<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
<item>
- <title>One step closer to single signon in Debian Edu</title>
- <link>http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html</guid>
- <pubDate>Sun, 25 Jul 2010 10:00:00 +0200</pubDate>
+ <title>Hvordan kringkaster T-banen i Oslo sine overvåkningskamerasignaler?</title>
+ <link>http://people.skolelinux.org/pere/blog/Hvordan_kringkaster_T_banen_i_Oslo_sine_overv__kningskamerasignaler_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Hvordan_kringkaster_T_banen_i_Oslo_sine_overv__kningskamerasignaler_.html</guid>
+ <pubDate>Wed, 5 Jan 2011 18:30:00 +0100</pubDate>
<description>
-<p>The last few months me and the other Debian Edu developers have
-been working hard to get the Debian/Squeeze based version of Debian
-Edu/Skolelinux into shape. This future version will use Kerberos for
-authentication, and services are slowly migrated to single sign,
-getting rid of password questions one at the time.</p>
-
-<p>It will also feature a roaming workstation profile with local home
-directory, for laptops that are only some times on the Skolelinux
-network, and for this profile a shortcut is created in Gnome and KDE
-to gain access to the users home directory on the file server. This
-shortcut uses SMB at the moment, and yesterday I had time to test if
-SMB mounting had started working in KDE after we added the cifs-utils
-package. I was pleasantly surprised how well it worked.</p>
-
-<p>Thanks to the recent changes to our samba configuration to get it
-to use Kerberos for authentication, there were no question about user
-password when mounting the SMB volume. A simple click on the shortcut
-in the KDE menu, and a window with the home directory popped
-up. :)</p>
-
-<p>One step closer to a single signon solution out of the box in
-Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now
-also Samba. Next step is Cups and hopefully also NFS.</p>
-
-<p>We had planned a alpha0 release of Debian Edu for today, but thanks
-to the autobuilder administrators for some architectures being slow to
-sign packages, we are still missing the fixed LTSP package we need for
-the release. It was uploaded three days ago with urgency=high, and if
-it had entered testing yesterday we would have been able to test it in
-time for a alpha0 release today. As the binaries for ia64 and powerpc
-still not uploaded to the Debian archive, we need to delay the alpha
-release another day.</p>
-
-<p>If you want to help out with implementing Kerberos for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>Jeg er den fornøyde eier av en håndholdt trådløs kamerascanner,
+dvs. en radioscanner som automatisk scanner frekvensområdet 900 - 2500
+MHz og snapper opp radiokilder med PAL eller NTCS TV-signal og viser
+signalet frem på en liten skjerm. Veldig morsom å ha med seg for å se
+hva som finnes av trådløse overvåkningskamera. En får se bildet som
+kameraet tar opp. :)</p>
+
+<p>Men en kilde har den ikke klart å snappe opp: Sporveiens
+overvåkningskamera på T-banestasjonene. Bildet sendes åpenbart
+trådløst til T-baneføreren, men min scanner har ikke klart å ta inn
+signalet. For å forsøke å finne ut av dette tok jeg i dag en nærmere
+titt på en av boksene som sto på Forskningsparken T-banestasjon for å
+se hva det er som sendes ut.</p>
+
+<p>Boksen hadde følgende tekst:</p>
+
+<blockquote><pre>
+SupraLink
+Outdoor Transmitter 5.8 GHz
+
+default channel [ ]
+ identity code [ ]
+
+VTQ Videotronik
+06268 Querfurt
+<a href="http://www.vtq.de/">www.vtq.de</a>
+Made in Germany
+
+AC 230V [strekkode]
+max 10W 84230936
+</pre></blockquote>
+
+<p>Det var hyggelig av produsenten å legge inn lenke til nettsiden
+sin. Der hadde de mye stilig elektronikk. Og forklaringen på hvorfor
+min scanner ikke tar inn signalet er åpenbar ut fra merkelappen. 5.8
+GHz er langt over min scanners grense på 2.5 GHz. Trenger visst en
+kraftigere scanner. :)</p>
+</description>
+ </item>
+
+ <item>
+ <title>Inspirerende fra en ukjent Skolelinux-skole</title>
+ <link>http://people.skolelinux.org/pere/blog/Inspirerende_fra_en_ukjent_Skolelinux_skole.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Inspirerende_fra_en_ukjent_Skolelinux_skole.html</guid>
+ <pubDate>Tue, 4 Jan 2011 07:50:00 +0100</pubDate>
+ <description>
+<p>Følgende inspirerende historie fant jeg i
+<a href="http://www.digi.no/php/ny_debatt.php?id=858869#innlegg_770926">kommentarfeltet
+hos digi.no</a> i forbindelse med en trist sak om hvordan
+<a href="http://www.digi.no/858869/datakaos-etter-linux-satsing">skolen
+i Hemsedal har fått ødelagt</a> sin Skolelinux-installasjon. Jeg har
+fikset endel åpenbare skrivefeil for lesbarhetens skyld.</p>
+
+<blockquote>
+<p><strong>Lignende situasjon i annen kommune, se bare her:</strong>
+<br>av Inspektør Siri (gjest)
+
+<p>Kommunen min har to omtrent jevnstore tettsteder, og en
+ungdomsskole i hvert av tettstedene. Den minste av disse har ca 300
+elever og til denne sogner det 3 barneskoler. Den største har ca 350
+elever og til denne sogner det 4 barneskoler.</p>
+
+<ul>
+
+<li>Kommunen har i veldig lang tid forsømt IKT i skolen, og det har
+bare blitt gitt smuler i ny og ne. Det er kun den største av
+ungdomsskolene som har hatt en skikkelig datapark, og dette takket
+være en naturfaglærer som ble lei av å vente på kommunen. Det gjorde
+at vi bestemte oss for å ta ting i egne hender, og da vha
+skolelinux. En testinstallasjon med 10 gamle PCer ble gjort, og vi så
+raskt at dette var veldig lovende. Neste etappe var å gi alle lærere
+egen PC på arbeidsplassene sine (2004), og så sette opp 16 PCer på to
+datarom. Vi har kun basert oss på å kjøpe inn brukte maskiner, og
+aldri dyrere enn 1000 kr pr klient. For to år siden så hadde vi
+klienter i alle klasserom, og totalt hadde vi da rundt 250 stk. Rundt
+40 klienter brukes av lærerne og kjører på en egen server. Elvene har
+resten, og kjører også en egen server. Servere har vi også kjøpt
+brukt, 2 år gamle servere koster 6-7000 kroner.</li>
+
+<li>Skolen vår er et relativt gammelt bygg, men en meget dyktig
+vaktmester har sammen med IKT-ansvarlig/Naturfaglærer lagt kabler til alle
+rom. Gradvis har vi byttet ut billige svitsjer med mer solide saker
+som er mulig å fjernstyre.</li>
+
+<li>Vi har i all hovedsak greid å få dette til over eget budsjett, men
+vi har også passet på å få penger når de andre skolene har fått
+bærbare PCer til lærere osv.</li>
+
+<li>Vår IKT-ansvarlig har gjort (og gjør) en fenomenal jobb, og vi har
+en maskinpark som de andre av kommunens skoler bare kan drømme
+om.</li>
+
+</ul>
+
+<p>Så skjer det som ofte skjer. Det kommer en eller annen
+selger/blåruss og skal fikse ALT. I vårt tilfelle betyr dette også
+sentralisering av drift. Den ny-ansatte på kommunens IT-avdelingen
+skal også ha jobb, og ser for seg å ta over skoledriften. Kommunen
+kjøper inn eksterne driftstjenester, og nekter i samme slengen å ta
+hensyn til skolen vår. Dette til tross for at vi alene har like mange
+datamaskiner som de andre til sammen. </p>
+
+<ul>
+
+<li>Det blir krevd at vi skal innlemmes i de kommunale systemet, og
+det er VI som får ansvar for at dette kommer på plass. Og det er her
+de horrible tingene begynner å skje. </li>
+
+<li>Det settes opp en lukket Exchange server som gjør av vi ikke kan
+hente epost for våre ansatte. Og det kreves at vi finner løsning på
+dette.</li>
+
+<li>Det velges sak arkivsystem som vi pålegges å bruke, noe som gjør
+at vi må bruke en terminalløsning mot kommunal server. Ikke i seg selv
+et problem i følge IKT-ansvarlig hos oss. Men kommunens IT-avd nektet
+faktisk å åpne de porter OSV som vi måtte bruke.</li>
+
+<li>Vi blir pålagt å flytte på innsiden av det kommunale
+nettverket. Dette gjorde at vi mistet hjemmekontor for lærere og
+elever. Å få åpnet porter i kommunal brannmur var ikke
+aktuelt. Mulighet for fjerndrift ble også vekk i samme slengen. </li>
+
+<li>Vår LMS Moodle er ikke mulig å nå for elevene og lærerne.
+
+</ul>
+
+<p>Den andre ungdomsskolen i kommunen begynner så å kreve at de skal
+få bedre datatetthet, og komme opp på et nivå som ligner det vi
+har. De ser at vi kan avholde eksamen hvor alle 10. klassingene får
+sitte ved hver sin PC. Og de har fått tilbakemelding (klager) fra VGS
+om manglende datakompetanse på elevene som kommer fra dem. Dette fører
+videre til at kommunen endelig innser at de må ta grep. </p>
+
+<p>Grepet betyr sentralisering, og farvel til vår plattform får vi
+høre. Det blir gjort en rekke bestemmelser og vedtak som vi ikke får
+være en del av. Det blir helt klart at vi må redusere antall maskiner,
+og det skal satses på bærbare maskiner. Siden vi ikke har fått tatt
+del i prosessene som angår oss, så bruker vi fagforening. Vi har ikke
+blitt hørt i forbindelse med endringer som er betydelig for vår
+hverdag, og greier å stoppe omlegging. I tillegg så har vi et politisk
+vedtak i kommunen på at vi skal kjøre Linux på elevnett, og dette
+vedtaket kan ikke administrasjonen i kommunene helt uten videre
+tilsidesette. </p>
+
+<p>I sum har dette gjort at vi har fått jobbe videre i fred. Og en del
+runder i kommunens kontrollutvalg har gjort det tydelig at vi har blitt
+systematisk motarbeidet. </p>
+
+<p>I dag har de andre skolene fått sine bærbare maskiner til elever og
+lærere, men etter 2 år med innkjøring er det fremdeles problemer
+her. </p>
+
+<ul>
+
+<li>Ungdomsskolen med windows kan ikke kjøre eksamen med sine bærbare,
+det er for mye arbeid å renske disse for innhold slik at juks ikke er
+mulig.</li>
+
+<li>Utskrift er et mareritt, etter sigende pga at utskrift først
+sendes til sentral server, og så sendes ut til rett skriver. I snitt
+så tar det 7-8 minutter før utskrift starter på enkelte av
+skolene.</li>
+
+<li>Trådløst skaper store problemer, og det er i perioder helt umulig
+å komme seg på nett. Og lagring på felles server er bare å glemme i
+perioder.</li>
+
+</ul>
+
+<p>Vi har slitt mye, kranglet og sloss. Ikke med tekniske problemer,
+men med omgivelsene rundt som vil oss til livs. Men det har vært verdt
+hver dråpe med svette, og timer med irritasjon. Men vi har begynt å få
+rutine her nå. </p>
+
+<ul>
+
+<li>Vi har fremdeles et system som vi styrer helt selv. </li>
+<li>Vi har vist at argumentet med at vår IKT-ansvarlig kan finne seg annen jobb ikke holder mål. Vi har kjøpt driftskonto hos et firma i tilfelle krise, og vi har kjørt opplæring på flere av de yngre lærerne. </li>
+<li>Vi har til enhver tid en lærling IKT driftsfag, og velger selvsagt ut dem som satser på Linux. Vi har nå begynt å få tilbake av våre tidligere elever som vil til oss nettopp fordi vi har Linux.</li>
+<li>Vi har vist at vi greier å opprettholde en dobbelt så stor datapark som naboskolen, og det til en billigere penge. </li>
+<li>Vi har datastøtte og support på huset, ALLTID tilgjengelig. De andre skolene må vente flere dager hvis det ikke er noe kritisk. </li>
+<li>Vår IKT-ansvarlig har 50% stilling som lærer og 50% som IKT-ansvarlig. </li>
+<li>Vi har en lærer på hvert trinn som har 3 timer i uka til å drive support/støtte til de andre lærerne. </li>
+<li>Vi opplever at de yngste lærerne ved den andre ungdomsskolen ønsker seg over til oss. </li>
+
+</ul>
+
+<p>Vi skal i løpet av året starte prosess med å planlegge ny skole, og vi har fått gjennomslag for at jeg (inspektør) og IKT-ansvarlig skal ha det fulle og hele ansvar for IKT/Infrastruktur. Begrunnelsen vår som ble avgjørende her, var at IT-avd i kommunen ikke kan noe om data i skolen. </p>
+
+<p>Beklager hvis dette ble litt usammenhengende, men det ble tastet i
+fei, og jeg har ikke lest gjennom</p>
+</blockquote>
+
+<p>Det kom raskt et lite svar:</p>
+
+<blockquote>
+<p><strong>SV: Lignende situasjon i annen kommune, se bare her:</strong>
+<br>av captain_obvious</p>
+
