<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
<item>
- <title>Forcing new users to change their password on first login</title>
- <link>http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</guid>
- <pubDate>Sun, 2 May 2010 13:47:00 +0200</pubDate>
+ <title>Togsatsing på norsk, mot sykkel</title>
+ <link>http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</guid>
+ <pubDate>Wed, 2 Jun 2010 23:45:00 +0200</pubDate>
<description>
-<p>One interesting feature in Active Directory, is the ability to
-create a new user with an expired password, and thus force the user to
-change the password on the first login attempt.</p>
+<p>Det står dårlig til med toget når en finner på å la det
+<a href="http://www.aftenposten.no/nyheter/iriks/article3677060.ece">kappkjøre
+med sykkel</a>... Jeg tror det trengs strukturendringer for å få
+fikset på togproblemene i Norge.</p>
-<p>I'm not quite sure how to do that with the LDAP setup in Debian
-Edu, but did some initial testing with a local account. The account
-and password aging information is available in /etc/shadow, but
-unfortunately, it is not possible to specify an expiration time for
-passwords, only a maximum age for passwords.</p>
-
-<p>A freshly created account (using adduser test) will have these
-settings in /etc/shadow:</p>
-
-<blockquote><pre>
-root@tjener:~# chage -l test
-Last password change : May 02, 2010
-Password expires : never
-Password inactive : never
-Account expires : never
-Minimum number of days between password change : 0
-Maximum number of days between password change : 99999
-Number of days of warning before password expires : 7
-root@tjener:~#
-</pre></blockquote>
-
-<p>The only way I could come up with to create a user with an expired
-account, is to change the date of the last password change to the
-lowest value possible (January 1th 1970), and the maximum password age
-to the difference in days between that date and today. To make it
-simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
-avoid testing if 0 is a valid value).</p>
-
-<p>After using these commands to set it up, it seem to work as
-intended:</p>
-
-<blockquote><pre>
-root@tjener:~# chage -d 1 test; chage -M 10950 test
-root@tjener:~# chage -l test
-Last password change : Jan 02, 1970
-Password expires : never
-Password inactive : never
-Account expires : never
-Minimum number of days between password change : 0
-Maximum number of days between password change : 10950
-Number of days of warning before password expires : 7
-root@tjener:~#
-</pre></blockquote>
-
-<p>So far I have tested this with ssh and console, and kdm (in
-Squeeze) login, and all ask for a new password before login in the
-user (with ssh, I was thrown out and had to log in again).</p>
-
-<p>Perhaps we should set up something similar for Debian Edu, to make
-sure only the user itself have the account password?</p>
-
-<p>If you want to comment on or help out with implementing this for
-Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
-
-<p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
-shadow(8) page in Debian/testing now state that setting the date of
-last password change to zero (0) will force the password to be changed
-on the first login. This was not mentioned in the manual in Lenny, so
-I did not notice this in my initial testing. I have tested it on
-Squeeze, and '<tt>chage -d 0 username</tt>' do work there. I have not
-tested it on Lenny yet.</p>
-
-<p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
-equivalent command to expire a password is '<tt>passwd -e
-username</tt>', which insert zero into the date of the last password
-change.</p>
+<p>Mon tro hva toglinje mellom Narvik og Tromsø ville hatt slags
+effekt på området der?</p>
</description>
</item>
<item>
- <title>Thoughts on roaming laptop setup for Debian Edu</title>
- <link>http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</guid>
- <pubDate>Wed, 28 Apr 2010 20:40:00 +0200</pubDate>
+ <title>KDM fail at boot with NVidia cards - and no one try to fix it?</title>
+ <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</guid>
+ <pubDate>Tue, 1 Jun 2010 17:05:00 +0200</pubDate>
<description>
-<p>For some years now, I have wondered how we should handle laptops in
-Debian Edu. The Debian Edu infrastructure is mostly designed to
-handle stationary computers, and less suited for computers that come
-and go.</p>
-
-<p>Now I finally believe I have an sensible idea on how to adjust
-Debian Edu for laptops, by introducing a new profile for them, for
-example called Roaming Workstations. Here are my thought on this.
