Update drafts.

[homepage.git] / blog / index.rss

diff --git a/blog/index.rss b/blog/index.rss
index 89dd3757673c47ba331ebe902c8607a091857c95..961899c3d63e00993d5b54f9a563818c568c3fed 100644 (file)
--- a/blog/index.rss
+++ b/blog/index.rss
@@ -3,412 +3,656 @@
        <channel>
                <title>Petter Reinholdtsen</title>
                <description></description>
-                <link></link>
-                <atom:link href="index.rss" rel="self" type="application/rss+xml" />
+                <link>http://people.skolelinux.org/pere/blog/</link>
+                <atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
        
        <item>
-               <title>Internet-leverandører er ikke vokterne av sine kunders nettbruk</title>
-               <link>Internet_leverand__rer_er_ikke_vokterne_av_sine_kunders_nettbruk.html</link>
-               <guid isPermaLink="true">Internet_leverand__rer_er_ikke_vokterne_av_sine_kunders_nettbruk.html</guid>
-                <pubDate>Fri, 6 Nov 2009 18:45:00 +0100</pubDate>
+               <title>Idea for storing LTSP configuration in LDAP</title>
+               <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</guid>
+                <pubDate>Sun, 11 Jul 2010 22:00:00 +0200</pubDate>
                <description>
-&lt;p&gt;Det er svært gledelig å se at
-&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/article3360796.ece&quot;&gt;retten
-fant at Telenor ikke skal fungere som Internet-voktere&lt;/a&gt; på vegne av
-opphavsrettsmafiaen.  TONO påstår ikke overraskende &quot;rettighetshaverne
-er rettsløse&quot;.  De burde jo vite alt om hvordan rettighetshaverne blir
-behandlet, som har
-&lt;a href=&quot;http://www.ballade.no/nmi.nsf/doc/art2009042008430427192492&quot;&gt;nektet
-å hjelpe en av sine medlemmer i en plagiatsak&lt;/a&gt; mot Universal i
-Polen.&lt;/p&gt;
-
-&lt;p&gt;Ved opphavsrettsbrudd så er det jo den som offentliggjort
-kulturuttrykk ulovlig som må stilles til ansvar, og ikke noen andre.
-Hverken Telenor eller Pirate Bay publiserer innholdet.  Telenor lager
-en Internet-tjeneste som brukes av borgerne til sitt daglige virke,
-det være seg å holde kontakt med barnebarn, skaffe medisinsk viten
-eller holde seg orientert i samfunnsdebatten.  Det bør de gjøre uten å
-tvinges til å være overvåkningsinstans.  Og Pirate Bay lager en
-katalog over hvor lovlig og ulovlig innhold på Internet er å få tak i.
-De publiserer ikke innholdet, de lager kun en katalog over det.  Hvis
-en ikke liker det som blir publisert, så må det tas opp med den som
-publiserer, ikke noen andre.&lt;/p&gt;
-
-&lt;p&gt;Personlig velger jeg å stort sett bruke kulturuttrykk som
-publiseres med mer brukervennlige vilkår, som CC-BY og lignende.&lt;/p&gt;
+&lt;p&gt;Vagrant mentioned on IRC today that ltsp_config now support
+sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
+clients, and that this can be used to fetch configuration from LDAP if
+Debian Edu choose to store configuration there.&lt;/p&gt;
+
+&lt;p&gt;Armed with this information, I got inspired and wrote a test module
+to get configuration from LDAP.  The idea is to look up the MAC
+address of the client in LDAP, and look for attributes on the form
+ltspconfigsetting=value, and use this to export SETTING=value to the
+LTSP clients.&lt;/p&gt;
+
+&lt;p&gt;The goal is to be able to store the LTSP configuration attributes
+in a &quot;computer&quot; LDAP object used by both DNS and DHCP, and thus
+allowing us to store all information about a computer in one place.&lt;/p&gt;
+
+&lt;p&gt;This is a untested draft implementation, and I welcome feedback on
+this approach.  A real LDAP schema for the ltspClientAux objectclass
+need to be written.  Comments, suggestions, etc?&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;pre&gt;
+# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
+#
+# Fetch LTSP client settings from LDAP based on MAC address
+#
+# Uses ethernet address as stored in the dhcpHost objectclass using
+# the dhcpHWAddress attribute or ethernet address stored in the
+# ieee802Device objectclass with the macAddress attribute.
+#
+# This module is written to be schema agnostic, and only depend on the
+# existence of attribute names.
+#
+# The LTSP configuration variables are saved directly using a
+# ltspConfig prefix and uppercasing the rest of the attribute name.
+# To set the SERVER variable, set the ltspConfigServer attribute.
+#
+# Some LDAP schema should be created with all the relevant
+# configuration settings.  Something like this should work:
+# 
+# objectclass ( 1.1.2.2 NAME &#39;ltspClientAux&#39;
+#     SUP top
+#     AUXILIARY
+#     MAY ( ltspConfigServer $ ltsConfigSound $ ... )
+
+LDAPSERVER=$(debian-edu-ldapserver)
+if [ &quot;$LDAPSERVER&quot; ] ; then
+    LDAPBASE=$(debian-edu-ldapserver -b)
+    for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk &#39;{print $5}&#39;|sort -u) ; do
+       filter=&quot;(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))&quot;
+       ldapsearch -h &quot;$LDAPSERVER&quot; -b &quot;$LDAPBASE&quot; -v -x &quot;$filter&quot; | \
+           grep &#39;^ltspConfig&#39; | while read attr value ; do
+           # Remove prefix and convert to upper case
+           attr=$(echo $attr | sed &#39;s/^ltspConfig//i&#39; | tr a-z A-Z)
+           # bass value on to clients
+           eval &quot;$attr=$value; export $attr&quot;
+       done
+    done
+fi
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;I&#39;m not sure this shell construction will work, because I suspect
+the while block might end up in a subshell causing the variables set
+there to not show up in ltsp-config, but if that is the case I am sure
+the code can be restructured to make sure the variables are passed on.
