<channel>
<title>Petter Reinholdtsen</title>
<description></description>
- <link></link>
- <atom:link href="index.rss" rel="self" type="application/rss+xml" />
+ <link>http://people.skolelinux.org/pere/blog/</link>
+ <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
<item>
- <title>MVA på bøker med DRM, ikke MVA på bøker uten DRM?</title>
- <link>MVA_p___b__ker_med_DRM__ikke_MVA_p___b__ker_uten_DRM_.html</link>
- <guid isPermaLink="true">MVA_p___b__ker_med_DRM__ikke_MVA_p___b__ker_uten_DRM_.html</guid>
- <pubDate>Wed, 23 Sep 2009 10:00:00 +0200</pubDate>
+ <title>Idea for storing LTSP configuration in LDAP</title>
+ <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</guid>
+ <pubDate>Sun, 11 Jul 2010 22:00:00 +0200</pubDate>
<description>
-<p>Elektroniske bøker diskuteres for tiden, etter at
-<a href="http://www.aftenposten.no/kul_und/litteratur/article3280914.ece">bokbransjen
-hevder</a> det er usikkert om de kommer til å gi ut elektroniske
-bøker så lenge det er merverdiavgift på elektroniske bøker og ikke
-på papirbøker. I den forbindelse så jeg et interessant forslag i
-en
-<a href="http://www.digi.no/php/ny_debatt.php?id=823912">digi-debatt</a>
-jeg hadde sans for. "einarr" foreslo at DRM-infiserte elektroniske
-bøker bør ha merverdiavgift, da "de ikke bidrar til
-kunnskapsspredning på samme måte" som papirbøker og dermed går
-imot intensjonene bak mva-fritaket. Bøker uten DRM derimot bør ha
-mva-fritak da de "kan overføres mellom enheter, leses på ulike
-plattformer, lånes ut og siteres og kopieres fra" slik en kan med
-papirbøker.</p>
-
-<p>En oppfølgerkommentar sier seg enig i dette, da DRM-infisert
-materiale må anses som leid og dermed en tjeneste, mens materiale uten
-DRM må anses som et kjøp.</p>
+<p>Vagrant mentioned on IRC today that ltsp_config now support
+sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
+clients, and that this can be used to fetch configuration from LDAP if
+Debian Edu choose to store configuration there.</p>
+
+<p>Armed with this information, I got inspired and wrote a test module
+to get configuration from LDAP. The idea is to look up the MAC
+address of the client in LDAP, and look for attributes on the form
+ltspconfigsetting=value, and use this to export SETTING=value to the
+LTSP clients.</p>
+
+<p>The goal is to be able to store the LTSP configuration attributes
+in a "computer" LDAP object used by both DNS and DHCP, and thus
+allowing us to store all information about a computer in one place.</p>
+
+<p>This is a untested draft implementation, and I welcome feedback on
+this approach. A real LDAP schema for the ltspClientAux objectclass
+need to be written. Comments, suggestions, etc?</p>
+
+<blockquote><pre>
+# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
+#
+# Fetch LTSP client settings from LDAP based on MAC address
+#
+# Uses ethernet address as stored in the dhcpHost objectclass using
+# the dhcpHWAddress attribute or ethernet address stored in the
+# ieee802Device objectclass with the macAddress attribute.
+#
+# This module is written to be schema agnostic, and only depend on the
+# existence of attribute names.
+#
+# The LTSP configuration variables are saved directly using a
+# ltspConfig prefix and uppercasing the rest of the attribute name.
+# To set the SERVER variable, set the ltspConfigServer attribute.
+#
+# Some LDAP schema should be created with all the relevant
+# configuration settings. Something like this should work:
+#
+# objectclass ( 1.1.2.2 NAME 'ltspClientAux'
+# SUP top
+# AUXILIARY
+# MAY ( ltspConfigServer $ ltsConfigSound $ ... )
+
+LDAPSERVER=$(debian-edu-ldapserver)
+if [ "$LDAPSERVER" ] ; then
+ LDAPBASE=$(debian-edu-ldapserver -b)
+ for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do
+ filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))"
+ ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \
+ grep '^ltspConfig' | while read attr value ; do
+ # Remove prefix and convert to upper case
+ attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z)
+ # bass value on to clients
+ eval "$attr=$value; export $attr"
+ done
+ done
+fi
+</pre></blockquote>
+
+<p>I'm not sure this shell construction will work, because I suspect
+the while block might end up in a subshell causing the variables set
+there to not show up in ltsp-config, but if that is the case I am sure
+the code can be restructured to make sure the variables are passed on.
+I expect that can be solved with some testing. :)</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
<item>
- <title>Sikkerhet til sjøs trenger sjøkart uten bruksbegresninger</title>
- <link>Sikkerhet_til_sj__s_trenger_sj__kart_uten_bruksbegresninger.html</link>
- <guid isPermaLink="true">Sikkerhet_til_sj__s_trenger_sj__kart_uten_bruksbegresninger.html</guid>
- <pubDate>Sun, 23 Aug 2009 10:00:00 +0200</pubDate>
+ <title>jXplorer, a very nice LDAP GUI</title>
+ <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</guid>
+ <pubDate>Fri, 9 Jul 2010 12:55:00 +0200</pubDate>
<description>
-<p>Sikkerhet til sjøs burde være noe som opptar mange etter den siste
-oljeutslippsulykken med Full City, som har drept mye liv langs sjøen.