-The setup would consist of the following:</p>
-
-<ul>
-
- <li>During installation, the user name of the owner / primary user of
- the laptop is requested and a local home directory is set up for
- the user, with uid and gid information fetched from the LDAP
- server. This allow the user to work also when offline. The
- central home directory can be available in a subdirectory on
- request, for example mounted via CIFS. It could be mounted
- automatically when a user log in while on the Debian Edu network,
- and unmounted when the machine is taken away (network down,
- hibernate, etc), it can be set up to do automatic mounting on
- request (using autofs), or perhaps some GUI button on the desktop
- can be used to access it when needed. Perhaps it is enough to use
- the fish protocol in KDE?</li>
-
- <li>Password checking is set up to use LDAP or Kerberos
- authentication when the machine is on the Debian Edu network, and
- to cache the password for offline checking when the machine unable
- to reach the LDAP or Kerberos server. This can be done using
- <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
- or the Fedora developed
- <a href="https://fedoraproject.org/wiki/Features/SSSD">System
- Security Services Daemon</a> packages.</li>
-
- <li>File synchronisation with the central home directory is set up
- using a shared directory in both the local and the central home
- directory, using unison.</li>
-
- <li>Printing should be set up to print to all printers broadcasting
- their existence on the local network, and should then work out of
- the box with CUPS. For sites needing accurate printer quotas, some
- system with Kerberos authentication or printing via ssh could be
- implemented.</li>
-
- <li>For users that should have local root access to their laptop,
- sudo should be used to allow this to the local user.</li>
-
- <li>It would be nice if user and group information from LDAP is
- cached on the client, but given that there are entries for the
- local user and primary group in /etc/, it should not be needed.</li>
-
-</ul>
-
-<p>I believe all the pieces to implement this are in Debian/testing at
-the moment. If we work quickly, we should be able to get this ready
-in time for the Squeeze release to freeze. Some of the pieces need
-tweaking, like libpam-ccreds should get support for pam-auth-update
-(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
-perhaps debian-edu-config) should get some integration code to stop
-its daemon when the LDAP server is unavailable to avoid long timeouts
-when disconnected from the net. If we get Kerberos enabled, we need
-to make sure we avoid long timeouts there too.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>It is strange to watch how a bug in Debian causing KDM to fail to
+start at boot when an NVidia video card is used is handled. The
+problem seem to be that the nvidia X.org driver uses a long time to
+initialize, and this duration is longer than kdm is configured to
+wait.</p>
+
+<p>I came across two bugs related to this issue,
+<a href="http://bugs.debian.org/583312">#583312</a> initially filed
+against initscripts and passed on to nvidia-glx when it became obvious
+that the nvidia drivers were involved, and
+<a href="http://bugs.debian.org/524751">#524751</a> initially filed against
+kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.</p>
+
+<p>To me, it seem that no-one is interested in actually solving the
+problem nvidia video card owners experience and make sure the Debian
+distribution work out of the box for these users. The nvidia driver
+maintainers expect kdm to be set up to wait longer, while kdm expect
+the nvidia driver maintainers to fix the driver to start faster, and
+while they wait for each other I guess the users end up switching to a
+distribution that work for them. I have no idea what the solution is,
+but I am pretty sure that waiting for each other is not it.</p>
+
+<p>I wonder why we end up handling bugs this way.</p>
</description>
</item>
<item>
- <title>Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</title>
- <link>http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html</guid>
- <pubDate>Mon, 19 Apr 2010 17:10:00 +0200</pubDate>
+ <title>Parallellized boot seem to hold up well in Debian/testing</title>
+ <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</guid>
+ <pubDate>Thu, 27 May 2010 23:55:00 +0200</pubDate>
<description>
-<p>The last few weeks i have had the pleasure of reading a
-thought-provoking collection of essays by Cory Doctorow, on topics
-touching copyright, virtual worlds, the future of man when the
-conscience mind can be duplicated into a computer and many more. The
-book titled "Content: Selected Essays on Technology, Creativity,
-Copyright, and the Future of the Future" is available with few
-restrictions on the web, for example from
-<a href="http://craphound.com/content/">his own site</a>. I read the
-epub-version from
-<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
-<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
-strongly recommend this book.</p>
+<p>A few days ago, parallel booting was enabled in Debian/testing.
