Nytt bokforslag.

[homepage.git] / blog / archive / 2010 / 08 / 08.rss

diff --git a/blog/archive/2010/08/08.rss b/blog/archive/2010/08/08.rss
index 0ece95941a9ccddef051d30aebf2ae7ba5b65221..fc095f465802a3ab86a3915cbb5d45a94cabf3ca 100644 (file)
--- a/blog/archive/2010/08/08.rss
+++ b/blog/archive/2010/08/08.rss
@@ -3,313 +3,202 @@
        <channel>
                <title>Petter Reinholdtsen - Entries from August 2010</title>
                <description>Entries from August 2010</description>
        <channel>
                <title>Petter Reinholdtsen - Entries from August 2010</title>
                <description>Entries from August 2010</description>

-                <link>http://people.skolelinux.org/pere/blog/</link>
+                <link>http://www.hungry.com/~pere/blog/</link>

 
        
        <item>
 
        
        <item>

-               <title>Debian Edu roaming workstation - at the university of Oslo</title>
-               <link>http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html</guid>
-                <pubDate>Tue, 3 Aug 2010 23:30:00 +0200</pubDate>
-               <description>
-&lt;p&gt;The new roaming workstation profile in Debian Edu/Squeeze is fairly
-similar to the laptop setup am I working on using Ubuntu for the
-University of Oslo, and just for the heck of it, I tested today how
-hard it would be to integrate that profile into the university
-infrastructure.  In this case, it is the university LDAP server,
-Active Directory Kerberos server and SMB mounting from the Netapp file
-servers.&lt;/p&gt;
-
-&lt;p&gt;I was pleasantly surprised that the only three files needed to be
-changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
-/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
-(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
-Most of the changes were to get the client to use the university LDAP
-for NSS and Kerberos server for PAM, but one was to change a hard
-coded DNS domain name in the mklocaluser hook from .intern to
-.uio.no.&lt;/p&gt;
-
-&lt;p&gt;This testing was so encouraging, that I went ahead and adjusted the
-Debian Edu scripts and setup in subversion to centralise the roaming
-workstation setup a bit more and avoid the hardcoded DNS domain name,
-so that when I test this tomorrow, I expect to get away with modifying
-only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
-university servers.&lt;/p&gt;
-
-&lt;p&gt;My goal is to get the clients to have no hardcoded settings and
-fetch all their initial setup during installation and first boot, to
-allow them to be inserted also into environments where the default
-setup in Debian Edu has been changed or as with the university, where
-the environment is different but provides the protocols Debian Edu
-uses.&lt;/p&gt;
+               <title>Forslag i stortinget om å stoppe elektronisk stemmegiving i Norge</title>
+               <link>http://www.hungry.com/~pere/blog/Forslag_i_stortinget_om___stoppe_elektronisk_stemmegiving_i_Norge.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Forslag_i_stortinget_om___stoppe_elektronisk_stemmegiving_i_Norge.html</guid>
+                <pubDate>Tue, 31 Aug 2010 21:00:00 +0200</pubDate>
+               <description>&lt;p&gt;Ble tipset i dag om at et forslag om å stoppe forsøkene med
+elektronisk stemmegiving utenfor valglokaler er
+&lt;a href=&quot;http://www.stortinget.no/no/Saker-og-publikasjoner/Saker/Sak/?p=46616&quot;&gt;til
+behandling&lt;/a&gt; i Stortinget.
+&lt;a href=&quot;http://www.stortinget.no/Global/pdf/Representantforslag/2009-2010/dok8-200910-128.pdf&quot;&gt;Forslaget&lt;/a&gt;
+er fremmet av Erna Solberg, Michael Tetzschner og Trond Helleland.&lt;/p&gt;
+
+&lt;p&gt;Håper det får flertall.&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Autodetecting Client setup for roaming workstations in Debian Edu</title>
-               <link>http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</guid>
-                <pubDate>Sat, 7 Aug 2010 14:45:00 +0200</pubDate>
-               <description>
-&lt;p&gt;A few days ago, I
-&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html&quot;&gt;tried
-to install&lt;/a&gt; a Roaming workation profile from Debian Edu/Squeeze
-while on the university network here at the University of Oslo, and
-noticed how much had to change to get it operational using the
-university infrastructure.  It was fairly easy, but it occured to me
-that Debian Edu would improve a lot if I could get the client to
-connect without any changes at all, and thus let the client configure
-itself during installation and first boot to use the infrastructure
-around it.  Now I am a huge step further along that road.&lt;/p&gt;
+               <title>Broken hard link handling with sshfs</title>
+               <link>http://www.hungry.com/~pere/blog/Broken_hard_link_handling_with_sshfs.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Broken_hard_link_handling_with_sshfs.html</guid>
+                <pubDate>Mon, 30 Aug 2010 19:30:00 +0200</pubDate>
+               <description>&lt;p&gt;Just got an email from Tobias Gruetzmacher as a followup on my
+&lt;a href=&quot;https://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html&quot;&gt;previous
+post about sshfs&lt;/a&gt;.  He reported another problem with sshfs.  It
+fail to handle hard links properly.  A simple way to spot this is to
+look at the . and .. entries in the directory tree.  These should have
+a link count &gt;1, but on sshfs the count is 1.  I just tested to see
+what happen when trying to hardlink, and this fail as well:&lt;/p&gt;

 
 

-&lt;p&gt;With our current squeeze-test packages, I can select the roaming
-workstation profile and get a working laptop connecting to the
-university LDAP server for user and group and our active directory
-servers for Kerberos authentication.  All this without any
-configuration at all during installation.  My users home directory got
-a bookmark in the KDE menu to mount it via SMB, with the correct URL.
-In short, openldap and sssd is correctly configured.  In addition to
-this, the client look for http://wpad/wpad.dat to configure a web
-proxy, and when it fail to find it no proxy settings are stored in
-/etc/environment and /etc/apt/apt.conf.  Iceweasel and KDE is
-configured to look for the same wpad configuration and also do not use
-a proxy when at the university network.  If the machine is moved to a
-network with such wpad setup, it would automatically use it when DHCP
-gave it a IP address.&lt;/p&gt;
-
-&lt;p&gt;The LDAP server is located using DNS, by first looking for the DNS
-entry ldap.$domain.  If this do not exist, it look for the
-_ldap._tcp.$domain SRV records and use the first one as the LDAP
-server.  Next, it connects to the LDAP server and search all
-namingContexts entries for posixAccount or posixGroup objects, and
-pick the first one as the LDAP base.  For Kerberos, a similar
-algorithm is used to locate the LDAP server, and the realm is the
-uppercase version of $domain.&lt;/p&gt;
-
-&lt;p&gt;So, what is not working, you might ask.  SMB mounting my home
-directory do not work.  No idea why, but suspected the incorrect
-Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
-the cause.  These are not properly configured during installation, and
-had to be hand-edited to get the correct Kerberos realm and server,
-but SMB mounting still do not work. :(&lt;/p&gt;
+&lt;pre&gt;
+% ln foo bar
+ln: creating hard link `bar&#39; =&gt; `foo&#39;: Function not implemented
+%
+&lt;/pre&gt;

 
 

-&lt;p&gt;With this automatic configuration in place, I expect a Debian Edu
-roaming profile installation would be able to automatically detect and
-connect to any site using LDAP and Kerberos for NSS directory and PAM
-authentication.  It should also work out of the box in a Active
-Directory environment providing posixAccount and posixGroup objects
-with UID and GID values.&lt;/p&gt;
+&lt;p&gt;I have not yet found time to implement a test for this in my file
+system test code, but believe having working hard links is useful to
+avoid surprised unix programs.  Not as useful as working file locking
+and symlinks, which are required to get a working desktop, but useful
+nevertheless. :)&lt;/p&gt;