+I expect that can be solved with some testing. :)&lt;/p&gt;
+
+&lt;p&gt;If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
 </description>
        </item>
        
        <item>
-               <title>Endelig operativt webbasert medlemsregister for Fri programvare i skolen</title>
-               <link>Endelig_operativt_webbasert_medlemsregister_for_Fri_programvare_i_skolen.html</link>
-               <guid isPermaLink="true">Endelig_operativt_webbasert_medlemsregister_for_Fri_programvare_i_skolen.html</guid>
-                <pubDate>Mon, 2 Nov 2009 22:40:00 +0100</pubDate>
+               <title>jXplorer, a very nice LDAP GUI</title>
+               <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</guid>
+                <pubDate>Fri, 9 Jul 2010 12:55:00 +0200</pubDate>
                <description>
-&lt;p&gt;Under helgens utviklersamling i
-&lt;a href=&quot;http://www.skolelinux.no/&quot;&gt;Skolelinux&lt;/a&gt; fikk jeg endelig
-satt meg ned sammen med Ronny Aasen i styret for å få et webbasert
-medlemsregister tilbake på plass for foreningen som passer på
-skolelinuxprosjektet.  Etter flere års knot og problemer, er nå
-memberdb satt opp og klart til bruk.  Import av det gamle
-medlemsregisteret har vist seg vanskelig, så alle medlemmer bes om å
-registrere seg på nytt.  Hvis du støtter FRiSKs formål så er du
-hjertelig velkommen til
-&lt;a href=&quot;http://medlem.friprogramvareiskolen.no/&quot;&gt;å melde deg
-inn&lt;/a&gt;. Formålet lyder:&lt;/p&gt;
-
-&lt;blockquote&gt;Linux i skolen skal tilrettelegge for og informere om bruk
-av fri programvare, i henhold til Debian Free Software Guidelines av
-2002-02-03, i den norske skolen, slik som f.eks. Linux og
-GNU.&lt;/blockquote&gt;
+&lt;p&gt;Since
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html&quot;&gt;my
+last post&lt;/a&gt; about available LDAP tools in Debian, I was told about a
+LDAP GUI that is even better than luma.  The java application
+&lt;a href=&quot;http://jxplorer.org/&quot;&gt;jXplorer&lt;/a&gt; is claimed to be capable of
+moving LDAP objects and subtrees using drag-and-drop, and can
+authenticate using Kerberos.  I have only tested the Kerberos
+authentication, but do not have a LDAP setup allowing me to rewrite
+LDAP with my test user yet.  It is
+&lt;a href=&quot;http://packages.qa.debian.org/j/jxplorer.html&quot;&gt;available in
+Debian&lt;/a&gt; testing and unstable at the moment.  The only problem I
+have with it is how it handle errors.  If something go wrong, its
+non-intuitive behaviour require me to go through some query work list
+and remove the failing query.  Nothing big, but very annoying.&lt;/p&gt;
 </description>
        </item>
        
        <item>
-               <title>Jeg vil ikke ha BankID</title>
-               <link>Jeg_vil_ikke_ha_BankID.html</link>
-               <guid isPermaLink="true">Jeg_vil_ikke_ha_BankID.html</guid>
-                <pubDate>Fri, 30 Oct 2009 13:05:00 +0100</pubDate>
+               <title>MS Word krøller det til for politiet?</title>
+               <link>http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</guid>
+                <pubDate>Thu, 8 Jul 2010 14:00:00 +0200</pubDate>
                <description>
-&lt;p&gt;Min hovedbankforbindelse,
-&lt;a href=&quot;http://www.postbanken.no/&quot;&gt;Postbanken&lt;/a&gt;, har fra 1. oktober
-blokkert tilgangen min til nettbanken hvis jeg ikke godtar vilkårene
-for &lt;a href=&quot;https://www.bankid.no/&quot;&gt;BankID&lt;/a&gt; og går over til å
-bruke BankID for tilgangskontroll.  Tidligere kunne jeg bruke en
-kodekalkulator som ga tilgang til nettbanken, men nå er dette ikke
-lenger mulig.  Jeg blokkeres ute fra nettbanken og mine egne penger
-hvis jeg ikke godtar det jeg anser som urimelige vilkår i
-BankID-avtalen.&lt;/p&gt;
-
-&lt;p&gt;BankID er en løsning der banken gis rett til å handle på vegne av
-meg, med avtalemessig forutsetning at jeg i hvert enkelt tilfelle har
-bedt banken gjøre dette.  BankID kan brukes til å signere avtaler,
-oppta lån og andre handlinger som har alvorlige følger for meg.
-Problemet slik jeg ser det er at BankID er lagt opp slik at banken har
-all informasjon og tilgang som den trenger for å bruke BankID, også
-uten at jeg er involvert.  Avtalemessing og juridisk skal de kun bruke
-min BankID når jeg har oppgitt pinkode og passord, men praktisk og
-konkret kan de gjøre dette også uten at min pinkode eller mitt passord
-er oppgitt, da de allerede har min pinkode og passord tilgjengelig hos
-seg for å kunne sjekke at riktig pinkode og passord er oppgitt av meg
-(eller kan skaffe seg det ved behov).  Jeg ønsker ikke å gi banken
-rett til å inngå avtaler på vegne av meg.&lt;/p&gt;
-
-&lt;p&gt;Rent teknisk er BankID et offentlig nøkkelpar, en privat og en
-offentlig nøkkel, der den private nøkkelen er nødvendig for å
-&quot;signere&quot; på vegne av den nøkkelen gjelder for, og den offentlige
-nøkkelen er nødvendig for å sjekke hvem som har signert.  Banken
-sitter på både den private og den offentlige nøkkelen, og sier de kun
-skal bruke den private hvis kunden ber dem om det og oppgir pinkode og
-passord.&lt;/p&gt;
-
-
-&lt;p&gt;I postbankens
-&lt;a href=&quot;https://www.postbanken.no//portalfront/nedlast/no/person/avtaler/BankID_avtale.pdf&quot;&gt;vilkår
-for BankID&lt;/a&gt; står følgende:&lt;/p&gt;
-
-&lt;blockquote&gt;
-  &lt;p&gt;&quot;6. Anvendelsesområdet for BankID&lt;/p&gt;
-
-  &lt;p&gt;PersonBankID kan benyttes fra en datamaskin, eller etter nærmere
-  avtale fra en mobiltelefon/SIM-kort, for pålogging i nettbank og til
-  identifisering og signering i forbindelse med elektronisk
-  meldingsforsendelse, avtaleinngåelse og annen form for nettbasert
-  elektronisk kommunikasjon med Banken og andre brukersteder som har
-  tilrettelagt for bruk av BankID. Dette forutsetter at brukerstedet
-  har inngått avtale med bank om bruk av BankID.&quot;&lt;/p&gt;
-&lt;/blockquote&gt;
-
-&lt;p&gt;Det er spesielt retten til &quot;avtaleinngåelse&quot; jeg synes er urimelig
-å kreve for at jeg skal få tilgang til mine penger via nettbanken, men
-også retten til å kommunsere på vegne av meg med andre brukersteder og
-signering av meldigner synes jeg er problematisk.  Jeg må godta at
-banken skal kunne signere for meg på avtaler og annen kommunikasjon
-for å få BankID.&lt;/p&gt;
-
-&lt;p&gt;På spørsmål om hvordan jeg kan få tilgang til nettbank uten å gi
-banken rett til å inngå avtaler på vegne av meg svarer Postbankens
-kundestøtte at &quot;Postbanken har valgt BankID for bl.a. pålogging i
-nettbank , så her må du nok ha hele denne løsningen&quot;.  Jeg nektes
-altså tilgang til nettbanken inntil jeg godtar at Postbanken kan
-signere avtaler på vegne av meg.&lt;/p&gt;
-
-&lt;p&gt;Postbankens kundestøtte sier videre at &quot;Det har blitt et krav til
-alle norske banker om å innføre BankID, bl.a på grunn av
-sikkerhet&quot;, uten at jeg her helt sikker på hvem som har framsatt
-dette kravet. [Oppdatering: Postbankens kundestøtte sier kravet er
-fastsatt av &lt;a href=&quot;http://www.kredittilsynet.no/&quot;&gt;kreditttilsynet&lt;/a&gt;
-og &lt;a href=&quot;http://www.bbs.no/&quot;&gt;BBS&lt;/a&gt;.]  Det som er situasjonen er
-dog at det er svært få banker igjen som ikke bruker BankID, og jeg
-vet ikke hvilken bank som er et godt alternativ for meg som ikke vil
-gi banken rett til å signere avtaler på mine vegne.&lt;/p&gt;
-
-&lt;p&gt;Jeg ønsker mulighet til å reservere meg mot at min BankID brukes
-til annet enn å identifisere meg overfor nettbanken før jeg vil ta i
-bruk BankID.  Ved nettbankbruk er det begrenset hvor store skader som
-kan oppstå ved misbruk, mens avtaleinngåelse ikke har tilsvarende
-begrensing.&lt;/p&gt;
-
-&lt;p&gt;Jeg har klaget vilkårene inn for &lt;a
-href=&quot;http://www.forbrukerombudet.no/&quot;&gt;forbrukerombudet&lt;/a&gt;, men
-regner ikke med at de vil kunne bidra til en rask løsning som gir meg
-nettbankkontroll over egne midler. :(
+&lt;p&gt;De siste dagene har Aftenposten