+The feature seem to hold up pretty well, but three fairly serious
+issues are known and should be solved:
+
+<p><ul>
+
+<li>The wicd package seen to
+<a href="http://bugs.debian.org/508289">break NFS mounting</a> and
+<a href="http://bugs.debian.org/581586">network setup</a> when
+parallel booting is enabled. No idea why, but the wicd maintainer
+seem to be on the case.</li>
+
+<li>The nvidia X driver seem to
+<a href="http://bugs.debian.org/583312">have a race condition</a>
+triggered more easily when parallel booting is in effect. The
+maintainer is on the case.</li>
+
+<li>The sysv-rc package fail to properly enable dependency based boot
+sequencing (the shutdown is broken) when old file-rc users
+<a href="http://bugs.debian.org/575080">try to switch back</a> to
+sysv-rc. One way to solve it would be for file-rc to create
+/etc/init.d/.legacy-bootordering, and another is to try to make
+sysv-rc more robust. Will investigate some more and probably upload a
+workaround in sysv-rc to help those trying to move from file-rc to
+sysv-rc get a working shutdown.</li>
+
+</ul></p>
+
+<p>All in all not many surprising issues, and all of them seem
+solvable before Squeeze is released. In addition to these there are
+some packages with bugs in their dependencies and run level settings,
+which I expect will be fixed in a reasonable time span.</p>
+
+<p>If you report any problems with dependencies in init.d scripts to
+the BTS, please usertag the report to get it to show up at
+<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
+list of usertagged bugs related to this</a>.</p>
+
+<p>Update: Correct bug number to file-rc issue.</p>
</description>
</item>
<item>
- <title>Kerberos for Debian Edu/Squeeze?</title>
- <link>http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html</guid>
- <pubDate>Wed, 14 Apr 2010 17:20:00 +0200</pubDate>
+ <title>More flexible firmware handling in debian-installer</title>
+ <link>http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html</guid>
+ <pubDate>Sat, 22 May 2010 21:30:00 +0200</pubDate>
<description>
-<p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
-NUUG presentation</a> about Kerberos was inspiring, and reminded me
-about the need to start using Kerberos in Skolelinux. Setting up a
-Kerberos server seem to be straight forward, and if we get this in
-place a long time before the Squeeze version of Debian freezes, we
-have a chance to migrate Skolelinux away from NFSv3 for the home
-directories, and over to an architecture where the infrastructure do
-not have to trust IP addresses and machines, and instead can trust
-users and cryptographic keys instead.</p>
-
-<p>A challenge will be integration and administration. Is there a
-Kerberos implementation for Debian where one can control the
-administration access in Kerberos using LDAP groups? With it, the
-school administration will have to maintain access control using flat
-files on the main server, which give a huge potential for errors.</p>
-
-<p>A related question I would like to know is how well Kerberos and
-pam-ccreds (offline password check) work together. Anyone know?</p>
-
-<p>Next step will be to use Kerberos for access control in Lwat and
-Nagios. I have no idea how much work that will be to implement. We
-would also need to document how to integrate with Windows AD, as such
-shared network will require two Kerberos realms that need to cooperate
-to work properly.</p>
-
-<p>I believe a good start would be to start using Kerberos on the
-skolelinux.no machines, and this way get ourselves experience with
-configuration and integration. A natural starting point would be
-setting up ldap.skolelinux.no as the Kerberos server, and migrate the
-rest of the machines from PAM via LDAP to PAM via Kerberos one at the
-time.</p>
-
-<p>If you would like to contribute to get this working in Skolelinux,
-I recommend you to see the video recording from yesterdays NUUG
-presentation, and start using Kerberos at home. The video show show
-up in a few days.</p>
+<p>After a long break from debian-installer development, I finally
+found time today to return to the project. Having to spend less time
+working dependency based boot in debian, as it is almost complete now,
+definitely helped freeing some time.</p>
+
+<p>A while back, I ran into a problem while working on Debian Edu. We
+include some firmware packages on the Debian Edu CDs, those needed to
+get disk and network controllers working. Without having these
+firmware packages available during installation, it is impossible to
+install Debian Edu on the given machine, and because our target group
+are non-technical people, asking them to provide firmware packages on
+an external medium is a support pain. Initially, I expected it to be
+enough to include the firmware packages on the CD to get
+debian-installer to find and use them. This proved to be wrong.
