<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/What_are_they_searching_for___PowerDNS_and_ISC_DHCP_in_LDAP.html">What are they searching for - PowerDNS and ISC DHCP in LDAP</a></div>
- <div class="date">2010-07-17 21:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/How_to_test_if_a_laptop_is_working_with_Linux.html">How to test if a laptop is working with Linux</a></div>
+ <div class="date">2010-12-22 14:55</div>
<div class="body">
-<p>This is a
-<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">followup</a>
-on my
-<a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">previous
-work</a> on
-<a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">merging
-all</a> the computer related LDAP objects in Debian Edu.</p>
-
-<p>As a step to try to see if it possible to merge the DNS and DHCP
-LDAP objects, I have had a look at how the packages pdns-backend-ldap
-and dhcp3-server-ldap in Debian use the LDAP server. The two
-implementations are quite different in how they use LDAP.</p>
-
-To get this information, I started slapd with debugging enabled and
-dumped the debug output to a file to get the LDAP searches performed
-on a Debian Edu main-server. Here is a summary.
-
-<p><strong>powerdns</strong></p>
-
-<a href="http://www.linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend">Clues
-on how to</a> set up PowerDNS to use a LDAP backend is available on
-the web.
-
-<p>PowerDNS have two modes of operation using LDAP as its backend.
-One "strict" mode where the forward and reverse DNS lookups are done
-using the same LDAP objects, and a "tree" mode where the forward and
-reverse entries are in two different subtrees in LDAP with a structure
-based on the DNS names, as in tjener.intern and
-2.2.0.10.in-addr.arpa.</p>
-
-<p>In tree mode, the server is set up to use a LDAP subtree as its
-base, and uses a "base" scoped search for the DNS name by adding
-"dc=tjener,dc=intern," to the base with a filter for
-"(associateddomain=tjener.intern)" for the forward entry and
-"dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa," with a filter for
-"(associateddomain=2.2.0.10.in-addr.arpa)" for the reverse entry. For
-forward entries, it is looking for attributes named dnsttl, arecord,
-nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord, mxrecord,
-txtrecord, rprecord, afsdbrecord, keyrecord, aaaarecord, locrecord,
-srvrecord, naptrrecord, kxrecord, certrecord, dsrecord, sshfprecord,
-ipseckeyrecord, rrsigrecord, nsecrecord, dnskeyrecord, dhcidrecord,
-spfrecord and modifytimestamp. For reverse entries it is looking for
-the attributes dnsttl, arecord, nsrecord, cnamerecord, soarecord,
-ptrrecord, hinforecord, mxrecord, txtrecord, rprecord, aaaarecord,
-locrecord, srvrecord, naptrrecord and modifytimestamp. The equivalent
-ldapsearch commands could look like this:</p>
-
-<blockquote><pre>
-ldapsearch -h ldap \
- -b dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap \
- -b dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no \
- -s base -x '(associateddomain=2.2.0.10.in-addr.arpa)'
- dnsttl, arecord, nsrecord, cnamerecord soarecord ptrrecord \
- hinforecord mxrecord txtrecord rprecord aaaarecord locrecord \
- srvrecord naptrrecord modifytimestamp
-</pre></blockquote>
-
-<p>In Debian Edu/Lenny, the PowerDNS tree mode is used with
-ou=hosts,dc=skole,dc=skolelinux,dc=no as the base, and these are two
-example LDAP objects used there. In addition to these objects, the
-parent objects all th way up to ou=hosts,dc=skole,dc=skolelinux,dc=no
-also exist.</p>
-
-<blockquote><pre>
-dn: dc=tjener,dc=intern,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain
-objectclass: domainrelatedobject
-dc: tjener
-arecord: 10.0.2.2
-associateddomain: tjener.intern
-
-dn: dc=2,dc=2,dc=0,dc=10,dc=in-addr,dc=arpa,ou=hosts,dc=skole,dc=skolelinux,dc=no
-objectclass: top
-objectclass: dnsdomain2
-objectclass: domainrelatedobject
-dc: 2
-ptrrecord: tjener.intern
-associateddomain: 2.2.0.10.in-addr.arpa
-</pre></blockquote>
-
-<p>In strict mode, the server behaves differently. When looking for
-forward DNS entries, it is doing a "subtree" scoped search with the
-same base as in the tree mode for a object with filter
-"(associateddomain=tjener.intern)" and requests the attributes dnsttl,
-arecord, nsrecord, cnamerecord, soarecord, ptrrecord, hinforecord,
-mxrecord, txtrecord, rprecord, aaaarecord, locrecord, srvrecord,
-naptrrecord and modifytimestamp. For reverse entires it also do a
-subtree scoped search but this time the filter is "(arecord=10.0.2.2)"
-and the requested attributes are associateddomain, dnsttl and
-modifytimestamp. In short, in strict mode the objects with ptrrecord
-go away, and the arecord attribute in the forward object is used
-instead.</p>
-
-<p>The forward and reverse searches can be simulated using ldapsearch
-like this:</p>
-
-<blockquote><pre>
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(associateddomain=tjener.intern)' dNSTTL aRecord nSRecord \
- cNAMERecord sOARecord pTRRecord hInfoRecord mXRecord tXTRecord \
- rPRecord aFSDBRecord KeyRecord aAAARecord lOCRecord sRVRecord \
- nAPTRRecord kXRecord certRecord dSRecord sSHFPRecord iPSecKeyRecord \
- rRSIGRecord nSECRecord dNSKeyRecord dHCIDRecord sPFRecord modifyTimestamp
-
-ldapsearch -h ldap -b ou=hosts,dc=skole,dc=skolelinux,dc=no -s sub -x \
- '(arecord=10.0.2.2)' associateddomain dnsttl modifytimestamp
-</pre></blockquote>
-
-<p>In addition to the forward and reverse searches , there is also a
-search for SOA records, which behave similar to the forward and
-reverse lookups.</p>
-
-<p>A thing to note with the PowerDNS behaviour is that it do not
-specify any objectclass names, and instead look for the attributes it
-need to generate a DNS reply. This make it able to work with any
-objectclass that provide the needed attributes.</p>
-
-<p>The attributes are normally provided in the cosine (RFC 1274) and
-dnsdomain2 schemas. The latter is used for reverse entries like
-ptrrecord and recent DNS additions like aaaarecord and srvrecord.</p>
-
-<p>In Debian Edu, we have created DNS objects using the object classes
-dcobject (for dc), dnsdomain or dnsdomain2 (structural, for the DNS
-attributes) and domainrelatedobject (for associatedDomain). The use
-of structural object classes make it impossible to combine these
-classes with the object classes used by DHCP.</p>
-
-<p>There are other schemas that could be used too, for example the
-dnszone structural object class used by Gosa and bind-sdb for the DNS
-attributes combined with the domainrelatedobject object class, but in
-this case some unused attributes would have to be included as well
-(zonename and relativedomainname).</p>
-
-<p>My proposal for Debian Edu would be to switch PowerDNS to strict
-mode and not use any of the existing objectclasses (dnsdomain,
-dnsdomain2 and dnszone) when one want to combine the DNS information
-with DHCP information, and instead create a auxiliary object class
-defined something like this (using the attributes defined for
-dnsdomain and dnsdomain2 or dnszone):</p>
-
-<blockquote><pre>
-objectclass ( some-oid NAME 'dnsDomainAux'
- SUP top
- AUXILIARY
- MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $
- DNSTTL $ DNSClass $ PTRRecord $ HINFORecord $ MINFORecord $
- TXTRecord $ SIGRecord $ KEYRecord $ AAAARecord $ LOCRecord $
- NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
- A6Record $ DNAMERecord
- ))
-</pre></blockquote>
-
-<p>This will allow any object to become a DNS entry when combined with
-the domainrelatedobject object class, and allow any entity to include
-all the attributes PowerDNS wants. I've sent an email to the PowerDNS
-developers asking for their view on this schema and if they are
-interested in providing such schema with PowerDNS, and I hope my
-message will be accepted into their mailing list soon.</p>
-
-<p><strong>ISC dhcp</strong></p>
-
-<p>The DHCP server searches for specific objectclass and requests all
-the object attributes, and then uses the attributes it want. This
-make it harder to figure out exactly what attributes are used, but
-thanks to the working example in Debian Edu I can at least get an idea
-what is needed without having to read the source code.</p>
-
-<p>In the DHCP server configuration, the LDAP base to use and the
-search filter to use to locate the correct dhcpServer entity is
-stored. These are the relevant entries from
-/etc/dhcp3/dhcpd.conf:</p>
-
-<blockquote><pre>
-ldap-base-dn "dc=skole,dc=skolelinux,dc=no";
-ldap-dhcp-server-cn "dhcp";
-</pre></blockquote>
-
-<p>The DHCP server uses this information to nest all the DHCP
-configuration it need. The cn "dhcp" is located using the given LDAP
-base and the filter "(&(objectClass=dhcpServer)(cn=dhcp))". The
-search result is this entry:</p>
-
-<blockquote><pre>
-dn: cn=dhcp,dc=skole,dc=skolelinux,dc=no
-cn: dhcp
-objectClass: top
-objectClass: dhcpServer
-dhcpServiceDN: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-</pre></blockquote>
-
-<p>The content of the dhcpServiceDN attribute is next used to locate the
-subtree with DHCP configuration. The DHCP configuration subtree base
-is located using a base scope search with base "cn=DHCP
-Config,dc=skole,dc=skolelinux,dc=no" and filter
-"(&(objectClass=dhcpService)(|(dhcpPrimaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)(dhcpSecondaryDN=cn=dhcp,dc=skole,dc=skolelinux,dc=no)))".