 
 

-&lt;p&gt;If you want to help out with implementing these things for Debian
-Edu, please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
+&lt;p&gt;The latest version of the file system test code is available via
+git from
+&lt;a href=&quot;http://github.com/gebi/fs-test&quot;&gt;http://github.com/gebi/fs-test&lt;/a&gt;&lt;/p&gt;

 </description>
        </item>
        
        <item>
 </description>
        </item>
        
        <item>

-               <title>Testing if a file system can be used for home directories...</title>
-               <link>http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html</guid>
-                <pubDate>Sun, 8 Aug 2010 21:20:00 +0200</pubDate>
-               <description>
-&lt;p&gt;A few years ago, I was involved in a project planning to use
-Windows file servers as home directory servers for Debian
-Edu/Skolelinux machines.  This was thought to be no problem, as the
-access would be through the SMB network file system protocol, and we
-knew other sites used SMB with unix and samba as the file server to
-mount home directories without any problems.  But, after months of
-struggling, we had to conclude that our goal was impossible.&lt;/p&gt;
-
-&lt;p&gt;The reason is simply that while SMB can be used for home
-directories when the file server is Samba running on Unix, this only
-work because of Samba have some extensions and the fact that the
-underlying file system is a unix file system.  When using a Windows
-file server, the underlying file system do not have POSIX semantics,
-and several programs will fail if the users home directory where they
-want to store their configuration lack POSIX semantics.&lt;/p&gt;
-
-&lt;p&gt;As part of this work, I wrote a small C program I want to share
-with you all, to replicate a few of the problematic applications (like
-OpenOffice.org and GCompris) and see if the file system was working as
-it should.  If you find yourself in spooky file system land, it might
-help you find your way out again.  This is the fs-test.c source:&lt;/p&gt;
+               <title>Sikkerhetsteateret på flyplassene fortsetter</title>
+               <link>http://www.hungry.com/~pere/blog/Sikkerhetsteateret_p__flyplassene_fortsetter.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Sikkerhetsteateret_p__flyplassene_fortsetter.html</guid>
+                <pubDate>Sat, 28 Aug 2010 10:40:00 +0200</pubDate>
+               <description>&lt;p&gt;Jeg skrev for et halvt år siden hvordan
+&lt;a href=&quot;https://people.skolelinux.org/pere/blog/Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html&quot;&gt;samfunnet
+kaster bort ressurser på sikkerhetstiltak som ikke fungerer&lt;/a&gt;.  Kom
+nettopp over en
+&lt;a href=&quot;http://www.askthepilot.com/essays-and-stories/terrorism-tweezers-and-terminal-madness-an-essay-on-security/&quot;&gt;historie
+fra en pilot fra USA&lt;/a&gt; som kommenterer det samme.  Jeg mistenker det
+kun er uvitenhet og autoritetstro som gjør at så få protesterer.  Har
+veldig sans for piloten omtalt i &lt;a
+href=&quot;http://www.aftenposten.no/nyheter/iriks/article2057501.ece&quot;&gt;Aftenposten&lt;/a&gt; 2007-10-23,
+og skulle ønske flere rettet oppmerksomhet mot problemet.  Det gir
+ikke meg trygghetsfølelse på flyplassene når jeg ser at
+flyplassadministrasjonen kaster bort folk, penger og tid på tull i
+stedet for ting som bidrar til reell økning av sikkerheten.  Det
+forteller meg jo at vurderingsevnen til de som burde bidra til økt
+sikkerhet er svært sviktende, noe som ikke taler godt for de andre
+tiltakene.&lt;/p&gt;
+
+&lt;p&gt;Mon tro hva som skjer hvis det fantes en enkel brosjyre å skrive ut
+fra Internet som forklarte hva som er galt med sikkerhetsopplegget på
+flyplassene, og folk skrev ut og la en bunke på flyplassene når de
+passerte.  Kanskje det ville fått flere til å få øynene opp for
+problemet.&lt;/p&gt;
+
+&lt;p&gt;Personlig synes jeg flyopplevelsen er blitt så avskyelig at jeg
+forsøker å klare meg med tog, bil og båt for å slippe ubehaget.  Det
+er dog noe vanskelig i det langstrakte Norge og for å kunne besøke de
+delene av verden jeg ønsker å nå.  Mistenker at flere har det slik, og
+at dette går ut over inntjeningen til flyselskapene.  Det er antagelig
+en god ting sett fra et miljøperspektiv, men det er en annen sak.&lt;/p&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>Skolelinux i Osloskolen</title>
+               <link>http://www.hungry.com/~pere/blog/Skolelinux_i_Osloskolen.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Skolelinux_i_Osloskolen.html</guid>
+                <pubDate>Thu, 26 Aug 2010 22:25:00 +0200</pubDate>
+               <description>&lt;p&gt;Denne høsten skal endelig alle Osloskolene få mulighet til å bruke
+&lt;a href=&quot;http://www.skolelinux.org/&quot;&gt;Skolelinux&lt;/a&gt;.  Ny IT-løsning
+har vært rullet ut i noen måneder nå, og så vidt jeg fikk vite før
+sommeren skulle alle skoler ha nytt opplegg på plass før oppstart nå i
+høst.  På alle skolene skal en kunne velge ved installasjon om en skal
+ha Windows eller Skolelinux på maskinene, og en kan i tillegg
+PXE-boote maskinene over nett som tynne klienter eller diskløse
+arbeidsstasjoner. Jeg er spent på hvor mange skoler som velger å ta i
+bruk Skolelinux, og gleder meg til å se hvordan dette utvikler seg.
+Løsningen leveres av
+&lt;a href=&quot;http://www.logica.no/&quot;&gt;Logica&lt;/a&gt; med
+&lt;a href=&quot;http://www.slxdrift.no/&quot;&gt;Skolelinux Drift AS&lt;/a&gt; som
+underleverandør, og jeg har vært involvert i utviklingen av løsningen
+via Skolelinux Drift AS siden prosjektet starter.  Jeg synes det er
+fantastisk at Skolelinux er kommet så langt siden vi startet i 2001 at
+alle elevene i Osloskolene nå skal få mulighet til å bruke
+løsningen.  Jeg håper de vil sette pris på alle de
+&lt;a href=&quot;http://www.skolelinux.no/linux-signpost/&quot;&gt;fantastiske
+brukerprogrammene&lt;/a&gt; som er tilgjengelig i Skolelinux.&lt;/p&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>Broken umask handling with sshfs</title>
+               <link>http://www.hungry.com/~pere/blog/Broken_umask_handling_with_sshfs.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Broken_umask_handling_with_sshfs.html</guid>
+                <pubDate>Thu, 26 Aug 2010 13:30:00 +0200</pubDate>
+               <description>&lt;p&gt;My file system sematics program
+&lt;a href=&quot;https://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html&quot;&gt;presented
+a few days ago&lt;/a&gt; is very useful to verify that a file system can
+work as a unix home directory,and today I had to extend it a bit.  I&#39;m
+looking into alternatives for home directory access here at the
+University of Oslo, and one of the options is sshfs.  My friend
+Finn-Arne mentioned a while back that they had used sshfs with Debian
+Edu, but stopped because of problems.  I asked today what the problems
+where, and he mentioned that sshfs failed to handle umask properly.
+Trying to detect the problem I wrote this addition to my fs testing
+script:&lt;/p&gt;

 
 &lt;pre&gt;
 
 &lt;pre&gt;