+Next, I hoped it was enough to symlink the relevant firmware packages
+to some useful location on the CD (tried /cdrom/ and
+/cdrom/firmware/). This also proved to not work, and at this point I
+found time to look at the debian-installer code to figure out what was
+going to work.</p>
+
+<p>The firmware loading code is in the hw-detect package, and a closer
+look revealed that it would only look for firmware packages outside
+the installation media, so the CD was never checked for firmware
+packages. It would only check USB sticks, floppies and other
+"external" media devices. Today I changed it to also look in the
+/cdrom/firmware/ directory on the mounted CD or DVD, which should
+solve the problem I ran into with Debian edu. I also changed it to
+look in /firmware/, to make sure the installer also find firmware
+provided in the initrd when booting the installer via PXE, to allow us
+to provide the same feature in the PXE setup included in Debian
+Edu.</p>
+
+<p>To make sure firmware deb packages with a license questions are not
+activated without asking if the license is accepted, I extended
+hw-detect to look for preinst scripts in the firmware packages, and
+run these before activating the firmware during installation. The
+license question is asked using debconf in the preinst, so this should
+solve the issue for the firmware packages I have looked at so far.</p>
+
+<p>If you want to discuss the details of these features, please
+contact us on debian-boot@lists.debian.org.</p>
</description>
</item>
<item>
- <title>På vegne av vanvitting mange, Aftenposten!</title>
- <link>http://people.skolelinux.org/pere/blog/P___vegne_av_vanvitting_mange__Aftenposten_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/P___vegne_av_vanvitting_mange__Aftenposten_.html</guid>
- <pubDate>Sat, 6 Mar 2010 21:15:00 +0100</pubDate>
+ <title>Magnetstripeinnhold i billetter fra Flytoget og Hurtigruten</title>
+ <link>http://people.skolelinux.org/pere/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html</guid>
+ <pubDate>Fri, 21 May 2010 16:00:00 +0200</pubDate>
<description>
-<p><a href="http://fotball.aftenposten.no/incoming/article163000.ece">Aftenposten
-melder</a> på forsiden av webavisen sin at de tror Erling Fossen
-provoserer nordlendinger med sine uttalelser på
-fotballtinget. Jeg er utflyttet nordlending, og må innrømme at jeg
-ikke kjennet så mye som et snev av provokasjon fra denne litt morsomme
-uttalelsen til Hr. Fossen. Lurer på om Aftenposten har noen kilder
-utenom redaksjonen for sin påstand om at nordledinger er provosert av
-Hr. Fossen. Må innrømme at jeg tviler på det.</p>
-
-<p>Det hele bringer tankene tilbake til Sture Hansen i Hallo i Uken.</p>
+<p>For en stund tilbake kjøpte jeg en magnetkortleser for å kunne
+titte på hva som er skrevet inn på magnetstripene til ulike kort. Har
+ikke hatt tid til å analysere mange kort så langt, men tenkte jeg
+skulle dele innholdet på to kort med mine lesere.</p>
+
+<p>For noen dager siden tok jeg flyet til Harstad og Hurtigruten til
+Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med
+magnetstripe. Påtrykket finner jeg følgende informasjon:</p>
+
+<pre>
+Flytoget Airport Express Train
+
+Fra - Til : Oslo Sentralstasjon
+Kategori : Voksen
+Pris : Nok 170,00
+Herav mva. 8,00% : NOK 12,59
+Betaling : Kontant
+Til - Fra : Oslo Lufthavn
+Utstedt: : 08.05.10
+Gyldig Fra-Til : 08.05.10-07.11.10
+Billetttype : Enkeltbillett
+
+102-1015-100508-48382-01-08
+</pre>
+
+<p>På selve magnetstripen er innholdet
+<tt>;E?+900120011=23250996541068112619257138248441708433322932704083389389062603279671261502492655?</tt>.
+Aner ikke hva innholdet representerer, og det er lite overlapp mellom
+det jeg ser trykket på billetten og det jeg ser av tegn i
+magnetstripen. Håper det betyr at de bruker kryptografiske metoder
+for å gjøre det vanskelig å forfalske billetter.</p>
+
+<p>Den andre billetten er fra Hurtigruten, der jeg mistenker at
+strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert
+fall den biten vi stakk inn i dørlåsen).</p>
+
+<p>Påtrykket forsiden er følgende:</p>
+
+<pre>
+Romnummer 727
+Hurtigruten
+Midnatsol
+Reinholdtsen
+Petter
+Bookingno: SAX69 0742193
+Harstad-Bergen
+Dep: 09.05.2010 Arr: 12.05.2010
+Lugar fra Risøyhamn
+Kost: FRO=4
+</pre>
+
+<p>På selve magnetstripen er innholdet
+<tt>;1316010007421930=00000000000000000000?+E?</tt>. Heller ikke her
+ser jeg mye korrespondanse mellom påtrykk og magnetstripe.</p>
</description>
</item>
<item>
- <title>After 6 years of waiting, the Xreset.d feature is implemented</title>
- <link>http://people.skolelinux.org/pere/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html</guid>
- <pubDate>Sat, 6 Mar 2010 18:15:00 +0100</pubDate>
+ <title>Pieces of the roaming laptop puzzle in Debian</title>
+ <link>http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Pieces_of_the_roaming_laptop_puzzle_in_Debian.html</guid>
+ <pubDate>Wed, 19 May 2010 19:00:00 +0200</pubDate>
<description>
-<p>6 years ago, as part of the Debian Edu development I am involved
-in, I asked for a hook in the kdm and gdm setup to run scripts as root
-when the user log out. A bug was submitted against the xfree86-common
-package in 2004 (<a href="http://bugs.debian.org/230422">#230422</a>),
-and revisited every time Debian Edu was working on a new release.