+&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/article3718597.ece&quot;&gt;fortalt&lt;/a&gt;
+&lt;a href=&quot;http://www.aftenposten.no/nyheter/iriks/article3724249.ece&quot;&gt;hvordan&lt;/a&gt;
+politet har brukt skriveverktøy som ikke håndterer arabisk tekst og
+tekst som skal skrives fra høyre mot venstre når de har laget
+løpeseddel for å be om informasjon fra publikum.  Resultatet har vært
+en uleselig arabisk-bit på løpeseddelen.  Feilen har oppstått når
+teksten har blitt &quot;kopiert inn i programvare som ikke har støtte for
+språk som skrives fra høyre mot venstre&quot;, og jeg er ganske sikker på
+at det er snakk om Microsoft Office i dette tilfellet.  Er det slik at
+MS Office i norsk språkdrakt ikke har støtte for tekst som skal
+skrives fra høyre mot venstre?  Jeg tror alle utgaver av
+OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å
+la slik støtte finnes i alle utgaver av et program hvis støtten først
+er utviklet.  Aftenpostens melding får meg til å undre om problemet
+ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS
+Office.&lt;/p&gt;
+
+&lt;p&gt;Mon tro om det er flere eksempler på at MS Office har ødelagt for
+offentlig myndighet?&lt;/p&gt;
 </description>
        </item>
        
        <item>
-               <title>Internet-sensur skal i retten på mandag</title>
-               <link>Internet_sensur_skal_i_retten_p___mandag.html</link>
-               <guid isPermaLink="true">Internet_sensur_skal_i_retten_p___mandag.html</guid>
-                <pubDate>Sat, 10 Oct 2009 22:00:00 +0200</pubDate>
+               <title>Lenny-&gt;Squeeze upgrades, apt vs aptitude with the Gnome desktop</title>
+               <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</guid>
+                <pubDate>Sat, 3 Jul 2010 23:55:00 +0200</pubDate>
                <description>
-&lt;p&gt;&lt;a href=&quot;http://www.dagensit.no/bransje/article1757755.ece&quot;&gt;DagensIT&lt;/a&gt;
-melder at Telenor og Tono skal i retten på mandag for å diskutere
-hvorvidt Tonos krav om at Telenor skal blokkere for tilgang til The
-Pirate Bay er i tråd med norsk rett.  Det blir interessant å se
-resultatet fra den rettsaken.&lt;/p&gt;
-
-&lt;p&gt;Jeg bet meg dog merke i en av påstandene fra Tonos advokat Cato
-Strøm, som forteller at &quot;Pirate Bay inneholder 95 prosent ulovlig
-utlagt materiale, og å stanse tilgangen til det kan ikke kalles
-sensur&quot;.  Jeg tok en titt på
-&lt;a href=&quot;http://thepiratebay.org/&quot;&gt;forsiden til The Pirate Bay&lt;/a&gt;,
-som forteller at det pr. i dag er 1 884 694 torrenter på trackeren.
-Dette tilsvarer antall filer en kan søke blant og hente ned ved hjelp
-av The Pirate Bay.  5% av dette antallet er 94 235.  Det kan dermed
-virke som om Tonos advokat mener at det ikke er sensur å blokkere for
-tilgang til nesten 100 000 lovlige filer.  Jeg lurer på om han er
-korrekt sitert.&lt;/p&gt;
-
-&lt;p&gt;Lurer også på hvor 95%-tallet kommer fram.  Er det seriøs og
-etterprøvbar forskning på området som viser at dette er andelen
-ulovlige filer tilgjengelig via The Pirate Bay, eller er det
-musikkbransjenes egne tall?  De har
-&lt;a href=&quot;http://www.guardian.co.uk/music/2009/oct/06/edwyn-collins-sharing-music&quot;&gt;jo
-demonstrert&lt;/a&gt; at de ikke er i stand til å skille lovlig og ulovlig
-bruk av musikk.&lt;/p&gt;
+&lt;p&gt;Here is a short update on my &lt;a
+href=&quot;http://people.skolelinux.org/~pere/debian-upgrade-testing/&quot;&gt;my
+Debian Lenny-&gt;Squeeze upgrade testing&lt;/a&gt;.  Here is a summary of the
+difference for Gnome when it is upgraded by apt-get and aptitude.  I&#39;m
+not reporting the status for KDE, because the upgrade crashes when
+aptitude try because of missing conflicts
+(&lt;a href=&quot;http://bugs.debian.org/584861&quot;&gt;#584861&lt;/a&gt; and
+&lt;a href=&quot;http://bugs.debian.org/585716&quot;&gt;#585716&lt;/a&gt;).&lt;/p&gt;
+
+&lt;p&gt;At the end of the upgrade test script, dpkg -l is executed to get a
+complete list of the installed packages.  Based on this I see these
+differences when I did a test run today.  As usual, I do not really
+know what the correct set of packages would be, but thought it best to
+publish the difference.&lt;/p&gt;
+
+&lt;p&gt;Installed using apt-get, missing with aptitude&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;p&gt;
+  at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
+  libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
+  libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
+  libgtksourceview-common libpt-1.10.10-plugins-alsa
+  libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
+  libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
+  python-4suite-xml python-eggtrayicon python-gtkhtml2
+  python-gtkmozembed svgalibg1 xserver-xephyr zip
+&lt;/p&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;Installed using apt-get, removed with aptitude&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;p&gt;
+  bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
+  gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
+  libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
+  libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
+  libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
+  libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
+  libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
+  libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
+  libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
+  libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
+  libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
+  libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
+  libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
+  libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
+  libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
+  libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
+  libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
+  libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
+  libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
+  mysql-common swfdec-gnome totem-gstreamer wodim
+&lt;/p&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;Installed using aptitude, missing with apt-get&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;p&gt;
+  gnome gnome-desktop-environment hamster-applet python-gnomeapplet
+  python-gnomekeyring python-wnck rhythmbox-plugins xorg
+  xserver-xorg-input-all xserver-xorg-input-evdev
+  xserver-xorg-input-kbd xserver-xorg-input-mouse
+  xserver-xorg-input-synaptics xserver-xorg-video-all
+  xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
+  xserver-xorg-video-chips xserver-xorg-video-cirrus
+  xserver-xorg-video-dummy xserver-xorg-video-fbdev
+  xserver-xorg-video-glint xserver-xorg-video-i128
+  xserver-xorg-video-i740 xserver-xorg-video-mach64
+  xserver-xorg-video-mga xserver-xorg-video-neomagic
+  xserver-xorg-video-nouveau xserver-xorg-video-nv
+  xserver-xorg-video-r128 xserver-xorg-video-radeon
+  xserver-xorg-video-radeonhd xserver-xorg-video-rendition
+  xserver-xorg-video-s3 xserver-xorg-video-s3virge
+  xserver-xorg-video-savage xserver-xorg-video-siliconmotion
+  xserver-xorg-video-sis xserver-xorg-video-sisusb
+  xserver-xorg-video-tdfx xserver-xorg-video-tga
+  xserver-xorg-video-trident xserver-xorg-video-tseng
+  xserver-xorg-video-vesa xserver-xorg-video-vmware
+  xserver-xorg-video-voodoo
+&lt;/p&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;Installed using aptitude, removed with apt-get&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;p&gt;
+  deskbar-applet xserver-xorg xserver-xorg-core
+  xserver-xorg-input-wacom xserver-xorg-video-intel
+  xserver-xorg-video-openchrome
+&lt;/p&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;I was told on IRC that the xorg-xserver package was
+&lt;a href=&quot;http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120&quot;&gt;changed
+in git&lt;/a&gt; today to try to get apt-get to not remove xorg completely.
