Update drafts.

[homepage.git] / blog / index.rss

diff --git a/blog/index.rss b/blog/index.rss
index 884e322ab727909e03da9b17ae5d6429dec59ce8..961899c3d63e00993d5b54f9a563818c568c3fed 100644 (file)
--- a/blog/index.rss
+++ b/blog/index.rss
@@ -7,497 +7,652 @@
                 <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
                 <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>

-               <title>Ã\85pne trÃ¥dløsnett er et samfunnsgode</title>
-               <link>http://people.skolelinux.org/pere/blog/____pne_tr____dl____snett_er_et_samfunnsgode.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/____pne_tr____dl____snett_er_et_samfunnsgode.html</guid>
-                <pubDate>Sat, 12 Jun 2010 12:45:00 +0200</pubDate>
+               <title>Idea for storing LTSP configuration in LDAP</title>
+               <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</guid>
+                <pubDate>Sun, 11 Jul 2010 22:00:00 +0200</pubDate>

                <description>
                <description>

-&lt;p&gt;Veldig glad for å oppdage via
-&lt;a href=&quot;http://yro.slashdot.org/story/10/06/11/1841256/Finland-To-Legalize-Use-of-Unsecured-Wi-Fi&quot;&gt;Slashdot&lt;/a&gt;
-at folk i Finland har forstått at åpne trådløsnett er et samfunnsgode.
-Jeg ser på åpne trådløsnett som et fellesgode på linje med retten til
-ferdsel i utmark og retten til å bevege seg i strandsonen.  Jeg har
-glede av åpne trådløsnett når jeg finner dem, og deler gladelig nett
-med andre så lenge de ikke forstyrrer min bruk av eget nett.
-Nettkapasiteten er sjelden en begrensning ved normal browsing og enkel
-SSH-innlogging (som er min vanligste nettbruk), og nett kan brukes til
-så mye positivt og nyttig (som nyhetslesing, sjekke været, kontakte
-slekt og venner, holde seg oppdatert om politiske saker, kontakte
-organisasjoner og politikere, etc), at det for meg er helt urimelig å
-blokkere dette for alle som ikke gjør en flue fortred.  De som mener
-at potensialet for misbruk er grunn nok til å hindre all den positive
-og lovlydige bruken av et åpent trådløsnett har jeg dermed ingen
-forståelse for.  En kan ikke eksistensen av forbrytere styre hvordan
-samfunnet skal organiseres.  Da får en et kontrollsamfunn de færreste
-ønsker å leve i, og det at vi har et samfunn i Norge der tilliten til
-hverandre er høy gjør at samfunnet fungerer ganske godt.  Det bør vi
-anstrenge oss for å beholde.&lt;/p&gt;
-</description>
-       </item>
-       
-       <item>
-               <title>Automatic upgrade testing from Lenny to Squeeze</title>
-               <link>http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html</guid>
-                <pubDate>Fri, 11 Jun 2010 22:50:00 +0200</pubDate>
-               <description>
-&lt;p&gt;The last few days I have done some upgrade testing in Debian, to
-see if the upgrade from Lenny to Squeeze will go smoothly.  A few bugs
-have been discovered and reported in the process
-(&lt;a href=&quot;http://bugs.debian.org/585410&quot;&gt;#585410&lt;/a&gt; in nagios3-cgi,
-&lt;a href=&quot;http://bugs.debian.org/584879&quot;&gt;#584879&lt;/a&gt; already fixed in
-enscript and &lt;a href=&quot;http://bugs.debian.org/584861&quot;&gt;#584861&lt;/a&gt; in
-kdebase-workspace-data), and to get a more regular testing going on, I
-am working on a script to automate the test.&lt;/p&gt;
-
-&lt;p&gt;The idea is to create a Lenny chroot and use tasksel to install a
-Gnome or KDE desktop installation inside the chroot before upgrading
-it.  To ensure no services are started in the chroot, a policy-rc.d
-script is inserted.  To make sure tasksel believe it is to install a
-desktop on a laptop, the tasksel tests are replaced in the chroot
-(only acceptable because this is a throw-away chroot).&lt;/p&gt;
-
-&lt;p&gt;A naive upgrade from Lenny to Squeeze using aptitude dist-upgrade
-currently always fail because udev refuses to upgrade with the kernel
-in Lenny, so to avoid that problem the file /etc/udev/kernel-upgrade
-is created.  The bug report
-&lt;a href=&quot;http://bugs.debian.org/566000&quot;&gt;#566000&lt;/a&gt; make me suspect
-this problem do not trigger in a chroot, but I touch the file anyway
-to make sure the upgrade go well.  Testing on virtual and real
-hardware have failed me because of udev so far, and creating this file
-do the trick in such settings anyway.  This is a
-&lt;a href=&quot;http://www.linuxquestions.org/questions/debian-26/failed-dist-upgrade-due-to-udev-config_sysfs_deprecated-nonsense-804130/&quot;&gt;known
-issue&lt;/a&gt; and the current udev behaviour is intended by the udev
-maintainer because he lack the resources to rewrite udev to keep
-working with old kernels or something like that.  I really wish the
-udev upstream would keep udev backwards compatible, to avoid such
-upgrade problem, but given that they fail to do so, I guess
-documenting the way out of this mess is the best option we got for
-Debian Squeeze.&lt;/p&gt;
-
-&lt;p&gt;Anyway, back to the task at hand, testing upgrades.  This test
-script, which I call &lt;tt&gt;upgrade-test&lt;/tt&gt; for now, is doing the
-trick:&lt;/p&gt;
+&lt;p&gt;Vagrant mentioned on IRC today that ltsp_config now support
+sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
+clients, and that this can be used to fetch configuration from LDAP if
+Debian Edu choose to store configuration there.&lt;/p&gt;

 
 

-&lt;blockquote&gt;&lt;pre&gt;
-#!/bin/sh
-set -ex
+&lt;p&gt;Armed with this information, I got inspired and wrote a test module
+to get configuration from LDAP.  The idea is to look up the MAC
+address of the client in LDAP, and look for attributes on the form
+ltspconfigsetting=value, and use this to export SETTING=value to the
+LTSP clients.&lt;/p&gt;

 
 

-if [ &quot;$1&quot; ] ; then
-    desktop=$1
-else
-    desktop=gnome
-fi
+&lt;p&gt;The goal is to be able to store the LTSP configuration attributes
+in a &quot;computer&quot; LDAP object used by both DNS and DHCP, and thus
+allowing us to store all information about a computer in one place.&lt;/p&gt;
+
+&lt;p&gt;This is a untested draft implementation, and I welcome feedback on
+this approach.  A real LDAP schema for the ltspClientAux objectclass
+need to be written.  Comments, suggestions, etc?&lt;/p&gt;

 
 