-Today, this finally paid off.</p>
-
-<p>The framework for this feature was today commited to the git
-repositry for the xorg package, and the git repository for xdm has
-been updated to use this framework. Next on my agenda is to make sure
-kdm and gdm also add code to use this framework.</p>
-
-<p>In Debian Edu, we want to ability to run commands as root when the
-user log out, to get rid of runaway processes and do general cleanup
-after a user. With this framework in place, we finally can do that in
-a generic way that work with all display managers using this
-framework. My goal is to get all display managers in Debian use it,
-similar to how they use the Xsession.d framework today.<p>
+<p>Today, the last piece of the puzzle for roaming laptops in Debian
+Edu finally entered the Debian archive. Today, the new
+<a href="http://packages.qa.debian.org/libp/libpam-mklocaluser.html">libpam-mklocaluser</a>
+package was accepted. Two days ago, two other pieces was accepted
+into unstable. The
+<a href="http://packages.qa.debian.org/p/pam-python.html">pam-python</a>
+package needed by libpam-mklocaluser, and the
+<a href="http://packages.qa.debian.org/s/sssd.html">sssd</a> package
+passed NEW on Monday. In addition, the
+<a href="http://packages.qa.debian.org/libp/libpam-ccreds.html">libpam-ccreds</a>
+package we need is in experimental (version 10-4) since Saturday, and
+hopefully will be moved to unstable soon.</p>
+
+<p>This collection of packages allow for two different setups for
+roaming laptops. The traditional setup would be using libpam-ccreds,
+nscd and libpam-mklocaluser with LDAP or Kerberos authentication,
+which should work out of the box if the configuration changes proposed
+for nscd in <a href="http://bugs.debian.org/485282">BTS report
+#485282</a> is implemented. The alternative setup is to use sssd with
+libpam-mklocaluser to connect to LDAP or Kerberos and let sssd take
+care of the caching of passwords and group information.</p>
+
+<p>I have so far been unable to get sssd to work with the LDAP server
+at the University, but suspect the issue is some SSL/GnuTLS related
+problem with the server certificate. I plan to update the Debian
+package to version 1.2, which is scheduled for next week, and hope to
+find time to make sure the next release will include both the
+Debian/Ubuntu specific patches. Upstream is friendly and responsive,
+and I am sure we will find a good solution.</p>
+
+<p>The idea is to set up the roaming laptops to authenticate using
+LDAP or Kerberos and create a local user with home directory in /home/
+when a usre in LDAP logs in via KDM or GDM for the first time, and
+cache the password for offline checking, as well as caching group
+memberhips and other relevant LDAP information. The
+libpam-mklocaluser package was created to make sure the local home
+directory is in /home/, instead of /site/server/directory/ which would
+be the home directory if pam_mkhomedir was used. To avoid confusion
+with support requests and configuration, we do not want local laptops
+to have users in a path that is used for the same users home directory
+on the home directory servers.</p>
+
+<p>One annoying problem with gdm is that it do not show the PAM
+message passed to the user from libpam-mklocaluser when the local user
+is created. Instead gdm simply reject the login with some generic
+message. The message is shown in kdm, ssh and login, so I guess it is
+a bug in gdm. Have not investigated if there is some other message
+type that can be used instead to get gdm to also show the message.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
<item>
- <title>Digitale bøker uten digitale restriksjonsmekanismer (DRM) bør få mva-fritak</title>
- <link>http://people.skolelinux.org/pere/blog/Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html</guid>
- <pubDate>Wed, 3 Mar 2010 19:00:00 +0100</pubDate>
+ <title>Parallellized boot is now the default in Debian/unstable</title>
+ <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html</guid>
+ <pubDate>Fri, 14 May 2010 22:40:00 +0200</pubDate>
<description>
-<p>Den norske bokbransjen har
-<a href="http://www.digi.no/823912/nei-til-moms-paa-e-boker">bedt om at
-digitale bøker må få mva-fritak</a> slik papirbøker har det, og
-<a href="http://www.digi.no/836875/moms-paa-alt-digitalt-innhold">finansdepartementet
-har sagt nei</a>. Det er et interessant spørsmål om digitale bøker
-bør ha mva-fritak eller ikke, og svaret er ikke så enkelt som et ja
-eller nei.
