<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
<item>
- <title>Parallellized boot is now the default in Debian/unstable</title>
- <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellized_boot_is_now_the_default_in_Debian_unstable.html</guid>
- <pubDate>Fri, 14 May 2010 22:40:00 +0200</pubDate>
+ <title>Some notes on Flash in Debian and Debian Edu</title>
+ <link>http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Some_notes_on_Flash_in_Debian_and_Debian_Edu.html</guid>
+ <pubDate>Sat, 4 Sep 2010 10:10:00 +0200</pubDate>
<description>
-<p>Since this evening, parallel booting is the default in
-Debian/unstable for machines using dependency based boot sequencing.
-Apparently the testing of concurrent booting has been wider than
-expected, if I am to believe the
-<a href="http://lists.debian.org/debian-devel/2010/05/msg00122.html">input
-on debian-devel@</a>, and I concluded a few days ago to move forward
-with the feature this weekend, to give us some time to detect any
-remaining problems before Squeeze is frozen. If serious problems are
-detected, it is simple to change the default back to sequential boot.
-The upload of the new sysvinit package also activate a new upstream
-version.</p>
-
-More information about
-<a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
-based boot sequencing</a> is available from the Debian wiki. It is
-currently possible to disable parallel booting when one run into
-problems caused by it, by adding this line to /etc/default/rcS:</p>
-
-<blockquote><pre>
-CONCURRENCY=none
-</pre></blockquote>
-
-<p>If you report any problems with dependencies in init.d scripts to
-the BTS, please usertag the report to get it to show up at
-<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
-list of usertagged bugs related to this</a>.</p>
+<p>In the <a href="http://popcon.debian.org/unknown/by_vote">Debian
+popularity-contest numbers</a>, the adobe-flashplugin package the
+second most popular used package that is missing in Debian. The sixth
+most popular is flashplayer-mozilla. This is a clear indication that
+working flash is important for Debian users. Around 10 percent of the
+users submitting data to popcon.debian.org have this package
+installed.</p>
+
+<p>In the report written by Lars Risan in August 2008
+(«<a href="http://wiki.skolelinux.no/Dokumentasjon/Rapporter?action=AttachFile&do=view&target=Skolelinux_i_bruk_rapport_1.0.pdf">Skolelinux
+i bruk – Rapport for Hurum kommune, Universitetet i Agder og
+stiftelsen SLX Debian Labs</a>»), one of the most important problems
+schools experienced with <a href="http://www.skolelinux.org/">Debian
+Edu/Skolelinux</a> was the lack of working Flash. A lot of educational
+web sites require Flash to work, and lacking working Flash support in
+the web browser and the problems with installing it was perceived as a
+good reason to stay with Windows.</p>
+
+<p>I once saw a funny and sad comment in a web forum, where Linux was
+said to be the retarded cousin that did not really understand
+everything you told him but could work fairly well. This was a
+comment regarding the problems Linux have with proprietary formats and
+non-standard web pages, and is sad because it exposes a fairly common
+understanding of whose fault it is if web pages that only work in for
+example Internet Explorer 6 fail to work on Firefox, and funny because
+it explain very well how annoying it is for users when Linux
+distributions do not work with the documents they receive or the web
+pages they want to visit.</p>
+
+<p>This is part of the reason why I believe it is important for Debian
+and Debian Edu to have a well working Flash implementation in the
+distribution, to get at least popular sites as Youtube and Google
+Video to working out of the box. For Squeeze, Debian have the chance
+to include the latest version of Gnash that will make this happen, as
+the new release 0.8.8 was published a few weeks ago and is resting in
+unstable. The new version work with more sites that version 0.8.7.
+The Gnash maintainers have asked for a freeze exception, but the
+release team have not had time to reply to it yet. I hope they agree
+with me that Flash is important for the Debian desktop users, and thus
+accept the new package into Squeeze.</p>
</description>
</item>
<item>
- <title>Sitesummary tip: Listing MAC address of all clients</title>
- <link>http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Sitesummary_tip__Listing_MAC_address_of_all_clients.html</guid>
- <pubDate>Fri, 14 May 2010 21:10:00 +0200</pubDate>
+ <title>My first perl GUI application - controlling a Spykee robot</title>
+ <link>http://people.skolelinux.org/pere/blog/My_first_perl_GUI_application___controlling_a_Spykee_robot.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/My_first_perl_GUI_application___controlling_a_Spykee_robot.html</guid>
+ <pubDate>Wed, 1 Sep 2010 21:00:00 +0200</pubDate>
<description>
-<p>In the recent Debian Edu versions, the
-<a href="http://wiki.debian.org/DebianEdu/HowTo/SiteSummary">sitesummary
-system</a> is used to keep track of the machines in the school
-network. Each machine will automatically report its status to the
-central server after boot and once per night. The network setup is
-also reported, and using this information it is possible to get the
-MAC address of all network interfaces in the machines. This is useful
-to update the DHCP configuration.</p>
-
-<p>To give some idea how to use sitesummary, here is a one-liner to
-ist all MAC addresses of all machines reporting to sitesummary. Run
-this on the collector host:</p>
-
-<blockquote><pre>
-perl -MSiteSummary -e 'for_all_hosts(sub { print join(" ", get_macaddresses(shift)), "\n"; });'
-</pre></blockquote>
-
-<p>This will list all MAC addresses assosiated with all machine, one
-line per machine and with space between the MAC addresses.</p>
-
-<p>To allow system administrators easier job at adding static DHCP
-addresses for hosts, it would be possible to extend this to fetch
-machine information from sitesummary and update the DHCP and DNS
-tables in LDAP using this information. Such tool is unfortunately not
-written yet.</p>
+<p>This evening I made my first Perl GUI application. The last few
+days I have worked on a Perl module for controlling my recently
+aquired Spykee robots, and the module is now getting complete enought
+that it is possible to use it to control the robot driving at least.