-The search result is this entry:</p>
-
-<blockquote><pre>
-dn: cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: DHCP Config
-objectClass: top
-objectClass: dhcpService
-objectClass: dhcpOptions
-dhcpPrimaryDN: cn=dhcp, dc=skole,dc=skolelinux,dc=no
-dhcpStatements: ddns-update-style none
-dhcpStatements: authoritative
-dhcpOption: smtp-server code 69 = array of ip-address
-dhcpOption: www-server code 72 = array of ip-address
-dhcpOption: wpad-url code 252 = text
-</pre></blockquote>
-
-<p>Next, the entire subtree is processed, one level at the time. When
-all the DHCP configuration is loaded, it is ready to receive requests.
-The subtree in Debian Edu contain objects with object classes
-top/dhcpService/dhcpOptions, top/dhcpSharedNetwork/dhcpOptions,
-top/dhcpSubnet, top/dhcpGroup and top/dhcpHost. These provide options
-and information about netmasks, dynamic range etc. Leaving out the
-details here because it is not relevant for the focus of my
-investigation, which is to see if it is possible to merge dns and dhcp
-related computer objects.</p>
-
-<p>When a DHCP request come in, LDAP is searched for the MAC address
-of the client (00:00:00:00:00:00 in this example), using a subtree
-scoped search with "cn=DHCP Config,dc=skole,dc=skolelinux,dc=no" as
-the base and "(&(objectClass=dhcpHost)(dhcpHWAddress=ethernet
-00:00:00:00:00:00))" as the filter. This is what a host object look
-like:</p>
-
-<blockquote><pre>
-dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
-cn: hostname
-objectClass: top
-objectClass: dhcpHost
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname
-</pre></blockquote>
-
-<p>There is less flexiblity in the way LDAP searches are done here.
-The object classes need to have fixed names, and the configuration
-need to be stored in a fairly specific LDAP structure. On the
-positive side, the invidiual dhcpHost entires can be anywhere without
-the DN pointed to by the dhcpServer entries. The latter should make
-it possible to group all host entries in a subtree next to the
-configuration entries, and this subtree can also be shared with the
-DNS server if the schema proposed above is combined with the dhcpHost
-structural object class.
-
-<p><strong>Conclusion</strong></p>
-
-<p>The PowerDNS implementation seem to be very flexible when it come
-to which LDAP schemas to use. While its "tree" mode is rigid when it
-come to the the LDAP structure, the "strict" mode is very flexible,
-allowing DNS objects to be stored anywhere under the base cn specified
-in the configuration.</p>
-
-<p>The DHCP implementation on the other hand is very inflexible, both
-regarding which LDAP schemas to use and which LDAP structure to use.
-I guess one could implement ones own schema, as long as the
-objectclasses and attributes have the names used, but this do not
-really help when the DHCP subtree need to have a fairly fixed
-structure.</p>
-
-<p>Based on the observed behaviour, I suspect a LDAP structure like
-this might work for Debian Edu:</p>
-
-<blockquote><pre>
-ou=services
- cn=machine-info (dhcpService) - dhcpServiceDN points here
- cn=dhcp (dhcpServer)
- cn=dhcp-internal (dhcpSharedNetwork/dhcpOptions)
- cn=10.0.2.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- cn=dhcp-thinclients (dhcpSharedNetwork/dhcpOptions)
- cn=192.168.0.0 (dhcpSubnet)
- cn=group1 (dhcpGroup/dhcpOptions)
- ou=machines - PowerDNS base points here
- cn=hostname (dhcpHost/domainrelatedobject/dnsDomainAux)
-</pre></blockquote>
-
-<P>This is not tested yet. If the DHCP server require the dhcpHost
-entries to be in the dhcpGroup subtrees, the entries can be stored
-there instead of a common machines subtree, and the PowerDNS base
-would have to be moved one level up to the machine-info subtree.</p>
-
-<p>The combined object under the machines subtree would look something
-like this:</p>
-
-<blockquote><pre>
-dn: dc=hostname,ou=machines,cn=machine-info,dc=skole,dc=skolelinux,dc=no
-dc: hostname
-objectClass: top
-objectClass: dhcpHost
-objectclass: domainrelatedobject
-objectclass: dnsDomainAux
-associateddomain: hostname.intern
-arecord: 10.11.12.13
-dhcpHWAddress: ethernet 00:00:00:00:00:00
-dhcpStatements: fixed-address hostname.intern
-</pre></blockquote>
-
-</p>One could even add the LTSP configuration associated with a given
-machine, as long as the required attributes are available in a
-auxiliary object class.</p>
+<p>The last few days I have spent at work here at the <a
+href="http://www.uio.no/">University of oslo</a> testing if the new
+batch of computers will work with Linux. Every year for the last few
+years the university have organized shared bid of a few thousand
+computers, and this year HP won the bid. Two different desktops and
+five different laptops are on the list this year. We in the UNIX
+group want to know which one of these computers work well with RHEL
+and Ubuntu, the two Linux distributions we currently handle at the
+university.</p>
+
+<p>My test method is simple, and I share it here to get feedback and
+perhaps inspire others to test hardware as well. To test, I PXE
+install the OS version of choice, and log in as my normal user and run
+a few applications and plug in selected pieces of hardware. When
+something fail, I make a note about this in the test matrix and move
+on. If I have some spare time I try to report the bug to the OS
+vendor, but as I only have the machines for a short time, I rarely
+have the time to do this for all the problems I find.</p>
+
+<p>Anyway, to get to the point of this post. Here is the simple tests
+I perform on a new model.</p>
+
+<ul>
+
+<li>Is PXE installation working? I'm testing with RHEL6, Ubuntu Lucid
+and Ubuntu Maverik at the moment. If I feel like it, I also test with
+RHEL5 and Debian Edu/Squeeze.</li>
+
+<li>Is X.org working? If the graphical login screen show up after
+installation, X.org is working.</li>
+
+<li>Is hardware accelerated OpenGL working? Running glxgears (in
+package mesa-utils on Ubuntu) and writing down the frames per second
+reported by the program.</li>
+
+<li>Is sound working? With Gnome and KDE, a sound is played when
+logging in, and if I can hear this the test is successful. If there
+are several audio exits on the machine, I try them all and check if
+the Gnome/KDE audio mixer can control where to send the sound. I
+normally test this by playing
+<a href="http://www.nuug.no/aktiviteter/20101012-chef/ ">a HTML5
+video</a> in Firefox/Iceweasel.</li>
+
+<li>Is the USB subsystem working? I test this by plugging in a USB
+memory stick and see if Gnome/KDE notices this.</li>
+
+<li>Is the CD/DVD player working? I test this by inserting any CD/DVD
+I have lying around, and see if Gnome/KDE notices this.</li>
+
+<li>Is any built in camera working? Test using cheese, and see if a
+picture from the v4l device show up.</li>
+
+<li>Is bluetooth working? Use the Gnome/KDE browsing tool to see if
+any bluetooth devices are discovered. In my office, I normally see a
+few.</li>
+
+<li>For laptops, is the SD or Compaq Flash reader working. I have
+memory modules lying around, and stick them in and see if Gnome/KDE
+notice this.</li>
+
+<li>For laptops, is suspecd/hibernate working? I'm testing if the
+special button work, and if the laptop continue to work after
+resume.</li>
+
+<li>For laptops, is the extra buttons working, like audio level,
+adjusting background light, switching on/off external video output,
+switching on/off wifi, bluetooth, etc? The set of buttons differ from
+laptop to laptop, so I just write down which are working and which are
+not.</li>
+
+<li>Some laptops have smart card readers, finger print readers,
+acceleration sensors etc. I rarely test these, as I do not know how
+to quickly test if they are working or not, so I only document their
+existence.</li>
+
+</ul>
+
+<p>By now I suspect you are really curious what the test results are
+for the HP machines I am testing. I'm not done yet, so I will report
+the test results later. For now I can report that HP 8100 Elite work
+fine, and hibernation fail with HP EliteBook 8440p on Ubuntu Lucid,
+and audio fail on RHEL6. Ubuntu Maverik worked with 8440p. As you
+can see, I have most machines left to test. One interesting
+observation is that Ubuntu Lucid has almost twice the framerate than
+RHEL6 with glxgears. No idea why.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Combining_PowerDNS_and_ISC_DHCP_LDAP_objects.html">Combining PowerDNS and ISC DHCP LDAP objects</a></div>
- <div class="date">2010-07-14 23:45</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Some_thoughts_on_BitCoins.html">Some thoughts on BitCoins</a></div>
+ <div class="date">2010-12-11 15:10</div>
<div class="body">
-<p>For a while now, I have wanted to find a way to change the DNS and
-DHCP services in Debian Edu to use the same LDAP objects for a given
-computer, to avoid the possibility of having a inconsistent state for
-a computer in LDAP (as in DHCP but no DNS entry or the other way
-around) and make it easier to add computers to LDAP.</p>
-
-<p>I've looked at how powerdns and dhcpd is using LDAP, and using this
-information finally found a solution that seem to work.</p>
-
-<p>The old setup required three LDAP objects for a given computer.
-One forward DNS entry, one reverse DNS entry and one DHCP entry. If
-we switch powerdns to use its strict LDAP method (ldap-method=strict
-in pdns-debian-edu.conf), the forward and reverse DNS entries are
-merged into one while making it impossible to transfer the reverse map
-to a slave DNS server.</p>
-
-<p>If we also replace the object class used to get the DNS related
-attributes to one allowing these attributes to be combined with the
-dhcphost object class, we can merge the DNS and DHCP entries into one.
