<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html">One step closer to single signon in Debian Edu</a></div>
- <div class="date">2010-07-25 10:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/165_norske_overv__kningskamera_registert_s___langt_i_OpenStreetmap_org.html">165 norske overvåkningskamera registert så langt i OpenStreetmap.org</a></div>
+ <div class="date">2010-12-24 11:20</div>
<div class="body">
-<p>The last few months me and the other Debian Edu developers have
-been working hard to get the Debian/Squeeze based version of Debian
-Edu/Skolelinux into shape. This future version will use Kerberos for
-authentication, and services are slowly migrated to single sign,
-getting rid of password questions one at the time.</p>
-
-<p>It will also feature a roaming workstation profile with local home
-directory, for laptops that are only some times on the Skolelinux
-network, and for this profile a shortcut is created in Gnome and KDE
-to gain access to the users home directory on the file server. This
-shortcut uses SMB at the moment, and yesterday I had time to test if
-SMB mounting had started working in KDE after we added the cifs-utils
-package. I was pleasantly surprised how well it worked.</p>
-
-<p>Thanks to the recent changes to our samba configuration to get it
-to use Kerberos for authentication, there were no question about user
-password when mounting the SMB volume. A simple click on the shortcut
-in the KDE menu, and a window with the home directory popped
-up. :)</p>
-
-<p>One step closer to a single signon solution out of the box in
-Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now
-also Samba. Next step is Cups and hopefully also NFS.</p>
-
-<p>We had planned a alpha0 release of Debian Edu for today, but thanks
-to the autobuilder administrators for some architectures being slow to
-sign packages, we are still missing the fixed LTSP package we need for
-the release. It was uploaded three days ago with urgency=high, and if
-it had entered testing yesterday we would have been able to test it in
-time for a alpha0 release today. As the binaries for ia64 and powerpc
-still not uploaded to the Debian archive, we need to delay the alpha
-release another day.</p>
-
-<p>If you want to help out with implementing Kerberos for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>Jeg flikket litt på OpenStreetmap.org i går, og oppdaget ved en
+tilfeldighet at det er en rekke noder som representerer
+overvåkningskamera som ikke blir med på kartet med overvåkningskamera
+i Norge som
+<a href="http://people.skolelinux.org/pere/blog/Kart_over_overv__kningskamera_i_Norge.html">jeg
+laget</a> for snart to år siden. Fra før tok jeg med noder merket med
+man_made=surveillance, mens det er en rekke noder som kun er merket
+med highway=speed_camera. Endret på koden som henter ut kameralisten
+fra OSM, og vips er antall kamera økt til 165.</p>
+
+<a href="http://people.skolelinux.no/pere/surveillance-norway/">Kartet</a>
+er fortsatt ikke komplett, så hvis du ser noen kamera som mangler,
+legg inn ved å følge instruksene fra
+<a href="http://personvern.no/wiki/index.php/Kameraovervåkning">prosjektsiden</a>.
+Hvis du vet om noen flere måter å merke overvåkningskamera i OSM, ta
+kontakt slik at jeg kan få med også disse.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html">Digitale restriksjonsmekanismer fikk meg til å slutte å kjøpe musikk</a></div>
- <div class="date">2010-07-22 23:50</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html">How to test if a laptop is working with Linux</a></div>
+ <div class="date">2010-12-22 14:55</div>
<div class="body">
-<p>For mange år siden slutte jeg å kjøpe musikk-CDer. Årsaken var at
-musikkbransjen var godt i gang med å selge platene sine med DRM som
-gjorde at jeg ikke fikk spilt av musikken jeg kjøpte på utstyret jeg
-hadde tilgjengelig, dvs. min datamaskin. Det var umulig å se på en
-plate om den var ødelagt eller ikke, og jeg hadde jo allerede en
-anseelig samling med plater, så jeg bestemme meg for å slutte å gi
-penger til en bransje som åpenbart ikke respekterte meg.</p>
-
-<p>Jeg har mange titalls dager med musikk på CD i dag. Det meste er
-lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har
-ikke rukket rippe alt). Jeg ser dermed ikke behovet for å skaffe mer
-musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt
-fornøyd.</p>
-
-<p>Hvis musikkbransjen ønsker mine penger, så må de demonstrere at de
-setter pris på meg som kunde, og ikke skremme meg bort med DRM og
-antydninger om at kundene er kriminelle.</p>
-
-<p>Filmbransjen er like ille, men mens musikk gjerne varer lenge, er
-filmer mer ferskvare. Har dermed ikke helt sluttet å kjøpe filmer, men
-holder meg til DVD-filmer som kan spilles av på mine Linuxbokser.
-Kommer neppe til å ta i bruk Blueray, og ei heller de nye DRM-greiene
-«Ultraviolet» som be annonsert her om dagen.</p>
+<p>The last few days I have spent at work here at the <a
+href="http://www.uio.no/">University of oslo</a> testing if the new
+batch of computers will work with Linux. Every year for the last few
+years the university have organized shared bid of a few thousand
+computers, and this year HP won the bid. Two different desktops and
+five different laptops are on the list this year. We in the UNIX
+group want to know which one of these computers work well with RHEL
+and Ubuntu, the two Linux distributions we currently handle at the
+university.</p>
+
+<p>My test method is simple, and I share it here to get feedback and
+perhaps inspire others to test hardware as well. To test, I PXE
+install the OS version of choice, and log in as my normal user and run
+a few applications and plug in selected pieces of hardware. When
+something fail, I make a note about this in the test matrix and move
+on. If I have some spare time I try to report the bug to the OS
+vendor, but as I only have the machines for a short time, I rarely
+have the time to do this for all the problems I find.</p>
+
+<p>Anyway, to get to the point of this post. Here is the simple tests
+I perform on a new model.</p>
+
+<ul>
+
+<li>Is PXE installation working? I'm testing with RHEL6, Ubuntu Lucid
+and Ubuntu Maverik at the moment. If I feel like it, I also test with
+RHEL5 and Debian Edu/Squeeze.</li>
+
+<li>Is X.org working? If the graphical login screen show up after
+installation, X.org is working.</li>
+
+<li>Is hardware accelerated OpenGL working? Running glxgears (in
+package mesa-utils on Ubuntu) and writing down the frames per second
+reported by the program.</li>
+
+<li>Is sound working? With Gnome and KDE, a sound is played when
+logging in, and if I can hear this the test is successful. If there
+are several audio exits on the machine, I try them all and check if
+the Gnome/KDE audio mixer can control where to send the sound. I
+normally test this by playing
+<a href="http://www.nuug.no/aktiviteter/20101012-chef/ ">a HTML5
+video</a> in Firefox/Iceweasel.</li>
+
+<li>Is the USB subsystem working? I test this by plugging in a USB
+memory stick and see if Gnome/KDE notices this.</li>
+
+<li>Is the CD/DVD player working? I test this by inserting any CD/DVD
+I have lying around, and see if Gnome/KDE notices this.</li>
+
+<li>Is any built in camera working? Test using cheese, and see if a
+picture from the v4l device show up.</li>
+
+<li>Is bluetooth working? Use the Gnome/KDE browsing tool to see if
+any bluetooth devices are discovered. In my office, I normally see a
+few.</li>
+
+<li>For laptops, is the SD or Compaq Flash reader working. I have
+memory modules lying around, and stick them in and see if Gnome/KDE
+notice this.</li>
+
+<li>For laptops, is suspecd/hibernate working? I'm testing if the
+special button work, and if the laptop continue to work after
+resume.</li>
+
+<li>For laptops, is the extra buttons working, like audio level,
+adjusting background light, switching on/off external video output,
+switching on/off wifi, bluetooth, etc? The set of buttons differ from
+laptop to laptop, so I just write down which are working and which are
+not.</li>
+