+It was now time to figure out how to use it to create some GUI to
+allow me to drive the robot around. I picked PerlQt as I have had
+positive experiences with the Qt API before, and spent a few minutes
+browsing the web for examples. Using Qt Designer seemed like a short
+cut, so I ended up writing the perl GUI using Qt Designer and
+compiling it into a perl program using the puic program from
+libqt-perl. Nothing fancy yet, but it got buttons to connect and
+drive around.</p>
+
+<p>The perl module I have written provide a object oriented API for
+controlling the robot. Here is an small example on how to use it:</p>
+
+<p><pre>
+use Spykee;
+Spykee::discover(sub {$robot{$_[0]} = $_[1]});
+my $host = (keys %robot)[0];
+my $spykee = Spykee->new();
+$spykee->contact($host, "admin", "admin");
+$spykee->left();
+sleep 2;
+$spykee->right();
+sleep 2;
+$spykee->forward();
+sleep 2;
+$spykee->back();
+sleep 2;
+$spykee->stop();
+</pre></p>
+
+<p>Thanks to the release of the source of the robot firmware, I could
+peek into the implementation at the other end to figure out how to
+implement the protocol used by the robot. I've implemented several of
+the commands the robot understand, but is still missing the camera
+support to make it possible to control the robot from remote. First I
+want to implement support for uploading new firmware and configuring
+the wireless network, to make it possible to bootstrap a Spykee robot
+without the producers Windows and MacOSX software (I only have Linux,
+so I had to ask a friend to come over to get the robot testing
+going. :).</p>
+
+<p>Will release the source to the public soon, but need to figure out
+where to make it available first. I will add a link to
+<a href="http://wiki.nuug.no/grupper/robot/">the NUUG wiki</a> for
+those that want to check back later to find it.</p>
</description>
</item>
<item>
- <title>systemd, an interesting alternative to upstart</title>
- <link>http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/systemd__an_interesting_alternative_to_upstart.html</guid>
- <pubDate>Thu, 13 May 2010 22:20:00 +0200</pubDate>
+ <title>Forslag i stortinget om å stoppe elektronisk stemmegiving i Norge</title>
+ <link>http://people.skolelinux.org/pere/blog/Forslag_i_stortinget_om____stoppe_elektronisk_stemmegiving_i_Norge.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Forslag_i_stortinget_om____stoppe_elektronisk_stemmegiving_i_Norge.html</guid>
+ <pubDate>Tue, 31 Aug 2010 21:00:00 +0200</pubDate>
<description>
-<p>The last few days a new boot system called
-<a href="http://www.freedesktop.org/wiki/Software/systemd">systemd</a>
-has been
-<a href="http://0pointer.de/blog/projects/systemd.html">introduced</a>
-
-to the free software world. I have not yet had time to play around
-with it, but it seem to be a very interesting alternative to
-<a href="http://upstart.ubuntu.com/">upstart</a>, and might prove to be
-a good alternative for Debian when we are able to switch to an event
-based boot system. Tollef is
-<a href="http://bugs.debian.org/580814">in the process</a> of getting
-systemd into Debian, and I look forward to seeing how well it work. I
-like the fact that systemd handles init.d scripts with dependency
-information natively, allowing them to run in parallel where upstart
-at the moment do not.</p>
-
-<p>Unfortunately do systemd have the same problem as upstart regarding
-platform support. It only work on recent Linux kernels, and also need
-some new kernel features enabled to function properly. This means
-kFreeBSD and Hurd ports of Debian will need a port or a different boot
-system. Not sure how that will be handled if systemd proves to be the
-way forward.</p>
-
-<p>In the mean time, based on the
-<a href="http://lists.debian.org/debian-devel/2010/05/msg00122.html">input
-on debian-devel@</a> regarding parallel booting in Debian, I have
-decided to enable full parallel booting as the default in Debian as
-soon as possible (probably this weekend or early next week), to see if
-there are any remaining serious bugs in the init.d dependencies. A
-new version of the sysvinit package implementing this change is
-already in experimental. If all go well, Squeeze will be released
-with parallel booting enabled by default.</p>
+<p>Ble tipset i dag om at et forslag om å stoppe forsøkene med
+elektronisk stemmegiving utenfor valglokaler er
+<a href="http://www.stortinget.no/no/Saker-og-publikasjoner/Saker/Sak/?p=46616">til
+behandling</a> i Stortinget.
