<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html">No hardcoded config on Debian Edu clients</a></div>
- <div class="date">2010-08-09 20:15</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/DND_hedrer_overv__kning_av_barn_med_Rosingsprisen.html">DND hedrer overvåkning av barn med Rosingsprisen</a></div>
+ <div class="date">2010-11-23 14:15</div>
<div class="body">
-<p>As reported earlier, the last few days I have looked at how Debian
-Edu clients are configured, and tried to get rid of all hardcoded
-configuration settings on the clients. I believe the work to be
-mostly done, and the clients seem to work just fine with dynamically
-generated configuration.</p>
-
-<p>What is the point, you might ask? The point is to allow a Debian
-Edu desktop to integrate into an existing network infrastructure
-without any manual configuration.</p>
-
-<p>This is what happens when installing a Debian Edu client here at
-the University of Oslo using PXE. With the PXE installation, I am
-asked for language (Norwegian Bokmål), locality (Norway) and keyboard
-layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
-accept to reformat the hard drive (yes), if I want to submit info to
-popcon.debian.org (no) and root password (secret). After answering
-these questions, the installer goes ahead and does its thing, and
-after around 50 minutes it is done. I press enter to finish the
-installation, and the machine reboots into KDE. When the machine is
-ready and kdm asks for login information, I enter my university
-username and password, am told by kdm that a local home directory has
-been created and that I must log in again, and finally log in with the
-same username and password to the KDE 4.4 desktop. At no point during
-this process did it ask for university specific settings, and all the
-required configuration was dynamically detected using information
-fetched via DHCP and DNS. The roaming workstation is now ready for
-use.</p>
-
-<p>How was this done, you might wonder? First of all, here is the
-list of things that need to be configured on the client to get it
-working properly out of the box:</p>
-
-<ul>
-<li>IP address/netmask and DNS server.</li>
-<li>Web proxy URL.</li>
-<li>LDAP server for NSS directory information (user, group, etc).</li>
-<li>Kerberos server for PAM password checking.</li>
-<li>SMB mount point to access the network home directory. (*)</li>
-<li>Central syslog server to send syslog messages to. (*)</li>
-<li>Sitesummary collector URL to submit info to central server. (*)</li>
-</ul>
-
-<p>(Hm, did I forget anything? Let me knew if I did.)</p>
-
-<p>The points marked (*) are not required to be able to use the
-machine, but needed to provide central storage and allowing system
-administrators to track their machines. Since yesterday, everything
-but the sitesummary collector URL is dynamically discovered at boot
-and installation time in the svn version of Debian Edu.</p>
-
-<p>The IP and DNS setup is fetched during boot using DHCP as usual.
-When a DHCP update arrives, the proxy setup is updated by looking for
-http://wpat/wpad.dat and using the content of this WPAD file to
-configure the http and ftp proxy in /etc/environment and
-/etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
-hook to ensure that the client stops using the Debian Edu proxy when
-it is moved outside the Debian Edu network, and instead uses any local
-proxy present on the new network when it moves around.</p>
-
-<p>The DNS names of the LDAP, Kerberos and syslog server and related
-configuration are generated using DNS information at boot. First the
-installer looks for a host named ldap in the current DNS domain. If
-not found, it looks for _ldap._tcp SRV records in DNS instead. If an
-LDAP server is found, its root DSE entry is requested and the
-attributes namingContexts and defaultNamingContext are used to
-determine which LDAP base to use for NSS. If there are several
-namingContexts attibutes and the defaultNamingContext is present, that
-LDAP subtree is used as the base. If defaultNamingContext is missing,
-the subtrees listed as namingContexts are searched in sequence for any
-object with class posixAccount or posixGroup, and the first one with
-such an object is used as the LDAP base. For Kerberos, a similar
-search is done by first looking for a host named kerberos, and then
-for the _kerberos._tcp SRV record. I've been unable to find a way to
-look up the Kerberos realm, so for this the upper case string of the
-current DNS domain is used.</p>
-
-<p>For the syslog server, the hosts syslog and loghost are searched
-for, and the _syslog._udp SRV record is consulted if no such host is
-found. This algorithm works for both Debian Edu and the University of
-Oslo. A similar strategy would work for locating the sitesummary
-server, but have not been implemented yet. I decided to fetch and
-save these settings during installation, to make sure moving to a
-different network does not change the set of users being allowed to
-log in nor the passwords required to log in. Usernames and passwords
-will be cached by sssd when the user logs in on the Debian Edu
-network, and will not change as the laptop move around. For a
-non-roaming machine, there is no caching, but given that it is
-supposed to stay in place it should not matter much. Perhaps we
-should switch those to use sssd too?</p>
-
-<p>The user's SMB mount point for the network home directory is
-located when the user logs in for the first time. The LDAP server is
-consulted to look for the user's LDAP object and the sambaHomePath
-attribute is used if found. If it isn't found, the home directory
-path fetched from NSS is used instead. Assuming the path is of the
-form /site/server/directory/username, the second part is looked up in
-DNS and used to generate a SMB URL of the form
-smb://server.domain/username. This algorithm works for both Debian
-edu and the University of Oslo. Perhaps there are better attributes
-to use or a better algorithm that works for more sites, but this will
-do for now. :)</p>
-
-<p>This work should make it easier to integrate the Debian Edu clients
-into any LDAP/Kerberos infrastructure, and make the current setup even
-more flexible than before. I suspect it will also work for thin
-client servers, allowing one to easily set up LTSP and hook it into a
-existing network infrastructure, but I have not had time to test this
-yet.</p>
-
-<p>If you want to help out with implementing these things for Debian
-Edu, please contact us on debian-edu@lists.debian.org.</p>
-
-<p>Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to
-detect Kerberos realm from DNS, by looking for _kerberos TXT entries
-before falling back to the upper case DNS domain name. Will have to
-implement it for Debian Edu. :)</p>
+<p>Jeg registrerer med vond smak i munnen at Den Norske Dataforening
+<a
+href="http://www.dataforeningen.no/hedret-med-rosingprisen.4849070-133913.html">hedrer
+overvåkning av barn med Rosingsprisen for kreativitet i år</a>. Jeg
+er glad jeg nå er meldt ut av DND.</p>
+
+<p>Å elektronisk overvåke sine barn er ikke å gjøre dem en tjeneste,
+men et overgrep mot individer i utvikling som bør læres opp til å ta
+egne valg.</p>
+
+<p>For å sitere Datatilsynets nye leder, Bjørn Erik Thon, i
+<a href="http://www.idg.no/computerworld/article174262.ece">et intervju
+med Computerworld Norge</A>:</p>
+
+<p><blockquote>
+- For alle som har barn, meg selv inkludert, er førstetanken at det
+hadde vært fint å vite hvor barnet sitt er til enhver tid. Men ungene
+har ikke godt av det. De er små individer som skal søke rundt og finne
+sine små gjemmesteder og utvide horisonten, uten at foreldrene ser dem
+i kortene. Det kan være fristende, men jeg ville ikke gått inn i
+dette.
+</blockquote></p>
+
+<p>Det er skremmende å se at DND mener en tjeneste som legger opp til
+slike overgrep bør hedres. Å flytte oppveksten for barn inn i en
+virtuell
+<a href="http://en.wikipedia.org/wiki/Panopticon">Panopticon</a> er et
+grovt overgrep og vil gjøre skade på barnenes utvikling, og foreldre
+burde tenke seg godt om før de gir etter for sine instinkter her.</p>
+
+<p>Blipper-tjenesten får meg til å tenke på bøkene til
+<a href="http://en.wikipedia.org/wiki/John_Twelve_Hawks">John Twelve
+Hawks</a>, som forbilledlig beskriver hvordan et totalitært
+overvåkningssamfunn bygges sakte men sikkert rundt oss, satt sammen av
+gode intensjoner og manglende bevissthet om hvilke prinsipper et
+liberalt demokrati er fundamentert på. Jeg har hatt stor glede av å
+lese alle de tre bøkene.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">Testing if a file system can be used for home directories...</a></div>
- <div class="date">2010-08-08 21:20</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades_of_the_Gnome_and_KDE_desktop__now_with_apt_get_autoremove.html">Lenny->Squeeze upgrades of the Gnome and KDE desktop, now with apt-get autoremove</a></div>
+ <div class="date">2010-11-22 14:15</div>
<div class="body">
-<p>A few years ago, I was involved in a project planning to use
-Windows file servers as home directory servers for Debian
-Edu/Skolelinux machines. This was thought to be no problem, as the
-access would be through the SMB network file system protocol, and we
-knew other sites used SMB with unix and samba as the file server to
-mount home directories without any problems. But, after months of
-struggling, we had to conclude that our goal was impossible.</p>
-
-<p>The reason is simply that while SMB can be used for home
-directories when the file server is Samba running on Unix, this only
-work because of Samba have some extensions and the fact that the
-underlying file system is a unix file system. When using a Windows
-file server, the underlying file system do not have POSIX semantics,
-and several programs will fail if the users home directory where they
-want to store their configuration lack POSIX semantics.</p>
-
-<p>As part of this work, I wrote a small C program I want to share
-with you all, to replicate a few of the problematic applications (like
-OpenOffice.org and GCompris) and see if the file system was working as
-it should. If you find yourself in spooky file system land, it might
-help you find your way out again. This is the fs-test.c source:</p>
-
-<pre>
-/*
- * Some tests to check the file system sematics. Used to verify that
- * CIFS from a windows server do not work properly as a linux home
- * directory.
- * License: GPL v2 or later
- *
- * needs libsqlite3-dev and build-essential installed
- * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
-*/
-
-#define _FILE_OFFSET_BITS 64
-#define _LARGEFILE_SOURCE 1
-#define _LARGEFILE64_SOURCE 1
-
-#define _GNU_SOURCE /* for asprintf() */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <sys/file.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#ifdef TEST_SQLITE
-/*
- * Test sqlite open, as done by gcompris require the libsqlite3-dev
- * package and linking with -lsqlite3. A more low level test is
- * below.
- * See also <URL: http://www.sqlite.org./faq.html#q5 >.
- */
-#include <sqlite3.h>
-#define CREATE_TABLE_USERS \
- "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
-int test_sqlite_open(void) {
- char *zErrMsg;
- char *name = "testsqlite.db";
- sqlite3 *db=NULL;
- unlink(name);
- int rc = sqlite3_open(name, &db);
- if( rc ){
- printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
- sqlite3_close(db);
- return -1;
- }
-
- /* create tables */
- rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL, 0, &zErrMsg);
- if( rc != SQLITE_OK ){
- printf("error: sqlite table create failed: %s\n", zErrMsg);
- sqlite3_close(db);
- return -1;
- }
- printf("info: sqlite worked\n");
- sqlite3_close(db);
- return 0;
-}
-#endif /* TEST_SQLITE */
-
-/*
- * Demonstrate locking issue found in gcompris using sqlite3. This
- * work with ext3, but not with cifs server on Windows 2003. This is
- * done in the sqlite3 library.