+<li>Some laptops have smart card readers, finger print readers,
+acceleration sensors etc. I rarely test these, as I do not know how
+to quickly test if they are working or not, so I only document their
+existence.</li>
+
+</ul>
+
+<p>By now I suspect you are really curious what the test results are
+for the HP machines I am testing. I'm not done yet, so I will report
+the test results later. For now I can report that HP 8100 Elite work
+fine, and hibernation fail with HP EliteBook 8440p on Ubuntu Lucid,
+and audio fail on RHEL6. Ubuntu Maverik worked with 8440p. As you
+can see, I have most machines left to test. One interesting
+observation is that Ubuntu Lucid has almost twice the framerate than
+RHEL6 with glxgears. No idea why.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/OpenStreetmap_one_step_closer_to_having_routing_on_its_front_page.html">OpenStreetmap one step closer to having routing on its front page</a></div>
- <div class="date">2010-07-18 16:45</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Some_thoughts_on_BitCoins.html">Some thoughts on BitCoins</a></div>
+ <div class="date">2010-12-11 15:10</div>
<div class="body">
-<p>Thanks to
-<a href="http://feedproxy.google.com/~r/Opengeodata/~3/wUTCzDZk3lc/project-of-the-week-which-way-home">todays
-opengeodata blog entry</a>, I just discovered that the
-OpenStreetmap.org site have gotten
-<a href="http://nroets.dev.openstreetmap.org/demo/index.html?layers=B000FTFTT">support
-for calculating routes</a>. The support is still experimental and
-only available from the development server, until more experience is
-gathered on the user interface and any scalability issues.</p>
-
-<p>Earlier, the routing I knew about using the OpenStreetmap.org data
-was provided by <a href="http://maps.cloudmade.com/">Cloudmade</a>,
-but having it on the main page is required to make everyone aware of
-the issue. I've had people reject Openstreetmap.org as a viable
-alternative for them because the front page lacked routing support,
-and I hope their needs will be catered for when routing show up on the
-www.openstreetmap.org front page.</p>
+<p>As I continue to explore
+<a href="http://www.bitcoin.org/">BitCoin</a>, I've starting to wonder
+what properties the system have, and how it will be affected by laws
+and regulations here in Norway. Here are some random notes.</p>
+
+<p>One interesting thing to note is that since the transactions are
+verified using a peer to peer network, all details about a transaction
+is known to everyone. This means that if a BitCoin address has been
+published like I did with mine in my initial post about BitCoin, it is
+possible for everyone to see how many BitCoins have been transfered to
+that address. There is even a web service to look at the details for
+all transactions. There I can see that my address
+<a href="http://blockexplorer.com/address/15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a>
+have received 16.06 Bitcoin, the
+<a href="http://blockexplorer.com/address/1LfdGnGuWkpSJgbQySxxCWhv8MHqvwst3">1LfdGnGuWkpSJgbQySxxCWhv8MHqvwst3</a>
+address of Simon Phipps have received 181.97 BitCoin and the address
+<a href="http://blockexplorer.com/address/1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt">1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt</A>
+of EFF have received 2447.38 BitCoins so far. Thank you to each and
+every one of you that donated bitcoins to support my activity. The
+fact that anyone can see how much money was transfered to a given
+address make it more obvious why the BitCoin community recommend to
+generate and hand out a new address for each transaction. I'm told
+there is no way to track which addresses belong to a given person or
+organisation without the person or organisation revealing it
+themselves, as Simon, EFF and I have done.</p>
+
+<p>In Norway, and in most other countries, there are laws and
+regulations limiting how much money one can transfer across the border
+without declaring it. There are money laundering, tax and accounting
+laws and regulations I would expect to apply to the use of BitCoin.
+If the Skolelinux foundation
+(<a href="http://linuxiskolen.no/slxdebianlabs/donations.html">SLX
+Debian Labs</a>) were to accept donations in BitCoin in addition to
+normal bank transfers like EFF is doing, how should this be accounted?
+Given that it is impossible to know if money can across the border or
+not, should everything or nothing be declared? What exchange rate
+should be used when calculating taxes? Would receivers have to pay
+income tax if the foundation were to pay Skolelinux contributors in
+BitCoin? I have no idea, but it would be interesting to know.</p>
+
+<p>For a currency to be useful and successful, it must be trusted and
+accepted by a lot of users. It must be possible to get easy access to
+the currency (as a wage or using currency exchanges), and it must be
+easy to spend it. At the moment BitCoin seem fairly easy to get
+access to, but there are very few places to spend it. I am not really
+a regular user of any of the vendor types currently accepting BitCoin,
+so I wonder when my kind of shop would start accepting BitCoins. I
+would like to buy electronics, travels and subway tickets, not herbs
+and books. :) The currency is young, and this will improve over time
+if it become popular, but I suspect regular banks will start to lobby
+to get BitCoin declared illegal if it become popular. I'm sure they
+will claim it is helping fund terrorism and money laundering (which
+probably would be true, as is any currency in existence), but I
+believe the problems should be solved elsewhere and not by blaming
+currencies.</p>
+
+<p>The process of creating new BitCoins is called mining, and it is
+CPU intensive process that depend on a bit of luck as well (as one is
+competing against all the other miners currently spending CPU cycles
+to see which one get the next lump of cash). The "winner" get 50
+BitCoin when this happen. Yesterday I came across the obvious way to
+join forces to increase ones changes of getting at least some coins,
+by coordinating the work on mining BitCoins across several machines
+and people, and sharing the result if one is lucky and get the 50
+BitCoins. Check out
+<a href="http://www.bluishcoder.co.nz/bitcoin-pool/">BitCoin Pool</a>
+if this sounds interesting. I have not had time to try to set up a
+machine to participate there yet, but have seen that running on ones
+own for a few days have not yield any BitCoins througth mining
+yet.</p>
+
+<p>Update 2010-12-15: Found an <a
+href="http://inertia.posterous.com/reply-to-the-underground-economist-why-bitcoi">interesting
+criticism</a> of bitcoin. Not quite sure how valid it is, but thought
+it was interesting to read. The arguments presented seem to be
+equally valid for gold, which was used as a currency for many years.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/kart">kart</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html">What are they searching for - PowerDNS and ISC DHCP in LDAP</a></div>
- <div class="date">2010-07-17 21:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Pornoskannerne_p___flyplassene_bedrer_visst_ikke_sikkerheten.html">Pornoskannerne på flyplassene bedrer visst ikke sikkerheten</a></div>
+ <div class="date">2010-12-11 10:45</div>
<div class="body">
-<p>This is a
-<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">followup</a>
-on my
-<a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">previous
-work</a> on
-<a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">merging
-all</a> the computer related LDAP objects in Debian Edu.</p>
-
-<p>As a step to try to see if it possible to merge the DNS and DHCP
-LDAP objects, I have had a look at how the packages pdns-backend-ldap
-and dhcp3-server-ldap in Debian use the LDAP server. The two
-implementations are quite different in how they use LDAP.</p>
-
-To get this information, I started slapd with debugging enabled and
-dumped the debug output to a file to get the LDAP searches performed
-on a Debian Edu main-server. Here is a summary.