+<a href="http://www.stortinget.no/Global/pdf/Representantforslag/2009-2010/dok8-200910-128.pdf">Forslaget</a>
+er fremmet av Erna Solberg, Michael Tetzschner og Trond Helleland.</p>
+
+<p>Håper det får flertall.</p>
</description>
</item>
<item>
- <title>Parallellizing the boot in Debian Squeeze - ready for wider testing</title>
- <link>http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellizing_the_boot_in_Debian_Squeeze___ready_for_wider_testing.html</guid>
- <pubDate>Thu, 6 May 2010 23:25:00 +0200</pubDate>
+ <title>Broken hard link handling with sshfs</title>
+ <link>http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Broken_hard_link_handling_with_sshfs.html</guid>
+ <pubDate>Mon, 30 Aug 2010 19:30:00 +0200</pubDate>
<description>
-<p>These days, the init.d script dependencies in Squeeze are quite
-complete, so complete that it is actually possible to run all the
-init.d scripts in parallell based on these dependencies. If you want
-to test your Squeeze system, make sure
-<a href="http://wiki.debian.org/LSBInitScripts/DependencyBasedBoot">dependency
-based boot sequencing</a> is enabled, and add this line to
-/etc/default/rcS:</p>
-
-<blockquote><pre>
-CONCURRENCY=makefile
-</pre></blockquote>
-
-<p>That is it. It will cause sysv-rc to use the startpar tool to run
-scripts in parallel using the dependency information stored in
-/etc/init.d/.depend.boot, /etc/init.d/.depend.start and
-/etc/init.d/.depend.stop to order the scripts. Startpar is configured
-to try to start the kdm and gdm scripts as early as possible, and will
-start the facilities required by kdm or gdm as early as possible to
-make this happen.</p>
-
-<p>Give it a try, and see if you like the result. If some services
-fail to start properly, it is most likely because they have incomplete
-init.d script dependencies in their startup script (or some of their
-dependent scripts have incomplete dependencies). Report bugs and get
-the package maintainers to fix it. :)</p>
-
-<p>Running scripts in parallel could be the default in Debian when we
-manage to get the init.d script dependencies complete and correct. I
-expect we will get there in Squeeze+1, if we get manage to test and
-fix the remaining issues.</p>
-
-<p>If you report any problems with dependencies in init.d scripts to
-the BTS, please usertag the report to get it to show up at
-<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
-list of usertagged bugs related to this</a>.</p>
+<p>Just got an email from Tobias Gruetzmacher as a followup on my
+<a href="http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html">previous
+post about sshfs</a>. He reported another problem with sshfs. It
+fail to handle hard links properly. A simple way to spot this is to
+look at the . and .. entries in the directory tree. These should have
+a link count >1, but on sshfs the count is 1. I just tested to see
+what happen when trying to hardlink, and this fail as well:</p>
+
+<pre>
+% ln foo bar
+ln: creating hard link `bar' => `foo': Function not implemented
+%
+</pre>
+
+<p>I have not yet found time to implement a test for this in my file
+system test code, but believe having working hard links is useful to
+avoid surprised unix programs. Not as useful as working file locking
+and symlinks, which are required to get a working desktop, but useful
+nevertheless. :)</p>
+
+<p>The latest version of the file system test code is available via
+git from
+<a href="http://github.com/gebi/fs-test">http://github.com/gebi/fs-test</a></p>
</description>
</item>
<item>
- <title>Forcing new users to change their password on first login</title>
- <link>http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</guid>
- <pubDate>Sun, 2 May 2010 13:47:00 +0200</pubDate>
+ <title>Sikkerhetsteateret på flyplassene fortsetter</title>
+ <link>http://people.skolelinux.org/pere/blog/Sikkerhetsteateret_p___flyplassene_fortsetter.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Sikkerhetsteateret_p___flyplassene_fortsetter.html</guid>
+ <pubDate>Sat, 28 Aug 2010 10:40:00 +0200</pubDate>
<description>
-<p>One interesting feature in Active Directory, is the ability to
-create a new user with an expired password, and thus force the user to
-change the password on the first login attempt.</p>
-
-<p>I'm not quite sure how to do that with the LDAP setup in Debian
-Edu, but did some initial testing with a local account. The account
-and password aging information is available in /etc/shadow, but
-unfortunately, it is not possible to specify an expiration time for
-passwords, only a maximum age for passwords.</p>
-
-<p>A freshly created account (using adduser test) will have these
-settings in /etc/shadow:</p>
-
-<blockquote><pre>
-root@tjener:~# chage -l test
-Last password change : May 02, 2010
-Password expires : never
-Password inactive : never
-Account expires : never