+<p>Inspirerende å lese. Har dere gjort noe for å fortelle denne
+historien videre?</p>
+
+<p>Hadde vært svært interessant om dere tok kontakt med dokument 2 eller
+lignende for å fortelle hvordan det egentlig står til med
+IT-satsningen i kommune-Norge. Om ikke annet kan du begynner med å
+raffinere innlegget ditt og få en gjesteartikkel på digi.no</p>
+</blockquote>
+
+<p>Og deretter en lengre oppfølging.</p>
+
+<blockquote>
+<p><strong>SV: Lignende situasjon i annen kommune, se bare her:</strong>
+<br>av Inspektør Siri (gjest)
+
+<p>Joda, vi har lekt med tanken, og vi har t.o.m skrevet flere lengre
+leserinnlegg myntet på aviser. Disse er ikke sendt til aviser, men
+brukt internt i forbindelse med møter med kommune. Vår IKT-ansvarlig
+har også truet med å si opp jobben sin hvis det ikke ble tatt hensyn i
+større grad enn hva som har vært tilfelle. VI kan også dokumentere
+flere brudd på anbudsregler, og vi kjenner til at relativt store
+IT-leverandører som ikke har fått tatt del i disse anbudene, rett og
+slett ikke tør melde fra av redsel for å få et dårlig rykte. </p>
+
+<p>Alt ser ut til å roe seg ned, og vi har fått opp øynene på
+politikerne. I sum gjør dette at vi ikke ønsker for mye publisitet nå,
+det vil bare rote til igjen. </p>
+
+<p>Jeg glemte å nevne at vi nå nesten ikke bruker tid på å drifte
+systemet vårt, noe som gjør at det aller meste av tid blir brukt til å
+støtte lærerne og elevene. F.eks så bruker vår IKT-ansvarlig den
+første timen på jobb, 0730-0830 kun til å gå ute på arbeidsplassene
+til læreren. Dette for å kunne svare på små og store problem, gi tips
+og råd, eller bare for å plukke opp hva som er behovet ute i
+undervisningsarealene. Det er dessverre ikke slik at alle lærerne har
+nok digital kompetanse til å kunne formulere alle spørsmålene de har,
+men ved å kunne få vise eller lufte tanker med IKT-ansvarlig så er det
+utrolig hva som kommer fram. </p>
+
+<ul>
+
+<li>Jeg ser at mange bruker økonomi som argument i forhold til å bruke
+SkoleLinux, og jeg skal ikke legge skjul på at det var dette som i
+utgangspunktet var årsaken til vårt valg. Men diskusjonene og kampen
+med kommunens IT-avdeling har gjort at vi har fått et noe annet
+fokus. Fordelene med drift og stabilitet, gjør at vi ville ha valgt
+samme løsning selv om den var dyrere. At vi slipper langt billigere
+unna, som følge av 0,- lisenskostnader og lave maskinvarekostnader, er
+bare en bonus. </li>
+
+<li>Etter å ha kranglet oss til å få skikkelig oversikt over hva de
+andre skolene i kommunen bruker på IT, så har vi fått gehør for å få
+samme midler til innkjøp. Dette har gjort at vi nå kan kjøpe inn
+utstyr som de andre skolene bare kan se langt etter. Vi har nettopp
+kjøpt inn 3 videokamera i semiproff-klassen for å kunne lage film,
+samt sende live fra skoleteater/konserter. Vi har kjøpt inn digitale
+kompaktkamera til alle klassene. Vi har et team av lærere som skal i
+gang med å teste ut tablets på svake elever. Håpet et at teknologien
+kan være med på å gi noen av elevene litt mer motivasjon. Vi har kjøpt
+inn et halvt klassesett med pulsklokker, noe som har vist seg å være
+overraskende inspirerende for en del av elevene. Vi har også oss på
+fag på en høyskole litt lengre sør for oss, slik at 3 av oss nå skal
+ta faget "Linux tjenestedrift". Som inspektør og en del av skolens
+administrasjon er det veldig praktisk å kunne trå til hvis det
+kniper. Men IKT-ansvarlig har vært UTROLIG flink til å lage rene
+smørbrødlister for hvordan de mest vanlige driftsproblem løses, så det
+er lett for flere av oss å ta del i den daglige driften. Vi har svært
+stor nytte av lærling (som også hjelper to av naboskolene), men det er
+nesten blitt slik at det er om å gjøre å komme til først for å få løse
+problem. Det å få fingrene på problem og utfordringer er den aller
+beste læremester. </li>
+
+</ul>
+
+<p>Når vi nå tar til med planlegging av ny skole, så vil det være med
+tanke på at det skal være mulig med datautstyr på alle plasser. Vi
+kommer i all hovedsak til å legge kabel til alle tenkelige og
+utenkelige plasser. WiFi koster tilnærmet NULL å sette opp i
+ettertid.</p>
+
+<p>Vi har ikke vært noe flink til å bidra til SkoleLinux-prosjektet,
+vi har rett og slett vært for opptatt med vår egen kamp. Vi har hentet
+mye inspirasjon fra diskusjoner som har gått i det miljøet, og vi
+håper at vi nå framover kan få tid til å bidra. Vi er i ferd med å
+bytte ut en av serverne våre, og da vil denne trolig bli satt opp som
+testserver for neste versjon av Skolelinux. På den måten vil vi i alle
+fall kunne gi tilbakemeldinger og rapportere feil. I tillegg så vil
+det kanskje gi oss noen nye utfordringer, for som lærlingen vår sier:
+"Skolelinux er noe herk, det skjer jo ikke noe galt og hvordan skal
+jeg da lære?"</p>
+
+</blockquote>
+
+<p>Det er veldig hyggelig å høre at
+<a href="http://www.skolelinux.org/">Skolelinux</a> fungerer så bra i
+skoleverdagen etter å ha jobbet med det i 10 år.</p>
</description>
</item>
<item>
- <title>Digitale restriksjonsmekanismer fikk meg til å slutte å kjøpe musikk</title>
- <link>http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html</guid>
- <pubDate>Thu, 22 Jul 2010 23:50:00 +0200</pubDate>
+ <title>Støtte for forskjellige kamera-ikoner på overvåkningskamerakartet</title>
+ <link>http://people.skolelinux.org/pere/blog/St__tte_for_forskjellige_kamera_ikoner_p___overv__kningskamerakartet.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/St__tte_for_forskjellige_kamera_ikoner_p___overv__kningskamerakartet.html</guid>
+ <pubDate>Sun, 2 Jan 2011 11:05:00 +0100</pubDate>
<description>
-<p>For mange år siden slutte jeg å kjøpe musikk-CDer. Årsaken var at
-musikkbransjen var godt i gang med å selge platene sine med DRM som
-gjorde at jeg ikke fikk spilt av musikken jeg kjøpte på utstyret jeg
-hadde tilgjengelig, dvs. min datamaskin. Det var umulig å se på en
-plate om den var ødelagt eller ikke, og jeg hadde jo allerede en
-anseelig samling med plater, så jeg bestemme meg for å slutte å gi
-penger til en bransje som åpenbart ikke respekterte meg.</p>
-
-<p>Jeg har mange titalls dager med musikk på CD i dag. Det meste er
-lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har
-ikke rukket rippe alt). Jeg ser dermed ikke behovet for å skaffe mer
-musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt
-fornøyd.</p>
-
-<p>Hvis musikkbransjen ønsker mine penger, så må de demonstrere at de
-setter pris på meg som kunde, og ikke skremme meg bort med DRM og
-antydninger om at kundene er kriminelle.</p>
-
-<p>Filmbransjen er like ille, men mens musikk gjerne varer lenge, er
-filmer mer ferskvare. Har dermed ikke helt sluttet å kjøpe filmer, men
-holder meg til DVD-filmer som kan spilles av på mine Linuxbokser.
-Kommer neppe til å ta i bruk Blueray, og ei heller de nye DRM-greiene
-«Ultraviolet» som be annonsert her om dagen.</p>
+<p>I dag har jeg justert litt på kartet over overvåkningskamera, og
+laget støtte for å gi fotobokser (automatisk trafikk-kontroll) og
+andre overvåkningskamera forskjellige symboler på kartet, slik at det
+er enklere å se forskjell på kamera som vegvesenet kontrollerer og
+andre kamera. Resultatet er lagt ut på
+<a href="http://people.skolelinux.org/pere/surveillance-norway/">kartet
+over overvåkningskamera i Norge</a>. Det er nå 93 fotobokser av 380
+totalt
+<a href="http://www.vegvesen.no/Fag/Fokusomrader/Trafikksikkerhet/Automatisk+trafikkontroll+ATK">i
+følge vegvesenet</a> og 80 andre kamera på kartet, totalt 173 kamera.
+Takk til de 26 stykkene som har bidratt til kamerainformasjonen så
+langt.</p>
</description>
</item>
<item>
- <title>OpenStreetmap one step closer to having routing on its front page</title>
- <link>http://people.skolelinux.org/pere/blog/OpenStreetmap_one_step_closer_to_having_routing_on_its_front_page.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/OpenStreetmap_one_step_closer_to_having_routing_on_its_front_page.html</guid>
- <pubDate>Sun, 18 Jul 2010 16:45:00 +0200</pubDate>
+ <title>What standards are Free and Open as defined by Digistan?</title>
+ <link>http://people.skolelinux.org/pere/blog/What_standards_are_Free_and_Open_as_defined_by_Digistan_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/What_standards_are_Free_and_Open_as_defined_by_Digistan_.html</guid>
+ <pubDate>Thu, 30 Dec 2010 23:15:00 +0100</pubDate>
<description>
-<p>Thanks to
-<a href="http://feedproxy.google.com/~r/Opengeodata/~3/wUTCzDZk3lc/project-of-the-week-which-way-home">todays
-opengeodata blog entry</a>, I just discovered that the
-OpenStreetmap.org site have gotten
-<a href="http://nroets.dev.openstreetmap.org/demo/index.html?layers=B000FTFTT">support
-for calculating routes</a>. The support is still experimental and
-only available from the development server, until more experience is
-gathered on the user interface and any scalability issues.</p>
-
-<p>Earlier, the routing I knew about using the OpenStreetmap.org data
-was provided by <a href="http://maps.cloudmade.com/">Cloudmade</a>,
-but having it on the main page is required to make everyone aware of
-the issue. I've had people reject Openstreetmap.org as a viable
-alternative for them because the front page lacked routing support,
-and I hope their needs will be catered for when routing show up on the
-www.openstreetmap.org front page.</p>
+<p>After trying to
+<a href="http://people.skolelinux.org/pere/blog/Is_Ogg_Theora_a_free_and_open_standard_.html">compare
+Ogg Theora</a> to
+<a href="http://www.digistan.org/open-standard:definition">the Digistan
+definition</a> of a free and open standard, I concluded that this need
+to be done for more standards and started on a framework for doing
+this. As a start, I want to get the status for all the standards in
+the Norwegian reference directory, which include UTF-8, HTML, PDF, ODF,
+JPEG, PNG, SVG and others. But to be able to complete this in a
+reasonable time frame, I will need help.</p>
+
+<p>If you want to help out with this work, please visit
+<a href="http://wiki.nuug.no/grupper/standard/digistan-analyse">the
+wiki pages I have set up for this</a>, and let me know that you want
+to help out. The IRC channel #nuug on irc.freenode.net is a good
+place to coordinate this for now, as it is the IRC channel for the
+NUUG association where I have created the framework (I am the leader
+of the Norwegian Unix User Group).</p>
+
+<p>The framework is still forming, and a lot is left to do. Do not be
+scared by the sketchy form of the current pages. :)</p>
</description>
</item>
<item>
- <title>What are they searching for - PowerDNS and ISC DHCP in LDAP</title>
- <link>http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html</guid>
- <pubDate>Sat, 17 Jul 2010 21:00:00 +0200</pubDate>
+ <title>The many definitions of a open standard</title>
+ <link>http://people.skolelinux.org/pere/blog/The_many_definitions_of_a_open_standard.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_many_definitions_of_a_open_standard.html</guid>
+ <pubDate>Mon, 27 Dec 2010 14:45:00 +0100</pubDate>
<description>
-<p>This is a
-<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">followup</a>
-on my
-<a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">previous
-work</a> on
-<a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">merging
-all</a> the computer related LDAP objects in Debian Edu.</p>
-
-<p>As a step to try to see if it possible to merge the DNS and DHCP
-LDAP objects, I have had a look at how the packages pdns-backend-ldap
-and dhcp3-server-ldap in Debian use the LDAP server. The two
-implementations are quite different in how they use LDAP.</p>
-
-To get this information, I started slapd with debugging enabled and
-dumped the debug output to a file to get the LDAP searches performed
-on a Debian Edu main-server. Here is a summary.