-<a href="http://www.digi.no/836925/norske-e-boker-truet-av-moms">Enkelte
-medlemmer</a> av bokbransjen truer med å droppe den planlagte
-lanseringen av norske digitale bøker med digitale restriksjonsmekanismer
-(DRM) som de har snakket om å gjennomføre nå i vår, og det må de
-gjerne gjøre for min del.</p>
-
-<p>Papirbøker har mva-fritak pga. at de fremmer kultur- og
-kunnskapsspredning. Digitale bøker uten digitale
-restriksjonsmekanismer (DRM) fremmer kultur- og kunnskapsspredning,
-mens digitale bøker med DRM hindrer kultur og kunnskapsspredning.
-Digitale bøker uten DRM bør få mva-fritak da det er salg av bøker på
-lik linje med salg av papirbøker, mens digitale bøker med DRM ikke bør
-få det da det er utleie av bøker og ikke salg.</p>
-
-<p>Jeg foretrekker å kjøpe bøker, og velger dermed å la være å bruke
-DRM-belastede digitale bøker. Vet ikke helt hva jeg ville være villig
-til å betale for å leie en bok, men tror ikke det er mange kronene.
-Heldigvis er det mye bøker tilgjengelig uten slike restriksjoner, og
-de som vil ha tak i engelske bøker kan laste ned bøker som er
-tilgjengelig uten bruksbegresninger fra <a href="http://www.archive.org/">The
-Internet Archive</a>. Der er det pr. i dag 1 889 313 bøker
-tilgjengelig. De er tilgjengelig i flere formater. Besøk
-<a href="http://www.archive.org/details/texts">oversikten over tekster
-der</a> for å se hva de har.
+<p>Since this evening, parallel booting is the default in
+Debian/unstable for machines using dependency based boot sequencing.
+Apparently the testing of concurrent booting has been wider than
+expected, if I am to believe the
+<a href="http://lists.debian.org/debian-devel/2010/05/msg00122.html">input
+on debian-devel@</a>, and I concluded a few days ago to move forward
+with the feature this weekend, to give us some time to detect any
+remaining problems before Squeeze is frozen. If serious problems are
+detected, it is simple to change the default back to sequential boot.
+The upload of the new sysvinit package also activate a new upstream
+version.</p>
+
+More information about
+<a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
+based boot sequencing</a> is available from the Debian wiki. It is
+currently possible to disable parallel booting when one run into
+problems caused by it, by adding this line to /etc/default/rcS:</p>
+
+<blockquote><pre>
+CONCURRENCY=none
+</pre></blockquote>
+
+<p>If you report any problems with dependencies in init.d scripts to
+the BTS, please usertag the report to get it to show up at
+<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
+list of usertagged bugs related to this</a>.</p>
</description>
</item>
<item>
- <title>Debian Edu / Skolelinux based on Lenny released, work continues</title>
- <link>http://people.skolelinux.org/pere/blog/Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html</guid>
- <pubDate>Thu, 11 Feb 2010 17:15:00 +0100</pubDate>
+ <title>Sitesummary tip: Listing MAC address of all clients</title>
+ <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html</guid>
+ <pubDate>Fri, 14 May 2010 21:10:00 +0200</pubDate>
<description>
-<p>On Tuesday, the Debian/Lenny based version of
-<a href="http://www.skolelinux.org/">Skolelinux</a> was finally
-shipped. This was a major leap forward for the project, and I am very
-pleased that we finally got the release wrapped up. Work on the first
-point release starts imediately, as we plan to get that one out a
-month after the major release, to include all fixes for bugs we found
-and fixed too late in the release process to include last Tuesday.</p>
-
-<p>Perhaps it even is time for some partying?</p>
-
-<p>After this first point release, my plan is to focus again on the
-next major release, based on Squeeze. We will try to get as many of
-the fixes we need into the official Debian packages before the freeze,
-and have just a few weeks or months to make it happen.</p>
+<p>In the recent Debian Edu versions, the
+<a href="http://wiki.debian.org/DebianEdu/HowTo/SiteSummary">sitesummary
+system</a> is used to keep track of the machines in the school
+network. Each machine will automatically report its status to the
+central server after boot and once per night. The network setup is
+also reported, and using this information it is possible to get the
+MAC address of all network interfaces in the machines. This is useful