-
-<p><strong>powerdns</strong></p>
-
-<a href="http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend">Clues
-on how to</a> set up PowerDNS to use a LDAP backend is available on
-the web.
-
-<p>PowerDNS have two modes of operation using LDAP as its backend.
-One "strict" mode where the forward and reverse DNS lookups are done
-using the same LDAP objects, and a "tree" mode where the forward and
-reverse entries are in two different subtrees in LDAP with a structure
-based on the DNS names, as in tjener.intern and
-2.2.0.10.in-addr.arpa.</p>
-
-<p>In tree mode, the server is set up to use a LDAP subtree as its
-base, and uses a "base" scoped search for the DNS name by adding
-"dc=tjener,dc=intern," to the base with a filter for
-"(associateddomain=tjener.intern)" for the forward entry and
-"dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa," with a filter for
-"(associateddomain=2.2.0.10.in-addr.arpa)" for the reverse entry. For
-forward entries, it is looking for attributes named dnsttl, arecord,
-nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
-txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
-srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
-ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
-spfrecord and modifytimestamp. For reverse entries it is looking for
-the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
-ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
-locrecord, srvrecord, naptrrecord and modifytimestamp. The equivalent
-ldapsearch commands could look like this:</p>
-
-<blockquote><pre>
-ldapsearch -h ldap \
- -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap \
- -b dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=2.2.0.10.in-addr.arpa)'
- dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
- hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
- srvrecord naptrrecord modifytimestamp
-</pre></blockquote>
-
-<p>In Debian Edu/Lenny, the PowerDNS tree mode is used with
-ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
-example LDAP objects used there. In addition to these objects, the
-parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
-also exist.</p>
-
-<blockquote><pre>
-dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain
-objectclass: domainrelatedobject
-dc: tjener
-arecord: 10.0.2.2
-associateddomain: tjener.intern
-
-dn: dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain2
-objectclass: domainrelatedobject
-dc: 2
-ptrrecord: tjener.intern
-associateddomain: 2.2.0.10.in-addr.arpa
-</pre></blockquote>
-
-<p>In strict mode, the server behaves differently. When looking for
-forward DNS entries, it is doing a "subtree" scoped search with the
-same base as in the tree mode for a object with filter
-"(associateddomain=tjener.intern)" and requests the attributes dnsttl,
-arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
-mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
-naptrrecord and modifytimestamp. For reverse entires it also do a
-subtree scoped search but this time the filter is "(arecord=10.0.2.2)"
-and the requested attributes are associateddomain, dnsttl and
-modifytimestamp. In short, in strict mode the objects with ptrrecord
-go away, and the arecord attribute in the forward object is used
-instead.</p>
-
-<p>The forward and reverse searches can be simulated using ldapsearch
-like this:</p>
-
-<blockquote><pre>
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(arecord=10.0.2.2)' associateddomain dnsttl modifytimestamp
-</pre></blockquote>
-
-<p>In addition to the forward and reverse searches , there is also a
-search for SOA records, which behave similar to the forward and
-reverse lookups.</p>
-
-<p>A thing to note with the PowerDNS behaviour is that it do not
-specify any objectclass names, and instead look for the attributes it
-need to generate a DNS reply. This make it able to work with any
-objectclass that provide the needed attributes.</p>
-
-<p>The attributes are normally provided in the cosine (RFC 1274) and
-dnsdomain2 schemas. The latter is used for reverse entries like
-ptrrecord and recent DNS additions like aaaarecord and srvrecord.</p>
-
-<p>In Debian Edu, we have created DNS objects using the object classes
-dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
-attributes) and domainrelatedobject (for associatedDomain). The use
-of structural object classes make it impossible to combine these
-classes with the object classes used by DHCP.</p>
-
-<p>There are other schemas that could be used too, for example the
-dnszone structural object class used by Gosa and bind-sdb for the DNS
-attributes combined with the domainrelatedobject object class, but in
-this case some unused attributes would have to be included as well
-(zonename and relativedomainname).</p>
-
-<p>My proposal for Debian Edu would be to switch PowerDNS to strict
-mode and not use any of the existing objectclasses (dnsdomain,
-dnsdomain2 and dnszone) when one want to combine the DNS information
-with DHCP information, and instead create a auxiliary object class
-defined something like this (using the attributes defined for
-dnsdomain and dnsdomain2 or dnszone):</p>
-
-<blockquote><pre>
-objectclass ( some-oid NAME 'dnsDomainAux'
- SUP top
- AUXILIARY
- MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
- DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
- TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
- NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
- A6Record $ DNAMERecord
- ))
-</pre></blockquote>
-
-<p>This will allow any object to become a DNS entry when combined with
-the domainrelatedobject object class, and allow any entity to include
-all the attributes PowerDNS wants. I've sent an email to the PowerDNS
-developers asking for their view on this schema and if they are
-interested in providing such schema with PowerDNS, and I hope my
-message will be accepted into their mailing list soon.</p>
-
-<p><strong>ISC dhcp</strong></p>
-
-<p>The DHCP server searches for specific objectclass and requests all
-the object attributes, and then uses the attributes it want. This
-make it harder to figure out exactly what attributes are used, but
-thanks to the working example in Debian Edu I can at least get an idea
-what is needed without having to read the source code.</p>
-
-<p>In the DHCP server configuration, the LDAP base to use and the
-search filter to use to locate the correct dhcpServer entity is
-stored. These are the relevant entries from
-/etc/dhcp3/dhcpd.conf:</p>
-
-<blockquote><pre>
-ldap-base-dn "dc=skole,dc=skolelinux,dc=no";
-ldap-dhcp-server-cn "dhcp";
-</pre></blockquote>
-
-<p>The DHCP server uses this information to nest all the DHCP
-configuration it need. The cn "dhcp" is located using the given LDAP
-base and the filter "(&(objectClass=dhcpServer)(cn=dhcp))". The
-search result is this entry:</p>
-
-<blockquote><pre>
-dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
-cn: dhcp
-objectClass: top
-objectClass: dhcpServer
-dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-</pre></blockquote>
-
-<p>The content of the dhcpServiceDN attribute is next used to locate the
-subtree with DHCP configuration. The DHCP configuration subtree base
-is located using a base scope search with base "cn=DHCP
-Config,dc=skole,dc=skolelinux,dc=no" and filter
-"(&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))".
-The search result is this entry:</p>
-
-<blockquote><pre>
-dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: DHCP Config
-objectClass: top
-objectClass: dhcpService
-objectClass: dhcpOptions
-dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
-dhcpStatements: ddns-update-style none
-dhcpStatements: authoritative
-dhcpOption: smtp-server code 69 = array of ip-address
-dhcpOption: www-server code 72 = array of ip-address
-dhcpOption: wpad-url code 252 = text
-</pre></blockquote>
-
-<p>Next, the entire subtree is processed, one level at the time. When
-all the DHCP configuration is loaded, it is ready to receive requests.
