- <title>Debian Edu interview: Nigel Barker</title>
- <link>http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Nigel_Barker.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_interview__Nigel_Barker.html</guid>
- <pubDate>Fri, 9 Mar 2012 11:30:00 +0100</pubDate>
- <description><p>Inspired by <a href="http://raphaelhertzog.com/tag/interview/">the
-interview series</a> conducted by Raphael, I started a Norwegian
-interview series with people involved in the Debian Edu / Skolelinux
-community. This was so popular that I believe it is time to move to a
-more international audience.</p>
-
-<p>While <a href="http://www.skolelinux.org/">Debian Edu and
-Skolelinux</a> originated in France and Norway, and have most users in
-Europe, there are users all around the globe. One of those far away
-from me is Nigel Barker, a long time Debian Edu system administrator
-and contributor. It is thanks to him that Debian Edu is adjusted to
-work out of the box in Japan. I got him to answer a few questions,
-and am happy to share the response with you. :)
-
-
-<p><strong>Who are you, and how do you spend your days?</strong></p>
-
-<p>My name is Nigel Barker, and I am British. I am married to Yumiko,
-and we have three lovely children, aged 15, 14 and 4(!) I am the IT
-Coordinator at Hiroshima International School, Japan. I am also a
-teacher, and in fact I spend most of my day teaching Mathematics,
-Science, IT, and Chemistry. I was originally a Chemistry teacher, but
-I have always had an interest in computers. Another teacher teaches
-primary school IT, but apart from that I am the only computer person,
-so that means I am the network manager, technician and webmaster,
-also, and I help people with their computer problems. I teach python
-to beginners in an after-school club. I am way too busy, so I really
-appreciate the simplicity of Skolelinux.</p>
-
-<p><strong>How did you get in contact with the Skolelinux/Debian Edu
-project?</strong></p>
-
-<p>In around 2004 or 5 I discovered the ltsp project, and set up a
-server in the IT lab. I wanted some way to connect it to our central
-samba server, which I was also quite poor at configuring. I discovered
-Edubuntu when it came out, but it didn't really improve my setup. I
-did various desperate searches for things like "school Linux server"
-and ended up in a document called "Drift" something or other. Reading
-there it became clear that Skolelinux was going to solve all my
-problems in one go. I was very excited, but apprehensive, because my
-previous attempts to install Debian had ended in failure (I used
-Mandrake for everything - ltsp, samba, apache, mail, ns...). I
-downloaded a beta version, had some problems, so subscribed to the
-Debian Edu list for help. I have remained subscribed ever since, and
-my school has run a Skolelinux network since Sarge.</p>
-
-<p><strong>What do you see as the advantages of Skolelinux/Debian
-Edu?</strong></p>
-
-<p>For me the integrated setup. This is not just the server, or the
-workstation, or the ltsp. Its all of them, and its all configured
-ready to go. I read somewhere in the early documentation that it is
-designed to be setup and managed by the Maths or Science teacher, who
-doesn't necessarily know much about computers, in a small Norwegian
-school. That describes me perfectly if you replace Norway with
-Japan.</p>
-
-<p><strong>What do you see as the disadvantages of Skolelinux/Debian
-Edu?</strong></p>
-
-<p>The desktop is fairly plain. If you compare it with Edubuntu, who
-have fun themes for children, or with distributions such as Mint, who
-make the desktop beautiful. They create a good impression on people
-who don't need to understand how to use any of it, but who might be
-important to the school. School administrators or directors, for
-instance, or parents. Even kids. Debian itself usually has ugly
-default theme settings. It was my dream a few years back that some
-kind of integration would allow Edubuntu to do the desktop stuff and
-Debian Edu the servers, but now I realise how impossible that is. A
-second disadvantage is that if something goes wrong, or you need to
-customise something, then suddenly the level of expertise required
-multiplies. For example, backup wasn't working properly in Lenny. It
-took me ages to learn how to set up my own server to do rsync backups.