+No idea when it hits Squeeze, but when it does I hope it will reduce
+the difference somewhat.
 </description>
        </item>
        
        <item>
-               <title>MVA på bøker med DRM, ikke MVA på bøker uten DRM?</title>
-               <link>MVA_p___b__ker_med_DRM__ikke_MVA_p___b__ker_uten_DRM_.html</link>
-               <guid isPermaLink="true">MVA_p___b__ker_med_DRM__ikke_MVA_p___b__ker_uten_DRM_.html</guid>
-                <pubDate>Wed, 23 Sep 2009 10:00:00 +0200</pubDate>
+               <title>Caching password, user and group on a roaming Debian laptop</title>
+               <link>http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</guid>
+                <pubDate>Thu, 1 Jul 2010 11:40:00 +0200</pubDate>
                <description>
-&lt;p&gt;Elektroniske bøker diskuteres for tiden, etter at
-&lt;a href=&quot;http://www.aftenposten.no/kul_und/litteratur/article3280914.ece&quot;&gt;bokbransjen
-hevder&lt;/a&gt; det er usikkert om de kommer til å gi ut elektroniske
-bøker så lenge det er merverdiavgift på elektroniske bøker og ikke
-på papirbøker.  I den forbindelse så jeg et interessant forslag i
-en
-&lt;a href=&quot;http://www.digi.no/php/ny_debatt.php?id=823912&quot;&gt;digi-debatt&lt;/a&gt;
-jeg hadde sans for. &quot;einarr&quot; foreslo at DRM-infiserte elektroniske
-bøker bør ha merverdiavgift, da &quot;de ikke bidrar til
-kunnskapsspredning på samme måte&quot; som papirbøker og dermed går
-imot intensjonene bak mva-fritaket.  Bøker uten DRM derimot bør ha
-mva-fritak da de &quot;kan overføres mellom enheter, leses på ulike
-plattformer, lånes ut og siteres og kopieres fra&quot; slik en kan med
-papirbøker.&lt;/p&gt;
-
-&lt;p&gt;En oppfølgerkommentar sier seg enig i dette, da DRM-infisert
-materiale må anses som leid og dermed en tjeneste, mens materiale uten
-DRM må anses som et kjøp.&lt;/p&gt;
+&lt;p&gt;For a laptop, centralized user directories and password checking is
+a bit troubling.  Laptops are typically used also when not connected
+to the network, and it is vital for a user to be able to log in or
+unlock the screen saver also when a central server is unavailable.
+This is possible by caching passwords and directory information (user
+and group attributes) locally, and the packages to do so are available
+in Debian.  Here follow two recipes to set this up in Debian/Squeeze.
+It is also possible to set up in Debian/Lenny, but require more manual
+setup there because pam-auth-update is missing in Lenny.&lt;/p&gt;
+
+&lt;h2&gt;LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir&lt;/h2&gt;
+
+This is the traditional method with a twist.  The password caching is
+provided by libpam-ccreds (version 10-4 or later is needed on
+Squeeze), and the directory caching is done by nscd.  The directory
+lookup and password checking is done using LDAP.  If one want to use
+Kerberos for password checking the libpam-ldapd package can be
+replaced with libpam-krb5 or libpam-heimdal.  If one is happy having a
+local home directory with the path listed in LDAP, one can use the
+pam_mkhomedir module from pam-modules to make this happen instead of
+using libpam-mklocaluser.  A setup for pam-auth-update to enable
+pam_mkhomedir will have to be written until a fix for
+&lt;a href=&quot;http://bugs.debian.org/568577&quot;&gt;bug #568577&lt;/a&gt; is in the
+archive.  Because I believe it is a bad idea to have local home
+directories using misleading paths like /site/server/partition/, I
+prefer to create a local user with the home directory in /home/.  This
+is done using the libpam-mklocaluser package.&lt;/p&gt;
+
+&lt;p&gt;These packages need to be installed and configured&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;pre&gt;
+libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;The ldapd packages will ask for LDAP connection information, and
+one have to fill in the values that fits ones own site.  Make sure the
+PAM part uses encrypted connections, to make sure the password is not
+sent in clear text to the LDAP server.  I&#39;ve been unable to get TLS
+certificate checking for a self signed certificate working, which make
+LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
+is talking to the correct LDAP server), and very much welcome feedback
+on how to get this working.&lt;/p&gt;
+
+&lt;p&gt;Because nscd do not have a default configuration fit for offline
+caching until &lt;a href=&quot;http://bugs.debian.org/485282&quot;&gt;bug #485282&lt;/a&gt;
+is fixed, this configuration should be used instead of the one
+currently in /etc/nscd.conf.  The changes are in the fields
+reload-count and positive-time-to-live, and is based on the
+instructions I found in the
+&lt;a href=&quot;http://www.flyn.org/laptopldap/&quot;&gt;LDAP for Mobile Laptops&lt;/a&gt;
+instructions by Flyn Computing.&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;pre&gt;
+       debug-level             0
+       reload-count            unlimited
+       paranoia                no
+
+       enable-cache            passwd          yes
+       positive-time-to-live   passwd          2592000
+       negative-time-to-live   passwd          20
+       suggested-size          passwd          211
+       check-files             passwd          yes
+       persistent              passwd          yes
+       shared                  passwd          yes
+       max-db-size             passwd          33554432
+       auto-propagate          passwd          yes
+
+       enable-cache            group           yes
+       positive-time-to-live   group           2592000
+       negative-time-to-live   group           20
+       suggested-size          group           211
+       check-files             group           yes
+       persistent              group           yes
+       shared                  group           yes
+       max-db-size             group           33554432
+       auto-propagate          group           yes
+
+       enable-cache            hosts           no
+       positive-time-to-live   hosts           2592000
+       negative-time-to-live   hosts           20
+       suggested-size          hosts           211
+       check-files             hosts           yes
+       persistent              hosts           yes
+       shared                  hosts           yes
+       max-db-size             hosts           33554432
+
+       enable-cache            services        yes
+       positive-time-to-live   services        2592000
+       negative-time-to-live   services        20
+       suggested-size          services        211
+       check-files             services        yes
+       persistent              services        yes
+       shared                  services        yes
+       max-db-size             services        33554432
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;While we wait for a mechanism to update /etc/nsswitch.conf
+automatically like the one provided in
+&lt;a href=&quot;http://bugs.debian.org/496915&quot;&gt;bug #496915&lt;/a&gt;, the file
+content need to be manually replaced to ensure LDAP is used as the
+directory service on the machine.  /etc/nsswitch.conf should normally
+look like this:&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;pre&gt;
+passwd:         files ldap
+group:          files ldap
+shadow:         files ldap
+hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
+networks:       files
+protocols:      files
+services:       files
+ethers:         files
+rpc:            files
+netgroup:       files ldap
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;The important parts are that ldap is listed last for passwd, group,
+shadow and netgroup.&lt;/p&gt;
+
+&lt;p&gt;With these changes in place, any user in LDAP will be able to log
+in locally on the machine using for example kdm, get a local home
+directory created and have the password as well as user and group
+attributes cached.