-
-<p><strong>powerdns</strong></p>
-
-<a href="http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend">Clues
-on how to</a> set up PowerDNS to use a LDAP backend is available on
-the web.
-
-<p>PowerDNS have two modes of operation using LDAP as its backend.
-One "strict" mode where the forward and reverse DNS lookups are done
-using the same LDAP objects, and a "tree" mode where the forward and
-reverse entries are in two different subtrees in LDAP with a structure
-based on the DNS names, as in tjener.intern and
-2.2.0.10.in-addr.arpa.</p>
-
-<p>In tree mode, the server is set up to use a LDAP subtree as its
-base, and uses a "base" scoped search for the DNS name by adding
-"dc=tjener,dc=intern," to the base with a filter for
-"(associateddomain=tjener.intern)" for the forward entry and
-"dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa," with a filter for
-"(associateddomain=2.2.0.10.in-addr.arpa)" for the reverse entry. For
-forward entries, it is looking for attributes named dnsttl, arecord,
-nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
-txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
-srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
-ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
-spfrecord and modifytimestamp. For reverse entries it is looking for
-the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
-ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
-locrecord, srvrecord, naptrrecord and modifytimestamp. The equivalent
-ldapsearch commands could look like this:</p>
+<p>One of the reasons I like the Digistan definition of
+"<a href="http://www.digistan.org/open-standard:definition">Free and
+Open Standard</a>" is that this is a new term, and thus the meaning of
+the term has been decided by Digistan. The term "Open Standard" has
+become so misunderstood that it is no longer very useful when talking
+about standards. One end up discussing which definition is the best
+one and with such frame the only one gaining are the proponents of
+de-facto standards and proprietary solutions.</p>
-<blockquote><pre>
-ldapsearch -h ldap \
- -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap \
- -b dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=2.2.0.10.in-addr.arpa)'
- dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
- hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
- srvrecord naptrrecord modifytimestamp
-</pre></blockquote>
+<p>But to give us an idea about the diversity of definitions of open
+standards, here are a few that I know about. This list is not
+complete, but can be a starting point for those that want to do a
+complete survey. More definitions are available on the
+<a href="http://en.wikipedia.org/wiki/Open_standard">wikipedia
+page</a>.</p>
-<p>In Debian Edu/Lenny, the PowerDNS tree mode is used with
-ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
-example LDAP objects used there. In addition to these objects, the
-parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
-also exist.</p>
+<p>First off is my favourite, the definition from the European
+Interoperability Framework version 1.0. Really sad to notice that BSA
+and others has succeeded in getting it removed from version 2.0 of the
+framework by stacking the committee drafting the new version with
+their own people. Anyway, the definition is still available and it
+include the key properties needed to make sure everyone can use a
+specification on equal terms.</p>
-<blockquote><pre>
-dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain
-objectclass: domainrelatedobject
-dc: tjener
-arecord: 10.0.2.2
-associateddomain: tjener.intern
-
-dn: dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain2
-objectclass: domainrelatedobject
-dc: 2
-ptrrecord: tjener.intern
-associateddomain: 2.2.0.10.in-addr.arpa
-</pre></blockquote>
+<blockquote>
-<p>In strict mode, the server behaves differently. When looking for
-forward DNS entries, it is doing a "subtree" scoped search with the
-same base as in the tree mode for a object with filter
-"(associateddomain=tjener.intern)" and requests the attributes dnsttl,
-arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
-mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
-naptrrecord and modifytimestamp. For reverse entires it also do a
-subtree scoped search but this time the filter is "(arecord=10.0.2.2)"
-and the requested attributes are associateddomain, dnsttl and
-modifytimestamp. In short, in strict mode the objects with ptrrecord
-go away, and the arecord attribute in the forward object is used
-instead.</p>
-
-<p>The forward and reverse searches can be simulated using ldapsearch
-like this:</p>
+<p>The following are the minimal characteristics that a specification
+and its attendant documents must have in order to be considered an
+open standard:</p>
-<blockquote><pre>
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(arecord=10.0.2.2)' associateddomain dnsttl modifytimestamp
-</pre></blockquote>
+<ul>
-<p>In addition to the forward and reverse searches , there is also a
-search for SOA records, which behave similar to the forward and
-reverse lookups.</p>
-
-<p>A thing to note with the PowerDNS behaviour is that it do not
-specify any objectclass names, and instead look for the attributes it
-need to generate a DNS reply. This make it able to work with any
-objectclass that provide the needed attributes.</p>
-
-<p>The attributes are normally provided in the cosine (RFC 1274) and
-dnsdomain2 schemas. The latter is used for reverse entries like
-ptrrecord and recent DNS additions like aaaarecord and srvrecord.</p>
-
-<p>In Debian Edu, we have created DNS objects using the object classes
-dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
-attributes) and domainrelatedobject (for associatedDomain). The use
-of structural object classes make it impossible to combine these
-classes with the object classes used by DHCP.</p>
-
-<p>There are other schemas that could be used too, for example the
-dnszone structural object class used by Gosa and bind-sdb for the DNS
-attributes combined with the domainrelatedobject object class, but in
-this case some unused attributes would have to be included as well
-(zonename and relativedomainname).</p>
-
-<p>My proposal for Debian Edu would be to switch PowerDNS to strict
-mode and not use any of the existing objectclasses (dnsdomain,
-dnsdomain2 and dnszone) when one want to combine the DNS information
-with DHCP information, and instead create a auxiliary object class
-defined something like this (using the attributes defined for
-dnsdomain and dnsdomain2 or dnszone):</p>
+<li>The standard is adopted and will be maintained by a not-for-profit
+organisation, and its ongoing development occurs on the basis of an
+open decision-making procedure available to all interested parties
+(consensus or majority decision etc.).</li>
-<blockquote><pre>
-objectclass ( some-oid NAME 'dnsDomainAux'
- SUP top
- AUXILIARY
- MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
- DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
- TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
- NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
- A6Record $ DNAMERecord
- ))
-</pre></blockquote>
+<li>The standard has been published and the standard specification
+document is available either freely or at a nominal charge. It must be
+permissible to all to copy, distribute and use it for no fee or at a
+nominal fee.</li>
-<p>This will allow any object to become a DNS entry when combined with
-the domainrelatedobject object class, and allow any entity to include
-all the attributes PowerDNS wants. I've sent an email to the PowerDNS
-developers asking for their view on this schema and if they are
-interested in providing such schema with PowerDNS, and I hope my
-message will be accepted into their mailing list soon.</p>
+<li>The intellectual property - i.e. patents possibly present - of
+(parts of) the standard is made irrevocably available on a royalty-
+free basis.</li>
-<p><strong>ISC dhcp</strong></p>
+<li>There are no constraints on the re-use of the standard.</li>
-<p>The DHCP server searches for specific objectclass and requests all
-the object attributes, and then uses the attributes it want. This
-make it harder to figure out exactly what attributes are used, but
-thanks to the working example in Debian Edu I can at least get an idea
-what is needed without having to read the source code.</p>
+</ul>
+</blockquote>
-<p>In the DHCP server configuration, the LDAP base to use and the
-search filter to use to locate the correct dhcpServer entity is
-stored. These are the relevant entries from
-/etc/dhcp3/dhcpd.conf:</p>
+<p>Another one originates from my friends over at
+<a href="http://www.dkuug.dk/">DKUUG</a>, who coined and gathered
+support for <a href="http://www.aaben-standard.dk/">this
+definition</a> in 2004. It even made it into the Danish parlament as
+<a href="http://www.ft.dk/dokumenter/tingdok.aspx?/samling/20051/beslutningsforslag/B103/som_fremsat.htm">their
+definition of a open standard</a>. Another from a different part of
+the Danish government is available from the wikipedia page.</p>
-<blockquote><pre>
-ldap-base-dn "dc=skole,dc=skolelinux,dc=no";
-ldap-dhcp-server-cn "dhcp";
-</pre></blockquote>
+<blockquote>
-<p>The DHCP server uses this information to nest all the DHCP
-configuration it need. The cn "dhcp" is located using the given LDAP
-base and the filter "(&(objectClass=dhcpServer)(cn=dhcp))". The
-search result is this entry:</p>
+<p>En åben standard opfylder følgende krav:</p>
-<blockquote><pre>
-dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
-cn: dhcp
-objectClass: top
-objectClass: dhcpServer
-dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-</pre></blockquote>
+<ol>
-<p>The content of the dhcpServiceDN attribute is next used to locate the
-subtree with DHCP configuration. The DHCP configuration subtree base
-is located using a base scope search with base "cn=DHCP
-Config,dc=skole,dc=skolelinux,dc=no" and filter
-"(&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))".
-The search result is this entry:</p>
+<li>Veldokumenteret med den fuldstændige specifikation offentligt
+tilgængelig.</li>
-<blockquote><pre>
-dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: DHCP Config
-objectClass: top
-objectClass: dhcpService
-objectClass: dhcpOptions
-dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
-dhcpStatements: ddns-update-style none
-dhcpStatements: authoritative
-dhcpOption: smtp-server code 69 = array of ip-address
-dhcpOption: www-server code 72 = array of ip-address
-dhcpOption: wpad-url code 252 = text
-</pre></blockquote>
+<li>Frit implementerbar uden økonomiske, politiske eller juridiske
+begrænsninger på implementation og anvendelse.</li>
-<p>Next, the entire subtree is processed, one level at the time. When
-all the DHCP configuration is loaded, it is ready to receive requests.
-The subtree in Debian Edu contain objects with object classes
-top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
-top/dhcpSubnet, top/dhcpGroup and top/dhcpHost. These provide options
-and information about netmasks, dynamic range etc. Leaving out the
-details here because it is not relevant for the focus of my
-investigation, which is to see if it is possible to merge dns and dhcp
-related computer objects.</p>
-
-<p>When a DHCP request come in, LDAP is searched for the MAC address
-of the client (00:00:00:00:00:00 in this example), using a subtree
-scoped search with "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" as
-the base and "(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
-00:00:00:00:00:00))" as the filter. This is what a host object look
-like:</p>
+<li>Standardiseret og vedligeholdt i et åbent forum (en såkaldt
+"standardiseringsorganisation") via en åben proces.</li>
-<blockquote><pre>
-dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: hostname
-objectClass: top
-objectClass: dhcpHost
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname
-</pre></blockquote>
+</ol>
-<p>There is less flexiblity in the way LDAP searches are done here.
-The object classes need to have fixed names, and the configuration
-need to be stored in a fairly specific LDAP structure. On the
-positive side, the invidiual dhcpHost entires can be anywhere without
-the DN pointed to by the dhcpServer entries. The latter should make
-it possible to group all host entries in a subtree next to the
-configuration entries, and this subtree can also be shared with the
-DNS server if the schema proposed above is combined with the dhcpHost
-structural object class.
+</blockquote>
-<p><strong>Conclusion</strong></p>
+<p>Then there is <a href="http://www.fsfe.org/projects/os/def.html">the
+definition</a> from Free Software Foundation Europe.</p>
-<p>The PowerDNS implementation seem to be very flexible when it come
-to which LDAP schemas to use. While its "tree" mode is rigid when it
-come to the the LDAP structure, the "strict" mode is very flexible,
-allowing DNS objects to be stored anywhere under the base cn specified
-in the configuration.</p>
+<blockquote>
-<p>The DHCP implementation on the other hand is very inflexible, both
-regarding which LDAP schemas to use and which LDAP structure to use.