-I've written such object class in the dnsdomainaux.schema file (need
-proper OIDs, but that is a minor issue), and tested the setup. It
-seem to work.</p>
-
-<p>With this test setup in place, we can get away with one LDAP object
-for both DNS and DHCP, and even the LTSP configuration I suggested in
-an earlier email. The combined LDAP object will look something like
-this:</p>
-
-<blockquote><pre>
- dn: cn=hostname,cn=group1,cn=THINCLIENTS,cn=DHCP Config,dc=skole,dc=skolelinux,dc=no
- cn: hostname
- objectClass: dhcphost
- objectclass: domainrelatedobject
- objectclass: dnsdomainaux
- associateddomain: hostname.intern
- arecord: 10.11.12.13
- dhcphwaddress: ethernet 00:00:00:00:00:00
- dhcpstatements: fixed-address hostname
- ldapconfigsound: Y
-</pre></blockquote>
-
-<p>The DNS server uses the associateddomain and arecord entries, while
-the DHCP server uses the dhcphwaddress and dhcpstatements entries
-before asking DNS to resolve the fixed-adddress. LTSP will use
-dhcphwaddress or associateddomain and the ldapconfig* attributes.</p>
-
-<p>I am not yet sure if I can get the DHCP server to look for its
-dhcphost in a different location, to allow us to put the objects
-outside the "DHCP Config" subtree, but hope to figure out a way to do
-that. If I can't figure out a way to do that, we can still get rid of
-the hosts subtree and move all its content into the DHCP Config tree
-(which probably should be renamed to be more related to the new
-content. I suspect cn=dnsdhcp,ou=services or something like that
-might be a good place to put it.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>As I continue to explore
+<a href="http://www.bitcoin.org/">BitCoin</a>, I've starting to wonder
+what properties the system have, and how it will be affected by laws
+and regulations here in Norway. Here are some random notes.</p>
+
+<p>One interesting thing to note is that since the transactions are
+verified using a peer to peer network, all details about a transaction
+is known to everyone. This means that if a BitCoin address has been
+published like I did with mine in my initial post about BitCoin, it is
+possible for everyone to see how many BitCoins have been transfered to
+that address. There is even a web service to look at the details for
+all transactions. There I can see that my address
+<a href="http://blockexplorer.com/address/15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b">15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a>
+have received 16.06 Bitcoin, the
+<a href="http://blockexplorer.com/address/1LfdGnGuWkpSJgbQySxxCWhv8MHqvwst3">1LfdGnGuWkpSJgbQySxxCWhv8MHqvwst3</a>
+address of Simon Phipps have received 181.97 BitCoin and the address
+<a href="http://blockexplorer.com/address/1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt">1MCwBbhNGp5hRm5rC1Aims2YFRe2SXPYKt</A>
+of EFF have received 2447.38 BitCoins so far. Thank you to each and
+every one of you that donated bitcoins to support my activity. The
+fact that anyone can see how much money was transfered to a given
+address make it more obvious why the BitCoin community recommend to
+generate and hand out a new address for each transaction. I'm told
+there is no way to track which addresses belong to a given person or
+organisation without the person or organisation revealing it
+themselves, as Simon, EFF and I have done.</p>
+
+<p>In Norway, and in most other countries, there are laws and
+regulations limiting how much money one can transfer across the border
+without declaring it. There are money laundering, tax and accounting
+laws and regulations I would expect to apply to the use of BitCoin.
+If the Skolelinux foundation
+(<a href="http://linuxiskolen.no/slxdebianlabs/donations.html">SLX
+Debian Labs</a>) were to accept donations in BitCoin in addition to
+normal bank transfers like EFF is doing, how should this be accounted?
+Given that it is impossible to know if money can across the border or
+not, should everything or nothing be declared? What exchange rate
+should be used when calculating taxes? Would receivers have to pay
+income tax if the foundation were to pay Skolelinux contributors in
+BitCoin? I have no idea, but it would be interesting to know.</p>
+
+<p>For a currency to be useful and successful, it must be trusted and
+accepted by a lot of users. It must be possible to get easy access to
+the currency (as a wage or using currency exchanges), and it must be
+easy to spend it. At the moment BitCoin seem fairly easy to get
+access to, but there are very few places to spend it. I am not really
+a regular user of any of the vendor types currently accepting BitCoin,
+so I wonder when my kind of shop would start accepting BitCoins. I
+would like to buy electronics, travels and subway tickets, not herbs
+and books. :) The currency is young, and this will improve over time
+if it become popular, but I suspect regular banks will start to lobby
+to get BitCoin declared illegal if it become popular. I'm sure they
+will claim it is helping fund terrorism and money laundering (which
+probably would be true, as is any currency in existence), but I
+believe the problems should be solved elsewhere and not by blaming
+currencies.</p>
+
+<p>The process of creating new BitCoins is called mining, and it is
+CPU intensive process that depend on a bit of luck as well (as one is
+competing against all the other miners currently spending CPU cycles
+to see which one get the next lump of cash). The "winner" get 50
+BitCoin when this happen. Yesterday I came across the obvious way to
+join forces to increase ones changes of getting at least some coins,
+by coordinating the work on mining BitCoins across several machines
+and people, and sharing the result if one is lucky and get the 50
+BitCoins. Check out
+<a href="http://www.bluishcoder.co.nz/bitcoin-pool/">BitCoin Pool</a>
+if this sounds interesting. I have not had time to try to set up a
+machine to participate there yet, but have seen that running on ones
+own for a few days have not yield any BitCoins througth mining
+yet.</p>
+
+<p>Update 2010-12-15: Found an <a
+href="http://inertia.posterous.com/reply-to-the-underground-economist-why-bitcoi">interesting
+criticism</a> of bitcoin. Not quite sure how valid it is, but thought
+it was interesting to read. The arguments presented seem to be
+equally valid for gold, which was used as a currency for many years.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Idea_for_storing_LTSP_configuration_in_LDAP.html">Idea for storing LTSP configuration in LDAP</a></div>
- <div class="date">2010-07-11 22:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Pornoskannerne_p___flyplassene_bedrer_visst_ikke_sikkerheten.html">Pornoskannerne på flyplassene bedrer visst ikke sikkerheten</a></div>
+ <div class="date">2010-12-11 10:45</div>
<div class="body">
-<p>Vagrant mentioned on IRC today that ltsp_config now support
-sourcing files from /usr/share/ltsp/ltsp_config.d/ on the thin
-clients, and that this can be used to fetch configuration from LDAP if
-Debian Edu choose to store configuration there.</p>
-
-<p>Armed with this information, I got inspired and wrote a test module
-to get configuration from LDAP. The idea is to look up the MAC
-address of the client in LDAP, and look for attributes on the form
-ltspconfigsetting=value, and use this to export SETTING=value to the
-LTSP clients.</p>
-
-<p>The goal is to be able to store the LTSP configuration attributes
-in a "computer" LDAP object used by both DNS and DHCP, and thus
-allowing us to store all information about a computer in one place.</p>
-
-<p>This is a untested draft implementation, and I welcome feedback on
-this approach. A real LDAP schema for the ltspClientAux objectclass
-need to be written. Comments, suggestions, etc?</p>
-
-<blockquote><pre>
-# Store in /opt/ltsp/$arch/usr/share/ltsp/ltsp_config.d/ldap-config
-#
-# Fetch LTSP client settings from LDAP based on MAC address
-#
-# Uses ethernet address as stored in the dhcpHost objectclass using
-# the dhcpHWAddress attribute or ethernet address stored in the
-# ieee802Device objectclass with the macAddress attribute.
-#
-# This module is written to be schema agnostic, and only depend on the
-# existence of attribute names.
-#
-# The LTSP configuration variables are saved directly using a
-# ltspConfig prefix and uppercasing the rest of the attribute name.
-# To set the SERVER variable, set the ltspConfigServer attribute.
-#
-# Some LDAP schema should be created with all the relevant
-# configuration settings. Something like this should work:
-#
-# objectclass ( 1.1.2.2 NAME 'ltspClientAux'
-# SUP top
-# AUXILIARY
-# MAY ( ltspConfigServer $ ltsConfigSound $ ... )
-
-LDAPSERVER=$(debian-edu-ldapserver)
-if [ "$LDAPSERVER" ] ; then
- LDAPBASE=$(debian-edu-ldapserver -b)
- for MAC in $(LANG=C ifconfig |grep -i hwaddr| awk '{print $5}'|sort -u) ; do
- filter="(|(dhcpHWAddress=ethernet $MAC)(macAddress=$MAC))"
- ldapsearch -h "$LDAPSERVER" -b "$LDAPBASE" -v -x "$filter" | \
- grep '^ltspConfig' | while read attr value ; do
- # Remove prefix and convert to upper case
- attr=$(echo $attr | sed 's/^ltspConfig//i' | tr a-z A-Z)
- # bass value on to clients
- eval "$attr=$value; export $attr"
- done
- done
-fi
-</pre></blockquote>
-
-<p>I'm not sure this shell construction will work, because I suspect
-the while block might end up in a subshell causing the variables set
-there to not show up in ltsp-config, but if that is the case I am sure
-the code can be restructured to make sure the variables are passed on.