-from=lenny
-to=squeeze
-
-exec &amp;lt; /dev/null
-unset LANG
-mirror=http://ftp.skolelinux.org/debian
-tmpdir=chroot-$from-upgrade-$to-$desktop
-fuser -mv .
-debootstrap $from $tmpdir $mirror
-chroot $tmpdir aptitude update
-cat &gt; $tmpdir/usr/sbin/policy-rc.d &amp;lt;&amp;lt;EOF
-#!/bin/sh
-exit 101
-EOF
-chmod a+rx $tmpdir/usr/sbin/policy-rc.d
-exit_cleanup() {
-    umount $tmpdir/proc
-}
-mount -t proc proc $tmpdir/proc
-# Make sure proc is unmounted also on failure
-trap exit_cleanup EXIT INT
-
-chroot $tmpdir aptitude -y install debconf-utils
-
-# Make sure tasksel autoselection trigger.  It need the test scripts
-# to return the correct answers.
-echo tasksel tasksel/desktop multiselect $desktop | \
-    chroot $tmpdir debconf-set-selections
-
-# Include the desktop and laptop task
-for test in desktop laptop ; do
-    echo &gt; $tmpdir/usr/lib/tasksel/tests/$test &amp;lt;&amp;lt;EOF
-#!/bin/sh
-exit 2
-EOF
-    chmod a+rx $tmpdir/usr/lib/tasksel/tests/$test
-done
-
-DEBIAN_FRONTEND=noninteractive
-DEBIAN_PRIORITY=critical
-export DEBIAN_FRONTEND DEBIAN_PRIORITY
-chroot $tmpdir tasksel --new-install
-
-echo deb $mirror $to main &gt; $tmpdir/etc/apt/sources.list
-chroot $tmpdir aptitude update
-touch $tmpdir/etc/udev/kernel-upgrade
-chroot $tmpdir aptitude -y dist-upgrade
-fuser -mv
+&lt;blockquote&gt;&lt;pre&gt;
+# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
+#
+# Fetch LTSP client settings from LDAP based on MAC address
+#
+# Uses ethernet address as stored in the dhcpHost objectclass using
+# the dhcpHWAddress attribute or ethernet address stored in the
+# ieee802Device objectclass with the macAddress attribute.
+#
+# This module is written to be schema agnostic, and only depend on the
+# existence of attribute names.
+#
+# The LTSP configuration variables are saved directly using a
+# ltspConfig prefix and uppercasing the rest of the attribute name.
+# To set the SERVER variable, set the ltspConfigServer attribute.
+#
+# Some LDAP schema should be created with all the relevant
+# configuration settings.  Something like this should work:
+# 
+# objectclass ( 1.1.2.2 NAME &#39;ltspClientAux&#39;
+#     SUP top
+#     AUXILIARY
+#     MAY ( ltspConfigServer $ ltsConfigSound $ ... )
+
+LDAPSERVER=$(debian-edu-ldapserver)
+if [ &quot;$LDAPSERVER&quot; ] ; then
+    LDAPBASE=$(debian-edu-ldapserver -b)
+    for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk &#39;{print $5}&#39;|sort -u) ; do
+       filter=&quot;(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))&quot;
+       ldapsearch -h &quot;$LDAPSERVER&quot; -b &quot;$LDAPBASE&quot; -v -x &quot;$filter&quot; | \
+           grep &#39;^ltspConfig&#39; | while read attr value ; do
+           # Remove prefix and convert to upper case
+           attr=$(echo $attr | sed &#39;s/^ltspConfig//i&#39; | tr a-z A-Z)
+           # bass value on to clients
+           eval &quot;$attr=$value; export $attr&quot;
+       done
+    done
+fi

 &lt;/pre&gt;&lt;/blockquote&gt;
 
 &lt;/pre&gt;&lt;/blockquote&gt;
 

-&lt;p&gt;I suspect it would be useful to test upgrades with both apt-get and
-with aptitude, but I have not had time to look at how they behave
-differently so far.  I hope to get a cron job running to do the test
-regularly and post the result on the web.  The Gnome upgrade currently
-work, while the KDE upgrade fail because of the bug in
-kdebase-workspace-data&lt;/p&gt;
-
-&lt;p&gt;I am not quite sure what kind of extract from the huge upgrade logs
-(KDE 167 KiB, Gnome 516 KiB) it make sense to include in this blog
-post, so I will refrain from trying.  I can report that for Gnome,
-aptitude report 760 packages upgraded, 448 newly installed, 129 to
-remove and 1 not upgraded and 1024MB need to be downloaded while for
-KDE the same numbers are 702 packages upgraded, 507 newly installed,
-193 to remove and 0 not upgraded and 1117MB need to be downloaded&lt;/p&gt;
-
-&lt;p&gt;I am very happy to notice that the Gnome desktop + laptop upgrade
-is able to migrate to dependency based boot sequencing and parallel
-booting without a hitch.  Was unsure if there were still bugs with
-packages failing to clean up their obsolete init.d script during
-upgrades, and no such problem seem to affect the Gnome desktop+laptop
-packages.&lt;/p&gt;
+&lt;p&gt;I&#39;m not sure this shell construction will work, because I suspect
+the while block might end up in a subshell causing the variables set
+there to not show up in ltsp-config, but if that is the case I am sure
+the code can be restructured to make sure the variables are passed on.
+I expect that can be solved with some testing. :)&lt;/p&gt;
+
+&lt;p&gt;If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Skolelinux er laget for sentraldrifting, naturligvis</title>
-               <link>http://people.skolelinux.org/pere/blog/Skolelinux_er_laget_for_sentraldrifting__naturligvis.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Skolelinux_er_laget_for_sentraldrifting__naturligvis.html</guid>
-                <pubDate>Wed, 9 Jun 2010 12:30:00 +0200</pubDate>
+               <title>jXplorer, a very nice LDAP GUI</title>
+               <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</guid>
+                <pubDate>Fri, 9 Jul 2010 12:55:00 +0200</pubDate>