- * See also
- * <URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
- * POSIX specification
- * <URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
- */
-int test_gcompris_locking(void) {
- struct flock fl;
- char *name = "testsqlite.db";
- unlink(name);
- int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
- printf("info: testing fcntl locking\n");
-
- fl.l_whence = SEEK_SET;
- fl.l_pid = getpid();
- printf(" Read-locking 1 byte from 1073741824");
- fl.l_start = 1073741824;
- fl.l_len = 1;
- fl.l_type = F_RDLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Read-locking 510 byte from 1073741826");
- fl.l_start = 1073741826;
- fl.l_len = 510;
- fl.l_type = F_RDLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Unlocking 1 byte from 1073741824");
- fl.l_start = 1073741824;
- fl.l_len = 1;
- fl.l_type = F_UNLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Write-locking 1 byte from 1073741824");
- fl.l_start = 1073741824;
- fl.l_len = 1;
- fl.l_type = F_WRLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Write-locking 510 byte from 1073741826");
- fl.l_start = 1073741826;
- fl.l_len = 510;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- printf(" Unlocking 2 byte from 1073741824");
- fl.l_start = 1073741824;
- fl.l_len = 2;
- fl.l_type = F_UNLCK;
- if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
-
- close(fd);
- return 0;
-}
-
-/*
- * Test if permissions of freshly created directories allow entries
- * below them. This was a problem with OpenOffice.org and gcompris.
- * Mounting with option 'sync' seem to solve this problem while
- * slowing down file operations.
- */
-int test_subdirectory_creation(void) {
-#define LEVELS 5
- char *path = strdup("test");
- char *dirs[LEVELS];
- int level;
- printf("info: testing subdirectory creation\n");
- for (level = 0; level < LEVELS; level++) {
- char *newpath = NULL;
- if (-1 == mkdir(path, 0777)) {
- printf(" error: Unable to create directory '%s': %s\n",
- path, strerror(errno));
- break;
- }
- asprintf(&newpath, "%s/%s", path, "test");
- free(path);
- path = newpath;
- }
- return 0;
-}
-
-/*
- * Test if symlinks can be created. This was a problem detected with
- * KDE.
- */
-int test_symlinks(void) {
- printf("info: testing symlink creation\n");
- unlink("symlink");
- if (-1 == symlink("file", "symlink"))
- printf(" error: Unable to create symlink\n");
- return 0;
-}
-
-int main(int argc, char **argv) {
- printf("Testing POSIX/Unix sematics on file system\n");
- test_symlinks();
- test_subdirectory_creation();
-#ifdef TEST_SQLITE
- test_sqlite_open();
-#endif /* TEST_SQLITE */
- test_gcompris_locking();
- return 0;
-}
-</pre>
-
-<p>When everything is working, it should print something like
-this:</p>
-
-<pre>
-Testing POSIX/Unix sematics on file system
-info: testing symlink creation
-info: testing subdirectory creation
-info: sqlite worked
-info: testing fcntl locking
- Read-locking 1 byte from 1073741824
- Read-locking 510 byte from 1073741826
- Unlocking 1 byte from 1073741824
- Write-locking 1 byte from 1073741824
- Write-locking 510 byte from 1073741826
- Unlocking 2 byte from 1073741824
-</pre>
-
-<p>I do not remember the exact details of the problems we saw, but one
-of them was with locking, where if I remember correctly, POSIX allow a
-read-only lock to be upgraded to a read-write lock without unlocking
-the read-only lock (while Windows do not). Another was a bug in the
-CIFS/SMB client implementation in the Linux kernel where directory
-meta information would be wrong for a fraction of a second, making
-OpenOffice.org fail to create its deep directory tree because it was
-not allowed to create files in its freshly created directory.</p>
-
-<p>Anyway, here is a nice tool for your tool box, might you never need
-it. :)</p>
+<p>Michael Biebl suggested to me on IRC, that I changed my automated
+upgrade testing of the
+<a href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">Lenny
+Gnome and KDE Desktop</a> to do <tt>apt-get autoremove</tt> when using apt-get.
+This seem like a very good idea, so I adjusted by test scripts and
+can now present the updated result from today:</p>
+
+<p>This is for Gnome:</p>
+
+<p>Installed using apt-get, missing with aptitude</p>
+
+<blockquote><p>
+ apache2.2-bin
+ aptdaemon
+ baobab
+ binfmt-support
+ browser-plugin-gnash
+ cheese-common
+ cli-common
+ cups-pk-helper
+ dmz-cursor-theme
+ empathy
+ empathy-common
+ freedesktop-sound-theme
+ freeglut3
+ gconf-defaults-service
+ gdm-themes
+ gedit-plugins
+ geoclue
+ geoclue-hostip
+ geoclue-localnet
+ geoclue-manual
+ geoclue-yahoo
+ gnash
+ gnash-common
+ gnome
+ gnome-backgrounds
+ gnome-cards-data
+ gnome-codec-install
+ gnome-core
+ gnome-desktop-environment
+ gnome-disk-utility
+ gnome-screenshot
+ gnome-search-tool
+ gnome-session-canberra
+ gnome-system-log
+ gnome-themes-extras
+ gnome-themes-more
+ gnome-user-share
+ gstreamer0.10-fluendo-mp3
+ gstreamer0.10-tools
+ gtk2-engines
+ gtk2-engines-pixbuf
+ gtk2-engines-smooth
+ hamster-applet
+ libapache2-mod-dnssd
+ libapr1
+ libaprutil1
+ libaprutil1-dbd-sqlite3
+ libaprutil1-ldap
+ libart2.0-cil
+ libboost-date-time1.42.0
+ libboost-python1.42.0
+ libboost-thread1.42.0
+ libchamplain-0.4-0
+ libchamplain-gtk-0.4-0
+ libcheese-gtk18
+ libclutter-gtk-0.10-0
+ libcryptui0
+ libdiscid0
+ libelf1
+ libepc-1.0-2
+ libepc-common
+ libepc-ui-1.0-2
+ libfreerdp-plugins-standard
+ libfreerdp0
+ libgconf2.0-cil
+ libgdata-common
+ libgdata7
+ libgdu-gtk0
+ libgee2
+ libgeoclue0
+ libgexiv2-0
+ libgif4
+ libglade2.0-cil
+ libglib2.0-cil
+ libgmime2.4-cil
+ libgnome-vfs2.0-cil
+ libgnome2.24-cil
+ libgnomepanel2.24-cil
+ libgpod-common
+ libgpod4
+ libgtk2.0-cil
+ libgtkglext1
+ libgtksourceview2.0-common
+ libmono-addins-gui0.2-cil
+ libmono-addins0.2-cil
+ libmono-cairo2.0-cil
+ libmono-corlib2.0-cil
+ libmono-i18n-west2.0-cil
+ libmono-posix2.0-cil
+ libmono-security2.0-cil
+ libmono-sharpzip2.84-cil
+ libmono-system2.0-cil
+ libmtp8
+ libmusicbrainz3-6
+ libndesk-dbus-glib1.0-cil
+ libndesk-dbus1.0-cil
+ libopal3.6.8
+ libpolkit-gtk-1-0
+ libpt2.6.7
+ libpython2.6
+ librpm1
+ librpmio1
+ libsdl1.2debian
+ libsrtp0
+ libssh-4
+ libtelepathy-farsight0
+ libtelepathy-glib0
+ libtidy-0.99-0
+ media-player-info
+ mesa-utils
+ mono-2.0-gac
+ mono-gac
+ mono-runtime
+ nautilus-sendto
+ nautilus-sendto-empathy
+ p7zip-full
+ pkg-config
+ python-aptdaemon
+ python-aptdaemon-gtk
+ python-axiom
+ python-beautifulsoup
+ python-bugbuddy
+ python-clientform
+ python-coherence
+ python-configobj
+ python-crypto
+ python-cupshelpers
+ python-elementtree
+ python-epsilon
+ python-evolution
+ python-feedparser
+ python-gdata
+ python-gdbm
+ python-gst0.10
+ python-gtkglext1
+ python-gtksourceview2
+ python-httplib2
+ python-louie
+ python-mako
+ python-markupsafe
+ python-mechanize
+ python-nevow
+ python-notify
+ python-opengl
+ python-openssl
+ python-pam
+ python-pkg-resources
+ python-pyasn1
+ python-pysqlite2
+ python-rdflib
+ python-serial
+ python-tagpy
+ python-twisted-bin
+ python-twisted-conch
+ python-twisted-core
+ python-twisted-web
+ python-utidylib
+ python-webkit
+ python-xdg
+ python-zope.interface
+ remmina
+ remmina-plugin-data
+ remmina-plugin-rdp
+ remmina-plugin-vnc
+ rhythmbox-plugin-cdrecorder
+ rhythmbox-plugins
+ rpm-common
+ rpm2cpio
+ seahorse-plugins
+ shotwell
+ software-center
+ system-config-printer-udev
+ telepathy-gabble
+ telepathy-mission-control-5
+ telepathy-salut
+ tomboy
+ totem
+ totem-coherence
+ totem-mozilla
+ totem-plugins
+ transmission-common
+ xdg-user-dirs
+ xdg-user-dirs-gtk
+ xserver-xephyr
+</p></blockquote>
+
+<p>Installed using apt-get, removed with aptitude</p>
+
+<blockquote><p>
+ cheese
+ ekiga
+ eog
+ epiphany-extensions
+ evolution-exchange
+ fast-user-switch-applet
+ file-roller
+ gcalctool
+ gconf-editor
+ gdm
+ gedit
+ gedit-common
+ gnome-games
+ gnome-games-data
+ gnome-nettool
+ gnome-system-tools
+ gnome-themes
+ gnuchess
+ gucharmap
+ guile-1.8-libs
+ libavahi-ui0
+ libdmx1
+ libgalago3
+ libgtk-vnc-1.0-0
+ libgtksourceview2.0-0
+ liblircclient0
+ libsdl1.2debian-alsa
+ libspeexdsp1
+ libsvga1
+ rhythmbox
+ seahorse
+ sound-juicer
+ system-config-printer
+ totem-common
+ transmission-gtk
+ vinagre
+ vino
+</p></blockquote>
+
+<p>Installed using aptitude, missing with apt-get</p>
+
+<blockquote><p>
+ gstreamer0.10-gnomevfs
+</p></blockquote>
+
+<p>Installed using aptitude, removed with apt-get</p>