-I expect that can be solved with some testing. :)</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>Via <a href="http://webmink.com/2010/12/10/links-for-2010-12-10/">en
+blogpost fra Simon Phipps i går</a>, fant jeg en referanse til
+<a href="http://www.washingtontimes.com/news/2010/dec/9/exposed-tsas-x-rated-scanner-fraud/">en
+artikkel i Washington Times</a> som igjen refererer til en artikkel i
+det fagfellevurderte tidsskriftet Journal of Transportation Security
+med tittelen
+"<a href="http://springerlink.com/content/g6620thk08679160/fulltext.html">An
+evaluation of airport x-ray backscatter units based on image
+characteristics</a>" som enkelt konstaterer at
+<a href="http://www.dailysquib.co.uk/?a=2389&c=124">pornoscannerne</a>
+som kler av reisende på flyplasser ikke er i stand til å avsløre det
+produsenten og amerikanske myndigheter sier de skal avsløre. Kort
+sagt, de bedrer ikke sikkerheten. Reisende må altså la ansatte på
+flyplasser <a href="http://www.thousandsstandingaround.org/">se dem
+nakne eller la seg beføle i skrittet</a> uten grunn. Jeg vil
+fortsette å nekte å bruke disse pornoskannerne, unngå flyplasser der
+de er tatt i bruk, og reise med andre transportmidler enn fly hvis jeg
+kan.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/jXplorer__a_very_nice_LDAP_GUI.html">jXplorer, a very nice LDAP GUI</a></div>
- <div class="date">2010-07-09 12:55</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Martin_Bekkelund__En_stille_b__nn_om_Datalagringsdirektivet.html">Martin Bekkelund: En stille bønn om Datalagringsdirektivet</a></div>
+ <div class="date">2010-12-09 21:25</div>
<div class="body">
-<p>Since
-<a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">my
-last post</a> about available LDAP tools in Debian, I was told about a
-LDAP GUI that is even better than luma. The java application
-<a href="http://jxplorer.org/">jXplorer</a> is claimed to be capable of
-moving LDAP objects and subtrees using drag-and-drop, and can
-authenticate using Kerberos. I have only tested the Kerberos
-authentication, but do not have a LDAP setup allowing me to rewrite
-LDAP with my test user yet. It is
-<a href="http://packages.qa.debian.org/j/jxplorer.html">available in
-Debian</a> testing and unstable at the moment. The only problem I
-have with it is how it handle errors. If something go wrong, its
-non-intuitive behaviour require me to go through some query work list
-and remove the failing query. Nothing big, but very annoying.</p>
+<p><a href="http://www.bekkelund.net/">Martin Bekkelund</a> ved
+<a href="http://www.friprog.no/">friprog-senteret</a> har skrevet
+følgende
+<a href="http://www.bekkelund.net/2010/12/09/en-stille-bonn/">korte
+oppsummering</a> rundt datalagringsdirektivet, som jeg videreformidler
+her.</p>
+
+<p><blockquote><strong>Det pågår i disse dager en intens diskusjon om
+innføring av Datalagringsdirektivet (<acronym
+title="Datalagringsdirektivet">DLD</acronym>) i norsk rett. Kanskje
+har du gjort deg opp en mening, kanskje er du usikker. I begge
+tilfeller ber jeg deg lese videre.</strong></p>
+
+<p>Samtlige fagmiljøer, både i Norge og EU, har konkludert med at
+<acronym title="Datalagringsdirektivet">DLD</acronym> ikke bør
+innføres på nåværende tidspunkt. Den tekniske kvaliteten på direktivet
+er dårlig, det griper uforholdsmessig inn i personvernet, det har
+store mangler og viktige spørsmål som hvem som skal ha tilgang og
+hvordan data skal lagres er fortsatt uavklart.</p>
+
+<ul>
+<li><a href="http://ikt-norge.no/norge-kan-slippe-datalagringsdirektivet/">EU-ekspertene sier</a> at konsekvensene av å benytte vetoretten er minimale</li>
+<li><a href="http://www.regjeringen.no/pages/2281080/Deninternasjonalejuristkommisjon.pdf">Juristene påpeker</a> at direktivet er i strid med EMK</li>
+<li><a href="http://www.dagbladet.no/2010/12/06/kultur/debatt/kronikk/dld/personvern/14594699/">Datatilsynet sier</a> direktivet får store konsekvenser for personvernet og at direktivet er irreversibelt</li>
+<li><a href="http://www.bekkelund.net/?s=dld">Teknologene sier</a> at sikker lagring ikke er mulig, at det er svært enkelt å omgå og mulig å manipulere data og produsere falske beviser</li>
+<li><a href="http://www.regjeringen.no/pages/2281080/NJ_247460_1_P.pdf">Pressen sier</a> nei av hensyn til kildevernet</li>
+<li>Det er store <a href="http://tetzschner.blogspot.com/2010/03/den-tyske-forfatningsdomstol.html">interne</a> <a href="http://stoppdld.no/2010/03/02/datalagring-stoppet-av-tysk-forfatningsdomstol/">stridigheter</a> i EU. Blant annet har den tyske forfatningsdomstolen funnet at måten <acronym title="Datalagringsdirektivet">DLD</acronym> er innført på er i strid med tysk grunnlov</li>
+<li>Alle de store <a href="http://www.bekkelund.net/2010/12/08/lokasjonsdata-og-datalagringsdirektivet/">operatørene og tilbyderne sier nei</a>, av tekniske og personvernmessige årsaker</li>
+</ul>
+
+<p>Jeg liker å tro at jeg er en hyggelig fyr. Jeg har et rent
+rulleblad, og med unntak av to fartsbøter har jeg aldri vært en byrde
+for samfunnet. Det akter jeg å fortsette med. Det er mange som meg,
+lovlydige, pliktoppfyllende borgere som aldri vil utgjøre en trussel
+mot noe som helst. Vi synes derfor det er trist og sårende at all vår
+atferd skal overvåkes døgnkontinuerlig.</p>
+
+<p><strong>Understøttet av faglige vurderinger kan du trygt si nei til
+<acronym title="Datalagringsdirektivet">DLD</acronym>.</strong></p>
+
+<p><a href="http://www.bekkelund.net/kontakt/">Ta kontakt med meg</a>
+hvis du har spørsmål om <acronym
+title="Datalagringsdirektivet">DLD</acronym>, uansett hva det måtte
+gjelde.</p>
+
+<p class="info">Denne teksten er å anse som <a
+href="http://creativecommons.org/licenses/publicdomain/"><em>Public
+Domain</em></a>. Spre den videre til alle som kan ha nytte av
+den!</p>
+</blockquote></p>
+
+<p>Siste <a href="http://www.nettavisen.no/it/article3043918.ece">melding
+fra Nettavisen</a> er at regjeringen planlegger å fremme sitt forslag
+til implementering av datalagringsdirektivet i morgen, i ly av
+fredprisutdelingen for å få minst mulig pressedekning om saken. Vi
+får snart se om det stemmer.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/MS_Word_kr__ller_det_til_for_politiet_.html">MS Word krøller det til for politiet?</a></div>
- <div class="date">2010-07-08 14:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Student_group_continue_the_work_on_my_Reprap_3D_printer.html">Student group continue the work on my Reprap 3D printer</a></div>
+ <div class="date">2010-12-09 19:30</div>
<div class="body">
-<p>De siste dagene har Aftenposten
-<a href="http://www.aftenposten.no/nyheter/iriks/article3718597.ece">fortalt</a>
-<a href="http://www.aftenposten.no/nyheter/iriks/article3724249.ece">hvordan</a>
-politet har brukt skriveverktøy som ikke håndterer arabisk tekst og
-tekst som skal skrives fra høyre mot venstre når de har laget
-løpeseddel for å be om informasjon fra publikum. Resultatet har vært
-en uleselig arabisk-bit på løpeseddelen. Feilen har oppstått når
-teksten har blitt "kopiert inn i programvare som ikke har støtte for
-språk som skrives fra høyre mot venstre", og jeg er ganske sikker på
-at det er snakk om Microsoft Office i dette tilfellet. Er det slik at
-MS Office i norsk språkdrakt ikke har støtte for tekst som skal
-skrives fra høyre mot venstre? Jeg tror alle utgaver av
-OpenOffice.org har slik støtte, og det er jo ikke veldig vanskelig å
-la slik støtte finnes i alle utgaver av et program hvis støtten først
-er utviklet. Aftenpostens melding får meg til å undre om problemet
-ville vært unngått hvis politiet brukte OpenOffice.org i stedet for MS
-Office.</p>
-
-<p>Mon tro om det er flere eksempler på at MS Office har ødelagt for
-offentlig myndighet?</p>
+<p>A few days ago, I was introduces to some students in the robot
+student assosiation <a href="http://www.robotica.no/">Robotica
+Osloensis</a> at the University of Oslo where I work, who planned to
+get their own 3D printer. They wanted to learn from me based on my
+work in the area. After having a short lunch meeting with them, I
+offered them to borrow my reprap kit, as I never had time to complete
+the build and this seem unlike to change any time soon. I look
+forward to see how this goes. This monday their volunteer driver
+picked up my kit and drove it to their lab, and tomorrow I am told the
+last exam is over so they can start work on getting the 3D printer
+operational.</p>
+
+<p>The robotic group have already build several robots on their own,
+and seem capable of getting the reprap operational. I really look
+forward to being able to print all the cool 3D designs published on
+<a href="http://www.thingiverse.com/">Thingiverse</a>. I even got
+some 3D scans I got made during Dagen@IFI when one of the groups at
+the computer science department at the university demonstrated their
+very cool 3D scanner.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades__apt_vs_aptitude_with_the_Gnome_desktop.html">Lenny->Squeeze upgrades, apt vs aptitude with the Gnome desktop</a></div>
- <div class="date">2010-07-03 23:55</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_Edu_development_gathering_and_General_Assembly_for_FRiSK.html">Debian Edu development gathering and General Assembly for FRiSK</a></div>
+ <div class="date">2010-11-29 18:40</div>
<div class="body">
-<p>Here is a short update on my <a
-href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">my
-Debian Lenny->Squeeze upgrade testing</a>. Here is a summary of the
-difference for Gnome when it is upgraded by apt-get and aptitude. I'm
-not reporting the status for KDE, because the upgrade crashes when
-aptitude try because of missing conflicts
-(<a href="http://bugs.debian.org/584861">#584861</a> and
-<a href="http://bugs.debian.org/585716">#585716</a>).</p>
-
-<p>At the end of the upgrade test script, dpkg -l is executed to get a
-complete list of the installed packages. Based on this I see these