                <description>
                <description>

-&lt;p&gt;Det er merkelig hvordan myter om Skolelinux overlever.  En slik
-myte er at Skolelinux ikke kan sentraldriftes og ha sentralt plasserte
-tjenermaskiner.  I siste Computerworld Norge er
-&lt;a href=&quot;http://www.idg.no/computerworld/article169432.ece&quot;&gt;IT-sjef
-Viggo Billdal i Steinkjer intervjuet&lt;/a&gt;, og forteller uten
-blygsel:&lt;/p&gt;
-
-&lt;blockquote&gt;&lt;p&gt;Vi hadde Skolelinux, men det har vi sluttet med. Vi testet
-om det lønte seg med Microsoft eller en åpen plattform. Vi fant ut at
-Microsoft egentlig var totalt sett bedre egnet. Det var store
-driftskostnader med Skolelinux, blant annet på grunn av
-desentraliserte servere. Det var komplisert, så vi gikk vekk fra det
-og bruker nå bare Windows.&lt;/p&gt;&lt;/blockquote&gt;
-
-&lt;p&gt;En &lt;a
-href=&quot;https://init.linpro.no/pipermail/skolelinux.no/bruker/2010-June/009101.html&quot;&gt;rask
-sjekk&lt;/a&gt; mot den norske brukerlista i Skolelinuxprosjektet forteller
-at Steinkjers forsøk foregikk fram til 2004/2005, og at Røysing skole
-i Steinkjer skal ha vært svært fornøyd med Skolelinux men at kommunen
-overkjørte skolen og krevde at de gikk over til Windows.  Et søk på
-nettet sendte meg til
-&lt;a href=&quot;http://www.dn.no/multimedia/archive/00090/Dagens_it_nr__18_90826a.pdf&quot;&gt;Dagens
-IT nr. 18 2005&lt;/a&gt; hvor en kan lese på side 18:&lt;/p&gt;
-
-&lt;blockquote&gt;&lt;p&gt;Inge Tømmerås ved Røysing skole i Steinkjer kjører ennå
-Microsoft, men forteller at kompetanseutfordringen med Skolelinux ikke
-var så stor.  ­ Jeg syntes Skolelinux var utrolig lett å drifte uten
-forkunnskaper. Men man må jo selvsagt ha tilgang på ekstern kompetanse
-til installasjoner og maskinvarefeil, sier Tømmerås.&lt;/p&gt;&lt;/blockquote&gt;
-
-&lt;p&gt;Som systemarkitekten bak Skolelinux, kan jeg bare riste på hodet
-over påstanden om at Skolelinux krever desentraliserte tjenere.
-Skolelinux-arkitekturen er laget for sentralisert drift og plassering
-av tjenerne lokalt eller sentralt alt etter behov og nettkapasitet.
-Den er modellert på nettverks- og tjenerløsningen som brukes på
-Universitetet i Tromsø og Oslo, der jeg jobber med utvikling av
-driftstjenester.  Dette er det heldigvis noen som har fått med seg, og
-jeg er glad for å kunne sitere fra en kommentar på den overnevnte
-artikkelen.  Min venn og gamle kollega Sturle Sunde forteller der:
-
-&lt;blockquote&gt;
-&lt;p&gt;I Flora kommune køyrer vi Skulelinux på skular med alt frå 15 til
-meir enn 500 elevar. Dei store skulane har eigen tenar, for det er
-mest praktisk. Eg, som er driftsansvarleg for heile nettet, ser
-sjeldan dei tenarane fysisk, men at dei står der gjer skulane mindre
-avhengige av eksterne linjer som er trege eller dyre. Dei minste
-skulane har ikkje eigen tenar. Å bruke sentral tenar er heller ikkje
-noko problem. Småskulane klarar seg fint med 1 mbit-linje til ein
-sentral tenar eller tenaren på ein større skule.&lt;/p&gt;
-
-&lt;p&gt;Det beste med Skulelinux er halvtjukke klientar. Dei treng ikkje
-harddisk og brukar minimalt med ressursar på tenaren fordi dei køyrer
-programma lokalt. Eit klasserom med 30 sju-åtte år gamle maskiner har
-mykje meir CPU og RAM totalt enn nokon moderne tenar til under
-millionen. Det trengst to kommandoar på den sentrale tenaren for å
-oppdatere alle klientane, både tynne og halvtjukke. Vi har ingen
-problem med diskar som ryk heller, som var eit problem før fordi
-elevane sat og sparka i maskinene. Og dei krev lite bandbreidde i
-nettet, so det er fullt mogleg å køyre slike på småskular med trege
-linjer mot tenaren på ein større skule.&lt;/p&gt;
-
-&lt;p&gt;Flora kommune har nesten 800 Linux-maskiner i sitt skulenett, og
-ein person som tek seg av drift av heile nettet, inkludert tenarar,
-klientar, operativsystem, programvare, heimekontorløysing og
-administrasjon av brukarar.&lt;/p&gt;
-
-&lt;p&gt;No skal det seiast at vi ikkje køyrer rein Skulelinux ut av
-boksen. Vi har gjort ein del tilpassingar mot noko Novell-greier som
-var der frå før, og som har komplisert installasjonen vår. Etter at
-oppsettet var gjort har løysinga vore stabil og kravd minimalt med
-arbeid.&lt;/p&gt;
-&lt;/blockquote&gt;
-
-&lt;p&gt;Jeg vet at Narvik, Harstad og Oslo er kommuner der Skolelinux
-sentraldriftes med sentrale tjenere.  Det forteller meg at Steinkjers
-IT-sjef neppe bør skylde på Skolelinux-løsningen for sine 5 år gamle
-minner.&lt;/p&gt;
+&lt;p&gt;Since
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html&quot;&gt;my
+last post&lt;/a&gt; about available LDAP tools in Debian, I was told about a
+LDAP GUI that is even better than luma.  The java application
+&lt;a href=&quot;http://jxplorer.org/&quot;&gt;jXplorer&lt;/a&gt; is claimed to be capable of
+moving LDAP objects and subtrees using drag-and-drop, and can
+authenticate using Kerberos.  I have only tested the Kerberos
+authentication, but do not have a LDAP setup allowing me to rewrite
+LDAP with my test user yet.  It is
+&lt;a href=&quot;http://packages.qa.debian.org/j/jxplorer.html&quot;&gt;available in
+Debian&lt;/a&gt; testing and unstable at the moment.  The only problem I
+have with it is how it handle errors.  If something go wrong, its
+non-intuitive behaviour require me to go through some query work list
+and remove the failing query.  Nothing big, but very annoying.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Upstart or sysvinit - as init.d scripts see it</title>
-               <link>http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Upstart_or_sysvinit___as_init_d_scripts_see_it.html</guid>
-                <pubDate>Sun, 6 Jun 2010 23:55:00 +0200</pubDate>
+               <title>MS Word krøller det til for politiet?</title>
+               <link>http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</guid>
+                <pubDate>Thu, 8 Jul 2010 14:00:00 +0200</pubDate>

