<link>http://people.skolelinux.org/pere/blog/</link>
<atom:link href="http://people.skolelinux.org/pere/blog/index.rss" rel="self" type="application/rss+xml" />
+ <item>
+ <title>Togsatsing på norsk, mot sykkel</title>
+ <link>http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Togsatsing_p___norsk__mot_sykkel.html</guid>
+ <pubDate>Wed, 2 Jun 2010 23:45:00 +0200</pubDate>
+ <description>
+<p>Det står dårlig til med toget når en finner på å la det
+<a href="http://www.aftenposten.no/nyheter/iriks/article3677060.ece">kappkjøre
+med sykkel</a>... Jeg tror det trengs strukturendringer for å få
+fikset på togproblemene i Norge.</p>
+
+<p>Mon tro hva toglinje mellom Narvik og Tromsø ville hatt slags
+effekt på området der?</p>
+</description>
+ </item>
+
+ <item>
+ <title>KDM fail at boot with NVidia cards - and no one try to fix it?</title>
+ <link>http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/KDM_fail_at_boot_with_NVidia_cards___and_no_one_try_to_fix_it_.html</guid>
+ <pubDate>Tue, 1 Jun 2010 17:05:00 +0200</pubDate>
+ <description>
+<p>It is strange to watch how a bug in Debian causing KDM to fail to
+start at boot when an NVidia video card is used is handled. The
+problem seem to be that the nvidia X.org driver uses a long time to
+initialize, and this duration is longer than kdm is configured to
+wait.</p>
+
+<p>I came across two bugs related to this issue,
+<a href="http://bugs.debian.org/583312">#583312</a> initially filed
+against initscripts and passed on to nvidia-glx when it became obvious
+that the nvidia drivers were involved, and
+<a href="http://bugs.debian.org/524751">#524751</a> initially filed against
+kdm and passed on to src:nvidia-graphics-drivers for unknown reasons.</p>
+
+<p>To me, it seem that no-one is interested in actually solving the
+problem nvidia video card owners experience and make sure the Debian
+distribution work out of the box for these users. The nvidia driver
+maintainers expect kdm to be set up to wait longer, while kdm expect
+the nvidia driver maintainers to fix the driver to start faster, and
+while they wait for each other I guess the users end up switching to a
+distribution that work for them. I have no idea what the solution is,
+but I am pretty sure that waiting for each other is not it.</p>
+
+<p>I wonder why we end up handling bugs this way.</p>
+</description>
+ </item>
+
+ <item>
+ <title>Parallellized boot seem to hold up well in Debian/testing</title>
+ <link>http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Parallellized_boot_seem_to_hold_up_well_in_Debian_testing.html</guid>
+ <pubDate>Thu, 27 May 2010 23:55:00 +0200</pubDate>
+ <description>
+<p>A few days ago, parallel booting was enabled in Debian/testing.
