cars nearby and allowing me to be notified
when number plates on my watch list are discovered.  Another use case
was suggested by a friend of mine, who wanted to set it up at his home
to open the car port automatically when it discovered the plate on his
car.  When I mentioned it perhaps was a bit foolhardy to allow anyone
capable of placing his license plate number of a piece of cardboard to
open his car port, men replied that it was always unlocked anyway.  I
guess for such use case it make sense.  I am sure there are other use
cases too, for those with imagination and a vision.&lt;/p&gt;

&lt;p&gt;If you want to build your own version of the Debian package, check
out the upstream git source and symlink ./distros/debian to ./debian/
before running &quot;debuild&quot; to build the source.  Or wait a bit until the
package show up in unstable.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Using appstream with isenkram to install hardware related packages in Debian</title>
                <link>http://people.skolelinux.org/pere/blog/Using_appstream_with_isenkram_to_install_hardware_related_packages_in_Debian.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Using_appstream_with_isenkram_to_install_hardware_related_packages_in_Debian.html</guid>
                <pubDate>Sun, 20 Dec 2015 12:20:00 +0100</pubDate>
                <description>&lt;p&gt;Around three years ago, I created
&lt;a href=&quot;http://packages.qa.debian.org/isenkram&quot;&gt;the isenkram
system&lt;/a&gt; to get a more practical solution in Debian for handing
hardware related packages.  A GUI system in the isenkram package will
present a pop-up dialog when some hardware dongle supported by
relevant packages in Debian is inserted into the machine.  The same
lookup mechanism to detect packages is available as command line
tools in the isenkram-cli package.  In addition to mapping hardware,
it will also map kernel firmware files to packages and make it easy to
install needed firmware packages automatically.  The key for this
system to work is a good way to map hardware to packages, in other
words, allow packages to announce what hardware they will work
with.&lt;/p&gt;

&lt;p&gt;I started by providing data files in the isenkram source, and
adding code to download the latest version of these data files at run
time, to ensure every user had the most up to date mapping available.
I also added support for storing the mapping in the Packages file in
the apt repositories, but did not push this approach because while I
was trying to figure out how to best store hardware/package mappings,
&lt;a href=&quot;http://www.freedesktop.org/software/appstream/docs/&quot;&gt;the
appstream system&lt;/a&gt; was announced.  I got in touch and suggested to
add the hardware mapping into that data set to be able to use
appstream as a data source, and this was accepted at least for the
Debian version of appstream.&lt;/p&gt;

&lt;p&gt;A few days ago using appstream in Debian for this became possible,
and today I uploaded a new version 0.20 of isenkram adding support for
appstream as a data source for mapping hardware to packages.  The only
package so far using appstream to announce its hardware support is my
pymissile package.  I got help from Matthias Klumpp with figuring out
how do add the required
&lt;a href=&quot;https://appstream.debian.org/html/sid/main/metainfo/pymissile.html&quot;&gt;metadata
in pymissile&lt;/a&gt;.  I added a file debian/pymissile.metainfo.xml with
this content:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
&amp;lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&amp;gt;
&amp;lt;component&amp;gt;
  &amp;lt;id&amp;gt;pymissile&amp;lt;/id&amp;gt;
  &amp;lt;metadata_license&amp;gt;MIT&amp;lt;/metadata_license&amp;gt;
  &amp;lt;name&amp;gt;pymissile&amp;lt;/name&amp;gt;
  &amp;lt;summary&amp;gt;Control original Striker USB Missile Launcher&amp;lt;/summary&amp;gt;
  &amp;lt;description&amp;gt;
    &amp;lt;p&amp;gt;
      Pymissile provides a curses interface to control an original
      Marks and Spencer / Striker USB Missile Launcher, as well as a
      motion control script to allow a webcamera to control the
      launcher.
    &amp;lt;/p&amp;gt;
  &amp;lt;/description&amp;gt;
  &amp;lt;provides&amp;gt;
    &amp;lt;modalias&amp;gt;usb:v1130p0202d*&amp;lt;/modalias&amp;gt;
  &amp;lt;/provides&amp;gt;
&amp;lt;/component&amp;gt;
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The key for isenkram is the component/provides/modalias value,
which is a glob style match rule for hardware specific strings
(modalias strings) provided by the Linux kernel.  In this case, it
will map to all USB devices with vendor code 1130 and product code
0202.&lt;/p&gt;

&lt;p&gt;Note, it is important that the license of all the metadata files
are compatible to have permissions to aggregate them into archive wide
appstream files.  Matthias suggested to use MIT or BSD licenses for
these files.  A challenge is figuring out a good id for the data, as
it is supposed to be globally unique and shared across distributions
(in other words, best to coordinate with upstream what to use).  But
it can be changed later or, so we went with the package name as
upstream for this project is dormant.&lt;/p&gt;

&lt;p&gt;To get the metadata file installed in the correct location for the
mirror update scripts to pick it up and include its content the
appstream data source, the file must be installed in the binary
package under /usr/share/appdata/.  I did this by adding the following
line to debian/pymissile.install:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
debian/pymissile.metainfo.xml usr/share/appdata
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;With that in place, the command line tool isenkram-lookup will list
all packages useful on the current computer automatically, and the GUI
pop-up handler will propose to install the package not already
installed if a hardware dongle is inserted into the machine in
question.&lt;/p&gt;

&lt;p&gt;Details of the modalias field in appstream is available from the 
&lt;a href=&quot;https://wiki.debian.org/DEP-11&quot;&gt;DEP-11&lt;/a&gt; proposal.&lt;/p&gt;

&lt;p&gt;To locate the modalias values of all hardware present in a machine,
try running this command on the command line:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
cat $(find /sys/devices/|grep modalias)
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;To learn more about the isenkram system, please check out
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/tags/isenkram/&quot;&gt;my
blog posts tagged isenkram&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>The GNU General Public License is not magic pixie dust</title>
                <link>http://people.skolelinux.org/pere/blog/The_GNU_General_Public_License_is_not_magic_pixie_dust.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_GNU_General_Public_License_is_not_magic_pixie_dust.html</guid>
                <pubDate>Mon, 30 Nov 2015 09:55:00 +0100</pubDate>
                <description>&lt;p&gt;A blog post from my fellow Debian developer Paul Wise titled
&quot;&lt;a href=&quot;http://bonedaddy.net/pabs3/log/2015/11/27/sfc-supporter/&quot;&gt;The
GPL is not magic pixie dust&lt;/a&gt;&quot; explain the importance of making sure
the &lt;a href=&quot;http://www.gnu.org/copyleft/gpl.html&quot;&gt;GPL&lt;/a&gt; is enforced.
I quote the blog post from Paul in full here with his permission:&lt;p&gt;

&lt;blockquote&gt;

&lt;p&gt;&lt;a href=&quot;https://sfconservancy.org/supporter/&quot;&gt;&lt;img src=&quot;https://sfconservancy.org/img/supporter-badge.png&quot; width=&quot;194&quot; height=&quot;90&quot; alt=&quot;Become a Software Freedom Conservancy Supporter!&quot; align=&quot;right&quot; border=&quot;0&quot; /&gt;&lt;/a&gt;&lt;/p&gt;

&lt;blockquote&gt;
The GPL is not magic pixie dust. It does not work by itself.&lt;br/&gt;

The first step is to choose a
&lt;a href=&quot;https://copyleft.org/&quot;&gt;copyleft&lt;/a&gt; license for your
code.&lt;br/&gt;

The next step is, when someone fails to follow that copyleft license,
&lt;b&gt;it must be enforced&lt;/b&gt;&lt;br/&gt;

and its a simple fact of our modern society that such type of
work&lt;br/&gt;

is incredibly expensive to do and incredibly difficult to do.
&lt;/blockquote&gt;

&lt;p&gt;&lt;small&gt;-- &lt;a href=&quot;http://ebb.org/bkuhn/&quot;&gt;Bradley Kuhn&lt;/a&gt;, in
&lt;a href=&quot;http://faif.us/&quot; title=&quot;Free as in Freedom&quot;&gt;FaiF&lt;/a&gt;
&lt;a href=&quot;http://faif.us/cast/2015/nov/24/0x57/&quot;&gt;episode
0x57&lt;/a&gt;&lt;/small&gt;&lt;/p&gt;

&lt;p&gt;As the Debian Website
&lt;a href=&quot;https://bugs.debian.org/794116&quot;&gt;used&lt;/a&gt;
&lt;a href=&quot;https://anonscm.debian.org/viewvc/webwml/webwml/english/intro/free.wml?r1=1.24&amp;amp;r2=1.25&quot;&gt;to&lt;/a&gt;
imply, public domain and permissively licensed software can lead to
the production of more proprietary software as people discover useful
software, extend it and or incorporate it into their hardware or
software products.  Copyleft licenses such as the GNU GPL were created
to close off this avenue to the production of proprietary software but
such licenses are not enough.  With the ongoing adoption of Free
Software by individuals and groups, inevitably the community&#39;s
expectations of license compliance are violated, usually out of
ignorance of the way Free Software works, but not always.  As Karen
and Bradley explained in &lt;a href=&quot;http://faif.us/&quot; title=&quot;Free as in
Freedom&quot;&gt;FaiF&lt;/a&gt;
&lt;a href=&quot;http://faif.us/cast/2015/nov/24/0x57/&quot;&gt;episode 0x57&lt;/a&gt;,
copyleft is nothing if no-one is willing and able to stand up in court
to protect it.  The reality of today&#39;s world is that legal
representation is expensive, difficult and time consuming.  With
&lt;a href=&quot;http://gpl-violations.org/&quot;&gt;gpl-violations.org&lt;/a&gt; in hiatus
&lt;a href=&quot;http://gpl-violations.org/news/20151027-homepage-recovers/&quot;&gt;until&lt;/a&gt;
some time in 2016, the &lt;a href=&quot;https://sfconservancy.org/&quot;&gt;Software
Freedom Conservancy&lt;/a&gt; (a tax-exempt charity) is the major defender
of the Linux project, Debian and other groups against GPL violations.
In March the SFC supported a
&lt;a href=&quot;https://sfconservancy.org/news/2015/mar/05/vmware-lawsuit/&quot;&gt;lawsuit
by Christoph Hellwig&lt;/a&gt; against VMware for refusing to
&lt;a href=&quot;https://sfconservancy.org/linux-compliance/vmware-lawsuit-faq.html&quot;&gt;comply
with the GPL&lt;/a&gt; in relation to their use of parts of the Linux
kernel.  Since then two of their sponsors pulled corporate funding and
conferences
&lt;a href=&quot;https://sfconservancy.org/blog/2015/nov/24/faif-carols-fundraiser/&quot;&gt;blocked
or cancelled their talks&lt;/a&gt;.  As a result they have decided to rely
less on corporate funding and more on the broad community of
individuals who support Free Software and copyleft.  So the SFC has
&lt;a href=&quot;https://sfconservancy.org/news/2015/nov/23/2015fundraiser/&quot;&gt;launched&lt;/a&gt;
a &lt;a href=&quot;https://sfconservancy.org/supporter/&quot;&gt;campaign&lt;/a&gt; to create
a community of folks who stand up for copyleft and the GPL by
supporting their work on promoting and supporting copyleft and Free
Software.&lt;/p&gt;

&lt;p&gt;If you support Free Software,
&lt;a href=&quot;https://sfconservancy.org/blog/2015/nov/26/like-what-I-do/&quot;&gt;like&lt;/a&gt;
what the SFC do, agree with their
&lt;a href=&quot;https://sfconservancy.org/linux-compliance/principles.html&quot;&gt;compliance
principles&lt;/a&gt;, are happy about their
&lt;a href=&quot;https://sfconservancy.org/supporter/&quot;&gt;successes&lt;/a&gt; in 2015,
work on a project that is an SFC
&lt;a href=&quot;https://sfconservancy.org/members/current/&quot;&gt;member&lt;/a&gt; and or
just want to stand up for copyleft, please join
&lt;a href=&quot;https://identi.ca/cwebber/image/JQGPA4qbTyyp3-MY8QpvuA&quot;&gt;Christopher
Allan Webber&lt;/a&gt;,
&lt;a href=&quot;https://sfconservancy.org/blog/2015/nov/24/faif-carols-fundraiser/&quot;&gt;Carol
Smith&lt;/a&gt;,
&lt;a href=&quot;http://www.jonobacon.org/2015/11/25/supporting-software-freedom-conservancy/&quot;&gt;Jono
Bacon&lt;/a&gt;, myself and
&lt;a href=&quot;https://sfconservancy.org/sponsors/#supporters&quot;&gt;others&lt;/a&gt; in
becoming a
&lt;a href=&quot;https://sfconservancy.org/supporter/&quot;&gt;supporter&lt;/a&gt;.  For the
next week your donation will be
&lt;a href=&quot;https://sfconservancy.org/news/2015/nov/27/black-friday/&quot;&gt;matched&lt;/a&gt;
by an anonymous donor.  Please also consider asking your employer to
match your donation or become a sponsor of SFC.  Don&#39;t forget to
spread the word about your support for SFC via email, your blog and or
social media accounts.&lt;/p&gt;

&lt;/blockquote&gt;

&lt;p&gt;I agree with Paul on this topic and just signed up as a Supporter
of Software Freedom Conservancy myself.  Perhaps you should be a
supporter too?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>PGP key transition statement for key EE4E02F9</title>
                <link>http://people.skolelinux.org/pere/blog/PGP_key_transition_statement_for_key_EE4E02F9.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/PGP_key_transition_statement_for_key_EE4E02F9.html</guid>
                <pubDate>Tue, 17 Nov 2015 10:50:00 +0100</pubDate>
                <description>&lt;p&gt;I&#39;ve needed a new OpenPGP key for a while, but have not had time to
set it up properly.  I wanted to generate it offline and have it
available on &lt;a href=&quot;http://shop.kernelconcepts.de/#openpgp&quot;&gt;a OpenPGP
smart card&lt;/a&gt; for daily use, and learning how to do it and finding
time to sit down with an offline machine almost took forever.  But
finally I&#39;ve been able to complete the process, and have now moved
from my old GPG key to a new GPG key.  See
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/images/2015-11-17-new-gpg-key-transition.txt&quot;&gt;the
full transition statement, signed with both my old and new key&lt;/a&gt; for
the details.  This is my new key:&lt;/p&gt;

&lt;pre&gt;
pub   3936R/&lt;a href=&quot;http://pgp.cs.uu.nl/stats/111D6B29EE4E02F9.html&quot;&gt;111D6B29EE4E02F9&lt;/a&gt; 2015-11-03 [expires: 2019-11-14]
      Key fingerprint = 3AC7 B2E3 ACA5 DF87 78F1  D827 111D 6B29 EE4E 02F9
uid                  Petter Reinholdtsen &amp;lt;pere@hungry.com&amp;gt;
uid                  Petter Reinholdtsen &amp;lt;pere@debian.org&amp;gt;
sub   4096R/87BAFB0E 2015-11-03 [expires: 2019-11-02]
sub   4096R/F91E6DE9 2015-11-03 [expires: 2019-11-02]
sub   4096R/A0439BAB 2015-11-03 [expires: 2019-11-02]
&lt;/pre&gt;

&lt;p&gt;The key can be downloaded from the OpenPGP key servers, signed by
my old key.&lt;/p&gt;

&lt;p&gt;If you signed my old key
(&lt;a href=&quot;http://pgp.cs.uu.nl/stats/DB4CCC4B2A30D729.html&quot;&gt;DB4CCC4B2A30D729&lt;/a&gt;),
I&#39;d very much appreciate a signature on my new key, details and
instructions in the transition statement. I m happy to reciprocate if
you have a similarly signed transition statement to present.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>The life and death of a laptop battery</title>
                <link>http://people.skolelinux.org/pere/blog/The_life_and_death_of_a_laptop_battery.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_life_and_death_of_a_laptop_battery.html</guid>
                <pubDate>Thu, 24 Sep 2015 16:00:00 +0200</pubDate>
                <description>&lt;p&gt;When I get a new laptop, the battery life time at the start is OK.
But this do not last.  The last few laptops gave me a feeling that
within a year, the life time is just a fraction of what it used to be,
and it slowly become painful to use the laptop without power connected
all the time.  Because of this, when I got a new Thinkpad X230 laptop
about two years ago, I decided to monitor its battery state to have
more hard facts when the battery started to fail.&lt;/p&gt;

&lt;img src=&quot;http://people.skolelinux.org/pere/blog/images/2015-09-24-laptop-battery-graph.png&quot;/&gt;

&lt;p&gt;First I tried to find a sensible Debian package to record the
battery status, assuming that this must be a problem already handled
by someone else.  I found
&lt;a href=&quot;https://tracker.debian.org/pkg/battery-stats&quot;&gt;battery-stats&lt;/a&gt;,
which collects statistics from the battery, but it was completely
broken.  I sent a few suggestions to the maintainer, but decided to
write my own collector as a shell script while I waited for feedback
from him.  Via
&lt;a href=&quot;http://www.ifweassume.com/2013/08/the-de-evolution-of-my-laptop-battery.html&quot;&gt;a
blog post about the battery development on a MacBook Air&lt;/a&gt; I also
discovered
&lt;a href=&quot;https://github.com/jradavenport/batlog.git&quot;&gt;batlog&lt;/a&gt;, not
available in Debian.&lt;/p&gt;

&lt;p&gt;I started my collector 2013-07-15, and it has been collecting
battery stats ever since. Now my
/var/log/hjemmenett-battery-status.log file contain around 115,000
measurements, from the time the battery was working great until now,
when it is unable to charge above 7% of original capacity.  My
collector shell script is quite simple and look like this:&lt;/p&gt;

&lt;pre&gt;
#!/bin/sh
# Inspired by
# http://www.ifweassume.com/2013/08/the-de-evolution-of-my-laptop-battery.html
# See also
# http://blog.sleeplessbeastie.eu/2013/01/02/debian-how-to-monitor-battery-capacity/
logfile=/var/log/hjemmenett-battery-status.log

files=&quot;manufacturer model_name technology serial_number \
    energy_full energy_full_design energy_now cycle_count status&quot;

if [ ! -e &quot;$logfile&quot; ] ; then
    (
        printf &quot;timestamp,&quot;
        for f in $files; do
            printf &quot;%s,&quot; $f
        done
        echo
    ) &gt; &quot;$logfile&quot;
fi

log_battery() {
    # Print complete message in one echo call, to avoid race condition
    # when several log processes run in parallel.
    msg=$(printf &quot;%s,&quot; $(date +%s); \
        for f in $files; do \
            printf &quot;%s,&quot; $(cat $f); \
        done)
    echo &quot;$msg&quot;
}

cd /sys/class/power_supply

for bat in BAT*; do
    (cd $bat &amp;&amp; log_battery &gt;&gt; &quot;$logfile&quot;)
done
&lt;/pre&gt;

&lt;p&gt;The script is called when the power management system detect a
change in the power status (power plug in or out), and when going into
and out of hibernation and suspend.  In addition, it collect a value
every 10 minutes.  This make it possible for me know when the battery
is discharging, charging and how the maximum charge change over time.
The code for the Debian package
&lt;a href=&quot;https://github.com/petterreinholdtsen/battery-status&quot;&gt;is now
available on github&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;The collected log file look like this:&lt;/p&gt;

&lt;pre&gt;
timestamp,manufacturer,model_name,technology,serial_number,energy_full,energy_full_design,energy_now,cycle_count,status,
1376591133,LGC,45N1025,Li-ion,974,62800000,62160000,39050000,0,Discharging,
[...]
1443090528,LGC,45N1025,Li-ion,974,4900000,62160000,4900000,0,Full,
1443090601,LGC,45N1025,Li-ion,974,4900000,62160000,4900000,0,Full,
&lt;/pre&gt;

&lt;p&gt;I wrote a small script to create a graph of the charge development
over time.  This graph depicted above show the slow death of my laptop
battery.&lt;/p&gt;

&lt;p&gt;But why is this happening?  Why are my laptop batteries always
dying in a year or two, while the batteries of space probes and
satellites keep working year after year.  If we are to believe
&lt;a href=&quot;http://batteryuniversity.com/learn/article/how_to_prolong_lithium_based_batteries&quot;&gt;Battery
University&lt;/a&gt;, the cause is me charging the battery whenever I have a
chance, and the fix is to not charge the Lithium-ion batteries to 100%
all the time, but to stay below 90% of full charge most of the time.
I&#39;ve been told that the Tesla electric cars
&lt;a href=&quot;http://my.teslamotors.com/de_CH/forum/forums/battery-charge-limit&quot;&gt;limit
the charge of their batteries to 80%&lt;/a&gt;, with the option to charge to
100% when preparing for a longer trip (not that I would want a car
like Tesla where rights to privacy is abandoned, but that is another
story), which I guess is the option we should have for laptops on
Linux too.&lt;/p&gt;

&lt;p&gt;Is there a good and generic way with Linux to tell the battery to
stop charging at 80%, unless requested to charge to 100% once in
preparation for a longer trip?  I found
&lt;a href=&quot;http://askubuntu.com/questions/34452/how-can-i-limit-battery-charging-to-80-capacity&quot;&gt;one
recipe on askubuntu for Ubuntu to limit charging on Thinkpad to
80%&lt;/a&gt;, but could not get it to work (kernel module refused to
load).&lt;/p&gt;

&lt;p&gt;I wonder why the battery capacity was reported to be more than 100%
at the start.  I also wonder why the &quot;full capacity&quot; increases some
times, and if it is possible to repeat the process to get the battery
back to design capacity.  And I wonder if the discharge and charge
speed change over time, or if this stay the same.  I did not yet try
to write a tool to calculate the derivative values of the battery
level, but suspect some interesting insights might be learned from
those.&lt;/p&gt;

&lt;p&gt;Update 2015-09-24: I got a tip to install the packages
acpi-call-dkms and tlp (unfortunately missing in Debian stable)
packages instead of the tp-smapi-dkms package I had tried to use
initially, and use &#39;tlp setcharge 40 80&#39; to change when charging start
and stop.  I&#39;ve done so now, but expect my existing battery is toast
and need to be replaced.  The proposal is unfortunately Thinkpad
specific.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>New laptop - some more clues and ideas based on feedback</title>
                <link>http://people.skolelinux.org/pere/blog/New_laptop___some_more_clues_and_ideas_based_on_feedback.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_laptop___some_more_clues_and_ideas_based_on_feedback.html</guid>
                <pubDate>Sun, 5 Jul 2015 21:40:00 +0200</pubDate>
                <description>&lt;p&gt;Several people contacted me after my previous blog post about my
need for a new laptop, and provided very useful feedback.  I wish to
thank every one of these.  Several pointed me to the possibility of
fixing my X230, and I am already in the process of getting Lenovo to
do so thanks to the on site, next day support contract covering the
machine.  But the battery is almost useless (I expect to replace it
with a non-official battery) and I do not expect the machine to live
for many more years, so it is time to plan its replacement.  If I did
not have a support contract, it was suggested to find replacement parts
using &lt;a href=&quot;http://www.francecrans.com/&quot;&gt;FrancEcrans&lt;/a&gt;, but it
might present a language barrier as I do not understand French.&lt;/p&gt;

&lt;p&gt;One tip I got was to use the
&lt;a href=&quot;https://skinflint.co.uk/?cat=nb&quot;&gt;Skinflint&lt;/a&gt; web service to
compare laptop models.  It seem to have more models available than
prisjakt.no.  Another tip I got from someone I know have similar
keyboard preferences was that the HP EliteBook 840 keyboard is not
very good, and this matches my experience with earlier EliteBook
keyboards I tested.  Because of this, I will not consider it any further.

&lt;p&gt;When I wrote my blog post, I was not aware of Thinkpad X250, the
newest Thinkpad X model.  The keyboard reintroduces mouse buttons
(which is missing from the X240), and is working fairly well with
Debian Sid/Unstable according to
&lt;a href=&quot;http://www.corsac.net/X250/&quot;&gt;Corsac.net&lt;/a&gt;.  The reports I
got on the keyboard quality are not consistent.  Some say the keyboard
is good, others say it is ok, while others say it is not very good.
Those with experience from X41 and and X60 agree that the X250
keyboard is not as good as those trusty old laptops, and suggest I
keep and fix my X230 instead of upgrading, or get a used X230 to
replace it.  I&#39;m also told that the X250 lack leds for caps lock, disk
activity and battery status, which is very convenient on my X230.  I&#39;m
also told that the CPU fan is running very often, making it a bit
noisy.  In any case, the X250 do not work out of the box with Debian
Stable/Jessie, one of my requirements.&lt;/p&gt;

&lt;p&gt;I have also gotten a few vendor proposals, one was
&lt;a href=&quot;http://pro-star.com&quot;&gt;Pro-Star&lt;/a&gt;, another was
&lt;a href=&quot;http://shop.gluglug.org.uk/product/libreboot-x200/&quot;&gt;Libreboot&lt;/a&gt;.
The latter look very attractive to me.&lt;/p&gt;

&lt;p&gt;Again, thank you all for the very useful feedback.  It help a lot
as I keep looking for a replacement.&lt;/p&gt;

&lt;p&gt;Update 2015-07-06: I was recommended to check out the
&lt;a href=&quot;&quot;&gt;lapstore.de&lt;/a&gt; web shop for used laptops.  They got several
different
&lt;a href=&quot;http://www.lapstore.de/f.php/shop/lapstore/f/411/lang/x/kw/Lenovo_ThinkPad_X_Serie/&quot;&gt;old
thinkpad X models&lt;/a&gt;, and provide one year warranty.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Time to find a new laptop, as the old one is broken after only two years</title>
                <link>http://people.skolelinux.org/pere/blog/Time_to_find_a_new_laptop__as_the_old_one_is_broken_after_only_two_years.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Time_to_find_a_new_laptop__as_the_old_one_is_broken_after_only_two_years.html</guid>
                <pubDate>Fri, 3 Jul 2015 07:10:00 +0200</pubDate>
                <description>&lt;p&gt;My primary work horse laptop is failing, and will need a
replacement soon.  The left 5 cm of the screen on my Thinkpad X230
started flickering yesterday, and I suspect the cause is a broken
cable, as changing the angle of the screen some times get rid of the
flickering.&lt;/p&gt;

&lt;p&gt;My requirements have not really changed since I bought it, and is
still as
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Thank_you_Thinkpad_X41__for_your_long_and_trustworthy_service.html&quot;&gt;I
described them in 2013&lt;/a&gt;.  The last time I bought a laptop, I had
good help from
&lt;a href=&quot;http://www.prisjakt.no/category.php?k=353&quot;&gt;prisjakt.no&lt;/a&gt;
where I could select at least a few of the requirements (mouse pin,
wifi, weight) and go through the rest manually.  Three button mouse
and a good keyboard is not available as an option, and all the three
laptop models proposed today (Thinkpad X240, HP EliteBook 820 G1 and
G2) lack three mouse buttons).  It is also unclear to me how good the
keyboard on the HP EliteBooks are.  I hope Lenovo have not messed up
the keyboard, even if the quality and robustness in the X series have
deteriorated since X41.&lt;/p&gt;

&lt;p&gt;I wonder how I can find a sensible laptop when none of the options
seem sensible to me?  Are there better services around to search the
set of available laptops for features?  Please send me an email if you
have suggestions.&lt;/p&gt;

&lt;p&gt;Update 2015-07-23: I got a suggestion to check out the FSF
&lt;a href=&quot;http://www.fsf.org/resources/hw/endorsement/respects-your-freedom&quot;&gt;list
of endorsed hardware&lt;/a&gt;, which is useful background information.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to stay with sysvinit in Debian Jessie</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_stay_with_sysvinit_in_Debian_Jessie.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_stay_with_sysvinit_in_Debian_Jessie.html</guid>
                <pubDate>Sat, 22 Nov 2014 01:00:00 +0100</pubDate>
                <description>&lt;p&gt;By now, it is well known that Debian Jessie will not be using
sysvinit as its boot system by default.  But how can one keep using
sysvinit in Jessie?  It is fairly easy, and here are a few recipes,
courtesy of
&lt;a href=&quot;http://www.vitavonni.de/blog/201410/2014102101-avoiding-systemd.html&quot;&gt;Erich
Schubert&lt;/a&gt; and
&lt;a href=&quot;http://smcv.pseudorandom.co.uk/2014/still_universal/&quot;&gt;Simon
McVittie&lt;/a&gt;.

&lt;p&gt;If you already are using Wheezy and want to upgrade to Jessie and
keep sysvinit as your boot system, create a file
&lt;tt&gt;/etc/apt/preferences.d/use-sysvinit&lt;/tt&gt; with this content before
you upgrade:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
Package: systemd-sysv
Pin: release o=Debian
Pin-Priority: -1
&lt;/pre&gt;&lt;/blockquote&gt;&lt;p&gt;

&lt;p&gt;This file content will tell apt and aptitude to not consider
installing systemd-sysv as part of any installation and upgrade
solution when resolving dependencies, and thus tell it to avoid
systemd as a default boot system.  The end result should be that the
upgraded system keep using sysvinit.&lt;/p&gt;

&lt;p&gt;If you are installing Jessie for the first time, there is no way to
get sysvinit installed by default (debootstrap used by
debian-installer have no option for this), but one can tell the
installer to switch to sysvinit before the first boot.  Either by
using a kernel argument to the installer, or by adding a line to the
preseed file used.  First, the kernel command line argument:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
preseed/late_command=&quot;in-target apt-get install --purge -y sysvinit-core&quot;
&lt;/pre&gt;&lt;/blockquote&gt;&lt;p&gt;

&lt;p&gt;Next, the line to use in a preseed file:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
d-i preseed/late_command string in-target apt-get install -y sysvinit-core
&lt;/pre&gt;&lt;/blockquote&gt;&lt;p&gt;

&lt;p&gt;One can of course also do this after the first boot by installing
the sysvinit-core package.&lt;/p&gt;

&lt;p&gt;I recommend only using sysvinit if you really need it, as the
sysvinit boot sequence in Debian have several hardware specific bugs
on Linux caused by the fact that it is unpredictable when hardware
devices show up during boot.  But on the other hand, the new default
boot system still have a few rough edges I hope will be fixed before
Jessie is released.&lt;/p&gt;

&lt;p&gt;Update 2014-11-26: Inspired by
&lt;ahref=&quot;https://www.mirbsd.org/permalinks/wlog-10-tg_e20141125-tg.htm#e20141125-tg_wlog-10-tg&quot;&gt;a
blog post by Torsten Glaser&lt;/a&gt;, added --purge to the preseed
line.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>A Debian package for SMTP via Tor (aka SMTorP) using exim4</title>
                <link>http://people.skolelinux.org/pere/blog/A_Debian_package_for_SMTP_via_Tor__aka_SMTorP__using_exim4.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_Debian_package_for_SMTP_via_Tor__aka_SMTorP__using_exim4.html</guid>
                <pubDate>Mon, 10 Nov 2014 13:40:00 +0100</pubDate>
                <description>&lt;p&gt;The right to communicate with your friends and family in private,
without anyone snooping, is a right every citicen have in a liberal
democracy.  But this right is under serious attack these days.&lt;/p&gt;

&lt;p&gt;A while back it occurred to me that one way to make the dragnet
surveillance conducted by NSA, GCHQ, FRA and others (and confirmed by
the whisleblower Snowden) more expensive for Internet email,
is to deliver all email using SMTP via Tor.  Such SMTP option would be
a nice addition to the FreedomBox project if we could send email
between FreedomBox machines without leaking metadata about the emails
to the people peeking on the wire.  I
&lt;a href=&quot;http://lists.alioth.debian.org/pipermail/freedombox-discuss/2014-October/006493.html&quot;&gt;proposed
this on the FreedomBox project mailing list in October&lt;/a&gt; and got a
lot of useful feedback and suggestions.  It also became obvious to me
that this was not a novel idea, as the same idea was tested and
documented by Johannes Berg as early as 2006, and both
&lt;a href=&quot;https://github.com/pagekite/Mailpile/wiki/SMTorP&quot;&gt;the
Mailpile&lt;/a&gt; and &lt;a href=&quot;http://dee.su/cables&quot;&gt;the Cables&lt;/a&gt; systems
propose a similar method / protocol to pass emails between users.&lt;/p&gt;

&lt;p&gt;To implement such system one need to set up a Tor hidden service
providing the SMTP protocol on port 25, and use email addresses
looking like username@hidden-service-name.onion.  With such addresses
the connections to port 25 on hidden-service-name.onion using Tor will
go to the correct SMTP server.  To do this, one need to configure the
Tor daemon to provide the hidden service and the mail server to accept
emails for this .onion domain.  To learn more about Exim configuration
in Debian and test the design provided by Johannes Berg in his FAQ, I
set out yesterday to create a Debian package for making it trivial to
set up such SMTP over Tor service based on Debian.  Getting it to work
were fairly easy, and
&lt;a href=&quot;https://github.com/petterreinholdtsen/exim4-smtorp&quot;&gt;the
source code for the Debian package&lt;/a&gt; is available from github.  I
plan to move it into Debian if further testing prove this to be a
useful approach.&lt;/p&gt;

&lt;p&gt;If you want to test this, set up a blank Debian machine without any
mail system installed (or run &lt;tt&gt;apt-get purge exim4-config&lt;/tt&gt; to
get rid of exim4).  Install tor, clone the git repository mentioned
above, build the deb and install it on the machine.  Next, run
&lt;tt&gt;/usr/lib/exim4-smtorp/setup-exim-hidden-service&lt;/tt&gt; and follow
the instructions to get the service up and running.  Restart tor and
exim when it is done, and test mail delivery using swaks like
this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
torsocks swaks --server dutlqrrmjhtfa3vp.onion \
  --to fbx@dutlqrrmjhtfa3vp.onion
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;This will test the SMTP delivery using tor.  Replace the email
address with your own address to test your server. :)&lt;/p&gt;

&lt;p&gt;The setup procedure is still to complex, and I hope it can be made
easier and more automatic.  Especially the tor setup need more work.
Also, the package include a tor-smtp tool written in C, but its task
should probably be rewritten in some script language to make the deb
architecture independent.  It would probably also make the code easier
to review.  The tor-smtp tool currently need to listen on a socket for
exim to talk to it and is started using xinetd.  It would be better if
no daemon and no socket is needed.  I suspect it is possible to get
exim to run a command line tool for delivery instead of talking to a
socket, and hope to figure out how in a future version of this
system.&lt;/p&gt;

&lt;p&gt;Until I wipe my test machine, I can be reached using the
&lt;tt&gt;fbx@dutlqrrmjhtfa3vp.onion&lt;/tt&gt; mail address, deliverable over
SMTorP. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>listadmin, the quick way to moderate mailman lists - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/listadmin__the_quick_way_to_moderate_mailman_lists___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/listadmin__the_quick_way_to_moderate_mailman_lists___nice_free_software.html</guid>
                <pubDate>Wed, 22 Oct 2014 20:00:00 +0200</pubDate>
                <description>&lt;p&gt;If you ever had to moderate a mailman list, like the ones on
alioth.debian.org, you know the web interface is fairly slow to
operate.  First you visit one web page, enter the moderation password
and get a new page shown with a list of all the messages to moderate
and various options for each email address.  This take a while for
every list you moderate, and you need to do it regularly to do a good
job as a list moderator.  But there is a quick alternative,
&lt;a href=&quot;http://heim.ifi.uio.no/kjetilho/hacks/#listadmin&quot;&gt;the
listadmin program&lt;/a&gt;.  It allow you to check lists for new messages
to moderate in a fraction of a second.  Here is a test run on two
lists I recently took over:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
% time listadmin xiph
fetching data for pkg-xiph-commits@lists.alioth.debian.org ... nothing in queue
fetching data for pkg-xiph-maint@lists.alioth.debian.org ... nothing in queue

real    0m1.709s
user    0m0.232s
sys     0m0.012s
%
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;In 1.7 seconds I had checked two mailing lists and confirmed that
there are no message in the moderation queue.  Every morning I
currently moderate 68 mailman lists, and it normally take around two
minutes.  When I took over the two pkg-xiph lists above a few days
ago, there were 400 emails waiting in the moderator queue.  It took me
less than 15 minutes to process them all using the listadmin
program.&lt;/p&gt;

&lt;p&gt;If you install
&lt;a href=&quot;https://tracker.debian.org/pkg/listadmin&quot;&gt;the listadmin
package&lt;/a&gt; from Debian and create a file &lt;tt&gt;~/.listadmin.ini&lt;/tt&gt;
with content like this, the moderation task is a breeze:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
username username@example.org
spamlevel 23
default discard
discard_if_reason &quot;Posting restricted to members only. Remove us from your mail list.&quot;

password secret
adminurl https://{domain}/mailman/admindb/{list}
mailman-list@lists.example.com

password hidden
other-list@otherserver.example.org
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;There are other options to set as well.  Check the manual page to
learn the details.&lt;/p&gt;

&lt;p&gt;If you are forced to moderate lists on a mailman installation where
the SSL certificate is self signed or not properly signed by a
generally accepted signing authority, you can set a environment
variable when calling listadmin to disable SSL verification:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
PERL_LWP_SSL_VERIFY_HOSTNAME=0 listadmin
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;If you want to moderate a subset of the lists you take care of, you
can provide an argument to the listadmin script like I do in the
initial screen dump (the xiph argument).  Using an argument, only
lists matching the argument string will be processed.  This make it
quick to accept messages if you notice the moderation request in your
email.&lt;/p&gt;

&lt;p&gt;Without the listadmin program, I would never be the moderator of 68
mailing lists, as I simply do not have time to spend on that if the
process was any slower. The listadmin program have saved me hours of
time I could spend elsewhere over the years.  It truly is nice free
software.&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;

&lt;p&gt;Update 2014-10-27: Added missing &#39;username&#39; statement in
configuration example.  Also, I&#39;ve been told that the
PERL_LWP_SSL_VERIFY_HOSTNAME=0 setting do not work for everyone.  Not
sure why.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian Jessie, PXE and automatic firmware installation</title>
                <link>http://people.skolelinux.org/pere/blog/Debian_Jessie__PXE_and_automatic_firmware_installation.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Jessie__PXE_and_automatic_firmware_installation.html</guid>
                <pubDate>Fri, 17 Oct 2014 14:10:00 +0200</pubDate>
                <description>&lt;p&gt;When PXE installing laptops with Debian, I often run into the
problem that the WiFi card require some firmware to work properly.
And it has been a pain to fix this using preseeding in Debian.
Normally something more is needed.  But thanks to
&lt;a href=&quot;https://packages.qa.debian.org/i/isenkram.html&quot;&gt;my isenkram
package&lt;/a&gt; and its recent tasksel extension, it has now become easy
to do this using simple preseeding.&lt;/p&gt;

&lt;p&gt;The isenkram-cli package provide tasksel tasks which will install
firmware for the hardware found in the machine (actually, requested by
the kernel modules for the hardware).  (It can also install user space
programs supporting the hardware detected, but that is not the focus
of this story.)&lt;/p&gt;

&lt;p&gt;To get this working in the default installation, two preeseding
values are needed.  First, the isenkram-cli package must be installed
into the target chroot (aka the hard drive) before tasksel is executed
in the pkgsel step of the debian-installer system.  This is done by
preseeding the base-installer/includes debconf value to include the
isenkram-cli package.  The package name is next passed to debootstrap
for installation.  With the isenkram-cli package in place, tasksel
will automatically use the isenkram tasks to detect hardware specific
packages for the machine being installed and install them, because
isenkram-cli contain tasksel tasks.&lt;/p&gt;

&lt;p&gt;Second, one need to enable the non-free APT repository, because
most firmware unfortunately is non-free.  This is done by preseeding
the apt-mirror-setup step.  This is unfortunate, but for a lot of
hardware it is the only option in Debian.&lt;/p&gt;

&lt;p&gt;The end result is two lines needed in your preseeding file to get
firmware installed automatically by the installer:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
base-installer base-installer/includes string isenkram-cli
apt-mirror-setup apt-setup/non-free boolean true
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The current version of isenkram-cli in testing/jessie will install
both firmware and user space packages when using this method.  It also
do not work well, so use version 0.15 or later.  Installing both
firmware and user space packages might give you a bit more than you
want, so I decided to split the tasksel task in two, one for firmware
and one for user space programs.  The firmware task is enabled by
default, while the one for user space programs is not.  This split is
implemented in the package currently in unstable.&lt;/p&gt;

&lt;p&gt;If you decide to give this a go, please let me know (via email) how
this recipe work for you. :)&lt;/p&gt;

&lt;p&gt;So, I bet you are wondering, how can this work.  First and
foremost, it work because tasksel is modular, and driven by whatever
files it find in /usr/lib/tasksel/ and /usr/share/tasksel/.  So the
isenkram-cli package place two files for tasksel to find.  First there
is the task description file (/usr/share/tasksel/descs/isenkram.desc):&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
Task: isenkram-packages
Section: hardware
Description: Hardware specific packages (autodetected by isenkram)
 Based on the detected hardware various hardware specific packages are
 proposed.
Test-new-install: show show
Relevance: 8
Packages: for-current-hardware

Task: isenkram-firmware
Section: hardware
Description: Hardware specific firmware packages (autodetected by isenkram)
 Based on the detected hardware various hardware specific firmware
 packages are proposed.
Test-new-install: mark show
Relevance: 8
Packages: for-current-hardware-firmware
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The key parts are Test-new-install which indicate how the task
should be handled and the Packages line referencing to a script in
/usr/lib/tasksel/packages/.  The scripts use other scripts to get a
list of packages to install.  The for-current-hardware-firmware script
look like this to list relevant firmware for the machine:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
#
PATH=/usr/sbin:$PATH
export PATH
isenkram-autoinstall-firmware -l
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;With those two pieces in place, the firmware is installed by
tasksel during the normal d-i run. :)&lt;/p&gt;

&lt;p&gt;If you want to test what tasksel will install when isenkram-cli is
installed, run &lt;tt&gt;DEBIAN_PRIORITY=critical tasksel --test
--new-install&lt;/tt&gt; to get the list of packages that tasksel would
install.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://wiki.debian.org/DebianEdu/&quot;&gt;Debian Edu&lt;/a&gt; will be
pilots in testing this feature, as isenkram is used there now to
install firmware, replacing the earlier scripts.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Ubuntu used to show the bread prizes at ICA Storo</title>
                <link>http://people.skolelinux.org/pere/blog/Ubuntu_used_to_show_the_bread_prizes_at_ICA_Storo.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Ubuntu_used_to_show_the_bread_prizes_at_ICA_Storo.html</guid>
                <pubDate>Sat, 4 Oct 2014 15:20:00 +0200</pubDate>
                <description>&lt;p&gt;Today I came across an unexpected Ubuntu boot screen.  Above the
bread shelf on the ICA shop at Storo in Oslo, the grub menu of Ubuntu
with Linux kernel 3.2.0-23 (ie probably version 12.04 LTS) was stuck
on a screen normally showing the bread types and prizes:&lt;/p&gt;

&lt;p align=&quot;center&quot;&gt;&lt;img width=&quot;70%&quot; src=&quot;http://people.skolelinux.org/pere/blog/images/2014-10-04-ubuntu-ica-storo-crop.jpeg&quot;&gt;&lt;/p&gt;

&lt;p&gt;If it had booted as it was supposed to, I would never had known
about this hidden Linux installation.  It is interesting what
&lt;a href=&quot;http://revealingerrors.com/&quot;&gt;errors can reveal&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>New lsdvd release version 0.17 is ready</title>
                <link>http://people.skolelinux.org/pere/blog/New_lsdvd_release_version_0_17_is_ready.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_lsdvd_release_version_0_17_is_ready.html</guid>
                <pubDate>Sat, 4 Oct 2014 08:40:00 +0200</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://sourceforge.net/p/lsdvd/&quot;&gt;lsdvd project&lt;/a&gt;
got a new set of developers a few weeks ago, after the original
developer decided to step down and pass the project to fresh blood.
This project is now maintained by Petter Reinholdtsen and Steve
Dibb.&lt;/p&gt;

&lt;p&gt;I just wrapped up
&lt;a href=&quot;https://sourceforge.net/p/lsdvd/mailman/message/32896061/&quot;&gt;a
new lsdvd release&lt;/a&gt;, available in git or from
&lt;a href=&quot;https://sourceforge.net/projects/lsdvd/files/lsdvd/&quot;&gt;the
download page&lt;/a&gt;.  This is the changelog dated 2014-10-03 for version
0.17.&lt;/p&gt;

&lt;ul&gt;

 &lt;li&gt;Ignore &#39;phantom&#39; audio, subtitle tracks&lt;/li&gt;
 &lt;li&gt;Check for garbage in the program chains, which indicate that a track is
   non-existant, to work around additional copy protection&lt;/li&gt;
 &lt;li&gt;Fix displaying content type for audio tracks, subtitles&lt;/li&gt;
 &lt;li&gt;Fix pallete display of first entry&lt;/li&gt;
 &lt;li&gt;Fix include orders&lt;/li&gt;
 &lt;li&gt;Ignore read errors in titles that would not be displayed anyway&lt;/li&gt;
 &lt;li&gt;Fix the chapter count&lt;/li&gt;
 &lt;li&gt;Make sure the array size and the array limit used when initialising
   the palette size is the same.&lt;/li&gt;
 &lt;li&gt;Fix array printing.&lt;/li&gt;
 &lt;li&gt;Correct subsecond calculations.&lt;/li&gt;
 &lt;li&gt;Add sector information to the output format.&lt;/li&gt;
 &lt;li&gt;Clean up code to be closer to ANSI C and compile without warnings
   with more GCC compiler warnings.&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;This change bring together patches for lsdvd in use in various
Linux and Unix distributions, as well as patches submitted to the
project the last nine years.  Please check it out. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to test Debian Edu Jessie despite some fatal problems with the installer</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_test_Debian_Edu_Jessie_despite_some_fatal_problems_with_the_installer.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_test_Debian_Edu_Jessie_despite_some_fatal_problems_with_the_installer.html</guid>
                <pubDate>Fri, 26 Sep 2014 12:20:00 +0200</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu / Skolelinux
project&lt;/a&gt; provide a Linux solution for schools, including a
powerful desktop with education software, a central server providing
web pages, user database, user home directories, central login and PXE
boot of both  clients without disk and the installation to install Debian
Edu on machines with disk (and a few other services perhaps to small
to mention here).  We in the Debian Edu team are currently working on
the Jessie based version, trying to get everything in shape before the
freeze, to avoid having to maintain our own package repository in the
future.  The
&lt;a href=&quot;https://wiki.debian.org/DebianEdu/Status/Jessie&quot;&gt;current
status&lt;/a&gt; can be seen on the Debian wiki, and there is still heaps of
work left.  Some fatal problems block testing, breaking the installer,
but it is possible to work around these to get anyway.  Here is a
recipe on how to get the installation limping along.&lt;/p&gt;

&lt;p&gt;First, download the test ISO via
&lt;a href=&quot;ftp://ftp.skolelinux.no/cd-edu-testing-nolocal-netinst/debian-edu-amd64-i386-NETINST-1.iso&quot;&gt;ftp&lt;/a&gt;,
&lt;a href=&quot;http://ftp.skolelinux.no/cd-edu-testing-nolocal-netinst/debian-edu-amd64-i386-NETINST-1.iso&quot;&gt;http&lt;/a&gt;
or rsync (use
ftp.skolelinux.org::cd-edu-testing-nolocal-netinst/debian-edu-amd64-i386-NETINST-1.iso).
The ISO build was broken on Tuesday, so we do not get a new ISO every
12 hours or so, but thankfully the ISO we already got we are able to
install with some tweaking.&lt;/p&gt;