-En viktig faktor for å bedre sikkerheten til sjøs er at alle som
-ferdes på sjøen har tilgang til oppdaterte sjøkart som forteller hvor
-det grunner og annet en må ta hensyn til på sjøen.</p>
-
-<p>Hvis en er enig i at tilgang til oppdaterte sjøkart er viktig for
-sikkerheten på sjøen, så er det godt å vite at det i dag er teknisk
-mulig å sikre alle enkel tilgang til oppdaterte digitale kart over
-Internet. Det trenger heller ikke være spesielt kostbart.</p>
-
-<p>Både ved Rocknes-ulykken i Vatlestraumen, der 18 mennesker mistet
-livet, og ved Full City-ulykken utenfor Langesund, der mange tonn olje
-lekket ut i havet, var det registrert problemer relatert til
-oppdaterte sjøkart. Ved Rocknes-ulykken var de elektroniske kartene
-som ble brukt ikke oppdatert med informasjon om nyoppdagede grunner og
-losen kjente visst ikke til disse nye grunnene. Papirkartene var dog
-oppdaterte. Ved Full City-ulykken hadde en kontroll av skipet noen
-uker tidligere konstatert manglende sjøkart.</p>
-
-<p>Jeg tror en løsning der digitale sjøkart kunne lastes ned direkte
-fra sjøkartverket av alle som ønsket oppdaterte sjøkart, uten
-brukerbetaling og uten bruksbegresninger knyttet til kartene, vil
-gjøre at flere folk på sjøen vil holde seg med oppdaterte sjøkart,
-eller sjøkart i det hele tatt. Resultatet av dette vil være økt
-sikkerhet på sjøen. En undersøkelse gjennomført av Opinion for
-Gjensidige i 2008 fortalte at halvparten av alle båteierne i landet
-ikke har sjøkart i båten.</p>
-
-<p>Formatet på de digitale sjøkartene som gjøræs tilgjengelig fra
-sjøkartverket må være i henhold til en fri og åpen standard, slik at
-en ikke er låst til enkeltaktørers godvilje når datafilene skal tolkes
-og forstås, men trenger ikke publiseres fra sjøkartverket i alle
-formatene til verdens skips-GPS-er i tillegg. Hvis det ikke er
-kostbart for sjøkartverket bør de gjerne gjøre det selv, men slik
-konvertering kan andre ta seg av hvis det er et marked for det.</p>
-
-<p>Hvis staten mener alvor med å forbedre sikkerheten til sjøs, må de
-gjøre sitt for at alle båteiere har oppdaterte kart, ikke bare snakke
-om hvor viktig det er at de har oppdaterte kart. Det bør være
-viktigere for staten at båtene <strong>har</strong> oppdaterte kart
-enn at de er pålagt å ha oppdaterte kart.</p>
-
-<p>Sjøkartene er <a href="http://kart.kystverket.no/">tilgjengelig på web
-fra kystverket</a>, men så vidt jeg har klart å finne, uten
-bruksvilkår som muliggjør gjenbruk uten bruksbegresninger.</p>
-
-<p>OpenStreetmap.org-folk er lei av mangel på sjøkart, og har startet
-på et dugnadsbasert fribrukskart for havet,
-<a href="http://openseamap.org/">OpenSeaMap</a>. Datagrunnlaget er
-OpenStreetmap, mens framvisningen er tilpasset bruk på sjøen. Det
-gjenstår mye før en kan bruke dette til å seile sikkert på havet, men
-det viser at behovet for fribruks-sjøkart er til stedet.</p>
+<p>Since
+<a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">my
+last post</a> about available LDAP tools in Debian, I was told about a
+LDAP GUI that is even better than luma. The java application
+<a href="http://jxplorer.org/">jXplorer</a> is claimed to be capable of
+moving LDAP objects and subtrees using drag-and-drop, and can
+authenticate using Kerberos. I have only tested the Kerberos
+authentication, but do not have a LDAP setup allowing me to rewrite
+LDAP with my test user yet. It is
+<a href="http://packages.qa.debian.org/j/jxplorer.html">available in
+Debian</a> testing and unstable at the moment. The only problem I
+have with it is how it handle errors. If something go wrong, its
+non-intuitive behaviour require me to go through some query work list
+and remove the failing query. Nothing big, but very annoying.</p>
</description>
</item>
<item>
- <title>Relative popularity of document formats (MS Office vs. ODF)</title>
- <link>Relative_popularity_of_document_formats__MS_Office_vs__ODF_.html</link>
- <guid isPermaLink="true">Relative_popularity_of_document_formats__MS_Office_vs__ODF_.html</guid>
- <pubDate>Wed, 12 Aug 2009 15:50:00 +0200</pubDate>
+ <title>MS Word krøller det til for politiet?</title>
+ <link>http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</guid>
+ <pubDate>Thu, 8 Jul 2010 14:00:00 +0200</pubDate>
<description>
-<p>Just for fun, I did a search right now on Google for a few file ODF
-and MS Office based formats (not to be mistaken for ISO or ECMA
-OOXML), to get an idea of their relative usage. I searched using
-'filetype:odt' and equvalent terms, and got these results:</P>
-
-<table>
-<tr><th>Type</th><th>ODF</th><th>MS Office</th></tr>
-<tr><td>Tekst</td> <td>odt:282000</td> <td>docx:308000</td></tr>
-<tr><td>Presentasjon</td> <td>odp:75600</td> <td>pptx:183000</td></tr>
-<tr><td>Regneark</td> <td>ods:26500 </td> <td>xlsx:145000</td></tr>
-</table>
-
-<p>Next, I added a 'site:no' limit to get the numbers for Norway, and
-got these numbers:</p>
-
-<table>
-<tr><th>Type</th><th>ODF</th><th>MS Office</th></tr>
-<tr><td>Tekst</td> <td>odt:2480 </td> <td>docx:4460</td></tr>
-<tr><td>Presentasjon</td> <td>odp:299 </td> <td>pptx:741</td></tr>
-<tr><td>Regneark</td> <td>ods:187 </td> <td>xlsx:372</td></tr>
-</table>
-
-<p>I wonder how these numbers change over time.</p>
-
-<p>I am aware of Google returning different results and numbers based
-on where the search is done, so I guess these numbers will differ if
-they are conduced in another country. Because of this, I did the same
-search from a machine in California, USA, a few minutes after the
-search done from a machine here in Norway.</p>
-
-
-<table>
-<tr><th>Type</th><th>ODF</th><th>MS Office</th></tr>
-<tr><td>Tekst</td> <td>odt:129000</td> <td>docx:308000</td></tr>
-<tr><td>Presentasjon</td> <td>odp:44200</td> <td>pptx:93900</td></tr>
-<tr><td>Regneark</td> <td>ods:26500 </td> <td>xlsx:82400</td></tr>
-</table>
-
-<p>And with 'site:no':
-
-<table>
-<tr><th>Type</th><th>ODF</th><th>MS Office</th></tr>
-<tr><td>Tekst</td> <td>odt:2480</td> <td>docx:3410</td></tr>
-<tr><td>Presentasjon</td> <td>odp:175</td> <td>pptx:604</td></tr>
-<tr><td>Regneark</td> <td>ods:186 </td> <td>xlsx:296</td></tr>
-</table>
-
-<p>Interesting difference, not sure what to conclude from these
-numbers.</p>
+<p>De siste dagene har Aftenposten
+<a href="http://www.aftenposten.no/nyheter/iriks/article3718597.ece">fortalt</a>
+<a href="http://www.aftenposten.no/nyheter/iriks/article3724249.ece">hvordan</a>
+politet har brukt skriveverktøy som ikke håndterer arabisk tekst og