+The feature seem to hold up pretty well, but three fairly serious
+issues are known and should be solved:
+
+<p><ul>
+
+<li>The wicd package seen to
+<a href="http://bugs.debian.org/508289">break NFS mounting</a> and
+<a href="http://bugs.debian.org/581586">network setup</a> when
+parallel booting is enabled. No idea why, but the wicd maintainer
+seem to be on the case.</li>
+
+<li>The nvidia X driver seem to
+<a href="http://bugs.debian.org/583312">have a race condition</a>
+triggered more easily when parallel booting is in effect. The
+maintainer is on the case.</li>
+
+<li>The sysv-rc package fail to properly enable dependency based boot
+sequencing (the shutdown is broken) when old file-rc users
+<a href="http://bugs.debian.org/575080">try to switch back</a> to
+sysv-rc. One way to solve it would be for file-rc to create
+/etc/init.d/.legacy-bootordering, and another is to try to make
+sysv-rc more robust. Will investigate some more and probably upload a
+workaround in sysv-rc to help those trying to move from file-rc to
+sysv-rc get a working shutdown.</li>
+
+</ul></p>
+
+<p>All in all not many surprising issues, and all of them seem
+solvable before Squeeze is released. In addition to these there are
+some packages with bugs in their dependencies and run level settings,
+which I expect will be fixed in a reasonable time span.</p>
+
+<p>If you report any problems with dependencies in init.d scripts to
+the BTS, please usertag the report to get it to show up at
+<a href="http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=initscripts-ng-devel@lists.alioth.debian.org">the
+list of usertagged bugs related to this</a>.</p>
+
+<p>Update: Correct bug number to file-rc issue.</p>
+</description>
+ </item>
+
+ <item>
+ <title>More flexible firmware handling in debian-installer</title>
+ <link>http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html</link>
+ <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/More_flexible_firmware_handling_in_debian_installer.html</guid>
+ <pubDate>Sat, 22 May 2010 21:30:00 +0200</pubDate>
+ <description>
+<p>After a long break from debian-installer development, I finally
+found time today to return to the project. Having to spend less time
+working dependency based boot in debian, as it is almost complete now,
+definitely helped freeing some time.</p>
+
+<p>A while back, I ran into a problem while working on Debian Edu. We
+include some firmware packages on the Debian Edu CDs, those needed to
+get disk and network controllers working. Without having these
+firmware packages available during installation, it is impossible to
+install Debian Edu on the given machine, and because our target group
+are non-technical people, asking them to provide firmware packages on
+an external medium is a support pain. Initially, I expected it to be
+enough to include the firmware packages on the CD to get
+debian-installer to find and use them. This proved to be wrong.
+Next, I hoped it was enough to symlink the relevant firmware packages
+to some useful location on the CD (tried /cdrom/ and
+/cdrom/firmware/). This also proved to not work, and at this point I
+found time to look at the debian-installer code to figure out what was
+going to work.</p>
+
+<p>The firmware loading code is in the hw-detect package, and a closer
+look revealed that it would only look for firmware packages outside
+the installation media, so the CD was never checked for firmware
+packages. It would only check USB sticks, floppies and other
+"external" media devices. Today I changed it to also look in the
+/cdrom/firmware/ directory on the mounted CD or DVD, which should
+solve the problem I ran into with Debian edu. I also changed it to
+look in /firmware/, to make sure the installer also find firmware
+provided in the initrd when booting the installer via PXE, to allow us
+to provide the same feature in the PXE setup included in Debian
+Edu.</p>
+
+<p>To make sure firmware deb packages with a license questions are not
+activated without asking if the license is accepted, I extended
+hw-detect to look for preinst scripts in the firmware packages, and
+run these before activating the firmware during installation. The
+license question is asked using debconf in the preinst, so this should
+solve the issue for the firmware packages I have looked at so far.</p>
+
+<p>If you want to discuss the details of these features, please
+contact us on debian-boot@lists.debian.org.</p>
+</description>
+ </item>
+