-I guess one could implement ones own schema, as long as the
-objectclasses and attributes have the names used, but this do not
-really help when the DHCP subtree need to have a fairly fixed
-structure.</p>
+<p>An Open Standard refers to a format or protocol that is</p>
-<p>Based on the observed behaviour, I suspect a LDAP structure like
-this might work for Debian Edu:</p>
+<ol>
-<blockquote><pre>
-ou=services
- cn=machine-info (dhcpService) - dhcpServiceDN points here
- cn=dhcp (dhcpServer)
- cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
- cn=10.0.2.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
- cn=192.168.0.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- ou=machines - PowerDNS base points here
- cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
-</pre></blockquote>
+<li>subject to full public assessment and use without constraints in a
+manner equally available to all parties;</li>
-<P>This is not tested yet. If the DHCP server require the dhcpHost
-entries to be in the dhcpGroup subtrees, the entries can be stored
-there instead of a common machines subtree, and the PowerDNS base
-would have to be moved one level up to the machine-info subtree.</p>
+<li>without any components or extensions that have dependencies on
+formats or protocols that do not meet the definition of an Open
+Standard themselves;</li>
-<p>The combined object under the machines subtree would look something
-like this:</p>
-
-<blockquote><pre>
-dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
-dc: hostname
-objectClass: top
-objectClass: dhcpHost
-objectclass: domainrelatedobject
-objectclass: dnsDomainAux
-associateddomain: hostname.intern
-arecord: 10.11.12.13
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname.intern
-</pre></blockquote>
+<li>free from legal or technical clauses that limit its utilisation by
+any party or in any business model;</li>
+
+<li>managed and further developed independently of any single vendor
+in a process open to the equal participation of competitors and third
+parties;</li>
+
+<li>available in multiple complete implementations by competing
+vendors, or as a complete implementation equally available to all
+parties.</li>
+
+</ol>
+
+</blockquote>
+
+<p>A long time ago, SUN Microsystems, now bought by Oracle, created
+its
+<a href="http://blogs.sun.com/dennisding/resource/Open%20Standard%20Definition.pdf">Open
+Standards Checklist</a> with a fairly detailed description.</p>
+
+<blockquote>
+<p>Creation and Management of an Open Standard
+
+<ul>
+
+<li>Its development and management process must be collaborative and
+ democratic:
+
+ <ul>
+
+ <li>Participation must be accessible to all those who wish to
+ participate and can meet fair and reasonable criteria
+ imposed by the organization under which it is developed
+ and managed.</li>
-</p>One could even add the LTSP configuration associated with a given
-machine, as long as the required attributes are available in a
-auxiliary object class.</p>
+ <li>The processes must be documented and, through a known
+ method, can be changed through input from all
+ participants.</li>
+
+ <li>The process must be based on formal and binding commitments for
+ the disclosure and licensing of intellectual property rights.</li>
+
+ <li>Development and management should strive for consensus,
+ and an appeals process must be clearly outlined.</li>
+
+ <li>The standard specification must be open to extensive
+ public review at least once in its life-cycle, with
+ comments duly discussed and acted upon, if required.</li>
+
+ </ul>
+
+</li>
+
+</ul>
+
+<p>Use and Licensing of an Open Standard</p>
+<ul>
+
+<li>The standard must describe an interface, not an implementation,
+ and the industry must be capable of creating multiple, competing
+ implementations to the interface described in the standard without
+ undue or restrictive constraints. Interfaces include APIs,
+ protocols, schemas, data formats and their encoding.</li>
+
+<li> The standard must not contain any proprietary "hooks" that create
+ a technical or economic barriers</li>
+
+<li>Faithful implementations of the standard must
+ interoperate. Interoperability means the ability of a computer
+ program to communicate and exchange information with other computer
+ programs and mutually to use the information which has been
+ exchanged. This includes the ability to use, convert, or exchange
+ file formats, protocols, schemas, interface information or
+ conventions, so as to permit the computer program to work with other
+ computer programs and users in all the ways in which they are
+ intended to function.</li>
+
+<li>It must be permissible for anyone to copy, distribute and read the
+ standard for a nominal fee, or even no fee. If there is a fee, it
+ must be low enough to not preclude widespread use.</li>
+
+<li>It must be possible for anyone to obtain free (no royalties or
+ fees; also known as "royalty free"), worldwide, non-exclusive and
+ perpetual licenses to all essential patent claims to make, use and
+ sell products based on the standard. The only exceptions are
+ terminations per the reciprocity and defensive suspension terms
+ outlined below. Essential patent claims include pending, unpublished
+ patents, published patents, and patent applications. The license is
+ only for the exact scope of the standard in question.
+
+ <ul>
+
+ <li> May be conditioned only on reciprocal licenses to any of
+ licensees' patent claims essential to practice that standard
+ (also known as a reciprocity clause)</li>
+
+ <li> May be terminated as to any licensee who sues the licensor
+ or any other licensee for infringement of patent claims
+ essential to practice that standard (also known as a
+ "defensive suspension" clause)</li>
+
+ <li> The same licensing terms are available to every potential
+ licensor</li>
+
+ </ul>
+</li>
+
+<li>The licensing terms of an open standards must not preclude
+ implementations of that standard under open source licensing terms
+ or restricted licensing terms</li>
+
+</ul>
+
+</blockquote>
+
+<p>It is said that one of the nice things about standards is that
+there are so many of them. As you can see, the same holds true for
+open standard definitions. Most of the definitions have a lot in
+common, and it is not really controversial what properties a open
+standard should have, but the diversity of definitions have made it
+possible for those that want to avoid a level marked field and real
+competition to downplay the significance of open standards. I hope we
+can turn this tide by focusing on the advantages of Free and Open
+Standards.</p>
</description>
</item>
<item>
- <title>Combining PowerDNS and ISC DHCP LDAP objects</title>
- <link>http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html</guid>
- <pubDate>Wed, 14 Jul 2010 23:45:00 +0200</pubDate>
+ <title>Is Ogg Theora a free and open standard?</title>
+ <link>http://people.skolelinux.org/pere/blog/Is_Ogg_Theora_a_free_and_open_standard_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Is_Ogg_Theora_a_free_and_open_standard_.html</guid>
+ <pubDate>Sat, 25 Dec 2010 20:25:00 +0100</pubDate>
<description>
-<p>For a while now, I have wanted to find a way to change the DNS and
-DHCP services in Debian Edu to use the same LDAP objects for a given
-computer, to avoid the possibility of having a inconsistent state for
-a computer in LDAP (as in DHCP but no DNS entry or the other way
-around) and make it easier to add computers to LDAP.</p>
-
-<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
-information finally found a solution that seem to work.</p>
-
-<p>The old setup required three LDAP objects for a given computer.
-One forward DNS entry, one reverse DNS entry and one DHCP entry. If
-we switch powerdns to use its strict LDAP method (ldap-method=strict
-in pdns-debian-edu.conf), the forward and reverse DNS entries are
-merged into one while making it impossible to transfer the reverse map
-to a slave DNS server.</p>
-
-<p>If we also replace the object class used to get the DNS related
-attributes to one allowing these attributes to be combined with the
-dhcphost object class, we can merge the DNS and DHCP entries into one.
-I've written such object class in the dnsdomainaux.schema file (need
-proper OIDs, but that is a minor issue), and tested the setup. It
-seem to work.</p>
-
-<p>With this test setup in place, we can get away with one LDAP object
-for both DNS and DHCP, and even the LTSP configuration I suggested in
-an earlier email. The combined LDAP object will look something like
-this:</p>
+<p><a href="http://www.digistan.org/open-standard:definition">The
+Digistan definition</a> of a free and open standard reads like this:</p>
+
+<blockquote>
+
+<p>The Digital Standards Organization defines free and open standard
+as follows:</p>
+
+<ol>
+
+<li>A free and open standard is immune to vendor capture at all stages
+in its life-cycle. Immunity from vendor capture makes it possible to
+freely use, improve upon, trust, and extend a standard over time.</li>
+
+<li>The standard is adopted and will be maintained by a not-for-profit
+organisation, and its ongoing development occurs on the basis of an
+open decision-making procedure available to all interested
+parties.</li>
+
+<li>The standard has been published and the standard specification
+document is available freely. It must be permissible to all to copy,
+distribute, and use it freely.</li>
+
+<li>The patents possibly present on (parts of) the standard are made
+irrevocably available on a royalty-free basis.</li>
+
+<li>There are no constraints on the re-use of the standard.</li>
+
+</ol>
+
+<p>The economic outcome of a free and open standard, which can be
+measured, is that it enables perfect competition between suppliers of
+products based on the standard.</p>
+</blockquote>
+
+<p>For a while now I have tried to figure out of Ogg Theora is a free
+and open standard according to this definition. Here is a short
+writeup of what I have been able to gather so far. I brought up the
+topic on the Xiph advocacy mailing list
+<a href="http://lists.xiph.org/pipermail/advocacy/2009-July/001632.html">in
+July 2009</a>, for those that want to see some background information.
+According to Ivo Emanuel Gonçalves and Monty Montgomery on that list
+the Ogg Theora specification fulfils the Digistan definition.</p>
+
+<p><strong>Free from vendor capture?</strong></p>
+
+<p>As far as I can see, there is no single vendor that can control the
+Ogg Theora specification. It can be argued that the
+<a href="http://www.xiph.org/">Xiph foundation</A> is such vendor, but
+given that it is a non-profit foundation with the expressed goal
+making free and open protocols and standards available, it is not
+obvious that this is a real risk. One issue with the Xiph
+foundation is that its inner working (as in board member list, or who
+control the foundation) are not easily available on the web. I've
+been unable to find out who is in the foundation board, and have not
+seen any accounting information documenting how money is handled nor
+where is is spent in the foundation. It is thus not obvious for an
+external observer who control The Xiph foundation, and for all I know
+it is possible for a single vendor to take control over the
+specification. But it seem unlikely.</p>
+
+<p><strong>Maintained by open not-for-profit organisation?</strong></p>
+
+<p>Assuming that the Xiph foundation is the organisation its web pages
+claim it to be, this point is fulfilled. If Xiph foundation is
+controlled by a single vendor, it isn't, but I have not found any
+documentation indicating this.</p>
+
+<p>According to
+<a href="http://media.hiof.no/diverse/fad/rapport_4.pdf">a report</a>
+prepared by Audun Vaaler og Børre Ludvigsen for the Norwegian
+government, the Xiph foundation is a non-commercial organisation and
+the development process is open, transparent and non-Discrimatory.
+Until proven otherwise, I believe it make most sense to believe the
+report is correct.</p>
+
+<p><strong>Specification freely available?</strong></p>
+
+<p>The specification for the <a href="http://www.xiph.org/ogg/doc/">Ogg
+container format</a> and both the
+<a href="http://www.xiph.org/vorbis/doc/">Vorbis</a> and
+<a href="http://theora.org/doc/">Theora</a> codeces are available on
+the web. This are the terms in the Vorbis and Theora specification:
+
+<blockquote>
+
+Anyone may freely use and distribute the Ogg and [Vorbis/Theora]
+specifications, whether in private, public, or corporate
+capacity. However, the Xiph.Org Foundation and the Ogg project reserve
+the right to set the Ogg [Vorbis/Theora] specification and certify
+specification compliance.
+
+</blockquote>
+
+<p>The Ogg container format is specified in IETF
+<a href="http://www.xiph.org/ogg/doc/rfc3533.txt">RFC 3533</a>, and
+this is the term:<p>
+
+<blockquote>
+
+<p>This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it
+or assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are
+included on all such copies and derivative works. However, this
+document itself may not be modified in any way, such as by removing
+the copyright notice or references to the Internet Society or other
+Internet organizations, except as needed for the purpose of developing
+Internet standards in which case the procedures for copyrights defined
+in the Internet Standards process must be followed, or as required to
+translate it into languages other than English.</p>
+
+<p>The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.</p>
+</blockquote>
+
+<p>All these terms seem to allow unlimited distribution and use, an
+this term seem to be fulfilled. There might be a problem with the
+missing permission to distribute modified versions of the text, and
+thus reuse it in other specifications. Not quite sure if that is a
+requirement for the Digistan definition.</p>
+
+<p><strong>Royalty-free?</strong></p>
+
+<p>There are no known patent claims requiring royalties for the Ogg
+Theora format.