+to update the DHCP configuration.</p>
+
+<p>To give some idea how to use sitesummary, here is a one-liner to
+ist all MAC addresses of all machines reporting to sitesummary. Run
+this on the collector host:</p>
+
+<blockquote><pre>
+perl -MSiteSummary -e 'for_all_hosts(sub { print join(" ", get_macaddresses(shift)), "\n"; });'
+</pre></blockquote>
+
+<p>This will list all MAC addresses assosiated with all machine, one
+line per machine and with space between the MAC addresses.</p>
+
+<p>To allow system administrators easier job at adding static DHCP
+addresses for hosts, it would be possible to extend this to fetch
+machine information from sitesummary and update the DHCP and DNS
+tables in LDAP using this information. Such tool is unfortunately not
+written yet.</p>
</description>
</item>
<item>
- <title>Danmark går for ODF?</title>
- <link>http://people.skolelinux.org/pere/blog/Danmark_g__r_for_ODF_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Danmark_g__r_for_ODF_.html</guid>
- <pubDate>Fri, 29 Jan 2010 12:00:00 +0100</pubDate>
+ <title>systemd, an interesting alternative to upstart</title>
+ <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html</guid>
+ <pubDate>Thu, 13 May 2010 22:20:00 +0200</pubDate>
<description>
-<p>Ble nettopp gjort oppmerksom på en
-<a href="http://www.version2.dk/artikel/13690-breaking-odf-vinder-dokumentformat-krigen ">nyhet fra Version2</a>
-fra Danmark, der det hevdes at Folketinget har vedtatt at ODF skal
-brukes som dokumentutvekslingsformat i Staten.</p>
-
-<p>Hyggelig lesning, spesielt hvis det viser seg at de av vedtatt
-kravlisten for hva som skal aksepteres som referert i kommentarfeltet
-til artikkelen og
-<a href="http://www.version2.dk/artikel/13693-er-ooxml-doemt-ude-her-er-kravene-til-en-offentlig-dokumentstandard">en
-annen artikkel</a> i samme nett-avis. Liker spesielt godt denne:</p>
-
-<p><blockquote> Det skal demonstreres, at standarden i sin helhed kan
-implementeres af alle direkte i sin helhed på flere
-platforme.</blockquote></p>
-
-<p>Noe slikt burde være et krav også i Norge.</p>
+<p>The last few days a new boot system called
+<a href="http://www.freedesktop.org/wiki/Software/systemd">systemd</a>
+has been
+<a href="http://0pointer.de/blog/projects/systemd.html">introduced</a>
+
+to the free software world. I have not yet had time to play around
+with it, but it seem to be a very interesting alternative to
+<a href="http://upstart.ubuntu.com/">upstart</a>, and might prove to be
+a good alternative for Debian when we are able to switch to an event
+based boot system. Tollef is
+<a href="http://bugs.debian.org/580814">in the process</a> of getting
+systemd into Debian, and I look forward to seeing how well it work. I
+like the fact that systemd handles init.d scripts with dependency
+information natively, allowing them to run in parallel where upstart
+at the moment do not.</p>
+
+<p>Unfortunately do systemd have the same problem as upstart regarding
+platform support. It only work on recent Linux kernels, and also need
+some new kernel features enabled to function properly. This means
+kFreeBSD and Hurd ports of Debian will need a port or a different boot
+system. Not sure how that will be handled if systemd proves to be the
+way forward.</p>
+
+<p>In the mean time, based on the
+<a href="http://lists.debian.org/debian-devel/2010/05/msg00122.html">input
+on debian-devel@</a> regarding parallel booting in Debian, I have
+decided to enable full parallel booting as the default in Debian as
+soon as possible (probably this weekend or early next week), to see if
+there are any remaining serious bugs in the init.d dependencies. A
+new version of the sysvinit package implementing this change is
+already in experimental. If all go well, Squeeze will be released
+with parallel booting enabled by default.</p>
</description>
</item>
<item>
- <title>Automatic Munin and Nagios configuration</title>
- <link>http://people.skolelinux.org/pere/blog/Automatic_Munin_and_Nagios_configuration.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Automatic_Munin_and_Nagios_configuration.html</guid>
- <pubDate>Wed, 27 Jan 2010 15:15:00 +0100</pubDate>
+ <title>Parallellizing the boot in Debian Squeeze - ready for wider testing</title>
+ <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html</guid>