-Minimum number of days between password change : 0
-Maximum number of days between password change : 99999
-Number of days of warning before password expires : 7
-root@tjener:~#
-</pre></blockquote>
-
-<p>The only way I could come up with to create a user with an expired
-account, is to change the date of the last password change to the
-lowest value possible (January 1th 1970), and the maximum password age
-to the difference in days between that date and today. To make it
-simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
-avoid testing if 0 is a valid value).</p>
-
-<p>After using these commands to set it up, it seem to work as
-intended:</p>
-
-<blockquote><pre>
-root@tjener:~# chage -d 1 test; chage -M 10950 test
-root@tjener:~# chage -l test
-Last password change : Jan 02, 1970
-Password expires : never
-Password inactive : never
-Account expires : never
-Minimum number of days between password change : 0
-Maximum number of days between password change : 10950
-Number of days of warning before password expires : 7
-root@tjener:~#
-</pre></blockquote>
-
-<p>So far I have tested this with ssh and console, and kdm (in
-Squeeze) login, and all ask for a new password before login in the
-user (with ssh, I was thrown out and had to log in again).</p>
-
-<p>Perhaps we should set up something similar for Debian Edu, to make
-sure only the user itself have the account password?</p>
-
-<p>If you want to comment on or help out with implementing this for
-Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
-
-<p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
-shadow(8) page in Debian/testing now state that setting the date of
-last password change to zero (0) will force the password to be changed
-on the first login. This was not mentioned in the manual in Lenny, so
-I did not notice this in my initial testing. I have tested it on
-Squeeze, and '<tt>chage -d 0 username</tt>' do work there. I have not
-tested it on Lenny yet.</p>
-
-<p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
-equivalent command to expire a password is '<tt>passwd -e
-username</tt>', which insert zero into the date of the last password
-change.</p>
+<p>Jeg skrev for et halvt år siden hvordan
+<a href="http://people.skolelinux.org/pere/blog/Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html">samfunnet
+kaster bort ressurser på sikkerhetstiltak som ikke fungerer</a>. Kom
+nettopp over en
+<a href="http://www.askthepilot.com/essays-and-stories/terrorism-tweezers-and-terminal-madness-an-essay-on-security/">historie
+fra en pilot fra USA</a> som kommenterer det samme. Jeg mistenker det
+kun er uvitenhet og autoritetstro som gjør at så få protesterer. Har
+veldig sans for piloten omtalt i <a
+href="http://www.aftenposten.no/nyheter/iriks/article2057501.ece">Aftenposten</a> 2007-10-23,
+og skulle ønske flere rettet oppmerksomhet mot problemet. Det gir
+ikke meg trygghetsfølelse på flyplassene når jeg ser at
+flyplassadministrasjonen kaster bort folk, penger og tid på tull i
+stedet for ting som bidrar til reell økning av sikkerheten. Det
+forteller meg jo at vurderingsevnen til de som burde bidra til økt
+sikkerhet er svært sviktende, noe som ikke taler godt for de andre
+tiltakene.</p>
+
+<p>Mon tro hva som skjer hvis det fantes en enkel brosjyre å skrive ut
+fra Internet som forklarte hva som er galt med sikkerhetsopplegget på
+flyplassene, og folk skrev ut og la en bunke på flyplassene når de
+passerte. Kanskje det ville fått flere til å få øynene opp for
+problemet.</p>
+
+<p>Personlig synes jeg flyopplevelsen er blitt så avskyelig at jeg
+forsøker å klare meg med tog, bil og båt for å slippe ubehaget. Det
+er dog noe vanskelig i det langstrakte Norge og for å kunne besøke de
+delene av verden jeg ønsker å nå. Mistenker at flere har det slik, og
+at dette går ut over inntjeningen til flyselskapene. Det er antagelig
+en god ting sett fra et miljøperspektiv, men det er en annen sak.</p>
</description>
</item>
<item>
- <title>Thoughts on roaming laptop setup for Debian Edu</title>
- <link>http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</guid>
- <pubDate>Wed, 28 Apr 2010 20:40:00 +0200</pubDate>
+ <title>Skolelinux i Osloskolen</title>
+ <link>http://people.skolelinux.org/pere/blog/Skolelinux_i_Osloskolen.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Skolelinux_i_Osloskolen.html</guid>
+ <pubDate>Thu, 26 Aug 2010 22:25:00 +0200</pubDate>
<description>
-<p>For some years now, I have wondered how we should handle laptops in
-Debian Edu. The Debian Edu infrastructure is mostly designed to
-handle stationary computers, and less suited for computers that come
-and go.</p>
-
-<p>Now I finally believe I have an sensible idea on how to adjust
-Debian Edu for laptops, by introducing a new profile for them, for
-example called Roaming Workstations. Here are my thought on this.