-/*
- * Some tests to check the file system sematics.  Used to verify that
- * CIFS from a windows server do not work properly as a linux home
- * directory.
- * License: GPL v2 or later
- * 
- * needs libsqlite3-dev and build-essential installed
- * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
-*/
-
-#define _FILE_OFFSET_BITS 64
-#define _LARGEFILE_SOURCE 1
-#define _LARGEFILE64_SOURCE 1
-
-#define _GNU_SOURCE /* for asprintf() */
-
-#include &amp;lt;errno.h&gt;
-#include &amp;lt;fcntl.h&gt;
-#include &amp;lt;stdio.h&gt;
-#include &amp;lt;string.h&gt;
-#include &amp;lt;stdlib.h&gt;
-#include &amp;lt;sys/file.h&gt;
-#include &amp;lt;sys/stat.h&gt;
-#include &amp;lt;sys/types.h&gt;
-#include &amp;lt;unistd.h&gt;
-
-#ifdef TEST_SQLITE
-/*
- * Test sqlite open, as done by gcompris require the libsqlite3-dev
- * package and linking with -lsqlite3.  A more low level test is
- * below.
- * See also &amp;lt;URL: http://www.sqlite.org./faq.html#q5 &gt;.
- */
-#include &amp;lt;sqlite3.h&gt;
-#define CREATE_TABLE_USERS                                              \
-  &quot;CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); &quot;
-int test_sqlite_open(void) {
-  char *zErrMsg;
-  char *name = &quot;testsqlite.db&quot;;
-  sqlite3 *db=NULL;
-  unlink(name);
-  int rc = sqlite3_open(name, &amp;db);
-  if( rc ){
-    printf(&quot;error: sqlite open of %s failed: %s\n&quot;, name, sqlite3_errmsg(db));
-    sqlite3_close(db);
-    return -1;
-  }
-
-  /* create tables */
-  rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,  0, &amp;zErrMsg);
-  if( rc != SQLITE_OK ){
-    printf(&quot;error: sqlite table create failed: %s\n&quot;, zErrMsg);
-    sqlite3_close(db);
-    return -1;
+mode_t touch_get_mode(const char *name, mode_t mode) {
+  mode_t retval = 0;
+  int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, mode);
+  if (-1 != fd) {
+    unlink(name);
+    struct stat statbuf;
+    if (-1 != fstat(fd, &amp;statbuf)) {
+      retval = statbuf.st_mode &amp; 0x1ff;
+    }
+    close(fd);

   }
   }

-  printf(&quot;info: sqlite worked\n&quot;);
-  sqlite3_close(db);
-  return 0;
+  return retval;

 }
 }

-#endif /* TEST_SQLITE */
-
-/*
- * Demonstrate locking issue found in gcompris using sqlite3.  This
- * work with ext3, but not with cifs server on Windows 2003.  This is
- * done in the sqlite3 library.
- * See also
- * &amp;lt;URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html&gt; and the
- * POSIX specification
- * &amp;lt;URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html&gt;.
- */
-int test_gcompris_locking(void) {
-  struct flock fl;
-  char *name = &quot;testsqlite.db&quot;;
-  unlink(name);
-  int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
-  printf(&quot;info: testing fcntl locking\n&quot;);
-
-  fl.l_whence = SEEK_SET;
-  fl.l_pid    = getpid();
-  printf(&quot;  Read-locking 1 byte from 1073741824&quot;);
-  fl.l_start  = 1073741824;
-  fl.l_len    = 1;
-  fl.l_type   = F_RDLCK;
-  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);

 
 

-  printf(&quot;  Read-locking 510 byte from 1073741826&quot;);
-  fl.l_start  = 1073741826;
-  fl.l_len    = 510;
-  fl.l_type   = F_RDLCK;
-  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
-
-  printf(&quot;  Unlocking 1 byte from 1073741824&quot;);
-  fl.l_start  = 1073741824;
-  fl.l_len    = 1;
-  fl.l_type   = F_UNLCK;
-  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
-
-  printf(&quot;  Write-locking 1 byte from 1073741824&quot;);
-  fl.l_start  = 1073741824;
-  fl.l_len    = 1;
-  fl.l_type   = F_WRLCK;
-  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
-
-  printf(&quot;  Write-locking 510 byte from 1073741826&quot;);
-  fl.l_start  = 1073741826;
-  fl.l_len    = 510;
-  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
-
-  printf(&quot;  Unlocking 2 byte from 1073741824&quot;);
-  fl.l_start  = 1073741824;
-  fl.l_len    = 2;
-  fl.l_type   = F_UNLCK;
-  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
-
-  close(fd);
-  return 0;
-}
+/* Try to detect problem discovered using sshfs */
+int test_umask(void) {
+  printf(&quot;info: testing umask effect on file creation\n&quot;);

 
 

-/*
- * Test if permissions of freshly created directories allow entries
- * below them.  This was a problem with OpenOffice.org and gcompris.
- * Mounting with option &#39;sync&#39; seem to solve this problem while
- * slowing down file operations.
- */
-int test_subdirectory_creation(void) {
-#define LEVELS 5
-  char *path = strdup(&quot;test&quot;);
-  char *dirs[LEVELS];
-  int level;
-  printf(&quot;info: testing subdirectory creation\n&quot;);
-  for (level = 0; level &amp;lt; LEVELS; level++) {
-    char *newpath = NULL;
-    if (-1 == mkdir(path, 0777)) {
-      printf(&quot;  error: Unable to create directory &#39;%s&#39;: %s\n&quot;,
-            path, strerror(errno));
-      break;
-    }
-    asprintf(&amp;newpath, &quot;%s/%s&quot;, path, &quot;test&quot;);
-    free(path);
-    path = newpath;
+  mode_t orig_umask = umask(000);
+  mode_t newmode;
+  if (0666 != (newmode = touch_get_mode(&quot;foobar&quot;, 0666))) {
+    printf(&quot;  error: Wrong file mode %o when creating using mode 666 and umask 000\n&quot;,
+           newmode);
+  }
+  umask(007);
+  if (0660 != (newmode = touch_get_mode(&quot;foobar&quot;, 0666))) {
+    printf(&quot;  error: Wrong file mode %o when creating using mode 666 and umask 007\n&quot;,
+           newmode);

   }
   }

-  return 0;
-}

 
 

-/*
- * Test if symlinks can be created.  This was a problem detected with
- * KDE.
- */
-int test_symlinks(void) {
-  printf(&quot;info: testing symlink creation\n&quot;);
-  unlink(&quot;symlink&quot;);
-  if (-1 == symlink(&quot;file&quot;, &quot;symlink&quot;))
-    printf(&quot;  error: Unable to create symlink\n&quot;);
+  umask (orig_umask);

   return 0;
 }
 
 int main(int argc, char **argv) {
   return 0;
 }
 
 int main(int argc, char **argv) {

-  printf(&quot;Testing POSIX/Unix sematics on file system\n&quot;);
-  test_symlinks();
-  test_subdirectory_creation();
-#ifdef TEST_SQLITE
-  test_sqlite_open();
-#endif /* TEST_SQLITE */
-  test_gcompris_locking();
+  [...]
+  test_umask();

   return 0;
 }
 &lt;/pre&gt;
 
   return 0;
 }
 &lt;/pre&gt;
 

-&lt;p&gt;When everything is working, it should print something like
-this:&lt;/p&gt;
+&lt;p&gt;Sure enough.  On NFS to a netapp, I get this result:&lt;/p&gt;
+
+&lt;pre&gt;
+Testing POSIX/Unix sematics on file system
+info: testing symlink creation
+info: testing subdirectory creation
+info: testing fcntl locking
+  Read-locking 1 byte from 1073741824
+  Read-locking 510 byte from 1073741826
+  Unlocking 1 byte from 1073741824
+  Write-locking 1 byte from 1073741824
+  Write-locking 510 byte from 1073741826
+  Unlocking 2 byte from 1073741824
+info: testing umask effect on file creation
+&lt;/pre&gt;
+
+&lt;p&gt;When mounting the same directory using sshfs, I get this
+result:&lt;/p&gt;