<item>
<title>Magnetstripeinnhold i billetter fra Flytoget og Hurtigruten</title>
<link>http://people.skolelinux.org/pere/blog/Magnetstripeinnhold_i_billetter_fra_Flytoget_og_Hurtigruten.html</link>
magnetstripen. Håper det betyr at de bruker kryptografiske metoder
for å gjøre det vanskelig å forfalske billetter.</p>
-<p>Den andre billetten er fra hurtigruta, der jeg mistenker at
+<p>Den andre billetten er fra Hurtigruten, der jeg mistenker at
strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert
fall den biten vi stakk inn i dørlåsen).</p>
</description>
</item>
- <item>
- <title>Forcing new users to change their password on first login</title>
- <link>http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Forcing_new_users_to_change_their_password_on_first_login.html</guid>
- <pubDate>Sun, 2 May 2010 13:47:00 +0200</pubDate>
- <description>
-<p>One interesting feature in Active Directory, is the ability to
-create a new user with an expired password, and thus force the user to
-change the password on the first login attempt.</p>
-
-<p>I'm not quite sure how to do that with the LDAP setup in Debian
-Edu, but did some initial testing with a local account. The account
-and password aging information is available in /etc/shadow, but
-unfortunately, it is not possible to specify an expiration time for
-passwords, only a maximum age for passwords.</p>
-
-<p>A freshly created account (using adduser test) will have these
-settings in /etc/shadow:</p>
-
-<blockquote><pre>
-root@tjener:~# chage -l test
-Last password change : May 02, 2010
-Password expires : never
-Password inactive : never
-Account expires : never
-Minimum number of days between password change : 0
-Maximum number of days between password change : 99999
-Number of days of warning before password expires : 7
-root@tjener:~#
-</pre></blockquote>
-
-<p>The only way I could come up with to create a user with an expired
-account, is to change the date of the last password change to the
-lowest value possible (January 1th 1970), and the maximum password age
-to the difference in days between that date and today. To make it
-simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
-avoid testing if 0 is a valid value).</p>
-
-<p>After using these commands to set it up, it seem to work as
-intended:</p>
-
-<blockquote><pre>
-root@tjener:~# chage -d 1 test; chage -M 10950 test
-root@tjener:~# chage -l test
-Last password change : Jan 02, 1970
-Password expires : never
-Password inactive : never
-Account expires : never
-Minimum number of days between password change : 0
-Maximum number of days between password change : 10950
-Number of days of warning before password expires : 7
-root@tjener:~#
-</pre></blockquote>
-
-<p>So far I have tested this with ssh and console, and kdm (in
-Squeeze) login, and all ask for a new password before login in the
-user (with ssh, I was thrown out and had to log in again).</p>
-
-<p>Perhaps we should set up something similar for Debian Edu, to make
-sure only the user itself have the account password?</p>
-
-<p>If you want to comment on or help out with implementing this for
-Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
-
-<p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
-shadow(8) page in Debian/testing now state that setting the date of
-last password change to zero (0) will force the password to be changed
-on the first login. This was not mentioned in the manual in Lenny, so
-I did not notice this in my initial testing. I have tested it on
-Squeeze, and '<tt>chage -d 0 username</tt>' do work there. I have not
-tested it on Lenny yet.</p>
-
-<p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
-equivalent command to expire a password is '<tt>passwd -e
-username</tt>', which insert zero into the date of the last password
-change.</p>
-</description>
- </item>
-
- <item>
- <title>Thoughts on roaming laptop setup for Debian Edu</title>
- <link>http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html</guid>
- <pubDate>Wed, 28 Apr 2010 20:40:00 +0200</pubDate>
- <description>
-<p>For some years now, I have wondered how we should handle laptops in
-Debian Edu. The Debian Edu infrastructure is mostly designed to
-handle stationary computers, and less suited for computers that come
-and go.</p>
-
-<p>Now I finally believe I have an sensible idea on how to adjust
-Debian Edu for laptops, by introducing a new profile for them, for
-example called Roaming Workstations. Here are my thought on this.