+<a href="http://www.streamingmedia.com/Articles/ReadArticle.aspx?ArticleID=65782">MPEG-LA</a>
+and
+<a href="http://yro.slashdot.org/story/10/04/30/237238/Steve-Jobs-Hints-At-Theora-Lawsuit">Steve
+Jobs</a> in Apple claim to know about some patent claims (submarine
+patents) against the Theora format, but no-one else seem to believe
+them. Both Opera Software and the Mozilla Foundation have looked into
+this and decided to implement Ogg Theora support in their browsers
+without paying any royalties. For now the claims from MPEG-LA and
+Steve Jobs seem more like FUD to scare people to use the H.264 codec
+than any real problem with Ogg Theora.</p>
+
+<p><strong>No constraints on re-use?</strong></p>
+
+<p>I am not aware of any constraints on re-use.</p>
-<blockquote><pre>
- dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
- cn: hostname
- objectClass: dhcphost
- objectclass: domainrelatedobject
- objectclass: dnsdomainaux
- associateddomain: hostname.intern
- arecord: 10.11.12.13
- dhcphwaddress: ethernet 00:00:00:00:00:00
- dhcpstatements: fixed-address hostname
- ldapconfigsound: Y
-</pre></blockquote>
+<p><strong>Conclusion</strong></p>
-<p>The DNS server uses the associateddomain and arecord entries, while
-the DHCP server uses the dhcphwaddress and dhcpstatements entries
-before asking DNS to resolve the fixed-adddress. LTSP will use
-dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
-
-<p>I am not yet sure if I can get the DHCP server to look for its
-dhcphost in a different location, to allow us to put the objects
-outside the "DHCP Config" subtree, but hope to figure out a way to do
-that. If I can't figure out a way to do that, we can still get rid of
-the hosts subtree and move all its content into the DHCP Config tree
-(which probably should be renamed to be more related to the new
-content. I suspect cn=dnsdhcp,ou=services or something like that
-might be a good place to put it.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>3 of 5 requirements seem obviously fulfilled, and the remaining 2
+depend on the governing structure of the Xiph foundation. Given the
+background report used by the Norwegian government, I believe it is
+safe to assume the last two requirements are fulfilled too, but it
+would be nice if the Xiph foundation web site made it easier to verify
+this.</p>
+
+<p>It would be nice to see other analysis of other specifications to
+see if they are free and open standards.</p>
</description>
</item>
<item>
- <title>Idea for storing LTSP configuration in LDAP</title>
- <link>http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html</guid>
- <pubDate>Sun, 11 Jul 2010 22:00:00 +0200</pubDate>
+ <title>The reply from Edgar Villanueva to Microsoft in Peru</title>
+ <link>http://people.skolelinux.org/pere/blog/The_reply_from_Edgar_Villanueva_to_Microsoft_in_Peru.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/The_reply_from_Edgar_Villanueva_to_Microsoft_in_Peru.html</guid>
+ <pubDate>Sat, 25 Dec 2010 10:50:00 +0100</pubDate>
<description>
-<p>Vagrant mentioned on IRC today that ltsp_config now support
-sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
-clients, and that this can be used to fetch configuration from LDAP if
-Debian Edu choose to store configuration there.</p>
+<p>A few days ago
+<a href="http://www.idg.no/computerworld/article189879.ece">an
+article</a> in the Norwegian Computerworld magazine about how version
+2.0 of
+<a href="http://en.wikipedia.org/wiki/European_Interoperability_Framework">European
+Interoperability Framework</a> has been successfully lobbied by the
+proprietary software industry to remove the focus on free software.
+Nothing very surprising there, given
+<a href="http://news.slashdot.org/story/10/03/29/2115235/Open-Source-Open-Standards-Under-Attack-In-Europe">earlier
+reports</a> on how Microsoft and others have stacked the committees in
+this work. But I find this very sad. The definition of
+<a href="http://www.nuug.no/dokumenter/standard-presse-def-200506.txt">an
+open standard from version 1</a> was very good, and something I
+believe should be used also in the future, alongside
+<a href="http://www.digistan.org/open-standard:definition">the
+definition from Digistan</A>. Version 2 have removed the open
+standard definition from its content.</p>
-<p>Armed with this information, I got inspired and wrote a test module
-to get configuration from LDAP. The idea is to look up the MAC
-address of the client in LDAP, and look for attributes on the form
-ltspconfigsetting=value, and use this to export SETTING=value to the
-LTSP clients.</p>
+<p>Anyway, the news reminded me of the great reply sent by Dr. Edgar
+Villanueva, congressman in Peru at the time, to Microsoft as a reply
+to Microsofts attack on his proposal regarding the use of free software
+in the public sector in Peru. As the text was not available from a
+few of the URLs where it used to be available, I copy it here from
+<a href="http://gnuwin.epfl.ch/articles/en/reponseperou/villanueva_to_ms.html">my
+source</a> to ensure it is available also in the future. Some
+background information about that story is available in
+<a href="http://www.linuxjournal.com/article/6099">an article</a> from
+Linux Journal in 2002.</p>
-<p>The goal is to be able to store the LTSP configuration attributes
-in a "computer" LDAP object used by both DNS and DHCP, and thus
-allowing us to store all information about a computer in one place.</p>
+<blockquote>
+<p>Lima, 8th of April, 2002<br>
+To: Señor JUAN ALBERTO GONZÁLEZ<br>
+General Manager of Microsoft Perú</p>
-<p>This is a untested draft implementation, and I welcome feedback on
-this approach. A real LDAP schema for the ltspClientAux objectclass
-need to be written. Comments, suggestions, etc?</p>
+<p>Dear Sir:</p>
-<blockquote><pre>
-# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
-#
-# Fetch LTSP client settings from LDAP based on MAC address
-#
-# Uses ethernet address as stored in the dhcpHost objectclass using
-# the dhcpHWAddress attribute or ethernet address stored in the
-# ieee802Device objectclass with the macAddress attribute.
-#
-# This module is written to be schema agnostic, and only depend on the
-# existence of attribute names.
-#
-# The LTSP configuration variables are saved directly using a
-# ltspConfig prefix and uppercasing the rest of the attribute name.
-# To set the SERVER variable, set the ltspConfigServer attribute.
-#
-# Some LDAP schema should be created with all the relevant
-# configuration settings. Something like this should work:
-#
-# objectclass ( 1.1.2.2 NAME 'ltspClientAux'
-# SUP top
-# AUXILIARY
-# MAY ( ltspConfigServer $ ltsConfigSound $ ... )
-
-LDAPSERVER=$(debian-edu-ldapserver)
-if [ "$LDAPSERVER" ] ; then
- LDAPBASE=$(debian-edu-ldapserver -b)
- for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do
- filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))"
- ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \
- grep '^ltspConfig' | while read attr value ; do
- # Remove prefix and convert to upper case
- attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z)
- # bass value on to clients
- eval "$attr=$value; export $attr"
- done
- done
-fi
-</pre></blockquote>
+<p>First of all, I thank you for your letter of March 25, 2002 in which you state the official position of Microsoft relative to Bill Number 1609, Free Software in Public Administration, which is indubitably inspired by the desire for Peru to find a suitable place in the global technological context. In the same spirit, and convinced that we will find the best solutions through an exchange of clear and open ideas, I will take this opportunity to reply to the commentaries included in your letter.</p>
-<p>I'm not sure this shell construction will work, because I suspect
-the while block might end up in a subshell causing the variables set
-there to not show up in ltsp-config, but if that is the case I am sure
-the code can be restructured to make sure the variables are passed on.
-I expect that can be solved with some testing. :)</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
-
-<p>Update 2010-07-17: I am aware of another effort to store LTSP
-configuration in LDAP that was created around year 2000 by
-<a href="http://www.pcxperience.com/thinclient/documentation/ldap.html">PC
-Xperience, Inc., 2000</a>. I found its
-<a href="http://people.redhat.com/alikins/ltsp/ldap/">files</a> on a
-personal home page over at redhat.com.</p>
-</description>
- </item>
-
- <item>
- <title>jXplorer, a very nice LDAP GUI</title>
- <link>http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html</guid>
- <pubDate>Fri, 9 Jul 2010 12:55:00 +0200</pubDate>
- <description>
-<p>Since
-<a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">my
-last post</a> about available LDAP tools in Debian, I was told about a
-LDAP GUI that is even better than luma. The java application
-<a href="http://jxplorer.org/">jXplorer</a> is claimed to be capable of
-moving LDAP objects and subtrees using drag-and-drop, and can
-authenticate using Kerberos. I have only tested the Kerberos
-authentication, but do not have a LDAP setup allowing me to rewrite
-LDAP with my test user yet. It is
-<a href="http://packages.qa.debian.org/j/jxplorer.html">available in
-Debian</a> testing and unstable at the moment. The only problem I
-have with it is how it handle errors. If something go wrong, its
-non-intuitive behaviour require me to go through some query work list
-and remove the failing query. Nothing big, but very annoying.</p>
+<p>While acknowledging that opinions such as yours constitute a significant contribution, it would have been even more worthwhile for me if, rather than formulating objections of a general nature (which we will analyze in detail later) you had gathered solid arguments for the advantages that proprietary software could bring to the Peruvian State, and to its citizens in general, since this would have allowed a more enlightening exchange in respect of each of our positions.</p>
+
+<p>With the aim of creating an orderly debate, we will assume that what you call "open source software" is what the Bill defines as "free software", since there exists software for which the source code is distributed together with the program, but which does not fall within the definition established by the Bill; and that what you call "commercial software" is what the Bill defines as "proprietary" or "unfree", given that there exists free software which is sold in the market for a price like any other good or service.</p>
+
+<p>It is also necessary to make it clear that the aim of the Bill we are discussing is not directly related to the amount of direct savings that can by made by using free software in state institutions. That is in any case a marginal aggregate value, but in no way is it the chief focus of the Bill. The basic principles which inspire the Bill are linked to the basic guarantees of a state of law, such as:</p>
+
+<p>
+<ul>
+<li>Free access to public information by the citizen. </li>
+<li>Permanence of public data. </li>
+<li>Security of the State and citizens.</li>
+</ul>
+</p>
+
+<p>To guarantee the free access of citizens to public information, it is indispensable that the encoding of data is not tied to a single provider. The use of standard and open formats gives a guarantee of this free access, if necessary through the creation of compatible free software.</p>
+
+<p>To guarantee the permanence of public data, it is necessary that the usability and maintenance of the software does not depend on the goodwill of the suppliers, or on the monopoly conditions imposed by them. For this reason the State needs systems the development of which can be guaranteed due to the availability of the source code.</p>
+
+<p>To guarantee national security or the security of the State, it is indispensable to be able to rely on systems without elements which allow control from a distance or the undesired transmission of information to third parties. Systems with source code freely accessible to the public are required to allow their inspection by the State itself, by the citizens, and by a large number of independent experts throughout the world. Our proposal brings further security, since the knowledge of the source code will eliminate the growing number of programs with *spy code*. </p>
+
+<p>In the same way, our proposal strengthens the security of the citizens, both in their role as legitimate owners of information managed by the state, and in their role as consumers. In this second case, by allowing the growth of a widespread availability of free software not containing *spy code* able to put at risk privacy and individual freedoms.</p>
+
+<p>In this sense, the Bill is limited to establishing the conditions under which the state bodies will obtain software in the future, that is, in a way compatible with these basic principles.</p>
+
+
+<p>From reading the Bill it will be clear that once passed:<br>
+<li>the law does not forbid the production of proprietary software</li>
+<li>the law does not forbid the sale of proprietary software</li>
+<li>the law does not specify which concrete software to use</li>
+<li>the law does not dictate the supplier from whom software will be bought</li>
+<li>the law does not limit the terms under which a software product can be licensed.</li>
+
+</p>
+
+<p>What the Bill does express clearly, is that, for software to be acceptable for the state it is not enough that it is technically capable of fulfilling a task, but that further the contractual conditions must satisfy a series of requirements regarding the license, without which the State cannot guarantee the citizen adequate processing of his data, watching over its integrity, confidentiality, and accessibility throughout time, as these are very critical aspects for its normal functioning.</p>
+
+<p>We agree, Mr. Gonzalez, that information and communication technology have a significant impact on the quality of life of the citizens (whether it be positive or negative). We surely also agree that the basic values I have pointed out above are fundamental in a democratic state like Peru. So we are very interested to know of any other way of guaranteeing these principles, other than through the use of free software in the terms defined by the Bill.</p>
+
+<p>As for the observations you have made, we will now go on to analyze them in detail:</p>
+
+<p>Firstly, you point out that: "1. The bill makes it compulsory for all public bodies to use only free software, that is to say open source software, which breaches the principles of equality before the law, that of non-discrimination and the right of free private enterprise, freedom of industry and of contract, protected by the constitution."</p>
+
+<p>This understanding is in error. The Bill in no way affects the rights you list; it limits itself entirely to establishing conditions for the use of software on the part of state institutions, without in any way meddling in private sector transactions. It is a well established principle that the State does not enjoy the wide spectrum of contractual freedom of the private sector, as it is limited in its actions precisely by the requirement for transparency of public acts; and in this sense, the preservation of the greater common interest must prevail when legislating on the matter.</p>
+
+<p>The Bill protects equality under the law, since no natural or legal person is excluded from the right of offering these goods to the State under the conditions defined in the Bill and without more limitations than those established by the Law of State Contracts and Purchasing (T.U.O. by Supreme Decree No. 012-2001-PCM).</p>
+
+<p>The Bill does not introduce any discrimination whatever, since it only establishes *how* the goods have to be provided (which is a state power) and not *who* has to provide them (which would effectively be discriminatory, if restrictions based on national origin, race religion, ideology, sexual preference etc. were imposed). On the contrary, the Bill is decidedly antidiscriminatory. This is so because by defining with no room for doubt the conditions for the provision of software, it prevents state bodies from using software which has a license including discriminatory conditions.</p>
+
+<p>It should be obvious from the preceding two paragraphs that the Bill does not harm free private enterprise, since the latter can always choose under what conditions it will produce software; some of these will be acceptable to the State, and others will not be since they contradict the guarantee of the basic principles listed above. This free initiative is of course compatible with the freedom of industry and freedom of contract (in the limited form in which the State can exercise the latter). Any private subject can produce software under the conditions which the State requires, or can refrain from doing so. Nobody is forced to adopt a model of production, but if they wish to provide software to the State, they must provide the mechanisms which guarantee the basic principles, and which are those described in the Bill.</p>
+
+<p>By way of an example: nothing in the text of the Bill would prevent your company offering the State bodies an office "suite", under the conditions defined in the Bill and setting the price that you consider satisfactory. If you did not, it would not be due to restrictions imposed by the law, but to business decisions relative to the method of commercializing your products, decisions with which the State is not involved.</p>