-The subtree in Debian Edu contain objects with object classes
-top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
-top/dhcpSubnet, top/dhcpGroup and top/dhcpHost. These provide options
-and information about netmasks, dynamic range etc. Leaving out the
-details here because it is not relevant for the focus of my
-investigation, which is to see if it is possible to merge dns and dhcp
-related computer objects.</p>
-
-<p>When a DHCP request come in, LDAP is searched for the MAC address
-of the client (00:00:00:00:00:00 in this example), using a subtree
-scoped search with "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" as
-the base and "(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
-00:00:00:00:00:00))" as the filter. This is what a host object look
-like:</p>
-
-<blockquote><pre>
-dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: hostname
-objectClass: top
-objectClass: dhcpHost
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname
-</pre></blockquote>
-
-<p>There is less flexiblity in the way LDAP searches are done here.
-The object classes need to have fixed names, and the configuration
-need to be stored in a fairly specific LDAP structure. On the
-positive side, the invidiual dhcpHost entires can be anywhere without
-the DN pointed to by the dhcpServer entries. The latter should make
-it possible to group all host entries in a subtree next to the
-configuration entries, and this subtree can also be shared with the
-DNS server if the schema proposed above is combined with the dhcpHost
-structural object class.
-
-<p><strong>Conclusion</strong></p>
-
-<p>The PowerDNS implementation seem to be very flexible when it come
-to which LDAP schemas to use. While its "tree" mode is rigid when it
-come to the the LDAP structure, the "strict" mode is very flexible,
-allowing DNS objects to be stored anywhere under the base cn specified
-in the configuration.</p>
-
-<p>The DHCP implementation on the other hand is very inflexible, both
-regarding which LDAP schemas to use and which LDAP structure to use.
-I guess one could implement ones own schema, as long as the
-objectclasses and attributes have the names used, but this do not
-really help when the DHCP subtree need to have a fairly fixed
-structure.</p>
-
-<p>Based on the observed behaviour, I suspect a LDAP structure like
-this might work for Debian Edu:</p>
-
-<blockquote><pre>
-ou=services
- cn=machine-info (dhcpService) - dhcpServiceDN points here
- cn=dhcp (dhcpServer)
- cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
- cn=10.0.2.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
- cn=192.168.0.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- ou=machines - PowerDNS base points here
- cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
-</pre></blockquote>
-
-<P>This is not tested yet. If the DHCP server require the dhcpHost
-entries to be in the dhcpGroup subtrees, the entries can be stored
-there instead of a common machines subtree, and the PowerDNS base
-would have to be moved one level up to the machine-info subtree.</p>
-
-<p>The combined object under the machines subtree would look something
-like this:</p>
-
-<blockquote><pre>
-dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
-dc: hostname
-objectClass: top
-objectClass: dhcpHost
-objectclass: domainrelatedobject
-objectclass: dnsDomainAux
-associateddomain: hostname.intern
-arecord: 10.11.12.13
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname.intern
-</pre></blockquote>
-
-</p>One could even add the LTSP configuration associated with a given
-machine, as long as the required attributes are available in a
-auxiliary object class.</p>
+<p>Via <a href="http://webmink.com/2010/12/10/links-for-2010-12-10/">en
+blogpost fra Simon Phipps i går</a>, fant jeg en referanse til
+<a href="http://www.washingtontimes.com/news/2010/dec/9/exposed-tsas-x-rated-scanner-fraud/">en
+artikkel i Washington Times</a> som igjen refererer til en artikkel i
+det fagfellevurderte tidsskriftet Journal of Transportation Security
+med tittelen
+"<a href="http://springerlink.com/content/g6620thk08679160/fulltext.html">An
+evaluation of airport x-ray backscatter units based on image
+characteristics</a>" som enkelt konstaterer at
+<a href="http://www.dailysquib.co.uk/?a=2389&c=124">pornoscannerne</a>
+som kler av reisende på flyplasser ikke er i stand til å avsløre det
+produsenten og amerikanske myndigheter sier de skal avsløre. Kort
+sagt, de bedrer ikke sikkerheten. Reisende må altså la ansatte på
+flyplasser <a href="http://www.thousandsstandingaround.org/">se dem
+nakne eller la seg beføle i skrittet</a> uten grunn. Jeg vil
+fortsette å nekte å bruke disse pornoskannerne, unngå flyplasser der
+de er tatt i bruk, og reise med andre transportmidler enn fly hvis jeg
+kan.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">Combining PowerDNS and ISC DHCP LDAP objects</a></div>
- <div class="date">2010-07-14 23:45</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Now_accepting_bitcoins___anonymous_and_distributed_p2p_crypto_money.html">Now accepting bitcoins - anonymous and distributed p2p crypto-money</a></div>
+ <div class="date">2010-12-10 08:20</div>
<div class="body">
-<p>For a while now, I have wanted to find a way to change the DNS and
-DHCP services in Debian Edu to use the same LDAP objects for a given
-computer, to avoid the possibility of having a inconsistent state for
-a computer in LDAP (as in DHCP but no DNS entry or the other way
-around) and make it easier to add computers to LDAP.</p>
-
-<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
-information finally found a solution that seem to work.</p>
-
-<p>The old setup required three LDAP objects for a given computer.
-One forward DNS entry, one reverse DNS entry and one DHCP entry. If
-we switch powerdns to use its strict LDAP method (ldap-method=strict
-in pdns-debian-edu.conf), the forward and reverse DNS entries are
-merged into one while making it impossible to transfer the reverse map
-to a slave DNS server.</p>
-
-<p>If we also replace the object class used to get the DNS related
-attributes to one allowing these attributes to be combined with the
-dhcphost object class, we can merge the DNS and DHCP entries into one.
-I've written such object class in the dnsdomainaux.schema file (need
-proper OIDs, but that is a minor issue), and tested the setup. It
-seem to work.</p>
-
-<p>With this test setup in place, we can get away with one LDAP object
-for both DNS and DHCP, and even the LTSP configuration I suggested in
-an earlier email. The combined LDAP object will look something like
-this:</p>
-
-<blockquote><pre>
- dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
- cn: hostname
- objectClass: dhcphost
- objectclass: domainrelatedobject
- objectclass: dnsdomainaux
- associateddomain: hostname.intern
- arecord: 10.11.12.13
- dhcphwaddress: ethernet 00:00:00:00:00:00
- dhcpstatements: fixed-address hostname
- ldapconfigsound: Y
-</pre></blockquote>
-
-<p>The DNS server uses the associateddomain and arecord entries, while
-the DHCP server uses the dhcphwaddress and dhcpstatements entries
-before asking DNS to resolve the fixed-adddress. LTSP will use
-dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
-
-<p>I am not yet sure if I can get the DHCP server to look for its
-dhcphost in a different location, to allow us to put the objects
-outside the "DHCP Config" subtree, but hope to figure out a way to do
-that. If I can't figure out a way to do that, we can still get rid of
-the hosts subtree and move all its content into the DHCP Config tree
-(which probably should be renamed to be more related to the new
-content. I suspect cn=dnsdhcp,ou=services or something like that
-might be a good place to put it.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>With this weeks lawless
+<a href="http://www.salon.com/news/opinion/glenn_greenwald/2010/12/06/wikileaks/index.html">governmental
+attacks</a> on Wikileak and
+<a href="http://www.salon.com/technology/dan_gillmor/2010/12/06/war_on_speech">free
+speech</a>, it has become obvious that PayPal, visa and mastercard can
+not be trusted to handle money transactions.