-I am afraid of anything to do with ldap, but perhaps Gosa will
-help.</p>
-
-<p><strong>Which free software do you use daily?</strong></p>
-
-<p>Nowadays I only use Debian on my personal computers. I have one for
-studio work (I play guitar and write songs), running AV Linux
-(customised Debian) a netbook running Squeeze, and a bigger laptop
-still running Skolelinux Lenny workstation. I have a Tjener in my
-house, that's very useful for the family photos and music. At school
-the students only use Skolelinux. (Some teachers and the office still
-have windows). So that means we only use free software all day every
-day. Open office, The GIMP, Firefox/Iceweasel, VLC and Audacity are
-installed on every computer in school, irrespective of OS. We also
-have Koha on Debian for the library, and Apache, Moodle, b2evolution
-and Etomite on Debian for the www. The firewall is Untangle.</p>
-
-<p><strong>Which strategy do you believe is the right one to use to
-get schools to use free software?</strong></p>
-
-<p>Current trends are in our favour. Open source is big in industry,
-and ordinary people have heard of it. The spread of Android and the
-popularity of Apple have helped to weaken the impression that you have
-to have Microsoft on everything. People complain to me much less about
-file formats and Word than they did 5 years ago. The Edu aspect is
-also a selling point. This is all customised for schools. Where is the
-Windows-edu, or the Mac-edu? But of course the main attraction is
-budget.The trick is to convince people that the quality is not
-compromised when you stop paying and use free software instead. That
-is one reason why I say the desktop experience is a weakness. People
-are not impressed when their USB drive doesn't work, or their browser
-doesn't play flash, for example.</p>
+ <title>Debian Edu - some ideas for the future versions</title>
+ <link>http://people.skolelinux.org/pere/blog/Debian_Edu___some_ideas_for_the_future_versions.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu___some_ideas_for_the_future_versions.html</guid>
+ <pubDate>Mon, 11 Jun 2012 14:30:00 +0200</pubDate>
+ <description><p>During my work on
+<a href="http://www.debian.org/News/2012/20120311.nb.html">Debian Edu
+based on Squeeze</a>, I came across some issues that should be
+addressed in the Wheezy release. I finally found time to wrap up my
+notes and provide quick summary of what I found, with a bit
+explanation.</p>
+
+<p><ul>
+
+<li>We need to rewrite our package installation framework, as tasksel
+changed from using tasksel tasks to using meta packages (aka packages
+with dependencies like our education-* packages), and our installation
+system depend on tasksel tasks in
+/usr/share/tasksel/debian-edu-tasks.desc for package
+installation.</li>
+
+<li>Enable Kerberos login for more services. Now with the Kerberos
+foundation in place, we should use it to get single sign on with more
+services, and avoiding unneeded password / login questions. We should
+at least try to enable it for these services:
+<ul>
+
+ <li>CUPS for admins to add/configure printers and users when using
+ quotas.</li>
+ <li>Nagios for admins checking the system status.</li>
+ <li>GOsa for admins updating LDAP and users changing their passwords.</li>
+ <li>LDAP for admins updating LDAP.</li>
+ <li>Squid for users when exam mode / filtering is active.</li>
+ <li>ssh for admins and users to save a password prompt.</li>
+
+</ul></li>
+
+<li>When we move GOsa to use Kerberos instead of LDAP bind to
+authenticate users, we should try to block or at least limit access to
+use LDAP bind for authentication, to ensure Kerberos is used when it
+is intended, and nothing fall back to using the less safe LDAP bind</li>
+
+<li>Merge debian-edu-config and debian-edu-install. The split made
+sense when d-e-install did a lot more, but these days it is just an
+inconvenience when we update the debconf preseeding values.</li>
+
+<li>Fix partman-auto to allow us to abort the installation before
+touching the disk if the disk is too small. This is
+<a href="http://bugs.debian.org/653305">BTS report #653305</a> and the
+d-i developers are fine with the patch and someone just need to apply
+it and upload. After this is done we need to adjust
+debian-edu-install to use this new hook.</li>
+
+<li>Adjust to new LTSP framework (boot time config instead of install
+time config). LTSP changed its design, and our hooks to install
+packages and update the configuration is most likely not going to work
+in Wheezy.