+
+&lt;h2&gt;LDAP/Kerberos + nss-updatedb + libpam-ccreds +
+  libpam-mklocaluser/pam_mkhomedir&lt;/h2&gt;
+
+&lt;p&gt;Because nscd have had its share of problems, and seem to have
+problems doing proper caching, I&#39;ve seen suggestions and recipes to
+use nss-updatedb to copy parts of the LDAP database locally when the
+LDAP database is available.  I have not tested such setup, because I
+discovered sssd.&lt;/p&gt;
+
+&lt;h2&gt;LDAP/Kerberos + sssd + libpam-mklocaluser&lt;/h2&gt;
+
+&lt;p&gt;A more flexible and robust setup than the nscd combination
+mentioned earlier that has shown up recently, is the
+&lt;a href=&quot;https://fedorahosted.org/sssd/&quot;&gt;sssd&lt;/a&gt; package from Redhat.
+It is part of the &lt;a href=&quot;http://www.freeipa.org/&quot;&gt;FreeIPA&lt;/A&gt; project
+to provide a Active Directory like directory service for Linux
+machines.  The sssd system combines the caching of passwords and user
+information into one package, and remove the need for nscd and
+libpam-ccreds.  It support LDAP and Kerberos, but not NIS.  Version
+1.2 do not support netgroups, but it is said that it will support this
+in version 1.5 expected to show up later in 2010.  Because the
+&lt;a href=&quot;http://packages.qa.debian.org/s/sssd.html&quot;&gt;sssd package&lt;/a&gt;
+was missing in Debian, I ended up co-maintaining it with Werner, and
+version 1.2 is now in testing.
+
+&lt;p&gt;These packages need to be installed and configured to get the
+roaming setup I want&lt;/p&gt;
+
+&lt;blockquote&gt;&lt;pre&gt;
+libpam-sss libnss-sss libpam-mklocaluser
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+The complete setup of sssd is done by editing/creating
+&lt;tt&gt;/etc/sssd/sssd.conf&lt;/tt&gt;.
+
+&lt;blockquote&gt;&lt;pre&gt;
+[sssd]
+config_file_version = 2
+reconnection_retries = 3
+sbus_timeout = 30
+services = nss, pam
+domains = INTERN
+
+[nss]
+filter_groups = root
+filter_users = root
+reconnection_retries = 3
+
+[pam]
+reconnection_retries = 3
+
+[domain/INTERN]
+enumerate = false
+cache_credentials = true
+
+id_provider = ldap
+auth_provider = ldap
+chpass_provider = ldap
+
+ldap_uri = ldap://ldap
+ldap_search_base = dc=skole,dc=skolelinux,dc=no
+ldap_tls_reqcert = never
+ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;I got the same problem here with certificate checking.  Had to set
+&quot;ldap_tls_reqcert = never&quot; to get it working.&lt;/p&gt;
+
+&lt;p&gt;With the libnss-sss package in testing at the moment, the
+nsswitch.conf file is update automatically, so there is no need to
+modify it manually.&lt;/p&gt;
+
+&lt;p&gt;If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
 </description>
        </item>
        
        <item>
-               <title>Sikkerhet til sjøs trenger sjøkart uten bruksbegresninger</title>
-               <link>Sikkerhet_til_sj__s_trenger_sj__kart_uten_bruksbegresninger.html</link>
-               <guid isPermaLink="true">Sikkerhet_til_sj__s_trenger_sj__kart_uten_bruksbegresninger.html</guid>
-                <pubDate>Sun, 23 Aug 2009 10:00:00 +0200</pubDate>
+               <title>LUMA, a very nice LDAP GUI</title>
+               <link>http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html</guid>
+                <pubDate>Mon, 28 Jun 2010 00:30:00 +0200</pubDate>
                <description>
-&lt;p&gt;Sikkerhet til sjøs burde være noe som opptar mange etter den siste
-oljeutslippsulykken med Full City, som har drept mye liv langs sjøen.