+A blog post from
+<a href="http://webmink.com/2010/12/06/now-accepting-bitcoin/">Simon
+Phipps on bitcoin</a> reminded me about a project that a friend of
+mine mentioned earlier. I decided to follow Simon's example, and get
+involved with <a href="http://www.bitcoin.org/">BitCoin</a>. I got
+some help from my friend to get it all running, and he even handed me
+some bitcoins to get started. I even donated a few bitcoins to Simon
+for helping me remember BitCoin.</p>
+
+<p>So, what is bitcoins, you probably wonder? It is a digital
+crypto-currency, decentralised and handled using peer-to-peer
+networks. It allows anonymous transactions and prohibits central
+control over the transactions, making it impossible for governments
+and companies alike to block donations and other transactions. The
+source is free software, and while the key dependency wxWidgets 2.9
+for the graphical user interface is missing in Debian, the command
+line client builds just fine. Hopefully Jonas
+<a href="http://bugs.debian.org/578157">will get the package into
+Debian</a> soon.</p>
+
+<p>Bitcoins can be converted to other currencies, like USD and EUR.
+There are <a href="http://www.bitcoin.org/trade">companies accepting
+bitcoins</a> when selling services and goods, and there are even
+currency "stock" markets where the exchange rate is decided. There
+are not many users so far, but the concept seems promising. If you
+want to get started and lack a friend with any bitcoins to spare,
+you can even get
+<a href="https://freebitcoins.appspot.com/">some for free</a> (0.05
+bitcoin at the time of writing). Use
+<a href="http://www.bitcoinwatch.com/">BitcoinWatch</a> to keep an eye
+on the current exchange rates.</p>
+
+<p>As an experiment, I have decided to set up bitcoind on one of my
+machines. If you want to support my activity, please send Bitcoin
+donations to the address
+<b>15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</b>. Thank you!</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html">Idea for storing LTSP configuration in LDAP</a></div>
- <div class="date">2010-07-11 22:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Martin_Bekkelund__En_stille_b__nn_om_Datalagringsdirektivet.html">Martin Bekkelund: En stille bønn om Datalagringsdirektivet</a></div>
+ <div class="date">2010-12-09 21:25</div>
<div class="body">
-<p>Vagrant mentioned on IRC today that ltsp_config now support
-sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
-clients, and that this can be used to fetch configuration from LDAP if
-Debian Edu choose to store configuration there.</p>
-
-<p>Armed with this information, I got inspired and wrote a test module
-to get configuration from LDAP. The idea is to look up the MAC
-address of the client in LDAP, and look for attributes on the form
-ltspconfigsetting=value, and use this to export SETTING=value to the
-LTSP clients.</p>
-
-<p>The goal is to be able to store the LTSP configuration attributes
-in a "computer" LDAP object used by both DNS and DHCP, and thus
-allowing us to store all information about a computer in one place.</p>
-
-<p>This is a untested draft implementation, and I welcome feedback on
-this approach. A real LDAP schema for the ltspClientAux objectclass
-need to be written. Comments, suggestions, etc?</p>
-
-<blockquote><pre>
-# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
-#
-# Fetch LTSP client settings from LDAP based on MAC address
-#
-# Uses ethernet address as stored in the dhcpHost objectclass using
-# the dhcpHWAddress attribute or ethernet address stored in the
-# ieee802Device objectclass with the macAddress attribute.
-#
-# This module is written to be schema agnostic, and only depend on the
-# existence of attribute names.
-#
-# The LTSP configuration variables are saved directly using a
-# ltspConfig prefix and uppercasing the rest of the attribute name.
-# To set the SERVER variable, set the ltspConfigServer attribute.
-#
-# Some LDAP schema should be created with all the relevant
-# configuration settings. Something like this should work:
-#
-# objectclass ( 1.1.2.2 NAME 'ltspClientAux'
-# SUP top
-# AUXILIARY
-# MAY ( ltspConfigServer $ ltsConfigSound $ ... )
-
-LDAPSERVER=$(debian-edu-ldapserver)
-if [ "$LDAPSERVER" ] ; then
- LDAPBASE=$(debian-edu-ldapserver -b)
- for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do
- filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))"
- ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \
- grep '^ltspConfig' | while read attr value ; do
- # Remove prefix and convert to upper case
- attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z)
- # bass value on to clients
- eval "$attr=$value; export $attr"
- done
- done
-fi
-</pre></blockquote>
-
-<p>I'm not sure this shell construction will work, because I suspect
-the while block might end up in a subshell causing the variables set
-there to not show up in ltsp-config, but if that is the case I am sure
-the code can be restructured to make sure the variables are passed on.
-I expect that can be solved with some testing. :)</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
-
-<p>Update 2010-07-17: I am aware of another effort to store LTSP
-configuration in LDAP that was created around year 2000 by
-<a href="http://www.pcxperience.com/thinclient/documentation/ldap.html">PC
-Xperience, Inc., 2000</a>. I found its
-<a href="http://people.redhat.com/alikins/ltsp/ldap/">files</a> on a
-personal home page over at redhat.com.</p>
+<p><a href="http://www.bekkelund.net/">Martin Bekkelund</a> ved
+<a href="http://www.friprog.no/">friprog-senteret</a> har skrevet
+følgende
+<a href="http://www.bekkelund.net/2010/12/09/en-stille-bonn/">korte
+oppsummering</a> rundt datalagringsdirektivet, som jeg videreformidler
+her.</p>
+
+<p><blockquote><strong>Det pågår i disse dager en intens diskusjon om
+innføring av Datalagringsdirektivet (<acronym
+title="Datalagringsdirektivet">DLD</acronym>) i norsk rett. Kanskje
+har du gjort deg opp en mening, kanskje er du usikker. I begge
+tilfeller ber jeg deg lese videre.</strong></p>
+
+<p>Samtlige fagmiljøer, både i Norge og EU, har konkludert med at
+<acronym title="Datalagringsdirektivet">DLD</acronym> ikke bør
+innføres på nåværende tidspunkt. Den tekniske kvaliteten på direktivet
+er dårlig, det griper uforholdsmessig inn i personvernet, det har
+store mangler og viktige spørsmål som hvem som skal ha tilgang og
+hvordan data skal lagres er fortsatt uavklart.</p>
+
+<ul>
+<li><a href="http://ikt-norge.no/norge-kan-slippe-datalagringsdirektivet/">EU-ekspertene sier</a> at konsekvensene av å benytte vetoretten er minimale</li>
+<li><a href="http://www.regjeringen.no/pages/2281080/Deninternasjonalejuristkommisjon.pdf">Juristene påpeker</a> at direktivet er i strid med EMK</li>
+<li><a href="http://www.dagbladet.no/2010/12/06/kultur/debatt/kronikk/dld/personvern/14594699/">Datatilsynet sier</a> direktivet får store konsekvenser for personvernet og at direktivet er irreversibelt</li>
+<li><a href="http://www.bekkelund.net/?s=dld">Teknologene sier</a> at sikker lagring ikke er mulig, at det er svært enkelt å omgå og mulig å manipulere data og produsere falske beviser</li>