+
+<blockquote><p>
+[nothing]
+</p></blockquote>
+
+<p>This is for KDE:</p>
+
+<p>Installed using apt-get, missing with aptitude</p>
+
+<blockquote><p>
+ ksmserver
+</p></blockquote>
+
+<p>Installed using apt-get, removed with aptitude</p>
+
+<blockquote><p>
+ kwin
+ network-manager-kde
+</p></blockquote>
+
+<p>Installed using aptitude, missing with apt-get</p>
+
+<blockquote><p>
+ arts
+ dolphin
+ freespacenotifier
+ google-gadgets-gst
+ google-gadgets-xul
+ kappfinder
+ kcalc
+ kcharselect
+ kde-core
+ kde-plasma-desktop
+ kde-standard
+ kde-window-manager
+ kdeartwork
+ kdeartwork-emoticons
+ kdeartwork-style
+ kdeartwork-theme-icon
+ kdebase
+ kdebase-apps
+ kdebase-workspace
+ kdebase-workspace-bin
+ kdebase-workspace-data
+ kdeeject
+ kdelibs
+ kdeplasma-addons
+ kdeutils
+ kdewallpapers
+ kdf
+ kfloppy
+ kgpg
+ khelpcenter4
+ kinfocenter
+ konq-plugins-l10n
+ konqueror-nsplugins
+ kscreensaver
+ kscreensaver-xsavers
+ ktimer
+ kwrite
+ libgle3
+ libkde4-ruby1.8
+ libkonq5
+ libkonq5-templates
+ libnetpbm10
+ libplasma-ruby
+ libplasma-ruby1.8
+ libqt4-ruby1.8
+ marble-data
+ marble-plugins
+ netpbm
+ nuvola-icon-theme
+ plasma-dataengines-workspace
+ plasma-desktop
+ plasma-desktopthemes-artwork
+ plasma-runners-addons
+ plasma-scriptengine-googlegadgets
+ plasma-scriptengine-python
+ plasma-scriptengine-qedje
+ plasma-scriptengine-ruby
+ plasma-scriptengine-webkit
+ plasma-scriptengines
+ plasma-wallpapers-addons
+ plasma-widget-folderview
+ plasma-widget-networkmanagement
+ ruby
+ sweeper
+ update-notifier-kde
+ xscreensaver-data-extra
+ xscreensaver-gl
+ xscreensaver-gl-extra
+ xscreensaver-screensaver-bsod
+</p></blockquote>
+
+<p>Installed using aptitude, removed with apt-get</p>
+
+<blockquote><p>
+ ark
+ google-gadgets-common
+ google-gadgets-qt
+ htdig
+ kate
+ kdebase-bin
+ kdebase-data
+ kdepasswd
+ kfind
+ klipper
+ konq-plugins
+ konqueror
+ ksysguard
+ ksysguardd
+ libarchive1
+ libcln6
+ libeet1
+ libeina-svn-06
+ libggadget-1.0-0b
+ libggadget-qt-1.0-0b
+ libgps19
+ libkdecorations4
+ libkephal4
+ libkonq4
+ libkonqsidebarplugin4a
+ libkscreensaver5
+ libksgrd4
+ libksignalplotter4
+ libkunitconversion4
+ libkwineffects1a
+ libmarblewidget4
+ libntrack-qt4-1
+ libntrack0
+ libplasma-geolocation-interface4
+ libplasmaclock4a
+ libplasmagenericshell4
+ libprocesscore4a
+ libprocessui4a
+ libqalculate5
+ libqedje0a
+ libqtruby4shared2
+ libqzion0a
+ libruby1.8
+ libscim8c2a
+ libsmokekdecore4-3
+ libsmokekdeui4-3
+ libsmokekfile3
+ libsmokekhtml3
+ libsmokekio3
+ libsmokeknewstuff2-3
+ libsmokeknewstuff3-3
+ libsmokekparts3
+ libsmokektexteditor3
+ libsmokekutils3
+ libsmokenepomuk3
+ libsmokephonon3
+ libsmokeplasma3
+ libsmokeqtcore4-3
+ libsmokeqtdbus4-3
+ libsmokeqtgui4-3
+ libsmokeqtnetwork4-3
+ libsmokeqtopengl4-3
+ libsmokeqtscript4-3
+ libsmokeqtsql4-3
+ libsmokeqtsvg4-3
+ libsmokeqttest4-3
+ libsmokeqtuitools4-3
+ libsmokeqtwebkit4-3
+ libsmokeqtxml4-3
+ libsmokesolid3
+ libsmokesoprano3
+ libtaskmanager4a
+ libtidy-0.99-0
+ libweather-ion4a
+ libxklavier16
+ libxxf86misc1
+ okteta
+ oxygencursors
+ plasma-dataengines-addons
+ plasma-scriptengine-superkaramba
+ plasma-widget-lancelot
+ plasma-widgets-addons
+ plasma-widgets-workspace
+ polkit-kde-1
+ ruby1.8
+ systemsettings
+ update-notifier-common
+</p></blockquote>
+
+<p>Running apt-get autoremove made the results using apt-get and
+aptitude a bit more similar, but there are still quite a lott of
+differences. I have no idea what packages should be installed after
+the upgrade, but hope those that do can have a look.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html">Autodetecting Client setup for roaming workstations in Debian Edu</a></div>
- <div class="date">2010-08-07 14:45</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Migrating_Xen_virtual_machines_using_LVM_to_KVM_using_disk_images.html">Migrating Xen virtual machines using LVM to KVM using disk images</a></div>
+ <div class="date">2010-11-22 11:20</div>
<div class="body">
-<p>A few days ago, I
-<a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">tried
-to install</a> a Roaming workation profile from Debian Edu/Squeeze
-while on the university network here at the University of Oslo, and
-noticed how much had to change to get it operational using the
-university infrastructure. It was fairly easy, but it occured to me
-that Debian Edu would improve a lot if I could get the client to
-connect without any changes at all, and thus let the client configure
-itself during installation and first boot to use the infrastructure
-around it. Now I am a huge step further along that road.</p>
-
-<p>With our current squeeze-test packages, I can select the roaming
-workstation profile and get a working laptop connecting to the
-university LDAP server for user and group and our active directory
-servers for Kerberos authentication. All this without any
-configuration at all during installation. My users home directory got
-a bookmark in the KDE menu to mount it via SMB, with the correct URL.
-In short, openldap and sssd is correctly configured. In addition to
-this, the client look for http://wpad/wpad.dat to configure a web
-proxy, and when it fail to find it no proxy settings are stored in
-/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
-configured to look for the same wpad configuration and also do not use
-a proxy when at the university network. If the machine is moved to a
-network with such wpad setup, it would automatically use it when DHCP
-gave it a IP address.</p>
-
-<p>The LDAP server is located using DNS, by first looking for the DNS
-entry ldap.$domain. If this do not exist, it look for the
-_ldap._tcp.$domain SRV records and use the first one as the LDAP
-server. Next, it connects to the LDAP server and search all
-namingContexts entries for posixAccount or posixGroup objects, and
-pick the first one as the LDAP base. For Kerberos, a similar
-algorithm is used to locate the LDAP server, and the realm is the
-uppercase version of $domain.</p>
-
-<p>So, what is not working, you might ask. SMB mounting my home
-directory do not work. No idea why, but suspected the incorrect
-Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
-the cause. These are not properly configured during installation, and
-had to be hand-edited to get the correct Kerberos realm and server,
-but SMB mounting still do not work. :(</p>
-
-<p>With this automatic configuration in place, I expect a Debian Edu
-roaming profile installation would be able to automatically detect and
-connect to any site using LDAP and Kerberos for NSS directory and PAM
-authentication. It should also work out of the box in a Active
-Directory environment providing posixAccount and posixGroup objects
-with UID and GID values.</p>
-
-<p>If you want to help out with implementing these things for Debian
-Edu, please contact us on debian-edu@lists.debian.org.</p>
+<p>Most of the computers in use by the
+<a href="http://www.skolelinux.org/">Debian Edu/Skolelinux project</a>
+are virtual machines. And they have been Xen machines running on a
+fairly old IBM eserver xseries 345 machine, and we wanted to migrate
+them to KVM on a newer Dell PowerEdge 2950 host machine. This was a
+bit harder that it could have been, because we set up the Xen virtual
+machines to get the virtual partitions from LVM, which as far as I
+know is not supported by KVM. So to migrate, we had to convert
+several LVM logical volumes to partitions on a virtual disk file.</p>
+
+<p>I found
+<a href="http://searchnetworking.techtarget.com.au/articles/35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM">a
+nice recipe</a> to do this, and wrote the following script to do the
+migration. It uses qemu-img from the qemu package to make the disk
+image, parted to partition it, losetup and kpartx to present the disk
+image partions as devices, and dd to copy the data. I NFS mounted the
+new servers storage area on the old server to do the migration.</p>
+
+<pre>
+#!/bin/sh
+
+# Based on
+# http://searchnetworking.techtarget.com.au/articles/35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM
+
+set -e
+set -x
+
+if [ -z "$1" ] ; then
+ echo "Usage: $0 <hostname>"
+ exit 1
+else
+ host="$1"
+fi
+
+if [ ! -e /dev/vg_data/$host-disk ] ; then
+ echo "error: unable to find LVM volume for $host"
+ exit 1
+fi
+
+# Partitions need to be a bit bigger than the LVM LVs. not sure why.