-The setup would consist of the following:</p>
-
-<ul>
-
- <li>During installation, the user name of the owner / primary user of
- the laptop is requested and a local home directory is set up for
- the user, with uid and gid information fetched from the LDAP
- server. This allow the user to work also when offline. The
- central home directory can be available in a subdirectory on
- request, for example mounted via CIFS. It could be mounted
- automatically when a user log in while on the Debian Edu network,
- and unmounted when the machine is taken away (network down,
- hibernate, etc), it can be set up to do automatic mounting on
- request (using autofs), or perhaps some GUI button on the desktop
- can be used to access it when needed. Perhaps it is enough to use
- the fish protocol in KDE?</li>
-
- <li>Password checking is set up to use LDAP or Kerberos
- authentication when the machine is on the Debian Edu network, and
- to cache the password for offline checking when the machine unable
- to reach the LDAP or Kerberos server. This can be done using
- <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
- or the Fedora developed
- <a href="https://fedoraproject.org/wiki/Features/SSSD">System
- Security Services Daemon</a> packages.</li>
-
- <li>File synchronisation with the central home directory is set up
- using a shared directory in both the local and the central home
- directory, using unison.</li>
-
- <li>Printing should be set up to print to all printers broadcasting
- their existence on the local network, and should then work out of
- the box with CUPS. For sites needing accurate printer quotas, some
- system with Kerberos authentication or printing via ssh could be
- implemented.</li>
-
- <li>For users that should have local root access to their laptop,
- sudo should be used to allow this to the local user.</li>
-
- <li>It would be nice if user and group information from LDAP is
- cached on the client, but given that there are entries for the
- local user and primary group in /etc/, it should not be needed.</li>
-
-</ul>
-
-<p>I believe all the pieces to implement this are in Debian/testing at
-the moment. If we work quickly, we should be able to get this ready
-in time for the Squeeze release to freeze. Some of the pieces need
-tweaking, like libpam-ccreds should get support for pam-auth-update
-(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
-perhaps debian-edu-config) should get some integration code to stop
-its daemon when the LDAP server is unavailable to avoid long timeouts
-when disconnected from the net. If we get Kerberos enabled, we need
-to make sure we avoid long timeouts there too.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>Denne høsten skal endelig alle Osloskolene få mulighet til å bruke
+<a href="http://www.skolelinux.org/">Skolelinux</a>. Ny IT-løsning
+har vært rullet ut i noen måneder nå, og så vidt jeg fikk vite før
+sommeren skulle alle skoler ha nytt opplegg på plass før oppstart nå i
+høst. På alle skolene skal en kunne velge ved installasjon om en skal
+ha Windows eller Skolelinux på maskinene, og en kan i tillegg
+PXE-boote maskinene over nett som tynne klienter eller diskløse
+arbeidsstasjoner. Jeg er spent på hvor mange skoler som velger å ta i
+bruk Skolelinux, og gleder meg til å se hvordan dette utvikler seg.
+Løsningen leveres av
+<a href="http://www.logica.no/">Logica</a> med
+<a href="http://www.slxdrift.no/">Skolelinux Drift AS</a> som
+underleverandør, og jeg har vært involvert i utviklingen av løsningen
+via Skolelinux Drift AS siden prosjektet starter. Jeg synes det er
+fantastisk at Skolelinux er kommet så langt siden vi startet i 2001 at
+alle elevene i Osloskolene nå skal få mulighet til å bruke
+løsningen. Jeg håper de vil sette pris på alle de
+<a href="http://www.skolelinux.no/linux-signpost/">fantastiske
+brukerprogrammene</a> som er tilgjengelig i Skolelinux.</p>
</description>
</item>
<item>
- <title>Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</title>
- <link>http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html</guid>
- <pubDate>Mon, 19 Apr 2010 17:10:00 +0200</pubDate>
+ <title>Broken umask handling with sshfs</title>
+ <link>http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Broken_umask_handling_with_sshfs.html</guid>
+ <pubDate>Thu, 26 Aug 2010 13:30:00 +0200</pubDate>
<description>
-<p>The last few weeks i have had the pleasure of reading a
-thought-provoking collection of essays by Cory Doctorow, on topics
-touching copyright, virtual worlds, the future of man when the
-conscience mind can be duplicated into a computer and many more. The
-book titled "Content: Selected Essays on Technology, Creativity,
-Copyright, and the Future of the Future" is available with few
-restrictions on the web, for example from
-<a href="http://craphound.com/content/">his own site</a>. I read the
-epub-version from
-<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
-<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
-strongly recommend this book.</p>
+<p>My file system sematics program
+<a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">presented
+a few days ago</a> is very useful to verify that a file system can
+work as a unix home directory,and today I had to extend it a bit. I'm
+looking into alternatives for home directory access here at the
+University of Oslo, and one of the options is sshfs. My friend
+Finn-Arne mentioned a while back that they had used sshfs with Debian
+Edu, but stopped because of problems. I asked today what the problems
+where, and he mentioned that sshfs failed to handle umask properly.