 
 &lt;pre&gt;
 Testing POSIX/Unix sematics on file system
 info: testing symlink creation
 info: testing subdirectory creation
 
 &lt;pre&gt;
 Testing POSIX/Unix sematics on file system
 info: testing symlink creation
 info: testing subdirectory creation

-info: sqlite worked

 info: testing fcntl locking
   Read-locking 1 byte from 1073741824
   Read-locking 510 byte from 1073741826
 info: testing fcntl locking
   Read-locking 1 byte from 1073741824
   Read-locking 510 byte from 1073741826


@@ -317,29 +206,166 @@ info: testing fcntl locking
   Write-locking 1 byte from 1073741824
   Write-locking 510 byte from 1073741826
   Unlocking 2 byte from 1073741824
   Write-locking 1 byte from 1073741824
   Write-locking 510 byte from 1073741826
   Unlocking 2 byte from 1073741824

+info: testing umask effect on file creation
+  error: Wrong file mode 644 when creating using mode 666 and umask 000
+  error: Wrong file mode 640 when creating using mode 666 and umask 007

 &lt;/pre&gt;
 
 &lt;/pre&gt;
 

-&lt;p&gt;I do not remember the exact details of the problems we saw, but one
-of them was with locking, where if I remember correctly, POSIX allow a
-read-only lock to be upgraded to a read-write lock without unlocking
-the read-only lock (while Windows do not).  Another was a bug in the
-CIFS/SMB client implementation in the Linux kernel where directory
-meta information would be wrong for a fraction of a second, making
-OpenOffice.org fail to create its deep directory tree because it was
-not allowed to create files in its freshly created directory.&lt;/p&gt;
+&lt;p&gt;So, I can conclude that sshfs is better than smb to a Netapp or a
+Windows server, but not good enough to be used as a home
+directory.&lt;/p&gt;
+
+&lt;p&gt;Update 2010-08-26: Reported the issue in
+&lt;a href=&quot;http://bugs.debian.org/594498&quot;&gt;BTS report #594498&lt;/a&gt;&lt;/p&gt;
+
+&lt;p&gt;Update 2010-08-27: Michael Gebetsroither report that he found the
+script so useful that he created a GIT repository and stored it in
+&lt;a href=&quot;http://github.com/gebi/fs-test&quot;&gt;http://github.com/gebi/fs-test&lt;/a&gt;.&lt;/p&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge</title>
+               <link>http://www.hungry.com/~pere/blog/Elektronisk_stemmegiving_er_ikke_til___stole_p____heller_ikke_i_Norge.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Elektronisk_stemmegiving_er_ikke_til___stole_p____heller_ikke_i_Norge.html</guid>
+                <pubDate>Mon, 23 Aug 2010 19:30:00 +0200</pubDate>
+               <description>&lt;p&gt;I Norge pågår en prosess for å
+&lt;a href=&quot;http://www.e-valg.dep.no/&quot;&gt;innføre elektronisk
+stemmegiving&lt;/a&gt; ved kommune- og stortingsvalg.  Dette skal
+introduseres i 2011.  Det er all grunn til å tro at valg i Norge ikke
+vil være til å stole på hvis dette blir gjennomført.  Da det hele var
+oppe til høring i 2006 forfattet jeg
+&lt;a href=&quot;http://www.nuug.no/dokumenter/valg-horing-2006-09.pdf&quot;&gt;en
+høringsuttalelse fra NUUG&lt;/a&gt; (og EFN som hengte seg på) som skisserte
+hvilke punkter som må oppfylles for at en skal kunne stole på et valg,
+og elektronisk stemmegiving mangler flere av disse.  Elektronisk
+stemmegiving er for alle praktiske formål å putte ens stemme i en sort
+boks under andres kontroll, og satse på at de som har kontroll med
+boksen er til å stole på - uten at en har mulighet til å verifisere
+dette selv.  Det er ikke slik en gjennomfører demokratiske valg.&lt;/p&gt;
+
+&lt;p&gt;Da problemet er fundamentalt med hvordan elektronisk stemmegiving
+må fungere for at også ikke-krypografer skal kunne delta, har det vært
+mange rapporter om hvordan elektronisk stemmegiving har sviktet i land
+etter land.  En
+&lt;a href=&quot;http://wiki.nuug.no/uttalelser/2006-elektronisk-stemmegiving&quot;&gt;liten
+samling referanser&lt;/a&gt; finnes på NUUGs wiki.  Den siste er fra India,
+der valgkomisjonen har valgt
+&lt;a href=&quot;http://www.freedom-to-tinker.com/blog/jhalderm/electronic-voting-researcher-arrested-over-anonymous-source&quot;&gt;å
+pusse politiet på en forsker&lt;/a&gt; som har dokumentert svakheter i
+valgsystemet.&lt;/p&gt;
+
+&lt;p&gt;Her i Norge har en valgt en annen tilnærming, der en forsøker seg
+med teknobabbel for å få befolkningen til å tro at dette skal bli
+sikkert.  Husk, elektronisk stemmegiving underminerer de demokratiske
+valgene i Norge, og bør ikke innføres.&lt;/p&gt;
+
+&lt;p&gt;Den offentlige diskusjonen blir litt vanskelig av at media har
+valgt å kalle dette &quot;evalg&quot;, som kan sies å både gjelde elektronisk
+opptelling av valget som Norge har gjort siden 60-tallet og som er en
+svært god ide, og elektronisk opptelling som er en svært dårlig ide.
+Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller
+mot &quot;evalg&quot;, og jeg forsøker derfor å være klar på at jeg snakker om
+elektronisk stemmegiving og unngå begrepet &quot;evalg&quot;.&lt;/p&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>Robot, reis deg...</title>
+               <link>http://www.hungry.com/~pere/blog/Robot__reis_deg___.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Robot__reis_deg___.html</guid>
+                <pubDate>Sat, 21 Aug 2010 22:10:00 +0200</pubDate>
+               <description>&lt;p&gt;I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og
+har brukt noen timer til å google etter interessante referanser og
+aktuell kildekode for bruk på Linux.  Det mest lovende så langt er
+&lt;a href=&quot;http://ispykee.toyz.org/&quot;&gt;ispykee&lt;/a&gt;, som har en
+BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på
+lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for
+å fjernstyre roboten.  Linux-daemonen implementerer deler av
+protokollen som roboten forstår.  Etter å ha knotet litt med å oppnå
+kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg
+måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at
+den lytter på IP-port 9000 og 9001, gikk jeg i gang med å finne ut
+hvordan jeg kunne snakke med roboten vha. disse portene.  Robotbiten
+av protokollen er publisert av produsenten med GPL-lisens, slik at det
+er mulig å se hvordan protokollen fungerer.  Det finnes en java-klient
+for Android som så ganske snasen ut, men fant ingen kildekode for
+denne.  Derimot hadde iphone-løsningen kildekode, så jeg tok
+utgangspunkt i den.&lt;/p&gt;
+
+&lt;p&gt;Daemonen ville i utgangspunktet forsøke å kontakte den sentrale
+tjenesten som iphone-programmet kobler seg til.  Jeg skrev dette om
+til i stedet å sette opp en nettverkstjeneste på min lokale maskin,
+som jeg kan koble meg opp til med telnet og gi kommandoer til roboten
+(act, forward, right, left, etc).  Det involverte i praksis å bytte ut
+socket()/connect() med socket()/bind()/listen()/accept() for å gjøre
+klienten om til en tjener.&lt;/p&gt;
+
+&lt;p&gt;Mens jeg har forsøkt å få roboten til å bevege seg har min samboer
+skrudd sammen resten av roboten for å få montert kamera og plastpynten
+(armer, plastfiber for lys).  Nå er det hele montert, og roboten er
+klar til bruk.  Må få flyttet den over til mitt vanlige trådløsnett
+før det blir praktisk, men de bitene av protokollen er ikke
+implementert i ispykee-daemonen, så der må jeg enten få tak i en mac
+eller en windows-maskin, eller implementere det selv.&lt;/p&gt;