-differences when I did a test run today. As usual, I do not really
-know what the correct set of packages would be, but thought it best to
-publish the difference.</p>
-
-<p>Installed using apt-get, missing with aptitude</p>
-
-<blockquote><p>
- at-spi cpp-4.3 finger gnome-spell gstreamer0.10-gnomevfs
- libatspi1.0-0 libcupsys2 libeel2-data libgail-common libgdl-1-common
- libgnomeprint2.2-data libgnomeprintui2.2-common libgnomevfs2-bin
- libgtksourceview-common libpt-1.10.10-plugins-alsa
- libpt-1.10.10-plugins-v4l libservlet2.4-java libxalan2-java
- libxerces2-java openoffice.org-writer2latex openssl-blacklist p7zip
- python-4suite-xml python-eggtrayicon python-gtkhtml2
- python-gtkmozembed svgalibg1 xserver-xephyr zip
-</p></blockquote>
-
-<p>Installed using apt-get, removed with aptitude</p>
-
-<blockquote><p>
- bluez-utils dhcdbd djvulibre-desktop epiphany-gecko
- gnome-app-install gnome-mount gnome-vfs-obexftp gnome-volume-manager
- libao2 libavahi-compat-libdnssd1 libavahi-core5 libbind9-50
- libbluetooth2 libcamel1.2-11 libcdio7 libcucul0 libcurl3
- libdirectfb-1.0-0 libdvdread3 libedata-cal1.2-6 libedataserver1.2-9
- libeel2-2.20 libepc-1.0-1 libepc-ui-1.0-1 libexchange-storage1.2-3
- libfaad0 libgd2-noxpm libgda3-3 libgda3-common libggz2 libggzcore9
- libggzmod4 libgksu1.2-0 libgksuui1.0-1 libgmyth0 libgnome-desktop-2
- libgnome-pilot2 libgnomecups1.0-1 libgnomeprint2.2-0
- libgnomeprintui2.2-0 libgpod3 libgraphviz4 libgtkhtml2-0
- libgtksourceview1.0-0 libgucharmap6 libhesiod0 libicu38 libisccc50
- libisccfg50 libiw29 libkpathsea4 libltdl3 liblwres50 libmagick++10
- libmagick10 libmalaga7 libmtp7 libmysqlclient15off libnautilus-burn4
- libneon27 libnm-glib0 libnm-util0 libopal-2.2 libosp5
- libparted1.8-10 libpisock9 libpisync1 libpoppler-glib3 libpoppler3
- libpt-1.10.10 libraw1394-8 libsensors3 libsmbios2 libsoup2.2-8
- libssh2-1 libsuitesparse-3.1.0 libswfdec-0.6-90 libtalloc1
- libtotem-plparser10 libtrackerclient0 libvoikko1 libxalan2-java-gcj
- libxerces2-java-gcj libxklavier12 libxtrap6 libxxf86misc1 libzephyr3
- mysql-common swfdec-gnome totem-gstreamer wodim
-</p></blockquote>
-
-<p>Installed using aptitude, missing with apt-get</p>
-
-<blockquote><p>
- gnome gnome-desktop-environment hamster-applet python-gnomeapplet
- python-gnomekeyring python-wnck rhythmbox-plugins xorg
- xserver-xorg-input-all xserver-xorg-input-evdev
- xserver-xorg-input-kbd xserver-xorg-input-mouse
- xserver-xorg-input-synaptics xserver-xorg-video-all
- xserver-xorg-video-apm xserver-xorg-video-ark xserver-xorg-video-ati
- xserver-xorg-video-chips xserver-xorg-video-cirrus
- xserver-xorg-video-dummy xserver-xorg-video-fbdev
- xserver-xorg-video-glint xserver-xorg-video-i128
- xserver-xorg-video-i740 xserver-xorg-video-mach64
- xserver-xorg-video-mga xserver-xorg-video-neomagic
- xserver-xorg-video-nouveau xserver-xorg-video-nv
- xserver-xorg-video-r128 xserver-xorg-video-radeon
- xserver-xorg-video-radeonhd xserver-xorg-video-rendition
- xserver-xorg-video-s3 xserver-xorg-video-s3virge
- xserver-xorg-video-savage xserver-xorg-video-siliconmotion
- xserver-xorg-video-sis xserver-xorg-video-sisusb
- xserver-xorg-video-tdfx xserver-xorg-video-tga
- xserver-xorg-video-trident xserver-xorg-video-tseng
- xserver-xorg-video-vesa xserver-xorg-video-vmware
- xserver-xorg-video-voodoo
-</p></blockquote>
-
-<p>Installed using aptitude, removed with apt-get</p>
-
-<blockquote><p>
- deskbar-applet xserver-xorg xserver-xorg-core
- xserver-xorg-input-wacom xserver-xorg-video-intel
- xserver-xorg-video-openchrome
-</p></blockquote>
-
-<p>I was told on IRC that the xorg-xserver package was
-<a href="http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=9c8080d06c457932d3bfec021c69ac000aa60120">changed
-in git</a> today to try to get apt-get to not remove xorg completely.
-No idea when it hits Squeeze, but when it does I hope it will reduce
-the difference somewhat.
+<p>On friday, the first Debian Edu / Skolelinux
+<a href="http://www.friprogramvareiskolen.no/Gathering/2010-12-03-05-Oslo">development
+gathering</a> in a long time take place here in Oslo, Norway. I
+really look forward to seeing all the good people working on the
+Squeeze release. The gathering is open for everyone interested in
+learning more about Debian Edu / Skolelinux.</p>
+
+<p>On Saturday, the Norwegian member organization taking care of
+organizing these development gatherings, Fri Programvare i Skolen,
+will hold its
+<a href="http://friprogramvareiskolen.no/Genfors/2010">General Assembly
+for 2010</a>. Membership is open for all, and currently there are 388
+people registered as members. Last year 32 members cast their vote in
+the memberdb based election system. I hope more people find time to
+vote this year.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Caching_password__user_and_group_on_a_roaming_Debian_laptop.html">Caching password, user and group on a roaming Debian laptop</a></div>
- <div class="date">2010-07-01 11:40</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Why_isn_t_Debian_Edu_using_VLC_.html">Why isn't Debian Edu using VLC?</a></div>
+ <div class="date">2010-11-27 11:30</div>
<div class="body">
-<p>For a laptop, centralized user directories and password checking is
-a bit troubling. Laptops are typically used also when not connected
-to the network, and it is vital for a user to be able to log in or
-unlock the screen saver also when a central server is unavailable.
-This is possible by caching passwords and directory information (user
-and group attributes) locally, and the packages to do so are available
-in Debian. Here follow two recipes to set this up in Debian/Squeeze.
-It is also possible to set up in Debian/Lenny, but require more manual
-setup there because pam-auth-update is missing in Lenny.</p>
-
-<h2>LDAP/Kerberos + nscd + libpam-ccreds + libpam-mklocaluser/pam_mkhomedir</h2>
-
-This is the traditional method with a twist. The password caching is
-provided by libpam-ccreds (version 10-4 or later is needed on
-Squeeze), and the directory caching is done by nscd. The directory
-lookup and password checking is done using LDAP. If one want to use
-Kerberos for password checking the libpam-ldapd package can be
-replaced with libpam-krb5 or libpam-heimdal. If one is happy having a
-local home directory with the path listed in LDAP, one can use the
-pam_mkhomedir module from pam-modules to make this happen instead of
-using libpam-mklocaluser. A setup for pam-auth-update to enable
-pam_mkhomedir will have to be written until a fix for
-<a href="http://bugs.debian.org/568577">bug #568577</a> is in the
-archive. Because I believe it is a bad idea to have local home
-directories using misleading paths like /site/server/partition/, I
-prefer to create a local user with the home directory in /home/. This
-is done using the libpam-mklocaluser package.</p>
-
-<p>These packages need to be installed and configured</p>
-
-<blockquote><pre>
-libnss-ldapd libpam-ldapd nscd libpam-ccreds libpam-mklocaluser
-</pre></blockquote>
-
-<p>The ldapd packages will ask for LDAP connection information, and
-one have to fill in the values that fits ones own site. Make sure the
-PAM part uses encrypted connections, to make sure the password is not
-sent in clear text to the LDAP server. I've been unable to get TLS
-certificate checking for a self signed certificate working, which make
-LDAP authentication unsafe for Debian Edu (nslcd is not checking if it
-is talking to the correct LDAP server), and very much welcome feedback
-on how to get this working.</p>
-
-<p>Because nscd do not have a default configuration fit for offline
-caching until <a href="http://bugs.debian.org/485282">bug #485282</a>
-is fixed, this configuration should be used instead of the one
-currently in /etc/nscd.conf. The changes are in the fields
-reload-count and positive-time-to-live, and is based on the
-instructions I found in the
-<a href="http://www.flyn.org/laptopldap/">LDAP for Mobile Laptops</a>
-instructions by Flyn Computing.</p>
-
-<blockquote><pre>
- debug-level 0
- reload-count unlimited
- paranoia no
-
- enable-cache passwd yes
- positive-time-to-live passwd 2592000
- negative-time-to-live passwd 20
- suggested-size passwd 211
- check-files passwd yes
- persistent passwd yes
- shared passwd yes
- max-db-size passwd 33554432
- auto-propagate passwd yes
-
- enable-cache group yes
- positive-time-to-live group 2592000
- negative-time-to-live group 20
- suggested-size group 211
- check-files group yes
- persistent group yes
- shared group yes
- max-db-size group 33554432
- auto-propagate group yes
-
- enable-cache hosts no
- positive-time-to-live hosts 2592000
- negative-time-to-live hosts 20
- suggested-size hosts 211
- check-files hosts yes
- persistent hosts yes
- shared hosts yes
- max-db-size hosts 33554432
-
- enable-cache services yes
- positive-time-to-live services 2592000
- negative-time-to-live services 20
- suggested-size services 211
- check-files services yes
- persistent services yes
- shared services yes
- max-db-size services 33554432
-</pre></blockquote>
-
-<p>While we wait for a mechanism to update /etc/nsswitch.conf
-automatically like the one provided in
-<a href="http://bugs.debian.org/496915">bug #496915</a>, the file
-content need to be manually replaced to ensure LDAP is used as the
-directory service on the machine. /etc/nsswitch.conf should normally
-look like this:</p>
-
-<blockquote><pre>
-passwd: files ldap
-group: files ldap
-shadow: files ldap
-hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
-networks: files
-protocols: files
-services: files
-ethers: files
-rpc: files
-netgroup: files ldap
-</pre></blockquote>
-
-<p>The important parts are that ldap is listed last for passwd, group,
-shadow and netgroup.</p>
-
-<p>With these changes in place, any user in LDAP will be able to log
-in locally on the machine using for example kdm, get a local home
-directory created and have the password as well as user and group
-attributes cached.