+
+<p>To continue; you note that:" 2. The bill, by making the use of open source software compulsory, would establish discriminatory and non competitive practices in the contracting and purchasing by public bodies..."</p>
+
+<p>This statement is just a reiteration of the previous one, and so the response can be found above. However, let us concern ourselves for a moment with your comment regarding "non-competitive ... practices."</p>
+
+<p>Of course, in defining any kind of purchase, the buyer sets conditions which relate to the proposed use of the good or service. From the start, this excludes certain manufacturers from the possibility of competing, but does not exclude them "a priori", but rather based on a series of principles determined by the autonomous will of the purchaser, and so the process takes place in conformance with the law. And in the Bill it is established that *no one* is excluded from competing as far as he guarantees the fulfillment of the basic principles.</p>
+
+<p>Furthermore, the Bill *stimulates* competition, since it tends to generate a supply of software with better conditions of usability, and to better existing work, in a model of continuous improvement.</p>
+
+<p>On the other hand, the central aspect of competivity is the chance to provide better choices to the consumer. Now, it is impossible to ignore the fact that marketing does not play a neutral role when the product is offered on the market (since accepting the opposite would lead one to suppose that firms' expenses in marketing lack any sense), and that therefore a significant expense under this heading can influence the decisions of the purchaser. This influence of marketing is in large measure reduced by the bill that we are backing, since the choice within the framework proposed is based on the *technical merits* of the product and not on the effort put into commercialization by the producer; in this sense, competitiveness is increased, since the smallest software producer can compete on equal terms with the most powerful corporations.</p>
+
+<p>It is necessary to stress that there is no position more anti-competitive than that of the big software producers, which frequently abuse their dominant position, since in innumerable cases they propose as a solution to problems raised by users: "update your software to the new version" (at the user's expense, naturally); furthermore, it is common to find arbitrary cessation of technical help for products, which, in the provider's judgment alone, are "old"; and so, to receive any kind of technical assistance, the user finds himself forced to migrate to new versions (with non-trivial costs, especially as changes in hardware platform are often involved). And as the whole infrastructure is based on proprietary data formats, the user stays "trapped" in the need to continue using products from the same supplier, or to make the huge effort to change to another environment (probably also proprietary).</p>
+
+<p>You add: "3. So, by compelling the State to favor a business model based entirely on open source, the bill would only discourage the local and international manufacturing companies, which are the ones which really undertake important expenditures, create a significant number of direct and indirect jobs, as well as contributing to the GNP, as opposed to a model of open source software which tends to have an ever weaker economic impact, since it mainly creates jobs in the service sector."</p>
+
+<p>I do not agree with your statement. Partly because of what you yourself point out in paragraph 6 of your letter, regarding the relative weight of services in the context of software use. This contradiction alone would invalidate your position. The service model, adopted by a large number of companies in the software industry, is much larger in economic terms, and with a tendency to increase, than the licensing of programs.</p>
+
+<p>On the other hand, the private sector of the economy has the widest possible freedom to choose the economic model which best suits its interests, even if this freedom of choice is often obscured subliminally by the disproportionate expenditure on marketing by the producers of proprietary software.</p>
+
+<p>In addition, a reading of your opinion would lead to the conclusion that the State market is crucial and essential for the proprietary software industry, to such a point that the choice made by the State in this bill would completely eliminate the market for these firms. If that is true, we can deduce that the State must be subsidizing the proprietary software industry. In the unlikely event that this were true, the State would have the right to apply the subsidies in the area it considered of greatest social value; it is undeniable, in this improbable hypothesis, that if the State decided to subsidize software, it would have to do so choosing the free over the proprietary, considering its social effect and the rational use of taxpayers money.</p>
+
+<p>In respect of the jobs generated by proprietary software in countries like ours, these mainly concern technical tasks of little aggregate value; at the local level, the technicians who provide support for proprietary software produced by transnational companies do not have the possibility of fixing bugs, not necessarily for lack of technical capability or of talent, but because they do not have access to the source code to fix it. With free software one creates more technically qualified employment and a framework of free competence where success is only tied to the ability to offer good technical support and quality of service, one stimulates the market, and one increases the shared fund of knowledge, opening up alternatives to generate services of greater total value and a higher quality level, to the benefit of all involved: producers, service organizations, and consumers.</p>
+
+<p>It is a common phenomenon in developing countries that local software industries obtain the majority of their takings in the service sector, or in the creation of "ad hoc" software. Therefore, any negative impact that the application of the Bill might have in this sector will be more than compensated by a growth in demand for services (as long as these are carried out to high quality standards). If the transnational software companies decide not to compete under these new rules of the game, it is likely that they will undergo some decrease in takings in terms of payment for licenses; however, considering that these firms continue to allege that much of the software used by the State has been illegally copied, one can see that the impact will not be very serious. Certainly, in any case their fortune will be determined by market laws, changes in which cannot be avoided; many firms traditionally associated with proprietary software have already set out on the road (supported by copious expense) of providing services associated with free software, which shows that the models are not mutually exclusive.</p>
+
+<p>With this bill the State is deciding that it needs to preserve certain fundamental values. And it is deciding this based on its sovereign power, without affecting any of the constitutional guarantees. If these values could be guaranteed without having to choose a particular economic model, the effects of the law would be even more beneficial. In any case, it should be clear that the State does not choose an economic model; if it happens that there only exists one economic model capable of providing software which provides the basic guarantee of these principles, this is because of historical circumstances, not because of an arbitrary choice of a given model.</p>
+
+<p>Your letter continues: "4. The bill imposes the use of open source software without considering the dangers that this can bring from the point of view of security, guarantee, and possible violation of the intellectual property rights of third parties."</p>
+
+<p>Alluding in an abstract way to "the dangers this can bring", without specifically mentioning a single one of these supposed dangers, shows at the least some lack of knowledge of the topic. So, allow me to enlighten you on these points.</p>
+
+<p>On security:</p>
+
+<p>National security has already been mentioned in general terms in the initial discussion of the basic principles of the bill. In more specific terms, relative to the security of the software itself, it is well known that all software (whether proprietary or free) contains errors or "bugs" (in programmers' slang). But it is also well known that the bugs in free software are fewer, and are fixed much more quickly, than in proprietary software. It is not in vain that numerous public bodies responsible for the IT security of state systems in developed countries require the use of free software for the same conditions of security and efficiency.</p>
+
+<p>What is impossible to prove is that proprietary software is more secure than free, without the public and open inspection of the scientific community and users in general. This demonstration is impossible because the model of proprietary software itself prevents this analysis, so that any guarantee of security is based only on promises of good intentions (biased, by any reckoning) made by the producer itself, or its contractors.</p>
+
+<p>It should be remembered that in many cases, the licensing conditions include Non-Disclosure clauses which prevent the user from publicly revealing security flaws found in the licensed proprietary product.</p>
+
+<p>In respect of the guarantee:</p>
+
+A<p>s you know perfectly well, or could find out by reading the "End User License Agreement" of the products you license, in the great majority of cases the guarantees are limited to replacement of the storage medium in case of defects, but in no case is compensation given for direct or indirect damages, loss of profits, etc... If as a result of a security bug in one of your products, not fixed in time by yourselves, an attacker managed to compromise crucial State systems, what guarantees, reparations and compensation would your company make in accordance with your licensing conditions? The guarantees of proprietary software, inasmuch as programs are delivered ``AS IS'', that is, in the state in which they are, with no additional responsibility of the provider in respect of function, in no way differ from those normal with free software.</p>
+
+<p>On Intellectual Property:</p>
+
+<p>Questions of intellectual property fall outside the scope of this bill, since they are covered by specific other laws. The model of free software in no way implies ignorance of these laws, and in fact the great majority of free software is covered by copyright. In reality, the inclusion of this question in your observations shows your confusion in respect of the legal framework in which free software is developed. The inclusion of the intellectual property of others in works claimed as one's own is not a practice that has been noted in the free software community; whereas, unfortunately, it has been in the area of proprietary software. As an example, the condemnation by the Commercial Court of Nanterre, France, on 27th September 2001 of Microsoft Corp. to a penalty of 3 million francs in damages and interest, for violation of intellectual property (piracy, to use the unfortunate term that your firm commonly uses in its publicity).</p>
+
+<p>You go on to say that: "The bill uses the concept of open source software incorrectly, since it does not necessarily imply that the software is free or of zero cost, and so arrives at mistaken conclusions regarding State savings, with no cost-benefit analysis to validate its position."</p>
+
+<p>This observation is wrong; in principle, freedom and lack of cost are orthogonal concepts: there is software which is proprietary and charged for (for example, MS Office), software which is proprietary and free of charge (MS Internet Explorer), software which is free and charged for (Red Hat, SuSE etc GNU/Linux distributions), software which is free and not charged for (Apache, Open Office, Mozilla), and even software which can be licensed in a range of combinations (MySQL).</p>
+
+<p>Certainly free software is not necessarily free of charge. And the text of the bill does not state that it has to be so, as you will have noted after reading it. The definitions included in the Bill state clearly *what* should be considered free software, at no point referring to freedom from charges. Although the possibility of savings in payments for proprietary software licenses are mentioned, the foundations of the bill clearly refer to the fundamental guarantees to be preserved and to the stimulus to local technological development. Given that a democratic State must support these principles, it has no other choice than to use software with publicly available source code, and to exchange information only in standard formats.</p>
+
+<p>If the State does not use software with these characteristics, it will be weakening basic republican principles. Luckily, free software also implies lower total costs; however, even given the hypothesis (easily disproved) that it was more expensive than proprietary software, the simple existence of an effective free software tool for a particular IT function would oblige the State to use it; not by command of this Bill, but because of the basic principles we enumerated at the start, and which arise from the very essence of the lawful democratic State.</p>
+
+<p>You continue: "6. It is wrong to think that Open Source Software is free of charge. Research by the Gartner Group (an important investigator of the technological market recognized at world level) has shown that the cost of purchase of software (operating system and applications) is only 8% of the total cost which firms and institutions take on for a rational and truly beneficial use of the technology. The other 92% consists of: installation costs, enabling, support, maintenance, administration, and down-time."</p>
+
+<p>This argument repeats that already given in paragraph 5 and partly contradicts paragraph 3. For the sake of brevity we refer to the comments on those paragraphs. However, allow me to point out that your conclusion is logically false: even if according to Gartner Group the cost of software is on average only 8% of the total cost of use, this does not in any way deny the existence of software which is free of charge, that is, with a licensing cost of zero.</p>
+
+<p>In addition, in this paragraph you correctly point out that the service components and losses due to down-time make up the largest part of the total cost of software use, which, as you will note, contradicts your statement regarding the small value of services suggested in paragraph 3. Now the use of free software contributes significantly to reduce the remaining life-cycle costs. This reduction in the costs of installation, support etc. can be noted in several areas: in the first place, the competitive service model of free software, support and maintenance for which can be freely contracted out to a range of suppliers competing on the grounds of quality and low cost. This is true for installation, enabling, and support, and in large part for maintenance. In the second place, due to the reproductive characteristics of the model, maintenance carried out for an application is easily replicable, without incurring large costs (that is, without paying more than once for the same thing) since modifications, if one wishes, can be incorporated in the common fund of knowledge. Thirdly, the huge costs caused by non-functioning software ("blue screens of death", malicious code such as virus, worms, and trojans, exceptions, general protection faults and other well-known problems) are reduced considerably by using more stable software; and it is well known that one of the most notable virtues of free software is its stability.</p>
+
+<p>You further state that: "7. One of the arguments behind the bill is the supposed freedom from costs of open-source software, compared with the costs of commercial software, without taking into account the fact that there exist types of volume licensing which can be highly advantageous for the State, as has happened in other countries."</p>
+
+<p>I have already pointed out that what is in question is not the cost of the software but the principles of freedom of information, accessibility, and security. These arguments have been covered extensively in the preceding paragraphs to which I would refer you.</p>
+
+<p>On the other hand, there certainly exist types of volume licensing (although unfortunately proprietary software does not satisfy the basic principles). But as you correctly pointed out in the immediately preceding paragraph of your letter, they only manage to reduce the impact of a component which makes up no more than 8% of the total.</p>
+
+<p>You continue: "8. In addition, the alternative adopted by the bill (I) is clearly more expensive, due to the high costs of software migration, and (II) puts at risk compatibility and interoperability of the IT platforms within the State, and between the State and the private sector, given the hundreds of versions of open source software on the market."</p>
+