+tekst som skal skrives fra høyre mot venstre når de har laget
+løpeseddel for å be om informasjon fra publikum. Resultatet har vært
+en uleselig arabisk-bit på løpeseddelen. Feilen har oppstått når
+teksten har blitt "kopiert inn i programvare som ikke har støtte for
+språk som skrives fra høyre mot venstre", og jeg er ganske sikker på
+at det er snakk om Microsoft Office i dette tilfellet. Er det slik at
+MS Office i norsk språkdrakt ikke har støtte for tekst som skal
+skrives fra høyre mot venstre? Jeg tror alle utgaver av
+OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å
+la slik støtte finnes i alle utgaver av et program hvis støtten først
+er utviklet. Aftenpostens melding får meg til å undre om problemet
+ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS
+Office.</p>
+
+<p>Mon tro om det er flere eksempler på at MS Office har ødelagt for
+offentlig myndighet?</p>
</description>
</item>
<item>
- <title>ISO still hope to fix OOXML</title>
- <link>ISO_still_hope_to_fix_OOXML.html</link>
- <guid isPermaLink="true">ISO_still_hope_to_fix_OOXML.html</guid>
- <pubDate>Sat, 8 Aug 2009 14:00:00 +0200</pubDate>
+ <title>Lenny->Squeeze upgrades, apt vs aptitude with the Gnome desktop</title>
+ <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</guid>
+ <pubDate>Sat, 3 Jul 2010 23:55:00 +0200</pubDate>
<description>
-<p>According to <a
-href="http://twerner.blogspot.com/2009/08/defects-of-office-open-xml.html">a
-blog post from Torsten Werner</a>, the current defect report for ISO
-29500 (ISO OOXML) is 809 pages. His interesting point is that the
-defect report is 71 pages more than the full ODF 1.1 specification.
-Personally I find it more interesting that ISO still believe ISO OOXML
-can be fixed in ISO. Personally, I believe it is broken beyon repair,
-and I completely lack any trust in ISO for being able to get anywhere
-close to solving the problems. I was part of the Norwegian committee
-involved in the OOXML fast track process, and was not impressed with
-Standard Norway and ISO in how they handled it.</p>
-
-<p>These days I focus on ODF instead, which seem like a specification
-with the future ahead of it. We are working in NUUG to organise a ODF
-seminar this autumn.</p>
+<p>Here is a short update on my <a
+href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">my
+Debian Lenny->Squeeze upgrade testing</a>. Here is a summary of the
+difference for Gnome when it is upgraded by apt-get and aptitude. I'm
+not reporting the status for KDE, because the upgrade crashes when
+aptitude try because of missing conflicts
+(<a href="http://bugs.debian.org/584861">#584861</a> and
+<a href="http://bugs.debian.org/585716">#585716</a>).</p>
+
+<p>At the end of the upgrade test script, dpkg -l is executed to get a
+complete list of the installed packages. Based on this I see these
+differences when I did a test run today. As usual, I do not really
+know what the correct set of packages would be, but thought it best to
+publish the difference.</p>
+
+<p>Installed using apt-get, missing with aptitude</p>
+
+<blockquote><p>
+ at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
+ libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
+ libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
+ libgtksourceview-common libpt-1.10.10-plugins-alsa
+ libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
+ libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
+ python-4suite-xml python-eggtrayicon python-gtkhtml2
+ python-gtkmozembed svgalibg1 xserver-xephyr zip
+</p></blockquote>
+
+<p>Installed using apt-get, removed with aptitude</p>
+
+<blockquote><p>
+ bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
+ gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
+ libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
+ libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
+ libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
+ libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
+ libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
+ libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
+ libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
+ libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
+ libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
+ libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
+ libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
+ libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
+ libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
+ libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
+ libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
+ libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
+ libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
+ mysql-common swfdec-gnome totem-gstreamer wodim
+</p></blockquote>
+
+<p>Installed using aptitude, missing with apt-get</p>
+
+<blockquote><p>
+ gnome gnome-desktop-environment hamster-applet python-gnomeapplet
+ python-gnomekeyring python-wnck rhythmbox-plugins xorg
+ xserver-xorg-input-all xserver-xorg-input-evdev
+ xserver-xorg-input-kbd xserver-xorg-input-mouse
+ xserver-xorg-input-synaptics xserver-xorg-video-all
+ xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
+ xserver-xorg-video-chips xserver-xorg-video-cirrus
+ xserver-xorg-video-dummy xserver-xorg-video-fbdev
+ xserver-xorg-video-glint xserver-xorg-video-i128
+ xserver-xorg-video-i740 xserver-xorg-video-mach64
+ xserver-xorg-video-mga xserver-xorg-video-neomagic
+ xserver-xorg-video-nouveau xserver-xorg-video-nv
+ xserver-xorg-video-r128 xserver-xorg-video-radeon
+ xserver-xorg-video-radeonhd xserver-xorg-video-rendition
+ xserver-xorg-video-s3 xserver-xorg-video-s3virge
+ xserver-xorg-video-savage xserver-xorg-video-siliconmotion
+ xserver-xorg-video-sis xserver-xorg-video-sisusb
+ xserver-xorg-video-tdfx xserver-xorg-video-tga
+ xserver-xorg-video-trident xserver-xorg-video-tseng
+ xserver-xorg-video-vesa xserver-xorg-video-vmware
+ xserver-xorg-video-voodoo
+</p></blockquote>
+
+<p>Installed using aptitude, removed with apt-get</p>
+
+<blockquote><p>
+ deskbar-applet xserver-xorg xserver-xorg-core
+ xserver-xorg-input-wacom xserver-xorg-video-intel
+ xserver-xorg-video-openchrome
+</p></blockquote>
+
+<p>I was told on IRC that the xorg-xserver package was
+<a href="http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120">changed
+in git</a> today to try to get apt-get to not remove xorg completely.