-
-<h2>LDAP/Kerberos + nss-updatedb + libpam-ccreds +
- libpam-mklocaluser/pam_mkhomedir</h2>
-
-<p>Because nscd have had its share of problems, and seem to have
-problems doing proper caching, I've seen suggestions and recipes to
-use nss-updatedb to copy parts of the LDAP database locally when the
-LDAP database is available. I have not tested such setup, because I
-discovered sssd.</p>
-
-<h2>LDAP/Kerberos + sssd + libpam-mklocaluser</h2>
-
-<p>A more flexible and robust setup than the nscd combination
-mentioned earlier that has shown up recently, is the
-<a href="https://fedorahosted.org/sssd/">sssd</a> package from Redhat.
-It is part of the <a href="http://www.freeipa.org/">FreeIPA</A> project
-to provide a Active Directory like directory service for Linux
-machines. The sssd system combines the caching of passwords and user
-information into one package, and remove the need for nscd and
-libpam-ccreds. It support LDAP and Kerberos, but not NIS. Version
-1.2 do not support netgroups, but it is said that it will support this
-in version 1.5 expected to show up later in 2010. Because the
-<a href="http://packages.qa.debian.org/s/sssd.html">sssd package</a>
-was missing in Debian, I ended up co-maintaining it with Werner, and
-version 1.2 is now in testing.
-
-<p>These packages need to be installed and configured to get the
-roaming setup I want</p>
-
-<blockquote><pre>
-libpam-sss libnss-sss libpam-mklocaluser
-</pre></blockquote>
-
-The complete setup of sssd is done by editing/creating
-<tt>/etc/sssd/sssd.conf</tt>.
-
-<blockquote><pre>
-[sssd]
-config_file_version = 2
-reconnection_retries = 3
-sbus_timeout = 30
-services = nss, pam
-domains = INTERN
-
-[nss]
-filter_groups = root
-filter_users = root
-reconnection_retries = 3
-
-[pam]
-reconnection_retries = 3
-
-[domain/INTERN]
-enumerate = false
-cache_credentials = true
-
-id_provider = ldap
-auth_provider = ldap
-chpass_provider = ldap
-
-ldap_uri = ldap://ldap
-ldap_search_base = dc=skole,dc=skolelinux,dc=no
-ldap_tls_reqcert = never
-ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
-</pre></blockquote>
-
-<p>I got the same problem here with certificate checking. Had to set
-"ldap_tls_reqcert = never" to get it working.</p>
-
-<p>With the libnss-sss package in testing at the moment, the
-nsswitch.conf file is update automatically, so there is no need to
-modify it manually.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>In the latest issue of Linux Journal, the readers choices were
+presented, and the winner among the multimedia player were VLC.
+Personally, I like VLC, and it is my player of choice when I first try
+to play a video file or stream. Only if VLC fail will I drag out
+gmplayer to see if it can do better. The reason is mostly the failure
+model and trust. When VLC fail, it normally pop up a error message
+reporting the problem. When mplayer fail, it normally segfault or
+just hangs. The latter failure mode drain my trust in the program.<p>
+
+<p>But even if VLC is my player of choice, we have choosen to use
+mplayer in <a href="http://www.skolelinux.org/">Debian
+Edu/Skolelinux</a>. The reason is simple. We need a good browser
+plugin to play web videos seamlessly, and the VLC browser plugin is
+not very good. For example, it lack in-line control buttons, so there
+is no way for the user to pause the video. Also, when I
+<a href="http://wiki.debian.org/DebianEdu/BrowserMultimedia">last
+tested the browser plugins</a> available in Debian, the VLC plugin
+failed on several video pages where mplayer based plugins worked. If
+the browser plugin for VLC was as good as the gecko-mediaplayer
+package (which uses mplayer), we would switch.</P>
+
+<p>While VLC is a good player, its user interface is slightly
+annoying. The most annoying feature is its inconsistent use of
+keyboard shortcuts. When the player is in full screen mode, its
+shortcuts are different from when it is playing the video in a window.
+For example, space only work as pause when in full screen mode. I
+wish it had consisten shortcuts and that space also would work when in
+window mode. Another nice shortcut in gmplayer is [enter] to restart
+the current video. It is very nice when playing short videos from the
+web and want to restart it when new people arrive to have a look at
+what is going on.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia</a>, <a href="http://people.skolelinux.org/pere/blog/tags/video">video</a>, <a href="http://people.skolelinux.org/pere/blog/tags/web">web</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/LUMA__a_very_nice_LDAP_GUI.html">LUMA, a very nice LDAP GUI</a></div>
- <div class="date">2010-06-28 00:30</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/DND_hedrer_overv__kning_av_barn_med_Rosingsprisen.html">DND hedrer overvåkning av barn med Rosingsprisen</a></div>
+ <div class="date">2010-11-23 14:15</div>
<div class="body">
-<p>The last few days I have been looking into the status of the LDAP
-directory in Debian Edu, and in the process I started to miss a GUI
-tool to browse the LDAP tree. The only one I was able to find in
-Debian/Squeeze and Lenny is
-<a href="http://luma.sourceforge.net/">LUMA</a>, which has proved to
-be a great tool to get a overview of the current LDAP directory
-populated by default in Skolelinux. Thanks to it, I have been able to
-find empty and obsolete subtrees, misplaced objects and duplicate
-objects. It will be installed by default in Debian/Squeeze. If you
-are working with LDAP, give it a go. :)</p>
-
-<p>I did notice one problem with it I have not had time to report to
-the BTS yet. There is no .desktop file in the package, so the tool do
-not show up in the Gnome and KDE menus, but only deep down in in the
-Debian submenu in KDE. I hope that can be fixed before Squeeze is
-released.</p>
-
-<p>I have not yet been able to get it to modify the tree yet. I would
-like to move objects and remove subtrees directly in the GUI, but have
-not found a way to do that with LUMA yet. So in the mean time, I use
-<a href="http://www.lichteblau.com/ldapvi/">ldapvi</a> for that.</p>
-
-<p>If you have tips on other GUI tools for LDAP that might be useful
-in Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
-
-<p>Update 2010-06-29: Ross Reedstrom tipped us about the
-<a href="http://packages.qa.debian.org/g/gq.html">gq</a> package as a
-useful GUI alternative. It seem like a good tool, but is unmaintained
-in Debian and got a RC bug keeping it out of Squeeze. Unless that
-changes, it will not be an option for Debian Edu based on Squeeze.</p>
+<p>Jeg registrerer med vond smak i munnen at Den Norske Dataforening
+<a
+href="http://www.dataforeningen.no/hedret-med-rosingprisen.4849070-133913.html">hedrer
+overvåkning av barn med Rosingsprisen for kreativitet i år</a>. Jeg
+er glad jeg nå er meldt ut av DND.</p>
+
+<p>Å elektronisk overvåke sine barn er ikke å gjøre dem en tjeneste,
+men et overgrep mot individer i utvikling som bør læres opp til å ta
+egne valg.</p>
+
+<p>For å sitere Datatilsynets nye leder, Bjørn Erik Thon, i
+<a href="http://www.idg.no/computerworld/article174262.ece">et intervju
+med Computerworld Norge</A>:</p>
+
+<p><blockquote>
+- For alle som har barn, meg selv inkludert, er førstetanken at det
+hadde vært fint å vite hvor barnet sitt er til enhver tid. Men ungene
+har ikke godt av det. De er små individer som skal søke rundt og finne
+sine små gjemmesteder og utvide horisonten, uten at foreldrene ser dem
+i kortene. Det kan være fristende, men jeg ville ikke gått inn i
+dette.