+disksize=$( lvs --units m | grep $host-disk | awk '{sum = sum + $4} END { print int(sum * 1.05) }')
+swapsize=$( lvs --units m | grep $host-swap | awk '{sum = sum + $4} END { print int(sum * 1.05) }')
+totalsize=$(( ( $disksize + $swapsize ) ))
+
+img=$host.img
+#dd if=/dev/zero of=$img bs=1M count=$(( $disksize + $swapsize ))
+qemu-img create $img ${totalsize}MMaking room on the Debian Edu/Sqeeze DVD
+
+parted $img mklabel msdos
+parted $img mkpart primary linux-swap 0 $disksize
+parted $img mkpart primary ext2 $disksize $totalsize
+parted $img set 1 boot on
+
+modprobe dm-mod
+losetup /dev/loop0 $img
+kpartx -a /dev/loop0
+
+dd if=/dev/vg_data/$host-disk of=/dev/mapper/loop0p1 bs=1M
+fsck.ext3 -f /dev/mapper/loop0p1 || true
+mkswap /dev/mapper/loop0p2
+
+kpartx -d /dev/loop0
+losetup -d /dev/loop0
+</pre>
+
+<p>The script is perhaps so simple that it is not copyrightable, but
+if it is, it is licenced using GPL v2 or later at your discretion.</p>
+
+<p>After doing this, I booted a Debian CD in rescue mode in KVM with
+the new disk image attached, installed grub-pc and linux-image-686 and
+set up grub to boot from the disk image. After this, the KVM machines
+seem to work just fine.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">Debian Edu roaming workstation - at the university of Oslo</a></div>
- <div class="date">2010-08-03 23:30</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_and_KDE_desktop.html">Lenny->Squeeze upgrades, apt vs aptitude with the Gnome and KDE desktop</a></div>
+ <div class="date">2010-11-20 22:50</div>
<div class="body">
-<p>The new roaming workstation profile in Debian Edu/Squeeze is fairly
-similar to the laptop setup am I working on using Ubuntu for the
-University of Oslo, and just for the heck of it, I tested today how
-hard it would be to integrate that profile into the university
-infrastructure. In this case, it is the university LDAP server,
-Active Directory Kerberos server and SMB mounting from the Netapp file
-servers.</p>
-
-<p>I was pleasantly surprised that the only three files needed to be
-changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
-/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
-(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
-Most of the changes were to get the client to use the university LDAP
-for NSS and Kerberos server for PAM, but one was to change a hard
-coded DNS domain name in the mklocaluser hook from .intern to
-.uio.no.</p>
-
-<p>This testing was so encouraging, that I went ahead and adjusted the
-Debian Edu scripts and setup in subversion to centralise the roaming
-workstation setup a bit more and avoid the hardcoded DNS domain name,
-so that when I test this tomorrow, I expect to get away with modifying
-only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
-university servers.</p>
-
-<p>My goal is to get the clients to have no hardcoded settings and
-fetch all their initial setup during installation and first boot, to
-allow them to be inserted also into environments where the default
-setup in Debian Edu has been changed or as with the university, where
-the environment is different but provides the protocols Debian Edu
-uses.</p>
+<p>I'm still running upgrade testing of the
+<a href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">Lenny
+Gnome and KDE Desktop</a>, but have not had time to spend on reporting the
+status. Here is a short update based on a test I ran 20101118.</p>
+
+<p>I still do not know what a correct migration should look like, so I
+report any differences between apt and aptitude and hope someone else
+can see if anything should be changed.</p>
+
+<p>This is for Gnome:</p>
+
+<p>Installed using apt-get, missing with aptitude</p>
+
+<blockquote><p>
+ apache2.2-bin aptdaemon at-spi baobab binfmt-support
+ browser-plugin-gnash cheese-common cli-common cpp-4.3 cups-pk-helper
+ dmz-cursor-theme empathy empathy-common finger
+ freedesktop-sound-theme freeglut3 gconf-defaults-service gdm-themes
+ gedit-plugins geoclue geoclue-hostip geoclue-localnet geoclue-manual
+ geoclue-yahoo gnash gnash-common gnome gnome-backgrounds
+ gnome-cards-data gnome-codec-install gnome-core
+ gnome-desktop-environment gnome-disk-utility gnome-screenshot
+ gnome-search-tool gnome-session-canberra gnome-spell
+ gnome-system-log gnome-themes-extras gnome-themes-more
+ gnome-user-share gs-common gstreamer0.10-fluendo-mp3
+ gstreamer0.10-tools gtk2-engines gtk2-engines-pixbuf
+ gtk2-engines-smooth hal-info hamster-applet libapache2-mod-dnssd
+ libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap
+ libart2.0-cil libatspi1.0-0 libboost-date-time1.42.0
+ libboost-python1.42.0 libboost-thread1.42.0 libchamplain-0.4-0
+ libchamplain-gtk-0.4-0 libcheese-gtk18 libclutter-gtk-0.10-0
+ libcryptui0 libcupsys2 libdiscid0 libeel2-data libelf1 libepc-1.0-2
+ libepc-common libepc-ui-1.0-2 libfreerdp-plugins-standard
+ libfreerdp0 libgail-common libgconf2.0-cil libgdata-common libgdata7
+ libgdl-1-common libgdu-gtk0 libgee2 libgeoclue0 libgexiv2-0 libgif4
+ libglade2.0-cil libglib2.0-cil libgmime2.4-cil libgnome-vfs2.0-cil
+ libgnome2.24-cil libgnomepanel2.24-cil libgnomeprint2.2-data
+ libgnomeprintui2.2-common libgnomevfs2-bin libgpod-common libgpod4
+ libgtk2.0-cil libgtkglext1 libgtksourceview-common
+ libgtksourceview2.0-common libmono-addins-gui0.2-cil
+ libmono-addins0.2-cil libmono-cairo2.0-cil libmono-corlib2.0-cil
+ libmono-i18n-west2.0-cil libmono-posix2.0-cil
+ libmono-security2.0-cil libmono-sharpzip2.84-cil
+ libmono-system2.0-cil libmtp8 libmusicbrainz3-6
+ libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libopal3.6.8
+ libpolkit-gtk-1-0 libpt-1.10.10-plugins-alsa
+ libpt-1.10.10-plugins-v4l libpt2.6.7 libpython2.6 librpm1 librpmio1
+ libsdl1.2debian libservlet2.4-java libsrtp0 libssh-4
+ libtelepathy-farsight0 libtelepathy-glib0 libtidy-0.99-0
+ libxalan2-java libxerces2-java media-player-info mesa-utils
+ mono-2.0-gac mono-gac mono-runtime nautilus-sendto
+ nautilus-sendto-empathy openoffice.org-writer2latex
+ openssl-blacklist p7zip p7zip-full pkg-config python-4suite-xml
+ python-aptdaemon python-aptdaemon-gtk python-axiom
+ python-beautifulsoup python-bugbuddy python-clientform
+ python-coherence python-configobj python-crypto python-cupshelpers
+ python-cupsutils python-eggtrayicon python-elementtree
+ python-epsilon python-evolution python-feedparser python-gdata
+ python-gdbm python-gst0.10 python-gtkglext1 python-gtkmozembed
+ python-gtksourceview2 python-httplib2 python-louie python-mako
+ python-markupsafe python-mechanize python-nevow python-notify
+ python-opengl python-openssl python-pam python-pkg-resources
+ python-pyasn1 python-pysqlite2 python-rdflib python-serial
+ python-tagpy python-twisted-bin python-twisted-conch
+ python-twisted-core python-twisted-web python-utidylib python-webkit
+ python-xdg python-zope.interface remmina remmina-plugin-data
+ remmina-plugin-rdp remmina-plugin-vnc rhythmbox-plugin-cdrecorder
+ rhythmbox-plugins rpm-common rpm2cpio seahorse-plugins shotwell
+ software-center svgalibg1 system-config-printer-udev
+ telepathy-gabble telepathy-mission-control-5 telepathy-salut tomboy
+ totem totem-coherence totem-mozilla totem-plugins
+ transmission-common xdg-user-dirs xdg-user-dirs-gtk xserver-xephyr
+ zip
+</p></blockquote>
+
+Installed using apt-get, removed with aptitude
+
+<blockquote><p>
+ arj bluez-utils cheese dhcdbd djvulibre-desktop ekiga eog
+ epiphany-extensions epiphany-gecko evolution-exchange
+ fast-user-switch-applet file-roller gcalctool gconf-editor gdm gedit
+ gedit-common gnome-app-install gnome-games gnome-games-data
+ gnome-nettool gnome-system-tools gnome-themes gnome-utils
+ gnome-vfs-obexftp gnome-volume-manager gnuchess gucharmap
+ guile-1.8-libs hal libavahi-compat-libdnssd1 libavahi-core5
+ libavahi-ui0 libbind9-50 libbluetooth2 libcamel1.2-11 libcdio7
+ libcucul0 libcurl3 libdirectfb-1.0-0 libdmx1 libdvdread3
+ libedata-cal1.2-6 libedataserver1.2-9 libeel2-2.20 libepc-1.0-1
+ libepc-ui-1.0-1 libexchange-storage1.2-3 libfaad0 libgadu3
+ libgalago3 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
+ libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
+ libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
+ libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtk-vnc-1.0-0
+ libgtkhtml2-0 libgtksourceview1.0-0 libgtksourceview2.0-0
+ libgucharmap6 libhesiod0 libicu38 libisccc50 libisccfg50 libiw29
+ libjaxp1.3-java-gcj libkpathsea4 liblircclient0 libltdl3 liblwres50
+ libmagick++10 libmagick10 libmalaga7 libmozjs1d libmpfr1ldbl libmtp7
+ libmysqlclient15off libnautilus-burn4 libneon27 libnm-glib0
+ libnm-util0 libopal-2.2 libosp5 libparted1.8-10 libpisock9
+ libpisync1 libpoppler-glib3 libpoppler3 libpt-1.10.10 libraw1394-8
+ libsdl1.2debian-alsa libsensors3 libsexy2 libsmbios2 libsoup2.2-8
+ libspeexdsp1 libssh2-1 libsuitesparse-3.1.0 libsvga1
+ libswfdec-0.6-90 libtalloc1 libtotem-plparser10 libtrackerclient0
+ libvoikko1 libxalan2-java-gcj libxerces2-java-gcj libxklavier12
+ libxtrap6 libxxf86misc1 libzephyr3 mysql-common rhythmbox seahorse
+ sound-juicer swfdec-gnome system-config-printer totem-common
+ totem-gstreamer transmission-gtk vinagre vino w3c-dtd-xhtml wodim
+</p></blockquote>
+
+<p>Installed using aptitude, missing with apt-get</p>
+
+<blockquote><p>
+ gstreamer0.10-gnomevfs
+</p></blockquote>
+
+<p>Installed using aptitude, removed with apt-get</p>
+
+<blockquote><p>
+[nothing]
+</p></blockquote>
+
+<p>This is for KDE:</p>
+
+<p>Installed using apt-get, missing with aptitude</p>
+
+<blockquote><p>
+ autopoint bomber bovo cantor cantor-backend-kalgebra cpp-4.3 dcoprss
+ edict espeak espeak-data eyesapplet fifteenapplet finger gettext
+ ghostscript-x git gnome-audio gnugo granatier gs-common