+No idea when it hits Squeeze, but when it does I hope it will reduce
+the difference somewhat.
</description>
</item>
<item>
- <title>Debian has switched to dependency based boot sequencing</title>
- <link>Debian_has_switched_to_dependency_based_boot_sequencing.html</link>
- <guid isPermaLink="true">Debian_has_switched_to_dependency_based_boot_sequencing.html</guid>
- <pubDate>Mon, 27 Jul 2009 23:50:00 +0200</pubDate>
+ <title>Caching password, user and group on a roaming Debian laptop</title>
+ <link>http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</guid>
+ <pubDate>Thu, 1 Jul 2010 11:40:00 +0200</pubDate>
<description>
-<p>Since this evening, with the upload of sysvinit version 2.87dsf-2,
-and the upload of insserv version 1.12.0-10 yesterday, Debian unstable
-have been migrated to using dependency based boot sequencing. This
-conclude work me and others have been doing for the last three days.
-It feels great to see this finally part of the default Debian
-installation. Now we just need to weed out the last few problems that
-are bound to show up, to get everything ready for Squeeze.</p>
-
-<p>The next step is migrating /sbin/init from sysvinit to upstart, and
-fixing the more fundamental problem of handing the event based
-non-predictable kernel in the early boot.</p>
+<p>For a laptop, centralized user directories and password checking is
+a bit troubling. Laptops are typically used also when not connected
+to the network, and it is vital for a user to be able to log in or
+unlock the screen saver also when a central server is unavailable.
+This is possible by caching passwords and directory information (user
+and group attributes) locally, and the packages to do so are available
+in Debian. Here follow two recipes to set this up in Debian/Squeeze.
+It is also possible to set up in Debian/Lenny, but require more manual
+setup there because pam-auth-update is missing in Lenny.</p>
+
+<h2>LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir</h2>
+
+This is the traditional method with a twist. The password caching is
+provided by libpam-ccreds (version 10-4 or later is needed on
+Squeeze), and the directory caching is done by nscd. The directory
+lookup and password checking is done using LDAP. If one want to use
+Kerberos for password checking the libpam-ldapd package can be
+replaced with libpam-krb5 or libpam-heimdal. If one is happy having a
+local home directory with the path listed in LDAP, one can use the
+pam_mkhomedir module from pam-modules to make this happen instead of
+using libpam-mklocaluser. A setup for pam-auth-update to enable
+pam_mkhomedir will have to be written until a fix for
+<a href="http://bugs.debian.org/568577">bug #568577</a> is in the
+archive. Because I believe it is a bad idea to have local home
+directories using misleading paths like /site/server/partition/, I
+prefer to create a local user with the home directory in /home/. This
+is done using the libpam-mklocaluser package.</p>
+
+<p>These packages need to be installed and configured</p>
+
+<blockquote><pre>
+libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
+</pre></blockquote>
+
+<p>The ldapd packages will ask for LDAP connection information, and
+one have to fill in the values that fits ones own site. Make sure the
+PAM part uses encrypted connections, to make sure the password is not
+sent in clear text to the LDAP server. I've been unable to get TLS
+certificate checking for a self signed certificate working, which make
+LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
+is talking to the correct LDAP server), and very much welcome feedback
+on how to get this working.</p>
+
+<p>Because nscd do not have a default configuration fit for offline
+caching until <a href="http://bugs.debian.org/485282">bug #485282</a>
+is fixed, this configuration should be used instead of the one
+currently in /etc/nscd.conf. The changes are in the fields
+reload-count and positive-time-to-live, and is based on the
+instructions I found in the
+<a href="http://www.flyn.org/laptopldap/">LDAP for Mobile Laptops</a>
+instructions by Flyn Computing.</p>
+
+<blockquote><pre>
+ debug-level 0
+ reload-count unlimited
+ paranoia no
+
+ enable-cache passwd yes
+ positive-time-to-live passwd 2592000
+ negative-time-to-live passwd 20
+ suggested-size passwd 211
+ check-files passwd yes
+ persistent passwd yes
+ shared passwd yes
+ max-db-size passwd 33554432
+ auto-propagate passwd yes
+
+ enable-cache group yes
+ positive-time-to-live group 2592000
+ negative-time-to-live group 20
+ suggested-size group 211
+ check-files group yes
+ persistent group yes
+ shared group yes
+ max-db-size group 33554432
+ auto-propagate group yes
+
+ enable-cache hosts no
+ positive-time-to-live hosts 2592000
+ negative-time-to-live hosts 20
+ suggested-size hosts 211
+ check-files hosts yes
+ persistent hosts yes
+ shared hosts yes
+ max-db-size hosts 33554432
+
+ enable-cache services yes
+ positive-time-to-live services 2592000
+ negative-time-to-live services 20
+ suggested-size services 211
+ check-files services yes
+ persistent services yes
+ shared services yes
+ max-db-size services 33554432
+</pre></blockquote>
+
+<p>While we wait for a mechanism to update /etc/nsswitch.conf
+automatically like the one provided in
+<a href="http://bugs.debian.org/496915">bug #496915</a>, the file
+content need to be manually replaced to ensure LDAP is used as the
+directory service on the machine. /etc/nsswitch.conf should normally
+look like this:</p>
+
+<blockquote><pre>
+passwd: files ldap
+group: files ldap
+shadow: files ldap
+hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
+networks: files
+protocols: files
+services: files
+ethers: files
+rpc: files
+netgroup: files ldap
+</pre></blockquote>
+
+<p>The important parts are that ldap is listed last for passwd, group,
+shadow and netgroup.</p>
+
+<p>With these changes in place, any user in LDAP will be able to log
+in locally on the machine using for example kdm, get a local home
+directory created and have the password as well as user and group
+attributes cached.