&lt;p&gt;When you get to the Debian Edu profile question, go to tty2
(use Alt-Ctrl-F2), run&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
nano /usr/bin/edu-eatmydata-install
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;and add &#39;exit 0&#39; as the second line, disabling the eatmydata
optimization.  Return to the installation, select the profile you want
and continue.  Without this change, exim4-config will fail to install
due to a known bug in eatmydata.&lt;/p&gt;

&lt;p&gt;When you get the grub question at the end, answer /dev/sda (or if
this do not work, figure out what your correct value would be.  All my
test machines need /dev/sda, so I have no advice if it do not fit
your need.&lt;/p&gt;

&lt;p&gt;If you installed a profile including a graphical desktop, log in as
root after the initial boot from hard drive, and install the
education-desktop-XXX metapackage.  XXX can be kde, gnome, lxde, xfce
or mate.  If you want several desktop options, install more than one
metapackage.  Once this is done, reboot and you should have a working
graphical login screen.  This workaround should no longer be needed
once the education-tasks package version 1.801 enter testing in two
days.&lt;/p&gt;

&lt;p&gt;I believe the ISO build will start working on two days when the new
tasksel package enter testing and Steve McIntyre get a chance to
update the debian-cd git repository.  The eatmydata, grub and desktop
issues are already fixed in unstable and testing, and should show up
on the ISO as soon as the ISO build start working again.  Well the
eatmydata optimization is really just disabled.  The proper fix
require an upload by the eatmydata maintainer applying the patch
provided in bug &lt;a href=&quot;https://bugs.debian.org/702711&quot;&gt;#702711&lt;/a&gt;.
The rest have proper fixes in unstable.&lt;/p&gt;

&lt;p&gt;I hope this get you going with the installation testing, as we are
quickly running out of time trying to get our Jessie based
installation ready before the distribution freeze in a month.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Suddenly I am the new upstream of the lsdvd command line tool</title>
                <link>http://people.skolelinux.org/pere/blog/Suddenly_I_am_the_new_upstream_of_the_lsdvd_command_line_tool.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Suddenly_I_am_the_new_upstream_of_the_lsdvd_command_line_tool.html</guid>
                <pubDate>Thu, 25 Sep 2014 11:20:00 +0200</pubDate>
                <description>&lt;p&gt;I use the &lt;a href=&quot;https://sourceforge.net/p/lsdvd/&quot;&gt;lsdvd tool&lt;/a&gt;
to handle my fairly large DVD collection.  It is a nice command line
tool to get details about a DVD, like title, tracks, track length,
etc, in XML, Perl or human readable format.  But lsdvd have not seen
any new development since 2006 and had a few irritating bugs affecting
its use with some DVDs.  Upstream seemed to be dead, and in January I
sent a small probe asking for a version control repository for the
project, without any reply.  But I use it regularly and would like to
get &lt;a href=&quot;https://packages.qa.debian.org/lsdvd&quot;&gt;an updated version
into Debian&lt;/a&gt;.  So two weeks ago I tried harder to get in touch with
the project admin, and after getting a reply from him explaining that
he was no longer interested in the project, I asked if I could take
over.  And yesterday, I became project admin.&lt;/p&gt;

&lt;p&gt;I&#39;ve been in touch with a Gentoo developer and the Debian
maintainer interested in joining forces to maintain the upstream
project, and I hope we can get a new release out fairly quickly,
collecting the patches spread around on the internet into on place.
I&#39;ve added the relevant Debian patches to the freshly created git
repository, and expect the Gentoo patches to make it too.  If you got
a DVD collection and care about command line tools, check out
&lt;a href=&quot;https://sourceforge.net/p/lsdvd/git/ci/master/tree/&quot;&gt;the git source&lt;/a&gt; and join
&lt;a href=&quot;https://sourceforge.net/p/lsdvd/mailman/&quot;&gt;the project mailing
list&lt;/a&gt;. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Speeding up the Debian installer using eatmydata and dpkg-divert</title>
                <link>http://people.skolelinux.org/pere/blog/Speeding_up_the_Debian_installer_using_eatmydata_and_dpkg_divert.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Speeding_up_the_Debian_installer_using_eatmydata_and_dpkg_divert.html</guid>
                <pubDate>Tue, 16 Sep 2014 14:00:00 +0200</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://www.debian.org/&quot;&gt;Debian&lt;/a&gt; installer could be
a lot quicker.  When we install more than 2000 packages in
&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Skolelinux / Debian Edu&lt;/a&gt; using
tasksel in the installer, unpacking the binary packages take forever.
A part of the slow I/O issue was discussed in
&lt;a href=&quot;https://bugs.debian.org/613428&quot;&gt;bug #613428&lt;/a&gt; about too
much file system sync-ing done by dpkg, which is the package
responsible for unpacking the binary packages.  Other parts (like code
executed by postinst scripts) might also sync to disk during
installation.  All this sync-ing to disk do not really make sense to
me.  If the machine crash half-way through, I start over, I do not try
to salvage the half installed system.  So the failure sync-ing is
supposed to protect against, hardware or system crash, is not really
relevant while the installer is running.&lt;/p&gt;

&lt;p&gt;A few days ago, I thought of a way to get rid of all the file
system sync()-ing in a fairly non-intrusive way, without the need to
change the code in several packages.  The idea is not new, but I have
not heard anyone propose the approach using dpkg-divert before.  It
depend on the small and clever package
&lt;a href=&quot;https://packages.qa.debian.org/eatmydata&quot;&gt;eatmydata&lt;/a&gt;, which
uses LD_PRELOAD to replace the system functions for syncing data to
disk with functions doing nothing, thus allowing programs to live
dangerous while speeding up disk I/O significantly.  Instead of
modifying the implementation of dpkg, apt and tasksel (which are the
packages responsible for selecting, fetching and installing packages),
it occurred to me that we could just divert the programs away, replace
them with a simple shell wrapper calling
&quot;eatmydata&amp;nbsp;$program&amp;nbsp;$@&quot;, to get the same effect.
Two days ago I decided to test the idea, and wrapped up a simple
implementation for the Debian Edu udeb.&lt;/p&gt;

&lt;p&gt;The effect was stunning.  In my first test it reduced the running
time of the pkgsel step (installing tasks) from 64 to less than 44
minutes (20 minutes shaved off the installation) on an old Dell
Latitude D505 machine.  I am not quite sure what the optimised time
would have been, as I messed up the testing a bit, causing the debconf
priority to get low enough for two questions to pop up during
installation.  As soon as I saw the questions I moved the installation
along, but do not know how long the question were holding up the
installation.  I did some more measurements using Debian Edu Jessie,
and got these results.  The time measured is the time stamp in
/var/log/syslog between the &quot;pkgsel: starting tasksel&quot; and the
&quot;pkgsel: finishing up&quot; lines, if you want to do the same measurement
yourself.  In Debian Edu, the tasksel dialog do not show up, and the
timing thus do not depend on how quickly the user handle the tasksel
dialog.&lt;/p&gt;

&lt;p&gt;&lt;table&gt;

&lt;tr&gt;
&lt;th&gt;Machine/setup&lt;/th&gt;
&lt;th&gt;Original tasksel&lt;/th&gt;
&lt;th&gt;Optimised tasksel&lt;/th&gt;
&lt;th&gt;Reduction&lt;/th&gt;
&lt;/tr&gt;

&lt;tr&gt;
&lt;td&gt;Latitude D505 Main+LTSP LXDE&lt;/td&gt;
&lt;td&gt;64 min (07:46-08:50)&lt;/td&gt;
&lt;td&gt;&lt;44 min (11:27-12:11)&lt;/td&gt;
&lt;td&gt;&gt;20 min 18%&lt;/td&gt;
&lt;/tr&gt;

&lt;tr&gt;
&lt;td&gt;Latitude D505 Roaming LXDE&lt;/td&gt;
&lt;td&gt;57 min (08:48-09:45)&lt;/td&gt;
&lt;td&gt;34 min (07:43-08:17)&lt;/td&gt;
&lt;td&gt;23 min 40%&lt;/td&gt;
&lt;/tr&gt;

&lt;tr&gt;
&lt;td&gt;Latitude D505 Minimal&lt;/td&gt;
&lt;td&gt;22 min (10:37-10:59)&lt;/td&gt;
&lt;td&gt;11 min (11:16-11:27)&lt;/td&gt;
&lt;td&gt;11 min 50%&lt;/td&gt;
&lt;/tr&gt;

&lt;tr&gt;
&lt;td&gt;Thinkpad X200 Minimal&lt;/td&gt;
&lt;td&gt;6 min (08:19-08:25)&lt;/td&gt;
&lt;td&gt;4 min (08:04-08:08)&lt;/td&gt;
&lt;td&gt;2 min 33%&lt;/td&gt;
&lt;/tr&gt;

&lt;tr&gt;
&lt;td&gt;Thinkpad X200 Roaming KDE&lt;/td&gt;
&lt;td&gt;19 min (09:21-09:40)&lt;/td&gt;
&lt;td&gt;15 min (10:25-10:40)&lt;/td&gt;
&lt;td&gt;4 min 21%&lt;/td&gt;
&lt;/tr&gt;

&lt;/table&gt;&lt;/p&gt;

&lt;p&gt;The test is done using a netinst ISO on a USB stick, so some of the
time is spent downloading packages.  The connection to the Internet
was 100Mbit/s during testing, so downloading should not be a
significant factor in the measurement.  Download typically took a few
seconds to a few minutes, depending on the amount of packages being
installed.&lt;/p&gt;

&lt;p&gt;The speedup is implemented by using two hooks in
&lt;a href=&quot;https://www.debian.org/devel/debian-installer/&quot;&gt;Debian
Installer&lt;/a&gt;, the pre-pkgsel.d hook to set up the diverts, and the
finish-install.d hook to remove the divert at the end of the
installation.  I picked the pre-pkgsel.d hook instead of the
post-base-installer.d hook because I test using an ISO without the
eatmydata package included, and the post-base-installer.d hook in
Debian Edu can only operate on packages included in the ISO.  The
negative effect of this is that I am unable to activate this
optimization for the kernel installation step in d-i.  If the code is
moved to the post-base-installer.d hook, the speedup would be larger
for the entire installation.&lt;/p&gt;

&lt;p&gt;I&#39;ve implemented this in the
&lt;a href=&quot;https://packages.qa.debian.org/debian-edu-install&quot;&gt;debian-edu-install&lt;/a&gt;
git repository, and plan to provide the optimization as part of the
Debian Edu installation.  If you want to test this yourself, you can
create two files in the installer (or in an udeb).  One shell script
need do go into /usr/lib/pre-pkgsel.d/, with content like this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
info() {
    logger -t my-pkgsel &quot;info: $*&quot;
}
error() {
    logger -t my-pkgsel &quot;error: $*&quot;
}
override_install() {
    apt-install eatmydata || true
    if [ -x /target/usr/bin/eatmydata ] ; then
        for bin in dpkg apt-get aptitude tasksel ; do
            file=/usr/bin/$bin
            # Test that the file exist and have not been diverted already.
            if [ -f /target$file ] ; then
                info &quot;diverting $file using eatmydata&quot;
                printf &quot;#!/bin/sh\neatmydata $bin.distrib \&quot;\$@\&quot;\n&quot; \
                    &gt; /target$file.edu
                chmod 755 /target$file.edu
                in-target dpkg-divert --package debian-edu-config \
                    --rename --quiet --add $file
                ln -sf ./$bin.edu /target$file
            else
                error &quot;unable to divert $file, as it is missing.&quot;
            fi
        done
    else
        error &quot;unable to find /usr/bin/eatmydata after installing the eatmydata pacage&quot;
    fi
}

override_install
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;To clean up, another shell script should go into
/usr/lib/finish-install.d/ with code like this:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#! /bin/sh -e
. /usr/share/debconf/confmodule
error() {
    logger -t my-finish-install &quot;error: $@&quot;
}
remove_install_override() {
    for bin in dpkg apt-get aptitude tasksel ; do
        file=/usr/bin/$bin
        if [ -x /target$file.edu ] ; then
            rm /target$file
            in-target dpkg-divert --package debian-edu-config \
                --rename --quiet --remove $file
            rm /target$file.edu
        else
            error &quot;Missing divert for $file.&quot;
        fi
    done
    sync # Flush file buffers before continuing
}

remove_install_override
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;In Debian Edu, I placed both code fragments in a separate script
edu-eatmydata-install and call it from the pre-pkgsel.d and
finish-install.d scripts.&lt;/p&gt;

&lt;p&gt;By now you might ask if this change should get into the normal
Debian installer too?  I suspect it should, but am not sure the
current debian-installer coordinators find it useful enough.  It also
depend on the side effects of the change.  I&#39;m not aware of any, but I
guess we will see if the change is safe after some more testing.
Perhaps there is some package in Debian depending on sync() and
fsync() having effect?  Perhaps it should go into its own udeb, to
allow those of us wanting to enable it to do so without affecting
everyone.&lt;/p&gt;

&lt;p&gt;Update 2014-09-24: Since a few days ago, enabling this optimization
will break installation of all programs using gnutls because of
&lt;a href=&quot;https://bugs.debian.org/702711&quot;&gt;bug #702711&lt;/a&gt;.  An updated
eatmydata package in Debian will solve it.&lt;/p&gt;

&lt;p&gt;Update 2014-10-17: The bug mentioned above is fixed in testing and
the optimization work again.  And I have discovered that the
dpkg-divert trick is not really needed and implemented a slightly
simpler approach as part of the debian-edu-install package.  See
tools/edu-eatmydata-install in the source package.&lt;/p&gt;

&lt;p&gt;Update 2014-11-11: Unfortunately, a new
&lt;a href=&quot;http://bugs.debian.org/765738&quot;&gt;bug #765738&lt;/a&gt; in eatmydata only
triggering on i386 made it into testing, and broke this installation
optimization again.  If &lt;a href=&quot;http://bugs.debian.org/768893&quot;&gt;unblock
request 768893&lt;/a&gt; is accepted, it should be working again.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Good bye subkeys.pgp.net, welcome pool.sks-keyservers.net</title>
                <link>http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Good_bye_subkeys_pgp_net__welcome_pool_sks_keyservers_net.html</guid>
                <pubDate>Wed, 10 Sep 2014 13:10:00 +0200</pubDate>
                <description>&lt;p&gt;Yesterday, I had the pleasure of attending a talk with the
&lt;a href=&quot;http://www.nuug.no/&quot;&gt;Norwegian Unix User Group&lt;/a&gt; about
&lt;a href=&quot;http://www.nuug.no/aktiviteter/20140909-sks-keyservers/&quot;&gt;the
OpenPGP keyserver pool sks-keyservers.net&lt;/a&gt;, and was very happy to
learn that there is a large set of publicly available key servers to
use when looking for peoples public key.  So far I have used
subkeys.pgp.net, and some times wwwkeys.nl.pgp.net when the former
were misbehaving, but those days are ended.  The servers I have used
up until yesterday have been slow and some times unavailable.  I hope
those problems are gone now.&lt;/p&gt;

&lt;p&gt;Behind the round robin DNS entry of the
&lt;a href=&quot;https://sks-keyservers.net/&quot;&gt;sks-keyservers.net&lt;/a&gt; service
there is a pool of more than 100 keyservers which are checked every
day to ensure they are well connected and up to date.  It must be
better than what I have used so far. :)&lt;/p&gt;

&lt;p&gt;Yesterdays speaker told me that the service is the default
keyserver provided by the default configuration in GnuPG, but this do
not seem to be used in Debian.  Perhaps it should?&lt;/p&gt;

&lt;p&gt;Anyway, I&#39;ve updated my ~/.gnupg/options file to now include this
line:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
keyserver pool.sks-keyservers.net
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;With GnuPG version 2 one can also locate the keyserver using SRV
entries in DNS.  Just for fun, I did just that at work, so now every
user of GnuPG at the University of Oslo should find a OpenGPG
keyserver automatically should their need it:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
% host -t srv _pgpkey-http._tcp.uio.no
_pgpkey-http._tcp.uio.no has SRV record 0 100 11371 pool.sks-keyservers.net.
%
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Now if only
&lt;a href=&quot;http://ietfreport.isoc.org/idref/draft-shaw-openpgp-hkp/&quot;&gt;the
HKP lookup protocol&lt;/a&gt; supported finding signature paths, I would be
very happy.  It can look up a given key or search for a user ID, but I
normally do not want that, but to find a trust path from my key to
another key.  Given a user ID or key ID, I would like to find (and
download) the keys representing a signature path from my key to the
key in question, to be able to get a trust path between the two keys.
This is as far as I can tell not possible today.  Perhaps something
for a future version of the protocol?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>From English wiki to translated PDF and epub via Docbook</title>
                <link>http://people.skolelinux.org/pere/blog/From_English_wiki_to_translated_PDF_and_epub_via_Docbook.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/From_English_wiki_to_translated_PDF_and_epub_via_Docbook.html</guid>
                <pubDate>Tue, 17 Jun 2014 11:30:00 +0200</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu / Skolelinux
project&lt;/a&gt; provide an instruction manual for teachers, system
administrators and other users that contain useful tips for setting up
and maintaining a Debian Edu installation.  This text is about how the
text processing of this manual is handled in the project.&lt;/p&gt;

&lt;p&gt;One goal of the project is to provide information in the native
language of its users, and for this we need to handle translations.
But we also want to make sure each language contain the same
information, so for this we need a good way to keep the translations
in sync.  And we want it to be easy for our users to improve the
documentation, avoiding the need to learn special formats or tools to
contribute, and the obvious way to do this is to make it possible to
edit the documentation using a web browser.  We also want it to be
easy for translators to keep the translation up to date, and give them
help in figuring out what need to be translated. Here is the list of
tools and the process we have found trying to reach all these
goals.&lt;/p&gt;

&lt;p&gt;We maintain the authoritative source of our manual in the
&lt;a href=&quot;https://wiki.debian.org/DebianEdu/Documentation/Wheezy/&quot;&gt;Debian
wiki&lt;/a&gt;, as several wiki pages written in English.  It consist of one
front page with references to the different chapters, several pages
for each chapter, and finally one &quot;collection page&quot; gluing all the
chapters together into one large web page (aka
&lt;a href=&quot;https://wiki.debian.org/DebianEdu/Documentation/Wheezy/AllInOne&quot;&gt;the
AllInOne page&lt;/a&gt;).  The AllInOne page is the one used for further
processing and translations.  Thanks to the fact that the
&lt;a href=&quot;http://moinmo.in/&quot;&gt;MoinMoin&lt;/a&gt; installation on
wiki.debian.org support exporting pages in
&lt;a href=&quot;http://www.docbook.org/&quot;&gt;the Docbook format&lt;/a&gt;, we can fetch
the list of pages to export using the raw version of the AllInOne
page, loop over each of them to generate a Docbook XML version of the
manual.  This process also download images and transform image
references to use the locally downloaded images.  The generated
Docbook XML files are slightly broken, so some post-processing is done
using the &lt;tt&gt;documentation/scripts/get_manual&lt;/tt&gt; program, and the
result is a nice Docbook XML file (debian-edu-wheezy-manual.xml) and
a handfull of images.  The XML file can now be used to generate PDF, HTML
and epub versions of the English manual.  This is the basic step of
our process, making PDF (using dblatex), HTML (using xsltproc) and
epub (using dbtoepub) version from Docbook XML, and the resulting files
are placed in the debian-edu-doc-en binary package.&lt;/p&gt;

&lt;p&gt;But English documentation is not enough for us.  We want translated
documentation too, and we want to make it easy for translators to
track the English original.  For this we use the
&lt;a href=&quot;http://packages.qa.debian.org/p/poxml.html&quot;&gt;poxml&lt;/a&gt; package,
which allow us to transform the English Docbook XML file into a
translation file (a .pot file), usable with the normal gettext based
translation tools used by those translating free software.  The pot
file is used to create and maintain translation files (several .po
files), which the translations update with the native language
translations of all titles, paragraphs and blocks of text in the
original.  The next step is combining the original English Docbook XML
and the translation file (say debian-edu-wheezy-manual.nb.po), to
create a translated Docbook XML file (in this case
debian-edu-wheezy-manual.nb.xml).  This translated (or partly
translated, if the translation is not complete) Docbook XML file can
then be used like the original to create a PDF, HTML and epub version
of the documentation.&lt;/p&gt;

&lt;p&gt;The translators use different tools to edit the .po files.  We
recommend using
&lt;a href=&quot;http://www.kde.org/applications/development/lokalize/&quot;&gt;lokalize&lt;/a&gt;,
while some use emacs and vi, others can use web based editors like
&lt;a href=&quot;http://pootle.translatehouse.org/&quot;&gt;Poodle&lt;/a&gt; or
&lt;a href=&quot;https://www.transifex.com/&quot;&gt;Transifex&lt;/a&gt;.  All we care about
is where the .po file end up, in our git repository.  Updated
translations can either be committed directly to git, or submitted as
&lt;a href=&quot;https://bugs.debian.org/src:debian-edu-doc&quot;&gt;bug reports
against the debian-edu-doc package&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;One challenge is images, which both might need to be translated (if
they show translated user applications), and are needed in different
formats when creating PDF and HTML versions (epub is a HTML version in
this regard).  For this we transform the original PNG images to the
needed density and format during build, and have a way to provide
translated images by storing translated versions in
images/$LANGUAGECODE/.  I am a bit unsure about the details here.  The
package maintainers know more.&lt;/p&gt;

&lt;p&gt;If you wonder what the result look like, we provide
&lt;a href=&quot;http://maintainer.skolelinux.org/debian-edu-doc/&quot;&gt;the content
of the documentation packages on the web&lt;/a&gt;.  See for example the
&lt;a href=&quot;http://maintainer.skolelinux.org/debian-edu-doc/it/debian-edu-wheezy-manual.pdf&quot;&gt;Italian
PDF version&lt;/a&gt; or the
&lt;a href=&quot;http://maintainer.skolelinux.org/debian-edu-doc/de/debian-edu-wheezy-manual.html&quot;&gt;German
HTML version&lt;/a&gt;.  We do not yet build the epub version by default,
but perhaps it will be done in the future.&lt;/p&gt;

&lt;p&gt;To learn more, check out
&lt;a href=&quot;http://packages.qa.debian.org/d/debian-edu-doc.html&quot;&gt;the
debian-edu-doc package&lt;/a&gt;,
&lt;a href=&quot;https://wiki.debian.org/DebianEdu/Documentation/Wheezy/&quot;&gt;the
manual on the wiki&lt;/a&gt; and
&lt;a href=&quot;https://wiki.debian.org/DebianEdu/Documentation/Wheezy/Translations&quot;&gt;the
translation instructions&lt;/a&gt; in the manual.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Install hardware dependent packages using tasksel (Isenkram 0.7)</title>
                <link>http://people.skolelinux.org/pere/blog/Install_hardware_dependent_packages_using_tasksel__Isenkram_0_7_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Install_hardware_dependent_packages_using_tasksel__Isenkram_0_7_.html</guid>
                <pubDate>Wed, 23 Apr 2014 14:50:00 +0200</pubDate>
                <description>&lt;p&gt;It would be nice if it was easier in Debian to get all the hardware
related packages relevant for the computer installed automatically.
So I implemented one, using
&lt;a href=&quot;http://packages.qa.debian.org/isenkram&quot;&gt;my Isenkram
package&lt;/a&gt;.  To use it, install the tasksel and isenkram packages and
run tasksel as user root.  You should be presented with a new option,
&quot;Hardware specific packages (autodetected by isenkram)&quot;.  When you
select it, tasksel will install the packages isenkram claim is fit for
the current hardware, hot pluggable or not.&lt;p&gt;

&lt;p&gt;The implementation is in two files, one is the tasksel menu entry
description, and the other is the script used to extract the list of
packages to install.  The first part is in
&lt;tt&gt;/usr/share/tasksel/descs/isenkram.desc&lt;/tt&gt; and look like
this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
Task: isenkram
Section: hardware
Description: Hardware specific packages (autodetected by isenkram)
 Based on the detected hardware various hardware specific packages are
 proposed.
Test-new-install: mark show
Relevance: 8
Packages: for-current-hardware
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The second part is in
&lt;tt&gt;/usr/lib/tasksel/packages/for-current-hardware&lt;/tt&gt; and look like
this:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
#
(
    isenkram-lookup
    isenkram-autoinstall-firmware -l
) | sort -u
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;All in all, a very short and simple implementation making it
trivial to install the hardware dependent package we all may want to
have installed on our machines.  I&#39;ve not been able to find a way to
get tasksel to tell you exactly which packages it plan to install
before doing the installation.  So if you are curious or careful,
check the output from the isenkram-* command line tools first.&lt;/p&gt;

&lt;p&gt;The information about which packages are handling which hardware is
fetched either from the isenkram package itself in
/usr/share/isenkram/, from git.debian.org or from the APT package
database (using the Modaliases header).  The APT package database
parsing have caused a nasty resource leak in the isenkram daemon (bugs
&lt;a href=&quot;http://bugs.debian.org/719837&quot;&gt;#719837&lt;/a&gt; and
&lt;a href=&quot;http://bugs.debian.org/730704&quot;&gt;#730704&lt;/a&gt;).  The cause is in
the python-apt code (bug
&lt;a href=&quot;http://bugs.debian.org/745487&quot;&gt;#745487&lt;/a&gt;), but using a
workaround I was able to get rid of the file descriptor leak and
reduce the memory leak from ~30 MiB per hardware detection down to
around 2 MiB per hardware detection.  It should make the desktop
daemon a lot more useful.  The fix is in version 0.7 uploaded to
unstable today.&lt;/p&gt;

&lt;p&gt;I believe the current way of mapping hardware to packages in
Isenkram is is a good draft, but in the future I expect isenkram to
use the AppStream data source for this.  A proposal for getting proper
AppStream support into Debian is floating around as
&lt;a href=&quot;https://wiki.debian.org/DEP-11&quot;&gt;DEP-11&lt;/a&gt;, and
&lt;a href=&quot;https://wiki.debian.org/SummerOfCode2014/Projects#SummerOfCode2014.2FProjects.2FAppStreamDEP11Implementation.AppStream.2FDEP-11_for_the_Debian_Archive&quot;&gt;GSoC
project&lt;/a&gt; will take place this summer to improve the situation.  I
look forward to seeing the result, and welcome patches for isenkram to
start using the information when it is ready.&lt;/p&gt;

&lt;p&gt;If you want your package to map to some specific hardware, either
add a &quot;Xb-Modaliases&quot; header to your control file like I did in
&lt;a href=&quot;http://packages.qa.debian.org/pymissile&quot;&gt;the pymissile
package&lt;/a&gt; or submit a bug report with the details to the isenkram
package.  See also
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/tags/isenkram/&quot;&gt;all my
blog posts tagged isenkram&lt;/a&gt; for details on the notation.  I expect
the information will be migrated to AppStream eventually, but for the
moment I got no better place to store it.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>FreedomBox milestone - all packages now in Debian Sid</title>
                <link>http://people.skolelinux.org/pere/blog/FreedomBox_milestone___all_packages_now_in_Debian_Sid.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/FreedomBox_milestone___all_packages_now_in_Debian_Sid.html</guid>
                <pubDate>Tue, 15 Apr 2014 22:10:00 +0200</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox
project&lt;/a&gt; is working on providing the software and hardware to make
it easy for non-technical people to host their data and communication
at home, and being able to communicate with their friends and family
encrypted and away from prying eyes.  It is still going strong, and
today a major mile stone was reached.&lt;/p&gt;

&lt;p&gt;Today, the last of the packages currently used by the project to
created the system images were accepted into Debian Unstable.  It was
the freedombox-setup package, which is used to configure the images
during build and on the first boot.  Now all one need to get going is
the build code from the freedom-maker git repository and packages from
Debian.  And once the freedombox-setup package enter testing, we can
build everything directly from Debian. :)&lt;/p&gt;

&lt;p&gt;Some key packages used by Freedombox are
&lt;a href=&quot;http://packages.qa.debian.org/freedombox-setup&quot;&gt;freedombox-setup&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/plinth&quot;&gt;plinth&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/pagekite&quot;&gt;pagekite&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/tor&quot;&gt;tor&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/privoxy&quot;&gt;privoxy&lt;/a&gt;,
&lt;a href=&quot;http://packages.qa.debian.org/owncloud&quot;&gt;owncloud&lt;/a&gt; and
&lt;a href=&quot;http://packages.qa.debian.org/dnsmasq&quot;&gt;dnsmasq&lt;/a&gt;.  There
are plans to integrate more packages into the setup.  User
documentation is maintained on the Debian wiki.  Please
&lt;a href=&quot;https://wiki.debian.org/FreedomBox/Manual/Jessie&quot;&gt;check out
the manual&lt;/a&gt; and help us improve it.&lt;/p&gt;

&lt;p&gt;To test for yourself and create boot images with the FreedomBox
setup, run this on a Debian machine using a user with sudo rights to
become root:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
sudo apt-get install git vmdebootstrap mercurial python-docutils \
  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
  u-boot-tools
git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
  freedom-maker
make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;Root access is needed to run debootstrap and mount loopback
devices.  See the README in the freedom-maker git repo for more
details on the build.  If you do not want all three images, trim the
make line.  Note that the virtualbox-image target is not really
virtualbox specific.  It create a x86 image usable in kvm, qemu,
vmware and any other x86 virtual machine environment.  You might need
the version of vmdebootstrap in Jessie to get the build working, as it
include fixes for a race condition with kpartx.&lt;/p&gt;

&lt;p&gt;If you instead want to install using a Debian CD and the preseed
method, boot a Debian Wheezy ISO and use this boot argument to load
the preseed values:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
url=&lt;a href=&quot;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&quot;&gt;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&lt;/a&gt;
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;I have not tested it myself the last few weeks, so I do not know if
it still work.&lt;/p&gt;

&lt;p&gt;If you wonder how to help, one task you could look at is using
systemd as the boot system.  It will become the default for Linux in
Jessie, so we need to make sure it is usable on the Freedombox.  I did
a simple test a few weeks ago, and noticed dnsmasq failed to start
during boot when using systemd.  I suspect there are other problems
too. :) To detect problems, there is a test suite included, which can
be run from the plinth web interface.&lt;/p&gt;

&lt;p&gt;Give it a go and let us know how it goes on the mailing list, and help
us get the new release published. :) Please join us on
&lt;a href=&quot;irc://irc.debian.org:6667/%23freedombox&quot;&gt;IRC (#freedombox on
irc.debian.org)&lt;/a&gt; and
&lt;a href=&quot;http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss&quot;&gt;the
mailing list&lt;/a&gt; if you want to help make this vision come true.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>S3QL, a locally mounted cloud file system - nice free software</title>
                <link>http://people.skolelinux.org/pere/blog/S3QL__a_locally_mounted_cloud_file_system___nice_free_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/S3QL__a_locally_mounted_cloud_file_system___nice_free_software.html</guid>
                <pubDate>Wed, 9 Apr 2014 11:30:00 +0200</pubDate>
                <description>&lt;p&gt;For a while now, I have been looking for a sensible offsite backup
solution for use at home.  My requirements are simple, it must be
cheap and locally encrypted (in other words, I keep the encryption
keys, the storage provider do not have access to my private files).
One idea me and my friends had many years ago, before the cloud
storage providers showed up, was to use Google mail as storage,
writing a Linux block device storing blocks as emails in the mail
service provided by Google, and thus get heaps of free space.  On top
of this one can add encryption, RAID and volume management to have
lots of (fairly slow, I admit that) cheap and encrypted storage.  But
I never found time to implement such system.  But the last few weeks I
have looked at a system called
&lt;a href=&quot;https://bitbucket.org/nikratio/s3ql/&quot;&gt;S3QL&lt;/a&gt;, a locally
mounted network backed file system with the features I need.&lt;/p&gt;

&lt;p&gt;S3QL is a fuse file system with a local cache and cloud storage,
handling several different storage providers, any with Amazon S3,
Google Drive or OpenStack API.  There are heaps of such storage
providers.  S3QL can also use a local directory as storage, which
combined with sshfs allow for file storage on any ssh server.  S3QL
include support for encryption, compression, de-duplication, snapshots
and immutable file systems, allowing me to mount the remote storage as
a local mount point, look at and use the files as if they were local,
while the content is stored in the cloud as well.  This allow me to
have a backup that should survive fire.  The file system can not be
shared between several machines at the same time, as only one can
mount it at the time, but any machine with the encryption key and
access to the storage service can mount it if it is unmounted.&lt;/p&gt;

&lt;p&gt;It is simple to use.  I&#39;m using it on Debian Wheezy, where the
package is included already.  So to get started, run &lt;tt&gt;apt-get
install s3ql&lt;/tt&gt;.  Next, pick a storage provider.  I ended up picking
Greenqloud, after reading their nice recipe on
&lt;a href=&quot;https://greenqloud.zendesk.com/entries/44611757-How-To-Use-S3QL-to-mount-a-StorageQloud-bucket-on-Debian-Wheezy&quot;&gt;how
to use S3QL with their Amazon S3 service&lt;/a&gt;, because I trust the laws
in Iceland more than those in USA when it come to keeping my personal
data safe and private, and thus would rather spend money on a company
in Iceland.  Another nice recipe is available from the article
&lt;a href=&quot;http://www.admin-magazine.com/HPC/Articles/HPC-Cloud-Storage&quot;&gt;S3QL
Filesystem for HPC Storage&lt;/a&gt; by Jeff Layton in the HPC section of
Admin magazine.  When the provider is picked, figure out how to get
the API key needed to connect to the storage API.  With Greencloud,
the key did not show up until I had added payment details to my
account.&lt;/p&gt;

&lt;p&gt;Armed with the API access details, it is time to create the file
system.  First, create a new bucket in the cloud.  This bucket is the
file system storage area.  I picked a bucket name reflecting the
machine that was going to store data there, but any name will do.
I&#39;ll refer to it as &lt;tt&gt;bucket-name&lt;/tt&gt; below.  In addition, one need
the API login and password, and a locally created password.  Store it
all in ~root/.s3ql/authinfo2 like this:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
[s3c]
storage-url: s3c://s.greenqloud.com:443/bucket-name
backend-login: API-login
backend-password: API-password
fs-passphrase: local-password
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;I create my local passphrase using &lt;tt&gt;pwget 50&lt;/tt&gt; or similar,
but any sensible way to create a fairly random password should do it.
Armed with these details, it is now time to run mkfs, entering the API
details and password to create it:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# mkdir -m 700 /var/lib/s3ql-cache
# mkfs.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl s3c://s.greenqloud.com:443/bucket-name
Enter backend login: 
Enter backend password: 
Before using S3QL, make sure to read the user&#39;s guide, especially
the &#39;Important Rules to Avoid Loosing Data&#39; section.
Enter encryption password: 
Confirm encryption password: 
Generating random encryption key...
Creating metadata tables...
Dumping metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Compressing and uploading metadata...
Wrote 0.00 MB of compressed metadata.
# &lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The next step is mounting the file system to make the storage available.

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
Using 4 upload threads.
Downloading and decompressing metadata...
Reading metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Mounting filesystem...
# df -h /s3ql
Filesystem                              Size  Used Avail Use% Mounted on
s3c://s.greenqloud.com:443/bucket-name  1.0T     0  1.0T   0% /s3ql
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The file system is now ready for use.  I use rsync to store my
backups in it, and as the metadata used by rsync is downloaded at
mount time, no network traffic (and storage cost) is triggered by
running rsync.  To unmount, one should not use the normal umount
command, as this will not flush the cache to the cloud storage, but
instead running the umount.s3ql command like this:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# umount.s3ql /s3ql
# 
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;There is a fsck command available to check the file system and
correct any problems detected.  This can be used if the local server
crashes while the file system is mounted, to reset the &quot;already
mounted&quot; flag.  This is what it look like when processing a working
file system:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# fsck.s3ql --force --ssl s3c://s.greenqloud.com:443/bucket-name
Using cached metadata.
File system seems clean, checking anyway.
Checking DB integrity...
Creating temporary extra indices...
Checking lost+found...
Checking cached objects...
Checking names (refcounts)...
Checking contents (names)...
Checking contents (inodes)...
Checking contents (parent inodes)...
Checking objects (reference counts)...
Checking objects (backend)...
..processed 5000 objects so far..
..processed 10000 objects so far..
..processed 15000 objects so far..
Checking objects (sizes)...
Checking blocks (referenced objects)...
Checking blocks (refcounts)...
Checking inode-block mapping (blocks)...
Checking inode-block mapping (inodes)...
Checking inodes (refcounts)...
Checking inodes (sizes)...
Checking extended attributes (names)...
Checking extended attributes (inodes)...
Checking symlinks (inodes)...
Checking directory reachability...
Checking unix conventions...
Checking referential integrity...
Dropping temporary indices...
Backing up old metadata...
Dumping metadata...
..objects..
..blocks..
..inodes..
..inode_blocks..
..symlink_targets..
..names..
..contents..
..ext_attributes..
Compressing and uploading metadata...
Wrote 0.89 MB of compressed metadata.
# 
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Thanks to the cache, working on files that fit in the cache is very
quick, about the same speed as local file access.  Uploading large
amount of data is to me limited by the bandwidth out of and into my
house.  Uploading 685 MiB with a 100 MiB cache gave me 305 kiB/s,
which is very close to my upload speed, and downloading the same
Debian installation ISO gave me 610 kiB/s, close to my download speed.
Both were measured using &lt;tt&gt;dd&lt;/tt&gt;.  So for me, the bottleneck is my
network, not the file system code.  I do not know what a good cache
size would be, but suspect that the cache should e larger than your
working set.&lt;/p&gt;

&lt;p&gt;I mentioned that only one machine can mount the file system at the
time.  If another machine try, it is told that the file system is
busy:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# mount.s3ql --cachedir /var/lib/s3ql-cache --authfile /root/.s3ql/authinfo2 \
  --ssl --allow-root s3c://s.greenqloud.com:443/bucket-name /s3ql
Using 8 upload threads.
Backend reports that fs is still mounted elsewhere, aborting.
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The file content is uploaded when the cache is full, while the
metadata is uploaded once every 24 hour by default.  To ensure the
file system content is flushed to the cloud, one can either umount the
file system, or ask S3QL to flush the cache and metadata using
s3qlctrl:

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# s3qlctrl upload-meta /s3ql
# s3qlctrl flushcache /s3ql
# 
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;If you are curious about how much space your data uses in the
cloud, and how much compression and deduplication cut down on the
storage usage, you can use s3qlstat on the mounted file system to get
a report:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# s3qlstat /s3ql
Directory entries:    9141
Inodes:               9143
Data blocks:          8851
Total data size:      22049.38 MB
After de-duplication: 21955.46 MB (99.57% of total)
After compression:    21877.28 MB (99.22% of total, 99.64% of de-duplicated)
Database size:        2.39 MB (uncompressed)
(some values do not take into account not-yet-uploaded dirty blocks in cache)
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;I mentioned earlier that there are several possible suppliers of
storage.  I did not try to locate them all, but am aware of at least
&lt;a href=&quot;https://www.greenqloud.com/&quot;&gt;Greenqloud&lt;/a&gt;,
&lt;a href=&quot;http://drive.google.com/&quot;&gt;Google Drive&lt;/a&gt;,
&lt;a href=&quot;http://aws.amazon.com/s3/&quot;&gt;Amazon S3 web serivces&lt;/a&gt;,
&lt;a href=&quot;http://www.rackspace.com/&quot;&gt;Rackspace&lt;/a&gt; and
&lt;a href=&quot;http://crowncloud.net/&quot;&gt;Crowncloud&lt;/A&gt;.  The latter even
accept payment in Bitcoin.  Pick one that suit your need.  Some of
them provide several GiB of free storage, but the prize models are
quite different and you will have to figure out what suits you
best.&lt;/p&gt;

&lt;p&gt;While researching this blog post, I had a look at research papers
and posters discussing the S3QL file system.  There are several, which
told me that the file system is getting a critical check by the
science community and increased my confidence in using it.  One nice
poster is titled
&quot;&lt;a href=&quot;http://www.lanl.gov/orgs/adtsc/publications/science_highlights_2013/docs/pg68_69.pdf&quot;&gt;An
Innovative Parallel Cloud Storage System using OpenStack’s SwiftObject
Store and Transformative Parallel I/O Approach&lt;/a&gt;&quot; by Hsing-Bung
Chen, Benjamin McClelland, David Sherrill, Alfred Torrez, Parks Fields
and Pamela Smith.  Please  have a look.&lt;/p&gt;

&lt;p&gt;Given my problems with different file systems earlier, I decided to
check out the mounted S3QL file system to see if it would be usable as
a home directory (in other word, that it provided POSIX semantics when
it come to locking and umask handling etc).  Running
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html&quot;&gt;my
test code to check file system semantics&lt;/a&gt;, I was happy to discover that
no error was found.  So the file system can be used for home
directories, if one chooses to do so.&lt;/p&gt;

&lt;p&gt;If you do not want a locally file system, and want something that
work without the Linux fuse file system, I would like to mention the
&lt;a href=&quot;http://www.tarsnap.com/&quot;&gt;Tarsnap service&lt;/a&gt;, which also
provide locally encrypted backup using a command line client.  It have
a nicer access control system, where one can split out read and write
access, allowing some systems to write to the backup and others to
only read from it.&lt;/p&gt;

&lt;p&gt;As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Freedombox on Dreamplug, Raspberry Pi and virtual x86 machine</title>
                <link>http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Freedombox_on_Dreamplug__Raspberry_Pi_and_virtual_x86_machine.html</guid>
                <pubDate>Fri, 14 Mar 2014 11:00:00 +0100</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;Freedombox
project&lt;/a&gt; is working on providing the software and hardware for
making it easy for non-technical people to host their data and
communication at home, and being able to communicate with their
friends and family encrypted and away from prying eyes.  It has been
going on for a while, and is slowly progressing towards a new test
release (0.2).&lt;/p&gt;

&lt;p&gt;And what day could be better than the Pi day to announce that the
new version will provide &quot;hard drive&quot; / SD card / USB stick images for
Dreamplug, Raspberry Pi and VirtualBox (or any other virtualization
system), and can also be installed using a Debian installer preseed
file.  The Debian based Freedombox is now based on Debian Jessie,
where most of the needed packages used are already present.  Only one,
the freedombox-setup package, is missing.  To try to build your own
boot image to test the current status, fetch the freedom-maker scripts
and build using
&lt;a href=&quot;http://packages.qa.debian.org/vmdebootstrap&quot;&gt;vmdebootstrap&lt;/a&gt;
with a user with sudo access to become root:

&lt;pre&gt;
git clone http://anonscm.debian.org/git/freedombox/freedom-maker.git \
  freedom-maker
sudo apt-get install git vmdebootstrap mercurial python-docutils \
  mktorrent extlinux virtualbox qemu-user-static binfmt-support \
  u-boot-tools
make -C freedom-maker dreamplug-image raspberry-image virtualbox-image
&lt;/pre&gt;

&lt;p&gt;Root access is needed to run debootstrap and mount loopback
devices.  See the README for more details on the build. If you do not
want all three images, trim the make line.  But note that thanks to &lt;a
href=&quot;https://bugs.debian.org/741407&quot;&gt;a race condition in
vmdebootstrap&lt;/a&gt;, the build might fail without the patch to the
kpartx call.&lt;/p&gt;

&lt;p&gt;If you instead want to install using a Debian CD and the preseed
method, boot a Debian Wheezy ISO and use this boot argument to load
the preseed values:&lt;/p&gt;

&lt;pre&gt;
url=&lt;a href=&quot;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&quot;&gt;http://www.reinholdtsen.name/freedombox/preseed-jessie.dat&lt;/a&gt;
&lt;/pre&gt;

&lt;p&gt;But note that due to &lt;a href=&quot;https://bugs.debian.org/740673&quot;&gt;a
recently introduced bug in apt in Jessie&lt;/a&gt;, the installer will
currently hang while setting up APT sources.  Killing the
&#39;&lt;tt&gt;apt-cdrom ident&lt;/tt&gt;&#39; process when it hang a few times during the
installation will get the installation going.  This affect all
installations in Jessie, and I expect it will be fixed soon.&lt;/p&gt;

&lt;p&gt;Give it a go and let us know how it goes on the mailing list, and help
us get the new release published. :) Please join us on
&lt;a href=&quot;irc://irc.debian.org:6667/%23freedombox&quot;&gt;IRC (#freedombox on
irc.debian.org)&lt;/a&gt; and
&lt;a href=&quot;http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss&quot;&gt;the
mailing list&lt;/a&gt; if you want to help make this vision come true.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>New home and release 1.0 for netgroup and innetgr (aka ng-utils)</title>
                <link>http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_home_and_release_1_0_for_netgroup_and_innetgr__aka_ng_utils_.html</guid>
                <pubDate>Sat, 22 Feb 2014 21:45:00 +0100</pubDate>
                <description>&lt;p&gt;Many years ago, I wrote a GPL licensed version of the netgroup and
innetgr tools, because I needed them in
&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Skolelinux&lt;/a&gt;.  I called the project
ng-utils, and it has served me well.  I placed the project under the
&lt;a href=&quot;http://www.hungry.com/&quot;&gt;Hungry Programmer&lt;/a&gt; umbrella, and it was maintained in our CVS
repository.  But many years ago, the CVS repository was dropped (lost,
not migrated to new hardware, not sure), and the project have lacked a
proper home since then.&lt;/p&gt;

&lt;p&gt;Last summer, I had a look at the package and made a new release
fixing a irritating crash bug, but was unable to store the changes in
a proper source control system.  I applied for a project on
&lt;a href=&quot;https://alioth.debian.org/&quot;&gt;Alioth&lt;/a&gt;, but did not have time
to follow up on it.  Until today. :)&lt;/p&gt;

&lt;p&gt;After many hours of cleaning and migration, the ng-utils project
now have a new home, and a git repository with the highlight of the
history of the project.  I published all release tarballs and imported
them into the git repository.  As the project is really stable and not
expected to gain new features any time soon, I decided to make a new
release and call it 1.0.  Visit the new project home on
&lt;a href=&quot;https://alioth.debian.org/projects/ng-utils/&quot;&gt;https://alioth.debian.org/projects/ng-utils/&lt;/a&gt;
if you want to check it out.  The new version is also uploaded into
&lt;a href=&quot;http://packages.qa.debian.org/n/ng-utils.html&quot;&gt;Debian Unstable&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Testing sysvinit from experimental in Debian Hurd</title>
                <link>http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Testing_sysvinit_from_experimental_in_Debian_Hurd.html</guid>
                <pubDate>Mon, 3 Feb 2014 13:40:00 +0100</pubDate>
                <description>&lt;p&gt;A few days ago I decided to try to help the Hurd people to get
their changes into sysvinit, to allow them to use the normal sysvinit
boot system instead of their old one.  This follow up on the
&lt;a href=&quot;https://teythoon.cryptobitch.de//categories/gsoc.html&quot;&gt;great
Google Summer of Code work&lt;/a&gt; done last summer by Justus Winter to
get Debian on Hurd working more like Debian on Linux.  To get started,
I downloaded a prebuilt hard disk image from
&lt;a href=&quot;http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz&quot;&gt;http://ftp.debian-ports.org/debian-cd/hurd-i386/current/debian-hurd.img.tar.gz&lt;/a&gt;,
and started it using virt-manager.&lt;/p&gt;

&lt;p&gt;The first think I had to do after logging in (root without any
password) was to get the network operational.  I followed
&lt;a href=&quot;https://www.debian.org/ports/hurd/hurd-install&quot;&gt;the
instructions on the Debian GNU/Hurd ports page&lt;/a&gt; and ran these
commands as root to get the machine to accept a IP address from the
kvm internal DHCP server:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
settrans -fgap /dev/netdde /hurd/netdde
kill $(ps -ef|awk &#39;/[p]finet/ { print $2}&#39;)
kill $(ps -ef|awk &#39;/[d]evnode/ { print $2}&#39;)
dhclient /dev/eth0
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;After this, the machine had internet connectivity, and I could
upgrade it and install the sysvinit packages from experimental and
enable it as the default boot system in Hurd.&lt;/p&gt;

&lt;p&gt;But before I did that, I set a password on the root user, as ssh is
running on the machine it for ssh login to work a password need to be
set.  Also, note that a bug somewhere in openssh on Hurd block
compression from working.  Remember to turn that off on the client
side.&lt;/p&gt;

&lt;p&gt;Run these commands as root to upgrade and test the new sysvinit
stuff:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
cat &gt; /etc/apt/sources.list.d/experimental.list &amp;lt;&amp;lt;EOF
deb http://http.debian.net/debian/ experimental main
EOF
apt-get update
apt-get dist-upgrade
apt-get install -t experimental initscripts sysv-rc sysvinit \
    sysvinit-core sysvinit-utils
update-alternatives --config runsystem
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;To reboot after switching boot system, you have to use
&lt;tt&gt;reboot-hurd&lt;/tt&gt; instead of just &lt;tt&gt;reboot&lt;/tt&gt;, as there is not
yet a sysvinit process able to receive the signals from the normal
&#39;reboot&#39; command.  After switching to sysvinit as the boot system,
upgrading every package and rebooting, the network come up with DHCP
after boot as it should, and the settrans/pkill hack mentioned at the
start is no longer needed.  But for some strange reason, there are no
longer any login prompt in the virtual console, so I logged in using
ssh instead.