+<li><a href="http://www.regjeringen.no/pages/2281080/NJ_247460_1_P.pdf">Pressen sier</a> nei av hensyn til kildevernet</li>
+<li>Det er store <a href="http://tetzschner.blogspot.com/2010/03/den-tyske-forfatningsdomstol.html">interne</a> <a href="http://stoppdld.no/2010/03/02/datalagring-stoppet-av-tysk-forfatningsdomstol/">stridigheter</a> i EU. Blant annet har den tyske forfatningsdomstolen funnet at måten <acronym title="Datalagringsdirektivet">DLD</acronym> er innført på er i strid med tysk grunnlov</li>
+<li>Alle de store <a href="http://www.bekkelund.net/2010/12/08/lokasjonsdata-og-datalagringsdirektivet/">operatørene og tilbyderne sier nei</a>, av tekniske og personvernmessige årsaker</li>
+</ul>
+
+<p>Jeg liker å tro at jeg er en hyggelig fyr. Jeg har et rent
+rulleblad, og med unntak av to fartsbøter har jeg aldri vært en byrde
+for samfunnet. Det akter jeg å fortsette med. Det er mange som meg,
+lovlydige, pliktoppfyllende borgere som aldri vil utgjøre en trussel
+mot noe som helst. Vi synes derfor det er trist og sårende at all vår
+atferd skal overvåkes døgnkontinuerlig.</p>
+
+<p><strong>Understøttet av faglige vurderinger kan du trygt si nei til
+<acronym title="Datalagringsdirektivet">DLD</acronym>.</strong></p>
+
+<p><a href="http://www.bekkelund.net/kontakt/">Ta kontakt med meg</a>
+hvis du har spørsmål om <acronym
+title="Datalagringsdirektivet">DLD</acronym>, uansett hva det måtte
+gjelde.</p>
+
+<p class="info">Denne teksten er å anse som <a
+href="http://creativecommons.org/licenses/publicdomain/"><em>Public
+Domain</em></a>. Spre den videre til alle som kan ha nytte av
+den!</p>
+</blockquote></p>
+
+<p>Siste <a href="http://www.nettavisen.no/it/article3043918.ece">melding
+fra Nettavisen</a> er at regjeringen planlegger å fremme sitt forslag
+til implementering av datalagringsdirektivet i morgen, i ly av
+fredprisutdelingen for å få minst mulig pressedekning om saken. Vi
+får snart se om det stemmer.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html">jXplorer, a very nice LDAP GUI</a></div>
- <div class="date">2010-07-09 12:55</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Student_group_continue_the_work_on_my_Reprap_3D_printer.html">Student group continue the work on my Reprap 3D printer</a></div>
+ <div class="date">2010-12-09 19:30</div>
<div class="body">
-<p>Since
-<a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">my
-last post</a> about available LDAP tools in Debian, I was told about a
-LDAP GUI that is even better than luma. The java application
-<a href="http://jxplorer.org/">jXplorer</a> is claimed to be capable of
-moving LDAP objects and subtrees using drag-and-drop, and can
-authenticate using Kerberos. I have only tested the Kerberos
-authentication, but do not have a LDAP setup allowing me to rewrite
-LDAP with my test user yet. It is
-<a href="http://packages.qa.debian.org/j/jxplorer.html">available in
-Debian</a> testing and unstable at the moment. The only problem I
-have with it is how it handle errors. If something go wrong, its
-non-intuitive behaviour require me to go through some query work list
-and remove the failing query. Nothing big, but very annoying.</p>
+<p>A few days ago, I was introduces to some students in the robot
+student assosiation <a href="http://www.robotica.no/">Robotica
+Osloensis</a> at the University of Oslo where I work, who planned to
+get their own 3D printer. They wanted to learn from me based on my
+work in the area. After having a short lunch meeting with them, I
+offered them to borrow my reprap kit, as I never had time to complete
+the build and this seem unlike to change any time soon. I look
+forward to see how this goes. This monday their volunteer driver
+picked up my kit and drove it to their lab, and tomorrow I am told the
+last exam is over so they can start work on getting the 3D printer
+operational.</p>
+
+<p>The robotic group have already build several robots on their own,
+and seem capable of getting the reprap operational. I really look
+forward to being able to print all the cool 3D designs published on
+<a href="http://www.thingiverse.com/">Thingiverse</a>. I even got
+some 3D scans I got made during Dagen@IFI when one of the groups at
+the computer science department at the university demonstrated their
+very cool 3D scanner.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html">MS Word krøller det til for politiet?</a></div>
- <div class="date">2010-07-08 14:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_Edu_development_gathering_and_General_Assembly_for_FRiSK.html">Debian Edu development gathering and General Assembly for FRiSK</a></div>
+ <div class="date">2010-11-29 18:40</div>
<div class="body">
-<p>De siste dagene har Aftenposten
-<a href="http://www.aftenposten.no/nyheter/iriks/article3718597.ece">fortalt</a>
-<a href="http://www.aftenposten.no/nyheter/iriks/article3724249.ece">hvordan</a>
-politet har brukt skriveverktøy som ikke håndterer arabisk tekst og
-tekst som skal skrives fra høyre mot venstre når de har laget
-løpeseddel for å be om informasjon fra publikum. Resultatet har vært
-en uleselig arabisk-bit på løpeseddelen. Feilen har oppstått når
-teksten har blitt "kopiert inn i programvare som ikke har støtte for
-språk som skrives fra høyre mot venstre", og jeg er ganske sikker på
-at det er snakk om Microsoft Office i dette tilfellet. Er det slik at
-MS Office i norsk språkdrakt ikke har støtte for tekst som skal
-skrives fra høyre mot venstre? Jeg tror alle utgaver av
-OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å
-la slik støtte finnes i alle utgaver av et program hvis støtten først
-er utviklet. Aftenpostens melding får meg til å undre om problemet
-ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS
-Office.</p>
-
-<p>Mon tro om det er flere eksempler på at MS Office har ødelagt for
-offentlig myndighet?</p>
+<p>On friday, the first Debian Edu / Skolelinux
+<a href="http://www.friprogramvareiskolen.no/Gathering/2010-12-03-05-Oslo">development
+gathering</a> in a long time take place here in Oslo, Norway. I
+really look forward to seeing all the good people working on the
+Squeeze release. The gathering is open for everyone interested in
+learning more about Debian Edu / Skolelinux.</p>
+
+<p>On Saturday, the Norwegian member organization taking care of
+organizing these development gatherings, Fri Programvare i Skolen,
+will hold its
+<a href="http://friprogramvareiskolen.no/Genfors/2010">General Assembly
+for 2010</a>. Membership is open for all, and currently there are 388
+people registered as members. Last year 32 members cast their vote in
+the memberdb based election system. I hope more people find time to
+vote this year.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html">Lenny->Squeeze upgrades, apt vs aptitude with the Gnome desktop</a></div>
- <div class="date">2010-07-03 23:55</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Why_isn_t_Debian_Edu_using_VLC_.html">Why isn't Debian Edu using VLC?</a></div>
+ <div class="date">2010-11-27 11:30</div>