                <description>
                <description>

-&lt;p&gt;If Debian is to migrate to upstart on Linux, I expect some init.d
-scripts to migrate (some of) their operations to upstart job while
-keeping the init.d for hurd and kfreebsd.  The packages with such
-needs will need a way to get their init.d scripts to behave
-differently when used with sysvinit and with upstart.  Because of
-this, I had a look at the environment variables set when a init.d
-script is running under upstart, and when it is not.&lt;/p&gt;
-
-&lt;p&gt;With upstart, I notice these environment variables are set when a
-script is started from rcS.d/ (ignoring some irrelevant ones like
-COLUMNS):&lt;/p&gt;
+&lt;p&gt;De siste dagene har Aftenposten
+&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/article3718597.ece&quot;&gt;fortalt&lt;/a&gt;
+&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/article3724249.ece&quot;&gt;hvordan&lt;/a&gt;
+politet har brukt skriveverktøy som ikke håndterer arabisk tekst og
+tekst som skal skrives fra høyre mot venstre når de har laget
+løpeseddel for å be om informasjon fra publikum.  Resultatet har vært
+en uleselig arabisk-bit på løpeseddelen.  Feilen har oppstått når
+teksten har blitt &quot;kopiert inn i programvare som ikke har støtte for
+språk som skrives fra høyre mot venstre&quot;, og jeg er ganske sikker på
+at det er snakk om Microsoft Office i dette tilfellet.  Er det slik at
+MS Office i norsk språkdrakt ikke har støtte for tekst som skal
+skrives fra høyre mot venstre?  Jeg tror alle utgaver av
+OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å
+la slik støtte finnes i alle utgaver av et program hvis støtten først
+er utviklet.  Aftenpostens melding får meg til å undre om problemet
+ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS
+Office.&lt;/p&gt;
+
+&lt;p&gt;Mon tro om det er flere eksempler på at MS Office har ødelagt for
+offentlig myndighet?&lt;/p&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>Lenny-&gt;Squeeze upgrades, apt vs aptitude with the Gnome desktop</title>
+               <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</guid>
+                <pubDate>Sat, 3 Jul 2010 23:55:00 +0200</pubDate>
+               <description>
+&lt;p&gt;Here is a short update on my &lt;a
+href=&quot;http://people.skolelinux.org/~pere/debian-upgrade-testing/&quot;&gt;my
+Debian Lenny-&gt;Squeeze upgrade testing&lt;/a&gt;.  Here is a summary of the
+difference for Gnome when it is upgraded by apt-get and aptitude.  I&#39;m
+not reporting the status for KDE, because the upgrade crashes when
+aptitude try because of missing conflicts
+(&lt;a href=&quot;http://bugs.debian.org/584861&quot;&gt;#584861&lt;/a&gt; and
+&lt;a href=&quot;http://bugs.debian.org/585716&quot;&gt;#585716&lt;/a&gt;).&lt;/p&gt;
+
+&lt;p&gt;At the end of the upgrade test script, dpkg -l is executed to get a
+complete list of the installed packages.  Based on this I see these
+differences when I did a test run today.  As usual, I do not really
+know what the correct set of packages would be, but thought it best to
+publish the difference.&lt;/p&gt;
+
+&lt;p&gt;Installed using apt-get, missing with aptitude&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;p&gt;
+  at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
+  libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
+  libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
+  libgtksourceview-common libpt-1.10.10-plugins-alsa
+  libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
+  libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
+  python-4suite-xml python-eggtrayicon python-gtkhtml2
+  python-gtkmozembed svgalibg1 xserver-xephyr zip
+&lt;/p&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;Installed using apt-get, removed with aptitude&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;p&gt;
+  bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
+  gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
+  libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
+  libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
+  libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
+  libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
+  libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
+  libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
+  libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
+  libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
+  libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
+  libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
+  libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
+  libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
+  libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
+  libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
+  libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
+  libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
+  libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
+  mysql-common swfdec-gnome totem-gstreamer wodim
+&lt;/p&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;Installed using aptitude, missing with apt-get&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;p&gt;
+  gnome gnome-desktop-environment hamster-applet python-gnomeapplet
+  python-gnomekeyring python-wnck rhythmbox-plugins xorg
+  xserver-xorg-input-all xserver-xorg-input-evdev
+  xserver-xorg-input-kbd xserver-xorg-input-mouse
+  xserver-xorg-input-synaptics xserver-xorg-video-all
+  xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
+  xserver-xorg-video-chips xserver-xorg-video-cirrus
+  xserver-xorg-video-dummy xserver-xorg-video-fbdev
+  xserver-xorg-video-glint xserver-xorg-video-i128
+  xserver-xorg-video-i740 xserver-xorg-video-mach64
+  xserver-xorg-video-mga xserver-xorg-video-neomagic
+  xserver-xorg-video-nouveau xserver-xorg-video-nv
+  xserver-xorg-video-r128 xserver-xorg-video-radeon
+  xserver-xorg-video-radeonhd xserver-xorg-video-rendition
+  xserver-xorg-video-s3 xserver-xorg-video-s3virge
+  xserver-xorg-video-savage xserver-xorg-video-siliconmotion
+  xserver-xorg-video-sis xserver-xorg-video-sisusb
+  xserver-xorg-video-tdfx xserver-xorg-video-tga
+  xserver-xorg-video-trident xserver-xorg-video-tseng
+  xserver-xorg-video-vesa xserver-xorg-video-vmware
+  xserver-xorg-video-voodoo
+&lt;/p&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;Installed using aptitude, removed with apt-get&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;p&gt;
+  deskbar-applet xserver-xorg xserver-xorg-core
+  xserver-xorg-input-wacom xserver-xorg-video-intel
+  xserver-xorg-video-openchrome
+&lt;/p&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;I was told on IRC that the xorg-xserver package was
+&lt;a href=&quot;http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120&quot;&gt;changed
+in git&lt;/a&gt; today to try to get apt-get to not remove xorg completely.
+No idea when it hits Squeeze, but when it does I hope it will reduce
+the difference somewhat.
+</description>
+       </item>
+       
+       <item>
+               <title>Caching password, user and group on a roaming Debian laptop</title>
+               <link>http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</guid>
+                <pubDate>Thu, 1 Jul 2010 11:40:00 +0200</pubDate>
+               <description>
+&lt;p&gt;For a laptop, centralized user directories and password checking is