&lt;p&gt;Note that there are some race conditions in Hurd making the boot
fail some times.  No idea what the cause is, but hope the Hurd porters
figure it out.  At least Justus said on IRC (#debian-hurd on
irc.debian.org) that they are aware of the problem.  A way to reduce
the impact is to upgrade to the Hurd packages built by Justus by
adding this repository to the machine:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
cat &gt; /etc/apt/sources.list.d/hurd-ci.list &amp;lt;&amp;lt;EOF
deb http://darnassus.sceen.net/~teythoon/hurd-ci/ sid main
EOF
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;At the moment the prebuilt virtual machine get some packages from
http://ftp.debian-ports.org/debian, because some of the packages in
unstable do not yet include the required patches that are lingering in
BTS.  This is the completely list of &quot;unofficial&quot; packages installed:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;&lt;pre&gt;
# aptitude search &#39;?narrow(?version(CURRENT),?origin(Debian Ports))&#39;
i   emacs                   - GNU Emacs editor (metapackage)
i   gdb                     - GNU Debugger
i   hurd-recommended        - Miscellaneous translators
i   isc-dhcp-client         - ISC DHCP client
i   isc-dhcp-common         - common files used by all the isc-dhcp* packages
i   libc-bin                - Embedded GNU C Library: Binaries
i   libc-dev-bin            - Embedded GNU C Library: Development binaries
i   libc0.3                 - Embedded GNU C Library: Shared libraries
i A libc0.3-dbg             - Embedded GNU C Library: detached debugging symbols
i   libc0.3-dev             - Embedded GNU C Library: Development Libraries and Hea
i   multiarch-support       - Transitional package to ensure multiarch compatibilit
i A x11-common              - X Window System (X.Org) infrastructure
i   xorg                    - X.Org X Window System
i A xserver-xorg            - X.Org X server
i A xserver-xorg-input-all  - X.Org X server -- input driver metapackage
#
&lt;/pre&gt;&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;All in all, testing hurd has been an interesting experience. :)
X.org did not work out of the box and I never took the time to follow
the porters instructions to fix it.  This time I was interested in the
command line stuff.&lt;p&gt;
</description>
        </item>
        
        <item>
                <title>New chrpath release 0.16</title>
                <link>http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_chrpath_release_0_16.html</guid>
                <pubDate>Tue, 14 Jan 2014 11:00:00 +0100</pubDate>
                <description>&lt;p&gt;&lt;a href=&quot;http://www.coverity.com/&quot;&gt;Coverity&lt;/a&gt; is a nice tool to
find problems in C, C++ and Java code using static source code
analysis.  It can detect a lot of different problems, and is very
useful to find memory and locking bugs in the error handling part of
the source.  The company behind it provide
&lt;a href=&quot;https://scan.coverity.com/&quot;&gt;check of free software projects as
a community service&lt;/a&gt;, and many hundred free software projects are
already checked.  A few days ago I decided to have a closer look at
the Coverity system, and discovered that the
&lt;a href=&quot;http://www.gnu.org/software/gnash/&quot;&gt;gnash&lt;/a&gt; and
&lt;a href=&quot;http://sourceforge.net/projects/ipmitool/&quot;&gt;ipmitool&lt;/a&gt;
projects I am involved with was already registered.  But these are
fairly big, and I would also like to have a small and easy project to
check, and decided to &lt;a href=&quot;http://scan.coverity.com/projects/1179&quot;&gt;request
checking of the chrpath project&lt;/a&gt;.  It was
added to the checker and discovered seven potential defects.  Six of
these were real, mostly resource &quot;leak&quot; when the program detected an
error.  Nothing serious, as the resources would be released a fraction
of a second later when the program exited because of the error, but it
is nice to do it right in case the source of the program some time in
the future end up in a library.  Having fixed all defects and added
&lt;a href=&quot;https://lists.alioth.debian.org/mailman/listinfo/chrpath-devel&quot;&gt;a
mailing list for the chrpath developers&lt;/a&gt;, I decided it was time to
publish a new release.  These are the release notes:&lt;/p&gt;

&lt;p&gt;New in 0.16 released 2014-01-14:&lt;/p&gt;

&lt;ul&gt;

  &lt;li&gt;Fixed all minor bugs discovered by Coverity.&lt;/li&gt;
  &lt;li&gt;Updated config.sub and config.guess from the GNU project.&lt;/li&gt;
  &lt;li&gt;Mention new project mailing list in the documentation.&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;You can
&lt;a href=&quot;https://alioth.debian.org/frs/?group_id=31052&quot;&gt;download the
new version 0.16 from alioth&lt;/a&gt;.  Please let us know via the Alioth
project if something is wrong with the new release.  The test suite
did not discover any old errors, so if you find a new one, please also
include a test suite check.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>New chrpath release 0.15</title>
                <link>http://people.skolelinux.org/pere/blog/New_chrpath_release_0_15.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_chrpath_release_0_15.html</guid>
                <pubDate>Sun, 24 Nov 2013 09:30:00 +0100</pubDate>
                <description>&lt;p&gt;After many years break from the package and a vain hope that
development would be continued by someone else, I finally pulled my
acts together this morning and wrapped up a new release of chrpath,
the command line tool to modify the rpath and runpath of already
compiled ELF programs.  The update was triggered by the persistence of
Isha Vishnoi at IBM, which needed a new config.guess file to get
support for the ppc64le architecture (powerpc 64-bit Little Endian) he
is working on.  I checked the
&lt;a href=&quot;http://packages.qa.debian.org/chrpath&quot;&gt;Debian&lt;/a&gt;,
&lt;a href=&quot;https://launchpad.net/ubuntu/+source/chrpath&quot;&gt;Ubuntu&lt;/a&gt; and
&lt;a href=&quot;https://admin.fedoraproject.org/pkgdb/acls/name/chrpath&quot;&gt;Fedora&lt;/a&gt;
packages for interesting patches (failed to find the source from
OpenSUSE and Mandriva packages), and found quite a few nice fixes.
These are the release notes:&lt;/p&gt;

&lt;p&gt;New in 0.15 released 2013-11-24:&lt;/p&gt;

&lt;ul&gt;

  &lt;li&gt;Updated config.sub and config.guess from the GNU project to work
   with newer architectures.  Thanks to isha vishnoi for the heads
   up.&lt;/li&gt;

  &lt;li&gt;Updated README with current URLs.&lt;/li&gt;

  &lt;li&gt;Added byteswap fix found in Ubuntu, credited Jeremy Kerr and
   Matthias Klose.&lt;/li&gt;

  &lt;li&gt;Added missing help for -k|--keepgoing option, using patch by
   Petr Machata found in Fedora.&lt;/li&gt;

  &lt;li&gt;Rewrite removal of RPATH/RUNPATH to make sure the entry in
   .dynamic is a NULL terminated string.  Based on patch found in
   Fedora credited Axel Thimm and Christian Krause.&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;You can
&lt;a href=&quot;https://alioth.debian.org/frs/?group_id=31052&quot;&gt;download the
new version 0.15 from alioth&lt;/a&gt;.  Please let us know via the Alioth
project if something is wrong with the new release.  The test suite
did not discover any old errors, so if you find a new one, please also
include a testsuite check.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian init.d boot script example for rsyslog</title>
                <link>http://people.skolelinux.org/pere/blog/Debian_init_d_boot_script_example_for_rsyslog.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_init_d_boot_script_example_for_rsyslog.html</guid>
                <pubDate>Sat, 2 Nov 2013 22:40:00 +0100</pubDate>
                <description>&lt;p&gt;If one of the points of switching to a new init system in Debian is
&lt;a href=&quot;http://thomas.goirand.fr/blog/?p=147&quot;&gt;to get rid of huge
init.d scripts&lt;/a&gt;, I doubt we need to switch away from sysvinit and
init.d scripts at all.  Here is an example init.d script, ie a rewrite
of /etc/init.d/rsyslog:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
#!/lib/init/init-d-script
### BEGIN INIT INFO
# Provides:          rsyslog
# Required-Start:    $remote_fs $time
# Required-Stop:     umountnfs $time
# X-Stop-After:      sendsigs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: enhanced syslogd
# Description:       Rsyslog is an enhanced multi-threaded syslogd.
#                    It is quite compatible to stock sysklogd and can be 
#                    used as a drop-in replacement.
### END INIT INFO
DESC=&quot;enhanced syslogd&quot;
DAEMON=/usr/sbin/rsyslogd
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;Pretty minimalistic to me... For the record, the original sysv-rc
script was 137 lines, and the above is just 15 lines, most of it meta
info/comments.&lt;/p&gt;

&lt;p&gt;How to do this, you ask?  Well, one create a new script
/lib/init/init-d-script looking something like this:

&lt;p&gt;&lt;pre&gt;
#!/bin/sh

# Define LSB log_* functions.
# Depend on lsb-base (&gt;= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions

#
# Function that starts the daemon/service

#
do_start()
{
        # Return
        #   0 if daemon has been started
        #   1 if daemon was already running
        #   2 if daemon could not be started
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test &gt; /dev/null \
                || return 1
        start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
                $DAEMON_ARGS \
                || return 2
        # Add code here, if necessary, that waits for the process to be ready
        # to handle requests from services started subsequently which depend
        # on this one.  As a last resort, sleep for some time.
}

#
# Function that stops the daemon/service
#
do_stop()
{
        # Return
        #   0 if daemon has been stopped
        #   1 if daemon was already stopped
        #   2 if daemon could not be stopped
        #   other if a failure occurred
        start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
        RETVAL=&quot;$?&quot;
        [ &quot;$RETVAL&quot; = 2 ] &amp;&amp; return 2
        # Wait for children to finish too if this is a daemon that forks
        # and if the daemon is only ever run from this initscript.
        # If the above conditions are not satisfied then add some other code
        # that waits for the process to drop all resources that could be
        # needed by services started subsequently.  A last resort is to
        # sleep for some time.
        start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
        [ &quot;$?&quot; = 2 ] &amp;&amp; return 2
        # Many daemons don&#39;t delete their pidfiles when they exit.
        rm -f $PIDFILE
        return &quot;$RETVAL&quot;
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
        #
        # If the daemon can reload its configuration without
        # restarting (for example, when it is sent a SIGHUP),
        # then implement that here.
        #
        start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
        return 0
}

SCRIPTNAME=$1
scriptbasename=&quot;$(basename $1)&quot;
echo &quot;SN: $scriptbasename&quot;
if [ &quot;$scriptbasename&quot; != &quot;init-d-library&quot; ] ; then
    script=&quot;$1&quot;
    shift
    . $script
else
    exit 0
fi

NAME=$(basename $DAEMON)
PIDFILE=/var/run/$NAME.pid

# Exit if the package is not installed
#[ -x &quot;$DAEMON&quot; ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] &amp;&amp; . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

case &quot;$1&quot; in
  start)
        [ &quot;$VERBOSE&quot; != no ] &amp;&amp; log_daemon_msg &quot;Starting $DESC&quot; &quot;$NAME&quot;
        do_start
        case &quot;$?&quot; in
                0|1) [ &quot;$VERBOSE&quot; != no ] &amp;&amp; log_end_msg 0 ;;
                2) [ &quot;$VERBOSE&quot; != no ] &amp;&amp; log_end_msg 1 ;;
        esac
        ;;
  stop)
        [ &quot;$VERBOSE&quot; != no ] &amp;&amp; log_daemon_msg &quot;Stopping $DESC&quot; &quot;$NAME&quot;
        do_stop
        case &quot;$?&quot; in
                0|1) [ &quot;$VERBOSE&quot; != no ] &amp;&amp; log_end_msg 0 ;;
                2) [ &quot;$VERBOSE&quot; != no ] &amp;&amp; log_end_msg 1 ;;
        esac
        ;;
  status)
        status_of_proc &quot;$DAEMON&quot; &quot;$NAME&quot; &amp;&amp; exit 0 || exit $?
        ;;
  #reload|force-reload)
        #
        # If do_reload() is not implemented then leave this commented out
        # and leave &#39;force-reload&#39; as an alias for &#39;restart&#39;.
        #
        #log_daemon_msg &quot;Reloading $DESC&quot; &quot;$NAME&quot;
        #do_reload
        #log_end_msg $?
        #;;
  restart|force-reload)
        #
        # If the &quot;reload&quot; option is implemented then remove the
        # &#39;force-reload&#39; alias
        #
        log_daemon_msg &quot;Restarting $DESC&quot; &quot;$NAME&quot;
        do_stop
        case &quot;$?&quot; in
          0|1)
                do_start
                case &quot;$?&quot; in
                        0) log_end_msg 0 ;;
                        1) log_end_msg 1 ;; # Old process is still running
                        *) log_end_msg 1 ;; # Failed to start
                esac
                ;;
          *)
                # Failed to stop
                log_end_msg 1
                ;;
        esac
        ;;
  *)
        echo &quot;Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}&quot; &gt;&amp;2
        exit 3
        ;;
esac

:
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;It is based on /etc/init.d/skeleton, and could be improved quite a
lot.  I did not really polish the approach, so it might not always
work out of the box, but you get the idea.  I did not try very hard to
optimize it nor make it more robust either.&lt;/p&gt;

&lt;p&gt;A better argument for switching init system in Debian than reducing
the size of init scripts (which is a good thing to do anyway), is to
get boot system that is able to handle the kernel events sensibly and
robustly, and do not depend on the boot to run sequentially.  The boot
and the kernel have not behaved sequentially in years.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Browser plugin for SPICE (spice-xpi) uploaded to Debian</title>
                <link>http://people.skolelinux.org/pere/blog/Browser_plugin_for_SPICE__spice_xpi__uploaded_to_Debian.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Browser_plugin_for_SPICE__spice_xpi__uploaded_to_Debian.html</guid>
                <pubDate>Fri, 1 Nov 2013 11:00:00 +0100</pubDate>
                <description>&lt;p&gt;&lt;a href=&quot;http://www.spice-space.org/&quot;&gt;The SPICE protocol&lt;/a&gt; for
remote display access is the preferred solution with oVirt and RedHat
Enterprise Virtualization, and I was sad to discover the other day
that the browser plugin needed to use these systems seamlessly was
missing in Debian.  The &lt;a href=&quot;http://bugs.debian.org/668284&quot;&gt;request
for a package&lt;/a&gt; was from 2012-04-10 with no progress since
2013-04-01, so I decided to wrap up a package based on the great work
from Cajus Pollmeier and put it in a collab-maint maintained git
repository to get a package I could use.  I would very much like
others to help me maintain the package (or just take over, I do not
mind), but as no-one had volunteered so far, I just uploaded it to
NEW.  I hope it will be available in Debian in a few days.&lt;/p&gt;

&lt;p&gt;The source is now available from
&lt;a href=&quot;http://anonscm.debian.org/gitweb/?p=collab-maint/spice-xpi.git;a=summary&quot;&gt;http://anonscm.debian.org/gitweb/?p=collab-maint/spice-xpi.git;a=summary&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Teaching vmdebootstrap to create Raspberry Pi SD card images</title>
                <link>http://people.skolelinux.org/pere/blog/Teaching_vmdebootstrap_to_create_Raspberry_Pi_SD_card_images.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Teaching_vmdebootstrap_to_create_Raspberry_Pi_SD_card_images.html</guid>
                <pubDate>Sun, 27 Oct 2013 17:00:00 +0100</pubDate>
                <description>&lt;p&gt;The
&lt;a href=&quot;http://packages.qa.debian.org/v/vmdebootstrap.html&quot;&gt;vmdebootstrap&lt;/a&gt;
program is a a very nice system to create virtual machine images.  It
create a image file, add a partition table, mount it and run
debootstrap in the mounted directory to create a Debian system on a
stick.  Yesterday, I decided to try to teach it how to make images for
&lt;a href=&quot;https://wiki.debian.org/RaspberryPi&quot;&gt;Raspberry Pi&lt;/a&gt;, as part
of a plan to simplify the build system for
&lt;a href=&quot;https://wiki.debian.org/FreedomBox&quot;&gt;the FreedomBox
project&lt;/a&gt;.  The FreedomBox project already uses vmdebootstrap for
the virtualbox images, but its current build system made multistrap
based system for Dreamplug images, and it is lacking support for
Raspberry Pi.&lt;/p&gt;

&lt;p&gt;Armed with the knowledge on how to build &quot;foreign&quot; (aka non-native
architecture) chroots for Raspberry Pi, I dived into the vmdebootstrap
code and adjusted it to be able to build armel images on my amd64
Debian laptop.  I ended up giving vmdebootstrap five new options,
allowing me to replicate the image creation process I use to make
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/A_Raspberry_Pi_based_batman_adv_Mesh_network_node.html&quot;&gt;Debian
Jessie based mesh node images for the Raspberry Pi&lt;/a&gt;.  First, the
&lt;tt&gt;--foreign /path/to/binfm_handler&lt;/tt&gt; option tell vmdebootstrap to
call debootstrap with --foreign and to copy the handler into the
generated chroot before running the second stage.  This allow
vmdebootstrap to create armel images on an amd64 host.  Next I added
two new options &lt;tt&gt;--bootsize size&lt;/tt&gt; and &lt;tt&gt;--boottype
fstype&lt;/tt&gt; to teach it to create a separate /boot/ partition with the
given file system type, allowing me to create an image with a vfat
partition for the /boot/ stuff.  I also added a &lt;tt&gt;--variant
variant&lt;/tt&gt; option to allow me to create smaller images without the
Debian base system packages installed.  Finally, I added an option
&lt;tt&gt;--no-extlinux&lt;/tt&gt; to tell vmdebootstrap to not install extlinux
as a boot loader.  It is not needed on the Raspberry Pi and probably
most other non-x86 architectures.  The changes were accepted by the
upstream author of vmdebootstrap yesterday and today, and is now
available from
&lt;a href=&quot;http://git.liw.fi/cgi-bin/cgit/cgit.cgi/vmdebootstrap/&quot;&gt;the
upstream project page&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;To use it to build a Raspberry Pi image using Debian Jessie, first
create a small script (the customize script) to add the non-free
binary blob needed to boot the Raspberry Pi and the APT source
list:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
#!/bin/sh
set -e # Exit on first error
rootdir=&quot;$1&quot;
cd &quot;$rootdir&quot;
cat &amp;lt;&amp;lt;EOF &gt; etc/apt/sources.list
deb http://http.debian.net/debian/ jessie main contrib non-free
EOF
# Install non-free binary blob needed to boot Raspberry Pi.  This
# install a kernel somewhere too.
wget https://raw.github.com/Hexxeh/rpi-update/master/rpi-update \
    -O $rootdir/usr/bin/rpi-update
chmod a+x $rootdir/usr/bin/rpi-update
mkdir -p $rootdir/lib/modules
touch $rootdir/boot/start.elf
chroot $rootdir rpi-update
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;Next, fetch the latest vmdebootstrap script and call it like this
to build the image:&lt;/p&gt;

&lt;pre&gt;
sudo ./vmdebootstrap \
    --variant minbase \
    --arch armel \
    --distribution jessie \
    --mirror http://http.debian.net/debian \
    --image test.img \
    --size 600M \
    --bootsize 64M \
    --boottype vfat \
    --log-level debug \
    --verbose \
    --no-kernel \
    --no-extlinux \
    --root-password raspberry \
    --hostname raspberrypi \
    --foreign /usr/bin/qemu-arm-static \
    --customize `pwd`/customize \
    --package netbase \
    --package git-core \
    --package binutils \
    --package ca-certificates \
    --package wget \
    --package kmod
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;The list of packages being installed are the ones needed by
rpi-update to make the image bootable on the Raspberry Pi, with the
exception of netbase, which is needed by debootstrap to find
/etc/hosts with the minbase variant.  I really wish there was a way to
set up an Raspberry Pi using only packages in the Debian archive, but
that is not possible as far as I know, because it boots from the GPU
using a non-free binary blob.&lt;/p&gt;

&lt;p&gt;The build host need debootstrap, kpartx and qemu-user-static and
probably a few others installed.  I have not checked the complete
build dependency list.&lt;/p&gt;

&lt;p&gt;The resulting image will not use the hardware floating point unit
on the Raspberry PI, because the armel architecture in Debian is not
optimized for that use.  So the images created will be a bit slower
than &lt;a href=&quot;http://www.raspbian.org/&quot;&gt;Raspbian&lt;/a&gt; based images.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Good causes: Debian Outreach Program for Women, EFF documenting the spying and Open access in Norway</title>
                <link>http://people.skolelinux.org/pere/blog/Good_causes__Debian_Outreach_Program_for_Women__EFF_documenting_the_spying_and_Open_access_in_Norway.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Good_causes__Debian_Outreach_Program_for_Women__EFF_documenting_the_spying_and_Open_access_in_Norway.html</guid>
                <pubDate>Tue, 15 Oct 2013 21:30:00 +0200</pubDate>
                <description>&lt;p&gt;The last few days I came across a few good causes that should get
wider attention.  I recommend signing and donating to each one of
these. :)&lt;/p&gt;

&lt;p&gt;Via &lt;a href=&quot;http://www.debian.org/News/weekly/2013/18/&quot;&gt;Debian
Project News for 2013-10-14&lt;/a&gt; I came across the Outreach Program for
Women program which is a Google Summer of Code like initiative to get
more women involved in free software.  One debian sponsor has offered
to match &lt;a href=&quot;http://debian.ch/opw2013&quot;&gt;any donation done to Debian
earmarked&lt;/a&gt; for this initiative.  I donated a few minutes ago, and
hope you will to. :)&lt;/p&gt;

&lt;p&gt;And the Electronic Frontier Foundation just announced plans to
create &lt;a href=&quot;https://supporters.eff.org/donate/nsa-videos&quot;&gt;video
documentaries about the excessive spying&lt;/a&gt; on every Internet user that
take place these days, and their need to fund the work.  I&#39;ve already
donated.  Are you next?&lt;/p&gt;

&lt;p&gt;For my Norwegian audience, the organisation Studentenes og
Akademikernes Internasjonale Hjelpefond is collecting signatures for a
statement under the heading
&lt;a href=&quot;http://saih.no/Bloggers_United/&quot;&gt;Bloggers United for Open
Access&lt;/a&gt; for those of us asking for more focus on open access in the
Norwegian government.  So far 499 signatures.  I hope you will sign it
too.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Videos about the Freedombox project - for inspiration and learning</title>
                <link>http://people.skolelinux.org/pere/blog/Videos_about_the_Freedombox_project___for_inspiration_and_learning.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Videos_about_the_Freedombox_project___for_inspiration_and_learning.html</guid>
                <pubDate>Fri, 27 Sep 2013 14:10:00 +0200</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;http://www.freedomboxfoundation.org/&quot;&gt;Freedombox
project&lt;/a&gt; have been going on for a while, and have presented the
vision, ideas and solution several places.  Here is a little
collection of videos of talks and presentation of the project.&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;&lt;a href=&quot;http://www.youtube.com/watch?v=ukvUz5taxvA&quot;&gt;FreedomBox -
2,5 minute marketing film&lt;/a&gt; (Youtube)&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.youtube.com/watch?v=SzW25QTVWsE&quot;&gt;Eben Moglen
discusses the Freedombox on CBS news 2011&lt;/a&gt; (Youtube)&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.youtube.com/watch?v=Ae8SZbxfE0g&quot;&gt;Eben Moglen -
Freedom in the Cloud - Software Freedom, Privacy and and Security for
Web 2.0 and Cloud computing at ISOC-NY Public Meeting 2010&lt;/a&gt;
(Youtube)&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.youtube.com/watch?v=vNaIji_3xBE&quot;&gt;Fosdem 2011
Keynote by Eben Moglen presenting the Freedombox&lt;/a&gt; (Youtube)&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.youtube.com/watch?v=9bDDUyJSQ9s&quot;&gt;Presentation of
the Freedombox by James Vasile at Elevate in Gratz 2011&lt;/a&gt; (Youtube)&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.youtube.com/watch?v=zQTmnk27g9s&quot;&gt; Freedombox -
Discovery, Identity, and Trust by Nick Daly at Freedombox Hackfest New
York City in 2012&lt;/a&gt; (Youtube)&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.youtube.com/watch?v=tkbSB4Ba7Ck&quot;&gt;Introduction
to the Freedombox at Freedombox Hackfest New York City in 2012&lt;/a&gt;
(Youtube)&lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.youtube.com/watch?v=z-P2Jaeg0aQ&quot;&gt;Freedom, Out
of the Box! by Bdale Garbee at linux.conf.au Ballarat, 2012&lt;/a&gt; (Youtube) &lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;https://archive.fosdem.org/2013/schedule/event/freedombox/&quot;&gt;Freedombox
1.0 by Eben Moglen and Bdale Garbee at Fosdem 2013&lt;/a&gt; (FOSDEM) &lt;/li&gt;

&lt;li&gt;&lt;a href=&quot;http://www.youtube.com/watch?v=e1LpYX2zVYg&quot;&gt;What is the
FreedomBox today by Bdale Garbee at Debconf13 in Vaumarcus
2013&lt;/a&gt; (Youtube)&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;A larger list is available from
&lt;a href=&quot;https://wiki.debian.org/FreedomBox/TalksAndPresentations&quot;&gt;the
Freedombox Wiki&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;On other news, I am happy to report that Freedombox based on Debian
Jessie is coming along quite well, and soon both Owncloud and using
Tor should be available for testers of the Freedombox solution. :) In
a few weeks I hope everything needed to test it is included in Debian.
The withsqlite package is already in Debian, and the plinth package is
pending in NEW.  The third and vital part of that puzzle is the
metapackage/setup framework, which is still pending an upload.  Join
us on &lt;a href=&quot;irc://irc.debian.org:6667/%23freedombox&quot;&gt;IRC
(#freedombox on irc.debian.org)&lt;/a&gt; and
&lt;a href=&quot;http://lists.alioth.debian.org/mailman/listinfo/freedombox-discuss&quot;&gt;the
mailing list&lt;/a&gt; if you want to help make this vision come true.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Recipe to test the Freedombox project on amd64 or Raspberry Pi</title>
                <link>http://people.skolelinux.org/pere/blog/Recipe_to_test_the_Freedombox_project_on_amd64_or_Raspberry_Pi.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Recipe_to_test_the_Freedombox_project_on_amd64_or_Raspberry_Pi.html</guid>
                <pubDate>Tue, 10 Sep 2013 14:20:00 +0200</pubDate>
                <description>&lt;p&gt;I was introduced to the
&lt;a href=&quot;http://www.freedomboxfoundation.org/&quot;&gt;Freedombox project&lt;/a&gt;
in 2010, when Eben Moglen presented his vision about serving the need
of non-technical people to keep their personal information private and
within the legal protection of their own homes.  The idea is to give
people back the power over their network and machines, and return
Internet back to its intended peer-to-peer architecture.  Instead of
depending on a central service, the Freedombox will give everyone
control over their own basic infrastructure.&lt;/p&gt;

&lt;p&gt;I&#39;ve intended to join the effort since then, but other tasks have
taken priority.  But this summers nasty news about the misuse of trust
and privilege exercised by the &quot;western&quot; intelligence gathering
communities increased my eagerness to contribute to a point where I
actually started working on the project a while back.&lt;/p&gt;

&lt;p&gt;The &lt;a href=&quot;https://alioth.debian.org/projects/freedombox/&quot;&gt;initial
Debian initiative&lt;/a&gt; based on the vision from Eben Moglen, is to
create a simple and cheap Debian based appliance that anyone can hook
up in their home and get access to secure and private services and
communication.  The initial deployment platform have been the
&lt;a href=&quot;http://www.globalscaletechnologies.com/t-dreamplugdetails.aspx&quot;&gt;Dreamplug&lt;/a&gt;,
which is a piece of hardware I do not own.  So to be able to test what
the current Freedombox setup look like, I had to come up with a way to install
it on some hardware I do have access to.  I have rewritten the
&lt;a href=&quot;https://github.com/NickDaly/freedom-maker&quot;&gt;freedom-maker&lt;/a&gt;
image build framework to use .deb packages instead of only copying
setup into the boot images, and thanks to this rewrite I am able to
set up any machine supported by Debian Wheezy as a Freedombox, using
the previously mentioned deb (and a few support debs for packages
missing in Debian).&lt;/p&gt;

&lt;p&gt;The current Freedombox setup consist of a set of bootstrapping
scripts
(&lt;a href=&quot;https://github.com/petterreinholdtsen/freedombox-setup&quot;&gt;freedombox-setup&lt;/a&gt;),
and a administrative web interface
(&lt;a href=&quot;https://github.com/NickDaly/Plinth&quot;&gt;plinth&lt;/a&gt; + exmachina +
withsqlite), as well as a privacy enhancing proxy based on
&lt;a href=&quot;http://packages.qa.debian.org/privoxy&quot;&gt;privoxy&lt;/a&gt;
(freedombox-privoxy).  There is also a web/javascript based XMPP
client (&lt;a href=&quot;http://packages.qa.debian.org/jwchat&quot;&gt;jwchat&lt;/a&gt;)
trying (unsuccessfully so far) to talk to the XMPP server
(&lt;a href=&quot;http://packages.qa.debian.org/ejabberd&quot;&gt;ejabberd&lt;/a&gt;).  The
web interface is pluggable, and the goal is to use it to enable OpenID
services, mesh network connectivity, use of TOR, etc, etc.  Not much of
this is really working yet, see
&lt;a href=&quot;https://github.com/NickDaly/freedombox-todos/blob/master/TODO&quot;&gt;the
project TODO&lt;/a&gt; for links to GIT repositories.  Most of the code is
on github at the moment.  The HTTP proxy is operational out of the
box, and the admin web interface can be used to add/remove plinth
users.  I&#39;ve not been able to do anything else with it so far, but
know there are several branches spread around github and other places
with lots of half baked features.&lt;/p&gt;

&lt;p&gt;Anyway, if you want to have a look at the current state, the
following recipes should work to give you a test machine to poke
at.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Debian Wheezy amd64&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;

&lt;li&gt;Fetch normal Debian Wheezy installation ISO.&lt;/li&gt;
&lt;li&gt;Boot from it, either as CD or USB stick.&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Press [tab] on the boot prompt and add this as a boot argument
to the Debian installer:&lt;p&gt;
&lt;pre&gt;url=&lt;a href=&quot;http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat&quot;&gt;http://www.reinholdtsen.name/freedombox/preseed-wheezy.dat&lt;/a&gt;&lt;/pre&gt;&lt;/li&gt;

&lt;li&gt;Answer the few language/region/password questions and pick disk to
install on.&lt;/li&gt;

&lt;li&gt;When the installation is finished and the machine have rebooted a
few times, your Freedombox is ready for testing.&lt;/li&gt;

&lt;/ol&gt;

&lt;p&gt;&lt;strong&gt;Raspberry Pi Raspbian&lt;/strong&gt;&lt;/p&gt;

&lt;ol&gt;

&lt;li&gt;Fetch a Raspbian SD card image, create SD card.&lt;/li&gt;
&lt;li&gt;Boot from SD card, extend file system to fill the card completely.&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Log in and add this to /etc/sources.list:&lt;/p&gt;
&lt;pre&gt;
deb &lt;a href=&quot;http://www.reinholdtsen.name/freedombox/&quot;&gt;http://www.reinholdtsen.name/freedombox&lt;/a&gt; wheezy main
&lt;/pre&gt;&lt;/li&gt;
&lt;li&gt;&lt;p&gt;Run this as root:&lt;/p&gt;
&lt;pre&gt;
wget -O - http://www.reinholdtsen.name/freedombox/BE1A583D.asc | \
   apt-key add -
apt-get update
apt-get install freedombox-setup
/usr/lib/freedombox/setup
&lt;/pre&gt;&lt;/li&gt;
&lt;li&gt;Reboot into your freshly created Freedombox.&lt;/li&gt;

&lt;/ol&gt;

&lt;p&gt;You can test it on other architectures too, but because the
freedombox-privoxy package is binary, it will only work as intended on
the architectures where I have had time to build the binary and put it
in my APT repository.  But do not let this stop you.  It is only a
short &quot;&lt;tt&gt;apt-get source -b freedombox-privoxy&lt;/tt&gt;&quot; away. :)&lt;/p&gt;

&lt;p&gt;Note that by default Freedombox is a DHCP server on the
192.168.1.0/24 subnet, so if this is your subnet be careful and turn
off the DHCP server by running &quot;&lt;tt&gt;update-rc.d isc-dhcp-server
disable&lt;/tt&gt;&quot; as root.&lt;/p&gt;

&lt;p&gt;Please let me know if this works for you, or if you have any
problems.  We gather on the IRC channel
&lt;a href=&quot;irc://irc.debian.org:6667/%23freedombox&quot;&gt;#freedombox&lt;/a&gt; on
irc.debian.org and the
&lt;a href=&quot;http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss&quot;&gt;project
mailing list&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Once you get your freedombox operational, you can visit
&lt;tt&gt;http://your-host-name:8001/&lt;/tt&gt; to see the state of the plint
welcome screen (dead end - do not be surprised if you are unable to
get past it), and next visit &lt;tt&gt;http://your-host-name:8001/help/&lt;/tt&gt;
to look at the rest of plinth.  The default user is &#39;admin&#39; and the
default password is &#39;secret&#39;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Intel 180 SSD disk with Lenovo firmware can not use Intel firmware</title>
                <link>http://people.skolelinux.org/pere/blog/Intel_180_SSD_disk_with_Lenovo_firmware_can_not_use_Intel_firmware.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Intel_180_SSD_disk_with_Lenovo_firmware_can_not_use_Intel_firmware.html</guid>
                <pubDate>Sun, 18 Aug 2013 14:00:00 +0200</pubDate>
                <description>&lt;p&gt;Earlier, I reported about
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/How_to_fix_a_Thinkpad_X230_with_a_broken_180_GB_SSD_disk.html&quot;&gt;my
problems using an Intel SSD 520 Series 180 GB disk&lt;/a&gt;.  Friday I was
told by IBM that the original disk should be thrown away.  And as
there no longer was a problem if I bricked the firmware, I decided
today to try to install Intel firmware to replace the Lenovo firmware
currently on the disk.&lt;/p&gt;

&lt;p&gt;I searched the Intel site for firmware, and found
&lt;a href=&quot;https://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&amp;ProdId=3472&amp;DwnldID=18363&amp;ProductFamily=Solid-State+Drives+and+Caching&amp;ProductLine=Intel%c2%ae+High+Performance+Solid-State+Drive&amp;ProductProduct=Intel%c2%ae+SSD+520+Series+(180GB%2c+2.5in+SATA+6Gb%2fs%2c+25nm%2c+MLC)&amp;lang=eng&quot;&gt;issdfut_2.0.4.iso&lt;/a&gt;
(aka Intel SATA Solid-State Drive Firmware Update Tool) which
according to the site should contain the latest firmware for SSD
disks.  I inserted the broken disk in one of my spare laptops and
booted the ISO from a USB stick.  The disk was recognized, but the
program claimed the newest firmware already were installed and refused
to insert any Intel firmware.  So no change, and the disk is still
unable to handle write load. :( I guess the only way to get them
working would be if Lenovo releases new firmware.  No idea how likely
that is.  Anyway, just blogging about this test for completeness.  I
got a working Samsung disk, and see no point in spending more time on
the broken disks.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to fix a Thinkpad X230 with a broken 180 GB SSD disk</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_fix_a_Thinkpad_X230_with_a_broken_180_GB_SSD_disk.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_fix_a_Thinkpad_X230_with_a_broken_180_GB_SSD_disk.html</guid>
                <pubDate>Wed, 17 Jul 2013 23:50:00 +0200</pubDate>
                <description>&lt;p&gt;Today I switched to
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230_.html&quot;&gt;my
new laptop&lt;/a&gt;.  I&#39;ve previously written about the problems I had with
my new Thinkpad X230, which was delivered with an
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Intel_SSD_520_Series_180_GB_with_Lenovo_firmware_still_lock_up_from_sustained_writes.html&quot;&gt;180
GB Intel SSD disk with Lenovo firmware&lt;/a&gt; that did not handle
sustained writes.  My hardware supplier have been very forthcoming in
trying to find a solution, and after first trying with another
identical 180 GB disks they decided to send me a 256 GB Samsung SSD
disk instead to fix it once and for all.  The Samsung disk survived
the installation of Debian with encrypted disks (filling the disk with
random data during installation killed the first two), and I thus
decided to trust it with my data.  I have installed it as a Debian Edu
Wheezy roaming workstation hooked up with my Debian Edu Squeeze main
server at home using Kerberos and LDAP, and will use it as my work
station from now on.&lt;/p&gt;

&lt;p&gt;As this is a solid state disk with no moving parts, I believe the
Debian Wheezy default installation need to be tuned a bit to increase
performance and increase life time of the disk.  The Linux kernel and
user space applications do not yet adjust automatically to such
environment.  To make it easier for my self, I created a draft Debian
package &lt;tt&gt;ssd-setup&lt;/tt&gt; to handle this tuning.  The
&lt;a href=&quot;http://anonscm.debian.org/gitweb/?p=collab-maint/ssd-setup.git&quot;&gt;source
for the ssd-setup package&lt;/a&gt; is available from collab-maint, and it
is set up to adjust the setup of the machine by just installing the
package.  If there is any non-SSD disk in the machine, the package
will refuse to install, as I did not try to write any logic to sort
file systems in SSD and non-SSD file systems.&lt;/p&gt;

&lt;p&gt;I consider the package a draft, as I am a bit unsure how to best
set up Debian Wheezy with an SSD.  It is adjusted to my use case,
where I set up the machine with one large encrypted partition (in
addition to /boot), put LVM on top of this and set up partitions on
top of this again.  See the README file in the package source for the
references I used to pick the settings.  At the moment these
parameters are tuned:&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;Set up cryptsetup to pass TRIM commands to the physical disk
    (adding discard to /etc/crypttab)&lt;/li&gt;

&lt;li&gt;Set up LVM to pass on TRIM commands to the underlying device (in
    this case a cryptsetup partition) by changing issue_discards from
    0 to 1 in /etc/lvm/lvm.conf.&lt;/li&gt;

&lt;li&gt;Set relatime as a file system option for ext3 and ext4 file
    systems.&lt;/li&gt;

&lt;li&gt;Tell swap to use TRIM commands by adding &#39;discard&#39; to
    /etc/fstab.&lt;/li&gt;

&lt;li&gt;Change I/O scheduler from cfq to deadline using a udev rule.&lt;/li&gt;

&lt;li&gt;Run fstrim on every ext3 and ext4 file system every night (from
    cron.daily).&lt;/li&gt;

&lt;li&gt;Adjust sysctl values vm.swappiness to 1 and vm.vfs_cache_pressure
    to 50 to reduce the kernel eagerness to swap out processes.&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;During installation, I cancelled the part where the installer fill
the disk with random data, as this would kill the SSD performance for
little gain.  My goal with the encrypted file system is to ensure
those stealing my laptop end up with a brick and not a working
computer.  I have no hope in keeping the really resourceful people
from getting the data on the disk (see
&lt;a href=&quot;http://xkcd.com/538/&quot;&gt;XKCD #538&lt;/a&gt; for an explanation why).
Thus I concluded that adding the discard option to crypttab is the
right thing to do.&lt;/p&gt;

&lt;p&gt;I considered using the noop I/O scheduler, as several recommended
it for SSD, but others recommended deadline and a benchmark I found
indicated that deadline might be better for interactive use.&lt;/p&gt;

&lt;p&gt;I also considered using the &#39;discard&#39; file system option for ext3
and ext4, but read that it would give a performance hit ever time a
file is removed, and thought it best to that that slowdown once a day
instead of during my work.&lt;/p&gt;

&lt;p&gt;My package do not set up tmpfs on /var/run, /var/lock and /tmp, as
this is already done by Debian Edu.&lt;/p&gt;

&lt;p&gt;I have not yet started on the user space tuning.  I expect
iceweasel need some tuning, and perhaps other applications too, but
have not yet had time to investigate those parts.&lt;/p&gt;

&lt;p&gt;The package should work on Ubuntu too, but I have not yet tested it
there.&lt;/p&gt;

&lt;p&gt;As for the answer to the question in the title of this blog post,
as far as I know, the only solution I know about is to replace the
disk.  It might be possible to flash it with Intel firmware instead of
the Lenovo firmware.  But I have not tried and did not want to do so
without approval from Lenovo as I wanted to keep the warranty on the
disk until a solution was found and they wanted the broken disks
back.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Intel SSD 520 Series 180 GB with Lenovo firmware still lock up from sustained writes</title>
                <link>http://people.skolelinux.org/pere/blog/Intel_SSD_520_Series_180_GB_with_Lenovo_firmware_still_lock_up_from_sustained_writes.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Intel_SSD_520_Series_180_GB_with_Lenovo_firmware_still_lock_up_from_sustained_writes.html</guid>
                <pubDate>Wed, 10 Jul 2013 13:30:00 +0200</pubDate>
                <description>&lt;p&gt;A few days ago, I wrote about
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230_.html&quot;&gt;the
problems I experienced with my new X230 and its SSD disk&lt;/a&gt;, which
was dying during installation because it is unable to cope with
sustained write.  My supplier is in contact with
&lt;a href=&quot;http://www.lenovo.com/&quot;&gt;Lenovo&lt;/a&gt;, and they wanted to send a
replacement disk to try to fix the problem.  They decided to send an
identical model, so my hopes for a permanent fix was slim.&lt;/p&gt;

&lt;p&gt;Anyway, today I got the replacement disk and tried to install
Debian Edu Wheezy with encrypted disk on it.  The new disk have the
same firmware version as the original.  This time my hope raised
slightly as the installation progressed, as the original disk used to
die after 4-7% of the disk was written to, while this time it kept
going past 10%, 20%, 40% and even past 50%.  But around 60%, the disk
died again and I was back on square one.  I still do not have a new
laptop with a disk I can trust.  I can not live with a disk that might
lock up when I download a new
&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu / Skolelinux&lt;/a&gt; ISO or
other large files.  I look forward to hearing from my supplier with
the next proposal from Lenovo.&lt;/p&gt;

&lt;p&gt;The original disk is marked Intel SSD 520 Series 180 GB,
11S0C38722Z1ZNME35X1TR, ISN: CVCV321407HB180EGN, SA: G57560302, FW:
LF1i, 29MAY2013, PBA: G39779-300, LBA 351,651,888, LI P/N: 0C38722,
Pb-free 2LI, LC P/N: 16-200366, WWN: 55CD2E40002756C4, Model:
SSDSC2BW180A3L 2.5&quot; 6Gb/s SATA SSD 180G 5V 1A, ASM P/N 0C38732, FRU
P/N 45N8295, P0C38732.&lt;/p&gt;

&lt;p&gt;The replacement disk is marked Intel SSD 520 Series 180 GB,
11S0C38722Z1ZNDE34N0L0, ISN: CVCV315306RK180EGN, SA: G57560-302, FW:
LF1i, 22APR2013, PBA: G39779-300, LBA 351,651,888, LI P/N: 0C38722,
Pb-free 2LI, LC P/N: 16-200366, WWN: 55CD2E40000AB69E, Model:
SSDSC2BW180A3L 2.5&quot; 6Gb/s SATA SSD 180G 5V 1A, ASM P/N 0C38732, FRU
P/N 45N8295, P0C38732.&lt;/p&gt;

&lt;p&gt;The only difference is in the first number (serial number?), ISN,
SA, date and WNPP values.  Mentioning all the details here in case
someone is able to use the information to find a way to identify the
failing disk among working ones (if any such working disk actually
exist).&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>July 13th: Debian/Ubuntu BSP and Skolelinux/Debian Edu developer gathering in Oslo</title>
                <link>http://people.skolelinux.org/pere/blog/July_13th__Debian_Ubuntu_BSP_and_Skolelinux_Debian_Edu_developer_gathering_in_Oslo.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/July_13th__Debian_Ubuntu_BSP_and_Skolelinux_Debian_Edu_developer_gathering_in_Oslo.html</guid>
                <pubDate>Tue, 9 Jul 2013 10:40:00 +0200</pubDate>
                <description>&lt;p&gt;The upcoming Saturday, 2013-07-13, we are organising a combined
Debian Edu developer gathering and Debian and Ubuntu bug squashing
party in Oslo.  It is organised by &lt;a href=&quot;http://www.nuug.no/&quot;&gt;the
member assosiation NUUG&lt;/a&gt; and
&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;the Debian Edu / Skolelinux
project&lt;/a&gt; together with &lt;a href=&quot;http://bitraf.no/&quot;&gt;the hack space
Bitraf&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;It starts 10:00 and continue until late evening.  Everyone is
welcome, and there is no fee to participate.  There is on the other
hand limited space, and only room for 30 people.  Please put your name
on &lt;a href=&quot;http://wiki.debian.org/BSP/2013/07/13/no/Oslo&quot;&gt;the event
wiki page&lt;/a&gt; if you plan to join us.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>The Thinkpad is dead, long live the Thinkpad X230?</title>
                <link>http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230_.html</guid>
                <pubDate>Fri, 5 Jul 2013 08:30:00 +0200</pubDate>
                <description>&lt;p&gt;Half a year ago, I reported that I had to find a
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Thank_you_Thinkpad_X41__for_your_long_and_trustworthy_service.html&quot;&gt;replacement
for my trusty old Thinkpad X41&lt;/a&gt;.  Unfortunately I did not have much
time to spend on it, and it took a while to find a model I believe
will do the job, but two days ago the replacement finally arrived.  I
ended up picking a
&lt;a href=&quot;http://www.linlap.com/lenovo_thinkpad_x230&quot;&gt;Thinkpad X230&lt;/a&gt;
with SSD disk (NZDAJMN).  I first test installed Debian Edu Wheezy as
a roaming workstation, and it seemed to work flawlessly.  But my
second installation with encrypted disk was not as successful.  More
on that below.&lt;/p&gt;

&lt;p&gt;I had a hard time trying to track down a good laptop, as my most
important requirements (robust and with a good keyboard) are never
listed in the feature list.  But I did get good help from the search
feature at &lt;a href=&quot;http://www.prisjakt.no/&quot;&gt;Prisjakt&lt;/a&gt;, which
allowed me to limit the list of interesting laptops based on my other
requirements.  A bit surprising that SSD disk are not disks according
to that search interface, so I had to drop specifying the number of
disks from my search parameters.  I also asked around among friends to
get their impression on keyboards and robustness.&lt;/p&gt;