<div class="body">
-<p>Here is a short update on my <a
-href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">my
-Debian Lenny->Squeeze upgrade testing</a>. Here is a summary of the
-difference for Gnome when it is upgraded by apt-get and aptitude. I'm
-not reporting the status for KDE, because the upgrade crashes when
-aptitude try because of missing conflicts
-(<a href="http://bugs.debian.org/584861">#584861</a> and
-<a href="http://bugs.debian.org/585716">#585716</a>).</p>
-
-<p>At the end of the upgrade test script, dpkg -l is executed to get a
-complete list of the installed packages. Based on this I see these
-differences when I did a test run today. As usual, I do not really
-know what the correct set of packages would be, but thought it best to
-publish the difference.</p>
-
-<p>Installed using apt-get, missing with aptitude</p>
-
-<blockquote><p>
- at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
- libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
- libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
- libgtksourceview-common libpt-1.10.10-plugins-alsa
- libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
- libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
- python-4suite-xml python-eggtrayicon python-gtkhtml2
- python-gtkmozembed svgalibg1 xserver-xephyr zip
-</p></blockquote>
-
-<p>Installed using apt-get, removed with aptitude</p>
-
-<blockquote><p>
- bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
- gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
- libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
- libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
- libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
- libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
- libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
- libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
- libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
- libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
- libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
- libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
- libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
- libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
- libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
- libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
- libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
- libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
- libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
- mysql-common swfdec-gnome totem-gstreamer wodim
-</p></blockquote>
-
-<p>Installed using aptitude, missing with apt-get</p>
-
-<blockquote><p>
- gnome gnome-desktop-environment hamster-applet python-gnomeapplet
- python-gnomekeyring python-wnck rhythmbox-plugins xorg
- xserver-xorg-input-all xserver-xorg-input-evdev
- xserver-xorg-input-kbd xserver-xorg-input-mouse
- xserver-xorg-input-synaptics xserver-xorg-video-all
- xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
- xserver-xorg-video-chips xserver-xorg-video-cirrus
- xserver-xorg-video-dummy xserver-xorg-video-fbdev
- xserver-xorg-video-glint xserver-xorg-video-i128
- xserver-xorg-video-i740 xserver-xorg-video-mach64
- xserver-xorg-video-mga xserver-xorg-video-neomagic
- xserver-xorg-video-nouveau xserver-xorg-video-nv
- xserver-xorg-video-r128 xserver-xorg-video-radeon
- xserver-xorg-video-radeonhd xserver-xorg-video-rendition
- xserver-xorg-video-s3 xserver-xorg-video-s3virge
- xserver-xorg-video-savage xserver-xorg-video-siliconmotion
- xserver-xorg-video-sis xserver-xorg-video-sisusb
- xserver-xorg-video-tdfx xserver-xorg-video-tga
- xserver-xorg-video-trident xserver-xorg-video-tseng
- xserver-xorg-video-vesa xserver-xorg-video-vmware
- xserver-xorg-video-voodoo
-</p></blockquote>
-
-<p>Installed using aptitude, removed with apt-get</p>
-
-<blockquote><p>
- deskbar-applet xserver-xorg xserver-xorg-core
- xserver-xorg-input-wacom xserver-xorg-video-intel
- xserver-xorg-video-openchrome
-</p></blockquote>
-
-<p>I was told on IRC that the xorg-xserver package was
-<a href="http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120">changed
-in git</a> today to try to get apt-get to not remove xorg completely.
-No idea when it hits Squeeze, but when it does I hope it will reduce
-the difference somewhat.
+<p>In the latest issue of Linux Journal, the readers choices were
+presented, and the winner among the multimedia player were VLC.
+Personally, I like VLC, and it is my player of choice when I first try
+to play a video file or stream. Only if VLC fail will I drag out
+gmplayer to see if it can do better. The reason is mostly the failure
+model and trust. When VLC fail, it normally pop up a error message
+reporting the problem. When mplayer fail, it normally segfault or
+just hangs. The latter failure mode drain my trust in the program.<p>
+
+<p>But even if VLC is my player of choice, we have choosen to use
+mplayer in <a href="http://www.skolelinux.org/">Debian
+Edu/Skolelinux</a>. The reason is simple. We need a good browser
+plugin to play web videos seamlessly, and the VLC browser plugin is
+not very good. For example, it lack in-line control buttons, so there
+is no way for the user to pause the video. Also, when I
+<a href="http://wiki.debian.org/DebianEdu/BrowserMultimedia">last
+tested the browser plugins</a> available in Debian, the VLC plugin
+failed on several video pages where mplayer based plugins worked. If
+the browser plugin for VLC was as good as the gecko-mediaplayer
+package (which uses mplayer), we would switch.</P>
+
+<p>While VLC is a good player, its user interface is slightly
+annoying. The most annoying feature is its inconsistent use of
+keyboard shortcuts. When the player is in full screen mode, its
+shortcuts are different from when it is playing the video in a window.
+For example, space only work as pause when in full screen mode. I
+wish it had consisten shortcuts and that space also would work when in
+window mode. Another nice shortcut in gmplayer is [enter] to restart
+the current video. It is very nice when playing short videos from the
+web and want to restart it when new people arrive to have a look at
+what is going on.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html">Caching password, user and group on a roaming Debian laptop</a></div>
- <div class="date">2010-07-01 11:40</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/DND_hedrer_overv__kning_av_barn_med_Rosingsprisen.html">DND hedrer overvåkning av barn med Rosingsprisen</a></div>
+ <div class="date">2010-11-23 14:15</div>
<div class="body">
-<p>For a laptop, centralized user directories and password checking is
-a bit troubling. Laptops are typically used also when not connected
-to the network, and it is vital for a user to be able to log in or
-unlock the screen saver also when a central server is unavailable.
-This is possible by caching passwords and directory information (user
-and group attributes) locally, and the packages to do so are available
-in Debian. Here follow two recipes to set this up in Debian/Squeeze.