+<p>Let us analyze your statement in two parts. Your first argument, that migration implies high costs, is in reality an argument in favor of the Bill. Because the more time goes by, the more difficult migration to another technology will become; and at the same time, the security risks associated with proprietary software will continue to increase. In this way, the use of proprietary systems and formats will make the State ever more dependent on specific suppliers. Once a policy of using free software has been established (which certainly, does imply some cost) then on the contrary migration from one system to another becomes very simple, since all data is stored in open formats. On the other hand, migration to an open software context implies no more costs than migration between two different proprietary software contexts, which invalidates your argument completely.</p>
+
+<p>The second argument refers to "problems in interoperability of the IT platforms within the State, and between the State and the private sector" This statement implies a certain lack of knowledge of the way in which free software is built, which does not maximize the dependence of the user on a particular platform, as normally happens in the realm of proprietary software. Even when there are multiple free software distributions, and numerous programs which can be used for the same function, interoperability is guaranteed as much by the use of standard formats, as required by the bill, as by the possibility of creating interoperable software given the availability of the source code.</p>
+
+<p>You then say that: "9. The majority of open source code does not offer adequate levels of service nor the guarantee from recognized manufacturers of high productivity on the part of the users, which has led various public organizations to retract their decision to go with an open source software solution and to use commercial software in its place."</p>
+
+<p>This observation is without foundation. In respect of the guarantee, your argument was rebutted in the response to paragraph 4. In respect of support services, it is possible to use free software without them (just as also happens with proprietary software), but anyone who does need them can obtain support separately, whether from local firms or from international corporations, again just as in the case of proprietary software.</p>
+
+<p>On the other hand, it would contribute greatly to our analysis if you could inform us about free software projects *established* in public bodies which have already been abandoned in favor of proprietary software. We know of a good number of cases where the opposite has taken place, but not know of any where what you describe has taken place.</p>
+
+<p>You continue by observing that: "10. The bill discourages the creativity of the Peruvian software industry, which invoices 40 million US$/year, exports 4 million US$ (10th in ranking among non-traditional exports, more than handicrafts) and is a source of highly qualified employment. With a law that encourages the use of open source, software programmers lose their intellectual property rights and their main source of payment."</p>
+
+<p>It is clear enough that nobody is forced to commercialize their code as free software. The only thing to take into account is that if it is not free software, it cannot be sold to the public sector. This is not in any case the main market for the national software industry. We covered some questions referring to the influence of the Bill on the generation of employment which would be both highly technically qualified and in better conditions for competition above, so it seems unnecessary to insist on this point.</p>
+
+<p>What follows in your statement is incorrect. On the one hand, no author of free software loses his intellectual property rights, unless he expressly wishes to place his work in the public domain. The free software movement has always been very respectful of intellectual property, and has generated widespread public recognition of its authors. Names like those of Richard Stallman, Linus Torvalds, Guido van Rossum, Larry Wall, Miguel de Icaza, Andrew Tridgell, Theo de Raadt, Andrea Arcangeli, Bruce Perens, Darren Reed, Alan Cox, Eric Raymond, and many others, are recognized world-wide for their contributions to the development of software that is used today by millions of people throughout the world. On the other hand, to say that the rewards for authors rights make up the main source of payment of Peruvian programmers is in any case a guess, in particular since there is no proof to this effect, nor a demonstration of how the use of free software by the State would influence these payments.</p>
+
+<p>You go on to say that: "11. Open source software, since it can be distributed without charge, does not allow the generation of income for its developers through exports. In this way, the multiplier effect of the sale of software to other countries is weakened, and so in turn is the growth of the industry, while Government rules ought on the contrary to stimulate local industry."</p>
+
+<p>This statement shows once again complete ignorance of the mechanisms of and market for free software. It tries to claim that the market of sale of non- exclusive rights for use (sale of licenses) is the only possible one for the software industry, when you yourself pointed out several paragraphs above that it is not even the most important one. The incentives that the bill offers for the growth of a supply of better qualified professionals, together with the increase in experience that working on a large scale with free software within the State will bring for Peruvian technicians, will place them in a highly competitive position to offer their services abroad.</p>
+
+<p>You then state that: "12. In the Forum, the use of open source software in education was discussed, without mentioning the complete collapse of this initiative in a country like Mexico, where precisely the State employees who founded the project now state that open source software did not make it possible to offer a learning experience to pupils in the schools, did not take into account the capability at a national level to give adequate support to the platform, and that the software did not and does not allow for the levels of platform integration that now exist in schools."</p>
+
+<p>In fact Mexico has gone into reverse with the Red Escolar (Schools Network) project. This is due precisely to the fact that the driving forces behind the Mexican project used license costs as their main argument, instead of the other reasons specified in our project, which are far more essential. Because of this conceptual mistake, and as a result of the lack of effective support from the SEP (Secretary of State for Public Education), the assumption was made that to implant free software in schools it would be enough to drop their software budget and send them a CD ROM with Gnu/Linux instead. Of course this failed, and it couldn't have been otherwise, just as school laboratories fail when they use proprietary software and have no budget for implementation and maintenance. That's exactly why our bill is not limited to making the use of free software mandatory, but recognizes the need to create a viable migration plan, in which the State undertakes the technical transition in an orderly way in order to then enjoy the advantages of free software.</p>
+
+<p>You end with a rhetorical question: "13. If open source software satisfies all the requirements of State bodies, why do you need a law to adopt it? Shouldn't it be the market which decides freely which products give most benefits or value?"</p>
+
+<p>We agree that in the private sector of the economy, it must be the market that decides which products to use, and no state interference is permissible there. However, in the case of the public sector, the reasoning is not the same: as we have already established, the state archives, handles, and transmits information which does not belong to it, but which is entrusted to it by citizens, who have no alternative under the rule of law. As a counterpart to this legal requirement, the State must take extreme measures to safeguard the integrity, confidentiality, and accessibility of this information. The use of proprietary software raises serious doubts as to whether these requirements can be fulfilled, lacks conclusive evidence in this respect, and so is not suitable for use in the public sector.</p>
+
+<p>The need for a law is based, firstly, on the realization of the fundamental principles listed above in the specific area of software; secondly, on the fact that the State is not an ideal homogeneous entity, but made up of multiple bodies with varying degrees of autonomy in decision making. Given that it is inappropriate to use proprietary software, the fact of establishing these rules in law will prevent the personal discretion of any state employee from putting at risk the information which belongs to citizens. And above all, because it constitutes an up-to-date reaffirmation in relation to the means of management and communication of information used today, it is based on the republican principle of openness to the public.</p>
+
+<p>In conformance with this universally accepted principle, the citizen has the right to know all information held by the State and not covered by well- founded declarations of secrecy based on law. Now, software deals with information and is itself information. Information in a special form, capable of being interpreted by a machine in order to execute actions, but crucial information all the same because the citizen has a legitimate right to know, for example, how his vote is computed or his taxes calculated. And for that he must have free access to the source code and be able to prove to his satisfaction the programs used for electoral computations or calculation of his taxes.</p>
+
+<p>I wish you the greatest respect, and would like to repeat that my office will always be open for you to expound your point of view to whatever level of detail you consider suitable.</p>
+
+<p>Cordially,<br>
+DR. EDGAR DAVID VILLANUEVA NUÑEZ<br>
+Congressman of the Republic of Perú.</p>
+</blockquote>
</description>
</item>
<item>
- <title>MS Word krøller det til for politiet?</title>
- <link>http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html</guid>
- <pubDate>Thu, 8 Jul 2010 14:00:00 +0200</pubDate>
+ <title>Officeshots still going strong</title>
+ <link>http://people.skolelinux.org/pere/blog/Officeshots_still_going_strong.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Officeshots_still_going_strong.html</guid>
+ <pubDate>Sat, 25 Dec 2010 09:40:00 +0100</pubDate>
<description>
-<p>De siste dagene har Aftenposten
-<a href="http://www.aftenposten.no/nyheter/iriks/article3718597.ece">fortalt</a>
-<a href="http://www.aftenposten.no/nyheter/iriks/article3724249.ece">hvordan</a>
-politet har brukt skriveverktøy som ikke håndterer arabisk tekst og
-tekst som skal skrives fra høyre mot venstre når de har laget
-løpeseddel for å be om informasjon fra publikum. Resultatet har vært
-en uleselig arabisk-bit på løpeseddelen. Feilen har oppstått når
-teksten har blitt "kopiert inn i programvare som ikke har støtte for
-språk som skrives fra høyre mot venstre", og jeg er ganske sikker på
-at det er snakk om Microsoft Office i dette tilfellet. Er det slik at
-MS Office i norsk språkdrakt ikke har støtte for tekst som skal
-skrives fra høyre mot venstre? Jeg tror alle utgaver av
-OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å
-la slik støtte finnes i alle utgaver av et program hvis støtten først
-er utviklet. Aftenpostens melding får meg til å undre om problemet
-ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS
-Office.</p>
-
-<p>Mon tro om det er flere eksempler på at MS Office har ødelagt for
-offentlig myndighet?</p>
+<p>Half a year ago I
+<a href="http://people.skolelinux.org/pere/blog/Officeshots_taking_shape.html">wrote
+a bit</a> about <a href="http://www.officeshots.org/">OfficeShots</a>,
+a web service to allow anyone to test how ODF documents are handled by
+the different programs reading and writing the ODF format.</p>
+
+<p>I just had a look at the service, and it seem to be going strong.
+Very interesting to see the results reported in the gallery, how
+different Office implementations handle different ODF features. Sad
+to see that KOffice was not doing it very well, and happy to see that
+LibreOffice has been tested already (but sadly not listed as a option
+for OfficeShots users yet). I am glad to see that the ODF community
+got such a great test tool available.</p>
</description>
</item>
<item>
- <title>Lenny->Squeeze upgrades, apt vs aptitude with the Gnome desktop</title>
- <link>http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html</guid>
- <pubDate>Sat, 3 Jul 2010 23:55:00 +0200</pubDate>
+ <title>165 norske overvåkningskamera registert så langt i OpenStreetmap.org</title>
+ <link>http://people.skolelinux.org/pere/blog/165_norske_overv__kningskamera_registert_s___langt_i_OpenStreetmap_org.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/165_norske_overv__kningskamera_registert_s___langt_i_OpenStreetmap_org.html</guid>
+ <pubDate>Fri, 24 Dec 2010 11:20:00 +0100</pubDate>
<description>
-<p>Here is a short update on my <a
-href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">my
-Debian Lenny->Squeeze upgrade testing</a>. Here is a summary of the
-difference for Gnome when it is upgraded by apt-get and aptitude. I'm
-not reporting the status for KDE, because the upgrade crashes when
-aptitude try because of missing conflicts
-(<a href="http://bugs.debian.org/584861">#584861</a> and
-<a href="http://bugs.debian.org/585716">#585716</a>).</p>
-
-<p>At the end of the upgrade test script, dpkg -l is executed to get a
-complete list of the installed packages. Based on this I see these
-differences when I did a test run today. As usual, I do not really
-know what the correct set of packages would be, but thought it best to
-publish the difference.</p>
-
-<p>Installed using apt-get, missing with aptitude</p>
-
-<blockquote><p>
- at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
- libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
- libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
- libgtksourceview-common libpt-1.10.10-plugins-alsa
- libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
- libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
- python-4suite-xml python-eggtrayicon python-gtkhtml2
- python-gtkmozembed svgalibg1 xserver-xephyr zip
-</p></blockquote>
-
-<p>Installed using apt-get, removed with aptitude</p>
-
-<blockquote><p>
- bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
- gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
- libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
- libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
- libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
- libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
- libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
- libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
- libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
- libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
- libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
- libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
- libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
- libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
- libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
- libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
- libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
- libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
- libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
- mysql-common swfdec-gnome totem-gstreamer wodim
-</p></blockquote>
-
-<p>Installed using aptitude, missing with apt-get</p>
-
-<blockquote><p>
- gnome gnome-desktop-environment hamster-applet python-gnomeapplet
- python-gnomekeyring python-wnck rhythmbox-plugins xorg
- xserver-xorg-input-all xserver-xorg-input-evdev
- xserver-xorg-input-kbd xserver-xorg-input-mouse
- xserver-xorg-input-synaptics xserver-xorg-video-all
- xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
- xserver-xorg-video-chips xserver-xorg-video-cirrus
- xserver-xorg-video-dummy xserver-xorg-video-fbdev
- xserver-xorg-video-glint xserver-xorg-video-i128
- xserver-xorg-video-i740 xserver-xorg-video-mach64
- xserver-xorg-video-mga xserver-xorg-video-neomagic
- xserver-xorg-video-nouveau xserver-xorg-video-nv
- xserver-xorg-video-r128 xserver-xorg-video-radeon
- xserver-xorg-video-radeonhd xserver-xorg-video-rendition
- xserver-xorg-video-s3 xserver-xorg-video-s3virge
- xserver-xorg-video-savage xserver-xorg-video-siliconmotion
- xserver-xorg-video-sis xserver-xorg-video-sisusb
- xserver-xorg-video-tdfx xserver-xorg-video-tga
- xserver-xorg-video-trident xserver-xorg-video-tseng
- xserver-xorg-video-vesa xserver-xorg-video-vmware
- xserver-xorg-video-voodoo
-</p></blockquote>
-
-<p>Installed using aptitude, removed with apt-get</p>
-
-<blockquote><p>
- deskbar-applet xserver-xorg xserver-xorg-core
- xserver-xorg-input-wacom xserver-xorg-video-intel
- xserver-xorg-video-openchrome
-</p></blockquote>
-
-<p>I was told on IRC that the xorg-xserver package was
-<a href="http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120">changed
-in git</a> today to try to get apt-get to not remove xorg completely.