&lt;p&gt;So the new laptop arrived, and it is quite a lot wider than the
X41.  I am not quite convinced about the keyboard, as it is
significantly wider than my old keyboard, and I have to stretch my
hand a lot more to reach the edges.  But the key response is fairly
good and the individual key shape is fairly easy to handle, so I hope
I will get used to it.  My old X40 was starting to fail, and I really
needed a new laptop now. :)&lt;/p&gt;

&lt;p&gt;Turning off the touch pad was simple.  All it took was a quick
visit to the BIOS during boot it disable it.&lt;/p&gt;

&lt;p&gt;But there is a fatal problem with the laptop.  The 180 GB SSD disk
lock up during load.  And this happen when installing Debian Wheezy
with encrypted disk, while the disk is being filled with random data.
I also tested to install Ubuntu Raring, and it happen there too if I
reenable the code to fill the disk with random data (it is disabled by
default in Ubuntu).  And the bug with is already known.  It was
reported to Debian as &lt;a href=&quot;http://bugs.debian.org/691427&quot;&gt;BTS
report #691427 2012-10-25&lt;/a&gt; (journal commit I/O error on brand-new
Thinkpad T430s ext4 on lvm on SSD).  It is also reported to the Linux
kernel developers as
&lt;a href=&quot;https://bugzilla.kernel.org/show_bug.cgi?id=51861&quot;&gt;Kernel bugzilla
report #51861 2012-12-20&lt;/a&gt; (Intel SSD 520 stops working under load
(SSDSC2BW180A3L in Lenovo ThinkPad T430s)). It is also reported on the
Lenovo forums, both for
&lt;a href=&quot;http://forums.lenovo.com/t5/T400-T500-and-newer-T-series/T430s-Intel-SSD-520-180GB-issue/m-p/1070549&quot;&gt;T430
2012-11-10&lt;/a&gt; and for
&lt;a href=&quot;http://forums.lenovo.com/t5/X-Series-ThinkPad-Laptops/x230-SATA-errors-with-180GB-Intel-520-SSD-under-heavy-write-load/m-p/1068147&quot;&gt;X230
03-20-2013&lt;/a&gt;.  The problem do not only affect installation.  The
reports state that the disk lock up during use if many writes are done
on the disk, so it is much no use to work around the installation
problem and end up with a computer that can lock up at any moment.
There is even a
&lt;a href=&quot;https://git.efficios.com/?p=test-ssd.git&quot;&gt;small C program
available&lt;/a&gt; that will lock up the hard drive after running a few
minutes by writing to a file.&lt;/p&gt;

&lt;p&gt;I&#39;ve contacted my supplier and asked how to handle this, and after
contacting PCHELP Norway (request 01D1FDP) which handle support
requests for Lenovo, his first suggestion was to upgrade the disk
firmware.  Unfortunately there is no newer firmware available from
Lenovo, as my disk already have the most recent one (version LF1i).  I
hope to hear more from him today and hope the problem can be
fixed. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>The Thinkpad is dead, long live the Thinkpad X230</title>
                <link>http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_Thinkpad_is_dead__long_live_the_Thinkpad_X230.html</guid>
                <pubDate>Thu, 4 Jul 2013 09:20:00 +0200</pubDate>
                <description>&lt;p&gt;Half a year ago, I reported that I had to find a replacement for my
trusty old Thinkpad X41.  Unfortunately I did not have much time to
spend on it, but today the replacement finally arrived.  I ended up
picking a &lt;a href=&quot;http://www.linlap.com/lenovo_thinkpad_x230&quot;&gt;Thinkpad
X230&lt;/a&gt; with SSD disk (NZDAJMN).  I first test installed Debian Edu
Wheezy as a roaming workstation, and it worked flawlessly.  As I write
this, it is installing what I hope will be a more final installation,
with a encrypted hard drive to ensure any dope head stealing it end up
with an expencive door stop.&lt;/p&gt;

&lt;p&gt;I had a hard time trying to track down a good laptop, as my most
important requirements (robust and with a good keyboard) are never
listed in the feature list.  But I did get good help from the search
feature at &lt;ahref=&quot;http://www.prisjakt.no/&quot;&gt;Prisjakt&lt;/a&gt;, which
allowed me to limit the list of interesting laptops based on my other
requirements.  A bit surprising that SSD disk are not disks, so I had
to drop number of disks from my search parameters.&lt;/p&gt;

&lt;p&gt;I am not quite convinced about the keyboard, as it is significantly
wider than my old keyboard, and I have to stretch my hand a lot more
to reach the edges.  But the key response is fairly good and the
individual key shape is fairly easy to handle, so I hope I will get
used to it.  My old X40 was starting to fail, and I really needed a
new laptop now. :)&lt;/p&gt;

&lt;p&gt;I look forward to figuring out how to turn off the touch pad.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Automatically locate and install required firmware packages on Debian (Isenkram 0.4)</title>
                <link>http://people.skolelinux.org/pere/blog/Automatically_locate_and_install_required_firmware_packages_on_Debian__Isenkram_0_4_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Automatically_locate_and_install_required_firmware_packages_on_Debian__Isenkram_0_4_.html</guid>
                <pubDate>Tue, 25 Jun 2013 11:50:00 +0200</pubDate>
                <description>&lt;p&gt;It annoys me when the computer fail to do automatically what it is
perfectly capable of, and I have to do it manually to get things
working.  One such task is to find out what firmware packages are
needed to get the hardware on my computer working.  Most often this
affect the wifi card, but some times it even affect the RAID
controller or the ethernet card.  Today I pushed version 0.4 of the
&lt;a href=&quot;http://packages.qa.debian.org/isenkram&quot;&gt;Isenkram package&lt;/a&gt;
including a new script isenkram-autoinstall-firmware handling the
process of asking all the loaded kernel modules what firmware files
they want, find debian packages providing these files and install the
debian packages.  Here is a test run on my laptop:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
# isenkram-autoinstall-firmware 
info: kernel drivers requested extra firmware: ipw2200-bss.fw ipw2200-ibss.fw ipw2200-sniffer.fw
info: fetching http://http.debian.net/debian/dists/squeeze/Contents-i386.gz
info: locating packages with the requested firmware files
info: Updating APT sources after adding non-free APT source
info: trying to install firmware-ipw2x00
firmware-ipw2x00
firmware-ipw2x00
Preconfiguring packages ...
Selecting previously deselected package firmware-ipw2x00.
(Reading database ... 259727 files and directories currently installed.)
Unpacking firmware-ipw2x00 (from .../firmware-ipw2x00_0.28+squeeze1_all.deb) ...
Setting up firmware-ipw2x00 (0.28+squeeze1) ...
# 
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;When all the requested firmware is present, a simple message is
printed instead:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
# isenkram-autoinstall-firmware 
info: did not find any firmware files requested by loaded kernel modules.  exiting
# 
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;It could use some polish, but it is already working well and saving
me some time when setting up new machines. :)&lt;/p&gt;

&lt;p&gt;So, how does it work?  It look at the set of currently loaded
kernel modules, and look up each one of them using modinfo, to find
the firmware files listed in the module meta-information.  Next, it
download the Contents file from a nearby APT mirror, and search for
the firmware files in this file to locate the package with the
requested firmware file.  If the package is in the non-free section, a
non-free APT source is added and the package is installed using
&lt;tt&gt;apt-get install&lt;/tt&gt;.  The end result is a slightly better working
machine.&lt;/p&gt;

&lt;p&gt;I hope someone find time to implement a more polished version of
this script as part of the hw-detect debian-installer module, to
finally fix &lt;a href=&quot;http://bugs.debian.org/655507&quot;&gt;BTS report
#655507&lt;/a&gt;.  There really is no need to insert USB sticks with
firmware during a PXE install when the packages already are available
from the nearby Debian mirror.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Fixing the Linux black screen of death on machines with Intel HD video</title>
                <link>http://people.skolelinux.org/pere/blog/Fixing_the_Linux_black_screen_of_death_on_machines_with_Intel_HD_video.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Fixing_the_Linux_black_screen_of_death_on_machines_with_Intel_HD_video.html</guid>
                <pubDate>Tue, 11 Jun 2013 11:00:00 +0200</pubDate>
                <description>&lt;p&gt;When installing RedHat, Fedora, Debian and Ubuntu on some machines,
the screen just turn black when Linux boot, either during installation
or on first boot from the hard disk.  I&#39;ve seen it once in a while the
last few years, but only recently understood the cause.  I&#39;ve seen it
on HP laptops, and on my latest acquaintance the Packard Bell laptop.
The reason seem to be in the wiring of some laptops.  The system to
control the screen background light is inverted, so when Linux try to
turn the brightness fully on, it end up turning it off instead.  I do
not know which Linux drivers are affected, but this post is about the
i915 driver used by the
&lt;a href=&quot;http://www.linlap.com/packard_bell_easynote_lv&quot;&gt;Packard Bell
EasyNote LV&lt;/a&gt;, Thinkpad X40 and many other laptops.&lt;/p&gt;

&lt;p&gt;The problem can be worked around two ways.  Either by adding
i915.invert_brightness=1 as a kernel option, or by adding a file in
/etc/modprobe.d/ to tell modprobe to add the invert_brightness=1
option when it load the i915 kernel module.  On Debian and Ubuntu, it
can be done by running these commands as root:&lt;/p&gt;

&lt;pre&gt;
echo options i915 invert_brightness=1 | tee /etc/modprobe.d/i915.conf
update-initramfs -u -k all
&lt;/pre&gt;

&lt;p&gt;Since March 2012 there is
&lt;a href=&quot;http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca20efb1a9c2efefc28ad2867e5d6c3f5e1955&quot;&gt;a
mechanism in the Linux kernel&lt;/a&gt; to tell the i915 driver which
hardware have this problem, and get the driver to invert the
brightness setting automatically.  To use it, one need to add a row in
&lt;a href=&quot;http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/i915/intel_display.c&quot;&gt;the
intel_quirks array&lt;/a&gt; in the driver source
&lt;tt&gt;drivers/gpu/drm/i915/intel_display.c&lt;/tt&gt; (look for &quot;&lt;tt&gt;static
struct intel_quirk intel_quirks&lt;/tt&gt;&quot;), specifying the PCI device
number (vendor number 8086 is assumed) and subdevice vendor and device
number.&lt;/p&gt;

&lt;p&gt;My Packard Bell EasyNote LV got this output from &lt;tt&gt;lspci
-vvnn&lt;/tt&gt; for the video card in question:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
00:02.0 VGA compatible controller [0300]: Intel Corporation \
    3rd Gen Core processor Graphics Controller [8086:0156] \
    (rev 09) (prog-if 00 [VGA controller])
 Subsystem: Acer Incorporated [ALI] Device [1025:0688]
 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- \
    ParErr- Stepping- SE RR- FastB2B- DisINTx+
 Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=fast &gt;TAbort- \
    &lt;TAbort- &lt;MAbort-&gt;SERR- &lt;PERR- INTx-
 Latency: 0
 Interrupt: pin A routed to IRQ 42
 Region 0: Memory at c2000000 (64-bit, non-prefetchable) [size=4M]
 Region 2: Memory at b0000000 (64-bit, prefetchable) [size=256M]
 Region 4: I/O ports at 4000 [size=64]
 Expansion ROM at &lt;unassigned&gt; [disabled]
 Capabilities: &lt;access denied&gt;
 Kernel driver in use: i915
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;The resulting intel_quirks entry would then look like this:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
struct intel_quirk intel_quirks[] = {
       ...
        /* Packard Bell EasyNote LV11HC needs invert brightness quirk */
        { 0x0156, 0x1025, 0x0688, quirk_invert_brightness },
       ...
}
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;According to the kernel module instructions (as seen using
&lt;tt&gt;modinfo i915&lt;/tt&gt;), information about hardware needing the
invert_brightness flag should be sent to the
&lt;a href=&quot;http://lists.freedesktop.org/mailman/listinfo/dri-devel&quot;&gt;dri-devel
(at) lists.freedesktop.org&lt;/a&gt; mailing list to reach the kernel
developers.  But my email about the laptop sent 2013-06-03 have not
yet shown up in
&lt;a href=&quot;http://lists.freedesktop.org/archives/dri-devel/2013-June/thread.html&quot;&gt;the
web archive for the mailing list&lt;/a&gt;, so I suspect they do not accept
emails from non-subscribers.  Because of this, I sent my patch also to
the Debian bug tracking system instead as
&lt;a href=&quot;http://bugs.debian.org/710938&quot;&gt;BTS report #710938&lt;/a&gt;, to make
sure the patch is not lost.&lt;/p&gt;

&lt;p&gt;Unfortunately, it is not enough to fix the kernel to get Laptops
with this problem working properly with Linux.  If you use Gnome, your
worries should be over at this point.  But if you use KDE, there is
something in KDE ignoring the invert_brightness setting and turning on
the screen during login.  I&#39;ve reported it to Debian as
&lt;a href=&quot;http://bugs.debian.org/711237&quot;&gt;BTS report #711237&lt;/a&gt;, and
have no idea yet how to figure out exactly what subsystem is doing
this.  Perhaps you can help?  Perhaps you know what the Gnome
developers did to handle this, and this can give a clue to the KDE
developers?  Or you know where in KDE the screen brightness is changed
during login?  If so, please update the BTS report (or get in touch if
you do not know how to update BTS).&lt;/p&gt;

&lt;p&gt;Update 2013-07-19: The correct fix for this machine seem to be
acpi_backlight=vendor, to disable ACPI backlight support completely,
as the ACPI information on the machine is trash and it is better to
leave it to the intel video driver to control the screen
backlight.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to install Linux on a Packard Bell Easynote LV preinstalled with Windows 8</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_install_Linux_on_a_Packard_Bell_Easynote_LV_preinstalled_with_Windows_8.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_install_Linux_on_a_Packard_Bell_Easynote_LV_preinstalled_with_Windows_8.html</guid>
                <pubDate>Mon, 27 May 2013 15:20:00 +0200</pubDate>
                <description>&lt;p&gt;Two days ago, I asked
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/How_can_I_install_Linux_on_a_Packard_Bell_Easynote_LV_preinstalled_with_Windows_8_.html&quot;&gt;how
I could install Linux on a Packard Bell EasyNote LV computer
preinstalled with Windows 8&lt;/a&gt;.  I found a solution, but am horrified
with the obstacles put in the way of Linux users on a laptop with UEFI
and Windows 8.&lt;/p&gt;

&lt;p&gt;I never found out if the cause of my problems were the use of UEFI
secure booting or fast boot.  I suspect fast boot was the problem,
causing the firmware to boot directly from HD without considering any
key presses and alternative devices, but do not know UEFI settings
enough to tell.&lt;/p&gt;

&lt;p&gt;There is no way to install Linux on the machine in question without
opening the box and disconnecting the hard drive!  This is as far as I
can tell, the only way to get access to the firmware setup menu
without accepting the Windows 8 license agreement.  I am told (and
found description on how to) that it is possible to configure the
firmware setup once booted into Windows 8.  But as I believe the terms
of that agreement are completely unacceptable, accepting the license
was never an alternative.  I do not enter agreements I do not intend
to follow.&lt;/p&gt;

&lt;p&gt;I feared I had to return the laptops and ask for a refund, and
waste many hours on this, but luckily there was a way to get it to
work.  But I would not recommend it to anyone planning to run Linux on
it, and I have become sceptical to Windows 8 certified laptops.  Is
this the way Linux will be forced out of the market place, by making
it close to impossible for &quot;normal&quot; users to install Linux without
accepting the Microsoft Windows license terms?  Or at least not
without risking to loose the warranty?&lt;/p&gt;

&lt;p&gt;I&#39;ve updated the
&lt;a href=&quot;http://www.linlap.com/packard_bell_easynote_lv&quot;&gt;Linux Laptop
wiki page for Packard Bell EasyNote LV&lt;/a&gt;, to ensure the next person
do not have to struggle as much as I did to get Linux into the
machine.&lt;/p&gt;

&lt;p&gt;Thanks to Bob Rosbag, Florian Weimer, Philipp Kern, Ben Hutching,
Michael Tokarev and others for feedback and ideas.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How can I install Linux on a Packard Bell Easynote LV preinstalled with Windows 8?</title>
                <link>http://people.skolelinux.org/pere/blog/How_can_I_install_Linux_on_a_Packard_Bell_Easynote_LV_preinstalled_with_Windows_8_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_can_I_install_Linux_on_a_Packard_Bell_Easynote_LV_preinstalled_with_Windows_8_.html</guid>
                <pubDate>Sat, 25 May 2013 18:20:00 +0200</pubDate>
                <description>&lt;p&gt;I&#39;ve run into quite a problem the last few days.  I bought three
new laptops for my parents and a few others.  I bought Packard Bell
Easynote LV to run Kubuntu on and use as their home computer.  But I
am completely unable to figure out how to install Linux on it.  The
computer is preinstalled with Windows 8, and I suspect it uses UEFI
instead of a BIOS to boot.&lt;/p&gt;

&lt;p&gt;The problem is that I am unable to get it to PXE boot, and unable
to get it to boot the Linux installer from my USB stick.  I have yet
to try the DVD install, and still hope it will work.  when I turn on
the computer, there is no information on what buttons to press to get
the normal boot menu.  I expect to get some boot menu to select PXE or
USB stick booting.  When booting, it first ask for the language to
use, then for some regional settings, and finally if I will accept the
Windows 8 terms of use.  As these terms are completely unacceptable to
me, I have no other choice but to turn off the computer and try again
to get it to boot the Linux installer.&lt;/p&gt;

&lt;p&gt;I have gathered my findings so far on a Linlap page about the
&lt;a href=&quot;http://www.linlap.com/packard_bell_easynote_lv&quot;&gt;Packard Bell
EasyNote LV&lt;/a&gt; model.  If you have any idea how to get Linux
installed on this machine, please get in touch or update that wiki
page.  If I can&#39;t find a way to install Linux, I will have to return
the laptop to the seller and find another machine for my parents.&lt;/p&gt;

&lt;p&gt;I wonder, is this the way Linux will be forced out of the market
using UEFI and &quot;secure boot&quot; by making it impossible to install Linux
on new Laptops?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to transform a Debian based system to a Debian Edu installation</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_transform_a_Debian_based_system_to_a_Debian_Edu_installation.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_transform_a_Debian_based_system_to_a_Debian_Edu_installation.html</guid>
                <pubDate>Fri, 17 May 2013 11:50:00 +0200</pubDate>
                <description>&lt;p&gt;&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu / Skolelinux&lt;/a&gt; is
an operating system based on Debian intended for use in schools.  It
contain a turn-key solution for the computer network provided to
pupils in the primary schools.  It provide both the central server,
network boot servers and desktop environments with heaps of
educational software.  The project was founded almost 12 years ago,
2001-07-02.  If you want to support the project, which is in need for
cash to fund developer gatherings and other project related activity,
&lt;a href=&quot;http://www.linuxiskolen.no/slxdebianlabs/donations.html&quot;&gt;please
donate some money&lt;/a&gt;.

&lt;p&gt;A topic that come up again and again on the Debian Edu mailing
lists and elsewhere, is the question on how to transform a Debian or
Ubuntu installation into a Debian Edu installation.  It isn&#39;t very
hard, and last week I wrote a script to replicate the steps done by
the Debian Edu installer.&lt;/p&gt;

&lt;p&gt;The script,
&lt;a href=&quot;http://anonscm.debian.org/viewvc/debian-edu/branches/wheezy/debian-edu-config/share/debian-edu-config/tools/debian-edu-bless?view=markup&quot;&gt;debian-edu-bless&lt;a/&gt;
in the debian-edu-config package, will go through these six steps and
transform an existing Debian Wheezy or Ubuntu (untested) installation
into a Debian Edu Workstation:&lt;/p&gt;

&lt;ol&gt;

&lt;li&gt;Add skolelinux related APT sources.&lt;/li&gt;
&lt;li&gt;Create /etc/debian-edu/config with the wanted configuration.&lt;/li&gt;
&lt;li&gt;Install debian-edu-install to load preseeding values and pull in
    our configuration.&lt;/li&gt;
&lt;li&gt;Preseed debconf database with profile setup in
    /etc/debian-edu/config, and run tasksel to install packages
    according to the profile specified in the config above,
    overriding some of the Debian automation machinery.&lt;/li&gt;
&lt;li&gt;Run debian-edu-cfengine-D installation to configure everything
    that could not be done using preseeding.&lt;/li&gt;
&lt;li&gt;Ask for a reboot to enable all the configuration changes.&lt;/li&gt;

&lt;/ol&gt;

&lt;p&gt;There are some steps in the Debian Edu installation that can not be
replicated like this.  Disk partitioning and LVM setup, for example.
So this script just assume there is enough disk space to install all
the needed packages.&lt;/p&gt;

&lt;p&gt;The script was created to help a Debian Edu student working on
setting up &lt;a href=&quot;http://www.raspberrypi.org&quot;&gt;Raspberry Pi&lt;/a&gt; as a
Debian Edu client, and using it he can take the existing
&lt;a href=&quot;http://www.raspbian.org/FrontPage‎&quot;&gt;Raspbian&lt;/a&gt; installation and
transform it into a fully functioning Debian Edu Workstation (or
Roaming Workstation, or whatever :).&lt;/p&gt;

&lt;p&gt;The default setting in the script is to create a KDE Workstation.
If a LXDE based Roaming workstation is wanted instead, modify the
PROFILE and DESKTOP values at the top to look like this instead:&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
PROFILE=&quot;Roaming-Workstation&quot;
DESKTOP=&quot;lxde&quot;
&lt;/pre&gt;&lt;/p&gt;

&lt;p&gt;The script could even become useful to set up Debian Edu servers in
the cloud, by starting with a virtual Debian installation at some
virtual hosting service and setting up all the services on first
boot.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian, the Linux distribution of choice for LEGO designers?</title>
                <link>http://people.skolelinux.org/pere/blog/Debian__the_Linux_distribution_of_choice_for_LEGO_designers_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian__the_Linux_distribution_of_choice_for_LEGO_designers_.html</guid>
                <pubDate>Sat, 11 May 2013 20:30:00 +0200</pubDate>
                <description>&lt;P&gt;In January,
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/New_IRC_channel_for_LEGO_designers_using_Debian.html&quot;&gt;I
announced a&lt;/a&gt; new &lt;a href=&quot;irc://irc.debian.org/%23debian-lego&quot;&gt;IRC
channel #debian-lego&lt;/a&gt;, for those of us in the Debian and Linux
community interested in &lt;a href=&quot;http://www.lego.com/&quot;&gt;LEGO&lt;/a&gt;, the
marvellous construction system from Denmark.  We also created
&lt;a href=&quot;http://wiki.debian.org/LegoDesigners&quot;&gt;a wiki page&lt;/a&gt; to have
a place to take notes and write down our plans and hopes.  And several
people showed up to help.  I was very happy to see the effect of my
call.  Since the small start, we have a debtags tag
&lt;a href=&quot;http://debtags.debian.net/search/bytag?wl=hardware::hobby:lego&quot;&gt;hardware::hobby:lego&lt;/a&gt;
tag for LEGO related packages, and now count 10 packages related to
LEGO and &lt;a href=&quot;http://mindstorms.lego.com/&quot;&gt;Mindstorms&lt;/a&gt;:&lt;/p&gt;

&lt;p&gt;&lt;table&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/brickos&quot;&gt;brickos&lt;/a&gt;&lt;/td&gt;&lt;td&gt;alternative OS for LEGO Mindstorms RCX. Supports development in C/C++&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/leocad&quot;&gt;leocad&lt;/a&gt;&lt;/td&gt;&lt;td&gt;virtual brick CAD software&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/libnxt&quot;&gt;libnxt&lt;/a&gt;&lt;/td&gt;&lt;td&gt;utility library for talking to the LEGO Mindstorms NX&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/lnpd&quot;&gt;lnpd&lt;/a&gt;&lt;/td&gt;&lt;td&gt;daemon for LNP communication with BrickOS&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/nbc&quot;&gt;nbc&lt;/a&gt;&lt;/td&gt;&lt;td&gt;compiler for LEGO Mindstorms NXT bricks&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/nqc&quot;&gt;nqc&lt;/a&gt;&lt;/td&gt;&lt;td&gt;Not Quite C compiler for LEGO Mindstorms RCX&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/python-nxt&quot;&gt;python-nxt&lt;/a&gt;&lt;/td&gt;&lt;td&gt;python driver/interface/wrapper for the Lego Mindstorms NXT robot&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/python-nxt-filer&quot;&gt;python-nxt-filer&lt;/a&gt;&lt;/td&gt;&lt;td&gt;simple GUI to manage files on a LEGO Mindstorms NXT&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/scratch&quot;&gt;scratch&lt;/a&gt;&lt;/td&gt;&lt;td&gt;easy to use programming environment for ages 8 and up&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td&gt;&lt;a href=&quot;http://packages.qa.debian.org/t2n&quot;&gt;t2n&lt;/a&gt;&lt;/td&gt;&lt;td&gt;simple command-line tool for Lego NXT&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;&lt;/p&gt;

&lt;p&gt;Some of these are available in Wheezy, and all but one are
currently available in Jessie/testing.  leocad is so far only
available in experimental.&lt;/p&gt;

&lt;p&gt;If you care about LEGO in Debian, please join us on IRC and help
adding the rest of the great free software tools available on Linux
for LEGO designers.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian Wheezy is out - and Debian Edu / Skolelinux should soon follow! #newinwheezy</title>
                <link>http://people.skolelinux.org/pere/blog/Debian_Wheezy_is_out___and_Debian_Edu___Skolelinux_should_soon_follow___newinwheezy.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Wheezy_is_out___and_Debian_Edu___Skolelinux_should_soon_follow___newinwheezy.html</guid>
                <pubDate>Sun, 5 May 2013 07:40:00 +0200</pubDate>
                <description>&lt;p&gt;When I woke up this morning, I was very happy to see that the
&lt;a href=&quot;http://www.debian.org/News/2013/20130504&quot;&gt;release announcement
for Debian Wheezy&lt;/a&gt; was waiting in my mail box.  This is a great
Debian release, and I expect to move my machines at home over to it fairly
soon.&lt;/p&gt;

&lt;p&gt;The new debian release contain heaps of new stuff, and one program
in particular make me very happy to see included.  The
&lt;a href=&quot;http://scratch.mit.edu/&quot;&gt;Scratch&lt;/a&gt; program, made famous by
the &lt;a href=&quot;http://www.code.org/&quot;&gt;Teach kids code&lt;/a&gt; movement, is
included for the first time.  Alongside similar programs like
&lt;a href=&quot;http://edu.kde.org/kturtle/&quot;&gt;kturtle&lt;/a&gt; and
&lt;a href=&quot;http://wiki.sugarlabs.org/go/Activities/Turtle_Art&quot;&gt;turtleart&lt;/a&gt;,
it allow for visual programming where syntax errors can not happen,
and a friendly programming environment for learning to control the
computer.  Scratch will also be included in the next release of Debian
Edu.&lt;/a&gt;

&lt;p&gt;And now that Wheezy is wrapped up, we can wrap up the next Debian
Edu/Skolelinux release too.  The
&lt;a href=&quot;http://lists.debian.org/debian-edu/2013/04/msg00132.html&quot;&gt;first
alpha release&lt;/a&gt; went out last week, and the next should soon
follow.&lt;p&gt;
</description>
        </item>
        
        <item>
                <title>Isenkram 0.2 finally in the Debian archive</title>
                <link>http://people.skolelinux.org/pere/blog/Isenkram_0_2_finally_in_the_Debian_archive.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Isenkram_0_2_finally_in_the_Debian_archive.html</guid>
                <pubDate>Wed, 3 Apr 2013 23:40:00 +0200</pubDate>
                <description>&lt;p&gt;Today the &lt;a href=&quot;http://packages.qa.debian.org/isenkram&quot;&gt;Isenkram
package&lt;/a&gt; finally made it into the archive, after lingering in NEW
for many months.  I uploaded it to the Debian experimental suite
2013-01-27, and today it was accepted into the archive.&lt;/p&gt;

&lt;p&gt;Isenkram is a system for suggesting to users what packages to
install to work with a pluggable hardware device.  The suggestion pop
up when the device is plugged in.  For example if a Lego Mindstorm NXT
is inserted, it will suggest to install the program needed to program
the NXT controller.  Give it a go, and report bugs and suggestions to
BTS. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Bitcoin GUI now available from Debian/unstable (and Ubuntu/raring)</title>
                <link>http://people.skolelinux.org/pere/blog/Bitcoin_GUI_now_available_from_Debian_unstable__and_Ubuntu_raring_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Bitcoin_GUI_now_available_from_Debian_unstable__and_Ubuntu_raring_.html</guid>
                <pubDate>Sat, 2 Feb 2013 09:00:00 +0100</pubDate>
                <description>&lt;p&gt;My
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/How_to_backport_bitcoin_qt_version_0_7_2_2_to_Debian_Squeeze.html&quot;&gt;last
bitcoin related blog post&lt;/a&gt; mentioned that the new
&lt;a href=&quot;http://packages.qa.debian.org/bitcoin&quot;&gt;bitcoin package&lt;/a&gt; for
Debian was waiting in NEW.  It was accepted by the Debian ftp-masters
2013-01-19, and have been available in unstable since then.  It was
automatically copied to Ubuntu, and is available in their Raring
version too.&lt;/p&gt;

&lt;p&gt;But there is a strange problem with the build that block this new
version from being available on the i386 and kfreebsd-i386
architectures.  For some strange reason, the autobuilders in Debian
for these architectures fail to run the test suite on these
architectures (&lt;a href=&quot;http://bugs.debian.org/672524&quot;&gt;BTS #672524&lt;/a&gt;).
We are so far unable to reproduce it when building it manually, and
no-one have been able to propose a fix.  If you got an idea what is
failing, please let us know via the BTS.&lt;/p&gt;

&lt;p&gt;One feature that is annoying me with of the bitcoin client, because
I often run low on disk space, is the fact that the client will exit
if it run short on space (&lt;a href=&quot;http://bugs.debian.org/696715&quot;&gt;BTS
#696715&lt;/a&gt;).  So make sure you have enough disk space when you run
it. :)&lt;/p&gt;

&lt;p&gt;As usual, if you use bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Welcome to the world, Isenkram!</title>
                <link>http://people.skolelinux.org/pere/blog/Welcome_to_the_world__Isenkram_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Welcome_to_the_world__Isenkram_.html</guid>
                <pubDate>Tue, 22 Jan 2013 22:00:00 +0100</pubDate>
                <description>&lt;p&gt;Yesterday, I
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/First_prototype_ready_making_hardware_easier_to_use_in_Debian.html&quot;&gt;asked
for testers&lt;/a&gt; for my prototype for making Debian better at handling
pluggable hardware devices, which I
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Lets_make_hardware_dongles_easier_to_use_in_Debian.html&quot;&gt;set
out to create&lt;/a&gt; earlier this month.  Several valuable testers showed
up, and caused me to really want to to open up the development to more
people.  But before I did this, I want to come up with a sensible name
for this project.  Today I finally decided on a new name, and I have
renamed the project from hw-support-handler to this new name.  In the
process, I moved the source to git and made it available as a
&lt;a href=&quot;http://anonscm.debian.org/gitweb/?p=collab-maint/isenkram.git&quot;&gt;collab-maint&lt;/a&gt;
repository in Debian.  The new name?  It is &lt;strong&gt;Isenkram&lt;/strong&gt;.
To fetch and build the latest version of the source, use&lt;/p&gt;

&lt;pre&gt;
git clone http://anonscm.debian.org/git/collab-maint/isenkram.git
cd isenkram &amp;&amp; git-buildpackage -us -uc
&lt;/pre&gt;

&lt;p&gt;I have not yet adjusted all files to use the new name yet.  If you
want to hack on the source or improve the package, please go ahead.
But please talk to me first on IRC or via email before you do major
changes, to make sure we do not step on each others toes. :)&lt;/p&gt;

&lt;p&gt;If you wonder what &#39;isenkram&#39; is, it is a Norwegian word for iron
stuff, typically meaning tools, nails, screws, etc.  Typical hardware
stuff, in other words.  I&#39;ve been told it is the Norwegian variant of
the German word eisenkram, for those that are familiar with that
word.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2013-01-26&lt;/strong&gt;: Added -us -us to build
instructions, to avoid confusing people with an error from the signing
process.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2013-01-27&lt;/strong&gt;: Switch to HTTP URL for the git
clone argument to avoid the need for authentication.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>First prototype ready making hardware easier to use in Debian</title>
                <link>http://people.skolelinux.org/pere/blog/First_prototype_ready_making_hardware_easier_to_use_in_Debian.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/First_prototype_ready_making_hardware_easier_to_use_in_Debian.html</guid>
                <pubDate>Mon, 21 Jan 2013 12:00:00 +0100</pubDate>
                <description>&lt;p&gt;Early this month I set out to try to
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Lets_make_hardware_dongles_easier_to_use_in_Debian.html&quot;&gt;improve
the Debian support for pluggable hardware devices&lt;/a&gt;.  Now my
prototype is working, and it is ready for a larger audience.  To test
it, fetch the
&lt;a href=&quot;http://anonscm.debian.org/viewvc/debian-edu/trunk/src/hw-support-handler/&quot;&gt;source
from the Debian Edu subversion repository&lt;/a&gt;, build and install the
package.  You might have to log out and in again activate the
autostart script.&lt;/p&gt;

&lt;p&gt;The design is simple:&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;Add desktop entry in /usr/share/autostart/ causing a program
hw-support-handlerd to start when the user log in.&lt;/li&gt;

&lt;li&gt;This program listen for kernel events about new hardware (directly
from the kernel like udev does), not using HAL dbus events as I
initially did.&lt;/li&gt;

&lt;li&gt;When new hardware is inserted, look up the hardware modalias in
the APT database, a database
&lt;a href=&quot;http://anonscm.debian.org/viewvc/debian-edu/trunk/src/hw-support-handler/modaliases?view=markup&quot;&gt;available
via HTTP&lt;/a&gt; and a database available as part of the package.&lt;/li&gt;

&lt;li&gt;If a package is mapped to the hardware in question, the package
isn&#39;t installed yet and this is the first time the hardware was
plugged in, show a desktop notification suggesting to install the
package or packages.&lt;/li&gt;

&lt;li&gt;If the user click on the &#39;install package now&#39; button, ask
aptdaemon via the PackageKit API to install the requrired package.&lt;/li&gt;

&lt;li&gt;aptdaemon ask for root password or sudo password, and install the
package while showing progress information in a window.&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;I still need to come up with a better name for the system.  Here
are some screen shots showing the prototype in action.  First the
notification, then the password request, and finally the request to
approve all the dependencies.  Sorry for the Norwegian Bokmål GUI.&lt;/p&gt;

&lt;p&gt;&lt;img src=&quot;http://people.skolelinux.org/pere/blog/images/2013-01-21-hw-support-1-notification.png&quot;&gt;
&lt;br&gt;&lt;img src=&quot;http://people.skolelinux.org/pere/blog/images/2013-01-21-hw-support-2-password.png&quot;&gt;
&lt;br&gt;&lt;img src=&quot;http://people.skolelinux.org/pere/blog/images/2013-01-21-hw-support-3-dependencies.png&quot;&gt;
&lt;br&gt;&lt;img src=&quot;http://people.skolelinux.org/pere/blog/images/2013-01-21-hw-support-4-installing.png&quot;&gt;
&lt;br&gt;&lt;img src=&quot;http://people.skolelinux.org/pere/blog/images/2013-01-21-hw-support-5-installing-details.png&quot; width=&quot;70%&quot;&gt;&lt;/p&gt;

&lt;p&gt;The prototype still need to be improved with longer timeouts, but
is already useful.  The database of hardware to package mappings also
need more work.  It is currently compatible with the Ubuntu way of
storing such information in the package control file, but could be
changed to use other formats instead or in addition to the current
method.  I&#39;ve dropped the use of discover for this mapping, as the
modalias approach is more flexible and easier to use on Linux as long
as the Linux kernel expose its modalias strings directly.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2013-01-21 16:50&lt;/strong&gt;: Due to popular demand,
here is the command required to check out and build the source: Use
&#39;&lt;tt&gt;svn checkout
svn://svn.debian.org/debian-edu/trunk/src/hw-support-handler/; cd
hw-support-handler; debuild&lt;/tt&gt;&#39;.  If you lack debuild, install the
devscripts package.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2013-01-23 12:00&lt;/strong&gt;: The project is now
renamed to Isenkram and the source moved from the Debian Edu
subversion repository to a Debian collab-maint git repository.  See
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Welcome_to_the_world__Isenkram_.html&quot;&gt;build
instructions&lt;/a&gt; for details.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Thank you Thinkpad X41, for your long and trustworthy service</title>
                <link>http://people.skolelinux.org/pere/blog/Thank_you_Thinkpad_X41__for_your_long_and_trustworthy_service.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Thank_you_Thinkpad_X41__for_your_long_and_trustworthy_service.html</guid>
                <pubDate>Sat, 19 Jan 2013 09:20:00 +0100</pubDate>
                <description>&lt;p&gt;This Christmas my trusty old laptop died.  It died quietly and
suddenly in bed.  With a quiet whimper, it went completely quiet and
black.  The power button was no longer able to turn it on.  It was a
IBM Thinkpad X41, and the best laptop I ever had.  Better than both
Thinkpads X30, X31, X40, X60, X61 and X61S.  Far better than the
Compaq I had before that.  Now I need to find a replacement.  To keep
going during Christmas, I moved the one year old SSD disk to my old
X40 where it fitted (only one I had left that could use it), but it is
not a durable solution.

&lt;p&gt;My laptop needs are fairly modest.  This is my wishlist from when I
got a new one more than 10 years ago.  It still holds true.:)&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;Lightweight (around 1 kg) and small volume (preferably smaller
  than A4).&lt;/li&gt;
&lt;li&gt;Robust, it will be in my backpack every day.&lt;/li&gt;
&lt;li&gt;Three button mouse and a mouse pin instead of touch pad.&lt;/li&gt;
&lt;li&gt;Long battery life time.  Preferable a week.&lt;/li&gt;
&lt;li&gt;Internal WIFI network card.&lt;/li&gt;
&lt;li&gt;Internal Twisted Pair network card.&lt;/li&gt;
&lt;li&gt;Some USB slots (2-3 is plenty)&lt;/li&gt;
&lt;li&gt;Good keyboard - similar to the Thinkpad.&lt;/li&gt;
&lt;li&gt;Video resolution at least 1024x768, with size around 12&quot; (A4 paper
size).&lt;/li&gt;
&lt;li&gt;Hardware supported by Debian Stable, ie the default kernel and
  X.org packages.&lt;/li&gt;
&lt;li&gt;Quiet, preferably fan free (or at least not using the fan most of
  the time).

&lt;/ul&gt;

&lt;p&gt;You will notice that there are no RAM and CPU requirements in the
list.  The reason is simply that the specifications on laptops the
last 10-15 years have been sufficient for my needs, and I have to look
at other features to choose my laptop.  But are there still made as
robust laptops as my X41?  The Thinkpad X60/X61 proved to be less
robust, and Thinkpads seem to be heading in the wrong direction since
Lenovo took over.  But I&#39;ve been told that X220 and X1 Carbon might
still be useful.&lt;/p&gt;

&lt;p&gt;Perhaps I should rethink my needs, and look for a pad with an
external keyboard?  I&#39;ll have to check the
&lt;a href=&quot;http://www.linux-laptop.net/&quot;&gt;Linux Laptops site&lt;/a&gt; for
well-supported laptops, or perhaps just buy one preinstalled from one
of the vendors listed on the &lt;a href=&quot;http://linuxpreloaded.com/&quot;&gt;Linux
Pre-loaded site&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to find a browser plugin supporting a given MIME type</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_find_a_browser_plugin_supporting_a_given_MIME_type.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_find_a_browser_plugin_supporting_a_given_MIME_type.html</guid>
                <pubDate>Fri, 18 Jan 2013 10:40:00 +0100</pubDate>
                <description>&lt;p&gt;Some times I try to figure out which Iceweasel browser plugin to
install to get support for a given MIME type.  Thanks to
&lt;a href=&quot;https://wiki.ubuntu.com/MozillaTeam/Plugins&quot;&gt;specifications
done by Ubuntu&lt;/a&gt; and Mozilla, it is possible to do this in Debian.
Unfortunately, not very many packages provide the needed meta
information, Anyway, here is a small script to look up all browser
plugin packages announcing ther MIME support using this specification:&lt;/p&gt;

&lt;pre&gt;
#!/usr/bin/python
import sys
import apt
def pkgs_handling_mimetype(mimetype):
    cache = apt.Cache()
    cache.open(None)
    thepkgs = []
    for pkg in cache:
        version = pkg.candidate
        if version is None:
            version = pkg.installed
        if version is None:
            continue
        record = version.record
        if not record.has_key(&#39;Npp-MimeType&#39;):
            continue
        mime_types = record[&#39;Npp-MimeType&#39;].split(&#39;,&#39;)
        for t in mime_types:
            t = t.rstrip().strip()
            if t == mimetype:
                thepkgs.append(pkg.name)
    return thepkgs
mimetype = &quot;audio/ogg&quot;
if 1 &lt; len(sys.argv):
    mimetype = sys.argv[1]
print &quot;Browser plugin packages supporting %s:&quot; % mimetype
for pkg in pkgs_handling_mimetype(mimetype):
    print &quot;  %s&quot; %pkg
&lt;/pre&gt;

&lt;p&gt;It can be used like this to look up a given MIME type:&lt;/p&gt;

&lt;pre&gt;
% ./apt-find-browserplug-for-mimetype 
Browser plugin packages supporting audio/ogg:
  gecko-mediaplayer
% ./apt-find-browserplug-for-mimetype application/x-shockwave-flash
Browser plugin packages supporting application/x-shockwave-flash:
  browser-plugin-gnash
%
&lt;/pre&gt;

&lt;p&gt;In Ubuntu this mechanism is combined with support in the browser
itself to query for plugins and propose to install the needed
packages.  It would be great if Debian supported such feature too.  Is
anyone working on adding it?&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2013-01-18 14:20&lt;/strong&gt;: The Debian BTS
request for icweasel support for this feature is
&lt;a href=&quot;http://bugs.debian.org/484010&quot;&gt;#484010&lt;/a&gt; from 2008 (and
&lt;a href=&quot;http://bugs.debian.org/698426&quot;&gt;#698426&lt;/a&gt; from today).  Lack
of manpower and wish for a different design is the reason thus feature
is not yet in iceweasel from Debian.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>What is the most supported MIME type in Debian?</title>
                <link>http://people.skolelinux.org/pere/blog/What_is_the_most_supported_MIME_type_in_Debian_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/What_is_the_most_supported_MIME_type_in_Debian_.html</guid>
                <pubDate>Wed, 16 Jan 2013 10:10:00 +0100</pubDate>
                <description>&lt;p&gt;The &lt;a href=&quot;http://wiki.debian.org/AppStreamDebianProposal&quot;&gt;DEP-11
proposal to add AppStream information to the Debian archive&lt;/a&gt;, is a
proposal to make it possible for a Desktop application to propose to
the user some package to install to gain support for a given MIME
type, font, library etc. that is currently missing.  With such
mechanism in place, it would be possible for the desktop to
automatically propose and install leocad if some LDraw file is
downloaded by the browser.&lt;/p&gt;

&lt;p&gt;To get some idea about the current content of the archive, I decided
to write a simple program to extract all .desktop files from the
Debian archive and look up the claimed MIME support there.  The result
can be found on the
&lt;a href=&quot;http://ftp.skolelinux.org/pub/AppStreamTest&quot;&gt;Skolelinux FTP
site&lt;/a&gt;.  Using the collected information, it become possible to
answer the question in the title.  Here are the 20 most supported MIME
types in Debian stable (Squeeze), testing (Wheezy) and unstable (Sid).
The complete list is available from the link above.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Debian Stable:&lt;/strong&gt;&lt;/p&gt;

&lt;pre&gt;
  count MIME type
  ----- -----------------------
     32 text/plain
     30 audio/mpeg
     29 image/png
     28 image/jpeg
     27 application/ogg
     26 audio/x-mp3
     25 image/tiff
     25 image/gif
     22 image/bmp
     22 audio/x-wav
     20 audio/x-flac
     19 audio/x-mpegurl
     18 video/x-ms-asf
     18 audio/x-musepack
     18 audio/x-mpeg
     18 application/x-ogg
     17 video/mpeg
     17 audio/x-scpls
     17 audio/ogg
     16 video/x-ms-wmv
&lt;/pre&gt;

&lt;p&gt;&lt;strong&gt;Debian Testing:&lt;/strong&gt;&lt;/p&gt;

&lt;pre&gt;
  count MIME type
  ----- -----------------------
     33 text/plain
     32 image/png
     32 image/jpeg
     29 audio/mpeg
     27 image/gif
     26 image/tiff
     26 application/ogg
     25 audio/x-mp3
     22 image/bmp
     21 audio/x-wav
     19 audio/x-mpegurl
     19 audio/x-mpeg
     18 video/mpeg
     18 audio/x-scpls
     18 audio/x-flac
     18 application/x-ogg
     17 video/x-ms-asf
     17 text/html
     17 audio/x-musepack
     16 image/x-xbitmap
&lt;/pre&gt;

&lt;p&gt;&lt;strong&gt;Debian Unstable:&lt;/strong&gt;&lt;/p&gt;

&lt;pre&gt;
  count MIME type
  ----- -----------------------
     31 text/plain
     31 image/png
     31 image/jpeg
     29 audio/mpeg
     28 application/ogg
     27 image/gif
     26 image/tiff
     26 audio/x-mp3
     23 audio/x-wav
     22 image/bmp
     21 audio/x-flac
     20 audio/x-mpegurl
     19 audio/x-mpeg
     18 video/x-ms-asf
     18 video/mpeg
     18 audio/x-scpls
     18 application/x-ogg
     17 audio/x-musepack
     16 video/x-ms-wmv
     16 video/x-msvideo
&lt;/pre&gt;

&lt;p&gt;I am told that PackageKit can provide an API to access the kind of
information mentioned in DEP-11.  I have not yet had time to look at
it, but hope the PackageKit people in Debian are on top of these
issues.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2013-01-16 13:35&lt;/strong&gt;: Updated numbers after
discovering a typo in my script.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Using modalias info to find packages handling my hardware</title>
                <link>http://people.skolelinux.org/pere/blog/Using_modalias_info_to_find_packages_handling_my_hardware.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Using_modalias_info_to_find_packages_handling_my_hardware.html</guid>
                <pubDate>Tue, 15 Jan 2013 08:00:00 +0100</pubDate>
                <description>&lt;p&gt;Yesterday, I wrote about the
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Modalias_strings___a_practical_way_to_map__stuff__to_hardware.html&quot;&gt;modalias
values provided by the Linux kernel&lt;/a&gt; following my hope for
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Lets_make_hardware_dongles_easier_to_use_in_Debian.html&quot;&gt;better
dongle support in Debian&lt;/a&gt;.  Using this knowledge, I have tested how
modalias values attached to package names can be used to map packages
to hardware.  This allow the system to look up and suggest relevant
packages when I plug in some new hardware into my machine, and replace
discover and discover-data as the database used to map hardware to
packages.&lt;/p&gt;

&lt;p&gt;I create a modaliases file with entries like the following,
containing package name, kernel module name (if relevant, otherwise
the package name) and globs matching the relevant hardware
modalias.&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
Package: package-name
&lt;br&gt;Modaliases: module(modaliasglob, modaliasglob, modaliasglob)&lt;/p&gt;
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;It is fairly trivial to write code to find the relevant packages
for a given modalias value using this file.&lt;/p&gt;

&lt;p&gt;An entry like this would suggest the video and picture application
cheese for many USB web cameras (interface bus class 0E01):&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
Package: cheese
&lt;br&gt;Modaliases: cheese(usb:v*p*d*dc*dsc*dp*ic0Eisc01ip*)&lt;/p&gt;
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;An entry like this would suggest the pcmciautils package when a
CardBus bridge (bus class 0607) PCI device is present:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
Package: pcmciautils
&lt;br&gt;Modaliases: pcmciautils(pci:v*d*sv*sd*bc06sc07i*)
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;An entry like this would suggest the package colorhug-client when
plugging in a ColorHug with USB IDs 04D8:F8DA:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
Package: colorhug-client
&lt;br&gt;Modaliases: colorhug-client(usb:v04D8pF8DAd*)&lt;/p&gt;
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;I believe the format is compatible with the format of the Packages
file in the Debian archive.  Ubuntu already uses their Packages file
to store their mappings from packages to hardware.&lt;/p&gt;

&lt;p&gt;By adding a XB-Modaliases: header in debian/control, any .deb can
announce the hardware it support in a way my prototype understand.
This allow those publishing packages in an APT source outside the
Debian archive as well as those backporting packages to make sure the
hardware mapping are included in the package meta information.  I&#39;ve
tested such header in the pymissile package, and its modalias mapping
is working as it should with my prototype.  It even made it to Ubuntu
Raring.&lt;/p&gt;

&lt;p&gt;To test if it was possible to look up supported hardware using only
the shell tools available in the Debian installer, I wrote a shell
implementation of the lookup code.  The idea is to create files for
each modalias and let the shell do the matching.  Please check out and
try the
&lt;a href=&quot;http://anonscm.debian.org/viewvc/debian-edu/trunk/src/hw-support-handler/hw-support-lookup?view=co&quot;&gt;hw-support-lookup&lt;/a&gt;
shell script.  It run without any extra dependencies and fetch the
hardware mappings from the Debian archive and the subversion
repository where I currently work on my prototype.&lt;/p&gt;

&lt;p&gt;When I use it on a machine with a yubikey inserted, it suggest to
install yubikey-personalization:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
% ./hw-support-lookup
&lt;br&gt;yubikey-personalization
&lt;br&gt;%
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;When I run it on my Thinkpad X40 with a PCMCIA/CardBus slot, it
propose to install the pcmciautils package:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
% ./hw-support-lookup 
&lt;br&gt;pcmciautils
&lt;br&gt;%
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;If you know of any hardware-package mapping that should be added to
&lt;a href=&quot;http://anonscm.debian.org/viewvc/debian-edu/trunk/src/hw-support-handler/modaliases?view=co&quot;&gt;my
database&lt;/a&gt;, please tell me about it.&lt;/p&gt;

&lt;p&gt;It could be possible to generate several of the mappings between
packages and hardware.  One source would be to look at packages with
kernel modules, ie packages with *.ko files in /lib/modules/, and
extract their modalias information.  Another would be to look at
packages with udev rules, ie packages with files in
/lib/udev/rules.d/, and extract their vendor/model information to
generate a modalias matching rule.  I have not tested any of these to
see if it work.&lt;/p&gt;

&lt;p&gt;If you want to help implementing a system to let us propose what
packages to install when new hardware is plugged into a Debian
machine, please send me an email or talk to me on
&lt;a href=&quot;irc://irc.debian.org/%23debian-devel&quot;&gt;#debian-devel&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Modalias strings - a practical way to map &quot;stuff&quot; to hardware</title>
                <link>http://people.skolelinux.org/pere/blog/Modalias_strings___a_practical_way_to_map__stuff__to_hardware.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Modalias_strings___a_practical_way_to_map__stuff__to_hardware.html</guid>
                <pubDate>Mon, 14 Jan 2013 11:20:00 +0100</pubDate>
                <description>&lt;p&gt;While looking into how to look up Debian packages based on hardware
information, to find the packages that support a given piece of
hardware, I refreshed my memory regarding modalias values, and decided
to document the details.  Here are my findings so far, also available
in
&lt;a href=&quot;http://anonscm.debian.org/viewvc/debian-edu/trunk/src/hw-support-handler/&quot;&gt;the
Debian Edu subversion repository&lt;/a&gt;:

&lt;p&gt;&lt;strong&gt;Modalias decoded&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This document try to explain what the different types of modalias
values stands for.  It is in part based on information from
&amp;lt;URL: &lt;a href=&quot;https://wiki.archlinux.org/index.php/Modalias&quot;&gt;https://wiki.archlinux.org/index.php/Modalias&lt;/a&gt; &amp;gt;,
&amp;lt;URL: &lt;a href=&quot;http://unix.stackexchange.com/questions/26132/how-to-assign-usb-driver-to-device&quot;&gt;http://unix.stackexchange.com/questions/26132/how-to-assign-usb-driver-to-device&lt;/a&gt; &amp;gt;,
&amp;lt;URL: &lt;a href=&quot;http://code.metager.de/source/history/linux/stable/scripts/mod/file2alias.c&quot;&gt;http://code.metager.de/source/history/linux/stable/scripts/mod/file2alias.c&lt;/a&gt; &amp;gt; and
&amp;lt;URL: &lt;a href=&quot;http://cvs.savannah.gnu.org/viewvc/dmidecode/dmidecode.c?root=dmidecode&amp;view=markup&quot;&gt;http://cvs.savannah.gnu.org/viewvc/dmidecode/dmidecode.c?root=dmidecode&amp;view=markup&lt;/a&gt; &amp;gt;.