-En viktig faktor for å bedre sikkerheten til sjøs er at alle som
-ferdes på sjøen har tilgang til oppdaterte sjøkart som forteller hvor
-det grunner og annet en må ta hensyn til på sjøen.&lt;/p&gt;
-
-&lt;p&gt;Hvis en er enig i at tilgang til oppdaterte sjøkart er viktig for
-sikkerheten på sjøen, så er det godt å vite at det i dag er teknisk
-mulig å sikre alle enkel tilgang til oppdaterte digitale kart over
-Internet.  Det trenger heller ikke være spesielt kostbart.&lt;/p&gt;
-
-&lt;p&gt;Både ved Rocknes-ulykken i Vatlestraumen, der 18 mennesker mistet
-livet, og ved Full City-ulykken utenfor Langesund, der mange tonn olje
-lekket ut i havet, var det registrert problemer relatert til
-oppdaterte sjøkart.  Ved Rocknes-ulykken var de elektroniske kartene
-som ble brukt ikke oppdatert med informasjon om nyoppdagede grunner og
-losen kjente visst ikke til disse nye grunnene.  Papirkartene var dog
-oppdaterte.  Ved Full City-ulykken hadde en kontroll av skipet noen
-uker tidligere konstatert manglende sjøkart.&lt;/p&gt;
-
-&lt;p&gt;Jeg tror en løsning der digitale sjøkart kunne lastes ned direkte
-fra sjøkartverket av alle som ønsket oppdaterte sjøkart, uten
-brukerbetaling og uten bruksbegresninger knyttet til kartene, vil
-gjøre at flere folk på sjøen vil holde seg med oppdaterte sjøkart,
-eller sjøkart i det hele tatt.  Resultatet av dette vil være økt
-sikkerhet på sjøen.  En undersøkelse gjennomført av Opinion for
-Gjensidige i 2008 fortalte at halvparten av alle båteierne i landet
-ikke har sjøkart i båten.&lt;/p&gt;
-
-&lt;p&gt;Formatet på de digitale sjøkartene som gjøræs tilgjengelig fra
-sjøkartverket må være i henhold til en fri og åpen standard, slik at
-en ikke er låst til enkeltaktørers godvilje når datafilene skal tolkes
-og forstås, men trenger ikke publiseres fra sjøkartverket i alle
-formatene til verdens skips-GPS-er i tillegg.  Hvis det ikke er
-kostbart for sjøkartverket bør de gjerne gjøre det selv, men slik
-konvertering kan andre ta seg av hvis det er et marked for det.&lt;/p&gt;
-
-&lt;p&gt;Hvis staten mener alvor med å forbedre sikkerheten til sjøs, må de
-gjøre sitt for at alle båteiere har oppdaterte kart, ikke bare snakke
-om hvor viktig det er at de har oppdaterte kart.  Det bør være
-viktigere for staten at båtene &lt;strong&gt;har&lt;/strong&gt; oppdaterte kart
-enn at de er pålagt å ha oppdaterte kart.&lt;/p&gt;
-
-&lt;p&gt;Sjøkartene er &lt;a href=&quot;http://kart.kystverket.no/&quot;&gt;tilgjengelig på web
-fra kystverket&lt;/a&gt;, men så vidt jeg har klart å finne, uten
-bruksvilkår som muliggjør gjenbruk uten bruksbegresninger.&lt;/p&gt;
-
-&lt;p&gt;OpenStreetmap.org-folk er lei av mangel på sjøkart, og har startet
-på et dugnadsbasert fribrukskart for havet,
-&lt;a href=&quot;http://openseamap.org/&quot;&gt;OpenSeaMap&lt;/a&gt;.  Datagrunnlaget er
-OpenStreetmap, mens framvisningen er tilpasset bruk på sjøen.  Det
-gjenstår mye før en kan bruke dette til å seile sikkert på havet, men
-det viser at behovet for fribruks-sjøkart er til stedet.&lt;/p&gt;
+&lt;p&gt;The last few days I have been looking into the status of the LDAP
+directory in Debian Edu, and in the process I started to miss a GUI
+tool to browse the LDAP tree.  The only one I was able to find in
+Debian/Squeeze and Lenny is
+&lt;a href=&quot;http://luma.sourceforge.net/&quot;&gt;LUMA&lt;/a&gt;, which has proved to
+be a great tool to get a overview of the current LDAP directory
+populated by default in Skolelinux.  Thanks to it, I have been able to
+find empty and obsolete subtrees, misplaced objects and duplicate
+objects.  It will be installed by default in Debian/Squeeze.  If you
+are working with LDAP, give it a go. :)&lt;/p&gt;
+
+&lt;p&gt;I did notice one problem with it I have not had time to report to
+the BTS yet.  There is no .desktop file in the package, so the tool do
+not show up in the Gnome and KDE menus, but only deep down in in the
+Debian submenu in KDE.  I hope that can be fixed before Squeeze is
+released.&lt;/p&gt;
+
+&lt;p&gt;I have not yet been able to get it to modify the tree yet.  I would
+like to move objects and remove subtrees directly in the GUI, but have
+not found a way to do that with LUMA yet.  So in the mean time, I use
+&lt;a href=&quot;http://www.lichteblau.com/ldapvi/&quot;&gt;ldapvi&lt;/a&gt; for that.&lt;/p&gt;
+
+&lt;p&gt;If you have tips on other GUI tools for LDAP that might be useful
+in Debian Edu, please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
+
+&lt;p&gt;Update 2010-06-29: Ross Reedstrom tipped us about the
+&lt;a href=&quot;http://packages.qa.debian.org/g/gq.html&quot;&gt;gq&lt;/a&gt; package as a
+useful GUI alternative.  It seem like a good tool, but is unmaintained
+in Debian and got a RC bug keeping it out of Squeeze.  Unless that
+changes, it will not be an option for Debian Edu based on Squeeze.&lt;/p&gt;
 </description>
        </item>
        
        <item>
-               <title>Relative popularity of document formats (MS Office vs. ODF)</title>
-               <link>Relative_popularity_of_document_formats__MS_Office_vs__ODF_.html</link>
-               <guid isPermaLink="true">Relative_popularity_of_document_formats__MS_Office_vs__ODF_.html</guid>
-                <pubDate>Wed, 12 Aug 2009 15:50:00 +0200</pubDate>
+               <title>Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</title>
+               <link>http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html</guid>
+                <pubDate>Thu, 24 Jun 2010 00:35:00 +0200</pubDate>
                <description>
-&lt;p&gt;Just for fun, I did a search right now on Google for a few file ODF
-and MS Office based formats (not to be mistaken for ISO or ECMA
-OOXML), to get an idea of their relative usage.  I searched using
-&#39;filetype:odt&#39; and equvalent terms, and got these results:&lt;/P&gt;
-
-&lt;table&gt;
-&lt;tr&gt;&lt;th&gt;Type&lt;/th&gt;&lt;th&gt;ODF&lt;/th&gt;&lt;th&gt;MS Office&lt;/th&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Tekst&lt;/td&gt; &lt;td&gt;odt:282000&lt;/td&gt; &lt;td&gt;docx:308000&lt;/td&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Presentasjon&lt;/td&gt; &lt;td&gt;odp:75600&lt;/td&gt; &lt;td&gt;pptx:183000&lt;/td&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Regneark&lt;/td&gt; &lt;td&gt;ods:26500    &lt;/td&gt; &lt;td&gt;xlsx:145000&lt;/td&gt;&lt;/tr&gt;
-&lt;/table&gt;
-