+
+<li>Consider switching to NBD instead of NFS for LTSP root, to allow
+the Kernel to cache files in its normal file cache, possibly speeding
+up KDE login on slow networks.</li>
+
+<li>Make it possible to create expired user passwords that need to
+change on first login. This is useful when handing out password on
+paper, to make sure only the user know the password. This require
+fixes to the PAM handling of kdm and gdm.</li>
+
+<li>Make GUI for adding new machines automatically from sitesummary.
+The current command line script is not very friendly to people most
+familiar with GUIs. This should probably be integrated into GOsa to
+have it available where the admin will be looking for it..</li>
+
+<li>We should find way for Nagios to check that the DHCP service
+actually is working (as in handling out IP addresses). None of the
+Nagios checks I have found so far have been working for me.</li>
+
+<li>We should switch from libpam-nss-ldapd to sssd for all profiles
+using LDAP, and not only on for roaming workstations, to have less
+packages to configure and consistent setup across all profiles.</li>
+
+<li>We should configure Kerberos to update LDAP and Samba password
+when changing password using the Kerberos protocol. The hook was
+requested in <a href="http://bugs.debian.org/588968">BTS report
+#588968</a> and is now available in Wheezy. We might need to write a
+MIT Kerberos plugin in C to get this.</li>
+
+<li>We should clean up the set of applications installed by default.
+<ul>
+
+<li>reduce the number of chemistry visualisers</li>
+<li>consider dropping xpaint</li>
+<li>and probably more?</li>
+</ul></li>
+
+<li>Some hardware need external firmware to work properly. This is
+mostly the case for WiFi network cards, but there are some other
+examples too. For popular laptops to work out of the box, such
+firmware need to be installed from non-free, and we should provide
+some GUI to do this. Ubuntu already have this implemented, and we
+could consider using their packages. At the moment we have some
+command line script to do this (one for the running system, another
+for the LTSP chroot).</li>
+
+
+<li>In Squeeze, we provide KDE, Gnome and LXDE as desktop options. We
+should extend the list to Xfce and Sugar, and preferably find a way to
+install several and allow the admin or the user to select which one to
+use.</li>
+
+<li>The golearn tool from the goplay package make it easy to check out
+interesting educational packages. We should work on the package
+tagging in Debian to ensure it represent all the useful educational
+packages, and extend the tool to allow it to use packagekit to install
+new applications with a simple mouse click.</li>
+
+<li>The Squeeze version got half a exam solution already in place,
+with the introduction of iptable based network blocking, but for it to
+be a complete exam solution the Squid proxy need to enable
+filtering/blocking as well when the exam mode is enabled. We should
+implement a way to easily enable this for the schools that want it,
+instead of the "it is documented" method of today.</li>
+
+<li>A feature used in several schools is the ability for a teacher to
+"take over" the desktop of individual or all computers in the room.
+There are at least three implementations,
+<a href="italc.sourceforge.net/">italc</a>,
+<a href="http://www.itais.net/help/en/">controlaula</a> og
+<a href="http://www.epoptes.org/">epoptes</a> and we should pick one of
+them and make it trivial to set it up in a school. The challenges is
+how to distribute crypto keys and how to group computers in one room
+and how to set up which machine/user can control the machines in a
+given room.</li>
+
+<li>Tablets and surf boards are getting more and more popular, and we
+should look into providing a good solution for integrating these into
+the Debian Edu network. Not quite sure how. Perhaps we should
+provide a installation profile with better touch screen support for
+them, or add some sync services to allow them to exchange
+configuration and data with the central server. This should be
+investigated.</li>
+
+</ul></p>
+
+<p>I guess we will discover more as we continue to work on the Wheezy
+version.</p>
projects / homepage.git / blobdiff