+Trying to detect the problem I wrote this addition to my fs testing
+script:</p>
+
+<pre>
+mode_t touch_get_mode(const char *name, mode_t mode) {
+ mode_t retval = 0;
+ int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, mode);
+ if (-1 != fd) {
+ unlink(name);
+ struct stat statbuf;
+ if (-1 != fstat(fd, &statbuf)) {
+ retval = statbuf.st_mode & 0x1ff;
+ }
+ close(fd);
+ }
+ return retval;
+}
+
+/* Try to detect problem discovered using sshfs */
+int test_umask(void) {
+ printf("info: testing umask effect on file creation\n");
+
+ mode_t orig_umask = umask(000);
+ mode_t newmode;
+ if (0666 != (newmode = touch_get_mode("foobar", 0666))) {
+ printf(" error: Wrong file mode %o when creating using mode 666 and umask 000\n",
+ newmode);
+ }
+ umask(007);
+ if (0660 != (newmode = touch_get_mode("foobar", 0666))) {
+ printf(" error: Wrong file mode %o when creating using mode 666 and umask 007\n",
+ newmode);
+ }
+
+ umask (orig_umask);
+ return 0;
+}
+
+int main(int argc, char **argv) {
+ [...]
+ test_umask();
+ return 0;
+}
+</pre>
+
+<p>Sure enough. On NFS to a netapp, I get this result:</p>
+
+<pre>
+Testing POSIX/Unix sematics on file system
+info: testing symlink creation
+info: testing subdirectory creation
+info: testing fcntl locking
+ Read-locking 1 byte from 1073741824
+ Read-locking 510 byte from 1073741826
+ Unlocking 1 byte from 1073741824
+ Write-locking 1 byte from 1073741824
+ Write-locking 510 byte from 1073741826
+ Unlocking 2 byte from 1073741824
+info: testing umask effect on file creation
+</pre>
+
+<p>When mounting the same directory using sshfs, I get this
+result:</p>
+
+<pre>
+Testing POSIX/Unix sematics on file system
+info: testing symlink creation
+info: testing subdirectory creation
+info: testing fcntl locking
+ Read-locking 1 byte from 1073741824
+ Read-locking 510 byte from 1073741826
+ Unlocking 1 byte from 1073741824
+ Write-locking 1 byte from 1073741824
+ Write-locking 510 byte from 1073741826
+ Unlocking 2 byte from 1073741824
+info: testing umask effect on file creation
+ error: Wrong file mode 644 when creating using mode 666 and umask 000
+ error: Wrong file mode 640 when creating using mode 666 and umask 007
+</pre>
+
+<p>So, I can conclude that sshfs is better than smb to a Netapp or a
+Windows server, but not good enough to be used as a home
+directory.</p>
+
+<p>Update 2010-08-26: Reported the issue in
+<a href="http://bugs.debian.org/594498">BTS report #594498</a></p>
+
+<p>Update 2010-08-27: Michael Gebetsroither report that he found the
+script so useful that he created a GIT repository and stored it in
+<a href="http://github.com/gebi/fs-test">http://github.com/gebi/fs-test</a>.</p>
</description>
</item>
<item>
- <title>Kerberos for Debian Edu/Squeeze?</title>
- <link>http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html</guid>
- <pubDate>Wed, 14 Apr 2010 17:20:00 +0200</pubDate>
+ <title>Elektronisk stemmegiving er ikke til å stole på - heller ikke i Norge</title>
+ <link>http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Elektronisk_stemmegiving_er_ikke_til____stole_p_____heller_ikke_i_Norge.html</guid>
+ <pubDate>Mon, 23 Aug 2010 19:30:00 +0200</pubDate>
<description>
-<p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
-NUUG presentation</a> about Kerberos was inspiring, and reminded me
-about the need to start using Kerberos in Skolelinux. Setting up a
-Kerberos server seem to be straight forward, and if we get this in
-place a long time before the Squeeze version of Debian freezes, we
-have a chance to migrate Skolelinux away from NFSv3 for the home