+ gstreamer0.10-pulseaudio indi kaddressbook-plugins kalgebra
+ kalzium-data kanjidic kapman kate-plugins kblocks kbreakout kbstate
+ kde-icons-mono kdeaccessibility kdeaddons-kfile-plugins
+ kdeadmin-kfile-plugins kdeartwork-misc kdeartwork-theme-window
+ kdeedu kdeedu-data kdeedu-kvtml-data kdegames kdegames-card-data
+ kdegames-mahjongg-data kdegraphics-kfile-plugins kdelirc
+ kdemultimedia-kfile-plugins kdenetwork-kfile-plugins
+ kdepim-kfile-plugins kdepim-kio-plugins kdessh kdetoys kdewebdev
+ kdiamond kdnssd kfilereplace kfourinline kgeography-data kigo
+ killbots kiriki klettres-data kmoon kmrml knewsticker-scripts
+ kollision kpf krosspython ksirk ksmserver ksquares kstars-data
+ ksudoku kubrick kweather libasound2-plugins libboost-python1.42.0
+ libcfitsio3 libconvert-binhex-perl libcrypt-ssleay-perl libdb4.6++
+ libdjvulibre-text libdotconf1.0 liberror-perl libespeak1
+ libfinance-quote-perl libgail-common libgsl0ldbl libhtml-parser-perl
+ libhtml-tableextract-perl libhtml-tagset-perl libhtml-tree-perl
+ libio-stringy-perl libkdeedu4 libkdegames5 libkiten4 libkpathsea5
+ libkrossui4 libmailtools-perl libmime-tools-perl
+ libnews-nntpclient-perl libopenbabel3 libportaudio2 libpulse-browse0
+ libservlet2.4-java libspeechd2 libtiff-tools libtimedate-perl
+ libunistring0 liburi-perl libwww-perl libxalan2-java libxerces2-java
+ lirc luatex marble networkstatus noatun-plugins
+ openoffice.org-writer2latex palapeli palapeli-data parley
+ parley-data poster psutils pulseaudio pulseaudio-esound-compat
+ pulseaudio-module-x11 pulseaudio-utils quanta-data rocs rsync
+ speech-dispatcher step svgalibg1 texlive-binaries texlive-luatex
+ ttf-sazanami-gothic
+</p></blockquote>
+
+<p>Installed using apt-get, removed with aptitude</p>
+
+<blockquote><p>
+ amor artsbuilder atlantik atlantikdesigner blinken bluez-utils cvs
+ dhcdbd djvulibre-desktop imlib-base imlib11 kalzium kanagram kandy
+ kasteroids katomic kbackgammon kbattleship kblackbox kbounce kbruch
+ kcron kdat kdemultimedia-kappfinder-data kdeprint kdict kdvi kedit
+ keduca kenolaba kfax kfaxview kfouleggs kgeography kghostview
+ kgoldrunner khangman khexedit kiconedit kig kimagemapeditor
+ kitchensync kiten kjumpingcube klatin klettres klickety klines
+ klinkstatus kmag kmahjongg kmailcvt kmenuedit kmid kmilo kmines
+ kmousetool kmouth kmplot knetwalk kodo kolf kommander konquest kooka
+ kpager kpat kpdf kpercentage kpilot kpoker kpovmodeler krec
+ kregexpeditor kreversi ksame ksayit kshisen ksig ksim ksirc ksirtet
+ ksmiletris ksnake ksokoban kspaceduel kstars ksvg ksysv kteatime
+ ktip ktnef ktouch ktron kttsd ktuberling kturtle ktux kuickshow
+ kverbos kview kviewshell kvoctrain kwifimanager kwin kwin4 kwordquiz
+ kworldclock kxsldbg libakode2 libarts1-akode libarts1-audiofile
+ libarts1-mpeglib libarts1-xine libavahi-compat-libdnssd1
+ libavahi-core5 libavc1394-0 libbind9-50 libbluetooth2
+ libboost-python1.34.1 libcucul0 libcurl3 libcvsservice0
+ libdirectfb-1.0-0 libdjvulibre21 libdvdread3 libfaad0 libfreebob0
+ libgd2-noxpm libgraphviz4 libgsmme1c2a libgtkhtml2-0 libicu38
+ libiec61883-0 libindex0 libisccc50 libisccfg50 libiw29
+ libjaxp1.3-java-gcj libk3b3 libkcal2b libkcddb1 libkdeedu3
+ libkdegames1 libkdepim1a libkgantt0 libkleopatra1 libkmime2
+ libkpathsea4 libkpimexchange1 libkpimidentities1 libkscan1
+ libksieve0 libktnef1 liblockdev1 libltdl3 liblwres50 libmagick10
+ libmimelib1c2a libmodplug0c2 libmozjs1d libmpcdec3 libmpfr1ldbl
+ libneon27 libnm-util0 libopensync0 libpisock9 libpoppler-glib3
+ libpoppler-qt2 libpoppler3 libraw1394-8 librss1 libsensors3
+ libsmbios2 libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90
+ libtalloc1 libxalan2-java-gcj libxerces2-java-gcj libxtrap6 lskat
+ mpeglib network-manager-kde noatun pmount tex-common texlive-base
+ texlive-common texlive-doc-base texlive-fonts-recommended tidy
+ ttf-dustin ttf-kochi-gothic ttf-sjfonts
+</p></blockquote>
+
+<p>Installed using aptitude, missing with apt-get</p>
+
+<blockquote><p>
+ dolphin kde-core kde-plasma-desktop kde-standard kde-window-manager
+ kdeartwork kdebase kdebase-apps kdebase-workspace
+ kdebase-workspace-bin kdebase-workspace-data kdeutils kscreensaver
+ kscreensaver-xsavers libgle3 libkonq5 libkonq5-templates libnetpbm10
+ netpbm plasma-widget-folderview plasma-widget-networkmanagement
+ xscreensaver-data-extra xscreensaver-gl xscreensaver-gl-extra
+ xscreensaver-screensaver-bsod
+</p></blockquote>
+
+<p>Installed using aptitude, removed with apt-get</p>
+
+<blockquote><p>
+ kdebase-bin konq-plugins konqueror
+</p></blockquote>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html">Circular package dependencies harms apt recovery</a></div>
- <div class="date">2010-07-27 23:50</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Gnash_buildbot_slave_and_Debian_kfreebsd.html">Gnash buildbot slave and Debian kfreebsd</a></div>
+ <div class="date">2010-11-20 07:20</div>
<div class="body">
-<p>I discovered this while doing
-<a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">automated
-testing of upgrades from Debian Lenny to Squeeze</a>. A few packages
-in Debian still got circular dependencies, and it is often claimed
-that apt and aptitude should be able to handle this just fine, but
-some times these dependency loops causes apt to fail.</p>
-
-<p>An example is from todays
-<a href="http://people.skolelinux.org/~pere/debian-upgrade-testing//test-20100727-lenny-squeeze-kde-aptitude.txt">upgrade
-of KDE using aptitude</a>. In it, a bug in kdebase-workspace-data
-causes perl-modules to fail to upgrade. The cause is simple. If a
-package fail to unpack, then only part of packages with the circular
-dependency might end up being unpacked when unpacking aborts, and the
-ones already unpacked will fail to configure in the recovery phase
-because its dependencies are unavailable.</p>
-
-<p>In this log, the problem manifest itself with this error:</p>
-
-<blockquote><pre>
-dpkg: dependency problems prevent configuration of perl-modules:
- perl-modules depends on perl (>= 5.10.1-1); however:
- Version of perl on system is 5.10.0-19lenny2.
-dpkg: error processing perl-modules (--configure):
- dependency problems - leaving unconfigured
-</pre></blockquote>
-
-<p>The perl/perl-modules circular dependency is already
-<a href="http://bugs.debian.org/527917">reported as a bug</a>, and will
-hopefully be solved as soon as possible, but it is not the only one,
-and each one of these loops in the dependency tree can cause similar
-failures. Of course, they only occur when there are bugs in other
-packages causing the unpacking to fail, but it is rather nasty when
-the failure of one package causes the problem to become worse because
-of dependency loops.</p>
-
-<p>Thanks to
-<a href="http://lists.debian.org/debian-devel/2010/06/msg00116.html">the
-tireless effort by Bill Allombert</a>, the number of circular
-dependencies
-<a href="http://debian.semistable.com/debgraph.out.html">left in Debian
-is dropping</a>, and perhaps it will reach zero one day. :)</p>
-
-<p>Todays testing also exposed a bug in
-<a href="http://bugs.debian.org/590605">update-notifier</a> and
-<a href="http://bugs.debian.org/590604">different behaviour</a> between
-apt-get and aptitude, the latter possibly caused by some circular
-dependency. Reported both to BTS to try to get someone to look at
-it.</p>
+<p>Answering
+<a href="http://www.listware.net/201011/gnash-dev/67431-gnash-dev-buildbot-looking-for-slaves.html">the
+call from the Gnash project</a> for
+<a href="http://www.gnashdev.org:8010">buildbot</a> slaves to test the
+current source, I have set up a virtual KVM machine on the Debian
+Edu/Skolelinux virtualization host to test the git source on
+Debian/Squeeze. I hope this can help the developers in getting new
+releases out more often.</p>
+
+<p>As the developers want less main-stream build platforms tested to,
+I have considered setting up a <a
+href="http://www.debian.org/ports/kfreebsd-gnu/">Debian/kfreebsd</a>
+machine as well. I have also considered using the kfreebsd
+architecture in Debian as a file server in NUUG to get access to the 5
+TB zfs volume we currently use to store DV video. Because of this, I
+finally got around to do a test installation of Debian/Squeeze with
+kfreebsd. Installation went fairly smooth, thought I noticed some
+visual glitches in the cdebconf dialogs (black cursor left on the
+screen at random locations). Have not gotten very far with the
+testing. Noticed cfdisk did not work, but fdisk did so it was not a
+fatal problem. Have to spend some more time on it to see if it is
+useful as a file server for NUUG. Will try to find time to set up a
+gnash buildbot slave on the Debian Edu/Skolelinux this weekend.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/
debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html">First Debian Edu test release (alpha0) based on Squeeze is released</a></div>
- <div class="date">2010-07-27 17:45</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/N___er_74_norske_overv__kningskamera_registert_i_OpenStreetmap_org.html">Nå er 74 norske overvåkningskamera registert i OpenStreetmap.org</a></div>
+ <div class="date">2010-11-18 11:25</div>
<div class="body">
-<p>I just posted this announcement culminating several months of work
-with the next Debian Edu release. Not nearly done, but one major step
-completed.</p>
-
-<blockquote>
-<p>This is the first test release based on Squeeze. The focus of this
-release is to test the user application selection. To have a look,
-install the standalone profile and let the developers know if the set
-of installed packages i.e. applications should be modified. If some
-user application is missing, or if there are some applications that no
-longer make sense to be included in Debian Edu, please let us know.