+
+<h2>LDAP/Kerberos + nss-updatedb + libpam-ccreds +
+ libpam-mklocaluser/pam_mkhomedir</h2>
+
+<p>Because nscd have had its share of problems, and seem to have
+problems doing proper caching, I've seen suggestions and recipes to
+use nss-updatedb to copy parts of the LDAP database locally when the
+LDAP database is available. I have not tested such setup, because I
+discovered sssd.</p>
+
+<h2>LDAP/Kerberos + sssd + libpam-mklocaluser</h2>
+
+<p>A more flexible and robust setup than the nscd combination
+mentioned earlier that has shown up recently, is the
+<a href="https://fedorahosted.org/sssd/">sssd</a> package from Redhat.
+It is part of the <a href="http://www.freeipa.org/">FreeIPA</A> project
+to provide a Active Directory like directory service for Linux
+machines. The sssd system combines the caching of passwords and user
+information into one package, and remove the need for nscd and
+libpam-ccreds. It support LDAP and Kerberos, but not NIS. Version
+1.2 do not support netgroups, but it is said that it will support this
+in version 1.5 expected to show up later in 2010. Because the
+<a href="http://packages.qa.debian.org/s/sssd.html">sssd package</a>
+was missing in Debian, I ended up co-maintaining it with Werner, and
+version 1.2 is now in testing.
+
+<p>These packages need to be installed and configured to get the
+roaming setup I want</p>
+
+<blockquote><pre>
+libpam-sss libnss-sss libpam-mklocaluser
+</pre></blockquote>
+
+The complete setup of sssd is done by editing/creating
+<tt>/etc/sssd/sssd.conf</tt>.
+
+<blockquote><pre>
+[sssd]
+config_file_version = 2
+reconnection_retries = 3
+sbus_timeout = 30
+services = nss, pam
+domains = INTERN
+
+[nss]
+filter_groups = root
+filter_users = root
+reconnection_retries = 3
+
+[pam]
+reconnection_retries = 3
+
+[domain/INTERN]
+enumerate = false
+cache_credentials = true
+
+id_provider = ldap
+auth_provider = ldap
+chpass_provider = ldap
+
+ldap_uri = ldap://ldap
+ldap_search_base = dc=skole,dc=skolelinux,dc=no
+ldap_tls_reqcert = never
+ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
+</pre></blockquote>
+
+<p>I got the same problem here with certificate checking. Had to set
+"ldap_tls_reqcert = never" to get it working.</p>
+
+<p>With the libnss-sss package in testing at the moment, the
+nsswitch.conf file is update automatically, so there is no need to
+modify it manually.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
<item>
- <title>Taking over sysvinit development</title>
- <link>Taking_over_sysvinit_development.html</link>
- <guid isPermaLink="true">Taking_over_sysvinit_development.html</guid>
- <pubDate>Wed, 22 Jul 2009 23:00:00 +0200</pubDate>
+ <title>LUMA, a very nice LDAP GUI</title>
+ <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</guid>
+ <pubDate>Mon, 28 Jun 2010 00:30:00 +0200</pubDate>
<description>
-<p>After several years of frustration with the lack of activity from
-the existing sysvinit upstream developer, I decided a few weeks ago to
-take over the package and become the new upstream. The number of
-patches to track for the Debian package was becoming a burden, and the
-lack of synchronization between the distribution made it hard to keep
-the package up to date.</p>
-
-<p>On the new sysvinit team is the SuSe maintainer Dr. Werner Fink,
-and my Debian co-maintainer Kel Modderman. About 10 days ago, I made
-a new upstream tarball with version number 2.87dsf (for Debian, SuSe
-and Fedora), based on the patches currently in use in these
-distributions. We Debian maintainers plan to move to this tarball as
-the new upstream as soon as we find time to do the merge. Since the
-new tarball was created, we agreed with Werner at SuSe to make a new
-upstream project at <a href="http://savannah.nongnu.org/">Savannah</a>, and continue
-development there. The project is registered and currently waiting
-for approval by the Savannah administrators, and as soon as it is
-approved, we will import the old versions from svn and continue
-working on the future release.</p>
-
-<p>It is a bit ironic that this is done now, when some of the involved
-distributions are moving to upstart as a syvinit replacement.</p>
+<p>The last few days I have been looking into the status of the LDAP
+directory in Debian Edu, and in the process I started to miss a GUI
+tool to browse the LDAP tree. The only one I was able to find in
+Debian/Squeeze and Lenny is
+<a href="http://luma.sourceforge.net/">LUMA</a>, which has proved to
+be a great tool to get a overview of the current LDAP directory
+populated by default in Skolelinux. Thanks to it, I have been able to
+find empty and obsolete subtrees, misplaced objects and duplicate
+objects. It will be installed by default in Debian/Squeeze. If you
+are working with LDAP, give it a go. :)</p>
+
+<p>I did notice one problem with it I have not had time to report to
+the BTS yet. There is no .desktop file in the package, so the tool do
+not show up in the Gnome and KDE menus, but only deep down in in the
+Debian submenu in KDE. I hope that can be fixed before Squeeze is
+released.</p>
+
+<p>I have not yet been able to get it to modify the tree yet. I would
+like to move objects and remove subtrees directly in the GUI, but have