 
 

-&lt;p&gt;Anyway, here is a nice tool for your tool box, might you never need
-it. :)&lt;/p&gt;
+&lt;p&gt;Vi var tre som kjøpte slike roboter, og vi har blitt enige om å
+samle notater og referanser på &lt;a
+href=&quot;http://wiki.nuug.no/grupper/robot/&quot;&gt;NUUGs wiki&lt;/a&gt;.  Ta en titt
+der hvis du er nysgjerrig.&lt;/p&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>2 Spykee-roboter i hus, nå skal det lekes</title>
+               <link>http://www.hungry.com/~pere/blog/2_Spykee_roboter_i_hus__n__skal_det_lekes.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/2_Spykee_roboter_i_hus__n__skal_det_lekes.html</guid>
+                <pubDate>Wed, 18 Aug 2010 13:30:00 +0200</pubDate>
+               <description>&lt;p&gt;Jeg kjøpte nettopp to
+&lt;a href=&quot;http://www.spykee-robot.com/&quot;&gt;Spykee&lt;/a&gt;-roboter, for test og
+leking.  Kjøpte to da det var så billige, og gir meg mulighet til å
+eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
+ut firmware og slikt.  Oppdaget at lekebutikken på Bryn senter hadde
+en liten stabel på lager som de ikke hadde klart å selge ut etter
+fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
+vanlig pris.  Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
+det blir morsomt å se hva vi får ut av dette.&lt;/p&gt;
+
+&lt;p&gt;Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
+og wifi-tilkobling.  Det hele styrt av en GPL-lisensiert databoks som
+jeg mistenker kjører linux.  Firmware-kildekoden ble visst publisert i
+mai.  Eneste utfordringen er at kontroller-programvaren kun finnes til
+Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
+firmwaren. :)&lt;/p&gt;
+
+&lt;ul&gt;
+&lt;li&gt;&lt;a href=&quot;http://en.wikipedia.org/wiki/Spykee&quot;&gt;Wikipedia-oppføring&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;http://www.spykeeworld.com/spykee/US/freeSoftware.html&quot;&gt;Nedlasting av firmware-kilden&lt;/a&gt;&lt;/li&gt;
+&lt;li&gt;&lt;a href=&quot;http://wiki.nuug.no/grupper/robot&quot;&gt;prosjektwiki hos NUUG&lt;/a&gt;&lt;/li&gt;
+&lt;/ul&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>Rob Weir: How to Crush Dissent</title>
+               <link>http://www.hungry.com/~pere/blog/Rob_Weir__How_to_Crush_Dissent.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Rob_Weir__How_to_Crush_Dissent.html</guid>
+                <pubDate>Sun, 15 Aug 2010 22:20:00 +0200</pubDate>
+               <description>&lt;p&gt;I found the notes from Rob Weir on
+&lt;a href=&quot;http://feedproxy.google.com/~r/robweir/antic-atom/~3/VGb23-kta8c/how-to-crush-dissent.html&quot;&gt;how
+to crush dissent&lt;/a&gt; matching my own thoughts on the matter quite
+well.  Highly recommended for those wondering which road our society
+should go down.  In my view we have been heading the wrong way for a
+long time.&lt;/p&gt;

 </description>
        </item>
        
        <item>
                <title>No hardcoded config on Debian Edu clients</title>
 </description>
        </item>
        
        <item>
                <title>No hardcoded config on Debian Edu clients</title>

-               <link>http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html</guid>
+               <link>http://www.hungry.com/~pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html</guid>

                 <pubDate>Mon, 9 Aug 2010 20:15:00 +0200</pubDate>
                 <pubDate>Mon, 9 Aug 2010 20:15:00 +0200</pubDate>

-               <description>
-&lt;p&gt;As reported earlier, the last few days I have looked at how Debian
+               <description>&lt;p&gt;As reported earlier, the last few days I have looked at how Debian

 Edu clients are configured, and tried to get rid of all hardcoded
 configuration settings on the clients.  I believe the work to be
 mostly done, and the clients seem to work just fine with dynamically
 Edu clients are configured, and tried to get rid of all hardcoded
 configuration settings on the clients.  I believe the work to be
 mostly done, and the clients seem to work just fine with dynamically


@@ -459,211 +485,209 @@ implement it for Debian Edu. :)&lt;/p&gt;
        </item>
        
        <item>
        </item>
        
        <item>

-               <title>Rob Weir: How to Crush Dissent</title>
-               <link>http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html</guid>
-                <pubDate>Sun, 15 Aug 2010 22:20:00 +0200</pubDate>
-               <description>
-&lt;p&gt;I found the notes from Rob Weir on
-&lt;a href=&quot;http://feedproxy.google.com/~r/robweir/antic-atom/~3/VGb23-kta8c/how-to-crush-dissent.html&quot;&gt;how
-to crush dissent&lt;/a&gt; matching my own thoughts on the matter quite
-well.  Highly recommended for those wondering which road our society
-should go down.  In my view we have been heading the wrong way for a
-long time.&lt;/p&gt;
-</description>
-       </item>
-       
-       <item>
-               <title>2 Spykee-roboter i hus, nå skal det lekes</title>
-               <link>http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html</guid>
-                <pubDate>Wed, 18 Aug 2010 13:30:00 +0200</pubDate>
-               <description>
-&lt;p&gt;Jeg kjøpte nettopp to
-&lt;a href=&quot;http://www.spykee-robot.com/&quot;&gt;Spykee&lt;/a&gt;-roboter, for test og
-leking.  Kjøpte to da det var så billige, og gir meg mulighet til å
-eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
-ut firmware og slikt.  Oppdaget at lekebutikken på Bryn senter hadde
-en liten stabel på lager som de ikke hadde klart å selge ut etter
-fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
-vanlig pris.  Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
-det blir morsomt å se hva vi får ut av dette.&lt;/p&gt;
+               <title>Testing if a file system can be used for home directories...</title>
+               <link>http://www.hungry.com/~pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html</guid>
+                <pubDate>Sun, 8 Aug 2010 21:20:00 +0200</pubDate>
+               <description>&lt;p&gt;A few years ago, I was involved in a project planning to use
+Windows file servers as home directory servers for Debian
+Edu/Skolelinux machines.  This was thought to be no problem, as the
+access would be through the SMB network file system protocol, and we
+knew other sites used SMB with unix and samba as the file server to
+mount home directories without any problems.  But, after months of
+struggling, we had to conclude that our goal was impossible.&lt;/p&gt;

 
 

-&lt;p&gt;Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
-og wifi-tilkobling.  Det hele styrt av en GPL-lisensiert databoks som
-jeg mistenker kjører linux.  Firmware-kildekoden ble visst publisert i
-mai.  Eneste utfordringen er at kontroller-programvaren kun finnes til
-Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
-firmwaren. :)&lt;/p&gt;
+&lt;p&gt;The reason is simply that while SMB can be used for home
+directories when the file server is Samba running on Unix, this only
+work because of Samba have some extensions and the fact that the
+underlying file system is a unix file system.  When using a Windows
+file server, the underlying file system do not have POSIX semantics,
+and several programs will fail if the users home directory where they
+want to store their configuration lack POSIX semantics.&lt;/p&gt;