&lt;p&gt;The modalias entries for a given Linux machine can be found using
this shell script:&lt;/p&gt;

&lt;pre&gt;
find /sys -name modalias -print0 | xargs -0 cat | sort -u
&lt;/pre&gt;

&lt;p&gt;The supported modalias globs for a given kernel module can be found
using modinfo:&lt;/p&gt;

&lt;pre&gt;
% /sbin/modinfo psmouse | grep alias:
alias:          serio:ty05pr*id*ex*
alias:          serio:ty01pr*id*ex*
%
&lt;/pre&gt;

&lt;p&gt;&lt;strong&gt;PCI subtype&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;A typical PCI entry can look like this.  This is an Intel Host
Bridge memory controller:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
pci:v00008086d00002770sv00001028sd000001ADbc06sc00i00
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;This represent these values:&lt;/p&gt;

&lt;pre&gt;
 v   00008086  (vendor)
 d   00002770  (device)
 sv  00001028  (subvendor)
 sd  000001AD  (subdevice)
 bc  06        (bus class)
 sc  00        (bus subclass)
 i   00        (interface)
&lt;/pre&gt;

&lt;p&gt;The vendor/device values are the same values outputted from &#39;lspci
-n&#39; as 8086:2770.  The bus class/subclass is also shown by lspci as
0600.  The 0600 class is a host bridge.  Other useful bus values are
0300 (VGA compatible card) and 0200 (Ethernet controller).&lt;/p&gt;

&lt;p&gt;Not sure how to figure out the interface value, nor what it
means.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;USB subtype&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Some typical USB entries can look like this.  This is an internal
USB hub in a laptop:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
usb:v1D6Bp0001d0206dc09dsc00dp00ic09isc00ip00
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Here is the values included in this alias:&lt;/p&gt;

&lt;pre&gt;
 v    1D6B  (device vendor)
 p    0001  (device product)
 d    0206  (bcddevice)
 dc     09  (device class)
 dsc    00  (device subclass)
 dp     00  (device protocol)
 ic     09  (interface class)
 isc    00  (interface subclass)
 ip     00  (interface protocol)
&lt;/pre&gt;

&lt;p&gt;The 0900 device class/subclass means hub.  Some times the relevant
class is in the interface class section.  For a simple USB web camera,
these alias entries show up:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
usb:v0AC8p3420d5000dcEFdsc02dp01ic01isc01ip00
&lt;br&gt;usb:v0AC8p3420d5000dcEFdsc02dp01ic01isc02ip00
&lt;br&gt;usb:v0AC8p3420d5000dcEFdsc02dp01ic0Eisc01ip00
&lt;br&gt;usb:v0AC8p3420d5000dcEFdsc02dp01ic0Eisc02ip00
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;Interface class 0E01 is video control, 0E02 is video streaming (aka
camera), 0101 is audio control device and 0102 is audio streaming (aka
microphone).  Thus this is a camera with microphone included.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;ACPI subtype&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The ACPI type is used for several non-PCI/USB stuff.  This is an IR
receiver in a Thinkpad X40:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
acpi:IBM0071:PNP0511:
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The values between the colons are IDs.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;DMI subtype&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The DMI table contain lots of information about the computer case
and model.  This is an entry for a IBM Thinkpad X40, fetched from
/sys/devices/virtual/dmi/id/modalias:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
dmi:bvnIBM:bvr1UETB6WW(1.66):bd06/15/2005:svnIBM:pn2371H4G:pvrThinkPadX40:rvnIBM:rn2371H4G:rvrNotAvailable:cvnIBM:ct10:cvrNotAvailable:
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The values present are&lt;/p&gt;

&lt;pre&gt;
 bvn  IBM            (BIOS vendor)
 bvr  1UETB6WW(1.66) (BIOS version)
 bd   06/15/2005     (BIOS date)
 svn  IBM            (system vendor)
 pn   2371H4G        (product name)
 pvr  ThinkPadX40    (product version)
 rvn  IBM            (board vendor)
 rn   2371H4G        (board name)
 rvr  NotAvailable   (board version)
 cvn  IBM            (chassis vendor)
 ct   10             (chassis type)
 cvr  NotAvailable   (chassis version)
&lt;/pre&gt;

&lt;p&gt;The chassis type 10 is Notebook.  Other interesting values can be
found in the dmidecode source:&lt;/p&gt;

&lt;pre&gt;
  3 Desktop
  4 Low Profile Desktop
  5 Pizza Box
  6 Mini Tower
  7 Tower
  8 Portable
  9 Laptop
 10 Notebook
 11 Hand Held
 12 Docking Station
 13 All In One
 14 Sub Notebook
 15 Space-saving
 16 Lunch Box
 17 Main Server Chassis
 18 Expansion Chassis
 19 Sub Chassis
 20 Bus Expansion Chassis
 21 Peripheral Chassis
 22 RAID Chassis
 23 Rack Mount Chassis
 24 Sealed-case PC
 25 Multi-system
 26 CompactPCI
 27 AdvancedTCA
 28 Blade
 29 Blade Enclosing
&lt;/pre&gt;

&lt;p&gt;The chassis type values are not always accurately set in the DMI
table.  For example my home server is a tower, but the DMI modalias
claim it is a desktop.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;SerIO subtype&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;This type is used for PS/2 mouse plugs.  One example is from my
test machine:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
serio:ty01pr00id00ex00
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;The values present are&lt;/p&gt;

&lt;pre&gt;
  ty  01  (type)
  pr  00  (prototype)
  id  00  (id)
  ex  00  (extra)
&lt;/pre&gt;

&lt;p&gt;This type is supported by the psmouse driver.  I am not sure what
the valid values are.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Other subtypes&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;There are heaps of other modalias subtypes according to
file2alias.c.  There is the rest of the list from that source: amba,
ap, bcma, ccw, css, eisa, hid, i2c, ieee1394, input, ipack, isapnp,
mdio, of, parisc, pcmcia, platform, scsi, sdio, spi, ssb, vio, virtio,
vmbus, x86cpu and zorro.  I did not spend time documenting all of
these, as they do not seem relevant for my intended use with mapping
hardware to packages when new stuff is inserted during run time.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Looking up kernel modules using modalias values&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;To check which kernel modules provide support for a given modalias,
one can use the following shell script:&lt;/p&gt;

&lt;pre&gt;
  for id in $(find /sys -name modalias -print0 | xargs -0 cat | sort -u); do \
    echo &quot;$id&quot; ; \
    /sbin/modprobe --show-depends &quot;$id&quot;|sed &#39;s/^/  /&#39; ; \
  done
&lt;/pre&gt;

&lt;p&gt;The output can look like this (only the first few entries as the
list is very long on my test machine):&lt;/p&gt;

&lt;pre&gt;
  acpi:ACPI0003:
    insmod /lib/modules/2.6.32-5-686/kernel/drivers/acpi/ac.ko 
  acpi:device:
  FATAL: Module acpi:device: not found.
  acpi:IBM0068:
    insmod /lib/modules/2.6.32-5-686/kernel/drivers/char/nvram.ko 
    insmod /lib/modules/2.6.32-5-686/kernel/drivers/leds/led-class.ko 
    insmod /lib/modules/2.6.32-5-686/kernel/net/rfkill/rfkill.ko 
    insmod /lib/modules/2.6.32-5-686/kernel/drivers/platform/x86/thinkpad_acpi.ko 
  acpi:IBM0071:PNP0511:
    insmod /lib/modules/2.6.32-5-686/kernel/lib/crc-ccitt.ko 
    insmod /lib/modules/2.6.32-5-686/kernel/net/irda/irda.ko 
    insmod /lib/modules/2.6.32-5-686/kernel/drivers/net/irda/nsc-ircc.ko 
  [...]
&lt;/pre&gt;

&lt;p&gt;If you want to help implementing a system to let us propose what
packages to install when new hardware is plugged into a Debian
machine, please send me an email or talk to me on
&lt;a href=&quot;irc://irc.debian.org/%23debian-devel&quot;&gt;#debian-devel&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Update 2013-01-15:&lt;/strong&gt; Rewrite &quot;cat $(find ...)&quot; to
&quot;find ... -print0 | xargs -0 cat&quot; to make sure it handle directories
in /sys/ with space in them.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Moved the pymissile Debian packaging to collab-maint</title>
                <link>http://people.skolelinux.org/pere/blog/Moved_the_pymissile_Debian_packaging_to_collab_maint.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Moved_the_pymissile_Debian_packaging_to_collab_maint.html</guid>
                <pubDate>Thu, 10 Jan 2013 20:40:00 +0100</pubDate>
                <description>&lt;p&gt;As part of my investigation on how to improve the support in Debian
for hardware dongles, I dug up my old Mark and Spencer USB Rocket
Launcher and updated the Debian package
&lt;a href=&quot;http://packages.qa.debian.org/pymissile&quot;&gt;pymissile&lt;/a&gt; to make
sure udev will fix the device permissions when it is plugged in.  I
also added a &quot;Modaliases&quot; header to test it in the Debian archive and
hopefully make the package be proposed by jockey in Ubuntu when a user
plug in his rocket launcher.  In the process I moved the source to a
git repository under collab-maint, to make it easier for any DD to
contribute.  &lt;a href=&quot;http://code.google.com/p/pymissile/&quot;&gt;Upstream&lt;/a&gt;
is not very active, but the software still work for me even after five
years of relative silence.  The new git repository is not listed in
the uploaded package yet, because I want to test the other changes a
bit more before I upload the new version.  If you want to check out
the new version with a .desktop file included, visit the
&lt;a href=&quot;http://anonscm.debian.org/gitweb/?p=collab-maint/pymissile.git&quot;&gt;gitweb
view&lt;/a&gt; or use &quot;&lt;tt&gt;git clone
git://anonscm.debian.org/collab-maint/pymissile.git&lt;/tt&gt;&quot;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Lets make hardware dongles easier to use in Debian</title>
                <link>http://people.skolelinux.org/pere/blog/Lets_make_hardware_dongles_easier_to_use_in_Debian.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lets_make_hardware_dongles_easier_to_use_in_Debian.html</guid>
                <pubDate>Wed, 9 Jan 2013 15:40:00 +0100</pubDate>
                <description>&lt;p&gt;One thing that annoys me with Debian and Linux distributions in
general, is that there is a great package management system with the
ability to automatically install software packages by downloading them
from the distribution mirrors, but no way to get it to automatically
install the packages I need to use the hardware I plug into my
machine.  Even if the package to use it is easily available from the
Linux distribution.  When I plug in a LEGO Mindstorms NXT, it could
suggest to automatically install the python-nxt, nbc and t2n packages
I need to talk to it.  When I plug in a Yubikey, it could propose the
yubikey-personalization package.  The information required to do this
is available, but no-one have pulled all the pieces together.&lt;/p&gt;

&lt;p&gt;Some years ago, I proposed to
&lt;a href=&quot;http://lists.debian.org/debian-devel/2010/05/msg01206.html&quot;&gt;use
the discover subsystem to implement this&lt;/a&gt;.  The idea is fairly
simple:

&lt;ul&gt;

&lt;li&gt;Add a desktop entry in /usr/share/autostart/ pointing to a program
  starting when a user log in.&lt;/li&gt;

&lt;li&gt;Set this program up to listen for kernel events emitted when new
  hardware is inserted into the computer.&lt;/li&gt;

&lt;li&gt;When new hardware is inserted, look up the hardware ID in a
  database mapping to packages, and take note of any non-installed
  packages.&lt;/li&gt;

&lt;li&gt;Show a message to the user proposing to install the discovered
  package, and make it easy to install it.&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;I am not sure what the best way to implement this is, but my
initial idea was to use dbus events to discover new hardware, the
discover database to find packages and
&lt;a href=&quot;http://www.packagekit.org/&quot;&gt;PackageKit&lt;/a&gt; to install
packages.&lt;/p&gt;

&lt;p&gt;Yesterday, I found time to try to implement this idea, and the
draft package is now checked into
&lt;a href=&quot;http://anonscm.debian.org/viewvc/debian-edu/trunk/src/hw-support-handler/&quot;&gt;the
Debian Edu subversion repository&lt;/a&gt;.  In the process, I updated the
&lt;a href=&quot;http://packages.qa.debian.org/d/discover-data.html&quot;&gt;discover-data&lt;/a&gt;
package to map the USB ids of LEGO Mindstorms and Yubikey devices to
the relevant packages in Debian, and uploaded a new version
2.2013.01.09 to unstable.  I also discovered that the current 
&lt;a href=&quot;http://packages.qa.debian.org/d/discover.html&quot;&gt;discover&lt;/a&gt;
package in Debian no longer discovered any USB devices, because
/proc/bus/usb/devices is no longer present.  I ported it to use
libusb as a fall back option to get it working.  The fixed package
version 2.1.2-6 is now in experimental (didn&#39;t upload it to unstable
because of the freeze).&lt;/p&gt;

&lt;p&gt;With this prototype in place, I can insert my Yubikey, and get this
desktop notification to show up (only once, the first time it is
inserted):&lt;/p&gt;

&lt;p align=&quot;center&quot;&gt;&lt;img src=&quot;http://people.skolelinux.org/pere/blog/images/2013-01-09-hw-autoinstall.png&quot;&gt;&lt;/p&gt;

&lt;p&gt;For this prototype to be really useful, some way to automatically
install the proposed packages by pressing the &quot;Please install
program(s)&quot; button should to be implemented.&lt;/p&gt;

&lt;p&gt;If this idea seem useful to you, and you want to help make it
happen, please help me update the discover-data database with mappings
from hardware to Debian packages.  Check if &#39;discover-pkginstall -l&#39;
list the package you would like to have installed when a given
hardware device is inserted into your computer, and report bugs using
reportbug if it isn&#39;t.  Or, if you know of a better way to provide
such mapping, please let me know.&lt;/p&gt;

&lt;p&gt;This prototype need more work, and there are several questions that
should be considered before it is ready for production use.  Is dbus
the correct way to detect new hardware?  At the moment I look for HAL
dbus events on the system bus, because that is the events I could see
on my Debian Squeeze KDE desktop.  Are there better events to use?
How should the user be notified?  Is the desktop notification
mechanism the best option, or should the background daemon raise a
popup instead?  How should packages be installed?  When should they
not be installed?&lt;/p&gt;

&lt;p&gt;If you want to help getting such feature implemented in Debian,
please send me an email. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>New IRC channel for LEGO designers using Debian</title>
                <link>http://people.skolelinux.org/pere/blog/New_IRC_channel_for_LEGO_designers_using_Debian.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/New_IRC_channel_for_LEGO_designers_using_Debian.html</guid>
                <pubDate>Wed, 2 Jan 2013 15:40:00 +0100</pubDate>
                <description>&lt;p&gt;During Christmas, I have worked a bit on the Debian support for
&lt;a href=&quot;http://mindstorms.lego.com/en-us/Default.aspx&quot;&gt;LEGO Mindstorm
NXT&lt;/a&gt;.  My son and I have played a bit with my NXT set, and I
discovered I had to build all the tools myself because none were
already in Debian Squeeze.  If Debian support for LEGO is something
you care about, please join me on the IRC channel
&lt;a href=&quot;irc://irc.debian.org/%23debian-lego&quot;&gt;#debian-lego&lt;/a&gt; (server
irc.debian.org).  There is a lot that could be done to improve the
Debian support for LEGO designers.  For example both CAD software
and Mindstorm compilers are missing. :)&lt;/p&gt;

&lt;p&gt;Update 2012-01-03: A
&lt;a href=&quot;http://wiki.debian.org/LegoDesigners&quot;&gt;project page&lt;/a&gt;
including links to Lego related packages is now available.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to backport bitcoin-qt version 0.7.2-2 to Debian Squeeze</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_backport_bitcoin_qt_version_0_7_2_2_to_Debian_Squeeze.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_backport_bitcoin_qt_version_0_7_2_2_to_Debian_Squeeze.html</guid>
                <pubDate>Tue, 25 Dec 2012 20:50:00 +0100</pubDate>
                <description>&lt;p&gt;Let me start by wishing you all marry Christmas and a happy new
year!  I hope next year will prove to be a good year.&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://www.bitcoin.org/&quot;&gt;Bitcoin&lt;/a&gt;, the digital
decentralised &quot;currency&quot; that allow people to transfer bitcoins
between each other with minimal overhead, is a very interesting
experiment.  And as I wrote a few days ago, the bitcoin situation in
&lt;a href=&quot;http://www.debian.org/&quot;&gt;Debian&lt;/a&gt; is about to improve a bit.
The &lt;a href=&quot;http://packages.qa.debian.org/bitcoin&quot;&gt;new debian source
package&lt;/a&gt; (version 0.7.2-2) was uploaded yesterday, and is waiting
in &lt;a href=&quot;http://ftp-master.debian.org/new.html&quot;&gt;the NEW queue&lt;/A&gt;
for one of the ftpmasters to approve the new bitcoin-qt package
name.&lt;/p&gt;

&lt;p&gt;And thanks to the great work of Jonas and the rest of the bitcoin
team in Debian, you can easily test the package in Debian Squeeze
using the following steps to get a set of working packages:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
git clone git://git.debian.org/git/collab-maint/bitcoin
cd bitcoin
DEB_MAINTAINER_MODE=1 DEB_BUILD_OPTIONS=noupnp fakeroot debian/rules clean
DEB_BUILD_OPTIONS=noupnp git-buildpackage --git-ignore-new
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;You might have to install some build dependencies as well.  The
list of commands should give you two packages, bitcoind and
bitcoin-qt, ready for use in a Squeeze environment.  Note that the
client will download the complete set of bitcoin &quot;blocks&quot;, which need
around 5.6 GiB of data on my machine at the moment.  Make sure your
~/.bitcoin/ directory have lots of spare room if you want to download
all the blocks.  The client will warn if the disk is getting full, so
there is not really a problem if you got too little room, but you will
not be able to get all the features out of the client.&lt;/p&gt;

&lt;p&gt;As usual, if you use bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>A word on bitcoin support in Debian</title>
                <link>http://people.skolelinux.org/pere/blog/A_word_on_bitcoin_support_in_Debian.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_word_on_bitcoin_support_in_Debian.html</guid>
                <pubDate>Fri, 21 Dec 2012 23:59:00 +0100</pubDate>
                <description>&lt;p&gt;It has been a while since I wrote about
&lt;a href=&quot;http://www.bitcoin.org/&quot;&gt;bitcoin&lt;/a&gt;, the decentralised
peer-to-peer based crypto-currency, and the reason is simply that I
have been busy elsewhere.  But two days ago, I started looking at the
state of &lt;a href=&quot;http://packages.qa.debian.org/bitcoin&quot;&gt;bitcoin in
Debian&lt;/a&gt; again to try to recover my old bitcoin wallet.  The package
is now maintained by a
&lt;a href=&quot;https://alioth.debian.org/projects/pkg-bitcoin/&quot;&gt;team of
people&lt;/a&gt;, and the grunt work had already been done by this team.  We
owe a huge thank you to all these team members. :)
But I was sad to discover that the bitcoin client is missing in
Wheezy.  It is only available in Sid (and an outdated client from
backports).  The client had several RC bugs registered in BTS blocking
it from entering testing.  To try to help the team and improve the
situation, I spent some time providing patches and triaging the bug
reports.  I also had a look at the bitcoin package available from Matt
Corallo in a
&lt;a href=&quot;https://launchpad.net/~bitcoin/+archive/bitcoin&quot;&gt;PPA for
Ubuntu&lt;/a&gt;, and moved the useful pieces from that version into the
Debian package.&lt;/p&gt;

&lt;p&gt;After checking with the main package maintainer Jonas Smedegaard on
IRC, I pushed several patches into the collab-maint git repository to
improve the package.  It now contains fixes for the RC issues (not from
me, but fixed by Scott Howard), build rules for a Qt GUI client
package, konqueror support for the bitcoin: URI and bash completion
setup.  As I work on Debian Squeeze, I also created
&lt;a href=&quot;http://lists.alioth.debian.org/pipermail/pkg-bitcoin-devel/Week-of-Mon-20121217/000041.html&quot;&gt;a
patch to backport&lt;/a&gt; the latest version.  Jonas is going to look at
it and try to integrate it into the git repository before uploading a
new version to unstable.

&lt;p&gt;I would very much like bitcoin to succeed, to get rid of the
centralized control currently exercised in the monetary system.  I
find it completely unacceptable that the USA government is collecting
transaction data for almost all international money transfers (most are done in USD and transaction logs shipped to the spooks), and
that the major credit card companies can block legal money
transactions to Wikileaks.  But for bitcoin to succeed, more people
need to use bitcoins, and more people need to accept bitcoins when
they sell products and services.  Improving the bitcoin support in
Debian is a small step in the right direction, but not enough.
Unfortunately the user experience when browsing the web and wanting to
pay with bitcoin is still not very good.  The bitcoin: URI is a step
in the right direction, but need to work in most or every browser in
use.  Also the bitcoin-qt client is too heavy to fire up to do a
quick transaction.  I believe there are other clients available, but
have not tested them.&lt;/p&gt;

&lt;p&gt;My
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Now_accepting_bitcoins___anonymous_and_distributed_p2p_crypto_money.html&quot;&gt;experiment
with bitcoins&lt;/a&gt; showed that at least some of my readers use bitcoin.
I received 20.15 BTC so far on the address I provided in my blog two
years ago, as can be
&lt;a href=&quot;http://blockexplorer.com/address/15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;seen
on the blockexplorer service&lt;/a&gt;.  Thank you everyone for your
donation.  The blockexplorer service demonstrates quite well that
bitcoin is not quite anonymous and untracked. :) I wonder if the
number of users have gone up since then.  If you use bitcoin and want
to show your support of my activity, please send Bitcoin donations to
the same address as last time,
&lt;b&gt;&lt;a href=&quot;bitcoin:15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&amp;label=PetterReinholdtsenBlog&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;&lt;/b&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Git repository for song book for Computer Scientists</title>
                <link>http://people.skolelinux.org/pere/blog/Git_repository_for_song_book_for_Computer_Scientists.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Git_repository_for_song_book_for_Computer_Scientists.html</guid>
                <pubDate>Fri, 7 Sep 2012 13:50:00 +0200</pubDate>
                <description>&lt;p&gt;As I
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Song_book_for_Computer_Scientists.html&quot;&gt;mentioned
this summer&lt;/a&gt;, I have created a Computer Science song book a few
years ago, and today I finally found time to create a public
&lt;a href=&quot;https://gitorious.org/pere-cs-songbook/pere-cs-songbook&quot;&gt;Gitorious
repository for the project&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;If you want to help out, please clone the source and submit patches
to the HTML version.  To generate the PDF and PostScript version,
please use prince XML, or let me know about a useful free software
processor capable of creating a good looking PDF from the HTML.&lt;/p&gt;

&lt;p&gt;Want to sing?  You can still find the song book in HTML, PDF and
PostScript formats at
&lt;a href=&quot;http://www.hungry.com/~pere/cs-songbook/&quot;&gt;Petter&#39;s Computer
Science Songbook&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Gratulerer med 19-årsdagen, Debian!</title>
                <link>http://people.skolelinux.org/pere/blog/Gratulerer_med_19__rsdagen__Debian_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Gratulerer_med_19__rsdagen__Debian_.html</guid>
                <pubDate>Thu, 16 Aug 2012 11:20:00 +0200</pubDate>
                <description>&lt;p&gt;I dag fyller
&lt;a href=&quot;http://www.debian.org/News/2012/20120813&quot;&gt;Debian-prosjektet 19
år&lt;/a&gt;.  Jeg har fulgt det de siste 12 årene, og er veldig glad for å kunne
si gratulerer med dagen, Debian!&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Song book for Computer Scientists</title>
                <link>http://people.skolelinux.org/pere/blog/Song_book_for_Computer_Scientists.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Song_book_for_Computer_Scientists.html</guid>
                <pubDate>Sun, 24 Jun 2012 13:30:00 +0200</pubDate>
                <description>&lt;p&gt;Many years ago, while studying Computer Science at the
&lt;a href=&quot;http://www.uit.no/&quot;&gt;University of Tromsø&lt;/a&gt;, I started
collecting computer related songs for use at parties.  The original
version was written in LaTeX, but a few years ago I got help from
Håkon W. Lie, one of the inventors of W3C CSS, to convert it to HTML
while keeping the ability to create a nice book in PDF format.  I have
not had time to maintain the book for a while now, and guess I should
put it up on some public version control repository where others can
help me extend and update the book.  If anyone is volunteering to help
me with this, send me an email.  Also let me know if there are songs
missing in my book.&lt;/p&gt;

&lt;p&gt;I have not mentioned the book on my blog so far, and it occured to
me today that I really should let all my readers share the joys of
singing out load about programming, computers and computer networks.
Especially now that &lt;a href=&quot;http://debconf12.debconf.org/&quot;&gt;Debconf
12&lt;/a&gt; is about to start (and I am not going).  Want to sing?  Check
out &lt;a href=&quot;http://www.hungry.com/~pere/cs-songbook/&quot;&gt;Petter&#39;s
Computer Science Songbook&lt;/a&gt;.
</description>
        </item>
        
        <item>
                <title>Automatically upgrading server firmware on Dell PowerEdge</title>
                <link>http://people.skolelinux.org/pere/blog/Automatically_upgrading_server_firmware_on_Dell_PowerEdge.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Automatically_upgrading_server_firmware_on_Dell_PowerEdge.html</guid>
                <pubDate>Mon, 21 Nov 2011 12:00:00 +0100</pubDate>
                <description>&lt;p&gt;At work we have heaps of servers.  I believe the total count is
around 1000 at the moment.  To be able to get help from the vendors
when something go wrong, we want to keep the firmware on the servers
up to date.  If the firmware isn&#39;t the latest and greatest, the
vendors typically refuse to start debugging any problems until the
firmware is upgraded.  So before every reboot, we want to upgrade the
firmware, and we would really like everyone handling servers at the
university to do this themselves when they plan to reboot a machine.
For that to happen we at the unix server admin group need to provide
the tools to do so.&lt;/p&gt;

&lt;p&gt;To make firmware upgrading easier, I am working on a script to
fetch and install the latest firmware for the servers we got.  Most of
our hardware are from Dell and HP, so I have focused on these servers
so far.  This blog post is about the Dell part.&lt;/P&gt;

&lt;p&gt;On the Dell FTP site I was lucky enough to find
&lt;a href=&quot;ftp://ftp.us.dell.com/catalog/Catalog.xml.gz&quot;&gt;an XML file&lt;/a&gt;
with firmware information for all 11th generation servers, listing
which firmware should be used on a given model and where on the FTP
site I can find it.  Using a simple perl XML parser I can then
download the shell scripts Dell provides to do firmware upgrades from
within Linux and reboot when all the firmware is primed and ready to
be activated on the first reboot.&lt;/p&gt;

&lt;p&gt;This is the Dell related fragment of the perl code I am working on.
Are there anyone working on similar tools for firmware upgrading all
servers at a site?  Please get in touch and lets share resources.&lt;/p&gt;

&lt;p&gt;&lt;pre&gt;
#!/usr/bin/perl
use strict;
use warnings;
use File::Temp qw(tempdir);
BEGIN {
    # Install needed RHEL packages if missing
    my %rhelmodules = (
        &#39;XML::Simple&#39; =&gt; &#39;perl-XML-Simple&#39;,
        );
    for my $module (keys %rhelmodules) {
        eval &quot;use $module;&quot;;
        if ($@) {
            my $pkg = $rhelmodules{$module};
            system(&quot;yum install -y $pkg&quot;);
            eval &quot;use $module;&quot;;
        }
    }
}
my $errorsto = &#39;pere@hungry.com&#39;;

upgrade_dell();

exit 0;

sub run_firmware_script {
    my ($opts, $script) = @_;
    unless ($script) {
        print STDERR &quot;fail: missing script name\n&quot;;
        exit 1
    }
    print STDERR &quot;Running $script\n\n&quot;;

    if (0 == system(&quot;sh $script $opts&quot;)) { # FIXME correct exit code handling
        print STDERR &quot;success: firmware script ran succcessfully\n&quot;;
    } else {
        print STDERR &quot;fail: firmware script returned error\n&quot;;
    }
}

sub run_firmware_scripts {
    my ($opts, @dirs) = @_;
    # Run firmware packages
    for my $dir (@dirs) {
        print STDERR &quot;info: Running scripts in $dir\n&quot;;
        opendir(my $dh, $dir) or die &quot;Unable to open directory $dir: $!&quot;;
        while (my $s = readdir $dh) {
            next if $s =~ m/^\.\.?/;
            run_firmware_script($opts, &quot;$dir/$s&quot;);
        }
        closedir $dh;
    }
}

sub download {
    my $url = shift;
    print STDERR &quot;info: Downloading $url\n&quot;;
    system(&quot;wget --quiet \&quot;$url\&quot;&quot;);
}

sub upgrade_dell {
    my @dirs;
    my $product = `dmidecode -s system-product-name`;
    chomp $product;

    if ($product =~ m/PowerEdge/) {

        # on RHEL, these pacakges are needed by the firwmare upgrade scripts
        system(&#39;yum install -y compat-libstdc++-33.i686 libstdc++.i686 libxml2.i686 procmail&#39;);

        my $tmpdir = tempdir(
            CLEANUP =&gt; 1
            );
        chdir($tmpdir);
        fetch_dell_fw(&#39;catalog/Catalog.xml.gz&#39;);
        system(&#39;gunzip Catalog.xml.gz&#39;);
        my @paths = fetch_dell_fw_list(&#39;Catalog.xml&#39;);
        # -q is quiet, disabling interactivity and reducing console output
        my $fwopts = &quot;-q&quot;;
        if (@paths) {
            for my $url (@paths) {
                fetch_dell_fw($url);
            }
            run_firmware_scripts($fwopts, $tmpdir);
        } else {
            print STDERR &quot;error: Unsupported Dell model &#39;$product&#39;.\n&quot;;
            print STDERR &quot;error: Please report to $errorsto.\n&quot;;
        }
        chdir(&#39;/&#39;);
    } else {
        print STDERR &quot;error: Unsupported Dell model &#39;$product&#39;.\n&quot;;
        print STDERR &quot;error: Please report to $errorsto.\n&quot;;
    }
}

sub fetch_dell_fw {
    my $path = shift;
    my $url = &quot;ftp://ftp.us.dell.com/$path&quot;;
    download($url);
}

# Using ftp://ftp.us.dell.com/catalog/Catalog.xml.gz, figure out which
# firmware packages to download from Dell.  Only work for Linux
# machines and 11th generation Dell servers.
sub fetch_dell_fw_list {
    my $filename = shift;

    my $product = `dmidecode -s system-product-name`;
    chomp $product;
    my ($mybrand, $mymodel) = split(/\s+/, $product);

    print STDERR &quot;Finding firmware bundles for $mybrand $mymodel\n&quot;;

    my $xml = XMLin($filename);
    my @paths;
    for my $bundle (@{$xml-&gt;{SoftwareBundle}}) {
        my $brand = $bundle-&gt;{TargetSystems}-&gt;{Brand}-&gt;{Display}-&gt;{content};
        my $model = $bundle-&gt;{TargetSystems}-&gt;{Brand}-&gt;{Model}-&gt;{Display}-&gt;{content};
        my $oscode;
        if (&quot;ARRAY&quot; eq ref $bundle-&gt;{TargetOSes}-&gt;{OperatingSystem}) {
            $oscode = $bundle-&gt;{TargetOSes}-&gt;{OperatingSystem}[0]-&gt;{osCode};
        } else {
            $oscode = $bundle-&gt;{TargetOSes}-&gt;{OperatingSystem}-&gt;{osCode};
        }
        if ($mybrand eq $brand &amp;&amp; $mymodel eq $model &amp;&amp; &quot;LIN&quot; eq $oscode)
        {
            @paths = map { $_-&gt;{path} } @{$bundle-&gt;{Contents}-&gt;{Package}};
        }
    }
    for my $component (@{$xml-&gt;{SoftwareComponent}}) {
        my $componenttype = $component-&gt;{ComponentType}-&gt;{value};

        # Drop application packages, only firmware and BIOS
        next if &#39;APAC&#39; eq $componenttype;

        my $cpath = $component-&gt;{path};
        for my $path (@paths) {
            if ($cpath =~ m%/$path$%) {
                push(@paths, $cpath);
            }
        }
    }
    return @paths;
}
&lt;/pre&gt;

&lt;p&gt;The code is only tested on RedHat Enterprise Linux, but I suspect
it could work on other platforms with some tweaking.  Anyone know a
index like Catalog.xml is available from HP for HP servers?  At the
moment I maintain a similar list manually and it is quickly getting
outdated.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How is booting into runlevel 1 different from single user boots?</title>
                <link>http://people.skolelinux.org/pere/blog/How_is_booting_into_runlevel_1_different_from_single_user_boots_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_is_booting_into_runlevel_1_different_from_single_user_boots_.html</guid>
                <pubDate>Thu, 4 Aug 2011 12:40:00 +0200</pubDate>
                <description>&lt;p&gt;Wouter Verhelst have some
&lt;a href=&quot;http://grep.be/blog/en/retorts/pere_kubuntu_boot&quot;&gt;interesting
comments and opinions&lt;/a&gt; on my blog post on
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/What_should_start_from__etc_rcS_d__in_Debian____almost_nothing.html&quot;&gt;the
need to clean up /etc/rcS.d/ in Debian&lt;/a&gt; and my blog post about
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/What_is_missing_in_the_Debian_desktop__or_why_my_parents_use_Kubuntu.html&quot;&gt;the
default KDE desktop in Debian&lt;/a&gt;.  I only have time to address one
small piece of his comment now, and though it best to address the
misunderstanding he bring forward:&lt;/p&gt;

&lt;p&gt;&lt;blockquote&gt;
Currently, a system admin has four options: [...] boot to a
single-user system (by adding &#39;single&#39; to the kernel command line;
this runs rcS and rc1 scripts)
&lt;/blockquote&gt;&lt;/p&gt;

&lt;p&gt;This make me believe Wouter believe booting into single user mode
and booting into runlevel 1 is the same.  I am not surprised he
believe this, because it would make sense and is a quite sensible
thing to believe.  But because the boot in Debian is slightly broken,
runlevel 1 do not work properly and it isn&#39;t the same as single user
mode.  I&#39;ll try to explain what is actually happing, but it is a bit
hard to explain.&lt;/p&gt;

&lt;p&gt;Single user mode is defined like this in /etc/inittab:
&quot;&lt;tt&gt;~~:S:wait:/sbin/sulogin&lt;/tt&gt;&quot;.  This means the only thing that is
executed in single user mode is sulogin.  Single user mode is a boot
state &quot;between&quot; the runlevels, and when booting into single user mode,
only the scripts in /etc/rcS.d/ are executed before the init process
enters the single user state.  When switching to runlevel 1, the state
is in fact not ending in runlevel 1, but it passes through runlevel 1
and end up in the single user mode (see /etc/rc1.d/S03single, which
runs &quot;init -t1 S&quot; to switch to single user mode at the end of runlevel
1.  It is confusing that the &#39;S&#39; (single user) init mode is not the
mode enabled by /etc/rcS.d/ (which is more like the initial boot
mode).&lt;/p&gt;

&lt;p&gt;This summary might make it clearer.  When booting for the first
time into single user mode, the following commands are executed:
&quot;&lt;tt&gt;/etc/init.d/rc S; /sbin/sulogin&lt;/tt&gt;&quot;.  When booting into
runlevel 1, the following commands are executed: &quot;&lt;tt&gt;/etc/init.d/rc
S; /etc/init.d/rc 1; /sbin/sulogin&lt;/tt&gt;&quot;.  A problem show up when
trying to continue after visiting single user mode.  Not all services
are started again as they should, causing the machine to end up in an
unpredicatble state.  This is why Debian admins recommend rebooting
after visiting single user mode.&lt;/p&gt;

&lt;p&gt;A similar problem with runlevel 1 is caused by the amount of
scripts executed from /etc/rcS.d/.  When switching from say runlevel 2
to runlevel 1, the services started from /etc/rcS.d/ are not properly
stopped when passing through the scripts in /etc/rc1.d/, and not
started again when switching away from runlevel 1 to the runlevels
2-5.  I believe the problem is best fixed by moving all the scripts
out of /etc/rcS.d/ that are not &lt;strong&gt;required&lt;/strong&gt; to get a
functioning single user mode during boot.&lt;/p&gt;

&lt;p&gt;I have spent several years investigating the Debian boot system,
and discovered this problem a few years ago.  I suspect it originates
from when sysvinit was introduced into Debian, a long time ago.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>What should start from /etc/rcS.d/ in Debian? - almost nothing</title>
                <link>http://people.skolelinux.org/pere/blog/What_should_start_from__etc_rcS_d__in_Debian____almost_nothing.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/What_should_start_from__etc_rcS_d__in_Debian____almost_nothing.html</guid>
                <pubDate>Sat, 30 Jul 2011 14:00:00 +0200</pubDate>
                <description>&lt;p&gt;In the Debian boot system, several packages include scripts that
are started from /etc/rcS.d/.  In fact, there is a bite more of them
than make sense, and this causes a few problems.  What kind of
problems, you might ask.  There are at least two problems.  The first
is that it is not possible to recover a machine after switching to
runlevel 1.  One need to actually reboot to get the machine back to
the expected state.  The other is that single user boot will sometimes
run into problems because some of the subsystems are activated before
the root login is presented, causing problems when trying to recover a
machine from a problem in that subsystem.  A minor additional point is
that moving more scripts out of rcS.d/ and into the other rc#.d/
directories will increase the amount of scripts that can run in
parallel during boot, and thus decrease the boot time.&lt;/p&gt;

&lt;p&gt;So, which scripts should start from rcS.d/.  In short, only the
scripts that _have_ to execute before the root login prompt is
presented during a single user boot should go there.  Everything else
should go into the numeric runlevels.  This means things like
lm-sensors, fuse and x11-common should not run from rcS.d, but from
the numeric runlevels.  Today in Debian, there are around 115 init.d
scripts that are started from rcS.d/, and most of them should be moved
out.  Do your package have one of them?  Please help us make single
user and runlevel 1 better by moving it.&lt;/p&gt;

&lt;p&gt;Scripts setting up the screen, keyboard, system partitions
etc. should still be started from rcS.d/, but there is for example no
need to have the network enabled before the single user login prompt
is presented.&lt;/p&gt;

&lt;p&gt;As always, things are not so easy to fix as they sound.  To keep
Debian systems working while scripts migrate and during upgrades, the
scripts need to be moved from rcS.d/ to rc2.d/ in reverse dependency
order, ie the scripts that nothing in rcS.d/ depend on can be moved,
and the next ones can only be moved when their dependencies have been
moved first.  This migration must be done sequentially while we ensure
that the package system upgrade packages in the right order to keep
the system state correct.  This will require some coordination when it
comes to network related packages, but most of the packages with
scripts that should migrate do not have anything in rcS.d/ depending
on them.  Some packages have already been updated, like the sudo
package, while others are still left to do.  I wish I had time to work
on this myself, but real live constrains make it unlikely that I will
find time to push this forward.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>What is missing in the Debian desktop, or why my parents use Kubuntu</title>
                <link>http://people.skolelinux.org/pere/blog/What_is_missing_in_the_Debian_desktop__or_why_my_parents_use_Kubuntu.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/What_is_missing_in_the_Debian_desktop__or_why_my_parents_use_Kubuntu.html</guid>
                <pubDate>Fri, 29 Jul 2011 08:10:00 +0200</pubDate>
                <description>&lt;p&gt;While at Debconf11, I have several times during discussions
mentioned the issues I believe should be improved in Debian for its
desktop to be useful for more people.  The use case for this is my
parents, which are currently running Kubuntu which solve the
issues.&lt;/p&gt;

&lt;p&gt;I suspect these four missing features are not very hard to
implement.  After all, they are present in Ubuntu, so if we wanted to
do this in Debian we would have a source.&lt;/p&gt;

&lt;ol&gt;

&lt;li&gt;&lt;strong&gt;Simple GUI based upgrade of packages.&lt;/strong&gt; When there
are new packages available for upgrades, a icon in the KDE status bar
indicate this, and clicking on it will activate the simple upgrade
tool to handle it.  I have no problem guiding both of my parents
through the process over the phone.  If a kernel reboot is required,
this too is indicated by the status bars and the upgrade tool.  Last
time I checked, nothing with the same features was working in KDE in
Debian.&lt;/li&gt;

&lt;li&gt;&lt;strong&gt;Simple handling of missing Firefox browser
plugins.&lt;/strong&gt; When the browser encounter a MIME type it do not
currently have a handler for, it will ask the user if the system
should search for a package that would add support for this MIME type,
and if the user say yes, the APT sources will be searched for packages
advertising the MIME type in their control file (visible in the
Packages file in the APT archive).  If one or more packages are found,
it is a simple click of the mouse to add support for the missing mime
type.  If the package require the user to accept some non-free
license, this is explained to the user.  The entire process make it
more clear to the user why something do not work in the browser, and
make the chances higher for the user to blame the web page authors and
not the browser for any missing features.&lt;/li&gt;

&lt;li&gt;&lt;strong&gt;Simple handling of missing multimedia codec/format
handlers.&lt;/strong&gt; When the media players encounter a format or codec
it is not supporting, a dialog pop up asking the user if the system
should search for a package that would add support for it.  This
happen with things like MP3, Windows Media or H.264.  The selection
and installation procedure is very similar to the Firefox browser
plugin handling.  This is as far as I know implemented using a
gstreamer hook.  The end result is that the user easily get access to
the codecs that are present from the APT archives available, while
explaining more on why a given format is unsupported by Ubuntu.&lt;/li&gt;

&lt;li&gt;&lt;strong&gt;Better browser handling of some MIME types.&lt;/strong&gt; When
displaying a text/plain file in my Debian browser, it will propose to
start emacs to show it.  If I remember correctly, when doing the same
in Kunbutu it show the file as a text file in the browser.  At least I
know Opera will show text files within the browser.  I much prefer the
latter behaviour.&lt;/li&gt;

&lt;/ol&gt; 

&lt;p&gt;There are other nice features as well, like the simplified suite
upgrader, but given that I am the one mostly doing the dist-upgrade,
it do not matter much.&lt;/p&gt;