+not found a way to do that with LUMA yet. So in the mean time, I use
+<a href="http://www.lichteblau.com/ldapvi/">ldapvi</a> for that.</p>
+
+<p>If you have tips on other GUI tools for LDAP that might be useful
+in Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
+
+<p>Update 2010-06-29: Ross Reedstrom tipped us about the
+<a href="http://packages.qa.debian.org/g/gq.html">gq</a> package as a
+useful GUI alternative. It seem like a good tool, but is unmaintained
+in Debian and got a RC bug keeping it out of Squeeze. Unless that
+changes, it will not be an option for Debian Edu based on Squeeze.</p>
</description>
</item>
<item>
- <title>Regjerningens oppsummering av høringen om standardkatalogen versjon 2</title>
- <link>Regjerningens_oppsummering_av_h__ringen_om_standardkatalogen_versjon_2.html</link>
- <guid isPermaLink="true">Regjerningens_oppsummering_av_h__ringen_om_standardkatalogen_versjon_2.html</guid>
- <pubDate>Thu, 9 Jul 2009 14:40:00 +0200</pubDate>
+ <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</title>
+ <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</guid>
+ <pubDate>Thu, 24 Jun 2010 00:35:00 +0200</pubDate>
<description>
-<p>For å forstå mer om hvorfor standardkatalogens versjon 2 ble som
-den ble, har jeg bedt om kopi fra FAD av dokumentene som ble lagt frem
-for regjeringen da de tok sin avgjørelse. De er nå lagt ut på NUUGs
-wiki, direkte tilgjengelig via "<a
-href="http://wiki.nuug.no/uttalelser/200901-standardkatalog-v2?action=AttachFile&do=get&target=kongelig-resolusjon.pdf">Referansekatalogen
-v2.0 - Oppsummering av høring</a>" og "<a
-href="http://wiki.nuug.no/uttalelser/200901-standardkatalog-v2?action=AttachFile&do=get&target=kongelig-resolusjon-katalogutkast.pdf">Referansekatalog
-for IT-standarder i offentlig sektor Versjon 2.0, dd.mm.åååå -
-UTKAST</a>".</p>
-
-<p>Det er tre ting jeg merker meg i oppsummeringen fra
-høringsuttalelsen da jeg skummet igjennom den. Det første er at
-forståelsen av hvordan programvarepatenter påvirker fri
-programvareutvikling også i Norge når en argumenterer med at
-royalty-betaling ikke er et relevant problem i Norge. Det andre er at
-FAD ikke har en prinsipiell forståelse av verdien av en enkelt
-standard innenfor hvert område. Det siste er at påstander i
-høringsuttalelsene ikke blir etterprøvd (f.eks. påstanden fra
-Microsoft om hvordan Ogg blir standardisert og påstanden fra
-politidirektoratet om patentproblemer i Theora).</p>
+<p>A while back, I
+<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">complained
+about the fact</a> that it is not possible with the provided schemas
+for storing DNS and DHCP information in LDAP to combine the two sets
+of information into one LDAP object representing a computer.</p>
+
+<p>In the mean time, I discovered that a simple fix would be to make
+the dhcpHost object class auxiliary, to allow it to be combined with
+the dNSDomain object class, and thus forming one object for one
+computer when storing both DHCP and DNS information in LDAP.</p>
+
+<p>If I understand this correctly, it is not safe to do this change
+without also changing the assigned number for the object class, and I
+do not know enough about LDAP schema design to do that properly for
+Debian Edu.</p>
+
+<p>Anyway, for future reference, this is how I believe we could change
+the
+<a href="http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00">DHCP
+schema</a> to solve at least part of the problem with the LDAP schemas
+available today from IETF.</p>
+
+<pre>
+--- dhcp.schema (revision 65192)
++++ dhcp.schema (working copy)
+@@ -376,7 +376,7 @@
+ objectclass ( 2.16.840.1.113719.1.203.6.6
+ NAME 'dhcpHost'
+ DESC 'This represents information about a particular client'
+- SUP top
++ SUP top AUXILIARY
+ MUST cn
+ MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+ X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+</pre>
+
+<p>I very much welcome clues on how to do this properly for Debian
+Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
+package, and should thus be free to rewrite it as we see fit.</p>
+
+<p>If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</description>
</item>
<item>
- <title>Regjerningen forlater prinsippet om ingen royalty-betaling i standardkatalogen versjon 2</title>
- <link>Regjerningen_forlater_prinsippet_om_ingen_royalty_betaling_i_standardkatalogen_versjon_2.html</link>
- <guid isPermaLink="true">Regjerningen_forlater_prinsippet_om_ingen_royalty_betaling_i_standardkatalogen_versjon_2.html</guid>
- <pubDate>Mon, 6 Jul 2009 21:00:00 +0200</pubDate>
+ <title>Calling tasksel like the installer, while still getting useful output</title>
+ <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</guid>
+ <pubDate>Wed, 16 Jun 2010 14:55:00 +0200</pubDate>
<description>
-<p>Jeg ble glad da regjeringen
-<a href="http://www.digi.no/817635/her-er-statens-nye-it-standarder">annonserte</a>
-versjon 2 av
-<a href="http://www.regjeringen.no/upload/FAD/Vedlegg/IKT-politikk/Referansekatalogen_versjon2.pdf">statens
-referansekatalog over standarder</a>, men trist da jeg leste hva som
-faktisk var vedtatt etter
-<a href="http://www.regjeringen.no/nb/dep/fad/dok/horinger/horingsdokumenter/2009/horing---referansekatalog-versjon-2.html">høringen</a>.