 
 

-&lt;ul&gt;
-&lt;li&gt;&lt;a href=&quot;http://en.wikipedia.org/wiki/Spykee&quot;&gt;Wikipedia-oppføring&lt;/a&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html&quot;&gt;Nedlasting av firmware-kilden&lt;/a&gt;&lt;/li&gt;
-&lt;li&gt;&lt;a href=&quot;http://wiki.nuug.no/grupper/robot&quot;&gt;prosjektwiki hos NUUG&lt;/a&gt;&lt;/li&gt;
-&lt;/ul&gt;
-</description>
-       </item>
-       
-       <item>
-               <title>Robot, reis deg...</title>
-               <link>http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html</guid>
-                <pubDate>Sat, 21 Aug 2010 22:10:00 +0200</pubDate>
-               <description>
-&lt;p&gt;I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og
-har brukt noen timer til å google etter interessante referanser og
-aktuell kildekode for bruk på Linux.  Det mest lovende så langt er
-&lt;a href=&quot;http://ispykee.toyz.org/&quot;&gt;ispykee&lt;/a&gt;, som har en
-BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på
-lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for
-å fjernstyre roboten.  Linux-daemonen implementerer deler av
-protokollen som roboten forstår.  Etter å ha knotet litt med å oppnå
-kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg
-måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at
-den lytter på IP-port 9000 og 9001, gikk jeg i gang med å finne ut
-hvordan jeg kunne snakke med roboten vha. disse portene.  Robotbiten
-av protokollen er publisert av produsenten med GPL-lisens, slik at det
-er mulig å se hvordan protokollen fungerer.  Det finnes en java-klient
-for Android som så ganske snasen ut, men fant ingen kildekode for
-denne.  Derimot hadde iphone-løsningen kildekode, så jeg tok
-utgangspunkt i den.&lt;/p&gt;
+&lt;p&gt;As part of this work, I wrote a small C program I want to share
+with you all, to replicate a few of the problematic applications (like
+OpenOffice.org and GCompris) and see if the file system was working as
+it should.  If you find yourself in spooky file system land, it might
+help you find your way out again.  This is the fs-test.c source:&lt;/p&gt;

 
 

-&lt;p&gt;Daemonen ville i utgangspunktet forsøke å kontakte den sentrale
-tjenesten som iphone-programmet kobler seg til.  Jeg skrev dette om
-til i stedet å sette opp en nettverkstjeneste på min lokale maskin,
-som jeg kan koble meg opp til med telnet og gi kommandoer til roboten
-(act, forward, right, left, etc).  Det involverte i praksis å bytte ut
-socket()/connect() med socket()/bind()/listen()/accept() for å gjøre
-klienten om til en tjener.&lt;/p&gt;
+&lt;pre&gt;
+/*
+ * Some tests to check the file system sematics.  Used to verify that
+ * CIFS from a windows server do not work properly as a linux home
+ * directory.
+ * License: GPL v2 or later
+ * 
+ * needs libsqlite3-dev and build-essential installed
+ * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
+*/

 
 

-&lt;p&gt;Mens jeg har forsøkt å få roboten til å bevege seg har min samboer
-skrudd sammen resten av roboten for å få montert kamera og plastpynten
-(armer, plastfiber for lys).  Nå er det hele montert, og roboten er
-klar til bruk.  Må få flyttet den over til mitt vanlige trådløsnett
-før det blir praktisk, men de bitene av protokollen er ikke
-implementert i ispykee-daemonen, så der må jeg enten få tak i en mac
-eller en windows-maskin, eller implementere det selv.&lt;/p&gt;
+#define _FILE_OFFSET_BITS 64
+#define _LARGEFILE_SOURCE 1
+#define _LARGEFILE64_SOURCE 1

 
 

-&lt;p&gt;Vi var tre som kjøpte slike roboter, og vi har blitt enige om å
-samle notater og referanser på &lt;a
-href=&quot;http://wiki.nuug.no/grupper/robot/&quot;&gt;NUUGs wiki&lt;/a&gt;.  Ta en titt
-der hvis du er nysgjerrig.&lt;/p&gt;
-</description>
-       </item>
-       
-       <item>
-               <title>Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge</title>
-               <link>http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html</guid>
-                <pubDate>Mon, 23 Aug 2010 19:30:00 +0200</pubDate>
-               <description>
-&lt;p&gt;I Norge pågår en prosess for å
-&lt;a href=&quot;http://www.e-valg.dep.no/&quot;&gt;innføre elektronisk
-stemmegiving&lt;/a&gt; ved kommune- og stortingsvalg.  Dette skal
-introduseres i 2011.  Det er all grunn til å tro at valg i Norge ikke
-vil være til å stole på hvis dette blir gjennomført.  Da det hele var
-oppe til høring i 2006 forfattet jeg
-&lt;a href=&quot;http://www.nuug.no/dokumenter/valg-horing-2006-09.pdf&quot;&gt;en
-høringsuttalelse fra NUUG&lt;/a&gt; (og EFN som hengte seg på) som skisserte
-hvilke punkter som må oppfylles for at en skal kunne stole på et valg,
-og elektronisk stemmegiving mangler flere av disse.  Elektronisk
-stemmegiving er for alle praktiske formål å putte ens stemme i en sort
-boks under andres kontroll, og satse på at de som har kontroll med
-boksen er til å stole på - uten at en har mulighet til å verifisere
-dette selv.  Det er ikke slik en gjennomfører demokratiske valg.&lt;/p&gt;
+#define _GNU_SOURCE /* for asprintf() */
+
+#include &amp;lt;errno.h&gt;
+#include &amp;lt;fcntl.h&gt;
+#include &amp;lt;stdio.h&gt;
+#include &amp;lt;string.h&gt;
+#include &amp;lt;stdlib.h&gt;
+#include &amp;lt;sys/file.h&gt;
+#include &amp;lt;sys/stat.h&gt;
+#include &amp;lt;sys/types.h&gt;
+#include &amp;lt;unistd.h&gt;
+
+#ifdef TEST_SQLITE
+/*
+ * Test sqlite open, as done by gcompris require the libsqlite3-dev
+ * package and linking with -lsqlite3.  A more low level test is
+ * below.
+ * See also &amp;lt;URL: http://www.sqlite.org./faq.html#q5 &gt;.
+ */
+#include &amp;lt;sqlite3.h&gt;
+#define CREATE_TABLE_USERS                                              \
+  &quot;CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); &quot;
+int test_sqlite_open(void) {
+  char *zErrMsg;
+  char *name = &quot;testsqlite.db&quot;;
+  sqlite3 *db=NULL;
+  unlink(name);
+  int rc = sqlite3_open(name, &amp;db);
+  if( rc ){
+    printf(&quot;error: sqlite open of %s failed: %s\n&quot;, name, sqlite3_errmsg(db));
+    sqlite3_close(db);
+    return -1;
+  }
+
+  /* create tables */
+  rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL,  0, &amp;zErrMsg);
+  if( rc != SQLITE_OK ){
+    printf(&quot;error: sqlite table create failed: %s\n&quot;, zErrMsg);
+    sqlite3_close(db);
+    return -1;
+  }
+  printf(&quot;info: sqlite worked\n&quot;);
+  sqlite3_close(db);
+  return 0;
+}
+#endif /* TEST_SQLITE */
+
+/*
+ * Demonstrate locking issue found in gcompris using sqlite3.  This
+ * work with ext3, but not with cifs server on Windows 2003.  This is
+ * done in the sqlite3 library.
+ * See also
+ * &amp;lt;URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html&gt; and the
+ * POSIX specification
+ * &amp;lt;URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html&gt;.
+ */
+int test_gcompris_locking(void) {
+  struct flock fl;
+  char *name = &quot;testsqlite.db&quot;;
+  unlink(name);
+  int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
+  printf(&quot;info: testing fcntl locking\n&quot;);
+
+  fl.l_whence = SEEK_SET;
+  fl.l_pid    = getpid();
+  printf(&quot;  Read-locking 1 byte from 1073741824&quot;);
+  fl.l_start  = 1073741824;
+  fl.l_len    = 1;
+  fl.l_type   = F_RDLCK;
+  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
+
+  printf(&quot;  Read-locking 510 byte from 1073741826&quot;);
+  fl.l_start  = 1073741826;
+  fl.l_len    = 510;
+  fl.l_type   = F_RDLCK;
+  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);