-&lt;p&gt;Next, I added a &#39;site:no&#39; limit to get the numbers for Norway, and
-got these numbers:&lt;/p&gt;
-
-&lt;table&gt;
-&lt;tr&gt;&lt;th&gt;Type&lt;/th&gt;&lt;th&gt;ODF&lt;/th&gt;&lt;th&gt;MS Office&lt;/th&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Tekst&lt;/td&gt; &lt;td&gt;odt:2480        &lt;/td&gt; &lt;td&gt;docx:4460&lt;/td&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Presentasjon&lt;/td&gt; &lt;td&gt;odp:299  &lt;/td&gt; &lt;td&gt;pptx:741&lt;/td&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Regneark&lt;/td&gt; &lt;td&gt;ods:187      &lt;/td&gt; &lt;td&gt;xlsx:372&lt;/td&gt;&lt;/tr&gt;
-&lt;/table&gt;
-
-&lt;p&gt;I wonder how these numbers change over time.&lt;/p&gt;
-
-&lt;p&gt;I am aware of Google returning different results and numbers based
-on where the search is done, so I guess these numbers will differ if
-they are conduced in another country.  Because of this, I did the same
-search from a machine in California, USA, a few minutes after the
-search done from a machine here in Norway.&lt;/p&gt;
-
-
-&lt;table&gt;
-&lt;tr&gt;&lt;th&gt;Type&lt;/th&gt;&lt;th&gt;ODF&lt;/th&gt;&lt;th&gt;MS Office&lt;/th&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Tekst&lt;/td&gt; &lt;td&gt;odt:129000&lt;/td&gt; &lt;td&gt;docx:308000&lt;/td&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Presentasjon&lt;/td&gt; &lt;td&gt;odp:44200&lt;/td&gt; &lt;td&gt;pptx:93900&lt;/td&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Regneark&lt;/td&gt; &lt;td&gt;ods:26500    &lt;/td&gt; &lt;td&gt;xlsx:82400&lt;/td&gt;&lt;/tr&gt;
-&lt;/table&gt;
-
-&lt;p&gt;And with &#39;site:no&#39;:
-
-&lt;table&gt;
-&lt;tr&gt;&lt;th&gt;Type&lt;/th&gt;&lt;th&gt;ODF&lt;/th&gt;&lt;th&gt;MS Office&lt;/th&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Tekst&lt;/td&gt; &lt;td&gt;odt:2480&lt;/td&gt; &lt;td&gt;docx:3410&lt;/td&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Presentasjon&lt;/td&gt; &lt;td&gt;odp:175&lt;/td&gt; &lt;td&gt;pptx:604&lt;/td&gt;&lt;/tr&gt;
-&lt;tr&gt;&lt;td&gt;Regneark&lt;/td&gt; &lt;td&gt;ods:186      &lt;/td&gt; &lt;td&gt;xlsx:296&lt;/td&gt;&lt;/tr&gt;
-&lt;/table&gt;
-
-&lt;p&gt;Interesting difference, not sure what to conclude from these
-numbers.&lt;/p&gt;
+&lt;p&gt;A while back, I
+&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html&quot;&gt;complained
+about the fact&lt;/a&gt; that it is not possible with the provided schemas
+for storing DNS and DHCP information in LDAP to combine the two sets
+of information into one LDAP object representing a computer.&lt;/p&gt;
+
+&lt;p&gt;In the mean time, I discovered that a simple fix would be to make
+the dhcpHost object class auxiliary, to allow it to be combined with
+the dNSDomain object class, and thus forming one object for one
+computer when storing both DHCP and DNS information in LDAP.&lt;/p&gt;
+
+&lt;p&gt;If I understand this correctly, it is not safe to do this change
+without also changing the assigned number for the object class, and I
+do not know enough about LDAP schema design to do that properly for
+Debian Edu.&lt;/p&gt;
+
+&lt;p&gt;Anyway, for future reference, this is how I believe we could change
+the
+&lt;a href=&quot;http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00&quot;&gt;DHCP
+schema&lt;/a&gt; to solve at least part of the problem with the LDAP schemas
+available today from IETF.&lt;/p&gt;
+
+&lt;pre&gt;
+--- dhcp.schema    (revision 65192)
++++ dhcp.schema    (working copy)
+@@ -376,7 +376,7 @@
+ objectclass ( 2.16.840.1.113719.1.203.6.6
+        NAME &#39;dhcpHost&#39;
+        DESC &#39;This represents information about a particular client&#39;
+-       SUP top
++       SUP top AUXILIARY
+        MUST cn
+        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
+        X-NDS_CONTAINMENT (&#39;dhcpService&#39; &#39;dhcpSubnet&#39; &#39;dhcpGroup&#39;) )
+&lt;/pre&gt;
+
+&lt;p&gt;I very much welcome clues on how to do this properly for Debian
+Edu/Squeeze.  We provide the DHCP schema in our debian-edu-config
+package, and should thus be free to rewrite it as we see fit.&lt;/p&gt;
+
+&lt;p&gt;If you want to help out with implementing this for Debian Edu,
+please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
 </description>
        </item>
        
        <item>
-               <title>ISO still hope to fix OOXML</title>
-               <link>ISO_still_hope_to_fix_OOXML.html</link>
-               <guid isPermaLink="true">ISO_still_hope_to_fix_OOXML.html</guid>
-                <pubDate>Sat, 8 Aug 2009 14:00:00 +0200</pubDate>
+               <title>Calling tasksel like the installer, while still getting useful output</title>
+               <link>http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html</guid>
+                <pubDate>Wed, 16 Jun 2010 14:55:00 +0200</pubDate>
                <description>
-&lt;p&gt;According to &lt;a
-href=&quot;http://twerner.blogspot.com/2009/08/defects-of-office-open-xml.html&quot;&gt;a
-blog post from Torsten Werner&lt;/a&gt;, the current defect report for ISO
-29500 (ISO OOXML) is 809 pages.  His interesting point is that the
-defect report is 71 pages more than the full ODF 1.1 specification.
-Personally I find it more interesting that ISO still believe ISO OOXML
-can be fixed in ISO.  Personally, I believe it is broken beyon repair,
-and I completely lack any trust in ISO for being able to get anywhere
-close to solving the problems.  I was part of the Norwegian committee
-involved in the OOXML fast track process, and was not impressed with
-Standard Norway and ISO in how they handled it.&lt;/p&gt;
-
-&lt;p&gt;These days I focus on ODF instead, which seem like a specification
-with the future ahead of it.  We are working in NUUG to organise a ODF
-seminar this autumn.&lt;/p&gt;
+&lt;p&gt;A few times I have had the need to simulate the way tasksel
+installs packages during the normal debian-installer run.  Until now,
+I have ended up letting tasksel do the work, with the annoying problem
+of not getting any feedback at all when something fails (like a
+conffile question from dpkg or a download that fails), using code like
+this:
+
+&lt;blockquote&gt;&lt;pre&gt;
+export DEBIAN_FRONTEND=noninteractive
+tasksel --new-install
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+This would invoke tasksel, let its automatic task selection pick the
+tasks to install, and continue to install the requested tasks without
+any output what so ever.