&lt;p&gt;I really hope we could get these features in place for the next
Debian release.  It would require the coordinated effort of several
maintainers, but would make the end user experience a lot better.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Perl modules used by FixMyStreet which are missing in Debian/Squeeze</title>
                <link>http://people.skolelinux.org/pere/blog/Perl_modules_used_by_FixMyStreet_which_are_missing_in_Debian_Squeeze.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Perl_modules_used_by_FixMyStreet_which_are_missing_in_Debian_Squeeze.html</guid>
                <pubDate>Tue, 26 Jul 2011 12:25:00 +0200</pubDate>
                <description>&lt;p&gt;The Norwegian &lt;a href=&quot;http://www.fiksgatami.no/&quot;&gt;FiksGataMi&lt;/A&gt;
site is build on Debian/Squeeze, and this platform was chosen because
I am most familiar with Debian (being a Debian Developer for around 10
years) because it is the latest stable Debian release which should get
security support for a few years.&lt;/p&gt;

&lt;p&gt;The web service is written in Perl, and depend on some perl modules
that are missing in Debian at the moment.  It would be great if these
modules were added to the Debian archive, allowing anyone to set up
their own &lt;a href=&quot;http://www.fixmystreet.com&quot;&gt;FixMyStreet&lt;/a&gt; clone
in their own country using only Debian packages.  The list of modules
missing in Debian/Squeeze isn&#39;t very long, and I hope the perl group
will find time to package the 12 modules Catalyst::Plugin::SmartURI,
Catalyst::Plugin::Unicode::Encoding, Catalyst::View::TT, Devel::Hide,
Sort::Key, Statistics::Distributions, Template::Plugin::Comma,
Template::Plugin::DateTime::Format, Term::Size::Any, Term::Size::Perl,
URI::SmartURI and Web::Scraper to make the maintenance of FixMyStreet
easier in the future.&lt;/p&gt;

&lt;p&gt;Thanks to the great tools in Debian, getting the missing modules
installed on my server was a simple call to &#39;cpan2deb Module::Name&#39;
and &#39;dpkg -i&#39; to install the resulting package.  But this leave me
with the responsibility of tracking security problems, which I really
do not have time for.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>A Norwegian FixMyStreet have kept me busy the last few weeks</title>
                <link>http://people.skolelinux.org/pere/blog/A_Norwegian_FixMyStreet_have_kept_me_busy_the_last_few_weeks.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_Norwegian_FixMyStreet_have_kept_me_busy_the_last_few_weeks.html</guid>
                <pubDate>Sun, 3 Apr 2011 22:50:00 +0200</pubDate>
                <description>&lt;p&gt;Here is a small update for my English readers.  Most of my blog
posts have been in Norwegian the last few weeks, so here is a short
update in English.&lt;/p&gt;

&lt;p&gt;The kids still keep me too busy to get much free software work
done, but I did manage to organise a project to get a Norwegian port
of the British service
&lt;a href=&quot;http://www.fixmystreet.com/&quot;&gt;FixMyStreet&lt;/a&gt; up and running,
and it has been running for a month now.  The entire project has been
organised by me and two others.  Around Christmas we gathered sponsors
to fund the development work.  In January I drafted a contract with
&lt;a href=&quot;http://www.mysociety.org/&quot;&gt;mySociety&lt;/a&gt; on what to develop,
and in February the development took place.  Most of it involved
converting the source to use GPS coordinates instead of British
easting/northing, and the resulting code should be a lot easier to get
running in any country by now.  The Norwegian
&lt;a href=&quot;http://www.fiksgatami.no/&quot;&gt;FiksGataMi&lt;/a&gt; is using
&lt;a href=&quot;http://www.openstreetmap.org/&quot;&gt;OpenStreetmap&lt;/a&gt; as the map
source and the source for administrative borders in Norway, and
support for this had to be added/fixed.&lt;/p&gt;

&lt;p&gt;The Norwegian version went live March 3th, and we spent the weekend
polishing the system before we announced it March 7th.  The system is
running on a KVM instance of Debian/Squeeze, and has seen almost 3000
problem reports in a few weeks.  Soon we hope to announce the Android
and iPhone versions making it even easier to report problems with the
public infrastructure.&lt;/p&gt;

&lt;p&gt;Perhaps something to consider for those of you in countries without
such service?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Using NVD and CPE to track CVEs in locally maintained software</title>
                <link>http://people.skolelinux.org/pere/blog/Using_NVD_and_CPE_to_track_CVEs_in_locally_maintained_software.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Using_NVD_and_CPE_to_track_CVEs_in_locally_maintained_software.html</guid>
                <pubDate>Fri, 28 Jan 2011 15:40:00 +0100</pubDate>
                <description>&lt;p&gt;The last few days I have looked at ways to track open security
issues here at my work with the University of Oslo.  My idea is that
it should be possible to use the information about security issues
available on the Internet, and check our locally
maintained/distributed software against this information.  It should
allow us to verify that no known security issues are forgotten.  The
CVE database listing vulnerabilities seem like a great central point,
and by using the package lists from Debian mapped to CVEs provided by
the testing security team, I believed it should be possible to figure
out which security holes were present in our free software
collection.&lt;/p&gt;

&lt;p&gt;After reading up on the topic, it became obvious that the first
building block is to be able to name software packages in a unique and
consistent way across data sources.  I considered several ways to do
this, for example coming up with my own naming scheme like using URLs
to project home pages or URLs to the Freshmeat entries, or using some
existing naming scheme.  And it seem like I am not the first one to
come across this problem, as MITRE already proposed and implemented a
solution.  Enter the &lt;a href=&quot;http://cpe.mitre.org/index.html&quot;&gt;Common
Platform Enumeration&lt;/a&gt; dictionary, a vocabulary for referring to
software, hardware and other platform components.  The CPE ids are
mapped to CVEs in the &lt;a href=&quot;http://web.nvd.nist.gov/&quot;&gt;National
Vulnerability Database&lt;/a&gt;, allowing me to look up know security
issues for any CPE name.  With this in place, all I need to do is to
locate the CPE id for the software packages we use at the university.
This is fairly trivial (I google for &#39;cve cpe $package&#39; and check the
NVD entry if a CVE for the package exist).&lt;/p&gt;

&lt;p&gt;To give you an example.  The GNU gzip source package have the CPE
name cpe:/a:gnu:gzip.  If the old version 1.3.3 was the package to
check out, one could look up
&lt;a href=&quot;http://web.nvd.nist.gov/view/vuln/search?cpe=cpe%3A%2Fa%3Agnu%3Agzip:1.3.3&quot;&gt;cpe:/a:gnu:gzip:1.3.3
in NVD&lt;/a&gt; and get a list of 6 security holes with public CVE entries.
The most recent one is
&lt;a href=&quot;http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0001&quot;&gt;CVE-2010-0001&lt;/a&gt;,
and at the bottom of the NVD page for this vulnerability the complete
list of affected versions is provided.&lt;/p&gt;

&lt;p&gt;The NVD database of CVEs is also available as a XML dump, allowing
for offline processing of issues.  Using this dump, I&#39;ve written a
small script taking a list of CPEs as input and list all CVEs
affecting the packages represented by these CPEs.  One give it CPEs
with version numbers as specified above and get a list of open
security issues out.&lt;/p&gt;

&lt;p&gt;Of course for this approach to be useful, the quality of the NVD
information need to be high.  For that to happen, I believe as many as
possible need to use and contribute to the NVD database.  I notice
RHEL is providing
&lt;a href=&quot;https://www.redhat.com/security/data/metrics/rhsamapcpe.txt&quot;&gt;a
map from CVE to CPE&lt;/a&gt;, indicating that they are using the CPE
information.  I&#39;m not aware of Debian and Ubuntu doing the same.&lt;/p&gt;

&lt;p&gt;To get an idea about the quality for free software, I spent some
time making it possible to compare the CVE database from Debian with
the CVE database in NVD.  The result look fairly good, but there are
some inconsistencies in NVD (same software package having several
CPEs), and some inaccuracies (NVD not mentioning buggy packages that
Debian believe are affected by a CVE).  Hope to find time to improve
the quality of NVD, but that require being able to get in touch with
someone maintaining it.  So far my three emails with questions and
corrections have not seen any reply, but I hope contact can be
established soon.&lt;/p&gt;

&lt;p&gt;An interesting application for CPEs is cross platform package
mapping.  It would be useful to know which packages in for example
RHEL, OpenSuSe and Mandriva are missing from Debian and Ubuntu, and
this would be trivial if all linux distributions provided CPE entries
for their packages.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Which module is loaded for a given PCI and USB device?</title>
                <link>http://people.skolelinux.org/pere/blog/Which_module_is_loaded_for_a_given_PCI_and_USB_device_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Which_module_is_loaded_for_a_given_PCI_and_USB_device_.html</guid>
                <pubDate>Sun, 23 Jan 2011 00:20:00 +0100</pubDate>
                <description>&lt;p&gt;In the
&lt;a href=&quot;http://packages.qa.debian.org/discover-data&quot;&gt;discover-data&lt;/a&gt;
package in Debian, there is a script to report useful information
about the running hardware for use when people report missing
information.  One part of this script that I find very useful when
debugging hardware problems, is the part mapping loaded kernel module
to the PCI device it claims.  It allow me to quickly see if the kernel
module I expect is driving the hardware I am struggling with.  To see
the output, make sure discover-data is installed and run
&lt;tt&gt;/usr/share/bug/discover-data 3&gt;&amp;1&lt;/tt&gt;.  The relevant output on
one of my machines like this:&lt;/p&gt;

&lt;pre&gt;
loaded modules:
10de:03eb i2c_nforce2
10de:03f1 ohci_hcd
10de:03f2 ehci_hcd
10de:03f0 snd_hda_intel
10de:03ec pata_amd
10de:03f6 sata_nv
1022:1103 k8temp
109e:036e bttv
109e:0878 snd_bt87x
11ab:4364 sky2
&lt;/pre&gt;

&lt;p&gt;The code in question look like this, slightly modified for
readability and to drop the output to file descriptor 3:&lt;/p&gt;

&lt;pre&gt;
if [ -d /sys/bus/pci/devices/ ] ; then
    echo loaded pci modules:
    (
        cd /sys/bus/pci/devices/
        for address in * ; do
            if [ -d &quot;$address/driver/module&quot; ] ; then
                module=`cd $address/driver/module ; pwd -P | xargs basename`
                if grep -q &quot;^$module &quot; /proc/modules ; then
                    address=$(echo $address |sed s/0000://)
                    id=`lspci -n -s $address | tail -n 1 | awk &#39;{print $3}&#39;`
                    echo &quot;$id $module&quot;
                fi
            fi
        done
    )
    echo
fi
&lt;/pre&gt;

&lt;p&gt;Similar code could be used to extract USB device module
mappings:&lt;/p&gt;

&lt;pre&gt;
if [ -d /sys/bus/usb/devices/ ] ; then
    echo loaded usb modules:
    (
        cd /sys/bus/usb/devices/
        for address in * ; do
            if [ -d &quot;$address/driver/module&quot; ] ; then
                module=`cd $address/driver/module ; pwd -P | xargs basename`
                if grep -q &quot;^$module &quot; /proc/modules ; then
                    address=$(echo $address |sed s/0000://)
                    id=$(lsusb -s $address | tail -n 1 | awk &#39;{print $6}&#39;)
                    if [ &quot;$id&quot; ] ; then
                        echo &quot;$id $module&quot;
                    fi
                fi
            fi
        done
    )
    echo
fi
&lt;/pre&gt;

&lt;p&gt;This might perhaps be something to include in other tools as
well.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>How to test if a laptop is working with Linux</title>
                <link>http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html</guid>
                <pubDate>Wed, 22 Dec 2010 14:55:00 +0100</pubDate>
                <description>&lt;p&gt;The last few days I have spent at work here at the &lt;a
href=&quot;http://www.uio.no/&quot;&gt;University of Oslo&lt;/a&gt; testing if the new
batch of computers will work with Linux.  Every year for the last few
years the university have organised shared bid of a few thousand
computers, and this year HP won the bid.  Two different desktops and
five different laptops are on the list this year.  We in the UNIX
group want to know which one of these computers work well with RHEL
and Ubuntu, the two Linux distributions we currently handle at the
university.&lt;/p&gt;

&lt;p&gt;My test method is simple, and I share it here to get feedback and
perhaps inspire others to test hardware as well.  To test, I PXE
install the OS version of choice, and log in as my normal user and run
a few applications and plug in selected pieces of hardware.  When
something fail, I make a note about this in the test matrix and move
on.  If I have some spare time I try to report the bug to the OS
vendor, but as I only have the machines for a short time, I rarely
have the time to do this for all the problems I find.&lt;/p&gt;

&lt;p&gt;Anyway, to get to the point of this post.  Here is the simple tests
I perform on a new model.&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;Is PXE installation working?  I&#39;m testing with RHEL6, Ubuntu Lucid
and Ubuntu Maverik at the moment.  If I feel like it, I also test with
RHEL5 and Debian Edu/Squeeze.&lt;/li&gt;

&lt;li&gt;Is X.org working?  If the graphical login screen show up after
installation, X.org is working.&lt;/li&gt;

&lt;li&gt;Is hardware accelerated OpenGL working?  Running glxgears (in
package mesa-utils on Ubuntu) and writing down the frames per second
reported by the program.&lt;/li&gt;

&lt;li&gt;Is sound working?  With Gnome and KDE, a sound is played when
logging in, and if I can hear this the test is successful.  If there
are several audio exits on the machine, I try them all and check if
the Gnome/KDE audio mixer can control where to send the sound.  I
normally test this by playing
&lt;a href=&quot;http://www.nuug.no/aktiviteter/20101012-chef/ &quot;&gt;a HTML5
video&lt;/a&gt; in Firefox/Iceweasel.&lt;/li&gt;

&lt;li&gt;Is the USB subsystem working?  I test this by plugging in a USB
memory stick and see if Gnome/KDE notices this.&lt;/li&gt;

&lt;li&gt;Is the CD/DVD player working?  I test this by inserting any CD/DVD
I have lying around, and see if Gnome/KDE notices this.&lt;/li&gt;

&lt;li&gt;Is any built in camera working?  Test using cheese, and see if a
picture from the v4l device show up.&lt;/li&gt;

&lt;li&gt;Is bluetooth working?  Use the Gnome/KDE browsing tool to see if
any bluetooth devices are discovered.  In my office, I normally see a
few.&lt;/li&gt;

&lt;li&gt;For laptops, is the SD or Compaq Flash reader working.  I have
memory modules lying around, and stick them in and see if Gnome/KDE
notice this.&lt;/li&gt;

&lt;li&gt;For laptops, is suspend/hibernate working?  I&#39;m testing if the
special button work, and if the laptop continue to work after
resume.&lt;/li&gt;

&lt;li&gt;For laptops, is the extra buttons working, like audio level,
adjusting background light, switching on/off external video output,
switching on/off wifi, bluetooth, etc?  The set of buttons differ from
laptop to laptop, so I just write down which are working and which are
not.&lt;/li&gt;

&lt;li&gt;Some laptops have smart card readers, finger print readers,
acceleration sensors etc.  I rarely test these, as I do not know how
to quickly test if they are working or not, so I only document their
existence.&lt;/li&gt;

&lt;/ul&gt;

&lt;p&gt;By now I suspect you are really curious what the test results are
for the HP machines I am testing.  I&#39;m not done yet, so I will report
the test results later.  For now I can report that HP 8100 Elite work
fine, and hibernation fail with HP EliteBook 8440p on Ubuntu Lucid,
and audio fail on RHEL6.  Ubuntu Maverik worked with 8440p.  As you
can see, I have most machines left to test.  One interesting
observation is that Ubuntu Lucid has almost twice the frame rate than
RHEL6 with glxgears.  No idea why.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Some thoughts on BitCoins</title>
                <link>http://people.skolelinux.org/pere/blog/Some_thoughts_on_BitCoins.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Some_thoughts_on_BitCoins.html</guid>
                <pubDate>Sat, 11 Dec 2010 15:10:00 +0100</pubDate>
                <description>&lt;p&gt;As I continue to explore
&lt;a href=&quot;http://www.bitcoin.org/&quot;&gt;BitCoin&lt;/a&gt;, I&#39;ve starting to wonder
what properties the system have, and how it will be affected by laws
and regulations here in Norway.  Here are some random notes.&lt;/p&gt;

&lt;p&gt;One interesting thing to note is that since the transactions are
verified using a peer to peer network, all details about a transaction
is known to everyone.  This means that if a BitCoin address has been
published like I did with mine in my initial post about BitCoin, it is
possible for everyone to see how many BitCoins have been transfered to
that address.  There is even a web service to look at the details for
all transactions.  There I can see that my address
&lt;a href=&quot;http://blockexplorer.com/address/15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&quot;&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/a&gt;
have received 16.06 Bitcoin, the
&lt;a href=&quot;http://blockexplorer.com/address/1LfdGnGuWkpSJgbQySxxCWhv8MHqvwst3&quot;&gt;1LfdGnGuWkpSJgbQySxxCWhv8MHqvwst3&lt;/a&gt;
address of Simon Phipps have received 181.97 BitCoin and the address
&lt;a href=&quot;http://blockexplorer.com/address/1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt&quot;&gt;1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt&lt;/A&gt;
of EFF have received 2447.38 BitCoins so far.  Thank you to each and
every one of you that donated bitcoins to support my activity. The
fact that anyone can see how much money was transfered to a given
address make it more obvious why the BitCoin community recommend to
generate and hand out a new address for each transaction.  I&#39;m told
there is no way to track which addresses belong to a given person or
organisation without the person or organisation revealing it
themselves, as Simon, EFF and I have done.&lt;/p&gt;

&lt;p&gt;In Norway, and in most other countries, there are laws and
regulations limiting how much money one can transfer across the border
without declaring it.  There are money laundering, tax and accounting
laws and regulations I would expect to apply to the use of BitCoin.
If the Skolelinux foundation
(&lt;a href=&quot;http://linuxiskolen.no/slxdebianlabs/donations.html&quot;&gt;SLX
Debian Labs&lt;/a&gt;) were to accept donations in BitCoin in addition to
normal bank transfers like EFF is doing, how should this be accounted?
Given that it is impossible to know if money can cross the border or
not, should everything or nothing be declared?  What exchange rate
should be used when calculating taxes?  Would receivers have to pay
income tax if the foundation were to pay Skolelinux contributors in
BitCoin?  I have no idea, but it would be interesting to know.&lt;/p&gt;

&lt;p&gt;For a currency to be useful and successful, it must be trusted and
accepted by a lot of users.  It must be possible to get easy access to
the currency (as a wage or using currency exchanges), and it must be
easy to spend it.  At the moment BitCoin seem fairly easy to get
access to, but there are very few places to spend it.  I am not really
a regular user of any of the vendor types currently accepting BitCoin,
so I wonder when my kind of shop would start accepting BitCoins.  I
would like to buy electronics, travels and subway tickets, not herbs
and books. :) The currency is young, and this will improve over time
if it become popular, but I suspect regular banks will start to lobby
to get BitCoin declared illegal if it become popular.  I&#39;m sure they
will claim it is helping fund terrorism and money laundering (which
probably would be true, as is any currency in existence), but I
believe the problems should be solved elsewhere and not by blaming
currencies.&lt;/p&gt;

&lt;p&gt;The process of creating new BitCoins is called mining, and it is
CPU intensive process that depend on a bit of luck as well (as one is
competing against all the other miners currently spending CPU cycles
to see which one get the next lump of cash).  The &quot;winner&quot; get 50
BitCoin when this happen.  Yesterday I came across the obvious way to
join forces to increase ones changes of getting at least some coins,
by coordinating the work on mining BitCoins across several machines
and people, and sharing the result if one is lucky and get the 50
BitCoins.  Check out
&lt;a href=&quot;http://www.bluishcoder.co.nz/bitcoin-pool/&quot;&gt;BitCoin Pool&lt;/a&gt;
if this sounds interesting.  I have not had time to try to set up a
machine to participate there yet, but have seen that running on ones
own for a few days have not yield any BitCoins througth mining
yet.&lt;/p&gt;

&lt;p&gt;Update 2010-12-15: Found an &lt;a
href=&quot;http://inertia.posterous.com/reply-to-the-underground-economist-why-bitcoi&quot;&gt;interesting
criticism&lt;/a&gt; of bitcoin.  Not quite sure how valid it is, but thought
it was interesting to read.  The arguments presented seem to be
equally valid for gold, which was used as a currency for many years.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Now accepting bitcoins - anonymous and distributed p2p crypto-money</title>
                <link>http://people.skolelinux.org/pere/blog/Now_accepting_bitcoins___anonymous_and_distributed_p2p_crypto_money.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Now_accepting_bitcoins___anonymous_and_distributed_p2p_crypto_money.html</guid>
                <pubDate>Fri, 10 Dec 2010 08:20:00 +0100</pubDate>
                <description>&lt;p&gt;With this weeks lawless
&lt;a href=&quot;http://www.salon.com/news/opinion/glenn_greenwald/2010/12/06/wikileaks/index.html&quot;&gt;governmental
attacks&lt;/a&gt; on Wikileak and
&lt;a href=&quot;http://www.salon.com/technology/dan_gillmor/2010/12/06/war_on_speech&quot;&gt;free
speech&lt;/a&gt;, it has become obvious that PayPal, visa and mastercard can
not be trusted to handle money transactions.
A blog post from
&lt;a href=&quot;http://webmink.com/2010/12/06/now-accepting-bitcoin/&quot;&gt;Simon
Phipps on bitcoin&lt;/a&gt; reminded me about a project that a friend of
mine mentioned earlier.  I decided to follow Simon&#39;s example, and get
involved with &lt;a href=&quot;http://www.bitcoin.org/&quot;&gt;BitCoin&lt;/a&gt;.  I got
some help from my friend to get it all running, and he even handed me
some bitcoins to get started.  I even donated a few bitcoins to Simon
for helping me remember BitCoin.&lt;/p&gt;

&lt;p&gt;So, what is bitcoins, you probably wonder?  It is a digital
crypto-currency, decentralised and handled using peer-to-peer
networks.  It allows anonymous transactions and prohibits central
control over the transactions, making it impossible for governments
and companies alike to block donations and other transactions.  The
source is free software, and while the key dependency wxWidgets 2.9
for the graphical user interface is missing in Debian, the command
line client builds just fine.  Hopefully Jonas
&lt;a href=&quot;http://bugs.debian.org/578157&quot;&gt;will get the package into
Debian&lt;/a&gt; soon.&lt;/p&gt;

&lt;p&gt;Bitcoins can be converted to other currencies, like USD and EUR.
There are &lt;a href=&quot;http://www.bitcoin.org/trade&quot;&gt;companies accepting
bitcoins&lt;/a&gt; when selling services and goods, and there are even
currency &quot;stock&quot; markets where the exchange rate is decided.  There
are not many users so far, but the concept seems promising.  If you
want to get started and lack a friend with any bitcoins to spare,
you can even get
&lt;a href=&quot;https://freebitcoins.appspot.com/&quot;&gt;some for free&lt;/a&gt; (0.05
bitcoin at the time of writing).  Use
&lt;a href=&quot;http://www.bitcoinwatch.com/&quot;&gt;BitcoinWatch&lt;/a&gt; to keep an eye
on the current exchange rates.&lt;/p&gt;

&lt;p&gt;As an experiment, I have decided to set up bitcoind on one of my
machines.  If you want to support my activity, please send Bitcoin
donations to the address
&lt;b&gt;15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b&lt;/b&gt;.  Thank you!&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Why isn&#39;t Debian Edu using VLC?</title>
                <link>http://people.skolelinux.org/pere/blog/Why_isn_t_Debian_Edu_using_VLC_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Why_isn_t_Debian_Edu_using_VLC_.html</guid>
                <pubDate>Sat, 27 Nov 2010 11:30:00 +0100</pubDate>
                <description>&lt;p&gt;In the latest issue of Linux Journal, the readers choices were
presented, and the winner among the multimedia player were VLC.
Personally, I like VLC, and it is my player of choice when I first try
to play a video file or stream.  Only if VLC fail will I drag out
gmplayer to see if it can do better.  The reason is mostly the failure
model and trust.  When VLC fail, it normally pop up a error message
reporting the problem.  When mplayer fail, it normally segfault or
just hangs.  The latter failure mode drain my trust in the program.&lt;p&gt;

&lt;p&gt;But even if VLC is my player of choice, we have choosen to use
mplayer in &lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian
Edu/Skolelinux&lt;/a&gt;.  The reason is simple.  We need a good browser
plugin to play web videos seamlessly, and the VLC browser plugin is
not very good.  For example, it lack in-line control buttons, so there
is no way for the user to pause the video.  Also, when I
&lt;a href=&quot;http://wiki.debian.org/DebianEdu/BrowserMultimedia&quot;&gt;last
tested the browser plugins&lt;/a&gt; available in Debian, the VLC plugin
failed on several video pages where mplayer based plugins worked.  If
the browser plugin for VLC was as good as the gecko-mediaplayer
package (which uses mplayer), we would switch.&lt;/P&gt;

&lt;p&gt;While VLC is a good player, its user interface is slightly
annoying.  The most annoying feature is its inconsistent use of
keyboard shortcuts.  When the player is in full screen mode, its
shortcuts are different from when it is playing the video in a window.
For example, space only work as pause when in full screen mode.  I
wish it had consisten shortcuts and that space also would work when in
window mode.  Another nice shortcut in gmplayer is [enter] to restart
the current video.  It is very nice when playing short videos from the
web and want to restart it when new people arrive to have a look at
what is going on.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Lenny-&gt;Squeeze upgrades of the Gnome and KDE desktop, now with apt-get autoremove</title>
                <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades_of_the_Gnome_and_KDE_desktop__now_with_apt_get_autoremove.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades_of_the_Gnome_and_KDE_desktop__now_with_apt_get_autoremove.html</guid>
                <pubDate>Mon, 22 Nov 2010 14:15:00 +0100</pubDate>
                <description>&lt;p&gt;Michael Biebl suggested to me on IRC, that I changed my automated
upgrade testing of the
&lt;a href=&quot;http://people.skolelinux.org/~pere/debian-upgrade-testing/&quot;&gt;Lenny
Gnome and KDE Desktop&lt;/a&gt; to do &lt;tt&gt;apt-get autoremove&lt;/tt&gt; when using apt-get.
This seem like a very good idea, so I adjusted by test scripts and
can now present the updated result from today:&lt;/p&gt;

&lt;p&gt;This is for Gnome:&lt;/p&gt;

&lt;p&gt;Installed using apt-get, missing with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  apache2.2-bin
  aptdaemon
  baobab
  binfmt-support
  browser-plugin-gnash
  cheese-common
  cli-common
  cups-pk-helper
  dmz-cursor-theme
  empathy
  empathy-common
  freedesktop-sound-theme
  freeglut3
  gconf-defaults-service
  gdm-themes
  gedit-plugins
  geoclue
  geoclue-hostip
  geoclue-localnet
  geoclue-manual
  geoclue-yahoo
  gnash
  gnash-common
  gnome
  gnome-backgrounds
  gnome-cards-data
  gnome-codec-install
  gnome-core
  gnome-desktop-environment
  gnome-disk-utility
  gnome-screenshot
  gnome-search-tool
  gnome-session-canberra
  gnome-system-log
  gnome-themes-extras
  gnome-themes-more
  gnome-user-share
  gstreamer0.10-fluendo-mp3
  gstreamer0.10-tools
  gtk2-engines
  gtk2-engines-pixbuf
  gtk2-engines-smooth
  hamster-applet
  libapache2-mod-dnssd
  libapr1
  libaprutil1
  libaprutil1-dbd-sqlite3
  libaprutil1-ldap
  libart2.0-cil
  libboost-date-time1.42.0
  libboost-python1.42.0
  libboost-thread1.42.0
  libchamplain-0.4-0
  libchamplain-gtk-0.4-0
  libcheese-gtk18
  libclutter-gtk-0.10-0
  libcryptui0
  libdiscid0
  libelf1
  libepc-1.0-2
  libepc-common
  libepc-ui-1.0-2
  libfreerdp-plugins-standard
  libfreerdp0
  libgconf2.0-cil
  libgdata-common
  libgdata7
  libgdu-gtk0
  libgee2
  libgeoclue0
  libgexiv2-0
  libgif4
  libglade2.0-cil
  libglib2.0-cil
  libgmime2.4-cil
  libgnome-vfs2.0-cil
  libgnome2.24-cil
  libgnomepanel2.24-cil
  libgpod-common
  libgpod4
  libgtk2.0-cil
  libgtkglext1
  libgtksourceview2.0-common
  libmono-addins-gui0.2-cil
  libmono-addins0.2-cil
  libmono-cairo2.0-cil
  libmono-corlib2.0-cil
  libmono-i18n-west2.0-cil
  libmono-posix2.0-cil
  libmono-security2.0-cil
  libmono-sharpzip2.84-cil
  libmono-system2.0-cil
  libmtp8
  libmusicbrainz3-6
  libndesk-dbus-glib1.0-cil
  libndesk-dbus1.0-cil
  libopal3.6.8
  libpolkit-gtk-1-0
  libpt2.6.7
  libpython2.6
  librpm1
  librpmio1
  libsdl1.2debian
  libsrtp0
  libssh-4
  libtelepathy-farsight0
  libtelepathy-glib0
  libtidy-0.99-0
  media-player-info
  mesa-utils
  mono-2.0-gac
  mono-gac
  mono-runtime
  nautilus-sendto
  nautilus-sendto-empathy
  p7zip-full
  pkg-config
  python-aptdaemon
  python-aptdaemon-gtk
  python-axiom
  python-beautifulsoup
  python-bugbuddy
  python-clientform
  python-coherence
  python-configobj
  python-crypto
  python-cupshelpers
  python-elementtree
  python-epsilon
  python-evolution
  python-feedparser
  python-gdata
  python-gdbm
  python-gst0.10
  python-gtkglext1
  python-gtksourceview2
  python-httplib2
  python-louie
  python-mako
  python-markupsafe
  python-mechanize
  python-nevow
  python-notify
  python-opengl
  python-openssl
  python-pam
  python-pkg-resources
  python-pyasn1
  python-pysqlite2
  python-rdflib
  python-serial
  python-tagpy
  python-twisted-bin
  python-twisted-conch
  python-twisted-core
  python-twisted-web
  python-utidylib
  python-webkit
  python-xdg
  python-zope.interface
  remmina
  remmina-plugin-data
  remmina-plugin-rdp
  remmina-plugin-vnc
  rhythmbox-plugin-cdrecorder
  rhythmbox-plugins
  rpm-common
  rpm2cpio
  seahorse-plugins
  shotwell
  software-center
  system-config-printer-udev
  telepathy-gabble
  telepathy-mission-control-5
  telepathy-salut
  tomboy
  totem
  totem-coherence
  totem-mozilla
  totem-plugins
  transmission-common
  xdg-user-dirs
  xdg-user-dirs-gtk
  xserver-xephyr
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using apt-get, removed with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  cheese
  ekiga
  eog
  epiphany-extensions
  evolution-exchange
  fast-user-switch-applet
  file-roller
  gcalctool
  gconf-editor
  gdm
  gedit
  gedit-common
  gnome-games
  gnome-games-data
  gnome-nettool
  gnome-system-tools
  gnome-themes
  gnuchess
  gucharmap
  guile-1.8-libs
  libavahi-ui0
  libdmx1
  libgalago3
  libgtk-vnc-1.0-0
  libgtksourceview2.0-0
  liblircclient0
  libsdl1.2debian-alsa
  libspeexdsp1
  libsvga1
  rhythmbox
  seahorse
  sound-juicer
  system-config-printer
  totem-common
  transmission-gtk
  vinagre
  vino
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, missing with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  gstreamer0.10-gnomevfs
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, removed with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
[nothing]
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;This is for KDE:&lt;/p&gt;

&lt;p&gt;Installed using apt-get, missing with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  ksmserver
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using apt-get, removed with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  kwin
  network-manager-kde
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, missing with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  arts
  dolphin
  freespacenotifier
  google-gadgets-gst
  google-gadgets-xul
  kappfinder
  kcalc
  kcharselect
  kde-core
  kde-plasma-desktop
  kde-standard
  kde-window-manager
  kdeartwork
  kdeartwork-emoticons
  kdeartwork-style
  kdeartwork-theme-icon
  kdebase
  kdebase-apps
  kdebase-workspace
  kdebase-workspace-bin
  kdebase-workspace-data
  kdeeject
  kdelibs
  kdeplasma-addons
  kdeutils
  kdewallpapers
  kdf
  kfloppy
  kgpg
  khelpcenter4
  kinfocenter
  konq-plugins-l10n
  konqueror-nsplugins
  kscreensaver
  kscreensaver-xsavers
  ktimer
  kwrite
  libgle3
  libkde4-ruby1.8
  libkonq5
  libkonq5-templates
  libnetpbm10
  libplasma-ruby
  libplasma-ruby1.8
  libqt4-ruby1.8
  marble-data
  marble-plugins
  netpbm
  nuvola-icon-theme
  plasma-dataengines-workspace
  plasma-desktop
  plasma-desktopthemes-artwork
  plasma-runners-addons
  plasma-scriptengine-googlegadgets
  plasma-scriptengine-python
  plasma-scriptengine-qedje
  plasma-scriptengine-ruby
  plasma-scriptengine-webkit
  plasma-scriptengines
  plasma-wallpapers-addons
  plasma-widget-folderview
  plasma-widget-networkmanagement
  ruby
  sweeper
  update-notifier-kde
  xscreensaver-data-extra
  xscreensaver-gl
  xscreensaver-gl-extra
  xscreensaver-screensaver-bsod
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, removed with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  ark
  google-gadgets-common
  google-gadgets-qt
  htdig
  kate
  kdebase-bin
  kdebase-data
  kdepasswd
  kfind
  klipper
  konq-plugins
  konqueror
  ksysguard
  ksysguardd
  libarchive1
  libcln6
  libeet1
  libeina-svn-06
  libggadget-1.0-0b
  libggadget-qt-1.0-0b
  libgps19
  libkdecorations4
  libkephal4
  libkonq4
  libkonqsidebarplugin4a
  libkscreensaver5
  libksgrd4
  libksignalplotter4
  libkunitconversion4
  libkwineffects1a
  libmarblewidget4
  libntrack-qt4-1
  libntrack0
  libplasma-geolocation-interface4
  libplasmaclock4a
  libplasmagenericshell4
  libprocesscore4a
  libprocessui4a
  libqalculate5
  libqedje0a
  libqtruby4shared2
  libqzion0a
  libruby1.8
  libscim8c2a
  libsmokekdecore4-3
  libsmokekdeui4-3
  libsmokekfile3
  libsmokekhtml3
  libsmokekio3
  libsmokeknewstuff2-3
  libsmokeknewstuff3-3
  libsmokekparts3
  libsmokektexteditor3
  libsmokekutils3
  libsmokenepomuk3
  libsmokephonon3
  libsmokeplasma3
  libsmokeqtcore4-3
  libsmokeqtdbus4-3
  libsmokeqtgui4-3
  libsmokeqtnetwork4-3
  libsmokeqtopengl4-3
  libsmokeqtscript4-3
  libsmokeqtsql4-3
  libsmokeqtsvg4-3
  libsmokeqttest4-3
  libsmokeqtuitools4-3
  libsmokeqtwebkit4-3
  libsmokeqtxml4-3
  libsmokesolid3
  libsmokesoprano3
  libtaskmanager4a
  libtidy-0.99-0
  libweather-ion4a
  libxklavier16
  libxxf86misc1
  okteta
  oxygencursors
  plasma-dataengines-addons
  plasma-scriptengine-superkaramba
  plasma-widget-lancelot
  plasma-widgets-addons
  plasma-widgets-workspace
  polkit-kde-1
  ruby1.8
  systemsettings
  update-notifier-common
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Running apt-get autoremove made the results using apt-get and
aptitude a bit more similar, but there are still quite a lott of
differences.  I have no idea what packages should be installed after
the upgrade, but hope those that do can have a look.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Migrating Xen virtual machines using LVM to KVM using disk images</title>
                <link>http://people.skolelinux.org/pere/blog/Migrating_Xen_virtual_machines_using_LVM_to_KVM_using_disk_images.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Migrating_Xen_virtual_machines_using_LVM_to_KVM_using_disk_images.html</guid>
                <pubDate>Mon, 22 Nov 2010 11:20:00 +0100</pubDate>
                <description>&lt;p&gt;Most of the computers in use by the
&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu/Skolelinux project&lt;/a&gt;
are virtual machines.  And they have been Xen machines running on a
fairly old IBM eserver xseries 345 machine, and we wanted to migrate
them to KVM on a newer Dell PowerEdge 2950 host machine.  This was a
bit harder that it could have been, because we set up the Xen virtual
machines to get the virtual partitions from LVM, which as far as I
know is not supported by KVM.  So to migrate, we had to convert
several LVM logical volumes to partitions on a virtual disk file.&lt;/p&gt;

&lt;p&gt;I found
&lt;a href=&quot;http://searchnetworking.techtarget.com.au/articles/35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM&quot;&gt;a
nice recipe&lt;/a&gt; to do this, and wrote the following script to do the
migration.  It uses qemu-img from the qemu package to make the disk
image, parted to partition it, losetup and kpartx to present the disk
image partions as devices, and dd to copy the data.  I NFS mounted the
new servers storage area on the old server to do the migration.&lt;/p&gt;

&lt;pre&gt;
#!/bin/sh

# Based on
# http://searchnetworking.techtarget.com.au/articles/35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM

set -e
set -x

if [ -z &quot;$1&quot; ] ; then
    echo &quot;Usage: $0 &amp;lt;hostname&amp;gt;&quot;
    exit 1
else
    host=&quot;$1&quot;
fi

if [ ! -e /dev/vg_data/$host-disk ] ; then
    echo &quot;error: unable to find LVM volume for $host&quot;
    exit 1
fi

# Partitions need to be a bit bigger than the LVM LVs.  not sure why.
disksize=$( lvs --units m | grep $host-disk | awk &#39;{sum = sum + $4} END { print int(sum * 1.05) }&#39;)
swapsize=$( lvs --units m | grep $host-swap | awk &#39;{sum = sum + $4} END { print int(sum * 1.05) }&#39;)
totalsize=$(( ( $disksize + $swapsize ) ))

img=$host.img
#dd if=/dev/zero of=$img bs=1M count=$(( $disksize + $swapsize ))
qemu-img create $img ${totalsize}MMaking room on the Debian Edu/Sqeeze DVD

parted $img mklabel msdos
parted $img mkpart primary linux-swap 0 $disksize
parted $img mkpart primary ext2 $disksize $totalsize
parted $img set 1 boot on

modprobe dm-mod
losetup /dev/loop0 $img
kpartx -a /dev/loop0

dd if=/dev/vg_data/$host-disk of=/dev/mapper/loop0p1 bs=1M
fsck.ext3 -f /dev/mapper/loop0p1 || true
mkswap /dev/mapper/loop0p2

kpartx -d /dev/loop0
losetup -d /dev/loop0
&lt;/pre&gt;

&lt;p&gt;The script is perhaps so simple that it is not copyrightable, but
if it is, it is licenced using GPL v2 or later at your discretion.&lt;/p&gt;

&lt;p&gt;After doing this, I booted a Debian CD in rescue mode in KVM with
the new disk image attached, installed grub-pc and linux-image-686 and
set up grub to boot from the disk image.  After this, the KVM machines
seem to work just fine.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Lenny-&gt;Squeeze upgrades, apt vs aptitude with the Gnome and KDE desktop</title>
                <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_and_KDE_desktop.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_and_KDE_desktop.html</guid>
                <pubDate>Sat, 20 Nov 2010 22:50:00 +0100</pubDate>
                <description>&lt;p&gt;I&#39;m still running upgrade testing of the
&lt;a href=&quot;http://people.skolelinux.org/~pere/debian-upgrade-testing/&quot;&gt;Lenny
Gnome and KDE Desktop&lt;/a&gt;, but have not had time to spend on reporting the
status.  Here is a short update based on a test I ran 20101118.&lt;/p&gt;

&lt;p&gt;I still do not know what a correct migration should look like, so I
report any differences between apt and aptitude and hope someone else
can see if anything should be changed.&lt;/p&gt;

&lt;p&gt;This is for Gnome:&lt;/p&gt;

&lt;p&gt;Installed using apt-get, missing with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  apache2.2-bin aptdaemon at-spi baobab binfmt-support
  browser-plugin-gnash cheese-common cli-common cpp-4.3 cups-pk-helper
  dmz-cursor-theme empathy empathy-common finger
  freedesktop-sound-theme freeglut3 gconf-defaults-service gdm-themes
  gedit-plugins geoclue geoclue-hostip geoclue-localnet geoclue-manual
  geoclue-yahoo gnash gnash-common gnome gnome-backgrounds
  gnome-cards-data gnome-codec-install gnome-core
  gnome-desktop-environment gnome-disk-utility gnome-screenshot
  gnome-search-tool gnome-session-canberra gnome-spell
  gnome-system-log gnome-themes-extras gnome-themes-more
  gnome-user-share gs-common gstreamer0.10-fluendo-mp3
  gstreamer0.10-tools gtk2-engines gtk2-engines-pixbuf
  gtk2-engines-smooth hal-info hamster-applet libapache2-mod-dnssd
  libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap
  libart2.0-cil libatspi1.0-0 libboost-date-time1.42.0
  libboost-python1.42.0 libboost-thread1.42.0 libchamplain-0.4-0
  libchamplain-gtk-0.4-0 libcheese-gtk18 libclutter-gtk-0.10-0
  libcryptui0 libcupsys2 libdiscid0 libeel2-data libelf1 libepc-1.0-2
  libepc-common libepc-ui-1.0-2 libfreerdp-plugins-standard
  libfreerdp0 libgail-common libgconf2.0-cil libgdata-common libgdata7
  libgdl-1-common libgdu-gtk0 libgee2 libgeoclue0 libgexiv2-0 libgif4
  libglade2.0-cil libglib2.0-cil libgmime2.4-cil libgnome-vfs2.0-cil
  libgnome2.24-cil libgnomepanel2.24-cil libgnomeprint2.2-data
  libgnomeprintui2.2-common libgnomevfs2-bin libgpod-common libgpod4
  libgtk2.0-cil libgtkglext1 libgtksourceview-common
  libgtksourceview2.0-common libmono-addins-gui0.2-cil
  libmono-addins0.2-cil libmono-cairo2.0-cil libmono-corlib2.0-cil
  libmono-i18n-west2.0-cil libmono-posix2.0-cil
  libmono-security2.0-cil libmono-sharpzip2.84-cil
  libmono-system2.0-cil libmtp8 libmusicbrainz3-6
  libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libopal3.6.8
  libpolkit-gtk-1-0 libpt-1.10.10-plugins-alsa
  libpt-1.10.10-plugins-v4l libpt2.6.7 libpython2.6 librpm1 librpmio1
  libsdl1.2debian libservlet2.4-java libsrtp0 libssh-4
  libtelepathy-farsight0 libtelepathy-glib0 libtidy-0.99-0
  libxalan2-java libxerces2-java media-player-info mesa-utils
  mono-2.0-gac mono-gac mono-runtime nautilus-sendto
  nautilus-sendto-empathy openoffice.org-writer2latex
  openssl-blacklist p7zip p7zip-full pkg-config python-4suite-xml
  python-aptdaemon python-aptdaemon-gtk python-axiom
  python-beautifulsoup python-bugbuddy python-clientform
  python-coherence python-configobj python-crypto python-cupshelpers
  python-cupsutils python-eggtrayicon python-elementtree
  python-epsilon python-evolution python-feedparser python-gdata
  python-gdbm python-gst0.10 python-gtkglext1 python-gtkmozembed
  python-gtksourceview2 python-httplib2 python-louie python-mako
  python-markupsafe python-mechanize python-nevow python-notify
  python-opengl python-openssl python-pam python-pkg-resources
  python-pyasn1 python-pysqlite2 python-rdflib python-serial
  python-tagpy python-twisted-bin python-twisted-conch
  python-twisted-core python-twisted-web python-utidylib python-webkit
  python-xdg python-zope.interface remmina remmina-plugin-data
  remmina-plugin-rdp remmina-plugin-vnc rhythmbox-plugin-cdrecorder
  rhythmbox-plugins rpm-common rpm2cpio seahorse-plugins shotwell
  software-center svgalibg1 system-config-printer-udev
  telepathy-gabble telepathy-mission-control-5 telepathy-salut tomboy
  totem totem-coherence totem-mozilla totem-plugins
  transmission-common xdg-user-dirs xdg-user-dirs-gtk xserver-xephyr
  zip
&lt;/p&gt;&lt;/blockquote&gt;

Installed using apt-get, removed with aptitude

&lt;blockquote&gt;&lt;p&gt;
  arj bluez-utils cheese dhcdbd djvulibre-desktop ekiga eog
  epiphany-extensions epiphany-gecko evolution-exchange
  fast-user-switch-applet file-roller gcalctool gconf-editor gdm gedit
  gedit-common gnome-app-install gnome-games gnome-games-data
  gnome-nettool gnome-system-tools gnome-themes gnome-utils
  gnome-vfs-obexftp gnome-volume-manager gnuchess gucharmap
  guile-1.8-libs hal libavahi-compat-libdnssd1 libavahi-core5
  libavahi-ui0 libbind9-50 libbluetooth2 libcamel1.2-11 libcdio7
  libcucul0 libcurl3 libdirectfb-1.0-0 libdmx1 libdvdread3
  libedata-cal1.2-6 libedataserver1.2-9 libeel2-2.20 libepc-1.0-1
  libepc-ui-1.0-1 libexchange-storage1.2-3 libfaad0 libgadu3
  libgalago3 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
  libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
  libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
  libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtk-vnc-1.0-0
  libgtkhtml2-0 libgtksourceview1.0-0 libgtksourceview2.0-0
  libgucharmap6 libhesiod0 libicu38 libisccc50 libisccfg50 libiw29
  libjaxp1.3-java-gcj libkpathsea4 liblircclient0 libltdl3 liblwres50
  libmagick++10 libmagick10 libmalaga7 libmozjs1d libmpfr1ldbl libmtp7
  libmysqlclient15off libnautilus-burn4 libneon27 libnm-glib0
  libnm-util0 libopal-2.2 libosp5 libparted1.8-10 libpisock9
  libpisync1 libpoppler-glib3 libpoppler3 libpt-1.10.10 libraw1394-8
  libsdl1.2debian-alsa libsensors3 libsexy2 libsmbios2 libsoup2.2-8
  libspeexdsp1 libssh2-1 libsuitesparse-3.1.0 libsvga1
  libswfdec-0.6-90 libtalloc1 libtotem-plparser10 libtrackerclient0
  libvoikko1 libxalan2-java-gcj libxerces2-java-gcj libxklavier12
  libxtrap6 libxxf86misc1 libzephyr3 mysql-common rhythmbox seahorse
  sound-juicer swfdec-gnome system-config-printer totem-common
  totem-gstreamer transmission-gtk vinagre vino w3c-dtd-xhtml wodim
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, missing with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  gstreamer0.10-gnomevfs
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, removed with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
[nothing]
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;This is for KDE:&lt;/p&gt;