 
 

-&lt;p&gt;Da problemet er fundamentalt med hvordan elektronisk stemmegiving
-må fungere for at også ikke-krypografer skal kunne delta, har det vært
-mange rapporter om hvordan elektronisk stemmegiving har sviktet i land
-etter land.  En
-&lt;a href=&quot;http://wiki.nuug.no/uttalelser/2006-elektronisk-stemmegiving&quot;&gt;liten
-samling referanser&lt;/a&gt; finnes på NUUGs wiki.  Den siste er fra India,
-der valgkomisjonen har valgt
-&lt;a href=&quot;http://www.freedom-to-tinker.com/blog/jhalderm/electronic-voting-researcher-arrested-over-anonymous-source&quot;&gt;å
-pusse politiet på en forsker&lt;/a&gt; som har dokumentert svakheter i
-valgsystemet.&lt;/p&gt;
+  printf(&quot;  Unlocking 1 byte from 1073741824&quot;);
+  fl.l_start  = 1073741824;
+  fl.l_len    = 1;
+  fl.l_type   = F_UNLCK;
+  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);

 
 

-&lt;p&gt;Her i Norge har en valgt en annen tilnærming, der en forsøker seg
-med teknobabbel for å få befolkningen til å tro at dette skal bli
-sikkert.  Husk, elektronisk stemmegiving underminerer de demokratiske
-valgene i Norge, og bør ikke innføres.&lt;/p&gt;
+  printf(&quot;  Write-locking 1 byte from 1073741824&quot;);
+  fl.l_start  = 1073741824;
+  fl.l_len    = 1;
+  fl.l_type   = F_WRLCK;
+  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);

 
 

-&lt;p&gt;Den offentlige diskusjonen blir litt vanskelig av at media har
-valgt å kalle dette &quot;evalg&quot;, som kan sies å både gjelde elektronisk
-opptelling av valget som Norge har gjort siden 60-tallet og som er en
-svært god ide, og elektronisk opptelling som er en svært dårlig ide.
-Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller
-mot &quot;evalg&quot;, og jeg forsøker derfor å være klar på at jeg snakker om
-elektronisk stemmegiving og unngå begrepet &quot;evalg&quot;.&lt;/p&gt;
-</description>
-       </item>
-       
-       <item>
-               <title>Broken umask handling with sshfs</title>
-               <link>http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html</link>        
-               <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html</guid>
-                <pubDate>Thu, 26 Aug 2010 13:30:00 +0200</pubDate>
-               <description>
-&lt;p&gt;My file system sematics program
-&lt;a href=&quot;http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html&quot;&gt;presented
-a few days ago&lt;/a&gt; is very useful to verify that a file system can
-work as a unix home directory,and today I had to extend it a bit.  I&#39;m
-looking into alternatives for home directory access here at the
-University of Oslo, and one of the options is sshfs.  My friend
-Finn-Arne mentioned a while back that they had used sshfs with Debian
-Edu, but stopped because of problems.  I asked today what the problems
-where, and he mentioned that sshfs failed to handle umask properly.
-Trying to detect the problem I wrote this addition to my fs testing
-script:&lt;/p&gt;
+  printf(&quot;  Write-locking 510 byte from 1073741826&quot;);
+  fl.l_start  = 1073741826;
+  fl.l_len    = 510;
+  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);

 
 

-&lt;pre&gt;
-mode_t touch_get_mode(const char *name, mode_t mode) {
-  mode_t retval = 0;
-  int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, mode);
-  if (-1 != fd) {
-    unlink(name);
-    struct stat statbuf;
-    if (-1 != fstat(fd, &amp;statbuf)) {
-      retval = statbuf.st_mode &amp; 0x1ff;
-    }
-    close(fd);
-  }
-  return retval;
-}
+  printf(&quot;  Unlocking 2 byte from 1073741824&quot;);
+  fl.l_start  = 1073741824;
+  fl.l_len    = 2;
+  fl.l_type   = F_UNLCK;
+  if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);

 
 

-/* Try to detect problem discovered using sshfs */
-int test_umask(void) {
-  printf(&quot;info: testing umask effect on file creation\n&quot;);
+  close(fd);
+  return 0;
+}

 
 

-  mode_t orig_umask = umask(000);
-  mode_t newmode;
-  if (0666 != (newmode = touch_get_mode(&quot;foobar&quot;, 0666))) {
-    printf(&quot;  error: Wrong file mode %o when creating using mode 666 and umask 000\n&quot;,
-           newmode);
-  }
-  umask(007);
-  if (0660 != (newmode = touch_get_mode(&quot;foobar&quot;, 0666))) {
-    printf(&quot;  error: Wrong file mode %o when creating using mode 666 and umask 007\n&quot;,
-           newmode);
+/*
+ * Test if permissions of freshly created directories allow entries
+ * below them.  This was a problem with OpenOffice.org and gcompris.
+ * Mounting with option &#39;sync&#39; seem to solve this problem while
+ * slowing down file operations.
+ */
+int test_subdirectory_creation(void) {
+#define LEVELS 5
+  char *path = strdup(&quot;test&quot;);
+  char *dirs[LEVELS];
+  int level;
+  printf(&quot;info: testing subdirectory creation\n&quot;);
+  for (level = 0; level &amp;lt; LEVELS; level++) {
+    char *newpath = NULL;
+    if (-1 == mkdir(path, 0777)) {
+      printf(&quot;  error: Unable to create directory &#39;%s&#39;: %s\n&quot;,
+            path, strerror(errno));
+      break;
+    }
+    asprintf(&amp;newpath, &quot;%s/%s&quot;, path, &quot;test&quot;);
+    free(path);
+    path = newpath;

   }
   }

+  return 0;
+}

 
 

-  umask (orig_umask);
+/*
+ * Test if symlinks can be created.  This was a problem detected with
+ * KDE.
+ */
+int test_symlinks(void) {
+  printf(&quot;info: testing symlink creation\n&quot;);
+  unlink(&quot;symlink&quot;);
+  if (-1 == symlink(&quot;file&quot;, &quot;symlink&quot;))
+    printf(&quot;  error: Unable to create symlink\n&quot;);

   return 0;
 }
 
 int main(int argc, char **argv) {
   return 0;
 }
 
 int main(int argc, char **argv) {

-  [...]
-  test_umask();
+  printf(&quot;Testing POSIX/Unix sematics on file system\n&quot;);
+  test_symlinks();
+  test_subdirectory_creation();
+#ifdef TEST_SQLITE
+  test_sqlite_open();
+#endif /* TEST_SQLITE */
+  test_gcompris_locking();

   return 0;
 }
 &lt;/pre&gt;
 
   return 0;
 }
 &lt;/pre&gt;
 

-&lt;p&gt;Sure enough.  On NFS to a netapp, I get this result:&lt;/p&gt;
+&lt;p&gt;When everything is working, it should print something like
+this:&lt;/p&gt;