-Also, if a useful application is missing the translation for your
-language of choice, please let us know too.</p>
-
-<p>In addition, feedback and help to polish the desktop (menus,
-artwork, starters, etc.) is appreciated. We would like to ship a nice
-and handy KDE4 desktop targeted for schools out of the box.</p>
-
-<p>The other profiles should be installable, but there is a lot more
-work left to be done before they are ready, so do not expect to
-much.</p>
-
-<p>Changes compared to the lenny based version</p>
-
-<ul>
-<li>Everything from Debian Squeeze
-<ul>
- <li>Desktop environment KDE 4.4 => the new KDE desktop in
- combination with some new artwork
- <li>Web browser Iceweasel 3.5
- <li>OpenOffice.org 3.2
- <li>Educational toolbox GCompris 9.3
- <li>Music creator Rosegarden 10.04.2
- <li>Image editor Gimp 2.6.10
- <li>Virtual universe Celestia 1.6.0
- <li>Virtual stargazer Stellarium 0.10.4
- <li>3D modeler Blender 2.49.2 (new application)
- <li>Video editor Kdenlive 0.7.7 (new application)
-</ul></li>
-<li>Now using Kerberos for password checking (migration not finished).
- Enabled for:
-<ul>
- <li>PAM
- <li>LDAP
- <li>IMAP
- <li>SMTP (sender verification)
-</ul>
-</li>
-<li>New experimental roaming workstation profile for laptops.</li>
-<li>Show welcome page to users when they first log in. The URL is
- fetched from LDAP.</li>
-<li>New LXDE desktop option, in addition to KDE (default) and Gnome.</li>
-<li>General cleanup (not finished)</li>
-</ul>
-<p>The following features are not working as they should</p>
-
-<ul>
-<li>No web based administration tool for creating users and groups. The
- scripts ldap-createuser-krb and ldap-add-user-to-group can be used
- for testing.</li>
-<li>DVD installs are missing debian-installer images for the PXE boot,
- and do not set up the PXE menu on eth0 because of this. LTSP
- clients should still boot from eth1 on thin client servers.</li>
-<li>The restructured KDE menu is not implemented.</li>
-<li>The LDAP server setup need to be reviewed for security.</li>
-<li>The LDAP directory structure need to be reworked.</li>
-<li>Different sets of packages are installed when using the DVD and the
- netinst CD. More packages are installed using the netinst CD.</li>
-<li>The jackd package fail to install. This is believed to be caused by
- some ongoing transition, and hopefully should be solved soon. The
- jackd1 package can be installed manually for those that need it.</li>
-<li>Some packages lack translations. See
- http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status,
- and help out with translations.</li>
-</ul>
-
-<p>To download this multiarch netinstall release you can use</p>
-
-<ul>
-<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
-<li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
-<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</li>
-</ul>
-<p>To download this multiarch dvd release you can use</p>
-
-<ul>
-<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
-<li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
-<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</li>
-</ul>
-
-<p>There is no source DVD available yet. It will be prepared when we
-get closer to the final release.</p>
-
-<p>The MD5SUM of these images are</p>
-
-<ul>
-<li>3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso</li>
-<li>22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso</li>
-</ul>
-
-<p>The SHA1SUM of these images are</p>
-<ul>
-<li>c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso</li>
-<li>2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso</li>
-</ul>
-<p>How to report bugs:
-http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla</p>
-
-<p>Please direct replies to debian-edu@lists.debian.org</p>
-</blockquote>
+<p>Jeg oppdaterte nettopp kartet med overvåkningskamera som
+<a href="http://people.skolelinux.org/pere/blog/Kart_over_overv__kningskamera_i_Norge.html">jeg
+startet</a> for ca. et og et halvt år siden, og nå er det 74 kamera på
+plass. I prosessen med å oppdatere kartet oppdaget jeg ved en
+tilfeldighet at webreferansen til registermeldingen hos Datatilsynet
+nå ikke lenger er gyldig (se
+<a href="http://hetti.datatilsynet.no/melding/report_view.pl?id=31062">tidligere
+melding</a>). Antar Datatilsynet fjerner utdaterte meldinger fra
+databasen. Konsekvensen blir at kameraoversikten i OSM må ha med
+søkekriteriene som ble brukt for å finne registermeldingen
+(dvs. virksomhetsnavn og organisasjonsnummer), slik at eventuelt nye
+meldinger for samme kamera kan finnes igjen.</p>
+
+<p>Det er dukket opp kamera på
+<a href="http://people.skolelinux.no/pere/surveillance-norway/">kartet</a>
+i Bergensområdet, Stavangerområdet, Osloområdet, Gjøvikområdet og i
+Troms. Mange områder og kamera mangler, og jeg er overbevist om at
+bare en brøkdel av den enorme mengden kamera som nå finnes i det
+offentlige rom er registrert så langt. Instrukser for å legge inn
+kamera finnes på websiden for kartet hos
+<a href="http://personvern.no/wiki/index.php/Kameraovervåkning">personvernforeningen</a>.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html">One step closer to single signon in Debian Edu</a></div>
- <div class="date">2010-07-25 10:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Gjendikte_sangen__Copying_Is_Not_Theft__p___Norsk_.html">Gjendikte sangen "Copying Is Not Theft" på Norsk?</a></div>
+ <div class="date">2010-11-10 14:40</div>
<div class="body">
-<p>The last few months me and the other Debian Edu developers have
-been working hard to get the Debian/Squeeze based version of Debian
-Edu/Skolelinux into shape. This future version will use Kerberos for
-authentication, and services are slowly migrated to single signon,
-getting rid of password questions one at the time.</p>
-
-<p>It will also feature a roaming workstation profile with local home
-directory, for laptops that are only some times on the Skolelinux
-network, and for this profile a shortcut is created in Gnome and KDE
-to gain access to the users home directory on the file server. This
-shortcut uses SMB at the moment, and yesterday I had time to test if
-SMB mounting had started working in KDE after we added the cifs-utils
-package. I was pleasantly surprised how well it worked.</p>
-
-<p>Thanks to the recent changes to our samba configuration to get it
-to use Kerberos for authentication, there were no question about user
-password when mounting the SMB volume. A simple click on the shortcut
-in the KDE menu, and a window with the home directory popped
-up. :)</p>
-
-<p>One step closer to a single signon solution out of the box in
-Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now
-also Samba. Next step is Cups and hopefully also NFS.</p>
-
-<p>We had planned a alpha0 release of Debian Edu for today, but thanks
-to the autobuilder administrators for some architectures being slow to
-sign packages, we are still missing the fixed LTSP package we need for
-the release. It was uploaded three days ago with urgency=high, and if
-it had entered testing yesterday we would have been able to test it in
-time for a alpha0 release today. As the binaries for ia64 and powerpc
-still not uploaded to the Debian archive, we need to delay the alpha
-release another day.</p>
-
-<p>If you want to help out with implementing Kerberos for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>En genial liten sang om kopiering og tyveri er
+<a href="http://www.archive.org/details/CopyingIsNotTheft">Copying Is
+Not Theft</a> av Nina Paley. Den vil jeg at
+<a href="http://www.nuug.no/">NUUG</a> skal sende på
+<a href="http://www.frikanalen.no/">Frikanalen</a>, men først må vi
+fikse norske undertekster eller dubbing. Og i og med at det er en
+sang, tror jeg den kanskje bør gjendiktes.
+
+Selve teksten finner en på bloggen til
+<a href="http://blog.ninapaley.com/2009/12/15/minute-meme-1-copying-is-not-theft/">tekstforfatteren</a> og den ser slik ut:
+
+<p><blockquote>
+<p>Copying is not theft.
+<br>Stealing a thing leaves one less left
+<br>Copying it makes one thing more;
+<br>that's what copying's for.</p>
+
+<p>Copying is not theft.
+<br>If I copy yours you have it too
+<br>One for me and one for you
+<br>That's what copies can do</p>
+
+<p>If I steal your bicycle
+<br>you have to take the bus,
+<br>but if I just copy it
+<br>there's one for each of us!</p>
+
+<p>Making more of a thing,
+<br>that is what we call "copying"
+<br>Sharing ideas with everyone
+<br>That's why copying
+<br>is
+<br>FUN!</p>
+</blockquote></p>
+
+<p>Her er et naivt forsøk på oversettelse, uten noe forsøk på
+gjendiktning eller få det til å flyte sammen med melodien.</p>
+
+<p><blockquote>
+<p>Kopiering er ikke tyveri.
+<br>Stjeler du en ting er det en mindre igjen
+<br>Kopier den og det er ting til.
+<br>det er derfor vi har kopiering.</p>
+
+<p>Kopiering er ikke tyveri.
+<br>Hvis jeg kopierer din så har du den fortsatt
+<br>En for meg og en for deg.
+<br>Det er det kopier gir oss</p>
+
+<p>Hvis jeg stjeler sykkelen din
+<br>så må du ta bussen,
+<br>men hvis jeg bare kopierer den,
+<br>så får vi hver vår!</p>
+
+<p>Lage mer av en ting,
+<br>det er det vi kaller "kopiering".
+<br>Deler ideer med enhver
+<br>Det er derfor kopiering
+<br>er
+<br>MORSOMT!</p>
+</blockquote></p>
+
+<p>Hvis du har forslag til bedre oversettelse eller lyst til å bidra
+til å få denne sangen over i norsk språkdrakt, ta kontakt med video
+(at) nuug.no.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html">Digitale restriksjonsmekanismer fikk meg til å slutte å kjøpe musikk</a></div>
- <div class="date">2010-07-22 23:50</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_in_3D.html">Debian in 3D</a></div>
+ <div class="date">2010-11-09 16:10</div>
<div class="body">
-<p>For mange år siden slutte jeg å kjøpe musikk-CDer. Årsaken var at
-musikkbransjen var godt i gang med å selge platene sine med DRM som
-gjorde at jeg ikke fikk spilt av musikken jeg kjøpte på utstyret jeg
-hadde tilgjengelig, dvs. min datamaskin. Det var umulig å se på en
-plate om den var ødelagt eller ikke, og jeg hadde jo allerede en
-anseelig samling med plater, så jeg bestemme meg for å slutte å gi
-penger til en bransje som åpenbart ikke respekterte meg.</p>
-
-<p>Jeg har mange titalls dager med musikk på CD i dag. Det meste er
-lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har
-ikke rukket rippe alt). Jeg ser dermed ikke behovet for å skaffe mer
-musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt
-fornøyd.</p>
-
-<p>Hvis musikkbransjen ønsker mine penger, så må de demonstrere at de
-setter pris på meg som kunde, og ikke skremme meg bort med DRM og
-antydninger om at kundene er kriminelle.</p>
-
-<p>Filmbransjen er like ille, men mens musikk gjerne varer lenge, er
-filmer mer ferskvare. Har dermed ikke helt sluttet å kjøpe filmer, men
-holder meg til DVD-filmer som kan spilles av på mine Linuxbokser.