+a bit troubling.  Laptops are typically used also when not connected
+to the network, and it is vital for a user to be able to log in or
+unlock the screen saver also when a central server is unavailable.
+This is possible by caching passwords and directory information (user
+and group attributes) locally, and the packages to do so are available
+in Debian.  Here follow two recipes to set this up in Debian/Squeeze.
+It is also possible to set up in Debian/Lenny, but require more manual
+setup there because pam-auth-update is missing in Lenny.&lt;/p&gt;
+
+&lt;h2&gt;LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir&lt;/h2&gt;
+
+This is the traditional method with a twist.  The password caching is
+provided by libpam-ccreds (version 10-4 or later is needed on
+Squeeze), and the directory caching is done by nscd.  The directory
+lookup and password checking is done using LDAP.  If one want to use
+Kerberos for password checking the libpam-ldapd package can be
+replaced with libpam-krb5 or libpam-heimdal.  If one is happy having a
+local home directory with the path listed in LDAP, one can use the
+pam_mkhomedir module from pam-modules to make this happen instead of
+using libpam-mklocaluser.  A setup for pam-auth-update to enable
+pam_mkhomedir will have to be written until a fix for
+&lt;a href=&quot;http://bugs.debian.org/568577&quot;&gt;bug #568577&lt;/a&gt; is in the
+archive.  Because I believe it is a bad idea to have local home
+directories using misleading paths like /site/server/partition/, I
+prefer to create a local user with the home directory in /home/.  This
+is done using the libpam-mklocaluser package.&lt;/p&gt;
+
+&lt;p&gt;These packages need to be installed and configured&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;pre&gt;
+libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;The ldapd packages will ask for LDAP connection information, and
+one have to fill in the values that fits ones own site.  Make sure the
+PAM part uses encrypted connections, to make sure the password is not
+sent in clear text to the LDAP server.  I&#39;ve been unable to get TLS
+certificate checking for a self signed certificate working, which make
+LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
+is talking to the correct LDAP server), and very much welcome feedback
+on how to get this working.&lt;/p&gt;
+
+&lt;p&gt;Because nscd do not have a default configuration fit for offline
+caching until &lt;a href=&quot;http://bugs.debian.org/485282&quot;&gt;bug #485282&lt;/a&gt;
+is fixed, this configuration should be used instead of the one
+currently in /etc/nscd.conf.  The changes are in the fields
+reload-count and positive-time-to-live, and is based on the
+instructions I found in the
+&lt;a href=&quot;http://www.flyn.org/laptopldap/&quot;&gt;LDAP for Mobile Laptops&lt;/a&gt;
+instructions by Flyn Computing.&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;pre&gt;
+       debug-level             0
+       reload-count            unlimited
+       paranoia                no
+
+       enable-cache            passwd          yes
+       positive-time-to-live   passwd          2592000
+       negative-time-to-live   passwd          20
+       suggested-size          passwd          211
+       check-files             passwd          yes
+       persistent              passwd          yes
+       shared                  passwd          yes
+       max-db-size             passwd          33554432
+       auto-propagate          passwd          yes
+
+       enable-cache            group           yes
+       positive-time-to-live   group           2592000
+       negative-time-to-live   group           20
+       suggested-size          group           211
+       check-files             group           yes
+       persistent              group           yes
+       shared                  group           yes
+       max-db-size             group           33554432
+       auto-propagate          group           yes
+
+       enable-cache            hosts           no
+       positive-time-to-live   hosts           2592000
+       negative-time-to-live   hosts           20
+       suggested-size          hosts           211
+       check-files             hosts           yes
+       persistent              hosts           yes
+       shared                  hosts           yes
+       max-db-size             hosts           33554432
+
+       enable-cache            services        yes
+       positive-time-to-live   services        2592000
+       negative-time-to-live   services        20
+       suggested-size          services        211
+       check-files             services        yes
+       persistent              services        yes
+       shared                  services        yes
+       max-db-size             services        33554432
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;While we wait for a mechanism to update /etc/nsswitch.conf
+automatically like the one provided in
+&lt;a href=&quot;http://bugs.debian.org/496915&quot;&gt;bug #496915&lt;/a&gt;, the file
+content need to be manually replaced to ensure LDAP is used as the
+directory service on the machine.  /etc/nsswitch.conf should normally
+look like this:&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;pre&gt;
+passwd:         files ldap
+group:          files ldap
+shadow:         files ldap
+hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
+networks:       files
+protocols:      files
+services:       files
+ethers:         files
+rpc:            files
+netgroup:       files ldap
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;The important parts are that ldap is listed last for passwd, group,
+shadow and netgroup.&lt;/p&gt;
+
+&lt;p&gt;With these changes in place, any user in LDAP will be able to log
+in locally on the machine using for example kdm, get a local home
+directory created and have the password as well as user and group
+attributes cached.
+
+&lt;h2&gt;LDAP/Kerberos + nss-updatedb + libpam-ccreds +
+  libpam-mklocaluser/pam_mkhomedir&lt;/h2&gt;
+
+&lt;p&gt;Because nscd have had its share of problems, and seem to have
+problems doing proper caching, I&#39;ve seen suggestions and recipes to
+use nss-updatedb to copy parts of the LDAP database locally when the
+LDAP database is available.  I have not tested such setup, because I
+discovered sssd.&lt;/p&gt;
+
+&lt;h2&gt;LDAP/Kerberos + sssd + libpam-mklocaluser&lt;/h2&gt;
+
+&lt;p&gt;A more flexible and robust setup than the nscd combination
+mentioned earlier that has shown up recently, is the
+&lt;a href=&quot;https://fedorahosted.org/sssd/&quot;&gt;sssd&lt;/a&gt; package from Redhat.
+It is part of the &lt;a href=&quot;http://www.freeipa.org/&quot;&gt;FreeIPA&lt;/A&gt; project
+to provide a Active Directory like directory service for Linux
+machines.  The sssd system combines the caching of passwords and user
+information into one package, and remove the need for nscd and
+libpam-ccreds.  It support LDAP and Kerberos, but not NIS.  Version
+1.2 do not support netgroups, but it is said that it will support this
+in version 1.5 expected to show up later in 2010.  Because the
+&lt;a href=&quot;http://packages.qa.debian.org/s/sssd.html&quot;&gt;sssd package&lt;/a&gt;
+was missing in Debian, I ended up co-maintaining it with Werner, and
+version 1.2 is now in testing.
+
+&lt;p&gt;These packages need to be installed and configured to get the
+roaming setup I want&lt;/p&gt;