+ <pubDate>Thu, 6 May 2010 23:25:00 +0200</pubDate>
<description>
-<p>One of the new features in the next Debian/Lenny based release of
-Debian Edu/Skolelinux, which is scheduled for release in the next few
-days, is automatic configuration of the service monitoring system
-Nagios. The previous release had automatic configuration of trend
-analysis using Munin, and this Lenny based release take that a step
-further.</p>
-
-<p>When installing a Debian Edu Main-server, it is automatically
-configured as a Munin and Nagios server. In addition, it is
-configured to be a server for the
-<a href="http://wiki.debian.org/DebianEdu/HowTo/SiteSummary">SiteSummary
-system</a> I have written for use in Debian Edu. The SiteSummary
-system is inspired by a system used by the University of Oslo where I
-work. In short, the system provide a centralised collector of
-information about the computers on the network, and a client on each
-computer submitting information to this collector. This allow for
-automatic information on which packages are installed on each machine,
-which kernel the machines are using, what kind of configuration the
-packages got etc. This also allow us to automatically generate Munin
-and Nagios configuration.</p>
-
-<p>All computers reporting to the sitesummary collector with the
-munin-node package installed is automatically enabled as a Munin
-client and graphs from the statistics collected from that machine show
-up automatically on http://www/munin/ on the Main-server.</p>
-
-<p>All non-laptop computers reporting to the sitesummary collector are
-automatically monitored for network presence (ping and any network
-services detected). In addition, all computers (also laptops) with
-the nagios-nrpe-server package installed and configured the way
-sitesummary would configure it, are monitored for full disks, software
-raid status, swap free and other checks that need to run locally on
-the machine.</p>
-
-<p>The result is that the administrator on a school using Debian Edu
-based on Lenny will be able to check the health of his installation
-with one look at the Nagios settings, without having to spend any time
-keeping the Nagios configuration up-to-date.</p>
-
-<p>The only configuration one need to do to get Nagios up and running
-is to set the password used to get access via HTTP. The system
-administrator need to run "<tt>htpasswd /etc/nagios3/htpasswd.users
-nagiosadmin</tt>" to create a nagiosadmin user and set a password for
-it to be able to log into the Nagios web pages. After that,
-everything is taken care of.</p>
+<p>These days, the init.d script dependencies in Squeeze are quite
+complete, so complete that it is actually possible to run all the
+init.d scripts in parallell based on these dependencies. If you want
+to test your Squeeze system, make sure
+<a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
+based boot sequencing</a> is enabled, and add this line to
+/etc/default/rcS:</p>
+
+<blockquote><pre>
+CONCURRENCY=makefile
+</pre></blockquote>
+
+<p>That is it. It will cause sysv-rc to use the startpar tool to run
+scripts in parallel using the dependency information stored in
+/etc/init.d/.depend.boot, /etc/init.d/.depend.start and
+/etc/init.d/.depend.stop to order the scripts. Startpar is configured
+to try to start the kdm and gdm scripts as early as possible, and will
+start the facilities required by kdm or gdm as early as possible to
+make this happen.</p>
+
+<p>Give it a try, and see if you like the result. If some services
+fail to start properly, it is most likely because they have incomplete
+init.d script dependencies in their startup script (or some of their
+dependent scripts have incomplete dependencies). Report bugs and get
+the package maintainers to fix it. :)</p>
+
+<p>Running scripts in parallel could be the default in Debian when we
+manage to get the init.d script dependencies complete and correct. I
+expect we will get there in Squeeze+1, if we get manage to test and
+fix the remaining issues.</p>
+
+<p>If you report any problems with dependencies in init.d scripts to
+the BTS, please usertag the report to get it to show up at
+<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
+list of usertagged bugs related to this</a>.</p>
</description>
</item>
projects / homepage.git / blobdiff