-Kommer neppe til å ta i bruk Blueray, og ei heller de nye DRM-greiene
-«Ultraviolet» som be annonsert her om dagen.</p>
+<p><img src="http://thingiverse-production.s3.amazonaws.com/renders/23/e0/c4/f9/2b/debswagtdose_preview_medium.jpg"></p>
+
+<p>3D printing is just great. I just came across this Debian logo in
+3D linked in from
+<a href="http://blog.thingiverse.com/2010/11/09/participatory-branding/">the
+thingiverse blog</a>.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/OpenStreetmap_one_step_closer_to_having_routing_on_its_front_page.html">OpenStreetmap one step closer to having routing on its front page</a></div>
- <div class="date">2010-07-18 16:45</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Datatilsynet_mangler_verkt__yet_som_trengs_for____kontrollere_kameraoverv__kning.html">Datatilsynet mangler verktøyet som trengs for å kontrollere kameraovervåkning</a></div>
+ <div class="date">2010-11-09 14:35</div>
<div class="body">
-<p>Thanks to
-<a href="http://feedproxy.google.com/~r/Opengeodata/~3/wUTCzDZk3lc/project-of-the-week-which-way-home">todays
-opengeodata blog entry</a>, I just discovered that the
-OpenStreetmap.org site have gotten
-<a href="http://nroets.dev.openstreetmap.org/demo/index.html?layers=B000FTFTT">support
-for calculating routes</a>. The support is still experimental and
-only available from the development server, until more experience is
-gathered on the user interface and any scalability issues.</p>
-
-<p>Earlier, the routing I knew about using the OpenStreetmap.org data
-was provided by <a href="http://maps.cloudmade.com/">Cloudmade</a>,
-but having it on the main page is required to make everyone aware of
-the issue. I've had people reject Openstreetmap.org as a viable
-alternative for them because the front page lacked routing support,
-and I hope their needs will be catered for when routing show up on the
-www.openstreetmap.org front page.</p>
+<p>En stund tilbake ble jeg oppmerksom på at Datatilsynets verktøy for
+å holde rede på overvåkningskamera i Norge ikke var egnet til annet
+enn å lage statistikk, og ikke kunne brukes for å kontrollere om et
+overvåkningskamera i det offentlige rom er lovlig satt opp og
+registrert. For å teste hypotesen sendte jeg for noen dager siden
+følgende spørsmål til datatilsynet. Det omtalte kameraet står litt
+merkelig plassert i veigrøften ved gangstien langs Sandakerveien, og
+jeg lurer oppriktig på om det er lovlig plassert og registrert.</p>
+
+<p><blockquote>
+<p>Date: Tue, 2 Nov 2010 16:08:20 +0100
+<br>From: Petter Reinholdtsen <pere (at) hungry.com>
+<br>To: postkasse (at) datatilsynet.no
+<br>Subject: Er overvåkningskameraet korrekt registrert?</p>
+
+<p>Hei.</p>
+
+<p>I Nydalen i Oslo er det mange overvåkningskamera, og et av dem er
+spesielt merkelig plassert like over et kumlokk. Jeg lurer på om
+dette kameraet er korrekt registrert og i henhold til lovverket.</p>
+
+<p>Finner ingen eierinformasjon på kameraet, og dermed heller ingenting å
+søke på i <URL:
+<a href="http://hetti.datatilsynet.no/melding/report_search.pl">http://hetti.datatilsynet.no/melding/report_search.pl</a> >.
+Kartreferanse for kameraet er tilgjengelig fra
+<URL:
+<a href="http://people.skolelinux.no/pere/surveillance-norway/?zoom=17&lat=59.94918&lon=10.76962&layers=B0T">http://people.skolelinux.no/pere/surveillance-norway/?zoom=17&lat=59.94918&lon=10.76962&layers=B0T</a> >.
+
+<p>Kan dere fortelle meg om dette kameraet er registrert hos
+Datatilsynet som det skal være i henhold til lovverket?</p>
+
+<p>Det hadde forresten vært fint om rådata fra kameraregisteret var
+tilgjengelig på web og regelmessig oppdatert, for å kunne søke på
+andre ting enn organisasjonsnavn og -nummer ved å laste det ned og
+gjøre egne søk.</p>
+
+<p>Vennlig hilsen,
+<br>--
+<br>Petter Reinholdtsen
+</blockquote></p>
+
+<p>Her er svaret som kom dagen etter:</p>
+
+<p><blockquote>
+<p>Date: Wed, 3 Nov 2010 14:44:09 +0100
+<br>From: "juridisk" <juridisk (at) Datatilsynet.no>
+<br>To: Petter Reinholdtsen
+<br>Subject: VS: Er overvåkningskameraet korrekt registrert?
+
+<p>Viser til e-post av 2. november.
+
+<p>Datatilsynet er det forvaltningsorganet som skal kontrollere at
+personopplysningsloven blir fulgt. Formålet med loven er å verne
+enkeltpersoner mot krenking av personvernet gjennom behandling av
+personopplysninger.</p>
+
+<p>Juridisk veiledningstjeneste hos Datatilsynet gir råd og veiledning
+omkring personopplysningslovens regler på generelt grunnlag.</p>
+
+<p>Datatilsynet har dessverre ikke en fullstendig oversikt over alle
+kameraer, den oversikten som finner er i vår meldingsdatabase som du
+finner her:
+<a href="http://www.datatilsynet.no/templates/article____211.aspx">http://www.datatilsynet.no/templates/article____211.aspx</a></p>
+
+<p>Denne databasen gir en oversikt over virksomheter som har meldt inn
+kameraovervåkning. Dersom man ikek vet hvilken virksomhet som er
+ansvarlig, er det heller ikke mulig for Datatilsynet å søke dette
+opp.</p>
+
+<p>Webkameraer som har så dårlig oppløsning at man ikke kan gjenkjenne
+enkeltpersoner er ikke meldepliktige, da dette ikke anses som
+kameraovervåkning i personopplysningslovens forstand. Dersom kameraet
+du sikter til er et slikt webkamera, vil det kanskje ikke finnes i
+meldingsdatabasen på grunn av dette. Også dersom et kamera med god
+oppløsning ikke filmer mennesker, faller det utenfor loven.</p>
+
+<p>Datatilsynet har laget en veileder som gjennomgår når det er lov å
+overvåke med kamera, se lenke:
+<a href="http://www.datatilsynet.no/templates/article____401.aspx">http://www.datatilsynet.no/templates/article____401.aspx</a></p>
+
+<p>Dersom det ikke er klart hvem som er ansvarlig for kameraet, er det
+vanskelig for Datatilsynet å ta kontakt med den ansvarlige for å få
+avklart om kameraet er satt opp i tråd med tilsynets regelverk. Dersom
+du mener at kameraet ikke er lovlig ut fra informasjonen ovenfor, kan
+kameraet anmeldes til politiet.</p>
+
+<p>Med vennlig hilsen</p>
+
+<p>Maria Bakke
+<br>Juridisk veiledningstjeneste
+<br>Datatilsynet</p>
+</blockquote></p>
+
+<p>Personlig synes jeg det bør være krav om å registrere hvert eneste
+overvåkningskamera i det offentlige rom hos Datatilsynet, med
+kartreferanse og begrunnelse om hvorfor det er satt opp, slik at
+enhver borger enkelt kan hente ut kart over områder vi er interessert
+i og sjekke om det er overvåkningskamera der som er satt opp uten å
+være registert. Slike registreringer skal jo i dag fornyes
+regelmessing, noe jeg mistenker ikke blir gjort. Dermed kan kamera
+som en gang var korrekt registrert nå være ulovlig satt opp. Det
+burde også være bøter for å ha kamera som ikke er korrekt registrert,
+slik at en ikke kan ignorere registrering uten at det får
+konsekvenser.</p>
+
+<p>En ide fra England som jeg har sans (lite annet jeg har sans for
+når det gjelder overvåkningskamera i England) for er at enhver borger
+kan be om å få kopi av det som er tatt opp med et overvåkningskamera i
+det offentlige rom, noe som gjør at det kan komme løpende utgifter ved
+å sette overvåkningskamera. Jeg tror alt som gjør det mindre
+attraktivt å ha overvåkningskamera i det offentlige rom er en god
+ting, så et slikt lovverk i Norge tror jeg hadde vært nyttig.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/kart">kart</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html">What are they searching for - PowerDNS and ISC DHCP in LDAP</a></div>
- <div class="date">2010-07-17 21:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Making_room_on_the_Debian_Edu_Sqeeze_DVD.html">Making room on the Debian Edu/Sqeeze DVD</a></div>
+ <div class="date">2010-11-07 11:45</div>
<div class="body">
-<p>This is a
-<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">followup</a>
-on my
-<a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">previous
-work</a> on
-<a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">merging
-all</a> the computer related LDAP objects in Debian Edu.</p>
-
-<p>As a step to try to see if it possible to merge the DNS and DHCP
-LDAP objects, I have had a look at how the packages pdns-backend-ldap
-and dhcp3-server-ldap in Debian use the LDAP server. The two
-implementations are quite different in how they use LDAP.</p>
-
-To get this information, I started slapd with debugging enabled and
-dumped the debug output to a file to get the LDAP searches performed
-on a Debian Edu main-server. Here is a summary.
-
-<p><strong>powerdns</strong></p>
-
-<a href="http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend">Clues
-on how to</a> set up PowerDNS to use a LDAP backend is available on
-the web.
-
-<p>PowerDNS have two modes of operation using LDAP as its backend.