 
 &lt;blockquote&gt;&lt;pre&gt;
 
 &lt;blockquote&gt;&lt;pre&gt;

-DEFAULT_RUNLEVEL=2
-previous=N
-PREVLEVEL=
-RUNLEVEL=
-runlevel=S
-UPSTART_EVENTS=startup
-UPSTART_INSTANCE=
-UPSTART_JOB=rc-sysinit
+libpam-sss libnss-sss libpam-mklocaluser

 &lt;/pre&gt;&lt;/blockquote&gt;
 
 &lt;/pre&gt;&lt;/blockquote&gt;
 

-&lt;p&gt;With sysvinit, these environment variables are set for the same
-script.&lt;/p&gt;
+The complete setup of sssd is done by editing/creating
+&lt;tt&gt;/etc/sssd/sssd.conf&lt;/tt&gt;.

 
 &lt;blockquote&gt;&lt;pre&gt;
 
 &lt;blockquote&gt;&lt;pre&gt;

-INIT_VERSION=sysvinit-2.88
-previous=N
-PREVLEVEL=N
-RUNLEVEL=S
-runlevel=S
+[sssd]
+config_file_version = 2
+reconnection_retries = 3
+sbus_timeout = 30
+services = nss, pam
+domains = INTERN
+
+[nss]
+filter_groups = root
+filter_users = root
+reconnection_retries = 3
+
+[pam]
+reconnection_retries = 3
+
+[domain/INTERN]
+enumerate = false
+cache_credentials = true
+
+id_provider = ldap
+auth_provider = ldap
+chpass_provider = ldap
+
+ldap_uri = ldap://ldap
+ldap_search_base = dc=skole,dc=skolelinux,dc=no
+ldap_tls_reqcert = never
+ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt

 &lt;/pre&gt;&lt;/blockquote&gt;
 
 &lt;/pre&gt;&lt;/blockquote&gt;
 

-&lt;p&gt;The RUNLEVEL and PREVLEVEL environment variables passed on from
-sysvinit are not set by upstart.  Not sure if it is intentional or not
-to not be compatible with sysvinit in this regard.&lt;/p&gt;
+&lt;p&gt;I got the same problem here with certificate checking.  Had to set
+&quot;ldap_tls_reqcert = never&quot; to get it working.&lt;/p&gt;

 
 

-&lt;p&gt;For scripts needing to behave differently when upstart is used,
-looking for the UPSTART_JOB environment variable seem to be a good
-choice.&lt;/p&gt;
+&lt;p&gt;With the libnss-sss package in testing at the moment, the
+nsswitch.conf file is update automatically, so there is no need to
+modify it manually.&lt;/p&gt;
+
+&lt;p&gt;If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>A manual for standards wars...</title>
-               <link>http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/A_manual_for_standards_wars___.html</guid>
-                <pubDate>Sun, 6 Jun 2010 14:15:00 +0200</pubDate>
+               <title>LUMA, a very nice LDAP GUI</title>
+               <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</guid>
+                <pubDate>Mon, 28 Jun 2010 00:30:00 +0200</pubDate>

                <description>
                <description>

-&lt;p&gt;Via the
-&lt;a href=&quot;http://feedproxy.google.com/~r/robweir/antic-atom/~3/QzU4RgoAGMg/weekly-links-10.html&quot;&gt;blog
-of Rob Weir&lt;/a&gt; I came across the very interesting essay named
-&lt;a href=&quot;http://faculty.haas.berkeley.edu/shapiro/wars.pdf&quot;&gt;The Art of
-Standards Wars&lt;/a&gt; (PDF 25 pages).  I recommend it for everyone
-following the standards wars of today.&lt;/p&gt;
+&lt;p&gt;The last few days I have been looking into the status of the LDAP
+directory in Debian Edu, and in the process I started to miss a GUI
+tool to browse the LDAP tree.  The only one I was able to find in
+Debian/Squeeze and Lenny is
+&lt;a href=&quot;http://luma.sourceforge.net/&quot;&gt;LUMA&lt;/a&gt;, which has proved to
+be a great tool to get a overview of the current LDAP directory
+populated by default in Skolelinux.  Thanks to it, I have been able to
+find empty and obsolete subtrees, misplaced objects and duplicate
+objects.  It will be installed by default in Debian/Squeeze.  If you
+are working with LDAP, give it a go. :)&lt;/p&gt;
+
+&lt;p&gt;I did notice one problem with it I have not had time to report to
+the BTS yet.  There is no .desktop file in the package, so the tool do
+not show up in the Gnome and KDE menus, but only deep down in in the
+Debian submenu in KDE.  I hope that can be fixed before Squeeze is
+released.&lt;/p&gt;
+
+&lt;p&gt;I have not yet been able to get it to modify the tree yet.  I would
+like to move objects and remove subtrees directly in the GUI, but have
+not found a way to do that with LUMA yet.  So in the mean time, I use
+&lt;a href=&quot;http://www.lichteblau.com/ldapvi/&quot;&gt;ldapvi&lt;/a&gt; for that.&lt;/p&gt;
+
+&lt;p&gt;If you have tips on other GUI tools for LDAP that might be useful
+in Debian Edu, please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
+
+&lt;p&gt;Update 2010-06-29: Ross Reedstrom tipped us about the
+&lt;a href=&quot;http://packages.qa.debian.org/g/gq.html&quot;&gt;gq&lt;/a&gt; package as a
+useful GUI alternative.  It seem like a good tool, but is unmaintained
+in Debian and got a RC bug keeping it out of Squeeze.  Unless that
+changes, it will not be an option for Debian Edu based on Squeeze.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Sitesummary tip: Listing computer hardware models used at site</title>
-               <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_computer_hardware_models_used_at_site.html</guid>
-                <pubDate>Thu, 3 Jun 2010 12:05:00 +0200</pubDate>
+               <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</title>
+               <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</guid>
+                <pubDate>Thu, 24 Jun 2010 00:35:00 +0200</pubDate>

                <description>
                <description>

-&lt;p&gt;When using sitesummary at a site to track machines, it is possible
-to get a list of the machine types in use thanks to the DMI
-information extracted from each machine.  The script to do so is
-included in the sitesummary package, and here is example output from
-the Skolelinux build servers:&lt;/p&gt;
-
-&lt;blockquote&gt;&lt;pre&gt;
-maintainer:~# /usr/lib/sitesummary/hardware-model-summary
-  vendor                    count
-  Dell Computer Corporation     1
-    PowerEdge 1750              1
-  IBM                           1
-    eserver xSeries 345 -[8670M1X]-     1
-  Intel                         2
-  [no-dmi-info]                 3
-maintainer:~#
-&lt;/pre&gt;&lt;/blockquote&gt;
-
-&lt;p&gt;The quality of the report depend on the quality of the DMI tables
-provided in each machine.  Here there are Intel machines without model
-information listed with Intel as vendor and mo model, and virtual Xen
-machines listed as [no-dmi-info].  One can add -l as a command line
-option to list the individual machines.&lt;/p&gt;
-
-&lt;p&gt;A larger list is
-&lt;a href=&quot;http://narvikskolen.no/sitesummary/&quot;&gt;available from the the
-city of Narvik&lt;/a&gt;, which uses Skolelinux on all their shools and also
-provide the basic sitesummary report publicly.  In their report there
-are ~1400 machines. I know they use both Ubuntu and Skolelinux on
-their machines, and as sitesummary is available in both distributions,
-it is trivial to get all of them to report to the same central
-collector.&lt;/p&gt;
+&lt;p&gt;A while back, I
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html&quot;&gt;complained
+about the fact&lt;/a&gt; that it is not possible with the provided schemas
+for storing DNS and DHCP information in LDAP to combine the two sets
+of information into one LDAP object representing a computer.&lt;/p&gt;
+
+&lt;p&gt;In the mean time, I discovered that a simple fix would be to make
+the dhcpHost object class auxiliary, to allow it to be combined with
+the dNSDomain object class, and thus forming one object for one
+computer when storing both DHCP and DNS information in LDAP.&lt;/p&gt;
+
+&lt;p&gt;If I understand this correctly, it is not safe to do this change
+without also changing the assigned number for the object class, and I
+do not know enough about LDAP schema design to do that properly for
+Debian Edu.&lt;/p&gt;
+
+&lt;p&gt;Anyway, for future reference, this is how I believe we could change
+the
+&lt;a href=&quot;http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00&quot;&gt;DHCP
+schema&lt;/a&gt; to solve at least part of the problem with the LDAP schemas
+available today from IETF.&lt;/p&gt;
+
+&lt;pre&gt;
+--- dhcp.schema    (revision 65192)
++++ dhcp.schema    (working copy)
+@@ -376,7 +376,7 @@
+ objectclass ( 2.16.840.1.113719.1.203.6.6
+        NAME &#39;dhcpHost&#39;
+        DESC &#39;This represents information about a particular client&#39;
+-       SUP top
++       SUP top AUXILIARY
+        MUST cn
+        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+        X-NDS_CONTAINMENT (&#39;dhcpService&#39; &#39;dhcpSubnet&#39; &#39;dhcpGroup&#39;) )
+&lt;/pre&gt;
+
+&lt;p&gt;I very much welcome clues on how to do this properly for Debian
+Edu/Squeeze.  We provide the DHCP schema in our debian-edu-config
+package, and should thus be free to rewrite it as we see fit.&lt;/p&gt;
+
+&lt;p&gt;If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Togsatsing på norsk, mot sykkel</title>
-               <link>http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</guid>
-                <pubDate>Wed, 2 Jun 2010 23:45:00 +0200</pubDate>
+               <title>Calling tasksel like the installer, while still getting useful output</title>
+               <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</guid>
+                <pubDate>Wed, 16 Jun 2010 14:55:00 +0200</pubDate>