+</blockquote></p>
+
+<p>Det er skremmende å se at DND mener en tjeneste som legger opp til
+slike overgrep bør hedres. Å flytte oppveksten for barn inn i en
+virtuell
+<a href="http://en.wikipedia.org/wiki/Panopticon">Panopticon</a> er et
+grovt overgrep og vil gjøre skade på barnenes utvikling, og foreldre
+burde tenke seg godt om før de gir etter for sine instinkter her.</p>
+
+<p>Blipper-tjenesten får meg til å tenke på bøkene til
+<a href="http://en.wikipedia.org/wiki/John_Twelve_Hawks">John Twelve
+Hawks</a>, som forbilledlig beskriver hvordan et totalitært
+overvåkningssamfunn bygges sakte men sikkert rundt oss, satt sammen av
+gode intensjoner og manglende bevissthet om hvilke prinsipper et
+liberalt demokrati er fundamentert på. Jeg har hatt stor glede av å
+lese alle de tre bøkene.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Idea_for_a_change_to_LDAP_schemas_allowing_DNS_and_DHCP_info_to_be_combined_into_one_object.html">Idea for a change to LDAP schemas allowing DNS and DHCP info to be combined into one object</a></div>
- <div class="date">2010-06-24 00:35</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Lenny__Squeeze_upgrades_of_the_Gnome_and_KDE_desktop__now_with_apt_get_autoremove.html">Lenny->Squeeze upgrades of the Gnome and KDE desktop, now with apt-get autoremove</a></div>
+ <div class="date">2010-11-22 14:15</div>
<div class="body">
-<p>A while back, I
-<a href="http://people.skolelinux.org/pere/blog/Time_for_new__LDAP_schemas_replacing_RFC_2307_.html">complained
-about the fact</a> that it is not possible with the provided schemas
-for storing DNS and DHCP information in LDAP to combine the two sets
-of information into one LDAP object representing a computer.</p>
-
-<p>In the mean time, I discovered that a simple fix would be to make
-the dhcpHost object class auxiliary, to allow it to be combined with
-the dNSDomain object class, and thus forming one object for one
-computer when storing both DHCP and DNS information in LDAP.</p>
-
-<p>If I understand this correctly, it is not safe to do this change
-without also changing the assigned number for the object class, and I
-do not know enough about LDAP schema design to do that properly for
-Debian Edu.</p>
-
-<p>Anyway, for future reference, this is how I believe we could change
-the
-<a href="http://tools.ietf.org/html/draft-ietf-dhc-ldap-schema-00">DHCP
-schema</a> to solve at least part of the problem with the LDAP schemas
-available today from IETF.</p>
+<p>Michael Biebl suggested to me on IRC, that I changed my automated
+upgrade testing of the
+<a href="http://people.skolelinux.org/~pere/debian-upgrade-testing/">Lenny
+Gnome and KDE Desktop</a> to do <tt>apt-get autoremove</tt> when using apt-get.
+This seem like a very good idea, so I adjusted by test scripts and
+can now present the updated result from today:</p>
-<pre>
---- dhcp.schema (revision 65192)
-+++ dhcp.schema (working copy)
-@@ -376,7 +376,7 @@
- objectclass ( 2.16.840.1.113719.1.203.6.6
- NAME 'dhcpHost'
- DESC 'This represents information about a particular client'
-- SUP top
-+ SUP top AUXILIARY
- MUST cn
- MAY (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption)
- X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
-</pre>
+<p>This is for Gnome:</p>
+
+<p>Installed using apt-get, missing with aptitude</p>
-<p>I very much welcome clues on how to do this properly for Debian
-Edu/Squeeze. We provide the DHCP schema in our debian-edu-config
-package, and should thus be free to rewrite it as we see fit.</p>
+<blockquote><p>
+ apache2.2-bin
+ aptdaemon
+ baobab
+ binfmt-support
+ browser-plugin-gnash
+ cheese-common
+ cli-common
+ cups-pk-helper
+ dmz-cursor-theme
+ empathy
+ empathy-common
+ freedesktop-sound-theme
+ freeglut3
+ gconf-defaults-service
+ gdm-themes
+ gedit-plugins
+ geoclue
+ geoclue-hostip
+ geoclue-localnet
+ geoclue-manual
+ geoclue-yahoo
+ gnash
+ gnash-common
+ gnome
+ gnome-backgrounds
+ gnome-cards-data
+ gnome-codec-install
+ gnome-core
+ gnome-desktop-environment
+ gnome-disk-utility
+ gnome-screenshot
+ gnome-search-tool
+ gnome-session-canberra
+ gnome-system-log
+ gnome-themes-extras
+ gnome-themes-more
+ gnome-user-share
+ gstreamer0.10-fluendo-mp3
+ gstreamer0.10-tools
+ gtk2-engines
+ gtk2-engines-pixbuf
+ gtk2-engines-smooth
+ hamster-applet
+ libapache2-mod-dnssd
+ libapr1
+ libaprutil1
+ libaprutil1-dbd-sqlite3
+ libaprutil1-ldap
+ libart2.0-cil
+ libboost-date-time1.42.0
+ libboost-python1.42.0
+ libboost-thread1.42.0
+ libchamplain-0.4-0
+ libchamplain-gtk-0.4-0
+ libcheese-gtk18
+ libclutter-gtk-0.10-0
+ libcryptui0
+ libdiscid0
+ libelf1
+ libepc-1.0-2
+ libepc-common
+ libepc-ui-1.0-2
+ libfreerdp-plugins-standard
+ libfreerdp0
+ libgconf2.0-cil
+ libgdata-common
+ libgdata7
+ libgdu-gtk0
+ libgee2
+ libgeoclue0
+ libgexiv2-0
+ libgif4
+ libglade2.0-cil
+ libglib2.0-cil
+ libgmime2.4-cil
+ libgnome-vfs2.0-cil
+ libgnome2.24-cil
+ libgnomepanel2.24-cil
+ libgpod-common
+ libgpod4
+ libgtk2.0-cil
+ libgtkglext1
+ libgtksourceview2.0-common
+ libmono-addins-gui0.2-cil
+ libmono-addins0.2-cil
+ libmono-cairo2.0-cil
+ libmono-corlib2.0-cil
+ libmono-i18n-west2.0-cil
+ libmono-posix2.0-cil
+ libmono-security2.0-cil
+ libmono-sharpzip2.84-cil
+ libmono-system2.0-cil
+ libmtp8
+ libmusicbrainz3-6
+ libndesk-dbus-glib1.0-cil
+ libndesk-dbus1.0-cil
+ libopal3.6.8
+ libpolkit-gtk-1-0
+ libpt2.6.7
+ libpython2.6
+ librpm1
+ librpmio1
+ libsdl1.2debian
+ libsrtp0
+ libssh-4
+ libtelepathy-farsight0
+ libtelepathy-glib0
+ libtidy-0.99-0
+ media-player-info
+ mesa-utils
+ mono-2.0-gac
+ mono-gac
+ mono-runtime
+ nautilus-sendto
+ nautilus-sendto-empathy
+ p7zip-full
+ pkg-config
+ python-aptdaemon
+ python-aptdaemon-gtk
+ python-axiom
+ python-beautifulsoup
+ python-bugbuddy
+ python-clientform
+ python-coherence
+ python-configobj
+ python-crypto
+ python-cupshelpers
+ python-elementtree
+ python-epsilon
+ python-evolution
+ python-feedparser
+ python-gdata
+ python-gdbm
+ python-gst0.10
+ python-gtkglext1
+ python-gtksourceview2
+ python-httplib2
+ python-louie
+ python-mako
+ python-markupsafe
+ python-mechanize
+ python-nevow
+ python-notify
+ python-opengl
+ python-openssl
+ python-pam
+ python-pkg-resources
+ python-pyasn1
+ python-pysqlite2
+ python-rdflib
+ python-serial
+ python-tagpy
+ python-twisted-bin
+ python-twisted-conch
+ python-twisted-core
+ python-twisted-web
+ python-utidylib
+ python-webkit
+ python-xdg
+ python-zope.interface
+ remmina
+ remmina-plugin-data
+ remmina-plugin-rdp
+ remmina-plugin-vnc
+ rhythmbox-plugin-cdrecorder
+ rhythmbox-plugins
+ rpm-common
+ rpm2cpio
+ seahorse-plugins
+ shotwell
+ software-center
+ system-config-printer-udev
+ telepathy-gabble
+ telepathy-mission-control-5
+ telepathy-salut
+ tomboy
+ totem
+ totem-coherence
+ totem-mozilla
+ totem-plugins
+ transmission-common
+ xdg-user-dirs
+ xdg-user-dirs-gtk
+ xserver-xephyr
+</p></blockquote>
+
+<p>Installed using apt-get, removed with aptitude</p>
+
+<blockquote><p>
+ cheese
+ ekiga
+ eog
+ epiphany-extensions
+ evolution-exchange
+ fast-user-switch-applet
+ file-roller
+ gcalctool
+ gconf-editor
+ gdm
+ gedit
+ gedit-common
+ gnome-games
+ gnome-games-data
+ gnome-nettool
+ gnome-system-tools
+ gnome-themes
+ gnuchess
+ gucharmap
+ guile-1.8-libs
+ libavahi-ui0
+ libdmx1
+ libgalago3
+ libgtk-vnc-1.0-0
+ libgtksourceview2.0-0
+ liblircclient0
+ libsdl1.2debian-alsa
+ libspeexdsp1
+ libsvga1
+ rhythmbox
+ seahorse
+ sound-juicer
+ system-config-printer
+ totem-common
+ transmission-gtk
+ vinagre
+ vino
+</p></blockquote>
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
+<p>Installed using aptitude, missing with apt-get</p>
+
+<blockquote><p>
+ gstreamer0.10-gnomevfs
+</p></blockquote>
+
+<p>Installed using aptitude, removed with apt-get</p>
+
+<blockquote><p>
+[nothing]
+</p></blockquote>
+
+<p>This is for KDE:</p>
+
+<p>Installed using apt-get, missing with aptitude</p>
+
+<blockquote><p>
+ ksmserver
+</p></blockquote>
+
+<p>Installed using apt-get, removed with aptitude</p>
+
+<blockquote><p>
+ kwin
+ network-manager-kde
+</p></blockquote>
+
+<p>Installed using aptitude, missing with apt-get</p>
+
+<blockquote><p>
+ arts
+ dolphin
+ freespacenotifier
+ google-gadgets-gst
+ google-gadgets-xul
+ kappfinder
+ kcalc
+ kcharselect
+ kde-core
+ kde-plasma-desktop
+ kde-standard
+ kde-window-manager
+ kdeartwork
+ kdeartwork-emoticons
+ kdeartwork-style
+ kdeartwork-theme-icon
+ kdebase
+ kdebase-apps
+ kdebase-workspace
+ kdebase-workspace-bin
+ kdebase-workspace-data
+ kdeeject
+ kdelibs
+ kdeplasma-addons
+ kdeutils
+ kdewallpapers
+ kdf
+ kfloppy
+ kgpg
+ khelpcenter4
+ kinfocenter
+ konq-plugins-l10n
+ konqueror-nsplugins
+ kscreensaver
+ kscreensaver-xsavers
+ ktimer
+ kwrite
+ libgle3
+ libkde4-ruby1.8
+ libkonq5
+ libkonq5-templates
+ libnetpbm10
+ libplasma-ruby
+ libplasma-ruby1.8
+ libqt4-ruby1.8
+ marble-data
+ marble-plugins
+ netpbm
+ nuvola-icon-theme
+ plasma-dataengines-workspace
+ plasma-desktop
+ plasma-desktopthemes-artwork
+ plasma-runners-addons
+ plasma-scriptengine-googlegadgets
+ plasma-scriptengine-python
+ plasma-scriptengine-qedje
+ plasma-scriptengine-ruby
+ plasma-scriptengine-webkit
+ plasma-scriptengines
+ plasma-wallpapers-addons
+ plasma-widget-folderview