-It is also possible to set up in Debian/Lenny, but require more manual
-setup there because pam-auth-update is missing in Lenny.</p>
-
-<h2>LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir</h2>
-
-This is the traditional method with a twist. The password caching is
-provided by libpam-ccreds (version 10-4 or later is needed on
-Squeeze), and the directory caching is done by nscd. The directory
-lookup and password checking is done using LDAP. If one want to use
-Kerberos for password checking the libpam-ldapd package can be
-replaced with libpam-krb5 or libpam-heimdal. If one is happy having a
-local home directory with the path listed in LDAP, one can use the
-pam_mkhomedir module from pam-modules to make this happen instead of
-using libpam-mklocaluser. A setup for pam-auth-update to enable
-pam_mkhomedir will have to be written until a fix for
-<a href="http://bugs.debian.org/568577">bug #568577</a> is in the
-archive. Because I believe it is a bad idea to have local home
-directories using misleading paths like /site/server/partition/, I
-prefer to create a local user with the home directory in /home/. This
-is done using the libpam-mklocaluser package.</p>
-
-<p>These packages need to be installed and configured</p>
-
-<blockquote><pre>
-libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
-</pre></blockquote>
-
-<p>The ldapd packages will ask for LDAP connection information, and
-one have to fill in the values that fits ones own site. Make sure the
-PAM part uses encrypted connections, to make sure the password is not
-sent in clear text to the LDAP server. I've been unable to get TLS
-certificate checking for a self signed certificate working, which make
-LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
-is talking to the correct LDAP server), and very much welcome feedback
-on how to get this working.</p>
-
-<p>Because nscd do not have a default configuration fit for offline
-caching until <a href="http://bugs.debian.org/485282">bug #485282</a>
-is fixed, this configuration should be used instead of the one
-currently in /etc/nscd.conf. The changes are in the fields
-reload-count and positive-time-to-live, and is based on the
-instructions I found in the
-<a href="http://www.flyn.org/laptopldap/">LDAP for Mobile Laptops</a>
-instructions by Flyn Computing.</p>
-
-<blockquote><pre>
- debug-level 0
- reload-count unlimited
- paranoia no
-
- enable-cache passwd yes
- positive-time-to-live passwd 2592000
- negative-time-to-live passwd 20
- suggested-size passwd 211
- check-files passwd yes
- persistent passwd yes
- shared passwd yes
- max-db-size passwd 33554432
- auto-propagate passwd yes
-
- enable-cache group yes
- positive-time-to-live group 2592000
- negative-time-to-live group 20
- suggested-size group 211
- check-files group yes
- persistent group yes
- shared group yes
- max-db-size group 33554432
- auto-propagate group yes
-
- enable-cache hosts no
- positive-time-to-live hosts 2592000
- negative-time-to-live hosts 20
- suggested-size hosts 211
- check-files hosts yes
- persistent hosts yes
- shared hosts yes
- max-db-size hosts 33554432
-
- enable-cache services yes
- positive-time-to-live services 2592000
- negative-time-to-live services 20
- suggested-size services 211
- check-files services yes
- persistent services yes
- shared services yes
- max-db-size services 33554432
-</pre></blockquote>
-
-<p>While we wait for a mechanism to update /etc/nsswitch.conf
-automatically like the one provided in
-<a href="http://bugs.debian.org/496915">bug #496915</a>, the file
-content need to be manually replaced to ensure LDAP is used as the
-directory service on the machine. /etc/nsswitch.conf should normally
-look like this:</p>
-
-<blockquote><pre>
-passwd: files ldap
-group: files ldap
-shadow: files ldap
-hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
-networks: files
-protocols: files
-services: files
-ethers: files
-rpc: files
-netgroup: files ldap
-</pre></blockquote>
-
-<p>The important parts are that ldap is listed last for passwd, group,
-shadow and netgroup.</p>
-
-<p>With these changes in place, any user in LDAP will be able to log
-in locally on the machine using for example kdm, get a local home
-directory created and have the password as well as user and group
-attributes cached.
-
-<h2>LDAP/Kerberos + nss-updatedb + libpam-ccreds +
- libpam-mklocaluser/pam_mkhomedir</h2>
-
-<p>Because nscd have had its share of problems, and seem to have
-problems doing proper caching, I've seen suggestions and recipes to
-use nss-updatedb to copy parts of the LDAP database locally when the
-LDAP database is available. I have not tested such setup, because I
-discovered sssd.</p>
-
-<h2>LDAP/Kerberos + sssd + libpam-mklocaluser</h2>
-
-<p>A more flexible and robust setup than the nscd combination
-mentioned earlier that has shown up recently, is the
-<a href="https://fedorahosted.org/sssd/">sssd</a> package from Redhat.
-It is part of the <a href="http://www.freeipa.org/">FreeIPA</A> project
-to provide a Active Directory like directory service for Linux
-machines. The sssd system combines the caching of passwords and user
-information into one package, and remove the need for nscd and
-libpam-ccreds. It support LDAP and Kerberos, but not NIS. Version
-1.2 do not support netgroups, but it is said that it will support this
-in version 1.5 expected to show up later in 2010. Because the
-<a href="http://packages.qa.debian.org/s/sssd.html">sssd package</a>
-was missing in Debian, I ended up co-maintaining it with Werner, and
-version 1.2 is now in testing.
-
-<p>These packages need to be installed and configured to get the
-roaming setup I want</p>
-
-<blockquote><pre>
-libpam-sss libnss-sss libpam-mklocaluser
-</pre></blockquote>
-
-The complete setup of sssd is done by editing/creating
-<tt>/etc/sssd/sssd.conf</tt>.
-
-<blockquote><pre>
-[sssd]
-config_file_version = 2
-reconnection_retries = 3
-sbus_timeout = 30
-services = nss, pam
-domains = INTERN
-
-[nss]
-filter_groups = root
-filter_users = root
-reconnection_retries = 3
-
-[pam]
-reconnection_retries = 3
-
-[domain/INTERN]
-enumerate = false
-cache_credentials = true
-
-id_provider = ldap
-auth_provider = ldap
-chpass_provider = ldap
-
-ldap_uri = ldap://ldap
-ldap_search_base = dc=skole,dc=skolelinux,dc=no
-ldap_tls_reqcert = never
-ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
-</pre></blockquote>
-
-<p>I got the same problem here with certificate checking. Had to set
-"ldap_tls_reqcert = never" to get it working.</p>
-
-<p>With the libnss-sss package in testing at the moment, the
-nsswitch.conf file is update automatically, so there is no need to
-modify it manually.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>Jeg registrerer med vond smak i munnen at Den Norske Dataforening
+<a
+href="http://www.dataforeningen.no/hedret-med-rosingprisen.4849070-133913.html">hedrer
+overvåkning av barn med Rosingsprisen for kreativitet i år</a>. Jeg
+er glad jeg nå er meldt ut av DND.</p>
+
+<p>Å elektronisk overvåke sine barn er ikke å gjøre dem en tjeneste,
+men et overgrep mot individer i utvikling som bør læres opp til å ta
+egne valg.</p>
+
+<p>For å sitere Datatilsynets nye leder, Bjørn Erik Thon, i
+<a href="http://www.idg.no/computerworld/article174262.ece">et intervju
+med Computerworld Norge</A>:</p>
+
+<p><blockquote>
+- For alle som har barn, meg selv inkludert, er førstetanken at det
+hadde vært fint å vite hvor barnet sitt er til enhver tid. Men ungene
+har ikke godt av det. De er små individer som skal søke rundt og finne
+sine små gjemmesteder og utvide horisonten, uten at foreldrene ser dem
+i kortene. Det kan være fristende, men jeg ville ikke gått inn i
+dette.
+</blockquote></p>
+
+<p>Det er skremmende å se at DND mener en tjeneste som legger opp til
+slike overgrep bør hedres. Å flytte oppveksten for barn inn i en
+virtuell
+<a href="http://en.wikipedia.org/wiki/Panopticon">Panopticon</a> er et
+grovt overgrep og vil gjøre skade på barnenes utvikling, og foreldre
+burde tenke seg godt om før de gir etter for sine instinkter her.</p>
+
+<p>Blipper-tjenesten får meg til å tenke på bøkene til
+<a href="http://en.wikipedia.org/wiki/John_Twelve_Hawks">John Twelve
+Hawks</a>, som forbilledlig beskriver hvordan et totalitært
+overvåkningssamfunn bygges sakte men sikkert rundt oss, satt sammen av
+gode intensjoner og manglende bevissthet om hvilke prinsipper et
+liberalt demokrati er fundamentert på. Jeg har hatt stor glede av å
+lese alle de tre bøkene.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (10)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (7)</a></li>
</ul></li>
<h2>Tags</h2>
<ul>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (2)</a></li>
+
<li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (34)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (46)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (35)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (53)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (49)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (77)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (8)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (3)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (5)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (11)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (94)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (71)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (114)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (86)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (18)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (31)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (22)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (13)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (16)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (16)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (14)</a></li>
</ul>
projects / homepage.git / blobdiff