-No idea when it hits Squeeze, but when it does I hope it will reduce
-the difference somewhat.
+<p>Jeg flikket litt på OpenStreetmap.org i går, og oppdaget ved en
+tilfeldighet at det er en rekke noder som representerer
+overvåkningskamera som ikke blir med på kartet med overvåkningskamera
+i Norge som
+<a href="http://people.skolelinux.org/pere/blog/Kart_over_overv__kningskamera_i_Norge.html">jeg
+laget</a> for snart to år siden. Fra før tok jeg med noder merket med
+man_made=surveillance, mens det er en rekke noder som kun er merket
+med highway=speed_camera. Endret på koden som henter ut kameralisten
+fra OSM, og vips er antall kamera økt til 165.</p>
+
+<a href="http://people.skolelinux.no/pere/surveillance-norway/">Kartet</a>
+er fortsatt ikke komplett, så hvis du ser noen kamera som mangler,
+legg inn ved å følge instruksene fra
+<a href="http://personvern.no/wiki/index.php/Kameraovervåkning">prosjektsiden</a>.
+Hvis du vet om noen flere måter å merke overvåkningskamera i OSM, ta
+kontakt slik at jeg kan få med også disse.</p>
</description>
</item>
<item>
- <title>Caching password, user and group on a roaming Debian laptop</title>
- <link>http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html</guid>
- <pubDate>Thu, 1 Jul 2010 11:40:00 +0200</pubDate>
+ <title>How to test if a laptop is working with Linux</title>
+ <link>http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html</guid>
+ <pubDate>Wed, 22 Dec 2010 14:55:00 +0100</pubDate>
<description>
-<p>For a laptop, centralized user directories and password checking is
-a bit troubling. Laptops are typically used also when not connected
-to the network, and it is vital for a user to be able to log in or
-unlock the screen saver also when a central server is unavailable.
-This is possible by caching passwords and directory information (user
-and group attributes) locally, and the packages to do so are available
-in Debian. Here follow two recipes to set this up in Debian/Squeeze.
-It is also possible to set up in Debian/Lenny, but require more manual
-setup there because pam-auth-update is missing in Lenny.</p>
-
-<h2>LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir</h2>
-
-This is the traditional method with a twist. The password caching is
-provided by libpam-ccreds (version 10-4 or later is needed on
-Squeeze), and the directory caching is done by nscd. The directory
-lookup and password checking is done using LDAP. If one want to use
-Kerberos for password checking the libpam-ldapd package can be
-replaced with libpam-krb5 or libpam-heimdal. If one is happy having a
-local home directory with the path listed in LDAP, one can use the
-pam_mkhomedir module from pam-modules to make this happen instead of
-using libpam-mklocaluser. A setup for pam-auth-update to enable
-pam_mkhomedir will have to be written until a fix for
-<a href="http://bugs.debian.org/568577">bug #568577</a> is in the
-archive. Because I believe it is a bad idea to have local home
-directories using misleading paths like /site/server/partition/, I
-prefer to create a local user with the home directory in /home/. This
-is done using the libpam-mklocaluser package.</p>
-
-<p>These packages need to be installed and configured</p>
-
-<blockquote><pre>
-libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
-</pre></blockquote>
-
-<p>The ldapd packages will ask for LDAP connection information, and
-one have to fill in the values that fits ones own site. Make sure the
-PAM part uses encrypted connections, to make sure the password is not
-sent in clear text to the LDAP server. I've been unable to get TLS
-certificate checking for a self signed certificate working, which make
-LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
-is talking to the correct LDAP server), and very much welcome feedback
-on how to get this working.</p>
-
-<p>Because nscd do not have a default configuration fit for offline
-caching until <a href="http://bugs.debian.org/485282">bug #485282</a>
-is fixed, this configuration should be used instead of the one
-currently in /etc/nscd.conf. The changes are in the fields
-reload-count and positive-time-to-live, and is based on the
-instructions I found in the
-<a href="http://www.flyn.org/laptopldap/">LDAP for Mobile Laptops</a>
-instructions by Flyn Computing.</p>
-
-<blockquote><pre>
- debug-level 0
- reload-count unlimited
- paranoia no
-
- enable-cache passwd yes
- positive-time-to-live passwd 2592000
- negative-time-to-live passwd 20
- suggested-size passwd 211
- check-files passwd yes
- persistent passwd yes
- shared passwd yes
- max-db-size passwd 33554432
- auto-propagate passwd yes
-
- enable-cache group yes
- positive-time-to-live group 2592000
- negative-time-to-live group 20
- suggested-size group 211
- check-files group yes
- persistent group yes
- shared group yes
- max-db-size group 33554432
- auto-propagate group yes
-
- enable-cache hosts no
- positive-time-to-live hosts 2592000
- negative-time-to-live hosts 20
- suggested-size hosts 211
- check-files hosts yes
- persistent hosts yes
- shared hosts yes
- max-db-size hosts 33554432
-
- enable-cache services yes
- positive-time-to-live services 2592000
- negative-time-to-live services 20
- suggested-size services 211
- check-files services yes
- persistent services yes
- shared services yes
- max-db-size services 33554432
-</pre></blockquote>
-
-<p>While we wait for a mechanism to update /etc/nsswitch.conf
-automatically like the one provided in
-<a href="http://bugs.debian.org/496915">bug #496915</a>, the file
-content need to be manually replaced to ensure LDAP is used as the
-directory service on the machine. /etc/nsswitch.conf should normally
-look like this:</p>
-
-<blockquote><pre>
-passwd: files ldap
-group: files ldap
-shadow: files ldap
-hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
-networks: files
-protocols: files
-services: files
-ethers: files
-rpc: files
-netgroup: files ldap
-</pre></blockquote>
-
-<p>The important parts are that ldap is listed last for passwd, group,
-shadow and netgroup.</p>
-
-<p>With these changes in place, any user in LDAP will be able to log
-in locally on the machine using for example kdm, get a local home
-directory created and have the password as well as user and group
-attributes cached.
-
-<h2>LDAP/Kerberos + nss-updatedb + libpam-ccreds +
- libpam-mklocaluser/pam_mkhomedir</h2>
-
-<p>Because nscd have had its share of problems, and seem to have
-problems doing proper caching, I've seen suggestions and recipes to
-use nss-updatedb to copy parts of the LDAP database locally when the
-LDAP database is available. I have not tested such setup, because I
-discovered sssd.</p>
-
-<h2>LDAP/Kerberos + sssd + libpam-mklocaluser</h2>
-
-<p>A more flexible and robust setup than the nscd combination
-mentioned earlier that has shown up recently, is the
-<a href="https://fedorahosted.org/sssd/">sssd</a> package from Redhat.
-It is part of the <a href="http://www.freeipa.org/">FreeIPA</A> project
-to provide a Active Directory like directory service for Linux
-machines. The sssd system combines the caching of passwords and user
-information into one package, and remove the need for nscd and
-libpam-ccreds. It support LDAP and Kerberos, but not NIS. Version
-1.2 do not support netgroups, but it is said that it will support this
-in version 1.5 expected to show up later in 2010. Because the
-<a href="http://packages.qa.debian.org/s/sssd.html">sssd package</a>
-was missing in Debian, I ended up co-maintaining it with Werner, and
-version 1.2 is now in testing.
-
-<p>These packages need to be installed and configured to get the
-roaming setup I want</p>
-
-<blockquote><pre>
-libpam-sss libnss-sss libpam-mklocaluser
-</pre></blockquote>
-
-The complete setup of sssd is done by editing/creating
-<tt>/etc/sssd/sssd.conf</tt>.
-
-<blockquote><pre>
-[sssd]
-config_file_version = 2
-reconnection_retries = 3
-sbus_timeout = 30
-services = nss, pam
-domains = INTERN
-
-[nss]
-filter_groups = root
-filter_users = root
-reconnection_retries = 3
-
-[pam]
-reconnection_retries = 3
-
-[domain/INTERN]
-enumerate = false
-cache_credentials = true
-
-id_provider = ldap
-auth_provider = ldap
-chpass_provider = ldap
-
-ldap_uri = ldap://ldap
-ldap_search_base = dc=skole,dc=skolelinux,dc=no
-ldap_tls_reqcert = never
-ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
-</pre></blockquote>
-
-<p>I got the same problem here with certificate checking. Had to set
-"ldap_tls_reqcert = never" to get it working.</p>
-
-<p>With the libnss-sss package in testing at the moment, the
-nsswitch.conf file is update automatically, so there is no need to
-modify it manually.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>The last few days I have spent at work here at the <a
+href="http://www.uio.no/">University of oslo</a> testing if the new
+batch of computers will work with Linux. Every year for the last few
+years the university have organized shared bid of a few thousand
+computers, and this year HP won the bid. Two different desktops and
+five different laptops are on the list this year. We in the UNIX
+group want to know which one of these computers work well with RHEL
+and Ubuntu, the two Linux distributions we currently handle at the
+university.</p>
+
+<p>My test method is simple, and I share it here to get feedback and
+perhaps inspire others to test hardware as well. To test, I PXE
+install the OS version of choice, and log in as my normal user and run
+a few applications and plug in selected pieces of hardware. When
+something fail, I make a note about this in the test matrix and move
+on. If I have some spare time I try to report the bug to the OS
+vendor, but as I only have the machines for a short time, I rarely
+have the time to do this for all the problems I find.</p>
+
+<p>Anyway, to get to the point of this post. Here is the simple tests
+I perform on a new model.</p>
+
+<ul>
+
+<li>Is PXE installation working? I'm testing with RHEL6, Ubuntu Lucid
+and Ubuntu Maverik at the moment. If I feel like it, I also test with
+RHEL5 and Debian Edu/Squeeze.</li>
+
+<li>Is X.org working? If the graphical login screen show up after
+installation, X.org is working.</li>
+
+<li>Is hardware accelerated OpenGL working? Running glxgears (in
+package mesa-utils on Ubuntu) and writing down the frames per second
+reported by the program.</li>
+
+<li>Is sound working? With Gnome and KDE, a sound is played when
+logging in, and if I can hear this the test is successful. If there
+are several audio exits on the machine, I try them all and check if
+the Gnome/KDE audio mixer can control where to send the sound. I
+normally test this by playing
+<a href="http://www.nuug.no/aktiviteter/20101012-chef/ ">a HTML5
+video</a> in Firefox/Iceweasel.</li>
+
+<li>Is the USB subsystem working? I test this by plugging in a USB
+memory stick and see if Gnome/KDE notices this.</li>
+
+<li>Is the CD/DVD player working? I test this by inserting any CD/DVD
+I have lying around, and see if Gnome/KDE notices this.</li>
+
+<li>Is any built in camera working? Test using cheese, and see if a
+picture from the v4l device show up.</li>
+
+<li>Is bluetooth working? Use the Gnome/KDE browsing tool to see if
+any bluetooth devices are discovered. In my office, I normally see a
+few.</li>
+
+<li>For laptops, is the SD or Compaq Flash reader working. I have
+memory modules lying around, and stick them in and see if Gnome/KDE
+notice this.</li>
+
+<li>For laptops, is suspecd/hibernate working? I'm testing if the
+special button work, and if the laptop continue to work after
+resume.</li>
+
+<li>For laptops, is the extra buttons working, like audio level,
+adjusting background light, switching on/off external video output,
+switching on/off wifi, bluetooth, etc? The set of buttons differ from
+laptop to laptop, so I just write down which are working and which are
+not.</li>
+
+<li>Some laptops have smart card readers, finger print readers,
+acceleration sensors etc. I rarely test these, as I do not know how
+to quickly test if they are working or not, so I only document their
+existence.</li>
+
+</ul>
+
+<p>By now I suspect you are really curious what the test results are
+for the HP machines I am testing. I'm not done yet, so I will report
+the test results later. For now I can report that HP 8100 Elite work
+fine, and hibernation fail with HP EliteBook 8440p on Ubuntu Lucid,
+and audio fail on RHEL6. Ubuntu Maverik worked with 8440p. As you
+can see, I have most machines left to test. One interesting
+observation is that Ubuntu Lucid has almost twice the framerate than
+RHEL6 with glxgears. No idea why.</p>
</description>
</item>
projects / homepage.git / blobdiff