-One "strict" mode where the forward and reverse DNS lookups are done
-using the same LDAP objects, and a "tree" mode where the forward and
-reverse entries are in two different subtrees in LDAP with a structure
-based on the DNS names, as in tjener.intern and
-2.2.0.10.in-addr.arpa.</p>
-
-<p>In tree mode, the server is set up to use a LDAP subtree as its
-base, and uses a "base" scoped search for the DNS name by adding
-"dc=tjener,dc=intern," to the base with a filter for
-"(associateddomain=tjener.intern)" for the forward entry and
-"dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa," with a filter for
-"(associateddomain=2.2.0.10.in-addr.arpa)" for the reverse entry. For
-forward entries, it is looking for attributes named dnsttl, arecord,
-nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
-txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
-srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
-ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
-spfrecord and modifytimestamp. For reverse entries it is looking for
-the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
-ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
-locrecord, srvrecord, naptrrecord and modifytimestamp. The equivalent
-ldapsearch commands could look like this:</p>
-
-<blockquote><pre>
-ldapsearch -h ldap \
- -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap \
- -b dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=2.2.0.10.in-addr.arpa)'
- dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
- hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
- srvrecord naptrrecord modifytimestamp
-</pre></blockquote>
-
-<p>In Debian Edu/Lenny, the PowerDNS tree mode is used with
-ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
-example LDAP objects used there. In addition to these objects, the
-parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
-also exist.</p>
-
-<blockquote><pre>
-dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain
-objectclass: domainrelatedobject
-dc: tjener
-arecord: 10.0.2.2
-associateddomain: tjener.intern
-
-dn: dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain2
-objectclass: domainrelatedobject
-dc: 2
-ptrrecord: tjener.intern
-associateddomain: 2.2.0.10.in-addr.arpa
-</pre></blockquote>
-
-<p>In strict mode, the server behaves differently. When looking for
-forward DNS entries, it is doing a "subtree" scoped search with the
-same base as in the tree mode for a object with filter
-"(associateddomain=tjener.intern)" and requests the attributes dnsttl,
-arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
-mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
-naptrrecord and modifytimestamp. For reverse entires it also do a
-subtree scoped search but this time the filter is "(arecord=10.0.2.2)"
-and the requested attributes are associateddomain, dnsttl and
-modifytimestamp. In short, in strict mode the objects with ptrrecord
-go away, and the arecord attribute in the forward object is used
-instead.</p>
-
-<p>The forward and reverse searches can be simulated using ldapsearch
-like this:</p>
-
-<blockquote><pre>
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(arecord=10.0.2.2)' associateddomain dnsttl modifytimestamp
-</pre></blockquote>
-
-<p>In addition to the forward and reverse searches , there is also a
-search for SOA records, which behave similar to the forward and
-reverse lookups.</p>
-
-<p>A thing to note with the PowerDNS behaviour is that it do not
-specify any objectclass names, and instead look for the attributes it
-need to generate a DNS reply. This make it able to work with any
-objectclass that provide the needed attributes.</p>
-
-<p>The attributes are normally provided in the cosine (RFC 1274) and
-dnsdomain2 schemas. The latter is used for reverse entries like
-ptrrecord and recent DNS additions like aaaarecord and srvrecord.</p>
-
-<p>In Debian Edu, we have created DNS objects using the object classes
-dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
-attributes) and domainrelatedobject (for associatedDomain). The use
-of structural object classes make it impossible to combine these
-classes with the object classes used by DHCP.</p>
-
-<p>There are other schemas that could be used too, for example the
-dnszone structural object class used by Gosa and bind-sdb for the DNS
-attributes combined with the domainrelatedobject object class, but in
-this case some unused attributes would have to be included as well
-(zonename and relativedomainname).</p>
-
-<p>My proposal for Debian Edu would be to switch PowerDNS to strict
-mode and not use any of the existing objectclasses (dnsdomain,
-dnsdomain2 and dnszone) when one want to combine the DNS information
-with DHCP information, and instead create a auxiliary object class
-defined something like this (using the attributes defined for
-dnsdomain and dnsdomain2 or dnszone):</p>
-
-<blockquote><pre>
-objectclass ( some-oid NAME 'dnsDomainAux'
- SUP top
- AUXILIARY
- MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
- DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
- TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
- NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
- A6Record $ DNAMERecord
- ))
-</pre></blockquote>
-
-<p>This will allow any object to become a DNS entry when combined with
-the domainrelatedobject object class, and allow any entity to include
-all the attributes PowerDNS wants. I've sent an email to the PowerDNS
-developers asking for their view on this schema and if they are
-interested in providing such schema with PowerDNS, and I hope my
-message will be accepted into their mailing list soon.</p>
-
-<p><strong>ISC dhcp</strong></p>
-
-<p>The DHCP server searches for specific objectclass and requests all
-the object attributes, and then uses the attributes it want. This
-make it harder to figure out exactly what attributes are used, but
-thanks to the working example in Debian Edu I can at least get an idea
-what is needed without having to read the source code.</p>
-
-<p>In the DHCP server configuration, the LDAP base to use and the
-search filter to use to locate the correct dhcpServer entity is
-stored. These are the relevant entries from
-/etc/dhcp3/dhcpd.conf:</p>
-
-<blockquote><pre>
-ldap-base-dn "dc=skole,dc=skolelinux,dc=no";
-ldap-dhcp-server-cn "dhcp";
-</pre></blockquote>
-
-<p>The DHCP server uses this information to nest all the DHCP
-configuration it need. The cn "dhcp" is located using the given LDAP
-base and the filter "(&(objectClass=dhcpServer)(cn=dhcp))". The
-search result is this entry:</p>
-
-<blockquote><pre>
-dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
-cn: dhcp
-objectClass: top
-objectClass: dhcpServer
-dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-</pre></blockquote>
-
-<p>The content of the dhcpServiceDN attribute is next used to locate the
-subtree with DHCP configuration. The DHCP configuration subtree base
-is located using a base scope search with base "cn=DHCP
-Config,dc=skole,dc=skolelinux,dc=no" and filter
-"(&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))".
-The search result is this entry:</p>
-
-<blockquote><pre>
-dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: DHCP Config
-objectClass: top
-objectClass: dhcpService
-objectClass: dhcpOptions
-dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
-dhcpStatements: ddns-update-style none
-dhcpStatements: authoritative
-dhcpOption: smtp-server code 69 = array of ip-address
-dhcpOption: www-server code 72 = array of ip-address
-dhcpOption: wpad-url code 252 = text
-</pre></blockquote>
-
-<p>Next, the entire subtree is processed, one level at the time. When
-all the DHCP configuration is loaded, it is ready to receive requests.
-The subtree in Debian Edu contain objects with object classes
-top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
-top/dhcpSubnet, top/dhcpGroup and top/dhcpHost. These provide options
-and information about netmasks, dynamic range etc. Leaving out the
-details here because it is not relevant for the focus of my
-investigation, which is to see if it is possible to merge dns and dhcp
-related computer objects.</p>
-
-<p>When a DHCP request come in, LDAP is searched for the MAC address
-of the client (00:00:00:00:00:00 in this example), using a subtree
-scoped search with "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" as
-the base and "(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
-00:00:00:00:00:00))" as the filter. This is what a host object look
-like:</p>
-
-<blockquote><pre>
-dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: hostname
-objectClass: top
-objectClass: dhcpHost
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname
-</pre></blockquote>
-
-<p>There is less flexiblity in the way LDAP searches are done here.
-The object classes need to have fixed names, and the configuration
-need to be stored in a fairly specific LDAP structure. On the
-positive side, the invidiual dhcpHost entires can be anywhere without
-the DN pointed to by the dhcpServer entries. The latter should make
-it possible to group all host entries in a subtree next to the
-configuration entries, and this subtree can also be shared with the
-DNS server if the schema proposed above is combined with the dhcpHost
-structural object class.
-
-<p><strong>Conclusion</strong></p>
-
-<p>The PowerDNS implementation seem to be very flexible when it come
-to which LDAP schemas to use. While its "tree" mode is rigid when it
-come to the the LDAP structure, the "strict" mode is very flexible,
-allowing DNS objects to be stored anywhere under the base cn specified
-in the configuration.</p>
-
-<p>The DHCP implementation on the other hand is very inflexible, both
-regarding which LDAP schemas to use and which LDAP structure to use.
-I guess one could implement ones own schema, as long as the
-objectclasses and attributes have the names used, but this do not
-really help when the DHCP subtree need to have a fairly fixed
-structure.</p>
-
-<p>Based on the observed behaviour, I suspect a LDAP structure like
-this might work for Debian Edu:</p>
-
-<blockquote><pre>
-ou=services
- cn=machine-info (dhcpService) - dhcpServiceDN points here
- cn=dhcp (dhcpServer)
- cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
- cn=10.0.2.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
- cn=192.168.0.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- ou=machines - PowerDNS base points here
- cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
-</pre></blockquote>
-
-<P>This is not tested yet. If the DHCP server require the dhcpHost
-entries to be in the dhcpGroup subtrees, the entries can be stored
-there instead of a common machines subtree, and the PowerDNS base
-would have to be moved one level up to the machine-info subtree.</p>
-
-<p>The combined object under the machines subtree would look something
-like this:</p>
-
-<blockquote><pre>
-dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
-dc: hostname
-objectClass: top
-objectClass: dhcpHost
-objectclass: domainrelatedobject
-objectclass: dnsDomainAux
-associateddomain: hostname.intern
-arecord: 10.11.12.13
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname.intern
-</pre></blockquote>
-
-</p>One could even add the LTSP configuration associated with a given
-machine, as long as the required attributes are available in a
-auxiliary object class.</p>
+<p>Prioritising packages for the Debian Edu /
+<a href="http://www.skolelinux.org/">Skolelinux</a> DVD, which is
+supposed provide a school with all the services and user applications
+needed on the pupils computer network has always been hard. Even
+schools without Internet connections should be able to get Debian Edu
+working using this DVD.</p>
+
+<p>The job became a lot harder when apt and aptitude started
+installing recommended packages by default. We want the same set of
+packages to be installed when using the DVD and the netinst CD, and
+that means all recommended packages need to be on the DVD. I created
+a patch for debian-cd in <a href="http://bugs.debian.org/601203">BTS
+report #601203</a> to do this, and since this change was applied to
+the Debian Edu DVD build, we have been seriously short on space.</p>
+
+<p>A few days ago we decided to drop blender, wxmaxima and kicad from
+the default installation to save space on the DVD, believing that
+those needing these applications are few and can get them from the
+Debian archive.</p>
+
+<p>Yesterday, I had a look what source packages to see which packages
+were using most space. A few large packages are well know;
+openoffice.org, openclipart and fluid-soundfont. But I also
+discovered that lilypond used 106 MiB and fglrx-driver used 53 MiB.
+The lilypond package is pulled in as a dependency for rosegarden, and
+when looking a bit closer I discovered that 99 MiB of the 106 MiB were
+the documentation package, which is recommended by the binary package.
+I decided to drop this documentation package from our DVD, as most of
+our users will use the GUI front-ends and do not need the lilypond
+documentation. Similarly, I dropped the non-free fglrx-driver package
+which might be installed by d-i when its hardware is detected, as the
+free X driver should work.</p>
+
+<p>With this change, we finally got space for the LXDE and Gnome
+desktop packages as well as the language specific packages making the
+DVD more useful again.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian
">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian
edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (4)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (11)</a></li>
</ul></li>
<h2>Tags</h2>
<ul>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (12)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (35)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (42)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (40)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (50)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (55)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (71)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (8)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (3)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (5)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (71)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (91)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (92)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (113)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (18)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (26)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (4)</a></li>
+
<li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (19)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (13)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (16)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (15)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (13)</a></li>
</ul>
</div>
<p style="text-align: right">
-Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v3.7</a>
+Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v3.2</a>
</p>
</body>
</html>
projects / homepage.git / blobdiff