-De fleste av de valgte åpne standardene er gode og vil bidra til at
-alle kan delta på like vilkår i å lage løsninger for staten, men
-noen av dem blokkerer for de som ikke har anledning til å benytte
-spesifikasjoner som krever betaling for bruk (såkalt
-royalty-betaling). Det gjelder spesifikt for H.264 for video og MP3
-for lyd. Så lenge bruk av disse var valgfritt mens Ogg Theora og Ogg
-Vorbis var påkrevd, kunne alle som ønsket å spille av video og lyd
-fra statens websider gjøre dette uten å måtte bruke programmer der
-betaling for bruk var nødvendig. Når det nå er gjort valgfritt for
-de statlige etatene å bruke enten H.264 eller Theora (og MP3 eler
-Vorbis), så vil en bli tvunget til å forholde seg til
-royalty-belastede standarder for å få tilgang til videoen og
-lyden.</p>
-
-<p>Det gjør meg veldig trist at regjeringen har forlatt prinsippet om
-at alle standarder som ble valgt til å være påkrevd i katalogen skulle
-være uten royalty-betaling. Jeg håper det ikke betyr at en har mistet
-all forståelse for hvilke prinsipper som må følges for å oppnå
-likeverdig konkurranse mellom aktørene i IT-bransjen. NUUG advarte
-mot dette i
-<a href="http://wiki.nuug.no/uttalelser/200901-standardkatalog-v2">sin
-høringsuttalelse</a>, men ser ut til å ha blitt ignorert.</p>
+<p>A few times I have had the need to simulate the way tasksel
+installs packages during the normal debian-installer run. Until now,
+I have ended up letting tasksel do the work, with the annoying problem
+of not getting any feedback at all when something fails (like a
+conffile question from dpkg or a download that fails), using code like
+this:
+
+<blockquote><pre>
+export DEBIAN_FRONTEND=noninteractive
+tasksel --new-install
+</pre></blockquote>
+
+This would invoke tasksel, let its automatic task selection pick the
+tasks to install, and continue to install the requested tasks without
+any output what so ever.
+
+Recently I revisited this problem while working on the automatic
+package upgrade testing, because tasksel would some times hang without
+any useful feedback, and I want to see what is going on when it
+happen. Then it occured to me, I can parse the output from tasksel
+when asked to run in test mode, and use that aptitude command line
+printed by tasksel then to simulate the tasksel run. I ended up using
+code like this:
+
+<blockquote><pre>
+export DEBIAN_FRONTEND=noninteractive
+cmd="$(in_target tasksel -t --new-install | sed 's/debconf-apt-progress -- //')"
+$cmd
+</pre></blockquote>
+
+<p>The content of $cmd is typically something like "<tt>aptitude -q
+--without-recommends -o APT::Install-Recommends=no -y install
+~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
+~pimportant</tt>", which will install the gnome desktop task, the
+laptop task and all packages with priority standard , required and
+important, just like tasksel would have done it during
+installation.</p>
+
+<p>A better approach is probably to extend tasksel to be able to
+install packages without using debconf-apt-progress, for use cases
+like this.</p>
</description>
</item>
<item>
- <title>Microsofts misvisende argumentasjon rundt multimediaformater</title>
- <link>Microsofts_misvisende_argumentasjon_rundt_multimediaformater.html</link>
- <guid isPermaLink="true">Microsofts_misvisende_argumentasjon_rundt_multimediaformater.html</guid>
- <pubDate>Fri, 26 Jun 2009 15:30:00 +0200</pubDate>
+ <title>Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme</title>
+ <link>http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</guid>
+ <pubDate>Wed, 16 Jun 2010 11:00:00 +0200</pubDate>
<description>
-<p>I
-<a href="http://www.regjeringen.no/upload/FAD/Vedlegg/Hoeringer/Refkat_V2/MicrosoftNorge.pdf">Microsoft
-sin høringsuttalelse</a> til
-<a href="http://www.regjeringen.no/nb/dep/fad/dok/horinger/horingsdokumenter/2009/horing---referansekatalog-versjon-2.html?id=549422">forslag
-til versjon 2 av statens referansekatalog over standarder</a>, lirer
-de av seg følgende FUD-perle:</p>
-
-<p><blockquote>"Vorbis, OGG, Theora og FLAC er alle tekniske
- spesifikasjoner overordnet styrt av xiph.org, som er en
- ikke-kommersiell organisasjon. Etablerte og anerkjente
- standardiseringsorganisasjoner, som Oasis, W3C og Ecma, har en godt
- innarbeidet vedlikeholds- og forvaltningsprosess av en standard.
- Det er derimot helt opp til hver enkelt organisasjon å bestemme
- hvordan tekniske spesifikasjoner videreutvikles og endres, og disse
- spesifikasjonene bør derfor ikke defineres som åpne
- standarder."</blockquote></p>
-
-<p>De vokter seg vel for å nevne den anerkjente
-standardiseringsorganisasjonen IETF, som er organisasjonen bak HTTP,
-IP og det meste av protokoller på Internet, og RFC-standardene som
-IETF står bak. Ogg er spesifisert i
-<a href="http://ietf.org/rfc/rfc3533.txt">RFC 3533</a>, og er uten
-tvil å anse som en åpen standard. Vorbis er
-<a href="http://ietf.org/rfc/rfc5215.txt">RFC 5215</a>. Theora er
-
-under standardisering via IETF, med
-<a href="http://svn.xiph.org/trunk/theora/doc/draft-ietf-avt-rtp-theora-00.txt">siste
-utkast publisert 2006-07-21</a> (riktignok er dermed teksten ikke
-skrevet i stein ennå, men det blir neppe endringer som ikke er
-bakoverkompatibel). De kan være inne på noe når det gjelder FLAC da
-jeg ikke finner tegn til at <a
-href="http://flac.sourceforge.net/format.html">spesifikasjonen
-tilgjengelig på web</a> er på tur via noen
-standardiseringsorganisasjon, men i og med at folkene bak Ogg, Theora
-og Vorbis også har involvert seg i Flac siden 2003, så ser jeg ikke
-bort fra at også den organiseres via IETF. Jeg kjenner personlig lite
-til FLAC.</p>
-
-<p>Uredelig argumentasjon bør en holde seg for god til å komme med,
-spesielt når det er så enkelt i dagens Internet-hverdag å gå
-misvisende påstander etter i sømmene.</p>
+<p><a href="http://www.dagbladet.no/2010/06/16/nyheter/innenriks/streik/arbeidsliv/12157858/">Dagbladet
+melder</a> at Vinmonopolet med bakgrunn i vekterstreiken som pågår i
+Norge for tiden, har bestemt seg for med vitende og vilje å bryte
+sentralbanklovens paragraf 14 ved å nekte folk å betale med
+kontanter, og at flere butikker planlegger å følge deres eksempel.