-directories, and over to an architecture where the infrastructure do
-not have to trust IP addresses and machines, and instead can trust
-users and cryptographic keys instead.</p>
-
-<p>A challenge will be integration and administration. Is there a
-Kerberos implementation for Debian where one can control the
-administration access in Kerberos using LDAP groups? With it, the
-school administration will have to maintain access control using flat
-files on the main server, which give a huge potential for errors.</p>
-
-<p>A related question I would like to know is how well Kerberos and
-pam-ccreds (offline password check) work together. Anyone know?</p>
-
-<p>Next step will be to use Kerberos for access control in Lwat and
-Nagios. I have no idea how much work that will be to implement. We
-would also need to document how to integrate with Windows AD, as such
-shared network will require two Kerberos realms that need to cooperate
-to work properly.</p>
-
-<p>I believe a good start would be to start using Kerberos on the
-skolelinux.no machines, and this way get ourselves experience with
-configuration and integration. A natural starting point would be
-setting up ldap.skolelinux.no as the Kerberos server, and migrate the
-rest of the machines from PAM via LDAP to PAM via Kerberos one at the
-time.</p>
-
-<p>If you would like to contribute to get this working in Skolelinux,
-I recommend you to see the video recording from yesterdays NUUG
-presentation, and start using Kerberos at home. The video show show
-up in a few days.</p>
+<p>I Norge pågår en prosess for å
+<a href="http://www.e-valg.dep.no/">innføre elektronisk
+stemmegiving</a> ved kommune- og stortingsvalg. Dette skal
+introduseres i 2011. Det er all grunn til å tro at valg i Norge ikke
+vil være til å stole på hvis dette blir gjennomført. Da det hele var
+oppe til høring i 2006 forfattet jeg
+<a href="http://www.nuug.no/dokumenter/valg-horing-2006-09.pdf">en
+høringsuttalelse fra NUUG</a> (og EFN som hengte seg på) som skisserte
+hvilke punkter som må oppfylles for at en skal kunne stole på et valg,
+og elektronisk stemmegiving mangler flere av disse. Elektronisk
+stemmegiving er for alle praktiske formål å putte ens stemme i en sort
+boks under andres kontroll, og satse på at de som har kontroll med
+boksen er til å stole på - uten at en har mulighet til å verifisere
+dette selv. Det er ikke slik en gjennomfører demokratiske valg.</p>
+
+<p>Da problemet er fundamentalt med hvordan elektronisk stemmegiving
+må fungere for at også ikke-krypografer skal kunne delta, har det vært
+mange rapporter om hvordan elektronisk stemmegiving har sviktet i land
+etter land. En
+<a href="http://wiki.nuug.no/uttalelser/2006-elektronisk-stemmegiving">liten
+samling referanser</a> finnes på NUUGs wiki. Den siste er fra India,
+der valgkomisjonen har valgt
+<a href="http://www.freedom-to-tinker.com/blog/jhalderm/electronic-voting-researcher-arrested-over-anonymous-source">å
+pusse politiet på en forsker</a> som har dokumentert svakheter i
+valgsystemet.</p>
+
+<p>Her i Norge har en valgt en annen tilnærming, der en forsøker seg
+med teknobabbel for å få befolkningen til å tro at dette skal bli
+sikkert. Husk, elektronisk stemmegiving underminerer de demokratiske
+valgene i Norge, og bør ikke innføres.</p>
+
+<p>Den offentlige diskusjonen blir litt vanskelig av at media har
+valgt å kalle dette "evalg", som kan sies å både gjelde elektronisk
+opptelling av valget som Norge har gjort siden 60-tallet og som er en
+svært god ide, og elektronisk opptelling som er en svært dårlig ide.