+ plasma-widget-networkmanagement
+ ruby
+ sweeper
+ update-notifier-kde
+ xscreensaver-data-extra
+ xscreensaver-gl
+ xscreensaver-gl-extra
+ xscreensaver-screensaver-bsod
+</p></blockquote>
+
+<p>Installed using aptitude, removed with apt-get</p>
+
+<blockquote><p>
+ ark
+ google-gadgets-common
+ google-gadgets-qt
+ htdig
+ kate
+ kdebase-bin
+ kdebase-data
+ kdepasswd
+ kfind
+ klipper
+ konq-plugins
+ konqueror
+ ksysguard
+ ksysguardd
+ libarchive1
+ libcln6
+ libeet1
+ libeina-svn-06
+ libggadget-1.0-0b
+ libggadget-qt-1.0-0b
+ libgps19
+ libkdecorations4
+ libkephal4
+ libkonq4
+ libkonqsidebarplugin4a
+ libkscreensaver5
+ libksgrd4
+ libksignalplotter4
+ libkunitconversion4
+ libkwineffects1a
+ libmarblewidget4
+ libntrack-qt4-1
+ libntrack0
+ libplasma-geolocation-interface4
+ libplasmaclock4a
+ libplasmagenericshell4
+ libprocesscore4a
+ libprocessui4a
+ libqalculate5
+ libqedje0a
+ libqtruby4shared2
+ libqzion0a
+ libruby1.8
+ libscim8c2a
+ libsmokekdecore4-3
+ libsmokekdeui4-3
+ libsmokekfile3
+ libsmokekhtml3
+ libsmokekio3
+ libsmokeknewstuff2-3
+ libsmokeknewstuff3-3
+ libsmokekparts3
+ libsmokektexteditor3
+ libsmokekutils3
+ libsmokenepomuk3
+ libsmokephonon3
+ libsmokeplasma3
+ libsmokeqtcore4-3
+ libsmokeqtdbus4-3
+ libsmokeqtgui4-3
+ libsmokeqtnetwork4-3
+ libsmokeqtopengl4-3
+ libsmokeqtscript4-3
+ libsmokeqtsql4-3
+ libsmokeqtsvg4-3
+ libsmokeqttest4-3
+ libsmokeqtuitools4-3
+ libsmokeqtwebkit4-3
+ libsmokeqtxml4-3
+ libsmokesolid3
+ libsmokesoprano3
+ libtaskmanager4a
+ libtidy-0.99-0
+ libweather-ion4a
+ libxklavier16
+ libxxf86misc1
+ okteta
+ oxygencursors
+ plasma-dataengines-addons
+ plasma-scriptengine-superkaramba
+ plasma-widget-lancelot
+ plasma-widgets-addons
+ plasma-widgets-workspace
+ polkit-kde-1
+ ruby1.8
+ systemsettings
+ update-notifier-common
+</p></blockquote>
+
+<p>Running apt-get autoremove made the results using apt-get and
+aptitude a bit more similar, but there are still quite a lott of
+differences. I have no idea what packages should be installed after
+the upgrade, but hope those that do can have a look.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Calling_tasksel_like_the_installer__while_still_getting_useful_output.html">Calling tasksel like the installer, while still getting useful output</a></div>
- <div class="date">2010-06-16 14:55</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Migrating_Xen_virtual_machines_using_LVM_to_KVM_using_disk_images.html">Migrating Xen virtual machines using LVM to KVM using disk images</a></div>
+ <div class="date">2010-11-22 11:20</div>
<div class="body">
-<p>A few times I have had the need to simulate the way tasksel
-installs packages during the normal debian-installer run. Until now,
-I have ended up letting tasksel do the work, with the annoying problem
-of not getting any feedback at all when something fails (like a
-conffile question from dpkg or a download that fails), using code like
-this:
-
-<blockquote><pre>
-export DEBIAN_FRONTEND=noninteractive
-tasksel --new-install
-</pre></blockquote>
-
-This would invoke tasksel, let its automatic task selection pick the
-tasks to install, and continue to install the requested tasks without
-any output what so ever.
-
-Recently I revisited this problem while working on the automatic
-package upgrade testing, because tasksel would some times hang without
-any useful feedback, and I want to see what is going on when it
-happen. Then it occured to me, I can parse the output from tasksel
-when asked to run in test mode, and use that aptitude command line
-printed by tasksel then to simulate the tasksel run. I ended up using
-code like this:
-
-<blockquote><pre>
-export DEBIAN_FRONTEND=noninteractive
-cmd="$(in_target tasksel -t --new-install | sed 's/debconf-apt-progress -- //')"
-$cmd
-</pre></blockquote>
-
-<p>The content of $cmd is typically something like "<tt>aptitude -q
---without-recommends -o APT::Install-Recommends=no -y install
-~t^desktop$ ~t^gnome-desktop$ ~t^laptop$ ~pstandard ~prequired
-~pimportant</tt>", which will install the gnome desktop task, the
-laptop task and all packages with priority standard , required and
-important, just like tasksel would have done it during
-installation.</p>
-
-<p>A better approach is probably to extend tasksel to be able to
-install packages without using debconf-apt-progress, for use cases
-like this.</p>
+<p>Most of the computers in use by the
+<a href="http://www.skolelinux.org/">Debian Edu/Skolelinux project</a>
+are virtual machines. And they have been Xen machines running on a
+fairly old IBM eserver xseries 345 machine, and we wanted to migrate
+them to KVM on a newer Dell PowerEdge 2950 host machine. This was a
+bit harder that it could have been, because we set up the Xen virtual
+machines to get the virtual partitions from LVM, which as far as I
+know is not supported by KVM. So to migrate, we had to convert
+several LVM logical volumes to partitions on a virtual disk file.</p>
+
+<p>I found
+<a href="http://searchnetworking.techtarget.com.au/articles/35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM">a
+nice recipe</a> to do this, and wrote the following script to do the
+migration. It uses qemu-img from the qemu package to make the disk
+image, parted to partition it, losetup and kpartx to present the disk
+image partions as devices, and dd to copy the data. I NFS mounted the
+new servers storage area on the old server to do the migration.</p>
+
+<pre>
+#!/bin/sh
+
+# Based on
+# http://searchnetworking.techtarget.com.au/articles/35011-Six-steps-for-migrating-Xen-virtual-machines-to-KVM
+
+set -e
+set -x
+
+if [ -z "$1" ] ; then
+ echo "Usage: $0 <hostname>"
+ exit 1
+else
+ host="$1"
+fi
+
+if [ ! -e /dev/vg_data/$host-disk ] ; then
+ echo "error: unable to find LVM volume for $host"
+ exit 1
+fi
+
+# Partitions need to be a bit bigger than the LVM LVs. not sure why.
+disksize=$( lvs --units m | grep $host-disk | awk '{sum = sum + $4} END { print int(sum * 1.05) }')
+swapsize=$( lvs --units m | grep $host-swap | awk '{sum = sum + $4} END { print int(sum * 1.05) }')
+totalsize=$(( ( $disksize + $swapsize ) ))
+
+img=$host.img
+#dd if=/dev/zero of=$img bs=1M count=$(( $disksize + $swapsize ))
+qemu-img create $img ${totalsize}MMaking room on the Debian Edu/Sqeeze DVD
+
+parted $img mklabel msdos
+parted $img mkpart primary linux-swap 0 $disksize
+parted $img mkpart primary ext2 $disksize $totalsize
+parted $img set 1 boot on
+
+modprobe dm-mod
+losetup /dev/loop0 $img
+kpartx -a /dev/loop0
+
+dd if=/dev/vg_data/$host-disk of=/dev/mapper/loop0p1 bs=1M
+fsck.ext3 -f /dev/mapper/loop0p1 || true
+mkswap /dev/mapper/loop0p2
+
+kpartx -d /dev/loop0
+losetup -d /dev/loop0
+</pre>
+
+<p>The script is perhaps so simple that it is not copyrightable, but
+if it is, it is licenced using GPL v2 or later at your discretion.</p>
+
+<p>After doing this, I booted a Debian CD in rescue mode in KVM with
+the new disk image attached, installed grub-pc and linux-image-686 and
+set up grub to boot from the disk image. After this, the KVM machines
+seem to work just fine.</p>
</div>
<div class="tags">
- Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>.
</div>
</div>
<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
-<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (7)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (5)</a></li>
</ul></li>
<h2>Tags</h2>
<ul>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (1)</a></li>
+
<li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (34)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (45)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (34)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (53)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (47)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (76)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (7)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (2)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (5)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (11)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (93)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (70)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (114)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (84)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (18)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (13)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (29)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (13)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (4)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (9)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (21)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (13)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (16)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (16)</a></li>
<li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
- <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (6)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (14)</a></li>
</ul>
</div>
<p style="text-align: right">
-Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v3.7</a>
+Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v3.2</a>
</p>
</body>
</html>
projects / homepage.git / blobdiff