&lt;p&gt;Installed using apt-get, missing with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  autopoint bomber bovo cantor cantor-backend-kalgebra cpp-4.3 dcoprss
  edict espeak espeak-data eyesapplet fifteenapplet finger gettext
  ghostscript-x git gnome-audio gnugo granatier gs-common
  gstreamer0.10-pulseaudio indi kaddressbook-plugins kalgebra
  kalzium-data kanjidic kapman kate-plugins kblocks kbreakout kbstate
  kde-icons-mono kdeaccessibility kdeaddons-kfile-plugins
  kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
  kdeedu kdeedu-data kdeedu-kvtml-data kdegames kdegames-card-data
  kdegames-mahjongg-data kdegraphics-kfile-plugins kdelirc
  kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
  kdepim-kfile-plugins kdepim-kio-plugins kdessh kdetoys kdewebdev
  kdiamond kdnssd kfilereplace kfourinline kgeography-data kigo
  killbots kiriki klettres-data kmoon kmrml knewsticker-scripts
  kollision kpf krosspython ksirk ksmserver ksquares kstars-data
  ksudoku kubrick kweather libasound2-plugins libboost-python1.42.0
  libcfitsio3 libconvert-binhex-perl libcrypt-ssleay-perl libdb4.6++
  libdjvulibre-text libdotconf1.0 liberror-perl libespeak1
  libfinance-quote-perl libgail-common libgsl0ldbl libhtml-parser-perl
  libhtml-tableextract-perl libhtml-tagset-perl libhtml-tree-perl
  libio-stringy-perl libkdeedu4 libkdegames5 libkiten4 libkpathsea5
  libkrossui4 libmailtools-perl libmime-tools-perl
  libnews-nntpclient-perl libopenbabel3 libportaudio2 libpulse-browse0
  libservlet2.4-java libspeechd2 libtiff-tools libtimedate-perl
  libunistring0 liburi-perl libwww-perl libxalan2-java libxerces2-java
  lirc luatex marble networkstatus noatun-plugins
  openoffice.org-writer2latex palapeli palapeli-data parley
  parley-data poster psutils pulseaudio pulseaudio-esound-compat
  pulseaudio-module-x11 pulseaudio-utils quanta-data rocs rsync
  speech-dispatcher step svgalibg1 texlive-binaries texlive-luatex
  ttf-sazanami-gothic
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using apt-get, removed with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  amor artsbuilder atlantik atlantikdesigner blinken bluez-utils cvs
  dhcdbd djvulibre-desktop imlib-base imlib11 kalzium kanagram kandy
  kasteroids katomic kbackgammon kbattleship kblackbox kbounce kbruch
  kcron kdat kdemultimedia-kappfinder-data kdeprint kdict kdvi kedit
  keduca kenolaba kfax kfaxview kfouleggs kgeography kghostview
  kgoldrunner khangman khexedit kiconedit kig kimagemapeditor
  kitchensync kiten kjumpingcube klatin klettres klickety klines
  klinkstatus kmag kmahjongg kmailcvt kmenuedit kmid kmilo kmines
  kmousetool kmouth kmplot knetwalk kodo kolf kommander konquest kooka
  kpager kpat kpdf kpercentage kpilot kpoker kpovmodeler krec
  kregexpeditor kreversi ksame ksayit kshisen ksig ksim ksirc ksirtet
  ksmiletris ksnake ksokoban kspaceduel kstars ksvg ksysv kteatime
  ktip ktnef ktouch ktron kttsd ktuberling kturtle ktux kuickshow
  kverbos kview kviewshell kvoctrain kwifimanager kwin kwin4 kwordquiz
  kworldclock kxsldbg libakode2 libarts1-akode libarts1-audiofile
  libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
  libavahi-core5 libavc1394-0 libbind9-50 libbluetooth2
  libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0
  libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
  libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0 libicu38
  libiec61883-0 libindex0 libisccc50 libisccfg50 libiw29
  libjaxp1.3-java-gcj libk3b3 libkcal2b libkcddb1 libkdeedu3
  libkdegames1 libkdepim1a libkgantt0 libkleopatra1 libkmime2
  libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
  libksieve0 libktnef1 liblockdev1 libltdl3 liblwres50 libmagick10
  libmimelib1c2a libmodplug0c2 libmozjs1d libmpcdec3 libmpfr1ldbl
  libneon27 libnm-util0 libopensync0 libpisock9 libpoppler-glib3
  libpoppler-qt2 libpoppler3 libraw1394-8 librss1 libsensors3
  libsmbios2 libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90
  libtalloc1 libxalan2-java-gcj libxerces2-java-gcj libxtrap6 lskat
  mpeglib network-manager-kde noatun pmount tex-common texlive-base
  texlive-common texlive-doc-base texlive-fonts-recommended tidy
  ttf-dustin ttf-kochi-gothic ttf-sjfonts
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, missing with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  dolphin kde-core kde-plasma-desktop kde-standard kde-window-manager
  kdeartwork kdebase kdebase-apps kdebase-workspace
  kdebase-workspace-bin kdebase-workspace-data kdeutils kscreensaver
  kscreensaver-xsavers libgle3 libkonq5 libkonq5-templates libnetpbm10
  netpbm plasma-widget-folderview plasma-widget-networkmanagement
  xscreensaver-data-extra xscreensaver-gl xscreensaver-gl-extra
  xscreensaver-screensaver-bsod
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, removed with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  kdebase-bin konq-plugins konqueror
&lt;/p&gt;&lt;/blockquote&gt;
</description>
        </item>
        
        <item>
                <title>Gnash buildbot slave and Debian kfreebsd</title>
                <link>http://people.skolelinux.org/pere/blog/Gnash_buildbot_slave_and_Debian_kfreebsd.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Gnash_buildbot_slave_and_Debian_kfreebsd.html</guid>
                <pubDate>Sat, 20 Nov 2010 07:20:00 +0100</pubDate>
                <description>&lt;p&gt;Answering
&lt;a href=&quot;http://www.listware.net/201011/gnash-dev/67431-gnash-dev-buildbot-looking-for-slaves.html&quot;&gt;the
call from the Gnash project&lt;/a&gt; for
&lt;a href=&quot;http://www.gnashdev.org:8010&quot;&gt;buildbot&lt;/a&gt; slaves to test the
current source, I have set up a virtual KVM machine on the Debian
Edu/Skolelinux virtualization host to test the git source on
Debian/Squeeze.  I hope this can help the developers in getting new
releases out more often.&lt;/p&gt;

&lt;p&gt;As the developers want less main-stream build platforms tested to,
I have considered setting up a &lt;a
href=&quot;http://www.debian.org/ports/kfreebsd-gnu/&quot;&gt;Debian/kfreebsd&lt;/a&gt;
machine as well.  I have also considered using the kfreebsd
architecture in Debian as a file server in NUUG to get access to the 5
TB zfs volume we currently use to store DV video.  Because of this, I
finally got around to do a test installation of Debian/Squeeze with
kfreebsd.  Installation went fairly smooth, thought I noticed some
visual glitches in the cdebconf dialogs (black cursor left on the
screen at random locations).  Have not gotten very far with the
testing.  Noticed cfdisk did not work, but fdisk did so it was not a
fatal problem.  Have to spend some more time on it to see if it is
useful as a file server for NUUG.  Will try to find time to set up a
gnash buildbot slave on the Debian Edu/Skolelinux this weekend.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian in 3D</title>
                <link>http://people.skolelinux.org/pere/blog/Debian_in_3D.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_in_3D.html</guid>
                <pubDate>Tue, 9 Nov 2010 16:10:00 +0100</pubDate>
                <description>&lt;p&gt;&lt;img src=&quot;http://thingiverse-production.s3.amazonaws.com/renders/23/e0/c4/f9/2b/debswagtdose_preview_medium.jpg&quot;&gt;&lt;/p&gt;

&lt;p&gt;3D printing is just great.  I just came across this Debian logo in
3D linked in from
&lt;a href=&quot;http://blog.thingiverse.com/2010/11/09/participatory-branding/&quot;&gt;the
thingiverse blog&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Software updates 2010-10-24</title>
                <link>http://people.skolelinux.org/pere/blog/Software_updates_2010_10_24.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Software_updates_2010_10_24.html</guid>
                <pubDate>Sun, 24 Oct 2010 22:45:00 +0200</pubDate>
                <description>&lt;p&gt;Some updates.&lt;/p&gt;

&lt;p&gt;My &lt;a href=&quot;http://pledgebank.com/gnash-avm2&quot;&gt;gnash pledge&lt;/a&gt; to
raise money for the project is going well.  The lower limit of 10
signers was reached in 24 hours, and so far 13 people have signed it.
More signers and more funding is most welcome, and I am really curious
how far we can get before the time limit of December 24 is reached.
:)&lt;/p&gt;

&lt;p&gt;On the #gnash IRC channel on irc.freenode.net, I was just tipped
about what appear to be a great code coverage tool capable of
generating code coverage stats without any changes to the source code.
It is called
&lt;a href=&quot;http://simonkagstrom.github.com/kcov/index.html&quot;&gt;kcov&lt;/a&gt;,
and can be used using &lt;tt&gt;kcov &amp;lt;directory&amp;gt; &amp;lt;binary&amp;gt;&lt;/tt&gt;.
It is missing in Debian, but the git source built just fine in Squeeze
after I installed libelf-dev, libdwarf-dev, pkg-config and
libglib2.0-dev.  Failed to build in Lenny, but suspect that is
solvable.  I hope kcov make it into Debian soon.&lt;/p&gt;

&lt;p&gt;Finally found time to wrap up the release notes for &lt;a
href=&quot;http://lists.debian.org/debian-edu-announce/2010/10/msg00002.html&quot;&gt;a
new alpha release of Debian Edu&lt;/a&gt;, and just published the second
alpha test release of the Squeeze based Debian Edu /
&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Skolelinux&lt;/a&gt;
release.  Give it a try if you need a complete linux solution for your
school, including central infrastructure server, workstations, thin
client servers and diskless workstations.  A nice touch added
yesterday is RDP support on the thin client servers, for windows
clients to get a Linux desktop on request.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Some notes on Flash in Debian and Debian Edu</title>
                <link>http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html</guid>
                <pubDate>Sat, 4 Sep 2010 10:10:00 +0200</pubDate>
                <description>&lt;p&gt;In the &lt;a href=&quot;http://popcon.debian.org/unknown/by_vote&quot;&gt;Debian
popularity-contest numbers&lt;/a&gt;, the adobe-flashplugin package the
second most popular used package that is missing in Debian.  The sixth
most popular is flashplayer-mozilla.  This is a clear indication that
working flash is important for Debian users.  Around 10 percent of the
users submitting data to popcon.debian.org have this package
installed.&lt;/p&gt;

&lt;p&gt;In the report written by Lars Risan in August 2008
(«&lt;a href=&quot;http://wiki.skolelinux.no/Dokumentasjon/Rapporter?action=AttachFile&amp;do=view&amp;target=Skolelinux_i_bruk_rapport_1.0.pdf&quot;&gt;Skolelinux
i bruk – Rapport for Hurum kommune, Universitetet i Agder og
stiftelsen SLX Debian Labs&lt;/a&gt;»), one of the most important problems
schools experienced with &lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian
Edu/Skolelinux&lt;/a&gt; was the lack of working Flash.  A lot of educational
web sites require Flash to work, and lacking working Flash support in
the web browser and the problems with installing it was perceived as a
good reason to stay with Windows.&lt;/p&gt;

&lt;p&gt;I once saw a funny and sad comment in a web forum, where Linux was
said to be the retarded cousin that did not really understand
everything you told him but could work fairly well.  This was a
comment regarding the problems Linux have with proprietary formats and
non-standard web pages, and is sad because it exposes a fairly common
understanding of whose fault it is if web pages that only work in for
example Internet Explorer 6 fail to work on Firefox, and funny because
it explain very well how annoying it is for users when Linux
distributions do not work with the documents they receive or the web
pages they want to visit.&lt;/p&gt;

&lt;p&gt;This is part of the reason why I believe it is important for Debian
and Debian Edu to have a well working Flash implementation in the
distribution, to get at least popular sites as Youtube and Google
Video to working out of the box.  For Squeeze, Debian have the chance
to include the latest version of Gnash that will make this happen, as
the new release 0.8.8 was published a few weeks ago and is resting in
unstable.  The new version work with more sites that version 0.8.7.
The Gnash maintainers have asked for a freeze exception, but the
release team have not had time to reply to it yet.  I hope they agree
with me that Flash is important for the Debian desktop users, and thus
accept the new package into Squeeze.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Circular package dependencies harms apt recovery</title>
                <link>http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html</guid>
                <pubDate>Tue, 27 Jul 2010 23:50:00 +0200</pubDate>
                <description>&lt;p&gt;I discovered this while doing
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html&quot;&gt;automated
testing of upgrades from Debian Lenny to Squeeze&lt;/a&gt;.  A few packages
in Debian still got circular dependencies, and it is often claimed
that apt and aptitude should be able to handle this just fine, but
some times these dependency loops causes apt to fail.&lt;/p&gt;

&lt;p&gt;An example is from todays
&lt;a href=&quot;http://people.skolelinux.org/~pere/debian-upgrade-testing//test-20100727-lenny-squeeze-kde-aptitude.txt&quot;&gt;upgrade
of KDE using aptitude&lt;/a&gt;.  In it, a bug in kdebase-workspace-data
causes perl-modules to fail to upgrade.  The cause is simple.  If a
package fail to unpack, then only part of packages with the circular
dependency might end up being unpacked when unpacking aborts, and the
ones already unpacked will fail to configure in the recovery phase
because its dependencies are unavailable.&lt;/p&gt;

&lt;p&gt;In this log, the problem manifest itself with this error:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
dpkg: dependency problems prevent configuration of perl-modules:
 perl-modules depends on perl (&gt;= 5.10.1-1); however:
  Version of perl on system is 5.10.0-19lenny2.
dpkg: error processing perl-modules (--configure):
 dependency problems - leaving unconfigured
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The perl/perl-modules circular dependency is already
&lt;a href=&quot;http://bugs.debian.org/527917&quot;&gt;reported as a bug&lt;/a&gt;, and will
hopefully be solved as soon as possible, but it is not the only one,
and each one of these loops in the dependency tree can cause similar
failures.  Of course, they only occur when there are bugs in other
packages causing the unpacking to fail, but it is rather nasty when
the failure of one package causes the problem to become worse because
of dependency loops.&lt;/p&gt;

&lt;p&gt;Thanks to
&lt;a href=&quot;http://lists.debian.org/debian-devel/2010/06/msg00116.html&quot;&gt;the
tireless effort by Bill Allombert&lt;/a&gt;, the number of circular
dependencies
&lt;a href=&quot;http://debian.semistable.com/debgraph.out.html&quot;&gt;left in Debian
is dropping&lt;/a&gt;, and perhaps it will reach zero one day. :)&lt;/p&gt;

&lt;p&gt;Todays testing also exposed a bug in
&lt;a href=&quot;http://bugs.debian.org/590605&quot;&gt;update-notifier&lt;/a&gt; and
&lt;a href=&quot;http://bugs.debian.org/590604&quot;&gt;different behaviour&lt;/a&gt; between
apt-get and aptitude, the latter possibly caused by some circular
dependency.  Reported both to BTS to try to get someone to look at
it.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>What are they searching for - PowerDNS and ISC DHCP in LDAP</title>
                <link>http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html</guid>
                <pubDate>Sat, 17 Jul 2010 21:00:00 +0200</pubDate>
                <description>&lt;p&gt;This is a
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html&quot;&gt;followup&lt;/a&gt;
on my
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html&quot;&gt;previous
work&lt;/a&gt; on
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html&quot;&gt;merging
all&lt;/a&gt; the computer related LDAP objects in Debian Edu.&lt;/p&gt;

&lt;p&gt;As a step to try to see if it possible to merge the DNS and DHCP
LDAP objects, I have had a look at how the packages pdns-backend-ldap
and dhcp3-server-ldap in Debian use the LDAP server.  The two
implementations are quite different in how they use LDAP.&lt;/p&gt;

To get this information, I started slapd with debugging enabled and
dumped the debug output to a file to get the LDAP searches performed
on a Debian Edu main-server.  Here is a summary.

&lt;p&gt;&lt;strong&gt;powerdns&lt;/strong&gt;&lt;/p&gt;

&lt;a href=&quot;http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend&quot;&gt;Clues
on how to&lt;/a&gt; set up PowerDNS to use a LDAP backend is available on
the web.

&lt;p&gt;PowerDNS have two modes of operation using LDAP as its backend.
One &quot;strict&quot; mode where the forward and reverse DNS lookups are done
using the same LDAP objects, and a &quot;tree&quot; mode where the forward and
reverse entries are in two different subtrees in LDAP with a structure
based on the DNS names, as in tjener.intern and
2.2.0.10.in-addr.arpa.&lt;/p&gt;

&lt;p&gt;In tree mode, the server is set up to use a LDAP subtree as its
base, and uses a &quot;base&quot; scoped search for the DNS name by adding
&quot;dc=tjener,dc=intern,&quot; to the base with a filter for
&quot;(associateddomain=tjener.intern)&quot; for the forward entry and
&quot;dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,&quot; with a filter for
&quot;(associateddomain=2.2.0.10.in-addr.arpa)&quot; for the reverse entry.  For
forward entries, it is looking for attributes named dnsttl, arecord,
nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
spfrecord and modifytimestamp.  For reverse entries it is looking for
the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
locrecord, srvrecord, naptrrecord and modifytimestamp.  The equivalent
ldapsearch commands could look like this:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
ldapsearch -h ldap \
  -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
  -s base -x &#39;(associateddomain=tjener.intern)&#39; dNSTTL aRecord nSRecord \
  cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
  rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
  nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
  rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp

ldapsearch -h ldap \
  -b dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
  -s base -x &#39;(associateddomain=2.2.0.10.in-addr.arpa)&#39;
  dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
  hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
  srvrecord naptrrecord modifytimestamp
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;In Debian Edu/Lenny, the PowerDNS tree mode is used with
ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
example LDAP objects used there.  In addition to these objects, the
parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
also exist.&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain
objectclass: domainrelatedobject
dc: tjener
arecord: 10.0.2.2
associateddomain: tjener.intern

dn: dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
objectclass: top
objectclass: dnsdomain2
objectclass: domainrelatedobject
dc: 2
ptrrecord: tjener.intern
associateddomain: 2.2.0.10.in-addr.arpa
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;In strict mode, the server behaves differently.  When looking for
forward DNS entries, it is doing a &quot;subtree&quot; scoped search with the
same base as in the tree mode for a object with filter
&quot;(associateddomain=tjener.intern)&quot; and requests the attributes dnsttl,
arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
naptrrecord and modifytimestamp.  For reverse entires it also do a
subtree scoped search but this time the filter is &quot;(arecord=10.0.2.2)&quot;
and the requested attributes are associateddomain, dnsttl and
modifytimestamp.  In short, in strict mode the objects with ptrrecord
go away, and the arecord attribute in the forward object is used
instead.&lt;/p&gt;

&lt;p&gt;The forward and reverse searches can be simulated using ldapsearch
like this:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
  &#39;(associateddomain=tjener.intern)&#39; dNSTTL aRecord nSRecord \
  cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
  rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
  nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
  rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp

ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
  &#39;(arecord=10.0.2.2)&#39; associateddomain dnsttl modifytimestamp
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;In addition to the forward and reverse searches , there is also a
search for SOA records, which behave similar to the forward and
reverse lookups.&lt;/p&gt;

&lt;p&gt;A thing to note with the PowerDNS behaviour is that it do not
specify any objectclass names, and instead look for the attributes it
need to generate a DNS reply.  This make it able to work with any
objectclass that provide the needed attributes.&lt;/p&gt;

&lt;p&gt;The attributes are normally provided in the cosine (RFC 1274) and
dnsdomain2 schemas.  The latter is used for reverse entries like
ptrrecord and recent DNS additions like aaaarecord and srvrecord.&lt;/p&gt;

&lt;p&gt;In Debian Edu, we have created DNS objects using the object classes
dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
attributes) and domainrelatedobject (for associatedDomain).  The use
of structural object classes make it impossible to combine these
classes with the object classes used by DHCP.&lt;/p&gt;

&lt;p&gt;There are other schemas that could be used too, for example the
dnszone structural object class used by Gosa and bind-sdb for the DNS
attributes combined with the domainrelatedobject object class, but in
this case some unused attributes would have to be included as well
(zonename and relativedomainname).&lt;/p&gt;

&lt;p&gt;My proposal for Debian Edu would be to switch PowerDNS to strict
mode and not use any of the existing objectclasses (dnsdomain,
dnsdomain2 and dnszone) when one want to combine the DNS information
with DHCP information, and instead create a auxiliary object class
defined something like this (using the attributes defined for
dnsdomain and dnsdomain2 or dnszone):&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
objectclass ( some-oid NAME &#39;dnsDomainAux&#39;
    SUP top
    AUXILIARY
    MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
          DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
          TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
          NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
          A6Record $ DNAMERecord
    ))
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;This will allow any object to become a DNS entry when combined with
the domainrelatedobject object class, and allow any entity to include
all the attributes PowerDNS wants.  I&#39;ve sent an email to the PowerDNS
developers asking for their view on this schema and if they are
interested in providing such schema with PowerDNS, and I hope my
message will be accepted into their mailing list soon.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;ISC dhcp&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The DHCP server searches for specific objectclass and requests all
the object attributes, and then uses the attributes it want.  This
make it harder to figure out exactly what attributes are used, but
thanks to the working example in Debian Edu I can at least get an idea
what is needed without having to read the source code.&lt;/p&gt;

&lt;p&gt;In the DHCP server configuration, the LDAP base to use and the
search filter to use to locate the correct dhcpServer entity is
stored.  These are the relevant entries from
/etc/dhcp3/dhcpd.conf:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
ldap-base-dn &quot;dc=skole,dc=skolelinux,dc=no&quot;;
ldap-dhcp-server-cn &quot;dhcp&quot;;
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The DHCP server uses this information to nest all the DHCP
configuration it need.  The cn &quot;dhcp&quot; is located using the given LDAP
base and the filter &quot;(&amp;(objectClass=dhcpServer)(cn=dhcp))&quot;.  The
search result is this entry:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
cn: dhcp
objectClass: top
objectClass: dhcpServer
dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The content of the dhcpServiceDN attribute is next used to locate the
subtree with DHCP configuration.  The DHCP configuration subtree base
is located using a base scope search with base &quot;cn=DHCP
Config,dc=skole,dc=skolelinux,dc=no&quot; and filter
&quot;(&amp;(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))&quot;.
The search result is this entry:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
cn: DHCP Config
objectClass: top
objectClass: dhcpService
objectClass: dhcpOptions
dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
dhcpStatements: ddns-update-style none
dhcpStatements: authoritative
dhcpOption: smtp-server code 69 = array of ip-address
dhcpOption: www-server code 72 = array of ip-address
dhcpOption: wpad-url code 252 = text
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;Next, the entire subtree is processed, one level at the time.  When
all the DHCP configuration is loaded, it is ready to receive requests.
The subtree in Debian Edu contain objects with object classes
top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
top/dhcpSubnet, top/dhcpGroup and top/dhcpHost.  These provide options
and information about netmasks, dynamic range etc.  Leaving out the
details here because it is not relevant for the focus of my
investigation, which is to see if it is possible to merge dns and dhcp
related computer objects.&lt;/p&gt;

&lt;p&gt;When a DHCP request come in, LDAP is searched for the MAC address
of the client (00:00:00:00:00:00 in this example), using a subtree
scoped search with &quot;cn=DHCP Config,dc=skole,dc=skolelinux,dc=no&quot; as
the base and &quot;(&amp;(objectClass=dhcpHost)(dhcpHWAddress=ethernet
00:00:00:00:00:00))&quot; as the filter.  This is what a host object look
like:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
cn: hostname
objectClass: top
objectClass: dhcpHost
dhcpHWAddress: ethernet 00:00:00:00:00:00
dhcpStatements: fixed-address hostname
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;There is less flexiblity in the way LDAP searches are done here.
The object classes need to have fixed names, and the configuration
need to be stored in a fairly specific LDAP structure.  On the
positive side, the invidiual dhcpHost entires can be anywhere without
the DN pointed to by the dhcpServer entries.  The latter should make
it possible to group all host entries in a subtree next to the
configuration entries, and this subtree can also be shared with the
DNS server if the schema proposed above is combined with the dhcpHost
structural object class.

&lt;p&gt;&lt;strong&gt;Conclusion&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;The PowerDNS implementation seem to be very flexible when it come
to which LDAP schemas to use.  While its &quot;tree&quot; mode is rigid when it
come to the the LDAP structure, the &quot;strict&quot; mode is very flexible,
allowing DNS objects to be stored anywhere under the base cn specified
in the configuration.&lt;/p&gt;

&lt;p&gt;The DHCP implementation on the other hand is very inflexible, both
regarding which LDAP schemas to use and which LDAP structure to use.
I guess one could implement ones own schema, as long as the
objectclasses and attributes have the names used, but this do not
really help when the DHCP subtree need to have a fairly fixed
structure.&lt;/p&gt;

&lt;p&gt;Based on the observed behaviour, I suspect a LDAP structure like
this might work for Debian Edu:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
ou=services
  cn=machine-info (dhcpService) - dhcpServiceDN points here
    cn=dhcp (dhcpServer)
    cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
      cn=10.0.2.0 (dhcpSubnet)
        cn=group1 (dhcpGroup/dhcpOptions)
    cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
      cn=192.168.0.0 (dhcpSubnet)
        cn=group1 (dhcpGroup/dhcpOptions)
    ou=machines - PowerDNS base points here
      cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;P&gt;This is not tested yet.  If the DHCP server require the dhcpHost
entries to be in the dhcpGroup subtrees, the entries can be stored
there instead of a common machines subtree, and the PowerDNS base
would have to be moved one level up to the machine-info subtree.&lt;/p&gt;

&lt;p&gt;The combined object under the machines subtree would look something
like this:&lt;/p&gt;
    
&lt;blockquote&gt;&lt;pre&gt;
dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
dc: hostname
objectClass: top
objectClass: dhcpHost
objectclass: domainrelatedobject
objectclass: dnsDomainAux
associateddomain: hostname.intern
arecord: 10.11.12.13
dhcpHWAddress: ethernet 00:00:00:00:00:00
dhcpStatements: fixed-address hostname.intern
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;/p&gt;One could even add the LTSP configuration associated with a given
machine, as long as the required attributes are available in a
auxiliary object class.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Combining PowerDNS and ISC DHCP LDAP objects</title>
                <link>http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html</guid>
                <pubDate>Wed, 14 Jul 2010 23:45:00 +0200</pubDate>
                <description>&lt;p&gt;For a while now, I have wanted to find a way to change the DNS and
DHCP services in Debian Edu to use the same LDAP objects for a given
computer, to avoid the possibility of having a inconsistent state for
a computer in LDAP (as in DHCP but no DNS entry or the other way
around) and make it easier to add computers to LDAP.&lt;/p&gt;

&lt;p&gt;I&#39;ve looked at how powerdns and dhcpd is using LDAP, and using this
information finally found a solution that seem to work.&lt;/p&gt;

&lt;p&gt;The old setup required three LDAP objects for a given computer.
One forward DNS entry, one reverse DNS entry and one DHCP entry.  If
we switch powerdns to use its strict LDAP method (ldap-method=strict
in pdns-debian-edu.conf), the forward and reverse DNS entries are
merged into one while making it impossible to transfer the reverse map
to a slave DNS server.&lt;/p&gt;

&lt;p&gt;If we also replace the object class used to get the DNS related
attributes to one allowing these attributes to be combined with the
dhcphost object class, we can merge the DNS and DHCP entries into one.
I&#39;ve written such object class in the dnsdomainaux.schema file (need
proper OIDs, but that is a minor issue), and tested the setup.  It
seem to work.&lt;/p&gt;

&lt;p&gt;With this test setup in place, we can get away with one LDAP object
for both DNS and DHCP, and even the LTSP configuration I suggested in
an earlier email.  The combined LDAP object will look something like
this:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
  dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
  cn: hostname
  objectClass: dhcphost
  objectclass: domainrelatedobject
  objectclass: dnsdomainaux
  associateddomain: hostname.intern
  arecord: 10.11.12.13
  dhcphwaddress: ethernet 00:00:00:00:00:00
  dhcpstatements: fixed-address hostname
  ldapconfigsound: Y
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The DNS server uses the associateddomain and arecord entries, while
the DHCP server uses the dhcphwaddress and dhcpstatements entries
before asking DNS to resolve the fixed-adddress.  LTSP will use
dhcphwaddress or associateddomain and the ldapconfig* attributes.&lt;/p&gt;

&lt;p&gt;I am not yet sure if I can get the DHCP server to look for its
dhcphost in a different location, to allow us to put the objects
outside the &quot;DHCP Config&quot; subtree, but hope to figure out a way to do
that.  If I can&#39;t figure out a way to do that, we can still get rid of
the hosts subtree and move all its content into the DHCP Config tree
(which probably should be renamed to be more related to the new
content.  I suspect cn=dnsdhcp,ou=services or something like that
might be a good place to put it.&lt;/p&gt;

&lt;p&gt;If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Idea for storing LTSP configuration in LDAP</title>
                <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</guid>
                <pubDate>Sun, 11 Jul 2010 22:00:00 +0200</pubDate>
                <description>&lt;p&gt;Vagrant mentioned on IRC today that ltsp_config now support
sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
clients, and that this can be used to fetch configuration from LDAP if
Debian Edu choose to store configuration there.&lt;/p&gt;

&lt;p&gt;Armed with this information, I got inspired and wrote a test module
to get configuration from LDAP.  The idea is to look up the MAC
address of the client in LDAP, and look for attributes on the form
ltspconfigsetting=value, and use this to export SETTING=value to the
LTSP clients.&lt;/p&gt;

&lt;p&gt;The goal is to be able to store the LTSP configuration attributes
in a &quot;computer&quot; LDAP object used by both DNS and DHCP, and thus
allowing us to store all information about a computer in one place.&lt;/p&gt;

&lt;p&gt;This is a untested draft implementation, and I welcome feedback on
this approach.  A real LDAP schema for the ltspClientAux objectclass
need to be written.  Comments, suggestions, etc?&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
#
# Fetch LTSP client settings from LDAP based on MAC address
#
# Uses ethernet address as stored in the dhcpHost objectclass using
# the dhcpHWAddress attribute or ethernet address stored in the
# ieee802Device objectclass with the macAddress attribute.
#
# This module is written to be schema agnostic, and only depend on the
# existence of attribute names.
#
# The LTSP configuration variables are saved directly using a
# ltspConfig prefix and uppercasing the rest of the attribute name.
# To set the SERVER variable, set the ltspConfigServer attribute.
#
# Some LDAP schema should be created with all the relevant
# configuration settings.  Something like this should work:
# 
# objectclass ( 1.1.2.2 NAME &#39;ltspClientAux&#39;
#     SUP top
#     AUXILIARY
#     MAY ( ltspConfigServer $ ltsConfigSound $ ... )

LDAPSERVER=$(debian-edu-ldapserver)
if [ &quot;$LDAPSERVER&quot; ] ; then
    LDAPBASE=$(debian-edu-ldapserver -b)
    for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk &#39;{print $5}&#39;|sort -u) ; do
        filter=&quot;(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))&quot;
        ldapsearch -h &quot;$LDAPSERVER&quot; -b &quot;$LDAPBASE&quot; -v -x &quot;$filter&quot; | \
            grep &#39;^ltspConfig&#39; | while read attr value ; do
            # Remove prefix and convert to upper case
            attr=$(echo $attr | sed &#39;s/^ltspConfig//i&#39; | tr a-z A-Z)
            # bass value on to clients
            eval &quot;$attr=$value; export $attr&quot;
        done
    done
fi
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;I&#39;m not sure this shell construction will work, because I suspect
the while block might end up in a subshell causing the variables set
there to not show up in ltsp-config, but if that is the case I am sure
the code can be restructured to make sure the variables are passed on.
I expect that can be solved with some testing. :)&lt;/p&gt;

&lt;p&gt;If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.&lt;/p&gt;

&lt;p&gt;Update 2010-07-17: I am aware of another effort to store LTSP
configuration in LDAP that was created around year 2000 by
&lt;a href=&quot;http://www.pcxperience.com/thinclient/documentation/ldap.html&quot;&gt;PC
Xperience, Inc., 2000&lt;/a&gt;.  I found its
&lt;a href=&quot;http://people.redhat.com/alikins/ltsp/ldap/&quot;&gt;files&lt;/a&gt; on a
personal home page over at redhat.com.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>jXplorer, a very nice LDAP GUI</title>
                <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</guid>
                <pubDate>Fri, 9 Jul 2010 12:55:00 +0200</pubDate>
                <description>&lt;p&gt;Since
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html&quot;&gt;my
last post&lt;/a&gt; about available LDAP tools in Debian, I was told about a
LDAP GUI that is even better than luma.  The java application
&lt;a href=&quot;http://jxplorer.org/&quot;&gt;jXplorer&lt;/a&gt; is claimed to be capable of
moving LDAP objects and subtrees using drag-and-drop, and can
authenticate using Kerberos.  I have only tested the Kerberos
authentication, but do not have a LDAP setup allowing me to rewrite
LDAP with my test user yet.  It is
&lt;a href=&quot;http://packages.qa.debian.org/j/jxplorer.html&quot;&gt;available in
Debian&lt;/a&gt; testing and unstable at the moment.  The only problem I
have with it is how it handle errors.  If something go wrong, its
non-intuitive behaviour require me to go through some query work list
and remove the failing query.  Nothing big, but very annoying.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Lenny-&gt;Squeeze upgrades, apt vs aptitude with the Gnome desktop</title>
                <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</guid>
                <pubDate>Sat, 3 Jul 2010 23:55:00 +0200</pubDate>
                <description>&lt;p&gt;Here is a short update on my &lt;a
href=&quot;http://people.skolelinux.org/~pere/debian-upgrade-testing/&quot;&gt;my
Debian Lenny-&gt;Squeeze upgrade testing&lt;/a&gt;.  Here is a summary of the
difference for Gnome when it is upgraded by apt-get and aptitude.  I&#39;m
not reporting the status for KDE, because the upgrade crashes when
aptitude try because of missing conflicts
(&lt;a href=&quot;http://bugs.debian.org/584861&quot;&gt;#584861&lt;/a&gt; and
&lt;a href=&quot;http://bugs.debian.org/585716&quot;&gt;#585716&lt;/a&gt;).&lt;/p&gt;

&lt;p&gt;At the end of the upgrade test script, dpkg -l is executed to get a
complete list of the installed packages.  Based on this I see these
differences when I did a test run today.  As usual, I do not really
know what the correct set of packages would be, but thought it best to
publish the difference.&lt;/p&gt;

&lt;p&gt;Installed using apt-get, missing with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
  libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
  libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
  libgtksourceview-common libpt-1.10.10-plugins-alsa
  libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
  libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
  python-4suite-xml python-eggtrayicon python-gtkhtml2
  python-gtkmozembed svgalibg1 xserver-xephyr zip
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using apt-get, removed with aptitude&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
  gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
  libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
  libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
  libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
  libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
  libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
  libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
  libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
  libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
  libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
  libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
  libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
  libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
  libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
  libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
  libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
  libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
  libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
  mysql-common swfdec-gnome totem-gstreamer wodim
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, missing with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  gnome gnome-desktop-environment hamster-applet python-gnomeapplet
  python-gnomekeyring python-wnck rhythmbox-plugins xorg
  xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-video-all
  xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
  xserver-xorg-video-chips xserver-xorg-video-cirrus
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nouveau xserver-xorg-video-nv
  xserver-xorg-video-r128 xserver-xorg-video-radeon
  xserver-xorg-video-radeonhd xserver-xorg-video-rendition
  xserver-xorg-video-s3 xserver-xorg-video-s3virge
  xserver-xorg-video-savage xserver-xorg-video-siliconmotion
  xserver-xorg-video-sis xserver-xorg-video-sisusb
  xserver-xorg-video-tdfx xserver-xorg-video-tga
  xserver-xorg-video-trident xserver-xorg-video-tseng
  xserver-xorg-video-vesa xserver-xorg-video-vmware
  xserver-xorg-video-voodoo
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;Installed using aptitude, removed with apt-get&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;
  deskbar-applet xserver-xorg xserver-xorg-core
  xserver-xorg-input-wacom xserver-xorg-video-intel
  xserver-xorg-video-openchrome
&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;I was told on IRC that the xorg-xserver package was
&lt;a href=&quot;http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120&quot;&gt;changed
in git&lt;/a&gt; today to try to get apt-get to not remove xorg completely.
No idea when it hits Squeeze, but when it does I hope it will reduce
the difference somewhat.
</description>
        </item>
        
        <item>
                <title>LUMA, a very nice LDAP GUI</title>
                <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</guid>
                <pubDate>Mon, 28 Jun 2010 00:30:00 +0200</pubDate>
                <description>&lt;p&gt;The last few days I have been looking into the status of the LDAP
directory in Debian Edu, and in the process I started to miss a GUI
tool to browse the LDAP tree.  The only one I was able to find in
Debian/Squeeze and Lenny is
&lt;a href=&quot;http://luma.sourceforge.net/&quot;&gt;LUMA&lt;/a&gt;, which has proved to
be a great tool to get a overview of the current LDAP directory
populated by default in Skolelinux.  Thanks to it, I have been able to
find empty and obsolete subtrees, misplaced objects and duplicate
objects.  It will be installed by default in Debian/Squeeze.  If you
are working with LDAP, give it a go. :)&lt;/p&gt;

&lt;p&gt;I did notice one problem with it I have not had time to report to
the BTS yet.  There is no .desktop file in the package, so the tool do
not show up in the Gnome and KDE menus, but only deep down in in the
Debian submenu in KDE.  I hope that can be fixed before Squeeze is
released.&lt;/p&gt;

&lt;p&gt;I have not yet been able to get it to modify the tree yet.  I would
like to move objects and remove subtrees directly in the GUI, but have
not found a way to do that with LUMA yet.  So in the mean time, I use
&lt;a href=&quot;http://www.lichteblau.com/ldapvi/&quot;&gt;ldapvi&lt;/a&gt; for that.&lt;/p&gt;

&lt;p&gt;If you have tips on other GUI tools for LDAP that might be useful
in Debian Edu, please contact us on debian-edu@lists.debian.org.&lt;/p&gt;

&lt;p&gt;Update 2010-06-29: Ross Reedstrom tipped us about the
&lt;a href=&quot;http://packages.qa.debian.org/g/gq.html&quot;&gt;gq&lt;/a&gt; package as a
useful GUI alternative.  It seem like a good tool, but is unmaintained
in Debian and got a RC bug keeping it out of Squeeze.  Unless that
changes, it will not be an option for Debian Edu based on Squeeze.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</title>
                <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</guid>
                <pubDate>Thu, 24 Jun 2010 00:35:00 +0200</pubDate>
                <description>&lt;p&gt;A while back, I
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html&quot;&gt;complained
about the fact&lt;/a&gt; that it is not possible with the provided schemas
for storing DNS and DHCP information in LDAP to combine the two sets
of information into one LDAP object representing a computer.&lt;/p&gt;

&lt;p&gt;In the mean time, I discovered that a simple fix would be to make
the dhcpHost object class auxiliary, to allow it to be combined with
the dNSDomain object class, and thus forming one object for one
computer when storing both DHCP and DNS information in LDAP.&lt;/p&gt;

&lt;p&gt;If I understand this correctly, it is not safe to do this change
without also changing the assigned number for the object class, and I
do not know enough about LDAP schema design to do that properly for
Debian Edu.&lt;/p&gt;

&lt;p&gt;Anyway, for future reference, this is how I believe we could change
the
&lt;a href=&quot;http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00&quot;&gt;DHCP
schema&lt;/a&gt; to solve at least part of the problem with the LDAP schemas
available today from IETF.&lt;/p&gt;

&lt;pre&gt;
--- dhcp.schema    (revision 65192)
+++ dhcp.schema    (working copy)
@@ -376,7 +376,7 @@
 objectclass ( 2.16.840.1.113719.1.203.6.6
        NAME &#39;dhcpHost&#39;
        DESC &#39;This represents information about a particular client&#39;
-       SUP top
+       SUP top AUXILIARY
        MUST cn
        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
        X-NDS_CONTAINMENT (&#39;dhcpService&#39; &#39;dhcpSubnet&#39; &#39;dhcpGroup&#39;) )
&lt;/pre&gt;

&lt;p&gt;I very much welcome clues on how to do this properly for Debian
Edu/Squeeze.  We provide the DHCP schema in our debian-edu-config
package, and should thus be free to rewrite it as we see fit.&lt;/p&gt;

&lt;p&gt;If you want to help out with implementing this for Debian Edu,
please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Calling tasksel like the installer, while still getting useful output</title>
                <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</guid>
                <pubDate>Wed, 16 Jun 2010 14:55:00 +0200</pubDate>
                <description>&lt;p&gt;A few times I have had the need to simulate the way tasksel
installs packages during the normal debian-installer run.  Until now,
I have ended up letting tasksel do the work, with the annoying problem
of not getting any feedback at all when something fails (like a
conffile question from dpkg or a download that fails), using code like
this:

&lt;blockquote&gt;&lt;pre&gt;
export DEBIAN_FRONTEND=noninteractive
tasksel --new-install
&lt;/pre&gt;&lt;/blockquote&gt;

This would invoke tasksel, let its automatic task selection pick the
tasks to install, and continue to install the requested tasks without
any output what so ever.