                <description>
                <description>

-&lt;p&gt;Det står dårlig til med toget når en finner på å la det
-&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/article3677060.ece&quot;&gt;kappkjøre
-med sykkel&lt;/a&gt;...  Jeg tror det trengs strukturendringer for å få
-fikset på togproblemene i Norge.&lt;/p&gt;
+&lt;p&gt;A few times I have had the need to simulate the way tasksel
+installs packages during the normal debian-installer run.  Until now,
+I have ended up letting tasksel do the work, with the annoying problem
+of not getting any feedback at all when something fails (like a
+conffile question from dpkg or a download that fails), using code like
+this:

 
 

-&lt;p&gt;Mon tro hva toglinje mellom Narvik og Tromsø ville hatt slags
-effekt på området der?&lt;/p&gt;
-</description>
-       </item>
-       
-       <item>
-               <title>KDM fail at boot with NVidia cards - and no one try to fix it?</title>
-               <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</guid>
-                <pubDate>Tue, 1 Jun 2010 17:05:00 +0200</pubDate>
-               <description>
-&lt;p&gt;It is strange to watch how a bug in Debian causing KDM to fail to
-start at boot when an NVidia video card is used is handled.  The
-problem seem to be that the nvidia X.org driver uses a long time to
-initialize, and this duration is longer than kdm is configured to
-wait.&lt;/p&gt;
-
-&lt;p&gt;I came across two bugs related to this issue,
-&lt;a href=&quot;http://bugs.debian.org/583312&quot;&gt;#583312&lt;/a&gt; initially filed
-against initscripts and passed on to nvidia-glx when it became obvious
-that the nvidia drivers were involved, and
-&lt;a href=&quot;http://bugs.debian.org/524751&quot;&gt;#524751&lt;/a&gt; initially filed against
-kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.&lt;/p&gt;
-
-&lt;p&gt;To me, it seem that no-one is interested in actually solving the
-problem nvidia video card owners experience and make sure the Debian
-distribution work out of the box for these users.  The nvidia driver
-maintainers expect kdm to be set up to wait longer, while kdm expect
-the nvidia driver maintainers to fix the driver to start faster, and
-while they wait for each other I guess the users end up switching to a
-distribution that work for them.  I have no idea what the solution is,
-but I am pretty sure that waiting for each other is not it.&lt;/p&gt;
-
-&lt;p&gt;I wonder why we end up handling bugs this way.&lt;/p&gt;
+&lt;blockquote&gt;&lt;pre&gt;
+export DEBIAN_FRONTEND=noninteractive
+tasksel --new-install
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+This would invoke tasksel, let its automatic task selection pick the
+tasks to install, and continue to install the requested tasks without
+any output what so ever.
+
+Recently I revisited this problem while working on the automatic
+package upgrade testing, because tasksel would some times hang without
+any useful feedback, and I want to see what is going on when it
+happen.  Then it occured to me, I can parse the output from tasksel
+when asked to run in test mode, and use that aptitude command line
+printed by tasksel then to simulate the tasksel run.  I ended up using
+code like this:
+
+&lt;blockquote&gt;&lt;pre&gt;
+export DEBIAN_FRONTEND=noninteractive
+cmd=&quot;$(in_target tasksel -t --new-install | sed &#39;s/debconf-apt-progress -- //&#39;)&quot;
+$cmd
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;The content of $cmd is typically something like &quot;&lt;tt&gt;aptitude -q
+--without-recommends -o APT::Install-Recommends=no -y install
+~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
+~pimportant&lt;/tt&gt;&quot;, which will install the gnome desktop task, the
+laptop task and all packages with priority standard , required and
+important, just like tasksel would have done it during
+installation.&lt;/p&gt;
+
+&lt;p&gt;A better approach is probably to extend tasksel to be able to
+install packages without using debconf-apt-progress, for use cases
+like this.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Parallellized boot seem to hold up well in Debian/testing</title>
-               <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</guid>
-                <pubDate>Thu, 27 May 2010 23:55:00 +0200</pubDate>
+               <title>Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme</title>
+               <link>http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</guid>
+                <pubDate>Wed, 16 Jun 2010 11:00:00 +0200</pubDate>