+
+Recently I revisited this problem while working on the automatic
+package upgrade testing, because tasksel would some times hang without
+any useful feedback, and I want to see what is going on when it
+happen.  Then it occured to me, I can parse the output from tasksel
+when asked to run in test mode, and use that aptitude command line
+printed by tasksel then to simulate the tasksel run.  I ended up using
+code like this:
+
+&lt;blockquote&gt;&lt;pre&gt;
+export DEBIAN_FRONTEND=noninteractive
+cmd=&quot;$(in_target tasksel -t --new-install | sed &#39;s/debconf-apt-progress -- //&#39;)&quot;
+$cmd
+&lt;/pre&gt;&lt;/blockquote&gt;
+
+&lt;p&gt;The content of $cmd is typically something like &quot;&lt;tt&gt;aptitude -q
+--without-recommends -o APT::Install-Recommends=no -y install
+~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
+~pimportant&lt;/tt&gt;&quot;, which will install the gnome desktop task, the
+laptop task and all packages with priority standard , required and
+important, just like tasksel would have done it during
+installation.&lt;/p&gt;
+
+&lt;p&gt;A better approach is probably to extend tasksel to be able to
+install packages without using debconf-apt-progress, for use cases
+like this.&lt;/p&gt;
 </description>
        </item>
        
        <item>
-               <title>Debian has switched to dependency based boot sequencing</title>
-               <link>Debian_has_switched_to_dependency_based_boot_sequencing.html</link>
-               <guid isPermaLink="true">Debian_has_switched_to_dependency_based_boot_sequencing.html</guid>
-                <pubDate>Mon, 27 Jul 2009 23:50:00 +0200</pubDate>
+               <title>Vinmonopolet bryter loven åpenlyst - og flere planlegger å gjøre det samme</title>
+               <link>http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Vinmonopolet_bryter_loven___penlyst___og_flere_planlegger____gj__re_det_samme.html</guid>
+                <pubDate>Wed, 16 Jun 2010 11:00:00 +0200</pubDate>
                <description>
-&lt;p&gt;Since this evening, with the upload of sysvinit version 2.87dsf-2,
-and the upload of insserv version 1.12.0-10 yesterday, Debian unstable
-have been migrated to using dependency based boot sequencing.  This
-conclude work me and others have been doing for the last three days.
-It feels great to see this finally part of the default Debian
-installation.  Now we just need to weed out the last few problems that
-are bound to show up, to get everything ready for Squeeze.&lt;/p&gt;
-
-&lt;p&gt;The next step is migrating /sbin/init from sysvinit to upstart, and
-fixing the more fundamental problem of handing the event based
-non-predictable kernel in the early boot.&lt;/p&gt;
+&lt;p&gt;&lt;a href=&quot;http://www.dagbladet.no/2010/06/16/nyheter/innenriks/streik/arbeidsliv/12157858/&quot;&gt;Dagbladet
+melder&lt;/a&gt; at Vinmonopolet med bakgrunn i vekterstreiken som pågår i
+Norge for tiden, har bestemt seg for med vitende og vilje å bryte
+sentralbanklovens paragraf 14 ved å nekte folk å betale med
+kontanter, og at flere butikker planlegger å følge deres eksempel.
+Jeg synes det er hårreisende hvis de slipper unna med et slikt
+soleklart lovbrudd, og lurer på hva slags muligheter jeg vil ha hvis
+jeg blir nektet å handle med kontanter.  Jeg handler i hovedsak med
+kontanter selv, da jeg anser det som en borgerrett å kunne handle
+anonymt uten at det blir registrert.  For meg er det et angrep på mitt
+personvern å nekte å ta imot kontant betaling.&lt;/p&gt;
+
+&lt;p&gt;&lt;a href=&quot;http://www.lovdata.no/all/tl-19850524-028-003.html#14&quot;&gt;Paragrafen
+i sentralbankloven&lt;/a&gt; lyder:&lt;/p&gt;
+
+&lt;blockquote&gt;
+&lt;p&gt;§ 14. Tvungent betalingsmiddel&lt;/p&gt;
+
+&lt;p&gt;Bankens sedler og mynter er tvungent betalingsmiddel i Norge. Ingen
+er pliktig til i én betaling å ta imot mer enn femogtyve mynter av
+hver enhet.&lt;/p&gt;
+
+&lt;p&gt;Sterkt skadde sedler og mynter er ikke tvungent
+betalingsmiddel. Banken gir nærmere forskrifter om erstatning for
+bortkomne, brente eller skadde sedler og mynter.&lt;/p&gt;
+
+&lt;p&gt;Selv om en avtale inneholder klausul om betaling av en
+pengeforpliktelse i gullverdi, kan skyldneren frigjøre seg med tvungne
+betalingsmidler uten hensyn til denne klausul.&lt;/p&gt;
+&lt;/blockquote&gt;
+
+&lt;p&gt;Det er med bakgrunn i denne lovet ikke tillatt å nekte å ta imot
+kontakt betaling.  Det er en lov jeg har sans for, og som jeg mener må
+håndheves strengt.&lt;/p&gt;
 </description>
        </item>
        
        <item>
-               <title>Taking over sysvinit development</title>
-               <link>Taking_over_sysvinit_development.html</link>
-               <guid isPermaLink="true">Taking_over_sysvinit_development.html</guid>
-                <pubDate>Wed, 22 Jul 2009 23:00:00 +0200</pubDate>
+               <title>Officeshots taking shape</title>
+               <link>http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</link>
+               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html</guid>
+                <pubDate>Sun, 13 Jun 2010 11:40:00 +0200</pubDate>
                <description>
-&lt;p&gt;After several years of frustration with the lack of activity from
-the existing sysvinit upstream developer, I decided a few weeks ago to
-take over the package and become the new upstream.  The number of
-patches to track for the Debian package was becoming a burden, and the
-lack of synchronization between the distribution made it hard to keep
-the package up to date.&lt;/p&gt;
-
-&lt;p&gt;On the new sysvinit team is the SuSe maintainer Dr. Werner Fink,
-and my Debian co-maintainer Kel Modderman.  About 10 days ago, I made
-a new upstream tarball with version number 2.87dsf (for Debian, SuSe
-and Fedora), based on the patches currently in use in these
-distributions.  We Debian maintainers plan to move to this tarball as
-the new upstream as soon as we find time to do the merge.  Since the
-new tarball was created, we agreed with Werner at SuSe to make a new
-upstream project at &lt;a href=&quot;http://savannah.nongnu.org/&quot;&gt;Savannah&lt;/a&gt;, and continue
-development there.  The project is registered and currently waiting
-for approval by the Savannah administrators, and as soon as it is
-approved, we will import the old versions from svn and continue
-working on the future release.&lt;/p&gt;
-
-&lt;p&gt;It is a bit ironic that this is done now, when some of the involved
-distributions are moving to upstart as a syvinit replacement.&lt;/p&gt;
+&lt;p&gt;For those of us caring about document exchange and
+interoperability, &lt;a href=&quot;http://www.officeshots.org/&quot;&gt;OfficeShots&lt;/a&gt;
+is a great service.  It is to ODF documents what
+&lt;a href=&quot;http://browsershots.org/&quot;&gt;BrowserShots&lt;/a&gt; is for web
+pages.&lt;/p&gt;
+
+&lt;p&gt;A while back, I was contacted by Knut Yrvin at the part of Nokia
+that used to be Trolltech, who wanted to help the OfficeShots project
+and wondered if the University of Oslo where I work would be
+interested in supporting the project.  I helped him to navigate his
+request to the right people at work, and his request was answered with
+a spot in the machine room with power and network connected, and Knut
+arranged funding for a machine to fill the spot.  The machine is
+administrated by the OfficeShots people, so I do not have daily
+contact with its progress, and thus from time to time check back to
+see how the project is doing.&lt;/p&gt;
+
+&lt;p&gt;Today I had a look, and was happy to see that the Dell box in our
+machine room now is the host for several virtual machines running as
+OfficeShots factories, and the project is able to render ODF documents
+in 17 different document processing implementation on Linux and
+Windows.  This is great.&lt;/p&gt;
 </description>
        </item>