Recently I revisited this problem while working on the automatic
package upgrade testing, because tasksel would some times hang without
any useful feedback, and I want to see what is going on when it
happen.  Then it occured to me, I can parse the output from tasksel
when asked to run in test mode, and use that aptitude command line
printed by tasksel then to simulate the tasksel run.  I ended up using
code like this:

&lt;blockquote&gt;&lt;pre&gt;
export DEBIAN_FRONTEND=noninteractive
cmd=&quot;$(in_target tasksel -t --new-install | sed &#39;s/debconf-apt-progress -- //&#39;)&quot;
$cmd
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The content of $cmd is typically something like &quot;&lt;tt&gt;aptitude -q
--without-recommends -o APT::Install-Recommends=no -y install
~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
~pimportant&lt;/tt&gt;&quot;, which will install the gnome desktop task, the
laptop task and all packages with priority standard , required and
important, just like tasksel would have done it during
installation.&lt;/p&gt;

&lt;p&gt;A better approach is probably to extend tasksel to be able to
install packages without using debconf-apt-progress, for use cases
like this.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Lenny-&gt;Squeeze upgrades, removals by apt and aptitude</title>
                <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__removals_by_apt_and_aptitude.html</guid>
                <pubDate>Sun, 13 Jun 2010 09:05:00 +0200</pubDate>
                <description>&lt;p&gt;My
&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html&quot;&gt;testing
of Debian upgrades&lt;/a&gt; from Lenny to Squeeze continues, and I&#39;ve
finally made the upgrade logs available from
&lt;a href=&quot;http://people.skolelinux.org/pere/debian-upgrade-testing/&quot;&gt;http://people.skolelinux.org/pere/debian-upgrade-testing/&lt;/a&gt;.
I am now testing dist-upgrade of Gnome and KDE in a chroot using both
apt and aptitude, and found their differences interesting.  This time
I will only focus on their removal plans.&lt;/p&gt;

&lt;p&gt;After installing a Gnome desktop and the laptop task, apt-get wants
to remove 72 packages when dist-upgrading from Lenny to Squeeze.  The
surprising part is that it want to remove xorg and all
xserver-xorg-video* drivers.  Clearly not a good choice, but I am not
sure why.  When asking aptitude to do the same, it want to remove 129
packages, but most of them are library packages I suspect are no
longer needed.  Both of them want to remove bluetooth packages, which
I do not know.  Perhaps these bluetooth packages are obsolete?&lt;/p&gt;

&lt;p&gt;For KDE, apt-get want to remove 82 packages, among them kdebase
which seem like a bad idea and xorg the same way as with Gnome. Asking
aptitude for the same, it wants to remove 192 packages, none which are
too surprising.&lt;/p&gt;

&lt;p&gt;I guess the removal of xorg during upgrades should be investigated
and avoided, and perhaps others as well.  Here are the complete list
of planned removals.  The complete logs is available from the URL
above.  Note if you want to repeat these tests, that the upgrade test
for kde+apt-get hung in the tasksel setup because of dpkg asking
conffile questions.  No idea why.  I worked around it by using
&#39;&lt;tt&gt;echo &gt;&gt; /proc/&lt;em&gt;pidofdpkg&lt;/em&gt;/fd/0&lt;/tt&gt;&#39; to tell dpkg to
continue.&lt;/p&gt;

&lt;p&gt;&lt;b&gt;apt-get gnome 72&lt;/b&gt;
&lt;br&gt;bluez-gnome cupsddk-drivers deskbar-applet gnome
  gnome-desktop-environment gnome-network-admin gtkhtml3.14
  iceweasel-gnome-support libavcodec51 libdatrie0 libgdl-1-0
  libgnomekbd2 libgnomekbdui2 libmetacity0 libslab0 libxcb-xlib0
  nautilus-cd-burner python-gnome2-desktop python-gnome2-extras
  serpentine swfdec-mozilla update-manager xorg xserver-xorg
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-input-wacom
  xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
  xserver-xorg-video-ati xserver-xorg-video-chips
  xserver-xorg-video-cirrus xserver-xorg-video-cyrix
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-imstt
  xserver-xorg-video-intel xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nsc xserver-xorg-video-nv
  xserver-xorg-video-openchrome xserver-xorg-video-r128
  xserver-xorg-video-radeon xserver-xorg-video-radeonhd
  xserver-xorg-video-rendition xserver-xorg-video-s3
  xserver-xorg-video-s3virge xserver-xorg-video-savage
  xserver-xorg-video-siliconmotion xserver-xorg-video-sis
  xserver-xorg-video-sisusb xserver-xorg-video-tdfx
  xserver-xorg-video-tga xserver-xorg-video-trident
  xserver-xorg-video-tseng xserver-xorg-video-v4l
  xserver-xorg-video-vesa xserver-xorg-video-vga
  xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9
  xulrunner-1.9-gnome-support&lt;/p&gt;

&lt;p&gt;&lt;b&gt;aptitude gnome 129&lt;/b&gt;

&lt;br&gt;bluez-gnome bluez-utils cpp-4.3 cupsddk-drivers dhcdbd
  djvulibre-desktop finger gnome-app-install gnome-mount
  gnome-network-admin gnome-spell gnome-vfs-obexftp
  gnome-volume-manager gstreamer0.10-gnomevfs gtkhtml3.14 libao2
  libavahi-compat-libdnssd1 libavahi-core5 libavcodec51 libbluetooth2
  libcamel1.2-11 libcdio7 libcucul0 libcupsys2 libcurl3 libdatrie0
  libdirectfb-1.0-0 libdvdread3 libedataserver1.2-9 libeel2-2.20
  libeel2-data libepc-1.0-1 libepc-ui-1.0-1 libfaad0 libgail-common
  libgd2-noxpm libgda3-3 libgda3-common libgdl-1-0 libgdl-1-common
  libggz2 libggzcore9 libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0
  libgnomecups1.0-1 libgnomekbd2 libgnomekbdui2 libgnomeprint2.2-0
  libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common
  libgnomevfs2-bin libgpod3 libgraphviz4 libgtkhtml2-0
  libgtksourceview-common libgtksourceview1.0-0 libgucharmap6
  libhesiod0 libicu38 libiw29 libkpathsea4 libltdl3 libmagick++10
  libmagick10 libmalaga7 libmetacity0 libmtp7 libmysqlclient15off
  libnautilus-burn4 libneon27 libnm-glib0 libnm-util0 libopal-2.2
  libosp5 libparted1.8-10 libpoppler-glib3 libpoppler3 libpt-1.10.10
  libpt-1.10.10-plugins-alsa libpt-1.10.10-plugins-v4l libraw1394-8
  libsensors3 libslab0 libsmbios2 libsoup2.2-8 libssh2-1
  libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1 libtotem-plparser10
  libtrackerclient0 libxalan2-java libxalan2-java-gcj libxcb-xlib0
  libxerces2-java libxerces2-java-gcj libxklavier12 libxtrap6
  libxxf86misc1 libzephyr3 mysql-common nautilus-cd-burner
  openoffice.org-writer2latex openssl-blacklist p7zip
  python-4suite-xml python-eggtrayicon python-gnome2-desktop
  python-gnome2-extras python-gtkhtml2 python-gtkmozembed
  python-numeric python-sexy serpentine svgalibg1 swfdec-gnome
  swfdec-mozilla totem-gstreamer update-manager wodim
  xserver-xorg-video-cyrix xserver-xorg-video-imstt
  xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
  zip&lt;/p&gt;

&lt;p&gt;&lt;b&gt;apt-get kde 82&lt;/b&gt;

&lt;br&gt;cupsddk-drivers karm kaudiocreator kcoloredit kcontrol kde kde-core
  kdeaddons kdeartwork kdebase kdebase-bin kdebase-bin-kde3
  kdebase-kio-plugins kdesktop kdeutils khelpcenter kicker
  kicker-applets knewsticker kolourpaint konq-plugins konqueror korn
  kpersonalizer kscreensaver ksplash libavcodec51 libdatrie0 libkiten1
  libxcb-xlib0 quanta superkaramba texlive-base-bin xorg xserver-xorg
  xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
  xserver-xorg-input-kbd xserver-xorg-input-mouse
  xserver-xorg-input-synaptics xserver-xorg-input-wacom
  xserver-xorg-video-all xserver-xorg-video-apm xserver-xorg-video-ark
  xserver-xorg-video-ati xserver-xorg-video-chips
  xserver-xorg-video-cirrus xserver-xorg-video-cyrix
  xserver-xorg-video-dummy xserver-xorg-video-fbdev
  xserver-xorg-video-glint xserver-xorg-video-i128
  xserver-xorg-video-i740 xserver-xorg-video-imstt
  xserver-xorg-video-intel xserver-xorg-video-mach64
  xserver-xorg-video-mga xserver-xorg-video-neomagic
  xserver-xorg-video-nsc xserver-xorg-video-nv
  xserver-xorg-video-openchrome xserver-xorg-video-r128
  xserver-xorg-video-radeon xserver-xorg-video-radeonhd
  xserver-xorg-video-rendition xserver-xorg-video-s3
  xserver-xorg-video-s3virge xserver-xorg-video-savage
  xserver-xorg-video-siliconmotion xserver-xorg-video-sis
  xserver-xorg-video-sisusb xserver-xorg-video-tdfx
  xserver-xorg-video-tga xserver-xorg-video-trident
  xserver-xorg-video-tseng xserver-xorg-video-v4l
  xserver-xorg-video-vesa xserver-xorg-video-vga
  xserver-xorg-video-vmware xserver-xorg-video-voodoo xulrunner-1.9&lt;/p&gt;

&lt;p&gt;&lt;b&gt;aptitude kde 192&lt;/b&gt;
&lt;br&gt;bluez-utils cpp-4.3 cupsddk-drivers cvs dcoprss dhcdbd
  djvulibre-desktop dosfstools eyesapplet fifteenapplet finger gettext
  ghostscript-x imlib-base imlib11 indi kandy karm kasteroids
  kaudiocreator kbackgammon kbstate kcoloredit kcontrol kcron kdat
  kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
  kdebase-bin-kde3 kdebase-kio-plugins kdeedu-data
  kdegraphics-kfile-plugins kdelirc kdemultimedia-kappfinder-data
  kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
  kdepim-kfile-plugins kdepim-kio-plugins kdeprint kdesktop kdessh
  kdict kdnssd kdvi kedit keduca kenolaba kfax kfaxview kfouleggs
  kghostview khelpcenter khexedit kiconedit kitchensync klatin
  klickety kmailcvt kmenuedit kmid kmilo kmoon kmrml kodo kolourpaint
  kooka korn kpager kpdf kpercentage kpf kpilot kpoker kpovmodeler
  krec kregexpeditor ksayit ksim ksirc ksirtet ksmiletris ksmserver
  ksnake ksokoban ksplash ksvg ksysv ktip ktnef kuickshow kverbos
  kview kviewshell kvoctrain kwifimanager kwin kwin4 kworldclock
  kxsldbg libakode2 libao2 libarts1-akode libarts1-audiofile
  libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
  libavahi-core5 libavc1394-0 libavcodec51 libbluetooth2
  libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0 libdatrie0
  libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
  libgail-common libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0
  libicu38 libiec61883-0 libindex0 libiw29 libk3b3 libkcal2b libkcddb1
  libkdeedu3 libkdepim1a libkgantt0 libkiten1 libkleopatra1 libkmime2
  libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
  libksieve0 libktnef1 liblockdev1 libltdl3 libmagick10 libmimelib1c2a
  libmozjs1d libmpcdec3 libneon27 libnm-util0 libopensync0 libpisock9
  libpoppler-glib3 libpoppler-qt2 libpoppler3 libraw1394-8 libsmbios2
  libssh2-1 libsuitesparse-3.1.0 libtalloc1 libtiff-tools
  libxalan2-java libxalan2-java-gcj libxcb-xlib0 libxerces2-java
  libxerces2-java-gcj libxtrap6 mpeglib networkstatus
  openoffice.org-writer2latex pmount poster psutils quanta quanta-data
  superkaramba svgalibg1 tex-common texlive-base texlive-base-bin
  texlive-common texlive-doc-base texlive-fonts-recommended
  xserver-xorg-video-cyrix xserver-xorg-video-imstt
  xserver-xorg-video-nsc xserver-xorg-video-v4l xserver-xorg-video-vga
  xulrunner-1.9&lt;/p&gt;

</description>
        </item>
        
        <item>
                <title>Automatic upgrade testing from Lenny to Squeeze</title>
                <link>http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html</guid>
                <pubDate>Fri, 11 Jun 2010 22:50:00 +0200</pubDate>
                <description>&lt;p&gt;The last few days I have done some upgrade testing in Debian, to
see if the upgrade from Lenny to Squeeze will go smoothly.  A few bugs
have been discovered and reported in the process
(&lt;a href=&quot;http://bugs.debian.org/585410&quot;&gt;#585410&lt;/a&gt; in nagios3-cgi,
&lt;a href=&quot;http://bugs.debian.org/584879&quot;&gt;#584879&lt;/a&gt; already fixed in
enscript and &lt;a href=&quot;http://bugs.debian.org/584861&quot;&gt;#584861&lt;/a&gt; in
kdebase-workspace-data), and to get a more regular testing going on, I
am working on a script to automate the test.&lt;/p&gt;

&lt;p&gt;The idea is to create a Lenny chroot and use tasksel to install a
Gnome or KDE desktop installation inside the chroot before upgrading
it.  To ensure no services are started in the chroot, a policy-rc.d
script is inserted.  To make sure tasksel believe it is to install a
desktop on a laptop, the tasksel tests are replaced in the chroot
(only acceptable because this is a throw-away chroot).&lt;/p&gt;

&lt;p&gt;A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade
currently always fail because udev refuses to upgrade with the kernel
in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade
is created.  The bug report
&lt;a href=&quot;http://bugs.debian.org/566000&quot;&gt;#566000&lt;/a&gt; make me suspect
this problem do not trigger in a chroot, but I touch the file anyway
to make sure the upgrade go well.  Testing on virtual and real
hardware have failed me because of udev so far, and creating this file
do the trick in such settings anyway.  This is a
&lt;a href=&quot;http://www.linuxquestions.org/questions/debian-26/failed-dist-upgrade-due-to-udev-config_sysfs_deprecated-nonsense-804130/&quot;&gt;known
issue&lt;/a&gt; and the current udev behaviour is intended by the udev
maintainer because he lack the resources to rewrite udev to keep
working with old kernels or something like that.  I really wish the
udev upstream would keep udev backwards compatible, to avoid such
upgrade problem, but given that they fail to do so, I guess
documenting the way out of this mess is the best option we got for
Debian Squeeze.&lt;/p&gt;

&lt;p&gt;Anyway, back to the task at hand, testing upgrades.  This test
script, which I call &lt;tt&gt;upgrade-test&lt;/tt&gt; for now, is doing the
trick:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
#!/bin/sh
set -ex

if [ &quot;$1&quot; ] ; then
    desktop=$1
else
    desktop=gnome
fi

from=lenny
to=squeeze

exec &amp;lt; /dev/null
unset LANG
mirror=http://ftp.skolelinux.org/debian
tmpdir=chroot-$from-upgrade-$to-$desktop
fuser -mv .
debootstrap $from $tmpdir $mirror
chroot $tmpdir aptitude update
cat &gt; $tmpdir/usr/sbin/policy-rc.d &amp;lt;&amp;lt;EOF
#!/bin/sh
exit 101
EOF
chmod a+rx $tmpdir/usr/sbin/policy-rc.d
exit_cleanup() {
    umount $tmpdir/proc
}
mount -t proc proc $tmpdir/proc
# Make sure proc is unmounted also on failure
trap exit_cleanup EXIT INT

chroot $tmpdir aptitude -y install debconf-utils

# Make sure tasksel autoselection trigger.  It need the test scripts
# to return the correct answers.
echo tasksel tasksel/desktop multiselect $desktop | \
    chroot $tmpdir debconf-set-selections

# Include the desktop and laptop task
for test in desktop laptop ; do
    echo &gt; $tmpdir/usr/lib/tasksel/tests/$test &amp;lt;&amp;lt;EOF
#!/bin/sh
exit 2
EOF
    chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
done

DEBIAN_FRONTEND=noninteractive
DEBIAN_PRIORITY=critical
export DEBIAN_FRONTEND DEBIAN_PRIORITY
chroot $tmpdir tasksel --new-install

echo deb $mirror $to main &gt; $tmpdir/etc/apt/sources.list
chroot $tmpdir aptitude update
touch $tmpdir/etc/udev/kernel-upgrade
chroot $tmpdir aptitude -y dist-upgrade
fuser -mv
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;I suspect it would be useful to test upgrades with both apt-get and
with aptitude, but I have not had time to look at how they behave
differently so far.  I hope to get a cron job running to do the test
regularly and post the result on the web.  The Gnome upgrade currently
work, while the KDE upgrade fail because of the bug in
kdebase-workspace-data&lt;/p&gt;

&lt;p&gt;I am not quite sure what kind of extract from the huge upgrade logs
(KDE 167 KiB, Gnome 516 KiB) it make sense to include in this blog
post, so I will refrain from trying.  I can report that for Gnome,
aptitude report 760 packages upgraded, 448 newly installed, 129 to
remove and 1 not upgraded and 1024MB need to be downloaded while for
KDE the same numbers are 702 packages upgraded, 507 newly installed,
193 to remove and 0 not upgraded and 1117MB need to be downloaded&lt;/p&gt;

&lt;p&gt;I am very happy to notice that the Gnome desktop + laptop upgrade
is able to migrate to dependency based boot sequencing and parallel
booting without a hitch.  Was unsure if there were still bugs with
packages failing to clean up their obsolete init.d script during
upgrades, and no such problem seem to affect the Gnome desktop+laptop
packages.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Upstart or sysvinit - as init.d scripts see it</title>
                <link>http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html</guid>
                <pubDate>Sun, 6 Jun 2010 23:55:00 +0200</pubDate>
                <description>&lt;p&gt;If Debian is to migrate to upstart on Linux, I expect some init.d
scripts to migrate (some of) their operations to upstart job while
keeping the init.d for hurd and kfreebsd.  The packages with such
needs will need a way to get their init.d scripts to behave
differently when used with sysvinit and with upstart.  Because of
this, I had a look at the environment variables set when a init.d
script is running under upstart, and when it is not.&lt;/p&gt;

&lt;p&gt;With upstart, I notice these environment variables are set when a
script is started from rcS.d/ (ignoring some irrelevant ones like
COLUMNS):&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
DEFAULT_RUNLEVEL=2
previous=N
PREVLEVEL=
RUNLEVEL=
runlevel=S
UPSTART_EVENTS=startup
UPSTART_INSTANCE=
UPSTART_JOB=rc-sysinit
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;With sysvinit, these environment variables are set for the same
script.&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
INIT_VERSION=sysvinit-2.88
previous=N
PREVLEVEL=N
RUNLEVEL=S
runlevel=S
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The RUNLEVEL and PREVLEVEL environment variables passed on from
sysvinit are not set by upstart.  Not sure if it is intentional or not
to not be compatible with sysvinit in this regard.&lt;/p&gt;

&lt;p&gt;For scripts needing to behave differently when upstart is used,
looking for the UPSTART_JOB environment variable seem to be a good
choice.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>A manual for standards wars...</title>
                <link>http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html</guid>
                <pubDate>Sun, 6 Jun 2010 14:15:00 +0200</pubDate>
                <description>&lt;p&gt;Via the
&lt;a href=&quot;http://feedproxy.google.com/~r/robweir/antic-atom/~3/QzU4RgoAGMg/weekly-links-10.html&quot;&gt;blog
of Rob Weir&lt;/a&gt; I came across the very interesting essay named
&lt;a href=&quot;http://faculty.haas.berkeley.edu/shapiro/wars.pdf&quot;&gt;The Art of
Standards Wars&lt;/a&gt; (PDF 25 pages).  I recommend it for everyone
following the standards wars of today.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Sitesummary tip: Listing computer hardware models used at site</title>
                <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html</guid>
                <pubDate>Thu, 3 Jun 2010 12:05:00 +0200</pubDate>
                <description>&lt;p&gt;When using sitesummary at a site to track machines, it is possible
to get a list of the machine types in use thanks to the DMI
information extracted from each machine.  The script to do so is
included in the sitesummary package, and here is example output from
the Skolelinux build servers:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
maintainer:~# /usr/lib/sitesummary/hardware-model-summary
  vendor                    count
  Dell Computer Corporation     1
    PowerEdge 1750              1
  IBM                           1
    eserver xSeries 345 -[8670M1X]-     1
  Intel                         2
  [no-dmi-info]                 3
maintainer:~#
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;The quality of the report depend on the quality of the DMI tables
provided in each machine.  Here there are Intel machines without model
information listed with Intel as vendor and no model, and virtual Xen
machines listed as [no-dmi-info].  One can add -l as a command line
option to list the individual machines.&lt;/p&gt;

&lt;p&gt;A larger list is
&lt;a href=&quot;http://narvikskolen.no/sitesummary/&quot;&gt;available from the the
city of Narvik&lt;/a&gt;, which uses Skolelinux on all their shools and also
provide the basic sitesummary report publicly.  In their report there
are ~1400 machines. I know they use both Ubuntu and Skolelinux on
their machines, and as sitesummary is available in both distributions,
it is trivial to get all of them to report to the same central
collector.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>KDM fail at boot with NVidia cards - and no one try to fix it?</title>
                <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</guid>
                <pubDate>Tue, 1 Jun 2010 17:05:00 +0200</pubDate>
                <description>&lt;p&gt;It is strange to watch how a bug in Debian causing KDM to fail to
start at boot when an NVidia video card is used is handled.  The
problem seem to be that the nvidia X.org driver uses a long time to
initialize, and this duration is longer than kdm is configured to
wait.&lt;/p&gt;

&lt;p&gt;I came across two bugs related to this issue,
&lt;a href=&quot;http://bugs.debian.org/583312&quot;&gt;#583312&lt;/a&gt; initially filed
against initscripts and passed on to nvidia-glx when it became obvious
that the nvidia drivers were involved, and
&lt;a href=&quot;http://bugs.debian.org/524751&quot;&gt;#524751&lt;/a&gt; initially filed against
kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.&lt;/p&gt;

&lt;p&gt;To me, it seem that no-one is interested in actually solving the
problem nvidia video card owners experience and make sure the Debian
distribution work out of the box for these users.  The nvidia driver
maintainers expect kdm to be set up to wait longer, while kdm expect
the nvidia driver maintainers to fix the driver to start faster, and
while they wait for each other I guess the users end up switching to a
distribution that work for them.  I have no idea what the solution is,
but I am pretty sure that waiting for each other is not it.&lt;/p&gt;

&lt;p&gt;I wonder why we end up handling bugs this way.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Parallellized boot seem to hold up well in Debian/testing</title>
                <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</guid>
                <pubDate>Thu, 27 May 2010 23:55:00 +0200</pubDate>
                <description>&lt;p&gt;A few days ago, parallel booting was enabled in Debian/testing.
The feature seem to hold up pretty well, but three fairly serious
issues are known and should be solved:

&lt;p&gt;&lt;ul&gt;

&lt;li&gt;The wicd package seen to
&lt;a href=&quot;http://bugs.debian.org/508289&quot;&gt;break NFS mounting&lt;/a&gt; and
&lt;a href=&quot;http://bugs.debian.org/581586&quot;&gt;network setup&lt;/a&gt; when
parallel booting is enabled.  No idea why, but the wicd maintainer
seem to be on the case.&lt;/li&gt;

&lt;li&gt;The nvidia X driver seem to
&lt;a href=&quot;http://bugs.debian.org/583312&quot;&gt;have a race condition&lt;/a&gt;
triggered more easily when parallel booting is in effect.  The
maintainer is on the case.&lt;/li&gt;

&lt;li&gt;The sysv-rc package fail to properly enable dependency based boot
sequencing (the shutdown is broken) when old file-rc users
&lt;a href=&quot;http://bugs.debian.org/575080&quot;&gt;try to switch back&lt;/a&gt; to
sysv-rc.  One way to solve it would be for file-rc to create
/etc/init.d/.legacy-bootordering, and another is to try to make
sysv-rc more robust.  Will investigate some more and probably upload a
workaround in sysv-rc to help those trying to move from file-rc to
sysv-rc get a working shutdown.&lt;/li&gt;

&lt;/ul&gt;&lt;/p&gt;

&lt;p&gt;All in all not many surprising issues, and all of them seem
solvable before Squeeze is released.  In addition to these there are
some packages with bugs in their dependencies and run level settings,
which I expect will be fixed in a reasonable time span.&lt;/p&gt;

&lt;p&gt;If you report any problems with dependencies in init.d scripts to
the BTS, please usertag the report to get it to show up at
&lt;a href=&quot;http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org&quot;&gt;the
list of usertagged bugs related to this&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Update: Correct bug number to file-rc issue.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>More flexible firmware handling in debian-installer</title>
                <link>http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html</guid>
                <pubDate>Sat, 22 May 2010 21:30:00 +0200</pubDate>
                <description>&lt;p&gt;After a long break from debian-installer development, I finally
found time today to return to the project.  Having to spend less time
working dependency based boot in debian, as it is almost complete now,
definitely helped freeing some time.&lt;/p&gt;

&lt;p&gt;A while back, I ran into a problem while working on Debian Edu.  We
include some firmware packages on the Debian Edu CDs, those needed to
get disk and network controllers working.  Without having these
firmware packages available during installation, it is impossible to
install Debian Edu on the given machine, and because our target group
are non-technical people, asking them to provide firmware packages on
an external medium is a support pain.  Initially, I expected it to be
enough to include the firmware packages on the CD to get
debian-installer to find and use them.  This proved to be wrong.
Next, I hoped it was enough to symlink the relevant firmware packages
to some useful location on the CD (tried /cdrom/ and
/cdrom/firmware/).  This also proved to not work, and at this point I
found time to look at the debian-installer code to figure out what was
going to work.&lt;/p&gt;

&lt;p&gt;The firmware loading code is in the hw-detect package, and a closer
look revealed that it would only look for firmware packages outside
the installation media, so the CD was never checked for firmware
packages.  It would only check USB sticks, floppies and other
&quot;external&quot; media devices.  Today I changed it to also look in the
/cdrom/firmware/ directory on the mounted CD or DVD, which should
solve the problem I ran into with Debian edu.  I also changed it to
look in /firmware/, to make sure the installer also find firmware
provided in the initrd when booting the installer via PXE, to allow us
to provide the same feature in the PXE setup included in Debian
Edu.&lt;/p&gt;

&lt;p&gt;To make sure firmware deb packages with a license questions are not
activated without asking if the license is accepted, I extended
hw-detect to look for preinst scripts in the firmware packages, and
run these before activating the firmware during installation.  The
license question is asked using debconf in the preinst, so this should
solve the issue for the firmware packages I have looked at so far.&lt;/p&gt;

&lt;p&gt;If you want to discuss the details of these features, please
contact us on debian-boot@lists.debian.org.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Parallellized boot is now the default in Debian/unstable</title>
                <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html</guid>
                <pubDate>Fri, 14 May 2010 22:40:00 +0200</pubDate>
                <description>&lt;p&gt;Since this evening, parallel booting is the default in
Debian/unstable for machines using dependency based boot sequencing.
Apparently the testing of concurrent booting has been wider than
expected, if I am to believe the
&lt;a href=&quot;http://lists.debian.org/debian-devel/2010/05/msg00122.html&quot;&gt;input
on debian-devel@&lt;/a&gt;, and I concluded a few days ago to move forward
with the feature this weekend, to give us some time to detect any
remaining problems before Squeeze is frozen.  If serious problems are
detected, it is simple to change the default back to sequential boot.
The upload of the new sysvinit package also activate a new upstream
version.&lt;/p&gt;

More information about
&lt;a href=&quot;http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot&quot;&gt;dependency
based boot sequencing&lt;/a&gt; is available from the Debian wiki.  It is
currently possible to disable parallel booting when one run into
problems caused by it, by adding this line to /etc/default/rcS:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
CONCURRENCY=none
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;If you report any problems with dependencies in init.d scripts to
the BTS, please usertag the report to get it to show up at
&lt;a href=&quot;http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org&quot;&gt;the
list of usertagged bugs related to this&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Sitesummary tip: Listing MAC address of all clients</title>
                <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html</guid>
                <pubDate>Fri, 14 May 2010 21:10:00 +0200</pubDate>
                <description>&lt;p&gt;In the recent Debian Edu versions, the
&lt;a href=&quot;http://wiki.debian.org/DebianEdu/HowTo/SiteSummary&quot;&gt;sitesummary
system&lt;/a&gt; is used to keep track of the machines in the school
network.  Each machine will automatically report its status to the
central server after boot and once per night.  The network setup is
also reported, and using this information it is possible to get the
MAC address of all network interfaces in the machines.  This is useful
to update the DHCP configuration.&lt;/p&gt;

&lt;p&gt;To give some idea how to use sitesummary, here is a one-liner to
ist all MAC addresses of all machines reporting to sitesummary.  Run
this on the collector host:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
perl -MSiteSummary -e &#39;for_all_hosts(sub { print join(&quot; &quot;, get_macaddresses(shift)), &quot;\n&quot;; });&#39;
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;This will list all MAC addresses assosiated with all machine, one
line per machine and with space between the MAC addresses.&lt;/p&gt;

&lt;p&gt;To allow system administrators easier job at adding static DHCP
addresses for hosts, it would be possible to extend this to fetch
machine information from sitesummary and update the DHCP and DNS
tables in LDAP using this information.  Such tool is unfortunately not
written yet.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>systemd, an interesting alternative to upstart</title>
                <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html</guid>
                <pubDate>Thu, 13 May 2010 22:20:00 +0200</pubDate>
                <description>&lt;p&gt;The last few days a new boot system called
&lt;a href=&quot;http://www.freedesktop.org/wiki/Software/systemd&quot;&gt;systemd&lt;/a&gt;
has been
&lt;a href=&quot;http://0pointer.de/blog/projects/systemd.html&quot;&gt;introduced&lt;/a&gt;

to the free software world.  I have not yet had time to play around
with it, but it seem to be a very interesting alternative to
&lt;a href=&quot;http://upstart.ubuntu.com/&quot;&gt;upstart&lt;/a&gt;, and might prove to be
a good alternative for Debian when we are able to switch to an event
based boot system.  Tollef is
&lt;a href=&quot;http://bugs.debian.org/580814&quot;&gt;in the process&lt;/a&gt; of getting
systemd into Debian, and I look forward to seeing how well it work.  I
like the fact that systemd handles init.d scripts with dependency
information natively, allowing them to run in parallel where upstart
at the moment do not.&lt;/p&gt;

&lt;p&gt;Unfortunately do systemd have the same problem as upstart regarding
platform support.  It only work on recent Linux kernels, and also need
some new kernel features enabled to function properly.  This means
kFreeBSD and Hurd ports of Debian will need a port or a different boot
system.  Not sure how that will be handled if systemd proves to be the
way forward.&lt;/p&gt;

&lt;p&gt;In the mean time, based on the
&lt;a href=&quot;http://lists.debian.org/debian-devel/2010/05/msg00122.html&quot;&gt;input
on debian-devel@&lt;/a&gt; regarding parallel booting in Debian, I have
decided to enable full parallel booting as the default in Debian as
soon as possible (probably this weekend or early next week), to see if
there are any remaining serious bugs in the init.d dependencies.  A
new version of the sysvinit package implementing this change is
already in experimental.  If all go well, Squeeze will be released
with parallel booting enabled by default.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Parallellizing the boot in Debian Squeeze - ready for wider testing</title>
                <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html</guid>
                <pubDate>Thu, 6 May 2010 23:25:00 +0200</pubDate>
                <description>&lt;p&gt;These days, the init.d script dependencies in Squeeze are quite
complete, so complete that it is actually possible to run all the
init.d scripts in parallell based on these dependencies.  If you want
to test your Squeeze system, make sure
&lt;a href=&quot;http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot&quot;&gt;dependency
based boot sequencing&lt;/a&gt; is enabled, and add this line to
/etc/default/rcS:&lt;/p&gt;

&lt;blockquote&gt;&lt;pre&gt;
CONCURRENCY=makefile
&lt;/pre&gt;&lt;/blockquote&gt;

&lt;p&gt;That is it.  It will cause sysv-rc to use the startpar tool to run
scripts in parallel using the dependency information stored in
/etc/init.d/.depend.boot, /etc/init.d/.depend.start and
/etc/init.d/.depend.stop to order the scripts.  Startpar is configured
to try to start the kdm and gdm scripts as early as possible, and will
start the facilities required by kdm or gdm as early as possible to
make this happen.&lt;/p&gt;

&lt;p&gt;Give it a try, and see if you like the result.  If some services
fail to start properly, it is most likely because they have incomplete
init.d script dependencies in their startup script (or some of their
dependent scripts have incomplete dependencies).  Report bugs and get
the package maintainers to fix it. :)&lt;/p&gt;

&lt;p&gt;Running scripts in parallel could be the default in Debian when we
manage to get the init.d script dependencies complete and correct.  I
expect we will get there in Squeeze+1, if we get manage to test and
fix the remaining issues.&lt;/p&gt;

&lt;p&gt;If you report any problems with dependencies in init.d scripts to
the BTS, please usertag the report to get it to show up at
&lt;a href=&quot;http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org&quot;&gt;the
list of usertagged bugs related to this&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian has switched to dependency based boot sequencing</title>
                <link>http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_has_switched_to_dependency_based_boot_sequencing.html</guid>
                <pubDate>Mon, 27 Jul 2009 23:50:00 +0200</pubDate>
                <description>&lt;p&gt;Since this evening, with the upload of sysvinit version 2.87dsf-2,
and the upload of insserv version 1.12.0-10 yesterday, Debian unstable
have been migrated to using dependency based boot sequencing.  This
conclude work me and others have been doing for the last three days.
It feels great to see this finally part of the default Debian
installation.  Now we just need to weed out the last few problems that
are bound to show up, to get everything ready for Squeeze.&lt;/p&gt;

&lt;p&gt;The next step is migrating /sbin/init from sysvinit to upstart, and
fixing the more fundamental problem of handing the event based
non-predictable kernel in the early boot.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Taking over sysvinit development</title>
                <link>http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Taking_over_sysvinit_development.html</guid>
                <pubDate>Wed, 22 Jul 2009 23:00:00 +0200</pubDate>
                <description>&lt;p&gt;After several years of frustration with the lack of activity from
the existing sysvinit upstream developer, I decided a few weeks ago to
take over the package and become the new upstream.  The number of
patches to track for the Debian package was becoming a burden, and the
lack of synchronization between the distribution made it hard to keep
the package up to date.&lt;/p&gt;

&lt;p&gt;On the new sysvinit team is the SuSe maintainer Dr. Werner Fink,
and my Debian co-maintainer Kel Modderman.  About 10 days ago, I made
a new upstream tarball with version number 2.87dsf (for Debian, SuSe
and Fedora), based on the patches currently in use in these
distributions.  We Debian maintainers plan to move to this tarball as
the new upstream as soon as we find time to do the merge.  Since the
new tarball was created, we agreed with Werner at SuSe to make a new
upstream project at &lt;a href=&quot;http://savannah.nongnu.org/&quot;&gt;Savannah&lt;/a&gt;, and continue
development there.  The project is registered and currently waiting
for approval by the Savannah administrators, and as soon as it is
approved, we will import the old versions from svn and continue
working on the future release.&lt;/p&gt;

&lt;p&gt;It is a bit ironic that this is done now, when some of the involved
distributions are moving to upstart as a syvinit replacement.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Debian boots quicker and quicker</title>
                <link>http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_boots_quicker_and_quicker.html</guid>
                <pubDate>Wed, 24 Jun 2009 21:40:00 +0200</pubDate>
                <description>&lt;p&gt;I spent Monday and tuesday this week in London with a lot of the
people involved in the boot system on Debian and Ubuntu, to see if we
could find more ways to speed up the boot system.  This was an Ubuntu
funded
&lt;a href=&quot;https://wiki.ubuntu.com/FoundationsTeam/BootPerformance/DebianUbuntuSprint&quot;&gt;developer
gathering&lt;/a&gt;. It was quite productive.  We also discussed the future
of boot systems, and ways to handle the increasing number of boot
issues introduced by the Linux kernel becoming more and more
asynchronous and event base.  The Ubuntu approach using udev and
upstart might be a good way forward.  Time will show.&lt;/p&gt;

&lt;p&gt;Anyway, there are a few ways at the moment to speed up the boot
process in Debian.  All of these should be applied to get a quick
boot:&lt;/p&gt;

&lt;ul&gt;

&lt;li&gt;Use dash as /bin/sh.&lt;/li&gt;

&lt;li&gt;Disable the init.d/hwclock*.sh scripts and make sure the hardware
   clock is in UTC.&lt;/li&gt;

&lt;li&gt;Install and activate the insserv package to enable
   &lt;a href=&quot;http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot&quot;&gt;dependency
   based boot sequencing&lt;/a&gt;, and enable concurrent booting.&lt;/li&gt;

&lt;/ul&gt;

These points are based on the Google summer of code work done by
&lt;a href=&quot;http://initscripts-ng.alioth.debian.org/soc2006-bootsystem/&quot;&gt;Carlos
Villegas&lt;/a&gt;.

&lt;p&gt;Support for makefile-style concurrency during boot was uploaded to
unstable yesterday.  When we tested it, we were able to cut 6 seconds
from the boot sequence.  It depend on very correct dependency
declaration in all init.d scripts, so I expect us to find edge cases
where the dependences in some scripts are slightly wrong when we start
using this.&lt;/p&gt;

&lt;p&gt;On our IRC channel for this effort, #pkg-sysvinit, a new idea was
introduced by Raphael Geissert today, one that could affect the
startup speed as well.  Instead of starting some scripts concurrently
from rcS.d/ and another set of scripts from rc2.d/, it would be
possible to run a of them in the same process.  A quick way to test
this would be to enable insserv and run &#39;mv /etc/rc2.d/S* /etc/rcS.d/;
insserv&#39;.  Will need to test if that work. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>BSAs påstander om piratkopiering møter motstand</title>
                <link>http://people.skolelinux.org/pere/blog/BSAs_p_stander_om_piratkopiering_m_ter_motstand.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/BSAs_p_stander_om_piratkopiering_m_ter_motstand.html</guid>
                <pubDate>Sun, 17 May 2009 23:05:00 +0200</pubDate>
                <description>&lt;p&gt;Hvert år de siste årene har BSA, lobbyfronten til de store
programvareselskapene som Microsoft og Apple, publisert en rapport der
de gjetter på hvor mye piratkopiering påfører i tapte inntekter i
ulike land rundt om i verden.  Resultatene er tendensiøse.  For noen
dager siden kom
&lt;a href=&quot;http://global.bsa.org/globalpiracy2008/studies/globalpiracy2008.pdf&quot;&gt;siste
rapport&lt;/a&gt;, og det er flere kritiske kommentarer publisert de siste
dagene.  Et spesielt interessant kommentar fra Sverige,
&lt;a href=&quot;http://www.idg.se/2.1085/1.229795/bsa-hoftade-sverigesiffror&quot;&gt;BSA
höftade Sverigesiffror&lt;/a&gt;, oppsummeres slik:&lt;/p&gt;

&lt;blockquote&gt;
I sin senaste rapport slår BSA fast att 25 procent av all mjukvara i
Sverige är piratkopierad. Det utan att ha pratat med ett enda svenskt
företag. &quot;Man bör nog kanske inte se de här siffrorna som helt
exakta&quot;, säger BSAs Sverigechef John Hugosson.
&lt;/blockquote&gt;

&lt;p&gt;Mon tro om de er like metodiske når de gjetter på andelen piratkopiering i Norge?  To andre kommentarer er &lt;a
href=&quot;http://www.vnunet.com/vnunet/comment/2242134/bsa-piracy-figures-shot-reality&quot;&gt;BSA
piracy figures need a shot of reality&lt;/a&gt; og &lt;a
href=&quot;http://www.michaelgeist.ca/content/view/3958/125/&quot;&gt;Does The WIPO
Copyright Treaty Work?&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Fant lenkene via &lt;a
href=&quot;http://tech.slashdot.org/article.pl?sid=09/05/17/1632242&quot;&gt;oppslag
på Slashdot&lt;/a&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>IDG mener linux i servermarkedet vil vokse med 21% i 2009</title>
                <link>http://people.skolelinux.org/pere/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/IDG_mener_linux_i_servermarkedet_vil_vokse_med_21__i_2009.html</guid>
                <pubDate>Thu, 7 May 2009 22:30:00 +0200</pubDate>
                <description>&lt;p&gt;Kom over
&lt;a href=&quot;http://news.cnet.com/8301-13505_3-10216873-16.html&quot;&gt;interessante
tall&lt;/a&gt; fra IDG om utviklingen av linuxservermarkedet.  Fikk meg til
å tenke på antall tjenermaskiner ved Universitetet i Oslo der jeg
jobber til daglig.  En rask opptelling forteller meg at vi har 490
(61%) fysiske unix-tjener (mest linux men også noen solaris) og 196
(25%) windowstjenere, samt 112 (14%) virtuelle unix-tjenere.  Med den
bakgrunnskunnskapen kan jeg godt tro at IDG er inne på noe.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Kryptert harddisk - naturligvis</title>
                <link>http://people.skolelinux.org/pere/blog/Kryptert_harddisk___naturligvis.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Kryptert_harddisk___naturligvis.html</guid>
                <pubDate>Sat, 2 May 2009 15:30:00 +0200</pubDate>
                <description>&lt;p&gt;&lt;a href=&quot;http://www.dagensit.no/trender/article1658676.ece&quot;&gt;Dagens
IT melder&lt;/a&gt; at Intel hevder at det er dyrt å miste en datamaskin,
når en tar tap av arbeidstid, fortrolige dokumenter,
personopplysninger og alt annet det innebærer.  Det er ingen tvil om
at det er en kostbar affære å miste sin datamaskin, og det er årsaken
til at jeg har kryptert harddisken på både kontormaskinen og min
bærbare.  Begge inneholder personopplysninger jeg ikke ønsker skal
komme på avveie, den første informasjon relatert til jobben min ved
Universitetet i Oslo, og den andre relatert til blant annet
foreningsarbeide.  Kryptering av diskene gjør at det er lite
sannsynlig at dophoder som kan finne på å rappe maskinene får noe ut
av dem.  Maskinene låses automatisk etter noen minutter uten bruk,
og en reboot vil gjøre at de ber om passord før de vil starte opp.
Jeg bruker Debian på begge maskinene, og installasjonssystemet der
gjør det trivielt å sette opp krypterte disker.  Jeg har LVM på toppen
av krypterte partisjoner, slik at alt av datapartisjoner er kryptert.
Jeg anbefaler alle å kryptere diskene på sine bærbare.  Kostnaden når
det er gjort slik jeg gjør det er minimale, og gevinstene er
betydelige.  En bør dog passe på passordet.  Hvis det går tapt, må
maskinen reinstalleres og alt er tapt.&lt;/p&gt;

&lt;p&gt;Krypteringen vil ikke stoppe kompetente angripere som f.eks. kjøler
ned minnebrikkene før maskinen rebootes med programvare for å hente ut
krypteringsnøklene.  Kostnaden med å forsvare seg mot slike angripere
er for min del høyere enn gevinsten.  Jeg tror oddsene for at
f.eks. etteretningsorganisasjoner har glede av å titte på mine
maskiner er minimale, og ulempene jeg ville oppnå ved å forsøke å
gjøre det vanskeligere for angripere med kompetanse og ressurser er
betydelige.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Two projects that have improved the quality of free software a lot</title>
                <link>http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Two_projects_that_have_improved_the_quality_of_free_software_a_lot.html</guid>
                <pubDate>Sat, 2 May 2009 15:00:00 +0200</pubDate>
                <description>&lt;p&gt;There are two software projects that have had huge influence on the
quality of free software, and I wanted to mention both in case someone
do not yet know them.&lt;/p&gt;

&lt;p&gt;The first one is &lt;a href=&quot;http://valgrind.org/&quot;&gt;valgrind&lt;/a&gt;, a
tool to detect and expose errors in the memory handling of programs.
It is easy to use, all one need to do is to run &#39;valgrind program&#39;,
and it will report any problems on stdout.  It is even better if the
program include debug information.  With debug information, it is able
to report the source file name and line number where the problem
occurs.  It can report things like &#39;reading past memory block in file
X line N, the memory block was allocated in file Y, line M&#39;, and
&#39;using uninitialised value in control logic&#39;.  This tool has made it
trivial to investigate reproducible crash bugs in programs, and have
reduced the number of this kind of bugs in free software a lot.

&lt;p&gt;The second one is
&lt;a href=&quot;http://en.wikipedia.org/wiki/Coverity&quot;&gt;Coverity&lt;/a&gt; which is
a source code checker.  It is able to process the source of a program
and find problems in the logic without running the program.  It
started out as the Stanford Checker and became well known when it was
used to find bugs in the Linux kernel.  It is now a commercial tool
and the company behind it is running
&lt;a href=&quot;http://www.scan.coverity.com/&quot;&gt;a community service&lt;/a&gt; for the
free software community, where a lot of free software projects get
their source checked for free.  Several thousand defects have been
found and fixed so far.  It can find errors like &#39;lock L taken in file
X line N is never released if exiting in line M&#39;, or &#39;the code in file
Y lines O to P can never be executed&#39;.  The projects included in the
community service project have managed to get rid of a lot of
reliability problems thanks to Coverity.&lt;/p&gt;

&lt;p&gt;I believe tools like this, that are able to automatically find
errors in the source, are vital to improve the quality of software and
make sure we can get rid of the crashing and failing software we are
surrounded by today.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>No patch is not better than a useless patch</title>
                <link>http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/No_patch_is_not_better_than_a_useless_patch.html</guid>
                <pubDate>Tue, 28 Apr 2009 09:30:00 +0200</pubDate>
                <description>&lt;p&gt;Julien Blache
&lt;a href=&quot;http://blog.technologeek.org/2009/04/12/214&quot;&gt;claim that no
patch is better than a useless patch&lt;/a&gt;.  I completely disagree, as a
patch allow one to discuss a concrete and proposed solution, and also
prove that the issue at hand is important enough for someone to spent
time on fixing it.  No patch do not provide any of these positive
properties.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Standardize on protocols and formats, not vendors and applications</title>
                <link>http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Standardize_on_protocols_and_formats__not_vendors_and_applications.html</guid>
                <pubDate>Mon, 30 Mar 2009 11:50:00 +0200</pubDate>
                <description>&lt;p&gt;Where I work at the University of Oslo, one decision stand out as a
very good one to form a long lived computer infrastructure.  It is the
simple one, lost by many in todays computer industry: Standardize on
open network protocols and open exchange/storage formats, not applications.
Applications come and go, while protocols and files tend to stay, and
thus one want to make it easy to change application and vendor, while
avoiding conversion costs and locking users to a specific platform or
application.&lt;/p&gt;

&lt;p&gt;This approach make it possible to replace the client applications
independently of the server applications.  One can even allow users to
use several different applications as long as they handle the selected
protocol and format.  In the normal case, only one client application
is recommended and users only get help if they choose to use this
application, but those that want to deviate from the easy path are not
blocked from doing so.&lt;/p&gt;

&lt;p&gt;It also allow us to replace the server side without forcing the
users to replace their applications, and thus allow us to select the
best server implementation at any moment, when scale and resouce
requirements change.&lt;/p&gt;

&lt;p&gt;I strongly recommend standardizing - on open network protocols and
open formats, but I would never recommend standardizing on a single
application that do not use open network protocol or open formats.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Returning from Skolelinux developer gathering</title>
                <link>http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Returning_from_Skolelinux_developer_gathering.html</guid>
                <pubDate>Sun, 29 Mar 2009 21:00:00 +0200</pubDate>
                <description>&lt;p&gt;I&#39;m sitting on the train going home from this weekends Debian
Edu/Skolelinux development gathering.  I got a bit done tuning the
desktop, and looked into the dynamic service location protocol
implementation avahi.  It look like it could be useful for us.  Almost
30 people participated, and I believe it was a great environment to
get to know the Skolelinux system.  Walter Bender, involved in the
development of the Sugar educational platform, presented his stuff and
also helped me improve my OLPC installation.  He also showed me that
his Turtle Art application can be used in standalone mode, and we
agreed that I would help getting it packaged for Debian.  As a
standalone application it would be great for Debian Edu.  We also
tried to get the video conferencing working with two OLPCs, but that
proved to be too hard for us.  The application seem to need more work
before it is ready for me.  I look forward to getting home and relax
now. :)&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Time for new  LDAP schemas replacing RFC 2307?</title>
                <link>http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html</guid>
                <pubDate>Sun, 29 Mar 2009 20:30:00 +0200</pubDate>
                <description>&lt;p&gt;The state of standardized LDAP schemas on Linux is far from
optimal.  There is RFC 2307 documenting one way to store NIS maps in
LDAP, and a modified version of this normally called RFC 2307bis, with
some modifications to be compatible with Active Directory.  The RFC
specification handle the content of a lot of system databases, but do
not handle DNS zones and DHCP configuration.&lt;/p&gt;

&lt;p&gt;In &lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Debian Edu/Skolelinux&lt;/a&gt;,
we would like to store information about users, SMB clients/hosts,
filegroups, netgroups (users and hosts), DHCP and DNS configuration,
and LTSP configuration in LDAP.  These objects have a lot in common,
but with the current LDAP schemas it is not possible to have one
object per entity.  For example, one need to have at least three LDAP
objects for a given computer, one with the SMB related stuff, one with
DNS information and another with DHCP information.  The schemas
provided for DNS and DHCP are impossible to combine into one LDAP
object.  In addition, it is impossible to implement quick queries for
netgroup membership, because of the way NIS triples are implemented.
It just do not scale.  I believe it is time for a few RFC
specifications to cleam up this mess.&lt;/p&gt;

&lt;p&gt;I would like to have one LDAP object representing each computer in
the network, and this object can then keep the SMB (ie host key), DHCP
(mac address/name) and DNS (name/IP address) settings in one place.
It need to be efficently stored to make sure it scale well.&lt;/p&gt;

&lt;p&gt;I would also like to have a quick way to map from a user or
computer and to the net group this user or computer is a member.&lt;/p&gt;

&lt;p&gt;Active Directory have done a better job than unix heads like myself
in this regard, and the unix side need to catch up.  Time to start a
new IETF work group?&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Endelig er Debian Lenny gitt ut</title>
                <link>http://people.skolelinux.org/pere/blog/Endelig_er_Debian_Lenny_gitt_ut.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Endelig_er_Debian_Lenny_gitt_ut.html</guid>
                <pubDate>Sun, 15 Feb 2009 11:50:00 +0100</pubDate>
                <description>&lt;p&gt;Endelig er &lt;a href=&quot;http://www.debian.org/&quot;&gt;Debian&lt;/a&gt;
&lt;a href=&quot;http://www.debian.org/News/2009/20090214&quot;&gt;Lenny&lt;/a&gt; gitt ut.
Et langt steg videre for Debian-prosjektet, og en rekke nye
programpakker blir nå tilgjengelig for de av oss som bruker den
stabile utgaven av Debian.  Neste steg er nå å få
&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Skolelinux&lt;/a&gt; /
&lt;a href=&quot;http://wiki.debian.org/DebianEdu/&quot;&gt;Debian Edu&lt;/a&gt; ferdig
oppdatert for den nye utgaven, slik at en oppdatert versjon kan
slippes løs på skolene.  Takk til alle debian-utviklerne som har
gjort dette mulig.  Endelig er f.eks. fungerende avhengighetsstyrt
bootsekvens tilgjengelig i stabil utgave, vha pakken
&lt;tt&gt;insserv&lt;/tt&gt;.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>Devcamp brought us closer to the Lenny based Debian Edu release</title>
                <link>http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Devcamp_brought_us_closer_to_the_Lenny_based_Debian_Edu_release.html</guid>
                <pubDate>Sun, 7 Dec 2008 12:00:00 +0100</pubDate>
                <description>&lt;p&gt;This weekend we had a small developer gathering for Debian Edu in
Oslo.  Most of Saturday was used for the general assemly for the
member organization, but the rest of the weekend I used to tune the
LTSP installation.  LTSP now work out of the box on the 10-network.
Acer Aspire One proved to be a very nice thin client, with both
screen, mouse and keybard in a small box.  Was working on getting the
diskless workstation setup configured out of the box, but did not
finish it before the weekend was up.&lt;/p&gt;

&lt;p&gt;Did not find time to look at the 4 VGA cards in one box we got from
the Brazilian group, so that will have to wait for the next
development gathering.  Would love to have the Debian Edu installer
automatically detect and configure a multiseat setup when it find one
of these cards.&lt;/p&gt;
</description>
        </item>
        
        <item>
                <title>The sorry state of multimedia browser plugins in Debian</title>
                <link>http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html</link>
                <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_sorry_state_of_multimedia_browser_plugins_in_Debian.html</guid>
                <pubDate>Tue, 25 Nov 2008 00:10:00 +0100</pubDate>
                <description>&lt;p&gt;Recently I have spent some time evaluating the multimedia browser
plugins available in Debian Lenny, to see which one we should use by
default in Debian Edu.  We need an embedded video playing plugin with
control buttons to pause or stop the video, and capable of streaming
all the multimedia content available on the web.  The test results and
notes are available on
&lt;a href=&quot;http://wiki.debian.org/DebianEdu/BrowserMultimedia&quot;&gt;the
Debian wiki&lt;/a&gt;.  I was surprised how few of the plugins are able to
fill this need.  My personal video player favorite, VLC, has a really
bad plugin which fail on a lot of the test pages.  A lot of the MIME
types I would expect to work with any free software player (like
video/ogg), just do not work.  And simple formats like the
audio/x-mplegurl format (m3u playlists), just isn&#39;t supported by the
totem and vlc plugins.  I hope the situation will improve soon.  No
wonder sites use the proprietary Adobe flash to play video.&lt;/p&gt;

&lt;p&gt;For Lenny, we seem to end up with the mplayer plugin.  It seem to
be the only one fitting our needs. :/&lt;/p&gt;
</description>
        </item>
        
        </channel>
</rss>