                <description>
                <description>

-&lt;p&gt;A few days ago, parallel booting was enabled in Debian/testing.
-The feature seem to hold up pretty well, but three fairly serious
-issues are known and should be solved:
-
-&lt;p&gt;&lt;ul&gt;
-
-&lt;li&gt;The wicd package seen to
-&lt;a href=&quot;http://bugs.debian.org/508289&quot;&gt;break NFS mounting&lt;/a&gt; and
-&lt;a href=&quot;http://bugs.debian.org/581586&quot;&gt;network setup&lt;/a&gt; when
-parallel booting is enabled.  No idea why, but the wicd maintainer
-seem to be on the case.&lt;/li&gt;
-
-&lt;li&gt;The nvidia X driver seem to
-&lt;a href=&quot;http://bugs.debian.org/583312&quot;&gt;have a race condition&lt;/a&gt;
-triggered more easily when parallel booting is in effect.  The
-maintainer is on the case.&lt;/li&gt;
-
-&lt;li&gt;The sysv-rc package fail to properly enable dependency based boot
-sequencing (the shutdown is broken) when old file-rc users
-&lt;a href=&quot;http://bugs.debian.org/575080&quot;&gt;try to switch back&lt;/a&gt; to
-sysv-rc.  One way to solve it would be for file-rc to create
-/etc/init.d/.legacy-bootordering, and another is to try to make
-sysv-rc more robust.  Will investigate some more and probably upload a
-workaround in sysv-rc to help those trying to move from file-rc to
-sysv-rc get a working shutdown.&lt;/li&gt;
-
-&lt;/ul&gt;&lt;/p&gt;
-
-&lt;p&gt;All in all not many surprising issues, and all of them seem
-solvable before Squeeze is released.  In addition to these there are
-some packages with bugs in their dependencies and run level settings,
-which I expect will be fixed in a reasonable time span.&lt;/p&gt;
-
-&lt;p&gt;If you report any problems with dependencies in init.d scripts to
-the BTS, please usertag the report to get it to show up at
-&lt;a href=&quot;http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org&quot;&gt;the
-list of usertagged bugs related to this&lt;/a&gt;.&lt;/p&gt;
-
-&lt;p&gt;Update: Correct bug number to file-rc issue.&lt;/p&gt;
+&lt;p&gt;&lt;a href=&quot;http://www.dagbladet.no/2010/06/16/nyheter/innenriks/streik/arbeidsliv/12157858/&quot;&gt;Dagbladet
+melder&lt;/a&gt; at Vinmonopolet med bakgrunn i vekterstreiken som pågår i
+Norge for tiden, har bestemt seg for med vitende og vilje å bryte
+sentralbanklovens paragraf 14 ved å nekte folk å betale med
+kontanter, og at flere butikker planlegger å følge deres eksempel.
+Jeg synes det er hårreisende hvis de slipper unna med et slikt
+soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis
+jeg blir nektet å handle med kontanter.  Jeg handler i hovedsak med
+kontanter selv, da jeg anser det som en borgerrett å kunne handle
+anonymt uten at det blir registrert.  For meg er det et angrep på mitt
+personvern å nekte å ta imot kontant betaling.&lt;/p&gt;
+
+&lt;p&gt;&lt;a href=&quot;http://www.lovdata.no/all/tl-19850524-028-003.html#14&quot;&gt;Paragrafen
+i sentralbankloven&lt;/a&gt; lyder:&lt;/p&gt;
+
+&lt;blockquote&gt;
+&lt;p&gt;§ 14. Tvungent betalingsmiddel&lt;/p&gt;
+
+&lt;p&gt;Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen
+er pliktig til i én betaling å ta imot mer enn femogtyve mynter av
+hver enhet.&lt;/p&gt;
+
+&lt;p&gt;Sterkt skadde sedler og mynter er ikke tvungent
+betalingsmiddel. Banken gir nærmere forskrifter om erstatning for
+bortkomne, brente eller skadde sedler og mynter.&lt;/p&gt;
+
+&lt;p&gt;Selv om en avtale inneholder klausul om betaling av en
+pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne
+betalingsmidler uten hensyn til denne klausul.&lt;/p&gt;
+&lt;/blockquote&gt;
+
+&lt;p&gt;Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot
+kontakt betaling.  Det er en lov jeg har sans for, og som jeg mener må
+håndheves strengt.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>More flexible firmware handling in debian-installer</title>
-               <link>http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html</link>
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html</guid>
-                <pubDate>Sat, 22 May 2010 21:30:00 +0200</pubDate>
+               <title>Officeshots taking shape</title>
+               <link>http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</guid>
+                <pubDate>Sun, 13 Jun 2010 11:40:00 +0200</pubDate>

                <description>
                <description>

-&lt;p&gt;After a long break from debian-installer development, I finally
-found time today to return to the project.  Having to spend less time
-working dependency based boot in debian, as it is almost complete now,
-definitely helped freeing some time.&lt;/p&gt;
-
-&lt;p&gt;A while back, I ran into a problem while working on Debian Edu.  We
-include some firmware packages on the Debian Edu CDs, those needed to
-get disk and network controllers working.  Without having these
-firmware packages available during installation, it is impossible to
-install Debian Edu on the given machine, and because our target group
-are non-technical people, asking them to provide firmware packages on
-an external medium is a support pain.  Initially, I expected it to be
-enough to include the firmware packages on the CD to get
-debian-installer to find and use them.  This proved to be wrong.
-Next, I hoped it was enough to symlink the relevant firmware packages
-to some useful location on the CD (tried /cdrom/ and
-/cdrom/firmware/).  This also proved to not work, and at this point I
-found time to look at the debian-installer code to figure out what was
-going to work.&lt;/p&gt;
-
-&lt;p&gt;The firmware loading code is in the hw-detect package, and a closer
-look revealed that it would only look for firmware packages outside
-the installation media, so the CD was never checked for firmware
-packages.  It would only check USB sticks, floppies and other
-&quot;external&quot; media devices.  Today I changed it to also look in the
-/cdrom/firmware/ directory on the mounted CD or DVD, which should
-solve the problem I ran into with Debian edu.  I also changed it to
-look in /firmware/, to make sure the installer also find firmware
-provided in the initrd when booting the installer via PXE, to allow us
-to provide the same feature in the PXE setup included in Debian
-Edu.&lt;/p&gt;
-
-&lt;p&gt;To make sure firmware deb packages with a license questions are not
-activated without asking if the license is accepted, I extended
-hw-detect to look for preinst scripts in the firmware packages, and
-run these before activating the firmware during installation.  The
-license question is asked using debconf in the preinst, so this should
-solve the issue for the firmware packages I have looked at so far.&lt;/p&gt;
-
-&lt;p&gt;If you want to discuss the details of these features, please
-contact us on debian-boot@lists.debian.org.&lt;/p&gt;
+&lt;p&gt;For those of us caring about document exchange and
+interoperability, &lt;a href=&quot;http://www.officeshots.org/&quot;&gt;OfficeShots&lt;/a&gt;
+is a great service.  It is to ODF documents what
+&lt;a href=&quot;http://browsershots.org/&quot;&gt;BrowserShots&lt;/a&gt; is for web
+pages.&lt;/p&gt;
+
+&lt;p&gt;A while back, I was contacted by Knut Yrvin at the part of Nokia
+that used to be Trolltech, who wanted to help the OfficeShots project
+and wondered if the University of Oslo where I work would be
+interested in supporting the project.  I helped him to navigate his
+request to the right people at work, and his request was answered with
+a spot in the machine room with power and network connected, and Knut
+arranged funding for a machine to fill the spot.  The machine is
+administrated by the OfficeShots people, so I do not have daily
+contact with its progress, and thus from time to time check back to
+see how the project is doing.&lt;/p&gt;
+
+&lt;p&gt;Today I had a look, and was happy to see that the Dell box in our
+machine room now is the host for several virtual machines running as
+OfficeShots factories, and the project is able to render ODF documents
+in 17 different document processing implementation on Linux and
+Windows.  This is great.&lt;/p&gt;

 </description>
        </item>
        
 </description>
        </item>