-The setup would consist of the following:</p>
-
-<ul>
-
- <li>During installation, the user name of the owner / primary user of
- the laptop is requested and a local home directory is set up for
- the user, with uid and gid information fetched from the LDAP
- server. This allow the user to work also when offline. The
- central home directory can be available in a subdirectory on
- request, for example mounted via CIFS. It could be mounted
- automatically when a user log in while on the Debian Edu network,
- and unmounted when the machine is taken away (network down,
- hibernate, etc), it can be set up to do automatic mounting on
- request (using autofs), or perhaps some GUI button on the desktop
- can be used to access it when needed. Perhaps it is enough to use
- the fish protocol in KDE?</li>
-
- <li>Password checking is set up to use LDAP or Kerberos
- authentication when the machine is on the Debian Edu network, and
- to cache the password for offline checking when the machine unable
- to reach the LDAP or Kerberos server. This can be done using
- <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
- or the Fedora developed
- <a href="https://fedoraproject.org/wiki/Features/SSSD">System
- Security Services Daemon</a> packages.</li>
-
- <li>File synchronisation with the central home directory is set up
- using a shared directory in both the local and the central home
- directory, using unison.</li>
-
- <li>Printing should be set up to print to all printers broadcasting
- their existence on the local network, and should then work out of
- the box with CUPS. For sites needing accurate printer quotas, some
- system with Kerberos authentication or printing via ssh could be
- implemented.</li>
-
- <li>For users that should have local root access to their laptop,
- sudo should be used to allow this to the local user.</li>
-
- <li>It would be nice if user and group information from LDAP is
- cached on the client, but given that there are entries for the
- local user and primary group in /etc/, it should not be needed.</li>
-
-</ul>
-
-<p>I believe all the pieces to implement this are in Debian/testing at
-the moment. If we work quickly, we should be able to get this ready
-in time for the Squeeze release to freeze. Some of the pieces need
-tweaking, like libpam-ccreds should get support for pam-auth-update
-(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
-perhaps debian-edu-config) should get some integration code to stop
-its daemon when the LDAP server is unavailable to avoid long timeouts
-when disconnected from the net. If we get Kerberos enabled, we need
-to make sure we avoid long timeouts there too.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
-</description>
- </item>
-
- <item>
- <title>Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</title>
- <link>http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html</guid>
- <pubDate>Mon, 19 Apr 2010 17:10:00 +0200</pubDate>
- <description>
-<p>The last few weeks i have had the pleasure of reading a
-thought-provoking collection of essays by Cory Doctorow, on topics
-touching copyright, virtual worlds, the future of man when the
-conscience mind can be duplicated into a computer and many more. The
-book titled "Content: Selected Essays on Technology, Creativity,
-Copyright, and the Future of the Future" is available with few
-restrictions on the web, for example from
-<a href="http://craphound.com/content/">his own site</a>. I read the
-epub-version from
-<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
-<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
-strongly recommend this book.</p>
-</description>
- </item>
-
- <item>
- <title>Kerberos for Debian Edu/Squeeze?</title>
- <link>http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Kerberos_for_Debian_Edu_Squeeze_.html</guid>
- <pubDate>Wed, 14 Apr 2010 17:20:00 +0200</pubDate>
- <description>
-<p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
-NUUG presentation</a> about Kerberos was inspiring, and reminded me
-about the need to start using Kerberos in Skolelinux. Setting up a
-Kerberos server seem to be straight forward, and if we get this in
-place a long time before the Squeeze version of Debian freezes, we
-have a chance to migrate Skolelinux away from NFSv3 for the home
-directories, and over to an architecture where the infrastructure do
-not have to trust IP addresses and machines, and instead can trust
-users and cryptographic keys instead.</p>
-
-<p>A challenge will be integration and administration. Is there a
-Kerberos implementation for Debian where one can control the
-administration access in Kerberos using LDAP groups? With it, the
-school administration will have to maintain access control using flat
-files on the main server, which give a huge potential for errors.</p>
-
-<p>A related question I would like to know is how well Kerberos and
-pam-ccreds (offline password check) work together. Anyone know?</p>
-
-<p>Next step will be to use Kerberos for access control in Lwat and
-Nagios. I have no idea how much work that will be to implement. We
-would also need to document how to integrate with Windows AD, as such
-shared network will require two Kerberos realms that need to cooperate
-to work properly.</p>
-
-<p>I believe a good start would be to start using Kerberos on the
-skolelinux.no machines, and this way get ourselves experience with
-configuration and integration. A natural starting point would be
-setting up ldap.skolelinux.no as the Kerberos server, and migrate the
-rest of the machines from PAM via LDAP to PAM via Kerberos one at the
-time.</p>
-
-<p>If you would like to contribute to get this working in Skolelinux,
-I recommend you to see the video recording from yesterdays NUUG
-presentation, and start using Kerberos at home. The video show show
-up in a few days.</p>
-</description>
- </item>
-
</channel>
</rss>
projects / homepage.git / blobdiff