 
 &lt;pre&gt;
 Testing POSIX/Unix sematics on file system
 info: testing symlink creation
 info: testing subdirectory creation
 
 &lt;pre&gt;
 Testing POSIX/Unix sematics on file system
 info: testing symlink creation
 info: testing subdirectory creation

+info: sqlite worked

 info: testing fcntl locking
   Read-locking 1 byte from 1073741824
   Read-locking 510 byte from 1073741826
 info: testing fcntl locking
   Read-locking 1 byte from 1073741824
   Read-locking 510 byte from 1073741826


@@ -671,31 +695,120 @@ info: testing fcntl locking
   Write-locking 1 byte from 1073741824
   Write-locking 510 byte from 1073741826
   Unlocking 2 byte from 1073741824
   Write-locking 1 byte from 1073741824
   Write-locking 510 byte from 1073741826
   Unlocking 2 byte from 1073741824

-info: testing umask effect on file creation

 &lt;/pre&gt;
 
 &lt;/pre&gt;
 

-&lt;p&gt;When mounting the same directory using sshfs, I get this
-result:&lt;/p&gt;
+&lt;p&gt;I do not remember the exact details of the problems we saw, but one
+of them was with locking, where if I remember correctly, POSIX allow a
+read-only lock to be upgraded to a read-write lock without unlocking
+the read-only lock (while Windows do not).  Another was a bug in the
+CIFS/SMB client implementation in the Linux kernel where directory
+meta information would be wrong for a fraction of a second, making
+OpenOffice.org fail to create its deep directory tree because it was
+not allowed to create files in its freshly created directory.&lt;/p&gt;

 
 

-&lt;pre&gt;
-Testing POSIX/Unix sematics on file system
-info: testing symlink creation
-info: testing subdirectory creation
-info: testing fcntl locking
-  Read-locking 1 byte from 1073741824
-  Read-locking 510 byte from 1073741826
-  Unlocking 1 byte from 1073741824
-  Write-locking 1 byte from 1073741824
-  Write-locking 510 byte from 1073741826
-  Unlocking 2 byte from 1073741824
-info: testing umask effect on file creation
-  error: Wrong file mode 644 when creating using mode 666 and umask 000
-  error: Wrong file mode 640 when creating using mode 666 and umask 007
-&lt;/pre&gt;
+&lt;p&gt;Anyway, here is a nice tool for your tool box, might you never need
+it. :)&lt;/p&gt;

 
 

-&lt;p&gt;So, I can conclude that sshfs is better than smb to a Netapp or a
-Windows server, but not good enough to be used as a home
-directory.&lt;/p&gt;
+&lt;p&gt;Update 2010-08-27: Michael Gebetsroither report that he found the
+script so useful that he created a GIT repository and stored it in
+&lt;a href=&quot;http://github.com/gebi/fs-test&quot;&gt;http://github.com/gebi/fs-test&lt;/a&gt;.&lt;/p&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>Autodetecting Client setup for roaming workstations in Debian Edu</title>
+               <link>http://www.hungry.com/~pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</guid>
+                <pubDate>Sat, 7 Aug 2010 14:45:00 +0200</pubDate>
+               <description>&lt;p&gt;A few days ago, I
+&lt;a href=&quot;https://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html&quot;&gt;tried
+to install&lt;/a&gt; a Roaming workation profile from Debian Edu/Squeeze
+while on the university network here at the University of Oslo, and
+noticed how much had to change to get it operational using the
+university infrastructure.  It was fairly easy, but it occured to me
+that Debian Edu would improve a lot if I could get the client to
+connect without any changes at all, and thus let the client configure
+itself during installation and first boot to use the infrastructure
+around it.  Now I am a huge step further along that road.&lt;/p&gt;
+
+&lt;p&gt;With our current squeeze-test packages, I can select the roaming
+workstation profile and get a working laptop connecting to the
+university LDAP server for user and group and our active directory
+servers for Kerberos authentication.  All this without any
+configuration at all during installation.  My users home directory got
+a bookmark in the KDE menu to mount it via SMB, with the correct URL.
+In short, openldap and sssd is correctly configured.  In addition to
+this, the client look for http://wpad/wpad.dat to configure a web
+proxy, and when it fail to find it no proxy settings are stored in
+/etc/environment and /etc/apt/apt.conf.  Iceweasel and KDE is
+configured to look for the same wpad configuration and also do not use
+a proxy when at the university network.  If the machine is moved to a
+network with such wpad setup, it would automatically use it when DHCP
+gave it a IP address.&lt;/p&gt;
+
+&lt;p&gt;The LDAP server is located using DNS, by first looking for the DNS
+entry ldap.$domain.  If this do not exist, it look for the
+_ldap._tcp.$domain SRV records and use the first one as the LDAP
+server.  Next, it connects to the LDAP server and search all
+namingContexts entries for posixAccount or posixGroup objects, and
+pick the first one as the LDAP base.  For Kerberos, a similar
+algorithm is used to locate the LDAP server, and the realm is the
+uppercase version of $domain.&lt;/p&gt;
+
+&lt;p&gt;So, what is not working, you might ask.  SMB mounting my home
+directory do not work.  No idea why, but suspected the incorrect
+Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
+the cause.  These are not properly configured during installation, and
+had to be hand-edited to get the correct Kerberos realm and server,
+but SMB mounting still do not work. :(&lt;/p&gt;
+
+&lt;p&gt;With this automatic configuration in place, I expect a Debian Edu
+roaming profile installation would be able to automatically detect and
+connect to any site using LDAP and Kerberos for NSS directory and PAM
+authentication.  It should also work out of the box in a Active
+Directory environment providing posixAccount and posixGroup objects
+with UID and GID values.&lt;/p&gt;
+
+&lt;p&gt;If you want to help out with implementing these things for Debian
+Edu, please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
+</description>
+       </item>
+       
+       <item>
+               <title>Debian Edu roaming workstation - at the university of Oslo</title>
+               <link>http://www.hungry.com/~pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html</link>        
+               <guid isPermaLink="true">http://www.hungry.com/~pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html</guid>
+                <pubDate>Tue, 3 Aug 2010 23:30:00 +0200</pubDate>
+               <description>&lt;p&gt;The new roaming workstation profile in Debian Edu/Squeeze is fairly
+similar to the laptop setup am I working on using Ubuntu for the
+University of Oslo, and just for the heck of it, I tested today how
+hard it would be to integrate that profile into the university
+infrastructure.  In this case, it is the university LDAP server,
+Active Directory Kerberos server and SMB mounting from the Netapp file
+servers.&lt;/p&gt;
+
+&lt;p&gt;I was pleasantly surprised that the only three files needed to be
+changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
+/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
+(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
+Most of the changes were to get the client to use the university LDAP
+for NSS and Kerberos server for PAM, but one was to change a hard
+coded DNS domain name in the mklocaluser hook from .intern to
+.uio.no.&lt;/p&gt;
+
+&lt;p&gt;This testing was so encouraging, that I went ahead and adjusted the
+Debian Edu scripts and setup in subversion to centralise the roaming
+workstation setup a bit more and avoid the hardcoded DNS domain name,
+so that when I test this tomorrow, I expect to get away with modifying
+only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
+university servers.&lt;/p&gt;
+
+&lt;p&gt;My goal is to get the clients to have no hardcoded settings and
+fetch all their initial setup during installation and first boot, to
+allow them to be inserted also into environments where the default
+setup in Debian Edu has been changed or as with the university, where
+the environment is different but provides the protocols Debian Edu
+uses.&lt;/p&gt;

 </description>
        </item>
        
 </description>
        </item>