+Diskusjonen gir ikke mening hvis en skal diskutere om en er for eller
+mot "evalg", og jeg forsøker derfor å være klar på at jeg snakker om
+elektronisk stemmegiving og unngå begrepet "evalg".</p>
</description>
</item>
<item>
- <title>På vegne av vanvitting mange, Aftenposten!</title>
- <link>http://people.skolelinux.org/pere/blog/P___vegne_av_vanvitting_mange__Aftenposten_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/P___vegne_av_vanvitting_mange__Aftenposten_.html</guid>
- <pubDate>Sat, 6 Mar 2010 21:15:00 +0100</pubDate>
+ <title>Robot, reis deg...</title>
+ <link>http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html</guid>
+ <pubDate>Sat, 21 Aug 2010 22:10:00 +0200</pubDate>
<description>
-<p><a href="http://fotball.aftenposten.no/incoming/article163000.ece">Aftenposten
-melder</a> på forsiden av webavisen sin at de tror Erling Fossen
-provoserer nordlendinger med sine uttalelser på
-fotballtinget. Jeg er utflyttet nordlending, og må innrømme at jeg
-ikke kjennet så mye som et snev av provokasjon fra denne litt morsomme
-uttalelsen til Hr. Fossen. Lurer på om Aftenposten har noen kilder
-utenom redaksjonen for sin påstand om at nordledinger er provosert av
-Hr. Fossen. Må innrømme at jeg tviler på det.</p>
-
-<p>Det hele bringer tankene tilbake til Sture Hansen i Hallo i Uken.</p>
+<p>I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og
+har brukt noen timer til å google etter interessante referanser og
+aktuell kildekode for bruk på Linux. Det mest lovende så langt er
+<a href="http://ispykee.toyz.org/">ispykee</a>, som har en
+BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på
+lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for
+å fjernstyre roboten. Linux-daemonen implementerer deler av
+protokollen som roboten forstår. Etter å ha knotet litt med å oppnå
+kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg
+måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at
+den lytter på IP-port 9000 og 9001, gikk jeg i gang med å finne ut
+hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten
+av protokollen er publisert av produsenten med GPL-lisens, slik at det
+er mulig å se hvordan protokollen fungerer. Det finnes en java-klient
+for Android som så ganske snasen ut, men fant ingen kildekode for
+denne. Derimot hadde iphone-løsningen kildekode, så jeg tok
+utgangspunkt i den.</p>
+
+<p>Daemonen ville i utgangspunktet forsøke å kontakte den sentrale
+tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om
+til i stedet å sette opp en nettverkstjeneste på min lokale maskin,
+som jeg kan koble meg opp til med telnet og gi kommandoer til roboten
+(act, forward, right, left, etc). Det involverte i praksis å bytte ut
+socket()/connect() med socket()/bind()/listen()/accept() for å gjøre
+klienten om til en tjener.</p>
+
+<p>Mens jeg har forsøkt å få roboten til å bevege seg har min samboer
+skrudd sammen resten av roboten for å få montert kamera og plastpynten
+(armer, plastfiber for lys). Nå er det hele montert, og roboten er
+klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett
+før det blir praktisk, men de bitene av protokollen er ikke
+implementert i ispykee-daemonen, så der må jeg enten få tak i en mac
+eller en windows-maskin, eller implementere det selv.</p>
+
+<p>Vi var tre som kjøpte slike roboter, og vi har blitt enige om å
+samle notater og referanser på <a
+href="http://wiki.nuug.no/grupper/robot/">NUUGs wiki</a>. Ta en titt
+der hvis du er nysgjerrig.</p>
</description>
</item>
<item>
- <title>After 6 years of waiting, the Xreset.d feature is implemented</title>
- <link>http://people.skolelinux.org/pere/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html</guid>
- <pubDate>Sat, 6 Mar 2010 18:15:00 +0100</pubDate>
+ <title>2 Spykee-roboter i hus, nå skal det lekes</title>
+ <link>http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html</guid>
+ <pubDate>Wed, 18 Aug 2010 13:30:00 +0200</pubDate>
<description>
-<p>6 years ago, as part of the Debian Edu development I am involved
-in, I asked for a hook in the kdm and gdm setup to run scripts as root
-when the user log out. A bug was submitted against the xfree86-common
-package in 2004 (<a href="http://bugs.debian.org/230422">#230422</a>),
-and revisited every time Debian Edu was working on a new release.
-Today, this finally paid off.</p>
-
-<p>The framework for this feature was today commited to the git
-repositry for the xorg package, and the git repository for xdm has
-been updated to use this framework. Next on my agenda is to make sure
-kdm and gdm also add code to use this framework.</p>
-
-<p>In Debian Edu, we want to ability to run commands as root when the
-user log out, to get rid of runaway processes and do general cleanup
-after a user. With this framework in place, we finally can do that in
-a generic way that work with all display managers using this
-framework. My goal is to get all display managers in Debian use it,
-similar to how they use the Xsession.d framework today.<p>
+<p>Jeg kjøpte nettopp to
+<a href="http://www.spykee-robot.com/">Spykee</a>-roboter, for test og
+leking. Kjøpte to da det var så billige, og gir meg mulighet til å
+eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
+ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
+en liten stabel på lager som de ikke hadde klart å selge ut etter
+fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
+vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
+det blir morsomt å se hva vi får ut av dette.</p>
+
+<p>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
+og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
+jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
+mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
+Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
+firmwaren. :)</p>
+
+<ul>
+<li><a href="http://en.wikipedia.org/wiki/Spykee">Wikipedia-oppføring</a></li>
+<li><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html">Nedlasting av firmware-kilden</a></li>
+<li><a href="http://wiki.nuug.no/grupper/robot">prosjektwiki hos NUUG</a></li>
+</ul>
</description>
</item>
projects / homepage.git / blobdiff