+Jeg synes det er hårreisende hvis de slipper unna med et slikt
+soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis
+jeg blir nektet å handle med kontanter. Jeg handler i hovedsak med
+kontanter selv, da jeg anser det som en borgerrett å kunne handle
+anonymt uten at det blir registrert. For meg er det et angrep på mitt
+personvern å nekte å ta imot kontant betaling.</p>
+
+<p><a href="http://www.lovdata.no/all/tl-19850524-028-003.html#14">Paragrafen
+i sentralbankloven</a> lyder:</p>
+
+<blockquote>
+<p>§ 14. Tvungent betalingsmiddel</p>
+
+<p>Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen
+er pliktig til i én betaling å ta imot mer enn femogtyve mynter av
+hver enhet.</p>
+
+<p>Sterkt skadde sedler og mynter er ikke tvungent
+betalingsmiddel. Banken gir nærmere forskrifter om erstatning for
+bortkomne, brente eller skadde sedler og mynter.</p>
+
+<p>Selv om en avtale inneholder klausul om betaling av en
+pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne
+betalingsmidler uten hensyn til denne klausul.</p>
+</blockquote>
+
+<p>Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot
+kontakt betaling. Det er en lov jeg har sans for, og som jeg mener må
+håndheves strengt.</p>
</description>
</item>
<item>
- <title>Debian boots quicker and quicker</title>
- <link>Debian_boots_quicker_and_quicker.html</link>
- <guid isPermaLink="true">Debian_boots_quicker_and_quicker.html</guid>
- <pubDate>Wed, 24 Jun 2009 21:40:00 +0200</pubDate>
+ <title>Officeshots taking shape</title>
+ <link>http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</guid>
+ <pubDate>Sun, 13 Jun 2010 11:40:00 +0200</pubDate>
<description>
-<p>I spent Monday and tuesday this week in London with a lot of the
-people involved in the boot system on Debian and Ubuntu, to see if we
-could find more ways to speed up the boot system. This was an Ubuntu
-funded
-<a href="https://wiki.ubuntu.com/FoundationsTeam/BootPerformance/DebianUbuntuSprint">developer
-gathering</a>. It was quite productive. We also discussed the future
-of boot systems, and ways to handle the increasing number of boot
-issues introduced by the Linux kernel becoming more and more
-asynchronous and event base. The Ubuntu approach using udev and
-upstart might be a good way forward. Time will show.</p>
-
-<p>Anyway, there are a few ways at the moment to speed up the boot
-process in Debian. All of these should be applied to get a quick
-boot:</p>
-
-<ul>
-
-<li>Use dash as /bin/sh.</li>
-
-<li>Disable the init.d/hwclock*.sh scripts and make sure the hardware
- clock is in UTC.</li>
-
-<li>Install and activate the insserv package to enable
- <a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
- based boot sequencing</a>, and enable concurrent booting.</li>
-
-</ul>
-
-These points are based on the Google summer of code work done by
-<a href="http://initscripts-ng.alioth.debian.org/soc2006-bootsystem/">Carlos
-Villegas</a>.
-
-<p>Support for makefile-style concurrency during boot was uploaded to
-unstable yesterday. When we tested it, we were able to cut 6 seconds
-from the boot sequence. It depend on very correct dependency
-declaration in all init.d scripts, so I expect us to find edge cases
-where the dependences in some scripts are slightly wrong when we start
-using this.</p>
-
-<p>On our IRC channel for this effort, #pkg-sysvinit, a new idea was
-introduced by Raphael Geissert today, one that could affect the
-startup speed as well. Instead of starting some scripts concurrently
-from rcS.d/ and another set of scripts from rc2.d/, it would be
-possible to run a of them in the same process. A quick way to test
-this would be to enable insserv and run 'mv /etc/rc2.d/S* /etc/rcS.d/;
-insserv'. Will need to test if that work. :)</p>
+<p>For those of us caring about document exchange and
+interoperability, <a href="http://www.officeshots.org/">OfficeShots</a>
+is a great service. It is to ODF documents what
+<a href="http://browsershots.org/">BrowserShots</a> is for web
+pages.</p>
+
+<p>A while back, I was contacted by Knut Yrvin at the part of Nokia
+that used to be Trolltech, who wanted to help the OfficeShots project
+and wondered if the University of Oslo where I work would be
+interested in supporting the project. I helped him to navigate his
+request to the right people at work, and his request was answered with
+a spot in the machine room with power and network connected, and Knut
+arranged funding for a machine to fill the spot. The machine is
+administrated by the OfficeShots people, so I do not have daily
+contact with its progress, and thus from time to time check back to
+see how the project is doing.</p>
+
+<p>Today I had a look, and was happy to see that the Dell box in our
+machine room now is the host for several virtual machines running as
+OfficeShots factories, and the project is able to render ODF documents
+in 17 different document processing implementation on Linux and
+Windows. This is great.</p>
</description>
</item>
projects / homepage.git / blobdiff